From f35a9d8098918560f370cf7747b234b1aaffe718 Mon Sep 17 00:00:00 2001 From: dhrp Date: Thu, 21 Mar 2013 21:47:14 -0700 Subject: [PATCH 0001/2538] create README.md at this place for preview. --- docs/README.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 docs/README.md diff --git a/docs/README.md b/docs/README.md new file mode 100644 index 0000000000..2abaac9393 --- /dev/null +++ b/docs/README.md @@ -0,0 +1,4 @@ +Docs readme +=========== + +Let's see if this file shows up as we hope it does. From 244477e27ff9fc2ffd36e7798d3e320a33c5bbfa Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Mon, 25 Mar 2013 19:52:52 -0700 Subject: [PATCH 0002/2538] Merge of docker-website into the docker documentation. --- docs/README.md | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/docs/README.md b/docs/README.md index 2abaac9393..cdcf023fd5 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,4 +1,27 @@ -Docs readme -=========== +docker website +============== -Let's see if this file shows up as we hope it does. +This is the docker website repository + +installation +------------ +* Checkout this repo to your local dir +* Install sphinx: ``pip install sphinx`` +* Push this to dotcloud + + +Usage +----- +* run make docs +* your static website can now be found in the _build dir +* change the .rst files with your favorite editor to your liking +* run *make clean* to clean up +* run *make docs* to build the new version + + +Notes +----- +* The index.html file is copied from the source dir to the output dir without modification. So changes to + the index.html page should be made directly in html +* a simple way to run locally. cd into _build and then run 'python -m SimpleHTTPServer 8000' +* For the Template the css is compiled from less. When changes are needed they can be compiled using lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` \ No newline at end of file From 8a39a45f05c80c0be8a31eb15d0ea2976350f818 Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Mon, 25 Mar 2013 20:48:04 -0700 Subject: [PATCH 0003/2538] Improved README --- docs/README.md | 45 ++++++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/docs/README.md b/docs/README.md index cdcf023fd5..7a5ee3f8a9 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,27 +1,42 @@ -docker website -============== +Docker documentation and website +================================ -This is the docker website repository +Documentation +------------- +This is your definite place to contribute to the docker documentation. The documentation is generated from the +.rst files under sources. -installation +The folder also contains the other files to create the http://docker.io website, but you can generally ignore +most of those. + + +Installation ------------ -* Checkout this repo to your local dir -* Install sphinx: ``pip install sphinx`` -* Push this to dotcloud +* Work in your own fork of the code, we accept pull requests. +* Install sphinx: ``pip install sphinx`` +* If pip is not available you can probably install it using your favorite package manager as **python-pip** Usage ----- -* run make docs -* your static website can now be found in the _build dir * change the .rst files with your favorite editor to your liking -* run *make clean* to clean up -* run *make docs* to build the new version +* run *make docs* to clean up old files and generate new ones +* your static website can now be found in the _build dir +* to preview what you have generated, cd into _build/html and then run 'python -m SimpleHTTPServer 8000' + +Working using github's file editor +---------------------------------- +Alternatively, for small changes and typo's you might want to use github's built in file editor. It allows +you to preview your changes right online. Just be carefull not to create many commits. + +Images +------ +When you need to add images, try to make them as small as possible (e.g. as gif). Notes ----- -* The index.html file is copied from the source dir to the output dir without modification. So changes to - the index.html page should be made directly in html -* a simple way to run locally. cd into _build and then run 'python -m SimpleHTTPServer 8000' -* For the Template the css is compiled from less. When changes are needed they can be compiled using lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` \ No newline at end of file +* The index.html and gettingstarted.html files are copied from the source dir to the output dir without modification. +So changes to those pages should be made directly in html +* For the template the css is compiled from less. When changes are needed they can be compiled using +lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` \ No newline at end of file From f4399fe4034973db9a45795593281d284f78227e Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Mon, 8 Apr 2013 20:10:47 -0700 Subject: [PATCH 0004/2538] Added code and color for 'note' and updated the hello world note. --- docs/README.md | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 7a5ee3f8a9..fce7f238fb 100644 --- a/docs/README.md +++ b/docs/README.md @@ -39,4 +39,36 @@ Notes * The index.html and gettingstarted.html files are copied from the source dir to the output dir without modification. So changes to those pages should be made directly in html * For the template the css is compiled from less. When changes are needed they can be compiled using -lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` \ No newline at end of file +lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` + + +Guides on using sphinx +---------------------- +* To make links to certain pages create a link target like so: + + ``` + .. _hello_world: + + Hello world + =========== + + This is.. (etc.) + ``` + + The ``_hello_world:`` will make it possible to link to this position (page and marker) from all other pages. + +* Notes, warnings and alarms + + ``` + # a note (use when something is important) + .. note:: + + # a warning (orange) + .. warning:: + + # danger (red, use sparsely) + .. danger:: + +* Code examples + + Start without $, so it's easy to copy and paste. \ No newline at end of file From 6d79cab514cfa0dda602c6e3136f555e3be9e808 Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Mon, 6 May 2013 17:41:51 -0700 Subject: [PATCH 0005/2538] Updated index to reflect new (short) 'engine' message (merged with solomon's new text), also moved around the layout a bit and fixed some small text errors. --- docs/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/README.md b/docs/README.md index fce7f238fb..e1ca45b085 100644 --- a/docs/README.md +++ b/docs/README.md @@ -15,6 +15,7 @@ Installation * Work in your own fork of the code, we accept pull requests. * Install sphinx: ``pip install sphinx`` +* Install sphinx httpdomain contrib package ``sphinxcontrib-httpdomain`` * If pip is not available you can probably install it using your favorite package manager as **python-pip** Usage From 99dfa4e7e8eb189881ca9440c2f464415dfd2763 Mon Sep 17 00:00:00 2001 From: Daniel Gasienica Date: Sat, 1 Jun 2013 21:25:51 -0700 Subject: [PATCH 0006/2538] Add `make server` command to preview docs --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index e1ca45b085..ef24c3fb1d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -23,7 +23,7 @@ Usage * change the .rst files with your favorite editor to your liking * run *make docs* to clean up old files and generate new ones * your static website can now be found in the _build dir -* to preview what you have generated, cd into _build/html and then run 'python -m SimpleHTTPServer 8000' +* to preview what you have generated run `make server` and open in your favorite browser. Working using github's file editor ---------------------------------- From 3c035fa50814fe67b5bf8d3c66fad0b2a8c3569c Mon Sep 17 00:00:00 2001 From: Daniel Gasienica Date: Sat, 1 Jun 2013 21:26:18 -0700 Subject: [PATCH 0007/2538] Add Mac OS X instructions for doc tools --- docs/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/README.md b/docs/README.md index ef24c3fb1d..54588e995d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -14,8 +14,10 @@ Installation ------------ * Work in your own fork of the code, we accept pull requests. -* Install sphinx: ``pip install sphinx`` -* Install sphinx httpdomain contrib package ``sphinxcontrib-httpdomain`` +* Install sphinx: `pip install sphinx` + * Mac OS X: `[sudo] pip-2.7 install sphinx`) +* Install sphinx httpdomain contrib package: `pip install sphinxcontrib-httpdomain` + * Mac OS X: `[sudo] pip-2.7 install sphinxcontrib-httpdomain` * If pip is not available you can probably install it using your favorite package manager as **python-pip** Usage From 74428120af58f26cf30fe80b5a0683e5f518f02c Mon Sep 17 00:00:00 2001 From: Daniel Gasienica Date: Sat, 1 Jun 2013 21:26:54 -0700 Subject: [PATCH 0008/2538] Make style consistent --- docs/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/README.md b/docs/README.md index 54588e995d..74ab2bd0cd 100644 --- a/docs/README.md +++ b/docs/README.md @@ -22,14 +22,14 @@ Installation Usage ----- -* change the .rst files with your favorite editor to your liking -* run *make docs* to clean up old files and generate new ones -* your static website can now be found in the _build dir -* to preview what you have generated run `make server` and open in your favorite browser. +* Change the `.rst` files with your favorite editor to your liking. +* Run `make docs` to clean up old files and generate new ones. +* Your static website can now be found in the `_build` directory. +* To preview what you have generated run `make server` and open in your favorite browser. -Working using github's file editor +Working using GitHub's file editor ---------------------------------- -Alternatively, for small changes and typo's you might want to use github's built in file editor. It allows +Alternatively, for small changes and typo's you might want to use GitHub's built in file editor. It allows you to preview your changes right online. Just be carefull not to create many commits. Images @@ -74,4 +74,4 @@ Guides on using sphinx * Code examples - Start without $, so it's easy to copy and paste. \ No newline at end of file + Start without $, so it's easy to copy and paste. From 77926c6033a2a4f9e99a0b261f578197bba270f8 Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Thu, 25 Jul 2013 17:19:58 -0700 Subject: [PATCH 0009/2538] Enabled the docs to generate manpages. * changed conf.py to reference toctree.rst instead of index * Added note to README to upgrade your sphinx to the latest version to prevent a bug with .. note:: blocks. --- docs/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/README.md b/docs/README.md index 74ab2bd0cd..32be549ef5 100644 --- a/docs/README.md +++ b/docs/README.md @@ -39,8 +39,6 @@ When you need to add images, try to make them as small as possible (e.g. as gif) Notes ----- -* The index.html and gettingstarted.html files are copied from the source dir to the output dir without modification. -So changes to those pages should be made directly in html * For the template the css is compiled from less. When changes are needed they can be compiled using lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` @@ -75,3 +73,6 @@ Guides on using sphinx * Code examples Start without $, so it's easy to copy and paste. + +* To make the manpages, simply run 'make man'. Pleae note there is a bug in spinx 1.1.3 which makes this fail. +Upgrade to the latest version of sphinx. \ No newline at end of file From 9c5f4391e10256700d6f2388c0320e83c65602a4 Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Wed, 31 Jul 2013 13:44:10 -0700 Subject: [PATCH 0010/2538] Updated docs README with instructions to preview the generated manfile, and where to get the one generated by sphinx. --- docs/README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 32be549ef5..7d7b67ca04 100644 --- a/docs/README.md +++ b/docs/README.md @@ -74,5 +74,12 @@ Guides on using sphinx Start without $, so it's easy to copy and paste. +Manpages +-------- + * To make the manpages, simply run 'make man'. Pleae note there is a bug in spinx 1.1.3 which makes this fail. -Upgrade to the latest version of sphinx. \ No newline at end of file +Upgrade to the latest version of sphinx. +* Then preview the manpage by running `man _build/man/docker.1`, where _build/man/docker.1 is the path to the generated +manfile + +The manpages are also autogenerated by our hosted readthedocs here: http://docs-docker.dotcloud.com/projects/docker/downloads/ \ No newline at end of file From 2216afb61775360f83d119855bbbd392a4fa04a4 Mon Sep 17 00:00:00 2001 From: Thatcher Date: Wed, 31 Jul 2013 13:59:56 -0700 Subject: [PATCH 0011/2538] Some more improvements on the docs readme. Removed references to website. --- docs/README.md | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/docs/README.md b/docs/README.md index 7d7b67ca04..1a40b5bb5c 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,14 +1,12 @@ -Docker documentation and website -================================ +Docker Documentation +==================== Documentation ------------- -This is your definite place to contribute to the docker documentation. The documentation is generated from the -.rst files under sources. - -The folder also contains the other files to create the http://docker.io website, but you can generally ignore -most of those. +This is your definite place to contribute to the docker documentation. After each push to master the documentation +is automatically generated and made available on [docs.docker.io](http://docs.docker.io) +Each of the .rst files under sources reflects a page on the documentation. Installation ------------ @@ -36,13 +34,11 @@ Images ------ When you need to add images, try to make them as small as possible (e.g. as gif). - Notes ----- * For the template the css is compiled from less. When changes are needed they can be compiled using lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` - Guides on using sphinx ---------------------- * To make links to certain pages create a link target like so: @@ -77,9 +73,8 @@ Guides on using sphinx Manpages -------- -* To make the manpages, simply run 'make man'. Pleae note there is a bug in spinx 1.1.3 which makes this fail. +* To make the manpages, simply run 'make man'. Please note there is a bug in spinx 1.1.3 which makes this fail. Upgrade to the latest version of sphinx. * Then preview the manpage by running `man _build/man/docker.1`, where _build/man/docker.1 is the path to the generated manfile - -The manpages are also autogenerated by our hosted readthedocs here: http://docs-docker.dotcloud.com/projects/docker/downloads/ \ No newline at end of file +* The manpages are also autogenerated by our hosted readthedocs here: http://docs-docker.dotcloud.com/projects/docker/downloads/ From 22ab3ddc8a0b37aafe1129272d792fd498378534 Mon Sep 17 00:00:00 2001 From: Thatcher Peskens Date: Mon, 5 Aug 2013 15:55:40 -0700 Subject: [PATCH 0012/2538] Fixed some typo's and formatting issues in remote api documentation. --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 1a40b5bb5c..366b7ed8f2 100644 --- a/docs/README.md +++ b/docs/README.md @@ -23,7 +23,7 @@ Usage * Change the `.rst` files with your favorite editor to your liking. * Run `make docs` to clean up old files and generate new ones. * Your static website can now be found in the `_build` directory. -* To preview what you have generated run `make server` and open in your favorite browser. +* To preview what you have generated run `make server` and open http://localhost:8000/ in your favorite browser. Working using GitHub's file editor ---------------------------------- From 147b04ce2b1d41e832ffccf051ca9073f3575aa2 Mon Sep 17 00:00:00 2001 From: Pascal Borreli Date: Mon, 12 Aug 2013 18:53:06 +0100 Subject: [PATCH 0013/2538] Fixed typos --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 366b7ed8f2..d53b8675b9 100644 --- a/docs/README.md +++ b/docs/README.md @@ -28,7 +28,7 @@ Usage Working using GitHub's file editor ---------------------------------- Alternatively, for small changes and typo's you might want to use GitHub's built in file editor. It allows -you to preview your changes right online. Just be carefull not to create many commits. +you to preview your changes right online. Just be careful not to create many commits. Images ------ From ce220ef43bad5d6b5c5ad24175144bb613a50c9f Mon Sep 17 00:00:00 2001 From: Andy Rothfusz Date: Tue, 15 Oct 2013 15:52:21 -0700 Subject: [PATCH 0014/2538] Fix #1919 document how to edit and release docs. --- docs/README.md | 110 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 86 insertions(+), 24 deletions(-) diff --git a/docs/README.md b/docs/README.md index d53b8675b9..02572ee11e 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,38 +1,93 @@ Docker Documentation ==================== -Documentation -------------- -This is your definite place to contribute to the docker documentation. After each push to master the documentation -is automatically generated and made available on [docs.docker.io](http://docs.docker.io) +Overview +-------- -Each of the .rst files under sources reflects a page on the documentation. +The source for Docker documentation is here under ``sources/`` in the +form of .rst files. These files use +[reStructuredText](http://docutils.sourceforge.net/rst.html) +formatting with [Sphinx](http://sphinx-doc.org/) extensions for +structure, cross-linking and indexing. -Installation ------------- +The HTML files are built and hosted on +[readthedocs.org](https://readthedocs.org/projects/docker/), appearing +via proxy on https://docs.docker.io. The HTML files update +automatically after each change to the master or release branch of the +[docker files on GitHub](https://github.com/dotcloud/docker) thanks to +post-commit hooks. The "release" branch maps to the "latest" +documentation and the "master" branch maps to the "master" +documentation. + +**Warning**: The "master" documentation may include features not yet +part of any official docker release. "Master" docs should be used only +for understanding bleeding-edge development and "latest" should be +used for the latest official release. + +If you need to manually trigger a build of an existing branch, then +you can do that through the [readthedocs +interface](https://readthedocs.org/builds/docker/). If you would like +to add new build targets, including new branches or tags, then you +must contact one of the existing maintainers and get your +readthedocs.org account added to the maintainers list, or just file an +issue on GitHub describing the branch/tag and why it needs to be added +to the docs, and one of the maintainers will add it for you. + +Getting Started +--------------- + +To edit and test the docs, you'll need to install the Sphinx tool and +its dependencies. There are two main ways to install this tool: + +Native Installation +................... -* Work in your own fork of the code, we accept pull requests. * Install sphinx: `pip install sphinx` - * Mac OS X: `[sudo] pip-2.7 install sphinx`) + * Mac OS X: `[sudo] pip-2.7 install sphinx` * Install sphinx httpdomain contrib package: `pip install sphinxcontrib-httpdomain` * Mac OS X: `[sudo] pip-2.7 install sphinxcontrib-httpdomain` * If pip is not available you can probably install it using your favorite package manager as **python-pip** +Alternative Installation: Docker Container +.......................................... + +If you're running ``docker`` on your development machine then you may +find it easier and cleaner to use the Dockerfile. This installs Sphinx +in a container, adds the local ``docs/`` directory and builds the HTML +docs inside the container, even starting a simple HTTP server on port +8000 so that you can connect and see your changes. Just run ``docker +build .`` and run the resulting image. This is the equivalent to +``make clean server`` since each container starts clean. + Usage ----- -* Change the `.rst` files with your favorite editor to your liking. -* Run `make docs` to clean up old files and generate new ones. -* Your static website can now be found in the `_build` directory. -* To preview what you have generated run `make server` and open http://localhost:8000/ in your favorite browser. +* Follow the contribution guidelines (``../CONTRIBUTING.md``) +* Work in your own fork of the code, we accept pull requests. +* Change the ``.rst`` files with your favorite editor -- try to keep the + lines short and respect RST and Sphinx conventions. +* Run ``make clean docs`` to clean up old files and generate new ones, + or just ``make docs`` to update after small changes. +* Your static website can now be found in the ``_build`` directory. +* To preview what you have generated run ``make server`` and open + http://localhost:8000/ in your favorite browser. + +``make clean docs`` must complete without any warnings or errors. Working using GitHub's file editor ---------------------------------- -Alternatively, for small changes and typo's you might want to use GitHub's built in file editor. It allows -you to preview your changes right online. Just be careful not to create many commits. + +Alternatively, for small changes and typos you might want to use +GitHub's built in file editor. It allows you to preview your changes +right online (though there can be some differences between GitHub +markdown and Sphinx RST). Just be careful not to create many commits. Images ------ -When you need to add images, try to make them as small as possible (e.g. as gif). + +When you need to add images, try to make them as small as possible +(e.g. as gif). Usually images should go in the same directory as the +.rst file which references them, or in a subdirectory if one already +exists. Notes ----- @@ -41,7 +96,7 @@ lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.les Guides on using sphinx ---------------------- -* To make links to certain pages create a link target like so: +* To make links to certain sections create a link target like so: ``` .. _hello_world: @@ -52,7 +107,10 @@ Guides on using sphinx This is.. (etc.) ``` - The ``_hello_world:`` will make it possible to link to this position (page and marker) from all other pages. + The ``_hello_world:`` will make it possible to link to this position + (page and section heading) from all other pages. See the [Sphinx + docs](http://sphinx-doc.org/markup/inline.html#role-ref) for more + information and examples. * Notes, warnings and alarms @@ -68,13 +126,17 @@ Guides on using sphinx * Code examples - Start without $, so it's easy to copy and paste. + * Start without $, so it's easy to copy and paste. + * Use "sudo" with docker to ensure that your command is runnable + even if they haven't [used the *docker* + group](http://docs.docker.io/en/latest/use/basics/#why-sudo). Manpages -------- -* To make the manpages, simply run 'make man'. Please note there is a bug in spinx 1.1.3 which makes this fail. -Upgrade to the latest version of sphinx. -* Then preview the manpage by running `man _build/man/docker.1`, where _build/man/docker.1 is the path to the generated -manfile -* The manpages are also autogenerated by our hosted readthedocs here: http://docs-docker.dotcloud.com/projects/docker/downloads/ +* To make the manpages, run ``make man``. Please note there is a bug + in spinx 1.1.3 which makes this fail. Upgrade to the latest version + of Sphinx. +* Then preview the manpage by running ``man _build/man/docker.1``, + where ``_build/man/docker.1`` is the path to the generated manfile + From 24c9b31edf1f137dcf43807f5c1aac5be7585fb4 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 15 Oct 2013 03:02:31 -0600 Subject: [PATCH 0015/2538] Move contrib/docker.bash to contrib/completion/bash/docker for better organization --- contrib/completion/bash/docker | 543 +++++++++++++++++++++++++++++++++ 1 file changed, 543 insertions(+) create mode 100755 contrib/completion/bash/docker diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker new file mode 100755 index 0000000000..5a91ab0f18 --- /dev/null +++ b/contrib/completion/bash/docker @@ -0,0 +1,543 @@ +#!bash +# +# bash completion file for core docker commands +# +# This script provides supports completion of: +# - commands and their options +# - container ids +# - image repos and tags +# - filepaths +# +# To enable the completions either: +# - place this file in /etc/bash_completion.d +# or +# - copy this file and add the line below to your .bashrc after +# bash completion features are loaded +# . docker.bash +# +# Note: +# Currently, the completions will not work if the docker daemon is not +# bound to the default communication port/socket +# If the docker daemon is using a unix socket for communication your user +# must have access to the socket for the completions to function correctly + +__docker_containers_all() +{ + local containers + containers="$( docker ps -a -q )" + COMPREPLY=( $( compgen -W "$containers" -- "$cur" ) ) +} + +__docker_containers_running() +{ + local containers + containers="$( docker ps -q )" + COMPREPLY=( $( compgen -W "$containers" -- "$cur" ) ) +} + +__docker_containers_stopped() +{ + local containers + containers="$( comm -13 <(docker ps -q | sort -u) <(docker ps -a -q | sort -u) )" + COMPREPLY=( $( compgen -W "$containers" -- "$cur" ) ) +} + +__docker_image_repos() +{ + local repos + repos="$( docker images | awk 'NR>1{print $1}' )" + COMPREPLY=( $( compgen -W "$repos" -- "$cur" ) ) +} + +__docker_images() +{ + local images + images="$( docker images | awk 'NR>1{print $1":"$2}' )" + COMPREPLY=( $( compgen -W "$images" -- "$cur" ) ) + __ltrim_colon_completions "$cur" +} + +__docker_image_repos_and_tags() +{ + local repos images + repos="$( docker images | awk 'NR>1{print $1}' )" + images="$( docker images | awk 'NR>1{print $1":"$2}' )" + COMPREPLY=( $( compgen -W "$repos $images" -- "$cur" ) ) + __ltrim_colon_completions "$cur" +} + +__docker_containers_and_images() +{ + local containers images + containers="$( docker ps -a -q )" + images="$( docker images | awk 'NR>1{print $1":"$2}' )" + COMPREPLY=( $( compgen -W "$images $containers" -- "$cur" ) ) + __ltrim_colon_completions "$cur" +} + +_docker_docker() +{ + case "$prev" in + -H) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-H" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $( compgen -W "$commands help" -- "$cur" ) ) + ;; + esac +} + +_docker_attach() +{ + if [ $cpos -eq $cword ]; then + __docker_containers_running + fi +} + +_docker_build() +{ + case "$prev" in + -t) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-no-cache -t -q -rm" -- "$cur" ) ) + ;; + *) + _filedir + ;; + esac +} + +_docker_commit() +{ + case "$prev" in + -author|-m|-run) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-author -m -run" -- "$cur" ) ) + ;; + *) + local counter=$cpos + while [ $counter -le $cword ]; do + case "${words[$counter]}" in + -author|-m|-run) + (( counter++ )) + ;; + -*) + ;; + *) + break + ;; + esac + (( counter++ )) + done + + if [ $counter -eq $cword ]; then + __docker_containers_all + fi + ;; + esac +} + +_docker_cp() +{ + if [ $cpos -eq $cword ]; then + __docker_containers_all + else + _filedir + fi +} + +_docker_diff() +{ + if [ $cpos -eq $cword ]; then + __docker_containers_all + fi +} + +_docker_events() +{ + case "$prev" in + -since) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-since" -- "$cur" ) ) + ;; + *) + ;; + esac +} + +_docker_export() +{ + if [ $cpos -eq $cword ]; then + __docker_containers_all + fi +} + +_docker_help() +{ + if [ $cpos -eq $cword ]; then + COMPREPLY=( $( compgen -W "$commands" -- "$cur" ) ) + fi +} + +_docker_history() +{ + if [ $cpos -eq $cword ]; then + __docker_image_repos_and_tags + fi +} + +_docker_images() +{ + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-a -notrunc -q -viz" -- "$cur" ) ) + ;; + *) + local counter=$cpos + while [ $counter -le $cword ]; do + case "${words[$counter]}" in + -*) + ;; + *) + break + ;; + esac + (( counter++ )) + done + + if [ $counter -eq $cword ]; then + __docker_image_repos + fi + ;; + esac +} + +_docker_import() +{ + return +} + +_docker_info() +{ + return +} + +_docker_insert() +{ + if [ $cpos -eq $cword ]; then + __docker_image_repos_and_tags + fi +} + +_docker_inspect() +{ + __docker_containers_and_images +} + +_docker_kill() +{ + __docker_containers_running +} + +_docker_login() +{ + case "$prev" in + -e|-p|-u) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-e -p -u" -- "$cur" ) ) + ;; + *) + ;; + esac +} + +_docker_logs() +{ + if [ $cpos -eq $cword ]; then + __docker_containers_all + fi +} + +_docker_port() +{ + if [ $cpos -eq $cword ]; then + __docker_containers_all + fi +} + +_docker_ps() +{ + case "$prev" in + -beforeId|-n|-sinceId) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-a -beforeId -l -n -notrunc -q -s -sinceId" -- "$cur" ) ) + ;; + *) + ;; + esac +} + +_docker_pull() +{ + case "$prev" in + -t) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-t" -- "$cur" ) ) + ;; + *) + ;; + esac +} + +_docker_push() +{ + __docker_image_repos +} + +_docker_restart() +{ + case "$prev" in + -t) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-t" -- "$cur" ) ) + ;; + *) + __docker_containers_all + ;; + esac +} + +_docker_rm() +{ + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-v" -- "$cur" ) ) + ;; + *) + __docker_containers_stopped + ;; + esac +} + +_docker_rmi() +{ + __docker_image_repos_and_tags +} + +_docker_run() +{ + case "$prev" in + -cidfile) + _filedir + ;; + -volumes-from) + __docker_containers_all + ;; + -a|-c|-dns|-e|-entrypoint|-h|-lxc-conf|-m|-p|-u|-v|-w) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-a -c -cidfile -d -dns -e -entrypoint -h -i -lxc-conf -m -n -p -privileged -t -u -v -volumes-from -w" -- "$cur" ) ) + ;; + *) + local counter=$cpos + while [ $counter -le $cword ]; do + case "${words[$counter]}" in + -a|-c|-cidfile|-dns|-e|-entrypoint|-h|-lxc-conf|-m|-p|-u|-v|-volumes-from|-w) + (( counter++ )) + ;; + -*) + ;; + *) + break + ;; + esac + (( counter++ )) + done + + if [ $counter -eq $cword ]; then + __docker_image_repos_and_tags + fi + ;; + esac +} + +_docker_search() +{ + COMPREPLY=( $( compgen -W "-notrunc" -- "$cur" ) ) +} + +_docker_start() +{ + __docker_containers_stopped +} + +_docker_stop() +{ + case "$prev" in + -t) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-t" -- "$cur" ) ) + ;; + *) + __docker_containers_running + ;; + esac +} + +_docker_tag() +{ + COMPREPLY=( $( compgen -W "-f" -- "$cur" ) ) +} + +_docker_top() +{ + if [ $cpos -eq $cword ]; then + __docker_containers_running + fi +} + +_docker_version() +{ + return +} + +_docker_wait() +{ + __docker_containers_all +} + +_docker() +{ + local cur prev words cword command="docker" counter=1 word cpos + local commands=" + attach + build + commit + cp + diff + events + export + history + images + import + info + insert + inspect + kill + login + logs + port + ps + pull + push + restart + rm + rmi + run + search + start + stop + tag + top + version + wait + " + + COMPREPLY=() + _get_comp_words_by_ref -n : cur prev words cword + + while [ $counter -lt $cword ]; do + word="${words[$counter]}" + case "$word" in + -H) + (( counter++ )) + ;; + -*) + ;; + *) + command="$word" + cpos=$counter + (( cpos++ )) + break + ;; + esac + (( counter++ )) + done + + local completions_func=_docker_${command} + declare -F $completions_func >/dev/null && $completions_func + + return 0 +} + +complete -F _docker docker From 9914c18a11cc0fb1fd48e465e57eff02f9462396 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 15 Oct 2013 03:04:06 -0600 Subject: [PATCH 0016/2538] Add zsh completion from @felixr with permission See https://github.com/felixr/docker-zsh-completion for the original. See also https://github.com/dotcloud/docker/issues/2202#issuecomment-26313287 Fixes #2202 --- contrib/completion/zsh/_docker | 242 +++++++++++++++++++++++++++++++++ 1 file changed, 242 insertions(+) create mode 100755 contrib/completion/zsh/_docker diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker new file mode 100755 index 0000000000..92acdb13dd --- /dev/null +++ b/contrib/completion/zsh/_docker @@ -0,0 +1,242 @@ +#compdef docker +# +# zsh completion for docker (http://docker.io) +# +# version: 0.2.2 +# author: Felix Riedel +# license: BSD License +# github: https://github.com/felixr/docker-zsh-completion +# + +__parse_docker_list() { + sed -e '/^ID/d' -e 's/[ ]\{2,\}/|/g' -e 's/ \([hdwm]\)\(inutes\|ays\|ours\|eeks\)/\1/' | awk ' BEGIN {FS="|"} { printf("%s:%7s, %s\n", $1, $4, $2)}' +} + +__docker_stoppedcontainers() { + local expl + declare -a stoppedcontainers + stoppedcontainers=(${(f)"$(docker ps -a | grep --color=never 'Exit' | __parse_docker_list )"}) + _describe -t containers-stopped "Stopped Containers" stoppedcontainers +} + +__docker_runningcontainers() { + local expl + declare -a containers + + containers=(${(f)"$(docker ps | __parse_docker_list)"}) + _describe -t containers-active "Running Containers" containers +} + +__docker_containers () { + __docker_stoppedcontainers + __docker_runningcontainers +} + +__docker_images () { + local expl + declare -a images + images=(${(f)"$(docker images | awk '(NR > 1){printf("%s\\:%s\n", $1,$2)}')"}) + images=($images ${(f)"$(docker images | awk '(NR > 1){printf("%s:%-15s in %s\n", $3,$2,$1)}')"}) + _describe -t docker-images "Images" images +} + +__docker_tags() { + local expl + declare -a tags + tags=(${(f)"$(docker images | awk '(NR>1){print $2}'| sort | uniq)"}) + _describe -t docker-tags "tags" tags +} + +__docker_search() { + # declare -a dockersearch + local cache_policy + zstyle -s ":completion:${curcontext}:" cache-policy cache_policy + if [[ -z "$cache_policy" ]]; then + zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy + fi + + local searchterm cachename + searchterm="${words[$CURRENT]%/}" + cachename=_docker-search-$searchterm + + local expl + local -a result + if ( [[ ${(P)+cachename} -eq 0 ]] || _cache_invalid ${cachename#_} ) \ + && ! _retrieve_cache ${cachename#_}; then + _message "Searching for ${searchterm}..." + result=(${(f)"$(docker search ${searchterm} | awk '(NR>2){print $1}')"}) + _store_cache ${cachename#_} result + fi + _wanted dockersearch expl 'Available images' compadd -a result +} + +__docker_caching_policy() +{ + # oldp=( "$1"(Nmh+24) ) # 24 hour + oldp=( "$1"(Nmh+1) ) # 24 hour + (( $#oldp )) +} + + +__docker_repositories () { + local expl + declare -a repos + repos=(${(f)"$(docker images | sed -e '1d' -e 's/[ ].*//' | sort | uniq)"}) + _describe -t docker-repos "Repositories" repos +} + +__docker_commands () { + # local -a _docker_subcommands + local cache_policy + + zstyle -s ":completion:${curcontext}:" cache-policy cache_policy + if [[ -z "$cache_policy" ]]; then + zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy + fi + + if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands) \ + && ! _retrieve_cache docker_subcommands; + then + _docker_subcommands=(${${(f)"$(_call_program commands + docker 2>&1 | sed -e '1,6d' -e '/^[ ]*$/d' -e 's/[ ]*\([^ ]\+\)\s*\([^ ].*\)/\1:\2/' )"}}) + _docker_subcommands=($_docker_subcommands 'help:Show help for a command') + _store_cache docker_subcommands _docker_subcommands + fi + _describe -t docker-commands "docker command" _docker_subcommands +} + +__docker_subcommand () { + local -a _command_args + case "$words[1]" in + (attach|wait) + _arguments ':containers:__docker_runningcontainers' + ;; + (build) + _arguments \ + '-t=-:repository:__docker_repositories' \ + ':path or URL:_directories' + ;; + (commit) + _arguments \ + ':container:__docker_containers' \ + ':repository:__docker_repositories' \ + ':tag: ' + ;; + (diff|export|logs) + _arguments '*:containers:__docker_containers' + ;; + (history) + _arguments '*:images:__docker_images' + ;; + (images) + _arguments \ + '-a[Show all images]' \ + ':repository:__docker_repositories' + ;; + (inspect) + _arguments '*:containers:__docker_containers' + ;; + (history) + _arguments ':images:__docker_images' + ;; + (insert) + _arguments '1:containers:__docker_containers' \ + '2:URL:(http:// file://)' \ + '3:file:_files' + ;; + (kill) + _arguments '*:containers:__docker_runningcontainers' + ;; + (port) + _arguments '1:containers:__docker_runningcontainers' + ;; + (start) + _arguments '*:containers:__docker_stoppedcontainers' + ;; + (rm) + _arguments '-v[Remove the volumes associated to the container]' \ + '*:containers:__docker_stoppedcontainers' + ;; + (rmi) + _arguments '-v[Remove the volumes associated to the container]' \ + '*:images:__docker_images' + ;; + (top) + _arguments '1:containers:__docker_runningcontainers' + ;; + (restart|stop) + _arguments '-t=-[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)' \ + '*:containers:__docker_runningcontainers' + ;; + (top) + _arguments ':containers:__docker_runningcontainers' + ;; + (ps) + _arguments '-a[Show all containers. Only running containers are shown by default]' \ + '-h[Show help]' \ + '-beforeId=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \ + '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' + ;; + (tag) + _arguments \ + '-f[force]'\ + ':image:__docker_images'\ + ':repository:__docker_repositories' \ + ':tag:__docker_tags' + ;; + (run) + _arguments \ + '-a=-[Attach to stdin, stdout or stderr]:toggle:(true false)' \ + '-c=-[CPU shares (relative weight)]:CPU shares: ' \ + '-d[Detached mode: leave the container running in the background]' \ + '*-dns=[Set custom dns servers]:dns server: ' \ + '*-e=[Set environment variables]:environment variable: ' \ + '-entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \ + '-h=-[Container host name]:hostname:_hosts' \ + '-i[Keep stdin open even if not attached]' \ + '-m=-[Memory limit (in bytes)]:limit: ' \ + '*-p=-[Expose a container''s port to the host]:port:_ports' \ + '-t=-[Allocate a pseudo-tty]:toggle:(true false)' \ + '-u=-[Username or UID]:user:_users' \ + '*-v=-[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\ + '-volumes-from=-[Mount volumes from the specified container]:volume: ' \ + '(-):images:__docker_images' \ + '(-):command: _command_names -e' \ + '*::arguments: _normal' + ;; + (pull|search) + _arguments ':name:__docker_search' + ;; + (help) + _arguments ':subcommand:__docker_commands' + ;; + (*) + _message 'Unknown sub command' + esac + +} + +_docker () { + local curcontext="$curcontext" state line + typeset -A opt_args + + _arguments -C \ + '-H=-[tcp://host:port to bind/connect to]:socket: ' \ + '(-): :->command' \ + '(-)*:: :->option-or-argument' + + if (( CURRENT == 1 )); then + + fi + case $state in + (command) + __docker_commands + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-$words[1]: + __docker_subcommand + ;; + esac +} + +_docker "$@" From bed37d2204491bb3752e8800f1c3ad4aec7ec326 Mon Sep 17 00:00:00 2001 From: Andy Rothfusz Date: Mon, 21 Oct 2013 14:03:09 -0700 Subject: [PATCH 0017/2538] Clean up level 3 headers. --- docs/README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/README.md b/docs/README.md index 02572ee11e..82103b9c72 100644 --- a/docs/README.md +++ b/docs/README.md @@ -39,8 +39,7 @@ Getting Started To edit and test the docs, you'll need to install the Sphinx tool and its dependencies. There are two main ways to install this tool: -Native Installation -................... +###Native Installation * Install sphinx: `pip install sphinx` * Mac OS X: `[sudo] pip-2.7 install sphinx` @@ -48,8 +47,7 @@ Native Installation * Mac OS X: `[sudo] pip-2.7 install sphinxcontrib-httpdomain` * If pip is not available you can probably install it using your favorite package manager as **python-pip** -Alternative Installation: Docker Container -.......................................... +###Alternative Installation: Docker Container If you're running ``docker`` on your development machine then you may find it easier and cleaner to use the Dockerfile. This installs Sphinx From 23e91a6d7f62293d9226cfd8a4c761a1e73d8f59 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 29 Oct 2013 10:39:44 +1000 Subject: [PATCH 0018/2538] add links to the Dockerfiles as canonical external requirements, add example of building and exposing the docs and simplify the Dockerfile for cacheability --- docs/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/README.md b/docs/README.md index 82103b9c72..63cd8a6ac5 100644 --- a/docs/README.md +++ b/docs/README.md @@ -57,6 +57,9 @@ docs inside the container, even starting a simple HTTP server on port build .`` and run the resulting image. This is the equivalent to ``make clean server`` since each container starts clean. +In the ``docs/`` directory, run: + ```docker build -t docker:docs . && docker run -p 8000:8000 docker:docs``` + Usage ----- * Follow the contribution guidelines (``../CONTRIBUTING.md``) From e074bc6db11e860a9eab87feed539118bcfb1e7f Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 31 Oct 2013 19:21:35 -0700 Subject: [PATCH 0019/2538] rebase and add some filters --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5a91ab0f18..8e535285e1 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -426,7 +426,7 @@ _docker_run() _docker_search() { - COMPREPLY=( $( compgen -W "-notrunc" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-notrunc" "-stars" "-trusted" -- "$cur" ) ) } _docker_start() From b52c999103247c18ecda6efb5591a50ddbab9c63 Mon Sep 17 00:00:00 2001 From: John Feminella Date: Sat, 23 Nov 2013 15:53:50 -0500 Subject: [PATCH 0020/2538] Suggest users install dependencies by using requirements.txt, not manually --- docs/README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/README.md b/docs/README.md index 63cd8a6ac5..c8ec5e20f7 100644 --- a/docs/README.md +++ b/docs/README.md @@ -41,11 +41,12 @@ its dependencies. There are two main ways to install this tool: ###Native Installation -* Install sphinx: `pip install sphinx` - * Mac OS X: `[sudo] pip-2.7 install sphinx` -* Install sphinx httpdomain contrib package: `pip install sphinxcontrib-httpdomain` - * Mac OS X: `[sudo] pip-2.7 install sphinxcontrib-httpdomain` -* If pip is not available you can probably install it using your favorite package manager as **python-pip** +Install dependencies from `requirements.txt` file in your `docker/docs` +directory: + +* Linux: `pip install -r docs/requirements.txt` + +* Mac OS X: `[sudo] pip-2.7 -r docs/requirements.txt` ###Alternative Installation: Docker Container From 01d4e98cc8ebd368c1cc89eba569d437b298e56e Mon Sep 17 00:00:00 2001 From: John Feminella Date: Sat, 23 Nov 2013 16:21:27 -0500 Subject: [PATCH 0021/2538] Corrects misspellings of 'Sphinx' --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index c8ec5e20f7..e8e75c128c 100644 --- a/docs/README.md +++ b/docs/README.md @@ -137,7 +137,7 @@ Manpages -------- * To make the manpages, run ``make man``. Please note there is a bug - in spinx 1.1.3 which makes this fail. Upgrade to the latest version + in Sphinx 1.1.3 which makes this fail. Upgrade to the latest version of Sphinx. * Then preview the manpage by running ``man _build/man/docker.1``, where ``_build/man/docker.1`` is the path to the generated manfile From 3091ba88fa2f35f81ab6ae0256bf940a1f2424cc Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 6 Dec 2013 12:52:32 +1000 Subject: [PATCH 0022/2538] change the policy wrt $ sudo docker to simplify auto-testing --- docs/README.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/docs/README.md b/docs/README.md index e8e75c128c..3f4725a583 100644 --- a/docs/README.md +++ b/docs/README.md @@ -51,15 +51,15 @@ directory: ###Alternative Installation: Docker Container If you're running ``docker`` on your development machine then you may -find it easier and cleaner to use the Dockerfile. This installs Sphinx +find it easier and cleaner to use the docs Dockerfile. This installs Sphinx in a container, adds the local ``docs/`` directory and builds the HTML docs inside the container, even starting a simple HTTP server on port -8000 so that you can connect and see your changes. Just run ``docker -build .`` and run the resulting image. This is the equivalent to -``make clean server`` since each container starts clean. +8000 so that you can connect and see your changes. -In the ``docs/`` directory, run: - ```docker build -t docker:docs . && docker run -p 8000:8000 docker:docs``` +In the ``docker`` source directory, run: + ```make doc``` + +This is the equivalent to ``make clean server`` since each container starts clean. Usage ----- @@ -128,7 +128,8 @@ Guides on using sphinx * Code examples - * Start without $, so it's easy to copy and paste. + * Start typed commands with ``$ `` (dollar space) so that they + are easily differentiated from program output. * Use "sudo" with docker to ensure that your command is runnable even if they haven't [used the *docker* group](http://docs.docker.io/en/latest/use/basics/#why-sudo). From 2d576ea3b62b7c272be2c86323b1691229311043 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 11 Dec 2013 10:14:56 +1000 Subject: [PATCH 0023/2538] make docs is more consistent --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 3f4725a583..768cabdbb1 100644 --- a/docs/README.md +++ b/docs/README.md @@ -57,7 +57,7 @@ docs inside the container, even starting a simple HTTP server on port 8000 so that you can connect and see your changes. In the ``docker`` source directory, run: - ```make doc``` + ```make docs``` This is the equivalent to ``make clean server`` since each container starts clean. From bc7722ea0f51cdba693be1c00afbca09ec0af4d9 Mon Sep 17 00:00:00 2001 From: Thomas LEVEIL Date: Tue, 31 Dec 2013 01:09:42 +0000 Subject: [PATCH 0024/2538] support for container names in bash completion --- contrib/completion/bash/docker | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8e535285e1..f1a515d00a 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -4,7 +4,7 @@ # # This script provides supports completion of: # - commands and their options -# - container ids +# - container ids and names # - image repos and tags # - filepaths # @@ -25,21 +25,24 @@ __docker_containers_all() { local containers containers="$( docker ps -a -q )" - COMPREPLY=( $( compgen -W "$containers" -- "$cur" ) ) + names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_containers_running() { local containers containers="$( docker ps -q )" - COMPREPLY=( $( compgen -W "$containers" -- "$cur" ) ) + names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_containers_stopped() { local containers containers="$( comm -13 <(docker ps -q | sort -u) <(docker ps -a -q | sort -u) )" - COMPREPLY=( $( compgen -W "$containers" -- "$cur" ) ) + names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_image_repos() @@ -70,8 +73,9 @@ __docker_containers_and_images() { local containers images containers="$( docker ps -a -q )" + names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" images="$( docker images | awk 'NR>1{print $1":"$2}' )" - COMPREPLY=( $( compgen -W "$images $containers" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$images $names $containers" -- "$cur" ) ) __ltrim_colon_completions "$cur" } From fb17f9fcab7474e6e3f618488bd1c1b6d04469a4 Mon Sep 17 00:00:00 2001 From: Paul Date: Thu, 2 Jan 2014 09:52:07 +1300 Subject: [PATCH 0025/2538] Mac OSX command for pip was incorrect --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 768cabdbb1..3fdbad2ead 100644 --- a/docs/README.md +++ b/docs/README.md @@ -46,7 +46,7 @@ directory: * Linux: `pip install -r docs/requirements.txt` -* Mac OS X: `[sudo] pip-2.7 -r docs/requirements.txt` +* Mac OS X: `[sudo] pip-2.7 install -r docs/requirements.txt` ###Alternative Installation: Docker Container From 98b39c91deaee30a6f8bfcae71bc980fdf35bd28 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Wed, 15 Jan 2014 19:33:01 -0500 Subject: [PATCH 0026/2538] Added Reference Manual Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/builder.rst | 456 ++++++ docs/sources/reference/commandline/cli.rst | 1258 +++++++++++++++++ .../reference/commandline/docker_images.gif | Bin 0 -> 35785 bytes docs/sources/reference/commandline/index.rst | 14 + docs/sources/reference/index.rst | 17 + 5 files changed, 1745 insertions(+) create mode 100644 docs/sources/reference/builder.rst create mode 100644 docs/sources/reference/commandline/cli.rst create mode 100644 docs/sources/reference/commandline/docker_images.gif create mode 100644 docs/sources/reference/commandline/index.rst create mode 100644 docs/sources/reference/index.rst diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst new file mode 100644 index 0000000000..e61db62689 --- /dev/null +++ b/docs/sources/reference/builder.rst @@ -0,0 +1,456 @@ +:title: Build Images (Dockerfile Reference) +:description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image. +:keywords: builder, docker, Dockerfile, automation, image creation + +.. _dockerbuilder: + +=================================== +Build Images (Dockerfile Reference) +=================================== + +**Docker can act as a builder** and read instructions from a text +``Dockerfile`` to automate the steps you would otherwise take manually +to create an image. Executing ``docker build`` will run your steps and +commit them along the way, giving you a final image. + +.. contents:: Table of Contents + +.. _dockerfile_usage: + +1. Usage +======== + +To :ref:`build ` an image from a source repository, create +a description file called ``Dockerfile`` at the root of your +repository. This file will describe the steps to assemble the image. + +Then call ``docker build`` with the path of your source repository as +argument (for example, ``.``): + + ``sudo docker build .`` + +The path to the source repository defines where to find the *context* +of the build. The build is run by the Docker daemon, not by the CLI, +so the whole context must be transferred to the daemon. The Docker CLI +reports "Uploading context" when the context is sent to the daemon. + +You can specify a repository and tag at which to save the new image if the +build succeeds: + + ``sudo docker build -t shykes/myapp .`` + +The Docker daemon will run your steps one-by-one, committing the +result to a new image if necessary, before finally outputting the +ID of your new image. The Docker daemon will automatically clean +up the context you sent. + +Note that each instruction is run independently, and causes a new image +to be created - so ``RUN cd /tmp`` will not have any effect on the next +instructions. + +Whenever possible, Docker will re-use the intermediate images, +accelerating ``docker build`` significantly (indicated by ``Using cache``: + +.. code-block:: bash + + $ docker build -t SvenDowideit/ambassador . + Uploading context 10.24 kB + Uploading context + Step 1 : FROM docker-ut + ---> cbba202fe96b + Step 2 : MAINTAINER SvenDowideit@home.org.au + ---> Using cache + ---> 51182097be13 + Step 3 : CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top + ---> Using cache + ---> 1a5ffc17324d + Successfully built 1a5ffc17324d + +When you're done with your build, you're ready to look into +:ref:`image_push`. + +.. _dockerfile_format: + +2. Format +========= + +The Dockerfile format is quite simple: + +:: + + # Comment + INSTRUCTION arguments + +The Instruction is not case-sensitive, however convention is for them to be +UPPERCASE in order to distinguish them from arguments more easily. + +Docker evaluates the instructions in a Dockerfile in order. **The +first instruction must be `FROM`** in order to specify the +:ref:`base_image_def` from which you are building. + +Docker will treat lines that *begin* with ``#`` as a comment. A ``#`` +marker anywhere else in the line will be treated as an argument. This +allows statements like: + +:: + + # Comment + RUN echo 'we are running some # of cool things' + +.. _dockerfile_instructions: + +3. Instructions +=============== + +Here is the set of instructions you can use in a ``Dockerfile`` for +building images. + +.. _dockerfile_from: + +3.1 FROM +-------- + + ``FROM `` + +Or + + ``FROM :`` + +The ``FROM`` instruction sets the :ref:`base_image_def` for subsequent +instructions. As such, a valid Dockerfile must have ``FROM`` as its +first instruction. The image can be any valid image -- it is +especially easy to start by **pulling an image** from the +:ref:`using_public_repositories`. + +``FROM`` must be the first non-comment instruction in the +``Dockerfile``. + +``FROM`` can appear multiple times within a single Dockerfile in order +to create multiple images. Simply make a note of the last image id +output by the commit before each new ``FROM`` command. + +If no ``tag`` is given to the ``FROM`` instruction, ``latest`` is +assumed. If the used tag does not exist, an error will be returned. + +.. _dockerfile_maintainer: + +3.2 MAINTAINER +-------------- + + ``MAINTAINER `` + +The ``MAINTAINER`` instruction allows you to set the *Author* field of +the generated images. + +.. _dockerfile_run: + +3.3 RUN +------- + + ``RUN `` + +The ``RUN`` instruction will execute any commands on the current image +and commit the results. The resulting committed image will be used for +the next step in the Dockerfile. + +Layering ``RUN`` instructions and generating commits conforms to the +core concepts of Docker where commits are cheap and containers can be +created from any point in an image's history, much like source +control. + +Known Issues (RUN) +.................. + +* :issue:`783` is about file permissions problems that can occur when + using the AUFS file system. You might notice it during an attempt to + ``rm`` a file, for example. The issue describes a workaround. +* :issue:`2424` Locale will not be set automatically. + +.. _dockerfile_cmd: + +3.4 CMD +------- + +CMD has three forms: + +* ``CMD ["executable","param1","param2"]`` (like an *exec*, preferred form) +* ``CMD ["param1","param2"]`` (as *default parameters to ENTRYPOINT*) +* ``CMD command param1 param2`` (as a *shell*) + +There can only be one CMD in a Dockerfile. If you list more than one +CMD then only the last CMD will take effect. + +**The main purpose of a CMD is to provide defaults for an executing +container.** These defaults can include an executable, or they can +omit the executable, in which case you must specify an ENTRYPOINT as +well. + +When used in the shell or exec formats, the ``CMD`` instruction sets +the command to be executed when running the image. This is +functionally equivalent to running ``docker commit -run '{"Cmd": +}'`` outside the builder. + +If you use the *shell* form of the CMD, then the ```` will +execute in ``/bin/sh -c``: + +.. code-block:: bash + + FROM ubuntu + CMD echo "This is a test." | wc - + +If you want to **run your** ```` **without a shell** then you +must express the command as a JSON array and give the full path to the +executable. **This array form is the preferred format of CMD.** Any +additional parameters must be individually expressed as strings in the +array: + +.. code-block:: bash + + FROM ubuntu + CMD ["/usr/bin/wc","--help"] + +If you would like your container to run the same executable every +time, then you should consider using ``ENTRYPOINT`` in combination +with ``CMD``. See :ref:`dockerfile_entrypoint`. + +If the user specifies arguments to ``docker run`` then they will +override the default specified in CMD. + +.. note:: + Don't confuse ``RUN`` with ``CMD``. ``RUN`` actually runs a + command and commits the result; ``CMD`` does not execute anything at + build time, but specifies the intended command for the image. + +.. _dockerfile_expose: + +3.5 EXPOSE +---------- + + ``EXPOSE [...]`` + +The ``EXPOSE`` instruction exposes ports for use within links. This is +functionally equivalent to running ``docker commit -run '{"PortSpecs": +["", ""]}'`` outside the builder. Refer to +:ref:`port_redirection` for detailed information. + +.. _dockerfile_env: + +3.6 ENV +------- + + ``ENV `` + +The ``ENV`` instruction sets the environment variable ```` to the +value ````. This value will be passed to all future ``RUN`` +instructions. This is functionally equivalent to prefixing the command +with ``=`` + +.. note:: + The environment variables will persist when a container is run + from the resulting image. + +.. _dockerfile_add: + +3.7 ADD +------- + + ``ADD `` + +The ``ADD`` instruction will copy new files from and add them to +the container's filesystem at path ````. + +```` must be the path to a file or directory relative to the +source directory being built (also called the *context* of the build) or +a remote file URL. + +```` is the path at which the source will be copied in the +destination container. + +All new files and directories are created with mode 0755, uid and gid +0. + +.. note:: + if you build using STDIN (``docker build - < somefile``), there is no build + context, so the Dockerfile can only contain an URL based ADD statement. + +.. note:: + if your URL files are protected using authentication, you will need to use + an ``RUN wget`` , ``RUN curl`` or other tool from within the container as + ADD does not support authentication. + +The copy obeys the following rules: + +* The ```` path must be inside the *context* of the build; you cannot + ``ADD ../something /something``, because the first step of a + ``docker build`` is to send the context directory (and subdirectories) to + the docker daemon. +* If ```` is a URL and ```` does not end with a trailing slash, + then a file is downloaded from the URL and copied to ````. +* If ```` is a URL and ```` does end with a trailing slash, + then the filename is inferred from the URL and the file is downloaded to + ``/``. For instance, ``ADD http://example.com/foobar /`` + would create the file ``/foobar``. The URL must have a nontrivial path + so that an appropriate filename can be discovered in this case + (``http://example.com`` will not work). +* If ```` is a directory, the entire directory is copied, + including filesystem metadata. +* If ```` is a *local* tar archive in a recognized compression + format (identity, gzip, bzip2 or xz) then it is unpacked as a + directory. Resources from *remote* URLs are **not** decompressed. + + When a directory is copied or unpacked, it has the same behavior as + ``tar -x``: the result is the union of + + 1. whatever existed at the destination path and + 2. the contents of the source tree, + + with conflicts resolved in favor of "2." on a file-by-file basis. + +* If ```` is any other kind of file, it is copied individually + along with its metadata. In this case, if ```` ends with a + trailing slash ``/``, it will be considered a directory and the + contents of ```` will be written at ``/base()``. +* If ```` does not end with a trailing slash, it will be + considered a regular file and the contents of ```` will be + written at ````. +* If ```` doesn't exist, it is created along with all missing + directories in its path. + +.. _dockerfile_entrypoint: + +3.8 ENTRYPOINT +-------------- + +ENTRYPOINT has two forms: + +* ``ENTRYPOINT ["executable", "param1", "param2"]`` (like an *exec*, + preferred form) +* ``ENTRYPOINT command param1 param2`` (as a *shell*) + +There can only be one ``ENTRYPOINT`` in a Dockerfile. If you have more +than one ``ENTRYPOINT``, then only the last one in the Dockerfile will +have an effect. + +An ``ENTRYPOINT`` helps you to configure a container that you can run +as an executable. That is, when you specify an ``ENTRYPOINT``, then +the whole container runs as if it was just that executable. + +The ``ENTRYPOINT`` instruction adds an entry command that will **not** +be overwritten when arguments are passed to ``docker run``, unlike the +behavior of ``CMD``. This allows arguments to be passed to the +entrypoint. i.e. ``docker run -d`` will pass the "-d" +argument to the ENTRYPOINT. + +You can specify parameters either in the ENTRYPOINT JSON array (as in +"like an exec" above), or by using a CMD statement. Parameters in the +ENTRYPOINT will not be overridden by the ``docker run`` arguments, but +parameters specified via CMD will be overridden by ``docker run`` +arguments. + +Like a ``CMD``, you can specify a plain string for the ENTRYPOINT and +it will execute in ``/bin/sh -c``: + +.. code-block:: bash + + FROM ubuntu + ENTRYPOINT wc -l - + +For example, that Dockerfile's image will *always* take stdin as input +("-") and print the number of lines ("-l"). If you wanted to make +this optional but default, you could use a CMD: + +.. code-block:: bash + + FROM ubuntu + CMD ["-l", "-"] + ENTRYPOINT ["/usr/bin/wc"] + +.. _dockerfile_volume: + +3.9 VOLUME +---------- + + ``VOLUME ["/data"]`` + +The ``VOLUME`` instruction will create a mount point with the specified name and mark it +as holding externally mounted volumes from native host or other containers. For more information/examples +and mounting instructions via docker client, refer to :ref:`volume_def` documentation. + +.. _dockerfile_user: + +3.10 USER +--------- + + ``USER daemon`` + +The ``USER`` instruction sets the username or UID to use when running +the image. + +.. _dockerfile_workdir: + +3.11 WORKDIR +------------ + + ``WORKDIR /path/to/workdir`` + +The ``WORKDIR`` instruction sets the working directory in which +the command given by ``CMD`` is executed. + +.. _dockerfile_examples: + +4. Dockerfile Examples +====================== + +.. code-block:: bash + + # Nginx + # + # VERSION 0.0.1 + + FROM ubuntu + MAINTAINER Guillaume J. Charmes + + # make sure the package repository is up to date + RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list + RUN apt-get update + + RUN apt-get install -y inotify-tools nginx apache2 openssh-server + +.. code-block:: bash + + # Firefox over VNC + # + # VERSION 0.3 + + FROM ubuntu + # make sure the package repository is up to date + RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list + RUN apt-get update + + # Install vnc, xvfb in order to create a 'fake' display and firefox + RUN apt-get install -y x11vnc xvfb firefox + RUN mkdir /.vnc + # Setup a password + RUN x11vnc -storepasswd 1234 ~/.vnc/passwd + # Autostart firefox (might not be the best way, but it does the trick) + RUN bash -c 'echo "firefox" >> /.bashrc' + + EXPOSE 5900 + CMD ["x11vnc", "-forever", "-usepw", "-create"] + +.. code-block:: bash + + # Multiple images example + # + # VERSION 0.1 + + FROM ubuntu + RUN echo foo > bar + # Will output something like ===> 907ad6c2736f + + FROM ubuntu + RUN echo moo > oink + # Will output something like ===> 695d7793cbe4 + + # You'll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with + # /oink. diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst new file mode 100644 index 0000000000..67c8b06189 --- /dev/null +++ b/docs/sources/reference/commandline/cli.rst @@ -0,0 +1,1258 @@ +:title: Command Line Interface +:description: Docker's CLI command description and usage +:keywords: Docker, Docker documentation, CLI, command line + +.. _cli: + +Command Line Help +----------------- + +To list available commands, either run ``docker`` with no parameters or execute +``docker help``:: + + $ sudo docker + Usage: docker [OPTIONS] COMMAND [arg...] + -H=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind/connect to or unix://[/path/to/socket] to use. When host=[0.0.0.0], port=[4243] or path=[/var/run/docker.sock] is omitted, default values are used. + + A self-sufficient runtime for linux containers. + + ... + +.. _cli_daemon: + +``daemon`` +---------- + +:: + + Usage of docker: + -D=false: Enable debug mode + -H=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind or unix://[/path/to/socket] to use. When host=[0.0.0.0], port=[4243] or path=[/var/run/docker.sock] is omitted, default values are used. + -api-enable-cors=false: Enable CORS headers in the remote API + -b="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking + -bip="": Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of -b + -d=false: Enable daemon mode + -dns="": Force docker to use specific DNS servers + -g="/var/lib/docker": Path to use as the root of the docker runtime + -icc=true: Enable inter-container communication + -ip="0.0.0.0": Default IP address to use when binding container ports + -iptables=true: Disable docker's addition of iptables rules + -mtu=1500: Set the containers network mtu + -p="/var/run/docker.pid": Path to use for daemon PID file + -r=true: Restart previously running containers + -s="": Force the docker runtime to use a specific storage driver + -v=false: Print version information and quit + +The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the +daemon and client. To run the daemon you provide the ``-d`` flag. + +To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``. + +To set the DNS server for all Docker containers, use ``docker -d -dns 8.8.8.8``. + +To run the daemon with debug output, use ``docker -d -D``. + +The docker client will also honor the ``DOCKER_HOST`` environment variable to set +the ``-H`` flag for the client. + +:: + + docker -H tcp://0.0.0.0:4243 ps + # or + export DOCKER_HOST="tcp://0.0.0.0:4243" + docker ps + # both are equal + + +.. _cli_attach: + +``attach`` +---------- + +:: + + Usage: docker attach CONTAINER + + Attach to a running container. + + -nostdin=false: Do not attach stdin + -sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + +You can detach from the container again (and leave it running) with +``CTRL-c`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of +the Docker client when it quits. When you detach from the container's +process the exit code will be returned to the client. + +To stop a container, use ``docker stop``. + +To kill the container, use ``docker kill``. + +.. _cli_attach_examples: + +Examples: +~~~~~~~~~ + +.. code-block:: bash + + $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) + $ sudo docker attach $ID + top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355560k used, 18012k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221740k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top + + top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355244k used, 18328k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + + + top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355780k used, 17792k free, 27880k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + ^C$ + $ sudo docker stop $ID + +.. _cli_build: + +``build`` +--------- + +:: + + Usage: docker build [OPTIONS] PATH | URL | - + Build a new container image from the source code at PATH + -t="": Repository name (and optionally a tag) to be applied + to the resulting image in case of success. + -q=false: Suppress verbose build output. + -no-cache: Do not use the cache when building the image. + -rm: Remove intermediate containers after a successful build + +The files at ``PATH`` or ``URL`` are called the "context" of the build. The +build process may refer to any of the files in the context, for example when +using an :ref:`ADD ` instruction. When a single ``Dockerfile`` +is given as ``URL``, then no context is set. When a Git repository is set as +``URL``, then the repository is used as the context + +.. _cli_build_examples: + +.. seealso:: :ref:`dockerbuilder`. + +Examples: +~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker build . + Uploading context 10240 bytes + Step 1 : FROM busybox + Pulling repository busybox + ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ + Step 2 : RUN ls -lh / + ---> Running in 9c9e81692ae9 + total 24 + drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin + drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev + drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc + drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib + lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib + dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc + lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin + dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys + drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp + drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr + ---> b35f4035db3f + Step 3 : CMD echo Hello World + ---> Running in 02071fceb21b + ---> f52f38b7823e + Successfully built f52f38b7823e + +This example specifies that the ``PATH`` is ``.``, and so all the files in +the local directory get tar'd and sent to the Docker daemon. The ``PATH`` +specifies where to find the files for the "context" of the build on +the Docker daemon. Remember that the daemon could be running on a +remote machine and that no parsing of the ``Dockerfile`` happens at the +client side (where you're running ``docker build``). That means that +*all* the files at ``PATH`` get sent, not just the ones listed to +:ref:`ADD ` in the ``Dockerfile``. + +The transfer of context from the local machine to the Docker daemon is +what the ``docker`` client means when you see the "Uploading context" +message. + + +.. code-block:: bash + + $ sudo docker build -t vieux/apache:2.0 . + +This will build like the previous example, but it will then tag the +resulting image. The repository name will be ``vieux/apache`` and the +tag will be ``2.0`` + + +.. code-block:: bash + + $ sudo docker build - < Dockerfile + +This will read a ``Dockerfile`` from *stdin* without context. Due to +the lack of a context, no contents of any local directory will be sent +to the ``docker`` daemon. Since there is no context, a ``Dockerfile`` +``ADD`` only works if it refers to a remote URL. + +.. code-block:: bash + + $ sudo docker build github.com/creack/docker-firefox + +This will clone the GitHub repository and use the cloned repository as +context. The ``Dockerfile`` at the root of the repository is used as +``Dockerfile``. Note that you can specify an arbitrary Git repository +by using the ``git://`` schema. + + +.. _cli_commit: + +``commit`` +---------- + +:: + + Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] + + Create a new image from a container's changes + + -m="": Commit message + -author="": Author (eg. "John Hannibal Smith " + -run="": Configuration to be applied when the image is launched with `docker run`. + (ex: -run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}') + +.. _cli_commit_examples: + +Commit an existing container +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker ps + ID IMAGE COMMAND CREATED STATUS PORTS + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 + f5283438590d + $ docker images | head + REPOSITORY TAG ID CREATED VIRTUAL SIZE + SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB + +Change the command that a container runs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Sometimes you have an application container running just a service and you need +to make a quick change and then change it back. + +In this example, we run a container with ``ls`` and then change the image to +run ``ls /etc``. + +.. code-block:: bash + + $ docker run -t -name test ubuntu ls + bin boot dev etc home lib lib64 media mnt opt proc root run sbin selinux srv sys tmp usr var + $ docker commit -run='{"Cmd": ["ls","/etc"]}' test test2 + 933d16de9e70005304c1717b5c6f2f39d6fd50752834c6f34a155c70790011eb + $ docker run -t test2 + adduser.conf gshadow login.defs rc0.d + alternatives gshadow- logrotate.d rc1.d + apt host.conf lsb-base rc2.d + ... + +Full -run example +................. + +The ``-run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` +or ``config`` when running ``docker inspect IMAGEID``. + +(Multiline is okay within a single quote ``'``) + +.. code-block:: bash + + $ sudo docker commit -run=' + { + "Entrypoint" : null, + "Privileged" : false, + "User" : "", + "VolumesFrom" : "", + "Cmd" : ["cat", "-e", "/etc/resolv.conf"], + "Dns" : ["8.8.8.8", "8.8.4.4"], + "MemorySwap" : 0, + "AttachStdin" : false, + "AttachStderr" : false, + "CpuShares" : 0, + "OpenStdin" : false, + "Volumes" : null, + "Hostname" : "122612f45831", + "PortSpecs" : ["22", "80", "443"], + "Image" : "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Tty" : false, + "Env" : [ + "HOME=/", + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "StdinOnce" : false, + "Domainname" : "", + "WorkingDir" : "/", + "NetworkDisabled" : false, + "Memory" : 0, + "AttachStdout" : false + }' $CONTAINER_ID + +.. _cli_cp: + +``cp`` +------ + +:: + + Usage: docker cp CONTAINER:PATH HOSTPATH + + Copy files/folders from the containers filesystem to the host + path. Paths are relative to the root of the filesystem. + +.. code-block:: bash + + $ sudo docker cp 7bb0e258aefe:/etc/debian_version . + $ sudo docker cp blue_frog:/etc/hosts . + +.. _cli_diff: + +``diff`` +-------- + +:: + + Usage: docker diff CONTAINER + + List the changed files and directories in a container's filesystem + +There are 3 events that are listed in the 'diff': + +1. ```A``` - Add +2. ```D``` - Delete +3. ```C``` - Change + +For example: + +.. code-block:: bash + + $ sudo docker diff 7bb0e258aefe + + C /dev + A /dev/kmsg + C /etc + A /etc/mtab + A /go + A /go/src + A /go/src/github.com + A /go/src/github.com/dotcloud + A /go/src/github.com/dotcloud/docker + A /go/src/github.com/dotcloud/docker/.git + .... + +.. _cli_events: + +``events`` +---------- + +:: + + Usage: docker events + + Get real time events from the server + + -since="": Show previously created events and then stream. + (either seconds since epoch, or date string as below) + +.. _cli_events_example: + +Examples +~~~~~~~~ + +You'll need two shells for this example. + +Shell 1: Listening for events +............................. + +.. code-block:: bash + + $ sudo docker events + +Shell 2: Start and Stop a Container +................................... + +.. code-block:: bash + + $ sudo docker start 4386fb97867d + $ sudo docker stop 4386fb97867d + +Shell 1: (Again .. now showing events) +...................................... + +.. code-block:: bash + + [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + +Show events in the past from a specified time +............................................. + +.. code-block:: bash + + $ sudo docker events -since 1378216169 + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + + $ sudo docker events -since '2013-09-03' + [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + + $ sudo docker events -since '2013-09-03 15:49:29 +0200 CEST' + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + +.. _cli_export: + +``export`` +---------- + +:: + + Usage: docker export CONTAINER + + Export the contents of a filesystem as a tar archive to STDOUT + +For example: + +.. code-block:: bash + + $ sudo docker export red_panda > latest.tar + +.. _cli_history: + +``history`` +----------- + +:: + + Usage: docker history [OPTIONS] IMAGE + + Show the history of an image + + -notrunc=false: Don't truncate output + -q=false: only show numeric IDs + +To see how the ``docker:latest`` image was built: + +.. code-block:: bash + + $ docker history docker + ID CREATED CREATED BY + docker:latest 19 hours ago /bin/sh -c #(nop) ADD . in /go/src/github.com/dotcloud/docker + cf5f2467662d 2 weeks ago /bin/sh -c #(nop) ENTRYPOINT ["hack/dind"] + 3538fbe372bf 2 weeks ago /bin/sh -c #(nop) WORKDIR /go/src/github.com/dotcloud/docker + 7450f65072e5 2 weeks ago /bin/sh -c #(nop) VOLUME /var/lib/docker + b79d62b97328 2 weeks ago /bin/sh -c apt-get install -y -q lxc + 36714852a550 2 weeks ago /bin/sh -c apt-get install -y -q iptables + 8c4c706df1d6 2 weeks ago /bin/sh -c /bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEYn' > /.s3cfg + b89989433c48 2 weeks ago /bin/sh -c pip install python-magic + a23e640d85b5 2 weeks ago /bin/sh -c pip install s3cmd + 41f54fec7e79 2 weeks ago /bin/sh -c apt-get install -y -q python-pip + d9bc04add907 2 weeks ago /bin/sh -c apt-get install -y -q reprepro dpkg-sig + e74f4760fa70 2 weeks ago /bin/sh -c gem install --no-rdoc --no-ri fpm + 1e43224726eb 2 weeks ago /bin/sh -c apt-get install -y -q ruby1.9.3 rubygems libffi-dev + 460953ae9d7f 2 weeks ago /bin/sh -c #(nop) ENV GOPATH=/go:/go/src/github.com/dotcloud/docker/vendor + 8b63eb1d666b 2 weeks ago /bin/sh -c #(nop) ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/goroot/bin + 3087f3bcedf2 2 weeks ago /bin/sh -c #(nop) ENV GOROOT=/goroot + 635840d198e5 2 weeks ago /bin/sh -c cd /goroot/src && ./make.bash + 439f4a0592ba 2 weeks ago /bin/sh -c curl -s https://go.googlecode.com/files/go1.1.2.src.tar.gz | tar -v -C / -xz && mv /go /goroot + 13967ed36e93 2 weeks ago /bin/sh -c #(nop) ENV CGO_ENABLED=0 + bf7424458437 2 weeks ago /bin/sh -c apt-get install -y -q build-essential + a89ec997c3bf 2 weeks ago /bin/sh -c apt-get install -y -q mercurial + b9f165c6e749 2 weeks ago /bin/sh -c apt-get install -y -q git + 17a64374afa7 2 weeks ago /bin/sh -c apt-get install -y -q curl + d5e85dc5b1d8 2 weeks ago /bin/sh -c apt-get update + 13e642467c11 2 weeks ago /bin/sh -c echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list + ae6dde92a94e 2 weeks ago /bin/sh -c #(nop) MAINTAINER Solomon Hykes + ubuntu:12.04 6 months ago + +.. _cli_images: + +``images`` +---------- + +:: + + Usage: docker images [OPTIONS] [NAME] + + List images + + -a=false: show all images (by default filter out the intermediate images used to build) + -notrunc=false: Don't truncate output + -q=false: only show numeric IDs + -tree=false: output graph in tree format + -viz=false: output graph in graphviz format + +Listing the most recently created images +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker images | head + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 77af4d6b9913 19 hours ago 1.089 GB + committest latest b6fa739cedf5 19 hours ago 1.089 GB + 78a85c484f71 19 hours ago 1.089 GB + docker latest 30557a29d5ab 20 hours ago 1.089 GB + 0124422dd9f9 20 hours ago 1.089 GB + 18ad6fad3402 22 hours ago 1.082 GB + f9f1e26352f0 23 hours ago 1.089 GB + tryout latest 2629d1fa0b81 23 hours ago 131.5 MB + 5ed6274db6ce 24 hours ago 1.089 GB + +Listing the full length image IDs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker images -notrunc | head + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB + committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB + 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB + docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB + 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB + 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB + f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB + tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB + 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB + +Displaying images visually +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker images -viz | dot -Tpng -o docker.png + +.. image:: docker_images.gif + :alt: Example inheritance graph of Docker images. + + +Displaying image hierarchy +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker images -tree + + ├─8dbd9e392a96 Size: 131.5 MB (virtual 131.5 MB) Tags: ubuntu:12.04,ubuntu:latest,ubuntu:precise + └─27cf78414709 Size: 180.1 MB (virtual 180.1 MB) + └─b750fe79269d Size: 24.65 kB (virtual 180.1 MB) Tags: ubuntu:12.10,ubuntu:quantal + ├─f98de3b610d5 Size: 12.29 kB (virtual 180.1 MB) + │ └─7da80deb7dbf Size: 16.38 kB (virtual 180.1 MB) + │ └─65ed2fee0a34 Size: 20.66 kB (virtual 180.2 MB) + │ └─a2b9ea53dddc Size: 819.7 MB (virtual 999.8 MB) + │ └─a29b932eaba8 Size: 28.67 kB (virtual 999.9 MB) + │ └─e270a44f124d Size: 12.29 kB (virtual 999.9 MB) Tags: progrium/buildstep:latest + └─17e74ac162d8 Size: 53.93 kB (virtual 180.2 MB) + └─339a3f56b760 Size: 24.65 kB (virtual 180.2 MB) + └─904fcc40e34d Size: 96.7 MB (virtual 276.9 MB) + └─b1b0235328dd Size: 363.3 MB (virtual 640.2 MB) + └─7cb05d1acb3b Size: 20.48 kB (virtual 640.2 MB) + └─47bf6f34832d Size: 20.48 kB (virtual 640.2 MB) + └─f165104e82ed Size: 12.29 kB (virtual 640.2 MB) + └─d9cf85a47b7e Size: 1.911 MB (virtual 642.2 MB) + └─3ee562df86ca Size: 17.07 kB (virtual 642.2 MB) + └─b05fc2d00e4a Size: 24.96 kB (virtual 642.2 MB) + └─c96a99614930 Size: 12.29 kB (virtual 642.2 MB) + └─a6a357a48c49 Size: 12.29 kB (virtual 642.2 MB) Tags: ndj/mongodb:latest + +.. _cli_import: + +``import`` +---------- + +:: + + Usage: docker import URL|- [REPOSITORY[:TAG]] + + Create an empty filesystem image and import the contents of the tarball + (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + +At this time, the URL must start with ``http`` and point to a single +file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a +root filesystem. If you would like to import from a local directory or +archive, you can use the ``-`` parameter to take the data from *stdin*. + +Examples +~~~~~~~~ + +Import from a remote location +............................. + +This will create a new untagged image. + +.. code-block:: bash + + $ sudo docker import http://example.com/exampleimage.tgz + +Import from a local file +........................ + +Import to docker via pipe and *stdin*. + +.. code-block:: bash + + $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new + +Import from a local directory +............................. + +.. code-block:: bash + + $ sudo tar -c . | docker import - exampleimagedir + +Note the ``sudo`` in this example -- you must preserve the ownership of the +files (especially root ownership) during the archiving with tar. If you are not +root (or the sudo command) when you tar, then the ownerships might not get +preserved. + +.. _cli_info: + +``info`` +-------- + +:: + + Usage: docker info + + Display system-wide information. + +.. code-block:: bash + + $ sudo docker info + Containers: 292 + Images: 194 + Debug mode (server): false + Debug mode (client): false + Fds: 22 + Goroutines: 67 + LXC Version: 0.9.0 + EventsListeners: 115 + Kernel Version: 3.8.0-33-generic + WARNING: No swap limit support + + +.. _cli_insert: + +``insert`` +---------- + +:: + + Usage: docker insert IMAGE URL PATH + + Insert a file from URL in the IMAGE at PATH + +Use the specified ``IMAGE`` as the parent for a new image which adds a +:ref:`layer ` containing the new file. The ``insert`` command does +not modify the original image, and the new image has the contents of the parent +image, plus the new file. + + +Examples +~~~~~~~~ + +Insert file from GitHub +....................... + +.. code-block:: bash + + $ sudo docker insert 8283e18b24bc https://raw.github.com/metalivedev/django/master/postinstall /tmp/postinstall.sh + 06fd35556d7b + +.. _cli_inspect: + +``inspect`` +----------- + +:: + + Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] + + Return low-level information on a container/image + + -format="": Format the output using the given go template. + +By default, this will render all results in a JSON array. If a format +is specified, the given template will be executed for each result. + +Go's `text/template `_ package +describes all the details of the format. + +Examples +~~~~~~~~ + +Get an instance's IP Address +............................ + +For the most part, you can pick out any field from the JSON in a +fairly straightforward manner. + +.. code-block:: bash + + $ sudo docker inspect -format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID + +List All Port Bindings +...................... + +One can loop over arrays and maps in the results to produce simple +text output: + +.. code-block:: bash + + $ sudo docker inspect -format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID + +Find a Specific Port Mapping +............................ + +The ``.Field`` syntax doesn't work when the field name begins with a +number, but the template language's ``index`` function does. The +``.NetworkSettings.Ports`` section contains a map of the internal port +mappings to a list of external address/port objects, so to grab just +the numeric public port, you use ``index`` to find the specific port +map, and then ``index`` 0 contains first object inside of that. Then +we ask for the ``HostPort`` field to get the public address. + +.. code-block:: bash + + $ sudo docker inspect -format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID + +.. _cli_kill: + +``kill`` +-------- + +:: + + Usage: docker kill CONTAINER [CONTAINER...] + + Kill a running container (Send SIGKILL) + +The main process inside the container will be sent SIGKILL. + +Known Issues (kill) +~~~~~~~~~~~~~~~~~~~ + +* :issue:`197` indicates that ``docker kill`` may leave directories + behind and make it difficult to remove the container. + +.. _cli_load: + +``load`` +-------- + +:: + + Usage: docker load < repository.tar + + Loads a tarred repository from the standard input stream. + Restores both images and tags. + +.. _cli_login: + +``login`` +--------- + +:: + + Usage: docker login [OPTIONS] [SERVER] + + Register or Login to the docker registry server + + -e="": email + -p="": password + -u="": username + + If you want to login to a private registry you can + specify this by adding the server name. + + example: + docker login localhost:8080 + + +.. _cli_logs: + +``logs`` +-------- + +:: + + Usage: docker logs [OPTIONS] CONTAINER + + Fetch the logs of a container + +The ``docker logs`` command is a convenience which batch-retrieves whatever +logs are present at the time of execution. This does not guarantee execution +order when combined with a ``docker run`` (i.e. your run may not have generated +any logs at the time you execute ``docker logs``). + +The ``docker logs -f`` command combines ``docker logs`` and ``docker attach``: +it will first return all logs from the beginning and then continue streaming +new output from the container's stdout and stderr. + + +.. _cli_port: + +``port`` +-------- + +:: + + Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT + + Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + + +.. _cli_ps: + +``ps`` +------ + +:: + + Usage: docker ps [OPTIONS] + + List containers + + -a=false: Show all containers. Only running containers are shown by default. + -notrunc=false: Don't truncate output + -q=false: Only display numeric IDs + +Running ``docker ps`` showing 2 linked containers. + +.. code-block:: bash + + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp + d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + +.. _cli_pull: + +``pull`` +-------- + +:: + + Usage: docker pull NAME + + Pull an image or a repository from the registry + + +.. _cli_push: + +``push`` +-------- + +:: + + Usage: docker push NAME + + Push an image or a repository to the registry + + +.. _cli_restart: + +``restart`` +----------- + +:: + + Usage: docker restart [OPTIONS] NAME + + Restart a running container + +.. _cli_rm: + +``rm`` +------ + +:: + + Usage: docker rm [OPTIONS] CONTAINER + + Remove one or more containers + -link="": Remove the link instead of the actual container + +Known Issues (rm) +~~~~~~~~~~~~~~~~~ + +* :issue:`197` indicates that ``docker kill`` may leave directories + behind and make it difficult to remove the container. + + +Examples: +~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker rm /redis + /redis + + +This will remove the container referenced under the link ``/redis``. + + +.. code-block:: bash + + $ sudo docker rm -link /webapp/redis + /webapp/redis + + +This will remove the underlying link between ``/webapp`` and the ``/redis`` containers removing all +network communication. + +.. code-block:: bash + + $ sudo docker rm `docker ps -a -q` + + +This command will delete all stopped containers. The command ``docker ps -a -q`` will return all +existing container IDs and pass them to the ``rm`` command which will delete them. Any running +containers will not be deleted. + +.. _cli_rmi: + +``rmi`` +------- + +:: + + Usage: docker rmi IMAGE [IMAGE...] + + Remove one or more images + +Removing tagged images +~~~~~~~~~~~~~~~~~~~~~~ + +Images can be removed either by their short or long ID's, or their image names. +If an image has more than one name, each of them needs to be removed before the +image is removed. + +.. code-block:: bash + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + + $ sudo docker rmi fd484f19954f + Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories + 2013/12/11 05:47:16 Error: failed to remove one or more images + + $ sudo docker rmi test1 + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + $ sudo docker rmi test2 + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + $ sudo docker rmi test + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + + +.. _cli_run: + +``run`` +------- + +:: + + Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + + Run a command in a new container + + -a=map[]: Attach to stdin, stdout or stderr + -c=0: CPU shares (relative weight) + -cidfile="": Write the container ID to the file + -d=false: Detached mode: Run container in the background, print new container id + -e=[]: Set environment variables + -h="": Container host name + -i=false: Keep stdin open even if not attached + -privileged=false: Give extended privileges to this container + -m="": Memory limit (format: , where unit = b, k, m or g) + -n=true: Enable networking for this container + -p=[]: Map a network port to the container + -rm=false: Automatically remove the container when it exits (incompatible with -d) + -t=false: Allocate a pseudo-tty + -u="": Username or UID + -dns=[]: Set custom dns servers for the container + -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "container-dir" is missing, then docker creates a new volume. + -volumes-from="": Mount all volumes from the given container(s) + -entrypoint="": Overwrite the default entrypoint set by the image + -w="": Working directory inside the container + -lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + -sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + -expose=[]: Expose a port from the container without publishing it to your host + -link="": Add link to another container (name:alias) + -name="": Assign the specified name to the container. If no name is specific docker will generate a random name + -P=false: Publish all exposed ports to the host interfaces + +The ``docker run`` command first ``creates`` a writeable container layer over +the specified image, and then ``starts`` it using the specified command. That +is, ``docker run`` is equivalent to the API ``/containers/create`` then +``/containers/(id)/start``. + +The ``docker run`` command can be used in combination with ``docker commit`` to +:ref:`change the command that a container runs `. + +Known Issues (run -volumes-from) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* :issue:`2702`: "lxc-start: Permission denied - failed to mount" + could indicate a permissions problem with AppArmor. Please see the + issue for a workaround. + +Examples: +~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker run -cidfile /tmp/docker_test.cid ubuntu echo "test" + +This will create a container and print ``test`` to the console. The +``cidfile`` flag makes Docker attempt to create a new file and write the +container ID to it. If the file exists already, Docker will return an +error. Docker will close this file when ``docker run`` exits. + +.. code-block:: bash + + $ sudo docker run -t -i -rm ubuntu bash + root@bc338942ef20:/# mount -t tmpfs none /mnt + mount: permission denied + + +This will *not* work, because by default, most potentially dangerous +kernel capabilities are dropped; including ``cap_sys_admin`` (which is +required to mount filesystems). However, the ``-privileged`` flag will +allow it to run: + +.. code-block:: bash + + $ sudo docker run -privileged ubuntu bash + root@50e3f57e16e6:/# mount -t tmpfs none /mnt + root@50e3f57e16e6:/# df -h + Filesystem Size Used Avail Use% Mounted on + none 1.9G 0 1.9G 0% /mnt + + +The ``-privileged`` flag gives *all* capabilities to the container, +and it also lifts all the limitations enforced by the ``device`` +cgroup controller. In other words, the container can then do almost +everything that the host can do. This flag exists to allow special +use-cases, like running Docker within Docker. + +.. code-block:: bash + + $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd + +The ``-w`` lets the command being executed inside directory given, +here ``/path/to/dir/``. If the path does not exists it is created inside the +container. + +.. code-block:: bash + + $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd + +The ``-v`` flag mounts the current working directory into the container. +The ``-w`` lets the command being executed inside the current +working directory, by changing into the directory to the value +returned by ``pwd``. So this combination executes the command +using the container, but inside the current working directory. + +.. code-block:: bash + + $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash + +This binds port ``8080`` of the container to port ``80`` on ``127.0.0.1`` of the +host machine. :ref:`port_redirection` explains in detail how to manipulate ports +in Docker. + +.. code-block:: bash + + $ sudo docker run -expose 80 ubuntu bash + +This exposes port ``80`` of the container for use within a link without +publishing the port to the host system's interfaces. :ref:`port_redirection` +explains in detail how to manipulate ports in Docker. + +.. code-block:: bash + + $ sudo docker run -name console -t -i ubuntu bash + +This will create and run a new container with the container name +being ``console``. + +.. code-block:: bash + + $ sudo docker run -link /redis:redis -name console ubuntu bash + +The ``-link`` flag will link the container named ``/redis`` into the +newly created container with the alias ``redis``. The new container +can access the network and environment of the redis container via +environment variables. The ``-name`` flag will assign the name ``console`` +to the newly created container. + +.. code-block:: bash + + $ sudo docker run -volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd + +The ``-volumes-from`` flag mounts all the defined volumes from the +referenced containers. Containers can be specified by a comma seperated +list or by repetitions of the ``-volumes-from`` argument. The container +ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in +read-only or read-write mode, respectively. By default, the volumes are mounted +in the same mode (read write or read only) as the reference container. + +A complete example +.................. + +.. code-block:: bash + + $ sudo docker run -d -name static static-web-files sh + $ sudo docker run -d -expose=8098 -name riak riakserver + $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro -name app appserver + $ sudo docker run -d -p 1443:443 -dns=dns.dev.org -v /var/log/httpd -volumes-from static -link riak -link app -h www.sven.dev.org -name web webserver + $ sudo docker run -t -i -rm -volumes-from web -w /var/log/httpd busybox tail -f access.log + +This example shows 5 containers that might be set up to test a web application change: + +1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has CSS, image and static HTML in it, (with a ``VOLUME`` instruction in the ``Dockerfile`` to allow the web server to use those files); +2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it; +3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; +4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; +5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``-rm`` option means that when the container exits, the container's layer is removed. + + +.. _cli_save: + +``save`` +--------- + +:: + + Usage: docker save image > repository.tar + + Streams a tarred repository to the standard output stream. + Contains all parent layers, and all tags + versions. + +.. _cli_search: + +``search`` +---------- + +:: + + Usage: docker search TERM + + Search the docker index for images + + -notrunc=false: Don't truncate output + -stars=0: Only displays with at least xxx stars + -trusted=false: Only show trusted builds + +.. _cli_start: + +``start`` +--------- + +:: + + Usage: docker start [OPTIONS] CONTAINER + + Start a stopped container + + -a=false: Attach container's stdout/stderr and forward all signals to the process + -i=false: Attach container's stdin + +.. _cli_stop: + +``stop`` +-------- + +:: + + Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] + + Stop a running container (Send SIGTERM, and then SIGKILL after grace period) + + -t=10: Number of seconds to wait for the container to stop before killing it. + +The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL + +.. _cli_tag: + +``tag`` +------- + +:: + + Usage: docker tag [OPTIONS] IMAGE REPOSITORY[:TAG] + + Tag an image into a repository + + -f=false: Force + +.. _cli_top: + +``top`` +------- + +:: + + Usage: docker top CONTAINER [ps OPTIONS] + + Lookup the running processes of a container + +.. _cli_version: + +``version`` +----------- + +Show the version of the Docker client, daemon, and latest released version. + + +.. _cli_wait: + +``wait`` +-------- + +:: + + Usage: docker wait [OPTIONS] NAME + + Block until a container stops, then print its exit code. diff --git a/docs/sources/reference/commandline/docker_images.gif b/docs/sources/reference/commandline/docker_images.gif new file mode 100644 index 0000000000000000000000000000000000000000..5894ca270e002758b8f332141e00356e42868880 GIT binary patch literal 35785 zcmd3tS6CBW*sj+UAPFD|HS{DP9Sl`K#LzngL_|~wh=>J0Kv6{0(5o7H5isItu^ai_j`|%i=(+kus7_0yaNA47>mV; zii%50N=ZvgDgGCEGFeScO+{N+4I~zJ0sDe?UNh-Oink491>4dt5?8J@)TEc<>-SB4TS))R7}c z0#5#yKqfOd`M>PV%*@Kl3O{@HU~X<+Ufw^&#nBi3%dyJJnwpvuwY8_3nwp!NnU^mo zUHLC*U0uDsy_wgqpX=`*930FU9?l;hpO}~^zIX4!ga2}IX6DJ0Csj|M*3QpAfByX4 zyLXpAd{|yy{`>du|2*{nFBkF;6bpbi(EIO({u>h@vdW|Ct&fR;w$@>qcrXN0&a7xY`c7GB^N@v$7r*be2ujX3j+*UQ5MKnGzH`-P`a-L+DspQgL zGnS{dwQ1K_d+kIKblEGe4Lvr5kv=tL^y+OUu+{sPO3R{P3jf$h&{<^j`b)jGH8?>Uq8E^YhU>-JrYIyO&?{s@*Pn_VvWv z_lWH>Csg%*|HL26QuVrV{m1f~v5S%Y)nhTK7CHdXxe$t5S$_BI-p!k_Hdo!P=s$)1P1V~&Y2{vtmfPxsbkVUvk#Wq3)V zblS@z#%UJ_atYsYPfC=^u`fQ`zwwmz6AA*M20sQ|*mJPFTPjiA=v9PmEZ&PE&>0@3;FcQ8sU0l3ENxQ{Cq1 zaEfgMXRxW=ufe|AwB>E3q;9&P>GJiT0rTrL*vz-B!w1XF7kw0(XM$6gn=kP)Y5&OIDE7?Z1{U%Lq8-P{eJ$w=le*56bfS^m>{D7G4J^t zpKF~q-0t7;hmi^bB z(Fds=Qkkvv%5_?0W%J_abw0*CPgTTnId)vCt+;eRAo-Q!Z&5YKkh}TZoH8W}05v+W zOtGW#lB6~O?oqyi9?b^8dOLr8=r%47pYa~_oEI?$IsL$Tr}-cxP&w1GBzJ?vY}MU$ z$R5%+58k|*;xp1>j>^k164M%*4c5I=9zVDtUoGpsJ=A-|HH!b;h_U6bCvO(kNk%~O zKSJ+BNkAp#ngj|!|5iTG_T>t8W8ibuJjk9_DH`j-L`~RI)&Qhf^rJIR=)dMf)~&d_ zL)7&^MU9yrH%cc!4Pi=#`;)ni0H|{NaYT0euiZ4%*@|{w=PG>C`%RjSQV2o+C?f7Z zijk5WfRBkdkR?C+iKhFf1U{;iY3C^#OyR{e8q7DC<^-9cU|l&C24Mc|=DFQd?hN>K zgcmmY3tf1qYs5N?aZ*-cK!}=*5Po}{A2m{^kf}g4hZ?6~^jy9>=a!faX*D5eD~#)t z9kDQr!dBl_OU(peM4!x1iL+V1VQ5^;#~G_Yl}&MvG}HulZ98i47{G1qky&R~I#*+6 znL&mkS&6325U6-N@mna@R=TU$r18f@;d-{M5RaG=8hQKlhkLeSD|PF=Ww~TdZp8Eu z-BNcdY4}vO-I%Y2S@DTViQ5rHi&jiQc{>n*Tm$rg(I~7HD^OVEh>e+ z%|dv0hK;nn7Z%TZDXDe9Ta(VL)(?kp1{x?xJ}QC|xsvgw_cH@>6NE@RQtsoJ65R`1D9r z!z9=<>Q{YQGS_qWC6^*;o!9ysc2+9RxZ4#^O~0`IMY&yf_Nu(?CERkUq6R)e#4H^W zb>>52_5czlfq>%^PyYQ`cnu~2SQ?)op3Fz}*f#6pBhl|GzU|eShl^vIN;Q=dL`G_%I0; zp3#SOXz(|a7NYoRPWE2u;JZrw!rEMJ(yKj8TryY4f|Ph9t3R2(heLdQR6XD0x2@XjFqUQ1P$@RZSmoeiMSdfK)E#B?4YQY+mAaXq55GJcvRMx zHX%-e#M8m62$Qu@6L8NF_z6Ui{bqtO+i9^rRZWnkn>dXepsBe8{+k7Q(nhbltK3q)wW^O=PidsGa<}juJEZ>PLjLukVzih0RC&hw<~g0FI1&Z)|Rb-^Mc{+%fX)QLmJsaQ>(zHl`DBa_-MGWpV zz)>qybLqyz!x(p#EdYDF?Wu`5NewSfkQ3u|BC9g2`h|q?Tx`g{kpV~E2UrX6}j6qE<=?HzvptZQjSK{nGcQe<;f`OP1QGgx5a`HeWu4b*OLa zL4k|82leWhV&+Rjx?tSLK!=A6Fzp#rzO0fknCsYQwa+0unRsPA9 zD93a(*@^F$xKbt=*QXPjxKqg5(YZBC6y-4;qU;Z21gEBh^Pwme{m5U>r}{F3DxX)= zMMxJ&cvpY&tEBgV{|>Y~-MoL|?m)XO`y#$w>*&cdqN&&&D%TxL`4A`r(uBE$3BZw9na5X5Zh0Q>~Yw;d}>D8(3J&k+H-Vk-RYAA6vacHvXWLbAVZ5O z#-F*h@x&v0r(;)-DLRvXZnXXFbV_>Zj1q+@Q{_A>dGyT}4^<{?N==d`0aNxr@1L(S zPxK=&Lq|Oa#jyb~9IG%BuN3YII2u~TMuH`1{hKr7F0xLzdG}Q^L}Mz1I!NO^=j|Cn zT$(tBXitjKnncBUKui<6SO@)aJfmFf@oQf)#o2vgIeGI`Du^X-U4h<*q7CcexG%1I z9mwmsOp6sc59WbN0UFvFnIu5X@EN%?M>FaBRJaIBD+I4hZ)q7{3_2F9>fQwvzAFg4sW4CzaOvS{f0 zQ5evWcUl-tKI9&WDsrGS4m4$pvEl*1Ot1%_rDIR;w*3Zl$OVt$Nb%};_+c%uEXJ;F zdbbL(i^7^cTM>C0q%q{{DYQ+dDo2EyqtcCFmLNwef)>)g!ceSju0|vEe$6pw4s0?A zwMP5(?%hIh(#6wZT`FAq^=#M1oTHN{U?7!D$n`!-2B5ATvIaW{-26-?ROKJL%>uI> zD}=laeH5LONJB8Z^NGB`4^A;&yoeJo5p_X`H4`Lq5kTK>LIa}0hIjWC4SdHE=}<>_ z%*}RkX@Lbb+P%Ou*RFjPE$AqA$UPZhV^Yb?OyZ(|4HB8Lt`^Bj3{ZtBWD{9*V0bIF zBp)N>LW7}w7;Rc<3Jp%o-F^lu)S`_c@W6Qt$leYe)yBAvovY*)l~Rv%zGCE#$@OgG#87~u85m)Xmh0Oj zIzE{mc`iA!uzg0G=u$j_JuucS`y>X(K7o-Dm?cJ{o>-x}LezzxL+1LYQrSs-czrIc z!im=AXuWX3ymG;~^C3FBVo?qi=9B;yoJ>-s3rMW>sxSPpi{0e~jIv)AI)55v2f|iy z6kJ%j1qSC-rCC)`X;G@HS^3!+6XSS3+ybL$iIMqP`EEZ(od(B@T}b9dc+l2nN5<3j zxJQYx_6-+}ar;b5Wsg}TRN zeBI(caLX^pCbPy_&WFCOyMYtByY@I1n#Dg(6B%GmAtvWm1D&&4W6irXml>Amiji=^ z!2HT2Civ-(Av1u!E4FO5F37c|Gpr@Na!dU(u!mn3Fmf{{yX_O%XP{#v&JBV~2dQ#MqFUD)~t0 zDAp*G+(tQ?7J}+WdX8q~A4_O=8Nlwr?6RxNzc`9s?_}6;D8k@y61y{nkKhD*O5-pm zXHf(8P8Iwmmz|ie;TR`8^ezgPnu+$nt>TutuAC20SABgvbwPjLWRFIcYy|ddJ!5w| zEhwAYoyOf>%|h*nN1X8JvL*KY_nLB62hkSF)m1<6ogzo_R5a?PCiXgMcE*w`WmqkW zImm1O3+H#La}?KWX{#;OlgD(`?wrg|i9(lbU|msy4gIhttLK1u3vr=Cmusrafd$dm zM~yZ`UW?i7MB{Blv>3*l)~X-@yfN}d^mn7cE7!}HEnXlumoDs}GGX3!va{f(F`x2D z@#Y=b)YKdVN$rv&pihsnjYj&2xmp^&8(Z5`Rz6#zv2hoiQuL}I3KgJKGK~)qws*0} ziAE=KkN>HKsm%~-?HRc`pq)+MB!Fn#+hLu%T#D+ zQ#|#)k4BA|{4QhVs}>}!G}m2A?`aymjsN=t4g4Wf}S5ch9$0ceAg=rAk>J5P=k=?%}NDy;#U+ zoDGo=|0rAcI0^>)N3?k(P1GYoAnz50I@0Tgc4ZIDWVa4M9thB(nVK4-RdU&bTJHX_ z*}3n1+`v|&4s@F_YR5(~Rj@4;k>_Zv7wG6yZ9K%M*t_IgM$h9zyV^_F+0zg*^-zfm zYys}nQIAl;O$BDI+S)YvwzjHVjUMN8`J1AVh$D?6%GCBz1M_*0R9wjQ*H&SPP?+BC z7xB_(6KXTBhPEOA%cE;V0(~k%;n9;KY{ur~T^J9;BN8+j2={_`i0l<@eULg4)HUqgCas0)Kx}yavlp;lEOaHMVs>~pF*S@|4x6wUW7KC~K4^S9B~Nh-(MS#Xeb!Hy z)h@$?ZVi{d+#7hQt0kux$#F(>{&Q<=h4N$lhOp`@bg~cVU=MVYJ zS4N$;VeU3ifmHybJ7Z_J0}$?*$4l=*xt9i~fvU>FXiT6L4Xx=F-~9181AfsNb!nOR zGSG89BTx}$|w5O)yi`R4nI9~L-Vk;V!p+zXzSM}d|tN`5Vg$L#_b(PtWllE zug2q*^aK}{7-cz|UT5SUw;g!hmIHV9yg9M%bep1jPqTKnhg$ABMNLxuXHvDXhx)yV zR~P>(kilgEe$ST+H#CM#US8O-OXSAFg&q5fj{VBw{(JD9zy}F@-fN$B)F}kOavDN^qfb5pHr+nR5y&aStYL1A5oBa>q&K&rF>jZb9PJ~ zb2T}`=uK=+8@S^Kobv5Ygh$BkP$uxZ1nhiIue-~~HwbOc#YcbP{MJ!>ldSUWi#+_5 z?`yQRRae=cEL`l|EV4GuAv)}gy}e2n8hSW92?{JFa5N9Ra!N!H`CqZ`PprOQ8Tz8p zbw@7oJ528!SHS?xE^R{keex7g#IfBAb_4@Zcivpx5ZcI>0;r(|N=9 zqt1yc_kKm4`JSw9I@$i6AKLpOANW~)ym}>0!TtS;!?LMopT>p{X)nE|WQ^P=)z-eIrtg!z?{#_4t9b|k#2jE$jXXVV zfmX6uvL~|9Qy++JqG{-76(v)FJN^H~Y+F#njx}amO%^IHauWk0rt;EMPxDn#yaq|5 zhzi3Bn}pQt9s*TIV;Jx@0l3if{?x-6PwdTP5}>SCkal||1QfPpX@Ebxl4t03(w8-m zgPND&c~raMEtT_zpluAq&*{9R zB>^+z%iZLPg@NU}MIm8(W}2r*VwduN%r?gZteC&=8~~?Is_iK^1Qol+iqD8O@W+IJ zq!;l&X8T1;1E3c)e$^y06^i$G?OLs>>3lzGiuz(cj0r<%*7h}MyX$}?aLROA-=_cR z!)soz!4JU>={)g^Cv>0P?K^2e0lBf;OOv=jTDQ76=%Noc6GEf&mm)|jE5BBj({SxB zTgEiBF?gErhTjbP2#iJpKT*u=4L=F*s5PJD_*-Br3}INdQuQVYyD_srG#AnbegKfB z9`^+mC&oXx_rK8AX6x&R z-HQ_Z8($XgvX)PdZ8e#PfC{_eMM=2MUc21=nO*(D!=D*UR>Z^o^^PW($bF~((b3c> z3Hzx1hTSqm1FMz)e(f$V`%GSZQ(e`?1U2K@Jx`^`fMdhXKNhzShl{l=tDXD701!Q+ z=|HKb38!g)P4sv42$A@8@se6DSN?L<@NBsRhCTj{vy#Gu+R}c^K5YS0neVR*Yl~jm zasQYc3X?sW_4gBhcSHnC8=QoJ%*@XZ-TSxE;GTUc?{?#H7^Z0Nm)vPC_G|9TkFnY; z(XbmpwU&m1HgyMD?tuImlh3E@O-M{pZ+dlf89O4pWfAqA| z+G%ce$YUhC^uV^)OIJ@DV0eJAqbOc!Ciqc%$7vU5kI2UaRf5Wst7RX8#9%F&*&JBj zXYlXk(GNkAGJs?D>`UpW_I&e-KIQ2#wQ~l!TP!Ow7br%A6>N^1^`Ui#4pf+zRlLdo z4=W@t?0b8$c^nmfTzR*-^0L>uo~9d++^=Q>V&pIFe7WwpcfH5QZ5#UY?)T<=dA!}K z>XN~h@z0KN7?6Hf%GDN~PJ{b$ZPu0iDe+)M+TslC*-UY(7240GC%QlOl|0kM2A=)* z%9c&-(f8%gGF60XB;E!82R zz0X%EM8ZD_-=7pVCU@BUW@tL@fyjNu9SMB}bc=(T1aN#`|0XCadBdD%2qQFSWm@2Q zJKAqufm(;$rPf4p&7%&w+0cA!ooe3fGYO%u$x#K(83PucTg>YQQv0(q{ME(bpOyU! z9y#=FU$zss^{>Ih`LmJP)k?3OM=WQ(&+QrDDt{jxv6h_27}!6OClpXmT*{I5NVmy4 zIyCBNxs=1oCY%qU-`XdB-&>}4hFn5R+#kvo+Jv_yIJ%7clrH5rxYz1p-T58G+}63Dug>hG+{%1+5KW~w>eiR=N=XcPdG9&c>A?prH~Ny#g&z<)oQD< zEqi4}pG*0FXNAS(mHg&%sSeXO<&~R4EfjZ1m9Uxcd;SH%p*mA(mfJQ%%>+YZh5Mu# z6jkDCeimzp%Z>!7Z~NA%{2Wum!Yhp_1OC$|nGn$7Wm=D5gkwRw7)kBv*Or4$%gJb? z>~$#&10(C9eKeH>;>DYT3>9|WxvycaWmQ?`{zUmqZsq-oaYrf9ulY|xuHLIKJQuTp zLffqT2;f$}G`3YTn^R41$vL#`ccC-0IdYrScMCT$E{WnF8nqPmrPsKegq`-PZ@m`` z;NY_dcatLZ0{6G6magr6`+T>I=|>0~?idj7=}uR@&F7@+4^Vod{E6lvs|0ge|0csW zL^_<`CS{`+V%Urli`l}Kj}x$TAkVnX5Gwns7rvE(%J`?OHv-(X&B_?KckI__^7eL3 ztNBuc3M1xR`*o!1`~SXl(29X2aR6DL&uvVJ(ZK=1PI((S43;N?lLT}EhOd&w9TJ!1 zZnb4>@0}C6g|`RHrOvdL)+ZqkSpn5gT+ay&{J{z>oy01o1Gag%lbaDE8CDA>;JdgK z96iy24hXaoXW?TsDU9GKB<`7vV!V-ja~qKYm&;O)cu=Va4`wmAsR_ZD?{zOg_^Ii2 z5(nBfUNF&Z!}YIh!S+8(#|fLc$r!8mD4}ZxyRgb_!NMR9rWLQR-DUv%DC@YAiG4pw z(K!&~r6OREiW-(EoR&a?AR&0O)mFtME}}R@64E5C5o~4x&V&YGilrb7_3XNHdlXJq zNWs!PCXT^CRPaH#5ataMXlIz+YRgtx$E2bj?BISCkV z38#5}S=q%;47|@2HskcK-bDU>3hZGDMHU*Dt3~cByWtFk!-23Z=Z(^o!ftnt4d$U` zhxE{e=Mo#4u>aXN+v}M^e_p-hMzE5U@MXfnPF?k{cR|Z{daEVtW5r@4KU=>1sUxig zguZ1-F#Puroc$AoKN3JQo!OIx7r|wd*5QAXx>buIyb%>hsS$6FXtbMObx)VWuvJQ# z-20+}^BgB-pkmf9Qpi9t#XmIPz4Bxn`VZ2RMgZrykX0lsH#$4nX`NYn9*=tT@==ur zCaiRhiHT(jt-<}Xgs&*&1yhLJ0Qf>oX20BxNtc=52Bq8@vn|$3Gl|}B?YMB(vz|>` z9&G@*t0xnhFgsAGc@fC39W+RxDxUtfvDmi6GeijR94x`QImxwtc{|V=Sx=%JUKHf3 zYMuD|6-$tHOBT|YzqP5?Ee}=svOCo868K6^f)tK+HeOKU^&6Ziv-AgZM>HskR!ob zu^=-NyMebSnGHW-BDz#DC1=b=Hl!IA?@8OWftX~B0iRGv_YGjjxfx z8Ngtw;}L7XoXbJ2sZ5C(i9jh>vVr-uAGKh?M2;Vfhsb=`italXwTfEtVKN>v2mwSE zY{Btu_D;}?N-(WF6l@0c643b=xj#Z{)j(o08wJcAQvIj$_re;Sn0?2wcI<=606N`; znIcP9eNFH5m4F3M7CrfGp`^1p(S?S1G^7w{un8Uwe535@j68Zy5y!(Ow3LSnup-9~ z!};%!cWmbH$7|5Gy+Dx<+c+r17E7*iT+Jvf1!U??Vmzt4DaQ_J?M)xM7B7{ME**n) zU`7OvsR(I!HjZ zL0Uo@q{l~EwJ2VEM2`vm*_x`&%1&)t&6b+X_9P`*(g>}4k0Kn&d)oumsHbP&ph6^u zCkX*xVLObN7z-2&pc{KpJ09ZLb<_Zxm&^hWoG?|fGPPPV@~@#k%jZW&b#3@CUOrZZ zf%LzTb!R(2V*r)Ntmf!U6|Q&Qm;CVH94;s57c(8N=3c! zq_v8CvmG*%3%@QQ?EYEnpitM#awL$djHFPXBn#yn2Yr)!A$wF@%%I)V+zopRbpj zzam9Wv~`nn<>l<~W*nd2sqBa$6_#;ny$)HcjQmkXAfcm?ZuhUwxOZdpViyroc~Xjd-Yd=P z?K44y=AU3cy~Dm0#c9;0Vjg3g^TIxD>Z8;9bcA~;o9HB z<@XdrP|RbQ-~62cw*p(;Fp9sAx!wxhO}^d$HYxO5^d~4B`h4lOVWWzmuOd>3K0iRS zTYD)wbgq(*>tHz(QvHGz=We6(lFPY~>hI{rde)0sgli;Gi7O38WnIgghAJ3CZe^Et zWp!18nhM5nIdj;|eZM+abvbvnwE|D7B*#^-h}9MmMlw zYwwZcbMOgwj3X<;mI=Syi&qf9j$m|5bJXvZ3W6i_HAf_A^%mg=w)-8*iaezHySx|Z zD1Jr*2g&;t6%q#8B5rdm@HfkO?ZR%xjb&Tc3L8zliEriL!FDR=5ap?&4*G+pkH~Bk zlF2ZtzgX%?9^d2dXFCl(;D zODk4uz^>=4BDx8@)$56+to~9lv9N3I`R{jn$%W0O%V@;ox(5jr2|yccspNNF&q2jW zMBk`wD*N{PR1dDWf$RMx9oe9Zqj7Is)xh+DJN?0yY(NAsU<+N$}1O?>_xTGS27ZY61(M~jc zQci#JLU(7^=9@8_9q;VE>uWb%VkG-#!N)Dh@Af5|>k&7V1|F5OjV}U~cLPfQJ^**h zL~}Owrz=b4cwn+m#TT23=|=Gj`x4(eV-zAYO8PMCD)`mA$BH78w&YBb{Qb$|`2?M{ zmb%|{mRb7GIm+!#V5*%fVN> zC;oBoQ|FCucVKBpqRsLOmpq4`p4{n%Xqr&B`9|rDkhi|tI%L3$w%}2&6cSw6p6zTu z+>ofc;2NE^xS;6J8#uA7_`aO_e)RJD+c$_Z{H~H*r9*!|4E(Fdj$AZWg2r!Xkm+fA zmarO->*)0{ea*o26gzc*O%Nq_>r7DhmuHst!TqI0c&ac}dD0YB0JATKko6r9E z=9SP}$1$FU0y=eos@Q10%u6Q7xPiSI7Gvpg_aqA(0GOo zNTGOdX(O|LxI`-LNx1Xlk4>f5@|O6W{5B#={h&cnF)tj-{JHv~hvV^2pePjmw3Rav zp@fuw`oca#xhx@ciSRKfj56o9qcRlguM{7-|)PG<(w6pYvHm%wD-Wm zt^;qSDzQ`!N~Hr;3xQQFibTr4Y5n{DrexY>e@_||+8A+8Uv60fLlr_?J-3K$^32R6 z0mm#)X$}2+EqvB`Ro2<_S!&oUku9v6+DthW`u~cyEiS?Y4^HQ`W*6A7$qTkB%(VU>mx-FziG(1By+0K)qvN$nX~33CMWa2%}zJeJY9_P4}nh4`=8^Otbb!vT(B= zuE`zc(!;wB#w3EvNu8zkR2Eukw@v-@=J?fcz|2y!Ff04NUTkxUm+F>8;q525oN=c3 zwr9>QIy*kpTn`>T*A@pei<+b~FOo?2buchfO8FI@WZd{5NyVVJbTJgWrV}3sWdpm( zG(^ok9JG(>_+8p{Tp9@aN5vrEu9XPDfZCNE*N$C+*v%AmU17jy+T{p?bg3eYDgPgS ze~O`Zc<{i6ZCe{EEJN>enG$!d#cN^as}j8=GNdlj3u+*M>Z%QyzqVyEg$*#QwX)rm zIZd~{UYCRH%F{5RkalnTb?oC)db~*kmtvo}&C6CRodDa}6%#zW%==$#v*A^Wn`oU^ zDKzDO*r9C0^oLfxwJrsXREXDF9DZuQ_uB5`&)T9Z5)_9xka!cirqLRdtC5cX+jxKH z0m0Y%c?rZJ)__|xo{%W=Zs_$m7H}9L@!q@5wvo5S_~5b)Y$??g6WezCvjzq^&-XeD z(s$_S-dI|bu9N8@IquTwbScT6feO3VS96o{dE-x)Su-MqL=Ehhy*sd?A=G@YG*J5iMaNw}8;L+mc>w!P* z#a?vrbXFzC%J5;WqZ;q%Qkobxs2uN!*19z1ckn}1XW^_p4#urG&17mGGiG~{~ zbVXqId5e#|y&41pEH-d(zWLFs=1({3@fnL!2EJFJtKVd^btEJd_yZTO&$5B}guLG8 z5({6zgh>ik`Ztx1iyiE|MyL8Co6O4Ij|m6@vxLZR~T)~dHe1utjv7j<-Se7-hX}cC-bB|PC}H! ze&8o}JDC<~%7RUd&;Ox9Dl?pz*#)!UB$17}f@9OWlk~erXu1>jVnl8V4P(YWdwjLk zeFhJof{(sg8FI-_^+z-XT*33}*8PLn%L&gDdyPc?eJ&m?{_!Wp@hW?)`tR&JI~;)& z#uYYL!T!9w(8aNF0QRiJ$(ti%2v#D;Vq`4U=;s&tW1ac0)(xJO$)%CPu@CF5zxNz^b4Cjg>HwFXzxlZ4gNX}`)+5~PNhB2J+Cc10wrGQ?lA zP8UWgv_z>z@3<$u{kWd?WZ4#maHjLZI(ItaFmzbRHgaH{A1Be17%b$8hjG8#ktf&r z!bP`VXl!asSD>})8B=XE$&JoythXSO3*qRbYOmDj{7kJ{;MtAYy%bHLn*@Ex9YIxp z8?tPbb|6$dEX!kx*sM@~=HgKm9@~-_PWyGZfoXY*D^hfD&&kD+0db5^>6DVNL^{jU z*DwKd+TG^(PziBg1UFgBw_abP7)Th{0I~E?NQ=H|1Hx$p<2P9pI$#dW(WtsBKxl2U zYJz?UnSpjt7UeP>!|+)|m{KMvyk%a=&NL6VZT4Z>v$;ufLNv#Xvys8l?_r z-qwnaEHOF+6QZdq686m9H{SZ9R6ZnG!xb_lt&@nSC9A1ddW;yRl?}y}nXRA4*b5+u zXj&4nizK9;E?yh222gu0vM>e_C|Y#7en+EB>}zpxHWPD*glaNu{31Bhq*$32y3vT| zZSRK~UtKPlh3krX;uFQ~Y0zEgvsZMO+vVOAw4U1LfYFL93DpUKjGw;2dwNgOU8k@c z8!kz?1E75U7*wBLg+F}Z$>{2D5+Rep4WYdCd1MK7;)Q4|CSZEM@4R+X{3C^8`E*fd zpnGd24dZiA)bQ8?VUVQaT@;XhyX3C?~J$I@mR{bGpOcV3alHW@6pf4!tWLlaV9 zGI`_QxgxSm2v02+_n#ITn%r>4<_OI98SdttO-?CiA|RdHd0P9Uy>c+I=vX9SP`vFh zd2)W#+y=RGHYC-qFWd(aimZxjDND@TEau)i{9_|$sr10BmQW%T+Td2n)JvHfa=fh z-|WyGc*K=8t8HvYzr&mrt1SMk#3J=*yk(bS|h5$1~JRk_Pw zjW;KN34NhJ-hCM*JpgL}n|IO>@+6$5uSQG^m|2kR8m)Z{ldeh48ZfWPkv?uXyRh!C z8IY!PYxg|Ll8WOLiV}k%nAtz~WT~(#d@1!s*zYpcEw^P*l7Wqm19p5erry8j%k(SD z#qH7v2wigU?anzT*^#V#=Z0f>7t<}uMCOTTR7o}WyCzn?v|B7OhZ*b~ALQ~cMP}P~ui^ww>6;t#7BOd?9+Lnq$!0A7 zMe$j$M%?@K(_StGe64fau~Hva3Ocz3Pm2peTn;^HIS#ZDHvAsI2O#^RIR zxj}F9i(HEDn&;X4K!fW1+;eseK_wO4*;X$3T9lv$?GpR_`8L=ypJTF4mXvmNt=~3K zV&h`b z#}+)54+_}9vLOXMPRr|luK4;y!JXwm#3}FN^s3jLALmU3fv(*-2KXS!nLHv0dSsJt zm7`FsRTPU2^2uNc|IC+bC!Z{-faCJ#ONgAY+?ORp5!c+WjTK&RFQiu%^>tgY8u#Cb zx(I74Wqhu%FDd_3QqmZF!G4EQ22?heL42N(cOPH9UAszcPl62>u9yZig&JGS8vB46 z$G95j(i++UMc3IH&!08)0H;li>9XIK;9pG@vdlt}eW^ z?m$nS1_@T>)1;mQ!4Ut(c%&Y@^VXU;FIN@UGBvQ%V{-r85Ml-xDpZD$ z?8WOn&A3~Pny-u>+p1^lecfZ=NgaQjpMP3`f7Y~rd*DjZ@e=6S}ABI@a_P&i%$}!!6Kj>Fof|R_3 zFH9@Hm)VA+1uW$|-5&AOu->>Znrk)z_AXQs*`>f+X(oRQwJ&z?jc|Qp{^~F8W z9wdi4Z+k8=UvwpOLMy(l!ubel2ApqX03r?c7H(%7bJo1QWfoDGRQt#!&?MB(Tzc=^ z&rO@Z*zGg1zj4G!2H^Jgc4hm(FsHpQ8Z`m-noW)toNK322!2x)|22h}-S;1$K%It$ z(q;;2qEj>p`zs|B@rT1*oGdL7e$}^JYf)4V7IZ{mBkX|_f!T`=Z8_3wb*CEKlj^!1 zuz5IZ^Ny1m7;bBuVqei@aId1l=F$pbK4eJm^K(KC`OuIQq{ph4%(IY1Kv~}AkD8V> zNko~*Rm*W7B?ryEFK#koJm|!gjT`rXY@~Zy)?$Tf6f@XUO4$fo)vj;Y7=Og@%%Coj z8}PFo(c-|NhG%q1aHp)h8rRh}1g(>G)e-c2B*O}(_{EwuaKu=VRJ?ECT=D_^ct}n8+W?CPQ*FK1tf$tatMnp1WeaWh z?iS3v@GTY%B59sf;M)`{Z5>{u;F%kQSOX8+LBIi>U2(=|T1I9^M*g@M{cVBx_JCyZ5PLADFQEd2OZa>Le2Xid(I)3|dx^@(?JsH-KQ_ajPj%dpN%M$3K#g|HnMNC z0HmtNLwDn*#13z)`;SVObC9pcp`oMU8)z=Ghj6&vch)3Fne1pIN$)CmeG(O_wMGAA zH1>`n-AT~rLzJO`G{=_Y+Y5T@M&rH}ZV&$91UZeYsPaHq8O>Qwe#$pL`HJM?{@K84CI8bBMo zp_JR1HVi`*?%m6H9hZSeX$?9LA|JGHwOz#Sj=l5|;SI~-N8AL^#rkO$8`<)KUdf%o zcuc3_&s^BNHTu|@@ea%%tH%YGqD=7)@+`V2_aXkzSfu`=3k!Og*;!TIF}k@L2Ym_? z+aJ6Mp81i8s$dXPX7q(aXbK4x<=?Y*94@>%n-e@&nLk&PM0v$!$i!-+37xvS*P0Usoh=b&#OER z1MXbx!%@QUo#}yj2T3$6Y2xAvs>l{A?bpBZwD7ghGu;~-;y=4O0I-4mypBC&ED5g2 zyxQ|OWRvH=4?Um@N-yF+kJ+CN5C7|sl7d~5X{w|NmtUV5X=eG;|Q z(xRd|{CQC#_!%J{beZhJbI_!Xz&a6btw*~n+zJ!mxU_dYp5Xf7lg`}7+djy-Qh|)s zu8Z*iW?>u|2B8Va;N|1-lef$T(BL<0rJzS~-J3UL>8mF-tVt?;N*1N(q;oyrUgo!y z+@O*dU_r0cT(BM;m^wU9-J3ts%o;rYL41eMOeOCMMrv}=q~t?l=~;f+-;68{fZXC4k!{P+EH&K!(kn6Ym$gD|r1Tg=$WG9e|Z zu@p(NZ*61jOBy0OV@;G$WH;87(vU()Ly}5GdsLqJ-S_i6*Yn)htv8-o^d-=g;;jlv`l07B=BsIRsd;~a;C7&G;Q5AFw~fVV5D-yp^}xrG?RJFA(% zz5G_vts{zWEaz^qp_={Jwj4e_l%eEhi9K8Bj3rHWNkHRWaMK@HgQUf7myt{loa1954$ z2t1?cpa8iii3Pp9NHWaN9@rUYA!T8)M6jcT6;{!i(1Q58FRbAWV<~P*(%89 zVkA)3u;GeD+czCnN6|zTs3PgAT23R|^vf9Q2xL$J_7{GMoEKmz+v>1B-!ASsM`2PU zpJoLii67c;aO?5MJD081 zXj7s8q2T0daZuYe0dI|OClut(N4SZ*3;QCIZ8Z1t+T@=BxvAhjOMI=ooeH&1A)$`@ za85@ueKrFC=}xA_kFM9$=E{ndgOK%!8c@UO^!H zA48}O8{w|__2W#CU8g}n?e`#QX#BAUStm~Ye2kYh_FS6dG3U6Jb-eg6bO#3+Wf7nM z{Bz!NCIikHXRC_4$J%_hb~w22X5%wzk`Jlp>uTApS>3}EGd?Zg?%lpjB^mdqPF;BB z>d(cs{?ZI{oUiOXvFF7hXK#>GkCD4F>Rr*|QIPU{b zSi)v4iTwfAO3pZ9M-Gm9ghf4#=VXj1Z~5hr%ya`2kds5FMILYkwUHpVOa#8~SDUyQ zOA5r@78H`jL&{-;yk^l*%r24(DsD>qN|%#d@afFl&f^-fU6;`#Y=S`oG}oLy+R9Jj zU}d0zSPL}-2}1t-6N2XS$6q+0pluLoyuNl=h7l9E?pRI;ba#5V7vMW~x*?`I@2 z4JDUuo_H$lNcJ}#LJ6Gj*tB%YdhF_TA9mGWLK+^i7GkIGt^26XE z&aCIW|D^5=N&RTah_ehbk(9fB;W!c~N;DLsB!69J0H(sw!PctzTQLaepgvE~M7PC8 zx-z6@b0hd*)|`K}lDYAk0McvUi|08fe7Lm;-ZG_Vg&Ry>OJZUm=et*g0r2FGreYP( zUczeu(nfQj&`~l?F5orK9;0T1n2k}5PecHU8$`G4UwEyW*gI{L7+p?*B^X4Wd3Gq@ zNahh?HU;_N>3B&-&r|wXpk=+=sP@+H92giXQ zKk-nt5MVl6>Ojm;!I?6D1(9EkKq?4qWIx_5LgC@8RZkQ$-U_X=drc2TmcDX2zQ>}F z1!#TC-|cf)Vv`6$4fPp@&VEWVF5phWm1|r?{{D!q8Pi9u_1X_bH_r`o9=cn?bMfev z9gQWagcHreILyi^Eei4x7m>R;F&U(YaYLQ$!nmfyQz5^l3}QGEk+YX}v#&r9GRCxk z0bA@Tt$21mhH)z#0jO;Aoc(vEGLR7hJO+S&FB_x#4u6EsNdrsV-#W{QpU<3Qq;gqp zmi@_iPaC*zi7mO=Q9_rymi(NJk#pAC8G+ny*X?@HtO{`7NCbTl&|`E*vnK15f+Dd? zzh4_jZK2YS)c~t8w5#{BE}e`tc$1jZB@9rYkX|Yvk2K*Dz#)nSsjK}l#sR<0e4;NN zK+YZ_MQs25%E+Ru*;K|KH0(j6=q(gu3K`)?*-S5eDFh7dcQ{pwSdw7xz}2Qb3)0wR zVg7W3^f!kDdlPAwj=e_6#?kp!jPp zuRCe3JL1$Yu}6Cgso{Z#I4oPvrlSElX8P_)X9|LX03@__?8;)`$)ApT^z(A|ehv)l z`0(@B+Yc+UPA&Y5O)La9lrGE?BW?vItv`*!uw2B+@p~oWyi$DLdt7{!0$E{vU)?>Q zAa>Xhuyr`(S~wf}j@!rQUW(T!7_dzJlj`c8jy|v!*Y4>m+KE=8o3@Wi<}4|w5yR9E z`B^g|eoLAjJF#OF)+WneTn6_XN_%LBfGlyhM}kwLmHi6P9M;4p3_TZv{%jCptPHuY zCTZbpRc1rhMS%@2uk2MArXSFVjWW9(VHI|Yiv?NWU~D}MXl1$pk(_vkE*-oZlli(1 z;!cGfH_{J2MQF#M57wU<`Q;6B14ayZEqMo8;0BUsk9VYJb+5s_zY?a$&%7i8uUdV_ z?^&j=K~eVU%(oCV2*4B1$&Kq{H&i6TL`DO1yf$HTCM3byubu~q2YE}dBR07rO+Q1u*wFI(n6>*;^@l2!BPKyMLNzULaDO0`pPxdc@)jcEg&* zfcEcPd*Bl*0oRPu(=C(327!|woyR2 z?;G9@*^l$|VY|+BW+aXE|i>SOs z3kIndiqVqy(52UXo>Sn0E;O|(4x&hL#lop7$}nJMOuri0C19No{Z^5nt(Dy3#rS7{ z2umCm18Fc39r2}h3{Ct-PJ%CRgHR~-jF)^+Oay>3=Hrg%g6i>T>lj(@g5u2;pdlc} znT-e`C<6>YmI)ct@pm&k?hit;6qV3-kU6#B?mX<&D&O;4SrkV$z`zb#mv{ewIX(&l zx~gbcB{v!5@ZTg{rIHxPLyxEIhmKqY#IK|22cWh60A>U6($h!uu-N#4^388MAZLIS z_!H)w?QMz`FiVXOm2SMknRN~Ht=t5(3(KtA2cfQk5X zpAj+zgQ|89M9@WI`;qj@)ps?Nle_q|PQE4j%V17dUgxY(qkQqO91zL10X{k@Ys&QJ zZ#la8EnSf3ssktOi-APxe##jDwgt3rtaThcd`5q_0mDfe112Mc%8_PS8B6O`Edg6Gt(Iq% zY>BQ|CT%aDf@$d;rwOrrFYb`6;GtIFz5X4~Q?efqB)h}yY2WYoY_~sVw^L3j3>MbF zVL(u6M{rL^$cv89?T#?%yAh^$qrC6NltvXA*Lru;aNYG2cN$8& zZ@lPk-0o^Fz1<|;bH}@fV%*cQUD8?F)BBHd`uy|2Cdo1**IdiwjD`q#Y= zecJB-@}YavbilxE;792IBWqyGRO-)*0pL&jjxOaZe(^dDv( zW>CmyaGI}Q?A(Av*`SPCkMzRezwMntoY_$Ko*_jarqa0~)jx?MW<%<|Lt1711exK< zjUl~r!(9HuGB<{e7KSgH4x9HP&16QbvxjU#M(oN)$_z$CAC5Tw8Sz4lIIfS7eMZxW zqXOBZp8TVSvzbSFM;-o*!fIm_r;z}DW}wg5-mtINbT=)9FKZ9e(8qzWv5{yo%?4H_e*+_ zg$v`w{G-m=_mOw**Onox7RGBrM)BJBzZ`zhXm&$>cODwv(C=3q9p@jLydln7AD&?EJ1_l+e(q61?jz6M zW@7E5X8y?%ncaqplj9+i55A5S1At7{WXZzhXPFUK7R+(vSQ9zH6WE-MFk>PfXglmI zJl-yQZ14hp$p2W-=kd=QkGB^d@5r!>wOHmYk4Z$Br=0cD`<5})z9pdnMdke0Oeh|i zR(1e1dcexVb^;SksPX~8u|b1=YkNyuxu;pF{7FZ!{8K4#UiG%agG#B>-Fm?_-L-)6 z`+X|sjiqt77fq%_&%=?UurrmFHKmcY|LN%h`1tF`KQlXjcY~n{(;bcgiruU!Rb%yc zI%NWe-b0FE4H@tE?ftv+gn+TX_5dNc=jrJKPqV5VyiPx!OL~0tG=ky`>HqaGeRR$F zBed;xpORILFj4*4)$oW`tN-GGDOX#{bEovoC;A5}45)P><=qYp%{`X2rO#*7fLn$W zCkGHW)iAR~j&;bbQu`NotSN}LsLBKHOW$6fS9%8D55E@gIBRP1ylz)#>&ZgLkJSTt zFCvw98HCk1>@^~=O1gL9J{ecM`Q1SFzP3L9(n1)K*}L$~9`2d}K4bz~de4XcCXO6= z*;n1bS)Z(yS8((cpQ{=~k0X>!I_#J)juQyVEs|@_m$&c>6@&H^_NSYkF$O(?!iJ2!^$EcozOSdYzZ`RjV}aYL<0|)qt%GPsGrQ&ZY9N`LJkalQQ|wK4Cj>z zp3d3fl`nrF&R5 zwK!N7mZgMswILMKt=WNSG1yC{d;JOy2-lxMZI#bQRPR}J?#<>2d zqyIW)Wt4hZxv-LdaDAUkl z1)%837I|ZZmB5Pw9&CcpC_x? zh|}MnliAzM&(bf>U?$JVyi)k*7SV0a#$v;MgbbSHQPsI_zp&P>NDAATua?}z@ZAwa z0>s0H8m^MnwIU5ikD8wO?Cq8l8piLLclDWW3)}R1FY*fpzY58Rod1{OLR1$ zu_<^onUtldTv}dPWo?jBgd&?WQV39HSp~VMY7Xs0e^@*=J3lx)O1?VBCSOl+2AsPa zCGu8u&S4GhGLTYh7Ja_40w-F6JYs555P;tA8d5u66;zJP;O4Wz zJo_w{uM9~sBdZt+=KCRy{{OACm6Qz26-My^6BU?4^;Z-f3&@95rw^vf@d7Wi(I(w( zyQ@SvhzZ@R4fC|tGb=_^w8rvrEw|&S{n-vWD3%qWlKy_m3c(K{TfSmx_5z?{EpH?e zOFhz?z$*z5t7%l^dJcuPl1NmvOWXO{*0VC`v(T056Xd*tpp;J=}QAxzz)fqm~!=LY)ToA4PsQ(vpQMDGCUa?H|{)owzu2} zm62K->z|z5so>{KFtU1Jbeg1;8N`gMMT@Y|0YHW#g-S&`vk)m4Tr$522y!3EYUW_#9_btO9Az%ajVzg?o-q&7Usjx1Tu@cRibjrqB5%$^VNkS zd?FlhQmgW=5|rAE3$`Y2YX>E_l+IJw6X%elRkVi z?hTvwMzTlLNci>hZ6M!It)UNB--|>zre${?MnXw?;4Zq}0m^j6+=(W2LQb5cFxq(< zV73pY{|veFM58SjFRQneox-xjtE*Pi$stXb#!NNoq@ou$dXhabAucR(Pr8EjlC{-P zb@I=}E7kf@XYdjdlvXMrL3!4S^%tVyf#i)VcV!Ud3O|JO@R_$=?+#uhwDq zM4B0o*yiCaES$nM{RI}RA9$CXRpYMl3_B?#7Cv;0p47Xy5$}w|Os5m?(W6UZXRVWg z=w~;6EsGoY0$sY;4S79oNp?Lu%7z>_H|CqS!Rzd&;kNYhqf-n!$;!b*(co{`-NON@vYphk<{DQbk^A8rHTPNkJrLvRw zb|f@4zmPX5R(5JIU+>0rOnx%3%14!Uw#KxWy#6*@`2-7x?R7`?v~EOUgiU$2k%>YJ zD?2%{efu8qW-H3Y+_-f<$sXdBe^UFED_@n5m^$FtFkz0m5x_}>le6}bk%Q>SPAka+I4(6N(W8i*xW=+cH=4oY z*YQB^CH2&eD&P2X4C-Othe`$*=AU)DF`Z?^MXb>kjp-WdqAwGtTqGynC!r?RfdMqv zMLAUX$_42q0uN`^Z*ismXA;{d}GRnmyHwySgbHUeq}9U%!{OY4{qqz4^b4k{)Z)nBo( zBF;RD=+>2B8Ix3AIXw0f0!WepL|WtQQR)<09SAOW3MenhMQW0<*8x>4A>U& zwO7Ji7|mbUYs9bFYY!`c=J1y;HMqKBbkH4;mU`!ec~}ADVSh!T!7f5>FCjIZ2tgj3 z#X65pKKfH7Dn|6UCgBM21to!=@jBdUU(haz-6aaORDp1<4f?IvCEYZS5p`maj_cS$SC$F9+RS}pX2iJ(S`AbAN<`|hhCT* zv~t}TJd@}d5!Unm;u4waz)OO&GSH#>uMMZZqx*lKpT#?R( z1hvwEkbyi2VkjwB?6=cA&lNXsSbtc;ioD_NCi#^yc(R@s} z<1L6f#f4C2kT5qU9^+VS*wbx;dVYf)vGsF=Fqx^hV;Dx0*kBZ%2pPi0VUmPHfI@X^ zApK;^D}L#&t9Gn$ZjlyQGgSbg7?y~(b=s!{4{~cX2wk}?Pv!cF?bCS~&VOfN<%R@X z1J9^xPN&2Fp0Dsa;Anyo%zGFL16+CY<%$EvUrX-y&FhlDTeHWwe+9|{`WUi}Y)PLFHumC@s~Z%ITNeaq3Y1vFQe5;1H#mj-(mTI@uU z_dJvP_G&rbAv#T%V^ZK;S><&;TEd)9Y()y`+GX|$qUnor2c)Hd+Q&o`Tk`1%Pa@(* zJ1B@z;L=Es=0D+l%KNp+tTrePYhEI-v6kRWkG|_YhtT{rD4es=i(xE1 z&jFeSK0;D@TT_oFOroQW3k(>q!JzHMrqe|_Nc*0TxP_l&f@4}p(S^Wuv??mX^O z3EPQX{P6E5dE@V5ir~5D!aJYtX(Sa3{rUe@d63lKP07C-R(6k?7H)v!c_M+CNjS z9ZdBKPh}N~{z*%%daDX-q*m}KO#x{$foZm)33*pxyZ`6fdvVD;#V9?|9=4;y^whLV zvuPJ4(vuFQrxhVG)(}~9>6hnXI5Vt22Enpnfv{bOWL)O8xQND7aM2)KG%$(&E3i@` zbKN$Ro08d3loeZ>89SA!O$@gNvK|+})h7aHJF>>cGL?Z-d^LMW%o9!&$A)k48`7nQ z8F)$}kXD4~>^Kz;8zL#0fvKSUlataCS;02hNZ;&DTj2hj+6$C*{7!j7(qa zbmb|g^Tpetz3c_&Pn^}s6@3Sa6V8Y-a%CJ`=MEh69+NE@hTN61=lzZwFd{OhXn3?ONV{;+K-;FwU-x5X`g|WPDrmGKPqmJzoJ(l z>Rx~sgAWl3ye0GA98e1Mvf#)Zx(l?2hx|O+eUY|D+m0hNd9O-+xf(uyly~at=YYc3 zqTYB$;rt97=5Q3-qDtd+yZ2q@L`>1;`-P2FMSre{Uiw{dS+v+F2*`J^wPQj?4Z0go z5BDD^8T8*Np3^C*yYFLrwWOr0ME|u%s3;_p7|!uF7GL+ck%8|h*6x(dEo?9CD~2#} z#cHjGuDuIMAIpn~6}w^;B*hNs2PvMJ;8O$^)&xjWmr$Fzfw9Ln#o%h$C@OJ44g zhbjzm5o!_A-h~L~8DKV`q8+FNaFvJbDmTI_jeHSzu+V+pD2+N%|Mbe6I0oLGVG+wX z=qIa|=UVYg1kJ8M1)K1+c z!@A$bc)GF%5L{74O}=oi?skj$yKh30;irNgs7fwDp>2C5GUc>etX!!+wQO%r2g^K9O$Yrpy9Z`Yc~%5O0m+QI_C%+s^-;;q`!37LLP8@jzSw(cuArt-i_3XLjq z8l`2x8Qq%EvD_@@m3KyctKb#SC~G>OMQd$cn7F-(Oly*Gj+R!3i2~sXtPDtGF@=gx zddvr-Vy#W?I|6#kDYy5ZX1F0=WH#~nUiBT7nnCe#szIXP9+BTPhBkJbRNsne4kODL zf)q<3PkEFvMZlbLFc(l-$H?v{<*c_E=3o@>VMU{AFhkM2h9FuXGxfJ4egvz=wGYX| zhrLEob)ZVC+2?u6X+Px4{1k^y? zc9L5=Zn!OvVR4!dKt%2fR_yo;GS;ZPLkjI4+k)rL;!m2!MH%rO59d|Bhjb;0mu;Av zlg+oNHK~{!&ky|l-_7emB{eafR4r=qhA>H6M45yb(cU@Lm@jmo3Q58lNwXsq^E;hY z&P93R2mQJpN9bphPzt`tyIFUqG2T9d`>%U@VM&;R6~R#OZZalk>=d@ZhA5R=dYg|= zy-R9Q+h*JN=ywyDPhV8N`656r^E*pI&b3HSjxyl|E(;_3&qnFxl)Rju^k*xWb6ndz zlOD(=u~_2xZ4|1wYQ9w1i7D5)-D@eV#pi_Vn?UmX(cw8KG_(&nnV58)Hqg*=tSDT( zM0?lcX{NJ??{DvbJd)(qTw%l?R83s*K56U2nWCdi`AZyOA5*P}BIdfO*cs3+wKi<~ z-G-89G*TrfCnTRr#x6A~9FeZmAIy||K4d(&Bg6YpH?~v0_mryGLtKj0sAvdE&rR8} zR}N)K6r7edT@YE;9!sO(4u%Mm|Dd#q=+k&r=OqojFEGnjM*oYEM|JQQ%P`KI|A+jp z8^MEuK1j1LLl)i0*#k+HSBV-NOKT%UyWw4W_i5)=MXKFwWY)tTgSUNwB%kpt`gj(T zbEZ5HajH}HCA7LpxK=9_2`SQ?#v$CUkaNnX6NMTd;}sO^8oc}!}|JHVW%*? z6uMr~4b-0}*eCp45L?oj4ZgwK7VZ-?LEO@OIOcXmV3j;&Gzi1w`k7)D-(Hkqg7%dI zDp_Gu*KUkvQKfXxYp?r0$-*EChsJh4ao7|2gqwv8G1ECcIIYo#a%BJ(hlF30$%{c; zvUITuE3C6+n1(N62HPd_TKT2lm=o4Xk=-jwlg<;?yUHA^wlbMHJQnjr;7B81jCzd&5s+Ztufthp;YM#* ziSStyi6}0bFlgR#kRZGRiym*EEVUA`vg#RzP7F?W<{s*2Srjg-ZZSy8gCrej?$-wV zqP@ZT(0rkKZt^bv>(1>5gw0>;c6%Hi6|yG1|2eey1m;*|-?=y3zw{#Z#@>amCkBu3 z*-?O#0mAtsNOLhnYw5_@8M{=fs8_45^~Nb?uBj-XV){g*;e>!4tLUn&c*u%v?#8v4 zryXJs?GuwLxLFIj;SQXRgI1%(H|K@V?R_=ti!|FPf5OM*5nv;+e^AZZzAQmVo6J@O zZLF<{xwZBH=~a2~av{rlTk;7eBnT6VybI6tczEB^Q|w(48pzw9$IW+Vc%OKo)9LV< zCmuJm=&!dDY)QnOvcPxg&8&=%ECY&v> zzG*9BL3AiMwAh)wMgZQ~jlmq$wP^~rGfhi3iIS|)RwKWg;eDUg3f2fj)%_D|_=NiR z+tUOUbi7^S&&jn8tq;oN4;N!TY)j7HzeA%l)h2v7^T`KF|3b*Rnl&8T@8g;mmXY3Yryg#Ma+nl@cK0YqsjITP!52 zP1$o?PnhpE3zp8odo48C?^yXM#y zHf?LUW2=4a(%TNxTa{4jWz{=!TX!#qxUC|3&P3%uM(lcfifOQ&j*HkGxXl+EVf27c zly$n9J5)pbcdzEL`GLO!9pIvC*j=NDB z>iQ!4KQ&~@%WvNozWczbA!B~r{8pF$eTUOS*8FvQ^Y1?hB@=X+LZosFtNw{Su7j3R4(nTairqR=l3arvA1e_FCYp(^c1$RhuisI9mww7+%p!5=OC|+5#AH| zx(B&#{Kl?MGPKVdn3~)<`MAtgS@mYOzWlRezCE6Q71KV-VC5GkHv>A_X8M!TzJLr) z4ViiJp1hmAx2do1ap@gHpX>g<56_Sm+zH=>!a{705(ZNNM;;=>n_CYH%DZ>wgl&p9iqEXi}r1QO4S1|1wsmXXgJ z3Mb42CdC*;1WMZw)y9Uj^$k0+Hmq9zH!+fH(V%}PYYy2r34mVywDx3oz{(Kb) z*eeGdcAg7^xY5@CrL;Zyrr?mH@zJY3G4GD&OO#Qpk`Er|0b=)MiY8y;RNxFEl|~3} z%c7p0d|MtjMxY_%f4qBJsg%tG5u>Lu@PQ9qg-V_d93~CcRa+XV&G!ucj~$`$U42>1 zd&0GS4*?L6Q1pEw?5q_I?_f!H-X{r~ZP16~j7PSDn@E^&SlGF@v%y6V*}@d46g#!v zIUF7A%!HJEjogP&Y|J@)prxk@5MV-fY=BG{7!$7BcH3T5=%|%~2nyv6u*~ z6SH(e*aR$rCf5oj4IhyKv2k=7+B~R_ zgN@J8X*)dFg@ZDXbS-^2)4S9P0qCTi{dL^Jp7pVn`hJoJW z;JOh;+eX)7Onwc9FsZ)*>s^SbRg_#Z!xFi%_~(S1v=ICVz>`IGqNd~};vOK6_RI){ zl4*{TzTCKE(vng;$7)JRE`+L3fz%-fUJ}>J?HO)U`|Co@0P^P+i1MT)@3;&C0AH;Q z#*)L$bg~nijcI&8tf-iVGqmhxyzqYp_B96Unf)tW%-V9KK`RCFc@rmADcOJspvuBQr|M2M~bM6z|#u zrS$?pbr%DH?vWXYJ0MFTnQEp?toF(YgEo_i#ko#g+CPj&Kb0iAMotlFHA2wHtH%G6FAvm=Yp#oJrik0S)t}|2hUX5s4P6oi_ za4r=lzE1DK)BzKYV4+AJMZZVDT2sUvTK02QNEG1$f)F|#s-)_K(-YF5YX2Gv<{;nO-4Sic?+zN-B@dt{@$a>jMG( z?~=J{pYryGEE(BkO!Tm<+?iBpEbG=T)*MI){=+H6} zg`-;N`y(I~prqjC$nm`eWaVu2)WnbLwW^1c95Q~C8kruiKMH`3B<9^1vun{GjjyMf zfV@07fIpZu_Cytd#aA>UkwF%!rzajCbqnhd23zKxBoB&m z9c~G>jl%6ZMY~tpxD%=_XtG2Xz}>NF-kn~+I^x&|^tsq`c-~VkQO%MM3LB3*d=K$d z{v`=SehRf2odANTjYOCCd{rsoIQx#=m^QPw7Lf9=5K|oD(ZIbI4k5mG3p|X;@A!r< zVV|_rs+tkd9l`n$5ejuBhADB;*Let;5b4>&Tw-MX7_XnQ3=tU7p~ZzY(9AmSPP$Ov zki-E1vqs?(Z^?)4PXz(M^tgP{a_g18b-FAt-mV7lhi!n8PMOc2js2*7_-=hS5_o=8 zKuh&k3`$-Fhja}~gtGHtc>FOp_pk4?2Tq*0IOQplK@zUeOUIIwEB|qKGKC50=#?~# zEE$X6DZxPeoocT^IiqnKm&`k$wD3^Bh(NCqAW=4rOjf0Gs{n~+(>}05k#?{q`H+PD z1Ei3O06g-+1rSMaQ$-R>J+%NV8}l~hW&C61?@5BVXKq?WFHf2lf3wRF=i&XuM0HGF z*R1rjmf=Z((s@(3Ly#y5qOiz@XS%YH<8-NMau>HR;1|l|>CdEEyfsJmh;zv5U!Az3 zmc)!rj=cd#6cnwb^M&$4w_OflDY-nY$I93tD^hPgZ0H|5_0G z{hz&8i39S*qgx=7TKJO-yr5F_N>l>Jo^Y3AZasPUu~v(D$xgfTO`ar54FGn3fgji) zjWGyyC{Az4JV{SeXC(R(~Vhs_%tDqDtW0!St&KNyqGKd|AOADz}%Er??K3UYs3idT{1GdmRe9!(vY6cTrF%NB(q zdes1OfAO6Acw&Q?9+qe(i@{r}AaknqbA}MxBqZOmrUK6n5MY^>6qd##1mE;bN#4M7 zWAITDc+S@Yq^14&NqU@720+eephHitr8c~!oi55u_?BA3se`gdnJ$BSZ_B+OhVb-V z+!RHPu;7d7vA67H`VoKw64$f5;;S5C_Z^oHPf6Ug_EYA=jbq_jf^I*z}>#m3PO;vmK<3JsonZ{%tI_Tr}R$ow`!LSYc7VyHl~7NpV0)I1&}aZ0w% z5c%_K+^ry_Z#?obG6g0oiIOu_ypp01W~N}^Xa|&~al!%K!h^*Hsm26v0?LjEe0hs> zWrNZbV;()E8nciVc2!V0!vXKD5a)gue0`wPp#Q7=>8hA&z9p%b%m{4e4Q@C7H z3DqjRV_e_BKP#5J1OW@bt1~e*Wz&HrZ9wl`g8MVV=^u{#2?W!Yn##7iQJdQ9L>SA` z)NmAc($d6IDxDILxD12|B}io>O5Vn8fF~f_hF}jMRJ0H$3a*_E_B_yNMO<}J*7wy1 zb^>%A3043?fgEV6B`aY=Frn0Byt#HR_z3;ErIjO}F-1#}Tor}CpzL13*&zsG$}n$i zq!^&Q7QkrN40+@EUjG2da#3YKn06qq8eFS|yQL28{tm)KJL{j$;kyrbJayrsduv#8 za>Nc?bUPxahpGjk^PM9?fhDzoTW_0sGF_e=zNu4irh|geiHJ*BLKsv7^#>a>$>3-z z;j#|FNI`e)wqwijqaR0r6Hg)dFub;M>k8CzO$07-b`OPUQ)@vc!5_bRVQV`Iapr?> zJANH-jlUBRwT}=p;rQBwU_?1s`@P$SyEEUi$JMj5_)Citk@1PET|AZ0w(WeS=h!iMD$Mby%7)2t6CnZK?p)5H8&5dXb3DFwC-7YA?WQJp&l^V!(`I>(-5u{c z7gKwR@)`!B4);ws@H!H7DDaz!&ePrmC0zVHhPC9h{nMIC>D;||h5>_@IkU}a1O!Ut z56dv40cw*j`?N%=!`(aG*@p?cF;?nC2g%+ekRy0vq!VuzTJ90*0zf&d9FiZ{#l4Rc zr8XsU9tU_I%hpN@R(huNEEtNP8FXnGY>ytkd5{3N)Q)e!=5%Pl3b-*KxpvLj6^E%;xUG=2X)_@@ew!RB2iA1{}jMi!I7Qr0|PO;OaM7ykxg_$7`0HAvo8DLn4aqQ1?__Hx zylC6PsT*_h4`N3^_hH!;zu3(*4P}N#y~8OzBBIvzvH|Of9tMH;S68O0OH)CeBRbE0 zftY(N)H@BlI={j+lYmY-I@63A)U(r4*Q3nX-&FU_05o}JUx#Zs=*Y4+^NLcv)^Na64ihOvvsJXPbQO>u#>($)eSKpjp{y6`t zr~K8H`uv}luVVhb0%WHlbM`YIHh0A+hoGJ5Ve>b42>fGzl3Eh#uNOJGq?xcJQBf+@ zzjR=JN%qqvoa}P2(X!%&1f>hh%&W_)&HieO%TwQ%wVFM2%wJD=yf)As1fPF0YW6v=01Z%R#$F%HI4emuKNw zNBbAY&G!0FvQ7PDs^V9-oE1mG>5vPH{?F&aE7)9LGNJ|8g4OBqvJRZ|QQX(vH1nOc z9T*-_=)I7mb~Qw>!cD(VPkvgL!~uThAEmVm=Ffec6aba(f7Ic`*10}S=D^O@pS1Dj z|FS=I9^Gd%`AHTFz7pV=Dzd+62=P^){WbaC|H<0+CyXMcbDV}yVShgN6w+j#)x||M zH(4%tS}I#xDln~ju35@^5RkXdnj~))=^*w{Esb!Ssgb}-qYddqV77Ee&7Kj;v8Zgq z`{jtB`-6Rk!7gLDLw*4P0r@dMtICcB$ec%g)j3As4Dc`JALAv~m>iQK{LxpU7pvaF z3RagrfI#gDx6(@#nMLN6~XAFw?bM2Eg)LI>B#CvQ5F@c zXXP~!1@+>^`jq1OlY&z^#Z$uEwzlu1liC8lr!1ny(xO@w7wKl?)vut|m${^PH7WS_0u z3J5|@gM@{KhlKz

hX^kC2g)la!T~mzbHFo1C4VpP-?lqok##r91$LtE>yEgg*cx zMgR*+PD2C&MuQqiPD=nShd>7aD1*Vsg*wIn8iytT1h=k*u_A;k001zAAKin}BZkGt zgDWP3v=prFhl;22^Yr!h_xSnx`~01$?*N@Zcr_>%iW>mb4VsbA$%-4vgsm!&AmTDZ zMqJ@I)B->afdrix95jT%3jz(DSR-T%5ye3TE{K?UfI&cj@%ri9|H-qb&!0epq6&HQ zkcN;rJnoRV4nT&IHKNJ@@Sz4TLm~oLTqPuBAtdLH7E1cjNr8_@7y$Soa6ln&g0N~; z0svysn>mH*-OIPH-@kwx{kw|@1%M%h7!INJA<>5&1tLcVAfUiTLoF6;ojB~!0EmVW zFFfpI>5`@;oPYpu)rsNOgfas=M;Pa#z_@ek-p#xBqrtTc(egHEgk~oc4iFj=&Jfc> z5ELp~r6hppLOTZB8cxXgppLB>K;Qxb8S*FJZTaP>V#bSO{&-ylr=AOHXm zlyK1x7XVNI45z&yfB+w$P+%_r3?RY?0TL4AkVWEXx6hEPhglJThMEbX zo0e+osi?*`pQx<1>MEe5rYh^Kw4S=^tGMQ>>u#~u>g%t-x^wHU#1?C8PrU}K?6S2E zd+f8&Mr%s4%vNhHpUz6F?Y7)jLhZHSh8s|}-Ii;v|F++XtM0mlkbCaC@amc_yYzzV zZoK&B`{}&y2%*Ad4%OHputTWuB`ZtZkeYx71Ej+U09$*nz7$uiBfqOG*qlnoIS9e8 zMu@QSDlm@bbcJ*wZq^2wZB3VLc3{-vpo0@Lpg`#kD4>v( z)J8~M(lslfz+ypp1AM~@-Yn6=3S9q?H;cn50fXCxDDi>`HDvws434YNS`AWry&Mc9 zaG1d}FI=Sq&WSpK#Nsm`w!@Y$*tN>bXU8u4|2@4bag+uch%f*(;(V}#5d)?CLI4Ol zp@Is8n4pf(g30t8rq zTM-i1rV~aKFw7D#08qjXw|p=I5E&SNAe69x(`djvKybhSWF#!5&F+B^yoV0}P&!0F zX%Gm3NK#JYg#1Yj0>xv1Xll?NCuG1TFc1I-nF9?ImT&g9Xz9gQ+!8Pj-bU#S~3(sV}%WCI1DZ=CzD4+(2&}NCnh~{5FA*G3kl&y z`INGTd4#1ySaTlqxo!ji*juJHh652q4w2!Yi|Y!3O950UlI~#0C6~#}OhkZ<7W5%4 zh5>*Nm2nVf90UaR2E;??q7b23AOg({s6Zj%0{Fd7ni5F>01S1_P&z>g#dCr}uVbDnmFWWT(||!+Inl(( zQkFH4P%msr2nw81p5Z700O+J4|6mfwWbQFSg&@$Ley(BwE*Pjz1=@s_t|Ay5_!;sT zl7T@OMg)n2{Kp^_*qCv4B zjuHmIA`rCD3FOIRS0J#29e{5MOQ1_*fB+*I(Z~rUxQuL^AhID0A)bXWUlVr9SZ0!d ziiB8#$Ov!)BUEVtY*9e~fVcuNu_&7qAYUO;NEw!vrT`?jS!d`LYW%JimFlPG>BaXVe$)KLwM12 z`NiuhN+19xnD@Y0qyYd9#wQAZpk5Fr%u;B8;0i}@0|T%WVM@@T1aK(AAZEo72CxAO zn|O9lXg~opTomSV;FTecF-Z#0fG3>z#%F6n0|>xi8T*(|c5T37aZKc`LU9N zV;BtBxX4gunhON*+9g{#AT=OsPNU4_r6pkl=QDw5uS{mRn!o@6*gz7x%;u#X;RI-& zh5-&h=Q`W@&UntVp7+e>KKuF4fDW{s4S*5=7~lkyY_p=hoP!v+fCZ3_w4^6Z=}KGr z(wNS)rZ>&$PD|PaCNaptnioy#Qk(kJs7|%2SIz2HyZY6zj Date: Mon, 23 Dec 2013 11:43:54 -0800 Subject: [PATCH 0027/2538] update commands.go update docker.go move to pkg update docs update name and copyright change --sinceId to --since-id, update completion and docs Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- contrib/completion/bash/docker | 32 ++-- contrib/completion/zsh/_docker | 8 +- docs/sources/reference/commandline/cli.rst | 193 +++++++++++---------- 3 files changed, 117 insertions(+), 116 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f1a515d00a..4ebe45e083 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -25,7 +25,7 @@ __docker_containers_all() { local containers containers="$( docker ps -a -q )" - names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } @@ -33,7 +33,7 @@ __docker_containers_running() { local containers containers="$( docker ps -q )" - names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } @@ -41,7 +41,7 @@ __docker_containers_stopped() { local containers containers="$( comm -13 <(docker ps -q | sort -u) <(docker ps -a -q | sort -u) )" - names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } @@ -73,7 +73,7 @@ __docker_containers_and_images() { local containers images containers="$( docker ps -a -q )" - names="$( docker inspect -format '{{.Name}}' $containers | sed 's,^/,,' )" + names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" images="$( docker images | awk 'NR>1{print $1":"$2}' )" COMPREPLY=( $( compgen -W "$images $names $containers" -- "$cur" ) ) __ltrim_colon_completions "$cur" @@ -118,7 +118,7 @@ _docker_build() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-no-cache -t -q -rm" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--no-cache -t -q --rm" -- "$cur" ) ) ;; *) _filedir @@ -138,7 +138,7 @@ _docker_commit() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-author -m -run" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--author -m --run" -- "$cur" ) ) ;; *) local counter=$cpos @@ -191,7 +191,7 @@ _docker_events() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-since" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--since" -- "$cur" ) ) ;; *) ;; @@ -223,7 +223,7 @@ _docker_images() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-a -notrunc -q -viz" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-a --no-trunc -q --viz" -- "$cur" ) ) ;; *) local counter=$cpos @@ -308,7 +308,7 @@ _docker_port() _docker_ps() { case "$prev" in - -beforeId|-n|-sinceId) + -before-id|-n|-since-id) return ;; *) @@ -317,7 +317,7 @@ _docker_ps() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-a -beforeId -l -n -notrunc -q -s -sinceId" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-a --before-id -l -n --no-trunc -q -s --since-id" -- "$cur" ) ) ;; *) ;; @@ -388,13 +388,13 @@ _docker_rmi() _docker_run() { case "$prev" in - -cidfile) + --cidfile) _filedir ;; - -volumes-from) + --volumes-from) __docker_containers_all ;; - -a|-c|-dns|-e|-entrypoint|-h|-lxc-conf|-m|-p|-u|-v|-w) + -a|-c|--dns|-e|--entrypoint|-h|--lxc-conf|-m|-p|-u|-v|-w) return ;; *) @@ -403,13 +403,13 @@ _docker_run() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-a -c -cidfile -d -dns -e -entrypoint -h -i -lxc-conf -m -n -p -privileged -t -u -v -volumes-from -w" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-a -c --cidfile -d --dns -e --entrypoint -h -i --lxc-conf -m -n -p --privileged -t -u -v --volumes-from -w" -- "$cur" ) ) ;; *) local counter=$cpos while [ $counter -le $cword ]; do case "${words[$counter]}" in - -a|-c|-cidfile|-dns|-e|-entrypoint|-h|-lxc-conf|-m|-p|-u|-v|-volumes-from|-w) + -a|-c|--cidfile|--dns|-e|--entrypoint|-h|--lxc-conf|-m|-p|-u|-v|--volumes-from|-w) (( counter++ )) ;; -*) @@ -430,7 +430,7 @@ _docker_run() _docker_search() { - COMPREPLY=( $( compgen -W "-notrunc" "-stars" "-trusted" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--no-trunc" "--stars" "--trusted" -- "$cur" ) ) } _docker_start() diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 92acdb13dd..8b50bac01b 100755 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -174,7 +174,7 @@ __docker_subcommand () { (ps) _arguments '-a[Show all containers. Only running containers are shown by default]' \ '-h[Show help]' \ - '-beforeId=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \ + '-before-id=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \ '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' ;; (tag) @@ -189,9 +189,9 @@ __docker_subcommand () { '-a=-[Attach to stdin, stdout or stderr]:toggle:(true false)' \ '-c=-[CPU shares (relative weight)]:CPU shares: ' \ '-d[Detached mode: leave the container running in the background]' \ - '*-dns=[Set custom dns servers]:dns server: ' \ + '*--dns=[Set custom dns servers]:dns server: ' \ '*-e=[Set environment variables]:environment variable: ' \ - '-entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \ + '--entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \ '-h=-[Container host name]:hostname:_hosts' \ '-i[Keep stdin open even if not attached]' \ '-m=-[Memory limit (in bytes)]:limit: ' \ @@ -199,7 +199,7 @@ __docker_subcommand () { '-t=-[Allocate a pseudo-tty]:toggle:(true false)' \ '-u=-[Username or UID]:user:_users' \ '*-v=-[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\ - '-volumes-from=-[Mount volumes from the specified container]:volume: ' \ + '--volumes-from=-[Mount volumes from the specified container]:volume: ' \ '(-):images:__docker_images' \ '(-):command: _command_names -e' \ '*::arguments: _normal' diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 67c8b06189..a6ae75076b 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -26,22 +26,21 @@ To list available commands, either run ``docker`` with no parameters or execute :: Usage of docker: - -D=false: Enable debug mode - -H=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind or unix://[/path/to/socket] to use. When host=[0.0.0.0], port=[4243] or path=[/var/run/docker.sock] is omitted, default values are used. - -api-enable-cors=false: Enable CORS headers in the remote API - -b="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking - -bip="": Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of -b - -d=false: Enable daemon mode - -dns="": Force docker to use specific DNS servers - -g="/var/lib/docker": Path to use as the root of the docker runtime - -icc=true: Enable inter-container communication - -ip="0.0.0.0": Default IP address to use when binding container ports - -iptables=true: Disable docker's addition of iptables rules - -mtu=1500: Set the containers network mtu - -p="/var/run/docker.pid": Path to use for daemon PID file - -r=true: Restart previously running containers - -s="": Force the docker runtime to use a specific storage driver - -v=false: Print version information and quit + -D, --debug=false: Enable debug mode + -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise + --api-enable-cors=false: Enable CORS headers in the remote API + -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking + --bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b + -d, --daemon=false: Enable daemon mode + --dns=[]: Force docker to use specific DNS servers + -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime + --icc=true: Enable inter-container communication + --ip="0.0.0.0": Default IP address to use when binding container ports + --iptables=true: Disable docker's addition of iptables rules + -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file + -r, --restart=true: Restart previously running containers + -s, --storage-driver="": Force the docker runtime to use a specific storage driver + -v, --version=false: Print version information and quit The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the ``-d`` flag. @@ -75,8 +74,8 @@ the ``-H`` flag for the client. Attach to a running container. - -nostdin=false: Do not attach stdin - -sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + --no-stdin=false: Do not attach stdin + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) You can detach from the container again (and leave it running) with ``CTRL-c`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of @@ -135,11 +134,11 @@ Examples: Usage: docker build [OPTIONS] PATH | URL | - Build a new container image from the source code at PATH - -t="": Repository name (and optionally a tag) to be applied + -t, --time="": Repository name (and optionally a tag) to be applied to the resulting image in case of success. - -q=false: Suppress verbose build output. - -no-cache: Do not use the cache when building the image. - -rm: Remove intermediate containers after a successful build + -q, --quiet=false: Suppress verbose build output. + --no-cache: Do not use the cache when building the image. + --rm: Remove intermediate containers after a successful build The files at ``PATH`` or ``URL`` are called the "context" of the build. The build process may refer to any of the files in the context, for example when @@ -233,9 +232,9 @@ by using the ``git://`` schema. Create a new image from a container's changes - -m="": Commit message - -author="": Author (eg. "John Hannibal Smith " - -run="": Configuration to be applied when the image is launched with `docker run`. + -m, --message="": Commit message + -a, --author="": Author (eg. "John Hannibal Smith " + --run="": Configuration to be applied when the image is launched with `docker run`. (ex: -run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}') .. _cli_commit_examples: @@ -279,7 +278,7 @@ run ``ls /etc``. Full -run example ................. -The ``-run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` +The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` or ``config`` when running ``docker inspect IMAGEID``. (Multiline is okay within a single quote ``'``) @@ -379,7 +378,7 @@ For example: Get real time events from the server - -since="": Show previously created events and then stream. + --since="": Show previously created events and then stream. (either seconds since epoch, or date string as below) .. _cli_events_example: @@ -459,8 +458,8 @@ For example: Show the history of an image - -notrunc=false: Don't truncate output - -q=false: only show numeric IDs + --no-trunc=false: Don't truncate output + -q, --quiet=false: only show numeric IDs To see how the ``docker:latest`` image was built: @@ -507,11 +506,11 @@ To see how the ``docker:latest`` image was built: List images - -a=false: show all images (by default filter out the intermediate images used to build) - -notrunc=false: Don't truncate output - -q=false: only show numeric IDs - -tree=false: output graph in tree format - -viz=false: output graph in graphviz format + -a, --all=false: show all images (by default filter out the intermediate images used to build) + --no-trunc=false: Don't truncate output + -q, --quiet=false: only show numeric IDs + --tree=false: output graph in tree format + --viz=false: output graph in graphviz format Listing the most recently created images ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -535,7 +534,7 @@ Listing the full length image IDs .. code-block:: bash - $ sudo docker images -notrunc | head + $ sudo docker images --no-trunc | head REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB @@ -552,7 +551,7 @@ Displaying images visually .. code-block:: bash - $ sudo docker images -viz | dot -Tpng -o docker.png + $ sudo docker images --viz | dot -Tpng -o docker.png .. image:: docker_images.gif :alt: Example inheritance graph of Docker images. @@ -563,7 +562,7 @@ Displaying image hierarchy .. code-block:: bash - $ sudo docker images -tree + $ sudo docker images --tree ├─8dbd9e392a96 Size: 131.5 MB (virtual 131.5 MB) Tags: ubuntu:12.04,ubuntu:latest,ubuntu:precise └─27cf78414709 Size: 180.1 MB (virtual 180.1 MB) @@ -702,7 +701,7 @@ Insert file from GitHub Return low-level information on a container/image - -format="": Format the output using the given go template. + -f, --format="": Format the output using the given go template. By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. @@ -721,7 +720,7 @@ fairly straightforward manner. .. code-block:: bash - $ sudo docker inspect -format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID + $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID List All Port Bindings ...................... @@ -790,9 +789,9 @@ Known Issues (kill) Register or Login to the docker registry server - -e="": email - -p="": password - -u="": username + -e, --email="": email + -p, --password="": password + -u, --username="": username If you want to login to a private registry you can specify this by adding the server name. @@ -812,12 +811,14 @@ Known Issues (kill) Fetch the logs of a container + -f, --follow=false: Follow log output + The ``docker logs`` command is a convenience which batch-retrieves whatever logs are present at the time of execution. This does not guarantee execution order when combined with a ``docker run`` (i.e. your run may not have generated any logs at the time you execute ``docker logs``). -The ``docker logs -f`` command combines ``docker logs`` and ``docker attach``: +The ``docker logs --follow`` command combines ``docker logs`` and ``docker attach``: it will first return all logs from the beginning and then continue streaming new output from the container's stdout and stderr. @@ -845,9 +846,9 @@ new output from the container's stdout and stderr. List containers - -a=false: Show all containers. Only running containers are shown by default. - -notrunc=false: Don't truncate output - -q=false: Only display numeric IDs + -a, --all=false: Show all containers. Only running containers are shown by default. + --no-trunc=false: Don't truncate output + -q, --quiet=false: Only display numeric IDs Running ``docker ps`` showing 2 linked containers. @@ -903,7 +904,7 @@ Running ``docker ps`` showing 2 linked containers. Usage: docker rm [OPTIONS] CONTAINER Remove one or more containers - -link="": Remove the link instead of the actual container + --link="": Remove the link instead of the actual container Known Issues (rm) ~~~~~~~~~~~~~~~~~ @@ -926,7 +927,7 @@ This will remove the container referenced under the link ``/redis``. .. code-block:: bash - $ sudo docker rm -link /webapp/redis + $ sudo docker rm --link /webapp/redis /webapp/redis @@ -996,31 +997,31 @@ image is removed. Run a command in a new container - -a=map[]: Attach to stdin, stdout or stderr - -c=0: CPU shares (relative weight) - -cidfile="": Write the container ID to the file - -d=false: Detached mode: Run container in the background, print new container id - -e=[]: Set environment variables - -h="": Container host name - -i=false: Keep stdin open even if not attached - -privileged=false: Give extended privileges to this container - -m="": Memory limit (format: , where unit = b, k, m or g) - -n=true: Enable networking for this container - -p=[]: Map a network port to the container - -rm=false: Automatically remove the container when it exits (incompatible with -d) - -t=false: Allocate a pseudo-tty - -u="": Username or UID - -dns=[]: Set custom dns servers for the container - -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "container-dir" is missing, then docker creates a new volume. - -volumes-from="": Mount all volumes from the given container(s) - -entrypoint="": Overwrite the default entrypoint set by the image - -w="": Working directory inside the container - -lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -expose=[]: Expose a port from the container without publishing it to your host - -link="": Add link to another container (name:alias) - -name="": Assign the specified name to the container. If no name is specific docker will generate a random name - -P=false: Publish all exposed ports to the host interfaces + -a, --attach=map[]: Attach to stdin, stdout or stderr + -c, --cpu-shares=0: CPU shares (relative weight) + --cidfile="": Write the container ID to the file + -d, --detach=false: Detached mode: Run container in the background, print new container id + -e, --env=[]: Set environment variables + -h, --host="": Container host name + -i, --interactive=false: Keep stdin open even if not attached + --privileged=false: Give extended privileges to this container + -m, --memory="": Memory limit (format: , where unit = b, k, m or g) + -n, --networking=true: Enable networking for this container + -p, --publish=[]: Map a network port to the container + --rm=false: Automatically remove the container when it exits (incompatible with -d) + -t, --tty=false: Allocate a pseudo-tty + -u, --username="": Username or UID + --dns=[]: Set custom dns servers for the container + -v, --volume=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "container-dir" is missing, then docker creates a new volume. + --volumes-from="": Mount all volumes from the given container(s) + --entrypoint="": Overwrite the default entrypoint set by the image + -w, --workdir="": Working directory inside the container + --lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + --expose=[]: Expose a port from the container without publishing it to your host + --link="": Add link to another container (name:alias) + --name="": Assign the specified name to the container. If no name is specific docker will generate a random name + -P, --publish-all=false: Publish all exposed ports to the host interfaces The ``docker run`` command first ``creates`` a writeable container layer over the specified image, and then ``starts`` it using the specified command. That @@ -1042,7 +1043,7 @@ Examples: .. code-block:: bash - $ sudo docker run -cidfile /tmp/docker_test.cid ubuntu echo "test" + $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" This will create a container and print ``test`` to the console. The ``cidfile`` flag makes Docker attempt to create a new file and write the @@ -1051,7 +1052,7 @@ error. Docker will close this file when ``docker run`` exits. .. code-block:: bash - $ sudo docker run -t -i -rm ubuntu bash + $ sudo docker run -t -i --rm ubuntu bash root@bc338942ef20:/# mount -t tmpfs none /mnt mount: permission denied @@ -1063,7 +1064,7 @@ allow it to run: .. code-block:: bash - $ sudo docker run -privileged ubuntu bash + $ sudo docker run --privileged ubuntu bash root@50e3f57e16e6:/# mount -t tmpfs none /mnt root@50e3f57e16e6:/# df -h Filesystem Size Used Avail Use% Mounted on @@ -1104,7 +1105,7 @@ in Docker. .. code-block:: bash - $ sudo docker run -expose 80 ubuntu bash + $ sudo docker run --expose 80 ubuntu bash This exposes port ``80`` of the container for use within a link without publishing the port to the host system's interfaces. :ref:`port_redirection` @@ -1112,28 +1113,28 @@ explains in detail how to manipulate ports in Docker. .. code-block:: bash - $ sudo docker run -name console -t -i ubuntu bash + $ sudo docker run --name console -t -i ubuntu bash This will create and run a new container with the container name being ``console``. .. code-block:: bash - $ sudo docker run -link /redis:redis -name console ubuntu bash + $ sudo docker run --link /redis:redis --name console ubuntu bash -The ``-link`` flag will link the container named ``/redis`` into the +The ``--link`` flag will link the container named ``/redis`` into the newly created container with the alias ``redis``. The new container can access the network and environment of the redis container via -environment variables. The ``-name`` flag will assign the name ``console`` +environment variables. The ``--name`` flag will assign the name ``console`` to the newly created container. .. code-block:: bash - $ sudo docker run -volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd + $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd -The ``-volumes-from`` flag mounts all the defined volumes from the +The ``--volumes-from`` flag mounts all the defined volumes from the referenced containers. Containers can be specified by a comma seperated -list or by repetitions of the ``-volumes-from`` argument. The container +list or by repetitions of the ``--volumes-from`` argument. The container ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted in the same mode (read write or read only) as the reference container. @@ -1143,11 +1144,11 @@ A complete example .. code-block:: bash - $ sudo docker run -d -name static static-web-files sh - $ sudo docker run -d -expose=8098 -name riak riakserver - $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro -name app appserver - $ sudo docker run -d -p 1443:443 -dns=dns.dev.org -v /var/log/httpd -volumes-from static -link riak -link app -h www.sven.dev.org -name web webserver - $ sudo docker run -t -i -rm -volumes-from web -w /var/log/httpd busybox tail -f access.log + $ sudo docker run -d --name static static-web-files sh + $ sudo docker run -d --expose=8098 --name riak riakserver + $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver + $ sudo docker run -d -p 1443:443 --dns=dns.dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver + $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log This example shows 5 containers that might be set up to test a web application change: @@ -1181,9 +1182,9 @@ This example shows 5 containers that might be set up to test a web application c Search the docker index for images - -notrunc=false: Don't truncate output - -stars=0: Only displays with at least xxx stars - -trusted=false: Only show trusted builds + --no-trunc=false: Don't truncate output + -s, --stars=0: Only displays with at least xxx stars + -t, --trusted=false: Only show trusted builds .. _cli_start: @@ -1196,8 +1197,8 @@ This example shows 5 containers that might be set up to test a web application c Start a stopped container - -a=false: Attach container's stdout/stderr and forward all signals to the process - -i=false: Attach container's stdin + -a, --attach=false: Attach container's stdout/stderr and forward all signals to the process + -i, --interactive=false: Attach container's stdin .. _cli_stop: @@ -1210,7 +1211,7 @@ This example shows 5 containers that might be set up to test a web application c Stop a running container (Send SIGTERM, and then SIGKILL after grace period) - -t=10: Number of seconds to wait for the container to stop before killing it. + -t, --time=10: Number of seconds to wait for the container to stop before killing it. The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL @@ -1225,7 +1226,7 @@ The main process inside the container will receive SIGTERM, and after a grace pe Tag an image into a repository - -f=false: Force + -f, --force=false: Force .. _cli_top: From 3ca9415d56015c30bd7312c5f0986c6f4fac0016 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Sat, 11 Jan 2014 01:00:03 -0700 Subject: [PATCH 0028/2538] Resync bash completion to include all flags defined in the code, and to autocomplete properly on all parameters that are reasonably possible to do so on today This also includes several new minor features that are interesting, so do explore a little. :) Finally, this also fixes a few bugs where commands would complete parameters that they won't necessarily accept. We still have a few of these cases, but they're reduced to a minimum now. Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- contrib/completion/bash/docker | 417 ++++++++++++++++++++++----------- 1 file changed, 279 insertions(+), 138 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4ebe45e083..f38962cf7e 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -23,62 +23,82 @@ __docker_containers_all() { - local containers - containers="$( docker ps -a -q )" - names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" + local containers="$( docker ps -a -q )" + local names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_containers_running() { - local containers - containers="$( docker ps -q )" - names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" + local containers="$( docker ps -q )" + local names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_containers_stopped() { - local containers - containers="$( comm -13 <(docker ps -q | sort -u) <(docker ps -a -q | sort -u) )" - names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" + local containers="$( { docker ps -a -q; docker ps -q; } | sort | uniq -u )" + local names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_image_repos() { - local repos - repos="$( docker images | awk 'NR>1{print $1}' )" + local repos="$( docker images | awk 'NR>1{print $1}' | grep -v '^$' )" COMPREPLY=( $( compgen -W "$repos" -- "$cur" ) ) } -__docker_images() -{ - local images - images="$( docker images | awk 'NR>1{print $1":"$2}' )" - COMPREPLY=( $( compgen -W "$images" -- "$cur" ) ) - __ltrim_colon_completions "$cur" -} - __docker_image_repos_and_tags() { - local repos images - repos="$( docker images | awk 'NR>1{print $1}' )" - images="$( docker images | awk 'NR>1{print $1":"$2}' )" + local repos="$( docker images | awk 'NR>1{print $1}' | grep -v '^$' )" + local images="$( docker images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" COMPREPLY=( $( compgen -W "$repos $images" -- "$cur" ) ) __ltrim_colon_completions "$cur" } +__docker_image_repos_and_tags_and_ids() +{ + local repos="$( docker images | awk 'NR>1{print $1}' | grep -v '^$' )" + local images="$( docker images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" + local ids="$( docker images -a -q )" + COMPREPLY=( $( compgen -W "$repos $images $ids" -- "$cur" ) ) + __ltrim_colon_completions "$cur" +} + __docker_containers_and_images() { - local containers images - containers="$( docker ps -a -q )" - names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" - images="$( docker images | awk 'NR>1{print $1":"$2}' )" - COMPREPLY=( $( compgen -W "$images $names $containers" -- "$cur" ) ) + local containers="$( docker ps -a -q )" + local names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" + local repos="$( docker images | awk 'NR>1{print $1}' | grep -v '^$' )" + local images="$( docker images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" + local ids="$( docker images -a -q )" + COMPREPLY=( $( compgen -W "$containers $names $repos $images $ids" -- "$cur" ) ) __ltrim_colon_completions "$cur" } +__docker_pos_first_nonflag() +{ + local argument_flags=$1 + + local counter=$cpos + while [ $counter -le $cword ]; do + if [ -n "$argument_flags" ] && eval "case '${words[$counter]}' in $argument_flags) true ;; *) false ;; esac"; then + (( counter++ )) + else + case "${words[$counter]}" in + -*) + ;; + *) + break + ;; + esac + fi + (( counter++ )) + done + + echo $counter +} + _docker_docker() { case "$prev" in @@ -101,15 +121,24 @@ _docker_docker() _docker_attach() { - if [ $cpos -eq $cword ]; then - __docker_containers_running - fi + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--no-stdin --sig-proxy" -- "$cur" ) ) + ;; + *) + local counter="$(__docker_pos_first_nonflag)" + if [ $cword -eq $counter ]; then + __docker_containers_running + fi + ;; + esac } _docker_build() { case "$prev" in - -t) + -t|--tag) + __docker_image_repos_and_tags return ;; *) @@ -118,10 +147,13 @@ _docker_build() case "$cur" in -*) - COMPREPLY=( $( compgen -W "--no-cache -t -q --rm" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-t --tag -q --quiet --no-cache --rm" -- "$cur" ) ) ;; *) - _filedir + local counter="$(__docker_pos_first_nonflag '-t|--tag')" + if [ $cword -eq $counter ]; then + _filedir + fi ;; esac } @@ -129,7 +161,7 @@ _docker_build() _docker_commit() { case "$prev" in - -author|-m|-run) + -m|--message|-a|--author|--run) return ;; *) @@ -138,26 +170,20 @@ _docker_commit() case "$cur" in -*) - COMPREPLY=( $( compgen -W "--author -m --run" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-m --message -a --author --run" -- "$cur" ) ) ;; *) - local counter=$cpos - while [ $counter -le $cword ]; do - case "${words[$counter]}" in - -author|-m|-run) - (( counter++ )) - ;; - -*) - ;; - *) - break - ;; - esac - (( counter++ )) - done + local counter=$(__docker_pos_first_nonflag '-m|--message|-a|--author|--run') - if [ $counter -eq $cword ]; then + if [ $cword -eq $counter ]; then __docker_containers_all + return + fi + (( counter++ )) + + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags + return fi ;; esac @@ -165,16 +191,32 @@ _docker_commit() _docker_cp() { - if [ $cpos -eq $cword ]; then - __docker_containers_all - else + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + case "$cur" in + *:) + return + ;; + *) + __docker_containers_all + COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) + compopt -o nospace + return + ;; + esac + fi + (( counter++ )) + + if [ $cword -eq $counter ]; then _filedir + return fi } _docker_diff() { - if [ $cpos -eq $cword ]; then + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then __docker_containers_all fi } @@ -182,7 +224,7 @@ _docker_diff() _docker_events() { case "$prev" in - -since) + --since) return ;; *) @@ -200,45 +242,44 @@ _docker_events() _docker_export() { - if [ $cpos -eq $cword ]; then + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then __docker_containers_all fi } _docker_help() { - if [ $cpos -eq $cword ]; then + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then COMPREPLY=( $( compgen -W "$commands" -- "$cur" ) ) fi } _docker_history() { - if [ $cpos -eq $cword ]; then - __docker_image_repos_and_tags - fi + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-q --quiet --no-trunc" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags_and_ids + fi + ;; + esac } _docker_images() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-a --no-trunc -q --viz" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-q --quiet -a --all --no-trunc -v --viz -t --tree" -- "$cur" ) ) ;; *) - local counter=$cpos - while [ $counter -le $cword ]; do - case "${words[$counter]}" in - -*) - ;; - *) - break - ;; - esac - (( counter++ )) - done - - if [ $counter -eq $cword ]; then + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then __docker_image_repos fi ;; @@ -247,7 +288,16 @@ _docker_images() _docker_import() { - return + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + return + fi + (( counter++ )) + + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags + return + fi } _docker_info() @@ -257,25 +307,16 @@ _docker_info() _docker_insert() { - if [ $cpos -eq $cword ]; then - __docker_image_repos_and_tags + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags_and_ids fi } _docker_inspect() -{ - __docker_containers_and_images -} - -_docker_kill() -{ - __docker_containers_running -} - -_docker_login() { case "$prev" in - -e|-p|-u) + -f|--format) return ;; *) @@ -284,7 +325,37 @@ _docker_login() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-e -p -u" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-f --format" -- "$cur" ) ) + ;; + *) + __docker_containers_and_images + ;; + esac +} + +_docker_kill() +{ + __docker_containers_running +} + +_docker_load() +{ + return +} + +_docker_login() +{ + case "$prev" in + -u|--username|-p|--password|-e|--email) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-u --username -p --password -e --email" -- "$cur" ) ) ;; *) ;; @@ -293,14 +364,23 @@ _docker_login() _docker_logs() { - if [ $cpos -eq $cword ]; then - __docker_containers_all - fi + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-f --follow" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_all + fi + ;; + esac } _docker_port() { - if [ $cpos -eq $cword ]; then + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then __docker_containers_all fi } @@ -308,7 +388,13 @@ _docker_port() _docker_ps() { case "$prev" in - -before-id|-n|-since-id) + --since-id|--before-id) + COMPREPLY=( $( compgen -W "$(docker ps -a -q)" -- "$cur" ) ) + # TODO replace this with __docker_containers_all + # see https://github.com/dotcloud/docker/issues/3565 + return + ;; + -n) return ;; *) @@ -317,7 +403,7 @@ _docker_ps() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-a --before-id -l -n --no-trunc -q -s --since-id" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-q --quiet -s --size -a --all --no-trunc -l --latest --since-id --before-id -n" -- "$cur" ) ) ;; *) ;; @@ -327,7 +413,7 @@ _docker_ps() _docker_pull() { case "$prev" in - -t) + -t|--tag) return ;; *) @@ -336,22 +422,31 @@ _docker_pull() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-t --tag" -- "$cur" ) ) ;; *) + local counter=$(__docker_pos_first_nonflag '-t|--tag') + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags + fi ;; esac } _docker_push() { - __docker_image_repos + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_image_repos + # TODO replace this with __docker_image_repos_and_tags + # see https://github.com/dotcloud/docker/issues/3411 + fi } _docker_restart() { case "$prev" in - -t) + -t|--time) return ;; *) @@ -360,7 +455,7 @@ _docker_restart() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-t --time" -- "$cur" ) ) ;; *) __docker_containers_all @@ -372,7 +467,7 @@ _docker_rm() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-v" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-v --volumes -l --link" -- "$cur" ) ) ;; *) __docker_containers_stopped @@ -382,7 +477,7 @@ _docker_rm() _docker_rmi() { - __docker_image_repos_and_tags + __docker_image_repos_and_tags_and_ids } _docker_run() @@ -394,7 +489,15 @@ _docker_run() --volumes-from) __docker_containers_all ;; - -a|-c|--dns|-e|--entrypoint|-h|--lxc-conf|-m|-p|-u|-v|-w) + -v|--volume) + # TODO something magical with colons and _filedir ? + return + ;; + -e|--env) + COMPREPLY=( $( compgen -e -- "$cur" ) ) + return + ;; + --entrypoint|-h|--hostname|-m|--memory|-u|--username|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf) return ;; *) @@ -403,45 +506,30 @@ _docker_run() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-a -c --cidfile -d --dns -e --entrypoint -h -i --lxc-conf -m -n -p --privileged -t -u -v --volumes-from -w" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --username -w --workdir -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) ;; *) - local counter=$cpos - while [ $counter -le $cword ]; do - case "${words[$counter]}" in - -a|-c|--cidfile|--dns|-e|--entrypoint|-h|--lxc-conf|-m|-p|-u|-v|--volumes-from|-w) - (( counter++ )) - ;; - -*) - ;; - *) - break - ;; - esac - (( counter++ )) - done + local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--username|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') - if [ $counter -eq $cword ]; then - __docker_image_repos_and_tags + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags_and_ids fi ;; esac } +_docker_save() +{ + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags_and_ids + fi +} + _docker_search() -{ - COMPREPLY=( $( compgen -W "--no-trunc" "--stars" "--trusted" -- "$cur" ) ) -} - -_docker_start() -{ - __docker_containers_stopped -} - -_docker_stop() { case "$prev" in - -t) + -s|--stars) return ;; *) @@ -450,7 +538,38 @@ _docker_stop() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--no-trunc -t --trusted -s --stars" -- "$cur" ) ) + ;; + *) + ;; + esac +} + +_docker_start() +{ + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-a --attach -i --interactive" -- "$cur" ) ) + ;; + *) + __docker_containers_stopped + ;; + esac +} + +_docker_stop() +{ + case "$prev" in + -t|--time) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-t --time" -- "$cur" ) ) ;; *) __docker_containers_running @@ -460,12 +579,31 @@ _docker_stop() _docker_tag() { - COMPREPLY=( $( compgen -W "-f" -- "$cur" ) ) + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-f --force" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags + return + fi + (( counter++ )) + + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags + return + fi + ;; + esac } _docker_top() { - if [ $cpos -eq $cword ]; then + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then __docker_containers_running fi } @@ -482,7 +620,6 @@ _docker_wait() _docker() { - local cur prev words cword command="docker" counter=1 word cpos local commands=" attach build @@ -498,6 +635,7 @@ _docker() insert inspect kill + load login logs port @@ -508,6 +646,7 @@ _docker() rm rmi run + save search start stop @@ -518,18 +657,20 @@ _docker() " COMPREPLY=() + local cur prev words cword _get_comp_words_by_ref -n : cur prev words cword + local command='docker' + local counter=1 while [ $counter -lt $cword ]; do - word="${words[$counter]}" - case "$word" in + case "${words[$counter]}" in -H) (( counter++ )) ;; -*) ;; *) - command="$word" + command="${words[$counter]}" cpos=$counter (( cpos++ )) break From d24c5c599d418a19b4fb0316857602b44b18211f Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 13 Jan 2014 13:16:12 -0700 Subject: [PATCH 0029/2538] Switch `docker run --username` to `docker run --user` which is more accurate (while we can still do so without breaking anyone's scripts) Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- contrib/completion/bash/docker | 6 +++--- docs/sources/reference/commandline/cli.rst | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f38962cf7e..fb1786c335 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -497,7 +497,7 @@ _docker_run() COMPREPLY=( $( compgen -e -- "$cur" ) ) return ;; - --entrypoint|-h|--hostname|-m|--memory|-u|--username|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf) + --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf) return ;; *) @@ -506,10 +506,10 @@ _docker_run() case "$cur" in -*) - COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --username -w --workdir -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--username|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') + local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index a6ae75076b..b8cf35cbe1 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1010,7 +1010,7 @@ image is removed. -p, --publish=[]: Map a network port to the container --rm=false: Automatically remove the container when it exits (incompatible with -d) -t, --tty=false: Allocate a pseudo-tty - -u, --username="": Username or UID + -u, --user="": Username or UID --dns=[]: Set custom dns servers for the container -v, --volume=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "container-dir" is missing, then docker creates a new volume. --volumes-from="": Mount all volumes from the given container(s) From 4e48cc274eb4f4fe874a8c17932ff4c4c642f9fd Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 15 Jan 2014 14:59:55 +1000 Subject: [PATCH 0030/2538] add a little info about ghosts Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index b8cf35cbe1..f6318326e2 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -857,7 +857,10 @@ Running ``docker ps`` showing 2 linked containers. $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + fd2645e2e2b5 busybox:latest top 10 days ago Ghost insane_ptolemy + +The last container is marked as a ``Ghost`` container. It is a container that was running when the docker daemon was restarted (upgraded, or ``-H`` settings changed). The container is still running, but as this docker daemon process is not able to manage it, you can't attach to it. To bring them out of ``Ghost`` Status, you need to use ``docker kill`` or ``docker restart``. .. _cli_pull: From 632263387f10b8cb1503460b0207cb8286aa4ba4 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 20 Jan 2014 01:26:01 -0700 Subject: [PATCH 0031/2538] Update bash completion to ignore stderr output of docker binary Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- contrib/completion/bash/docker | 40 +++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index fb1786c335..1449330986 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -21,57 +21,61 @@ # If the docker daemon is using a unix socket for communication your user # must have access to the socket for the completions to function correctly +__docker_q() { + docker 2>/dev/null "$@" +} + __docker_containers_all() { - local containers="$( docker ps -a -q )" - local names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" + local containers="$( __docker_q ps -a -q )" + local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_containers_running() { - local containers="$( docker ps -q )" - local names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" + local containers="$( __docker_q ps -q )" + local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_containers_stopped() { - local containers="$( { docker ps -a -q; docker ps -q; } | sort | uniq -u )" - local names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" + local containers="$( { __docker_q ps -a -q; __docker_q ps -q; } | sort | uniq -u )" + local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } __docker_image_repos() { - local repos="$( docker images | awk 'NR>1{print $1}' | grep -v '^$' )" + local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^$' )" COMPREPLY=( $( compgen -W "$repos" -- "$cur" ) ) } __docker_image_repos_and_tags() { - local repos="$( docker images | awk 'NR>1{print $1}' | grep -v '^$' )" - local images="$( docker images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" + local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^$' )" + local images="$( __docker_q images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" COMPREPLY=( $( compgen -W "$repos $images" -- "$cur" ) ) __ltrim_colon_completions "$cur" } __docker_image_repos_and_tags_and_ids() { - local repos="$( docker images | awk 'NR>1{print $1}' | grep -v '^$' )" - local images="$( docker images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" - local ids="$( docker images -a -q )" + local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^$' )" + local images="$( __docker_q images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" + local ids="$( __docker_q images -a -q )" COMPREPLY=( $( compgen -W "$repos $images $ids" -- "$cur" ) ) __ltrim_colon_completions "$cur" } __docker_containers_and_images() { - local containers="$( docker ps -a -q )" - local names="$( docker inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" - local repos="$( docker images | awk 'NR>1{print $1}' | grep -v '^$' )" - local images="$( docker images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" - local ids="$( docker images -a -q )" + local containers="$( __docker_q ps -a -q )" + local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" + local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^$' )" + local images="$( __docker_q images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" + local ids="$( __docker_q images -a -q )" COMPREPLY=( $( compgen -W "$containers $names $repos $images $ids" -- "$cur" ) ) __ltrim_colon_completions "$cur" } @@ -389,7 +393,7 @@ _docker_ps() { case "$prev" in --since-id|--before-id) - COMPREPLY=( $( compgen -W "$(docker ps -a -q)" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$( __docker_q ps -a -q )" -- "$cur" ) ) # TODO replace this with __docker_containers_all # see https://github.com/dotcloud/docker/issues/3565 return From f0d44c8bc1fd4e120a185dc22a51995f61dee637 Mon Sep 17 00:00:00 2001 From: Maxime Petazzoni Date: Fri, 6 Dec 2013 10:43:54 -0800 Subject: [PATCH 0032/2538] Documentation about automatic bind-mount dir creation Docker-DCO-1.1-Signed-off-by: Maxime Petazzoni (github: mpetazzoni) --- docs/sources/reference/commandline/cli.rst | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index f6318326e2..c00a97d5c4 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1100,7 +1100,16 @@ using the container, but inside the current working directory. .. code-block:: bash - $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash + $ sudo docker run -v /dont/exist:/foo -w /foo -i -t ubuntu bash + +When the host directory of a bind-mounted volume doesn't exist, Docker +will automatically create this directory on the host for you. In the +example above, Docker will create the ``/dont/exist`` folder before +starting your container. + +.. code-block:: bash + + $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash This binds port ``8080`` of the container to port ``80`` on ``127.0.0.1`` of the host machine. :ref:`port_redirection` explains in detail how to manipulate ports From 9a20d94d9764657e1aa742e53cd338dd6f4ec1f8 Mon Sep 17 00:00:00 2001 From: Paul Lietar Date: Wed, 22 Jan 2014 04:42:36 +0000 Subject: [PATCH 0033/2538] Add a --signal option to the kill command to specify a signal. Docker-DCO-1.1-Signed-off-by: Paul Lietar (github: plietar) --- docs/sources/reference/commandline/cli.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index c00a97d5c4..1d8fa32a2f 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -754,11 +754,13 @@ we ask for the ``HostPort`` field to get the public address. :: - Usage: docker kill CONTAINER [CONTAINER...] + Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - Kill a running container (Send SIGKILL) + Kill a running container (send SIGKILL, or specified signal) -The main process inside the container will be sent SIGKILL. + -s, --signal="KILL": Signal to send to the container + +The main process inside the container will be sent SIGKILL, or any signal specified with option ``--signal``. Known Issues (kill) ~~~~~~~~~~~~~~~~~~~ From 5bfb9bf093d871c8320442f34973790ae99d3434 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 22 Jan 2014 14:12:01 +1000 Subject: [PATCH 0034/2538] change the documentation only - It looks like we have a number of cmdline params to completely update from the code version Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 1d8fa32a2f..e71b691bcc 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1017,7 +1017,7 @@ image is removed. -t, --tty=false: Allocate a pseudo-tty -u, --user="": Username or UID --dns=[]: Set custom dns servers for the container - -v, --volume=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "container-dir" is missing, then docker creates a new volume. + -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. --volumes-from="": Mount all volumes from the given container(s) --entrypoint="": Overwrite the default entrypoint set by the image -w, --workdir="": Working directory inside the container @@ -1102,13 +1102,21 @@ using the container, but inside the current working directory. .. code-block:: bash - $ sudo docker run -v /dont/exist:/foo -w /foo -i -t ubuntu bash + $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash When the host directory of a bind-mounted volume doesn't exist, Docker will automatically create this directory on the host for you. In the -example above, Docker will create the ``/dont/exist`` folder before +example above, Docker will create the ``/doesnt/exist`` folder before starting your container. +.. code-block:: bash + + $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh + +By bind-mounting the docker unix socket and statically linked docker binary +(such as that provided by https://get.docker.io), you give the container +the full access to create and manipulate the host's docker daemon. + .. code-block:: bash $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash From c0468283923363855efe7297deac70bb6a6f82a3 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 23 Jan 2014 14:00:16 +1000 Subject: [PATCH 0035/2538] talk about the new exec form of RUN (Closes #3723) implemented by #3558 Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.rst | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index e61db62689..45cb2ab86e 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -147,17 +147,23 @@ the generated images. 3.3 RUN ------- - ``RUN `` +RUN has 2 forms: -The ``RUN`` instruction will execute any commands on the current image -and commit the results. The resulting committed image will be used for -the next step in the Dockerfile. +* ``RUN `` (the command is run in a shell - ``/bin/sh -c``) +* ``RUN ["executable", "param1", "param2"]`` (*exec* form) + +The ``RUN`` instruction will execute any commands in a new layer on top +of the current image and commit the results. The resulting committed image +will be used for the next step in the Dockerfile. Layering ``RUN`` instructions and generating commits conforms to the core concepts of Docker where commits are cheap and containers can be created from any point in an image's history, much like source control. +The *exec* form makes it possible to avoid shell string munging, and to ``RUN`` +commands using a base image that does not contain ``/bin/sh``. + Known Issues (RUN) .................. From a25ce61e87d6173acef7b132c381094eabe6dfb3 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Tue, 21 Jan 2014 12:47:27 -0800 Subject: [PATCH 0036/2538] fix(docs): fixup based on changes in master Docker-DCO-1.1-Signed-off-by: Brandon Philips (github: philips) --- docs/sources/reference/commandline/cli.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index e71b691bcc..a0b2115987 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -27,7 +27,7 @@ To list available commands, either run ``docker`` with no parameters or execute Usage of docker: -D, --debug=false: Enable debug mode - -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise + -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. --api-enable-cors=false: Enable CORS headers in the remote API -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking --bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b @@ -63,6 +63,8 @@ the ``-H`` flag for the client. # both are equal +To run the daemon with socket activation, use ``docker -d -H fd://*``. Individual sockets can also be specified ``docker -d -H fd://3``. + .. _cli_attach: ``attach`` From 8922f0314a851f654686d00b763dae302e37098f Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Tue, 10 Dec 2013 17:39:20 -0800 Subject: [PATCH 0037/2538] docs: improve the socket activation cli docs as suggested by SvenDowideit expand the docs to have more information on socket activation. Docker-DCO-1.1-Signed-off-by: Brandon Philips (github: philips) --- docs/sources/reference/commandline/cli.rst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index a0b2115987..a9fc9100a0 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -63,7 +63,10 @@ the ``-H`` flag for the client. # both are equal -To run the daemon with socket activation, use ``docker -d -H fd://*``. Individual sockets can also be specified ``docker -d -H fd://3``. +To run the daemon with `socket activation `, use ``docker -d -H fd://*``. +Using ``fd://*`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. +If the specified socket activated files aren't found then docker will exit. +You can find examples of using socket activation with docker and systemd in the `docker source tree `. .. _cli_attach: From 43cea0e97cf36211b62edd53c10b6b255aa71a38 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Wed, 18 Dec 2013 10:15:31 -0800 Subject: [PATCH 0038/2538] fix(docs): add Systemd in front of socket activation Suggested by SvenDowideit. Docker-DCO-1.1-Signed-off-by: Brandon Philips (github: philips) --- docs/sources/reference/commandline/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index a9fc9100a0..e9809156d5 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -63,10 +63,10 @@ the ``-H`` flag for the client. # both are equal -To run the daemon with `socket activation `, use ``docker -d -H fd://*``. +To run the daemon with `systemd socket activation `, use ``docker -d -H fd://*``. Using ``fd://*`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. If the specified socket activated files aren't found then docker will exit. -You can find examples of using socket activation with docker and systemd in the `docker source tree `. +You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `. .. _cli_attach: From 27a2933df493ec496c18639812f8bc9941f59798 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Fri, 3 Jan 2014 18:07:43 -0800 Subject: [PATCH 0039/2538] Allow fd:// like unix:// and tcp:// Somthing like 20605eb310f0b57bd06eea80ec63c5022fc83bde Docker-DCO-1.1-Signed-off-by: Brandon Philips (github: philips) --- docs/sources/reference/commandline/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index e9809156d5..739e93975d 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -63,8 +63,8 @@ the ``-H`` flag for the client. # both are equal -To run the daemon with `systemd socket activation `, use ``docker -d -H fd://*``. -Using ``fd://*`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. +To run the daemon with `systemd socket activation `, use ``docker -d -H fd://``. +Using ``fd://`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. If the specified socket activated files aren't found then docker will exit. You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `. From f9e5fa6aebeade526250e24b81987cb1682bdc77 Mon Sep 17 00:00:00 2001 From: Brandon Philips Date: Tue, 7 Jan 2014 16:10:32 -0800 Subject: [PATCH 0040/2538] fix(cli.rst): add missing underscores As suggested by @metalivedev Docker-DCO-1.1-Signed-off-by: Brandon Philips (github: philips) --- docs/sources/reference/commandline/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 739e93975d..3d215cc0b4 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -63,10 +63,10 @@ the ``-H`` flag for the client. # both are equal -To run the daemon with `systemd socket activation `, use ``docker -d -H fd://``. +To run the daemon with `systemd socket activation `_, use ``docker -d -H fd://``. Using ``fd://`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. If the specified socket activated files aren't found then docker will exit. -You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `. +You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `_. .. _cli_attach: From ef0eb78f581327cee5daebb5c3c84bbd46d9c264 Mon Sep 17 00:00:00 2001 From: Andy Rothfusz Date: Thu, 23 Jan 2014 18:59:00 -0800 Subject: [PATCH 0041/2538] Fix 2720 -- Expanded documentation for docker run. Docker-DCO-1.1-Signed-off-by: Andy Rothfusz (github: metalivedev) --- docs/sources/reference/builder.rst | 8 +- docs/sources/reference/commandline/cli.rst | 39 +++ docs/sources/reference/index.rst | 1 + docs/sources/reference/run.rst | 353 +++++++++++++++++++++ 4 files changed, 397 insertions(+), 4 deletions(-) create mode 100644 docs/sources/reference/run.rst diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 45cb2ab86e..9889660913 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -1,12 +1,12 @@ -:title: Build Images (Dockerfile Reference) +:title: Dockerfile Reference :description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image. :keywords: builder, docker, Dockerfile, automation, image creation .. _dockerbuilder: -=================================== -Build Images (Dockerfile Reference) -=================================== +==================== +Dockerfile Reference +==================== **Docker can act as a builder** and read instructions from a text ``Dockerfile`` to automate the steps you would otherwise take manually diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 3d215cc0b4..491688027f 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -18,6 +18,45 @@ To list available commands, either run ``docker`` with no parameters or execute ... +.. _cli_options: + +Types of Options +---------------- + +Boolean +~~~~~~~ + +Boolean options look like ``-d=false``. The value you see is the +default value which gets set if you do **not** use the boolean +flag. If you do call ``run -d``, that sets the opposite boolean value, +so in this case, ``true``, and so ``docker run -d`` **will** run in +"detached" mode, in the background. Other boolean options are similar +-- specifying them will set the value to the opposite of the default +value. + +Multi +~~~~~ + +Options like ``-a=[]`` indicate they can be specified multiple times:: + + docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash + +Sometimes this can use a more complex value string, as for ``-v``:: + + docker run -v /host:/container example/mysql + +Strings and Integers +~~~~~~~~~~~~~~~~~~~~ + +Options like ``-name=""`` expect a string, and they can only be +specified once. Options like ``-c=0`` expect an integer, and they can +only be specified once. + +---- + +Commands +-------- + .. _cli_daemon: ``daemon`` diff --git a/docs/sources/reference/index.rst b/docs/sources/reference/index.rst index 49099d5621..d35a19b93d 100644 --- a/docs/sources/reference/index.rst +++ b/docs/sources/reference/index.rst @@ -14,4 +14,5 @@ Contents: commandline/index builder + run api/index diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst new file mode 100644 index 0000000000..7505b7c02f --- /dev/null +++ b/docs/sources/reference/run.rst @@ -0,0 +1,353 @@ +:title: Docker Run Reference +:description: Configure containers at runtime +:keywords: docker, run, configure, runtime + +.. _run_docker: + +==================== +Docker Run Reference +==================== + +**Docker runs processes in isolated containers**. When an operator +executes ``docker run``, she starts a process with its own file +system, its own networking, and its own isolated process tree. The +:ref:`image_def` which starts the process may define defaults related +to the binary to run, the networking to expose, and more, but ``docker +run`` gives final control to the operator who starts the container +from the image. That's the main reason :ref:`cli_run` has more options +than any other ``docker`` command. + +Every one of the :ref:`example_list` shows running containers, and so +here we try to give more in-depth guidance. + +.. contents:: Table of Contents + +.. _run_running: + +General Form +============ + +As you've seen in the :ref:`example_list`, the basic `run` command +takes this form:: + + docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + +To learn how to interpret the types of ``[OPTIONS]``, see +:ref:`cli_options`. + +The list of ``[OPTIONS]`` breaks down into two groups: + +* options that define the runtime behavior or environment, and +* options that override image defaults. + +Since image defaults usually get set in :ref:`Dockerfiles +` (though they could also be set at :ref:`cli_commit` +time too), we will group the runtime options here by their related +Dockerfile commands so that it is easier to see how to override image +defaults and set new behavior. + +We'll start, though, with the options that are unique to ``docker +run``, the options which define the runtime behavior or the container +environment. + +.. note:: The runtime operator always has final control over the + behavior of a Docker container. + +Detached or Foreground +====================== + +When starting a Docker container, you must first decide if you want to +run the container in the background in a "detached" mode or in the +default foreground mode:: + + -d=false: Detached mode: Run container in the background, print new container id + +Detached (-d) +............. + +In detached mode (``-d=true`` or just ``-d``), all IO should be done +through network connections or shared volumes because the container is +no longer listening to the commandline where you executed ``docker +run``. You can reattach to a detached container with ``docker`` +:ref:`cli_attach`. If you choose to run a container in the detached +mode, then you cannot use the ``-rm`` option. + +Foreground +.......... + +In foreground mode (the default when ``-d`` is not specified), +``docker run`` can start the process in the container and attach the +console to the process's standard input, output, and standard +error. It can even pretend to be a TTY (this is what most commandline +executables expect) and pass along signals. All of that is +configurable:: + + -a=[] : Attach to stdin, stdout and/or stderr + -t=false : Allocate a pseudo-tty + -sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + -i=false : Keep stdin open even if not attached + +If you do not specify ``-a`` then Docker will `attach everything +(stdin,stdout,stderr) +`_. You +can specify which of the three standard streams (stdin, stdout, +stderr) you'd like to connect between your instead, as in:: + + docker run -a stdin -a stdout -i -t ubuntu /bin/bash + +For interactive processes (like a shell) you will typically want a tty +as well as persistent standard in, so you'll use ``-i -t`` together in +most interactive cases. + +Clean Up (-rm) +-------------- + +By default a container's file system persists even after the container +exits. This makes debugging a lot easier (since you can inspect the +final state) and you retain all your data by default. But if you are +running short-term **foreground** processes, these container file +systems can really pile up. If instead you'd like Docker to +**automatically clean up the container and remove the file system when +the container exits**, you can add the ``-rm`` flag:: + + -rm=false: Automatically remove the container when it exits (incompatible with -d) + +Name (-name) +============ + +The operator can identify a container in three ways: + +* UUID long identifier ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") +* UUID short identifier ("f78375b1c487") +* name ("evil_ptolemy") + +The UUID identifiers come from the Docker daemon, and if you do not +assign a name to the container with ``-name`` then the daemon will +also generate a random string name too. The name can become a handy +way to add meaning to a container since you can use this name when +defining :ref:`links ` (or any other place +you need to identify a container). This works for both background and +foreground Docker containers. + +PID Equivalent +============== + +And finally, to help with automation, you can have Docker write the +container id out to a file of your choosing. This is similar to how +some programs might write out their process ID to a file (you've seen +them as .pid files):: + + -cidfile="": Write the container ID to the file + +Overriding Dockerfile Image Defaults +==================================== + +When a developer builds an image from a :ref:`Dockerfile +` or when she commits it, the developer can set a +number of default parameters that take effect when the image starts up +as a container. + +Four of the Dockerfile commands cannot be overridden at runtime: +``FROM, MAINTAINER, RUN``, and ``ADD``. Everything else has a +corresponding override in ``docker run``. We'll go through what the +developer might have set in each Dockerfile instruction and how the +operator can override that setting. + + +CMD +... + +Remember the optional ``COMMAND`` in the Docker commandline:: + + docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + +This command is optional because the person who created the ``IMAGE`` +may have already provided a default ``COMMAND`` using the Dockerfile +``CMD``. As the operator (the person running a container from the +image), you can override that ``CMD`` just by specifying a new +``COMMAND``. + +If the image also specifies an ``ENTRYPOINT`` then the ``CMD`` or +``COMMAND`` get appended as arguments to the ``ENTRYPOINT``. + + +ENTRYPOINT +.......... + +:: + + -entrypoint="": Overwrite the default entrypoint set by the image + +The ENTRYPOINT of an image is similar to a COMMAND because it +specifies what executable to run when the container starts, but it is +(purposely) more difficult to override. The ENTRYPOINT gives a +container its default nature or behavior, so that when you set an +ENTRYPOINT you can run the container *as if it were that binary*, +complete with default options, and you can pass in more options via +the COMMAND. But, sometimes an operator may want to run something else +inside the container, so you can override the default ENTRYPOINT at +runtime by using a string to specify the new ENTRYPOINT. Here is an +example of how to run a shell in a container that has been set up to +automatically run something else (like ``/usr/bin/redis-server``):: + + docker run -i -t -entrypoint /bin/bash example/redis + +or two examples of how to pass more parameters to that ENTRYPOINT:: + + docker run -i -t -entrypoint /bin/bash example/redis -c ls -l + docker run -i -t -entrypoint /usr/bin/redis-cli example/redis --help + + +EXPOSE (``run`` Networking Options) +................................... + +The *Dockerfile* doesn't give much control over networking, only +providing the EXPOSE instruction to give a hint to the operator about +what incoming ports might provide services. At runtime, however, +Docker provides a number of ``run`` options related to networking:: + + -n=true : Enable networking for this container + -dns=[] : Set custom dns servers for the container + -expose=[]: Expose a port from the container + without publishing it to your host + -P=false : Publish all exposed ports to the host interfaces + -p=[] : Publish a container's port to the host (format: + ip:hostPort:containerPort | ip::containerPort | + hostPort:containerPort) + (use 'docker port' to see the actual mapping) + -link="" : Add link to another container (name:alias) + +By default, all containers have networking enabled and they can make +any outgoing connections. The operator can completely disable +networking with ``run -n`` which disables all incoming and outgoing +networking. In cases like this, you would perform IO through files or +stdin/stdout only. + +Your container will use the same DNS servers as the host by default, +but you can override this with ``-dns``. + +As mentioned previously, ``EXPOSE`` (and ``-expose``) make a port +available **in** a container for incoming connections. The port number +on the inside of the container (where the service listens) does not +need to be the same number as the port exposed on the outside of the +container (where clients connect), so inside the container you might +have an HTTP service listening on port 80 (and so you ``EXPOSE 80`` in +the Dockerfile), but outside the container the port might be 42800. + +To help a new client container reach the server container's internal +port operator ``-expose'd`` by the operator or ``EXPOSE'd`` by the +developer, the operator has three choices: start the server container +with ``-P`` or ``-p,`` or start the client container with ``-link``. + +If the operator uses ``-P`` or ``-p`` then Docker will make the +exposed port accessible on the host and the ports will be available to +any client that can reach the host. To find the map between the host +ports and the exposed ports, use ``docker port``) + +If the operator uses ``-link`` when starting the new client container, +then the client container can access the exposed port via a private +networking interface. Docker will set some environment variables in +the client container to help indicate which interface and port to use. + +ENV (Environment Variables) +........................... + +The operator can **set any environment variable** in the container by +using one or more ``-e``, even overriding those already defined by the +developer with a Dockefile ``ENV``:: + + $ docker run -e "deep=purple" -rm ubuntu /bin/bash -c export + declare -x HOME="/" + declare -x HOSTNAME="85bc26a0e200" + declare -x OLDPWD + declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + declare -x PWD="/" + declare -x SHLVL="1" + declare -x container="lxc" + declare -x deep="purple" + +Similarly the operator can set the **hostname** with ``-h``. + +``-link name:alias`` also sets environment variables, using the +*alias* string to define environment variables within the container +that give the IP and PORT information for connecting to the service +container. Let's imagine we have a container running Redis:: + + # Start the service container, named redis-name + $ docker run -d -name redis-name dockerfiles/redis + 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 + + # The redis-name container exposed port 6379 + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4241164edf6f dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name + + # Note that there are no public ports exposed since we didn't use -p or -P + $ docker port 4241164edf6f 6379 + 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f + + +Yet we can get information about the redis container's exposed ports with ``-link``. Choose an alias that will form a valid environment variable! + +:: + + $ docker run -rm -link redis-name:redis_alias -entrypoint /bin/bash dockerfiles/redis -c export + declare -x HOME="/" + declare -x HOSTNAME="acda7f7b1cdc" + declare -x OLDPWD + declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + declare -x PWD="/" + declare -x REDIS_ALIAS_NAME="/distracted_wright/redis" + declare -x REDIS_ALIAS_PORT="tcp://172.17.0.32:6379" + declare -x REDIS_ALIAS_PORT_6379_TCP="tcp://172.17.0.32:6379" + declare -x REDIS_ALIAS_PORT_6379_TCP_ADDR="172.17.0.32" + declare -x REDIS_ALIAS_PORT_6379_TCP_PORT="6379" + declare -x REDIS_ALIAS_PORT_6379_TCP_PROTO="tcp" + declare -x SHLVL="1" + declare -x container="lxc" + +And we can use that information to connect from another container as a client:: + + $ docker run -i -t -rm -link redis-name:redis_alias -entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' + 172.17.0.32:6379> + +VOLUME (Shared Filesystems) +........................... + +:: + + -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. + If "container-dir" is missing, then docker creates a new volume. + -volumes-from="": Mount all volumes from the given container(s) + +The volumes commands are complex enough to have their own +documentation in section :ref:`volume_def`. A developer can define one +or more VOLUMEs associated with an image, but only the operator can +give access from one container to another (or from a container to a +volume mounted on the host). + +USER +.... + +:: + + -u="": Username or UID + +WORKDIR +....... + +:: + + -w="": Working directory inside the container + +Performance +=========== + +The operator can also adjust the performance parameters of the container:: + + -c=0 : CPU shares (relative weight) + -m="": Memory limit (format: , where unit = b, k, m or g) + + -lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + -privileged=false: Give extended privileges to this container + From baded3bcc01ad417fe552d894f85654e8659f49c Mon Sep 17 00:00:00 2001 From: Andy Rothfusz Date: Tue, 28 Jan 2014 17:32:05 -0800 Subject: [PATCH 0042/2538] Address feedback from @jamtur01. Docker-DCO-1.1-Signed-off-by: Andy Rothfusz (github: metalivedev) --- docs/sources/reference/run.rst | 260 +++++++++++++++++++++------------ 1 file changed, 163 insertions(+), 97 deletions(-) diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst index 7505b7c02f..307edace00 100644 --- a/docs/sources/reference/run.rst +++ b/docs/sources/reference/run.rst @@ -21,6 +21,7 @@ Every one of the :ref:`example_list` shows running containers, and so here we try to give more in-depth guidance. .. contents:: Table of Contents + :depth: 2 .. _run_running: @@ -37,24 +38,33 @@ To learn how to interpret the types of ``[OPTIONS]``, see The list of ``[OPTIONS]`` breaks down into two groups: -* options that define the runtime behavior or environment, and -* options that override image defaults. +1. Settings exclusive to operators, including: -Since image defaults usually get set in :ref:`Dockerfiles -` (though they could also be set at :ref:`cli_commit` -time too), we will group the runtime options here by their related -Dockerfile commands so that it is easier to see how to override image -defaults and set new behavior. + * Detached or Foreground running, + * Container Identification, + * Network settings, and + * Runtime Constraints on CPU and Memory + * Privileges and LXC Configuration -We'll start, though, with the options that are unique to ``docker -run``, the options which define the runtime behavior or the container -environment. +2. Setting shared between operators and developers, where operators + can override defaults developers set in images at build time. -.. note:: The runtime operator always has final control over the - behavior of a Docker container. +Together, the ``docker run [OPTIONS]`` give complete control over +runtime behavior to the operator, allowing them to override all +defaults set by the developer during ``docker build`` and nearly all +the defaults set by the Docker runtime itself. -Detached or Foreground -====================== +Operator Exclusive Options +========================== + +Only the operator (the person executing ``docker run``) can set the +following options. + +.. contents:: + :local: + +Detached vs Foreground +---------------------- When starting a Docker container, you must first decide if you want to run the container in the background in a "detached" mode or in the @@ -65,7 +75,7 @@ default foreground mode:: Detached (-d) ............. -In detached mode (``-d=true`` or just ``-d``), all IO should be done +In detached mode (``-d=true`` or just ``-d``), all I/O should be done through network connections or shared volumes because the container is no longer listening to the commandline where you executed ``docker run``. You can reattach to a detached container with ``docker`` @@ -82,22 +92,68 @@ error. It can even pretend to be a TTY (this is what most commandline executables expect) and pass along signals. All of that is configurable:: - -a=[] : Attach to stdin, stdout and/or stderr + -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` -t=false : Allocate a pseudo-tty -sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -i=false : Keep stdin open even if not attached + -i=false : Keep STDIN open even if not attached If you do not specify ``-a`` then Docker will `attach everything (stdin,stdout,stderr) -`_. You -can specify which of the three standard streams (stdin, stdout, -stderr) you'd like to connect between your instead, as in:: +`_. You +can specify to which of the three standard streams (``stdin``, ``stdout``, +``stderr``) you'd like to connect instead, as in:: docker run -a stdin -a stdout -i -t ubuntu /bin/bash For interactive processes (like a shell) you will typically want a tty -as well as persistent standard in, so you'll use ``-i -t`` together in -most interactive cases. +as well as persistent standard input (``stdin``), so you'll use ``-i +-t`` together in most interactive cases. + +Container Identification +------------------------ + +Name (-name) +............ + +The operator can identify a container in three ways: + +* UUID long identifier ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") +* UUID short identifier ("f78375b1c487") +* Name ("evil_ptolemy") + +The UUID identifiers come from the Docker daemon, and if you do not +assign a name to the container with ``-name`` then the daemon will +also generate a random string name too. The name can become a handy +way to add meaning to a container since you can use this name when +defining :ref:`links ` (or any other place +you need to identify a container). This works for both background and +foreground Docker containers. + +PID Equivalent +.............. + +And finally, to help with automation, you can have Docker write the +container ID out to a file of your choosing. This is similar to how +some programs might write out their process ID to a file (you've seen +them as PID files):: + + -cidfile="": Write the container ID to the file + +Network Settings +---------------- + +:: + -n=true : Enable networking for this container + -dns=[] : Set custom dns servers for the container + +By default, all containers have networking enabled and they can make +any outgoing connections. The operator can completely disable +networking with ``docker run -n`` which disables all incoming and outgoing +networking. In cases like this, you would perform I/O through files or +STDIN/STDOUT only. + +Your container will use the same DNS servers as the host by default, +but you can override this with ``-dns``. Clean Up (-rm) -------------- @@ -112,57 +168,84 @@ the container exits**, you can add the ``-rm`` flag:: -rm=false: Automatically remove the container when it exits (incompatible with -d) -Name (-name) -============ -The operator can identify a container in three ways: +Runtime Constraints on CPU and Memory +------------------------------------- -* UUID long identifier ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") -* UUID short identifier ("f78375b1c487") -* name ("evil_ptolemy") +The operator can also adjust the performance parameters of the container:: -The UUID identifiers come from the Docker daemon, and if you do not -assign a name to the container with ``-name`` then the daemon will -also generate a random string name too. The name can become a handy -way to add meaning to a container since you can use this name when -defining :ref:`links ` (or any other place -you need to identify a container). This works for both background and -foreground Docker containers. + -m="": Memory limit (format: , where unit = b, k, m or g) + -c=0 : CPU shares (relative weight) -PID Equivalent -============== +The operator can constrain the memory available to a container easily +with ``docker run -m``. If the host supports swap memory, then the +``-m`` memory setting can be larger than physical RAM. -And finally, to help with automation, you can have Docker write the -container id out to a file of your choosing. This is similar to how -some programs might write out their process ID to a file (you've seen -them as .pid files):: +Similarly the operator can increase the priority of this container +with the ``-c`` option. By default, all containers run at the same +priority and get the same proportion of CPU cycles, but you can tell +the kernel to give more shares of CPU time to one or more containers +when you start them via Docker. - -cidfile="": Write the container ID to the file +Runtime Privilege and LXC Configuration +--------------------------------------- -Overriding Dockerfile Image Defaults -==================================== +:: + + -privileged=false: Give extended privileges to this container + -lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + +By default, Docker containers are "unprivileged" and cannot, for +example, run a Docker daemon inside a Docker container. This is +because by default a container is not allowed to access any devices, +but a "privileged" container is given access to all devices (see +lxc-template.go_ and documentation on `cgroups devices +`_). + +When the operator executes ``docker run -privileged``, Docker will +enable to access to all devices on the host as well as set some +configuration in AppArmor to allow the container nearly all the same +access to the host as processes running outside containers on the +host. Additional information about running with ``-privileged`` is +available on the `Docker Blog +`_. + +An operator can also specify LXC options using one or more +``-lxc-conf`` parameters. These can be new parameters or override +existing parameters from the lxc-template.go_. Note that in the +future, a given host's Docker daemon may not use LXC, so this is an +implementation-specific configuration meant for operators already +familiar with using LXC directly. + +.. _lxc-template.go: https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go + + +Overriding ``Dockerfile`` Image Defaults +======================================== When a developer builds an image from a :ref:`Dockerfile ` or when she commits it, the developer can set a number of default parameters that take effect when the image starts up as a container. -Four of the Dockerfile commands cannot be overridden at runtime: +Four of the ``Dockerfile`` commands cannot be overridden at runtime: ``FROM, MAINTAINER, RUN``, and ``ADD``. Everything else has a corresponding override in ``docker run``. We'll go through what the -developer might have set in each Dockerfile instruction and how the +developer might have set in each ``Dockerfile`` instruction and how the operator can override that setting. +.. contents:: + :local: -CMD -... +CMD (Default Command or Options) +-------------------------------- -Remember the optional ``COMMAND`` in the Docker commandline:: +Recall the optional ``COMMAND`` in the Docker commandline:: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] This command is optional because the person who created the ``IMAGE`` -may have already provided a default ``COMMAND`` using the Dockerfile +may have already provided a default ``COMMAND`` using the ``Dockerfile`` ``CMD``. As the operator (the person running a container from the image), you can override that ``CMD`` just by specifying a new ``COMMAND``. @@ -171,22 +254,22 @@ If the image also specifies an ``ENTRYPOINT`` then the ``CMD`` or ``COMMAND`` get appended as arguments to the ``ENTRYPOINT``. -ENTRYPOINT -.......... +ENTRYPOINT (Default Command to Execute at Runtime +------------------------------------------------- :: -entrypoint="": Overwrite the default entrypoint set by the image -The ENTRYPOINT of an image is similar to a COMMAND because it +The ENTRYPOINT of an image is similar to a ``COMMAND`` because it specifies what executable to run when the container starts, but it is -(purposely) more difficult to override. The ENTRYPOINT gives a +(purposely) more difficult to override. The ``ENTRYPOINT`` gives a container its default nature or behavior, so that when you set an -ENTRYPOINT you can run the container *as if it were that binary*, +``ENTRYPOINT`` you can run the container *as if it were that binary*, complete with default options, and you can pass in more options via -the COMMAND. But, sometimes an operator may want to run something else -inside the container, so you can override the default ENTRYPOINT at -runtime by using a string to specify the new ENTRYPOINT. Here is an +the ``COMMAND``. But, sometimes an operator may want to run something else +inside the container, so you can override the default ``ENTRYPOINT`` at +runtime by using a string to specify the new ``ENTRYPOINT``. Here is an example of how to run a shell in a container that has been set up to automatically run something else (like ``/usr/bin/redis-server``):: @@ -198,16 +281,14 @@ or two examples of how to pass more parameters to that ENTRYPOINT:: docker run -i -t -entrypoint /usr/bin/redis-cli example/redis --help -EXPOSE (``run`` Networking Options) -................................... +EXPOSE (Incoming Ports) +----------------------- -The *Dockerfile* doesn't give much control over networking, only -providing the EXPOSE instruction to give a hint to the operator about -what incoming ports might provide services. At runtime, however, -Docker provides a number of ``run`` options related to networking:: +The ``Dockerfile`` doesn't give much control over networking, only +providing the ``EXPOSE`` instruction to give a hint to the operator +about what incoming ports might provide services. The following +options work with or override the ``Dockerfile``'s exposed defaults:: - -n=true : Enable networking for this container - -dns=[] : Set custom dns servers for the container -expose=[]: Expose a port from the container without publishing it to your host -P=false : Publish all exposed ports to the host interfaces @@ -217,25 +298,16 @@ Docker provides a number of ``run`` options related to networking:: (use 'docker port' to see the actual mapping) -link="" : Add link to another container (name:alias) -By default, all containers have networking enabled and they can make -any outgoing connections. The operator can completely disable -networking with ``run -n`` which disables all incoming and outgoing -networking. In cases like this, you would perform IO through files or -stdin/stdout only. - -Your container will use the same DNS servers as the host by default, -but you can override this with ``-dns``. - As mentioned previously, ``EXPOSE`` (and ``-expose``) make a port available **in** a container for incoming connections. The port number on the inside of the container (where the service listens) does not need to be the same number as the port exposed on the outside of the container (where clients connect), so inside the container you might have an HTTP service listening on port 80 (and so you ``EXPOSE 80`` in -the Dockerfile), but outside the container the port might be 42800. +the ``Dockerfile``), but outside the container the port might be 42800. To help a new client container reach the server container's internal -port operator ``-expose'd`` by the operator or ``EXPOSE'd`` by the +port operator ``-expose``'d by the operator or ``EXPOSE``'d by the developer, the operator has three choices: start the server container with ``-P`` or ``-p,`` or start the client container with ``-link``. @@ -250,10 +322,10 @@ networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. ENV (Environment Variables) -........................... +--------------------------- The operator can **set any environment variable** in the container by -using one or more ``-e``, even overriding those already defined by the +using one or more ``-e`` flags, even overriding those already defined by the developer with a Dockefile ``ENV``:: $ docker run -e "deep=purple" -rm ubuntu /bin/bash -c export @@ -287,7 +359,9 @@ container. Let's imagine we have a container running Redis:: 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f -Yet we can get information about the redis container's exposed ports with ``-link``. Choose an alias that will form a valid environment variable! +Yet we can get information about the Redis container's exposed ports +with ``-link``. Choose an alias that will form a valid environment +variable! :: @@ -312,7 +386,7 @@ And we can use that information to connect from another container as a client:: 172.17.0.32:6379> VOLUME (Shared Filesystems) -........................... +--------------------------- :: @@ -322,32 +396,24 @@ VOLUME (Shared Filesystems) The volumes commands are complex enough to have their own documentation in section :ref:`volume_def`. A developer can define one -or more VOLUMEs associated with an image, but only the operator can +or more ``VOLUME``\s associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). USER -.... +---- -:: +The default user within a container is ``root`` (id = 0), but if the +developer created additional users, those are accessible too. The +developer can set a default user to run the first process with the +``Dockerfile USER`` command, but the operator can override it :: -u="": Username or UID WORKDIR -....... +------- -:: +The default working directory for running binaries within a container is the root directory (``/``), but the developer can set a different default with the ``Dockerfile WORKDIR`` command. The operator can override this with:: -w="": Working directory inside the container -Performance -=========== - -The operator can also adjust the performance parameters of the container:: - - -c=0 : CPU shares (relative weight) - -m="": Memory limit (format: , where unit = b, k, m or g) - - -lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -privileged=false: Give extended privileges to this container - From 3b5e6598146217f6b417910d3a8fa5762b082ad3 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 31 Jan 2014 12:30:16 +1000 Subject: [PATCH 0043/2538] add a known issue for lxc-1.0.0.beta3 and beyond for removeal of lxc-kill see #3844 Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 491688027f..a4d3022867 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -811,6 +811,8 @@ Known Issues (kill) * :issue:`197` indicates that ``docker kill`` may leave directories behind and make it difficult to remove the container. +* :issue:`3844` lxc 1.0.0 beta3 removed ``lcx-kill`` which is used by Docker versions before 0.8.0; + see the issue for a workaround. .. _cli_load: From 05c073b292937038b761ca303404bf3e9fc5b7bf Mon Sep 17 00:00:00 2001 From: Johan Euphrosine Date: Mon, 3 Feb 2014 16:01:38 -0800 Subject: [PATCH 0044/2538] docs/cli: add mtu option Docker-DCO-1.1-Signed-off-by: Johan Euphrosine (github: google) --- docs/sources/reference/commandline/cli.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index a4d3022867..ae77080309 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -80,6 +80,7 @@ Commands -r, --restart=true: Restart previously running containers -s, --storage-driver="": Force the docker runtime to use a specific storage driver -v, --version=false: Print version information and quit + -mtu, --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the ``-d`` flag. From 8bef3842d7fed225aef603f3331049644c537527 Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Wed, 4 Dec 2013 10:36:21 +0000 Subject: [PATCH 0045/2538] New build instruction: ONBUILD defines a trigger to execute when extending an image with a new build Docker-DCO-1.1-Signed-off-by: Solomon Hykes (github: shykes) --- docs/sources/reference/builder.rst | 58 ++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 9889660913..2f71b87a93 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -402,6 +402,64 @@ the image. The ``WORKDIR`` instruction sets the working directory in which the command given by ``CMD`` is executed. +3.11 ONBUILD +------------ + + ``ONBUILD [INSTRUCTION]`` + +The ``ONBUILD`` instruction adds to the image a "trigger" instruction to be +executed at a later time, when the image is used as the base for another build. +The trigger will be executed in the context of the downstream build, as if it +had been inserted immediately after the *FROM* instruction in the downstream +Dockerfile. + +Any build instruction can be registered as a trigger. + +This is useful if you are building an image which will be used as a base to build +other images, for example an application build environment or a daemon which may be +customized with user-specific configuration. + +For example, if your image is a reusable python application builder, it will require +application source code to be added in a particular directory, and it might require +a build script to be called *after* that. You can't just call *ADD* and *RUN* now, +because you don't yet have access to the application source code, and it will be +different for each application build. You could simply provide application developers +with a boilerplate Dockerfile to copy-paste into their application, but that is +inefficient, error-prone and difficult to update because it mixes with +application-specific code. + +The solution is to use *ONBUILD* to register in advance instructions to run later, +during the next build stage. + +Here's how it works: + +1. When it encounters an *ONBUILD* instruction, the builder adds a trigger to + the metadata of the image being built. + The instruction does not otherwise affect the current build. + +2. At the end of the build, a list of all triggers is stored in the image manifest, + under the key *OnBuild*. They can be inspected with *docker inspect*. + +3. Later the image may be used as a base for a new build, using the *FROM* instruction. + As part of processing the *FROM* instruction, the downstream builder looks for *ONBUILD* + triggers, and executes them in the same order they were registered. If any of the + triggers fail, the *FROM* instruction is aborted which in turn causes the build + to fail. If all triggers succeed, the FROM instruction completes and the build + continues as usual. + +4. Triggers are cleared from the final image after being executed. In other words + they are not inherited by "grand-children" builds. + +For example you might add something like this: + +.. code-block:: bash + + [...] + ONBUILD ADD . /app/src + ONBUILD RUN /usr/local/bin/python-build --dir /app/src + [...] + + .. _dockerfile_examples: 4. Dockerfile Examples From ff4a5b431bfd5659d8fb7cbf36549ec1506c174b Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 5 Feb 2014 13:24:17 +1000 Subject: [PATCH 0046/2538] be a little more explicit about what WORKDIR does Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 2f71b87a93..571824c36c 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -269,7 +269,7 @@ the container's filesystem at path ````. source directory being built (also called the *context* of the build) or a remote file URL. -```` is the path at which the source will be copied in the +```` is the absolute path to which the source will be copied inside the destination container. All new files and directories are created with mode 0755, uid and gid @@ -399,8 +399,10 @@ the image. ``WORKDIR /path/to/workdir`` -The ``WORKDIR`` instruction sets the working directory in which -the command given by ``CMD`` is executed. +The ``WORKDIR`` instruction sets the working directory for the ``RUN``, ``CMD`` and +``ENTRYPOINT`` Dockerfile commands that follow it. + +It can be used multiple times in the one Dockerfile. 3.11 ONBUILD ------------ From 808f83bc5c13f2f59ab09358757032b7bc2532d0 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 7 Feb 2014 15:21:33 +1000 Subject: [PATCH 0047/2538] please, for the love of Docker, do. not. use. symlinks Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index ae77080309..5f4f821e12 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -102,12 +102,17 @@ the ``-H`` flag for the client. docker ps # both are equal - To run the daemon with `systemd socket activation `_, use ``docker -d -H fd://``. Using ``fd://`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. If the specified socket activated files aren't found then docker will exit. You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `_. +.. warning:: + Docker and LXC do not support the use of softlinks for either the Docker data directory (``/var/lib/docker``) or for ``/tmp``. + If your system is likely to be set up in that way, you can use ``readlink -f`` to canonicalise the links: + + ``TMPDIR=$(readlink -f /tmp) /usr/local/bin/docker -d -D -g $(readlink -f /var/lib/docker) -H unix:// $EXPOSE_ALL > /var/lib/boot2docker/docker.log 2>&1`` + .. _cli_attach: ``attach`` From 605f913fc53ad9e66ba0d5f8b34b03b9587a01b7 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 10 Feb 2014 16:10:15 +1000 Subject: [PATCH 0048/2538] point out that ENV DEBIAN_FRONTEND will persist, so its not recommended Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.rst | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 571824c36c..4b6a151006 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -251,9 +251,14 @@ value ````. This value will be passed to all future ``RUN`` instructions. This is functionally equivalent to prefixing the command with ``=`` +The environment variables set using ``ENV`` will persist when a container is run +from the resulting image. You can view the values using ``docker inspect``, and change them using ``docker run --env =``. + .. note:: - The environment variables will persist when a container is run - from the resulting image. + One example where this can cause unexpected consequenses, is setting + ``ENV DEBIAN_FRONTEND noninteractive``. + Which will persist when the container is run interactively; for example: + ``docker run -t -i image bash`` .. _dockerfile_add: From ba6266c6484dc9f0339444a397c6583d1a8c9fc7 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 11 Feb 2014 19:53:45 +1000 Subject: [PATCH 0049/2538] add a little more information about the docker run -P option Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 5f4f821e12..18cef685aa 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1088,6 +1088,10 @@ is, ``docker run`` is equivalent to the API ``/containers/create`` then The ``docker run`` command can be used in combination with ``docker commit`` to :ref:`change the command that a container runs `. +See :ref:`port_redirection` for more detailed information about the ``--expose``, +``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for +specific examples using ``--link``. + Known Issues (run -volumes-from) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From bb10fef646036e2af16521415e454e129d4675ed Mon Sep 17 00:00:00 2001 From: Dafydd Crosby Date: Fri, 7 Feb 2014 00:10:47 -0700 Subject: [PATCH 0050/2538] Fix RST formatting --- docs/sources/reference/run.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst index 307edace00..d8de280671 100644 --- a/docs/sources/reference/run.rst +++ b/docs/sources/reference/run.rst @@ -143,6 +143,7 @@ Network Settings ---------------- :: + -n=true : Enable networking for this container -dns=[] : Set custom dns servers for the container From 0c427d6796380c8b51440558b6ed302480a214f7 Mon Sep 17 00:00:00 2001 From: unclejack Date: Thu, 13 Feb 2014 03:26:35 +0200 Subject: [PATCH 0051/2538] disallow tcp:// from defaulting to 127.0.0.1:4243 This stops docker from accepting tcp:// as a valid bind address. Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) --- docs/sources/reference/commandline/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 18cef685aa..032076b941 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -12,7 +12,7 @@ To list available commands, either run ``docker`` with no parameters or execute $ sudo docker Usage: docker [OPTIONS] COMMAND [arg...] - -H=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind/connect to or unix://[/path/to/socket] to use. When host=[0.0.0.0], port=[4243] or path=[/var/run/docker.sock] is omitted, default values are used. + -H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used. A self-sufficient runtime for linux containers. From 4e4c5547b8beed2eddca8e6d301cf587b3403f34 Mon Sep 17 00:00:00 2001 From: Song Gao Date: Mon, 6 Jan 2014 12:06:05 -0600 Subject: [PATCH 0052/2538] Support submodules when building from a gh repo Docker-DCO-1.1-Signed-off-by: Song Gao (github: songgao) --- docs/sources/reference/commandline/cli.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 032076b941..87222484c5 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -194,7 +194,8 @@ The files at ``PATH`` or ``URL`` are called the "context" of the build. The build process may refer to any of the files in the context, for example when using an :ref:`ADD ` instruction. When a single ``Dockerfile`` is given as ``URL``, then no context is set. When a Git repository is set as -``URL``, then the repository is used as the context +``URL``, then the repository is used as the context. Git repositories are +cloned with their submodules (`git clone --recursive`). .. _cli_build_examples: From 0bf10f83a167aba09e177ad8d5ee8dab57934c24 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 13 Feb 2014 14:48:55 +1000 Subject: [PATCH 0053/2538] add a little reenforcement to the help for docker build -q Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 87222484c5..7ba0123065 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -186,7 +186,7 @@ Examples: Build a new container image from the source code at PATH -t, --time="": Repository name (and optionally a tag) to be applied to the resulting image in case of success. - -q, --quiet=false: Suppress verbose build output. + -q, --quiet=false: Suppress the verbose output generated by the containers. --no-cache: Do not use the cache when building the image. --rm: Remove intermediate containers after a successful build From 4e224b421873327a360a189b407fa5e27173bbb7 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 18 Dec 2013 21:12:49 +1000 Subject: [PATCH 0054/2538] my attempt to disentagle repository and registry (Issue #1439) Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 7ba0123065..927f6d3b2d 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1301,7 +1301,7 @@ The main process inside the container will receive SIGTERM, and after a grace pe :: - Usage: docker tag [OPTIONS] IMAGE REPOSITORY[:TAG] + Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] Tag an image into a repository From bdb4174a7ff2e86e11ea7a32875662d187355e12 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Tue, 18 Feb 2014 15:08:09 -0500 Subject: [PATCH 0055/2538] Add extra info regarding docker run funcationality Docker-DCO-1.1-Signed-off-by: Brian Goff (github: cpuguy83) --- docs/sources/reference/commandline/cli.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 927f6d3b2d..8ef0ab8b72 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -917,6 +917,8 @@ Running ``docker ps`` showing 2 linked containers. The last container is marked as a ``Ghost`` container. It is a container that was running when the docker daemon was restarted (upgraded, or ``-H`` settings changed). The container is still running, but as this docker daemon process is not able to manage it, you can't attach to it. To bring them out of ``Ghost`` Status, you need to use ``docker kill`` or ``docker restart``. +``docker ps`` will show only running containers by default. To see all containers: ``docker ps -a`` + .. _cli_pull: ``pull`` @@ -1085,6 +1087,7 @@ The ``docker run`` command first ``creates`` a writeable container layer over the specified image, and then ``starts`` it using the specified command. That is, ``docker run`` is equivalent to the API ``/containers/create`` then ``/containers/(id)/start``. +Once the container is stopped it still exists and can be started back up. See ``docker ps -a`` to view a list of all containers. The ``docker run`` command can be used in combination with ``docker commit`` to :ref:`change the command that a container runs `. From 2af848ac2cde3f11f8d483151e492901e9a2dfbb Mon Sep 17 00:00:00 2001 From: Andy Rothfusz Date: Tue, 18 Feb 2014 19:21:12 -0800 Subject: [PATCH 0056/2538] Update the documentation docs with new branch information. Docker-DCO-1.1-Signed-off-by: Andy Rothfusz (github: metalivedev) --- docs/README.md | 63 +++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 50 insertions(+), 13 deletions(-) diff --git a/docs/README.md b/docs/README.md index 3fdbad2ead..71b3a09995 100644 --- a/docs/README.md +++ b/docs/README.md @@ -19,10 +19,24 @@ post-commit hooks. The "release" branch maps to the "latest" documentation and the "master" branch maps to the "master" documentation. -**Warning**: The "master" documentation may include features not yet -part of any official docker release. "Master" docs should be used only -for understanding bleeding-edge development and "latest" should be -used for the latest official release. +## Branches + +**There are two branches related to editing docs**: ``master`` and a +``doc*`` branch (currently ``doc0.8.1``). You should normally edit +docs on the ``master`` branch. That way your fixes will automatically +get included in later releases, and docs maintainers can easily +cherry-pick your changes to bring over to the current docs branch. In +the rare case where your change is not forward-compatible, then you +could base your change on the appropriate ``doc*`` branch. + +Now that we have a ``doc*`` branch, we can keep the ``latest`` docs +up to date with any bugs found between ``docker`` code releases. + +**Warning**: When *reading* the docs, the ``master`` documentation may +include features not yet part of any official docker +release. ``Master`` docs should be used only for understanding +bleeding-edge development and ``latest`` (which points to the ``doc*`` +branch``) should be used for the latest official release. If you need to manually trigger a build of an existing branch, then you can do that through the [readthedocs @@ -39,7 +53,7 @@ Getting Started To edit and test the docs, you'll need to install the Sphinx tool and its dependencies. There are two main ways to install this tool: -###Native Installation +### Native Installation Install dependencies from `requirements.txt` file in your `docker/docs` directory: @@ -48,7 +62,7 @@ directory: * Mac OS X: `[sudo] pip-2.7 install -r docs/requirements.txt` -###Alternative Installation: Docker Container +### Alternative Installation: Docker Container If you're running ``docker`` on your development machine then you may find it easier and cleaner to use the docs Dockerfile. This installs Sphinx @@ -59,11 +73,16 @@ docs inside the container, even starting a simple HTTP server on port In the ``docker`` source directory, run: ```make docs``` -This is the equivalent to ``make clean server`` since each container starts clean. +This is the equivalent to ``make clean server`` since each container +starts clean. -Usage ------ -* Follow the contribution guidelines (``../CONTRIBUTING.md``) +# Contributing + +## Normal Case: + +* Follow the contribution guidelines ([see + ``../CONTRIBUTING.md``](../CONTRIBUTING)). +* Remember to sign your work! * Work in your own fork of the code, we accept pull requests. * Change the ``.rst`` files with your favorite editor -- try to keep the lines short and respect RST and Sphinx conventions. @@ -75,6 +94,20 @@ Usage ``make clean docs`` must complete without any warnings or errors. +## Special Case for RST Newbies: + +If you want to write a new doc or make substantial changes to an +existing doc, but **you don't know RST syntax**, we will accept pull +requests in Markdown and plain text formats. We really want to +encourage people to share their knowledge and don't want the markup +syntax to be the obstacle. So when you make the Pull Request, please +note in your comment that you need RST markup assistance, and we'll +make the changes for you, and then we will make a pull request to your +pull request so that you can get all the changes and learn about the +markup. You still need to follow the +[``CONTRIBUTING``](../CONTRIBUTING) guidelines, so please sign your +commits. + Working using GitHub's file editor ---------------------------------- @@ -93,8 +126,11 @@ exists. Notes ----- -* For the template the css is compiled from less. When changes are needed they can be compiled using -lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` + +* For the template the css is compiled from less. When changes are + needed they can be compiled using + + lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` Guides on using sphinx ---------------------- @@ -106,7 +142,8 @@ Guides on using sphinx Hello world =========== - This is.. (etc.) + This is a reference to :ref:`hello_world` and will work even if we + move the target to another file or change the title of the section. ``` The ``_hello_world:`` will make it possible to link to this position From 2be94a6d55bfcb3ed3eaf39e3aa451b1238a7bec Mon Sep 17 00:00:00 2001 From: Andy Rothfusz Date: Tue, 18 Feb 2014 19:25:43 -0800 Subject: [PATCH 0057/2538] update links Docker-DCO-1.1-Signed-off-by: Andy Rothfusz (github: metalivedev) --- docs/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/README.md b/docs/README.md index 71b3a09995..9379d86870 100644 --- a/docs/README.md +++ b/docs/README.md @@ -81,8 +81,8 @@ starts clean. ## Normal Case: * Follow the contribution guidelines ([see - ``../CONTRIBUTING.md``](../CONTRIBUTING)). -* Remember to sign your work! + ``../CONTRIBUTING.md``](../CONTRIBUTING.md)). +* [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) * Work in your own fork of the code, we accept pull requests. * Change the ``.rst`` files with your favorite editor -- try to keep the lines short and respect RST and Sphinx conventions. @@ -115,6 +115,7 @@ Alternatively, for small changes and typos you might want to use GitHub's built in file editor. It allows you to preview your changes right online (though there can be some differences between GitHub markdown and Sphinx RST). Just be careful not to create many commits. +And you must still [sign your work!](../CONTRIBUTING.md#sign-your-work) Images ------ From 0793ff9774f1c5970c3883175037eeb1e373b057 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 21 Feb 2014 13:51:08 +1000 Subject: [PATCH 0058/2538] reinforce that docker build --rm is a good default to use Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 8ef0ab8b72..41cdfe7cbb 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -197,6 +197,8 @@ is given as ``URL``, then no context is set. When a Git repository is set as ``URL``, then the repository is used as the context. Git repositories are cloned with their submodules (`git clone --recursive`). +.. note:: ``docker build --rm`` does not affect the image cache which is used to accelerate builds, it only removes the duplicate writeable container layers. + .. _cli_build_examples: .. seealso:: :ref:`dockerbuilder`. @@ -206,7 +208,7 @@ Examples: .. code-block:: bash - $ sudo docker build . + $ sudo docker build --rm . Uploading context 10240 bytes Step 1 : FROM busybox Pulling repository busybox @@ -229,6 +231,9 @@ Examples: ---> Running in 02071fceb21b ---> f52f38b7823e Successfully built f52f38b7823e + Removing intermediate container 9c9e81692ae9 + Removing intermediate container 02071fceb21b + This example specifies that the ``PATH`` is ``.``, and so all the files in the local directory get tar'd and sent to the Docker daemon. The ``PATH`` @@ -243,6 +248,10 @@ The transfer of context from the local machine to the Docker daemon is what the ``docker`` client means when you see the "Uploading context" message. +The ``--rm`` option tells Docker to remove the intermediate containers and +layers that were used to create each image layer. Doing so has no impact on +the image build cache. + .. code-block:: bash From a79fae655d989595ed2345425632768a157a7e54 Mon Sep 17 00:00:00 2001 From: unclejack Date: Thu, 20 Feb 2014 17:16:45 +0200 Subject: [PATCH 0059/2538] forbid chained onbuild, from & maintainer triggers This changes the way onbuild works: - forbids the chaining of onbuild instructions - forbids the use of `onbuild from` - forbids the use of `onbuild maintainer` It also makes docker throw errors when encountering such triggers when executing the triggers during `FROM`. Three tests have been added: - ensure that chained onbuild (`onbuild onbuild`) is forbidden - ensure that `onbuild from` is forbidden - ensure that `onbuild maintainer` is forbidden Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) --- docs/sources/reference/builder.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 4b6a151006..6fabd6629d 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -466,6 +466,8 @@ For example you might add something like this: ONBUILD RUN /usr/local/bin/python-build --dir /app/src [...] +.. warning:: Chaining ONBUILD instructions using `ONBUILD ONBUILD` isn't allowed. +.. warning:: ONBUILD may not trigger FROM or MAINTAINER instructions. .. _dockerfile_examples: From 16e959358b70ab1026c6a36d1be97adcfeb12419 Mon Sep 17 00:00:00 2001 From: Danny Berger Date: Fri, 21 Feb 2014 10:51:51 -0500 Subject: [PATCH 0060/2538] Fix cli argument usage typo for docker --mtu Docker-DCO-1.1-Signed-off-by: Danny Berger (github: dpb587) --- docs/sources/reference/commandline/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 41cdfe7cbb..d5267cd2d0 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -80,7 +80,7 @@ Commands -r, --restart=true: Restart previously running containers -s, --storage-driver="": Force the docker runtime to use a specific storage driver -v, --version=false: Print version information and quit - -mtu, --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available + -mtu, --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the ``-d`` flag. From dcea86eb25ce465b9ba9fc460acac18c89898449 Mon Sep 17 00:00:00 2001 From: Danny Berger Date: Fri, 21 Feb 2014 13:43:03 -0500 Subject: [PATCH 0061/2538] Drop -mtu from docs in favor of --mtu only Docker-DCO-1.1-Signed-off-by: Danny Berger (github: dpb587) --- docs/sources/reference/commandline/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index d5267cd2d0..67794a41c5 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -80,7 +80,7 @@ Commands -r, --restart=true: Restart previously running containers -s, --storage-driver="": Force the docker runtime to use a specific storage driver -v, --version=false: Print version information and quit - -mtu, --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available + --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the ``-d`` flag. From 92d8b836a7cc9d0dbd87c3cfbf2377c2ceafe1f9 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Sun, 23 Feb 2014 15:45:44 -0500 Subject: [PATCH 0062/2538] Remove uneeded wording in Dockerfile format Docker-DCO-1.1-Signed-off-by: Brian Goff (github: cpuguy83) --- docs/sources/reference/builder.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 6fabd6629d..9f7a816801 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -74,7 +74,7 @@ When you're done with your build, you're ready to look into 2. Format ========= -The Dockerfile format is quite simple: +Here is the format of the Dockerfile: :: From 9d1894a44c132057f6ea40d8f6758ec73daed8ee Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Mon, 17 Feb 2014 16:54:36 -0500 Subject: [PATCH 0063/2538] execdriver flag for docker daemon like the storage-driver flag, this implements a flag for choosing the execdriver to be used, defaulting to lxc. Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 67794a41c5..b221f0de6b 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -79,6 +79,7 @@ Commands -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file -r, --restart=true: Restart previously running containers -s, --storage-driver="": Force the docker runtime to use a specific storage driver + -e, --exec-driver="": Force the docker runtime to use a specific exec driver -v, --version=false: Print version information and quit --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available From 730417f46f6c9ae4e9b96bd9c984b482a3cf8b18 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Sun, 23 Feb 2014 11:32:12 -0500 Subject: [PATCH 0064/2538] make docker build -rm=true default #4292 Docker-DCO-1.1-Signed-off-by: Brian Goff (github: cpuguy83) --- docs/sources/reference/commandline/cli.rst | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index b221f0de6b..35091836fe 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -185,11 +185,11 @@ Examples: Usage: docker build [OPTIONS] PATH | URL | - Build a new container image from the source code at PATH - -t, --time="": Repository name (and optionally a tag) to be applied + -t, --time="": Repository name (and optionally a tag) to be applied to the resulting image in case of success. -q, --quiet=false: Suppress the verbose output generated by the containers. --no-cache: Do not use the cache when building the image. - --rm: Remove intermediate containers after a successful build + --rm=true: Remove intermediate containers after a successful build The files at ``PATH`` or ``URL`` are called the "context" of the build. The build process may refer to any of the files in the context, for example when @@ -198,8 +198,6 @@ is given as ``URL``, then no context is set. When a Git repository is set as ``URL``, then the repository is used as the context. Git repositories are cloned with their submodules (`git clone --recursive`). -.. note:: ``docker build --rm`` does not affect the image cache which is used to accelerate builds, it only removes the duplicate writeable container layers. - .. _cli_build_examples: .. seealso:: :ref:`dockerbuilder`. @@ -209,7 +207,7 @@ Examples: .. code-block:: bash - $ sudo docker build --rm . + $ sudo docker build . Uploading context 10240 bytes Step 1 : FROM busybox Pulling repository busybox @@ -249,9 +247,8 @@ The transfer of context from the local machine to the Docker daemon is what the ``docker`` client means when you see the "Uploading context" message. -The ``--rm`` option tells Docker to remove the intermediate containers and -layers that were used to create each image layer. Doing so has no impact on -the image build cache. +If you wish to keep the intermediate containers after the build is complete, +you must use ``--rm=false``. This does not affect the build cache. .. code-block:: bash From 231c00296b857640ecd6973958f7c7195ed353c7 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 20 Feb 2014 00:13:37 +0000 Subject: [PATCH 0065/2538] add missing doc Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- docs/sources/reference/commandline/cli.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 35091836fe..83161e3898 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1020,6 +1020,8 @@ containers will not be deleted. Usage: docker rmi IMAGE [IMAGE...] Remove one or more images + + -f, --force=false: Force Removing tagged images ~~~~~~~~~~~~~~~~~~~~~~ From 29d73de1685d3b0ee3834e98070da6b34d24b335 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Sat, 1 Mar 2014 05:12:21 +1000 Subject: [PATCH 0066/2538] one ponted out by lukaspustina, and one that I bet I added Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 83161e3898..564ea8a034 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -185,7 +185,7 @@ Examples: Usage: docker build [OPTIONS] PATH | URL | - Build a new container image from the source code at PATH - -t, --time="": Repository name (and optionally a tag) to be applied + -t, --tag="": Repository name (and optionally a tag) to be applied to the resulting image in case of success. -q, --quiet=false: Suppress the verbose output generated by the containers. --no-cache: Do not use the cache when building the image. @@ -1224,7 +1224,7 @@ to the newly created container. $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd The ``--volumes-from`` flag mounts all the defined volumes from the -referenced containers. Containers can be specified by a comma seperated +referenced containers. Containers can be specified by a comma separated list or by repetitions of the ``--volumes-from`` argument. The container ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted From 45e2caf10e91ae34e67f7d413075f11fbc35bba6 Mon Sep 17 00:00:00 2001 From: Barnaby Gray Date: Sat, 1 Mar 2014 17:33:54 +0000 Subject: [PATCH 0067/2538] Add fish shell completions from https://github.com/barnybug/docker-fish-completion. Docker-DCO-1.1-Signed-off-by: Barnaby Gray (github: barnybug) --- contrib/completion/fish/docker.fish | 257 ++++++++++++++++++++++++++++ 1 file changed, 257 insertions(+) create mode 100644 contrib/completion/fish/docker.fish diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish new file mode 100644 index 0000000000..2629533aac --- /dev/null +++ b/contrib/completion/fish/docker.fish @@ -0,0 +1,257 @@ +# docker.fish - docker completions for fish shell +# +# This file is generated by gen_docker_fish_completions.py from: +# https://github.com/barnybug/docker-fish-completion +# +# To install the completions: +# mkdir -p ~/.config/fish/completions +# cp docker.fish ~/.config/fish/completions +# +# Completion supported: +# - parameters +# - commands +# - containers +# - images +# - repositories + +function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand' + for i in (commandline -opc) + if contains -- $i attach build commit cp diff events export history images import info insert inspect kill load login logs port ps pull push restart rm rmi run save search start stop tag top version wait + return 1 + end + end + return 0 +end + +function __fish_print_docker_containers --description 'Print a list of docker containers' -a select + switch $select + case running + docker ps -a --no-trunc | awk 'NR>1' | awk 'BEGIN {FS=" +"}; $5 ~ "^Up" {print $1 "\n" $(NF-1)}' | tr ',' '\n' + case stopped + docker ps -a --no-trunc | awk 'NR>1' | awk 'BEGIN {FS=" +"}; $5 ~ "^Exit" {print $1 "\n" $(NF-1)}' | tr ',' '\n' + case all + docker ps -a --no-trunc | awk 'NR>1' | awk 'BEGIN {FS=" +"}; {print $1 "\n" $(NF-1)}' | tr ',' '\n' + end +end + +function __fish_print_docker_images --description 'Print a list of docker images' + docker images | awk 'NR>1' | grep -v '' | awk '{print $1":"$2}' +end + +function __fish_print_docker_repositories --description 'Print a list of docker repositories' + docker images | awk 'NR>1' | grep -v '' | awk '{print $1}' | sort | uniq +end + +# common options +complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode' +complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified' +complete -c docker -f -n '__fish_docker_no_subcommand' -l api-enable-cors -d 'Enable CORS headers in the remote API' +complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d "Attach containers to a pre-existing network bridge; use 'none' to disable container networking" +complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b" +complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode' +complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force docker to use specific DNS servers' +complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the docker runtime' +complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Enable inter-container communication' +complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports' +complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Disable enabling of net.ipv4.ip_forward' +complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Disable docker's addition of iptables rules" +complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available' +complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file' +complete -c docker -f -n '__fish_docker_no_subcommand' -s r -l restart -d 'Restart previously running containers' +complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the docker runtime to use a specific storage driver' +complete -c docker -f -n '__fish_docker_no_subcommand' -s v -l version -d 'Print version information and quit' + +# subcommands +# attach +complete -c docker -f -n '__fish_docker_no_subcommand' -a attach -d 'Attach to a running container' +complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach stdin' +complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxify all received signal to the process (even in non-tty mode)' +complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container" + +# build +complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build a container from a Dockerfile' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress verbose build output' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success' + +# commit +complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes" +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (eg. "John Hannibal Smith "' +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message' +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: -run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')' +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" + +# cp +complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d 'Copy files/folders from the containers filesystem to the host path' + +# diff +complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem" +complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print_docker_containers all)' -d "Container" + +# events +complete -c docker -f -n '__fish_docker_no_subcommand' -a events -d 'Get real time events from the server' +complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show previously created events and then stream.' + +# export +complete -c docker -f -n '__fish_docker_no_subcommand' -a export -d 'Stream the contents of a container as a tar archive' +complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_print_docker_containers all)' -d "Container" + +# history +complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image' +complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l no-trunc -d "Don't truncate output" +complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'only show numeric IDs' +complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_print_docker_images)' -d "Image" + +# images +complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'show all images (by default filter out the intermediate images used to build)' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output" +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'only show numeric IDs' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s t -l tree -d 'output graph in tree format' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s v -l viz -d 'output graph in graphviz format' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository" + +# import +complete -c docker -f -n '__fish_docker_no_subcommand' -a import -d 'Create a new filesystem image from the contents of a tarball' + +# info +complete -c docker -f -n '__fish_docker_no_subcommand' -a info -d 'Display system-wide information' + +# insert +complete -c docker -f -n '__fish_docker_no_subcommand' -a insert -d 'Insert a file in an image' +complete -c docker -A -f -n '__fish_seen_subcommand_from insert' -a '(__fish_print_docker_images)' -d "Image" + +# inspect +complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container' +complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.' +complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_images)' -d "Image" +complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers running)' -d "Container" + +# kill +complete -c docker -f -n '__fish_docker_no_subcommand' -a kill -d 'Kill a running container' +complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -s s -l signal -d 'Signal to send to the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -a '(__fish_print_docker_containers running)' -d "Container" + +# load +complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load an image from a tar archive' + +# login +complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Register or Login to the docker registry server' +complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'email' +complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'password' +complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'username' + +# logs +complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container' +complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s f -l follow -d 'Follow log output' +complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -a '(__fish_print_docker_containers running)' -d "Container" + +# port +complete -c docker -f -n '__fish_docker_no_subcommand' -a port -d 'Lookup the public-facing port which is NAT-ed to PRIVATE_PORT' +complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print_docker_containers running)' -d "Container" + +# ps +complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before-id -d 'Show only container created before Id, include non-running ones.' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output" +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display sizes' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since-id -d 'Show only containers created since Id, include non-running ones.' + +# pull +complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from the docker registry server' +complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s t -l tag -d 'Download tagged image in repository' +complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_images)' -d "Image" +complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_repositories)' -d "Repository" + +# push +complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to the docker registry server' +complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_images)' -d "Image" +complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_repositories)' -d "Repository" + +# restart +complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a running container' +complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10' +complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container" + +# rm +complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers' +complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container' +complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated to the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container" + +# rmi +complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images' +complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image" + +# run +complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to stdin, stdout or stderr.' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: Run container in the background, print new container id' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom dns servers' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default entrypoint of the image' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port from the container without publishing it to your host' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping)" +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxify all received signal to the process (even in non-tty mode)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-tty' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image" + +# save +complete -c docker -f -n '__fish_docker_no_subcommand' -a save -d 'Save an image to a tar archive' +complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image" + +# search +complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image in the docker index' +complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output" +complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least xxx stars' +complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s t -l trusted -d 'Only show trusted builds' + +# start +complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a stopped container' +complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's stdout/stderr and forward all signals to the process" +complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's stdin" +complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_print_docker_containers stopped)' -d "Container" + +# stop +complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a running container' +complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it.' +complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container" + +# tag +complete -c docker -f -n '__fish_docker_no_subcommand' -a tag -d 'Tag an image into a repository' +complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -s f -l force -d 'Force' +complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -a '(__fish_print_docker_images)' -d "Image" + +# top +complete -c docker -f -n '__fish_docker_no_subcommand' -a top -d 'Lookup the running processes of a container' +complete -c docker -A -f -n '__fish_seen_subcommand_from top' -a '(__fish_print_docker_containers running)' -d "Container" + +# version +complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the docker version information' + +# wait +complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code' +complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -a '(__fish_print_docker_containers running)' -d "Container" + + From 0db1996a26f4311b06ae3d752f3a010f27d358e5 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 28 Feb 2014 08:07:46 +1000 Subject: [PATCH 0068/2538] add a little bit mentioning commandline option combinations Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 564ea8a034..06d57ad359 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -20,8 +20,12 @@ To list available commands, either run ``docker`` with no parameters or execute .. _cli_options: -Types of Options ----------------- +Options +------- + +Single character commandline options can be combined, so rather than typing +``docker run -t -i --name test busybox sh``, you can write +``docker run -ti --name test busybox sh``. Boolean ~~~~~~~ From 87b94808dc088d41667b24bb70abcccfe8291b54 Mon Sep 17 00:00:00 2001 From: ILYA Khlopotov Date: Fri, 28 Feb 2014 08:08:01 -0800 Subject: [PATCH 0069/2538] Support json output in --format flag of docker inspect Docker-DCO-1.1-Signed-off-by: ILYA Khlopotov (github: khia) --- docs/sources/reference/commandline/cli.rst | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 06d57ad359..c8d8a75832 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -809,6 +809,19 @@ we ask for the ``HostPort`` field to get the public address. $ sudo docker inspect -format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID +Get config +.......... + +The ``.Field`` syntax doesn't work when the field contains JSON data, +but the template language's custom ``json`` function does. The ``.config`` +section contains complex json object, so to grab it as JSON, you use ``json`` +to convert config object into JSON + +.. code-block:: bash + + $ sudo docker inspect -format='{{json .config}}' $INSTANCE_ID + + .. _cli_kill: ``kill`` From 7bce027176a235e2af3280788ac0b9d0a9bae783 Mon Sep 17 00:00:00 2001 From: unclejack Date: Mon, 24 Feb 2014 23:10:06 +0200 Subject: [PATCH 0070/2538] handle symlinks for Docker's root dir & TMPDIR This removes the incomplete symlink handling from engine.go and it adds it one place in docker.go. It also enables handling symlinks for TMPDIR. Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) --- docs/sources/reference/commandline/cli.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index c8d8a75832..153bc5e74d 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -112,11 +112,15 @@ Using ``fd://`` will work perfectly for most setups but you can also specify ind If the specified socket activated files aren't found then docker will exit. You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `_. -.. warning:: - Docker and LXC do not support the use of softlinks for either the Docker data directory (``/var/lib/docker``) or for ``/tmp``. - If your system is likely to be set up in that way, you can use ``readlink -f`` to canonicalise the links: +Docker supports softlinks for the Docker data directory (``/var/lib/docker``) and for ``/tmp``. +TMPDIR and the data directory can be set like this: - ``TMPDIR=$(readlink -f /tmp) /usr/local/bin/docker -d -D -g $(readlink -f /var/lib/docker) -H unix:// $EXPOSE_ALL > /var/lib/boot2docker/docker.log 2>&1`` +:: + + TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 + # or + export TMPDIR=/mnt/disk2/tmp + /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 .. _cli_attach: From 86b133528cbfdc172cc43892bb91337d81bb33d8 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 3 Mar 2014 17:43:08 -0800 Subject: [PATCH 0071/2538] Update daemon docs for exec drivers Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) --- docs/sources/reference/commandline/cli.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 153bc5e74d..f7d474bddd 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -83,7 +83,7 @@ Commands -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file -r, --restart=true: Restart previously running containers -s, --storage-driver="": Force the docker runtime to use a specific storage driver - -e, --exec-driver="": Force the docker runtime to use a specific exec driver + -e, --exec-driver="native": Force the docker runtime to use a specific exec driver -v, --version=false: Print version information and quit --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available @@ -96,6 +96,8 @@ To set the DNS server for all Docker containers, use ``docker -d -dns 8.8.8.8``. To run the daemon with debug output, use ``docker -d -D``. +To use lxc as the execution driver, use ``docker -d -e lxc``. + The docker client will also honor the ``DOCKER_HOST`` environment variable to set the ``-H`` flag for the client. From a625f00d0dda1bd40a8b9ab33ca246b9514065f8 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Tue, 4 Mar 2014 20:22:51 -0500 Subject: [PATCH 0072/2538] Consistently capitalize CLI options Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/commandline/cli.rst | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index f7d474bddd..ccb5314fac 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -527,7 +527,7 @@ For example: Show the history of an image --no-trunc=false: Don't truncate output - -q, --quiet=false: only show numeric IDs + -q, --quiet=false: Only show numeric IDs To see how the ``docker:latest`` image was built: @@ -574,11 +574,11 @@ To see how the ``docker:latest`` image was built: List images - -a, --all=false: show all images (by default filter out the intermediate images used to build) + -a, --all=false: Show all images (by default filter out the intermediate images used to build) --no-trunc=false: Don't truncate output - -q, --quiet=false: only show numeric IDs - --tree=false: output graph in tree format - --viz=false: output graph in graphviz format + -q, --quiet=false: Only show numeric IDs + --tree=false: Output graph in tree format + --viz=false: Output graph in graphviz format Listing the most recently created images ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -874,9 +874,9 @@ Known Issues (kill) Register or Login to the docker registry server - -e, --email="": email - -p, --password="": password - -u, --username="": username + -e, --email="": Email + -p, --password="": Password + -u, --username="": Username If you want to login to a private registry you can specify this by adding the server name. From 920d1683e29dbda88f12a1ef5b3be5f145f9d3d3 Mon Sep 17 00:00:00 2001 From: Evan Krall Date: Fri, 24 Jan 2014 16:18:02 -0800 Subject: [PATCH 0073/2538] Create a -G option that specifies the group which unix sockets belong to. Docker-DCO-1.1-Signed-off-by: Evan Krall (github: EvanKrall) --- docs/sources/reference/commandline/cli.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index ccb5314fac..c7ce421d88 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -71,6 +71,7 @@ Commands Usage of docker: -D, --debug=false: Enable debug mode -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. + -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group --api-enable-cors=false: Enable CORS headers in the remote API -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking --bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b From 1abc7e3c7cdf3bc2f5e90a6a9d431efffbc1cf2c Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Wed, 5 Feb 2014 23:10:57 -0500 Subject: [PATCH 0074/2538] Add ability to force removal of running container via docker rm -f Docker-DCO-1.1-Signed-off-by: Brian Goff (github: cpuguy83) --- docs/sources/reference/commandline/cli.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index c7ce421d88..2e49cd5ca5 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -995,7 +995,8 @@ The last container is marked as a ``Ghost`` container. It is a container that wa Usage: docker rm [OPTIONS] CONTAINER Remove one or more containers - --link="": Remove the link instead of the actual container + -l, --link="": Remove the link instead of the actual container + -f, --force=false: Force removal of running container Known Issues (rm) ~~~~~~~~~~~~~~~~~ From 5348fdca047c4121fa4805a6e590e87e6b5f0731 Mon Sep 17 00:00:00 2001 From: Tom Fotherby Date: Fri, 7 Mar 2014 16:41:11 +0000 Subject: [PATCH 0075/2538] Correct Docker run --host param to --hostname --- docs/sources/reference/commandline/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 2e49cd5ca5..2404e29b29 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1096,7 +1096,7 @@ image is removed. --cidfile="": Write the container ID to the file -d, --detach=false: Detached mode: Run container in the background, print new container id -e, --env=[]: Set environment variables - -h, --host="": Container host name + -h, --hostname="": Container host name -i, --interactive=false: Keep stdin open even if not attached --privileged=false: Give extended privileges to this container -m, --memory="": Memory limit (format: , where unit = b, k, m or g) From 939dd00e476948ed340db1c251d6a654ecb12ec5 Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Mon, 10 Mar 2014 20:26:45 -0700 Subject: [PATCH 0076/2538] Update email + add self to pkg/signal Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes (github: creack) --- docs/sources/reference/builder.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 9f7a816801..3c48939c82 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -481,7 +481,7 @@ For example you might add something like this: # VERSION 0.0.1 FROM ubuntu - MAINTAINER Guillaume J. Charmes + MAINTAINER Guillaume J. Charmes # make sure the package repository is up to date RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list From 151dd6d3f1a7fa164dcfc995fc7d917483711a87 Mon Sep 17 00:00:00 2001 From: Scott Collier Date: Sat, 8 Mar 2014 16:32:00 -0600 Subject: [PATCH 0077/2538] Adding the new options to the `docker ps` documentation. URL of documentation page is: http://docs.docker.io/en/latest/reference/commandline/cli/#ps Docker-DCO-1.1-Signed-off-by: Scott Collier (github: scollier) --- docs/sources/reference/commandline/cli.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 2404e29b29..fbb558697b 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -933,8 +933,14 @@ new output from the container's stdout and stderr. List containers -a, --all=false: Show all containers. Only running containers are shown by default. + --before-id="": Show only container created before Id, include non-running ones. + -l, --latest=false: Show only the latest created container, include non-running ones. + -n=-1: Show n last created containers, include non-running ones. --no-trunc=false: Don't truncate output -q, --quiet=false: Only display numeric IDs + -s, --size=false: Display sizes, not to be used with -q + --since-id="": Show only containers created since Id, include non-running ones. + Running ``docker ps`` showing 2 linked containers. From f74218235973f0111235b3398e705f3e21185f68 Mon Sep 17 00:00:00 2001 From: Scott Collier Date: Sat, 8 Mar 2014 17:23:06 -0600 Subject: [PATCH 0078/2538] Adding options to `docker restart` documentation URL of page is: http://docs.docker.io/en/latest/reference/commandline/cli/#restart Docker-DCO-1.1-Signed-off-by: Scott Collier (github: scollier) --- docs/sources/reference/commandline/cli.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index fbb558697b..c18cae93b3 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -991,6 +991,8 @@ The last container is marked as a ``Ghost`` container. It is a container that wa Restart a running container + -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 + .. _cli_rm: ``rm`` From 9fbf050286c88fc7cfaaa5f12f26b95cd1a0ea71 Mon Sep 17 00:00:00 2001 From: Scott Collier Date: Sat, 8 Mar 2014 16:32:00 -0600 Subject: [PATCH 0079/2538] Adding the new options to the `docker ps` documentation. URL of documentation page is: http://docs.docker.io/en/latest/reference/commandline/cli/#ps Docker-DCO-1.1-Signed-off-by: Scott Collier (github: scollier) Adding the new options to the `docker ps` documentation. URL of documentation page is: http://docs.docker.io/en/latest/reference/commandline/cli/#ps Docker-DCO-1.1-Signed-off-by: Scott Collier (github: scollier) Adding CLI options to the commandline reference documentation. URLs of pages are: http://docs.docker.io/en/latest/reference/commandline/cli/ Docker-DCO-1.1-Signed-off-by: Scott Collier (github: scollier) changing indention Docker-DCO-1.1-Signed-off-by: Scott Collier (github: scollier) --- docs/sources/reference/commandline/cli.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index c18cae93b3..da4472ed85 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -80,7 +80,9 @@ Commands -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime --icc=true: Enable inter-container communication --ip="0.0.0.0": Default IP address to use when binding container ports + --ip-forward=true: Disable enabling of net.ipv4.ip_forward --iptables=true: Disable docker's addition of iptables rules + --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file -r, --restart=true: Restart previously running containers -s, --storage-driver="": Force the docker runtime to use a specific storage driver @@ -967,6 +969,8 @@ The last container is marked as a ``Ghost`` container. It is a container that wa Pull an image or a repository from the registry + -t, --tag="": Download tagged image in repository + .. _cli_push: @@ -1005,6 +1009,7 @@ The last container is marked as a ``Ghost`` container. It is a container that wa Remove one or more containers -l, --link="": Remove the link instead of the actual container -f, --force=false: Force removal of running container + -v, --volumes=false: Remove the volumes associated to the container Known Issues (rm) ~~~~~~~~~~~~~~~~~ From f07bd8fb8a3939b007e599776e90b07e753acee8 Mon Sep 17 00:00:00 2001 From: Scott Collier Date: Sat, 8 Mar 2014 18:07:19 -0600 Subject: [PATCH 0080/2538] Adding CLI options to the commandline reference documentation. Fixing bad DCO sig URLs of pages are: http://docs.docker.io/en/latest/reference/commandline/cli/ Docker-DCO-1.1-Signed-off-by: Scott Collier (github: scollier) --- docs/sources/reference/commandline/cli.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index da4472ed85..47880bae7c 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -969,7 +969,9 @@ The last container is marked as a ``Ghost`` container. It is a container that wa Pull an image or a repository from the registry +<<<<<<< HEAD -t, --tag="": Download tagged image in repository +>>>>>>> b47d9c5... Adding CLI options to the commandline reference documentation. .. _cli_push: From 771de961bff270f578bc26b6ee457951ba00afda Mon Sep 17 00:00:00 2001 From: Scott Collier Date: Tue, 11 Mar 2014 20:00:16 -0500 Subject: [PATCH 0081/2538] Removing HEAD tag from last commit Docker-DCO-1.1-Signed-off-by: Scott Collier (github: scollier) --- docs/sources/reference/commandline/cli.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 47880bae7c..da4472ed85 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -969,9 +969,7 @@ The last container is marked as a ``Ghost`` container. It is a container that wa Pull an image or a repository from the registry -<<<<<<< HEAD -t, --tag="": Download tagged image in repository ->>>>>>> b47d9c5... Adding CLI options to the commandline reference documentation. .. _cli_push: From bb64095f4b3460031e3e3f326250109cfaa8e3b6 Mon Sep 17 00:00:00 2001 From: Ken ICHIKAWA Date: Wed, 12 Mar 2014 13:44:01 +0900 Subject: [PATCH 0082/2538] Update daemon docs and help messages for --iptables and --ip-forward Fix docs and help messages of --iptables and --ip-forward to describe the true case behaviour Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA (github: ichik1) --- docs/sources/reference/commandline/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index da4472ed85..692f63f447 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -80,8 +80,8 @@ Commands -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime --icc=true: Enable inter-container communication --ip="0.0.0.0": Default IP address to use when binding container ports - --ip-forward=true: Disable enabling of net.ipv4.ip_forward - --iptables=true: Disable docker's addition of iptables rules + --ip-forward=true: Enable net.ipv4.ip_forward + --iptables=true: Enable Docker's addition of iptables rules --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file -r, --restart=true: Restart previously running containers From 60cd5ec3b7d6c921afa60e4953e6ed46ee51da14 Mon Sep 17 00:00:00 2001 From: Wes Morgan Date: Thu, 30 Jan 2014 12:00:18 -0700 Subject: [PATCH 0083/2538] merge existing config when committing Fixes #1141 Docker-DCO-1.1-Signed-off-by: Wes Morgan (github: cap10morgan) --- docs/sources/reference/commandline/cli.rst | 61 ++++++++++++++++------ 1 file changed, 45 insertions(+), 16 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 692f63f447..0e3f30ede2 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -90,7 +90,7 @@ Commands -v, --version=false: Print version information and quit --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available -The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the +The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the ``-d`` flag. To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``. @@ -102,10 +102,10 @@ To run the daemon with debug output, use ``docker -d -D``. To use lxc as the execution driver, use ``docker -d -e lxc``. The docker client will also honor the ``DOCKER_HOST`` environment variable to set -the ``-H`` flag for the client. +the ``-H`` flag for the client. :: - + docker -H tcp://0.0.0.0:4243 ps # or export DOCKER_HOST="tcp://0.0.0.0:4243" @@ -143,7 +143,7 @@ TMPDIR and the data directory can be set like this: You can detach from the container again (and leave it running) with ``CTRL-c`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of -the Docker client when it quits. When you detach from the container's +the Docker client when it quits. When you detach from the container's process the exit code will be returned to the client. To stop a container, use ``docker stop``. @@ -305,7 +305,7 @@ by using the ``git://`` schema. -m, --message="": Commit message -a, --author="": Author (eg. "John Hannibal Smith " - --run="": Configuration to be applied when the image is launched with `docker run`. + --run="": Configuration changes to be applied when the image is launched with `docker run`. (ex: -run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}') .. _cli_commit_examples: @@ -317,14 +317,14 @@ Commit an existing container $ sudo docker ps ID IMAGE COMMAND CREATED STATUS PORTS - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 f5283438590d $ docker images | head REPOSITORY TAG ID CREATED VIRTUAL SIZE SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB - + Change the command that a container runs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -346,11 +346,40 @@ run ``ls /etc``. apt host.conf lsb-base rc2.d ... +Merged configs example +...................... + +Say you have a Dockerfile like so: + +.. code-block:: bash + + ENV MYVAR foobar + RUN apt-get install openssh + EXPOSE 22 + CMD ["/usr/sbin/sshd -D"] + ... + +If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the -run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit. + +.. code-block:: bash + + $ docker build -t me/foo . + $ docker run -t -i me/foo /bin/bash + foo-container$ [make changes in the container] + foo-container$ exit + $ docker commit -run='{"Cmd": ["ls"]}' [container-id] me/bar + ... + +The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', and its default command will be ["ls"]. + +Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the -run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container. + Full -run example ................. The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` -or ``config`` when running ``docker inspect IMAGEID``. +or ``config`` when running ``docker inspect IMAGEID``. Existing configuration key-values that are +not overridden in the JSON hash will be merged in. (Multiline is okay within a single quote ``'``) @@ -666,7 +695,7 @@ Displaying image hierarchy Usage: docker import URL|- [REPOSITORY[:TAG]] - Create an empty filesystem image and import the contents of the tarball + Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. At this time, the URL must start with ``http`` and point to a single @@ -950,7 +979,7 @@ Running ``docker ps`` showing 2 linked containers. $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp + 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db fd2645e2e2b5 busybox:latest top 10 days ago Ghost insane_ptolemy @@ -1060,7 +1089,7 @@ containers will not be deleted. Remove one or more images -f, --force=false: Force - + Removing tagged images ~~~~~~~~~~~~~~~~~~~~~~ @@ -1139,8 +1168,8 @@ Once the container is stopped it still exists and can be started back up. See ` The ``docker run`` command can be used in combination with ``docker commit`` to :ref:`change the command that a container runs `. -See :ref:`port_redirection` for more detailed information about the ``--expose``, -``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for +See :ref:`port_redirection` for more detailed information about the ``--expose``, +``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for specific examples using ``--link``. Known Issues (run -volumes-from) @@ -1220,8 +1249,8 @@ starting your container. $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh -By bind-mounting the docker unix socket and statically linked docker binary -(such as that provided by https://get.docker.io), you give the container +By bind-mounting the docker unix socket and statically linked docker binary +(such as that provided by https://get.docker.io), you give the container the full access to create and manipulate the host's docker daemon. .. code-block:: bash From cdd5e423aad21c3fbdffb2bff3fe3e5770cd40d0 Mon Sep 17 00:00:00 2001 From: Ken ICHIKAWA Date: Wed, 12 Mar 2014 14:52:39 +0900 Subject: [PATCH 0084/2538] Remove duplicated description of --mtu commit baa70e975186bb0ee8a4b16b9374cb6e794f8975 duplicates the description of --mtu. This patch removes the duplicated description. Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA (github: ichik1) --- docs/sources/reference/commandline/cli.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 0e3f30ede2..d146c18a15 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -82,7 +82,6 @@ Commands --ip="0.0.0.0": Default IP address to use when binding container ports --ip-forward=true: Enable net.ipv4.ip_forward --iptables=true: Enable Docker's addition of iptables rules - --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file -r, --restart=true: Restart previously running containers -s, --storage-driver="": Force the docker runtime to use a specific storage driver From fb3a8f17c39a937f61b2f8d5cdf4a99a6a12fc18 Mon Sep 17 00:00:00 2001 From: Ken ICHIKAWA Date: Thu, 13 Mar 2014 15:19:42 +0900 Subject: [PATCH 0085/2538] Add missing options -t and -v to images subcommand doc Docker-DCO-1.1-Signed-off-by: Ken ICHIKAWA (github: ichik1) --- docs/sources/reference/commandline/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index d146c18a15..e65bd930ae 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -608,8 +608,8 @@ To see how the ``docker:latest`` image was built: -a, --all=false: Show all images (by default filter out the intermediate images used to build) --no-trunc=false: Don't truncate output -q, --quiet=false: Only show numeric IDs - --tree=false: Output graph in tree format - --viz=false: Output graph in graphviz format + -t, --tree=false: Output graph in tree format + -v, --viz=false: Output graph in graphviz format Listing the most recently created images ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 6f6214866a8dd6ca85b533068e9aef130793d9a2 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 13 Mar 2014 11:46:02 -0600 Subject: [PATCH 0086/2538] Update to double-dash everywhere These were found using `git grep -nE '[^-a-zA-Z0-9<>]-[a-zA-Z0-9]{2}'` (fair warning: _many_ false positives there). Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- contrib/completion/fish/docker.fish | 4 +- contrib/completion/zsh/_docker | 2 +- docs/sources/reference/builder.rst | 4 +- docs/sources/reference/commandline/cli.rst | 42 ++++++------ docs/sources/reference/run.rst | 80 +++++++++++----------- 5 files changed, 66 insertions(+), 66 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 2629533aac..b0c5f38a96 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -79,7 +79,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d ' complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes" complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (eg. "John Hannibal Smith "' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message' -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: -run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')' +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: --run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" # cp @@ -202,7 +202,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expo complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8b50bac01b..a379fd40f8 100755 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -174,7 +174,7 @@ __docker_subcommand () { (ps) _arguments '-a[Show all containers. Only running containers are shown by default]' \ '-h[Show help]' \ - '-before-id=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \ + '--before-id=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \ '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' ;; (tag) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 3c48939c82..0d8d750a04 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -193,7 +193,7 @@ well. When used in the shell or exec formats, the ``CMD`` instruction sets the command to be executed when running the image. This is -functionally equivalent to running ``docker commit -run '{"Cmd": +functionally equivalent to running ``docker commit --run '{"Cmd": }'`` outside the builder. If you use the *shell* form of the CMD, then the ```` will @@ -235,7 +235,7 @@ override the default specified in CMD. ``EXPOSE [...]`` The ``EXPOSE`` instruction exposes ports for use within links. This is -functionally equivalent to running ``docker commit -run '{"PortSpecs": +functionally equivalent to running ``docker commit --run '{"PortSpecs": ["", ""]}'`` outside the builder. Refer to :ref:`port_redirection` for detailed information. diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index e65bd930ae..83f05947c2 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -52,7 +52,7 @@ Sometimes this can use a more complex value string, as for ``-v``:: Strings and Integers ~~~~~~~~~~~~~~~~~~~~ -Options like ``-name=""`` expect a string, and they can only be +Options like ``--name=""`` expect a string, and they can only be specified once. Options like ``-c=0`` expect an integer, and they can only be specified once. @@ -94,7 +94,7 @@ daemon and client. To run the daemon you provide the ``-d`` flag. To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``. -To set the DNS server for all Docker containers, use ``docker -d -dns 8.8.8.8``. +To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``. To run the daemon with debug output, use ``docker -d -D``. @@ -305,7 +305,7 @@ by using the ``git://`` schema. -m, --message="": Commit message -a, --author="": Author (eg. "John Hannibal Smith " --run="": Configuration changes to be applied when the image is launched with `docker run`. - (ex: -run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}') + (ex: --run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}') .. _cli_commit_examples: @@ -335,9 +335,9 @@ run ``ls /etc``. .. code-block:: bash - $ docker run -t -name test ubuntu ls + $ docker run -t --name test ubuntu ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin selinux srv sys tmp usr var - $ docker commit -run='{"Cmd": ["ls","/etc"]}' test test2 + $ docker commit --run='{"Cmd": ["ls","/etc"]}' test test2 933d16de9e70005304c1717b5c6f2f39d6fd50752834c6f34a155c70790011eb $ docker run -t test2 adduser.conf gshadow login.defs rc0.d @@ -358,7 +358,7 @@ Say you have a Dockerfile like so: CMD ["/usr/sbin/sshd -D"] ... -If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the -run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit. +If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the --run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit. .. code-block:: bash @@ -366,14 +366,14 @@ If you run that, make some changes, and then commit, Docker will merge the envir $ docker run -t -i me/foo /bin/bash foo-container$ [make changes in the container] foo-container$ exit - $ docker commit -run='{"Cmd": ["ls"]}' [container-id] me/bar + $ docker commit --run='{"Cmd": ["ls"]}' [container-id] me/bar ... The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', and its default command will be ["ls"]. -Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the -run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container. +Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the --run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container. -Full -run example +Full --run example ................. The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` @@ -384,7 +384,7 @@ not overridden in the JSON hash will be merged in. .. code-block:: bash - $ sudo docker commit -run=' + $ sudo docker commit --run=' { "Entrypoint" : null, "Privileged" : false, @@ -516,16 +516,16 @@ Show events in the past from a specified time .. code-block:: bash - $ sudo docker events -since 1378216169 + $ sudo docker events --since 1378216169 [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - $ sudo docker events -since '2013-09-03' + $ sudo docker events --since '2013-09-03' [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - $ sudo docker events -since '2013-09-03 15:49:29 +0200 CEST' + $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop @@ -829,7 +829,7 @@ text output: .. code-block:: bash - $ sudo docker inspect -format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID + $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID Find a Specific Port Mapping ............................ @@ -844,7 +844,7 @@ we ask for the ``HostPort`` field to get the public address. .. code-block:: bash - $ sudo docker inspect -format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID + $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID Get config .......... @@ -856,7 +856,7 @@ to convert config object into JSON .. code-block:: bash - $ sudo docker inspect -format='{{json .config}}' $INSTANCE_ID + $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID .. _cli_kill: @@ -1151,7 +1151,7 @@ image is removed. --volumes-from="": Mount all volumes from the given container(s) --entrypoint="": Overwrite the default entrypoint set by the image -w, --workdir="": Working directory inside the container - --lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + --lxc-conf=[]: Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) --expose=[]: Expose a port from the container without publishing it to your host --link="": Add link to another container (name:alias) @@ -1171,7 +1171,7 @@ See :ref:`port_redirection` for more detailed information about the ``--expose`` ``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for specific examples using ``--link``. -Known Issues (run -volumes-from) +Known Issues (run --volumes-from) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * :issue:`2702`: "lxc-start: Permission denied - failed to mount" @@ -1199,7 +1199,7 @@ error. Docker will close this file when ``docker run`` exits. This will *not* work, because by default, most potentially dangerous kernel capabilities are dropped; including ``cap_sys_admin`` (which is -required to mount filesystems). However, the ``-privileged`` flag will +required to mount filesystems). However, the ``--privileged`` flag will allow it to run: .. code-block:: bash @@ -1211,7 +1211,7 @@ allow it to run: none 1.9G 0 1.9G 0% /mnt -The ``-privileged`` flag gives *all* capabilities to the container, +The ``--privileged`` flag gives *all* capabilities to the container, and it also lifts all the limitations enforced by the ``device`` cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special @@ -1313,7 +1313,7 @@ This example shows 5 containers that might be set up to test a web application c 2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it; 3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; 4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; -5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``-rm`` option means that when the container exits, the container's layer is removed. +5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``--rm`` option means that when the container exits, the container's layer is removed. .. _cli_save: diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst index d8de280671..8637ac3071 100644 --- a/docs/sources/reference/run.rst +++ b/docs/sources/reference/run.rst @@ -80,7 +80,7 @@ through network connections or shared volumes because the container is no longer listening to the commandline where you executed ``docker run``. You can reattach to a detached container with ``docker`` :ref:`cli_attach`. If you choose to run a container in the detached -mode, then you cannot use the ``-rm`` option. +mode, then you cannot use the ``--rm`` option. Foreground .......... @@ -92,10 +92,10 @@ error. It can even pretend to be a TTY (this is what most commandline executables expect) and pass along signals. All of that is configurable:: - -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` - -t=false : Allocate a pseudo-tty - -sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -i=false : Keep STDIN open even if not attached + -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` + -t=false : Allocate a pseudo-tty + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + -i=false : Keep STDIN open even if not attached If you do not specify ``-a`` then Docker will `attach everything (stdin,stdout,stderr) @@ -112,7 +112,7 @@ as well as persistent standard input (``stdin``), so you'll use ``-i Container Identification ------------------------ -Name (-name) +Name (--name) ............ The operator can identify a container in three ways: @@ -122,7 +122,7 @@ The operator can identify a container in three ways: * Name ("evil_ptolemy") The UUID identifiers come from the Docker daemon, and if you do not -assign a name to the container with ``-name`` then the daemon will +assign a name to the container with ``--name`` then the daemon will also generate a random string name too. The name can become a handy way to add meaning to a container since you can use this name when defining :ref:`links ` (or any other place @@ -137,7 +137,7 @@ container ID out to a file of your choosing. This is similar to how some programs might write out their process ID to a file (you've seen them as PID files):: - -cidfile="": Write the container ID to the file + --cidfile="": Write the container ID to the file Network Settings ---------------- @@ -145,7 +145,7 @@ Network Settings :: -n=true : Enable networking for this container - -dns=[] : Set custom dns servers for the container + --dns=[] : Set custom dns servers for the container By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable @@ -154,9 +154,9 @@ networking. In cases like this, you would perform I/O through files or STDIN/STDOUT only. Your container will use the same DNS servers as the host by default, -but you can override this with ``-dns``. +but you can override this with ``--dns``. -Clean Up (-rm) +Clean Up (--rm) -------------- By default a container's file system persists even after the container @@ -165,9 +165,9 @@ final state) and you retain all your data by default. But if you are running short-term **foreground** processes, these container file systems can really pile up. If instead you'd like Docker to **automatically clean up the container and remove the file system when -the container exits**, you can add the ``-rm`` flag:: +the container exits**, you can add the ``--rm`` flag:: - -rm=false: Automatically remove the container when it exits (incompatible with -d) + --rm=false: Automatically remove the container when it exits (incompatible with -d) Runtime Constraints on CPU and Memory @@ -193,8 +193,8 @@ Runtime Privilege and LXC Configuration :: - -privileged=false: Give extended privileges to this container - -lxc-conf=[]: Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + --privileged=false: Give extended privileges to this container + --lxc-conf=[]: Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is @@ -203,16 +203,16 @@ but a "privileged" container is given access to all devices (see lxc-template.go_ and documentation on `cgroups devices `_). -When the operator executes ``docker run -privileged``, Docker will +When the operator executes ``docker run --privileged``, Docker will enable to access to all devices on the host as well as set some configuration in AppArmor to allow the container nearly all the same access to the host as processes running outside containers on the -host. Additional information about running with ``-privileged`` is +host. Additional information about running with ``--privileged`` is available on the `Docker Blog `_. An operator can also specify LXC options using one or more -``-lxc-conf`` parameters. These can be new parameters or override +``--lxc-conf`` parameters. These can be new parameters or override existing parameters from the lxc-template.go_. Note that in the future, a given host's Docker daemon may not use LXC, so this is an implementation-specific configuration meant for operators already @@ -260,7 +260,7 @@ ENTRYPOINT (Default Command to Execute at Runtime :: - -entrypoint="": Overwrite the default entrypoint set by the image + --entrypoint="": Overwrite the default entrypoint set by the image The ENTRYPOINT of an image is similar to a ``COMMAND`` because it specifies what executable to run when the container starts, but it is @@ -274,12 +274,12 @@ runtime by using a string to specify the new ``ENTRYPOINT``. Here is an example of how to run a shell in a container that has been set up to automatically run something else (like ``/usr/bin/redis-server``):: - docker run -i -t -entrypoint /bin/bash example/redis + docker run -i -t --entrypoint /bin/bash example/redis or two examples of how to pass more parameters to that ENTRYPOINT:: - docker run -i -t -entrypoint /bin/bash example/redis -c ls -l - docker run -i -t -entrypoint /usr/bin/redis-cli example/redis --help + docker run -i -t --entrypoint /bin/bash example/redis -c ls -l + docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help EXPOSE (Incoming Ports) @@ -290,16 +290,16 @@ providing the ``EXPOSE`` instruction to give a hint to the operator about what incoming ports might provide services. The following options work with or override the ``Dockerfile``'s exposed defaults:: - -expose=[]: Expose a port from the container + --expose=[]: Expose a port from the container without publishing it to your host - -P=false : Publish all exposed ports to the host interfaces - -p=[] : Publish a container's port to the host (format: - ip:hostPort:containerPort | ip::containerPort | - hostPort:containerPort) - (use 'docker port' to see the actual mapping) - -link="" : Add link to another container (name:alias) + -P=false : Publish all exposed ports to the host interfaces + -p=[] : Publish a container's port to the host (format: + ip:hostPort:containerPort | ip::containerPort | + hostPort:containerPort) + (use 'docker port' to see the actual mapping) + --link="" : Add link to another container (name:alias) -As mentioned previously, ``EXPOSE`` (and ``-expose``) make a port +As mentioned previously, ``EXPOSE`` (and ``--expose``) make a port available **in** a container for incoming connections. The port number on the inside of the container (where the service listens) does not need to be the same number as the port exposed on the outside of the @@ -308,16 +308,16 @@ have an HTTP service listening on port 80 (and so you ``EXPOSE 80`` in the ``Dockerfile``), but outside the container the port might be 42800. To help a new client container reach the server container's internal -port operator ``-expose``'d by the operator or ``EXPOSE``'d by the +port operator ``--expose``'d by the operator or ``EXPOSE``'d by the developer, the operator has three choices: start the server container -with ``-P`` or ``-p,`` or start the client container with ``-link``. +with ``-P`` or ``-p,`` or start the client container with ``--link``. If the operator uses ``-P`` or ``-p`` then Docker will make the exposed port accessible on the host and the ports will be available to any client that can reach the host. To find the map between the host ports and the exposed ports, use ``docker port``) -If the operator uses ``-link`` when starting the new client container, +If the operator uses ``--link`` when starting the new client container, then the client container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. @@ -329,7 +329,7 @@ The operator can **set any environment variable** in the container by using one or more ``-e`` flags, even overriding those already defined by the developer with a Dockefile ``ENV``:: - $ docker run -e "deep=purple" -rm ubuntu /bin/bash -c export + $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export declare -x HOME="/" declare -x HOSTNAME="85bc26a0e200" declare -x OLDPWD @@ -341,13 +341,13 @@ developer with a Dockefile ``ENV``:: Similarly the operator can set the **hostname** with ``-h``. -``-link name:alias`` also sets environment variables, using the +``--link name:alias`` also sets environment variables, using the *alias* string to define environment variables within the container that give the IP and PORT information for connecting to the service container. Let's imagine we have a container running Redis:: # Start the service container, named redis-name - $ docker run -d -name redis-name dockerfiles/redis + $ docker run -d --name redis-name dockerfiles/redis 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 # The redis-name container exposed port 6379 @@ -361,12 +361,12 @@ container. Let's imagine we have a container running Redis:: Yet we can get information about the Redis container's exposed ports -with ``-link``. Choose an alias that will form a valid environment +with ``--link``. Choose an alias that will form a valid environment variable! :: - $ docker run -rm -link redis-name:redis_alias -entrypoint /bin/bash dockerfiles/redis -c export + $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export declare -x HOME="/" declare -x HOSTNAME="acda7f7b1cdc" declare -x OLDPWD @@ -383,7 +383,7 @@ variable! And we can use that information to connect from another container as a client:: - $ docker run -i -t -rm -link redis-name:redis_alias -entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' + $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' 172.17.0.32:6379> VOLUME (Shared Filesystems) @@ -393,7 +393,7 @@ VOLUME (Shared Filesystems) -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "container-dir" is missing, then docker creates a new volume. - -volumes-from="": Mount all volumes from the given container(s) + --volumes-from="": Mount all volumes from the given container(s) The volumes commands are complex enough to have their own documentation in section :ref:`volume_def`. A developer can define one From 974b7606441fd786817fc310f7b35acaf223c19a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 13 Mar 2014 22:35:09 -0600 Subject: [PATCH 0087/2538] Fix sphinx header underline warnings I introduced... Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- docs/sources/reference/commandline/cli.rst | 4 ++-- docs/sources/reference/run.rst | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 83f05947c2..2371ed1b5f 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -374,7 +374,7 @@ The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', a Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the --run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container. Full --run example -................. +.................. The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` or ``config`` when running ``docker inspect IMAGEID``. Existing configuration key-values that are @@ -1172,7 +1172,7 @@ See :ref:`port_redirection` for more detailed information about the ``--expose`` specific examples using ``--link``. Known Issues (run --volumes-from) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * :issue:`2702`: "lxc-start: Permission denied - failed to mount" could indicate a permissions problem with AppArmor. Please see the diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst index 8637ac3071..0b4f7eebf4 100644 --- a/docs/sources/reference/run.rst +++ b/docs/sources/reference/run.rst @@ -113,7 +113,7 @@ Container Identification ------------------------ Name (--name) -............ +............. The operator can identify a container in three ways: @@ -157,7 +157,7 @@ Your container will use the same DNS servers as the host by default, but you can override this with ``--dns``. Clean Up (--rm) --------------- +--------------- By default a container's file system persists even after the container exits. This makes debugging a lot easier (since you can inspect the From 2f33a8e6bd6f9d1414bac0549c0025a947e493b0 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 26 Feb 2014 23:20:58 +0000 Subject: [PATCH 0088/2538] move git clone from daemon to client Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) add a little doc --- docs/sources/reference/commandline/cli.rst | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 2371ed1b5f..6d55a0aedc 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -203,12 +203,16 @@ Examples: --no-cache: Do not use the cache when building the image. --rm=true: Remove intermediate containers after a successful build -The files at ``PATH`` or ``URL`` are called the "context" of the build. The -build process may refer to any of the files in the context, for example when -using an :ref:`ADD ` instruction. When a single ``Dockerfile`` -is given as ``URL``, then no context is set. When a Git repository is set as -``URL``, then the repository is used as the context. Git repositories are -cloned with their submodules (`git clone --recursive`). +The files at ``PATH`` or ``URL`` are called the "context" of the build. +The build process may refer to any of the files in the context, for example when +using an :ref:`ADD ` instruction. +When a single ``Dockerfile`` is given as ``URL``, then no context is set. + +When a Git repository is set as ``URL``, then the repository is used as the context. +The Git repository is cloned with its submodules (`git clone --recursive`). +A fresh git clone occurs in a temporary directory on your local host, and then this +is sent to the Docker daemon as the context. +This way, your local user credentials and vpn's etc can be used to access private repositories .. _cli_build_examples: From e4111339bbed7863bbd2e9234a22f7af14d1f320 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 14 Mar 2014 17:13:11 +0000 Subject: [PATCH 0089/2538] Add missing client doc Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- docs/sources/reference/commandline/cli.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 6d55a0aedc..f302862b9e 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1092,6 +1092,7 @@ containers will not be deleted. Remove one or more images -f, --force=false: Force + --no-prune=false: Do not delete untagged parents Removing tagged images ~~~~~~~~~~~~~~~~~~~~~~ From d45a91a56b4de9b9fe74f8b1f07101c639fcae3f Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 14 Mar 2014 22:33:41 -0400 Subject: [PATCH 0090/2538] Disable automatic killing of containers when docker stop fails Docker-DCO-1.1-Signed-off-by: Brian Goff (github: cpuguy83) --- docs/sources/reference/commandline/cli.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index f302862b9e..dc6529ab6a 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1371,11 +1371,11 @@ This example shows 5 containers that might be set up to test a web application c Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a running container (Send SIGTERM, and then SIGKILL after grace period) + Stop a running container (Send SIGTERM) - -t, --time=10: Number of seconds to wait for the container to stop before killing it. + -t, --time=10: Number of seconds to wait for the container to stop. -The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL +The main process inside the container will receive SIGTERM. .. _cli_tag: From 41429fd72773f32b4cd8ede6235ea5a904037524 Mon Sep 17 00:00:00 2001 From: LK4D4 Date: Tue, 18 Mar 2014 21:38:56 +0400 Subject: [PATCH 0091/2538] Using names in docker ps --since-id/--before-id, resolves #3565 Also renames --since-id/--before-id to --since/--before and add errors on non-existent containers. Docker-DCO-1.1-Signed-off-by: Alexandr Morozov (github: LK4D4) --- contrib/completion/bash/docker | 9 +++------ contrib/completion/fish/docker.fish | 4 ++-- docs/sources/reference/commandline/cli.rst | 4 ++-- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1449330986..e6a191d32b 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -392,11 +392,8 @@ _docker_port() _docker_ps() { case "$prev" in - --since-id|--before-id) - COMPREPLY=( $( compgen -W "$( __docker_q ps -a -q )" -- "$cur" ) ) - # TODO replace this with __docker_containers_all - # see https://github.com/dotcloud/docker/issues/3565 - return + --since|--before) + __docker_containers_all ;; -n) return @@ -407,7 +404,7 @@ _docker_ps() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-q --quiet -s --size -a --all --no-trunc -l --latest --since-id --before-id -n" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-q --quiet -s --size -a --all --no-trunc -l --latest --since --before -n" -- "$cur" ) ) ;; *) ;; diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index b0c5f38a96..9c4339fe2b 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -154,13 +154,13 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print # ps complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before-id -d 'Show only container created before Id, include non-running ones.' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before -d 'Show only container created before Id or Name, include non-running ones.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display sizes' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since-id -d 'Show only containers created since Id, include non-running ones.' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.' # pull complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from the docker registry server' diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index dc6529ab6a..ebcf021115 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -967,13 +967,13 @@ new output from the container's stdout and stderr. List containers -a, --all=false: Show all containers. Only running containers are shown by default. - --before-id="": Show only container created before Id, include non-running ones. + --before="": Show only container created before Id or Name, include non-running ones. -l, --latest=false: Show only the latest created container, include non-running ones. -n=-1: Show n last created containers, include non-running ones. --no-trunc=false: Don't truncate output -q, --quiet=false: Only display numeric IDs -s, --size=false: Display sizes, not to be used with -q - --since-id="": Show only containers created since Id, include non-running ones. + --since="": Show only containers created since Id or Name, include non-running ones. Running ``docker ps`` showing 2 linked containers. From ec1254275d1a0e230cc32ba3993e948ed2f0c2d9 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Tue, 18 Mar 2014 16:24:45 -0700 Subject: [PATCH 0092/2538] Add image size to history docs Fixes #3147 Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) --- docs/sources/reference/commandline/cli.rst | 37 +++++----------------- 1 file changed, 8 insertions(+), 29 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index ebcf021115..0f33b05ec4 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -569,35 +569,14 @@ To see how the ``docker:latest`` image was built: .. code-block:: bash $ docker history docker - ID CREATED CREATED BY - docker:latest 19 hours ago /bin/sh -c #(nop) ADD . in /go/src/github.com/dotcloud/docker - cf5f2467662d 2 weeks ago /bin/sh -c #(nop) ENTRYPOINT ["hack/dind"] - 3538fbe372bf 2 weeks ago /bin/sh -c #(nop) WORKDIR /go/src/github.com/dotcloud/docker - 7450f65072e5 2 weeks ago /bin/sh -c #(nop) VOLUME /var/lib/docker - b79d62b97328 2 weeks ago /bin/sh -c apt-get install -y -q lxc - 36714852a550 2 weeks ago /bin/sh -c apt-get install -y -q iptables - 8c4c706df1d6 2 weeks ago /bin/sh -c /bin/echo -e '[default]\naccess_key=$AWS_ACCESS_KEY\nsecret_key=$AWS_SECRET_KEYn' > /.s3cfg - b89989433c48 2 weeks ago /bin/sh -c pip install python-magic - a23e640d85b5 2 weeks ago /bin/sh -c pip install s3cmd - 41f54fec7e79 2 weeks ago /bin/sh -c apt-get install -y -q python-pip - d9bc04add907 2 weeks ago /bin/sh -c apt-get install -y -q reprepro dpkg-sig - e74f4760fa70 2 weeks ago /bin/sh -c gem install --no-rdoc --no-ri fpm - 1e43224726eb 2 weeks ago /bin/sh -c apt-get install -y -q ruby1.9.3 rubygems libffi-dev - 460953ae9d7f 2 weeks ago /bin/sh -c #(nop) ENV GOPATH=/go:/go/src/github.com/dotcloud/docker/vendor - 8b63eb1d666b 2 weeks ago /bin/sh -c #(nop) ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/goroot/bin - 3087f3bcedf2 2 weeks ago /bin/sh -c #(nop) ENV GOROOT=/goroot - 635840d198e5 2 weeks ago /bin/sh -c cd /goroot/src && ./make.bash - 439f4a0592ba 2 weeks ago /bin/sh -c curl -s https://go.googlecode.com/files/go1.1.2.src.tar.gz | tar -v -C / -xz && mv /go /goroot - 13967ed36e93 2 weeks ago /bin/sh -c #(nop) ENV CGO_ENABLED=0 - bf7424458437 2 weeks ago /bin/sh -c apt-get install -y -q build-essential - a89ec997c3bf 2 weeks ago /bin/sh -c apt-get install -y -q mercurial - b9f165c6e749 2 weeks ago /bin/sh -c apt-get install -y -q git - 17a64374afa7 2 weeks ago /bin/sh -c apt-get install -y -q curl - d5e85dc5b1d8 2 weeks ago /bin/sh -c apt-get update - 13e642467c11 2 weeks ago /bin/sh -c echo 'deb http://archive.ubuntu.com/ubuntu precise main universe' > /etc/apt/sources.list - ae6dde92a94e 2 weeks ago /bin/sh -c #(nop) MAINTAINER Solomon Hykes - ubuntu:12.04 6 months ago - + IMAGE CREATED CREATED BY SIZE + 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B + 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB + be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB + 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB + 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B + 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B + .. _cli_images: ``images`` From dfd2d9f1ea20de25fe2ff346da76f00a526b0350 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 17 Mar 2014 19:26:39 -0600 Subject: [PATCH 0093/2538] Add some documentation about relative WORKDIR values Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- docs/sources/reference/builder.rst | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 0d8d750a04..1c8331e98f 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -407,7 +407,16 @@ the image. The ``WORKDIR`` instruction sets the working directory for the ``RUN``, ``CMD`` and ``ENTRYPOINT`` Dockerfile commands that follow it. -It can be used multiple times in the one Dockerfile. +It can be used multiple times in the one Dockerfile. If a relative path is +provided, it will be relative to the path of the previous ``WORKDIR`` +instruction. For example: + + WORKDIR /a + WORKDIR b + WORKDIR c + RUN pwd + +The output of the final ``pwd`` command in this Dockerfile would be ``/a/b/c``. 3.11 ONBUILD ------------ From f07cb7c2336de70068f24d55c7fa3d571dfcb042 Mon Sep 17 00:00:00 2001 From: Johannes 'fish' Ziemke Date: Thu, 27 Feb 2014 13:47:59 +0100 Subject: [PATCH 0094/2538] Add authenticated TLS support for API Docker-DCO-1.1-Signed-off-by: Johannes 'fish' Ziemke (github: discordianfish) --- docs/sources/reference/commandline/cli.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 0f33b05ec4..76184b0b0b 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -87,6 +87,11 @@ Commands -s, --storage-driver="": Force the docker runtime to use a specific storage driver -e, --exec-driver="native": Force the docker runtime to use a specific exec driver -v, --version=false: Print version information and quit + --tls=false: Use TLS; implied by tls-verify flags + --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here + --tlscert="~/.docker/cert.pem": Path to TLS certificate file + --tlskey="~/.docker/key.pem": Path to TLS key file + --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the From ac0787dbab2291de7d7a6e26b778958482e018e5 Mon Sep 17 00:00:00 2001 From: Daniel Norberg Date: Fri, 7 Feb 2014 11:48:14 -0500 Subject: [PATCH 0095/2538] configurable dns search domains Add a --dns-search parameter and a DnsSearch configuration field for specifying dns search domains. Docker-DCO-1.1-Signed-off-by: Daniel Norberg (github: danielnorberg) --- docs/sources/reference/commandline/cli.rst | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 76184b0b0b..9b3a4fc52e 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -77,6 +77,7 @@ Commands --bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b -d, --daemon=false: Enable daemon mode --dns=[]: Force docker to use specific DNS servers + --dns-search=[]: Force Docker to use specific DNS search domains -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime --icc=true: Enable inter-container communication --ip="0.0.0.0": Default IP address to use when binding container ports @@ -101,6 +102,8 @@ To force Docker to use devicemapper as the storage driver, use ``docker -d -s de To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``. +To set the a DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``. + To run the daemon with debug output, use ``docker -d -D``. To use lxc as the execution driver, use ``docker -d -e lxc``. @@ -401,6 +404,7 @@ not overridden in the JSON hash will be merged in. "VolumesFrom" : "", "Cmd" : ["cat", "-e", "/etc/resolv.conf"], "Dns" : ["8.8.8.8", "8.8.4.4"], + "DnsSearch" : ["example.com"], "MemorySwap" : 0, "AttachStdin" : false, "AttachStderr" : false, @@ -1136,6 +1140,7 @@ image is removed. -t, --tty=false: Allocate a pseudo-tty -u, --user="": Username or UID --dns=[]: Set custom dns servers for the container + --dns-search=[]: Set custom DNS search domains for the container -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. --volumes-from="": Mount all volumes from the given container(s) --entrypoint="": Overwrite the default entrypoint set by the image @@ -1293,7 +1298,7 @@ A complete example $ sudo docker run -d --name static static-web-files sh $ sudo docker run -d --expose=8098 --name riak riakserver $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver - $ sudo docker run -d -p 1443:443 --dns=dns.dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver + $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log This example shows 5 containers that might be set up to test a web application change: @@ -1301,7 +1306,7 @@ This example shows 5 containers that might be set up to test a web application c 1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has CSS, image and static HTML in it, (with a ``VOLUME`` instruction in the ``Dockerfile`` to allow the web server to use those files); 2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it; 3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; -4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; +4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org`` and DNS search domain to ``dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; 5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``--rm`` option means that when the container exits, the container's layer is removed. From e12226771d53abaf0cbfe4ae8595b7debd5594cc Mon Sep 17 00:00:00 2001 From: Daniel Norberg Date: Wed, 19 Mar 2014 15:20:36 -0400 Subject: [PATCH 0096/2538] fix typo in documentation Docker-DCO-1.1-Signed-off-by: Daniel Norberg (github: danielnorberg) --- docs/sources/reference/commandline/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 9b3a4fc52e..d398b16e53 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -102,7 +102,7 @@ To force Docker to use devicemapper as the storage driver, use ``docker -d -s de To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``. -To set the a DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``. +To set the DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``. To run the daemon with debug output, use ``docker -d -D``. From ea3cd0f065b8f020d911e12822f7ef4505bb76d5 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 24 Mar 2014 12:03:56 +0000 Subject: [PATCH 0097/2538] Revert "Disable automatic killing of containers when docker stop fails" This reverts commit 8b5cf51d600dc4f3611cf063c52cf3448e7b01e5. Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) --- docs/sources/reference/commandline/cli.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index d398b16e53..757f3b239b 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1360,11 +1360,11 @@ This example shows 5 containers that might be set up to test a web application c Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a running container (Send SIGTERM) + Stop a running container (Send SIGTERM, and then SIGKILL after grace period) - -t, --time=10: Number of seconds to wait for the container to stop. + -t, --time=10: Number of seconds to wait for the container to stop before killing it. -The main process inside the container will receive SIGTERM. +The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL .. _cli_tag: From dd1f12fe6c63f3abf4a0e9a829ba436a4725adeb Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Wed, 19 Mar 2014 14:47:20 -0400 Subject: [PATCH 0098/2538] docker save: add and improve docs add usage examples for `docker save ...` Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 23 +++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 757f3b239b..f4a5e0882f 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1317,10 +1317,27 @@ This example shows 5 containers that might be set up to test a web application c :: - Usage: docker save image > repository.tar + Usage: docker save IMAGE + + Save an image to a tar archive (streamed to stdout by default) + + -o, --output="": Write to an file, instead of STDOUT + + +Produces a tarred repository to the standard output stream. +Contains all parent layers, and all tags + versions, or specified repo:tag. + +.. code-block:: bash + + $ sudo docker save busybox > busybox.tar + $ ls -sh b.tar + 2.7M b.tar + $ sudo docker save --output busybox.tar busybox + $ ls -sh b.tar + 2.7M b.tar + $ sudo docker save -o fedora-all.tar fedora + $ sudo docker save -o fedora-latest.tar fedora:latest - Streams a tarred repository to the standard output stream. - Contains all parent layers, and all tags + versions. .. _cli_search: From 5fdc8456ca3e30eb846615f3797d50f65ff7dfb7 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 20 Mar 2014 09:59:54 +1000 Subject: [PATCH 0099/2538] I'm not looking forward to documenting cli arguments that may or may not show depending on what plugins / drviers you choose Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 2 +- docs/sources/reference/run.rst | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index f4a5e0882f..f1c24f1920 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1145,7 +1145,7 @@ image is removed. --volumes-from="": Mount all volumes from the given container(s) --entrypoint="": Overwrite the default entrypoint set by the image -w, --workdir="": Working directory inside the container - --lxc-conf=[]: Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) --expose=[]: Expose a port from the container without publishing it to your host --link="": Add link to another container (name:alias) diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst index 0b4f7eebf4..d2fe449c22 100644 --- a/docs/sources/reference/run.rst +++ b/docs/sources/reference/run.rst @@ -194,7 +194,7 @@ Runtime Privilege and LXC Configuration :: --privileged=false: Give extended privileges to this container - --lxc-conf=[]: Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is @@ -211,12 +211,13 @@ host. Additional information about running with ``--privileged`` is available on the `Docker Blog `_. -An operator can also specify LXC options using one or more -``--lxc-conf`` parameters. These can be new parameters or override -existing parameters from the lxc-template.go_. Note that in the -future, a given host's Docker daemon may not use LXC, so this is an -implementation-specific configuration meant for operators already -familiar with using LXC directly. +If the Docker daemon was started using the ``lxc`` exec-driver +(``docker -d --exec-driver=lxc``) then the operator can also specify +LXC options using one or more ``--lxc-conf`` parameters. These can be +new parameters or override existing parameters from the lxc-template.go_. +Note that in the future, a given host's Docker daemon may not use LXC, +so this is an implementation-specific configuration meant for operators +already familiar with using LXC directly. .. _lxc-template.go: https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go From de4aba1b65558e280f0f2f308a153e998dafabe8 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Mon, 24 Mar 2014 21:43:26 -0400 Subject: [PATCH 0100/2538] docker load: add --input flag for those that do not care to read from redirected stdin Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index f1c24f1920..69b4956347 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -881,10 +881,19 @@ Known Issues (kill) :: - Usage: docker load < repository.tar + Usage: docker load - Loads a tarred repository from the standard input stream. - Restores both images and tags. + Load an image from a tar archive on STDIN + + -i, --input"": Read from a tar archive file, instead of STDIN + +Loads a tarred repository from the standard input stream. +Restores both images and tags. + +.. code-block:: bash + + $ sudo docker load < busybox.tar + $ sudo docker load --input busybox.tar .. _cli_login: From c7e8b69f3f36aa102b083a2d4f2a38b3a1e60bdf Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Mon, 24 Mar 2014 23:31:59 -0400 Subject: [PATCH 0101/2538] docker load: doc clarification Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 69b4956347..b41fb0b5f0 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -885,9 +885,9 @@ Known Issues (kill) Load an image from a tar archive on STDIN - -i, --input"": Read from a tar archive file, instead of STDIN + -i, --input="": Read from a tar archive file, instead of STDIN -Loads a tarred repository from the standard input stream. +Loads a tarred repository from a file or the standard input stream. Restores both images and tags. .. code-block:: bash From bdebc378c98136b8a5fed7abb69794e802a7a49e Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Tue, 25 Mar 2014 08:30:59 -0400 Subject: [PATCH 0102/2538] docker load: added example of a multiple tag image Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index b41fb0b5f0..b39cbc2e9f 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -892,8 +892,21 @@ Restores both images and tags. .. code-block:: bash + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE $ sudo docker load < busybox.tar - $ sudo docker load --input busybox.tar + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + $ sudo docker load --input fedora.tar + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + fedora rawhide 0d20aec6529d 7 weeks ago 387 MB + fedora 20 58394af37342 7 weeks ago 385.5 MB + fedora heisenbug 58394af37342 7 weeks ago 385.5 MB + fedora latest 58394af37342 7 weeks ago 385.5 MB + .. _cli_login: From 69ddbf7e0b68e51142ebd8938f21fb13082f746a Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Wed, 26 Mar 2014 09:05:21 -0700 Subject: [PATCH 0103/2538] Fix fish completion when having alias on awk or grep Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes (github: creack) --- contrib/completion/fish/docker.fish | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 9c4339fe2b..ddec61cffa 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -26,20 +26,20 @@ end function __fish_print_docker_containers --description 'Print a list of docker containers' -a select switch $select case running - docker ps -a --no-trunc | awk 'NR>1' | awk 'BEGIN {FS=" +"}; $5 ~ "^Up" {print $1 "\n" $(NF-1)}' | tr ',' '\n' + docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS=" +"}; $5 ~ "^Up" {print $1 "\n" $(NF-1)}' | tr ',' '\n' case stopped - docker ps -a --no-trunc | awk 'NR>1' | awk 'BEGIN {FS=" +"}; $5 ~ "^Exit" {print $1 "\n" $(NF-1)}' | tr ',' '\n' + docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS=" +"}; $5 ~ "^Exit" {print $1 "\n" $(NF-1)}' | tr ',' '\n' case all - docker ps -a --no-trunc | awk 'NR>1' | awk 'BEGIN {FS=" +"}; {print $1 "\n" $(NF-1)}' | tr ',' '\n' + docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS=" +"}; {print $1 "\n" $(NF-1)}' | tr ',' '\n' end end function __fish_print_docker_images --description 'Print a list of docker images' - docker images | awk 'NR>1' | grep -v '' | awk '{print $1":"$2}' + docker images | command awk 'NR>1' | command grep -v '' | command awk '{print $1":"$2}' end function __fish_print_docker_repositories --description 'Print a list of docker repositories' - docker images | awk 'NR>1' | grep -v '' | awk '{print $1}' | sort | uniq + docker images | command awk 'NR>1' | command grep -v '' | command awk '{print $1}' | sort | uniq end # common options From 3d29e3bf8e82943f4661a0b131321b1217285f7b Mon Sep 17 00:00:00 2001 From: Justin Simonelis Date: Wed, 26 Mar 2014 10:24:16 -0400 Subject: [PATCH 0104/2538] typo fix --- docs/sources/reference/builder.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 1c8331e98f..6462512da0 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -49,7 +49,7 @@ to be created - so ``RUN cd /tmp`` will not have any effect on the next instructions. Whenever possible, Docker will re-use the intermediate images, -accelerating ``docker build`` significantly (indicated by ``Using cache``: +accelerating ``docker build`` significantly (indicated by ``Using cache``): .. code-block:: bash From 1c21055985d974f47f0489f6358cc3fa9056379a Mon Sep 17 00:00:00 2001 From: Jason Plum Date: Fri, 28 Mar 2014 18:02:17 -0400 Subject: [PATCH 0105/2538] Fix daemon's documentation for -bip flag --- docs/sources/reference/commandline/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index b39cbc2e9f..3d2aac5233 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -74,7 +74,7 @@ Commands -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group --api-enable-cors=false: Enable CORS headers in the remote API -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking - --bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b + -bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b -d, --daemon=false: Enable daemon mode --dns=[]: Force docker to use specific DNS servers --dns-search=[]: Force Docker to use specific DNS search domains From f29511550b4cb5fd4f18a5cf4074fb2c37f12a51 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Sun, 16 Feb 2014 19:24:22 -0500 Subject: [PATCH 0106/2538] support for `docker run` environment variables file Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 3d2aac5233..6a473ec461 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1152,6 +1152,7 @@ image is removed. --cidfile="": Write the container ID to the file -d, --detach=false: Detached mode: Run container in the background, print new container id -e, --env=[]: Set environment variables + --envfile="": Read in a line delimited file of ENV variables -h, --hostname="": Container host name -i, --interactive=false: Keep stdin open even if not attached --privileged=false: Give extended privileges to this container @@ -1284,6 +1285,17 @@ This exposes port ``80`` of the container for use within a link without publishing the port to the host system's interfaces. :ref:`port_redirection` explains in detail how to manipulate ports in Docker. +.. code-block:: bash + + $ sudo docker run -e MYVAR1 --env MYVAR2=foo --envfile ./env.list ubuntu bash + +This sets environmental variables to the container. For illustration all three +flags are shown here. Where -e and --env can be repeated, take an environment +variable and value, or if no "=" is provided, then that variable's current +value is passed through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the +container). The --envfile flag takes a filename as an argument and expects each +line to be a VAR=VAL format. + .. code-block:: bash $ sudo docker run --name console -t -i ubuntu bash From 39880a582988cf846577718a6aa4d72826245217 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Tue, 18 Feb 2014 15:41:28 -0500 Subject: [PATCH 0107/2538] --env-file instead of --envfile Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 6a473ec461..d8cf5965da 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1152,7 +1152,7 @@ image is removed. --cidfile="": Write the container ID to the file -d, --detach=false: Detached mode: Run container in the background, print new container id -e, --env=[]: Set environment variables - --envfile="": Read in a line delimited file of ENV variables + --env-file="": Read in a line delimited file of ENV variables -h, --hostname="": Container host name -i, --interactive=false: Keep stdin open even if not attached --privileged=false: Give extended privileges to this container From 46d697f30bdeec06e143dc9eb918bcf233899ea7 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Wed, 26 Feb 2014 16:05:25 -0500 Subject: [PATCH 0108/2538] Fixing doc references to --env-file Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index d8cf5965da..4e697766bc 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1287,13 +1287,13 @@ explains in detail how to manipulate ports in Docker. .. code-block:: bash - $ sudo docker run -e MYVAR1 --env MYVAR2=foo --envfile ./env.list ubuntu bash + $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash This sets environmental variables to the container. For illustration all three flags are shown here. Where -e and --env can be repeated, take an environment variable and value, or if no "=" is provided, then that variable's current value is passed through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the -container). The --envfile flag takes a filename as an argument and expects each +container). The --env-file flag takes a filename as an argument and expects each line to be a VAR=VAL format. .. code-block:: bash From 552c1d28998a09f56efbccb1c78fbc63b7a1bfc2 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Thu, 6 Mar 2014 17:49:47 -0500 Subject: [PATCH 0109/2538] env-file: update functionality and docs Multiple flags allowed. Order prescribed. Examples provided. Multiline accounted for. Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 47 +++++++++++++++++++--- 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 4e697766bc..989ea38798 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1289,12 +1289,47 @@ explains in detail how to manipulate ports in Docker. $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash -This sets environmental variables to the container. For illustration all three -flags are shown here. Where -e and --env can be repeated, take an environment -variable and value, or if no "=" is provided, then that variable's current -value is passed through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the -container). The --env-file flag takes a filename as an argument and expects each -line to be a VAR=VAL format. +This sets environmental variables in the container. For illustration all three +flags are shown here. Where ``-e``, ``--env`` take an environment variable and +value, or if no "=" is provided, then that variable's current value is passed +through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All +three flags, ``-e``, ``--env`` and ``--env-file`` can be repeated. + +Regardless of the order of these three flags, the ``--env-file`` are processed +first, and then ``-e``/``--env`` flags. So that they can override VAR as needed. + +.. code-block:: bash + + $ cat ./env.list + TEST_FOO=BAR + $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO + TEST_FOO=This is a test + +The ``--env-file`` flag takes a filename as an argument and expects each line +to be in the VAR=VAL format. The VAL is Unquoted, so if you need a multi-line +value, then use `\n` escape characters inside of a double quoted VAL. Single +quotes are literal. An example of a file passed with ``--env-file`` + +.. code-block:: bash + + $ cat ./env.list + TEST_FOO=BAR + TEST_APP_DEST_HOST=10.10.0.127 + TEST_APP_DEST_PORT=8888 + TEST_SOME_MULTILINE_VAR="this is first line\nthis is second line" + TEST_SOME_LITERAL_VAR='this\nwill\nall\nbe\none\nline' + $ sudo docker run --env-file ./env.list busybox env + HOME=/ + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + HOSTNAME=215d54a814bc + TEST_FOO=BAR + TEST_APP_DEST_HOST=10.10.0.127 + TEST_APP_DEST_PORT=8888 + TEST_SOME_MULTILINE_VAR=this is first line + this is second line + TEST_SOME_LITERAL_VAR='this\nwill\nall\nbe\none\nline' + container=lxc + .. code-block:: bash From 40f100517d57bf27df09a5076d6c0263286ca473 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Tue, 11 Mar 2014 16:22:58 -0400 Subject: [PATCH 0110/2538] --env-file: simple line-delimited match dock functionality, and not try to achieve shell-sourcing compatibility Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 26 ++++++++++++---------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 989ea38798..0c9db138c2 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1296,7 +1296,8 @@ through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All three flags, ``-e``, ``--env`` and ``--env-file`` can be repeated. Regardless of the order of these three flags, the ``--env-file`` are processed -first, and then ``-e``/``--env`` flags. So that they can override VAR as needed. +first, and then ``-e``/``--env`` flags. This way, the ``-e`` or ``--env`` will +override variables as needed. .. code-block:: bash @@ -1306,29 +1307,30 @@ first, and then ``-e``/``--env`` flags. So that they can override VAR as needed. TEST_FOO=This is a test The ``--env-file`` flag takes a filename as an argument and expects each line -to be in the VAR=VAL format. The VAL is Unquoted, so if you need a multi-line -value, then use `\n` escape characters inside of a double quoted VAL. Single -quotes are literal. An example of a file passed with ``--env-file`` +to be in the VAR=VAL format, mimicking the argument passed to ``--env``. +Comment lines need only be prefixed with ``#`` + +An example of a file passed with ``--env-file`` .. code-block:: bash $ cat ./env.list TEST_FOO=BAR + + # this is a comment TEST_APP_DEST_HOST=10.10.0.127 TEST_APP_DEST_PORT=8888 - TEST_SOME_MULTILINE_VAR="this is first line\nthis is second line" - TEST_SOME_LITERAL_VAR='this\nwill\nall\nbe\none\nline' - $ sudo docker run --env-file ./env.list busybox env + + # pass through this variable from the caller + TEST_PASSTHROUGH + $ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - HOSTNAME=215d54a814bc + HOSTNAME=5198e0745561 TEST_FOO=BAR TEST_APP_DEST_HOST=10.10.0.127 TEST_APP_DEST_PORT=8888 - TEST_SOME_MULTILINE_VAR=this is first line - this is second line - TEST_SOME_LITERAL_VAR='this\nwill\nall\nbe\none\nline' - container=lxc + TEST_PASSTHROUGH=howdy .. code-block:: bash From ba5970e101d1195c39c036defb12f14833b33f44 Mon Sep 17 00:00:00 2001 From: Barnaby Gray Date: Thu, 27 Mar 2014 19:13:27 +0000 Subject: [PATCH 0111/2538] Update fish completions for docker master. Docker-DCO-1.1-Signed-off-by: Barnaby Gray (github: barnybug) --- contrib/completion/fish/docker.fish | 32 ++++++++++++++++------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index ddec61cffa..edaa5ca8c6 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -39,23 +39,25 @@ function __fish_print_docker_images --description 'Print a list of docker images end function __fish_print_docker_repositories --description 'Print a list of docker repositories' - docker images | command awk 'NR>1' | command grep -v '' | command awk '{print $1}' | sort | uniq + docker images | command awk 'NR>1' | command grep -v '' | command awk '{print $1}' | command sort | command uniq end # common options complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode' +complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d "Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group" complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified' complete -c docker -f -n '__fish_docker_no_subcommand' -l api-enable-cors -d 'Enable CORS headers in the remote API' complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d "Attach containers to a pre-existing network bridge; use 'none' to disable container networking" complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b" complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode' complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force docker to use specific DNS servers' +complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the docker runtime to use a specific exec driver' complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the docker runtime' complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Enable inter-container communication' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Disable enabling of net.ipv4.ip_forward' complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Disable docker's addition of iptables rules" -complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if not default route is available' +complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available' complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file' complete -c docker -f -n '__fish_docker_no_subcommand' -s r -l restart -d 'Restart previously running containers' complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the docker runtime to use a specific storage driver' @@ -71,7 +73,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_pri # build complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build a container from a Dockerfile' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image' -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress verbose build output' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the verbose output generated by the containers' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success' @@ -79,7 +81,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d ' complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes" complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (eg. "John Hannibal Smith "' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message' -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: --run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')' +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: -run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" # cp @@ -100,16 +102,16 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_pri # history complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image' complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l no-trunc -d "Don't truncate output" -complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'only show numeric IDs' +complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'Only show numeric IDs' complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_print_docker_images)' -d "Image" # images complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'show all images (by default filter out the intermediate images used to build)' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate images used to build)' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output" -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'only show numeric IDs' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s t -l tree -d 'output graph in tree format' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s v -l viz -d 'output graph in graphviz format' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s t -l tree -d 'Output graph in tree format' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s v -l viz -d 'Output graph in graphviz format' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository" # import @@ -126,7 +128,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from insert' -a '(__fish_pri complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container' complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.' complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_images)' -d "Image" -complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers running)' -d "Container" +complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers all)' -d "Container" # kill complete -c docker -f -n '__fish_docker_no_subcommand' -a kill -d 'Kill a running container' @@ -138,9 +140,9 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load an image # login complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Register or Login to the docker registry server' -complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'email' -complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'password' -complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'username' +complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'Email' +complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password' +complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username' # logs complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container' @@ -180,12 +182,14 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_pr # rm complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers' +complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force removal of running container' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container" # rmi complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images' +complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force' complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image" # run @@ -202,7 +206,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expo complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' From bf4255afd0cfdbb37502d49d69c9001bcccc068a Mon Sep 17 00:00:00 2001 From: "Guillaume J. Charmes" Date: Tue, 1 Apr 2014 11:17:54 -0700 Subject: [PATCH 0112/2538] Update docs. Make PULL up to date, remove deprecated falg and update PUSH Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes (github: creack) --- docs/sources/reference/commandline/cli.rst | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 0c9db138c2..324b84b0ae 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1007,12 +1007,10 @@ The last container is marked as a ``Ghost`` container. It is a container that wa :: - Usage: docker pull NAME + Usage: docker pull NAME[:TAG] Pull an image or a repository from the registry - -t, --tag="": Download tagged image in repository - .. _cli_push: @@ -1021,7 +1019,7 @@ The last container is marked as a ``Ghost`` container. It is a container that wa :: - Usage: docker push NAME + Usage: docker push NAME[:TAG] Push an image or a repository to the registry From 8cf995efcf362e030ca0c6f14eaac61b37f90b81 Mon Sep 17 00:00:00 2001 From: unclejack Date: Wed, 2 Apr 2014 16:00:12 +0300 Subject: [PATCH 0113/2538] docs: explain what docker run -a does This adds a bit of documentation for the `-a` flag for docker run. Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) --- docs/sources/reference/commandline/cli.rst | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 324b84b0ae..64dff1e1c2 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1359,6 +1359,35 @@ ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted in the same mode (read write or read only) as the reference container. +The ``-a`` flag tells ``docker run`` to bind to the container's stdin, stdout +or stderr. This makes it possible to manipulate the output and input as needed. + +.. code-block:: bash + + $ sudo echo "test" | docker run -i -a stdin ubuntu cat - + +This pipes data into a container and prints the container's ID by attaching +only to the container's stdin. + +.. code-block:: bash + + $ sudo docker run -a stderr ubuntu echo test + +This isn't going to print anything unless there's an error because we've only +attached to the stderr of the container. The container's logs still store +what's been written to stderr and stdout. + +.. code-block:: bash + + $ sudo cat somefile | docker run -i -a stdin mybuilder dobuild + +This is how piping a file into a container could be done for a build. +The container's ID will be printed after the build is done and the build logs +could be retrieved using ``docker logs``. This is useful if you need to pipe +a file or something else into a container and retrieve the container's ID once +the container has finished running. + + A complete example .................. From 3a5697d52acbacb6b6a9905cdefc2212df7f4f3b Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Thu, 3 Apr 2014 22:02:03 +0000 Subject: [PATCH 0114/2538] Deprecate 'docker images --tree' and 'docker images --viz' * The commands are no longer listed or documented. * The commands still work but print a deprecation warning. * The commands should be removed in a future version. Docker-DCO-1.1-Signed-off-by: Solomon Hykes (github: shykes) --- docs/sources/reference/commandline/cli.rst | 42 ---------------------- 1 file changed, 42 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 64dff1e1c2..6ff66feeb7 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -600,8 +600,6 @@ To see how the ``docker:latest`` image was built: -a, --all=false: Show all images (by default filter out the intermediate images used to build) --no-trunc=false: Don't truncate output -q, --quiet=false: Only show numeric IDs - -t, --tree=false: Output graph in tree format - -v, --viz=false: Output graph in graphviz format Listing the most recently created images ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -637,46 +635,6 @@ Listing the full length image IDs tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB -Displaying images visually -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images --viz | dot -Tpng -o docker.png - -.. image:: docker_images.gif - :alt: Example inheritance graph of Docker images. - - -Displaying image hierarchy -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images --tree - - ├─8dbd9e392a96 Size: 131.5 MB (virtual 131.5 MB) Tags: ubuntu:12.04,ubuntu:latest,ubuntu:precise - └─27cf78414709 Size: 180.1 MB (virtual 180.1 MB) - └─b750fe79269d Size: 24.65 kB (virtual 180.1 MB) Tags: ubuntu:12.10,ubuntu:quantal - ├─f98de3b610d5 Size: 12.29 kB (virtual 180.1 MB) - │ └─7da80deb7dbf Size: 16.38 kB (virtual 180.1 MB) - │ └─65ed2fee0a34 Size: 20.66 kB (virtual 180.2 MB) - │ └─a2b9ea53dddc Size: 819.7 MB (virtual 999.8 MB) - │ └─a29b932eaba8 Size: 28.67 kB (virtual 999.9 MB) - │ └─e270a44f124d Size: 12.29 kB (virtual 999.9 MB) Tags: progrium/buildstep:latest - └─17e74ac162d8 Size: 53.93 kB (virtual 180.2 MB) - └─339a3f56b760 Size: 24.65 kB (virtual 180.2 MB) - └─904fcc40e34d Size: 96.7 MB (virtual 276.9 MB) - └─b1b0235328dd Size: 363.3 MB (virtual 640.2 MB) - └─7cb05d1acb3b Size: 20.48 kB (virtual 640.2 MB) - └─47bf6f34832d Size: 20.48 kB (virtual 640.2 MB) - └─f165104e82ed Size: 12.29 kB (virtual 640.2 MB) - └─d9cf85a47b7e Size: 1.911 MB (virtual 642.2 MB) - └─3ee562df86ca Size: 17.07 kB (virtual 642.2 MB) - └─b05fc2d00e4a Size: 24.96 kB (virtual 642.2 MB) - └─c96a99614930 Size: 12.29 kB (virtual 642.2 MB) - └─a6a357a48c49 Size: 12.29 kB (virtual 642.2 MB) Tags: ndj/mongodb:latest - .. _cli_import: ``import`` From a9ae270842851f6cce2067799cc0e5b7263b3737 Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Thu, 3 Apr 2014 23:47:58 +0000 Subject: [PATCH 0115/2538] Deprecate 'docker insert' 'docker insert' is an old command which predates 'docker build'. We no longer recommend using it, it is not actively maintained, and can be replaced with the combination of 'docker build' and 'ADD'. This removes the command from usage and documentation, and prints a warning when it is called. The command still works but it will be removed in a future version. Docker-DCO-1.1-Signed-off-by: Solomon Hykes (github: shykes) --- docs/sources/reference/commandline/cli.rst | 28 ---------------------- 1 file changed, 28 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 6ff66feeb7..da643f249a 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -711,34 +711,6 @@ preserved. WARNING: No swap limit support -.. _cli_insert: - -``insert`` ----------- - -:: - - Usage: docker insert IMAGE URL PATH - - Insert a file from URL in the IMAGE at PATH - -Use the specified ``IMAGE`` as the parent for a new image which adds a -:ref:`layer ` containing the new file. The ``insert`` command does -not modify the original image, and the new image has the contents of the parent -image, plus the new file. - - -Examples -~~~~~~~~ - -Insert file from GitHub -....................... - -.. code-block:: bash - - $ sudo docker insert 8283e18b24bc https://raw.github.com/metalivedev/django/master/postinstall /tmp/postinstall.sh - 06fd35556d7b - .. _cli_inspect: ``inspect`` From df48712193e18038edbdae04600007014e7e93dc Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 7 Apr 2014 17:18:45 +1000 Subject: [PATCH 0116/2538] intermediate image layers are used for more than the build Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.rst | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index edaa5ca8c6..e3bb72aebe 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -107,7 +107,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_pr # images complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate images used to build)' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s t -l tree -d 'Output graph in tree format' diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index da643f249a..c0487302dd 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -597,10 +597,17 @@ To see how the ``docker:latest`` image was built: List images - -a, --all=false: Show all images (by default filter out the intermediate images used to build) + -a, --all=false: Show all images (by default filter out the intermediate image layers) --no-trunc=false: Don't truncate output -q, --quiet=false: Only show numeric IDs +The default ``docker images`` will show all top level images, their repository +and tags, and their virtual size. + +Docker images have intermediate layers that increase reuseability, decrease +disk usage, and speed up ``docker build`` by allowing each step to be cached. +These intermediate layers are not shown by default. + Listing the most recently created images ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 57178586266f649d4faf2b62bdb98a7400b30e09 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 8 Apr 2014 14:25:57 +1000 Subject: [PATCH 0117/2538] use the docs sidebar to be the TOC means that level 2 headings are the most important Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.rst | 62 ++++++++++++++---------------- 1 file changed, 29 insertions(+), 33 deletions(-) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 6462512da0..4858a0b17c 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -13,12 +13,10 @@ Dockerfile Reference to create an image. Executing ``docker build`` will run your steps and commit them along the way, giving you a final image. -.. contents:: Table of Contents - .. _dockerfile_usage: -1. Usage -======== +Usage +===== To :ref:`build ` an image from a source repository, create a description file called ``Dockerfile`` at the root of your @@ -71,8 +69,8 @@ When you're done with your build, you're ready to look into .. _dockerfile_format: -2. Format -========= +Format +====== Here is the format of the Dockerfile: @@ -99,16 +97,14 @@ allows statements like: .. _dockerfile_instructions: -3. Instructions -=============== Here is the set of instructions you can use in a ``Dockerfile`` for building images. .. _dockerfile_from: -3.1 FROM --------- +``FROM`` +======== ``FROM `` @@ -134,8 +130,8 @@ assumed. If the used tag does not exist, an error will be returned. .. _dockerfile_maintainer: -3.2 MAINTAINER --------------- +``MAINTAINER`` +============== ``MAINTAINER `` @@ -144,8 +140,8 @@ the generated images. .. _dockerfile_run: -3.3 RUN -------- +``RUN`` +======= RUN has 2 forms: @@ -174,8 +170,8 @@ Known Issues (RUN) .. _dockerfile_cmd: -3.4 CMD -------- +``CMD`` +======= CMD has three forms: @@ -229,8 +225,8 @@ override the default specified in CMD. .. _dockerfile_expose: -3.5 EXPOSE ----------- +``EXPOSE`` +========== ``EXPOSE [...]`` @@ -241,8 +237,8 @@ functionally equivalent to running ``docker commit --run '{"PortSpecs": .. _dockerfile_env: -3.6 ENV -------- +``ENV`` +======= ``ENV `` @@ -262,8 +258,8 @@ from the resulting image. You can view the values using ``docker inspect``, and .. _dockerfile_add: -3.7 ADD -------- +``ADD`` +======= ``ADD `` @@ -329,8 +325,8 @@ The copy obeys the following rules: .. _dockerfile_entrypoint: -3.8 ENTRYPOINT --------------- +``ENTRYPOINT`` +============== ENTRYPOINT has two forms: @@ -378,8 +374,8 @@ this optional but default, you could use a CMD: .. _dockerfile_volume: -3.9 VOLUME ----------- +``VOLUME`` +========== ``VOLUME ["/data"]`` @@ -389,8 +385,8 @@ and mounting instructions via docker client, refer to :ref:`volume_def` document .. _dockerfile_user: -3.10 USER ---------- +``USER`` +======== ``USER daemon`` @@ -399,8 +395,8 @@ the image. .. _dockerfile_workdir: -3.11 WORKDIR ------------- +``WORKDIR`` +=========== ``WORKDIR /path/to/workdir`` @@ -418,8 +414,8 @@ instruction. For example: The output of the final ``pwd`` command in this Dockerfile would be ``/a/b/c``. -3.11 ONBUILD ------------- +``ONBUILD`` +=========== ``ONBUILD [INSTRUCTION]`` @@ -480,7 +476,7 @@ For example you might add something like this: .. _dockerfile_examples: -4. Dockerfile Examples +Dockerfile Examples ====================== .. code-block:: bash From 8777b52219bd93f79884459f045d2c8a47a640db Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Tue, 8 Apr 2014 09:49:48 -0700 Subject: [PATCH 0118/2538] Early deprecation warning for 'docker commit --run' Warn users of the planned deprecation of 'docker commit --run', and hide it from the docs and usage message. The option continues to work. Note that an alternative to 'commit --run' is being implemented but is not yet available. We are printing the warning anyway because on the basis that it never hurts to give more advance warning. The 'commit --run' flag is a leftover from the very early days of Docker, and has several problems: 1) It is very user unfriendly. You have to pass a literal json dict which is poorly documented and changes regularly (see PortSpecs vs ExposedPorts). The merge behavior is not clear and also changes regularly. it's not possible to unset a value. 2) It overlaps with the Dockerfile syntax. There are 2 ways to set a default command, expose a port or change an env variable. Some things can be done in a Dockerfile but not in --run. Some things can be done in --run but not in a Dockerfile. It would be better to push a single syntax, allow using it both in a file and via the command line, and make improvements in a single place. 3) It exposes data structures which should not be publicly exposed. There are several planned improvements to Docker which require moving around the content and schema of the various Config, Image and Container structures. The less of those we expose in public interfaces, the easier it is to move things around without a reverse compatibility nightmare. Docker-DCO-1.1-Signed-off-by: Solomon Hykes (github: shykes) --- docs/sources/reference/builder.rst | 12 ++- docs/sources/reference/commandline/cli.rst | 92 ---------------------- 2 files changed, 5 insertions(+), 99 deletions(-) diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst index 4858a0b17c..e8897d1b09 100644 --- a/docs/sources/reference/builder.rst +++ b/docs/sources/reference/builder.rst @@ -188,9 +188,7 @@ omit the executable, in which case you must specify an ENTRYPOINT as well. When used in the shell or exec formats, the ``CMD`` instruction sets -the command to be executed when running the image. This is -functionally equivalent to running ``docker commit --run '{"Cmd": -}'`` outside the builder. +the command to be executed when running the image. If you use the *shell* form of the CMD, then the ```` will execute in ``/bin/sh -c``: @@ -230,10 +228,10 @@ override the default specified in CMD. ``EXPOSE [...]`` -The ``EXPOSE`` instruction exposes ports for use within links. This is -functionally equivalent to running ``docker commit --run '{"PortSpecs": -["", ""]}'`` outside the builder. Refer to -:ref:`port_redirection` for detailed information. +The ``EXPOSE`` instructions informs Docker that the container will listen +on the specified network ports at runtime. Docker uses this information +to interconnect containers using links (see :ref:`links `), +and to setup port redirection on the host system (see :ref:`port_redirection`). .. _dockerfile_env: diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index c0487302dd..c0df5f8175 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -316,8 +316,6 @@ by using the ``git://`` schema. -m, --message="": Commit message -a, --author="": Author (eg. "John Hannibal Smith " - --run="": Configuration changes to be applied when the image is launched with `docker run`. - (ex: --run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}') .. _cli_commit_examples: @@ -336,96 +334,6 @@ Commit an existing container REPOSITORY TAG ID CREATED VIRTUAL SIZE SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB -Change the command that a container runs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Sometimes you have an application container running just a service and you need -to make a quick change and then change it back. - -In this example, we run a container with ``ls`` and then change the image to -run ``ls /etc``. - -.. code-block:: bash - - $ docker run -t --name test ubuntu ls - bin boot dev etc home lib lib64 media mnt opt proc root run sbin selinux srv sys tmp usr var - $ docker commit --run='{"Cmd": ["ls","/etc"]}' test test2 - 933d16de9e70005304c1717b5c6f2f39d6fd50752834c6f34a155c70790011eb - $ docker run -t test2 - adduser.conf gshadow login.defs rc0.d - alternatives gshadow- logrotate.d rc1.d - apt host.conf lsb-base rc2.d - ... - -Merged configs example -...................... - -Say you have a Dockerfile like so: - -.. code-block:: bash - - ENV MYVAR foobar - RUN apt-get install openssh - EXPOSE 22 - CMD ["/usr/sbin/sshd -D"] - ... - -If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the --run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit. - -.. code-block:: bash - - $ docker build -t me/foo . - $ docker run -t -i me/foo /bin/bash - foo-container$ [make changes in the container] - foo-container$ exit - $ docker commit --run='{"Cmd": ["ls"]}' [container-id] me/bar - ... - -The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', and its default command will be ["ls"]. - -Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the --run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container. - -Full --run example -.................. - -The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` -or ``config`` when running ``docker inspect IMAGEID``. Existing configuration key-values that are -not overridden in the JSON hash will be merged in. - -(Multiline is okay within a single quote ``'``) - -.. code-block:: bash - - $ sudo docker commit --run=' - { - "Entrypoint" : null, - "Privileged" : false, - "User" : "", - "VolumesFrom" : "", - "Cmd" : ["cat", "-e", "/etc/resolv.conf"], - "Dns" : ["8.8.8.8", "8.8.4.4"], - "DnsSearch" : ["example.com"], - "MemorySwap" : 0, - "AttachStdin" : false, - "AttachStderr" : false, - "CpuShares" : 0, - "OpenStdin" : false, - "Volumes" : null, - "Hostname" : "122612f45831", - "PortSpecs" : ["22", "80", "443"], - "Image" : "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Tty" : false, - "Env" : [ - "HOME=/", - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - ], - "StdinOnce" : false, - "Domainname" : "", - "WorkingDir" : "/", - "NetworkDisabled" : false, - "Memory" : 0, - "AttachStdout" : false - }' $CONTAINER_ID .. _cli_cp: From 0f4461a8b27b2b951bf9039a6b07324ac810ffd0 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 7 Apr 2014 17:00:01 +1000 Subject: [PATCH 0119/2538] add some more text to the cli docs Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 60 +++++++++++++++++----- 1 file changed, 48 insertions(+), 12 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index c0df5f8175..37118c53f5 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -148,9 +148,14 @@ TMPDIR and the data directory can be set like this: --no-stdin=false: Do not attach stdin --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) +The ``attach`` command will allow you to view or interact with any +running container, detached (``-d``) or interactive (``-i``). You can +attach to the same container at the same time - screen sharing style, +or quickly view the progress of your daemonized process. + You can detach from the container again (and leave it running) with -``CTRL-c`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of -the Docker client when it quits. When you detach from the container's +``CTRL-C`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of +the Docker client when it quits. When you detach from the container's process the exit code will be returned to the client. To stop a container, use ``docker stop``. @@ -211,6 +216,8 @@ Examples: --no-cache: Do not use the cache when building the image. --rm=true: Remove intermediate containers after a successful build +Use this command to build Docker images from a ``Dockerfile`` and a "context". + The files at ``PATH`` or ``URL`` are called the "context" of the build. The build process may refer to any of the files in the context, for example when using an :ref:`ADD ` instruction. @@ -317,6 +324,12 @@ by using the ``git://`` schema. -m, --message="": Commit message -a, --author="": Author (eg. "John Hannibal Smith " +It can be useful to commit a container's file changes or settings into a new image. +This allows you debug a container by running an interactive shell, or to export +a working dataset to another server. +Generally, it is better to use Dockerfiles to manage your images in a documented +and maintainable way. + .. _cli_commit_examples: Commit an existing container @@ -562,7 +575,7 @@ Listing the full length image IDs Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. -At this time, the URL must start with ``http`` and point to a single +URLs must start with ``http`` and point to a single file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a root filesystem. If you would like to import from a local directory or archive, you can use the ``-`` parameter to take the data from *stdin*. @@ -625,6 +638,8 @@ preserved. Kernel Version: 3.8.0-33-generic WARNING: No swap limit support +When sending issue reports, please use ``docker version`` and ``docker info`` to +ensure we know how your setup is configured. .. _cli_inspect: @@ -788,10 +803,7 @@ Restores both images and tags. -f, --follow=false: Follow log output -The ``docker logs`` command is a convenience which batch-retrieves whatever -logs are present at the time of execution. This does not guarantee execution -order when combined with a ``docker run`` (i.e. your run may not have generated -any logs at the time you execute ``docker logs``). +The ``docker logs`` command batch-retrieves all logs present at the time of execution. The ``docker logs --follow`` command combines ``docker logs`` and ``docker attach``: it will first return all logs from the beginning and then continue streaming @@ -839,9 +851,6 @@ Running ``docker ps`` showing 2 linked containers. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db - fd2645e2e2b5 busybox:latest top 10 days ago Ghost insane_ptolemy - -The last container is marked as a ``Ghost`` container. It is a container that was running when the docker daemon was restarted (upgraded, or ``-H`` settings changed). The container is still running, but as this docker daemon process is not able to manage it, you can't attach to it. To bring them out of ``Ghost`` Status, you need to use ``docker kill`` or ``docker restart``. ``docker ps`` will show only running containers by default. To see all containers: ``docker ps -a`` @@ -856,6 +865,23 @@ The last container is marked as a ``Ghost`` container. It is a container that wa Pull an image or a repository from the registry +Most of your images will be created on top of a base image from the +(https://index.docker.io). + +The Docker Index contains many pre-built images that you can ``pull`` and try +without needing to define and configure your own. + +To download a particular image, or set of images (i.e., a repository), +use ``docker pull``: + +.. code-block:: bash + + $ docker pull debian + # will pull all the images in the debian repository + $ docker pull debian:testing + # will pull only the image named debian:testing and any intermediate layers + # it is based on. (typically the empty `scratch` image, a MAINTAINERs layer, + # and the un-tared base. .. _cli_push: @@ -868,6 +894,7 @@ The last container is marked as a ``Ghost`` container. It is a container that wa Push an image or a repository to the registry +Use ``docker push`` to share your images on public or private registries. .. _cli_restart: @@ -926,7 +953,7 @@ network communication. .. code-block:: bash - $ sudo docker rm `docker ps -a -q` + $ sudo docker rm $(docker ps -a -q) This command will delete all stopped containers. The command ``docker ps -a -q`` will return all @@ -1022,7 +1049,8 @@ The ``docker run`` command first ``creates`` a writeable container layer over the specified image, and then ``starts`` it using the specified command. That is, ``docker run`` is equivalent to the API ``/containers/create`` then ``/containers/(id)/start``. -Once the container is stopped it still exists and can be started back up. See ``docker ps -a`` to view a list of all containers. +A stopped container can be restarted with all its previous changes intact using +``docker start``. See ``docker ps -a`` to view a list of all containers. The ``docker run`` command can be used in combination with ``docker commit`` to :ref:`change the command that a container runs `. @@ -1270,6 +1298,8 @@ This example shows 5 containers that might be set up to test a web application c Produces a tarred repository to the standard output stream. Contains all parent layers, and all tags + versions, or specified repo:tag. +It is used to create a backup that can then be used with ``docker load`` + .. code-block:: bash $ sudo docker save busybox > busybox.tar @@ -1297,6 +1327,9 @@ Contains all parent layers, and all tags + versions, or specified repo:tag. -s, --stars=0: Only displays with at least xxx stars -t, --trusted=false: Only show trusted builds +See :ref:`searching_central_index` for more details on finding shared images +from the commandline. + .. _cli_start: ``start`` @@ -1339,6 +1372,9 @@ The main process inside the container will receive SIGTERM, and after a grace pe -f, --force=false: Force +You can group your images together using names and +tags, and then upload them to :ref:`working_with_the_repository`. + .. _cli_top: ``top`` From b002e5ff8e9076d3beefb4ab4514edeeab60a63e Mon Sep 17 00:00:00 2001 From: Isabel Jimenez Date: Sun, 23 Mar 2014 16:14:40 -0700 Subject: [PATCH 0120/2538] Adding timestamp end to events endpoint. Modifying api docs. Docker-DCO-1.1-Signed-off-by: Isabel Jimenez (github: jimenez) --- docs/sources/reference/commandline/cli.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 37118c53f5..366d5bb251 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -411,7 +411,9 @@ For example: Get real time events from the server - --since="": Show previously created events and then stream. + --since="": Show all events created since timestamp + (either seconds since epoch, or date string as below) + --until="": Show events created before timestamp (either seconds since epoch, or date string as below) .. _cli_events_example: From d39c8aea474fd899563111437b6b3d80189121b9 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 15 Apr 2014 06:01:25 +0000 Subject: [PATCH 0121/2538] move the documentation to markdown Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: ) --- docs/README.md | 146 +++++---------------- docs/sources/reference/commandline/cli.rst | 13 +- docs/sources/reference/run.rst | 3 - 3 files changed, 37 insertions(+), 125 deletions(-) mode change 100644 => 100755 docs/README.md diff --git a/docs/README.md b/docs/README.md old mode 100644 new mode 100755 index 9379d86870..de1b1250f0 --- a/docs/README.md +++ b/docs/README.md @@ -4,30 +4,25 @@ Docker Documentation Overview -------- -The source for Docker documentation is here under ``sources/`` in the -form of .rst files. These files use -[reStructuredText](http://docutils.sourceforge.net/rst.html) -formatting with [Sphinx](http://sphinx-doc.org/) extensions for -structure, cross-linking and indexing. +The source for Docker documentation is here under ``sources/`` and uses +extended Markdown, as implemented by [mkdocs](http://mkdocs.org). -The HTML files are built and hosted on -[readthedocs.org](https://readthedocs.org/projects/docker/), appearing -via proxy on https://docs.docker.io. The HTML files update +The HTML files are built and hosted on https://docs.docker.io, and update automatically after each change to the master or release branch of the [docker files on GitHub](https://github.com/dotcloud/docker) thanks to post-commit hooks. The "release" branch maps to the "latest" -documentation and the "master" branch maps to the "master" +documentation and the "master" (unreleased development) branch maps to the "master" documentation. ## Branches **There are two branches related to editing docs**: ``master`` and a ``doc*`` branch (currently ``doc0.8.1``). You should normally edit -docs on the ``master`` branch. That way your fixes will automatically -get included in later releases, and docs maintainers can easily -cherry-pick your changes to bring over to the current docs branch. In -the rare case where your change is not forward-compatible, then you -could base your change on the appropriate ``doc*`` branch. +docs on a local branch of the ``master`` branch. That way your fixes +will automatically get included in later releases, and docs maintainers +can easily cherry-pick your changes to bring over to the current docs +branch. In the rare case where your change is not forward-compatible, +then you could base your change on the appropriate ``doc*`` branch. Now that we have a ``doc*`` branch, we can keep the ``latest`` docs up to date with any bugs found between ``docker`` code releases. @@ -38,43 +33,19 @@ release. ``Master`` docs should be used only for understanding bleeding-edge development and ``latest`` (which points to the ``doc*`` branch``) should be used for the latest official release. -If you need to manually trigger a build of an existing branch, then -you can do that through the [readthedocs -interface](https://readthedocs.org/builds/docker/). If you would like -to add new build targets, including new branches or tags, then you -must contact one of the existing maintainers and get your -readthedocs.org account added to the maintainers list, or just file an -issue on GitHub describing the branch/tag and why it needs to be added -to the docs, and one of the maintainers will add it for you. - Getting Started --------------- -To edit and test the docs, you'll need to install the Sphinx tool and -its dependencies. There are two main ways to install this tool: - -### Native Installation - -Install dependencies from `requirements.txt` file in your `docker/docs` -directory: - -* Linux: `pip install -r docs/requirements.txt` - -* Mac OS X: `[sudo] pip-2.7 install -r docs/requirements.txt` - -### Alternative Installation: Docker Container - -If you're running ``docker`` on your development machine then you may -find it easier and cleaner to use the docs Dockerfile. This installs Sphinx -in a container, adds the local ``docs/`` directory and builds the HTML -docs inside the container, even starting a simple HTTP server on port -8000 so that you can connect and see your changes. +Docker documentation builds are done in a docker container, which installs all +the required tools, adds the local ``docs/`` directory and builds the HTML +docs. It then starts a simple HTTP server on port 8000 so that you can connect +and see your changes. In the ``docker`` source directory, run: ```make docs``` -This is the equivalent to ``make clean server`` since each container -starts clean. +If you have any issues you need to debug, you can use ``make docs-shell`` and +then run ``mkdocs serve`` # Contributing @@ -84,8 +55,8 @@ starts clean. ``../CONTRIBUTING.md``](../CONTRIBUTING.md)). * [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) * Work in your own fork of the code, we accept pull requests. -* Change the ``.rst`` files with your favorite editor -- try to keep the - lines short and respect RST and Sphinx conventions. +* Change the ``.md`` files with your favorite editor -- try to keep the + lines short (80 chars) and respect Markdown conventions. * Run ``make clean docs`` to clean up old files and generate new ones, or just ``make docs`` to update after small changes. * Your static website can now be found in the ``_build`` directory. @@ -94,27 +65,13 @@ starts clean. ``make clean docs`` must complete without any warnings or errors. -## Special Case for RST Newbies: - -If you want to write a new doc or make substantial changes to an -existing doc, but **you don't know RST syntax**, we will accept pull -requests in Markdown and plain text formats. We really want to -encourage people to share their knowledge and don't want the markup -syntax to be the obstacle. So when you make the Pull Request, please -note in your comment that you need RST markup assistance, and we'll -make the changes for you, and then we will make a pull request to your -pull request so that you can get all the changes and learn about the -markup. You still need to follow the -[``CONTRIBUTING``](../CONTRIBUTING) guidelines, so please sign your -commits. - Working using GitHub's file editor ---------------------------------- Alternatively, for small changes and typos you might want to use GitHub's built in file editor. It allows you to preview your changes right online (though there can be some differences between GitHub -markdown and Sphinx RST). Just be careful not to create many commits. +Markdown and mkdocs Markdown). Just be careful not to create many commits. And you must still [sign your work!](../CONTRIBUTING.md#sign-your-work) Images @@ -122,62 +79,25 @@ Images When you need to add images, try to make them as small as possible (e.g. as gif). Usually images should go in the same directory as the -.rst file which references them, or in a subdirectory if one already +.md file which references them, or in a subdirectory if one already exists. -Notes ------ +Publishing Documentation +------------------------ -* For the template the css is compiled from less. When changes are - needed they can be compiled using +To publish a copy of the documentation you need a ``docs/awsconfig`` +file containing AWS settings to deploy to. The release script will +create an s3 if needed, and will then push the files to it. - lessc ``lessc main.less`` or watched using watch-lessc ``watch-lessc -i main.less -o main.css`` +``` +[profile dowideit-docs] +aws_access_key_id = IHOIUAHSIDH234rwf.... +aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... +region = ap-southeast-2 +``` -Guides on using sphinx ----------------------- -* To make links to certain sections create a link target like so: +The ``profile`` name must be the same as the name of the bucket you are +deploying to - which you call from the docker directory: - ``` - .. _hello_world: - - Hello world - =========== - - This is a reference to :ref:`hello_world` and will work even if we - move the target to another file or change the title of the section. - ``` - - The ``_hello_world:`` will make it possible to link to this position - (page and section heading) from all other pages. See the [Sphinx - docs](http://sphinx-doc.org/markup/inline.html#role-ref) for more - information and examples. - -* Notes, warnings and alarms - - ``` - # a note (use when something is important) - .. note:: - - # a warning (orange) - .. warning:: - - # danger (red, use sparsely) - .. danger:: - -* Code examples - - * Start typed commands with ``$ `` (dollar space) so that they - are easily differentiated from program output. - * Use "sudo" with docker to ensure that your command is runnable - even if they haven't [used the *docker* - group](http://docs.docker.io/en/latest/use/basics/#why-sudo). - -Manpages --------- - -* To make the manpages, run ``make man``. Please note there is a bug - in Sphinx 1.1.3 which makes this fail. Upgrade to the latest version - of Sphinx. -* Then preview the manpage by running ``man _build/man/docker.1``, - where ``_build/man/docker.1`` is the path to the generated manfile +``make AWS_S3_BUCKET=dowideit-docs docs-release`` diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 366d5bb251..58ec24e066 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -4,8 +4,8 @@ .. _cli: -Command Line Help ------------------ +Command Line +============ To list available commands, either run ``docker`` with no parameters or execute ``docker help``:: @@ -20,8 +20,8 @@ To list available commands, either run ``docker`` with no parameters or execute .. _cli_options: -Options -------- +Option types +------------ Single character commandline options can be combined, so rather than typing ``docker run -t -i --name test busybox sh``, you can write @@ -56,11 +56,6 @@ Options like ``--name=""`` expect a string, and they can only be specified once. Options like ``-c=0`` expect an integer, and they can only be specified once. ----- - -Commands --------- - .. _cli_daemon: ``daemon`` diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst index d2fe449c22..0e6247ea28 100644 --- a/docs/sources/reference/run.rst +++ b/docs/sources/reference/run.rst @@ -20,9 +20,6 @@ than any other ``docker`` command. Every one of the :ref:`example_list` shows running containers, and so here we try to give more in-depth guidance. -.. contents:: Table of Contents - :depth: 2 - .. _run_running: General Form From 88a30886e5c2362e9d4923851cf2105854691311 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 16 Apr 2014 10:53:12 +1000 Subject: [PATCH 0122/2538] now, with shiney markdown Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.md | 510 +++++++++ docs/sources/reference/commandline/cli.md | 1170 +++++++++++++++++++++ docs/sources/reference/run.md | 422 ++++++++ 3 files changed, 2102 insertions(+) create mode 100644 docs/sources/reference/builder.md create mode 100644 docs/sources/reference/commandline/cli.md create mode 100644 docs/sources/reference/run.md diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md new file mode 100644 index 0000000000..2c55448a41 --- /dev/null +++ b/docs/sources/reference/builder.md @@ -0,0 +1,510 @@ +page_title: Dockerfile Reference +page_description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image. +page_keywords: builder, docker, Dockerfile, automation, image creation + +# Dockerfile Reference + +**Docker can act as a builder** and read instructions from a text +`Dockerfile` to automate the steps you would +otherwise take manually to create an image. Executing +`docker build` will run your steps and commit them +along the way, giving you a final image. + +## Usage + +To [*build*](../commandline/cli/#cli-build) an image from a source +repository, create a description file called `Dockerfile` +at the root of your repository. This file will describe the +steps to assemble the image. + +Then call `docker build` with the path of your +source repository as argument (for example, `.`): + +> `sudo docker build .` + +The path to the source repository defines where to find the *context* of +the build. The build is run by the Docker daemon, not by the CLI, so the +whole context must be transferred to the daemon. The Docker CLI reports +"Uploading context" when the context is sent to the daemon. + +You can specify a repository and tag at which to save the new image if +the build succeeds: + +> `sudo docker build -t shykes/myapp .` + +The Docker daemon will run your steps one-by-one, committing the result +to a new image if necessary, before finally outputting the ID of your +new image. The Docker daemon will automatically clean up the context you +sent. + +Note that each instruction is run independently, and causes a new image +to be created - so `RUN cd /tmp` will not have any +effect on the next instructions. + +Whenever possible, Docker will re-use the intermediate images, +accelerating `docker build` significantly (indicated +by `Using cache`): + + $ docker build -t SvenDowideit/ambassador . + Uploading context 10.24 kB + Uploading context + Step 1 : FROM docker-ut + ---> cbba202fe96b + Step 2 : MAINTAINER SvenDowideit@home.org.au + ---> Using cache + ---> 51182097be13 + Step 3 : CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top + ---> Using cache + ---> 1a5ffc17324d + Successfully built 1a5ffc17324d + +When you’re done with your build, you’re ready to look into [*Pushing a +repository to its +registry*](../../use/workingwithrepository/#image-push). + +## Format + +Here is the format of the Dockerfile: + + # Comment + INSTRUCTION arguments + +The Instruction is not case-sensitive, however convention is for them to +be UPPERCASE in order to distinguish them from arguments more easily. + +Docker evaluates the instructions in a Dockerfile in order. **The first +instruction must be \`FROM\`** in order to specify the [*Base +Image*](../../terms/image/#base-image-def) from which you are building. + +Docker will treat lines that *begin* with `#` as a +comment. A `#` marker anywhere else in the line will +be treated as an argument. This allows statements like: + + # Comment + RUN echo 'we are running some # of cool things' + +Here is the set of instructions you can use in a `Dockerfile` +for building images. + +## `FROM` + +> `FROM ` + +Or + +> `FROM :` + +The `FROM` instruction sets the [*Base +Image*](../../terms/image/#base-image-def) for subsequent instructions. +As such, a valid Dockerfile must have `FROM` as its +first instruction. The image can be any valid image – it is especially +easy to start by **pulling an image** from the [*Public +Repositories*](../../use/workingwithrepository/#using-public-repositories). + +`FROM` must be the first non-comment instruction in +the `Dockerfile`. + +`FROM` can appear multiple times within a single +Dockerfile in order to create multiple images. Simply make a note of the +last image id output by the commit before each new `FROM` +command. + +If no `tag` is given to the `FROM` +instruction, `latest` is assumed. If the +used tag does not exist, an error will be returned. + +## `MAINTAINER` + +> `MAINTAINER ` + +The `MAINTAINER` instruction allows you to set the +*Author* field of the generated images. + +## `RUN` + +RUN has 2 forms: + +- `RUN ` (the command is run in a shell - + `/bin/sh -c`) +- `RUN ["executable", "param1", "param2"]` (*exec* + form) + +The `RUN` instruction will execute any commands in a +new layer on top of the current image and commit the results. The +resulting committed image will be used for the next step in the +Dockerfile. + +Layering `RUN` instructions and generating commits +conforms to the core concepts of Docker where commits are cheap and +containers can be created from any point in an image’s history, much +like source control. + +The *exec* form makes it possible to avoid shell string munging, and to +`RUN` commands using a base image that does not +contain `/bin/sh`. + +### Known Issues (RUN) + +- [Issue 783](https://github.com/dotcloud/docker/issues/783) is about + file permissions problems that can occur when using the AUFS file + system. You might notice it during an attempt to `rm` + a file, for example. The issue describes a workaround. +- [Issue 2424](https://github.com/dotcloud/docker/issues/2424) Locale + will not be set automatically. + +## `CMD` + +CMD has three forms: + +- `CMD ["executable","param1","param2"]` (like an + *exec*, preferred form) +- `CMD ["param1","param2"]` (as *default + parameters to ENTRYPOINT*) +- `CMD command param1 param2` (as a *shell*) + +There can only be one CMD in a Dockerfile. If you list more than one CMD +then only the last CMD will take effect. + +**The main purpose of a CMD is to provide defaults for an executing +container.** These defaults can include an executable, or they can omit +the executable, in which case you must specify an ENTRYPOINT as well. + +When used in the shell or exec formats, the `CMD` +instruction sets the command to be executed when running the image. + +If you use the *shell* form of the CMD, then the `` +will execute in `/bin/sh -c`: + + FROM ubuntu + CMD echo "This is a test." | wc - + +If you want to **run your** `` **without a +shell** then you must express the command as a JSON array and give the +full path to the executable. **This array form is the preferred format +of CMD.** Any additional parameters must be individually expressed as +strings in the array: + + FROM ubuntu + CMD ["/usr/bin/wc","--help"] + +If you would like your container to run the same executable every time, +then you should consider using `ENTRYPOINT` in +combination with `CMD`. See +[*ENTRYPOINT*](#dockerfile-entrypoint). + +If the user specifies arguments to `docker run` then +they will override the default specified in CMD. + +Note + +Don’t confuse `RUN` with `CMD`. +`RUN` actually runs a command and commits the +result; `CMD` does not execute anything at build +time, but specifies the intended command for the image. + +## `EXPOSE` + +> `EXPOSE [...]` + +The `EXPOSE` instructions informs Docker that the +container will listen on the specified network ports at runtime. Docker +uses this information to interconnect containers using links (see +[*links*](../../use/working_with_links_names/#working-with-links-names)), +and to setup port redirection on the host system (see [*Redirect +Ports*](../../use/port_redirection/#port-redirection)). + +## `ENV` + +> `ENV ` + +The `ENV` instruction sets the environment variable +`` to the value ``. +This value will be passed to all future `RUN` +instructions. This is functionally equivalent to prefixing the command +with `=` + +The environment variables set using `ENV` will +persist when a container is run from the resulting image. You can view +the values using `docker inspect`, and change them +using `docker run --env =`. + +Note + +One example where this can cause unexpected consequenses, is setting +`ENV DEBIAN_FRONTEND noninteractive`. Which will +persist when the container is run interactively; for example: +`docker run -t -i image bash` + +## `ADD` + +> `ADD ` + +The `ADD` instruction will copy new files from +\ and add them to the container’s filesystem at path +``. + +`` must be the path to a file or directory +relative to the source directory being built (also called the *context* +of the build) or a remote file URL. + +`` is the absolute path to which the source +will be copied inside the destination container. + +All new files and directories are created with mode 0755, uid and gid 0. + +Note + +if you build using STDIN (`docker build - < somefile` +.literal}), there is no build context, so the Dockerfile can only +contain an URL based ADD statement. + +Note + +if your URL files are protected using authentication, you will need to +use an `RUN wget` , `RUN curl` +or other tool from within the container as ADD does not support +authentication. + +The copy obeys the following rules: + +- The `` path must be inside the *context* of + the build; you cannot `ADD ../something /something` +, because the first step of a `docker build` + is to send the context directory (and subdirectories) to + the docker daemon. + +- If `` is a URL and `` + does not end with a trailing slash, then a file is + downloaded from the URL and copied to ``. + +- If `` is a URL and `` + does end with a trailing slash, then the filename is + inferred from the URL and the file is downloaded to + `/`. For instance, + `ADD http://example.com/foobar /` would create + the file `/foobar`. The URL must have a + nontrivial path so that an appropriate filename can be discovered in + this case (`http://example.com` will not work). + +- If `` is a directory, the entire directory + is copied, including filesystem metadata. + +- If `` is a *local* tar archive in a + recognized compression format (identity, gzip, bzip2 or xz) then it + is unpacked as a directory. Resources from *remote* URLs are **not** + decompressed. + + When a directory is copied or unpacked, it has the same behavior as + `tar -x`: the result is the union of + + 1. whatever existed at the destination path and + 2. the contents of the source tree, + + with conflicts resolved in favor of "2." on a file-by-file basis. + +- If `` is any other kind of file, it is + copied individually along with its metadata. In this case, if + `` ends with a trailing slash + `/`, it will be considered a directory and the + contents of `` will be written at + `/base()`. + +- If `` does not end with a trailing slash, + it will be considered a regular file and the contents of + `` will be written at `` +. + +- If `` doesn’t exist, it is created along + with all missing directories in its path. + +## `ENTRYPOINT` + +ENTRYPOINT has two forms: + +- `ENTRYPOINT ["executable", "param1", "param2"]` + (like an *exec*, preferred form) +- `ENTRYPOINT command param1 param2` (as a + *shell*) + +There can only be one `ENTRYPOINT` in a Dockerfile. +If you have more than one `ENTRYPOINT`, then only +the last one in the Dockerfile will have an effect. + +An `ENTRYPOINT` helps you to configure a container +that you can run as an executable. That is, when you specify an +`ENTRYPOINT`, then the whole container runs as if it +was just that executable. + +The `ENTRYPOINT` instruction adds an entry command +that will **not** be overwritten when arguments are passed to +`docker run`, unlike the behavior of `CMD` +.literal}. This allows arguments to be passed to the entrypoint. i.e. +`docker run -d` will pass the "-d" argument +to the ENTRYPOINT. + +You can specify parameters either in the ENTRYPOINT JSON array (as in +"like an exec" above), or by using a CMD statement. Parameters in the +ENTRYPOINT will not be overridden by the `docker run` +arguments, but parameters specified via CMD will be overridden +by `docker run` arguments. + +Like a `CMD`, you can specify a plain string for the +ENTRYPOINT and it will execute in `/bin/sh -c`: + + FROM ubuntu + ENTRYPOINT wc -l - + +For example, that Dockerfile’s image will *always* take stdin as input +("-") and print the number of lines ("-l"). If you wanted to make this +optional but default, you could use a CMD: + + FROM ubuntu + CMD ["-l", "-"] + ENTRYPOINT ["/usr/bin/wc"] + +## `VOLUME` + +> `VOLUME ["/data"]` + +The `VOLUME` instruction will create a mount point +with the specified name and mark it as holding externally mounted +volumes from native host or other containers. For more +information/examples and mounting instructions via docker client, refer +to [*Share Directories via +Volumes*](../../use/working_with_volumes/#volume-def) documentation. + +## `USER` + +> `USER daemon` + +The `USER` instruction sets the username or UID to +use when running the image. + +## `WORKDIR` + +> `WORKDIR /path/to/workdir` + +The `WORKDIR` instruction sets the working directory +for the `RUN`, `CMD` and +`ENTRYPOINT` Dockerfile commands that follow it. + +It can be used multiple times in the one Dockerfile. If a relative path +is provided, it will be relative to the path of the previous +`WORKDIR` instruction. For example: + +> WORKDIR /a WORKDIR b WORKDIR c RUN pwd + +The output of the final `pwd` command in this +Dockerfile would be `/a/b/c`. + +## `ONBUILD` + +> `ONBUILD [INSTRUCTION]` + +The `ONBUILD` instruction adds to the image a +"trigger" instruction to be executed at a later time, when the image is +used as the base for another build. The trigger will be executed in the +context of the downstream build, as if it had been inserted immediately +after the *FROM* instruction in the downstream Dockerfile. + +Any build instruction can be registered as a trigger. + +This is useful if you are building an image which will be used as a base +to build other images, for example an application build environment or a +daemon which may be customized with user-specific configuration. + +For example, if your image is a reusable python application builder, it +will require application source code to be added in a particular +directory, and it might require a build script to be called *after* +that. You can’t just call *ADD* and *RUN* now, because you don’t yet +have access to the application source code, and it will be different for +each application build. You could simply provide application developers +with a boilerplate Dockerfile to copy-paste into their application, but +that is inefficient, error-prone and difficult to update because it +mixes with application-specific code. + +The solution is to use *ONBUILD* to register in advance instructions to +run later, during the next build stage. + +Here’s how it works: + +1. When it encounters an *ONBUILD* instruction, the builder adds a + trigger to the metadata of the image being built. The instruction + does not otherwise affect the current build. +2. At the end of the build, a list of all triggers is stored in the + image manifest, under the key *OnBuild*. They can be inspected with + *docker inspect*. +3. Later the image may be used as a base for a new build, using the + *FROM* instruction. As part of processing the *FROM* instruction, + the downstream builder looks for *ONBUILD* triggers, and executes + them in the same order they were registered. If any of the triggers + fail, the *FROM* instruction is aborted which in turn causes the + build to fail. If all triggers succeed, the FROM instruction + completes and the build continues as usual. +4. Triggers are cleared from the final image after being executed. In + other words they are not inherited by "grand-children" builds. + +For example you might add something like this: + + [...] + ONBUILD ADD . /app/src + ONBUILD RUN /usr/local/bin/python-build --dir /app/src + [...] + +Warning + +Chaining ONBUILD instructions using ONBUILD ONBUILD isn’t allowed. + +Warning + +ONBUILD may not trigger FROM or MAINTAINER instructions. + +## Dockerfile Examples + + # Nginx + # + # VERSION 0.0.1 + + FROM ubuntu + MAINTAINER Guillaume J. Charmes + + # make sure the package repository is up to date + RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list + RUN apt-get update + + RUN apt-get install -y inotify-tools nginx apache2 openssh-server + + # Firefox over VNC + # + # VERSION 0.3 + + FROM ubuntu + # make sure the package repository is up to date + RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list + RUN apt-get update + + # Install vnc, xvfb in order to create a 'fake' display and firefox + RUN apt-get install -y x11vnc xvfb firefox + RUN mkdir /.vnc + # Setup a password + RUN x11vnc -storepasswd 1234 ~/.vnc/passwd + # Autostart firefox (might not be the best way, but it does the trick) + RUN bash -c 'echo "firefox" >> /.bashrc' + + EXPOSE 5900 + CMD ["x11vnc", "-forever", "-usepw", "-create"] + + # Multiple images example + # + # VERSION 0.1 + + FROM ubuntu + RUN echo foo > bar + # Will output something like ===> 907ad6c2736f + + FROM ubuntu + RUN echo moo > oink + # Will output something like ===> 695d7793cbe4 + + # You'll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with + # /oink. diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md new file mode 100644 index 0000000000..6bb0dc9e22 --- /dev/null +++ b/docs/sources/reference/commandline/cli.md @@ -0,0 +1,1170 @@ +page_title: Command Line Interface +page_description: Docker's CLI command description and usage +page_keywords: Docker, Docker documentation, CLI, command line + +# Command Line + +To list available commands, either run `docker` with +no parameters or execute `docker help`: + + $ sudo docker + Usage: docker [OPTIONS] COMMAND [arg...] + -H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used. + + A self-sufficient runtime for linux containers. + + ... + +## Option types + +Single character commandline options can be combined, so rather than +typing `docker run -t -i --name test busybox sh`, +you can write `docker run -ti --name test busybox sh` +.literal}. + +### Boolean + +Boolean options look like `-d=false`. The value you +see is the default value which gets set if you do **not** use the +boolean flag. If you do call `run -d`, that sets the +opposite boolean value, so in this case, `true`, and +so `docker run -d` **will** run in "detached" mode, +in the background. Other boolean options are similar – specifying them +will set the value to the opposite of the default value. + +### Multi + +Options like `-a=[]` indicate they can be specified +multiple times: + + docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash + +Sometimes this can use a more complex value string, as for +`-v`: + + docker run -v /host:/container example/mysql + +### Strings and Integers + +Options like `--name=""` expect a string, and they +can only be specified once. Options like `-c=0` +expect an integer, and they can only be specified once. + +## `daemon` + + Usage of docker: + -D, --debug=false: Enable debug mode + -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. + -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group + --api-enable-cors=false: Enable CORS headers in the remote API + -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking + -bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b + -d, --daemon=false: Enable daemon mode + --dns=[]: Force docker to use specific DNS servers + --dns-search=[]: Force Docker to use specific DNS search domains + -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime + --icc=true: Enable inter-container communication + --ip="0.0.0.0": Default IP address to use when binding container ports + --ip-forward=true: Enable net.ipv4.ip_forward + --iptables=true: Enable Docker's addition of iptables rules + -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file + -r, --restart=true: Restart previously running containers + -s, --storage-driver="": Force the docker runtime to use a specific storage driver + -e, --exec-driver="native": Force the docker runtime to use a specific exec driver + -v, --version=false: Print version information and quit + --tls=false: Use TLS; implied by tls-verify flags + --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here + --tlscert="~/.docker/cert.pem": Path to TLS certificate file + --tlskey="~/.docker/key.pem": Path to TLS key file + --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) + --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available + +The Docker daemon is the persistent process that manages containers. +Docker uses the same binary for both the daemon and client. To run the +daemon you provide the `-d` flag. + +To force Docker to use devicemapper as the storage driver, use +`docker -d -s devicemapper`. + +To set the DNS server for all Docker containers, use +`docker -d --dns 8.8.8.8`. + +To set the DNS search domain for all Docker containers, use +`docker -d --dns-search example.com`. + +To run the daemon with debug output, use `docker -d -D` +.literal}. + +To use lxc as the execution driver, use `docker -d -e lxc` +.literal}. + +The docker client will also honor the `DOCKER_HOST` +environment variable to set the `-H` flag for the +client. + + docker -H tcp://0.0.0.0:4243 ps + # or + export DOCKER_HOST="tcp://0.0.0.0:4243" + docker ps + # both are equal + +To run the daemon with [systemd socket +activation](http://0pointer.de/blog/projects/socket-activation.html), +use `docker -d -H fd://`. Using `fd://` +will work perfectly for most setups but you can also specify +individual sockets too `docker -d -H fd://3`. If the +specified socket activated files aren’t found then docker will exit. You +can find examples of using systemd socket activation with docker and +systemd in the [docker source +tree](https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/). + +Docker supports softlinks for the Docker data directory +(`/var/lib/docker`) and for `/tmp` +.literal}. TMPDIR and the data directory can be set like this: + + TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 + # or + export TMPDIR=/mnt/disk2/tmp + /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 + +## `attach` + + Usage: docker attach CONTAINER + + Attach to a running container. + + --no-stdin=false: Do not attach stdin + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + +The `attach` command will allow you to view or +interact with any running container, detached (`-d`) +or interactive (`-i`). You can attach to the same +container at the same time - screen sharing style, or quickly view the +progress of your daemonized process. + +You can detach from the container again (and leave it running) with +`CTRL-C` (for a quiet exit) or `CTRL-\` +to get a stacktrace of the Docker client when it quits. When +you detach from the container’s process the exit code will be returned +to the client. + +To stop a container, use `docker stop`. + +To kill the container, use `docker kill`. + +### Examples: + + $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) + $ sudo docker attach $ID + top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355560k used, 18012k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221740k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top + + top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355244k used, 18328k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + + + top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355780k used, 17792k free, 27880k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + ^C$ + $ sudo docker stop $ID + +## `build` + + Usage: docker build [OPTIONS] PATH | URL | - + Build a new container image from the source code at PATH + -t, --tag="": Repository name (and optionally a tag) to be applied + to the resulting image in case of success. + -q, --quiet=false: Suppress the verbose output generated by the containers. + --no-cache: Do not use the cache when building the image. + --rm=true: Remove intermediate containers after a successful build + +Use this command to build Docker images from a `Dockerfile` +and a "context". + +The files at `PATH` or `URL` are +called the "context" of the build. The build process may refer to any of +the files in the context, for example when using an +[*ADD*](../../builder/#dockerfile-add) instruction. When a single +`Dockerfile` is given as `URL`, +then no context is set. + +When a Git repository is set as `URL`, then the +repository is used as the context. The Git repository is cloned with its +submodules (git clone –recursive). A fresh git clone occurs in a +temporary directory on your local host, and then this is sent to the +Docker daemon as the context. This way, your local user credentials and +vpn’s etc can be used to access private repositories + +See also + +[*Dockerfile Reference*](../../builder/#dockerbuilder). + +### Examples: + + $ sudo docker build . + Uploading context 10240 bytes + Step 1 : FROM busybox + Pulling repository busybox + ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ + Step 2 : RUN ls -lh / + ---> Running in 9c9e81692ae9 + total 24 + drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin + drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev + drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc + drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib + lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib + dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc + lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin + dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys + drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp + drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr + ---> b35f4035db3f + Step 3 : CMD echo Hello World + ---> Running in 02071fceb21b + ---> f52f38b7823e + Successfully built f52f38b7823e + Removing intermediate container 9c9e81692ae9 + Removing intermediate container 02071fceb21b + +This example specifies that the `PATH` is +`.`, and so all the files in the local directory get +tar’d and sent to the Docker daemon. The `PATH` +specifies where to find the files for the "context" of the build on the +Docker daemon. Remember that the daemon could be running on a remote +machine and that no parsing of the `Dockerfile` +happens at the client side (where you’re running +`docker build`). That means that *all* the files at +`PATH` get sent, not just the ones listed to +[*ADD*](../../builder/#dockerfile-add) in the `Dockerfile` +.literal}. + +The transfer of context from the local machine to the Docker daemon is +what the `docker` client means when you see the +"Uploading context" message. + +If you wish to keep the intermediate containers after the build is +complete, you must use `--rm=false`. This does not +affect the build cache. + + $ sudo docker build -t vieux/apache:2.0 . + +This will build like the previous example, but it will then tag the +resulting image. The repository name will be `vieux/apache` +and the tag will be `2.0` + + $ sudo docker build - < Dockerfile + +This will read a `Dockerfile` from *stdin* without +context. Due to the lack of a context, no contents of any local +directory will be sent to the `docker` daemon. Since +there is no context, a `Dockerfile` `ADD` +only works if it refers to a remote URL. + + $ sudo docker build github.com/creack/docker-firefox + +This will clone the GitHub repository and use the cloned repository as +context. The `Dockerfile` at the root of the +repository is used as `Dockerfile`. Note that you +can specify an arbitrary Git repository by using the `git://` +schema. + +## `commit` + + Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] + + Create a new image from a container's changes + + -m, --message="": Commit message + -a, --author="": Author (eg. "John Hannibal Smith " + +It can be useful to commit a container’s file changes or settings into a +new image. This allows you debug a container by running an interactive +shell, or to export a working dataset to another server. Generally, it +is better to use Dockerfiles to manage your images in a documented and +maintainable way. + +### Commit an existing container + + $ sudo docker ps + ID IMAGE COMMAND CREATED STATUS PORTS + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 + f5283438590d + $ docker images | head + REPOSITORY TAG ID CREATED VIRTUAL SIZE + SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB + +## `cp` + + Usage: docker cp CONTAINER:PATH HOSTPATH + + Copy files/folders from the containers filesystem to the host + path. Paths are relative to the root of the filesystem. + + $ sudo docker cp 7bb0e258aefe:/etc/debian_version . + $ sudo docker cp blue_frog:/etc/hosts . + +## `diff` + + Usage: docker diff CONTAINER + + List the changed files and directories in a container's filesystem + +There are 3 events that are listed in the ‘diff’: + +1. `` `A` `` - Add +2. `` `D` `` - Delete +3. `` `C` `` - Change + +For example: + + $ sudo docker diff 7bb0e258aefe + + C /dev + A /dev/kmsg + C /etc + A /etc/mtab + A /go + A /go/src + A /go/src/github.com + A /go/src/github.com/dotcloud + A /go/src/github.com/dotcloud/docker + A /go/src/github.com/dotcloud/docker/.git + .... + +## `events` + + Usage: docker events + + Get real time events from the server + + --since="": Show all events created since timestamp + (either seconds since epoch, or date string as below) + --until="": Show events created before timestamp + (either seconds since epoch, or date string as below) + +### Examples + +You’ll need two shells for this example. + +#### Shell 1: Listening for events + + $ sudo docker events + +#### Shell 2: Start and Stop a Container + + $ sudo docker start 4386fb97867d + $ sudo docker stop 4386fb97867d + +#### Shell 1: (Again .. now showing events) + + [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + +#### Show events in the past from a specified time + + $ sudo docker events --since 1378216169 + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + + $ sudo docker events --since '2013-09-03' + [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + + $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + +## `export` + + Usage: docker export CONTAINER + + Export the contents of a filesystem as a tar archive to STDOUT + +For example: + + $ sudo docker export red_panda > latest.tar + +## `history` + + Usage: docker history [OPTIONS] IMAGE + + Show the history of an image + + --no-trunc=false: Don't truncate output + -q, --quiet=false: Only show numeric IDs + +To see how the `docker:latest` image was built: + + $ docker history docker + IMAGE CREATED CREATED BY SIZE + 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B + 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB + be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB + 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB + 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B + 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B + +## `images` + + Usage: docker images [OPTIONS] [NAME] + + List images + + -a, --all=false: Show all images (by default filter out the intermediate image layers) + --no-trunc=false: Don't truncate output + -q, --quiet=false: Only show numeric IDs + +The default `docker images` will show all top level +images, their repository and tags, and their virtual size. + +Docker images have intermediate layers that increase reuseability, +decrease disk usage, and speed up `docker build` by +allowing each step to be cached. These intermediate layers are not shown +by default. + +### Listing the most recently created images + + $ sudo docker images | head + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 77af4d6b9913 19 hours ago 1.089 GB + committest latest b6fa739cedf5 19 hours ago 1.089 GB + 78a85c484f71 19 hours ago 1.089 GB + docker latest 30557a29d5ab 20 hours ago 1.089 GB + 0124422dd9f9 20 hours ago 1.089 GB + 18ad6fad3402 22 hours ago 1.082 GB + f9f1e26352f0 23 hours ago 1.089 GB + tryout latest 2629d1fa0b81 23 hours ago 131.5 MB + 5ed6274db6ce 24 hours ago 1.089 GB + +### Listing the full length image IDs + + $ sudo docker images --no-trunc | head + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB + committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB + 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB + docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB + 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB + 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB + f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB + tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB + 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB + +## `import` + + Usage: docker import URL|- [REPOSITORY[:TAG]] + + Create an empty filesystem image and import the contents of the tarball + (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + +URLs must start with `http` and point to a single +file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a +root filesystem. If you would like to import from a local directory or +archive, you can use the `-` parameter to take the +data from *stdin*. + +### Examples + +#### Import from a remote location + +This will create a new untagged image. + + $ sudo docker import http://example.com/exampleimage.tgz + +#### Import from a local file + +Import to docker via pipe and *stdin*. + + $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new + +#### Import from a local directory + + $ sudo tar -c . | docker import - exampleimagedir + +Note the `sudo` in this example – you must preserve +the ownership of the files (especially root ownership) during the +archiving with tar. If you are not root (or the sudo command) when you +tar, then the ownerships might not get preserved. + +## `info` + + Usage: docker info + + Display system-wide information. + + $ sudo docker info + Containers: 292 + Images: 194 + Debug mode (server): false + Debug mode (client): false + Fds: 22 + Goroutines: 67 + LXC Version: 0.9.0 + EventsListeners: 115 + Kernel Version: 3.8.0-33-generic + WARNING: No swap limit support + +When sending issue reports, please use `docker version` +and `docker info` to ensure we know how +your setup is configured. + +## `inspect` + + Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] + + Return low-level information on a container/image + + -f, --format="": Format the output using the given go template. + +By default, this will render all results in a JSON array. If a format is +specified, the given template will be executed for each result. + +Go’s [text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. + +### Examples + +#### Get an instance’s IP Address + +For the most part, you can pick out any field from the JSON in a fairly +straightforward manner. + + $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID + +#### List All Port Bindings + +One can loop over arrays and maps in the results to produce simple text +output: + + $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID + +#### Find a Specific Port Mapping + +The `.Field` syntax doesn’t work when the field name +begins with a number, but the template language’s `index` +function does. The `.NetworkSettings.Ports` +section contains a map of the internal port mappings to a list +of external address/port objects, so to grab just the numeric public +port, you use `index` to find the specific port map, +and then `index` 0 contains first object inside of +that. Then we ask for the `HostPort` field to get +the public address. + + $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID + +#### Get config + +The `.Field` syntax doesn’t work when the field +contains JSON data, but the template language’s custom `json` +function does. The `.config` section +contains complex json object, so to grab it as JSON, you use +`json` to convert config object into JSON + + $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID + +## `kill` + + Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] + + Kill a running container (send SIGKILL, or specified signal) + + -s, --signal="KILL": Signal to send to the container + +The main process inside the container will be sent SIGKILL, or any +signal specified with option `--signal`. + +### Known Issues (kill) + +- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates + that `docker kill` may leave directories behind + and make it difficult to remove the container. +- [Issue 3844](https://github.com/dotcloud/docker/issues/3844) lxc + 1.0.0 beta3 removed `lcx-kill` which is used by + Docker versions before 0.8.0; see the issue for a workaround. + +## `load` + + Usage: docker load + + Load an image from a tar archive on STDIN + + -i, --input="": Read from a tar archive file, instead of STDIN + +Loads a tarred repository from a file or the standard input stream. +Restores both images and tags. + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + $ sudo docker load < busybox.tar + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + $ sudo docker load --input fedora.tar + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + fedora rawhide 0d20aec6529d 7 weeks ago 387 MB + fedora 20 58394af37342 7 weeks ago 385.5 MB + fedora heisenbug 58394af37342 7 weeks ago 385.5 MB + fedora latest 58394af37342 7 weeks ago 385.5 MB + +## `login` + + Usage: docker login [OPTIONS] [SERVER] + + Register or Login to the docker registry server + + -e, --email="": Email + -p, --password="": Password + -u, --username="": Username + + If you want to login to a private registry you can + specify this by adding the server name. + + example: + docker login localhost:8080 + +## `logs` + + Usage: docker logs [OPTIONS] CONTAINER + + Fetch the logs of a container + + -f, --follow=false: Follow log output + +The `docker logs` command batch-retrieves all logs +present at the time of execution. + +The `docker logs --follow` command combines +`docker logs` and `docker attach` +.literal}: it will first return all logs from the beginning and then +continue streaming new output from the container’s stdout and stderr. + +## `port` + + Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT + + Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + +## `ps` + + Usage: docker ps [OPTIONS] + + List containers + + -a, --all=false: Show all containers. Only running containers are shown by default. + --before="": Show only container created before Id or Name, include non-running ones. + -l, --latest=false: Show only the latest created container, include non-running ones. + -n=-1: Show n last created containers, include non-running ones. + --no-trunc=false: Don't truncate output + -q, --quiet=false: Only display numeric IDs + -s, --size=false: Display sizes, not to be used with -q + --since="": Show only containers created since Id or Name, include non-running ones. + +Running `docker ps` showing 2 linked containers. + + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp + d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + +`docker ps` will show only running containers by +default. To see all containers: `docker ps -a` + +## `pull` + + Usage: docker pull NAME[:TAG] + + Pull an image or a repository from the registry + +Most of your images will be created on top of a base image from the +\([https://index.docker.io](https://index.docker.io)). + +The Docker Index contains many pre-built images that you can +`pull` and try without needing to define and +configure your own. + +To download a particular image, or set of images (i.e., a repository), +use `docker pull`: + + $ docker pull debian + # will pull all the images in the debian repository + $ docker pull debian:testing + # will pull only the image named debian:testing and any intermediate layers + # it is based on. (typically the empty `scratch` image, a MAINTAINERs layer, + # and the un-tared base. + +## `push` + + Usage: docker push NAME[:TAG] + + Push an image or a repository to the registry + +Use `docker push` to share your images on public or +private registries. + +## `restart` + + Usage: docker restart [OPTIONS] NAME + + Restart a running container + + -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 + +## `rm` + + Usage: docker rm [OPTIONS] CONTAINER + + Remove one or more containers + -l, --link="": Remove the link instead of the actual container + -f, --force=false: Force removal of running container + -v, --volumes=false: Remove the volumes associated to the container + +### Known Issues (rm) + +- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates + that `docker kill` may leave directories behind + and make it difficult to remove the container. + +### Examples: + + $ sudo docker rm /redis + /redis + +This will remove the container referenced under the link +`/redis`. + + $ sudo docker rm --link /webapp/redis + /webapp/redis + +This will remove the underlying link between `/webapp` +and the `/redis` containers removing all +network communication. + + $ sudo docker rm $(docker ps -a -q) + +This command will delete all stopped containers. The command +`docker ps -a -q` will return all existing container +IDs and pass them to the `rm` command which will +delete them. Any running containers will not be deleted. + +## `rmi` + + Usage: docker rmi IMAGE [IMAGE...] + + Remove one or more images + + -f, --force=false: Force + --no-prune=false: Do not delete untagged parents + +### Removing tagged images + +Images can be removed either by their short or long ID’s, or their image +names. If an image has more than one name, each of them needs to be +removed before the image is removed. + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + + $ sudo docker rmi fd484f19954f + Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories + 2013/12/11 05:47:16 Error: failed to remove one or more images + + $ sudo docker rmi test1 + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + $ sudo docker rmi test2 + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + $ sudo docker rmi test + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + +## `run` + + Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + + Run a command in a new container + + -a, --attach=map[]: Attach to stdin, stdout or stderr + -c, --cpu-shares=0: CPU shares (relative weight) + --cidfile="": Write the container ID to the file + -d, --detach=false: Detached mode: Run container in the background, print new container id + -e, --env=[]: Set environment variables + --env-file="": Read in a line delimited file of ENV variables + -h, --hostname="": Container host name + -i, --interactive=false: Keep stdin open even if not attached + --privileged=false: Give extended privileges to this container + -m, --memory="": Memory limit (format: , where unit = b, k, m or g) + -n, --networking=true: Enable networking for this container + -p, --publish=[]: Map a network port to the container + --rm=false: Automatically remove the container when it exits (incompatible with -d) + -t, --tty=false: Allocate a pseudo-tty + -u, --user="": Username or UID + --dns=[]: Set custom dns servers for the container + --dns-search=[]: Set custom DNS search domains for the container + -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. + --volumes-from="": Mount all volumes from the given container(s) + --entrypoint="": Overwrite the default entrypoint set by the image + -w, --workdir="": Working directory inside the container + --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + --expose=[]: Expose a port from the container without publishing it to your host + --link="": Add link to another container (name:alias) + --name="": Assign the specified name to the container. If no name is specific docker will generate a random name + -P, --publish-all=false: Publish all exposed ports to the host interfaces + +The `docker run` command first `creates` +a writeable container layer over the specified image, and then +`starts` it using the specified command. That is, +`docker run` is equivalent to the API +`/containers/create` then +`/containers/(id)/start`. A stopped container can be +restarted with all its previous changes intact using +`docker start`. See `docker ps -a` +to view a list of all containers. + +The `docker run` command can be used in combination +with `docker commit` to [*change the command that a +container runs*](#cli-commit-examples). + +See [*Redirect Ports*](../../../use/port_redirection/#port-redirection) +for more detailed information about the `--expose`, +`-p`, `-P` and +`--link` parameters, and [*Link +Containers*](../../../use/working_with_links_names/#working-with-links-names) +for specific examples using `--link`. + +### Known Issues (run –volumes-from) + +- [Issue 2702](https://github.com/dotcloud/docker/issues/2702): + "lxc-start: Permission denied - failed to mount" could indicate a + permissions problem with AppArmor. Please see the issue for a + workaround. + +### Examples: + + $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" + +This will create a container and print `test` to the +console. The `cidfile` flag makes Docker attempt to +create a new file and write the container ID to it. If the file exists +already, Docker will return an error. Docker will close this file when +`docker run` exits. + + $ sudo docker run -t -i --rm ubuntu bash + root@bc338942ef20:/# mount -t tmpfs none /mnt + mount: permission denied + +This will *not* work, because by default, most potentially dangerous +kernel capabilities are dropped; including `cap_sys_admin` +(which is required to mount filesystems). However, the +`--privileged` flag will allow it to run: + + $ sudo docker run --privileged ubuntu bash + root@50e3f57e16e6:/# mount -t tmpfs none /mnt + root@50e3f57e16e6:/# df -h + Filesystem Size Used Avail Use% Mounted on + none 1.9G 0 1.9G 0% /mnt + +The `--privileged` flag gives *all* capabilities to +the container, and it also lifts all the limitations enforced by the +`device` cgroup controller. In other words, the +container can then do almost everything that the host can do. This flag +exists to allow special use-cases, like running Docker within Docker. + + $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd + +The `-w` lets the command being executed inside +directory given, here `/path/to/dir/`. If the path +does not exists it is created inside the container. + + $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd + +The `-v` flag mounts the current working directory +into the container. The `-w` lets the command being +executed inside the current working directory, by changing into the +directory to the value returned by `pwd`. So this +combination executes the command using the container, but inside the +current working directory. + + $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash + +When the host directory of a bind-mounted volume doesn’t exist, Docker +will automatically create this directory on the host for you. In the +example above, Docker will create the `/doesnt/exist` +folder before starting your container. + + $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh + +By bind-mounting the docker unix socket and statically linked docker +binary (such as that provided by +[https://get.docker.io](https://get.docker.io)), you give the container +the full access to create and manipulate the host’s docker daemon. + + $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash + +This binds port `8080` of the container to port +`80` on `127.0.0.1` of the host +machine. [*Redirect +Ports*](../../../use/port_redirection/#port-redirection) explains in +detail how to manipulate ports in Docker. + + $ sudo docker run --expose 80 ubuntu bash + +This exposes port `80` of the container for use +within a link without publishing the port to the host system’s +interfaces. [*Redirect +Ports*](../../../use/port_redirection/#port-redirection) explains in +detail how to manipulate ports in Docker. + + $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash + +This sets environmental variables in the container. For illustration all +three flags are shown here. Where `-e`, +`--env` take an environment variable and value, or +if no "=" is provided, then that variable’s current value is passed +through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the +container). All three flags, `-e`, `--env` +and `--env-file` can be repeated. + +Regardless of the order of these three flags, the `--env-file` +are processed first, and then `-e` +.literal}/`--env` flags. This way, the +`-e` or `--env` will override +variables as needed. + + $ cat ./env.list + TEST_FOO=BAR + $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO + TEST_FOO=This is a test + +The `--env-file` flag takes a filename as an +argument and expects each line to be in the VAR=VAL format, mimicking +the argument passed to `--env`. Comment lines need +only be prefixed with `#` + +An example of a file passed with `--env-file` + + $ cat ./env.list + TEST_FOO=BAR + + # this is a comment + TEST_APP_DEST_HOST=10.10.0.127 + TEST_APP_DEST_PORT=8888 + + # pass through this variable from the caller + TEST_PASSTHROUGH + $ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env + HOME=/ + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + HOSTNAME=5198e0745561 + TEST_FOO=BAR + TEST_APP_DEST_HOST=10.10.0.127 + TEST_APP_DEST_PORT=8888 + TEST_PASSTHROUGH=howdy + + $ sudo docker run --name console -t -i ubuntu bash + +This will create and run a new container with the container name being +`console`. + + $ sudo docker run --link /redis:redis --name console ubuntu bash + +The `--link` flag will link the container named +`/redis` into the newly created container with the +alias `redis`. The new container can access the +network and environment of the redis container via environment +variables. The `--name` flag will assign the name +`console` to the newly created container. + + $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd + +The `--volumes-from` flag mounts all the defined +volumes from the referenced containers. Containers can be specified by a +comma separated list or by repetitions of the `--volumes-from` +argument. The container ID may be optionally suffixed with +`:ro` or `:rw` to mount the +volumes in read-only or read-write mode, respectively. By default, the +volumes are mounted in the same mode (read write or read only) as the +reference container. + +The `-a` flag tells `docker run` +to bind to the container’s stdin, stdout or stderr. This makes it +possible to manipulate the output and input as needed. + + $ sudo echo "test" | docker run -i -a stdin ubuntu cat - + +This pipes data into a container and prints the container’s ID by +attaching only to the container’s stdin. + + $ sudo docker run -a stderr ubuntu echo test + +This isn’t going to print anything unless there’s an error because we’ve +only attached to the stderr of the container. The container’s logs still +store what’s been written to stderr and stdout. + + $ sudo cat somefile | docker run -i -a stdin mybuilder dobuild + +This is how piping a file into a container could be done for a build. +The container’s ID will be printed after the build is done and the build +logs could be retrieved using `docker logs`. This is +useful if you need to pipe a file or something else into a container and +retrieve the container’s ID once the container has finished running. + +#### A complete example + + $ sudo docker run -d --name static static-web-files sh + $ sudo docker run -d --expose=8098 --name riak riakserver + $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver + $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver + $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log + +This example shows 5 containers that might be set up to test a web +application change: + +1. Start a pre-prepared volume image `static-web-files` + (in the background) that has CSS, image and static HTML in + it, (with a `VOLUME` instruction in the + `Dockerfile` to allow the web server to use + those files); +2. Start a pre-prepared `riakserver` image, give + the container name `riak` and expose port + `8098` to any containers that link to it; +3. Start the `appserver` image, restricting its + memory usage to 100MB, setting two environment variables + `DEVELOPMENT` and `BRANCH` + and bind-mounting the current directory (`$(pwd)` +) in the container in read-only mode as + `/app/bin`; +4. Start the `webserver`, mapping port + `443` in the container to port `1443` + on the Docker server, setting the DNS server to + `dns.dev.org` and DNS search domain to + `dev.org`, creating a volume to put the log + files into (so we can access it from another container), then + importing the files from the volume exposed by the + `static` container, and linking to all exposed + ports from `riak` and `app`. + Lastly, we set the hostname to `web.sven.dev.org` + so its consistent with the pre-generated SSL certificate; +5. Finally, we create a container that runs + `tail -f access.log` using the logs volume from + the `web` container, setting the workdir to + `/var/log/httpd`. The `--rm` + option means that when the container exits, the container’s layer is + removed. + +## `save` + + Usage: docker save IMAGE + + Save an image to a tar archive (streamed to stdout by default) + + -o, --output="": Write to an file, instead of STDOUT + +Produces a tarred repository to the standard output stream. Contains all +parent layers, and all tags + versions, or specified repo:tag. + +It is used to create a backup that can then be used with +`docker load` + + $ sudo docker save busybox > busybox.tar + $ ls -sh b.tar + 2.7M b.tar + $ sudo docker save --output busybox.tar busybox + $ ls -sh b.tar + 2.7M b.tar + $ sudo docker save -o fedora-all.tar fedora + $ sudo docker save -o fedora-latest.tar fedora:latest + +## `search` + + Usage: docker search TERM + + Search the docker index for images + + --no-trunc=false: Don't truncate output + -s, --stars=0: Only displays with at least xxx stars + -t, --trusted=false: Only show trusted builds + +See [*Find Public Images on the Central +Index*](../../../use/workingwithrepository/#searching-central-index) for +more details on finding shared images from the commandline. + +## `start` + + Usage: docker start [OPTIONS] CONTAINER + + Start a stopped container + + -a, --attach=false: Attach container's stdout/stderr and forward all signals to the process + -i, --interactive=false: Attach container's stdin + +## `stop` + + Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] + + Stop a running container (Send SIGTERM, and then SIGKILL after grace period) + + -t, --time=10: Number of seconds to wait for the container to stop before killing it. + +The main process inside the container will receive SIGTERM, and after a +grace period, SIGKILL + +## `tag` + + Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] + + Tag an image into a repository + + -f, --force=false: Force + +You can group your images together using names and tags, and then upload +them to [*Share Images via +Repositories*](../../../use/workingwithrepository/#working-with-the-repository). + +## `top` + + Usage: docker top CONTAINER [ps OPTIONS] + + Lookup the running processes of a container + +## `version` + +Show the version of the Docker client, daemon, and latest released +version. + +## `wait` + + Usage: docker wait [OPTIONS] NAME + + Block until a container stops, then print its exit code. diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md new file mode 100644 index 0000000000..6afc130085 --- /dev/null +++ b/docs/sources/reference/run.md @@ -0,0 +1,422 @@ +page_title: Docker Run Reference +page_description: Configure containers at runtime +page_keywords: docker, run, configure, runtime + +# [Docker Run Reference](#id2) + +**Docker runs processes in isolated containers**. When an operator +executes `docker run`, she starts a process with its +own file system, its own networking, and its own isolated process tree. +The [*Image*](../../terms/image/#image-def) which starts the process may +define defaults related to the binary to run, the networking to expose, +and more, but `docker run` gives final control to +the operator who starts the container from the image. That’s the main +reason [*run*](../commandline/cli/#cli-run) has more options than any +other `docker` command. + +Every one of the [*Examples*](../../examples/#example-list) shows +running containers, and so here we try to give more in-depth guidance. + +## [General Form](#id3) + +As you’ve seen in the [*Examples*](../../examples/#example-list), the +basic run command takes this form: + + docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + +To learn how to interpret the types of `[OPTIONS]`, +see [*Option types*](../commandline/cli/#cli-options). + +The list of `[OPTIONS]` breaks down into two groups: + +1. Settings exclusive to operators, including: + - Detached or Foreground running, + - Container Identification, + - Network settings, and + - Runtime Constraints on CPU and Memory + - Privileges and LXC Configuration + +2. Setting shared between operators and developers, where operators can + override defaults developers set in images at build time. + +Together, the `docker run [OPTIONS]` give complete +control over runtime behavior to the operator, allowing them to override +all defaults set by the developer during `docker build` +and nearly all the defaults set by the Docker runtime itself. + +## [Operator Exclusive Options](#id4) + +Only the operator (the person executing `docker run` +.literal}) can set the following options. + +- [Detached vs Foreground](#detached-vs-foreground) + - [Detached (-d)](#detached-d) + - [Foreground](#foreground) +- [Container Identification](#container-identification) + - [Name (–name)](#name-name) + - [PID Equivalent](#pid-equivalent) +- [Network Settings](#network-settings) +- [Clean Up (–rm)](#clean-up-rm) +- [Runtime Constraints on CPU and + Memory](#runtime-constraints-on-cpu-and-memory) +- [Runtime Privilege and LXC + Configuration](#runtime-privilege-and-lxc-configuration) + +### [Detached vs Foreground](#id2) + +When starting a Docker container, you must first decide if you want to +run the container in the background in a "detached" mode or in the +default foreground mode: + + -d=false: Detached mode: Run container in the background, print new container id + +#### [Detached (-d)](#id3) + +In detached mode (`-d=true` or just `-d` +.literal}), all I/O should be done through network connections or shared +volumes because the container is no longer listening to the commandline +where you executed `docker run`. You can reattach to +a detached container with `docker` +[*attach*](../commandline/cli/#cli-attach). If you choose to run a +container in the detached mode, then you cannot use the `--rm` +option. + +#### [Foreground](#id4) + +In foreground mode (the default when `-d` is not +specified), `docker run` can start the process in +the container and attach the console to the process’s standard input, +output, and standard error. It can even pretend to be a TTY (this is +what most commandline executables expect) and pass along signals. All of +that is configurable: + + -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` + -t=false : Allocate a pseudo-tty + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + -i=false : Keep STDIN open even if not attached + +If you do not specify `-a` then Docker will [attach +everything +(stdin,stdout,stderr)](https://github.com/dotcloud/docker/blob/75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). +You can specify to which of the three standard streams +(`stdin`, `stdout`, +`stderr`) you’d like to connect instead, as in: + + docker run -a stdin -a stdout -i -t ubuntu /bin/bash + +For interactive processes (like a shell) you will typically want a tty +as well as persistent standard input (`stdin`), so +you’ll use `-i -t` together in most interactive +cases. + +### [Container Identification](#id5) + +#### [Name (–name)](#id6) + +The operator can identify a container in three ways: + +- UUID long identifier + ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") +- UUID short identifier ("f78375b1c487") +- Name ("evil\_ptolemy") + +The UUID identifiers come from the Docker daemon, and if you do not +assign a name to the container with `--name` then +the daemon will also generate a random string name too. The name can +become a handy way to add meaning to a container since you can use this +name when defining +[*links*](../../use/working_with_links_names/#working-with-links-names) +(or any other place you need to identify a container). This works for +both background and foreground Docker containers. + +#### [PID Equivalent](#id7) + +And finally, to help with automation, you can have Docker write the +container ID out to a file of your choosing. This is similar to how some +programs might write out their process ID to a file (you’ve seen them as +PID files): + + --cidfile="": Write the container ID to the file + +### [Network Settings](#id8) + + -n=true : Enable networking for this container + --dns=[] : Set custom dns servers for the container + +By default, all containers have networking enabled and they can make any +outgoing connections. The operator can completely disable networking +with `docker run -n` which disables all incoming and +outgoing networking. In cases like this, you would perform I/O through +files or STDIN/STDOUT only. + +Your container will use the same DNS servers as the host by default, but +you can override this with `--dns`. + +### [Clean Up (–rm)](#id9) + +By default a container’s file system persists even after the container +exits. This makes debugging a lot easier (since you can inspect the +final state) and you retain all your data by default. But if you are +running short-term **foreground** processes, these container file +systems can really pile up. If instead you’d like Docker to +**automatically clean up the container and remove the file system when +the container exits**, you can add the `--rm` flag: + + --rm=false: Automatically remove the container when it exits (incompatible with -d) + +### [Runtime Constraints on CPU and Memory](#id10) + +The operator can also adjust the performance parameters of the +container: + + -m="": Memory limit (format: , where unit = b, k, m or g) + -c=0 : CPU shares (relative weight) + +The operator can constrain the memory available to a container easily +with `docker run -m`. If the host supports swap +memory, then the `-m` memory setting can be larger +than physical RAM. + +Similarly the operator can increase the priority of this container with +the `-c` option. By default, all containers run at +the same priority and get the same proportion of CPU cycles, but you can +tell the kernel to give more shares of CPU time to one or more +containers when you start them via Docker. + +### [Runtime Privilege and LXC Configuration](#id11) + + --privileged=false: Give extended privileges to this container + --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + +By default, Docker containers are "unprivileged" and cannot, for +example, run a Docker daemon inside a Docker container. This is because +by default a container is not allowed to access any devices, but a +"privileged" container is given access to all devices (see +[lxc-template.go](https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go) +and documentation on [cgroups +devices](https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). + +When the operator executes `docker run --privileged` +.literal}, Docker will enable to access to all devices on the host as +well as set some configuration in AppArmor to allow the container nearly +all the same access to the host as processes running outside containers +on the host. Additional information about running with +`--privileged` is available on the [Docker +Blog](http://blog.docker.io/2013/09/docker-can-now-run-within-docker/). + +If the Docker daemon was started using the `lxc` +exec-driver (`docker -d --exec-driver=lxc`) then the +operator can also specify LXC options using one or more +`--lxc-conf` parameters. These can be new parameters +or override existing parameters from the +[lxc-template.go](https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go). +Note that in the future, a given host’s Docker daemon may not use LXC, +so this is an implementation-specific configuration meant for operators +already familiar with using LXC directly. + +## Overriding `Dockerfile` Image Defaults + +When a developer builds an image from a +[*Dockerfile*](../builder/#dockerbuilder) or when she commits it, the +developer can set a number of default parameters that take effect when +the image starts up as a container. + +Four of the `Dockerfile` commands cannot be +overridden at runtime: `FROM, MAINTAINER, RUN`, and +`ADD`. Everything else has a corresponding override +in `docker run`. We’ll go through what the developer +might have set in each `Dockerfile` instruction and +how the operator can override that setting. + +- [CMD (Default Command or Options)](#cmd-default-command-or-options) +- [ENTRYPOINT (Default Command to Execute at + Runtime](#entrypoint-default-command-to-execute-at-runtime) +- [EXPOSE (Incoming Ports)](#expose-incoming-ports) +- [ENV (Environment Variables)](#env-environment-variables) +- [VOLUME (Shared Filesystems)](#volume-shared-filesystems) +- [USER](#user) +- [WORKDIR](#workdir) + +### [CMD (Default Command or Options)](#id12) + +Recall the optional `COMMAND` in the Docker +commandline: + + docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + +This command is optional because the person who created the +`IMAGE` may have already provided a default +`COMMAND` using the `Dockerfile` +`CMD`. As the operator (the person running a +container from the image), you can override that `CMD` +just by specifying a new `COMMAND`. + +If the image also specifies an `ENTRYPOINT` then the +`CMD` or `COMMAND` get appended +as arguments to the `ENTRYPOINT`. + +### [ENTRYPOINT (Default Command to Execute at Runtime](#id13) + + --entrypoint="": Overwrite the default entrypoint set by the image + +The ENTRYPOINT of an image is similar to a `COMMAND` +because it specifies what executable to run when the container starts, +but it is (purposely) more difficult to override. The +`ENTRYPOINT` gives a container its default nature or +behavior, so that when you set an `ENTRYPOINT` you +can run the container *as if it were that binary*, complete with default +options, and you can pass in more options via the `COMMAND` +.literal}. But, sometimes an operator may want to run something else +inside the container, so you can override the default +`ENTRYPOINT` at runtime by using a string to specify +the new `ENTRYPOINT`. Here is an example of how to +run a shell in a container that has been set up to automatically run +something else (like `/usr/bin/redis-server`): + + docker run -i -t --entrypoint /bin/bash example/redis + +or two examples of how to pass more parameters to that ENTRYPOINT: + + docker run -i -t --entrypoint /bin/bash example/redis -c ls -l + docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help + +### [EXPOSE (Incoming Ports)](#id14) + +The `Dockerfile` doesn’t give much control over +networking, only providing the `EXPOSE` instruction +to give a hint to the operator about what incoming ports might provide +services. The following options work with or override the +`Dockerfile`‘s exposed defaults: + + --expose=[]: Expose a port from the container + without publishing it to your host + -P=false : Publish all exposed ports to the host interfaces + -p=[] : Publish a container's port to the host (format: + ip:hostPort:containerPort | ip::containerPort | + hostPort:containerPort) + (use 'docker port' to see the actual mapping) + --link="" : Add link to another container (name:alias) + +As mentioned previously, `EXPOSE` (and +`--expose`) make a port available **in** a container +for incoming connections. The port number on the inside of the container +(where the service listens) does not need to be the same number as the +port exposed on the outside of the container (where clients connect), so +inside the container you might have an HTTP service listening on port 80 +(and so you `EXPOSE 80` in the +`Dockerfile`), but outside the container the port +might be 42800. + +To help a new client container reach the server container’s internal +port operator `--expose`‘d by the operator or +`EXPOSE`‘d by the developer, the operator has three +choices: start the server container with `-P` or +`-p,` or start the client container with +`--link`. + +If the operator uses `-P` or `-p` +then Docker will make the exposed port accessible on the host +and the ports will be available to any client that can reach the host. +To find the map between the host ports and the exposed ports, use +`docker port`) + +If the operator uses `--link` when starting the new +client container, then the client container can access the exposed port +via a private networking interface. Docker will set some environment +variables in the client container to help indicate which interface and +port to use. + +### [ENV (Environment Variables)](#id15) + +The operator can **set any environment variable** in the container by +using one or more `-e` flags, even overriding those +already defined by the developer with a Dockefile `ENV` +.literal}: + + $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export + declare -x HOME="/" + declare -x HOSTNAME="85bc26a0e200" + declare -x OLDPWD + declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + declare -x PWD="/" + declare -x SHLVL="1" + declare -x container="lxc" + declare -x deep="purple" + +Similarly the operator can set the **hostname** with `-h` +.literal}. + +`--link name:alias` also sets environment variables, +using the *alias* string to define environment variables within the +container that give the IP and PORT information for connecting to the +service container. Let’s imagine we have a container running Redis: + + # Start the service container, named redis-name + $ docker run -d --name redis-name dockerfiles/redis + 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 + + # The redis-name container exposed port 6379 + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4241164edf6f dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name + + # Note that there are no public ports exposed since we didn't use -p or -P + $ docker port 4241164edf6f 6379 + 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f + +Yet we can get information about the Redis container’s exposed ports +with `--link`. Choose an alias that will form a +valid environment variable! + + $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export + declare -x HOME="/" + declare -x HOSTNAME="acda7f7b1cdc" + declare -x OLDPWD + declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + declare -x PWD="/" + declare -x REDIS_ALIAS_NAME="/distracted_wright/redis" + declare -x REDIS_ALIAS_PORT="tcp://172.17.0.32:6379" + declare -x REDIS_ALIAS_PORT_6379_TCP="tcp://172.17.0.32:6379" + declare -x REDIS_ALIAS_PORT_6379_TCP_ADDR="172.17.0.32" + declare -x REDIS_ALIAS_PORT_6379_TCP_PORT="6379" + declare -x REDIS_ALIAS_PORT_6379_TCP_PROTO="tcp" + declare -x SHLVL="1" + declare -x container="lxc" + +And we can use that information to connect from another container as a +client: + + $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' + 172.17.0.32:6379> + +### [VOLUME (Shared Filesystems)](#id16) + + -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. + If "container-dir" is missing, then docker creates a new volume. + --volumes-from="": Mount all volumes from the given container(s) + +The volumes commands are complex enough to have their own documentation +in section [*Share Directories via +Volumes*](../../use/working_with_volumes/#volume-def). A developer can +define one or more `VOLUME`s associated with an +image, but only the operator can give access from one container to +another (or from a container to a volume mounted on the host). + +### [USER](#id17) + +The default user within a container is `root` (id = +0), but if the developer created additional users, those are accessible +too. The developer can set a default user to run the first process with +the `Dockerfile USER` command, but the operator can +override it + + -u="": Username or UID + +### [WORKDIR](#id18) + +The default working directory for running binaries within a container is +the root directory (`/`), but the developer can set +a different default with the `Dockerfile WORKDIR` +command. The operator can override this with: + + -w="": Working directory inside the container From 742c981b37dc7176f15f4ffff7763b1357dbb396 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 17 Apr 2014 11:11:32 +1000 Subject: [PATCH 0123/2538] simplify the docs branch process for now Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/README.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/docs/README.md b/docs/README.md index de1b1250f0..a113cb9edd 100755 --- a/docs/README.md +++ b/docs/README.md @@ -17,20 +17,21 @@ documentation. ## Branches **There are two branches related to editing docs**: ``master`` and a -``doc*`` branch (currently ``doc0.8.1``). You should normally edit -docs on a local branch of the ``master`` branch. That way your fixes +``docs`` branch. You should always edit +docs on a local branch of the ``master`` branch, and send a PR against ``master``. +That way your fixes will automatically get included in later releases, and docs maintainers -can easily cherry-pick your changes to bring over to the current docs -branch. In the rare case where your change is not forward-compatible, -then you could base your change on the appropriate ``doc*`` branch. +can easily cherry-pick your changes into the ``docs`` release branch. +In the rare case where your change is not forward-compatible, +you may need to base your changes on the ``docs`` branch. -Now that we have a ``doc*`` branch, we can keep the ``latest`` docs +Now that we have a ``docs`` branch, we can keep the [http://docs.docker.io](http://docs.docker.io) docs up to date with any bugs found between ``docker`` code releases. -**Warning**: When *reading* the docs, the ``master`` documentation may +**Warning**: When *reading* the docs, the [http://beta-docs.docker.io](http://beta-docs.docker.io) documentation may include features not yet part of any official docker -release. ``Master`` docs should be used only for understanding -bleeding-edge development and ``latest`` (which points to the ``doc*`` +release. The ``beta-docs`` site should be used only for understanding +bleeding-edge development and ``docs.docker.io`` (which points to the ``docs`` branch``) should be used for the latest official release. Getting Started @@ -38,7 +39,7 @@ Getting Started Docker documentation builds are done in a docker container, which installs all the required tools, adds the local ``docs/`` directory and builds the HTML -docs. It then starts a simple HTTP server on port 8000 so that you can connect +docs. It then starts a HTTP server on port 8000 so that you can connect and see your changes. In the ``docker`` source directory, run: From 35710efce109372056f4cc64fc23b0cd9b0b9ce9 Mon Sep 17 00:00:00 2001 From: "O.S.Tezer" Date: Thu, 17 Apr 2014 18:09:08 +0300 Subject: [PATCH 0124/2538] Fix for broken in-document links which got scrambled during conversion. Docker-DCO-1.1-Signed-off-by: O.S. Tezer (github: ostezer) --- docs/sources/reference/builder.md | 2 +- docs/sources/reference/commandline/cli.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 2c55448a41..039d10a501 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -190,7 +190,7 @@ strings in the array: If you would like your container to run the same executable every time, then you should consider using `ENTRYPOINT` in combination with `CMD`. See -[*ENTRYPOINT*](#dockerfile-entrypoint). +[*ENTRYPOINT*](#entrypoint). If the user specifies arguments to `docker run` then they will override the default specified in CMD. diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6bb0dc9e22..9575c54d2a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -854,7 +854,7 @@ to view a list of all containers. The `docker run` command can be used in combination with `docker commit` to [*change the command that a -container runs*](#cli-commit-examples). +container runs*](#commit-an-existing-container). See [*Redirect Ports*](../../../use/port_redirection/#port-redirection) for more detailed information about the `--expose`, From 57acc3cd5d061546188efb461f972e219984f35c Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Thu, 17 Apr 2014 18:55:24 -0400 Subject: [PATCH 0125/2538] Fixed #5283 - literal leftover from cutover Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/builder.md | 17 ++++--- docs/sources/reference/commandline/cli.md | 26 ++++------ docs/sources/reference/run.md | 58 ++++++++++------------- 3 files changed, 43 insertions(+), 58 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 039d10a501..c28cd883cd 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -254,9 +254,9 @@ All new files and directories are created with mode 0755, uid and gid 0. Note -if you build using STDIN (`docker build - < somefile` -.literal}), there is no build context, so the Dockerfile can only -contain an URL based ADD statement. +if you build using STDIN (`docker build - < somefile`), there is no +build context, so the Dockerfile can only contain an URL based ADD +statement. Note @@ -335,12 +335,11 @@ that you can run as an executable. That is, when you specify an `ENTRYPOINT`, then the whole container runs as if it was just that executable. -The `ENTRYPOINT` instruction adds an entry command -that will **not** be overwritten when arguments are passed to -`docker run`, unlike the behavior of `CMD` -.literal}. This allows arguments to be passed to the entrypoint. i.e. -`docker run -d` will pass the "-d" argument -to the ENTRYPOINT. +The `ENTRYPOINT` instruction adds an entry command that will **not** be +overwritten when arguments are passed to `docker run`, unlike the +behavior of `CMD`. This allows arguments to be passed to the entrypoint. +i.e. `docker run -d` will pass the "-d" argument to the +ENTRYPOINT. You can specify parameters either in the ENTRYPOINT JSON array (as in "like an exec" above), or by using a CMD statement. Parameters in the diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 9575c54d2a..60e6b7069b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -19,8 +19,7 @@ no parameters or execute `docker help`: Single character commandline options can be combined, so rather than typing `docker run -t -i --name test busybox sh`, -you can write `docker run -ti --name test busybox sh` -.literal}. +you can write `docker run -ti --name test busybox sh`. ### Boolean @@ -92,11 +91,9 @@ To set the DNS server for all Docker containers, use To set the DNS search domain for all Docker containers, use `docker -d --dns-search example.com`. -To run the daemon with debug output, use `docker -d -D` -.literal}. +To run the daemon with debug output, use `docker -d -D`. -To use lxc as the execution driver, use `docker -d -e lxc` -.literal}. +To use lxc as the execution driver, use `docker -d -e lxc`. The docker client will also honor the `DOCKER_HOST` environment variable to set the `-H` flag for the @@ -119,8 +116,7 @@ systemd in the [docker source tree](https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/). Docker supports softlinks for the Docker data directory -(`/var/lib/docker`) and for `/tmp` -.literal}. TMPDIR and the data directory can be set like this: +(`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set like this: TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 # or @@ -254,8 +250,7 @@ machine and that no parsing of the `Dockerfile` happens at the client side (where you’re running `docker build`). That means that *all* the files at `PATH` get sent, not just the ones listed to -[*ADD*](../../builder/#dockerfile-add) in the `Dockerfile` -.literal}. +[*ADD*](../../builder/#dockerfile-add) in the `Dockerfile`. The transfer of context from the local machine to the Docker daemon is what the `docker` client means when you see the @@ -658,9 +653,8 @@ Restores both images and tags. The `docker logs` command batch-retrieves all logs present at the time of execution. -The `docker logs --follow` command combines -`docker logs` and `docker attach` -.literal}: it will first return all logs from the beginning and then +The `docker logs --follow` command combines `docker logs` and `docker +attach`: it will first return all logs from the beginning and then continue streaming new output from the container’s stdout and stderr. ## `port` @@ -957,10 +951,8 @@ container). All three flags, `-e`, `--env` and `--env-file` can be repeated. Regardless of the order of these three flags, the `--env-file` -are processed first, and then `-e` -.literal}/`--env` flags. This way, the -`-e` or `--env` will override -variables as needed. +are processed first, and then `-e`, `--env` flags. This way, the +`-e` or `--env` will override variables as needed. $ cat ./env.list TEST_FOO=BAR diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 6afc130085..e8bdd1305d 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -46,8 +46,8 @@ and nearly all the defaults set by the Docker runtime itself. ## [Operator Exclusive Options](#id4) -Only the operator (the person executing `docker run` -.literal}) can set the following options. +Only the operator (the person executing `docker run`) can set the +following options. - [Detached vs Foreground](#detached-vs-foreground) - [Detached (-d)](#detached-d) @@ -72,14 +72,12 @@ default foreground mode: #### [Detached (-d)](#id3) -In detached mode (`-d=true` or just `-d` -.literal}), all I/O should be done through network connections or shared -volumes because the container is no longer listening to the commandline -where you executed `docker run`. You can reattach to -a detached container with `docker` +In detached mode (`-d=true` or just `-d`), all I/O should be done +through network connections or shared volumes because the container is +no longer listening to the commandline where you executed `docker run`. +You can reattach to a detached container with `docker` [*attach*](../commandline/cli/#cli-attach). If you choose to run a -container in the detached mode, then you cannot use the `--rm` -option. +container in the detached mode, then you cannot use the `--rm` option. #### [Foreground](#id4) @@ -196,12 +194,12 @@ by default a container is not allowed to access any devices, but a and documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). -When the operator executes `docker run --privileged` -.literal}, Docker will enable to access to all devices on the host as -well as set some configuration in AppArmor to allow the container nearly -all the same access to the host as processes running outside containers -on the host. Additional information about running with -`--privileged` is available on the [Docker +When the operator executes `docker run --privileged`, Docker will enable +to access to all devices on the host as well as set some configuration +in AppArmor to allow the container nearly all the same access to the +host as processes running outside containers on the host. Additional +information about running with `--privileged` is available on the +[Docker Blog](http://blog.docker.io/2013/09/docker-can-now-run-within-docker/). If the Docker daemon was started using the `lxc` @@ -259,19 +257,17 @@ as arguments to the `ENTRYPOINT`. --entrypoint="": Overwrite the default entrypoint set by the image -The ENTRYPOINT of an image is similar to a `COMMAND` -because it specifies what executable to run when the container starts, -but it is (purposely) more difficult to override. The -`ENTRYPOINT` gives a container its default nature or -behavior, so that when you set an `ENTRYPOINT` you -can run the container *as if it were that binary*, complete with default -options, and you can pass in more options via the `COMMAND` -.literal}. But, sometimes an operator may want to run something else -inside the container, so you can override the default -`ENTRYPOINT` at runtime by using a string to specify -the new `ENTRYPOINT`. Here is an example of how to -run a shell in a container that has been set up to automatically run -something else (like `/usr/bin/redis-server`): +The ENTRYPOINT of an image is similar to a `COMMAND` because it +specifies what executable to run when the container starts, but it is +(purposely) more difficult to override. The `ENTRYPOINT` gives a +container its default nature or behavior, so that when you set an +`ENTRYPOINT` you can run the container *as if it were that binary*, +complete with default options, and you can pass in more options via the +`COMMAND`. But, sometimes an operator may want to run something else +inside the container, so you can override the default `ENTRYPOINT` at +runtime by using a string to specify the new `ENTRYPOINT`. Here is an +example of how to run a shell in a container that has been set up to +automatically run something else (like `/usr/bin/redis-server`): docker run -i -t --entrypoint /bin/bash example/redis @@ -330,8 +326,7 @@ port to use. The operator can **set any environment variable** in the container by using one or more `-e` flags, even overriding those -already defined by the developer with a Dockefile `ENV` -.literal}: +already defined by the developer with a Dockefile `ENV`: $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export declare -x HOME="/" @@ -343,8 +338,7 @@ already defined by the developer with a Dockefile `ENV` declare -x container="lxc" declare -x deep="purple" -Similarly the operator can set the **hostname** with `-h` -.literal}. +Similarly the operator can set the **hostname** with `-h`. `--link name:alias` also sets environment variables, using the *alias* string to define environment variables within the From 34628fa8a4fad3ca03bef67f152b7982060fb670 Mon Sep 17 00:00:00 2001 From: "O.S.Tezer" Date: Fri, 18 Apr 2014 23:21:55 +0300 Subject: [PATCH 0126/2538] Mark notes and warnings, fix broken link renderings within. Docker-DCO-1.1-Signed-off-by: O.S. Tezer (github: ostezer) --- docs/sources/reference/builder.md | 49 +++++++++++++------------------ 1 file changed, 20 insertions(+), 29 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index c28cd883cd..89bf352cbc 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -195,12 +195,10 @@ combination with `CMD`. See If the user specifies arguments to `docker run` then they will override the default specified in CMD. -Note - -Don’t confuse `RUN` with `CMD`. -`RUN` actually runs a command and commits the -result; `CMD` does not execute anything at build -time, but specifies the intended command for the image. +> **Note**: +> Don’t confuse `RUN` with `CMD`. `RUN` actually runs a command and commits +> the result; `CMD` does not execute anything at build time, but specifies +> the intended command for the image. ## `EXPOSE` @@ -228,12 +226,11 @@ persist when a container is run from the resulting image. You can view the values using `docker inspect`, and change them using `docker run --env =`. -Note - -One example where this can cause unexpected consequenses, is setting -`ENV DEBIAN_FRONTEND noninteractive`. Which will -persist when the container is run interactively; for example: -`docker run -t -i image bash` +> **Note**: +> One example where this can cause unexpected consequenses, is setting +> `ENV DEBIAN_FRONTEND noninteractive`. Which will +> persist when the container is run interactively; for example: +> `docker run -t -i image bash` ## `ADD` @@ -252,18 +249,16 @@ will be copied inside the destination container. All new files and directories are created with mode 0755, uid and gid 0. -Note +> **Note**: +> If you build using STDIN (`docker build - < somefile`), there is no +> build context, so the Dockerfile can only contain an URL based ADD +> statement. -if you build using STDIN (`docker build - < somefile`), there is no -build context, so the Dockerfile can only contain an URL based ADD -statement. - -Note - -if your URL files are protected using authentication, you will need to -use an `RUN wget` , `RUN curl` -or other tool from within the container as ADD does not support -authentication. +> **Note**: +> If your URL files are protected using authentication, you will need to +> use an `RUN wget` , `RUN curl` +> or other tool from within the container as ADD does not support +> authentication. The copy obeys the following rules: @@ -450,13 +445,9 @@ For example you might add something like this: ONBUILD RUN /usr/local/bin/python-build --dir /app/src [...] -Warning +> **Warning**: Chaining ONBUILD instructions using ONBUILD ONBUILD isn’t allowed. -Chaining ONBUILD instructions using ONBUILD ONBUILD isn’t allowed. - -Warning - -ONBUILD may not trigger FROM or MAINTAINER instructions. +> **Warning**: ONBUILD may not trigger FROM or MAINTAINER instructions. ## Dockerfile Examples From 149437ff87add3d9b6b1b754517b72fed7abdb0b Mon Sep 17 00:00:00 2001 From: "O.S.Tezer" Date: Sat, 19 Apr 2014 03:35:45 +0300 Subject: [PATCH 0127/2538] =?UTF-8?q?Introducing=20sp=C4=ABritus=20l=C4=93?= =?UTF-8?q?nis=20to=20fix=20code=20highlighting=20issues=20due=20to=20apos?= =?UTF-8?q?trophe.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Docker-DCO-1.1-Signed-off-by: O.S. Tezer (github: ostezer) --- docs/sources/reference/builder.md | 2 +- docs/sources/reference/commandline/cli.md | 20 ++++++++++---------- docs/sources/reference/commandline/cli.rst | 4 ++-- docs/sources/reference/run.md | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 89bf352cbc..5c332e5c2f 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -496,5 +496,5 @@ For example you might add something like this: RUN echo moo > oink # Will output something like ===> 695d7793cbe4 - # You'll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with + # You᾿ll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with # /oink. diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 60e6b7069b..e0d896755b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -57,7 +57,7 @@ expect an integer, and they can only be specified once. -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group --api-enable-cors=false: Enable CORS headers in the remote API -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking - -bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b + -bip="": Use this CIDR notation address for the network bridge᾿s IP, not compatible with -b -d, --daemon=false: Enable daemon mode --dns=[]: Force docker to use specific DNS servers --dns-search=[]: Force Docker to use specific DNS search domains @@ -65,7 +65,7 @@ expect an integer, and they can only be specified once. --icc=true: Enable inter-container communication --ip="0.0.0.0": Default IP address to use when binding container ports --ip-forward=true: Enable net.ipv4.ip_forward - --iptables=true: Enable Docker's addition of iptables rules + --iptables=true: Enable Docker᾿s addition of iptables rules -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file -r, --restart=true: Restart previously running containers -s, --storage-driver="": Force the docker runtime to use a specific storage driver @@ -286,7 +286,7 @@ schema. Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - Create a new image from a container's changes + Create a new image from a container᾿s changes -m, --message="": Commit message -a, --author="": Author (eg. "John Hannibal Smith " @@ -323,7 +323,7 @@ maintainable way. Usage: docker diff CONTAINER - List the changed files and directories in a container's filesystem + List the changed files and directories in a container᾿s filesystem There are 3 events that are listed in the ‘diff’: @@ -408,7 +408,7 @@ For example: Show the history of an image - --no-trunc=false: Don't truncate output + --no-trunc=false: Don᾿t truncate output -q, --quiet=false: Only show numeric IDs To see how the `docker:latest` image was built: @@ -429,7 +429,7 @@ To see how the `docker:latest` image was built: List images -a, --all=false: Show all images (by default filter out the intermediate image layers) - --no-trunc=false: Don't truncate output + --no-trunc=false: Don᾿t truncate output -q, --quiet=false: Only show numeric IDs The default `docker images` will show all top level @@ -673,7 +673,7 @@ continue streaming new output from the container’s stdout and stderr. --before="": Show only container created before Id or Name, include non-running ones. -l, --latest=false: Show only the latest created container, include non-running ones. -n=-1: Show n last created containers, include non-running ones. - --no-trunc=false: Don't truncate output + --no-trunc=false: Don᾿t truncate output -q, --quiet=false: Only display numeric IDs -s, --size=false: Display sizes, not to be used with -q --since="": Show only containers created since Id or Name, include non-running ones. @@ -1104,7 +1104,7 @@ It is used to create a backup that can then be used with Search the docker index for images - --no-trunc=false: Don't truncate output + --no-trunc=false: Don᾿t truncate output -s, --stars=0: Only displays with at least xxx stars -t, --trusted=false: Only show trusted builds @@ -1118,8 +1118,8 @@ more details on finding shared images from the commandline. Start a stopped container - -a, --attach=false: Attach container's stdout/stderr and forward all signals to the process - -i, --interactive=false: Attach container's stdin + -a, --attach=false: Attach container᾿s stdout/stderr and forward all signals to the process + -i, --interactive=false: Attach container᾿s stdin ## `stop` diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 58ec24e066..87c08eb4b4 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -1338,8 +1338,8 @@ from the commandline. Start a stopped container - -a, --attach=false: Attach container's stdout/stderr and forward all signals to the process - -i, --interactive=false: Attach container's stdin + -a, --attach=false: Attach container᾿s stdout/stderr and forward all signals to the process + -i, --interactive=false: Attach container᾿s stdin .. _cli_stop: diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index e8bdd1305d..236b8065b8 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -287,7 +287,7 @@ services. The following options work with or override the --expose=[]: Expose a port from the container without publishing it to your host -P=false : Publish all exposed ports to the host interfaces - -p=[] : Publish a container's port to the host (format: + -p=[] : Publish a container᾿s port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping) @@ -354,7 +354,7 @@ service container. Let’s imagine we have a container running Redis: CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4241164edf6f dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name - # Note that there are no public ports exposed since we didn't use -p or -P + # Note that there are no public ports exposed since we didn᾿t use -p or -P $ docker port 4241164edf6f 6379 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f From 148a2be8788afe0c1fbccef4d5060cf9bff534ca Mon Sep 17 00:00:00 2001 From: "O.S.Tezer" Date: Wed, 23 Apr 2014 23:48:28 +0300 Subject: [PATCH 0128/2538] Docs auto-conversion fixes and MD marking and structure improvements. - Remove redundant chars and all errors caused by RST->MD conversion. e.g. [/#, /\, \<, />, etc.] - Fix broken inter-document links - Fix outbound links no-longer active or changed - Fix lists - Fix code blocks - Correct apostrophes - Replace redundant inline note marks for code with code marks - Fix broken image links - Remove non-functional title links - Correct broken cross-docs links - Improve readability Note: This PR does not try to fix/amend: - Grammatical errors - Lexical errors - Linguistic-logic errors etc. It just aims to fix main structural or conversion errors to serve as a base for further amendments that will cover others including but not limited to those mentioned above. Docker-DCO-1.1-Signed-off-by: O.S. Tezer (github: ostezer) Update: - Fix backtick issues Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.md | 390 ++++++------- docs/sources/reference/commandline/cli.md | 675 ++++++++++------------ docs/sources/reference/run.md | 301 +++++----- 3 files changed, 635 insertions(+), 731 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 5c332e5c2f..c976c118d7 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -4,23 +4,21 @@ page_keywords: builder, docker, Dockerfile, automation, image creation # Dockerfile Reference -**Docker can act as a builder** and read instructions from a text -`Dockerfile` to automate the steps you would -otherwise take manually to create an image. Executing -`docker build` will run your steps and commit them -along the way, giving you a final image. +**Docker can act as a builder** and read instructions from a text *Dockerfile* +to automate the steps you would otherwise take manually to create an image. +Executing `docker build` will run your steps and commit them along the way, +giving you a final image. ## Usage -To [*build*](../commandline/cli/#cli-build) an image from a source -repository, create a description file called `Dockerfile` -at the root of your repository. This file will describe the -steps to assemble the image. +To [*build*](../commandline/cli/#cli-build) an image from a source repository, +create a description file called Dockerfile at the root of your repository. +This file will describe the steps to assemble the image. -Then call `docker build` with the path of your -source repository as argument (for example, `.`): +Then call `docker build` with the path of you source repository as argument +(for example, `.`): -> `sudo docker build .` + sudo docker build . The path to the source repository defines where to find the *context* of the build. The build is run by the Docker daemon, not by the CLI, so the @@ -30,7 +28,7 @@ whole context must be transferred to the daemon. The Docker CLI reports You can specify a repository and tag at which to save the new image if the build succeeds: -> `sudo docker build -t shykes/myapp .` + sudo docker build -t shykes/myapp . The Docker daemon will run your steps one-by-one, committing the result to a new image if necessary, before finally outputting the ID of your @@ -38,12 +36,11 @@ new image. The Docker daemon will automatically clean up the context you sent. Note that each instruction is run independently, and causes a new image -to be created - so `RUN cd /tmp` will not have any -effect on the next instructions. +to be created - so `RUN cd /tmp` will not have any effect on the next +instructions. Whenever possible, Docker will re-use the intermediate images, -accelerating `docker build` significantly (indicated -by `Using cache`): +accelerating `docker build` significantly (indicated by `Using cache`): $ docker build -t SvenDowideit/ambassador . Uploading context 10.24 kB @@ -58,9 +55,9 @@ by `Using cache`): ---> 1a5ffc17324d Successfully built 1a5ffc17324d -When you’re done with your build, you’re ready to look into [*Pushing a -repository to its -registry*](../../use/workingwithrepository/#image-push). +When you're done with your build, you're ready to look into +[*Pushing a repository to its registry*]( +../../use/workingwithrepository/#image-push). ## Format @@ -83,84 +80,73 @@ be treated as an argument. This allows statements like: # Comment RUN echo 'we are running some # of cool things' -Here is the set of instructions you can use in a `Dockerfile` +Here is the set of instructions you can use in a Dockerfile for building images. -## `FROM` +## FROM -> `FROM ` + FROM Or -> `FROM :` + FROM : -The `FROM` instruction sets the [*Base -Image*](../../terms/image/#base-image-def) for subsequent instructions. -As such, a valid Dockerfile must have `FROM` as its -first instruction. The image can be any valid image – it is especially -easy to start by **pulling an image** from the [*Public -Repositories*](../../use/workingwithrepository/#using-public-repositories). +The `FROM` instruction sets the [*Base Image*](../../terms/image/#base-image-def) +for subsequent instructions. As such, a valid Dockerfile must have `FROM` as +its first instruction. The image can be any valid image – it is especially easy +to start by **pulling an image** from the [*Public Repositories*]( +../../use/workingwithrepository/#using-public-repositories). -`FROM` must be the first non-comment instruction in -the `Dockerfile`. +`FROM` must be the first non-comment instruction in the Dockerfile. -`FROM` can appear multiple times within a single -Dockerfile in order to create multiple images. Simply make a note of the -last image id output by the commit before each new `FROM` -command. +`FROM` can appear multiple times within a single Dockerfile in order to create +multiple images. Simply make a note of the last image id output by the commit +before each new `FROM` command. -If no `tag` is given to the `FROM` -instruction, `latest` is assumed. If the +If no `tag` is given to the `FROM` instruction, `latest` is assumed. If the used tag does not exist, an error will be returned. -## `MAINTAINER` +## MAINTAINER -> `MAINTAINER ` + MAINTAINER -The `MAINTAINER` instruction allows you to set the -*Author* field of the generated images. +The `MAINTAINER` instruction allows you to set the *Author* field of the +generated images. -## `RUN` +## RUN RUN has 2 forms: -- `RUN ` (the command is run in a shell - - `/bin/sh -c`) -- `RUN ["executable", "param1", "param2"]` (*exec* - form) +- `RUN ` (the command is run in a shell - `/bin/sh -c`) +- `RUN ["executable", "param1", "param2"]` (*exec* form) -The `RUN` instruction will execute any commands in a -new layer on top of the current image and commit the results. The -resulting committed image will be used for the next step in the -Dockerfile. +The `RUN` instruction will execute any commands in a new layer on top of the +current image and commit the results. The resulting committed image will be +used for the next step in the Dockerfile. -Layering `RUN` instructions and generating commits -conforms to the core concepts of Docker where commits are cheap and -containers can be created from any point in an image’s history, much -like source control. +Layering `RUN` instructions and generating commits conforms to the core +concepts of Docker where commits are cheap and containers can be created from +any point in an image's history, much like source control. -The *exec* form makes it possible to avoid shell string munging, and to -`RUN` commands using a base image that does not -contain `/bin/sh`. +The *exec* form makes it possible to avoid shell string munging, and to `RUN` +commands using a base image that does not contain `/bin/sh`. ### Known Issues (RUN) -- [Issue 783](https://github.com/dotcloud/docker/issues/783) is about - file permissions problems that can occur when using the AUFS file - system. You might notice it during an attempt to `rm` - a file, for example. The issue describes a workaround. -- [Issue 2424](https://github.com/dotcloud/docker/issues/2424) Locale - will not be set automatically. +- [Issue 783](https://github.com/dotcloud/docker/issues/783) is about file + permissions problems that can occur when using the AUFS file system. You + might notice it during an attempt to `rm` a file, for example. The issue + describes a workaround. +- [Issue 2424](https://github.com/dotcloud/docker/issues/2424) Locale will + not be set automatically. -## `CMD` +## CMD CMD has three forms: -- `CMD ["executable","param1","param2"]` (like an - *exec*, preferred form) -- `CMD ["param1","param2"]` (as *default - parameters to ENTRYPOINT*) -- `CMD command param1 param2` (as a *shell*) +- `CMD ["executable","param1","param2"]` (like an *exec*, preferred form) +- `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*) +- `CMD command param1 param2` (as a *shell*) There can only be one CMD in a Dockerfile. If you list more than one CMD then only the last CMD will take effect. @@ -169,83 +155,75 @@ then only the last CMD will take effect. container.** These defaults can include an executable, or they can omit the executable, in which case you must specify an ENTRYPOINT as well. -When used in the shell or exec formats, the `CMD` -instruction sets the command to be executed when running the image. +When used in the shell or exec formats, the `CMD` instruction sets the command +to be executed when running the image. -If you use the *shell* form of the CMD, then the `` -will execute in `/bin/sh -c`: +If you use the *shell* form of the CMD, then the `` will execute in +`/bin/sh -c`: FROM ubuntu CMD echo "This is a test." | wc - -If you want to **run your** `` **without a -shell** then you must express the command as a JSON array and give the -full path to the executable. **This array form is the preferred format -of CMD.** Any additional parameters must be individually expressed as -strings in the array: +If you want to **run your** `` **without a shell** then you must +express the command as a JSON array and give the full path to the executable. +**This array form is the preferred format of CMD.** Any additional parameters +must be individually expressed as strings in the array: FROM ubuntu CMD ["/usr/bin/wc","--help"] -If you would like your container to run the same executable every time, -then you should consider using `ENTRYPOINT` in -combination with `CMD`. See +If you would like your container to run the same executable every time, then +you should consider using `ENTRYPOINT` in combination with `CMD`. See [*ENTRYPOINT*](#entrypoint). -If the user specifies arguments to `docker run` then -they will override the default specified in CMD. +If the user specifies arguments to `docker run` then they will override the +default specified in CMD. > **Note**: -> Don’t confuse `RUN` with `CMD`. `RUN` actually runs a command and commits +> don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits > the result; `CMD` does not execute anything at build time, but specifies > the intended command for the image. -## `EXPOSE` +## EXPOSE -> `EXPOSE [...]` + EXPOSE [...] -The `EXPOSE` instructions informs Docker that the -container will listen on the specified network ports at runtime. Docker -uses this information to interconnect containers using links (see +The `EXPOSE` instructions informs Docker that the container will listen on the +specified network ports at runtime. Docker uses this information to interconnect +containers using links (see [*links*](../../use/working_with_links_names/#working-with-links-names)), -and to setup port redirection on the host system (see [*Redirect -Ports*](../../use/port_redirection/#port-redirection)). +and to setup port redirection on the host system (see [*Redirect Ports*]( +../../use/port_redirection/#port-redirection)). -## `ENV` +## ENV -> `ENV ` + ENV -The `ENV` instruction sets the environment variable -`` to the value ``. -This value will be passed to all future `RUN` -instructions. This is functionally equivalent to prefixing the command -with `=` +The `ENV` instruction sets the environment variable `` to the value +``. This value will be passed to all future `RUN` instructions. This is +functionally equivalent to prefixing the command with `=` -The environment variables set using `ENV` will -persist when a container is run from the resulting image. You can view -the values using `docker inspect`, and change them -using `docker run --env =`. +The environment variables set using `ENV` will persist when a container is run +from the resulting image. You can view the values using `docker inspect`, and +change them using `docker run --env =`. > **Note**: > One example where this can cause unexpected consequenses, is setting -> `ENV DEBIAN_FRONTEND noninteractive`. Which will -> persist when the container is run interactively; for example: -> `docker run -t -i image bash` +> `ENV DEBIAN_FRONTEND noninteractive`. Which will persist when the container +> is run interactively; for example: `docker run -t -i image bash` -## `ADD` +## ADD -> `ADD ` + ADD -The `ADD` instruction will copy new files from -\ and add them to the container’s filesystem at path -``. +The `ADD` instruction will copy new files from `` and add them to the +container's filesystem at path ``. -`` must be the path to a file or directory -relative to the source directory being built (also called the *context* -of the build) or a remote file URL. +`` must be the path to a file or directory relative to the source directory +being built (also called the *context* of the build) or a remote file URL. -`` is the absolute path to which the source -will be copied inside the destination container. +`` is the absolute path to which the source will be copied inside the +destination container. All new files and directories are created with mode 0755, uid and gid 0. @@ -262,79 +240,64 @@ All new files and directories are created with mode 0755, uid and gid 0. The copy obeys the following rules: -- The `` path must be inside the *context* of - the build; you cannot `ADD ../something /something` -, because the first step of a `docker build` - is to send the context directory (and subdirectories) to - the docker daemon. +- The `` path must be inside the *context* of the build; + you cannot `ADD ../something /something`, because the first step of a + `docker build` is to send the context directory (and subdirectories) to the + docker daemon. -- If `` is a URL and `` - does not end with a trailing slash, then a file is - downloaded from the URL and copied to ``. +- If `` is a URL and `` does not end with a trailing slash, then a + file is downloaded from the URL and copied to ``. -- If `` is a URL and `` - does end with a trailing slash, then the filename is - inferred from the URL and the file is downloaded to - `/`. For instance, - `ADD http://example.com/foobar /` would create - the file `/foobar`. The URL must have a - nontrivial path so that an appropriate filename can be discovered in - this case (`http://example.com` will not work). +- If `` is a URL and `` does end with a trailing slash, then the + filename is inferred from the URL and the file is downloaded to + `/`. For instance, `ADD http://example.com/foobar /` would + create the file `/foobar`. The URL must have a nontrivial path so that an + appropriate filename can be discovered in this case (`http://example.com` + will not work). -- If `` is a directory, the entire directory - is copied, including filesystem metadata. +- If `` is a directory, the entire directory is copied, including + filesystem metadata. -- If `` is a *local* tar archive in a - recognized compression format (identity, gzip, bzip2 or xz) then it - is unpacked as a directory. Resources from *remote* URLs are **not** - decompressed. +- If `` is a *local* tar archive in a recognized compression format + (identity, gzip, bzip2 or xz) then it is unpacked as a directory. Resources + from *remote* URLs are **not** decompressed. When a directory is copied or + unpacked, it has the same behavior as `tar -x`: the result is the union of: - When a directory is copied or unpacked, it has the same behavior as - `tar -x`: the result is the union of + 1. whatever existed at the destination path and + 2. the contents of the source tree, with conflicts resolved in favor of + "2." on a file-by-file basis. - 1. whatever existed at the destination path and - 2. the contents of the source tree, +- If `` is any other kind of file, it is copied individually along with + its metadata. In this case, if `` ends with a trailing slash `/`, it + will be considered a directory and the contents of `` will be written + at `/base()`. - with conflicts resolved in favor of "2." on a file-by-file basis. +- If `` does not end with a trailing slash, it will be considered a + regular file and the contents of `` will be written at ``. -- If `` is any other kind of file, it is - copied individually along with its metadata. In this case, if - `` ends with a trailing slash - `/`, it will be considered a directory and the - contents of `` will be written at - `/base()`. +- If `` doesn't exist, it is created along with all missing directories + in its path. -- If `` does not end with a trailing slash, - it will be considered a regular file and the contents of - `` will be written at `` -. - -- If `` doesn’t exist, it is created along - with all missing directories in its path. - -## `ENTRYPOINT` +## ENTRYPOINT ENTRYPOINT has two forms: -- `ENTRYPOINT ["executable", "param1", "param2"]` - (like an *exec*, preferred form) -- `ENTRYPOINT command param1 param2` (as a - *shell*) +- `ENTRYPOINT ["executable", "param1", "param2"]` + (like an *exec*, preferred form) +- `ENTRYPOINT command param1 param2` + (as a *shell*) -There can only be one `ENTRYPOINT` in a Dockerfile. -If you have more than one `ENTRYPOINT`, then only -the last one in the Dockerfile will have an effect. +There can only be one `ENTRYPOINT` in a Dockerfile. If you have more than one +`ENTRYPOINT`, then only the last one in the Dockerfile will have an effect. -An `ENTRYPOINT` helps you to configure a container -that you can run as an executable. That is, when you specify an -`ENTRYPOINT`, then the whole container runs as if it -was just that executable. +An `ENTRYPOINT` helps you to configure a container that you can run as an +executable. That is, when you specify an `ENTRYPOINT`, then the whole container +runs as if it was just that executable. The `ENTRYPOINT` instruction adds an entry command that will **not** be -overwritten when arguments are passed to `docker run`, unlike the -behavior of `CMD`. This allows arguments to be passed to the entrypoint. -i.e. `docker run -d` will pass the "-d" argument to the -ENTRYPOINT. +overwritten when arguments are passed to `docker run`, unlike the behavior +of `CMD`. This allows arguments to be passed to the entrypoint. i.e. +`docker run -d` will pass the "-d" argument to the ENTRYPOINT. You can specify parameters either in the ENTRYPOINT JSON array (as in "like an exec" above), or by using a CMD statement. Parameters in the @@ -342,13 +305,13 @@ ENTRYPOINT will not be overridden by the `docker run` arguments, but parameters specified via CMD will be overridden by `docker run` arguments. -Like a `CMD`, you can specify a plain string for the -ENTRYPOINT and it will execute in `/bin/sh -c`: +Like a `CMD`, you can specify a plain string for the `ENTRYPOINT` and it will +execute in `/bin/sh -c`: FROM ubuntu ENTRYPOINT wc -l - -For example, that Dockerfile’s image will *always* take stdin as input +For example, that Dockerfile's image will *always* take stdin as input ("-") and print the number of lines ("-l"). If you wanted to make this optional but default, you could use a CMD: @@ -356,44 +319,41 @@ optional but default, you could use a CMD: CMD ["-l", "-"] ENTRYPOINT ["/usr/bin/wc"] -## `VOLUME` +## VOLUME -> `VOLUME ["/data"]` + VOLUME ["/data"] -The `VOLUME` instruction will create a mount point -with the specified name and mark it as holding externally mounted -volumes from native host or other containers. For more -information/examples and mounting instructions via docker client, refer -to [*Share Directories via -Volumes*](../../use/working_with_volumes/#volume-def) documentation. +The `VOLUME` instruction will create a mount point with the specified name +and mark it as holding externally mounted volumes from native host or other +containers. For more information/examples and mounting instructions via docker +client, refer to [*Share Directories via Volumes*]( +../../use/working_with_volumes/#volume-def) documentation. -## `USER` +## USER -> `USER daemon` + USER daemon -The `USER` instruction sets the username or UID to -use when running the image. +The `USER` instruction sets the username or UID to use when running the image. -## `WORKDIR` +## WORKDIR -> `WORKDIR /path/to/workdir` + WORKDIR /path/to/workdir -The `WORKDIR` instruction sets the working directory -for the `RUN`, `CMD` and +The `WORKDIR` instruction sets the working directory for the `RUN`, `CMD` and `ENTRYPOINT` Dockerfile commands that follow it. It can be used multiple times in the one Dockerfile. If a relative path -is provided, it will be relative to the path of the previous -`WORKDIR` instruction. For example: +is provided, it will be relative to the path of the previous `WORKDIR` +instruction. For example: -> WORKDIR /a WORKDIR b WORKDIR c RUN pwd + WORKDIR /a WORKDIR b WORKDIR c RUN pwd The output of the final `pwd` command in this Dockerfile would be `/a/b/c`. -## `ONBUILD` +## ONBUILD -> `ONBUILD [INSTRUCTION]` + ONBUILD [INSTRUCTION] The `ONBUILD` instruction adds to the image a "trigger" instruction to be executed at a later time, when the image is @@ -410,7 +370,7 @@ daemon which may be customized with user-specific configuration. For example, if your image is a reusable python application builder, it will require application source code to be added in a particular directory, and it might require a build script to be called *after* -that. You can’t just call *ADD* and *RUN* now, because you don’t yet +that. You can't just call *ADD* and *RUN* now, because you don't yet have access to the application source code, and it will be different for each application build. You could simply provide application developers with a boilerplate Dockerfile to copy-paste into their application, but @@ -420,23 +380,23 @@ mixes with application-specific code. The solution is to use *ONBUILD* to register in advance instructions to run later, during the next build stage. -Here’s how it works: +Here's how it works: -1. When it encounters an *ONBUILD* instruction, the builder adds a - trigger to the metadata of the image being built. The instruction - does not otherwise affect the current build. -2. At the end of the build, a list of all triggers is stored in the - image manifest, under the key *OnBuild*. They can be inspected with - *docker inspect*. -3. Later the image may be used as a base for a new build, using the - *FROM* instruction. As part of processing the *FROM* instruction, - the downstream builder looks for *ONBUILD* triggers, and executes - them in the same order they were registered. If any of the triggers - fail, the *FROM* instruction is aborted which in turn causes the - build to fail. If all triggers succeed, the FROM instruction - completes and the build continues as usual. -4. Triggers are cleared from the final image after being executed. In - other words they are not inherited by "grand-children" builds. +1. When it encounters an *ONBUILD* instruction, the builder adds a + trigger to the metadata of the image being built. The instruction + does not otherwise affect the current build. +2. At the end of the build, a list of all triggers is stored in the + image manifest, under the key *OnBuild*. They can be inspected with + *docker inspect*. +3. Later the image may be used as a base for a new build, using the + *FROM* instruction. As part of processing the *FROM* instruction, + the downstream builder looks for *ONBUILD* triggers, and executes + them in the same order they were registered. If any of the triggers + fail, the *FROM* instruction is aborted which in turn causes the + build to fail. If all triggers succeed, the FROM instruction + completes and the build continues as usual. +4. Triggers are cleared from the final image after being executed. In + other words they are not inherited by "grand-children" builds. For example you might add something like this: @@ -445,7 +405,7 @@ For example you might add something like this: ONBUILD RUN /usr/local/bin/python-build --dir /app/src [...] -> **Warning**: Chaining ONBUILD instructions using ONBUILD ONBUILD isn’t allowed. +> **Warning**: Chaining ONBUILD instructions using ONBUILD ONBUILD isn't allowed. > **Warning**: ONBUILD may not trigger FROM or MAINTAINER instructions. diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e0d896755b..d59bd37674 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -4,8 +4,8 @@ page_keywords: Docker, Docker documentation, CLI, command line # Command Line -To list available commands, either run `docker` with -no parameters or execute `docker help`: +To list available commands, either run `docker` with no parameters +or execute `docker help`: $ sudo docker Usage: docker [OPTIONS] COMMAND [arg...] @@ -33,13 +33,11 @@ will set the value to the opposite of the default value. ### Multi -Options like `-a=[]` indicate they can be specified -multiple times: +Options like `-a=[]` indicate they can be specified multiple times: docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash -Sometimes this can use a more complex value string, as for -`-v`: +Sometimes this can use a more complex value string, as for `-v`: docker run -v /host:/container example/mysql @@ -49,9 +47,10 @@ Options like `--name=""` expect a string, and they can only be specified once. Options like `-c=0` expect an integer, and they can only be specified once. -## `daemon` +## daemon Usage of docker: + -D, --debug=false: Enable debug mode -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group @@ -95,9 +94,8 @@ To run the daemon with debug output, use `docker -d -D`. To use lxc as the execution driver, use `docker -d -e lxc`. -The docker client will also honor the `DOCKER_HOST` -environment variable to set the `-H` flag for the -client. +The docker client will also honor the `DOCKER_HOST` environment variable to set +the `-H` flag for the client. docker -H tcp://0.0.0.0:4243 ps # or @@ -105,32 +103,32 @@ client. docker ps # both are equal -To run the daemon with [systemd socket -activation](http://0pointer.de/blog/projects/socket-activation.html), -use `docker -d -H fd://`. Using `fd://` -will work perfectly for most setups but you can also specify -individual sockets too `docker -d -H fd://3`. If the -specified socket activated files aren’t found then docker will exit. You +To run the daemon with [systemd socket activation]( +http://0pointer.de/blog/projects/socket-activation.html), use +`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but +you can also specify individual sockets too `docker -d -H fd://3`. If the +specified socket activated files aren't found then docker will exit. You can find examples of using systemd socket activation with docker and -systemd in the [docker source -tree](https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/). +systemd in the [docker source tree]( +https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/). Docker supports softlinks for the Docker data directory -(`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set like this: +(`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set +like this: TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 # or export TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 -## `attach` +## attach + +Attach to a running container. Usage: docker attach CONTAINER - Attach to a running container. - - --no-stdin=false: Do not attach stdin - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + --no-stdin=false: Do not attach stdin + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) The `attach` command will allow you to view or interact with any running container, detached (`-d`) @@ -141,7 +139,7 @@ progress of your daemonized process. You can detach from the container again (and leave it running) with `CTRL-C` (for a quiet exit) or `CTRL-\` to get a stacktrace of the Docker client when it quits. When -you detach from the container’s process the exit code will be returned +you detach from the container's process the exit code will be returned to the client. To stop a container, use `docker stop`. @@ -182,34 +180,34 @@ To kill the container, use `docker kill`. ^C$ $ sudo docker stop $ID -## `build` +## build + +Build a new container image from the source code at PATH Usage: docker build [OPTIONS] PATH | URL | - - Build a new container image from the source code at PATH - -t, --tag="": Repository name (and optionally a tag) to be applied - to the resulting image in case of success. - -q, --quiet=false: Suppress the verbose output generated by the containers. - --no-cache: Do not use the cache when building the image. - --rm=true: Remove intermediate containers after a successful build -Use this command to build Docker images from a `Dockerfile` + -t, --tag="": Repository name (and optionally a tag) to be applied + to the resulting image in case of success. + -q, --quiet=false: Suppress the verbose output generated by the containers. + --no-cache: Do not use the cache when building the image. + --rm=true: Remove intermediate containers after a successful build + +Use this command to build Docker images from a Dockerfile and a "context". -The files at `PATH` or `URL` are -called the "context" of the build. The build process may refer to any of -the files in the context, for example when using an -[*ADD*](../../builder/#dockerfile-add) instruction. When a single -`Dockerfile` is given as `URL`, -then no context is set. +The files at `PATH` or `URL` are called the "context" of the build. The build +process may refer to any of the files in the context, for example when using an +[*ADD*](../../builder/#dockerfile-add) instruction. When a single Dockerfile is +given as `URL`, then no context is set. When a Git repository is set as `URL`, then the repository is used as the context. The Git repository is cloned with its submodules (git clone –recursive). A fresh git clone occurs in a temporary directory on your local host, and then this is sent to the Docker daemon as the context. This way, your local user credentials and -vpn’s etc can be used to access private repositories +vpn's etc can be used to access private repositories -See also +See also: [*Dockerfile Reference*](../../builder/#dockerbuilder). @@ -243,14 +241,14 @@ See also This example specifies that the `PATH` is `.`, and so all the files in the local directory get -tar’d and sent to the Docker daemon. The `PATH` +tar`d and sent to the Docker daemon. The `PATH` specifies where to find the files for the "context" of the build on the Docker daemon. Remember that the daemon could be running on a remote -machine and that no parsing of the `Dockerfile` -happens at the client side (where you’re running +machine and that no parsing of the Dockerfile +happens at the client side (where you're running `docker build`). That means that *all* the files at `PATH` get sent, not just the ones listed to -[*ADD*](../../builder/#dockerfile-add) in the `Dockerfile`. +[*ADD*](../../builder/#dockerfile-add) in the Dockerfile. The transfer of context from the local machine to the Docker daemon is what the `docker` client means when you see the @@ -268,30 +266,30 @@ and the tag will be `2.0` $ sudo docker build - < Dockerfile -This will read a `Dockerfile` from *stdin* without +This will read a Dockerfile from *stdin* without context. Due to the lack of a context, no contents of any local directory will be sent to the `docker` daemon. Since -there is no context, a `Dockerfile` `ADD` +there is no context, a Dockerfile `ADD` only works if it refers to a remote URL. $ sudo docker build github.com/creack/docker-firefox This will clone the GitHub repository and use the cloned repository as -context. The `Dockerfile` at the root of the -repository is used as `Dockerfile`. Note that you +context. The Dockerfile at the root of the +repository is used as Dockerfile. Note that you can specify an arbitrary Git repository by using the `git://` schema. -## `commit` +## commit + +Create a new image from a container᾿s changes Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - Create a new image from a container᾿s changes + -m, --message="": Commit message + -a, --author="": Author (eg. "John Hannibal Smith " - -m, --message="": Commit message - -a, --author="": Author (eg. "John Hannibal Smith " - -It can be useful to commit a container’s file changes or settings into a +It can be useful to commit a container's file changes or settings into a new image. This allows you debug a container by running an interactive shell, or to export a working dataset to another server. Generally, it is better to use Dockerfiles to manage your images in a documented and @@ -309,27 +307,27 @@ maintainable way. REPOSITORY TAG ID CREATED VIRTUAL SIZE SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB -## `cp` +## cp + +Copy files/folders from the containers filesystem to the host +path. Paths are relative to the root of the filesystem. Usage: docker cp CONTAINER:PATH HOSTPATH - Copy files/folders from the containers filesystem to the host - path. Paths are relative to the root of the filesystem. - $ sudo docker cp 7bb0e258aefe:/etc/debian_version . $ sudo docker cp blue_frog:/etc/hosts . -## `diff` +## diff + +List the changed files and directories in a container᾿s filesystem Usage: docker diff CONTAINER - List the changed files and directories in a container᾿s filesystem +There are 3 events that are listed in the `diff`: -There are 3 events that are listed in the ‘diff’: - -1. `` `A` `` - Add -2. `` `D` `` - Delete -3. `` `C` `` - Change +1. `A` - Add +2. `D` - Delete +3. `C` - Change For example: @@ -347,12 +345,12 @@ For example: A /go/src/github.com/dotcloud/docker/.git .... -## `events` +## events + +Get real time events from the server Usage: docker events - Get real time events from the server - --since="": Show all events created since timestamp (either seconds since epoch, or date string as below) --until="": Show events created before timestamp @@ -360,24 +358,24 @@ For example: ### Examples -You’ll need two shells for this example. +You'll need two shells for this example. -#### Shell 1: Listening for events +**Shell 1: Listening for events:** $ sudo docker events -#### Shell 2: Start and Stop a Container +**Shell 2: Start and Stop a Container:** $ sudo docker start 4386fb97867d $ sudo docker stop 4386fb97867d -#### Shell 1: (Again .. now showing events) +**Shell 1: (Again .. now showing events):** [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop -#### Show events in the past from a specified time +**Show events in the past from a specified time:** $ sudo docker events --since 1378216169 [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die @@ -392,24 +390,24 @@ You’ll need two shells for this example. [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop -## `export` +## export + +Export the contents of a filesystem as a tar archive to STDOUT Usage: docker export CONTAINER - Export the contents of a filesystem as a tar archive to STDOUT - For example: $ sudo docker export red_panda > latest.tar -## `history` +## history + +Show the history of an image Usage: docker history [OPTIONS] IMAGE - Show the history of an image - - --no-trunc=false: Don᾿t truncate output - -q, --quiet=false: Only show numeric IDs + --no-trunc=false: Don᾿t truncate output + -q, --quiet=false: Only show numeric IDs To see how the `docker:latest` image was built: @@ -422,15 +420,15 @@ To see how the `docker:latest` image was built: 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B -## `images` +## images + +List images Usage: docker images [OPTIONS] [NAME] - List images - - -a, --all=false: Show all images (by default filter out the intermediate image layers) - --no-trunc=false: Don᾿t truncate output - -q, --quiet=false: Only show numeric IDs + -a, --all=false: Show all images (by default filter out the intermediate image layers) + --no-trunc=false: Don᾿t truncate output + -q, --quiet=false: Only show numeric IDs The default `docker images` will show all top level images, their repository and tags, and their virtual size. @@ -468,7 +466,7 @@ by default. tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB -## `import` +## import Usage: docker import URL|- [REPOSITORY[:TAG]] @@ -483,19 +481,19 @@ data from *stdin*. ### Examples -#### Import from a remote location +**Import from a remote location:** This will create a new untagged image. $ sudo docker import http://example.com/exampleimage.tgz -#### Import from a local file +**Import from a local file:** Import to docker via pipe and *stdin*. $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new -#### Import from a local directory +**Import from a local directory:** $ sudo tar -c . | docker import - exampleimagedir @@ -504,12 +502,12 @@ the ownership of the files (especially root ownership) during the archiving with tar. If you are not root (or the sudo command) when you tar, then the ownerships might not get preserved. -## `info` +## info + +Display system-wide information. Usage: docker info - Display system-wide information. - $ sudo docker info Containers: 292 Images: 194 @@ -522,44 +520,43 @@ tar, then the ownerships might not get preserved. Kernel Version: 3.8.0-33-generic WARNING: No swap limit support -When sending issue reports, please use `docker version` -and `docker info` to ensure we know how -your setup is configured. +When sending issue reports, please use `docker version` and `docker info` to +ensure we know how your setup is configured. -## `inspect` +## inspect + +Return low-level information on a container/image Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] - Return low-level information on a container/image - - -f, --format="": Format the output using the given go template. + -f, --format="": Format the output using the given go template. By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. -Go’s [text/template](http://golang.org/pkg/text/template/) package +Go's[text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. ### Examples -#### Get an instance’s IP Address +**Get an instance'sIP Address:** For the most part, you can pick out any field from the JSON in a fairly straightforward manner. $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID -#### List All Port Bindings +**List All Port Bindings:** One can loop over arrays and maps in the results to produce simple text output: $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID -#### Find a Specific Port Mapping +**Find a Specific Port Mapping:** -The `.Field` syntax doesn’t work when the field name -begins with a number, but the template language’s `index` +The `.Field` syntax doesn't work when the field name +begins with a number, but the template language's `index` function does. The `.NetworkSettings.Ports` section contains a map of the internal port mappings to a list of external address/port objects, so to grab just the numeric public @@ -570,43 +567,43 @@ the public address. $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID -#### Get config +**Get config:** -The `.Field` syntax doesn’t work when the field -contains JSON data, but the template language’s custom `json` +The `.Field` syntax doesn't work when the field +contains JSON data, but the template language's custom `json` function does. The `.config` section contains complex json object, so to grab it as JSON, you use `json` to convert config object into JSON $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID -## `kill` +## kill + +Kill a running container (send SIGKILL, or specified signal) Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - Kill a running container (send SIGKILL, or specified signal) - - -s, --signal="KILL": Signal to send to the container + -s, --signal="KILL": Signal to send to the container The main process inside the container will be sent SIGKILL, or any signal specified with option `--signal`. ### Known Issues (kill) -- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates - that `docker kill` may leave directories behind - and make it difficult to remove the container. -- [Issue 3844](https://github.com/dotcloud/docker/issues/3844) lxc - 1.0.0 beta3 removed `lcx-kill` which is used by - Docker versions before 0.8.0; see the issue for a workaround. +- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates + that `docker kill` may leave directories behind + and make it difficult to remove the container. +- [Issue 3844](https://github.com/dotcloud/docker/issues/3844) lxc + 1.0.0 beta3 removed `lcx-kill` which is used by + Docker versions before 0.8.0; see the issue for a workaround. -## `load` +## load + +Load an image from a tar archive on STDIN Usage: docker load - Load an image from a tar archive on STDIN - - -i, --input="": Read from a tar archive file, instead of STDIN + -i, --input="": Read from a tar archive file, instead of STDIN Loads a tarred repository from a file or the standard input stream. Restores both images and tags. @@ -626,28 +623,28 @@ Restores both images and tags. fedora heisenbug 58394af37342 7 weeks ago 385.5 MB fedora latest 58394af37342 7 weeks ago 385.5 MB -## `login` +## login + +Register or Login to the docker registry server Usage: docker login [OPTIONS] [SERVER] - Register or Login to the docker registry server - -e, --email="": Email -p, --password="": Password -u, --username="": Username - If you want to login to a private registry you can - specify this by adding the server name. +If you want to login to a private registry you can +specify this by adding the server name. example: docker login localhost:8080 -## `logs` +## logs + +Fetch the logs of a container Usage: docker logs [OPTIONS] CONTAINER - Fetch the logs of a container - -f, --follow=false: Follow log output The `docker logs` command batch-retrieves all logs @@ -655,28 +652,28 @@ present at the time of execution. The `docker logs --follow` command combines `docker logs` and `docker attach`: it will first return all logs from the beginning and then -continue streaming new output from the container’s stdout and stderr. +continue streaming new output from the container'sstdout and stderr. -## `port` +## port Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT +Lookup the public-facing port which is NAT-ed to PRIVATE_PORT -## `ps` +## ps + +List containers Usage: docker ps [OPTIONS] - List containers - - -a, --all=false: Show all containers. Only running containers are shown by default. - --before="": Show only container created before Id or Name, include non-running ones. - -l, --latest=false: Show only the latest created container, include non-running ones. - -n=-1: Show n last created containers, include non-running ones. - --no-trunc=false: Don᾿t truncate output - -q, --quiet=false: Only display numeric IDs - -s, --size=false: Display sizes, not to be used with -q - --since="": Show only containers created since Id or Name, include non-running ones. + -a, --all=false: Show all containers. Only running containers are shown by default. + --before="": Show only container created before Id or Name, include non-running ones. + -l, --latest=false: Show only the latest created container, include non-running ones. + -n=-1: Show n last created containers, include non-running ones. + --no-trunc=false: Don᾿t truncate output + -q, --quiet=false: Only display numeric IDs + -s, --size=false: Display sizes, not to be used with -q + --since="": Show only containers created since Id or Name, include non-running ones. Running `docker ps` showing 2 linked containers. @@ -685,21 +682,20 @@ Running `docker ps` showing 2 linked containers. 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db -`docker ps` will show only running containers by -default. To see all containers: `docker ps -a` +`docker ps` will show only running containers by default. To see all containers: +`docker ps -a` -## `pull` +## pull + +Pull an image or a repository from the registry Usage: docker pull NAME[:TAG] - Pull an image or a repository from the registry - Most of your images will be created on top of a base image from the -\([https://index.docker.io](https://index.docker.io)). +Docker Index ([https://index.docker.io](https://index.docker.io)). The Docker Index contains many pre-built images that you can -`pull` and try without needing to define and -configure your own. +`pull` and try without needing to define and configure your own. To download a particular image, or set of images (i.e., a repository), use `docker pull`: @@ -711,31 +707,32 @@ use `docker pull`: # it is based on. (typically the empty `scratch` image, a MAINTAINERs layer, # and the un-tared base. -## `push` +## push + +Push an image or a repository to the registry Usage: docker push NAME[:TAG] - Push an image or a repository to the registry - Use `docker push` to share your images on public or private registries. -## `restart` +## restart + +Restart a running container Usage: docker restart [OPTIONS] NAME - Restart a running container + -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 - -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 +## rm -## `rm` +Remove one or more containers Usage: docker rm [OPTIONS] CONTAINER - Remove one or more containers - -l, --link="": Remove the link instead of the actual container - -f, --force=false: Force removal of running container - -v, --volumes=false: Remove the volumes associated to the container + -l, --link="": Remove the link instead of the actual container + -f, --force=false: Force removal of running container + -v, --volumes=false: Remove the volumes associated to the container ### Known Issues (rm) @@ -765,18 +762,18 @@ This command will delete all stopped containers. The command IDs and pass them to the `rm` command which will delete them. Any running containers will not be deleted. -## `rmi` +## rmi + +Remove one or more images Usage: docker rmi IMAGE [IMAGE...] - Remove one or more images - - -f, --force=false: Force - --no-prune=false: Do not delete untagged parents + -f, --force=false: Force + --no-prune=false: Do not delete untagged parents ### Removing tagged images -Images can be removed either by their short or long ID’s, or their image +Images can be removed either by their short or long ID`s, or their image names. If an image has more than one name, each of them needs to be removed before the image is removed. @@ -802,86 +799,79 @@ removed before the image is removed. Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 -## `run` +## run + +Run a command in a new container Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - Run a command in a new container + -a, --attach=map[]: Attach to stdin, stdout or stderr + -c, --cpu-shares=0: CPU shares (relative weight) + --cidfile="": Write the container ID to the file + -d, --detach=false: Detached mode: Run container in the background, print new container id + -e, --env=[]: Set environment variables + --env-file="": Read in a line delimited file of ENV variables + -h, --hostname="": Container host name + -i, --interactive=false: Keep stdin open even if not attached + --privileged=false: Give extended privileges to this container + -m, --memory="": Memory limit (format: , where unit = b, k, m or g) + -n, --networking=true: Enable networking for this container + -p, --publish=[]: Map a network port to the container + --rm=false: Automatically remove the container when it exits (incompatible with -d) + -t, --tty=false: Allocate a pseudo-tty + -u, --user="": Username or UID + --dns=[]: Set custom dns servers for the container + --dns-search=[]: Set custom DNS search domains for the container + -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. + --volumes-from="": Mount all volumes from the given container(s) + --entrypoint="": Overwrite the default entrypoint set by the image + -w, --workdir="": Working directory inside the container + --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + --expose=[]: Expose a port from the container without publishing it to your host + --link="": Add link to another container (name:alias) + --name="": Assign the specified name to the container. If no name is specific docker will generate a random name + -P, --publish-all=false: Publish all exposed ports to the host interfaces - -a, --attach=map[]: Attach to stdin, stdout or stderr - -c, --cpu-shares=0: CPU shares (relative weight) - --cidfile="": Write the container ID to the file - -d, --detach=false: Detached mode: Run container in the background, print new container id - -e, --env=[]: Set environment variables - --env-file="": Read in a line delimited file of ENV variables - -h, --hostname="": Container host name - -i, --interactive=false: Keep stdin open even if not attached - --privileged=false: Give extended privileges to this container - -m, --memory="": Memory limit (format: , where unit = b, k, m or g) - -n, --networking=true: Enable networking for this container - -p, --publish=[]: Map a network port to the container - --rm=false: Automatically remove the container when it exits (incompatible with -d) - -t, --tty=false: Allocate a pseudo-tty - -u, --user="": Username or UID - --dns=[]: Set custom dns servers for the container - --dns-search=[]: Set custom DNS search domains for the container - -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - --entrypoint="": Overwrite the default entrypoint set by the image - -w, --workdir="": Working directory inside the container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - --expose=[]: Expose a port from the container without publishing it to your host - --link="": Add link to another container (name:alias) - --name="": Assign the specified name to the container. If no name is specific docker will generate a random name - -P, --publish-all=false: Publish all exposed ports to the host interfaces +The `docker run` command first `creates` a writeable container layer over the +specified image, and then `starts` it using the specified command. That is, +`docker run` is equivalent to the API `/containers/create` then +`/containers/(id)/start`. A stopped container can be restarted with all its +previous changes intact using `docker start`. See `docker ps -a` to view a list +of all containers. -The `docker run` command first `creates` -a writeable container layer over the specified image, and then -`starts` it using the specified command. That is, -`docker run` is equivalent to the API -`/containers/create` then -`/containers/(id)/start`. A stopped container can be -restarted with all its previous changes intact using -`docker start`. See `docker ps -a` -to view a list of all containers. - -The `docker run` command can be used in combination -with `docker commit` to [*change the command that a -container runs*](#commit-an-existing-container). +The `docker run` command can be used in combination with `docker commit` to +[*change the command that a container runs*](#commit-an-existing-container). See [*Redirect Ports*](../../../use/port_redirection/#port-redirection) -for more detailed information about the `--expose`, -`-p`, `-P` and -`--link` parameters, and [*Link -Containers*](../../../use/working_with_links_names/#working-with-links-names) -for specific examples using `--link`. +for more detailed information about the `--expose`, `-p`, `-P` and `--link` +parameters, and [*Link Containers*]( +../../../use/working_with_links_names/#working-with-links-names) for specific +examples using `--link`. ### Known Issues (run –volumes-from) -- [Issue 2702](https://github.com/dotcloud/docker/issues/2702): - "lxc-start: Permission denied - failed to mount" could indicate a - permissions problem with AppArmor. Please see the issue for a - workaround. +- [Issue 2702](https://github.com/dotcloud/docker/issues/2702): + "lxc-start: Permission denied - failed to mount" could indicate a + permissions problem with AppArmor. Please see the issue for a + workaround. ### Examples: $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" -This will create a container and print `test` to the -console. The `cidfile` flag makes Docker attempt to -create a new file and write the container ID to it. If the file exists -already, Docker will return an error. Docker will close this file when -`docker run` exits. +This will create a container and print `test` to the console. The `cidfile` +flag makes Docker attempt to create a new file and write the container ID to it. +If the file exists already, Docker will return an error. Docker will close this +file when `docker run` exits. $ sudo docker run -t -i --rm ubuntu bash root@bc338942ef20:/# mount -t tmpfs none /mnt mount: permission denied -This will *not* work, because by default, most potentially dangerous -kernel capabilities are dropped; including `cap_sys_admin` -(which is required to mount filesystems). However, the -`--privileged` flag will allow it to run: +This will *not* work, because by default, most potentially dangerous kernel +capabilities are dropped; including `cap_sys_admin` (which is required to mount +filesystems). However, the `--privileged` flag will allow it to run: $ sudo docker run --privileged ubuntu bash root@50e3f57e16e6:/# mount -t tmpfs none /mnt @@ -889,30 +879,27 @@ kernel capabilities are dropped; including `cap_sys_admin` Filesystem Size Used Avail Use% Mounted on none 1.9G 0 1.9G 0% /mnt -The `--privileged` flag gives *all* capabilities to -the container, and it also lifts all the limitations enforced by the -`device` cgroup controller. In other words, the -container can then do almost everything that the host can do. This flag -exists to allow special use-cases, like running Docker within Docker. +The `--privileged` flag gives *all* capabilities to the container, and it also +lifts all the limitations enforced by the `device` cgroup controller. In other +words, the container can then do almost everything that the host can do. This +flag exists to allow special use-cases, like running Docker within Docker. $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd -The `-w` lets the command being executed inside -directory given, here `/path/to/dir/`. If the path -does not exists it is created inside the container. +The `-w` lets the command being executed inside directory given, here +`/path/to/dir/`. If the path does not exists it is created inside the container. $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd -The `-v` flag mounts the current working directory -into the container. The `-w` lets the command being -executed inside the current working directory, by changing into the -directory to the value returned by `pwd`. So this +The `-v` flag mounts the current working directory into the container. The `-w` +lets the command being executed inside the current working directory, by +changing into the directory to the value returned by `pwd`. So this combination executes the command using the container, but inside the current working directory. $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash -When the host directory of a bind-mounted volume doesn’t exist, Docker +When the host directory of a bind-mounted volume doesn't exist, Docker will automatically create this directory on the host for you. In the example above, Docker will create the `/doesnt/exist` folder before starting your container. @@ -920,49 +907,43 @@ folder before starting your container. $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh By bind-mounting the docker unix socket and statically linked docker -binary (such as that provided by -[https://get.docker.io](https://get.docker.io)), you give the container -the full access to create and manipulate the host’s docker daemon. +binary (such as that provided by [https://get.docker.io]( +https://get.docker.io)), you give the container the full access to create and +manipulate the host's docker daemon. $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash -This binds port `8080` of the container to port -`80` on `127.0.0.1` of the host -machine. [*Redirect -Ports*](../../../use/port_redirection/#port-redirection) explains in -detail how to manipulate ports in Docker. +This binds port `8080` of the container to port `80` on `127.0.0.1` of the host +machine. [*Redirect Ports*](../../../use/port_redirection/#port-redirection) +explains in detail how to manipulate ports in Docker. $ sudo docker run --expose 80 ubuntu bash -This exposes port `80` of the container for use -within a link without publishing the port to the host system’s -interfaces. [*Redirect -Ports*](../../../use/port_redirection/#port-redirection) explains in -detail how to manipulate ports in Docker. +This exposes port `80` of the container for use within a link without publishing +the port to the host system's interfaces. [*Redirect Ports*]( +../../../use/port_redirection/#port-redirection) explains in detail how to +manipulate ports in Docker. $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash -This sets environmental variables in the container. For illustration all -three flags are shown here. Where `-e`, -`--env` take an environment variable and value, or -if no "=" is provided, then that variable’s current value is passed -through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the -container). All three flags, `-e`, `--env` -and `--env-file` can be repeated. +This sets environmental variables in the container. For illustration all three +flags are shown here. Where `-e`, `--env` take an environment variable and +value, or if no "=" is provided, then that variable's current value is passed +through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All +three flags, `-e`, `--env` and `--env-file` can be repeated. -Regardless of the order of these three flags, the `--env-file` -are processed first, and then `-e`, `--env` flags. This way, the -`-e` or `--env` will override variables as needed. +Regardless of the order of these three flags, the `--env-file` are processed +first, and then `-e`, `--env` flags. This way, the `-e` or `--env` will +override variables as needed. $ cat ./env.list TEST_FOO=BAR $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO TEST_FOO=This is a test -The `--env-file` flag takes a filename as an -argument and expects each line to be in the VAR=VAL format, mimicking -the argument passed to `--env`. Comment lines need -only be prefixed with `#` +The `--env-file` flag takes a filename as an argument and expects each line +to be in the VAR=VAL format, mimicking the argument passed to `--env`. Comment +lines need only be prefixed with `#` An example of a file passed with `--env-file` @@ -991,48 +972,44 @@ This will create and run a new container with the container name being $ sudo docker run --link /redis:redis --name console ubuntu bash -The `--link` flag will link the container named -`/redis` into the newly created container with the -alias `redis`. The new container can access the -network and environment of the redis container via environment -variables. The `--name` flag will assign the name -`console` to the newly created container. +The `--link` flag will link the container named `/redis` into the newly +created container with the alias `redis`. The new container can access the +network and environment of the redis container via environment variables. +The `--name` flag will assign the name `console` to the newly created +container. $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd -The `--volumes-from` flag mounts all the defined -volumes from the referenced containers. Containers can be specified by a -comma separated list or by repetitions of the `--volumes-from` -argument. The container ID may be optionally suffixed with -`:ro` or `:rw` to mount the -volumes in read-only or read-write mode, respectively. By default, the -volumes are mounted in the same mode (read write or read only) as the -reference container. +The `--volumes-from` flag mounts all the defined volumes from the referenced +containers. Containers can be specified by a comma separated list or by +repetitions of the `--volumes-from` argument. The container ID may be +optionally suffixed with `:ro` or `:rw` to mount the volumes in read-only +or read-write mode, respectively. By default, the volumes are mounted in +the same mode (read write or read only) as the reference container. -The `-a` flag tells `docker run` -to bind to the container’s stdin, stdout or stderr. This makes it -possible to manipulate the output and input as needed. +The `-a` flag tells `docker run` to bind to the container'sstdin, stdout or +stderr. This makes it possible to manipulate the output and input as needed. $ sudo echo "test" | docker run -i -a stdin ubuntu cat - -This pipes data into a container and prints the container’s ID by -attaching only to the container’s stdin. +This pipes data into a container and prints the container's ID by attaching +only to the container'sstdin. $ sudo docker run -a stderr ubuntu echo test -This isn’t going to print anything unless there’s an error because we’ve -only attached to the stderr of the container. The container’s logs still -store what’s been written to stderr and stdout. +This isn't going to print anything unless there's an error because We've +only attached to the stderr of the container. The container's logs still + store what's been written to stderr and stdout. $ sudo cat somefile | docker run -i -a stdin mybuilder dobuild This is how piping a file into a container could be done for a build. -The container’s ID will be printed after the build is done and the build +The container's ID will be printed after the build is done and the build logs could be retrieved using `docker logs`. This is useful if you need to pipe a file or something else into a container and -retrieve the container’s ID once the container has finished running. +retrieve the container's ID once the container has finished running. -#### A complete example +**A complete example:** $ sudo docker run -d --name static static-web-files sh $ sudo docker run -d --expose=8098 --name riak riakserver @@ -1043,45 +1020,33 @@ retrieve the container’s ID once the container has finished running. This example shows 5 containers that might be set up to test a web application change: -1. Start a pre-prepared volume image `static-web-files` - (in the background) that has CSS, image and static HTML in - it, (with a `VOLUME` instruction in the - `Dockerfile` to allow the web server to use - those files); -2. Start a pre-prepared `riakserver` image, give - the container name `riak` and expose port - `8098` to any containers that link to it; -3. Start the `appserver` image, restricting its - memory usage to 100MB, setting two environment variables - `DEVELOPMENT` and `BRANCH` - and bind-mounting the current directory (`$(pwd)` -) in the container in read-only mode as - `/app/bin`; -4. Start the `webserver`, mapping port - `443` in the container to port `1443` - on the Docker server, setting the DNS server to - `dns.dev.org` and DNS search domain to - `dev.org`, creating a volume to put the log - files into (so we can access it from another container), then - importing the files from the volume exposed by the - `static` container, and linking to all exposed - ports from `riak` and `app`. - Lastly, we set the hostname to `web.sven.dev.org` - so its consistent with the pre-generated SSL certificate; -5. Finally, we create a container that runs - `tail -f access.log` using the logs volume from - the `web` container, setting the workdir to - `/var/log/httpd`. The `--rm` - option means that when the container exits, the container’s layer is - removed. +1. Start a pre-prepared volume image `static-web-files` (in the background) + that has CSS, image and static HTML in it, (with a `VOLUME` instruction in + the Dockerfile to allow the web server to use those files); +2. Start a pre-prepared `riakserver` image, give the container name `riak` and + expose port `8098` to any containers that link to it; +3. Start the `appserver` image, restricting its memory usage to 100MB, setting + two environment variables `DEVELOPMENT` and `BRANCH` and bind-mounting the + current directory (`$(pwd)`) in the container in read-only mode as `/app/bin`; +4. Start the `webserver`, mapping port `443` in the container to port `1443` on + the Docker server, setting the DNS server to `dns.dev.org` and DNS search + domain to `dev.org`, creating a volume to put the log files into (so we can + access it from another container), then importing the files from the volume + exposed by the `static` container, and linking to all exposed ports from + `riak` and `app`. Lastly, we set the hostname to `web.sven.dev.org` so its + consistent with the pre-generated SSL certificate; +5. Finally, we create a container that runs `tail -f access.log` using the logs + volume from the `web` container, setting the workdir to `/var/log/httpd`. The + `--rm` option means that when the container exits, the container's layer is + removed. -## `save` +## save + +Save an image to a tar archive (streamed to stdout by default) Usage: docker save IMAGE - Save an image to a tar archive (streamed to stdout by default) - - -o, --output="": Write to an file, instead of STDOUT + -o, --output="": Write to an file, instead of STDOUT Produces a tarred repository to the standard output stream. Contains all parent layers, and all tags + versions, or specified repo:tag. @@ -1098,65 +1063,65 @@ It is used to create a backup that can then be used with $ sudo docker save -o fedora-all.tar fedora $ sudo docker save -o fedora-latest.tar fedora:latest -## `search` +## search + +Search the docker index for images Usage: docker search TERM - Search the docker index for images - --no-trunc=false: Don᾿t truncate output -s, --stars=0: Only displays with at least xxx stars -t, --trusted=false: Only show trusted builds -See [*Find Public Images on the Central -Index*](../../../use/workingwithrepository/#searching-central-index) for +See [*Find Public Images on the Central Index*]( +../../../use/workingwithrepository/#searching-central-index) for more details on finding shared images from the commandline. -## `start` +## start + +Start a stopped container Usage: docker start [OPTIONS] CONTAINER - Start a stopped container - -a, --attach=false: Attach container᾿s stdout/stderr and forward all signals to the process -i, --interactive=false: Attach container᾿s stdin -## `stop` +## stop + +Stop a running container (Send SIGTERM, and then SIGKILL after grace period) Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a running container (Send SIGTERM, and then SIGKILL after grace period) - - -t, --time=10: Number of seconds to wait for the container to stop before killing it. + -t, --time=10: Number of seconds to wait for the container to stop before killing it. The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL -## `tag` +## tag + +Tag an image into a repository Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] - Tag an image into a repository - - -f, --force=false: Force + -f, --force=false: Force You can group your images together using names and tags, and then upload -them to [*Share Images via -Repositories*](../../../use/workingwithrepository/#working-with-the-repository). +them to [*Share Images via Repositories*]( +../../../use/workingwithrepository/#working-with-the-repository). -## `top` +## top Usage: docker top CONTAINER [ps OPTIONS] - Lookup the running processes of a container +Lookup the running processes of a container -## `version` +## version Show the version of the Docker client, daemon, and latest released version. -## `wait` +## wait Usage: docker wait [OPTIONS] NAME - Block until a container stops, then print its exit code. +Block until a container stops, then print its exit code. \ No newline at end of file diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 236b8065b8..f6f132a09d 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -2,7 +2,7 @@ page_title: Docker Run Reference page_description: Configure containers at runtime page_keywords: docker, run, configure, runtime -# [Docker Run Reference](#id2) +# Docker Run Reference **Docker runs processes in isolated containers**. When an operator executes `docker run`, she starts a process with its @@ -10,59 +10,60 @@ own file system, its own networking, and its own isolated process tree. The [*Image*](../../terms/image/#image-def) which starts the process may define defaults related to the binary to run, the networking to expose, and more, but `docker run` gives final control to -the operator who starts the container from the image. That’s the main -reason [*run*](../commandline/cli/#cli-run) has more options than any +the operator who starts the container from the image. That's the main +reason [*run*](../../commandline/cli/#cli-run) has more options than any other `docker` command. Every one of the [*Examples*](../../examples/#example-list) shows running containers, and so here we try to give more in-depth guidance. -## [General Form](#id3) +## General Form -As you’ve seen in the [*Examples*](../../examples/#example-list), the +As you`ve seen in the [*Examples*](../../examples/#example-list), the basic run command takes this form: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] To learn how to interpret the types of `[OPTIONS]`, -see [*Option types*](../commandline/cli/#cli-options). +see [*Option types*](../../commandline/cli/#cli-options). The list of `[OPTIONS]` breaks down into two groups: -1. Settings exclusive to operators, including: - - Detached or Foreground running, - - Container Identification, - - Network settings, and - - Runtime Constraints on CPU and Memory - - Privileges and LXC Configuration +1. Settings exclusive to operators, including: -2. Setting shared between operators and developers, where operators can - override defaults developers set in images at build time. + - Detached or Foreground running, + - Container Identification, + - Network settings, and + - Runtime Constraints on CPU and Memory + - Privileges and LXC Configuration + +2. Setting shared between operators and developers, where operators can + override defaults developers set in images at build time. Together, the `docker run [OPTIONS]` give complete control over runtime behavior to the operator, allowing them to override all defaults set by the developer during `docker build` and nearly all the defaults set by the Docker runtime itself. -## [Operator Exclusive Options](#id4) +## Operator Exclusive Options Only the operator (the person executing `docker run`) can set the following options. -- [Detached vs Foreground](#detached-vs-foreground) - - [Detached (-d)](#detached-d) - - [Foreground](#foreground) -- [Container Identification](#container-identification) - - [Name (–name)](#name-name) - - [PID Equivalent](#pid-equivalent) -- [Network Settings](#network-settings) -- [Clean Up (–rm)](#clean-up-rm) -- [Runtime Constraints on CPU and + - [Detached vs Foreground](#detached-vs-foreground) + - [Detached (-d)](#detached-d) + - [Foreground](#foreground) + - [Container Identification](#container-identification) + - [Name (–name)](#name-name) + - [PID Equivalent](#pid-equivalent) + - [Network Settings](#network-settings) + - [Clean Up (–rm)](#clean-up-rm) + - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory) -- [Runtime Privilege and LXC + - [Runtime Privilege and LXC Configuration](#runtime-privilege-and-lxc-configuration) -### [Detached vs Foreground](#id2) +## Detached vs Foreground When starting a Docker container, you must first decide if you want to run the container in the background in a "detached" mode or in the @@ -70,53 +71,50 @@ default foreground mode: -d=false: Detached mode: Run container in the background, print new container id -#### [Detached (-d)](#id3) +### Detached (-d) In detached mode (`-d=true` or just `-d`), all I/O should be done through network connections or shared volumes because the container is no longer listening to the commandline where you executed `docker run`. You can reattach to a detached container with `docker` -[*attach*](../commandline/cli/#cli-attach). If you choose to run a +[*attach*](commandline/cli/#attach). If you choose to run a container in the detached mode, then you cannot use the `--rm` option. -#### [Foreground](#id4) +### Foreground -In foreground mode (the default when `-d` is not -specified), `docker run` can start the process in -the container and attach the console to the process’s standard input, -output, and standard error. It can even pretend to be a TTY (this is -what most commandline executables expect) and pass along signals. All of -that is configurable: +In foreground mode (the default when `-d` is not specified), `docker run` +can start the process in the container and attach the console to the process's +standard input, output, and standard error. It can even pretend to be a TTY +(this is what most commandline executables expect) and pass along signals. All +of that is configurable: -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` -t=false : Allocate a pseudo-tty --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) -i=false : Keep STDIN open even if not attached -If you do not specify `-a` then Docker will [attach -everything -(stdin,stdout,stderr)](https://github.com/dotcloud/docker/blob/75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). -You can specify to which of the three standard streams -(`stdin`, `stdout`, -`stderr`) you’d like to connect instead, as in: +If you do not specify `-a` then Docker will [attach everything (stdin,stdout,stderr)]( +https://github.com/dotcloud/docker/blob/ +75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). You can specify to which +of the three standard streams (`stdin`, `stdout`, `stderr`) you'd like to connect +instead, as in: docker run -a stdin -a stdout -i -t ubuntu /bin/bash -For interactive processes (like a shell) you will typically want a tty -as well as persistent standard input (`stdin`), so -you’ll use `-i -t` together in most interactive -cases. +For interactive processes (like a shell) you will typically want a tty as well as +persistent standard input (`stdin`), so you'll use `-i -t` together in most +interactive cases. -### [Container Identification](#id5) +## Container Identification -#### [Name (–name)](#id6) +### Name (–name) The operator can identify a container in three ways: - UUID long identifier ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") - UUID short identifier ("f78375b1c487") -- Name ("evil\_ptolemy") +- Name ("evil_ptolemy") The UUID identifiers come from the Docker daemon, and if you do not assign a name to the container with `--name` then @@ -127,16 +125,16 @@ name when defining (or any other place you need to identify a container). This works for both background and foreground Docker containers. -#### [PID Equivalent](#id7) +### PID Equivalent And finally, to help with automation, you can have Docker write the container ID out to a file of your choosing. This is similar to how some -programs might write out their process ID to a file (you’ve seen them as +programs might write out their process ID to a file (you`ve seen them as PID files): --cidfile="": Write the container ID to the file -### [Network Settings](#id8) +## Network Settings -n=true : Enable networking for this container --dns=[] : Set custom dns servers for the container @@ -150,19 +148,19 @@ files or STDIN/STDOUT only. Your container will use the same DNS servers as the host by default, but you can override this with `--dns`. -### [Clean Up (–rm)](#id9) +## Clean Up (–rm) -By default a container’s file system persists even after the container +By default a container's file system persists even after the container exits. This makes debugging a lot easier (since you can inspect the final state) and you retain all your data by default. But if you are running short-term **foreground** processes, these container file -systems can really pile up. If instead you’d like Docker to +systems can really pile up. If instead you'd like Docker to **automatically clean up the container and remove the file system when the container exits**, you can add the `--rm` flag: --rm=false: Automatically remove the container when it exits (incompatible with -d) -### [Runtime Constraints on CPU and Memory](#id10) +## Runtime Constraints on CPU and Memory The operator can also adjust the performance parameters of the container: @@ -181,7 +179,7 @@ the same priority and get the same proportion of CPU cycles, but you can tell the kernel to give more shares of CPU time to one or more containers when you start them via Docker. -### [Runtime Privilege and LXC Configuration](#id11) +## Runtime Privilege and LXC Configuration --privileged=false: Give extended privileges to this container --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" @@ -189,71 +187,63 @@ containers when you start them via Docker. By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a -"privileged" container is given access to all devices (see -[lxc-template.go](https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go) -and documentation on [cgroups -devices](https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). +"privileged" container is given access to all devices (see [lxc-template.go]( +https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go) +and documentation on [cgroups devices]( +https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). When the operator executes `docker run --privileged`, Docker will enable to access to all devices on the host as well as set some configuration in AppArmor to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with `--privileged` is available on the -[Docker -Blog](http://blog.docker.io/2013/09/docker-can-now-run-within-docker/). +[Docker Blog](http://blog.docker.io/2013/09/docker-can-now-run-within-docker/). -If the Docker daemon was started using the `lxc` -exec-driver (`docker -d --exec-driver=lxc`) then the -operator can also specify LXC options using one or more -`--lxc-conf` parameters. These can be new parameters -or override existing parameters from the -[lxc-template.go](https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go). -Note that in the future, a given host’s Docker daemon may not use LXC, -so this is an implementation-specific configuration meant for operators -already familiar with using LXC directly. +If the Docker daemon was started using the `lxc` exec-driver +(`docker -d --exec-driver=lxc`) then the operator can also specify LXC options +using one or more `--lxc-conf` parameters. These can be new parameters or +override existing parameters from the [lxc-template.go]( +https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go). +Note that in the future, a given host's docker daemon may not use LXC, so this +is an implementation-specific configuration meant for operators already +familiar with using LXC directly. -## Overriding `Dockerfile` Image Defaults +## Overriding Dockerfile Image Defaults -When a developer builds an image from a -[*Dockerfile*](../builder/#dockerbuilder) or when she commits it, the -developer can set a number of default parameters that take effect when -the image starts up as a container. +When a developer builds an image from a [*Dockerfile*](builder/#dockerbuilder) +or when she commits it, the developer can set a number of default parameters +that take effect when the image starts up as a container. -Four of the `Dockerfile` commands cannot be -overridden at runtime: `FROM, MAINTAINER, RUN`, and -`ADD`. Everything else has a corresponding override -in `docker run`. We’ll go through what the developer -might have set in each `Dockerfile` instruction and -how the operator can override that setting. +Four of the Dockerfile commands cannot be overridden at runtime: `FROM`, +`MAINTAINER`, `RUN`, and `ADD`. Everything else has a corresponding override +in `docker run`. We'll go through what the developer might have set in each +Dockerfile instruction and how the operator can override that setting. -- [CMD (Default Command or Options)](#cmd-default-command-or-options) -- [ENTRYPOINT (Default Command to Execute at - Runtime](#entrypoint-default-command-to-execute-at-runtime) -- [EXPOSE (Incoming Ports)](#expose-incoming-ports) -- [ENV (Environment Variables)](#env-environment-variables) -- [VOLUME (Shared Filesystems)](#volume-shared-filesystems) -- [USER](#user) -- [WORKDIR](#workdir) + - [CMD (Default Command or Options)](#cmd-default-command-or-options) + - [ENTRYPOINT (Default Command to Execute at Runtime]( + #entrypoint-default-command-to-execute-at-runtime) + - [EXPOSE (Incoming Ports)](#expose-incoming-ports) + - [ENV (Environment Variables)](#env-environment-variables) + - [VOLUME (Shared Filesystems)](#volume-shared-filesystems) + - [USER](#user) + - [WORKDIR](#workdir) -### [CMD (Default Command or Options)](#id12) +## CMD (Default Command or Options) Recall the optional `COMMAND` in the Docker commandline: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] -This command is optional because the person who created the -`IMAGE` may have already provided a default -`COMMAND` using the `Dockerfile` -`CMD`. As the operator (the person running a -container from the image), you can override that `CMD` -just by specifying a new `COMMAND`. +This command is optional because the person who created the `IMAGE` may have +already provided a default `COMMAND` using the Dockerfile `CMD`. As the +operator (the person running a container from the image), you can override that +`CMD` just by specifying a new `COMMAND`. -If the image also specifies an `ENTRYPOINT` then the -`CMD` or `COMMAND` get appended -as arguments to the `ENTRYPOINT`. +If the image also specifies an `ENTRYPOINT` then the `CMD` or `COMMAND` get +appended as arguments to the `ENTRYPOINT`. -### [ENTRYPOINT (Default Command to Execute at Runtime](#id13) +## ENTRYPOINT (Default Command to Execute at Runtime --entrypoint="": Overwrite the default entrypoint set by the image @@ -276,13 +266,12 @@ or two examples of how to pass more parameters to that ENTRYPOINT: docker run -i -t --entrypoint /bin/bash example/redis -c ls -l docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help -### [EXPOSE (Incoming Ports)](#id14) +## EXPOSE (Incoming Ports) -The `Dockerfile` doesn’t give much control over -networking, only providing the `EXPOSE` instruction -to give a hint to the operator about what incoming ports might provide -services. The following options work with or override the -`Dockerfile`‘s exposed defaults: +The Dockerfile doesn't give much control over networking, only providing the +`EXPOSE` instruction to give a hint to the operator about what incoming ports +might provide services. The following options work with or override the +Dockerfile's exposed defaults: --expose=[]: Expose a port from the container without publishing it to your host @@ -293,40 +282,34 @@ services. The following options work with or override the (use 'docker port' to see the actual mapping) --link="" : Add link to another container (name:alias) -As mentioned previously, `EXPOSE` (and -`--expose`) make a port available **in** a container -for incoming connections. The port number on the inside of the container -(where the service listens) does not need to be the same number as the -port exposed on the outside of the container (where clients connect), so -inside the container you might have an HTTP service listening on port 80 -(and so you `EXPOSE 80` in the -`Dockerfile`), but outside the container the port -might be 42800. +As mentioned previously, `EXPOSE` (and `--expose`) make a port available **in** +a container for incoming connections. The port number on the inside of the +container (where the service listens) does not need to be the same number as the +port exposed on the outside of the container (where clients connect), so inside +the container you might have an HTTP service listening on port 80 (and so you +`EXPOSE 80` in the Dockerfile), but outside the container the port might be +42800. -To help a new client container reach the server container’s internal -port operator `--expose`‘d by the operator or -`EXPOSE`‘d by the developer, the operator has three -choices: start the server container with `-P` or -`-p,` or start the client container with -`--link`. +To help a new client container reach the server container's internal port +operator `--expose``d by the operator or `EXPOSE``d by the developer, the +operator has three choices: start the server container with `-P` or `-p,` or +start the client container with `--link`. -If the operator uses `-P` or `-p` -then Docker will make the exposed port accessible on the host -and the ports will be available to any client that can reach the host. -To find the map between the host ports and the exposed ports, use -`docker port`) +If the operator uses `-P` or `-p` then Docker will make the exposed port +accessible on the host and the ports will be available to any client that +can reach the host. To find the map between the host ports and the exposed +ports, use `docker port`) -If the operator uses `--link` when starting the new -client container, then the client container can access the exposed port -via a private networking interface. Docker will set some environment -variables in the client container to help indicate which interface and -port to use. +If the operator uses `--link` when starting the new client container, then the +client container can access the exposed port via a private networking interface. +Docker will set some environment variables in the client container to help +indicate which interface and port to use. -### [ENV (Environment Variables)](#id15) +## ENV (Environment Variables) -The operator can **set any environment variable** in the container by -using one or more `-e` flags, even overriding those -already defined by the developer with a Dockefile `ENV`: +The operator can **set any environment variable** in the container by using one +or more `-e` flags, even overriding those already defined by the developer with +a Dockefile `ENV`: $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export declare -x HOME="/" @@ -340,10 +323,10 @@ already defined by the developer with a Dockefile `ENV`: Similarly the operator can set the **hostname** with `-h`. -`--link name:alias` also sets environment variables, -using the *alias* string to define environment variables within the -container that give the IP and PORT information for connecting to the -service container. Let’s imagine we have a container running Redis: +`--link name:alias` also sets environment variables, using the *alias* string to +define environment variables within the container that give the IP and PORT +information for connecting to the service container. Let's imagine we have a +container running Redis: # Start the service container, named redis-name $ docker run -d --name redis-name dockerfiles/redis @@ -358,7 +341,7 @@ service container. Let’s imagine we have a container running Redis: $ docker port 4241164edf6f 6379 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f -Yet we can get information about the Redis container’s exposed ports +Yet we can get information about the Redis container'sexposed ports with `--link`. Choose an alias that will form a valid environment variable! @@ -377,40 +360,36 @@ valid environment variable! declare -x SHLVL="1" declare -x container="lxc" -And we can use that information to connect from another container as a -client: +And we can use that information to connect from another container as a client: $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' 172.17.0.32:6379> -### [VOLUME (Shared Filesystems)](#id16) +## VOLUME (Shared Filesystems) -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "container-dir" is missing, then docker creates a new volume. --volumes-from="": Mount all volumes from the given container(s) -The volumes commands are complex enough to have their own documentation -in section [*Share Directories via -Volumes*](../../use/working_with_volumes/#volume-def). A developer can -define one or more `VOLUME`s associated with an -image, but only the operator can give access from one container to -another (or from a container to a volume mounted on the host). +The volumes commands are complex enough to have their own documentation in +section [*Share Directories via Volumes*](../../use/working_with_volumes/#volume-def). +A developer can define one or more `VOLUME's associated with an image, but only the +operator can give access from one container to another (or from a container to a +volume mounted on the host). -### [USER](#id17) +## USER -The default user within a container is `root` (id = -0), but if the developer created additional users, those are accessible -too. The developer can set a default user to run the first process with -the `Dockerfile USER` command, but the operator can -override it +The default user within a container is `root` (id = 0), but if the developer +created additional users, those are accessible too. The developer can set a +default user to run the first process with the `Dockerfile USER` command, +but the operator can override it: -u="": Username or UID -### [WORKDIR](#id18) +## WORKDIR -The default working directory for running binaries within a container is -the root directory (`/`), but the developer can set -a different default with the `Dockerfile WORKDIR` -command. The operator can override this with: +The default working directory for running binaries within a container is the +root directory (`/`), but the developer can set a different default with the +Dockerfile `WORKDIR` command. The operator can override this with: -w="": Working directory inside the container From ecc2740a94d8b938b0163136e03c7ca48cd622a9 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 24 Apr 2014 22:12:21 +1000 Subject: [PATCH 0129/2538] Looking into some broken links, I noticed that we don't need to use relative paths, and also fixed some broken images. There are still more todo - next PR I think :) Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.md | 14 +++++++------- docs/sources/reference/commandline/cli.md | 20 ++++++++++---------- docs/sources/reference/run.md | 14 +++++++------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index c976c118d7..3e278425c2 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -57,7 +57,7 @@ accelerating `docker build` significantly (indicated by `Using cache`): When you're done with your build, you're ready to look into [*Pushing a repository to its registry*]( -../../use/workingwithrepository/#image-push). +/use/workingwithrepository/#image-push). ## Format @@ -71,7 +71,7 @@ be UPPERCASE in order to distinguish them from arguments more easily. Docker evaluates the instructions in a Dockerfile in order. **The first instruction must be \`FROM\`** in order to specify the [*Base -Image*](../../terms/image/#base-image-def) from which you are building. +Image*](/terms/image/#base-image-def) from which you are building. Docker will treat lines that *begin* with `#` as a comment. A `#` marker anywhere else in the line will @@ -91,11 +91,11 @@ Or FROM : -The `FROM` instruction sets the [*Base Image*](../../terms/image/#base-image-def) +The `FROM` instruction sets the [*Base Image*](/terms/image/#base-image-def) for subsequent instructions. As such, a valid Dockerfile must have `FROM` as its first instruction. The image can be any valid image – it is especially easy to start by **pulling an image** from the [*Public Repositories*]( -../../use/workingwithrepository/#using-public-repositories). +/use/workingwithrepository/#using-public-repositories). `FROM` must be the first non-comment instruction in the Dockerfile. @@ -191,9 +191,9 @@ default specified in CMD. The `EXPOSE` instructions informs Docker that the container will listen on the specified network ports at runtime. Docker uses this information to interconnect containers using links (see -[*links*](../../use/working_with_links_names/#working-with-links-names)), +[*links*](/use/working_with_links_names/#working-with-links-names)), and to setup port redirection on the host system (see [*Redirect Ports*]( -../../use/port_redirection/#port-redirection)). +/use/port_redirection/#port-redirection)). ## ENV @@ -327,7 +327,7 @@ The `VOLUME` instruction will create a mount point with the specified name and mark it as holding externally mounted volumes from native host or other containers. For more information/examples and mounting instructions via docker client, refer to [*Share Directories via Volumes*]( -../../use/working_with_volumes/#volume-def) documentation. +/use/working_with_volumes/#volume-def) documentation. ## USER diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d59bd37674..6388cb6192 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -197,7 +197,7 @@ and a "context". The files at `PATH` or `URL` are called the "context" of the build. The build process may refer to any of the files in the context, for example when using an -[*ADD*](../../builder/#dockerfile-add) instruction. When a single Dockerfile is +[*ADD*](/reference/builder/#dockerfile-add) instruction. When a single Dockerfile is given as `URL`, then no context is set. When a Git repository is set as `URL`, then the @@ -209,7 +209,7 @@ vpn's etc can be used to access private repositories See also: -[*Dockerfile Reference*](../../builder/#dockerbuilder). +[*Dockerfile Reference*](/reference/builder/#dockerbuilder). ### Examples: @@ -248,7 +248,7 @@ machine and that no parsing of the Dockerfile happens at the client side (where you're running `docker build`). That means that *all* the files at `PATH` get sent, not just the ones listed to -[*ADD*](../../builder/#dockerfile-add) in the Dockerfile. +[*ADD*](/reference/builder/#dockerfile-add) in the Dockerfile. The transfer of context from the local machine to the Docker daemon is what the `docker` client means when you see the @@ -843,10 +843,10 @@ of all containers. The `docker run` command can be used in combination with `docker commit` to [*change the command that a container runs*](#commit-an-existing-container). -See [*Redirect Ports*](../../../use/port_redirection/#port-redirection) +See [*Redirect Ports*](/use/port_redirection/#port-redirection) for more detailed information about the `--expose`, `-p`, `-P` and `--link` parameters, and [*Link Containers*]( -../../../use/working_with_links_names/#working-with-links-names) for specific +/use/working_with_links_names/#working-with-links-names) for specific examples using `--link`. ### Known Issues (run –volumes-from) @@ -914,14 +914,14 @@ manipulate the host's docker daemon. $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash This binds port `8080` of the container to port `80` on `127.0.0.1` of the host -machine. [*Redirect Ports*](../../../use/port_redirection/#port-redirection) +machine. [*Redirect Ports*](/use/port_redirection/#port-redirection) explains in detail how to manipulate ports in Docker. $ sudo docker run --expose 80 ubuntu bash This exposes port `80` of the container for use within a link without publishing the port to the host system's interfaces. [*Redirect Ports*]( -../../../use/port_redirection/#port-redirection) explains in detail how to +/use/port_redirection/#port-redirection) explains in detail how to manipulate ports in Docker. $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash @@ -1074,7 +1074,7 @@ Search the docker index for images -t, --trusted=false: Only show trusted builds See [*Find Public Images on the Central Index*]( -../../../use/workingwithrepository/#searching-central-index) for +/use/workingwithrepository/#searching-central-index) for more details on finding shared images from the commandline. ## start @@ -1107,7 +1107,7 @@ Tag an image into a repository You can group your images together using names and tags, and then upload them to [*Share Images via Repositories*]( -../../../use/workingwithrepository/#working-with-the-repository). +/use/workingwithrepository/#working-with-the-repository). ## top @@ -1124,4 +1124,4 @@ version. Usage: docker wait [OPTIONS] NAME -Block until a container stops, then print its exit code. \ No newline at end of file +Block until a container stops, then print its exit code. diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index f6f132a09d..9de08ec1a6 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -7,25 +7,25 @@ page_keywords: docker, run, configure, runtime **Docker runs processes in isolated containers**. When an operator executes `docker run`, she starts a process with its own file system, its own networking, and its own isolated process tree. -The [*Image*](../../terms/image/#image-def) which starts the process may +The [*Image*](/terms/image/#image-def) which starts the process may define defaults related to the binary to run, the networking to expose, and more, but `docker run` gives final control to the operator who starts the container from the image. That's the main -reason [*run*](../../commandline/cli/#cli-run) has more options than any +reason [*run*](/commandline/cli/#cli-run) has more options than any other `docker` command. -Every one of the [*Examples*](../../examples/#example-list) shows +Every one of the [*Examples*](/examples/#example-list) shows running containers, and so here we try to give more in-depth guidance. ## General Form -As you`ve seen in the [*Examples*](../../examples/#example-list), the +As you`ve seen in the [*Examples*](/examples/#example-list), the basic run command takes this form: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] To learn how to interpret the types of `[OPTIONS]`, -see [*Option types*](../../commandline/cli/#cli-options). +see [*Option types*](/commandline/cli/#cli-options). The list of `[OPTIONS]` breaks down into two groups: @@ -121,7 +121,7 @@ assign a name to the container with `--name` then the daemon will also generate a random string name too. The name can become a handy way to add meaning to a container since you can use this name when defining -[*links*](../../use/working_with_links_names/#working-with-links-names) +[*links*](/use/working_with_links_names/#working-with-links-names) (or any other place you need to identify a container). This works for both background and foreground Docker containers. @@ -372,7 +372,7 @@ And we can use that information to connect from another container as a client: --volumes-from="": Mount all volumes from the given container(s) The volumes commands are complex enough to have their own documentation in -section [*Share Directories via Volumes*](../../use/working_with_volumes/#volume-def). +section [*Share Directories via Volumes*](/use/working_with_volumes/#volume-def). A developer can define one or more `VOLUME's associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). From da8e2310c631635312d2f9f2096e46769c1e0a18 Mon Sep 17 00:00:00 2001 From: Mike MacCana Date: Fri, 14 Feb 2014 12:16:26 +0000 Subject: [PATCH 0130/2538] - unix://path/to/socket should read unix:///path/to/socket like the rest of the documentation (a slash was missing) - Mention that [] options may be specified multiple times on the Usage page Docker-DCO-1.1-Signed-off-by: Mike MacCana (github: mikemaccana) Docker-DCO-1.1-Signed-off-by: Mike MacCana (github: SvenDowideit) --- docs/sources/reference/commandline/cli.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 87c08eb4b4..469434413a 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -63,10 +63,10 @@ only be specified once. :: - Usage of docker: + Usage: -D, --debug=false: Enable debug mode - -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group + -H, --host=[]: The socket to bind to in daemon mode, specified using tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --api-enable-cors=false: Enable CORS headers in the remote API -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking -bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b @@ -90,6 +90,8 @@ only be specified once. --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available + Options with [] may be specified multiple times. + The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the ``-d`` flag. From 53eedfc835bf8df5b8b16c88d62aa6dec9a8eed0 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 24 Apr 2014 11:09:27 +1000 Subject: [PATCH 0131/2538] add a reference to multiple -H options, and update the other example of -H option and copy changes to the cli.md file Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 6 ++++-- docs/sources/reference/commandline/cli.rst | 6 +++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6388cb6192..c9bf5753ca 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -9,7 +9,7 @@ or execute `docker help`: $ sudo docker Usage: docker [OPTIONS] COMMAND [arg...] - -H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used. + -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. A self-sufficient runtime for linux containers. @@ -52,7 +52,7 @@ expect an integer, and they can only be specified once. Usage of docker: -D, --debug=false: Enable debug mode - -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. + -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group --api-enable-cors=false: Enable CORS headers in the remote API -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking @@ -77,6 +77,8 @@ expect an integer, and they can only be specified once. --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available + Options with [] may be specified multiple times. + The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the `-d` flag. diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 469434413a..9c1d3ae4be 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -12,7 +12,7 @@ To list available commands, either run ``docker`` with no parameters or execute $ sudo docker Usage: docker [OPTIONS] COMMAND [arg...] - -H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used. + -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. A self-sufficient runtime for linux containers. @@ -63,10 +63,10 @@ only be specified once. :: - Usage: + Usage of docker: -D, --debug=false: Enable debug mode -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group - -H, --host=[]: The socket to bind to in daemon mode, specified using tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --api-enable-cors=false: Enable CORS headers in the remote API -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking -bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b From 1e3f899705c82191d262575a3f1378cf57ed5031 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sat, 26 Apr 2014 08:10:19 -0400 Subject: [PATCH 0132/2538] Updated Docs README Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/README.md | 74 ++++++++++++++++++++++++-------------------------- 1 file changed, 35 insertions(+), 39 deletions(-) diff --git a/docs/README.md b/docs/README.md index a113cb9edd..e5474d524d 100755 --- a/docs/README.md +++ b/docs/README.md @@ -7,64 +7,60 @@ Overview The source for Docker documentation is here under ``sources/`` and uses extended Markdown, as implemented by [mkdocs](http://mkdocs.org). -The HTML files are built and hosted on https://docs.docker.io, and update -automatically after each change to the master or release branch of the -[docker files on GitHub](https://github.com/dotcloud/docker) thanks to -post-commit hooks. The "release" branch maps to the "latest" -documentation and the "master" (unreleased development) branch maps to the "master" -documentation. +The HTML files are built and hosted on `https://docs.docker.io`, and +update automatically after each change to the master or release branch +of [Docker on GitHub](https://github.com/dotcloud/docker) +thanks to post-commit hooks. The "docs" branch maps to the "latest" +documentation and the "master" (unreleased development) branch maps to +the "master" documentation. ## Branches **There are two branches related to editing docs**: ``master`` and a -``docs`` branch. You should always edit -docs on a local branch of the ``master`` branch, and send a PR against ``master``. -That way your fixes -will automatically get included in later releases, and docs maintainers -can easily cherry-pick your changes into the ``docs`` release branch. -In the rare case where your change is not forward-compatible, -you may need to base your changes on the ``docs`` branch. +``docs`` branch. You should always edit documentation on a local branch +of the ``master`` branch, and send a PR against ``master``. -Now that we have a ``docs`` branch, we can keep the [http://docs.docker.io](http://docs.docker.io) docs -up to date with any bugs found between ``docker`` code releases. +That way your fixes will automatically get included in later releases, +and docs maintainers can easily cherry-pick your changes into the +``docs`` release branch. In the rare case where your change is not +forward-compatible, you may need to base your changes on the ``docs`` +branch. -**Warning**: When *reading* the docs, the [http://beta-docs.docker.io](http://beta-docs.docker.io) documentation may -include features not yet part of any official docker -release. The ``beta-docs`` site should be used only for understanding -bleeding-edge development and ``docs.docker.io`` (which points to the ``docs`` +Also, now that we have a ``docs`` branch, we can keep the +[http://docs.docker.io](http://docs.docker.io) docs up to date with any +bugs found between ``docker`` code releases. + +**Warning**: When *reading* the docs, the +[http://beta-docs.docker.io](http://beta-docs.docker.io) documentation +may include features not yet part of any official docker release. The +``beta-docs`` site should be used only for understanding bleeding-edge +development and ``docs.docker.io`` (which points to the ``docs`` branch``) should be used for the latest official release. Getting Started --------------- -Docker documentation builds are done in a docker container, which installs all -the required tools, adds the local ``docs/`` directory and builds the HTML -docs. It then starts a HTTP server on port 8000 so that you can connect -and see your changes. +Docker documentation builds are done in a Docker container, which +installs all the required tools, adds the local ``docs/`` directory and +builds the HTML docs. It then starts a HTTP server on port 8000 so that +you can connect and see your changes. -In the ``docker`` source directory, run: - ```make docs``` +In the root of the ``docker`` source directory: + + cd docker + +Run: + + make docs If you have any issues you need to debug, you can use ``make docs-shell`` and then run ``mkdocs serve`` # Contributing -## Normal Case: - * Follow the contribution guidelines ([see ``../CONTRIBUTING.md``](../CONTRIBUTING.md)). * [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) -* Work in your own fork of the code, we accept pull requests. -* Change the ``.md`` files with your favorite editor -- try to keep the - lines short (80 chars) and respect Markdown conventions. -* Run ``make clean docs`` to clean up old files and generate new ones, - or just ``make docs`` to update after small changes. -* Your static website can now be found in the ``_build`` directory. -* To preview what you have generated run ``make server`` and open - http://localhost:8000/ in your favorite browser. - -``make clean docs`` must complete without any warnings or errors. Working using GitHub's file editor ---------------------------------- @@ -87,7 +83,7 @@ Publishing Documentation ------------------------ To publish a copy of the documentation you need a ``docs/awsconfig`` -file containing AWS settings to deploy to. The release script will +file containing AWS settings to deploy to. The release script will create an s3 if needed, and will then push the files to it. ``` @@ -97,7 +93,7 @@ aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... region = ap-southeast-2 ``` -The ``profile`` name must be the same as the name of the bucket you are +The ``profile`` name must be the same as the name of the bucket you are deploying to - which you call from the docker directory: ``make AWS_S3_BUCKET=dowideit-docs docs-release`` From d5b9bea76f7ba1b3ca1b21015643a6eede7d3335 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sat, 26 Apr 2014 09:53:17 -0400 Subject: [PATCH 0133/2538] Replaced all double backticks in README with singles Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/README.md | 56 ++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/docs/README.md b/docs/README.md index e5474d524d..bbc741d593 100755 --- a/docs/README.md +++ b/docs/README.md @@ -4,7 +4,7 @@ Docker Documentation Overview -------- -The source for Docker documentation is here under ``sources/`` and uses +The source for Docker documentation is here under `sources/` and uses extended Markdown, as implemented by [mkdocs](http://mkdocs.org). The HTML files are built and hosted on `https://docs.docker.io`, and @@ -16,36 +16,36 @@ the "master" documentation. ## Branches -**There are two branches related to editing docs**: ``master`` and a -``docs`` branch. You should always edit documentation on a local branch -of the ``master`` branch, and send a PR against ``master``. +**There are two branches related to editing docs**: `master` and a +`docs` branch. You should always edit documentation on a local branch +of the `master` branch, and send a PR against `master`. That way your fixes will automatically get included in later releases, and docs maintainers can easily cherry-pick your changes into the -``docs`` release branch. In the rare case where your change is not -forward-compatible, you may need to base your changes on the ``docs`` +`docs` release branch. In the rare case where your change is not +forward-compatible, you may need to base your changes on the `docs` branch. -Also, now that we have a ``docs`` branch, we can keep the +Also, now that we have a `docs` branch, we can keep the [http://docs.docker.io](http://docs.docker.io) docs up to date with any -bugs found between ``docker`` code releases. +bugs found between `docker` code releases. **Warning**: When *reading* the docs, the [http://beta-docs.docker.io](http://beta-docs.docker.io) documentation may include features not yet part of any official docker release. The -``beta-docs`` site should be used only for understanding bleeding-edge -development and ``docs.docker.io`` (which points to the ``docs`` -branch``) should be used for the latest official release. +`beta-docs` site should be used only for understanding bleeding-edge +development and `docs.docker.io` (which points to the `docs` +branch`) should be used for the latest official release. Getting Started --------------- Docker documentation builds are done in a Docker container, which -installs all the required tools, adds the local ``docs/`` directory and +installs all the required tools, adds the local `docs/` directory and builds the HTML docs. It then starts a HTTP server on port 8000 so that you can connect and see your changes. -In the root of the ``docker`` source directory: +In the root of the `docker` source directory: cd docker @@ -53,13 +53,13 @@ Run: make docs -If you have any issues you need to debug, you can use ``make docs-shell`` and -then run ``mkdocs serve`` +If you have any issues you need to debug, you can use `make docs-shell` and +then run `mkdocs serve` # Contributing * Follow the contribution guidelines ([see - ``../CONTRIBUTING.md``](../CONTRIBUTING.md)). + `../CONTRIBUTING.md`](../CONTRIBUTING.md)). * [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) Working using GitHub's file editor @@ -67,7 +67,7 @@ Working using GitHub's file editor Alternatively, for small changes and typos you might want to use GitHub's built in file editor. It allows you to preview your changes -right online (though there can be some differences between GitHub +right on-line (though there can be some differences between GitHub Markdown and mkdocs Markdown). Just be careful not to create many commits. And you must still [sign your work!](../CONTRIBUTING.md#sign-your-work) @@ -75,26 +75,24 @@ Images ------ When you need to add images, try to make them as small as possible -(e.g. as gif). Usually images should go in the same directory as the -.md file which references them, or in a subdirectory if one already +(e.g. as gifs). Usually images should go in the same directory as the +`.md` file which references them, or in a subdirectory if one already exists. Publishing Documentation ------------------------ -To publish a copy of the documentation you need a ``docs/awsconfig`` +To publish a copy of the documentation you need a `docs/awsconfig` file containing AWS settings to deploy to. The release script will create an s3 if needed, and will then push the files to it. -``` -[profile dowideit-docs] -aws_access_key_id = IHOIUAHSIDH234rwf.... -aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... -region = ap-southeast-2 -``` + [profile dowideit-docs] + aws_access_key_id = IHOIUAHSIDH234rwf.... + aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... + region = ap-southeast-2 -The ``profile`` name must be the same as the name of the bucket you are -deploying to - which you call from the docker directory: +The `profile` name must be the same as the name of the bucket you are +deploying to - which you call from the `docker` directory: -``make AWS_S3_BUCKET=dowideit-docs docs-release`` + make AWS_S3_BUCKET=dowideit-docs docs-release From cb003686e4eaf33bacb798389437aee1918c33fd Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sat, 26 Apr 2014 08:00:01 -0400 Subject: [PATCH 0134/2538] Addressed regression of private repository documentation. This adds back in the references to private repositories and provides some refactoring to the Working with repositories documentation including updating references to the "Central" registry to Docker.io. It also: * Fixes some links and references to Central Index * Fixes anchors in other files to updated titles in Working with Repositories. * Renamed Central Index in the remaining places. * Updated terms documentation to reflect Docker.io * Updated some Docker Index naming to be consistent. * Updates menu labels and hyperlinks. Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) Docker-DCO-1.1-Signed-off-by: O.S. Tezer (github: ostezer) --- docs/sources/reference/commandline/cli.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c9bf5753ca..ac589c01b2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -694,10 +694,10 @@ Pull an image or a repository from the registry Usage: docker pull NAME[:TAG] Most of your images will be created on top of a base image from the -Docker Index ([https://index.docker.io](https://index.docker.io)). +[Docker.io](https://index.docker.io) registry. -The Docker Index contains many pre-built images that you can -`pull` and try without needing to define and configure your own. +[Docker.io](https://index.docker.io) contains many pre-built images that you +can `pull` and try without needing to define and configure your own. To download a particular image, or set of images (i.e., a repository), use `docker pull`: @@ -1067,7 +1067,7 @@ It is used to create a backup that can then be used with ## search -Search the docker index for images +Search [Docker.io](https://index.docker.io) for images Usage: docker search TERM @@ -1075,8 +1075,8 @@ Search the docker index for images -s, --stars=0: Only displays with at least xxx stars -t, --trusted=false: Only show trusted builds -See [*Find Public Images on the Central Index*]( -/use/workingwithrepository/#searching-central-index) for +See [*Find Public Images on Docker.io*]( +/use/workingwithrepository/#find-public-images-on-dockerio) for more details on finding shared images from the commandline. ## start From 4d694e02eb5170f30ddfb0c61f57823a3e4f97ee Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Tue, 29 Apr 2014 00:47:09 -0700 Subject: [PATCH 0135/2538] Add cli flag to docs for selinux support Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ac589c01b2..75a5be33b6 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -60,6 +60,7 @@ expect an integer, and they can only be specified once. -d, --daemon=false: Enable daemon mode --dns=[]: Force docker to use specific DNS servers --dns-search=[]: Force Docker to use specific DNS search domains + --enable-selinux=false: Enable selinux support for running containers -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime --icc=true: Enable inter-container communication --ip="0.0.0.0": Default IP address to use when binding container ports From 15fb9e2087a760e5f5972893ad5e5fbef477a55a Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 1 May 2014 15:31:58 +1000 Subject: [PATCH 0136/2538] remove rst/sphinx documentation Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.rst | 532 ------- docs/sources/reference/commandline/cli.rst | 1405 ------------------ docs/sources/reference/commandline/index.rst | 14 - docs/sources/reference/index.rst | 18 - docs/sources/reference/run.rst | 418 ------ 5 files changed, 2387 deletions(-) delete mode 100644 docs/sources/reference/builder.rst delete mode 100644 docs/sources/reference/commandline/cli.rst delete mode 100644 docs/sources/reference/commandline/index.rst delete mode 100644 docs/sources/reference/index.rst delete mode 100644 docs/sources/reference/run.rst diff --git a/docs/sources/reference/builder.rst b/docs/sources/reference/builder.rst deleted file mode 100644 index e8897d1b09..0000000000 --- a/docs/sources/reference/builder.rst +++ /dev/null @@ -1,532 +0,0 @@ -:title: Dockerfile Reference -:description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image. -:keywords: builder, docker, Dockerfile, automation, image creation - -.. _dockerbuilder: - -==================== -Dockerfile Reference -==================== - -**Docker can act as a builder** and read instructions from a text -``Dockerfile`` to automate the steps you would otherwise take manually -to create an image. Executing ``docker build`` will run your steps and -commit them along the way, giving you a final image. - -.. _dockerfile_usage: - -Usage -===== - -To :ref:`build ` an image from a source repository, create -a description file called ``Dockerfile`` at the root of your -repository. This file will describe the steps to assemble the image. - -Then call ``docker build`` with the path of your source repository as -argument (for example, ``.``): - - ``sudo docker build .`` - -The path to the source repository defines where to find the *context* -of the build. The build is run by the Docker daemon, not by the CLI, -so the whole context must be transferred to the daemon. The Docker CLI -reports "Uploading context" when the context is sent to the daemon. - -You can specify a repository and tag at which to save the new image if the -build succeeds: - - ``sudo docker build -t shykes/myapp .`` - -The Docker daemon will run your steps one-by-one, committing the -result to a new image if necessary, before finally outputting the -ID of your new image. The Docker daemon will automatically clean -up the context you sent. - -Note that each instruction is run independently, and causes a new image -to be created - so ``RUN cd /tmp`` will not have any effect on the next -instructions. - -Whenever possible, Docker will re-use the intermediate images, -accelerating ``docker build`` significantly (indicated by ``Using cache``): - -.. code-block:: bash - - $ docker build -t SvenDowideit/ambassador . - Uploading context 10.24 kB - Uploading context - Step 1 : FROM docker-ut - ---> cbba202fe96b - Step 2 : MAINTAINER SvenDowideit@home.org.au - ---> Using cache - ---> 51182097be13 - Step 3 : CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top - ---> Using cache - ---> 1a5ffc17324d - Successfully built 1a5ffc17324d - -When you're done with your build, you're ready to look into -:ref:`image_push`. - -.. _dockerfile_format: - -Format -====== - -Here is the format of the Dockerfile: - -:: - - # Comment - INSTRUCTION arguments - -The Instruction is not case-sensitive, however convention is for them to be -UPPERCASE in order to distinguish them from arguments more easily. - -Docker evaluates the instructions in a Dockerfile in order. **The -first instruction must be `FROM`** in order to specify the -:ref:`base_image_def` from which you are building. - -Docker will treat lines that *begin* with ``#`` as a comment. A ``#`` -marker anywhere else in the line will be treated as an argument. This -allows statements like: - -:: - - # Comment - RUN echo 'we are running some # of cool things' - -.. _dockerfile_instructions: - - -Here is the set of instructions you can use in a ``Dockerfile`` for -building images. - -.. _dockerfile_from: - -``FROM`` -======== - - ``FROM `` - -Or - - ``FROM :`` - -The ``FROM`` instruction sets the :ref:`base_image_def` for subsequent -instructions. As such, a valid Dockerfile must have ``FROM`` as its -first instruction. The image can be any valid image -- it is -especially easy to start by **pulling an image** from the -:ref:`using_public_repositories`. - -``FROM`` must be the first non-comment instruction in the -``Dockerfile``. - -``FROM`` can appear multiple times within a single Dockerfile in order -to create multiple images. Simply make a note of the last image id -output by the commit before each new ``FROM`` command. - -If no ``tag`` is given to the ``FROM`` instruction, ``latest`` is -assumed. If the used tag does not exist, an error will be returned. - -.. _dockerfile_maintainer: - -``MAINTAINER`` -============== - - ``MAINTAINER `` - -The ``MAINTAINER`` instruction allows you to set the *Author* field of -the generated images. - -.. _dockerfile_run: - -``RUN`` -======= - -RUN has 2 forms: - -* ``RUN `` (the command is run in a shell - ``/bin/sh -c``) -* ``RUN ["executable", "param1", "param2"]`` (*exec* form) - -The ``RUN`` instruction will execute any commands in a new layer on top -of the current image and commit the results. The resulting committed image -will be used for the next step in the Dockerfile. - -Layering ``RUN`` instructions and generating commits conforms to the -core concepts of Docker where commits are cheap and containers can be -created from any point in an image's history, much like source -control. - -The *exec* form makes it possible to avoid shell string munging, and to ``RUN`` -commands using a base image that does not contain ``/bin/sh``. - -Known Issues (RUN) -.................. - -* :issue:`783` is about file permissions problems that can occur when - using the AUFS file system. You might notice it during an attempt to - ``rm`` a file, for example. The issue describes a workaround. -* :issue:`2424` Locale will not be set automatically. - -.. _dockerfile_cmd: - -``CMD`` -======= - -CMD has three forms: - -* ``CMD ["executable","param1","param2"]`` (like an *exec*, preferred form) -* ``CMD ["param1","param2"]`` (as *default parameters to ENTRYPOINT*) -* ``CMD command param1 param2`` (as a *shell*) - -There can only be one CMD in a Dockerfile. If you list more than one -CMD then only the last CMD will take effect. - -**The main purpose of a CMD is to provide defaults for an executing -container.** These defaults can include an executable, or they can -omit the executable, in which case you must specify an ENTRYPOINT as -well. - -When used in the shell or exec formats, the ``CMD`` instruction sets -the command to be executed when running the image. - -If you use the *shell* form of the CMD, then the ```` will -execute in ``/bin/sh -c``: - -.. code-block:: bash - - FROM ubuntu - CMD echo "This is a test." | wc - - -If you want to **run your** ```` **without a shell** then you -must express the command as a JSON array and give the full path to the -executable. **This array form is the preferred format of CMD.** Any -additional parameters must be individually expressed as strings in the -array: - -.. code-block:: bash - - FROM ubuntu - CMD ["/usr/bin/wc","--help"] - -If you would like your container to run the same executable every -time, then you should consider using ``ENTRYPOINT`` in combination -with ``CMD``. See :ref:`dockerfile_entrypoint`. - -If the user specifies arguments to ``docker run`` then they will -override the default specified in CMD. - -.. note:: - Don't confuse ``RUN`` with ``CMD``. ``RUN`` actually runs a - command and commits the result; ``CMD`` does not execute anything at - build time, but specifies the intended command for the image. - -.. _dockerfile_expose: - -``EXPOSE`` -========== - - ``EXPOSE [...]`` - -The ``EXPOSE`` instructions informs Docker that the container will listen -on the specified network ports at runtime. Docker uses this information -to interconnect containers using links (see :ref:`links `), -and to setup port redirection on the host system (see :ref:`port_redirection`). - -.. _dockerfile_env: - -``ENV`` -======= - - ``ENV `` - -The ``ENV`` instruction sets the environment variable ```` to the -value ````. This value will be passed to all future ``RUN`` -instructions. This is functionally equivalent to prefixing the command -with ``=`` - -The environment variables set using ``ENV`` will persist when a container is run -from the resulting image. You can view the values using ``docker inspect``, and change them using ``docker run --env =``. - -.. note:: - One example where this can cause unexpected consequenses, is setting - ``ENV DEBIAN_FRONTEND noninteractive``. - Which will persist when the container is run interactively; for example: - ``docker run -t -i image bash`` - -.. _dockerfile_add: - -``ADD`` -======= - - ``ADD `` - -The ``ADD`` instruction will copy new files from and add them to -the container's filesystem at path ````. - -```` must be the path to a file or directory relative to the -source directory being built (also called the *context* of the build) or -a remote file URL. - -```` is the absolute path to which the source will be copied inside the -destination container. - -All new files and directories are created with mode 0755, uid and gid -0. - -.. note:: - if you build using STDIN (``docker build - < somefile``), there is no build - context, so the Dockerfile can only contain an URL based ADD statement. - -.. note:: - if your URL files are protected using authentication, you will need to use - an ``RUN wget`` , ``RUN curl`` or other tool from within the container as - ADD does not support authentication. - -The copy obeys the following rules: - -* The ```` path must be inside the *context* of the build; you cannot - ``ADD ../something /something``, because the first step of a - ``docker build`` is to send the context directory (and subdirectories) to - the docker daemon. -* If ```` is a URL and ```` does not end with a trailing slash, - then a file is downloaded from the URL and copied to ````. -* If ```` is a URL and ```` does end with a trailing slash, - then the filename is inferred from the URL and the file is downloaded to - ``/``. For instance, ``ADD http://example.com/foobar /`` - would create the file ``/foobar``. The URL must have a nontrivial path - so that an appropriate filename can be discovered in this case - (``http://example.com`` will not work). -* If ```` is a directory, the entire directory is copied, - including filesystem metadata. -* If ```` is a *local* tar archive in a recognized compression - format (identity, gzip, bzip2 or xz) then it is unpacked as a - directory. Resources from *remote* URLs are **not** decompressed. - - When a directory is copied or unpacked, it has the same behavior as - ``tar -x``: the result is the union of - - 1. whatever existed at the destination path and - 2. the contents of the source tree, - - with conflicts resolved in favor of "2." on a file-by-file basis. - -* If ```` is any other kind of file, it is copied individually - along with its metadata. In this case, if ```` ends with a - trailing slash ``/``, it will be considered a directory and the - contents of ```` will be written at ``/base()``. -* If ```` does not end with a trailing slash, it will be - considered a regular file and the contents of ```` will be - written at ````. -* If ```` doesn't exist, it is created along with all missing - directories in its path. - -.. _dockerfile_entrypoint: - -``ENTRYPOINT`` -============== - -ENTRYPOINT has two forms: - -* ``ENTRYPOINT ["executable", "param1", "param2"]`` (like an *exec*, - preferred form) -* ``ENTRYPOINT command param1 param2`` (as a *shell*) - -There can only be one ``ENTRYPOINT`` in a Dockerfile. If you have more -than one ``ENTRYPOINT``, then only the last one in the Dockerfile will -have an effect. - -An ``ENTRYPOINT`` helps you to configure a container that you can run -as an executable. That is, when you specify an ``ENTRYPOINT``, then -the whole container runs as if it was just that executable. - -The ``ENTRYPOINT`` instruction adds an entry command that will **not** -be overwritten when arguments are passed to ``docker run``, unlike the -behavior of ``CMD``. This allows arguments to be passed to the -entrypoint. i.e. ``docker run -d`` will pass the "-d" -argument to the ENTRYPOINT. - -You can specify parameters either in the ENTRYPOINT JSON array (as in -"like an exec" above), or by using a CMD statement. Parameters in the -ENTRYPOINT will not be overridden by the ``docker run`` arguments, but -parameters specified via CMD will be overridden by ``docker run`` -arguments. - -Like a ``CMD``, you can specify a plain string for the ENTRYPOINT and -it will execute in ``/bin/sh -c``: - -.. code-block:: bash - - FROM ubuntu - ENTRYPOINT wc -l - - -For example, that Dockerfile's image will *always* take stdin as input -("-") and print the number of lines ("-l"). If you wanted to make -this optional but default, you could use a CMD: - -.. code-block:: bash - - FROM ubuntu - CMD ["-l", "-"] - ENTRYPOINT ["/usr/bin/wc"] - -.. _dockerfile_volume: - -``VOLUME`` -========== - - ``VOLUME ["/data"]`` - -The ``VOLUME`` instruction will create a mount point with the specified name and mark it -as holding externally mounted volumes from native host or other containers. For more information/examples -and mounting instructions via docker client, refer to :ref:`volume_def` documentation. - -.. _dockerfile_user: - -``USER`` -======== - - ``USER daemon`` - -The ``USER`` instruction sets the username or UID to use when running -the image. - -.. _dockerfile_workdir: - -``WORKDIR`` -=========== - - ``WORKDIR /path/to/workdir`` - -The ``WORKDIR`` instruction sets the working directory for the ``RUN``, ``CMD`` and -``ENTRYPOINT`` Dockerfile commands that follow it. - -It can be used multiple times in the one Dockerfile. If a relative path is -provided, it will be relative to the path of the previous ``WORKDIR`` -instruction. For example: - - WORKDIR /a - WORKDIR b - WORKDIR c - RUN pwd - -The output of the final ``pwd`` command in this Dockerfile would be ``/a/b/c``. - -``ONBUILD`` -=========== - - ``ONBUILD [INSTRUCTION]`` - -The ``ONBUILD`` instruction adds to the image a "trigger" instruction to be -executed at a later time, when the image is used as the base for another build. -The trigger will be executed in the context of the downstream build, as if it -had been inserted immediately after the *FROM* instruction in the downstream -Dockerfile. - -Any build instruction can be registered as a trigger. - -This is useful if you are building an image which will be used as a base to build -other images, for example an application build environment or a daemon which may be -customized with user-specific configuration. - -For example, if your image is a reusable python application builder, it will require -application source code to be added in a particular directory, and it might require -a build script to be called *after* that. You can't just call *ADD* and *RUN* now, -because you don't yet have access to the application source code, and it will be -different for each application build. You could simply provide application developers -with a boilerplate Dockerfile to copy-paste into their application, but that is -inefficient, error-prone and difficult to update because it mixes with -application-specific code. - -The solution is to use *ONBUILD* to register in advance instructions to run later, -during the next build stage. - -Here's how it works: - -1. When it encounters an *ONBUILD* instruction, the builder adds a trigger to - the metadata of the image being built. - The instruction does not otherwise affect the current build. - -2. At the end of the build, a list of all triggers is stored in the image manifest, - under the key *OnBuild*. They can be inspected with *docker inspect*. - -3. Later the image may be used as a base for a new build, using the *FROM* instruction. - As part of processing the *FROM* instruction, the downstream builder looks for *ONBUILD* - triggers, and executes them in the same order they were registered. If any of the - triggers fail, the *FROM* instruction is aborted which in turn causes the build - to fail. If all triggers succeed, the FROM instruction completes and the build - continues as usual. - -4. Triggers are cleared from the final image after being executed. In other words - they are not inherited by "grand-children" builds. - -For example you might add something like this: - -.. code-block:: bash - - [...] - ONBUILD ADD . /app/src - ONBUILD RUN /usr/local/bin/python-build --dir /app/src - [...] - -.. warning:: Chaining ONBUILD instructions using `ONBUILD ONBUILD` isn't allowed. -.. warning:: ONBUILD may not trigger FROM or MAINTAINER instructions. - -.. _dockerfile_examples: - -Dockerfile Examples -====================== - -.. code-block:: bash - - # Nginx - # - # VERSION 0.0.1 - - FROM ubuntu - MAINTAINER Guillaume J. Charmes - - # make sure the package repository is up to date - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update - - RUN apt-get install -y inotify-tools nginx apache2 openssh-server - -.. code-block:: bash - - # Firefox over VNC - # - # VERSION 0.3 - - FROM ubuntu - # make sure the package repository is up to date - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update - - # Install vnc, xvfb in order to create a 'fake' display and firefox - RUN apt-get install -y x11vnc xvfb firefox - RUN mkdir /.vnc - # Setup a password - RUN x11vnc -storepasswd 1234 ~/.vnc/passwd - # Autostart firefox (might not be the best way, but it does the trick) - RUN bash -c 'echo "firefox" >> /.bashrc' - - EXPOSE 5900 - CMD ["x11vnc", "-forever", "-usepw", "-create"] - -.. code-block:: bash - - # Multiple images example - # - # VERSION 0.1 - - FROM ubuntu - RUN echo foo > bar - # Will output something like ===> 907ad6c2736f - - FROM ubuntu - RUN echo moo > oink - # Will output something like ===> 695d7793cbe4 - - # You'll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with - # /oink. diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst deleted file mode 100644 index 9c1d3ae4be..0000000000 --- a/docs/sources/reference/commandline/cli.rst +++ /dev/null @@ -1,1405 +0,0 @@ -:title: Command Line Interface -:description: Docker's CLI command description and usage -:keywords: Docker, Docker documentation, CLI, command line - -.. _cli: - -Command Line -============ - -To list available commands, either run ``docker`` with no parameters or execute -``docker help``:: - - $ sudo docker - Usage: docker [OPTIONS] COMMAND [arg...] - -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. - - A self-sufficient runtime for linux containers. - - ... - -.. _cli_options: - -Option types ------------- - -Single character commandline options can be combined, so rather than typing -``docker run -t -i --name test busybox sh``, you can write -``docker run -ti --name test busybox sh``. - -Boolean -~~~~~~~ - -Boolean options look like ``-d=false``. The value you see is the -default value which gets set if you do **not** use the boolean -flag. If you do call ``run -d``, that sets the opposite boolean value, -so in this case, ``true``, and so ``docker run -d`` **will** run in -"detached" mode, in the background. Other boolean options are similar --- specifying them will set the value to the opposite of the default -value. - -Multi -~~~~~ - -Options like ``-a=[]`` indicate they can be specified multiple times:: - - docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash - -Sometimes this can use a more complex value string, as for ``-v``:: - - docker run -v /host:/container example/mysql - -Strings and Integers -~~~~~~~~~~~~~~~~~~~~ - -Options like ``--name=""`` expect a string, and they can only be -specified once. Options like ``-c=0`` expect an integer, and they can -only be specified once. - -.. _cli_daemon: - -``daemon`` ----------- - -:: - - Usage of docker: - -D, --debug=false: Enable debug mode - -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group - -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. - --api-enable-cors=false: Enable CORS headers in the remote API - -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking - -bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b - -d, --daemon=false: Enable daemon mode - --dns=[]: Force docker to use specific DNS servers - --dns-search=[]: Force Docker to use specific DNS search domains - -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime - --icc=true: Enable inter-container communication - --ip="0.0.0.0": Default IP address to use when binding container ports - --ip-forward=true: Enable net.ipv4.ip_forward - --iptables=true: Enable Docker's addition of iptables rules - -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file - -r, --restart=true: Restart previously running containers - -s, --storage-driver="": Force the docker runtime to use a specific storage driver - -e, --exec-driver="native": Force the docker runtime to use a specific exec driver - -v, --version=false: Print version information and quit - --tls=false: Use TLS; implied by tls-verify flags - --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here - --tlscert="~/.docker/cert.pem": Path to TLS certificate file - --tlskey="~/.docker/key.pem": Path to TLS key file - --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) - --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available - - Options with [] may be specified multiple times. - -The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the -daemon and client. To run the daemon you provide the ``-d`` flag. - -To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``. - -To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``. - -To set the DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``. - -To run the daemon with debug output, use ``docker -d -D``. - -To use lxc as the execution driver, use ``docker -d -e lxc``. - -The docker client will also honor the ``DOCKER_HOST`` environment variable to set -the ``-H`` flag for the client. - -:: - - docker -H tcp://0.0.0.0:4243 ps - # or - export DOCKER_HOST="tcp://0.0.0.0:4243" - docker ps - # both are equal - -To run the daemon with `systemd socket activation `_, use ``docker -d -H fd://``. -Using ``fd://`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. -If the specified socket activated files aren't found then docker will exit. -You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `_. - -Docker supports softlinks for the Docker data directory (``/var/lib/docker``) and for ``/tmp``. -TMPDIR and the data directory can be set like this: - -:: - - TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 - # or - export TMPDIR=/mnt/disk2/tmp - /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 - -.. _cli_attach: - -``attach`` ----------- - -:: - - Usage: docker attach CONTAINER - - Attach to a running container. - - --no-stdin=false: Do not attach stdin - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -The ``attach`` command will allow you to view or interact with any -running container, detached (``-d``) or interactive (``-i``). You can -attach to the same container at the same time - screen sharing style, -or quickly view the progress of your daemonized process. - -You can detach from the container again (and leave it running) with -``CTRL-C`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of -the Docker client when it quits. When you detach from the container's -process the exit code will be returned to the client. - -To stop a container, use ``docker stop``. - -To kill the container, use ``docker kill``. - -.. _cli_attach_examples: - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) - $ sudo docker attach $ID - top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355560k used, 18012k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221740k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top - - top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355244k used, 18328k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - - - top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355780k used, 17792k free, 27880k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - ^C$ - $ sudo docker stop $ID - -.. _cli_build: - -``build`` ---------- - -:: - - Usage: docker build [OPTIONS] PATH | URL | - - Build a new container image from the source code at PATH - -t, --tag="": Repository name (and optionally a tag) to be applied - to the resulting image in case of success. - -q, --quiet=false: Suppress the verbose output generated by the containers. - --no-cache: Do not use the cache when building the image. - --rm=true: Remove intermediate containers after a successful build - -Use this command to build Docker images from a ``Dockerfile`` and a "context". - -The files at ``PATH`` or ``URL`` are called the "context" of the build. -The build process may refer to any of the files in the context, for example when -using an :ref:`ADD ` instruction. -When a single ``Dockerfile`` is given as ``URL``, then no context is set. - -When a Git repository is set as ``URL``, then the repository is used as the context. -The Git repository is cloned with its submodules (`git clone --recursive`). -A fresh git clone occurs in a temporary directory on your local host, and then this -is sent to the Docker daemon as the context. -This way, your local user credentials and vpn's etc can be used to access private repositories - -.. _cli_build_examples: - -.. seealso:: :ref:`dockerbuilder`. - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker build . - Uploading context 10240 bytes - Step 1 : FROM busybox - Pulling repository busybox - ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ - Step 2 : RUN ls -lh / - ---> Running in 9c9e81692ae9 - total 24 - drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin - drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev - drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib - lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib - dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc - lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin - dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys - drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr - ---> b35f4035db3f - Step 3 : CMD echo Hello World - ---> Running in 02071fceb21b - ---> f52f38b7823e - Successfully built f52f38b7823e - Removing intermediate container 9c9e81692ae9 - Removing intermediate container 02071fceb21b - - -This example specifies that the ``PATH`` is ``.``, and so all the files in -the local directory get tar'd and sent to the Docker daemon. The ``PATH`` -specifies where to find the files for the "context" of the build on -the Docker daemon. Remember that the daemon could be running on a -remote machine and that no parsing of the ``Dockerfile`` happens at the -client side (where you're running ``docker build``). That means that -*all* the files at ``PATH`` get sent, not just the ones listed to -:ref:`ADD ` in the ``Dockerfile``. - -The transfer of context from the local machine to the Docker daemon is -what the ``docker`` client means when you see the "Uploading context" -message. - -If you wish to keep the intermediate containers after the build is complete, -you must use ``--rm=false``. This does not affect the build cache. - - -.. code-block:: bash - - $ sudo docker build -t vieux/apache:2.0 . - -This will build like the previous example, but it will then tag the -resulting image. The repository name will be ``vieux/apache`` and the -tag will be ``2.0`` - - -.. code-block:: bash - - $ sudo docker build - < Dockerfile - -This will read a ``Dockerfile`` from *stdin* without context. Due to -the lack of a context, no contents of any local directory will be sent -to the ``docker`` daemon. Since there is no context, a ``Dockerfile`` -``ADD`` only works if it refers to a remote URL. - -.. code-block:: bash - - $ sudo docker build github.com/creack/docker-firefox - -This will clone the GitHub repository and use the cloned repository as -context. The ``Dockerfile`` at the root of the repository is used as -``Dockerfile``. Note that you can specify an arbitrary Git repository -by using the ``git://`` schema. - - -.. _cli_commit: - -``commit`` ----------- - -:: - - Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - - Create a new image from a container's changes - - -m, --message="": Commit message - -a, --author="": Author (eg. "John Hannibal Smith " - -It can be useful to commit a container's file changes or settings into a new image. -This allows you debug a container by running an interactive shell, or to export -a working dataset to another server. -Generally, it is better to use Dockerfiles to manage your images in a documented -and maintainable way. - -.. _cli_commit_examples: - -Commit an existing container -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker ps - ID IMAGE COMMAND CREATED STATUS PORTS - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 - f5283438590d - $ docker images | head - REPOSITORY TAG ID CREATED VIRTUAL SIZE - SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB - - -.. _cli_cp: - -``cp`` ------- - -:: - - Usage: docker cp CONTAINER:PATH HOSTPATH - - Copy files/folders from the containers filesystem to the host - path. Paths are relative to the root of the filesystem. - -.. code-block:: bash - - $ sudo docker cp 7bb0e258aefe:/etc/debian_version . - $ sudo docker cp blue_frog:/etc/hosts . - -.. _cli_diff: - -``diff`` --------- - -:: - - Usage: docker diff CONTAINER - - List the changed files and directories in a container's filesystem - -There are 3 events that are listed in the 'diff': - -1. ```A``` - Add -2. ```D``` - Delete -3. ```C``` - Change - -For example: - -.. code-block:: bash - - $ sudo docker diff 7bb0e258aefe - - C /dev - A /dev/kmsg - C /etc - A /etc/mtab - A /go - A /go/src - A /go/src/github.com - A /go/src/github.com/dotcloud - A /go/src/github.com/dotcloud/docker - A /go/src/github.com/dotcloud/docker/.git - .... - -.. _cli_events: - -``events`` ----------- - -:: - - Usage: docker events - - Get real time events from the server - - --since="": Show all events created since timestamp - (either seconds since epoch, or date string as below) - --until="": Show events created before timestamp - (either seconds since epoch, or date string as below) - -.. _cli_events_example: - -Examples -~~~~~~~~ - -You'll need two shells for this example. - -Shell 1: Listening for events -............................. - -.. code-block:: bash - - $ sudo docker events - -Shell 2: Start and Stop a Container -................................... - -.. code-block:: bash - - $ sudo docker start 4386fb97867d - $ sudo docker stop 4386fb97867d - -Shell 1: (Again .. now showing events) -...................................... - -.. code-block:: bash - - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - -Show events in the past from a specified time -............................................. - -.. code-block:: bash - - $ sudo docker events --since 1378216169 - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - - $ sudo docker events --since '2013-09-03' - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - - $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - -.. _cli_export: - -``export`` ----------- - -:: - - Usage: docker export CONTAINER - - Export the contents of a filesystem as a tar archive to STDOUT - -For example: - -.. code-block:: bash - - $ sudo docker export red_panda > latest.tar - -.. _cli_history: - -``history`` ------------ - -:: - - Usage: docker history [OPTIONS] IMAGE - - Show the history of an image - - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only show numeric IDs - -To see how the ``docker:latest`` image was built: - -.. code-block:: bash - - $ docker history docker - IMAGE CREATED CREATED BY SIZE - 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B - 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB - be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB - 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB - 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B - 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B - -.. _cli_images: - -``images`` ----------- - -:: - - Usage: docker images [OPTIONS] [NAME] - - List images - - -a, --all=false: Show all images (by default filter out the intermediate image layers) - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only show numeric IDs - -The default ``docker images`` will show all top level images, their repository -and tags, and their virtual size. - -Docker images have intermediate layers that increase reuseability, decrease -disk usage, and speed up ``docker build`` by allowing each step to be cached. -These intermediate layers are not shown by default. - -Listing the most recently created images -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images | head - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 77af4d6b9913 19 hours ago 1.089 GB - committest latest b6fa739cedf5 19 hours ago 1.089 GB - 78a85c484f71 19 hours ago 1.089 GB - docker latest 30557a29d5ab 20 hours ago 1.089 GB - 0124422dd9f9 20 hours ago 1.089 GB - 18ad6fad3402 22 hours ago 1.082 GB - f9f1e26352f0 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81 23 hours ago 131.5 MB - 5ed6274db6ce 24 hours ago 1.089 GB - -Listing the full length image IDs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images --no-trunc | head - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB - committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB - 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB - 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB - 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB - f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB - 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB - -.. _cli_import: - -``import`` ----------- - -:: - - Usage: docker import URL|- [REPOSITORY[:TAG]] - - Create an empty filesystem image and import the contents of the tarball - (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. - -URLs must start with ``http`` and point to a single -file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a -root filesystem. If you would like to import from a local directory or -archive, you can use the ``-`` parameter to take the data from *stdin*. - -Examples -~~~~~~~~ - -Import from a remote location -............................. - -This will create a new untagged image. - -.. code-block:: bash - - $ sudo docker import http://example.com/exampleimage.tgz - -Import from a local file -........................ - -Import to docker via pipe and *stdin*. - -.. code-block:: bash - - $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new - -Import from a local directory -............................. - -.. code-block:: bash - - $ sudo tar -c . | docker import - exampleimagedir - -Note the ``sudo`` in this example -- you must preserve the ownership of the -files (especially root ownership) during the archiving with tar. If you are not -root (or the sudo command) when you tar, then the ownerships might not get -preserved. - -.. _cli_info: - -``info`` --------- - -:: - - Usage: docker info - - Display system-wide information. - -.. code-block:: bash - - $ sudo docker info - Containers: 292 - Images: 194 - Debug mode (server): false - Debug mode (client): false - Fds: 22 - Goroutines: 67 - LXC Version: 0.9.0 - EventsListeners: 115 - Kernel Version: 3.8.0-33-generic - WARNING: No swap limit support - -When sending issue reports, please use ``docker version`` and ``docker info`` to -ensure we know how your setup is configured. - -.. _cli_inspect: - -``inspect`` ------------ - -:: - - Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] - - Return low-level information on a container/image - - -f, --format="": Format the output using the given go template. - -By default, this will render all results in a JSON array. If a format -is specified, the given template will be executed for each result. - -Go's `text/template `_ package -describes all the details of the format. - -Examples -~~~~~~~~ - -Get an instance's IP Address -............................ - -For the most part, you can pick out any field from the JSON in a -fairly straightforward manner. - -.. code-block:: bash - - $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID - -List All Port Bindings -...................... - -One can loop over arrays and maps in the results to produce simple -text output: - -.. code-block:: bash - - $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID - -Find a Specific Port Mapping -............................ - -The ``.Field`` syntax doesn't work when the field name begins with a -number, but the template language's ``index`` function does. The -``.NetworkSettings.Ports`` section contains a map of the internal port -mappings to a list of external address/port objects, so to grab just -the numeric public port, you use ``index`` to find the specific port -map, and then ``index`` 0 contains first object inside of that. Then -we ask for the ``HostPort`` field to get the public address. - -.. code-block:: bash - - $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID - -Get config -.......... - -The ``.Field`` syntax doesn't work when the field contains JSON data, -but the template language's custom ``json`` function does. The ``.config`` -section contains complex json object, so to grab it as JSON, you use ``json`` -to convert config object into JSON - -.. code-block:: bash - - $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID - - -.. _cli_kill: - -``kill`` --------- - -:: - - Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - - Kill a running container (send SIGKILL, or specified signal) - - -s, --signal="KILL": Signal to send to the container - -The main process inside the container will be sent SIGKILL, or any signal specified with option ``--signal``. - -Known Issues (kill) -~~~~~~~~~~~~~~~~~~~ - -* :issue:`197` indicates that ``docker kill`` may leave directories - behind and make it difficult to remove the container. -* :issue:`3844` lxc 1.0.0 beta3 removed ``lcx-kill`` which is used by Docker versions before 0.8.0; - see the issue for a workaround. - -.. _cli_load: - -``load`` --------- - -:: - - Usage: docker load - - Load an image from a tar archive on STDIN - - -i, --input="": Read from a tar archive file, instead of STDIN - -Loads a tarred repository from a file or the standard input stream. -Restores both images and tags. - -.. code-block:: bash - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - $ sudo docker load < busybox.tar - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - $ sudo docker load --input fedora.tar - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - fedora rawhide 0d20aec6529d 7 weeks ago 387 MB - fedora 20 58394af37342 7 weeks ago 385.5 MB - fedora heisenbug 58394af37342 7 weeks ago 385.5 MB - fedora latest 58394af37342 7 weeks ago 385.5 MB - - -.. _cli_login: - -``login`` ---------- - -:: - - Usage: docker login [OPTIONS] [SERVER] - - Register or Login to the docker registry server - - -e, --email="": Email - -p, --password="": Password - -u, --username="": Username - - If you want to login to a private registry you can - specify this by adding the server name. - - example: - docker login localhost:8080 - - -.. _cli_logs: - -``logs`` --------- - -:: - - Usage: docker logs [OPTIONS] CONTAINER - - Fetch the logs of a container - - -f, --follow=false: Follow log output - -The ``docker logs`` command batch-retrieves all logs present at the time of execution. - -The ``docker logs --follow`` command combines ``docker logs`` and ``docker attach``: -it will first return all logs from the beginning and then continue streaming -new output from the container's stdout and stderr. - - -.. _cli_port: - -``port`` --------- - -:: - - Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT - - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT - - -.. _cli_ps: - -``ps`` ------- - -:: - - Usage: docker ps [OPTIONS] - - List containers - - -a, --all=false: Show all containers. Only running containers are shown by default. - --before="": Show only container created before Id or Name, include non-running ones. - -l, --latest=false: Show only the latest created container, include non-running ones. - -n=-1: Show n last created containers, include non-running ones. - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only display numeric IDs - -s, --size=false: Display sizes, not to be used with -q - --since="": Show only containers created since Id or Name, include non-running ones. - - -Running ``docker ps`` showing 2 linked containers. - -.. code-block:: bash - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db - -``docker ps`` will show only running containers by default. To see all containers: ``docker ps -a`` - -.. _cli_pull: - -``pull`` --------- - -:: - - Usage: docker pull NAME[:TAG] - - Pull an image or a repository from the registry - -Most of your images will be created on top of a base image from the -(https://index.docker.io). - -The Docker Index contains many pre-built images that you can ``pull`` and try -without needing to define and configure your own. - -To download a particular image, or set of images (i.e., a repository), -use ``docker pull``: - -.. code-block:: bash - - $ docker pull debian - # will pull all the images in the debian repository - $ docker pull debian:testing - # will pull only the image named debian:testing and any intermediate layers - # it is based on. (typically the empty `scratch` image, a MAINTAINERs layer, - # and the un-tared base. - -.. _cli_push: - -``push`` --------- - -:: - - Usage: docker push NAME[:TAG] - - Push an image or a repository to the registry - -Use ``docker push`` to share your images on public or private registries. - -.. _cli_restart: - -``restart`` ------------ - -:: - - Usage: docker restart [OPTIONS] NAME - - Restart a running container - - -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 - -.. _cli_rm: - -``rm`` ------- - -:: - - Usage: docker rm [OPTIONS] CONTAINER - - Remove one or more containers - -l, --link="": Remove the link instead of the actual container - -f, --force=false: Force removal of running container - -v, --volumes=false: Remove the volumes associated to the container - -Known Issues (rm) -~~~~~~~~~~~~~~~~~ - -* :issue:`197` indicates that ``docker kill`` may leave directories - behind and make it difficult to remove the container. - - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker rm /redis - /redis - - -This will remove the container referenced under the link ``/redis``. - - -.. code-block:: bash - - $ sudo docker rm --link /webapp/redis - /webapp/redis - - -This will remove the underlying link between ``/webapp`` and the ``/redis`` containers removing all -network communication. - -.. code-block:: bash - - $ sudo docker rm $(docker ps -a -q) - - -This command will delete all stopped containers. The command ``docker ps -a -q`` will return all -existing container IDs and pass them to the ``rm`` command which will delete them. Any running -containers will not be deleted. - -.. _cli_rmi: - -``rmi`` -------- - -:: - - Usage: docker rmi IMAGE [IMAGE...] - - Remove one or more images - - -f, --force=false: Force - --no-prune=false: Do not delete untagged parents - -Removing tagged images -~~~~~~~~~~~~~~~~~~~~~~ - -Images can be removed either by their short or long ID's, or their image names. -If an image has more than one name, each of them needs to be removed before the -image is removed. - -.. code-block:: bash - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - - $ sudo docker rmi fd484f19954f - Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories - 2013/12/11 05:47:16 Error: failed to remove one or more images - - $ sudo docker rmi test1 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - $ sudo docker rmi test2 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - $ sudo docker rmi test - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - - -.. _cli_run: - -``run`` -------- - -:: - - Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - - Run a command in a new container - - -a, --attach=map[]: Attach to stdin, stdout or stderr - -c, --cpu-shares=0: CPU shares (relative weight) - --cidfile="": Write the container ID to the file - -d, --detach=false: Detached mode: Run container in the background, print new container id - -e, --env=[]: Set environment variables - --env-file="": Read in a line delimited file of ENV variables - -h, --hostname="": Container host name - -i, --interactive=false: Keep stdin open even if not attached - --privileged=false: Give extended privileges to this container - -m, --memory="": Memory limit (format: , where unit = b, k, m or g) - -n, --networking=true: Enable networking for this container - -p, --publish=[]: Map a network port to the container - --rm=false: Automatically remove the container when it exits (incompatible with -d) - -t, --tty=false: Allocate a pseudo-tty - -u, --user="": Username or UID - --dns=[]: Set custom dns servers for the container - --dns-search=[]: Set custom DNS search domains for the container - -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - --entrypoint="": Overwrite the default entrypoint set by the image - -w, --workdir="": Working directory inside the container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - --expose=[]: Expose a port from the container without publishing it to your host - --link="": Add link to another container (name:alias) - --name="": Assign the specified name to the container. If no name is specific docker will generate a random name - -P, --publish-all=false: Publish all exposed ports to the host interfaces - -The ``docker run`` command first ``creates`` a writeable container layer over -the specified image, and then ``starts`` it using the specified command. That -is, ``docker run`` is equivalent to the API ``/containers/create`` then -``/containers/(id)/start``. -A stopped container can be restarted with all its previous changes intact using -``docker start``. See ``docker ps -a`` to view a list of all containers. - -The ``docker run`` command can be used in combination with ``docker commit`` to -:ref:`change the command that a container runs `. - -See :ref:`port_redirection` for more detailed information about the ``--expose``, -``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for -specific examples using ``--link``. - -Known Issues (run --volumes-from) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -* :issue:`2702`: "lxc-start: Permission denied - failed to mount" - could indicate a permissions problem with AppArmor. Please see the - issue for a workaround. - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" - -This will create a container and print ``test`` to the console. The -``cidfile`` flag makes Docker attempt to create a new file and write the -container ID to it. If the file exists already, Docker will return an -error. Docker will close this file when ``docker run`` exits. - -.. code-block:: bash - - $ sudo docker run -t -i --rm ubuntu bash - root@bc338942ef20:/# mount -t tmpfs none /mnt - mount: permission denied - - -This will *not* work, because by default, most potentially dangerous -kernel capabilities are dropped; including ``cap_sys_admin`` (which is -required to mount filesystems). However, the ``--privileged`` flag will -allow it to run: - -.. code-block:: bash - - $ sudo docker run --privileged ubuntu bash - root@50e3f57e16e6:/# mount -t tmpfs none /mnt - root@50e3f57e16e6:/# df -h - Filesystem Size Used Avail Use% Mounted on - none 1.9G 0 1.9G 0% /mnt - - -The ``--privileged`` flag gives *all* capabilities to the container, -and it also lifts all the limitations enforced by the ``device`` -cgroup controller. In other words, the container can then do almost -everything that the host can do. This flag exists to allow special -use-cases, like running Docker within Docker. - -.. code-block:: bash - - $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd - -The ``-w`` lets the command being executed inside directory given, -here ``/path/to/dir/``. If the path does not exists it is created inside the -container. - -.. code-block:: bash - - $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd - -The ``-v`` flag mounts the current working directory into the container. -The ``-w`` lets the command being executed inside the current -working directory, by changing into the directory to the value -returned by ``pwd``. So this combination executes the command -using the container, but inside the current working directory. - -.. code-block:: bash - - $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash - -When the host directory of a bind-mounted volume doesn't exist, Docker -will automatically create this directory on the host for you. In the -example above, Docker will create the ``/doesnt/exist`` folder before -starting your container. - -.. code-block:: bash - - $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh - -By bind-mounting the docker unix socket and statically linked docker binary -(such as that provided by https://get.docker.io), you give the container -the full access to create and manipulate the host's docker daemon. - -.. code-block:: bash - - $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash - -This binds port ``8080`` of the container to port ``80`` on ``127.0.0.1`` of the -host machine. :ref:`port_redirection` explains in detail how to manipulate ports -in Docker. - -.. code-block:: bash - - $ sudo docker run --expose 80 ubuntu bash - -This exposes port ``80`` of the container for use within a link without -publishing the port to the host system's interfaces. :ref:`port_redirection` -explains in detail how to manipulate ports in Docker. - -.. code-block:: bash - - $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash - -This sets environmental variables in the container. For illustration all three -flags are shown here. Where ``-e``, ``--env`` take an environment variable and -value, or if no "=" is provided, then that variable's current value is passed -through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All -three flags, ``-e``, ``--env`` and ``--env-file`` can be repeated. - -Regardless of the order of these three flags, the ``--env-file`` are processed -first, and then ``-e``/``--env`` flags. This way, the ``-e`` or ``--env`` will -override variables as needed. - -.. code-block:: bash - - $ cat ./env.list - TEST_FOO=BAR - $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO - TEST_FOO=This is a test - -The ``--env-file`` flag takes a filename as an argument and expects each line -to be in the VAR=VAL format, mimicking the argument passed to ``--env``. -Comment lines need only be prefixed with ``#`` - -An example of a file passed with ``--env-file`` - -.. code-block:: bash - - $ cat ./env.list - TEST_FOO=BAR - - # this is a comment - TEST_APP_DEST_HOST=10.10.0.127 - TEST_APP_DEST_PORT=8888 - - # pass through this variable from the caller - TEST_PASSTHROUGH - $ sudo TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env - HOME=/ - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - HOSTNAME=5198e0745561 - TEST_FOO=BAR - TEST_APP_DEST_HOST=10.10.0.127 - TEST_APP_DEST_PORT=8888 - TEST_PASSTHROUGH=howdy - - -.. code-block:: bash - - $ sudo docker run --name console -t -i ubuntu bash - -This will create and run a new container with the container name -being ``console``. - -.. code-block:: bash - - $ sudo docker run --link /redis:redis --name console ubuntu bash - -The ``--link`` flag will link the container named ``/redis`` into the -newly created container with the alias ``redis``. The new container -can access the network and environment of the redis container via -environment variables. The ``--name`` flag will assign the name ``console`` -to the newly created container. - -.. code-block:: bash - - $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd - -The ``--volumes-from`` flag mounts all the defined volumes from the -referenced containers. Containers can be specified by a comma separated -list or by repetitions of the ``--volumes-from`` argument. The container -ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in -read-only or read-write mode, respectively. By default, the volumes are mounted -in the same mode (read write or read only) as the reference container. - -The ``-a`` flag tells ``docker run`` to bind to the container's stdin, stdout -or stderr. This makes it possible to manipulate the output and input as needed. - -.. code-block:: bash - - $ sudo echo "test" | docker run -i -a stdin ubuntu cat - - -This pipes data into a container and prints the container's ID by attaching -only to the container's stdin. - -.. code-block:: bash - - $ sudo docker run -a stderr ubuntu echo test - -This isn't going to print anything unless there's an error because we've only -attached to the stderr of the container. The container's logs still store -what's been written to stderr and stdout. - -.. code-block:: bash - - $ sudo cat somefile | docker run -i -a stdin mybuilder dobuild - -This is how piping a file into a container could be done for a build. -The container's ID will be printed after the build is done and the build logs -could be retrieved using ``docker logs``. This is useful if you need to pipe -a file or something else into a container and retrieve the container's ID once -the container has finished running. - - -A complete example -.................. - -.. code-block:: bash - - $ sudo docker run -d --name static static-web-files sh - $ sudo docker run -d --expose=8098 --name riak riakserver - $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver - $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver - $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log - -This example shows 5 containers that might be set up to test a web application change: - -1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has CSS, image and static HTML in it, (with a ``VOLUME`` instruction in the ``Dockerfile`` to allow the web server to use those files); -2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it; -3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; -4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org`` and DNS search domain to ``dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; -5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``--rm`` option means that when the container exits, the container's layer is removed. - - -.. _cli_save: - -``save`` ---------- - -:: - - Usage: docker save IMAGE - - Save an image to a tar archive (streamed to stdout by default) - - -o, --output="": Write to an file, instead of STDOUT - - -Produces a tarred repository to the standard output stream. -Contains all parent layers, and all tags + versions, or specified repo:tag. - -It is used to create a backup that can then be used with ``docker load`` - -.. code-block:: bash - - $ sudo docker save busybox > busybox.tar - $ ls -sh b.tar - 2.7M b.tar - $ sudo docker save --output busybox.tar busybox - $ ls -sh b.tar - 2.7M b.tar - $ sudo docker save -o fedora-all.tar fedora - $ sudo docker save -o fedora-latest.tar fedora:latest - - -.. _cli_search: - -``search`` ----------- - -:: - - Usage: docker search TERM - - Search the docker index for images - - --no-trunc=false: Don't truncate output - -s, --stars=0: Only displays with at least xxx stars - -t, --trusted=false: Only show trusted builds - -See :ref:`searching_central_index` for more details on finding shared images -from the commandline. - -.. _cli_start: - -``start`` ---------- - -:: - - Usage: docker start [OPTIONS] CONTAINER - - Start a stopped container - - -a, --attach=false: Attach container᾿s stdout/stderr and forward all signals to the process - -i, --interactive=false: Attach container᾿s stdin - -.. _cli_stop: - -``stop`` --------- - -:: - - Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - - Stop a running container (Send SIGTERM, and then SIGKILL after grace period) - - -t, --time=10: Number of seconds to wait for the container to stop before killing it. - -The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL - -.. _cli_tag: - -``tag`` -------- - -:: - - Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] - - Tag an image into a repository - - -f, --force=false: Force - -You can group your images together using names and -tags, and then upload them to :ref:`working_with_the_repository`. - -.. _cli_top: - -``top`` -------- - -:: - - Usage: docker top CONTAINER [ps OPTIONS] - - Lookup the running processes of a container - -.. _cli_version: - -``version`` ------------ - -Show the version of the Docker client, daemon, and latest released version. - - -.. _cli_wait: - -``wait`` --------- - -:: - - Usage: docker wait [OPTIONS] NAME - - Block until a container stops, then print its exit code. diff --git a/docs/sources/reference/commandline/index.rst b/docs/sources/reference/commandline/index.rst deleted file mode 100644 index 5536e1012e..0000000000 --- a/docs/sources/reference/commandline/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -:title: Commands -:description: docker command line interface -:keywords: commands, command line, help, docker - - -Commands -======== - -Contents: - -.. toctree:: - :maxdepth: 1 - - cli diff --git a/docs/sources/reference/index.rst b/docs/sources/reference/index.rst deleted file mode 100644 index d35a19b93d..0000000000 --- a/docs/sources/reference/index.rst +++ /dev/null @@ -1,18 +0,0 @@ -:title: Docker Reference Manual -:description: References -:keywords: docker, references, api, command line, commands - -.. _references: - -Reference Manual -================ - -Contents: - -.. toctree:: - :maxdepth: 1 - - commandline/index - builder - run - api/index diff --git a/docs/sources/reference/run.rst b/docs/sources/reference/run.rst deleted file mode 100644 index 0e6247ea28..0000000000 --- a/docs/sources/reference/run.rst +++ /dev/null @@ -1,418 +0,0 @@ -:title: Docker Run Reference -:description: Configure containers at runtime -:keywords: docker, run, configure, runtime - -.. _run_docker: - -==================== -Docker Run Reference -==================== - -**Docker runs processes in isolated containers**. When an operator -executes ``docker run``, she starts a process with its own file -system, its own networking, and its own isolated process tree. The -:ref:`image_def` which starts the process may define defaults related -to the binary to run, the networking to expose, and more, but ``docker -run`` gives final control to the operator who starts the container -from the image. That's the main reason :ref:`cli_run` has more options -than any other ``docker`` command. - -Every one of the :ref:`example_list` shows running containers, and so -here we try to give more in-depth guidance. - -.. _run_running: - -General Form -============ - -As you've seen in the :ref:`example_list`, the basic `run` command -takes this form:: - - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - -To learn how to interpret the types of ``[OPTIONS]``, see -:ref:`cli_options`. - -The list of ``[OPTIONS]`` breaks down into two groups: - -1. Settings exclusive to operators, including: - - * Detached or Foreground running, - * Container Identification, - * Network settings, and - * Runtime Constraints on CPU and Memory - * Privileges and LXC Configuration - -2. Setting shared between operators and developers, where operators - can override defaults developers set in images at build time. - -Together, the ``docker run [OPTIONS]`` give complete control over -runtime behavior to the operator, allowing them to override all -defaults set by the developer during ``docker build`` and nearly all -the defaults set by the Docker runtime itself. - -Operator Exclusive Options -========================== - -Only the operator (the person executing ``docker run``) can set the -following options. - -.. contents:: - :local: - -Detached vs Foreground ----------------------- - -When starting a Docker container, you must first decide if you want to -run the container in the background in a "detached" mode or in the -default foreground mode:: - - -d=false: Detached mode: Run container in the background, print new container id - -Detached (-d) -............. - -In detached mode (``-d=true`` or just ``-d``), all I/O should be done -through network connections or shared volumes because the container is -no longer listening to the commandline where you executed ``docker -run``. You can reattach to a detached container with ``docker`` -:ref:`cli_attach`. If you choose to run a container in the detached -mode, then you cannot use the ``--rm`` option. - -Foreground -.......... - -In foreground mode (the default when ``-d`` is not specified), -``docker run`` can start the process in the container and attach the -console to the process's standard input, output, and standard -error. It can even pretend to be a TTY (this is what most commandline -executables expect) and pass along signals. All of that is -configurable:: - - -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` - -t=false : Allocate a pseudo-tty - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -i=false : Keep STDIN open even if not attached - -If you do not specify ``-a`` then Docker will `attach everything -(stdin,stdout,stderr) -`_. You -can specify to which of the three standard streams (``stdin``, ``stdout``, -``stderr``) you'd like to connect instead, as in:: - - docker run -a stdin -a stdout -i -t ubuntu /bin/bash - -For interactive processes (like a shell) you will typically want a tty -as well as persistent standard input (``stdin``), so you'll use ``-i --t`` together in most interactive cases. - -Container Identification ------------------------- - -Name (--name) -............. - -The operator can identify a container in three ways: - -* UUID long identifier ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") -* UUID short identifier ("f78375b1c487") -* Name ("evil_ptolemy") - -The UUID identifiers come from the Docker daemon, and if you do not -assign a name to the container with ``--name`` then the daemon will -also generate a random string name too. The name can become a handy -way to add meaning to a container since you can use this name when -defining :ref:`links ` (or any other place -you need to identify a container). This works for both background and -foreground Docker containers. - -PID Equivalent -.............. - -And finally, to help with automation, you can have Docker write the -container ID out to a file of your choosing. This is similar to how -some programs might write out their process ID to a file (you've seen -them as PID files):: - - --cidfile="": Write the container ID to the file - -Network Settings ----------------- - -:: - - -n=true : Enable networking for this container - --dns=[] : Set custom dns servers for the container - -By default, all containers have networking enabled and they can make -any outgoing connections. The operator can completely disable -networking with ``docker run -n`` which disables all incoming and outgoing -networking. In cases like this, you would perform I/O through files or -STDIN/STDOUT only. - -Your container will use the same DNS servers as the host by default, -but you can override this with ``--dns``. - -Clean Up (--rm) ---------------- - -By default a container's file system persists even after the container -exits. This makes debugging a lot easier (since you can inspect the -final state) and you retain all your data by default. But if you are -running short-term **foreground** processes, these container file -systems can really pile up. If instead you'd like Docker to -**automatically clean up the container and remove the file system when -the container exits**, you can add the ``--rm`` flag:: - - --rm=false: Automatically remove the container when it exits (incompatible with -d) - - -Runtime Constraints on CPU and Memory -------------------------------------- - -The operator can also adjust the performance parameters of the container:: - - -m="": Memory limit (format: , where unit = b, k, m or g) - -c=0 : CPU shares (relative weight) - -The operator can constrain the memory available to a container easily -with ``docker run -m``. If the host supports swap memory, then the -``-m`` memory setting can be larger than physical RAM. - -Similarly the operator can increase the priority of this container -with the ``-c`` option. By default, all containers run at the same -priority and get the same proportion of CPU cycles, but you can tell -the kernel to give more shares of CPU time to one or more containers -when you start them via Docker. - -Runtime Privilege and LXC Configuration ---------------------------------------- - -:: - - --privileged=false: Give extended privileges to this container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -By default, Docker containers are "unprivileged" and cannot, for -example, run a Docker daemon inside a Docker container. This is -because by default a container is not allowed to access any devices, -but a "privileged" container is given access to all devices (see -lxc-template.go_ and documentation on `cgroups devices -`_). - -When the operator executes ``docker run --privileged``, Docker will -enable to access to all devices on the host as well as set some -configuration in AppArmor to allow the container nearly all the same -access to the host as processes running outside containers on the -host. Additional information about running with ``--privileged`` is -available on the `Docker Blog -`_. - -If the Docker daemon was started using the ``lxc`` exec-driver -(``docker -d --exec-driver=lxc``) then the operator can also specify -LXC options using one or more ``--lxc-conf`` parameters. These can be -new parameters or override existing parameters from the lxc-template.go_. -Note that in the future, a given host's Docker daemon may not use LXC, -so this is an implementation-specific configuration meant for operators -already familiar with using LXC directly. - -.. _lxc-template.go: https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go - - -Overriding ``Dockerfile`` Image Defaults -======================================== - -When a developer builds an image from a :ref:`Dockerfile -` or when she commits it, the developer can set a -number of default parameters that take effect when the image starts up -as a container. - -Four of the ``Dockerfile`` commands cannot be overridden at runtime: -``FROM, MAINTAINER, RUN``, and ``ADD``. Everything else has a -corresponding override in ``docker run``. We'll go through what the -developer might have set in each ``Dockerfile`` instruction and how the -operator can override that setting. - -.. contents:: - :local: - -CMD (Default Command or Options) --------------------------------- - -Recall the optional ``COMMAND`` in the Docker commandline:: - - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - -This command is optional because the person who created the ``IMAGE`` -may have already provided a default ``COMMAND`` using the ``Dockerfile`` -``CMD``. As the operator (the person running a container from the -image), you can override that ``CMD`` just by specifying a new -``COMMAND``. - -If the image also specifies an ``ENTRYPOINT`` then the ``CMD`` or -``COMMAND`` get appended as arguments to the ``ENTRYPOINT``. - - -ENTRYPOINT (Default Command to Execute at Runtime -------------------------------------------------- - -:: - - --entrypoint="": Overwrite the default entrypoint set by the image - -The ENTRYPOINT of an image is similar to a ``COMMAND`` because it -specifies what executable to run when the container starts, but it is -(purposely) more difficult to override. The ``ENTRYPOINT`` gives a -container its default nature or behavior, so that when you set an -``ENTRYPOINT`` you can run the container *as if it were that binary*, -complete with default options, and you can pass in more options via -the ``COMMAND``. But, sometimes an operator may want to run something else -inside the container, so you can override the default ``ENTRYPOINT`` at -runtime by using a string to specify the new ``ENTRYPOINT``. Here is an -example of how to run a shell in a container that has been set up to -automatically run something else (like ``/usr/bin/redis-server``):: - - docker run -i -t --entrypoint /bin/bash example/redis - -or two examples of how to pass more parameters to that ENTRYPOINT:: - - docker run -i -t --entrypoint /bin/bash example/redis -c ls -l - docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help - - -EXPOSE (Incoming Ports) ------------------------ - -The ``Dockerfile`` doesn't give much control over networking, only -providing the ``EXPOSE`` instruction to give a hint to the operator -about what incoming ports might provide services. The following -options work with or override the ``Dockerfile``'s exposed defaults:: - - --expose=[]: Expose a port from the container - without publishing it to your host - -P=false : Publish all exposed ports to the host interfaces - -p=[] : Publish a container's port to the host (format: - ip:hostPort:containerPort | ip::containerPort | - hostPort:containerPort) - (use 'docker port' to see the actual mapping) - --link="" : Add link to another container (name:alias) - -As mentioned previously, ``EXPOSE`` (and ``--expose``) make a port -available **in** a container for incoming connections. The port number -on the inside of the container (where the service listens) does not -need to be the same number as the port exposed on the outside of the -container (where clients connect), so inside the container you might -have an HTTP service listening on port 80 (and so you ``EXPOSE 80`` in -the ``Dockerfile``), but outside the container the port might be 42800. - -To help a new client container reach the server container's internal -port operator ``--expose``'d by the operator or ``EXPOSE``'d by the -developer, the operator has three choices: start the server container -with ``-P`` or ``-p,`` or start the client container with ``--link``. - -If the operator uses ``-P`` or ``-p`` then Docker will make the -exposed port accessible on the host and the ports will be available to -any client that can reach the host. To find the map between the host -ports and the exposed ports, use ``docker port``) - -If the operator uses ``--link`` when starting the new client container, -then the client container can access the exposed port via a private -networking interface. Docker will set some environment variables in -the client container to help indicate which interface and port to use. - -ENV (Environment Variables) ---------------------------- - -The operator can **set any environment variable** in the container by -using one or more ``-e`` flags, even overriding those already defined by the -developer with a Dockefile ``ENV``:: - - $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export - declare -x HOME="/" - declare -x HOSTNAME="85bc26a0e200" - declare -x OLDPWD - declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - declare -x PWD="/" - declare -x SHLVL="1" - declare -x container="lxc" - declare -x deep="purple" - -Similarly the operator can set the **hostname** with ``-h``. - -``--link name:alias`` also sets environment variables, using the -*alias* string to define environment variables within the container -that give the IP and PORT information for connecting to the service -container. Let's imagine we have a container running Redis:: - - # Start the service container, named redis-name - $ docker run -d --name redis-name dockerfiles/redis - 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 - - # The redis-name container exposed port 6379 - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4241164edf6f dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name - - # Note that there are no public ports exposed since we didn't use -p or -P - $ docker port 4241164edf6f 6379 - 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f - - -Yet we can get information about the Redis container's exposed ports -with ``--link``. Choose an alias that will form a valid environment -variable! - -:: - - $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export - declare -x HOME="/" - declare -x HOSTNAME="acda7f7b1cdc" - declare -x OLDPWD - declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - declare -x PWD="/" - declare -x REDIS_ALIAS_NAME="/distracted_wright/redis" - declare -x REDIS_ALIAS_PORT="tcp://172.17.0.32:6379" - declare -x REDIS_ALIAS_PORT_6379_TCP="tcp://172.17.0.32:6379" - declare -x REDIS_ALIAS_PORT_6379_TCP_ADDR="172.17.0.32" - declare -x REDIS_ALIAS_PORT_6379_TCP_PORT="6379" - declare -x REDIS_ALIAS_PORT_6379_TCP_PROTO="tcp" - declare -x SHLVL="1" - declare -x container="lxc" - -And we can use that information to connect from another container as a client:: - - $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' - 172.17.0.32:6379> - -VOLUME (Shared Filesystems) ---------------------------- - -:: - - -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. - If "container-dir" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - -The volumes commands are complex enough to have their own -documentation in section :ref:`volume_def`. A developer can define one -or more ``VOLUME``\s associated with an image, but only the operator can -give access from one container to another (or from a container to a -volume mounted on the host). - -USER ----- - -The default user within a container is ``root`` (id = 0), but if the -developer created additional users, those are accessible too. The -developer can set a default user to run the first process with the -``Dockerfile USER`` command, but the operator can override it :: - - -u="": Username or UID - -WORKDIR -------- - -The default working directory for running binaries within a container is the root directory (``/``), but the developer can set a different default with the ``Dockerfile WORKDIR`` command. The operator can override this with:: - - -w="": Working directory inside the container - From 381334d3d2e5eb3802db1ec832b376b84ae42e74 Mon Sep 17 00:00:00 2001 From: Alexandr Morozov Date: Wed, 2 Apr 2014 23:26:06 +0400 Subject: [PATCH 0137/2538] Timestamps for docker logs. Fixes #1165 Docker-DCO-1.1-Signed-off-by: Alexandr Morozov (github: LK4D4) --- docs/sources/reference/commandline/cli.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 75a5be33b6..49e5860ea9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -649,13 +649,14 @@ Fetch the logs of a container Usage: docker logs [OPTIONS] CONTAINER -f, --follow=false: Follow log output + -t, --timestamps=false: Show timestamps The `docker logs` command batch-retrieves all logs present at the time of execution. -The `docker logs --follow` command combines `docker logs` and `docker -attach`: it will first return all logs from the beginning and then -continue streaming new output from the container'sstdout and stderr. +The ``docker logs --follow`` command will first return all logs from the +beginning and then continue streaming new output from the container's stdout +and stderr. ## port From b8073c74a7cb9c5104d341bef7bfd105f93dc6d8 Mon Sep 17 00:00:00 2001 From: "O.S.Tezer" Date: Thu, 1 May 2014 17:13:34 +0300 Subject: [PATCH 0138/2538] Improve code/comment/output markings & display consistency This PR aims to increase the consistency across the docs for code blocks and code/comment/output markings. Rule followed here is "what's visible on the screen should be reflected" Issue: - Docs had various code blocks showing: comments, commands & outputs. - All three of these items were inconsistently marked. Some examples as to how this PR aims to introduce improvements: 1. Removed `> ` from in front of the "outputs". Eg, ` > REPOSITORY TAG ID CREATED` replaced with: ` REPOSITORY TAG ID CREATED`. 2. Introduced `$` for commands. Eg, ` sudo chkconfig docker on` replaced with: ` $ sudo chkconfig docker on` 3. Comments: ` > # ` replaced with: ` # `. > Please note: > Due to a vast amount of items reviewed and changed for this PR, there > might be some individually incorrect replacements OR patterns of incorrect > replacements. This PR needs to be reviewed and if there is anything missing, > it should be improved or amended. Closes: https://github.com/dotcloud/docker/issues/5286 Docker-DCO-1.1-Signed-off-by: O.S. Tezer (github: ostezer) --- docs/sources/reference/builder.md | 4 ++-- docs/sources/reference/commandline/cli.md | 16 ++++++++-------- docs/sources/reference/run.md | 14 +++++++------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 3e278425c2..98e9e0f544 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -18,7 +18,7 @@ This file will describe the steps to assemble the image. Then call `docker build` with the path of you source repository as argument (for example, `.`): - sudo docker build . + $ sudo docker build . The path to the source repository defines where to find the *context* of the build. The build is run by the Docker daemon, not by the CLI, so the @@ -28,7 +28,7 @@ whole context must be transferred to the daemon. The Docker CLI reports You can specify a repository and tag at which to save the new image if the build succeeds: - sudo docker build -t shykes/myapp . + $ sudo docker build -t shykes/myapp . The Docker daemon will run your steps one-by-one, committing the result to a new image if necessary, before finally outputting the ID of your diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 49e5860ea9..cfcab2af47 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -35,11 +35,11 @@ will set the value to the opposite of the default value. Options like `-a=[]` indicate they can be specified multiple times: - docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash + $ docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash Sometimes this can use a more complex value string, as for `-v`: - docker run -v /host:/container example/mysql + $ docker run -v /host:/container example/mysql ### Strings and Integers @@ -100,10 +100,10 @@ To use lxc as the execution driver, use `docker -d -e lxc`. The docker client will also honor the `DOCKER_HOST` environment variable to set the `-H` flag for the client. - docker -H tcp://0.0.0.0:4243 ps + $ docker -H tcp://0.0.0.0:4243 ps # or - export DOCKER_HOST="tcp://0.0.0.0:4243" - docker ps + $ export DOCKER_HOST="tcp://0.0.0.0:4243" + $ docker ps # both are equal To run the daemon with [systemd socket activation]( @@ -448,7 +448,7 @@ by default. 77af4d6b9913 19 hours ago 1.089 GB committest latest b6fa739cedf5 19 hours ago 1.089 GB 78a85c484f71 19 hours ago 1.089 GB - docker latest 30557a29d5ab 20 hours ago 1.089 GB + $ docker latest 30557a29d5ab 20 hours ago 1.089 GB 0124422dd9f9 20 hours ago 1.089 GB 18ad6fad3402 22 hours ago 1.082 GB f9f1e26352f0 23 hours ago 1.089 GB @@ -462,7 +462,7 @@ by default. 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB + $ docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB @@ -640,7 +640,7 @@ If you want to login to a private registry you can specify this by adding the server name. example: - docker login localhost:8080 + $ docker login localhost:8080 ## logs diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 9de08ec1a6..a8acb97071 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -22,7 +22,7 @@ running containers, and so here we try to give more in-depth guidance. As you`ve seen in the [*Examples*](/examples/#example-list), the basic run command takes this form: - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] To learn how to interpret the types of `[OPTIONS]`, see [*Option types*](/commandline/cli/#cli-options). @@ -99,7 +99,7 @@ https://github.com/dotcloud/docker/blob/ of the three standard streams (`stdin`, `stdout`, `stderr`) you'd like to connect instead, as in: - docker run -a stdin -a stdout -i -t ubuntu /bin/bash + $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash For interactive processes (like a shell) you will typically want a tty as well as persistent standard input (`stdin`), so you'll use `-i -t` together in most @@ -233,7 +233,7 @@ Dockerfile instruction and how the operator can override that setting. Recall the optional `COMMAND` in the Docker commandline: - docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] This command is optional because the person who created the `IMAGE` may have already provided a default `COMMAND` using the Dockerfile `CMD`. As the @@ -259,12 +259,12 @@ runtime by using a string to specify the new `ENTRYPOINT`. Here is an example of how to run a shell in a container that has been set up to automatically run something else (like `/usr/bin/redis-server`): - docker run -i -t --entrypoint /bin/bash example/redis + $ docker run -i -t --entrypoint /bin/bash example/redis or two examples of how to pass more parameters to that ENTRYPOINT: - docker run -i -t --entrypoint /bin/bash example/redis -c ls -l - docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help + $ docker run -i -t --entrypoint /bin/bash example/redis -c ls -l + $ docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help ## EXPOSE (Incoming Ports) @@ -335,7 +335,7 @@ container running Redis: # The redis-name container exposed port 6379 $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4241164edf6f dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name + 4241164edf6f $ dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name # Note that there are no public ports exposed since we didn᾿t use -p or -P $ docker port 4241164edf6f 6379 From c617aa0ea79f5d315b5085d027fb8b6b91e6e52a Mon Sep 17 00:00:00 2001 From: Felix Rabe Date: Fri, 2 May 2014 23:13:28 +0200 Subject: [PATCH 0139/2538] cli.md: Add another sudo --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index cfcab2af47..59c15ccd49 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -498,7 +498,7 @@ Import to docker via pipe and *stdin*. **Import from a local directory:** - $ sudo tar -c . | docker import - exampleimagedir + $ sudo tar -c . | sudo docker import - exampleimagedir Note the `sudo` in this example – you must preserve the ownership of the files (especially root ownership) during the From 12d91c513759657015c023b36c98f9a0566dc3a4 Mon Sep 17 00:00:00 2001 From: Felix Rabe Date: Fri, 2 May 2014 22:56:35 +0200 Subject: [PATCH 0140/2538] cli.md: Add space --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 59c15ccd49..c1e81227d2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -991,7 +991,7 @@ optionally suffixed with `:ro` or `:rw` to mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted in the same mode (read write or read only) as the reference container. -The `-a` flag tells `docker run` to bind to the container'sstdin, stdout or +The `-a` flag tells `docker run` to bind to the container's stdin, stdout or stderr. This makes it possible to manipulate the output and input as needed. $ sudo echo "test" | docker run -i -a stdin ubuntu cat - From a3595e6a6ee7e3990a5d92e05d7b8c63dccc36f4 Mon Sep 17 00:00:00 2001 From: Felix Rabe Date: Sat, 3 May 2014 02:11:00 +0200 Subject: [PATCH 0141/2538] run.md: Convert some backticks to apo's --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index a8acb97071..97012873d2 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -291,7 +291,7 @@ the container you might have an HTTP service listening on port 80 (and so you 42800. To help a new client container reach the server container's internal port -operator `--expose``d by the operator or `EXPOSE``d by the developer, the +operator `--expose`'d by the operator or `EXPOSE`'d by the developer, the operator has three choices: start the server container with `-P` or `-p,` or start the client container with `--link`. From e134bb174e27153cc9973f8034eb47511d3a7ec8 Mon Sep 17 00:00:00 2001 From: Felix Rabe Date: Fri, 2 May 2014 16:53:59 +0200 Subject: [PATCH 0142/2538] cli.md: Fix up Markdown formatting by adding one ` --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c1e81227d2..c55455c9d2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -244,7 +244,7 @@ See also: This example specifies that the `PATH` is `.`, and so all the files in the local directory get -tar`d and sent to the Docker daemon. The `PATH` +`tar`d and sent to the Docker daemon. The `PATH` specifies where to find the files for the "context" of the build on the Docker daemon. Remember that the daemon could be running on a remote machine and that no parsing of the Dockerfile From 2d514f754390b6a2d25456473a71f9481d1128cc Mon Sep 17 00:00:00 2001 From: Felix Rabe Date: Fri, 2 May 2014 22:59:43 +0200 Subject: [PATCH 0143/2538] cli.md: sudo at the right place Docker-DCO-1.1-Signed-off-by: Felix Rabe (github: felixrabe) --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c55455c9d2..e0d3c6a57d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -994,7 +994,7 @@ the same mode (read write or read only) as the reference container. The `-a` flag tells `docker run` to bind to the container's stdin, stdout or stderr. This makes it possible to manipulate the output and input as needed. - $ sudo echo "test" | docker run -i -a stdin ubuntu cat - + $ echo "test" | sudo docker run -i -a stdin ubuntu cat - This pipes data into a container and prints the container's ID by attaching only to the container'sstdin. @@ -1005,7 +1005,7 @@ This isn't going to print anything unless there's an error because We've only attached to the stderr of the container. The container's logs still store what's been written to stderr and stdout. - $ sudo cat somefile | docker run -i -a stdin mybuilder dobuild + $ cat somefile | sudo docker run -i -a stdin mybuilder dobuild This is how piping a file into a container could be done for a build. The container's ID will be printed after the build is done and the build From 4cf7b28b9ad2c5150fbc73c90d0ad28ea5203400 Mon Sep 17 00:00:00 2001 From: Felix Rabe Date: Sat, 3 May 2014 02:20:59 +0200 Subject: [PATCH 0144/2538] run.md: Close braces Docker-DCO-1.1-Signed-off-by: Felix Rabe (github: felixrabe) --- docs/sources/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 97012873d2..0125394d4f 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -220,7 +220,7 @@ in `docker run`. We'll go through what the developer might have set in each Dockerfile instruction and how the operator can override that setting. - [CMD (Default Command or Options)](#cmd-default-command-or-options) - - [ENTRYPOINT (Default Command to Execute at Runtime]( + - [ENTRYPOINT (Default Command to Execute at Runtime)]( #entrypoint-default-command-to-execute-at-runtime) - [EXPOSE (Incoming Ports)](#expose-incoming-ports) - [ENV (Environment Variables)](#env-environment-variables) @@ -243,7 +243,7 @@ operator (the person running a container from the image), you can override that If the image also specifies an `ENTRYPOINT` then the `CMD` or `COMMAND` get appended as arguments to the `ENTRYPOINT`. -## ENTRYPOINT (Default Command to Execute at Runtime +## ENTRYPOINT (Default Command to Execute at Runtime) --entrypoint="": Overwrite the default entrypoint set by the image From df1d6ee94616f8063e9bccd373d1673b02124f6b Mon Sep 17 00:00:00 2001 From: Felix Rabe Date: Fri, 2 May 2014 23:27:39 +0200 Subject: [PATCH 0145/2538] cli.md: More typos I've seen one other missing space that I addressed in another PR already. I don't know whether that is a common occurrence in the docs. About the second diff chunk, it looks like some copy-paste mistake to me. Docker-DCO-1.1-Signed-off-by: Felix Rabe (github: felixrabe) --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e0d3c6a57d..1bbc3585fd 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -537,7 +537,7 @@ Return low-level information on a container/image By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. -Go's[text/template](http://golang.org/pkg/text/template/) package +Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. ### Examples @@ -798,7 +798,7 @@ removed before the image is removed. $ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) $ sudo docker rmi test Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 From 0137184cb660fdb065b317eed73af76d50c09440 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 5 May 2014 10:38:44 +1000 Subject: [PATCH 0146/2538] Rearrange the existing info a little, and add example style guide Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/README.md | 55 +++++++++++++++++++++++++------------------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/docs/README.md b/docs/README.md index bbc741d593..47b390bda4 100755 --- a/docs/README.md +++ b/docs/README.md @@ -1,8 +1,4 @@ -Docker Documentation -==================== - -Overview --------- +# Docker Documentation The source for Docker documentation is here under `sources/` and uses extended Markdown, as implemented by [mkdocs](http://mkdocs.org). @@ -37,8 +33,13 @@ may include features not yet part of any official docker release. The development and `docs.docker.io` (which points to the `docs` branch`) should be used for the latest official release. -Getting Started ---------------- +## Contributing + +- Follow the contribution guidelines ([see + `../CONTRIBUTING.md`](../CONTRIBUTING.md)). +- [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) + +## Getting Started Docker documentation builds are done in a Docker container, which installs all the required tools, adds the local `docs/` directory and @@ -47,40 +48,40 @@ you can connect and see your changes. In the root of the `docker` source directory: - cd docker - -Run: - make docs If you have any issues you need to debug, you can use `make docs-shell` and then run `mkdocs serve` -# Contributing +### Examples -* Follow the contribution guidelines ([see - `../CONTRIBUTING.md`](../CONTRIBUTING.md)). -* [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) +When writing examples give the user hints by making them resemble what +they see in their shell: -Working using GitHub's file editor ----------------------------------- +- Indent shell examples by 4 spaces so they get rendered as code. +- Start typed commands with `$ ` (dollar space), so that they are easily +differentiated from program output. +- Program output has no prefix. +- Comments begin with `# ` (hash space). +- In-container shell commands begin with `$$ ` (dollar dollar space). -Alternatively, for small changes and typos you might want to use -GitHub's built in file editor. It allows you to preview your changes -right on-line (though there can be some differences between GitHub -Markdown and mkdocs Markdown). Just be careful not to create many commits. -And you must still [sign your work!](../CONTRIBUTING.md#sign-your-work) - -Images ------- +### Images When you need to add images, try to make them as small as possible (e.g. as gifs). Usually images should go in the same directory as the `.md` file which references them, or in a subdirectory if one already exists. -Publishing Documentation ------------------------- +## Working using GitHub's file editor + +Alternatively, for small changes and typos you might want to use +GitHub's built in file editor. It allows you to preview your changes +right on-line (though there can be some differences between GitHub +Markdown and [MkDocs Markdown](http://www.mkdocs.org/user-guide/writing-your-docs/)). +Just be careful not to create many commits. And you must still +[sign your work!](../CONTRIBUTING.md#sign-your-work) + +## Publishing Documentation To publish a copy of the documentation you need a `docs/awsconfig` file containing AWS settings to deploy to. The release script will From 4e22cf681ebb25beb7095f3d26f6ed7720732155 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Fri, 2 May 2014 15:32:26 -0700 Subject: [PATCH 0147/2538] Add docs for --net flag Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) --- docs/sources/reference/run.md | 46 +++++++++++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 0125394d4f..521e8010e2 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -136,8 +136,8 @@ PID files): ## Network Settings - -n=true : Enable networking for this container - --dns=[] : Set custom dns servers for the container + --dns=[] : Set custom dns servers for the container + --net=bridge : Set the network mode By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking @@ -148,6 +148,48 @@ files or STDIN/STDOUT only. Your container will use the same DNS servers as the host by default, but you can override this with `--dns`. +Supported networking modes are: + +* none - no networking in the container +* bridge - (default) connect the container to the bridge via veth interfaces +* host - use the host's network stack inside the container +* container - use another container's network stack + +#### Mode: none +With the networking mode set to `none` a container will not have a access to +any external routes. The container will still have a `loopback` interface +enabled in the container but it does not have any routes to external traffic. + +#### Mode: bridge +With the networking mode set to `bridge` a container will use docker's default +networking setup. A bridge is setup on the host, commonly named `docker0`, +and a pair of veth interfaces will be created for the container. One side of +the veth pair will remain on the host attached to the bridge while the other +side of the pair will be placed inside the container's namespaces in addition +to the `loopback` interface. An IP address will be allocated for containers +on the bridge's network and trafic will be routed though this bridge to the +container. + +#### Mode: host +With the networking mode set to `host` a container will share the host's +network stack and all interfaces from the host will be available to the +container. The container's hostname will match the hostname on the host +system. Publishing ports and linking to other containers will not work +when sharing the host's network stack. + +#### Mode: container +With the networking mode set to `container` a container will share the +network stack of another container. The other container's name must be +provided in the format of `--net container:`. + +Example running a redis container with redis binding to localhost then +running the redis-cli and connecting to the redis server over the +localhost interface. + + $ docker run -d --name redis example/redis --bind 127.0.0.1 + $ # use the redis container's network stack to access localhost + $ docker run --rm -ti --net container:redis example/redis-cli -h 127.0.0.1 + ## Clean Up (–rm) By default a container's file system persists even after the container From 2ff41c5365766576893cf7b2db49b78285524314 Mon Sep 17 00:00:00 2001 From: Bryan Murphy Date: Mon, 7 Apr 2014 18:34:07 +0000 Subject: [PATCH 0148/2538] add linked containers to hosts file Docker-DCO-1.1-Signed-off-by: Bryan Murphy (github: bmurphy1976) Docker-DCO-1.1-Signed-off-by: Solomon Hykes (github: shykes) Tested-by: Solomon Hykes (github: shykes) --- docs/sources/reference/run.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 521e8010e2..b6cb0a08fe 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -1,4 +1,4 @@ -page_title: Docker Run Reference +page_title: Docker Run Reference page_description: Configure containers at runtime page_keywords: docker, run, configure, runtime @@ -407,6 +407,13 @@ And we can use that information to connect from another container as a client: $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' 172.17.0.32:6379> +Docker will also map the private IP address to the alias of a linked +container by inserting an entry into `/etc/hosts`. You can use this +mechanism to communicate with a linked container by its alias: + + $ docker run -d --name servicename busybox sleep 30 + $ docker run -i -t --link servicename:servicealias busybox ping -c 1 servicealias + ## VOLUME (Shared Filesystems) -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. From 35c4f1426e03f2a9a6df17b2c76e1dad630b190b Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 6 May 2014 20:26:44 +1000 Subject: [PATCH 0149/2538] Update the run --net cli help to include the 'host' option and then add that to the run and cli docs Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 32 +++++++++++------------ docs/sources/reference/run.md | 6 ++--- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1bbc3585fd..8936bbe332 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -809,33 +809,33 @@ Run a command in a new container Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - -a, --attach=map[]: Attach to stdin, stdout or stderr + -a, --attach=[]: Attach to stdin, stdout or stderr. -c, --cpu-shares=0: CPU shares (relative weight) --cidfile="": Write the container ID to the file -d, --detach=false: Detached mode: Run container in the background, print new container id + --dns=[]: Set custom dns servers + --dns-search=[]: Set custom dns search domains -e, --env=[]: Set environment variables - --env-file="": Read in a line delimited file of ENV variables + --entrypoint="": Overwrite the default entrypoint of the image + --env-file=[]: Read in a line delimited file of ENV variables + --expose=[]: Expose a port from the container without publishing it to your host -h, --hostname="": Container host name -i, --interactive=false: Keep stdin open even if not attached - --privileged=false: Give extended privileges to this container + --link=[]: Add link to another container (name:alias) + --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -m, --memory="": Memory limit (format: , where unit = b, k, m or g) - -n, --networking=true: Enable networking for this container - -p, --publish=[]: Map a network port to the container + --name="": Assign a name to the container + --net="bridge": Set the Network mode for the container ('bridge': creates a new network stack for the container on the docker bridge, 'none': no networking for this container, 'container:': reuses another container network stack), 'host': use the host network stack inside the container + -P, --publish-all=false: Publish all exposed ports to the host interfaces + -p, --publish=[]: Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping) + --privileged=false: Give extended privileges to this container --rm=false: Automatically remove the container when it exits (incompatible with -d) + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) -t, --tty=false: Allocate a pseudo-tty -u, --user="": Username or UID - --dns=[]: Set custom dns servers for the container - --dns-search=[]: Set custom DNS search domains for the container - -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - --entrypoint="": Overwrite the default entrypoint set by the image + -v, --volume=[]: Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) + --volumes-from=[]: Mount volumes from the specified container(s) -w, --workdir="": Working directory inside the container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - --expose=[]: Expose a port from the container without publishing it to your host - --link="": Add link to another container (name:alias) - --name="": Assign the specified name to the container. If no name is specific docker will generate a random name - -P, --publish-all=false: Publish all exposed ports to the host interfaces The `docker run` command first `creates` a writeable container layer over the specified image, and then `starts` it using the specified command. That is, diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index b6cb0a08fe..b3415330fe 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -136,12 +136,12 @@ PID files): ## Network Settings - --dns=[] : Set custom dns servers for the container - --net=bridge : Set the network mode + --dns=[] : Set custom dns servers for the container + --net="bridge": Set the Network mode for the container ('bridge': creates a new network stack for the container on the docker bridge, 'none': no networking for this container, 'container:': reuses another container network stack), 'host': use the host network stack inside the container By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking -with `docker run -n` which disables all incoming and +with `docker run --net none` which disables all incoming and outgoing networking. In cases like this, you would perform I/O through files or STDIN/STDOUT only. From cbdde9c15a318c992eadf9a0b5ee7fb4d9facfbc Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 7 May 2014 09:40:49 +1000 Subject: [PATCH 0150/2538] update the docs to reflect the nice \n handling Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 60 +++++++++++++---------- docs/sources/reference/run.md | 5 ++ 2 files changed, 38 insertions(+), 27 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8936bbe332..8e0507cbf8 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -809,33 +809,39 @@ Run a command in a new container Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - -a, --attach=[]: Attach to stdin, stdout or stderr. - -c, --cpu-shares=0: CPU shares (relative weight) - --cidfile="": Write the container ID to the file - -d, --detach=false: Detached mode: Run container in the background, print new container id - --dns=[]: Set custom dns servers - --dns-search=[]: Set custom dns search domains - -e, --env=[]: Set environment variables - --entrypoint="": Overwrite the default entrypoint of the image - --env-file=[]: Read in a line delimited file of ENV variables - --expose=[]: Expose a port from the container without publishing it to your host - -h, --hostname="": Container host name - -i, --interactive=false: Keep stdin open even if not attached - --link=[]: Add link to another container (name:alias) - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -m, --memory="": Memory limit (format: , where unit = b, k, m or g) - --name="": Assign a name to the container - --net="bridge": Set the Network mode for the container ('bridge': creates a new network stack for the container on the docker bridge, 'none': no networking for this container, 'container:': reuses another container network stack), 'host': use the host network stack inside the container - -P, --publish-all=false: Publish all exposed ports to the host interfaces - -p, --publish=[]: Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping) - --privileged=false: Give extended privileges to this container - --rm=false: Automatically remove the container when it exits (incompatible with -d) - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -t, --tty=false: Allocate a pseudo-tty - -u, --user="": Username or UID - -v, --volume=[]: Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) - --volumes-from=[]: Mount volumes from the specified container(s) - -w, --workdir="": Working directory inside the container + -a, --attach=[] Attach to stdin, stdout or stderr. + -c, --cpu-shares=0 CPU shares (relative weight) + --cidfile="" Write the container ID to the file + -d, --detach=false Detached mode: Run container in the background, print new container id + --dns=[] Set custom dns servers + --dns-search=[] Set custom dns search domains + -e, --env=[] Set environment variables + --entrypoint="" Overwrite the default entrypoint of the image + --env-file=[] Read in a line delimited file of ENV variables + --expose=[] Expose a port from the container without publishing it to your host + -h, --hostname="" Container host name + -i, --interactive=false Keep stdin open even if not attached + --link=[] Add link to another container (name:alias) + --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + -m, --memory="" Memory limit (format: , where unit = b, k, m or g) + --name="" Assign a name to the container + --net="bridge" Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the contaner + -p, --publish=[] Publish a container's port to the host + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort + (use 'docker port' to see the actual mapping) + -P, --publish-all=false Publish all exposed ports to the host interfaces + --privileged=false Give extended privileges to this container + --rm=false Automatically remove the container when it exits (incompatible with -d) + --sig-proxy=true Proxify all received signal to the process (even in non-tty mode) + -t, --tty=false Allocate a pseudo-tty + -u, --user="" Username or UID + -v, --volume=[] Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) + --volumes-from=[] Mount volumes from the specified container(s) + -w, --workdir="" Working directory inside the container The `docker run` command first `creates` a writeable container layer over the specified image, and then `starts` it using the specified command. That is, diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index b3415330fe..09c2b642a1 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -138,6 +138,11 @@ PID files): --dns=[] : Set custom dns servers for the container --net="bridge": Set the Network mode for the container ('bridge': creates a new network stack for the container on the docker bridge, 'none': no networking for this container, 'container:': reuses another container network stack), 'host': use the host network stack inside the container + --net="bridge" Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the contaner By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking From 1af0c1584d577d36ab3dfe3c49e336409d7a30b6 Mon Sep 17 00:00:00 2001 From: Mason Malone Date: Thu, 8 May 2014 12:49:50 -0400 Subject: [PATCH 0151/2538] Fix link to daemon/execdriver/lxc/lxc_template.go --- docs/sources/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 09c2b642a1..0f72679ced 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -235,7 +235,7 @@ By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a "privileged" container is given access to all devices (see [lxc-template.go]( -https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go) +https://github.com/dotcloud/docker/blob/master/daemon/execdriver/lxc/lxc_template.go) and documentation on [cgroups devices]( https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). @@ -250,7 +250,7 @@ If the Docker daemon was started using the `lxc` exec-driver (`docker -d --exec-driver=lxc`) then the operator can also specify LXC options using one or more `--lxc-conf` parameters. These can be new parameters or override existing parameters from the [lxc-template.go]( -https://github.com/dotcloud/docker/blob/master/execdriver/lxc/lxc_template.go). +https://github.com/dotcloud/docker/blob/master/daemon/execdriver/lxc/lxc_template.go). Note that in the future, a given host's docker daemon may not use LXC, so this is an implementation-specific configuration meant for operators already familiar with using LXC directly. From 44841e361a20dca979e2032ce66b8eb07fd2d764 Mon Sep 17 00:00:00 2001 From: Max Shytikov Date: Fri, 9 May 2014 14:42:27 +0200 Subject: [PATCH 0152/2538] Added value format description for VOLUME instruction In the documentation was not mentioned explicitly that VOLUME value shoud be a valid JSON array. Because of this I spent time to discovering the problem with my image where I put `VOLUME ['/data']` (with single quotes). The `['/data']` mount point was parsed and mounted whole as a string without any errors and warnings. Docker-DCO-1.1-Signed-off-by: Max Shytikov (github: mshytikov) --- docs/sources/reference/builder.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 98e9e0f544..4c726aafa2 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -325,8 +325,9 @@ optional but default, you could use a CMD: The `VOLUME` instruction will create a mount point with the specified name and mark it as holding externally mounted volumes from native host or other -containers. For more information/examples and mounting instructions via docker -client, refer to [*Share Directories via Volumes*]( +containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain +string, `VOLUME /var/log`. For more information/examples and mounting +instructions via the Docker client, refer to [*Share Directories via Volumes*]( /use/working_with_volumes/#volume-def) documentation. ## USER From 875f5489c4987d75de3be2d2aee7bb60946c4a0f Mon Sep 17 00:00:00 2001 From: Jilles Oldenbeuving Date: Mon, 12 May 2014 20:35:18 +0200 Subject: [PATCH 0153/2538] Cleaned up Network settings overview --- docs/sources/reference/run.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 0f72679ced..a0be7c34db 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -136,9 +136,8 @@ PID files): ## Network Settings - --dns=[] : Set custom dns servers for the container - --net="bridge": Set the Network mode for the container ('bridge': creates a new network stack for the container on the docker bridge, 'none': no networking for this container, 'container:': reuses another container network stack), 'host': use the host network stack inside the container - --net="bridge" Set the Network mode for the container + --dns=[] : Set custom dns servers for the container + --net="bridge" : Set the Network mode for the container 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container 'container:': reuses another container network stack From 91667137f0d38ba803191967e306df234cad61ec Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 12 May 2014 17:44:57 -0700 Subject: [PATCH 0154/2538] Add cpuset cpus support for docker Docker-DCO-1.1-Signed-off-by: Michael Crosby (github: crosbymichael) --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8e0507cbf8..cfa0c284cf 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -811,6 +811,7 @@ Run a command in a new container -a, --attach=[] Attach to stdin, stdout or stderr. -c, --cpu-shares=0 CPU shares (relative weight) + --cpuset="" CPUs in which to allow execution (0-3, 0,1) --cidfile="" Write the container ID to the file -d, --detach=false Detached mode: Run container in the background, print new container id --dns=[] Set custom dns servers From 93ee19119bad7bb5b76f3fda4a49e9b35112db32 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Wed, 14 May 2014 10:22:55 +1000 Subject: [PATCH 0155/2538] Add a mention of 80 column lines and reflow the document to hide the evidence. Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/README.md | 100 ++++++++++++++++++++++++------------------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/docs/README.md b/docs/README.md index 47b390bda4..71ce548003 100755 --- a/docs/README.md +++ b/docs/README.md @@ -1,37 +1,35 @@ # Docker Documentation -The source for Docker documentation is here under `sources/` and uses -extended Markdown, as implemented by [mkdocs](http://mkdocs.org). +The source for Docker documentation is here under `sources/` and uses extended +Markdown, as implemented by [mkdocs](http://mkdocs.org). -The HTML files are built and hosted on `https://docs.docker.io`, and -update automatically after each change to the master or release branch -of [Docker on GitHub](https://github.com/dotcloud/docker) -thanks to post-commit hooks. The "docs" branch maps to the "latest" -documentation and the "master" (unreleased development) branch maps to -the "master" documentation. +The HTML files are built and hosted on `https://docs.docker.io`, and update +automatically after each change to the master or release branch of [Docker on +GitHub](https://github.com/dotcloud/docker) thanks to post-commit hooks. The +"docs" branch maps to the "latest" documentation and the "master" (unreleased +development) branch maps to the "master" documentation. ## Branches -**There are two branches related to editing docs**: `master` and a -`docs` branch. You should always edit documentation on a local branch -of the `master` branch, and send a PR against `master`. +**There are two branches related to editing docs**: `master` and a `docs` +branch. You should always edit documentation on a local branch of the `master` +branch, and send a PR against `master`. -That way your fixes will automatically get included in later releases, -and docs maintainers can easily cherry-pick your changes into the -`docs` release branch. In the rare case where your change is not -forward-compatible, you may need to base your changes on the `docs` -branch. +That way your fixes will automatically get included in later releases, and docs +maintainers can easily cherry-pick your changes into the `docs` release branch. +In the rare case where your change is not forward-compatible, you may need to +base your changes on the `docs` branch. Also, now that we have a `docs` branch, we can keep the -[http://docs.docker.io](http://docs.docker.io) docs up to date with any -bugs found between `docker` code releases. +[http://docs.docker.io](http://docs.docker.io) docs up to date with any bugs +found between `docker` code releases. **Warning**: When *reading* the docs, the -[http://beta-docs.docker.io](http://beta-docs.docker.io) documentation -may include features not yet part of any official docker release. The -`beta-docs` site should be used only for understanding bleeding-edge -development and `docs.docker.io` (which points to the `docs` -branch`) should be used for the latest official release. +[http://beta-docs.docker.io](http://beta-docs.docker.io) documentation may +include features not yet part of any official docker release. The `beta-docs` +site should be used only for understanding bleeding-edge development and +`docs.docker.io` (which points to the `docs` branch`) should be used for the +latest official release. ## Contributing @@ -41,59 +39,61 @@ branch`) should be used for the latest official release. ## Getting Started -Docker documentation builds are done in a Docker container, which -installs all the required tools, adds the local `docs/` directory and -builds the HTML docs. It then starts a HTTP server on port 8000 so that -you can connect and see your changes. +Docker documentation builds are done in a Docker container, which installs all +the required tools, adds the local `docs/` directory and builds the HTML docs. +It then starts a HTTP server on port 8000 so that you can connect and see your +changes. In the root of the `docker` source directory: make docs -If you have any issues you need to debug, you can use `make docs-shell` and -then run `mkdocs serve` +If you have any issues you need to debug, you can use `make docs-shell` and then +run `mkdocs serve` + +## Style guide + +The documentation is written with paragraphs wrapped at 80 colum lines to make +it easier for terminal use. ### Examples -When writing examples give the user hints by making them resemble what -they see in their shell: +When writing examples give the user hints by making them resemble what they see +in their shell: - Indent shell examples by 4 spaces so they get rendered as code. - Start typed commands with `$ ` (dollar space), so that they are easily -differentiated from program output. + differentiated from program output. - Program output has no prefix. - Comments begin with `# ` (hash space). - In-container shell commands begin with `$$ ` (dollar dollar space). ### Images -When you need to add images, try to make them as small as possible -(e.g. as gifs). Usually images should go in the same directory as the -`.md` file which references them, or in a subdirectory if one already -exists. +When you need to add images, try to make them as small as possible (e.g. as +gifs). Usually images should go in the same directory as the `.md` file which +references them, or in a subdirectory if one already exists. ## Working using GitHub's file editor -Alternatively, for small changes and typos you might want to use -GitHub's built in file editor. It allows you to preview your changes -right on-line (though there can be some differences between GitHub -Markdown and [MkDocs Markdown](http://www.mkdocs.org/user-guide/writing-your-docs/)). -Just be careful not to create many commits. And you must still -[sign your work!](../CONTRIBUTING.md#sign-your-work) +Alternatively, for small changes and typos you might want to use GitHub's built +in file editor. It allows you to preview your changes right on-line (though +there can be some differences between GitHub Markdown and [MkDocs +Markdown](http://www.mkdocs.org/user-guide/writing-your-docs/)). Just be +careful not to create many commits. And you must still [sign your +work!](../CONTRIBUTING.md#sign-your-work) ## Publishing Documentation -To publish a copy of the documentation you need a `docs/awsconfig` -file containing AWS settings to deploy to. The release script will +To publish a copy of the documentation you need a `docs/awsconfig` To make life +easier for file containing AWS settings to deploy to. The release script will create an s3 if needed, and will then push the files to it. - [profile dowideit-docs] - aws_access_key_id = IHOIUAHSIDH234rwf.... - aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... - region = ap-southeast-2 + [profile dowideit-docs] aws_access_key_id = IHOIUAHSIDH234rwf.... + aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... region = ap-southeast-2 -The `profile` name must be the same as the name of the bucket you are -deploying to - which you call from the `docker` directory: +The `profile` name must be the same as the name of the bucket you are deploying +to - which you call from the `docker` directory: make AWS_S3_BUCKET=dowideit-docs docs-release From a8f2402b87242471eb8ec9afc7520c6f29ad823c Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Wed, 14 May 2014 20:12:42 +0200 Subject: [PATCH 0156/2538] Minor fixups to the Docs README Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/README.md b/docs/README.md index 71ce548003..fa3c501087 100755 --- a/docs/README.md +++ b/docs/README.md @@ -1,12 +1,12 @@ # Docker Documentation The source for Docker documentation is here under `sources/` and uses extended -Markdown, as implemented by [mkdocs](http://mkdocs.org). +Markdown, as implemented by [MkDocs](http://mkdocs.org). The HTML files are built and hosted on `https://docs.docker.io`, and update automatically after each change to the master or release branch of [Docker on GitHub](https://github.com/dotcloud/docker) thanks to post-commit hooks. The -"docs" branch maps to the "latest" documentation and the "master" (unreleased +`docs` branch maps to the "latest" documentation and the `master` (unreleased development) branch maps to the "master" documentation. ## Branches @@ -22,11 +22,11 @@ base your changes on the `docs` branch. Also, now that we have a `docs` branch, we can keep the [http://docs.docker.io](http://docs.docker.io) docs up to date with any bugs -found between `docker` code releases. +found between Docker code releases. **Warning**: When *reading* the docs, the [http://beta-docs.docker.io](http://beta-docs.docker.io) documentation may -include features not yet part of any official docker release. The `beta-docs` +include features not yet part of any official Docker release. The `beta-docs` site should be used only for understanding bleeding-edge development and `docs.docker.io` (which points to the `docs` branch`) should be used for the latest official release. From 6a55530c56054e6861577e10353912702141ac20 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Tue, 13 May 2014 13:38:11 +1000 Subject: [PATCH 0157/2538] Add some more specific help for Dockerfile build contexts. I've copy and pasted the error message so its googlable. Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index cfa0c284cf..fcc2862b3d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -201,7 +201,8 @@ and a "context". The files at `PATH` or `URL` are called the "context" of the build. The build process may refer to any of the files in the context, for example when using an [*ADD*](/reference/builder/#dockerfile-add) instruction. When a single Dockerfile is -given as `URL`, then no context is set. +given as `URL` or is piped through STDIN (`docker build - < Dockerfile`), then +no context is set. When a Git repository is set as `URL`, then the repository is used as the context. The Git repository is cloned with its @@ -283,6 +284,13 @@ repository is used as Dockerfile. Note that you can specify an arbitrary Git repository by using the `git://` schema. +> **Note:** `docker build` will return a `no such file or directory` error +> if the file or directory does not exist in the uploaded context. This may +> happen if there is no context, or if you specify a file that is elsewhere +> on the Host system. The context is limited to the current directory (and its +> children) for security reasons, and to ensure repeatable builds on remote +> Docker hosts. This is also the reason why `ADD ../file` will not work. + ## commit Create a new image from a container᾿s changes From 4fe816bff28c1107e8ac8e26cc8f9e062b3ee321 Mon Sep 17 00:00:00 2001 From: unclejack Date: Thu, 15 May 2014 11:56:23 +0300 Subject: [PATCH 0158/2538] docs: explain when RUN cache gets invalidated This adds a few lines to the RUN Dockerfile docs to explain how to bypass the RUN caching and how ADD can also invalidate the cache for these instructions. Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) --- docs/sources/reference/builder.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 4c726aafa2..c3ba939550 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -131,6 +131,16 @@ any point in an image's history, much like source control. The *exec* form makes it possible to avoid shell string munging, and to `RUN` commands using a base image that does not contain `/bin/sh`. +The cache for `RUN` instructions isn't invalidated automatically during the +next build. The cache for an instruction like `RUN apt-get dist-upgrade -y` +will be reused during the next build. +The cache for `RUN` instructions can be invalidated by using the `--no-cache` +flag, for example `docker build --no-cache`. + +The first encountered `ADD` instruction will invalidate the cache for all +following instructions from the 'Dockerfile' if the contents of the context +have changed. This will also invalidate the cache for `RUN` instructions. + ### Known Issues (RUN) - [Issue 783](https://github.com/dotcloud/docker/issues/783) is about file From 043c294859c5afe4bd90fa6bceaa3e9c47858c24 Mon Sep 17 00:00:00 2001 From: Joel Handwell Date: Thu, 15 May 2014 10:50:59 -0400 Subject: [PATCH 0159/2538] changed deprecated option styles to supported ones -name and -rm to --name and --rm --- docs/sources/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index a0be7c34db..7587c70ba6 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -54,10 +54,10 @@ following options. - [Detached (-d)](#detached-d) - [Foreground](#foreground) - [Container Identification](#container-identification) - - [Name (–name)](#name-name) + - [Name (--name)](#name-name) - [PID Equivalent](#pid-equivalent) - [Network Settings](#network-settings) - - [Clean Up (–rm)](#clean-up-rm) + - [Clean Up (--rm)](#clean-up-rm) - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory) - [Runtime Privilege and LXC From 3901bf025d0f8d76a7dbc33976fd15151809a7ee Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Fri, 16 May 2014 09:30:46 +1000 Subject: [PATCH 0160/2538] Update the cli.md docs with the output of the docker command Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 341 +++++++++++----------- 1 file changed, 174 insertions(+), 167 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index fcc2862b3d..ec2ebf9a16 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -50,35 +50,38 @@ expect an integer, and they can only be specified once. ## daemon Usage of docker: + --api-enable-cors=false Enable CORS headers in the remote API + -b, --bridge="" Attach containers to a pre-existing network bridge + use 'none' to disable container networking + --bip="" Use this CIDR notation address for the network bridge's IP, not compatible with -b + -d, --daemon=false Enable daemon mode + -D, --debug=false Enable debug mode + --dns=[] Force docker to use specific DNS servers + --dns-search=[] Force Docker to use specific DNS search domains + -e, --exec-driver="native" Force the docker runtime to use a specific exec driver + -G, --group="docker" Group to assign the unix socket specified by -H when running in daemon mode + use '' (the empty string) to disable setting of a group + -g, --graph="/var/lib/docker" Path to use as the root of the docker runtime + -H, --host=[] The socket(s) to bind to in daemon mode + specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + --icc=true Enable inter-container communication + --ip="0.0.0.0" Default IP address to use when binding container ports + --ip-forward=true Enable net.ipv4.ip_forward + --iptables=true Enable Docker's addition of iptables rules + --mtu=0 Set the containers network MTU + if no value is provided: default to the default route MTU or 1500 if no default route is available + -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file + -r, --restart=true Restart previously running containers + -s, --storage-driver="" Force the docker runtime to use a specific storage driver + --selinux-enabled=false Enable selinux support + --tls=false Use TLS; implied by tls-verify flags + --tlscacert="/home/sven/.docker/ca.pem" Trust only remotes providing a certificate signed by the CA given here + --tlscert="/home/sven/.docker/cert.pem" Path to TLS certificate file + --tlskey="/home/sven/.docker/key.pem" Path to TLS key file + --tlsverify=false Use TLS and verify the remote (daemon: verify client, client: verify daemon) + -v, --version=false Print version information and quit - -D, --debug=false: Enable debug mode - -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. - -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group - --api-enable-cors=false: Enable CORS headers in the remote API - -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking - -bip="": Use this CIDR notation address for the network bridge᾿s IP, not compatible with -b - -d, --daemon=false: Enable daemon mode - --dns=[]: Force docker to use specific DNS servers - --dns-search=[]: Force Docker to use specific DNS search domains - --enable-selinux=false: Enable selinux support for running containers - -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime - --icc=true: Enable inter-container communication - --ip="0.0.0.0": Default IP address to use when binding container ports - --ip-forward=true: Enable net.ipv4.ip_forward - --iptables=true: Enable Docker᾿s addition of iptables rules - -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file - -r, --restart=true: Restart previously running containers - -s, --storage-driver="": Force the docker runtime to use a specific storage driver - -e, --exec-driver="native": Force the docker runtime to use a specific exec driver - -v, --version=false: Print version information and quit - --tls=false: Use TLS; implied by tls-verify flags - --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here - --tlscert="~/.docker/cert.pem": Path to TLS certificate file - --tlskey="~/.docker/key.pem": Path to TLS key file - --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) - --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available - - Options with [] may be specified multiple times. +Options with [] may be specified multiple times. The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the @@ -126,12 +129,12 @@ like this: ## attach -Attach to a running container. + Usage: docker attach [OPTIONS] CONTAINER - Usage: docker attach CONTAINER + Attach to a running container - --no-stdin=false: Do not attach stdin - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + --no-stdin=false Do not attach stdin + --sig-proxy=true Proxify all received signal to the process (even in non-tty mode) The `attach` command will allow you to view or interact with any running container, detached (`-d`) @@ -185,15 +188,14 @@ To kill the container, use `docker kill`. ## build -Build a new container image from the source code at PATH - Usage: docker build [OPTIONS] PATH | URL | - - -t, --tag="": Repository name (and optionally a tag) to be applied - to the resulting image in case of success. - -q, --quiet=false: Suppress the verbose output generated by the containers. - --no-cache: Do not use the cache when building the image. - --rm=true: Remove intermediate containers after a successful build + Build a new container image from the source code at PATH + + --no-cache=false Do not use cache when building the image + -q, --quiet=false Suppress the verbose output generated by the containers + --rm=true Remove intermediate containers after a successful build + -t, --tag="" Repository name (and optionally a tag) to be applied to the resulting image in case of success Use this command to build Docker images from a Dockerfile and a "context". @@ -293,12 +295,12 @@ schema. ## commit -Create a new image from a container᾿s changes - Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - -m, --message="": Commit message - -a, --author="": Author (eg. "John Hannibal Smith " + Create a new image from a container's changes + + -a, --author="" Author (eg. "John Hannibal Smith " + -m, --message="" Commit message It can be useful to commit a container's file changes or settings into a new image. This allows you debug a container by running an interactive @@ -325,8 +327,7 @@ path. Paths are relative to the root of the filesystem. Usage: docker cp CONTAINER:PATH HOSTPATH - $ sudo docker cp 7bb0e258aefe:/etc/debian_version . - $ sudo docker cp blue_frog:/etc/hosts . + Copy files/folders from the PATH to the HOSTPATH ## diff @@ -334,6 +335,8 @@ List the changed files and directories in a container᾿s filesystem Usage: docker diff CONTAINER + Inspect changes on a container's filesystem + There are 3 events that are listed in the `diff`: 1. `A` - Add @@ -358,14 +361,12 @@ For example: ## events -Get real time events from the server + Usage: docker events [OPTIONS] - Usage: docker events + Get real time events from the server - --since="": Show all events created since timestamp - (either seconds since epoch, or date string as below) - --until="": Show events created before timestamp - (either seconds since epoch, or date string as below) + --since="" Show all events created since timestamp + --until="" Stream events until this timestamp ### Examples @@ -403,22 +404,22 @@ You'll need two shells for this example. ## export -Export the contents of a filesystem as a tar archive to STDOUT - Usage: docker export CONTAINER + Export the contents of a filesystem as a tar archive to STDOUT + For example: $ sudo docker export red_panda > latest.tar ## history -Show the history of an image - Usage: docker history [OPTIONS] IMAGE - --no-trunc=false: Don᾿t truncate output - -q, --quiet=false: Only show numeric IDs + Show the history of an image + + --no-trunc=false Don't truncate output + -q, --quiet=false Only show numeric IDs To see how the `docker:latest` image was built: @@ -433,13 +434,13 @@ To see how the `docker:latest` image was built: ## images -List images - Usage: docker images [OPTIONS] [NAME] - -a, --all=false: Show all images (by default filter out the intermediate image layers) - --no-trunc=false: Don᾿t truncate output - -q, --quiet=false: Only show numeric IDs + List images + + -a, --all=false Show all images (by default filter out the intermediate image layers) + --no-trunc=false Don't truncate output + -q, --quiet=false Only show numeric IDs The default `docker images` will show all top level images, their repository and tags, and their virtual size. @@ -481,8 +482,7 @@ by default. Usage: docker import URL|- [REPOSITORY[:TAG]] - Create an empty filesystem image and import the contents of the tarball - (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. URLs must start with `http` and point to a single file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a @@ -515,10 +515,12 @@ tar, then the ownerships might not get preserved. ## info -Display system-wide information. - Usage: docker info + Display system-wide information + +For example: + $ sudo docker info Containers: 292 Images: 194 @@ -536,11 +538,11 @@ ensure we know how your setup is configured. ## inspect -Return low-level information on a container/image - Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] - -f, --format="": Format the output using the given go template. + Return low-level information on a container/image + + -f, --format="" Format the output using the given go template. By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. @@ -590,11 +592,11 @@ contains complex json object, so to grab it as JSON, you use ## kill -Kill a running container (send SIGKILL, or specified signal) - Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - -s, --signal="KILL": Signal to send to the container + Kill a running container (send SIGKILL, or specified signal) + + -s, --signal="KILL" Signal to send to the container The main process inside the container will be sent SIGKILL, or any signal specified with option `--signal`. @@ -610,11 +612,11 @@ signal specified with option `--signal`. ## load -Load an image from a tar archive on STDIN - Usage: docker load - -i, --input="": Read from a tar archive file, instead of STDIN + Load an image from a tar archive on STDIN + + -i, --input="" Read from a tar archive file, instead of STDIN Loads a tarred repository from a file or the standard input stream. Restores both images and tags. @@ -636,13 +638,13 @@ Restores both images and tags. ## login -Register or Login to the docker registry server - Usage: docker login [OPTIONS] [SERVER] - -e, --email="": Email - -p, --password="": Password - -u, --username="": Username + Register or Login to a docker registry server, if no server is specified "https://index.docker.io/v1/" is the default. + + -e, --email="" Email + -p, --password="" Password + -u, --username="" Username If you want to login to a private registry you can specify this by adding the server name. @@ -652,12 +654,12 @@ specify this by adding the server name. ## logs -Fetch the logs of a container + Usage: docker logs CONTAINER - Usage: docker logs [OPTIONS] CONTAINER + Fetch the logs of a container - -f, --follow=false: Follow log output - -t, --timestamps=false: Show timestamps + -f, --follow=false Follow log output + -t, --timestamps=false Show timestamps The `docker logs` command batch-retrieves all logs present at the time of execution. @@ -668,24 +670,24 @@ and stderr. ## port - Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT + Usage: docker port CONTAINER PRIVATE_PORT -Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + Lookup the public-facing port which is NAT-ed to PRIVATE_PORT ## ps -List containers - Usage: docker ps [OPTIONS] - -a, --all=false: Show all containers. Only running containers are shown by default. - --before="": Show only container created before Id or Name, include non-running ones. - -l, --latest=false: Show only the latest created container, include non-running ones. - -n=-1: Show n last created containers, include non-running ones. - --no-trunc=false: Don᾿t truncate output - -q, --quiet=false: Only display numeric IDs - -s, --size=false: Display sizes, not to be used with -q - --since="": Show only containers created since Id or Name, include non-running ones. + List containers + + -a, --all=false Show all containers. Only running containers are shown by default. + --before="" Show only container created before Id or Name, include non-running ones. + -l, --latest=false Show only the latest created container, include non-running ones. + -n=-1 Show n last created containers, include non-running ones. + --no-trunc=false Don't truncate output + -q, --quiet=false Only display numeric IDs + -s, --size=false Display sizes + --since="" Show only containers created since Id or Name, include non-running ones. Running `docker ps` showing 2 linked containers. @@ -699,10 +701,10 @@ Running `docker ps` showing 2 linked containers. ## pull -Pull an image or a repository from the registry - Usage: docker pull NAME[:TAG] + Pull an image or a repository from the registry + Most of your images will be created on top of a base image from the [Docker.io](https://index.docker.io) registry. @@ -721,30 +723,30 @@ use `docker pull`: ## push -Push an image or a repository to the registry - Usage: docker push NAME[:TAG] + Push an image or a repository to the registry + Use `docker push` to share your images on public or private registries. ## restart -Restart a running container + Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...] - Usage: docker restart [OPTIONS] NAME + Restart a running container - -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 + -t, --time=10 Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 ## rm -Remove one or more containers + Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...] - Usage: docker rm [OPTIONS] CONTAINER + Remove one or more containers - -l, --link="": Remove the link instead of the actual container - -f, --force=false: Force removal of running container - -v, --volumes=false: Remove the volumes associated to the container + -f, --force=false Force removal of running container + -l, --link=false Remove the specified link and not the underlying container + -v, --volumes=false Remove the volumes associated to the container ### Known Issues (rm) @@ -776,12 +778,12 @@ delete them. Any running containers will not be deleted. ## rmi -Remove one or more images - Usage: docker rmi IMAGE [IMAGE...] - -f, --force=false: Force - --no-prune=false: Do not delete untagged parents + Remove one or more images + + -f, --force=false Force + --no-prune=false Do not delete untagged parents ### Removing tagged images @@ -813,44 +815,43 @@ removed before the image is removed. ## run -Run a command in a new container + Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] - Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + Run a command in a new container - -a, --attach=[] Attach to stdin, stdout or stderr. - -c, --cpu-shares=0 CPU shares (relative weight) - --cpuset="" CPUs in which to allow execution (0-3, 0,1) - --cidfile="" Write the container ID to the file - -d, --detach=false Detached mode: Run container in the background, print new container id - --dns=[] Set custom dns servers - --dns-search=[] Set custom dns search domains - -e, --env=[] Set environment variables - --entrypoint="" Overwrite the default entrypoint of the image - --env-file=[] Read in a line delimited file of ENV variables - --expose=[] Expose a port from the container without publishing it to your host - -h, --hostname="" Container host name - -i, --interactive=false Keep stdin open even if not attached - --link=[] Add link to another container (name:alias) - --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -m, --memory="" Memory limit (format: , where unit = b, k, m or g) - --name="" Assign a name to the container - --net="bridge" Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the contaner - -p, --publish=[] Publish a container's port to the host - format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort - (use 'docker port' to see the actual mapping) - -P, --publish-all=false Publish all exposed ports to the host interfaces - --privileged=false Give extended privileges to this container - --rm=false Automatically remove the container when it exits (incompatible with -d) - --sig-proxy=true Proxify all received signal to the process (even in non-tty mode) - -t, --tty=false Allocate a pseudo-tty - -u, --user="" Username or UID - -v, --volume=[] Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) - --volumes-from=[] Mount volumes from the specified container(s) - -w, --workdir="" Working directory inside the container + -a, --attach=[] Attach to stdin, stdout or stderr. + -c, --cpu-shares=0 CPU shares (relative weight) + --cidfile="" Write the container ID to the file + -d, --detach=false Detached mode: Run container in the background, print new container id + --dns=[] Set custom dns servers + --dns-search=[] Set custom dns search domains + -e, --env=[] Set environment variables + --entrypoint="" Overwrite the default entrypoint of the image + --env-file=[] Read in a line delimited file of ENV variables + --expose=[] Expose a port from the container without publishing it to your host + -h, --hostname="" Container host name + -i, --interactive=false Keep stdin open even if not attached + --link=[] Add link to another container (name:alias) + --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + -m, --memory="" Memory limit (format: , where unit = b, k, m or g) + --name="" Assign a name to the container + --net="bridge" Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the contaner + -p, --publish=[] Publish a container's port to the host + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort + (use 'docker port' to see the actual mapping) + -P, --publish-all=false Publish all exposed ports to the host interfaces + --privileged=false Give extended privileges to this container + --rm=false Automatically remove the container when it exits (incompatible with -d) + --sig-proxy=true Proxify all received signal to the process (even in non-tty mode) + -t, --tty=false Allocate a pseudo-tty + -u, --user="" Username or UID + -v, --volume=[] Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) + --volumes-from=[] Mount volumes from the specified container(s) + -w, --workdir="" Working directory inside the container The `docker run` command first `creates` a writeable container layer over the specified image, and then `starts` it using the specified command. That is, @@ -1061,11 +1062,11 @@ application change: ## save -Save an image to a tar archive (streamed to stdout by default) - Usage: docker save IMAGE - -o, --output="": Write to an file, instead of STDOUT + Save an image to a tar archive (streamed to stdout by default) + + -o, --output="" Write to an file, instead of STDOUT Produces a tarred repository to the standard output stream. Contains all parent layers, and all tags + versions, or specified repo:tag. @@ -1088,9 +1089,11 @@ Search [Docker.io](https://index.docker.io) for images Usage: docker search TERM - --no-trunc=false: Don᾿t truncate output - -s, --stars=0: Only displays with at least xxx stars - -t, --trusted=false: Only show trusted builds + Search the docker index for images + + --no-trunc=false Don't truncate output + -s, --stars=0 Only displays with at least xxx stars + -t, --trusted=false Only show trusted builds See [*Find Public Images on Docker.io*]( /use/workingwithrepository/#find-public-images-on-dockerio) for @@ -1098,31 +1101,31 @@ more details on finding shared images from the commandline. ## start -Start a stopped container + Usage: docker start CONTAINER [CONTAINER...] - Usage: docker start [OPTIONS] CONTAINER + Restart a stopped container - -a, --attach=false: Attach container᾿s stdout/stderr and forward all signals to the process - -i, --interactive=false: Attach container᾿s stdin + -a, --attach=false Attach container's stdout/stderr and forward all signals to the process + -i, --interactive=false Attach container's stdin ## stop -Stop a running container (Send SIGTERM, and then SIGKILL after grace period) - Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - -t, --time=10: Number of seconds to wait for the container to stop before killing it. + Stop a running container (Send SIGTERM, and then SIGKILL after grace period) + + -t, --time=10 Number of seconds to wait for the container to stop before killing it. The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL ## tag -Tag an image into a repository - Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] - -f, --force=false: Force + Tag an image into a repository + + -f, --force=false Force You can group your images together using names and tags, and then upload them to [*Share Images via Repositories*]( @@ -1132,15 +1135,19 @@ them to [*Share Images via Repositories*]( Usage: docker top CONTAINER [ps OPTIONS] -Lookup the running processes of a container + Lookup the running processes of a container ## version + Usage: docker version + + Show the docker version information. + Show the version of the Docker client, daemon, and latest released version. ## wait - Usage: docker wait [OPTIONS] NAME + Usage: docker wait CONTAINER [CONTAINER...] -Block until a container stops, then print its exit code. + Block until a container stops, then print its exit code. From 1f30fd9bdb7063b86cbb5e67f6bda6ed3ecff021 Mon Sep 17 00:00:00 2001 From: Steven Burgess Date: Thu, 15 May 2014 22:23:03 -0400 Subject: [PATCH 0161/2538] Refactor b.tar -> busybox.tar The file was saved as busybox.tar, but the ls commands named it b.tar. Docker-DCO-1.1-Signed-off-by: Steven Burgess (github: stevenburgess) --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ec2ebf9a16..40abfe45a2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1075,11 +1075,11 @@ It is used to create a backup that can then be used with `docker load` $ sudo docker save busybox > busybox.tar - $ ls -sh b.tar - 2.7M b.tar + $ ls -sh busybox.tar + 2.7M busybox.tar $ sudo docker save --output busybox.tar busybox - $ ls -sh b.tar - 2.7M b.tar + $ ls -sh busybox.tar + 2.7M busybox.tar $ sudo docker save -o fedora-all.tar fedora $ sudo docker save -o fedora-latest.tar fedora:latest From 2477e562437d7dc9ddc184ca264539efc6a901b5 Mon Sep 17 00:00:00 2001 From: Alexandr Morozov Date: Sat, 17 May 2014 22:43:31 +0400 Subject: [PATCH 0162/2538] Check uid ranges Fixes #5647 Docker-DCO-1.1-Signed-off-by: Alexandr Morozov (github: LK4D4) --- docs/sources/reference/run.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 7587c70ba6..aa3d941b13 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -439,6 +439,8 @@ but the operator can override it: -u="": Username or UID +> **Note:** if you pass numeric uid, it must be in range 0-2147483647. + ## WORKDIR The default working directory for running binaries within a container is the From ef717d2e76d99e53f343ca0be44ce2826ae0b948 Mon Sep 17 00:00:00 2001 From: Jonathan McCrohan Date: Tue, 20 May 2014 01:40:44 +0100 Subject: [PATCH 0163/2538] docs: cli.md; document docker version output Commit 3cec63d56f9de6332aa3f33502695283d4feb054 changed the output of docker version. Updating docs accordingly. Docker-DCO-1.1-Signed-off-by: Jonathan McCrohan (github: jmccrohan) --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 40abfe45a2..da9f49583b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1143,8 +1143,8 @@ them to [*Share Images via Repositories*]( Show the docker version information. -Show the version of the Docker client, daemon, and latest released -version. +Show the Docker version, API version, Git commit, and Go version of +both Docker client and daemon. ## wait From 8ee2a06dcf8b8b48d7be75884e154b232229af9e Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 20 May 2014 13:39:46 -0700 Subject: [PATCH 0164/2538] remove chmod 755: fixes #5941 Docker-DCO-1.1-Signed-off-by: Tibor Vass (github: tiborvass) --- docs/sources/reference/builder.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index c3ba939550..cd7f4eff81 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -235,7 +235,9 @@ being built (also called the *context* of the build) or a remote file URL. `` is the absolute path to which the source will be copied inside the destination container. -All new files and directories are created with mode 0755, uid and gid 0. +All new files and directories are created with a uid and gid of 0. + +In the case where `` is a remote file URL, the destination will have permissions 600. > **Note**: > If you build using STDIN (`docker build - < somefile`), there is no From 1c4a18d8bf3659500f27716ba61abd7776f0bfcb Mon Sep 17 00:00:00 2001 From: unclejack Date: Fri, 16 May 2014 14:47:33 +0300 Subject: [PATCH 0165/2538] bump remote api to 1.12 & add --force-rm to build This adds a `--force-rm` flag to docker build which makes the Docker daemon clean up all containers, even when the build has failed. This new flag requires that we bump the remote API, so we also bump the remote API version. Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index da9f49583b..2a1be89086 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -192,6 +192,7 @@ To kill the container, use `docker kill`. Build a new container image from the source code at PATH + --force-rm=false Always remove intermediate containers, even after unsuccessful builds --no-cache=false Do not use cache when building the image -q, --quiet=false Suppress the verbose output generated by the containers --rm=true Remove intermediate containers after a successful build From 7f3fe5c01e9805c6098356c1dba5881eca69170a Mon Sep 17 00:00:00 2001 From: Johan Euphrosine Date: Fri, 23 May 2014 17:16:56 -0700 Subject: [PATCH 0166/2538] docs/reference/builder: fix USER doc Docker-DCO-1.1-Signed-off-by: Johan Euphrosine (github: proppy) --- docs/sources/reference/builder.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index cd7f4eff81..6a4ae4ad25 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -346,7 +346,8 @@ instructions via the Docker client, refer to [*Share Directories via Volumes*]( USER daemon -The `USER` instruction sets the username or UID to use when running the image. +The `USER` instruction sets the username or UID to use when running the image +and for any following `RUN` directives. ## WORKDIR From 62f9cc3deea068bc5b92e21ec76d7feaf8492df8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Petazzoni?= Date: Tue, 27 May 2014 18:57:25 -0700 Subject: [PATCH 0167/2538] Replace 'private' with 'self-hosted' in a couple of places MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Docker-DCO-1.1-Signed-off-by: Jérôme Petazzoni (github: jpetazzo) --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2a1be89086..e0c5eb1069 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -212,7 +212,7 @@ repository is used as the context. The Git repository is cloned with its submodules (git clone –recursive). A fresh git clone occurs in a temporary directory on your local host, and then this is sent to the Docker daemon as the context. This way, your local user credentials and -vpn's etc can be used to access private repositories +vpn's etc can be used to access private repositories. See also: @@ -647,7 +647,7 @@ Restores both images and tags. -p, --password="" Password -u, --username="" Username -If you want to login to a private registry you can +If you want to login to a self-hosted registry you can specify this by adding the server name. example: @@ -728,8 +728,8 @@ use `docker pull`: Push an image or a repository to the registry -Use `docker push` to share your images on public or -private registries. +Use `docker push` to share your images to the [Docker.io](https://index.docker.io) +registry or to a self-hosted one. ## restart From 311bc46669d0706920766ed0fe6528ff82fd954d Mon Sep 17 00:00:00 2001 From: Robin Speekenbrink Date: Thu, 8 May 2014 15:11:17 +0200 Subject: [PATCH 0168/2538] updated documentation for mentioning images vs containers Docker-DCO-1.1-Signed-off-by: Robin Speekenbrink (github: fruitl00p) rebased by Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index e3bb72aebe..7ea478d051 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -71,7 +71,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container" # build -complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build a container from a Dockerfile' +complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build an image from a Dockerfile' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the verbose output generated by the containers' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build' diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e0c5eb1069..8325bc794f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -190,7 +190,7 @@ To kill the container, use `docker kill`. Usage: docker build [OPTIONS] PATH | URL | - - Build a new container image from the source code at PATH + Build a new image from the source code at PATH --force-rm=false Always remove intermediate containers, even after unsuccessful builds --no-cache=false Do not use cache when building the image From 5f1114d9550df4d54d31e9340bef07b2f315fcc6 Mon Sep 17 00:00:00 2001 From: unclejack Date: Wed, 28 May 2014 20:53:16 +0300 Subject: [PATCH 0169/2538] add support for COPY to docker build This adds a COPY command to docker build which works like ADD, but is only for local files and it doesn't extract files. Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) --- docs/sources/reference/builder.md | 40 +++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 6a4ae4ad25..235d92e1b7 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -290,6 +290,46 @@ The copy obeys the following rules: - If `` doesn't exist, it is created along with all missing directories in its path. +## COPY + + COPY + +The `COPY` instruction will copy new files from `` and add them to the +container's filesystem at path ``. + +`` must be the path to a file or directory relative to the source directory +being built (also called the *context* of the build). + +`` is the absolute path to which the source will be copied inside the +destination container. + +All new files and directories are created with a uid and gid of 0. + +> **Note**: +> If you build using STDIN (`docker build - < somefile`), there is no +> build context, so `COPY` can't be used. + +The copy obeys the following rules: + +- The `` path must be inside the *context* of the build; + you cannot `COPY ../something /something`, because the first step of a + `docker build` is to send the context directory (and subdirectories) to the + docker daemon. + +- If `` is a directory, the entire directory is copied, including + filesystem metadata. + +- If `` is any other kind of file, it is copied individually along with + its metadata. In this case, if `` ends with a trailing slash `/`, it + will be considered a directory and the contents of `` will be written + at `/base()`. + +- If `` does not end with a trailing slash, it will be considered a + regular file and the contents of `` will be written at ``. + +- If `` doesn't exist, it is created along with all missing directories + in its path. + ## ENTRYPOINT ENTRYPOINT has two forms: From 74a03f6def9eb3af4df7401002731604ce55dd1f Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Thu, 22 May 2014 07:05:19 +1000 Subject: [PATCH 0170/2538] Adding User Guide * Added User Guide section outlines. * Added User Guide to menu. * Moved HTTPS example to articles. * Replaced Hello World example with User Guide. * Moved use cases out of examples. * Updated Introduction to add User Guide. * Redirected migrated /use and /articles links. * Added Docker.io section * Added Dockerized section * Added Using Docker section * Added Docker Images section * Added Docker Links section * Added Docker Volumes section Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/builder.md | 12 ++++----- docs/sources/reference/commandline/cli.md | 33 ++++++++--------------- docs/sources/reference/run.md | 24 +++++++---------- 3 files changed, 26 insertions(+), 43 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 235d92e1b7..10973665b1 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -57,7 +57,7 @@ accelerating `docker build` significantly (indicated by `Using cache`): When you're done with your build, you're ready to look into [*Pushing a repository to its registry*]( -/use/workingwithrepository/#image-push). +/userguide/dockerrepos/#image-push). ## Format @@ -95,7 +95,7 @@ The `FROM` instruction sets the [*Base Image*](/terms/image/#base-image-def) for subsequent instructions. As such, a valid Dockerfile must have `FROM` as its first instruction. The image can be any valid image – it is especially easy to start by **pulling an image** from the [*Public Repositories*]( -/use/workingwithrepository/#using-public-repositories). +/userguide/dockerrepos/#using-public-repositories). `FROM` must be the first non-comment instruction in the Dockerfile. @@ -200,10 +200,8 @@ default specified in CMD. The `EXPOSE` instructions informs Docker that the container will listen on the specified network ports at runtime. Docker uses this information to interconnect -containers using links (see -[*links*](/use/working_with_links_names/#working-with-links-names)), -and to setup port redirection on the host system (see [*Redirect Ports*]( -/use/port_redirection/#port-redirection)). +containers using links (see the [Docker User +Guide](/userguide/dockerlinks)). ## ENV @@ -380,7 +378,7 @@ and mark it as holding externally mounted volumes from native host or other containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain string, `VOLUME /var/log`. For more information/examples and mounting instructions via the Docker client, refer to [*Share Directories via Volumes*]( -/use/working_with_volumes/#volume-def) documentation. +/userguide/dockervolumes/#volume-def) documentation. ## USER diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8325bc794f..f2e370ace5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -602,15 +602,6 @@ contains complex json object, so to grab it as JSON, you use The main process inside the container will be sent SIGKILL, or any signal specified with option `--signal`. -### Known Issues (kill) - -- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates - that `docker kill` may leave directories behind - and make it difficult to remove the container. -- [Issue 3844](https://github.com/dotcloud/docker/issues/3844) lxc - 1.0.0 beta3 removed `lcx-kill` which is used by - Docker versions before 0.8.0; see the issue for a workaround. - ## load Usage: docker load @@ -864,11 +855,9 @@ of all containers. The `docker run` command can be used in combination with `docker commit` to [*change the command that a container runs*](#commit-an-existing-container). -See [*Redirect Ports*](/use/port_redirection/#port-redirection) -for more detailed information about the `--expose`, `-p`, `-P` and `--link` -parameters, and [*Link Containers*]( -/use/working_with_links_names/#working-with-links-names) for specific -examples using `--link`. +See the [Docker User Guide](/userguide/dockerlinks/) for more detailed +information about the `--expose`, `-p`, `-P` and `--link` parameters, +and linking containers. ### Known Issues (run –volumes-from) @@ -934,16 +923,16 @@ manipulate the host's docker daemon. $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash -This binds port `8080` of the container to port `80` on `127.0.0.1` of the host -machine. [*Redirect Ports*](/use/port_redirection/#port-redirection) +This binds port `8080` of the container to port `80` on `127.0.0.1` of +the host machine. The [Docker User Guide](/userguide/dockerlinks/) explains in detail how to manipulate ports in Docker. $ sudo docker run --expose 80 ubuntu bash -This exposes port `80` of the container for use within a link without publishing -the port to the host system's interfaces. [*Redirect Ports*]( -/use/port_redirection/#port-redirection) explains in detail how to -manipulate ports in Docker. +This exposes port `80` of the container for use within a link without +publishing the port to the host system's interfaces. The [Docker User +Guide](/userguide/dockerlinks) explains in detail how to manipulate +ports in Docker. $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash @@ -1097,7 +1086,7 @@ Search [Docker.io](https://index.docker.io) for images -t, --trusted=false Only show trusted builds See [*Find Public Images on Docker.io*]( -/use/workingwithrepository/#find-public-images-on-dockerio) for +/userguide/dockerrepos/#find-public-images-on-dockerio) for more details on finding shared images from the commandline. ## start @@ -1130,7 +1119,7 @@ grace period, SIGKILL You can group your images together using names and tags, and then upload them to [*Share Images via Repositories*]( -/use/workingwithrepository/#working-with-the-repository). +/userguide/dockerrepos/#working-with-the-repository). ## top diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index aa3d941b13..7d5fcbc51f 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -11,21 +11,17 @@ The [*Image*](/terms/image/#image-def) which starts the process may define defaults related to the binary to run, the networking to expose, and more, but `docker run` gives final control to the operator who starts the container from the image. That's the main -reason [*run*](/commandline/cli/#cli-run) has more options than any +reason [*run*](/reference/commandline/cli/#cli-run) has more options than any other `docker` command. -Every one of the [*Examples*](/examples/#example-list) shows -running containers, and so here we try to give more in-depth guidance. - ## General Form -As you`ve seen in the [*Examples*](/examples/#example-list), the -basic run command takes this form: +The basic `docker run` command takes this form: $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] To learn how to interpret the types of `[OPTIONS]`, -see [*Option types*](/commandline/cli/#cli-options). +see [*Option types*](/reference/commandline/cli/#cli-options). The list of `[OPTIONS]` breaks down into two groups: @@ -75,9 +71,9 @@ default foreground mode: In detached mode (`-d=true` or just `-d`), all I/O should be done through network connections or shared volumes because the container is -no longer listening to the commandline where you executed `docker run`. +no longer listening to the command line where you executed `docker run`. You can reattach to a detached container with `docker` -[*attach*](commandline/cli/#attach). If you choose to run a +[*attach*](/reference/commandline/cli/#attach). If you choose to run a container in the detached mode, then you cannot use the `--rm` option. ### Foreground @@ -85,7 +81,7 @@ container in the detached mode, then you cannot use the `--rm` option. In foreground mode (the default when `-d` is not specified), `docker run` can start the process in the container and attach the console to the process's standard input, output, and standard error. It can even pretend to be a TTY -(this is what most commandline executables expect) and pass along signals. All +(this is what most command line executables expect) and pass along signals. All of that is configurable: -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` @@ -121,11 +117,11 @@ assign a name to the container with `--name` then the daemon will also generate a random string name too. The name can become a handy way to add meaning to a container since you can use this name when defining -[*links*](/use/working_with_links_names/#working-with-links-names) +[*links*](/userguide/dockerlinks/#working-with-links-names) (or any other place you need to identify a container). This works for both background and foreground Docker containers. -### PID Equivalent +### PID Equivalent And finally, to help with automation, you can have Docker write the container ID out to a file of your choosing. This is similar to how some @@ -256,7 +252,7 @@ familiar with using LXC directly. ## Overriding Dockerfile Image Defaults -When a developer builds an image from a [*Dockerfile*](builder/#dockerbuilder) +When a developer builds an image from a [*Dockerfile*](/reference/builder/#dockerbuilder) or when she commits it, the developer can set a number of default parameters that take effect when the image starts up as a container. @@ -425,7 +421,7 @@ mechanism to communicate with a linked container by its alias: --volumes-from="": Mount all volumes from the given container(s) The volumes commands are complex enough to have their own documentation in -section [*Share Directories via Volumes*](/use/working_with_volumes/#volume-def). +section [*Share Directories via Volumes*](/userguide/dockervolumes/#volume-def). A developer can define one or more `VOLUME's associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). From 1d715defb8bf7e0caaf5fd5513831c93ba7ae3a3 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Wed, 26 Feb 2014 17:04:11 -0500 Subject: [PATCH 0171/2538] filters, for images: start with untagged/tagged boolean This is a new feature and flag. (replaces the suggestion of a flag for --untagged images). The concept is to have a syntax to filter. This begins with this filtering for the 'images' subcommand, and at that only filtering for whether images are untagged. example like: docker rmi $(docker images -q --filter 'untagged=true') Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 1499 ++++++++++++++++++++ 1 file changed, 1499 insertions(+) create mode 100644 docs/sources/reference/commandline/cli.rst diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst new file mode 100644 index 0000000000..6af6a85c87 --- /dev/null +++ b/docs/sources/reference/commandline/cli.rst @@ -0,0 +1,1499 @@ +:title: Command Line Interface +:description: Docker's CLI command description and usage +:keywords: Docker, Docker documentation, CLI, command line + +.. _cli: + +Command Line Help +----------------- + +To list available commands, either run ``docker`` with no parameters or execute +``docker help``:: + + $ sudo docker + Usage: docker [OPTIONS] COMMAND [arg...] + -H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used. + + A self-sufficient runtime for linux containers. + + ... + +.. _cli_options: + +Options +------- + +Single character commandline options can be combined, so rather than typing +``docker run -t -i --name test busybox sh``, you can write +``docker run -ti --name test busybox sh``. + +Boolean +~~~~~~~ + +Boolean options look like ``-d=false``. The value you see is the +default value which gets set if you do **not** use the boolean +flag. If you do call ``run -d``, that sets the opposite boolean value, +so in this case, ``true``, and so ``docker run -d`` **will** run in +"detached" mode, in the background. Other boolean options are similar +-- specifying them will set the value to the opposite of the default +value. + +Multi +~~~~~ + +Options like ``-a=[]`` indicate they can be specified multiple times:: + + docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash + +Sometimes this can use a more complex value string, as for ``-v``:: + + docker run -v /host:/container example/mysql + +Strings and Integers +~~~~~~~~~~~~~~~~~~~~ + +Options like ``--name=""`` expect a string, and they can only be +specified once. Options like ``-c=0`` expect an integer, and they can +only be specified once. + +---- + +Commands +-------- + +.. _cli_daemon: + +``daemon`` +---------- + +:: + + Usage of docker: + -D, --debug=false: Enable debug mode + -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. + -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group + --api-enable-cors=false: Enable CORS headers in the remote API + -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking + --bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b + -d, --daemon=false: Enable daemon mode + --dns=[]: Force docker to use specific DNS servers + --dns-search=[]: Force Docker to use specific DNS search domains + -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime + --icc=true: Enable inter-container communication + --ip="0.0.0.0": Default IP address to use when binding container ports + --ip-forward=true: Enable net.ipv4.ip_forward + --iptables=true: Enable Docker's addition of iptables rules + -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file + -r, --restart=true: Restart previously running containers + -s, --storage-driver="": Force the docker runtime to use a specific storage driver + -e, --exec-driver="native": Force the docker runtime to use a specific exec driver + -v, --version=false: Print version information and quit + --tls=false: Use TLS; implied by tls-verify flags + --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here + --tlscert="~/.docker/cert.pem": Path to TLS certificate file + --tlskey="~/.docker/key.pem": Path to TLS key file + --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) + --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available + +The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the +daemon and client. To run the daemon you provide the ``-d`` flag. + +To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``. + +To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``. + +To set the DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``. + +To run the daemon with debug output, use ``docker -d -D``. + +To use lxc as the execution driver, use ``docker -d -e lxc``. + +The docker client will also honor the ``DOCKER_HOST`` environment variable to set +the ``-H`` flag for the client. + +:: + + docker -H tcp://0.0.0.0:4243 ps + # or + export DOCKER_HOST="tcp://0.0.0.0:4243" + docker ps + # both are equal + +To run the daemon with `systemd socket activation `_, use ``docker -d -H fd://``. +Using ``fd://`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. +If the specified socket activated files aren't found then docker will exit. +You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `_. + +Docker supports softlinks for the Docker data directory (``/var/lib/docker``) and for ``/tmp``. +TMPDIR and the data directory can be set like this: + +:: + + TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 + # or + export TMPDIR=/mnt/disk2/tmp + /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 + +.. _cli_attach: + +``attach`` +---------- + +:: + + Usage: docker attach CONTAINER + + Attach to a running container. + + --no-stdin=false: Do not attach stdin + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + +You can detach from the container again (and leave it running) with +``CTRL-c`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of +the Docker client when it quits. When you detach from the container's +process the exit code will be returned to the client. + +To stop a container, use ``docker stop``. + +To kill the container, use ``docker kill``. + +.. _cli_attach_examples: + +Examples: +~~~~~~~~~ + +.. code-block:: bash + + $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) + $ sudo docker attach $ID + top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355560k used, 18012k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221740k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top + + top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355244k used, 18328k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + + + top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355780k used, 17792k free, 27880k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + ^C$ + $ sudo docker stop $ID + +.. _cli_build: + +``build`` +--------- + +:: + + Usage: docker build [OPTIONS] PATH | URL | - + Build a new container image from the source code at PATH + -t, --tag="": Repository name (and optionally a tag) to be applied + to the resulting image in case of success. + -q, --quiet=false: Suppress the verbose output generated by the containers. + --no-cache: Do not use the cache when building the image. + --rm=true: Remove intermediate containers after a successful build + +The files at ``PATH`` or ``URL`` are called the "context" of the build. +The build process may refer to any of the files in the context, for example when +using an :ref:`ADD ` instruction. +When a single ``Dockerfile`` is given as ``URL``, then no context is set. + +When a Git repository is set as ``URL``, then the repository is used as the context. +The Git repository is cloned with its submodules (`git clone --recursive`). +A fresh git clone occurs in a temporary directory on your local host, and then this +is sent to the Docker daemon as the context. +This way, your local user credentials and vpn's etc can be used to access private repositories + +.. _cli_build_examples: + +.. seealso:: :ref:`dockerbuilder`. + +Examples: +~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker build . + Uploading context 10240 bytes + Step 1 : FROM busybox + Pulling repository busybox + ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ + Step 2 : RUN ls -lh / + ---> Running in 9c9e81692ae9 + total 24 + drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin + drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev + drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc + drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib + lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib + dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc + lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin + dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys + drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp + drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr + ---> b35f4035db3f + Step 3 : CMD echo Hello World + ---> Running in 02071fceb21b + ---> f52f38b7823e + Successfully built f52f38b7823e + Removing intermediate container 9c9e81692ae9 + Removing intermediate container 02071fceb21b + + +This example specifies that the ``PATH`` is ``.``, and so all the files in +the local directory get tar'd and sent to the Docker daemon. The ``PATH`` +specifies where to find the files for the "context" of the build on +the Docker daemon. Remember that the daemon could be running on a +remote machine and that no parsing of the ``Dockerfile`` happens at the +client side (where you're running ``docker build``). That means that +*all* the files at ``PATH`` get sent, not just the ones listed to +:ref:`ADD ` in the ``Dockerfile``. + +The transfer of context from the local machine to the Docker daemon is +what the ``docker`` client means when you see the "Uploading context" +message. + +If you wish to keep the intermediate containers after the build is complete, +you must use ``--rm=false``. This does not affect the build cache. + + +.. code-block:: bash + + $ sudo docker build -t vieux/apache:2.0 . + +This will build like the previous example, but it will then tag the +resulting image. The repository name will be ``vieux/apache`` and the +tag will be ``2.0`` + + +.. code-block:: bash + + $ sudo docker build - < Dockerfile + +This will read a ``Dockerfile`` from *stdin* without context. Due to +the lack of a context, no contents of any local directory will be sent +to the ``docker`` daemon. Since there is no context, a ``Dockerfile`` +``ADD`` only works if it refers to a remote URL. + +.. code-block:: bash + + $ sudo docker build github.com/creack/docker-firefox + +This will clone the GitHub repository and use the cloned repository as +context. The ``Dockerfile`` at the root of the repository is used as +``Dockerfile``. Note that you can specify an arbitrary Git repository +by using the ``git://`` schema. + + +.. _cli_commit: + +``commit`` +---------- + +:: + + Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] + + Create a new image from a container's changes + + -m, --message="": Commit message + -a, --author="": Author (eg. "John Hannibal Smith " + --run="": Configuration changes to be applied when the image is launched with `docker run`. + (ex: --run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}') + +.. _cli_commit_examples: + +Commit an existing container +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker ps + ID IMAGE COMMAND CREATED STATUS PORTS + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 + f5283438590d + $ docker images | head + REPOSITORY TAG ID CREATED VIRTUAL SIZE + SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB + +Change the command that a container runs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Sometimes you have an application container running just a service and you need +to make a quick change and then change it back. + +In this example, we run a container with ``ls`` and then change the image to +run ``ls /etc``. + +.. code-block:: bash + + $ docker run -t --name test ubuntu ls + bin boot dev etc home lib lib64 media mnt opt proc root run sbin selinux srv sys tmp usr var + $ docker commit --run='{"Cmd": ["ls","/etc"]}' test test2 + 933d16de9e70005304c1717b5c6f2f39d6fd50752834c6f34a155c70790011eb + $ docker run -t test2 + adduser.conf gshadow login.defs rc0.d + alternatives gshadow- logrotate.d rc1.d + apt host.conf lsb-base rc2.d + ... + +Merged configs example +...................... + +Say you have a Dockerfile like so: + +.. code-block:: bash + + ENV MYVAR foobar + RUN apt-get install openssh + EXPOSE 22 + CMD ["/usr/sbin/sshd -D"] + ... + +If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the --run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit. + +.. code-block:: bash + + $ docker build -t me/foo . + $ docker run -t -i me/foo /bin/bash + foo-container$ [make changes in the container] + foo-container$ exit + $ docker commit --run='{"Cmd": ["ls"]}' [container-id] me/bar + ... + +The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', and its default command will be ["ls"]. + +Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the --run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container. + +Full --run example +.................. + +The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` +or ``config`` when running ``docker inspect IMAGEID``. Existing configuration key-values that are +not overridden in the JSON hash will be merged in. + +(Multiline is okay within a single quote ``'``) + +.. code-block:: bash + + $ sudo docker commit --run=' + { + "Entrypoint" : null, + "Privileged" : false, + "User" : "", + "VolumesFrom" : "", + "Cmd" : ["cat", "-e", "/etc/resolv.conf"], + "Dns" : ["8.8.8.8", "8.8.4.4"], + "DnsSearch" : ["example.com"], + "MemorySwap" : 0, + "AttachStdin" : false, + "AttachStderr" : false, + "CpuShares" : 0, + "OpenStdin" : false, + "Volumes" : null, + "Hostname" : "122612f45831", + "PortSpecs" : ["22", "80", "443"], + "Image" : "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", + "Tty" : false, + "Env" : [ + "HOME=/", + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "StdinOnce" : false, + "Domainname" : "", + "WorkingDir" : "/", + "NetworkDisabled" : false, + "Memory" : 0, + "AttachStdout" : false + }' $CONTAINER_ID + +.. _cli_cp: + +``cp`` +------ + +:: + + Usage: docker cp CONTAINER:PATH HOSTPATH + + Copy files/folders from the containers filesystem to the host + path. Paths are relative to the root of the filesystem. + +.. code-block:: bash + + $ sudo docker cp 7bb0e258aefe:/etc/debian_version . + $ sudo docker cp blue_frog:/etc/hosts . + +.. _cli_diff: + +``diff`` +-------- + +:: + + Usage: docker diff CONTAINER + + List the changed files and directories in a container's filesystem + +There are 3 events that are listed in the 'diff': + +1. ```A``` - Add +2. ```D``` - Delete +3. ```C``` - Change + +For example: + +.. code-block:: bash + + $ sudo docker diff 7bb0e258aefe + + C /dev + A /dev/kmsg + C /etc + A /etc/mtab + A /go + A /go/src + A /go/src/github.com + A /go/src/github.com/dotcloud + A /go/src/github.com/dotcloud/docker + A /go/src/github.com/dotcloud/docker/.git + .... + +.. _cli_events: + +``events`` +---------- + +:: + + Usage: docker events + + Get real time events from the server + + --since="": Show previously created events and then stream. + (either seconds since epoch, or date string as below) + +.. _cli_events_example: + +Examples +~~~~~~~~ + +You'll need two shells for this example. + +Shell 1: Listening for events +............................. + +.. code-block:: bash + + $ sudo docker events + +Shell 2: Start and Stop a Container +................................... + +.. code-block:: bash + + $ sudo docker start 4386fb97867d + $ sudo docker stop 4386fb97867d + +Shell 1: (Again .. now showing events) +...................................... + +.. code-block:: bash + + [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + +Show events in the past from a specified time +............................................. + +.. code-block:: bash + + $ sudo docker events --since 1378216169 + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + + $ sudo docker events --since '2013-09-03' + [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + + $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die + [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + +.. _cli_export: + +``export`` +---------- + +:: + + Usage: docker export CONTAINER + + Export the contents of a filesystem as a tar archive to STDOUT + +For example: + +.. code-block:: bash + + $ sudo docker export red_panda > latest.tar + +.. _cli_history: + +``history`` +----------- + +:: + + Usage: docker history [OPTIONS] IMAGE + + Show the history of an image + + --no-trunc=false: Don't truncate output + -q, --quiet=false: Only show numeric IDs + +To see how the ``docker:latest`` image was built: + +.. code-block:: bash + + $ docker history docker + IMAGE CREATED CREATED BY SIZE + 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B + 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB + be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB + 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB + 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B + 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B + +.. _cli_images: + +``images`` +---------- + +:: + + Usage: docker images [OPTIONS] [NAME] + + List images + + -a, --all=false: Show all images (by default filter out the intermediate images used to build) + --no-trunc=false: Don't truncate output + -q, --quiet=false: Only show numeric IDs + -t, --tree=false: Output graph in tree format + -u, --untagged show only untagged images + -v, --viz=false: Output graph in graphviz format + +Listing the most recently created images +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker images | head + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 77af4d6b9913 19 hours ago 1.089 GB + committest latest b6fa739cedf5 19 hours ago 1.089 GB + 78a85c484f71 19 hours ago 1.089 GB + docker latest 30557a29d5ab 20 hours ago 1.089 GB + 0124422dd9f9 20 hours ago 1.089 GB + 18ad6fad3402 22 hours ago 1.082 GB + f9f1e26352f0 23 hours ago 1.089 GB + tryout latest 2629d1fa0b81 23 hours ago 131.5 MB + 5ed6274db6ce 24 hours ago 1.089 GB + +Listing the full length image IDs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker images --no-trunc | head + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB + committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB + 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB + docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB + 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB + 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB + f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB + tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB + 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB + +Displaying images visually +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker images --viz | dot -Tpng -o docker.png + +.. image:: docker_images.gif + :alt: Example inheritance graph of Docker images. + + +Displaying image hierarchy +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker images --tree + + ├─8dbd9e392a96 Size: 131.5 MB (virtual 131.5 MB) Tags: ubuntu:12.04,ubuntu:latest,ubuntu:precise + └─27cf78414709 Size: 180.1 MB (virtual 180.1 MB) + └─b750fe79269d Size: 24.65 kB (virtual 180.1 MB) Tags: ubuntu:12.10,ubuntu:quantal + ├─f98de3b610d5 Size: 12.29 kB (virtual 180.1 MB) + │ └─7da80deb7dbf Size: 16.38 kB (virtual 180.1 MB) + │ └─65ed2fee0a34 Size: 20.66 kB (virtual 180.2 MB) + │ └─a2b9ea53dddc Size: 819.7 MB (virtual 999.8 MB) + │ └─a29b932eaba8 Size: 28.67 kB (virtual 999.9 MB) + │ └─e270a44f124d Size: 12.29 kB (virtual 999.9 MB) Tags: progrium/buildstep:latest + └─17e74ac162d8 Size: 53.93 kB (virtual 180.2 MB) + └─339a3f56b760 Size: 24.65 kB (virtual 180.2 MB) + └─904fcc40e34d Size: 96.7 MB (virtual 276.9 MB) + └─b1b0235328dd Size: 363.3 MB (virtual 640.2 MB) + └─7cb05d1acb3b Size: 20.48 kB (virtual 640.2 MB) + └─47bf6f34832d Size: 20.48 kB (virtual 640.2 MB) + └─f165104e82ed Size: 12.29 kB (virtual 640.2 MB) + └─d9cf85a47b7e Size: 1.911 MB (virtual 642.2 MB) + └─3ee562df86ca Size: 17.07 kB (virtual 642.2 MB) + └─b05fc2d00e4a Size: 24.96 kB (virtual 642.2 MB) + └─c96a99614930 Size: 12.29 kB (virtual 642.2 MB) + └─a6a357a48c49 Size: 12.29 kB (virtual 642.2 MB) Tags: ndj/mongodb:latest + +Displaying untagged (orphan) images +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker images --untagged + + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 8abc22fbb042 4 weeks ago 0 B + 48e5f45168b9 4 weeks ago 2.489 MB + bf747efa0e2f 4 weeks ago 0 B + 980fe10e5736 12 weeks ago 101.4 MB + dea752e4e117 12 weeks ago 101.4 MB + 511136ea3c5a 8 months ago 0 B + +This will display untagged images, that are the leaves of the images tree (not +intermediary layers). These images occur when a new build of an image takes the +repo:tag away from the IMAGE ID, leaving it untagged. A warning will be issued +if trying to remove an image when a container is presently using it. +By having this flag it allows for batch cleanup. + + +.. code-block:: bash + + $ sudo docker images --untagged -q + + 8abc22fbb042 + 48e5f45168b9 + bf747efa0e2f + 980fe10e5736 + dea752e4e117 + 511136ea3c5a + + +Ready for use by `docker rmi ...`, like: + +.. code-block:: bash + + $ sudo docker rmi $(sudo docker images --untagged -q) + + 8abc22fbb042 + 48e5f45168b9 + bf747efa0e2f + 980fe10e5736 + dea752e4e117 + 511136ea3c5a + +NOTE: Docker will warn you if any containers exist that are using these untagged images. + +.. _cli_import: + +``import`` +---------- + +:: + + Usage: docker import URL|- [REPOSITORY[:TAG]] + + Create an empty filesystem image and import the contents of the tarball + (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + +At this time, the URL must start with ``http`` and point to a single +file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a +root filesystem. If you would like to import from a local directory or +archive, you can use the ``-`` parameter to take the data from *stdin*. + +Examples +~~~~~~~~ + +Import from a remote location +............................. + +This will create a new untagged image. + +.. code-block:: bash + + $ sudo docker import http://example.com/exampleimage.tgz + +Import from a local file +........................ + +Import to docker via pipe and *stdin*. + +.. code-block:: bash + + $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new + +Import from a local directory +............................. + +.. code-block:: bash + + $ sudo tar -c . | docker import - exampleimagedir + +Note the ``sudo`` in this example -- you must preserve the ownership of the +files (especially root ownership) during the archiving with tar. If you are not +root (or the sudo command) when you tar, then the ownerships might not get +preserved. + +.. _cli_info: + +``info`` +-------- + +:: + + Usage: docker info + + Display system-wide information. + +.. code-block:: bash + + $ sudo docker info + Containers: 292 + Images: 194 + Debug mode (server): false + Debug mode (client): false + Fds: 22 + Goroutines: 67 + LXC Version: 0.9.0 + EventsListeners: 115 + Kernel Version: 3.8.0-33-generic + WARNING: No swap limit support + + +.. _cli_insert: + +``insert`` +---------- + +:: + + Usage: docker insert IMAGE URL PATH + + Insert a file from URL in the IMAGE at PATH + +Use the specified ``IMAGE`` as the parent for a new image which adds a +:ref:`layer ` containing the new file. The ``insert`` command does +not modify the original image, and the new image has the contents of the parent +image, plus the new file. + + +Examples +~~~~~~~~ + +Insert file from GitHub +....................... + +.. code-block:: bash + + $ sudo docker insert 8283e18b24bc https://raw.github.com/metalivedev/django/master/postinstall /tmp/postinstall.sh + 06fd35556d7b + +.. _cli_inspect: + +``inspect`` +----------- + +:: + + Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] + + Return low-level information on a container/image + + -f, --format="": Format the output using the given go template. + +By default, this will render all results in a JSON array. If a format +is specified, the given template will be executed for each result. + +Go's `text/template `_ package +describes all the details of the format. + +Examples +~~~~~~~~ + +Get an instance's IP Address +............................ + +For the most part, you can pick out any field from the JSON in a +fairly straightforward manner. + +.. code-block:: bash + + $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID + +List All Port Bindings +...................... + +One can loop over arrays and maps in the results to produce simple +text output: + +.. code-block:: bash + + $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID + +Find a Specific Port Mapping +............................ + +The ``.Field`` syntax doesn't work when the field name begins with a +number, but the template language's ``index`` function does. The +``.NetworkSettings.Ports`` section contains a map of the internal port +mappings to a list of external address/port objects, so to grab just +the numeric public port, you use ``index`` to find the specific port +map, and then ``index`` 0 contains first object inside of that. Then +we ask for the ``HostPort`` field to get the public address. + +.. code-block:: bash + + $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID + +Get config +.......... + +The ``.Field`` syntax doesn't work when the field contains JSON data, +but the template language's custom ``json`` function does. The ``.config`` +section contains complex json object, so to grab it as JSON, you use ``json`` +to convert config object into JSON + +.. code-block:: bash + + $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID + + +.. _cli_kill: + +``kill`` +-------- + +:: + + Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] + + Kill a running container (send SIGKILL, or specified signal) + + -s, --signal="KILL": Signal to send to the container + +The main process inside the container will be sent SIGKILL, or any signal specified with option ``--signal``. + +Known Issues (kill) +~~~~~~~~~~~~~~~~~~~ + +* :issue:`197` indicates that ``docker kill`` may leave directories + behind and make it difficult to remove the container. +* :issue:`3844` lxc 1.0.0 beta3 removed ``lcx-kill`` which is used by Docker versions before 0.8.0; + see the issue for a workaround. + +.. _cli_load: + +``load`` +-------- + +:: + + Usage: docker load + + Load an image from a tar archive on STDIN + + -i, --input="": Read from a tar archive file, instead of STDIN + +Loads a tarred repository from a file or the standard input stream. +Restores both images and tags. + +.. code-block:: bash + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + $ sudo docker load < busybox.tar + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + $ sudo docker load --input fedora.tar + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + fedora rawhide 0d20aec6529d 7 weeks ago 387 MB + fedora 20 58394af37342 7 weeks ago 385.5 MB + fedora heisenbug 58394af37342 7 weeks ago 385.5 MB + fedora latest 58394af37342 7 weeks ago 385.5 MB + + +.. _cli_login: + +``login`` +--------- + +:: + + Usage: docker login [OPTIONS] [SERVER] + + Register or Login to the docker registry server + + -e, --email="": Email + -p, --password="": Password + -u, --username="": Username + + If you want to login to a private registry you can + specify this by adding the server name. + + example: + docker login localhost:8080 + + +.. _cli_logs: + +``logs`` +-------- + +:: + + Usage: docker logs [OPTIONS] CONTAINER + + Fetch the logs of a container + + -f, --follow=false: Follow log output + +The ``docker logs`` command is a convenience which batch-retrieves whatever +logs are present at the time of execution. This does not guarantee execution +order when combined with a ``docker run`` (i.e. your run may not have generated +any logs at the time you execute ``docker logs``). + +The ``docker logs --follow`` command combines ``docker logs`` and ``docker attach``: +it will first return all logs from the beginning and then continue streaming +new output from the container's stdout and stderr. + + +.. _cli_port: + +``port`` +-------- + +:: + + Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT + + Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + + +.. _cli_ps: + +``ps`` +------ + +:: + + Usage: docker ps [OPTIONS] + + List containers + + -a, --all=false: Show all containers. Only running containers are shown by default. + --before="": Show only container created before Id or Name, include non-running ones. + -l, --latest=false: Show only the latest created container, include non-running ones. + -n=-1: Show n last created containers, include non-running ones. + --no-trunc=false: Don't truncate output + -q, --quiet=false: Only display numeric IDs + -s, --size=false: Display sizes, not to be used with -q + --since="": Show only containers created since Id or Name, include non-running ones. + + +Running ``docker ps`` showing 2 linked containers. + +.. code-block:: bash + + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp + d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + fd2645e2e2b5 busybox:latest top 10 days ago Ghost insane_ptolemy + +The last container is marked as a ``Ghost`` container. It is a container that was running when the docker daemon was restarted (upgraded, or ``-H`` settings changed). The container is still running, but as this docker daemon process is not able to manage it, you can't attach to it. To bring them out of ``Ghost`` Status, you need to use ``docker kill`` or ``docker restart``. + +``docker ps`` will show only running containers by default. To see all containers: ``docker ps -a`` + +.. _cli_pull: + +``pull`` +-------- + +:: + + Usage: docker pull NAME + + Pull an image or a repository from the registry + + -t, --tag="": Download tagged image in repository + + +.. _cli_push: + +``push`` +-------- + +:: + + Usage: docker push NAME + + Push an image or a repository to the registry + + +.. _cli_restart: + +``restart`` +----------- + +:: + + Usage: docker restart [OPTIONS] NAME + + Restart a running container + + -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 + +.. _cli_rm: + +``rm`` +------ + +:: + + Usage: docker rm [OPTIONS] CONTAINER + + Remove one or more containers + -l, --link="": Remove the link instead of the actual container + -f, --force=false: Force removal of running container + -v, --volumes=false: Remove the volumes associated to the container + +Known Issues (rm) +~~~~~~~~~~~~~~~~~ + +* :issue:`197` indicates that ``docker kill`` may leave directories + behind and make it difficult to remove the container. + + +Examples: +~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker rm /redis + /redis + + +This will remove the container referenced under the link ``/redis``. + + +.. code-block:: bash + + $ sudo docker rm --link /webapp/redis + /webapp/redis + + +This will remove the underlying link between ``/webapp`` and the ``/redis`` containers removing all +network communication. + +.. code-block:: bash + + $ sudo docker rm `docker ps -a -q` + + +This command will delete all stopped containers. The command ``docker ps -a -q`` will return all +existing container IDs and pass them to the ``rm`` command which will delete them. Any running +containers will not be deleted. + +.. _cli_rmi: + +``rmi`` +------- + +:: + + Usage: docker rmi IMAGE [IMAGE...] + + Remove one or more images + + -f, --force=false: Force + --no-prune=false: Do not delete untagged parents + +Removing tagged images +~~~~~~~~~~~~~~~~~~~~~~ + +Images can be removed either by their short or long ID's, or their image names. +If an image has more than one name, each of them needs to be removed before the +image is removed. + +.. code-block:: bash + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + + $ sudo docker rmi fd484f19954f + Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories + 2013/12/11 05:47:16 Error: failed to remove one or more images + + $ sudo docker rmi test1 + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + $ sudo docker rmi test2 + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + + $ sudo docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + $ sudo docker rmi test + Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + + +.. _cli_run: + +``run`` +------- + +:: + + Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + + Run a command in a new container + + -a, --attach=map[]: Attach to stdin, stdout or stderr + -c, --cpu-shares=0: CPU shares (relative weight) + --cidfile="": Write the container ID to the file + -d, --detach=false: Detached mode: Run container in the background, print new container id + -e, --env=[]: Set environment variables + -h, --hostname="": Container host name + -i, --interactive=false: Keep stdin open even if not attached + --privileged=false: Give extended privileges to this container + -m, --memory="": Memory limit (format: , where unit = b, k, m or g) + -n, --networking=true: Enable networking for this container + -p, --publish=[]: Map a network port to the container + --rm=false: Automatically remove the container when it exits (incompatible with -d) + -t, --tty=false: Allocate a pseudo-tty + -u, --user="": Username or UID + --dns=[]: Set custom dns servers for the container + --dns-search=[]: Set custom DNS search domains for the container + -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. + --volumes-from="": Mount all volumes from the given container(s) + --entrypoint="": Overwrite the default entrypoint set by the image + -w, --workdir="": Working directory inside the container + --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + --expose=[]: Expose a port from the container without publishing it to your host + --link="": Add link to another container (name:alias) + --name="": Assign the specified name to the container. If no name is specific docker will generate a random name + -P, --publish-all=false: Publish all exposed ports to the host interfaces + +The ``docker run`` command first ``creates`` a writeable container layer over +the specified image, and then ``starts`` it using the specified command. That +is, ``docker run`` is equivalent to the API ``/containers/create`` then +``/containers/(id)/start``. +Once the container is stopped it still exists and can be started back up. See ``docker ps -a`` to view a list of all containers. + +The ``docker run`` command can be used in combination with ``docker commit`` to +:ref:`change the command that a container runs `. + +See :ref:`port_redirection` for more detailed information about the ``--expose``, +``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for +specific examples using ``--link``. + +Known Issues (run --volumes-from) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +* :issue:`2702`: "lxc-start: Permission denied - failed to mount" + could indicate a permissions problem with AppArmor. Please see the + issue for a workaround. + +Examples: +~~~~~~~~~ + +.. code-block:: bash + + $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" + +This will create a container and print ``test`` to the console. The +``cidfile`` flag makes Docker attempt to create a new file and write the +container ID to it. If the file exists already, Docker will return an +error. Docker will close this file when ``docker run`` exits. + +.. code-block:: bash + + $ sudo docker run -t -i --rm ubuntu bash + root@bc338942ef20:/# mount -t tmpfs none /mnt + mount: permission denied + + +This will *not* work, because by default, most potentially dangerous +kernel capabilities are dropped; including ``cap_sys_admin`` (which is +required to mount filesystems). However, the ``--privileged`` flag will +allow it to run: + +.. code-block:: bash + + $ sudo docker run --privileged ubuntu bash + root@50e3f57e16e6:/# mount -t tmpfs none /mnt + root@50e3f57e16e6:/# df -h + Filesystem Size Used Avail Use% Mounted on + none 1.9G 0 1.9G 0% /mnt + + +The ``--privileged`` flag gives *all* capabilities to the container, +and it also lifts all the limitations enforced by the ``device`` +cgroup controller. In other words, the container can then do almost +everything that the host can do. This flag exists to allow special +use-cases, like running Docker within Docker. + +.. code-block:: bash + + $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd + +The ``-w`` lets the command being executed inside directory given, +here ``/path/to/dir/``. If the path does not exists it is created inside the +container. + +.. code-block:: bash + + $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd + +The ``-v`` flag mounts the current working directory into the container. +The ``-w`` lets the command being executed inside the current +working directory, by changing into the directory to the value +returned by ``pwd``. So this combination executes the command +using the container, but inside the current working directory. + +.. code-block:: bash + + $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash + +When the host directory of a bind-mounted volume doesn't exist, Docker +will automatically create this directory on the host for you. In the +example above, Docker will create the ``/doesnt/exist`` folder before +starting your container. + +.. code-block:: bash + + $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh + +By bind-mounting the docker unix socket and statically linked docker binary +(such as that provided by https://get.docker.io), you give the container +the full access to create and manipulate the host's docker daemon. + +.. code-block:: bash + + $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash + +This binds port ``8080`` of the container to port ``80`` on ``127.0.0.1`` of the +host machine. :ref:`port_redirection` explains in detail how to manipulate ports +in Docker. + +.. code-block:: bash + + $ sudo docker run --expose 80 ubuntu bash + +This exposes port ``80`` of the container for use within a link without +publishing the port to the host system's interfaces. :ref:`port_redirection` +explains in detail how to manipulate ports in Docker. + +.. code-block:: bash + + $ sudo docker run --name console -t -i ubuntu bash + +This will create and run a new container with the container name +being ``console``. + +.. code-block:: bash + + $ sudo docker run --link /redis:redis --name console ubuntu bash + +The ``--link`` flag will link the container named ``/redis`` into the +newly created container with the alias ``redis``. The new container +can access the network and environment of the redis container via +environment variables. The ``--name`` flag will assign the name ``console`` +to the newly created container. + +.. code-block:: bash + + $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd + +The ``--volumes-from`` flag mounts all the defined volumes from the +referenced containers. Containers can be specified by a comma separated +list or by repetitions of the ``--volumes-from`` argument. The container +ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in +read-only or read-write mode, respectively. By default, the volumes are mounted +in the same mode (read write or read only) as the reference container. + +A complete example +.................. + +.. code-block:: bash + + $ sudo docker run -d --name static static-web-files sh + $ sudo docker run -d --expose=8098 --name riak riakserver + $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver + $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver + $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log + +This example shows 5 containers that might be set up to test a web application change: + +1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has CSS, image and static HTML in it, (with a ``VOLUME`` instruction in the ``Dockerfile`` to allow the web server to use those files); +2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it; +3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; +4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org`` and DNS search domain to ``dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; +5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``--rm`` option means that when the container exits, the container's layer is removed. + + +.. _cli_save: + +``save`` +--------- + +:: + + Usage: docker save IMAGE + + Save an image to a tar archive (streamed to stdout by default) + + -o, --output="": Write to an file, instead of STDOUT + + +Produces a tarred repository to the standard output stream. +Contains all parent layers, and all tags + versions, or specified repo:tag. + +.. code-block:: bash + + $ sudo docker save busybox > busybox.tar + $ ls -sh b.tar + 2.7M b.tar + $ sudo docker save --output busybox.tar busybox + $ ls -sh b.tar + 2.7M b.tar + $ sudo docker save -o fedora-all.tar fedora + $ sudo docker save -o fedora-latest.tar fedora:latest + + +.. _cli_search: + +``search`` +---------- + +:: + + Usage: docker search TERM + + Search the docker index for images + + --no-trunc=false: Don't truncate output + -s, --stars=0: Only displays with at least xxx stars + -t, --trusted=false: Only show trusted builds + +.. _cli_start: + +``start`` +--------- + +:: + + Usage: docker start [OPTIONS] CONTAINER + + Start a stopped container + + -a, --attach=false: Attach container's stdout/stderr and forward all signals to the process + -i, --interactive=false: Attach container's stdin + +.. _cli_stop: + +``stop`` +-------- + +:: + + Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] + + Stop a running container (Send SIGTERM, and then SIGKILL after grace period) + + -t, --time=10: Number of seconds to wait for the container to stop before killing it. + +The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL + +.. _cli_tag: + +``tag`` +------- + +:: + + Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] + + Tag an image into a repository + + -f, --force=false: Force + +.. _cli_top: + +``top`` +------- + +:: + + Usage: docker top CONTAINER [ps OPTIONS] + + Lookup the running processes of a container + +.. _cli_version: + +``version`` +----------- + +Show the version of the Docker client, daemon, and latest released version. + + +.. _cli_wait: + +``wait`` +-------- + +:: + + Usage: docker wait [OPTIONS] NAME + + Block until a container stops, then print its exit code. From 1f269e43a418715c07665de3cd6359a9a83aa976 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Wed, 26 Mar 2014 14:58:33 -0400 Subject: [PATCH 0172/2538] filters, for images: docs Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 26 +++++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index 6af6a85c87..dc83b0cd43 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -598,12 +598,13 @@ To see how the ``docker:latest`` image was built: List images -a, --all=false: Show all images (by default filter out the intermediate images used to build) + -f, --filter=[]: Provide filter values (i.e. 'tagged=false') --no-trunc=false: Don't truncate output -q, --quiet=false: Only show numeric IDs -t, --tree=false: Output graph in tree format - -u, --untagged show only untagged images -v, --viz=false: Output graph in graphviz format + Listing the most recently created images ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -678,12 +679,25 @@ Displaying image hierarchy └─c96a99614930 Size: 12.29 kB (virtual 642.2 MB) └─a6a357a48c49 Size: 12.29 kB (virtual 642.2 MB) Tags: ndj/mongodb:latest -Displaying untagged (orphan) images -~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Filtering +~~~~~~~~~ + +The filtering flag (-f or --filter) format is of "key=value". If there are more +than one flag, then either semi-colon delimit (";"), or pass multiple flags. + +Current filters: + * tagged (boolean - true or false) + * untagged (boolean - true or false) + + + +Filtering for untagged images +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. code-block:: bash - $ sudo docker images --untagged + $ sudo docker images --filter "tagged=false" REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 8abc22fbb042 4 weeks ago 0 B @@ -702,7 +716,7 @@ By having this flag it allows for batch cleanup. .. code-block:: bash - $ sudo docker images --untagged -q + $ sudo docker images -f "untagged=true" -q 8abc22fbb042 48e5f45168b9 @@ -716,7 +730,7 @@ Ready for use by `docker rmi ...`, like: .. code-block:: bash - $ sudo docker rmi $(sudo docker images --untagged -q) + $ sudo docker rmi $(sudo docker images -f "untagged=true" -q) 8abc22fbb042 48e5f45168b9 From e31bafdc7a4c0529a3c480713c076629ce0a5e34 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Mon, 7 Apr 2014 13:38:53 -0400 Subject: [PATCH 0173/2538] images filter: remove the redundant inverted filter Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst index dc83b0cd43..7f1fab2af4 100644 --- a/docs/sources/reference/commandline/cli.rst +++ b/docs/sources/reference/commandline/cli.rst @@ -687,7 +687,6 @@ The filtering flag (-f or --filter) format is of "key=value". If there are more than one flag, then either semi-colon delimit (";"), or pass multiple flags. Current filters: - * tagged (boolean - true or false) * untagged (boolean - true or false) @@ -697,7 +696,7 @@ Filtering for untagged images .. code-block:: bash - $ sudo docker images --filter "tagged=false" + $ sudo docker images --filter "untagged=true" REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 8abc22fbb042 4 weeks ago 0 B From 3d4ff8babb555e929d44d17b6e0262d573b1b2f0 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Sun, 18 May 2014 15:23:09 -0400 Subject: [PATCH 0174/2538] images: fix markdown documentation Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.md | 41 + docs/sources/reference/commandline/cli.rst | 1512 -------------------- 2 files changed, 41 insertions(+), 1512 deletions(-) delete mode 100644 docs/sources/reference/commandline/cli.rst diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f2e370ace5..0c3623f9e2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -440,6 +440,7 @@ To see how the `docker:latest` image was built: List images -a, --all=false Show all images (by default filter out the intermediate image layers) + -f, --filter=[]: Provide filter values (i.e. 'tagged=false') --no-trunc=false Don't truncate output -q, --quiet=false Only show numeric IDs @@ -479,6 +480,46 @@ by default. tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB +### Filtering + +The filtering flag (-f or --filter) format is of "key=value". If there are more +than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) + +Current filters: + * untagged (boolean - true or false) + +#### untagged images + + $ sudo docker images --filter "untagged=true" + + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 8abc22fbb042 4 weeks ago 0 B + 48e5f45168b9 4 weeks ago 2.489 MB + bf747efa0e2f 4 weeks ago 0 B + 980fe10e5736 12 weeks ago 101.4 MB + dea752e4e117 12 weeks ago 101.4 MB + 511136ea3c5a 8 months ago 0 B + +This will display untagged images, that are the leaves of the images tree (not +intermediary layers). These images occur when a new build of an image takes the +repo:tag away from the IMAGE ID, leaving it untagged. A warning will be issued +if trying to remove an image when a container is presently using it. +By having this flag it allows for batch cleanup. + +Ready for use by `docker rmi ...`, like: + + $ sudo docker rmi $(sudo docker images -f "untagged=true" -q) + + 8abc22fbb042 + 48e5f45168b9 + bf747efa0e2f + 980fe10e5736 + dea752e4e117 + 511136ea3c5a + +NOTE: Docker will warn you if any containers exist that are using these untagged images. + + ## import Usage: docker import URL|- [REPOSITORY[:TAG]] diff --git a/docs/sources/reference/commandline/cli.rst b/docs/sources/reference/commandline/cli.rst deleted file mode 100644 index 7f1fab2af4..0000000000 --- a/docs/sources/reference/commandline/cli.rst +++ /dev/null @@ -1,1512 +0,0 @@ -:title: Command Line Interface -:description: Docker's CLI command description and usage -:keywords: Docker, Docker documentation, CLI, command line - -.. _cli: - -Command Line Help ------------------ - -To list available commands, either run ``docker`` with no parameters or execute -``docker help``:: - - $ sudo docker - Usage: docker [OPTIONS] COMMAND [arg...] - -H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used. - - A self-sufficient runtime for linux containers. - - ... - -.. _cli_options: - -Options -------- - -Single character commandline options can be combined, so rather than typing -``docker run -t -i --name test busybox sh``, you can write -``docker run -ti --name test busybox sh``. - -Boolean -~~~~~~~ - -Boolean options look like ``-d=false``. The value you see is the -default value which gets set if you do **not** use the boolean -flag. If you do call ``run -d``, that sets the opposite boolean value, -so in this case, ``true``, and so ``docker run -d`` **will** run in -"detached" mode, in the background. Other boolean options are similar --- specifying them will set the value to the opposite of the default -value. - -Multi -~~~~~ - -Options like ``-a=[]`` indicate they can be specified multiple times:: - - docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash - -Sometimes this can use a more complex value string, as for ``-v``:: - - docker run -v /host:/container example/mysql - -Strings and Integers -~~~~~~~~~~~~~~~~~~~~ - -Options like ``--name=""`` expect a string, and they can only be -specified once. Options like ``-c=0`` expect an integer, and they can -only be specified once. - ----- - -Commands --------- - -.. _cli_daemon: - -``daemon`` ----------- - -:: - - Usage of docker: - -D, --debug=false: Enable debug mode - -H, --host=[]: Multiple tcp://host:port or unix://path/to/socket to bind in daemon mode, single connection otherwise. systemd socket activation can be used with fd://[socketfd]. - -G, --group="docker": Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group - --api-enable-cors=false: Enable CORS headers in the remote API - -b, --bridge="": Attach containers to a pre-existing network bridge; use 'none' to disable container networking - --bip="": Use this CIDR notation address for the network bridge's IP, not compatible with -b - -d, --daemon=false: Enable daemon mode - --dns=[]: Force docker to use specific DNS servers - --dns-search=[]: Force Docker to use specific DNS search domains - -g, --graph="/var/lib/docker": Path to use as the root of the docker runtime - --icc=true: Enable inter-container communication - --ip="0.0.0.0": Default IP address to use when binding container ports - --ip-forward=true: Enable net.ipv4.ip_forward - --iptables=true: Enable Docker's addition of iptables rules - -p, --pidfile="/var/run/docker.pid": Path to use for daemon PID file - -r, --restart=true: Restart previously running containers - -s, --storage-driver="": Force the docker runtime to use a specific storage driver - -e, --exec-driver="native": Force the docker runtime to use a specific exec driver - -v, --version=false: Print version information and quit - --tls=false: Use TLS; implied by tls-verify flags - --tlscacert="~/.docker/ca.pem": Trust only remotes providing a certificate signed by the CA given here - --tlscert="~/.docker/cert.pem": Path to TLS certificate file - --tlskey="~/.docker/key.pem": Path to TLS key file - --tlsverify=false: Use TLS and verify the remote (daemon: verify client, client: verify daemon) - --mtu=0: Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available - -The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the -daemon and client. To run the daemon you provide the ``-d`` flag. - -To force Docker to use devicemapper as the storage driver, use ``docker -d -s devicemapper``. - -To set the DNS server for all Docker containers, use ``docker -d --dns 8.8.8.8``. - -To set the DNS search domain for all Docker containers, use ``docker -d --dns-search example.com``. - -To run the daemon with debug output, use ``docker -d -D``. - -To use lxc as the execution driver, use ``docker -d -e lxc``. - -The docker client will also honor the ``DOCKER_HOST`` environment variable to set -the ``-H`` flag for the client. - -:: - - docker -H tcp://0.0.0.0:4243 ps - # or - export DOCKER_HOST="tcp://0.0.0.0:4243" - docker ps - # both are equal - -To run the daemon with `systemd socket activation `_, use ``docker -d -H fd://``. -Using ``fd://`` will work perfectly for most setups but you can also specify individual sockets too ``docker -d -H fd://3``. -If the specified socket activated files aren't found then docker will exit. -You can find examples of using systemd socket activation with docker and systemd in the `docker source tree `_. - -Docker supports softlinks for the Docker data directory (``/var/lib/docker``) and for ``/tmp``. -TMPDIR and the data directory can be set like this: - -:: - - TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 - # or - export TMPDIR=/mnt/disk2/tmp - /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 - -.. _cli_attach: - -``attach`` ----------- - -:: - - Usage: docker attach CONTAINER - - Attach to a running container. - - --no-stdin=false: Do not attach stdin - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - -You can detach from the container again (and leave it running) with -``CTRL-c`` (for a quiet exit) or ``CTRL-\`` to get a stacktrace of -the Docker client when it quits. When you detach from the container's -process the exit code will be returned to the client. - -To stop a container, use ``docker stop``. - -To kill the container, use ``docker kill``. - -.. _cli_attach_examples: - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) - $ sudo docker attach $ID - top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355560k used, 18012k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221740k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top - - top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355244k used, 18328k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - - - top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355780k used, 17792k free, 27880k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached - - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - ^C$ - $ sudo docker stop $ID - -.. _cli_build: - -``build`` ---------- - -:: - - Usage: docker build [OPTIONS] PATH | URL | - - Build a new container image from the source code at PATH - -t, --tag="": Repository name (and optionally a tag) to be applied - to the resulting image in case of success. - -q, --quiet=false: Suppress the verbose output generated by the containers. - --no-cache: Do not use the cache when building the image. - --rm=true: Remove intermediate containers after a successful build - -The files at ``PATH`` or ``URL`` are called the "context" of the build. -The build process may refer to any of the files in the context, for example when -using an :ref:`ADD ` instruction. -When a single ``Dockerfile`` is given as ``URL``, then no context is set. - -When a Git repository is set as ``URL``, then the repository is used as the context. -The Git repository is cloned with its submodules (`git clone --recursive`). -A fresh git clone occurs in a temporary directory on your local host, and then this -is sent to the Docker daemon as the context. -This way, your local user credentials and vpn's etc can be used to access private repositories - -.. _cli_build_examples: - -.. seealso:: :ref:`dockerbuilder`. - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker build . - Uploading context 10240 bytes - Step 1 : FROM busybox - Pulling repository busybox - ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ - Step 2 : RUN ls -lh / - ---> Running in 9c9e81692ae9 - total 24 - drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin - drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev - drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib - lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib - dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc - lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin - dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys - drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr - ---> b35f4035db3f - Step 3 : CMD echo Hello World - ---> Running in 02071fceb21b - ---> f52f38b7823e - Successfully built f52f38b7823e - Removing intermediate container 9c9e81692ae9 - Removing intermediate container 02071fceb21b - - -This example specifies that the ``PATH`` is ``.``, and so all the files in -the local directory get tar'd and sent to the Docker daemon. The ``PATH`` -specifies where to find the files for the "context" of the build on -the Docker daemon. Remember that the daemon could be running on a -remote machine and that no parsing of the ``Dockerfile`` happens at the -client side (where you're running ``docker build``). That means that -*all* the files at ``PATH`` get sent, not just the ones listed to -:ref:`ADD ` in the ``Dockerfile``. - -The transfer of context from the local machine to the Docker daemon is -what the ``docker`` client means when you see the "Uploading context" -message. - -If you wish to keep the intermediate containers after the build is complete, -you must use ``--rm=false``. This does not affect the build cache. - - -.. code-block:: bash - - $ sudo docker build -t vieux/apache:2.0 . - -This will build like the previous example, but it will then tag the -resulting image. The repository name will be ``vieux/apache`` and the -tag will be ``2.0`` - - -.. code-block:: bash - - $ sudo docker build - < Dockerfile - -This will read a ``Dockerfile`` from *stdin* without context. Due to -the lack of a context, no contents of any local directory will be sent -to the ``docker`` daemon. Since there is no context, a ``Dockerfile`` -``ADD`` only works if it refers to a remote URL. - -.. code-block:: bash - - $ sudo docker build github.com/creack/docker-firefox - -This will clone the GitHub repository and use the cloned repository as -context. The ``Dockerfile`` at the root of the repository is used as -``Dockerfile``. Note that you can specify an arbitrary Git repository -by using the ``git://`` schema. - - -.. _cli_commit: - -``commit`` ----------- - -:: - - Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - - Create a new image from a container's changes - - -m, --message="": Commit message - -a, --author="": Author (eg. "John Hannibal Smith " - --run="": Configuration changes to be applied when the image is launched with `docker run`. - (ex: --run='{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}') - -.. _cli_commit_examples: - -Commit an existing container -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker ps - ID IMAGE COMMAND CREATED STATUS PORTS - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 - f5283438590d - $ docker images | head - REPOSITORY TAG ID CREATED VIRTUAL SIZE - SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB - -Change the command that a container runs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Sometimes you have an application container running just a service and you need -to make a quick change and then change it back. - -In this example, we run a container with ``ls`` and then change the image to -run ``ls /etc``. - -.. code-block:: bash - - $ docker run -t --name test ubuntu ls - bin boot dev etc home lib lib64 media mnt opt proc root run sbin selinux srv sys tmp usr var - $ docker commit --run='{"Cmd": ["ls","/etc"]}' test test2 - 933d16de9e70005304c1717b5c6f2f39d6fd50752834c6f34a155c70790011eb - $ docker run -t test2 - adduser.conf gshadow login.defs rc0.d - alternatives gshadow- logrotate.d rc1.d - apt host.conf lsb-base rc2.d - ... - -Merged configs example -...................... - -Say you have a Dockerfile like so: - -.. code-block:: bash - - ENV MYVAR foobar - RUN apt-get install openssh - EXPOSE 22 - CMD ["/usr/sbin/sshd -D"] - ... - -If you run that, make some changes, and then commit, Docker will merge the environment variable and exposed port configuration settings with any that you specify in the --run= option. This is a change from Docker 0.8.0 and prior where no attempt was made to preserve any existing configuration on commit. - -.. code-block:: bash - - $ docker build -t me/foo . - $ docker run -t -i me/foo /bin/bash - foo-container$ [make changes in the container] - foo-container$ exit - $ docker commit --run='{"Cmd": ["ls"]}' [container-id] me/bar - ... - -The me/bar image will now have port 22 exposed, MYVAR env var set to 'foobar', and its default command will be ["ls"]. - -Note that this is currently a shallow merge. So, for example, if you had specified a new port spec in the --run= config above, that would have clobbered the 'EXPOSE 22' setting from the parent container. - -Full --run example -.................. - -The ``--run`` JSON hash changes the ``Config`` section when running ``docker inspect CONTAINERID`` -or ``config`` when running ``docker inspect IMAGEID``. Existing configuration key-values that are -not overridden in the JSON hash will be merged in. - -(Multiline is okay within a single quote ``'``) - -.. code-block:: bash - - $ sudo docker commit --run=' - { - "Entrypoint" : null, - "Privileged" : false, - "User" : "", - "VolumesFrom" : "", - "Cmd" : ["cat", "-e", "/etc/resolv.conf"], - "Dns" : ["8.8.8.8", "8.8.4.4"], - "DnsSearch" : ["example.com"], - "MemorySwap" : 0, - "AttachStdin" : false, - "AttachStderr" : false, - "CpuShares" : 0, - "OpenStdin" : false, - "Volumes" : null, - "Hostname" : "122612f45831", - "PortSpecs" : ["22", "80", "443"], - "Image" : "b750fe79269d2ec9a3c593ef05b4332b1d1a02a62b4accb2c21d589ff2f5f2dc", - "Tty" : false, - "Env" : [ - "HOME=/", - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - ], - "StdinOnce" : false, - "Domainname" : "", - "WorkingDir" : "/", - "NetworkDisabled" : false, - "Memory" : 0, - "AttachStdout" : false - }' $CONTAINER_ID - -.. _cli_cp: - -``cp`` ------- - -:: - - Usage: docker cp CONTAINER:PATH HOSTPATH - - Copy files/folders from the containers filesystem to the host - path. Paths are relative to the root of the filesystem. - -.. code-block:: bash - - $ sudo docker cp 7bb0e258aefe:/etc/debian_version . - $ sudo docker cp blue_frog:/etc/hosts . - -.. _cli_diff: - -``diff`` --------- - -:: - - Usage: docker diff CONTAINER - - List the changed files and directories in a container's filesystem - -There are 3 events that are listed in the 'diff': - -1. ```A``` - Add -2. ```D``` - Delete -3. ```C``` - Change - -For example: - -.. code-block:: bash - - $ sudo docker diff 7bb0e258aefe - - C /dev - A /dev/kmsg - C /etc - A /etc/mtab - A /go - A /go/src - A /go/src/github.com - A /go/src/github.com/dotcloud - A /go/src/github.com/dotcloud/docker - A /go/src/github.com/dotcloud/docker/.git - .... - -.. _cli_events: - -``events`` ----------- - -:: - - Usage: docker events - - Get real time events from the server - - --since="": Show previously created events and then stream. - (either seconds since epoch, or date string as below) - -.. _cli_events_example: - -Examples -~~~~~~~~ - -You'll need two shells for this example. - -Shell 1: Listening for events -............................. - -.. code-block:: bash - - $ sudo docker events - -Shell 2: Start and Stop a Container -................................... - -.. code-block:: bash - - $ sudo docker start 4386fb97867d - $ sudo docker stop 4386fb97867d - -Shell 1: (Again .. now showing events) -...................................... - -.. code-block:: bash - - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - -Show events in the past from a specified time -............................................. - -.. code-block:: bash - - $ sudo docker events --since 1378216169 - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - - $ sudo docker events --since '2013-09-03' - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - - $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop - -.. _cli_export: - -``export`` ----------- - -:: - - Usage: docker export CONTAINER - - Export the contents of a filesystem as a tar archive to STDOUT - -For example: - -.. code-block:: bash - - $ sudo docker export red_panda > latest.tar - -.. _cli_history: - -``history`` ------------ - -:: - - Usage: docker history [OPTIONS] IMAGE - - Show the history of an image - - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only show numeric IDs - -To see how the ``docker:latest`` image was built: - -.. code-block:: bash - - $ docker history docker - IMAGE CREATED CREATED BY SIZE - 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B - 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB - be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB - 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB - 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B - 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B - -.. _cli_images: - -``images`` ----------- - -:: - - Usage: docker images [OPTIONS] [NAME] - - List images - - -a, --all=false: Show all images (by default filter out the intermediate images used to build) - -f, --filter=[]: Provide filter values (i.e. 'tagged=false') - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only show numeric IDs - -t, --tree=false: Output graph in tree format - -v, --viz=false: Output graph in graphviz format - - -Listing the most recently created images -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images | head - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 77af4d6b9913 19 hours ago 1.089 GB - committest latest b6fa739cedf5 19 hours ago 1.089 GB - 78a85c484f71 19 hours ago 1.089 GB - docker latest 30557a29d5ab 20 hours ago 1.089 GB - 0124422dd9f9 20 hours ago 1.089 GB - 18ad6fad3402 22 hours ago 1.082 GB - f9f1e26352f0 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81 23 hours ago 131.5 MB - 5ed6274db6ce 24 hours ago 1.089 GB - -Listing the full length image IDs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images --no-trunc | head - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB - committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB - 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB - 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB - 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB - f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB - 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB - -Displaying images visually -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images --viz | dot -Tpng -o docker.png - -.. image:: docker_images.gif - :alt: Example inheritance graph of Docker images. - - -Displaying image hierarchy -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images --tree - - ├─8dbd9e392a96 Size: 131.5 MB (virtual 131.5 MB) Tags: ubuntu:12.04,ubuntu:latest,ubuntu:precise - └─27cf78414709 Size: 180.1 MB (virtual 180.1 MB) - └─b750fe79269d Size: 24.65 kB (virtual 180.1 MB) Tags: ubuntu:12.10,ubuntu:quantal - ├─f98de3b610d5 Size: 12.29 kB (virtual 180.1 MB) - │ └─7da80deb7dbf Size: 16.38 kB (virtual 180.1 MB) - │ └─65ed2fee0a34 Size: 20.66 kB (virtual 180.2 MB) - │ └─a2b9ea53dddc Size: 819.7 MB (virtual 999.8 MB) - │ └─a29b932eaba8 Size: 28.67 kB (virtual 999.9 MB) - │ └─e270a44f124d Size: 12.29 kB (virtual 999.9 MB) Tags: progrium/buildstep:latest - └─17e74ac162d8 Size: 53.93 kB (virtual 180.2 MB) - └─339a3f56b760 Size: 24.65 kB (virtual 180.2 MB) - └─904fcc40e34d Size: 96.7 MB (virtual 276.9 MB) - └─b1b0235328dd Size: 363.3 MB (virtual 640.2 MB) - └─7cb05d1acb3b Size: 20.48 kB (virtual 640.2 MB) - └─47bf6f34832d Size: 20.48 kB (virtual 640.2 MB) - └─f165104e82ed Size: 12.29 kB (virtual 640.2 MB) - └─d9cf85a47b7e Size: 1.911 MB (virtual 642.2 MB) - └─3ee562df86ca Size: 17.07 kB (virtual 642.2 MB) - └─b05fc2d00e4a Size: 24.96 kB (virtual 642.2 MB) - └─c96a99614930 Size: 12.29 kB (virtual 642.2 MB) - └─a6a357a48c49 Size: 12.29 kB (virtual 642.2 MB) Tags: ndj/mongodb:latest - - -Filtering -~~~~~~~~~ - -The filtering flag (-f or --filter) format is of "key=value". If there are more -than one flag, then either semi-colon delimit (";"), or pass multiple flags. - -Current filters: - * untagged (boolean - true or false) - - - -Filtering for untagged images -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker images --filter "untagged=true" - - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 8abc22fbb042 4 weeks ago 0 B - 48e5f45168b9 4 weeks ago 2.489 MB - bf747efa0e2f 4 weeks ago 0 B - 980fe10e5736 12 weeks ago 101.4 MB - dea752e4e117 12 weeks ago 101.4 MB - 511136ea3c5a 8 months ago 0 B - -This will display untagged images, that are the leaves of the images tree (not -intermediary layers). These images occur when a new build of an image takes the -repo:tag away from the IMAGE ID, leaving it untagged. A warning will be issued -if trying to remove an image when a container is presently using it. -By having this flag it allows for batch cleanup. - - -.. code-block:: bash - - $ sudo docker images -f "untagged=true" -q - - 8abc22fbb042 - 48e5f45168b9 - bf747efa0e2f - 980fe10e5736 - dea752e4e117 - 511136ea3c5a - - -Ready for use by `docker rmi ...`, like: - -.. code-block:: bash - - $ sudo docker rmi $(sudo docker images -f "untagged=true" -q) - - 8abc22fbb042 - 48e5f45168b9 - bf747efa0e2f - 980fe10e5736 - dea752e4e117 - 511136ea3c5a - -NOTE: Docker will warn you if any containers exist that are using these untagged images. - -.. _cli_import: - -``import`` ----------- - -:: - - Usage: docker import URL|- [REPOSITORY[:TAG]] - - Create an empty filesystem image and import the contents of the tarball - (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. - -At this time, the URL must start with ``http`` and point to a single -file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a -root filesystem. If you would like to import from a local directory or -archive, you can use the ``-`` parameter to take the data from *stdin*. - -Examples -~~~~~~~~ - -Import from a remote location -............................. - -This will create a new untagged image. - -.. code-block:: bash - - $ sudo docker import http://example.com/exampleimage.tgz - -Import from a local file -........................ - -Import to docker via pipe and *stdin*. - -.. code-block:: bash - - $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new - -Import from a local directory -............................. - -.. code-block:: bash - - $ sudo tar -c . | docker import - exampleimagedir - -Note the ``sudo`` in this example -- you must preserve the ownership of the -files (especially root ownership) during the archiving with tar. If you are not -root (or the sudo command) when you tar, then the ownerships might not get -preserved. - -.. _cli_info: - -``info`` --------- - -:: - - Usage: docker info - - Display system-wide information. - -.. code-block:: bash - - $ sudo docker info - Containers: 292 - Images: 194 - Debug mode (server): false - Debug mode (client): false - Fds: 22 - Goroutines: 67 - LXC Version: 0.9.0 - EventsListeners: 115 - Kernel Version: 3.8.0-33-generic - WARNING: No swap limit support - - -.. _cli_insert: - -``insert`` ----------- - -:: - - Usage: docker insert IMAGE URL PATH - - Insert a file from URL in the IMAGE at PATH - -Use the specified ``IMAGE`` as the parent for a new image which adds a -:ref:`layer ` containing the new file. The ``insert`` command does -not modify the original image, and the new image has the contents of the parent -image, plus the new file. - - -Examples -~~~~~~~~ - -Insert file from GitHub -....................... - -.. code-block:: bash - - $ sudo docker insert 8283e18b24bc https://raw.github.com/metalivedev/django/master/postinstall /tmp/postinstall.sh - 06fd35556d7b - -.. _cli_inspect: - -``inspect`` ------------ - -:: - - Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] - - Return low-level information on a container/image - - -f, --format="": Format the output using the given go template. - -By default, this will render all results in a JSON array. If a format -is specified, the given template will be executed for each result. - -Go's `text/template `_ package -describes all the details of the format. - -Examples -~~~~~~~~ - -Get an instance's IP Address -............................ - -For the most part, you can pick out any field from the JSON in a -fairly straightforward manner. - -.. code-block:: bash - - $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID - -List All Port Bindings -...................... - -One can loop over arrays and maps in the results to produce simple -text output: - -.. code-block:: bash - - $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID - -Find a Specific Port Mapping -............................ - -The ``.Field`` syntax doesn't work when the field name begins with a -number, but the template language's ``index`` function does. The -``.NetworkSettings.Ports`` section contains a map of the internal port -mappings to a list of external address/port objects, so to grab just -the numeric public port, you use ``index`` to find the specific port -map, and then ``index`` 0 contains first object inside of that. Then -we ask for the ``HostPort`` field to get the public address. - -.. code-block:: bash - - $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID - -Get config -.......... - -The ``.Field`` syntax doesn't work when the field contains JSON data, -but the template language's custom ``json`` function does. The ``.config`` -section contains complex json object, so to grab it as JSON, you use ``json`` -to convert config object into JSON - -.. code-block:: bash - - $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID - - -.. _cli_kill: - -``kill`` --------- - -:: - - Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - - Kill a running container (send SIGKILL, or specified signal) - - -s, --signal="KILL": Signal to send to the container - -The main process inside the container will be sent SIGKILL, or any signal specified with option ``--signal``. - -Known Issues (kill) -~~~~~~~~~~~~~~~~~~~ - -* :issue:`197` indicates that ``docker kill`` may leave directories - behind and make it difficult to remove the container. -* :issue:`3844` lxc 1.0.0 beta3 removed ``lcx-kill`` which is used by Docker versions before 0.8.0; - see the issue for a workaround. - -.. _cli_load: - -``load`` --------- - -:: - - Usage: docker load - - Load an image from a tar archive on STDIN - - -i, --input="": Read from a tar archive file, instead of STDIN - -Loads a tarred repository from a file or the standard input stream. -Restores both images and tags. - -.. code-block:: bash - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - $ sudo docker load < busybox.tar - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - $ sudo docker load --input fedora.tar - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - fedora rawhide 0d20aec6529d 7 weeks ago 387 MB - fedora 20 58394af37342 7 weeks ago 385.5 MB - fedora heisenbug 58394af37342 7 weeks ago 385.5 MB - fedora latest 58394af37342 7 weeks ago 385.5 MB - - -.. _cli_login: - -``login`` ---------- - -:: - - Usage: docker login [OPTIONS] [SERVER] - - Register or Login to the docker registry server - - -e, --email="": Email - -p, --password="": Password - -u, --username="": Username - - If you want to login to a private registry you can - specify this by adding the server name. - - example: - docker login localhost:8080 - - -.. _cli_logs: - -``logs`` --------- - -:: - - Usage: docker logs [OPTIONS] CONTAINER - - Fetch the logs of a container - - -f, --follow=false: Follow log output - -The ``docker logs`` command is a convenience which batch-retrieves whatever -logs are present at the time of execution. This does not guarantee execution -order when combined with a ``docker run`` (i.e. your run may not have generated -any logs at the time you execute ``docker logs``). - -The ``docker logs --follow`` command combines ``docker logs`` and ``docker attach``: -it will first return all logs from the beginning and then continue streaming -new output from the container's stdout and stderr. - - -.. _cli_port: - -``port`` --------- - -:: - - Usage: docker port [OPTIONS] CONTAINER PRIVATE_PORT - - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT - - -.. _cli_ps: - -``ps`` ------- - -:: - - Usage: docker ps [OPTIONS] - - List containers - - -a, --all=false: Show all containers. Only running containers are shown by default. - --before="": Show only container created before Id or Name, include non-running ones. - -l, --latest=false: Show only the latest created container, include non-running ones. - -n=-1: Show n last created containers, include non-running ones. - --no-trunc=false: Don't truncate output - -q, --quiet=false: Only display numeric IDs - -s, --size=false: Display sizes, not to be used with -q - --since="": Show only containers created since Id or Name, include non-running ones. - - -Running ``docker ps`` showing 2 linked containers. - -.. code-block:: bash - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db - fd2645e2e2b5 busybox:latest top 10 days ago Ghost insane_ptolemy - -The last container is marked as a ``Ghost`` container. It is a container that was running when the docker daemon was restarted (upgraded, or ``-H`` settings changed). The container is still running, but as this docker daemon process is not able to manage it, you can't attach to it. To bring them out of ``Ghost`` Status, you need to use ``docker kill`` or ``docker restart``. - -``docker ps`` will show only running containers by default. To see all containers: ``docker ps -a`` - -.. _cli_pull: - -``pull`` --------- - -:: - - Usage: docker pull NAME - - Pull an image or a repository from the registry - - -t, --tag="": Download tagged image in repository - - -.. _cli_push: - -``push`` --------- - -:: - - Usage: docker push NAME - - Push an image or a repository to the registry - - -.. _cli_restart: - -``restart`` ------------ - -:: - - Usage: docker restart [OPTIONS] NAME - - Restart a running container - - -t, --time=10: Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 - -.. _cli_rm: - -``rm`` ------- - -:: - - Usage: docker rm [OPTIONS] CONTAINER - - Remove one or more containers - -l, --link="": Remove the link instead of the actual container - -f, --force=false: Force removal of running container - -v, --volumes=false: Remove the volumes associated to the container - -Known Issues (rm) -~~~~~~~~~~~~~~~~~ - -* :issue:`197` indicates that ``docker kill`` may leave directories - behind and make it difficult to remove the container. - - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker rm /redis - /redis - - -This will remove the container referenced under the link ``/redis``. - - -.. code-block:: bash - - $ sudo docker rm --link /webapp/redis - /webapp/redis - - -This will remove the underlying link between ``/webapp`` and the ``/redis`` containers removing all -network communication. - -.. code-block:: bash - - $ sudo docker rm `docker ps -a -q` - - -This command will delete all stopped containers. The command ``docker ps -a -q`` will return all -existing container IDs and pass them to the ``rm`` command which will delete them. Any running -containers will not be deleted. - -.. _cli_rmi: - -``rmi`` -------- - -:: - - Usage: docker rmi IMAGE [IMAGE...] - - Remove one or more images - - -f, --force=false: Force - --no-prune=false: Do not delete untagged parents - -Removing tagged images -~~~~~~~~~~~~~~~~~~~~~~ - -Images can be removed either by their short or long ID's, or their image names. -If an image has more than one name, each of them needs to be removed before the -image is removed. - -.. code-block:: bash - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - - $ sudo docker rmi fd484f19954f - Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories - 2013/12/11 05:47:16 Error: failed to remove one or more images - - $ sudo docker rmi test1 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - $ sudo docker rmi test2 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - - $ sudo docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - $ sudo docker rmi test - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 - - -.. _cli_run: - -``run`` -------- - -:: - - Usage: docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - - Run a command in a new container - - -a, --attach=map[]: Attach to stdin, stdout or stderr - -c, --cpu-shares=0: CPU shares (relative weight) - --cidfile="": Write the container ID to the file - -d, --detach=false: Detached mode: Run container in the background, print new container id - -e, --env=[]: Set environment variables - -h, --hostname="": Container host name - -i, --interactive=false: Keep stdin open even if not attached - --privileged=false: Give extended privileges to this container - -m, --memory="": Memory limit (format: , where unit = b, k, m or g) - -n, --networking=true: Enable networking for this container - -p, --publish=[]: Map a network port to the container - --rm=false: Automatically remove the container when it exits (incompatible with -d) - -t, --tty=false: Allocate a pseudo-tty - -u, --user="": Username or UID - --dns=[]: Set custom dns servers for the container - --dns-search=[]: Set custom DNS search domains for the container - -v, --volume=[]: Create a bind mount to a directory or file with: [host-path]:[container-path]:[rw|ro]. If a directory "container-path" is missing, then docker creates a new volume. - --volumes-from="": Mount all volumes from the given container(s) - --entrypoint="": Overwrite the default entrypoint set by the image - -w, --workdir="": Working directory inside the container - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) - --expose=[]: Expose a port from the container without publishing it to your host - --link="": Add link to another container (name:alias) - --name="": Assign the specified name to the container. If no name is specific docker will generate a random name - -P, --publish-all=false: Publish all exposed ports to the host interfaces - -The ``docker run`` command first ``creates`` a writeable container layer over -the specified image, and then ``starts`` it using the specified command. That -is, ``docker run`` is equivalent to the API ``/containers/create`` then -``/containers/(id)/start``. -Once the container is stopped it still exists and can be started back up. See ``docker ps -a`` to view a list of all containers. - -The ``docker run`` command can be used in combination with ``docker commit`` to -:ref:`change the command that a container runs `. - -See :ref:`port_redirection` for more detailed information about the ``--expose``, -``-p``, ``-P`` and ``--link`` parameters, and :ref:`working_with_links_names` for -specific examples using ``--link``. - -Known Issues (run --volumes-from) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -* :issue:`2702`: "lxc-start: Permission denied - failed to mount" - could indicate a permissions problem with AppArmor. Please see the - issue for a workaround. - -Examples: -~~~~~~~~~ - -.. code-block:: bash - - $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" - -This will create a container and print ``test`` to the console. The -``cidfile`` flag makes Docker attempt to create a new file and write the -container ID to it. If the file exists already, Docker will return an -error. Docker will close this file when ``docker run`` exits. - -.. code-block:: bash - - $ sudo docker run -t -i --rm ubuntu bash - root@bc338942ef20:/# mount -t tmpfs none /mnt - mount: permission denied - - -This will *not* work, because by default, most potentially dangerous -kernel capabilities are dropped; including ``cap_sys_admin`` (which is -required to mount filesystems). However, the ``--privileged`` flag will -allow it to run: - -.. code-block:: bash - - $ sudo docker run --privileged ubuntu bash - root@50e3f57e16e6:/# mount -t tmpfs none /mnt - root@50e3f57e16e6:/# df -h - Filesystem Size Used Avail Use% Mounted on - none 1.9G 0 1.9G 0% /mnt - - -The ``--privileged`` flag gives *all* capabilities to the container, -and it also lifts all the limitations enforced by the ``device`` -cgroup controller. In other words, the container can then do almost -everything that the host can do. This flag exists to allow special -use-cases, like running Docker within Docker. - -.. code-block:: bash - - $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd - -The ``-w`` lets the command being executed inside directory given, -here ``/path/to/dir/``. If the path does not exists it is created inside the -container. - -.. code-block:: bash - - $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd - -The ``-v`` flag mounts the current working directory into the container. -The ``-w`` lets the command being executed inside the current -working directory, by changing into the directory to the value -returned by ``pwd``. So this combination executes the command -using the container, but inside the current working directory. - -.. code-block:: bash - - $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash - -When the host directory of a bind-mounted volume doesn't exist, Docker -will automatically create this directory on the host for you. In the -example above, Docker will create the ``/doesnt/exist`` folder before -starting your container. - -.. code-block:: bash - - $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh - -By bind-mounting the docker unix socket and statically linked docker binary -(such as that provided by https://get.docker.io), you give the container -the full access to create and manipulate the host's docker daemon. - -.. code-block:: bash - - $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash - -This binds port ``8080`` of the container to port ``80`` on ``127.0.0.1`` of the -host machine. :ref:`port_redirection` explains in detail how to manipulate ports -in Docker. - -.. code-block:: bash - - $ sudo docker run --expose 80 ubuntu bash - -This exposes port ``80`` of the container for use within a link without -publishing the port to the host system's interfaces. :ref:`port_redirection` -explains in detail how to manipulate ports in Docker. - -.. code-block:: bash - - $ sudo docker run --name console -t -i ubuntu bash - -This will create and run a new container with the container name -being ``console``. - -.. code-block:: bash - - $ sudo docker run --link /redis:redis --name console ubuntu bash - -The ``--link`` flag will link the container named ``/redis`` into the -newly created container with the alias ``redis``. The new container -can access the network and environment of the redis container via -environment variables. The ``--name`` flag will assign the name ``console`` -to the newly created container. - -.. code-block:: bash - - $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd - -The ``--volumes-from`` flag mounts all the defined volumes from the -referenced containers. Containers can be specified by a comma separated -list or by repetitions of the ``--volumes-from`` argument. The container -ID may be optionally suffixed with ``:ro`` or ``:rw`` to mount the volumes in -read-only or read-write mode, respectively. By default, the volumes are mounted -in the same mode (read write or read only) as the reference container. - -A complete example -.................. - -.. code-block:: bash - - $ sudo docker run -d --name static static-web-files sh - $ sudo docker run -d --expose=8098 --name riak riakserver - $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver - $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver - $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log - -This example shows 5 containers that might be set up to test a web application change: - -1. Start a pre-prepared volume image ``static-web-files`` (in the background) that has CSS, image and static HTML in it, (with a ``VOLUME`` instruction in the ``Dockerfile`` to allow the web server to use those files); -2. Start a pre-prepared ``riakserver`` image, give the container name ``riak`` and expose port ``8098`` to any containers that link to it; -3. Start the ``appserver`` image, restricting its memory usage to 100MB, setting two environment variables ``DEVELOPMENT`` and ``BRANCH`` and bind-mounting the current directory (``$(pwd)``) in the container in read-only mode as ``/app/bin``; -4. Start the ``webserver``, mapping port ``443`` in the container to port ``1443`` on the Docker server, setting the DNS server to ``dns.dev.org`` and DNS search domain to ``dev.org``, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the ``static`` container, and linking to all exposed ports from ``riak`` and ``app``. Lastly, we set the hostname to ``web.sven.dev.org`` so its consistent with the pre-generated SSL certificate; -5. Finally, we create a container that runs ``tail -f access.log`` using the logs volume from the ``web`` container, setting the workdir to ``/var/log/httpd``. The ``--rm`` option means that when the container exits, the container's layer is removed. - - -.. _cli_save: - -``save`` ---------- - -:: - - Usage: docker save IMAGE - - Save an image to a tar archive (streamed to stdout by default) - - -o, --output="": Write to an file, instead of STDOUT - - -Produces a tarred repository to the standard output stream. -Contains all parent layers, and all tags + versions, or specified repo:tag. - -.. code-block:: bash - - $ sudo docker save busybox > busybox.tar - $ ls -sh b.tar - 2.7M b.tar - $ sudo docker save --output busybox.tar busybox - $ ls -sh b.tar - 2.7M b.tar - $ sudo docker save -o fedora-all.tar fedora - $ sudo docker save -o fedora-latest.tar fedora:latest - - -.. _cli_search: - -``search`` ----------- - -:: - - Usage: docker search TERM - - Search the docker index for images - - --no-trunc=false: Don't truncate output - -s, --stars=0: Only displays with at least xxx stars - -t, --trusted=false: Only show trusted builds - -.. _cli_start: - -``start`` ---------- - -:: - - Usage: docker start [OPTIONS] CONTAINER - - Start a stopped container - - -a, --attach=false: Attach container's stdout/stderr and forward all signals to the process - -i, --interactive=false: Attach container's stdin - -.. _cli_stop: - -``stop`` --------- - -:: - - Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - - Stop a running container (Send SIGTERM, and then SIGKILL after grace period) - - -t, --time=10: Number of seconds to wait for the container to stop before killing it. - -The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL - -.. _cli_tag: - -``tag`` -------- - -:: - - Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] - - Tag an image into a repository - - -f, --force=false: Force - -.. _cli_top: - -``top`` -------- - -:: - - Usage: docker top CONTAINER [ps OPTIONS] - - Lookup the running processes of a container - -.. _cli_version: - -``version`` ------------ - -Show the version of the Docker client, daemon, and latest released version. - - -.. _cli_wait: - -``wait`` --------- - -:: - - Usage: docker wait [OPTIONS] NAME - - Block until a container stops, then print its exit code. From 601a4809db58f57e141b7ed0a388f15be34ec952 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Wed, 21 May 2014 18:44:31 -0400 Subject: [PATCH 0175/2538] filters: change untagged to dangling Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0c3623f9e2..829f13b9a6 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -440,7 +440,7 @@ To see how the `docker:latest` image was built: List images -a, --all=false Show all images (by default filter out the intermediate image layers) - -f, --filter=[]: Provide filter values (i.e. 'tagged=false') + -f, --filter=[]: Provide filter values (i.e. 'dangling=true') --no-trunc=false Don't truncate output -q, --quiet=false Only show numeric IDs @@ -486,11 +486,11 @@ The filtering flag (-f or --filter) format is of "key=value". If there are more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) Current filters: - * untagged (boolean - true or false) + * dangling (boolean - true or false) #### untagged images - $ sudo docker images --filter "untagged=true" + $ sudo docker images --filter "dangling=true" REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 8abc22fbb042 4 weeks ago 0 B @@ -508,7 +508,7 @@ By having this flag it allows for batch cleanup. Ready for use by `docker rmi ...`, like: - $ sudo docker rmi $(sudo docker images -f "untagged=true" -q) + $ sudo docker rmi $(sudo docker images -f "dangling=true" -q) 8abc22fbb042 48e5f45168b9 From 99e2e8c292d3f340d564ae8bd977bd7297800b55 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Mon, 2 Jun 2014 14:48:58 -0400 Subject: [PATCH 0176/2538] Changed all references from Trusted Builds to Automated Builds * Updated docker images output * Deprecated docker images -t/--trusted option and replace with --automated * Changed *trusted variables to *automated * Changed added support for is_automated alongside deprecated is_trusted * Updated man pages, docs and completion * Updated API documentation Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- contrib/completion/bash/docker | 2 +- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index e6a191d32b..e2ddd2accf 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -539,7 +539,7 @@ _docker_search() case "$cur" in -*) - COMPREPLY=( $( compgen -W "--no-trunc -t --trusted -s --stars" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--no-trunc --automated -s --stars" -- "$cur" ) ) ;; *) ;; diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 7ea478d051..a7fd52e312 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -229,7 +229,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image in the docker index' complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least xxx stars' -complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s t -l trusted -d 'Only show trusted builds' +complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l automated -d 'Only show automated builds' # start complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a stopped container' diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 829f13b9a6..faa9e2809d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1124,7 +1124,7 @@ Search [Docker.io](https://index.docker.io) for images --no-trunc=false Don't truncate output -s, --stars=0 Only displays with at least xxx stars - -t, --trusted=false Only show trusted builds + --automated=false Only show automated builds See [*Find Public Images on Docker.io*]( /userguide/dockerrepos/#find-public-images-on-dockerio) for From 6fa11050515d022301c607371908d6301bb0b050 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Wed, 4 Jun 2014 05:44:20 +1000 Subject: [PATCH 0177/2538] IANA allocated Docker port: 2375 2375/2376 are assigned: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker For #1440 Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index faa9e2809d..eee59fd6eb 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -103,9 +103,9 @@ To use lxc as the execution driver, use `docker -d -e lxc`. The docker client will also honor the `DOCKER_HOST` environment variable to set the `-H` flag for the client. - $ docker -H tcp://0.0.0.0:4243 ps + $ docker -H tcp://0.0.0.0:2375 ps # or - $ export DOCKER_HOST="tcp://0.0.0.0:4243" + $ export DOCKER_HOST="tcp://0.0.0.0:2375" $ docker ps # both are equal From 47f850e55072355aec9e54a14a216c6fc928cd07 Mon Sep 17 00:00:00 2001 From: FLGMwt Date: Wed, 28 May 2014 11:59:29 -0500 Subject: [PATCH 0178/2538] Change 'Uploading context' wording Docker-DCO-1.1-Signed-off-by: Ryan Stelly (github: FLGMwt) --- docs/sources/reference/builder.md | 2 +- docs/sources/reference/commandline/cli.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 10973665b1..4e92ae7f64 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -23,7 +23,7 @@ Then call `docker build` with the path of you source repository as argument The path to the source repository defines where to find the *context* of the build. The build is run by the Docker daemon, not by the CLI, so the whole context must be transferred to the daemon. The Docker CLI reports -"Uploading context" when the context is sent to the daemon. +"Sending build context to Docker daemon" when the context is sent to the daemon. You can specify a repository and tag at which to save the new image if the build succeeds: diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index eee59fd6eb..16190ab1de 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -259,7 +259,7 @@ happens at the client side (where you're running The transfer of context from the local machine to the Docker daemon is what the `docker` client means when you see the -"Uploading context" message. +"Sending build context" message. If you wish to keep the intermediate containers after the build is complete, you must use `--rm=false`. This does not From 1b06f322c59982bb6c05bb05bf53ced96d47c61f Mon Sep 17 00:00:00 2001 From: Chris Snow Date: Wed, 4 Jun 2014 08:08:44 +0100 Subject: [PATCH 0179/2538] Update builder.md --- docs/sources/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 4e92ae7f64..c8af26c5db 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -154,7 +154,7 @@ have changed. This will also invalidate the cache for `RUN` instructions. CMD has three forms: -- `CMD ["executable","param1","param2"]` (like an *exec*, preferred form) +- `CMD ["executable","param1","param2"]` (like an *exec*, this is the preferred form) - `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*) - `CMD command param1 param2` (as a *shell*) From faffc555abf24ba4e044aad3da06182b27c1347a Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sun, 1 Jun 2014 16:48:04 -0400 Subject: [PATCH 0180/2538] Initial links for Docker Hub rename Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/commandline/cli.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 16190ab1de..308e7d35df 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -739,9 +739,9 @@ Running `docker ps` showing 2 linked containers. Pull an image or a repository from the registry Most of your images will be created on top of a base image from the -[Docker.io](https://index.docker.io) registry. +[Docker Hub](https://hub.docker.com) registry. -[Docker.io](https://index.docker.io) contains many pre-built images that you +[Docker Hub](https://hub.docker.com) contains many pre-built images that you can `pull` and try without needing to define and configure your own. To download a particular image, or set of images (i.e., a repository), @@ -760,7 +760,7 @@ use `docker pull`: Push an image or a repository to the registry -Use `docker push` to share your images to the [Docker.io](https://index.docker.io) +Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) registry or to a self-hosted one. ## restart @@ -1116,7 +1116,7 @@ It is used to create a backup that can then be used with ## search -Search [Docker.io](https://index.docker.io) for images +Search [Docker Hub](https://hub.docker.com) for images Usage: docker search TERM @@ -1126,9 +1126,9 @@ Search [Docker.io](https://index.docker.io) for images -s, --stars=0 Only displays with at least xxx stars --automated=false Only show automated builds -See [*Find Public Images on Docker.io*]( -/userguide/dockerrepos/#find-public-images-on-dockerio) for -more details on finding shared images from the commandline. +See [*Find Public Images on Docker Hub*]( +/userguide/dockerrepos/#find-public-images-on-docker-hub) for +more details on finding shared images from the command line. ## start From 52488445a592cb459cff2e77a7a7b4e031612b7e Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Thu, 5 Jun 2014 14:52:06 -0700 Subject: [PATCH 0181/2538] Revert "Initial links for Docker Hub rename" This reverts commit 2819677c215bd409b4ce4da51f0ddfb303760796. Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/commandline/cli.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 308e7d35df..16190ab1de 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -739,9 +739,9 @@ Running `docker ps` showing 2 linked containers. Pull an image or a repository from the registry Most of your images will be created on top of a base image from the -[Docker Hub](https://hub.docker.com) registry. +[Docker.io](https://index.docker.io) registry. -[Docker Hub](https://hub.docker.com) contains many pre-built images that you +[Docker.io](https://index.docker.io) contains many pre-built images that you can `pull` and try without needing to define and configure your own. To download a particular image, or set of images (i.e., a repository), @@ -760,7 +760,7 @@ use `docker pull`: Push an image or a repository to the registry -Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) +Use `docker push` to share your images to the [Docker.io](https://index.docker.io) registry or to a self-hosted one. ## restart @@ -1116,7 +1116,7 @@ It is used to create a backup that can then be used with ## search -Search [Docker Hub](https://hub.docker.com) for images +Search [Docker.io](https://index.docker.io) for images Usage: docker search TERM @@ -1126,9 +1126,9 @@ Search [Docker Hub](https://hub.docker.com) for images -s, --stars=0 Only displays with at least xxx stars --automated=false Only show automated builds -See [*Find Public Images on Docker Hub*]( -/userguide/dockerrepos/#find-public-images-on-docker-hub) for -more details on finding shared images from the command line. +See [*Find Public Images on Docker.io*]( +/userguide/dockerrepos/#find-public-images-on-dockerio) for +more details on finding shared images from the commandline. ## start From 8fc62f6ec341fda4adffd6e87d545b87d982c565 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 5 Jun 2014 15:08:54 -0400 Subject: [PATCH 0182/2538] Clarify effect of docker start on started container in CLI docs This behavior changed from v0.9 to v0.10, so document it to prevent any confusion. Docker-DCO-1.1-Signed-off-by: Matthew Heon (github: mheon) --- docs/sources/reference/commandline/cli.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 16190ab1de..a93906865e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1139,6 +1139,9 @@ more details on finding shared images from the commandline. -a, --attach=false Attach container's stdout/stderr and forward all signals to the process -i, --interactive=false Attach container's stdin +When run on a container that has already been started, +takes no action and succeeds unconditionally. + ## stop Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] From 655fe238c586821ca8a9576b3806f163b55ffc0a Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 5 Jun 2014 10:34:20 +0200 Subject: [PATCH 0183/2538] Add --storage-opt graph driver option and pass through to driver This lets you add storage specific options for the daemon. Docker-DCO-1.1-Signed-off-by: Alexander Larsson (github: alexlarsson) --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a93906865e..add664abe5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -73,6 +73,7 @@ expect an integer, and they can only be specified once. -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file -r, --restart=true Restart previously running containers -s, --storage-driver="" Force the docker runtime to use a specific storage driver + --storage-opt=[] Set storage driver options --selinux-enabled=false Enable selinux support --tls=false Use TLS; implied by tls-verify flags --tlscacert="/home/sven/.docker/ca.pem" Trust only remotes providing a certificate signed by the CA given here From cf6acae39b06e54b628a686ddad00f7bb4d66be4 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sun, 1 Jun 2014 16:48:04 -0400 Subject: [PATCH 0184/2538] Initial links Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/commandline/cli.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index add664abe5..acc590454c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -740,9 +740,9 @@ Running `docker ps` showing 2 linked containers. Pull an image or a repository from the registry Most of your images will be created on top of a base image from the -[Docker.io](https://index.docker.io) registry. +[Docker Hub](https://hub.docker.com) registry. -[Docker.io](https://index.docker.io) contains many pre-built images that you +[Docker Hub](https://hub.docker.com) contains many pre-built images that you can `pull` and try without needing to define and configure your own. To download a particular image, or set of images (i.e., a repository), @@ -761,7 +761,7 @@ use `docker pull`: Push an image or a repository to the registry -Use `docker push` to share your images to the [Docker.io](https://index.docker.io) +Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) registry or to a self-hosted one. ## restart @@ -1117,7 +1117,7 @@ It is used to create a backup that can then be used with ## search -Search [Docker.io](https://index.docker.io) for images +Search [Docker Hub](https://hub.docker.com) for images Usage: docker search TERM @@ -1127,9 +1127,9 @@ Search [Docker.io](https://index.docker.io) for images -s, --stars=0 Only displays with at least xxx stars --automated=false Only show automated builds -See [*Find Public Images on Docker.io*]( -/userguide/dockerrepos/#find-public-images-on-dockerio) for -more details on finding shared images from the commandline. +See [*Find Public Images on Docker Hub*]( +/userguide/dockerrepos/#find-public-images-on-docker-hub) for +more details on finding shared images from the command line. ## start From 1fa4c8b6b04d6da8fd3e4aa2f5cf41fa60e97721 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20L=C3=A1zaro?= Date: Fri, 13 Jun 2014 15:53:42 +0200 Subject: [PATCH 0185/2538] Fix typo --- docs/sources/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index c8af26c5db..6cc67f8a82 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -216,7 +216,7 @@ from the resulting image. You can view the values using `docker inspect`, and change them using `docker run --env =`. > **Note**: -> One example where this can cause unexpected consequenses, is setting +> One example where this can cause unexpected consequences, is setting > `ENV DEBIAN_FRONTEND noninteractive`. Which will persist when the container > is run interactively; for example: `docker run -t -i image bash` From 3ca0eb652b2b84cbaa3a5bc5068886d51ae3003f Mon Sep 17 00:00:00 2001 From: Michael Prokop Date: Sat, 14 Jun 2014 23:13:55 +0200 Subject: [PATCH 0186/2538] Fix several typos Docker-DCO-1.1-Signed-off-by: Michael Prokop (github: mika) --- docs/sources/reference/commandline/cli.md | 4 ++-- docs/sources/reference/run.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index acc590454c..90976d3d19 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -448,7 +448,7 @@ To see how the `docker:latest` image was built: The default `docker images` will show all top level images, their repository and tags, and their virtual size. -Docker images have intermediate layers that increase reuseability, +Docker images have intermediate layers that increase reusability, decrease disk usage, and speed up `docker build` by allowing each step to be cached. These intermediate layers are not shown by default. @@ -873,7 +873,7 @@ removed before the image is removed. 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container 'container:': reuses another container network stack - 'host': use the host network stack inside the contaner + 'host': use the host network stack inside the container -p, --publish=[] Publish a container's port to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort (use 'docker port' to see the actual mapping) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 7d5fcbc51f..665eac0e29 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -137,7 +137,7 @@ PID files): 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container 'container:': reuses another container network stack - 'host': use the host network stack inside the contaner + 'host': use the host network stack inside the container By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking From 3a348dab9b8ecea8b2d379be5f76edff5401c170 Mon Sep 17 00:00:00 2001 From: AJ Bowen Date: Sun, 15 Jun 2014 00:55:24 +0200 Subject: [PATCH 0187/2538] Fix spelling and grammar errors; remove seemingly out-of-place words Docker-DCO-1.1-Signed-off-by: AJ Bowen (github: soulshake) --- docs/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/README.md b/docs/README.md index fa3c501087..d74ec4ee87 100755 --- a/docs/README.md +++ b/docs/README.md @@ -53,12 +53,12 @@ run `mkdocs serve` ## Style guide -The documentation is written with paragraphs wrapped at 80 colum lines to make +The documentation is written with paragraphs wrapped at 80 column lines to make it easier for terminal use. ### Examples -When writing examples give the user hints by making them resemble what they see +When writing examples, give the user hints by making them resemble what they see in their shell: - Indent shell examples by 4 spaces so they get rendered as code. @@ -76,7 +76,7 @@ references them, or in a subdirectory if one already exists. ## Working using GitHub's file editor -Alternatively, for small changes and typos you might want to use GitHub's built +Alternatively, for small changes and typos you might want to use GitHub's built- in file editor. It allows you to preview your changes right on-line (though there can be some differences between GitHub Markdown and [MkDocs Markdown](http://www.mkdocs.org/user-guide/writing-your-docs/)). Just be @@ -85,8 +85,8 @@ work!](../CONTRIBUTING.md#sign-your-work) ## Publishing Documentation -To publish a copy of the documentation you need a `docs/awsconfig` To make life -easier for file containing AWS settings to deploy to. The release script will +To publish a copy of the documentation you need a `docs/awsconfig` +file containing AWS settings to deploy to. The release script will create an s3 if needed, and will then push the files to it. [profile dowideit-docs] aws_access_key_id = IHOIUAHSIDH234rwf.... From 5182afe46e9ad2df8dcb0c24994f76e7e9060510 Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Mon, 16 Jun 2014 06:22:15 -0700 Subject: [PATCH 0188/2538] Guillaume is busy full-time on his new business, and no longer available as a maintainer. Best of luck on your e-commerce business Guillaume, and thanks for all the great contributions! Docker-DCO-1.1-Signed-off-by: Solomon Hykes (github: shykes) --- docs/sources/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 6cc67f8a82..8717eb7bfc 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -468,7 +468,7 @@ For example you might add something like this: # VERSION 0.0.1 FROM ubuntu - MAINTAINER Guillaume J. Charmes + MAINTAINER Victor Vieux # make sure the package repository is up to date RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list From 12be909528e64c8d8db537ac1606248413862ec6 Mon Sep 17 00:00:00 2001 From: Timothy Date: Mon, 16 Jun 2014 13:41:09 +0000 Subject: [PATCH 0189/2538] Document the potential insecurity of --net host Docker-DCO-1.1-Signed-off-by: Timothy (github: https://github.com/timthelion) --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 665eac0e29..5cb050c025 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -152,7 +152,7 @@ Supported networking modes are: * none - no networking in the container * bridge - (default) connect the container to the bridge via veth interfaces -* host - use the host's network stack inside the container +* host - use the host's network stack inside the container. Note: This gives the container full access to local system services such as D-bus and is therefore considered insecure. * container - use another container's network stack #### Mode: none From 45496ca4f1a429aedc3df1131fbdd001fd3cb947 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Mon, 9 Jun 2014 11:27:08 -0400 Subject: [PATCH 0190/2538] Updated CLI documentation for docker pull with notes on specifying URL Docker-DCO-1.1-Signed-off-by: Matthew Heon (github: mheon) --- docs/sources/reference/commandline/cli.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 90976d3d19..b9a69d251d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -735,7 +735,7 @@ Running `docker ps` showing 2 linked containers. ## pull - Usage: docker pull NAME[:TAG] + Usage: docker pull [REGISTRY_PATH/]NAME[:TAG] Pull an image or a repository from the registry @@ -745,6 +745,11 @@ Most of your images will be created on top of a base image from the [Docker Hub](https://hub.docker.com) contains many pre-built images that you can `pull` and try without needing to define and configure your own. +It is also possible to manually specify the path of a registry to pull from. +For example, if you have set up a local registry, you can specify its path to +pull from it. A repository path is similar to a URL, but does not contain +a protocol specifier (https://, for example). + To download a particular image, or set of images (i.e., a repository), use `docker pull`: @@ -752,8 +757,11 @@ use `docker pull`: # will pull all the images in the debian repository $ docker pull debian:testing # will pull only the image named debian:testing and any intermediate layers - # it is based on. (typically the empty `scratch` image, a MAINTAINERs layer, - # and the un-tared base. + # it is based on. (Typically the empty `scratch` image, a MAINTAINERs layer, + # and the un-tarred base). + $ docker pull registry.hub.docker.com/debian + # manually specifies the path to the default Docker registry. This could + # be replaced with the path to a local registry to pull from another source. ## push From 2f908862e3198b515c7517954edbf28bb384ca25 Mon Sep 17 00:00:00 2001 From: Jan Pazdziora Date: Tue, 17 Jun 2014 09:40:46 +0200 Subject: [PATCH 0191/2538] The docker run --dns does not resolve hostname and having hostname in resolv.conf does not work. Docker-DCO-1.1-Signed-off-by: Jan Pazdziora (github: adelton) --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b9a69d251d..e496ce425f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1074,7 +1074,7 @@ retrieve the container's ID once the container has finished running. $ sudo docker run -d --name static static-web-files sh $ sudo docker run -d --expose=8098 --name riak riakserver $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver - $ sudo docker run -d -p 1443:443 --dns=dns.dev.org --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver + $ sudo docker run -d -p 1443:443 --dns=10.0.0.1 --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log This example shows 5 containers that might be set up to test a web @@ -1089,7 +1089,7 @@ application change: two environment variables `DEVELOPMENT` and `BRANCH` and bind-mounting the current directory (`$(pwd)`) in the container in read-only mode as `/app/bin`; 4. Start the `webserver`, mapping port `443` in the container to port `1443` on - the Docker server, setting the DNS server to `dns.dev.org` and DNS search + the Docker server, setting the DNS server to `10.0.0.1` and DNS search domain to `dev.org`, creating a volume to put the log files into (so we can access it from another container), then importing the files from the volume exposed by the `static` container, and linking to all exposed ports from From a34d4967386758ccd81ac4b1d6490d6b6272ec61 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 18 Jun 2014 23:13:54 +0000 Subject: [PATCH 0192/2538] cleanup all mentions of insert Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- contrib/completion/bash/docker | 8 -------- contrib/completion/fish/docker.fish | 4 ---- contrib/completion/zsh/_docker | 5 ----- 3 files changed, 17 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index e2ddd2accf..beaaff3a40 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -309,14 +309,6 @@ _docker_info() return } -_docker_insert() -{ - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags_and_ids - fi -} - _docker_inspect() { case "$prev" in diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index a7fd52e312..00255bc0ae 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -120,10 +120,6 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -a import -d 'Create a ne # info complete -c docker -f -n '__fish_docker_no_subcommand' -a info -d 'Display system-wide information' -# insert -complete -c docker -f -n '__fish_docker_no_subcommand' -a insert -d 'Insert a file in an image' -complete -c docker -A -f -n '__fish_seen_subcommand_from insert' -a '(__fish_print_docker_images)' -d "Image" - # inspect complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container' complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a379fd40f8..4578d1eda7 100755 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -139,11 +139,6 @@ __docker_subcommand () { (history) _arguments ':images:__docker_images' ;; - (insert) - _arguments '1:containers:__docker_containers' \ - '2:URL:(http:// file://)' \ - '3:file:_files' - ;; (kill) _arguments '*:containers:__docker_runningcontainers' ;; From 352a67bfd44e249937ab991378968048d2e63b91 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Sat, 14 Jun 2014 02:22:35 -0600 Subject: [PATCH 0193/2538] Fix mode on contrib/completion/zsh/_docker (-x) ZSH completion scripts aren't supposed to be executable - they're sourced by ZSH and aren't run directly. Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- contrib/completion/zsh/_docker | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 contrib/completion/zsh/_docker diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker old mode 100755 new mode 100644 From f66535d6186f67051ad881c50abc6489328268db Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 19 Jun 2014 10:11:32 -0600 Subject: [PATCH 0194/2538] Update bash-completion to reflect ability to push single tags Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- contrib/completion/bash/docker | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index beaaff3a40..f75b85ca8c 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -385,7 +385,7 @@ _docker_ps() { case "$prev" in --since|--before) - __docker_containers_all + __docker_containers_all ;; -n) return @@ -430,9 +430,7 @@ _docker_push() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_image_repos - # TODO replace this with __docker_image_repos_and_tags - # see https://github.com/dotcloud/docker/issues/3411 + __docker_image_repos_and_tags fi } From 0e185f84fb266dac43c4f5992e11f29760873c56 Mon Sep 17 00:00:00 2001 From: Paul Weaver Date: Fri, 20 Jun 2014 22:18:37 +0100 Subject: [PATCH 0195/2538] Fix minor typo and improve wording --- docs/sources/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 8717eb7bfc..a10cac00ea 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -15,7 +15,7 @@ To [*build*](../commandline/cli/#cli-build) an image from a source repository, create a description file called Dockerfile at the root of your repository. This file will describe the steps to assemble the image. -Then call `docker build` with the path of you source repository as argument +Then call `docker build` with the path of your source repository as the argument (for example, `.`): $ sudo docker build . From 983c74aced5150950c031081999a3a81f5919ab0 Mon Sep 17 00:00:00 2001 From: Paul Weaver Date: Fri, 20 Jun 2014 22:36:31 +0100 Subject: [PATCH 0196/2538] Clean up some uses on 'an' in builder docs --- docs/sources/reference/builder.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index a10cac00ea..82b91a5b41 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -239,13 +239,13 @@ In the case where `` is a remote file URL, the destination will have permis > **Note**: > If you build using STDIN (`docker build - < somefile`), there is no -> build context, so the Dockerfile can only contain an URL based ADD +> build context, so the Dockerfile can only contain a URL based ADD > statement. > **Note**: > If your URL files are protected using authentication, you will need to -> use an `RUN wget` , `RUN curl` -> or other tool from within the container as ADD does not support +> use `RUN wget` , `RUN curl` +> or use another tool from within the container as ADD does not support > authentication. The copy obeys the following rules: From faeae5d7b7afb2bd50ed528772260278f4526be3 Mon Sep 17 00:00:00 2001 From: David Gageot Date: Thu, 19 Jun 2014 11:25:14 +0200 Subject: [PATCH 0197/2538] Fix flag names --- docs/sources/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 5cb050c025..b379f24c0b 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -103,7 +103,7 @@ interactive cases. ## Container Identification -### Name (–name) +### Name (–-name) The operator can identify a container in three ways: @@ -190,7 +190,7 @@ localhost interface. $ # use the redis container's network stack to access localhost $ docker run --rm -ti --net container:redis example/redis-cli -h 127.0.0.1 -## Clean Up (–rm) +## Clean Up (–-rm) By default a container's file system persists even after the container exits. This makes debugging a lot easier (since you can inspect the From 6cc9c5bd42d45466a340c130547b7c53147e7e8b Mon Sep 17 00:00:00 2001 From: Jonathan Boulle Date: Thu, 19 Jun 2014 01:29:40 -0700 Subject: [PATCH 0198/2538] be consistent in capitalization of Docker Docker-DCO-1.1-Signed-off-by: Jonathan Boulle (github: jonboulle) --- docs/sources/reference/commandline/cli.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e496ce425f..b92eeb3fbc 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -58,10 +58,10 @@ expect an integer, and they can only be specified once. -D, --debug=false Enable debug mode --dns=[] Force docker to use specific DNS servers --dns-search=[] Force Docker to use specific DNS search domains - -e, --exec-driver="native" Force the docker runtime to use a specific exec driver + -e, --exec-driver="native" Force the Docker runtime to use a specific exec driver -G, --group="docker" Group to assign the unix socket specified by -H when running in daemon mode use '' (the empty string) to disable setting of a group - -g, --graph="/var/lib/docker" Path to use as the root of the docker runtime + -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime -H, --host=[] The socket(s) to bind to in daemon mode specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --icc=true Enable inter-container communication @@ -72,7 +72,7 @@ expect an integer, and they can only be specified once. if no value is provided: default to the default route MTU or 1500 if no default route is available -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file -r, --restart=true Restart previously running containers - -s, --storage-driver="" Force the docker runtime to use a specific storage driver + -s, --storage-driver="" Force the Docker runtime to use a specific storage driver --storage-opt=[] Set storage driver options --selinux-enabled=false Enable selinux support --tls=false Use TLS; implied by tls-verify flags From 56b7c20e46df18b803a32ccb81e875778ac87725 Mon Sep 17 00:00:00 2001 From: Johan Euphrosine Date: Fri, 9 May 2014 15:26:41 -0700 Subject: [PATCH 0199/2538] api/client/build: allow tar as context for docker build - Docker-DCO-1.1-Signed-off-by: Johan Euphrosine (github: proppy) --- docs/sources/reference/builder.md | 13 +++++++++---- docs/sources/reference/commandline/cli.md | 11 ++++++++--- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 82b91a5b41..cf729664e2 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -238,10 +238,15 @@ All new files and directories are created with a uid and gid of 0. In the case where `` is a remote file URL, the destination will have permissions 600. > **Note**: -> If you build using STDIN (`docker build - < somefile`), there is no -> build context, so the Dockerfile can only contain a URL based ADD -> statement. +> If you build by passing a Dockerfile through STDIN (`docker build - < somefile`), +> there is no build context, so the Dockerfile can only contain a URL +> based ADD statement. +> You can also pass a compressed archive through STDIN: +> (`docker build - < archive.tar.gz`), the `Dockerfile` at the root of +> the archive and the rest of the archive will get used at the context +> of the build. +> > **Note**: > If your URL files are protected using authentication, you will need to > use `RUN wget` , `RUN curl` @@ -361,7 +366,7 @@ execute in `/bin/sh -c`: FROM ubuntu ENTRYPOINT wc -l - -For example, that Dockerfile's image will *always* take stdin as input +For example, that Dockerfile's image will *always* take STDIN as input ("-") and print the number of lines ("-l"). If you wanted to make this optional but default, you could use a CMD: diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b92eeb3fbc..3437464cbb 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -274,12 +274,17 @@ and the tag will be `2.0` $ sudo docker build - < Dockerfile -This will read a Dockerfile from *stdin* without +This will read a Dockerfile from STDIN without context. Due to the lack of a context, no contents of any local directory will be sent to the `docker` daemon. Since there is no context, a Dockerfile `ADD` only works if it refers to a remote URL. + $ sudo docker build - < context.tar.gz + +This will build an image for a compressed context read from STDIN. +Supported formats are: bzip2, gzip and xz. + $ sudo docker build github.com/creack/docker-firefox This will clone the GitHub repository and use the cloned repository as @@ -531,7 +536,7 @@ URLs must start with `http` and point to a single file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a root filesystem. If you would like to import from a local directory or archive, you can use the `-` parameter to take the -data from *stdin*. +data from STDIN. ### Examples @@ -543,7 +548,7 @@ This will create a new untagged image. **Import from a local file:** -Import to docker via pipe and *stdin*. +Import to docker via pipe and STDIN. $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new From acbbeb39de189ff9625780308fccf16dfcc20678 Mon Sep 17 00:00:00 2001 From: Jezeniel Zapanta Date: Tue, 24 Jun 2014 03:26:22 +0800 Subject: [PATCH 0200/2538] Fix typo in the docs. Fix a minor typographical error inside `run.md`. --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index b379f24c0b..80429d7e2e 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -351,7 +351,7 @@ indicate which interface and port to use. The operator can **set any environment variable** in the container by using one or more `-e` flags, even overriding those already defined by the developer with -a Dockefile `ENV`: +a Dockerfile `ENV`: $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export declare -x HOME="/" From 6c8a3f798b7c9c272db7c1db5533437e93f20414 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Sat, 26 Apr 2014 20:22:05 +1000 Subject: [PATCH 0201/2538] Add Sockets (-H) list to `docker -D info`. This will allow us to _know_ what the user's -H settings are, which may be useful for debugging later. Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 31 +++++++++++++---------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 3437464cbb..47dd0a992d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -563,25 +563,30 @@ tar, then the ownerships might not get preserved. ## info - Usage: docker info - Display system-wide information + Usage: docker info For example: - $ sudo docker info - Containers: 292 - Images: 194 + $ sudo docker -D info + Containers: 16 + Images: 2138 + Storage Driver: btrfs + Execution Driver: native-0.1 + Kernel Version: 3.12.0-1-amd64 Debug mode (server): false - Debug mode (client): false - Fds: 22 - Goroutines: 67 - LXC Version: 0.9.0 - EventsListeners: 115 - Kernel Version: 3.8.0-33-generic - WARNING: No swap limit support + Debug mode (client): true + Fds: 16 + Goroutines: 104 + EventsListeners: 0 + Init Path: /usr/bin/docker + Sockets: [unix:///var/run/docker.sock tcp://0.0.0.0:4243] + Username: svendowideit + Registry: [https://index.docker.io/v1/] -When sending issue reports, please use `docker version` and `docker info` to +The global `-D` option tells all `docker` comands to output debug information. + +When sending issue reports, please use `docker version` and `docker -D info` to ensure we know how your setup is configured. ## inspect From fe1e15dad4f90170c369e9800427418cb6dc2726 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 25 Jun 2014 16:50:35 -0700 Subject: [PATCH 0202/2538] Add the missing paren to the documentation for docker commit too Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 47dd0a992d..1b67b216f4 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -306,7 +306,7 @@ schema. Create a new image from a container's changes - -a, --author="" Author (eg. "John Hannibal Smith " + -a, --author="" Author (eg. "John Hannibal Smith ") -m, --message="" Commit message It can be useful to commit a container's file changes or settings into a From 742b229408a7aee14265249cd6f0b7f67f0d6e70 Mon Sep 17 00:00:00 2001 From: "O.S. Tezer" Date: Sun, 22 Jun 2014 22:15:26 -0700 Subject: [PATCH 0203/2538] Anglicanisms: Grammatical correction (pos. adj. apost.) Docker-DCO-1.1-Signed-off-by: O.S. Tezer (github: ostezer) --- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 00255bc0ae..a1eac31df7 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -85,7 +85,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Conf complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" # cp -complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d 'Copy files/folders from the containers filesystem to the host path' +complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d 'Copy files/folders from a container's filesystem to the host path' # diff complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem" diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1b67b216f4..600a89b68a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -329,7 +329,7 @@ maintainable way. ## cp -Copy files/folders from the containers filesystem to the host +Copy files/folders from a container's filesystem to the host path. Paths are relative to the root of the filesystem. Usage: docker cp CONTAINER:PATH HOSTPATH From a744ade2a8ce0daa6431fd6ed111701f42cee0a7 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 25 Jun 2014 22:12:25 -0600 Subject: [PATCH 0204/2538] Add bash completion for "docker rm -f" and complete on all containers instead of just stopped containers when "-f" is specified Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- contrib/completion/bash/docker | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f75b85ca8c..89395560f9 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -458,10 +458,21 @@ _docker_rm() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-v --volumes -l --link" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-f --force -l --link -v --volumes" -- "$cur" ) ) + return ;; *) + local force= + for arg in "${COMP_WORDS[@]}"; do + case "$arg" in + -f|--force) + __docker_containers_all + return + ;; + esac + done __docker_containers_stopped + return ;; esac } From ebb9d58225d44a4ee348b14a71e6b4e12656146d Mon Sep 17 00:00:00 2001 From: Travis Cline Date: Sat, 15 Feb 2014 10:38:48 -0800 Subject: [PATCH 0205/2538] Add .dockerignore support Fixes #2224 Docker-DCO-1.1-Signed-off-by: Travis Cline (github: tmc) --- docs/sources/reference/commandline/cli.md | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 600a89b68a..cb5d39d93a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -215,6 +215,12 @@ temporary directory on your local host, and then this is sent to the Docker daemon as the context. This way, your local user credentials and vpn's etc can be used to access private repositories. +If a file named ``.dockerignore`` exists in the root of ``PATH`` then it is +interpreted as a newline-separated list of exclusion patterns. Exclusion +patterns match files or directories relative to ``PATH`` that will be excluded +from the context. Globbing is done using Go's +[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. + See also: [*Dockerfile Reference*](/reference/builder/#dockerbuilder). @@ -266,6 +272,30 @@ If you wish to keep the intermediate containers after the build is complete, you must use `--rm=false`. This does not affect the build cache. + $ docker build . + Uploading context 18.829 MB + Uploading context + Step 0 : FROM busybox + ---> 769b9341d937 + Step 1 : CMD echo Hello World + ---> Using cache + ---> 99cc1ad10469 + Successfully built 99cc1ad10469 + $ echo ".git" > .dockerignore + $ docker build . + Uploading context 6.76 MB + Uploading context + Step 0 : FROM busybox + ---> 769b9341d937 + Step 1 : CMD echo Hello World + ---> Using cache + ---> 99cc1ad10469 + Successfully built 99cc1ad10469 + +This example shows the use of the ``.dockerignore`` file to exclude the ``.git`` +directory the context. Its effect can be seen in the changed size of the +uploaded context. + $ sudo docker build -t vieux/apache:2.0 . This will build like the previous example, but it will then tag the From 382814d8d84b13255e65bcf1f5a8241260addb5d Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 19 Jun 2014 08:57:01 -0400 Subject: [PATCH 0206/2538] Update documentation noting that SIGCHLD is not proxied. Docker's --sig-proxy option sends all signals but one to a container. The exception s SIGCHLD, which is deliberately ignored as it doesn't make sense to send such a signal to a process in a container. Documentation updates will make this less confusing if anyone does attempt to do this. Docker-DCO-1.1-Signed-off-by: Matt Heon (github: mheon) --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index cb5d39d93a..6335ecdb28 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -135,7 +135,7 @@ like this: Attach to a running container --no-stdin=false Do not attach stdin - --sig-proxy=true Proxify all received signal to the process (even in non-tty mode) + --sig-proxy=true Proxify received signals to the process (even in non-tty mode). SIGCHLD is not proxied. The `attach` command will allow you to view or interact with any running container, detached (`-d`) @@ -928,7 +928,7 @@ removed before the image is removed. -P, --publish-all=false Publish all exposed ports to the host interfaces --privileged=false Give extended privileges to this container --rm=false Automatically remove the container when it exits (incompatible with -d) - --sig-proxy=true Proxify all received signal to the process (even in non-tty mode) + --sig-proxy=true Proxify received signals to the process (even in non-tty mode). SIGCHLD is not proxied. -t, --tty=false Allocate a pseudo-tty -u, --user="" Username or UID -v, --volume=[] Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) From dce7a15edab30cdaced43197b9b09cb8c6f76d7f Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sun, 29 Jun 2014 22:25:12 -0400 Subject: [PATCH 0207/2538] Formatting and consistency fixes to CLI and RUN references * Removed double backticks. * Reformatted paragraphs. * Fixed consistent STDOUT/STDIN/STDERR references. * Fixed several broken URLs. * Fixed backtick mismatches. Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/commandline/cli.md | 78 ++++---- docs/sources/reference/run.md | 223 +++++++++++----------- 2 files changed, 151 insertions(+), 150 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6335ecdb28..15640cff17 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -199,26 +199,26 @@ To kill the container, use `docker kill`. --rm=true Remove intermediate containers after a successful build -t, --tag="" Repository name (and optionally a tag) to be applied to the resulting image in case of success -Use this command to build Docker images from a Dockerfile -and a "context". +Use this command to build Docker images from a Dockerfile and a +"context". -The files at `PATH` or `URL` are called the "context" of the build. The build -process may refer to any of the files in the context, for example when using an -[*ADD*](/reference/builder/#dockerfile-add) instruction. When a single Dockerfile is -given as `URL` or is piped through STDIN (`docker build - < Dockerfile`), then -no context is set. +The files at `PATH` or `URL` are called the "context" of the build. The +build process may refer to any of the files in the context, for example +when using an [*ADD*](/reference/builder/#dockerfile-add) instruction. +When a single Dockerfile is given as `URL` or is piped through `STDIN` +(`docker build - < Dockerfile`), then no context is set. -When a Git repository is set as `URL`, then the -repository is used as the context. The Git repository is cloned with its -submodules (git clone –recursive). A fresh git clone occurs in a -temporary directory on your local host, and then this is sent to the -Docker daemon as the context. This way, your local user credentials and -vpn's etc can be used to access private repositories. +When a Git repository is set as `URL`, then the repository is used as +the context. The Git repository is cloned with its submodules (`git +clone -recursive`). A fresh `git clone` occurs in a temporary directory +on your local host, and then this is sent to the Docker daemon as the +context. This way, your local user credentials and VPN's etc can be +used to access private repositories. -If a file named ``.dockerignore`` exists in the root of ``PATH`` then it is -interpreted as a newline-separated list of exclusion patterns. Exclusion -patterns match files or directories relative to ``PATH`` that will be excluded -from the context. Globbing is done using Go's +If a file named `.dockerignore` exists in the root of `PATH` then it +is interpreted as a newline-separated list of exclusion patterns. +Exclusion patterns match files or directories relative to `PATH` that +will be excluded from the context. Globbing is done using Go's [filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. See also: @@ -304,15 +304,14 @@ and the tag will be `2.0` $ sudo docker build - < Dockerfile -This will read a Dockerfile from STDIN without -context. Due to the lack of a context, no contents of any local -directory will be sent to the `docker` daemon. Since -there is no context, a Dockerfile `ADD` -only works if it refers to a remote URL. +This will read a Dockerfile from `STDIN` without context. Due to the +lack of a context, no contents of any local directory will be sent to +the Docker daemon. Since there is no context, a Dockerfile `ADD` only +works if it refers to a remote URL. $ sudo docker build - < context.tar.gz -This will build an image for a compressed context read from STDIN. +This will build an image for a compressed context read from `STDIN`. Supported formats are: bzip2, gzip and xz. $ sudo docker build github.com/creack/docker-firefox @@ -518,7 +517,7 @@ by default. ### Filtering -The filtering flag (-f or --filter) format is of "key=value". If there are more +The filtering flag (`-f` or `--filter`) format is of "key=value". If there are more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) Current filters: @@ -562,11 +561,10 @@ NOTE: Docker will warn you if any containers exist that are using these untagged Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. -URLs must start with `http` and point to a single -file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a -root filesystem. If you would like to import from a local directory or -archive, you can use the `-` parameter to take the -data from STDIN. +URLs must start with `http` and point to a single file archive (.tar, +.tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a root filesystem. If +you would like to import from a local directory or archive, you can use +the `-` parameter to take the data from `STDIN`. ### Examples @@ -578,7 +576,7 @@ This will create a new untagged image. **Import from a local file:** -Import to docker via pipe and STDIN. +Import to docker via pipe and `STDIN`. $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new @@ -681,7 +679,7 @@ contains complex json object, so to grab it as JSON, you use -s, --signal="KILL" Signal to send to the container -The main process inside the container will be sent SIGKILL, or any +The main process inside the container will be sent `SIGKILL`, or any signal specified with option `--signal`. ## load @@ -739,8 +737,8 @@ The `docker logs` command batch-retrieves all logs present at the time of execution. The ``docker logs --follow`` command will first return all logs from the -beginning and then continue streaming new output from the container's stdout -and stderr. +beginning and then continue streaming new output from the container's `STDOUT` +and `STDERR`. ## port @@ -1074,7 +1072,7 @@ This will create and run a new container with the container name being The `--link` flag will link the container named `/redis` into the newly created container with the alias `redis`. The new container can access the -network and environment of the redis container via environment variables. +network and environment of the `redis` container via environment variables. The `--name` flag will assign the name `console` to the newly created container. @@ -1087,19 +1085,19 @@ optionally suffixed with `:ro` or `:rw` to mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted in the same mode (read write or read only) as the reference container. -The `-a` flag tells `docker run` to bind to the container's stdin, stdout or -stderr. This makes it possible to manipulate the output and input as needed. +The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or +`STDERR`. This makes it possible to manipulate the output and input as needed. $ echo "test" | sudo docker run -i -a stdin ubuntu cat - This pipes data into a container and prints the container's ID by attaching -only to the container'sstdin. +only to the container's `STDIN`. $ sudo docker run -a stderr ubuntu echo test -This isn't going to print anything unless there's an error because We've -only attached to the stderr of the container. The container's logs still - store what's been written to stderr and stdout. +This isn't going to print anything unless there's an error because we've +only attached to the `STDERR` of the container. The container's logs +still store what's been written to `STDERR` and `STDOUT`. $ cat somefile | sudo docker run -i -a stdin mybuilder dobuild diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 80429d7e2e..37dba587b6 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -5,13 +5,13 @@ page_keywords: docker, run, configure, runtime # Docker Run Reference **Docker runs processes in isolated containers**. When an operator -executes `docker run`, she starts a process with its -own file system, its own networking, and its own isolated process tree. -The [*Image*](/terms/image/#image-def) which starts the process may -define defaults related to the binary to run, the networking to expose, -and more, but `docker run` gives final control to -the operator who starts the container from the image. That's the main -reason [*run*](/reference/commandline/cli/#cli-run) has more options than any +executes `docker run`, she starts a process with its own file system, +its own networking, and its own isolated process tree. The +[*Image*](/terms/image/#image-def) which starts the process may define +defaults related to the binary to run, the networking to expose, and +more, but `docker run` gives final control to the operator who starts +the container from the image. That's the main reason +[*run*](/reference/commandline/cli/#cli-run) has more options than any other `docker` command. ## General Form @@ -36,10 +36,10 @@ The list of `[OPTIONS]` breaks down into two groups: 2. Setting shared between operators and developers, where operators can override defaults developers set in images at build time. -Together, the `docker run [OPTIONS]` give complete -control over runtime behavior to the operator, allowing them to override -all defaults set by the developer during `docker build` -and nearly all the defaults set by the Docker runtime itself. +Together, the `docker run [OPTIONS]` give complete control over runtime +behavior to the operator, allowing them to override all defaults set by +the developer during `docker build` and nearly all the defaults set by +the Docker runtime itself. ## Operator Exclusive Options @@ -54,10 +54,8 @@ following options. - [PID Equivalent](#pid-equivalent) - [Network Settings](#network-settings) - [Clean Up (--rm)](#clean-up-rm) - - [Runtime Constraints on CPU and - Memory](#runtime-constraints-on-cpu-and-memory) - - [Runtime Privilege and LXC - Configuration](#runtime-privilege-and-lxc-configuration) + - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory) + - [Runtime Privilege and LXC Configuration](#runtime-privilege-and-lxc-configuration) ## Detached vs Foreground @@ -78,28 +76,28 @@ container in the detached mode, then you cannot use the `--rm` option. ### Foreground -In foreground mode (the default when `-d` is not specified), `docker run` -can start the process in the container and attach the console to the process's -standard input, output, and standard error. It can even pretend to be a TTY -(this is what most command line executables expect) and pass along signals. All -of that is configurable: +In foreground mode (the default when `-d` is not specified), `docker +run` can start the process in the container and attach the console to +the process's standard input, output, and standard error. It can even +pretend to be a TTY (this is what most command line executables expect) +and pass along signals. All of that is configurable: - -a=[] : Attach to ``stdin``, ``stdout`` and/or ``stderr`` + -a=[] : Attach to `STDIN`, `STDOUT` and/or `STDERR` -t=false : Allocate a pseudo-tty --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) -i=false : Keep STDIN open even if not attached -If you do not specify `-a` then Docker will [attach everything (stdin,stdout,stderr)]( -https://github.com/dotcloud/docker/blob/ -75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). You can specify to which -of the three standard streams (`stdin`, `stdout`, `stderr`) you'd like to connect -instead, as in: +If you do not specify `-a` then Docker will [attach all standard +streams]( https://github.com/dotcloud/docker/blob/ +75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). You can +specify to which of the three standard streams (`STDIN`, `STDOUT`, +`STDERR`) you'd like to connect instead, as in: $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash -For interactive processes (like a shell) you will typically want a tty as well as -persistent standard input (`stdin`), so you'll use `-i -t` together in most -interactive cases. +For interactive processes (like a shell) you will typically want a tty +as well as persistent standard input (`STDIN`), so you'll use `-i -t` +together in most interactive cases. ## Container Identification @@ -113,19 +111,18 @@ The operator can identify a container in three ways: - Name ("evil_ptolemy") The UUID identifiers come from the Docker daemon, and if you do not -assign a name to the container with `--name` then -the daemon will also generate a random string name too. The name can -become a handy way to add meaning to a container since you can use this -name when defining -[*links*](/userguide/dockerlinks/#working-with-links-names) -(or any other place you need to identify a container). This works for -both background and foreground Docker containers. +assign a name to the container with `--name` then the daemon will also +generate a random string name too. The name can become a handy way to +add meaning to a container since you can use this name when defining +[*links*](/userguide/dockerlinks/#working-with-links-names) (or any +other place you need to identify a container). This works for both +background and foreground Docker containers. -### PID Equivalent +### PID Equivalent -And finally, to help with automation, you can have Docker write the +Finally, to help with automation, you can have Docker write the container ID out to a file of your choosing. This is similar to how some -programs might write out their process ID to a file (you`ve seen them as +programs might write out their process ID to a file (you've seen them as PID files): --cidfile="": Write the container ID to the file @@ -141,14 +138,14 @@ PID files): By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking -with `docker run --net none` which disables all incoming and -outgoing networking. In cases like this, you would perform I/O through -files or STDIN/STDOUT only. +with `docker run --net none` which disables all incoming and outgoing +networking. In cases like this, you would perform I/O through files or +`STDIN` and `STDOUT` only. Your container will use the same DNS servers as the host by default, but you can override this with `--dns`. -Supported networking modes are: +Supported networking modes are: * none - no networking in the container * bridge - (default) connect the container to the bridge via veth interfaces @@ -156,35 +153,40 @@ Supported networking modes are: * container - use another container's network stack #### Mode: none -With the networking mode set to `none` a container will not have a access to -any external routes. The container will still have a `loopback` interface -enabled in the container but it does not have any routes to external traffic. + +With the networking mode set to `none` a container will not have a +access to any external routes. The container will still have a +`loopback` interface enabled in the container but it does not have any +routes to external traffic. #### Mode: bridge -With the networking mode set to `bridge` a container will use docker's default -networking setup. A bridge is setup on the host, commonly named `docker0`, -and a pair of veth interfaces will be created for the container. One side of -the veth pair will remain on the host attached to the bridge while the other -side of the pair will be placed inside the container's namespaces in addition -to the `loopback` interface. An IP address will be allocated for containers -on the bridge's network and trafic will be routed though this bridge to the -container. + +With the networking mode set to `bridge` a container will use docker's +default networking setup. A bridge is setup on the host, commonly named +`docker0`, and a pair of `veth` interfaces will be created for the +container. One side of the `veth` pair will remain on the host attached +to the bridge while the other side of the pair will be placed inside the +container's namespaces in addition to the `loopback` interface. An IP +address will be allocated for containers on the bridge's network and +traffic will be routed though this bridge to the container. #### Mode: host + With the networking mode set to `host` a container will share the host's -network stack and all interfaces from the host will be available to the -container. The container's hostname will match the hostname on the host -system. Publishing ports and linking to other containers will not work -when sharing the host's network stack. +network stack and all interfaces from the host will be available to the +container. The container's hostname will match the hostname on the host +system. Publishing ports and linking to other containers will not work +when sharing the host's network stack. #### Mode: container -With the networking mode set to `container` a container will share the -network stack of another container. The other container's name must be + +With the networking mode set to `container` a container will share the +network stack of another container. The other container's name must be provided in the format of `--net container:`. -Example running a redis container with redis binding to localhost then -running the redis-cli and connecting to the redis server over the -localhost interface. +Example running a Redis container with Redis binding to `localhost` then +running the `redis-cli` command and connecting to the Redis server over the +`localhost` interface. $ docker run -d --name redis example/redis --bind 127.0.0.1 $ # use the redis container's network stack to access localhost @@ -211,15 +213,14 @@ container: -c=0 : CPU shares (relative weight) The operator can constrain the memory available to a container easily -with `docker run -m`. If the host supports swap -memory, then the `-m` memory setting can be larger -than physical RAM. +with `docker run -m`. If the host supports swap memory, then the `-m` +memory setting can be larger than physical RAM. Similarly the operator can increase the priority of this container with -the `-c` option. By default, all containers run at -the same priority and get the same proportion of CPU cycles, but you can -tell the kernel to give more shares of CPU time to one or more -containers when you start them via Docker. +the `-c` option. By default, all containers run at the same priority and +get the same proportion of CPU cycles, but you can tell the kernel to +give more shares of CPU time to one or more containers when you start +them via Docker. ## Runtime Privilege and LXC Configuration @@ -277,19 +278,20 @@ commandline: $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] -This command is optional because the person who created the `IMAGE` may have -already provided a default `COMMAND` using the Dockerfile `CMD`. As the -operator (the person running a container from the image), you can override that -`CMD` just by specifying a new `COMMAND`. +This command is optional because the person who created the `IMAGE` may +have already provided a default `COMMAND` using the Dockerfile `CMD` +instruction. As the operator (the person running a container from the +image), you can override that `CMD` instruction just by specifying a new +`COMMAND`. -If the image also specifies an `ENTRYPOINT` then the `CMD` or `COMMAND` get -appended as arguments to the `ENTRYPOINT`. +If the image also specifies an `ENTRYPOINT` then the `CMD` or `COMMAND` +get appended as arguments to the `ENTRYPOINT`. ## ENTRYPOINT (Default Command to Execute at Runtime) --entrypoint="": Overwrite the default entrypoint set by the image -The ENTRYPOINT of an image is similar to a `COMMAND` because it +The `ENTRYPOINT` of an image is similar to a `COMMAND` because it specifies what executable to run when the container starts, but it is (purposely) more difficult to override. The `ENTRYPOINT` gives a container its default nature or behavior, so that when you set an @@ -310,10 +312,10 @@ or two examples of how to pass more parameters to that ENTRYPOINT: ## EXPOSE (Incoming Ports) -The Dockerfile doesn't give much control over networking, only providing the -`EXPOSE` instruction to give a hint to the operator about what incoming ports -might provide services. The following options work with or override the -Dockerfile's exposed defaults: +The Dockerfile doesn't give much control over networking, only providing +the `EXPOSE` instruction to give a hint to the operator about what +incoming ports might provide services. The following options work with +or override the Dockerfile's exposed defaults: --expose=[]: Expose a port from the container without publishing it to your host @@ -324,34 +326,34 @@ Dockerfile's exposed defaults: (use 'docker port' to see the actual mapping) --link="" : Add link to another container (name:alias) -As mentioned previously, `EXPOSE` (and `--expose`) make a port available **in** -a container for incoming connections. The port number on the inside of the -container (where the service listens) does not need to be the same number as the -port exposed on the outside of the container (where clients connect), so inside -the container you might have an HTTP service listening on port 80 (and so you -`EXPOSE 80` in the Dockerfile), but outside the container the port might be -42800. +As mentioned previously, `EXPOSE` (and `--expose`) make a port available +**in** a container for incoming connections. The port number on the +inside of the container (where the service listens) does not need to be +the same number as the port exposed on the outside of the container +(where clients connect), so inside the container you might have an HTTP +service listening on port 80 (and so you `EXPOSE 80` in the Dockerfile), +but outside the container the port might be 42800. -To help a new client container reach the server container's internal port -operator `--expose`'d by the operator or `EXPOSE`'d by the developer, the -operator has three choices: start the server container with `-P` or `-p,` or -start the client container with `--link`. +To help a new client container reach the server container's internal +port operator `--expose`'d by the operator or `EXPOSE`'d by the +developer, the operator has three choices: start the server container +with `-P` or `-p,` or start the client container with `--link`. If the operator uses `-P` or `-p` then Docker will make the exposed port -accessible on the host and the ports will be available to any client that -can reach the host. To find the map between the host ports and the exposed -ports, use `docker port`) +accessible on the host and the ports will be available to any client +that can reach the host. To find the map between the host ports and the +exposed ports, use `docker port`) -If the operator uses `--link` when starting the new client container, then the -client container can access the exposed port via a private networking interface. -Docker will set some environment variables in the client container to help -indicate which interface and port to use. +If the operator uses `--link` when starting the new client container, +then the client container can access the exposed port via a private +networking interface. Docker will set some environment variables in the +client container to help indicate which interface and port to use. ## ENV (Environment Variables) -The operator can **set any environment variable** in the container by using one -or more `-e` flags, even overriding those already defined by the developer with -a Dockerfile `ENV`: +The operator can **set any environment variable** in the container by +using one or more `-e` flags, even overriding those already defined by +the developer with a Dockerfile `ENV`: $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export declare -x HOME="/" @@ -420,18 +422,19 @@ mechanism to communicate with a linked container by its alias: If "container-dir" is missing, then docker creates a new volume. --volumes-from="": Mount all volumes from the given container(s) -The volumes commands are complex enough to have their own documentation in -section [*Share Directories via Volumes*](/userguide/dockervolumes/#volume-def). -A developer can define one or more `VOLUME's associated with an image, but only the -operator can give access from one container to another (or from a container to a +The volumes commands are complex enough to have their own documentation +in section [*Share Directories via +Volumes*](/userguide/dockervolumes/#volume-def). A developer can define +one or more `VOLUME`'s associated with an image, but only the operator +can give access from one container to another (or from a container to a volume mounted on the host). ## USER -The default user within a container is `root` (id = 0), but if the developer -created additional users, those are accessible too. The developer can set a -default user to run the first process with the `Dockerfile USER` command, -but the operator can override it: +The default user within a container is `root` (id = 0), but if the +developer created additional users, those are accessible too. The +developer can set a default user to run the first process with the +Dockerfile `USER` instruction, but the operator can override it: -u="": Username or UID From dd0cd23fd7e94769a3d21b3ef91b80f742d4f0f8 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Mon, 30 Jun 2014 11:31:15 +1000 Subject: [PATCH 0208/2538] blindly make all uses of e\.?g\.? into e.g., Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/README.md | 2 +- docs/sources/reference/commandline/cli.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/README.md b/docs/README.md index d74ec4ee87..99dc8712c9 100755 --- a/docs/README.md +++ b/docs/README.md @@ -70,7 +70,7 @@ in their shell: ### Images -When you need to add images, try to make them as small as possible (e.g. as +When you need to add images, try to make them as small as possible (e.g., as gifs). Usually images should go in the same directory as the `.md` file which references them, or in a subdirectory if one already exists. diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 15640cff17..56e4202041 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -335,7 +335,7 @@ schema. Create a new image from a container's changes - -a, --author="" Author (eg. "John Hannibal Smith ") + -a, --author="" Author (e.g., "John Hannibal Smith ") -m, --message="" Commit message It can be useful to commit a container's file changes or settings into a @@ -518,7 +518,7 @@ by default. ### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there are more -than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) Current filters: * dangling (boolean - true or false) @@ -929,7 +929,7 @@ removed before the image is removed. --sig-proxy=true Proxify received signals to the process (even in non-tty mode). SIGCHLD is not proxied. -t, --tty=false Allocate a pseudo-tty -u, --user="" Username or UID - -v, --volume=[] Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) + -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container) --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container From 3775c33ab9d2606717f7258974869df961880ddf Mon Sep 17 00:00:00 2001 From: Eric Windisch Date: Sat, 7 Jun 2014 23:37:31 -0700 Subject: [PATCH 0209/2538] Pause/freeze containers during commit Initiates a pause before committing a container, adds a pause option to the commit command, defaulting to 'true'. Fixes bug: #6267 Fixes bug: #3675 Docker-DCO-1.1-Signed-off-by: Eric Windisch (github: ewindisch) --- docs/sources/reference/commandline/cli.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 56e4202041..ff41ec4324 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -337,6 +337,7 @@ schema. -a, --author="" Author (e.g., "John Hannibal Smith ") -m, --message="" Commit message + -p, --pause=true Pause container during commit It can be useful to commit a container's file changes or settings into a new image. This allows you debug a container by running an interactive @@ -344,6 +345,11 @@ shell, or to export a working dataset to another server. Generally, it is better to use Dockerfiles to manage your images in a documented and maintainable way. +By default, the container being committed and its processes will be paused +during the process of committing the image. This reduces the likelihood of +encountering data corruption during the process of creating the commit. +If this behavior is undesired, set the 'p' option to false. + ### Commit an existing container $ sudo docker ps From db5c70afe45c6ae9b86f168d7e859958929da4d8 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 1 Jul 2014 00:39:38 +0000 Subject: [PATCH 0210/2538] updated docs & tests Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ff41ec4324..770ac1177d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -346,7 +346,7 @@ is better to use Dockerfiles to manage your images in a documented and maintainable way. By default, the container being committed and its processes will be paused -during the process of committing the image. This reduces the likelihood of +while the image is committed. This reduces the likelihood of encountering data corruption during the process of creating the commit. If this behavior is undesired, set the 'p' option to false. From e7e6ff5e6f85916a86eaaa823c8ebaa49b767653 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 1 Jul 2014 15:03:07 -0400 Subject: [PATCH 0211/2538] more docs for dockerignore Docker-DCO-1.1-Signed-off-by: Tibor Vass (github: tiborvass) --- docs/sources/reference/builder.md | 32 +++++++++++++++++++++++ docs/sources/reference/commandline/cli.md | 6 ++--- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index cf729664e2..91190933c9 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -83,6 +83,38 @@ be treated as an argument. This allows statements like: Here is the set of instructions you can use in a Dockerfile for building images. +## .dockerignore + +If a file named `.dockerignore` exists in the source repository, then it +is interpreted as a newline-separated list of exclusion patterns. +Exclusion patterns match files or directories relative to the source repository +that will be excluded from the context. Globbing is done using Go's +[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. + +The following example shows the use of the `.dockerignore` file to exclude the +`.git` directory from the context. Its effect can be seen in the changed size of +the uploaded context. + + $ docker build . + Uploading context 18.829 MB + Uploading context + Step 0 : FROM busybox + ---> 769b9341d937 + Step 1 : CMD echo Hello World + ---> Using cache + ---> 99cc1ad10469 + Successfully built 99cc1ad10469 + $ echo ".git" > .dockerignore + $ docker build . + Uploading context 6.76 MB + Uploading context + Step 0 : FROM busybox + ---> 769b9341d937 + Step 1 : CMD echo Hello World + ---> Using cache + ---> 99cc1ad10469 + Successfully built 99cc1ad10469 + ## FROM FROM diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 770ac1177d..93b97b02f9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -223,7 +223,7 @@ will be excluded from the context. Globbing is done using Go's See also: -[*Dockerfile Reference*](/reference/builder/#dockerbuilder). +[*Dockerfile Reference*](/reference/builder). ### Examples: @@ -292,8 +292,8 @@ affect the build cache. ---> 99cc1ad10469 Successfully built 99cc1ad10469 -This example shows the use of the ``.dockerignore`` file to exclude the ``.git`` -directory the context. Its effect can be seen in the changed size of the +This example shows the use of the `.dockerignore` file to exclude the `.git` +directory from the context. Its effect can be seen in the changed size of the uploaded context. $ sudo docker build -t vieux/apache:2.0 . From a9bea1525ce36b2858841a697990db338c9be5d6 Mon Sep 17 00:00:00 2001 From: Alexandr Morozov Date: Tue, 3 Jun 2014 15:09:33 +0400 Subject: [PATCH 0212/2538] Implement tail for docker logs Fixes #4330 Docker-DCO-1.1-Signed-off-by: Alexandr Morozov (github: LK4D4) --- docs/sources/reference/commandline/cli.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 93b97b02f9..52917f155f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -738,13 +738,15 @@ specify this by adding the server name. -f, --follow=false Follow log output -t, --timestamps=false Show timestamps + --tail="all" Output the specified number of lines at the end of logs (all logs by default) -The `docker logs` command batch-retrieves all logs -present at the time of execution. +The `docker logs` command batch-retrieves logs present at the time of execution. -The ``docker logs --follow`` command will first return all logs from the -beginning and then continue streaming new output from the container's `STDOUT` -and `STDERR`. +The `docker logs --follow` command will continue streaming the new output from +the container's `STDOUT` and `STDERR`. + +Passing a negative number or a non-integer to --tail is invalid and the +value is set to all in that case. This behavior may change in the future. ## port From 0c845f3f41e012aca6565990d181d9be43fd8f9d Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 1 Jul 2014 21:33:33 +0000 Subject: [PATCH 0213/2538] update docs Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- docs/sources/reference/commandline/cli.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 52917f155f..4534afe932 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -738,15 +738,15 @@ specify this by adding the server name. -f, --follow=false Follow log output -t, --timestamps=false Show timestamps - --tail="all" Output the specified number of lines at the end of logs (all logs by default) + --tail="all" Output the specified number of lines at the end of logs (defaults to all logs) The `docker logs` command batch-retrieves logs present at the time of execution. The `docker logs --follow` command will continue streaming the new output from the container's `STDOUT` and `STDERR`. -Passing a negative number or a non-integer to --tail is invalid and the -value is set to all in that case. This behavior may change in the future. +Passing a negative number or a non-integer to `--tail` is invalid and the +value is set to `all` in that case. This behavior may change in the future. ## port From 094fa1b8fd7419c7aad0e22a8d89f5e21e72426b Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 1 Jul 2014 15:07:05 -0700 Subject: [PATCH 0214/2538] Lowercase world, because its not important. Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4534afe932..d7f9724231 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -246,7 +246,7 @@ See also: drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr ---> b35f4035db3f - Step 3 : CMD echo Hello World + Step 3 : CMD echo Hello world ---> Running in 02071fceb21b ---> f52f38b7823e Successfully built f52f38b7823e @@ -277,7 +277,7 @@ affect the build cache. Uploading context Step 0 : FROM busybox ---> 769b9341d937 - Step 1 : CMD echo Hello World + Step 1 : CMD echo Hello world ---> Using cache ---> 99cc1ad10469 Successfully built 99cc1ad10469 @@ -287,7 +287,7 @@ affect the build cache. Uploading context Step 0 : FROM busybox ---> 769b9341d937 - Step 1 : CMD echo Hello World + Step 1 : CMD echo Hello world ---> Using cache ---> 99cc1ad10469 Successfully built 99cc1ad10469 From 0db5ead653e550139ce07ba1c785c7a856476e78 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Tue, 1 Jul 2014 12:58:04 +1000 Subject: [PATCH 0215/2538] Update cli.md and man pages to match current cli Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 58 ++++++++++++----------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index a1eac31df7..a4a9365f92 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -79,7 +79,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d ' # commit complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes" -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (eg. "John Hannibal Smith "' +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (e.g., "John Hannibal Smith "' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: -run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d7f9724231..301593f2f1 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -54,9 +54,9 @@ expect an integer, and they can only be specified once. -b, --bridge="" Attach containers to a pre-existing network bridge use 'none' to disable container networking --bip="" Use this CIDR notation address for the network bridge's IP, not compatible with -b - -d, --daemon=false Enable daemon mode -D, --debug=false Enable debug mode - --dns=[] Force docker to use specific DNS servers + -d, --daemon=false Enable daemon mode + --dns=[] Force Docker to use specific DNS servers --dns-search=[] Force Docker to use specific DNS search domains -e, --exec-driver="native" Force the Docker runtime to use a specific exec driver -G, --group="docker" Group to assign the unix socket specified by -H when running in daemon mode @@ -73,8 +73,8 @@ expect an integer, and they can only be specified once. -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file -r, --restart=true Restart previously running containers -s, --storage-driver="" Force the Docker runtime to use a specific storage driver - --storage-opt=[] Set storage driver options --selinux-enabled=false Enable selinux support + --storage-opt=[] Set storage driver options --tls=false Use TLS; implied by tls-verify flags --tlscacert="/home/sven/.docker/ca.pem" Trust only remotes providing a certificate signed by the CA given here --tlscert="/home/sven/.docker/cert.pem" Path to TLS certificate file @@ -134,8 +134,8 @@ like this: Attach to a running container - --no-stdin=false Do not attach stdin - --sig-proxy=true Proxify received signals to the process (even in non-tty mode). SIGCHLD is not proxied. + --no-stdin=false Do not attach STDIN + --sig-proxy=true Proxify all received signals to the process (even in non-TTY mode). SIGCHLD is not proxied. The `attach` command will allow you to view or interact with any running container, detached (`-d`) @@ -481,7 +481,7 @@ To see how the `docker:latest` image was built: List images -a, --all=false Show all images (by default filter out the intermediate image layers) - -f, --filter=[]: Provide filter values (i.e. 'dangling=true') + -f, --filter=[] Provide filter values (i.e. 'dangling=true') --no-trunc=false Don't truncate output -q, --quiet=false Only show numeric IDs @@ -600,6 +600,8 @@ tar, then the ownerships might not get preserved. Usage: docker info + Display system-wide information + For example: $ sudo docker -D info @@ -627,7 +629,7 @@ ensure we know how your setup is configured. Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] - Return low-level information on a container/image + Return low-level information on a container or image -f, --format="" Format the output using the given go template. @@ -681,7 +683,7 @@ contains complex json object, so to grab it as JSON, you use Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - Kill a running container (send SIGKILL, or specified signal) + Kill a running container using SIGKILL or a specified signal -s, --signal="KILL" Signal to send to the container @@ -718,7 +720,7 @@ Restores both images and tags. Usage: docker login [OPTIONS] [SERVER] - Register or Login to a docker registry server, if no server is specified "https://index.docker.io/v1/" is the default. + Register or log in to a Docker registry server, if no server is specified "https://index.docker.io/v1/" is the default. -e, --email="" Email -p, --password="" Password @@ -752,7 +754,7 @@ value is set to `all` in that case. This behavior may change in the future. Usage: docker port CONTAINER PRIVATE_PORT - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + Lookup the public-facing port that is NAT-ed to PRIVATE_PORT ## ps @@ -781,7 +783,7 @@ Running `docker ps` showing 2 linked containers. ## pull - Usage: docker pull [REGISTRY_PATH/]NAME[:TAG] + Usage: docker pull NAME[:TAG] Pull an image or a repository from the registry @@ -824,7 +826,7 @@ registry or to a self-hosted one. Restart a running container - -t, --time=10 Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10 + -t, --time=10 Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds. ## rm @@ -834,7 +836,7 @@ registry or to a self-hosted one. -f, --force=false Force removal of running container -l, --link=false Remove the specified link and not the underlying container - -v, --volumes=false Remove the volumes associated to the container + -v, --volumes=false Remove the volumes associated with the container ### Known Issues (rm) @@ -870,7 +872,7 @@ delete them. Any running containers will not be deleted. Remove one or more images - -f, --force=false Force + -f, --force=false Force removal of the image --no-prune=false Do not delete untagged parents ### Removing tagged images @@ -910,6 +912,7 @@ removed before the image is removed. -a, --attach=[] Attach to stdin, stdout or stderr. -c, --cpu-shares=0 CPU shares (relative weight) --cidfile="" Write the container ID to the file + --cpuset="" CPUs in which to allow execution (0-3, 0,1) -d, --detach=false Detached mode: Run container in the background, print new container id --dns=[] Set custom dns servers --dns-search=[] Set custom dns search domains @@ -927,11 +930,11 @@ removed before the image is removed. 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container 'container:': reuses another container network stack - 'host': use the host network stack inside the container + 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + -P, --publish-all=false Publish all exposed ports to the host interfaces -p, --publish=[] Publish a container's port to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort (use 'docker port' to see the actual mapping) - -P, --publish-all=false Publish all exposed ports to the host interfaces --privileged=false Give extended privileges to this container --rm=false Automatically remove the container when it exits (incompatible with -d) --sig-proxy=true Proxify received signals to the process (even in non-tty mode). SIGCHLD is not proxied. @@ -1150,7 +1153,7 @@ application change: Usage: docker save IMAGE - Save an image to a tar archive (streamed to stdout by default) + Save an image to a tar archive (streamed to STDOUT by default) -o, --output="" Write to an file, instead of STDOUT @@ -1175,11 +1178,11 @@ Search [Docker Hub](https://hub.docker.com) for images Usage: docker search TERM - Search the docker index for images + Search the Docker Hub for images - --no-trunc=false Don't truncate output - -s, --stars=0 Only displays with at least xxx stars - --automated=false Only show automated builds + --automated=false Only show automated builds + --no-trunc=false Don't truncate output + -s, --stars=0 Only displays with at least x stars See [*Find Public Images on Docker Hub*]( /userguide/dockerrepos/#find-public-images-on-docker-hub) for @@ -1191,8 +1194,8 @@ more details on finding shared images from the command line. Restart a stopped container - -a, --attach=false Attach container's stdout/stderr and forward all signals to the process - -i, --interactive=false Attach container's stdin + -a, --attach=false Attach container's STDOUT and STDERR and forward all signals to the process + -i, --interactive=false Attach container's STDIN When run on a container that has already been started, takes no action and succeeds unconditionally. @@ -1201,9 +1204,9 @@ takes no action and succeeds unconditionally. Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a running container (Send SIGTERM, and then SIGKILL after grace period) + Stop a running container by sending SIGTERM and then SIGKILL after a grace period - -t, --time=10 Number of seconds to wait for the container to stop before killing it. + -t, --time=10 Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. The main process inside the container will receive SIGTERM, and after a grace period, SIGKILL @@ -1224,13 +1227,13 @@ them to [*Share Images via Repositories*]( Usage: docker top CONTAINER [ps OPTIONS] - Lookup the running processes of a container + Display the running processes of a container ## version Usage: docker version - Show the docker version information. + Show the Docker version information. Show the Docker version, API version, Git commit, and Go version of both Docker client and daemon. @@ -1240,3 +1243,4 @@ both Docker client and daemon. Usage: docker wait CONTAINER [CONTAINER...] Block until a container stops, then print its exit code. + From 6f03f597ad6639a63cff56e432e89b2e447bec67 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Wed, 2 Jul 2014 10:30:25 +1000 Subject: [PATCH 0216/2538] I'm going to wish I didn't do this Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- contrib/completion/zsh/_docker | 2 +- docs/README.md | 8 ++++---- docs/sources/reference/run.md | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4578d1eda7..3f96f00ef7 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1,6 +1,6 @@ #compdef docker # -# zsh completion for docker (http://docker.io) +# zsh completion for docker (http://docker.com) # # version: 0.2.2 # author: Felix Riedel diff --git a/docs/README.md b/docs/README.md index 99dc8712c9..17299401e7 100755 --- a/docs/README.md +++ b/docs/README.md @@ -3,7 +3,7 @@ The source for Docker documentation is here under `sources/` and uses extended Markdown, as implemented by [MkDocs](http://mkdocs.org). -The HTML files are built and hosted on `https://docs.docker.io`, and update +The HTML files are built and hosted on `https://docs.docker.com`, and update automatically after each change to the master or release branch of [Docker on GitHub](https://github.com/dotcloud/docker) thanks to post-commit hooks. The `docs` branch maps to the "latest" documentation and the `master` (unreleased @@ -21,14 +21,14 @@ In the rare case where your change is not forward-compatible, you may need to base your changes on the `docs` branch. Also, now that we have a `docs` branch, we can keep the -[http://docs.docker.io](http://docs.docker.io) docs up to date with any bugs +[http://docs.docker.com](http://docs.docker.com) docs up to date with any bugs found between Docker code releases. **Warning**: When *reading* the docs, the -[http://beta-docs.docker.io](http://beta-docs.docker.io) documentation may +[http://docs-stage.docker.com](http://docs-stage.docker.com) documentation may include features not yet part of any official Docker release. The `beta-docs` site should be used only for understanding bleeding-edge development and -`docs.docker.io` (which points to the `docs` branch`) should be used for the +`docs.docker.com` (which points to the `docs` branch`) should be used for the latest official release. ## Contributing diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 37dba587b6..a539ab0d18 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -240,7 +240,7 @@ to access to all devices on the host as well as set some configuration in AppArmor to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with `--privileged` is available on the -[Docker Blog](http://blog.docker.io/2013/09/docker-can-now-run-within-docker/). +[Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/). If the Docker daemon was started using the `lxc` exec-driver (`docker -d --exec-driver=lxc`) then the operator can also specify LXC options From 68f296e8fba984cd6f348a5226bcbb79ff88eef1 Mon Sep 17 00:00:00 2001 From: Andrew France Date: Fri, 4 Jul 2014 12:05:50 +0100 Subject: [PATCH 0217/2538] Fix "Error while reading file" Fish completion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit An unbalanced single quote caused Fish to fail to load the completion file with `source: Error while reading file “/etc/fish/completions/docker.fish”`. Docker-DCO-1.1-Signed-off-by: Andrew France (github: Odaeus) --- contrib/completion/fish/docker.fish | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index a4a9365f92..ba83526c75 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -85,7 +85,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Conf complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" # cp -complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d 'Copy files/folders from a container's filesystem to the host path' +complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders from a container's filesystem to the host path" # diff complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem" From c23159c9863633d061ff8a563348aa99573e7354 Mon Sep 17 00:00:00 2001 From: Felix Rabe Date: Sun, 6 Jul 2014 14:47:37 +0200 Subject: [PATCH 0218/2538] run.md: Fix references to cli There are now no other occurrences of `#cli-` in this document. TODO: Find other places with wrong links. --- docs/sources/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index a539ab0d18..82fe047cb3 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -11,7 +11,7 @@ its own networking, and its own isolated process tree. The defaults related to the binary to run, the networking to expose, and more, but `docker run` gives final control to the operator who starts the container from the image. That's the main reason -[*run*](/reference/commandline/cli/#cli-run) has more options than any +[*run*](/reference/commandline/cli/#run) has more options than any other `docker` command. ## General Form @@ -21,7 +21,7 @@ The basic `docker run` command takes this form: $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] To learn how to interpret the types of `[OPTIONS]`, -see [*Option types*](/reference/commandline/cli/#cli-options). +see [*Option types*](/reference/commandline/cli/#option-types). The list of `[OPTIONS]` breaks down into two groups: From 8c2470323d465a8102092d5b2ed54e50e2ffb45c Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Wed, 4 Jun 2014 16:38:06 -0400 Subject: [PATCH 0219/2538] Error if Docker daemon starts with BTRFS graph driver and SELinux enabled The Docker btrfs graph driver does not interact well with SELinux at present. If btrfs mounts the same file in several locations, the same SELinux label will be applied to all mountpoints. In the context of the graph driver, things such as shared libraries become inaccessible to containers due to SELInux, causing all dynamically linked applications to fail when run in a container. Consequently, error when we detect the daemon is being run with SELinux enabled and the btrfs driver. Documentation has been added for this behavior. Docker-DCO-1.1-Signed-off-by: Matthew Heon (github: mheon) --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 301593f2f1..9a6d27f0eb 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -73,7 +73,7 @@ expect an integer, and they can only be specified once. -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file -r, --restart=true Restart previously running containers -s, --storage-driver="" Force the Docker runtime to use a specific storage driver - --selinux-enabled=false Enable selinux support + --selinux-enabled=false Enable selinux support. SELinux does not presently support the BTRFS storage driver --storage-opt=[] Set storage driver options --tls=false Use TLS; implied by tls-verify flags --tlscacert="/home/sven/.docker/ca.pem" Trust only remotes providing a certificate signed by the CA given here From 383db402ca7a475a0bed886a30d727b4e2489b17 Mon Sep 17 00:00:00 2001 From: OddBloke Date: Thu, 3 Jul 2014 12:55:21 +0100 Subject: [PATCH 0220/2538] Explain ADD invalidation more accurately And also move it in to the `ADD` section, rather than being hidden in the `RUN` section. Docker-DCO-1.1-Signed-off-by: Daniel Watkins (github: OddBloke) --- docs/sources/reference/builder.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 91190933c9..da7f3ebff2 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -169,9 +169,8 @@ will be reused during the next build. The cache for `RUN` instructions can be invalidated by using the `--no-cache` flag, for example `docker build --no-cache`. -The first encountered `ADD` instruction will invalidate the cache for all -following instructions from the 'Dockerfile' if the contents of the context -have changed. This will also invalidate the cache for `RUN` instructions. +The cache for `RUN` instructions can be invalidated by `ADD` instructions. See +[below](#add) for details. ### Known Issues (RUN) @@ -285,6 +284,11 @@ In the case where `` is a remote file URL, the destination will have permis > or use another tool from within the container as ADD does not support > authentication. +> **Note**: +> The first encountered `ADD` instruction will invalidate the cache for all +> following instructions from the Dockerfile if the contents of `` have +> changed. This includes invalidating the cache for `RUN` instructions. + The copy obeys the following rules: - The `` path must be inside the *context* of the build; From 64271a2aa3c430e50280a0685ac082375236b88e Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sat, 10 May 2014 18:51:16 +0200 Subject: [PATCH 0221/2538] Updated docker logs timestamp to RFC3339 Currently the docker logs timestamp flag generates log entries like: $ sudo docker logs -ft daemon_dave [May 10 13:06:17.934] hello world It uses Go's StampMilli timestamp to generate the timestamp. The entry is also wrapped in [ ]. This is non-standard operational timestamp and one that will require custom parsing. The new timestamp is RFC3999Nano and generates entries like: 2014-05-10T17:42:14.999999999Z07:00 hello world These are readily parsed by tools like ELK. Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) Docker-DCO-1.1-Signed-off-by: Tibor Vass (github: tiborvass) --- docs/sources/reference/commandline/cli.md | 24 +++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 9a6d27f0eb..182eb2a221 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -425,24 +425,24 @@ You'll need two shells for this example. **Shell 1: (Again .. now showing events):** - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) start + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop **Show events in the past from a specified time:** $ sudo docker events --since 1378216169 - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + 2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die + 2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop $ sudo docker events --since '2013-09-03' - [2013-09-03 15:49:26 +0200 CEST] 4386fb97867d: (from 12de384bfb10) start - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) start + 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die + 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) die - [2013-09-03 15:49:29 +0200 CEST] 4386fb97867d: (from 12de384bfb10) stop + 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die + 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop ## export @@ -750,6 +750,10 @@ the container's `STDOUT` and `STDERR`. Passing a negative number or a non-integer to `--tail` is invalid and the value is set to `all` in that case. This behavior may change in the future. +The `docker logs --timestamp` commands will add an RFC3339Nano +timestamp, for example `2014-05-10T17:42:14.999999999Z07:00`, to each +log entry. + ## port Usage: docker port CONTAINER PRIVATE_PORT From 9bb81450d9df334df4f55520d179ab338ce0ef55 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Tue, 8 Jul 2014 20:26:23 -0600 Subject: [PATCH 0222/2538] Update bash completion to only complete on directories as the argument to "docker build" Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 89395560f9..4cefefabc2 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -156,7 +156,7 @@ _docker_build() *) local counter="$(__docker_pos_first_nonflag '-t|--tag')" if [ $cword -eq $counter ]; then - _filedir + _filedir -d fi ;; esac From 316fa6a2186241775ac75caef2da3afff2e9fb90 Mon Sep 17 00:00:00 2001 From: Bryan Bess Date: Wed, 9 Jul 2014 23:14:06 -0500 Subject: [PATCH 0223/2538] Fix typos Docker-DCO-1.1-Signed-off-by: Bryan Bess (github: squarejaw) --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 82fe047cb3..1bd70e83f0 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -385,7 +385,7 @@ container running Redis: $ docker port 4241164edf6f 6379 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f -Yet we can get information about the Redis container'sexposed ports +Yet we can get information about the Redis container's exposed ports with `--link`. Choose an alias that will form a valid environment variable! From 57b53e22fee9f0010320533850a1b30fbc36f44f Mon Sep 17 00:00:00 2001 From: Timothy Date: Sat, 31 May 2014 04:00:47 +0000 Subject: [PATCH 0224/2538] Add --device flag to allow additional host devices in container We add a --device flag which can be used like: docker run --device /dev/sda:/dev/xvda:rwm ubuntu /bin/bash To allow the container to have read write permissions to access the host's /dev/sda via a node named /dev/xvda in the container. Note: Much of this code was written by Dinesh Subhraveti dineshs@altiscale.com (github: dineshs-altiscale) and so he deserves a ton of credit. Docker-DCO-1.1-Signed-off-by: Timothy (github: timthelion) --- docs/sources/reference/commandline/cli.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 182eb2a221..7ae1b30c0a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -946,6 +946,7 @@ removed before the image is removed. -u, --user="" Username or UID -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container) --volumes-from=[] Mount volumes from the specified container(s) + --device=[] Add a host device to the container (e.g. --device=/dev/sdc[:/dev/xvdc[:rwm]]) -w, --workdir="" Working directory inside the container The `docker run` command first `creates` a writeable container layer over the @@ -1122,6 +1123,20 @@ logs could be retrieved using `docker logs`. This is useful if you need to pipe a file or something else into a container and retrieve the container's ID once the container has finished running. + $ sudo docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo} + brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc + brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd + crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo + +It is often necessary to directly expose devices to a container. ``--device`` +option enables that. For example, a specific block storage device or loop +device or audio device can be added to an otherwise unprivileged container +(without the ``--privileged`` flag) and have the application directly access it. + +** Security note: ** + +``--device`` cannot be safely used with ephemeral devices. Block devices that may be removed should not be added to untrusted containers with ``--device``! + **A complete example:** $ sudo docker run -d --name static static-web-files sh From 1bb925be97a60d569609c54b9e50d7f36ac5b9a2 Mon Sep 17 00:00:00 2001 From: Adrien Folie Date: Tue, 8 Jul 2014 20:31:20 +0200 Subject: [PATCH 0225/2538] update CLI & api docs Docker-DCO-1.1-Signed-off-by: Adrien Folie (github: folieadrien) --- docs/sources/reference/commandline/cli.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 7ae1b30c0a..e9d21cac47 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -838,7 +838,8 @@ registry or to a self-hosted one. Remove one or more containers - -f, --force=false Force removal of running container + -s, --stop=false Stop and remove a running container + -k, --kill=false Kill and remove a running container -l, --link=false Remove the specified link and not the underlying container -v, --volumes=false Remove the volumes associated with the container @@ -863,6 +864,20 @@ This will remove the underlying link between `/webapp` and the `/redis` containers removing all network communication. + $ sudo docker rm --stop redis + redis + +The main process inside the container referenced under the link `/redis` will receive +SIGTERM, and after a grace period, SIGKILL, then the container will be removed. + + $ sudo docker rm --kill redis + redis + +The main process inside the container referenced under the link `/redis` will receive +SIGKILL, then the container will be removed. + +NOTE: If you try to use `stop` and `kill` simultaneously, Docker will return an error. + $ sudo docker rm $(docker ps -a -q) This command will delete all stopped containers. The command From 7cf495874cfb0cafbf24c3c993337c8fa1a7d671 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Fri, 11 Jul 2014 19:50:25 -0400 Subject: [PATCH 0226/2538] Rewrote the ENTRYPOINT section in builder Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/builder.md | 52 +++++++++++++++++-------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index da7f3ebff2..58854f5aa3 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -374,41 +374,47 @@ The copy obeys the following rules: ENTRYPOINT has two forms: - `ENTRYPOINT ["executable", "param1", "param2"]` - (like an *exec*, preferred form) + (like an *exec*, the preferred form) - `ENTRYPOINT command param1 param2` (as a *shell*) -There can only be one `ENTRYPOINT` in a Dockerfile. If you have more than one -`ENTRYPOINT`, then only the last one in the Dockerfile will have an effect. +There can only be one `ENTRYPOINT` in a `Dockerfile`. If you have more +than one `ENTRYPOINT`, then only the last one in the `Dockerfile` will +have an effect. -An `ENTRYPOINT` helps you to configure a container that you can run as an -executable. That is, when you specify an `ENTRYPOINT`, then the whole container -runs as if it was just that executable. +An `ENTRYPOINT` helps you to configure a container that you can run as +an executable. That is, when you specify an `ENTRYPOINT`, then the whole +container runs as if it was just that executable. -The `ENTRYPOINT` instruction adds an entry command that will **not** be -overwritten when arguments are passed to `docker run`, unlike the behavior -of `CMD`. This allows arguments to be passed to the entrypoint. i.e. -`docker run -d` will pass the "-d" argument to the ENTRYPOINT. +Unlike the behavior of the `CMD` instruction, The `ENTRYPOINT` +instruction adds an entry command that will **not** be overwritten when +arguments are passed to `docker run`. This allows arguments to be passed +to the entry point, i.e. `docker run -d` will pass the `-d` +argument to the entry point. -You can specify parameters either in the ENTRYPOINT JSON array (as in -"like an exec" above), or by using a CMD statement. Parameters in the -ENTRYPOINT will not be overridden by the `docker run` -arguments, but parameters specified via CMD will be overridden -by `docker run` arguments. +You can specify parameters either in the `ENTRYPOINT` JSON array (as in +"like an exec" above), or by using a `CMD` instruction. Parameters in +the `ENTRYPOINT` instruction will not be overridden by the `docker run` +arguments, but parameters specified via a `CMD` instruction will be +overridden by `docker run` arguments. -Like a `CMD`, you can specify a plain string for the `ENTRYPOINT` and it will -execute in `/bin/sh -c`: +Like a `CMD`, you can specify a plain string for the `ENTRYPOINT` and it +will execute in `/bin/sh -c`: FROM ubuntu - ENTRYPOINT wc -l - + ENTRYPOINT ls -l -For example, that Dockerfile's image will *always* take STDIN as input -("-") and print the number of lines ("-l"). If you wanted to make this -optional but default, you could use a CMD: +For example, that `Dockerfile`'s image will *always* take a directory as +an input and return a directory listing. If you wanted to make this +optional but default, you could use a `CMD` instruction: FROM ubuntu - CMD ["-l", "-"] - ENTRYPOINT ["/usr/bin/wc"] + CMD ["-l"] + ENTRYPOINT ["/usr/bin/ls"] + +> **Note**: +> It is preferable to use the JSON array format for specifying +> `ENTRYPOINT` instructions. ## VOLUME From 6c10e6fe817db30be29efd0ef249ee156246717d Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Fri, 11 Jul 2014 22:28:36 -0400 Subject: [PATCH 0227/2538] General cleanup of the builder.md file Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/builder.md | 150 +++++++++++++++--------------- 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 58854f5aa3..57ddb52984 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -4,15 +4,17 @@ page_keywords: builder, docker, Dockerfile, automation, image creation # Dockerfile Reference -**Docker can act as a builder** and read instructions from a text *Dockerfile* -to automate the steps you would otherwise take manually to create an image. -Executing `docker build` will run your steps and commit them along the way, -giving you a final image. +**Docker can build images automatically** by reading the instructions +from a `Dockerfile`. A `Dockerfile` is a text document that contains all +the commands you would normally execute manually in order to build a +Docker image. By calling `docker build` from your terminal, you can have +Docker build your image step by step, executing the instructions +successively. ## Usage To [*build*](../commandline/cli/#cli-build) an image from a source repository, -create a description file called Dockerfile at the root of your repository. +create a description file called `Dockerfile` at the root of your repository. This file will describe the steps to assemble the image. Then call `docker build` with the path of your source repository as the argument @@ -55,13 +57,12 @@ accelerating `docker build` significantly (indicated by `Using cache`): ---> 1a5ffc17324d Successfully built 1a5ffc17324d -When you're done with your build, you're ready to look into -[*Pushing a repository to its registry*]( -/userguide/dockerrepos/#image-push). +When you're done with your build, you're ready to look into [*Pushing a +repository to its registry*]( /userguide/dockerrepos/#image-push). ## Format -Here is the format of the Dockerfile: +Here is the format of the `Dockerfile`: # Comment INSTRUCTION arguments @@ -69,8 +70,8 @@ Here is the format of the Dockerfile: The Instruction is not case-sensitive, however convention is for them to be UPPERCASE in order to distinguish them from arguments more easily. -Docker evaluates the instructions in a Dockerfile in order. **The first -instruction must be \`FROM\`** in order to specify the [*Base +Docker runs the instructions in a `Dockerfile` in order. **The +first instruction must be \`FROM\`** in order to specify the [*Base Image*](/terms/image/#base-image-def) from which you are building. Docker will treat lines that *begin* with `#` as a @@ -80,10 +81,10 @@ be treated as an argument. This allows statements like: # Comment RUN echo 'we are running some # of cool things' -Here is the set of instructions you can use in a Dockerfile -for building images. +Here is the set of instructions you can use in a `Dockerfile` for building +images. -## .dockerignore +## The `.dockerignore` file If a file named `.dockerignore` exists in the source repository, then it is interpreted as a newline-separated list of exclusion patterns. @@ -124,15 +125,15 @@ Or FROM : The `FROM` instruction sets the [*Base Image*](/terms/image/#base-image-def) -for subsequent instructions. As such, a valid Dockerfile must have `FROM` as +for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as its first instruction. The image can be any valid image – it is especially easy to start by **pulling an image** from the [*Public Repositories*]( /userguide/dockerrepos/#using-public-repositories). -`FROM` must be the first non-comment instruction in the Dockerfile. +`FROM` must be the first non-comment instruction in the `Dockerfile`. -`FROM` can appear multiple times within a single Dockerfile in order to create -multiple images. Simply make a note of the last image id output by the commit +`FROM` can appear multiple times within a single `Dockerfile` in order to create +multiple images. Simply make a note of the last image ID output by the commit before each new `FROM` command. If no `tag` is given to the `FROM` instruction, `latest` is assumed. If the @@ -154,7 +155,7 @@ RUN has 2 forms: The `RUN` instruction will execute any commands in a new layer on top of the current image and commit the results. The resulting committed image will be -used for the next step in the Dockerfile. +used for the next step in the `Dockerfile`. Layering `RUN` instructions and generating commits conforms to the core concepts of Docker where commits are cheap and containers can be created from @@ -163,11 +164,11 @@ any point in an image's history, much like source control. The *exec* form makes it possible to avoid shell string munging, and to `RUN` commands using a base image that does not contain `/bin/sh`. -The cache for `RUN` instructions isn't invalidated automatically during the -next build. The cache for an instruction like `RUN apt-get dist-upgrade -y` -will be reused during the next build. -The cache for `RUN` instructions can be invalidated by using the `--no-cache` -flag, for example `docker build --no-cache`. +The cache for `RUN` instructions isn't invalidated automatically during +the next build. The cache for an instruction like `RUN apt-get +dist-upgrade -y` will be reused during the next build. The cache for +`RUN` instructions can be invalidated by using the `--no-cache` flag, +for example `docker build --no-cache`. The cache for `RUN` instructions can be invalidated by `ADD` instructions. See [below](#add) for details. @@ -178,28 +179,27 @@ The cache for `RUN` instructions can be invalidated by `ADD` instructions. See permissions problems that can occur when using the AUFS file system. You might notice it during an attempt to `rm` a file, for example. The issue describes a workaround. -- [Issue 2424](https://github.com/dotcloud/docker/issues/2424) Locale will - not be set automatically. ## CMD -CMD has three forms: +The `CMD` instruction has three forms: - `CMD ["executable","param1","param2"]` (like an *exec*, this is the preferred form) - `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*) - `CMD command param1 param2` (as a *shell*) -There can only be one CMD in a Dockerfile. If you list more than one CMD -then only the last CMD will take effect. +There can only be one `CMD` instruction in a `Dockerfile`. If you list more than one `CMD` +then only the last `CMD` will take effect. -**The main purpose of a CMD is to provide defaults for an executing +**The main purpose of a `CMD` is to provide defaults for an executing container.** These defaults can include an executable, or they can omit -the executable, in which case you must specify an ENTRYPOINT as well. +the executable, in which case you must specify an `ENTRYPOINT` +instruction as well. When used in the shell or exec formats, the `CMD` instruction sets the command to be executed when running the image. -If you use the *shell* form of the CMD, then the `` will execute in +If you use the *shell* form of the `CMD`, then the `` will execute in `/bin/sh -c`: FROM ubuntu @@ -207,7 +207,7 @@ If you use the *shell* form of the CMD, then the `` will execute in If you want to **run your** `` **without a shell** then you must express the command as a JSON array and give the full path to the executable. -**This array form is the preferred format of CMD.** Any additional parameters +**This array form is the preferred format of `CMD`.** Any additional parameters must be individually expressed as strings in the array: FROM ubuntu @@ -218,7 +218,7 @@ you should consider using `ENTRYPOINT` in combination with `CMD`. See [*ENTRYPOINT*](#entrypoint). If the user specifies arguments to `docker run` then they will override the -default specified in CMD. +default specified in `CMD`. > **Note**: > don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits @@ -264,24 +264,23 @@ being built (also called the *context* of the build) or a remote file URL. `` is the absolute path to which the source will be copied inside the destination container. -All new files and directories are created with a uid and gid of 0. +All new files and directories are created with a UID and GID of 0. -In the case where `` is a remote file URL, the destination will have permissions 600. +In the case where `` is a remote file URL, the destination will +have permissions of 600. > **Note**: -> If you build by passing a Dockerfile through STDIN (`docker build - < somefile`), -> there is no build context, so the Dockerfile can only contain a URL -> based ADD statement. +> If you build by passing a `Dockerfile` through STDIN (`docker +> build - < somefile`), there is no build context, so the `Dockerfile` +> can only contain a URL based `ADD` instruction. You can also pass a +> compressed archive through STDIN: (`docker build - < archive.tar.gz`), +> the `Dockerfile` at the root of the archive and the rest of the +> archive will get used at the context of the build. -> You can also pass a compressed archive through STDIN: -> (`docker build - < archive.tar.gz`), the `Dockerfile` at the root of -> the archive and the rest of the archive will get used at the context -> of the build. -> > **Note**: -> If your URL files are protected using authentication, you will need to -> use `RUN wget` , `RUN curl` -> or use another tool from within the container as ADD does not support +> If your URL files are protected using authentication, you +> will need to use `RUN wget`, `RUN curl` or use another tool from +> within the container as the `ADD` instruction does not support > authentication. > **Note**: @@ -314,9 +313,9 @@ The copy obeys the following rules: from *remote* URLs are **not** decompressed. When a directory is copied or unpacked, it has the same behavior as `tar -x`: the result is the union of: - 1. whatever existed at the destination path and - 2. the contents of the source tree, with conflicts resolved in favor of - "2." on a file-by-file basis. + 1. Whatever existed at the destination path and + 2. The contents of the source tree, with conflicts resolved in favor + of "2." on a file-by-file basis. - If `` is any other kind of file, it is copied individually along with its metadata. In this case, if `` ends with a trailing slash `/`, it @@ -342,7 +341,7 @@ being built (also called the *context* of the build). `` is the absolute path to which the source will be copied inside the destination container. -All new files and directories are created with a uid and gid of 0. +All new files and directories are created with a UID and GID of 0. > **Note**: > If you build using STDIN (`docker build - < somefile`), there is no @@ -431,34 +430,34 @@ instructions via the Docker client, refer to [*Share Directories via Volumes*]( USER daemon -The `USER` instruction sets the username or UID to use when running the image +The `USER` instruction sets the user name or UID to use when running the image and for any following `RUN` directives. ## WORKDIR WORKDIR /path/to/workdir -The `WORKDIR` instruction sets the working directory for the `RUN`, `CMD` and -`ENTRYPOINT` Dockerfile commands that follow it. +The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD` and +`ENTRYPOINT` instructions that follow it in the `Dockerfile`. -It can be used multiple times in the one Dockerfile. If a relative path +It can be used multiple times in the one `Dockerfile`. If a relative path is provided, it will be relative to the path of the previous `WORKDIR` instruction. For example: WORKDIR /a WORKDIR b WORKDIR c RUN pwd -The output of the final `pwd` command in this -Dockerfile would be `/a/b/c`. +The output of the final `pwd` command in this Dockerfile would be +`/a/b/c`. ## ONBUILD ONBUILD [INSTRUCTION] -The `ONBUILD` instruction adds to the image a -"trigger" instruction to be executed at a later time, when the image is -used as the base for another build. The trigger will be executed in the -context of the downstream build, as if it had been inserted immediately -after the *FROM* instruction in the downstream Dockerfile. +The `ONBUILD` instruction adds to the image a *trigger* instruction to +be executed at a later time, when the image is used as the base for +another build. The trigger will be executed in the context of the +downstream build, as if it had been inserted immediately after the +`FROM` instruction in the downstream `Dockerfile`. Any build instruction can be registered as a trigger. @@ -466,33 +465,33 @@ This is useful if you are building an image which will be used as a base to build other images, for example an application build environment or a daemon which may be customized with user-specific configuration. -For example, if your image is a reusable python application builder, it +For example, if your image is a reusable Python application builder, it will require application source code to be added in a particular directory, and it might require a build script to be called *after* -that. You can't just call *ADD* and *RUN* now, because you don't yet +that. You can't just call `ADD` and `RUN` now, because you don't yet have access to the application source code, and it will be different for each application build. You could simply provide application developers -with a boilerplate Dockerfile to copy-paste into their application, but +with a boilerplate `Dockerfile` to copy-paste into their application, but that is inefficient, error-prone and difficult to update because it mixes with application-specific code. -The solution is to use *ONBUILD* to register in advance instructions to +The solution is to use `ONBUILD` to register advance instructions to run later, during the next build stage. Here's how it works: -1. When it encounters an *ONBUILD* instruction, the builder adds a +1. When it encounters an `ONBUILD` instruction, the builder adds a trigger to the metadata of the image being built. The instruction does not otherwise affect the current build. 2. At the end of the build, a list of all triggers is stored in the - image manifest, under the key *OnBuild*. They can be inspected with - *docker inspect*. + image manifest, under the key `OnBuild`. They can be inspected with + the `docker inspect` command. 3. Later the image may be used as a base for a new build, using the - *FROM* instruction. As part of processing the *FROM* instruction, - the downstream builder looks for *ONBUILD* triggers, and executes + `FROM` instruction. As part of processing the `FROM` instruction, + the downstream builder looks for `ONBUILD` triggers, and executes them in the same order they were registered. If any of the triggers - fail, the *FROM* instruction is aborted which in turn causes the - build to fail. If all triggers succeed, the FROM instruction + fail, the `FROM` instruction is aborted which in turn causes the + build to fail. If all triggers succeed, the `FROM` instruction completes and the build continues as usual. 4. Triggers are cleared from the final image after being executed. In other words they are not inherited by "grand-children" builds. @@ -504,9 +503,9 @@ For example you might add something like this: ONBUILD RUN /usr/local/bin/python-build --dir /app/src [...] -> **Warning**: Chaining ONBUILD instructions using ONBUILD ONBUILD isn't allowed. +> **Warning**: Chaining `ONBUILD` instructions using `ONBUILD ONBUILD` isn't allowed. -> **Warning**: ONBUILD may not trigger FROM or MAINTAINER instructions. +> **Warning**: The `ONBUILD` instruction may not trigger `FROM` or `MAINTAINER` instructions. ## Dockerfile Examples @@ -557,3 +556,4 @@ For example you might add something like this: # You᾿ll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with # /oink. + From 1b9bc637e6292816bc3a923a3406af3aaba356f7 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 10 Jul 2014 23:50:45 +0000 Subject: [PATCH 0228/2538] add doc Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- docs/sources/reference/run.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 1bd70e83f0..202d561df3 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -55,7 +55,7 @@ following options. - [Network Settings](#network-settings) - [Clean Up (--rm)](#clean-up-rm) - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory) - - [Runtime Privilege and LXC Configuration](#runtime-privilege-and-lxc-configuration) + - [Runtime Privilege, Linux Capabilities, and LXC Configuration](#runtime-privilege-linux-capabilities-and-lxc-configuration) ## Detached vs Foreground @@ -222,8 +222,10 @@ get the same proportion of CPU cycles, but you can tell the kernel to give more shares of CPU time to one or more containers when you start them via Docker. -## Runtime Privilege and LXC Configuration +## Runtime Privilege, Linux Capabilities, and LXC Configuration + --cap-add: Add Linux capabilities + --cap-drop: Drop Linux capabilities --privileged=false: Give extended privileges to this container --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" @@ -242,6 +244,16 @@ host as processes running outside containers on the host. Additional information about running with `--privileged` is available on the [Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/). +In addition to `--privileged` the operator can have fine grain control over the +capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default +list of capabilities that are kept. Both flags support the value `all`, so if the +operator wants to have all capabilities but `MKNOD` they could use: + + $ docker run --cap-add=ALL --cap-drop=MKNOD ... + +For interacting with the network stack, instead of using `--privileged` they +should use `--cap-add=NET_ADMIN` to modify the network interfaces. + If the Docker daemon was started using the `lxc` exec-driver (`docker -d --exec-driver=lxc`) then the operator can also specify LXC options using one or more `--lxc-conf` parameters. These can be new parameters or From 4a685c6482ebbed22756678b3d26d34912f3f795 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 11 Jul 2014 23:24:44 +0000 Subject: [PATCH 0229/2538] update api doc Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 202d561df3..f8ced8d734 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -244,7 +244,7 @@ host as processes running outside containers on the host. Additional information about running with `--privileged` is available on the [Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/). -In addition to `--privileged` the operator can have fine grain control over the +In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default list of capabilities that are kept. Both flags support the value `all`, so if the operator wants to have all capabilities but `MKNOD` they could use: From bfc4403d5f9e9611f686a5618d98b8210c3e72a4 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Sat, 28 Jun 2014 23:09:23 -0600 Subject: [PATCH 0230/2538] Update bash completion for "docker run --link" and "docker run -v" to complete on running containers and the local filesystem respectively Also, add completion for "docker run -a" ("stdin", "stdout", and "stderr"), "docker run --env-file" (local filesystem), and some other minor code style tweaks. Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- contrib/completion/bash/docker | 37 +++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4cefefabc2..d6d622ff33 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -485,21 +485,52 @@ _docker_rmi() _docker_run() { case "$prev" in - --cidfile) + -a|--attach) + COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) + return + ;; + --cidfile|--env-file) _filedir + return ;; --volumes-from) __docker_containers_all + return ;; -v|--volume) - # TODO something magical with colons and _filedir ? + case "$cur" in + *:*) + # TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine) + ;; + '') + COMPREPLY=( $( compgen -W '/' -- "$cur" ) ) + compopt -o nospace + ;; + /*) + _filedir + compopt -o nospace + ;; + esac return ;; -e|--env) COMPREPLY=( $( compgen -e -- "$cur" ) ) + compopt -o nospace return ;; - --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf) + --link) + case "$cur" in + *:*) + ;; + *) + __docker_containers_running + COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) + compopt -o nospace + ;; + esac + return + ;; + --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf) return ;; *) From ff64867b751ba7ba86a14f7583935e9f503dfb38 Mon Sep 17 00:00:00 2001 From: Henning Sprang Date: Tue, 15 Jul 2014 22:24:08 +0200 Subject: [PATCH 0231/2538] Adjust Link description to match target The target document headline is "Managing data in containers" and so should the link be named. --- docs/sources/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index f8ced8d734..9e4ba574df 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -435,8 +435,8 @@ mechanism to communicate with a linked container by its alias: --volumes-from="": Mount all volumes from the given container(s) The volumes commands are complex enough to have their own documentation -in section [*Share Directories via -Volumes*](/userguide/dockervolumes/#volume-def). A developer can define +in section [*Managing data in +containers*](/userguide/dockervolumes/#volume-def). A developer can define one or more `VOLUME`'s associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). From c0199886cd387baf102077c0225655f6ec4cdf68 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Sun, 22 Jun 2014 16:33:19 -0700 Subject: [PATCH 0232/2538] Add cli.md documentation for docker-pause and docker-unpause Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e9d21cac47..e31e3eee45 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -760,6 +760,12 @@ log entry. Lookup the public-facing port that is NAT-ed to PRIVATE_PORT +## pause + + Usage: docker pause CONTAINER + + Pause all processes within a container + ## ps Usage: docker ps [OPTIONS] @@ -1263,6 +1269,12 @@ them to [*Share Images via Repositories*]( Display the running processes of a container +## unpause + + Usage: docker unpause CONTAINER + + Pause all processes within a container + ## version Usage: docker version From ed82ad88daed7f3eef458252ff1ad827e5405b3d Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Tue, 8 Jul 2014 21:47:55 -0400 Subject: [PATCH 0233/2538] Add cgroups freezer info Docker-DCO-1.1-Signed-off-by: Brian Goff (github: cpuguy83) Docker-DCO-1.1-Signed-off-by: Brian Goff (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e31e3eee45..d75f2b1443 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -764,7 +764,14 @@ log entry. Usage: docker pause CONTAINER - Pause all processes within a container + Pause uses the cgroups freezer to suspend all processes in a container. + Traditionally when suspending a process the SIGSTOP signal is used, + which is observable by the process being suspended. With the cgroups freezer + the process is unaware, and unable to capture, that it is being suspended, + and subsequently resumed. + + For for information on the cgroups freezer see: + https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt ## ps @@ -1273,7 +1280,7 @@ them to [*Share Images via Repositories*]( Usage: docker unpause CONTAINER - Pause all processes within a container + Resumes a paused container. ## version From 4cb8ed8f9d7a6804f9232bfe81815c4a54e39ef3 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Tue, 15 Jul 2014 10:02:29 +1000 Subject: [PATCH 0234/2538] re-jig the info into all the places Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 24 ++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d75f2b1443..dac7c1610b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -764,14 +764,17 @@ log entry. Usage: docker pause CONTAINER - Pause uses the cgroups freezer to suspend all processes in a container. - Traditionally when suspending a process the SIGSTOP signal is used, - which is observable by the process being suspended. With the cgroups freezer - the process is unaware, and unable to capture, that it is being suspended, - and subsequently resumed. + Pause all processes within a container - For for information on the cgroups freezer see: - https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt +The `docker pause` command uses the cgroups freezer to suspend all processes in +a container. Traditionally when suspending a process the `SIGSTOP` signal is +used, which is observable by the process being suspended. With the cgroups freezer +the process is unaware, and unable to capture, that it is being suspended, +and subsequently resumed. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +further details. ## ps @@ -1282,6 +1285,13 @@ them to [*Share Images via Repositories*]( Resumes a paused container. +The `docker unpause` command uses the cgroups freezer to un-suspend all +processes in a container. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +further details. + ## version Usage: docker version From 6f99c854b621e5d3f7ba33cf963c4ff5d933d62a Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Thu, 17 Jul 2014 19:50:50 +0200 Subject: [PATCH 0235/2538] zsh: update zsh completion for docker command zsh completion is updated with the content of felixr/docker-zsh-completion. Docker-DCO-1.1-Signed-off-by: Vincent Bernat (github: vincentbernat) --- contrib/completion/zsh/_docker | 295 ++++++++++++++++++++++++++------- 1 file changed, 234 insertions(+), 61 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3f96f00ef7..faf17b2bea 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1,58 +1,118 @@ -#compdef docker +#compdef docker # # zsh completion for docker (http://docker.com) # -# version: 0.2.2 -# author: Felix Riedel -# license: BSD License +# version: 0.3.0 # github: https://github.com/felixr/docker-zsh-completion # +# contributers: +# - Felix Riedel +# - Vincent Bernat +# +# license: +# +# Copyright (c) 2013, Felix Riedel +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# __parse_docker_list() { - sed -e '/^ID/d' -e 's/[ ]\{2,\}/|/g' -e 's/ \([hdwm]\)\(inutes\|ays\|ours\|eeks\)/\1/' | awk ' BEGIN {FS="|"} { printf("%s:%7s, %s\n", $1, $4, $2)}' + awk ' +NR == 1 { + idx=1;i=0;f[i]=0 + header=$0 + while ( match(header, / ([A-Z]+|[A-Z]+ [A-Z]+)/) ) { + idx += RSTART+1 + f[++i]=idx + header = substr($0,idx) + } + f[++i]=999 +} + +NR > 1 '"$1"' { + for(j=0;j 1){printf("%s\\:%s\n", $1,$2)}')"}) - images=($images ${(f)"$(docker images | awk '(NR > 1){printf("%s:%-15s in %s\n", $3,$2,$1)}')"}) + images=(${(f)"$(_call_program commands docker images | awk '(NR > 1 && $1 != ""){printf("%s", $1);if ($2 != "") printf("\\:%s", $2); printf("\n")}')"}) + images=($images ${(f)"$(_call_program commands docker images | awk '(NR > 1){printf("%s:%-15s in %s\n", $3,$2,$1)}')"}) _describe -t docker-images "Images" images } __docker_tags() { local expl declare -a tags - tags=(${(f)"$(docker images | awk '(NR>1){print $2}'| sort | uniq)"}) + tags=(${(f)"$(_call_program commands docker images | awk '(NR>1){print $2}'| sort | uniq)"}) _describe -t docker-tags "tags" tags } +__docker_repositories_with_tags() { + if compset -P '*:'; then + __docker_tags + else + __docker_repositories -qS ":" + fi +} + __docker_search() { # declare -a dockersearch local cache_policy zstyle -s ":completion:${curcontext}:" cache-policy cache_policy if [[ -z "$cache_policy" ]]; then - zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy + zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy fi local searchterm cachename @@ -60,14 +120,14 @@ __docker_search() { cachename=_docker-search-$searchterm local expl - local -a result + local -a result if ( [[ ${(P)+cachename} -eq 0 ]] || _cache_invalid ${cachename#_} ) \ && ! _retrieve_cache ${cachename#_}; then _message "Searching for ${searchterm}..." - result=(${(f)"$(docker search ${searchterm} | awk '(NR>2){print $1}')"}) + result=(${(f)"$(_call_program commands docker search ${searchterm} | awk '(NR>2){print $1}')"}) _store_cache ${cachename#_} result - fi - _wanted dockersearch expl 'Available images' compadd -a result + fi + _wanted dockersearch expl 'Available images' compadd -a result } __docker_caching_policy() @@ -81,8 +141,8 @@ __docker_caching_policy() __docker_repositories () { local expl declare -a repos - repos=(${(f)"$(docker images | sed -e '1d' -e 's/[ ].*//' | sort | uniq)"}) - _describe -t docker-repos "Repositories" repos + repos=(${(f)"$(_call_program commands docker images | sed -e '1d' -e 's/[ ].*//' | sort | uniq)"}) + _describe -t docker-repos "Repositories" repos "$@" } __docker_commands () { @@ -91,15 +151,15 @@ __docker_commands () { zstyle -s ":completion:${curcontext}:" cache-policy cache_policy if [[ -z "$cache_policy" ]]; then - zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy + zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy fi if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands) \ - && ! _retrieve_cache docker_subcommands; + && ! _retrieve_cache docker_subcommands; then - _docker_subcommands=(${${(f)"$(_call_program commands + _docker_subcommands=(${${(f)"$(_call_program commands docker 2>&1 | sed -e '1,6d' -e '/^[ ]*$/d' -e 's/[ ]*\([^ ]\+\)\s*\([^ ].*\)/\1:\2/' )"}}) - _docker_subcommands=($_docker_subcommands 'help:Show help for a command') + _docker_subcommands=($_docker_subcommands 'help:Show help for a command') _store_cache docker_subcommands _docker_subcommands fi _describe -t docker-commands "docker command" _docker_subcommands @@ -108,100 +168,206 @@ __docker_commands () { __docker_subcommand () { local -a _command_args case "$words[1]" in - (attach|wait) - _arguments ':containers:__docker_runningcontainers' + (attach) + _arguments \ + '--no-stdin[Do not attach stdin]' \ + '--sig-proxy[Proxify all received signal]' \ + ':containers:__docker_runningcontainers' ;; (build) _arguments \ - '-t=-:repository:__docker_repositories' \ + '--no-cache[Do not use cache when building the image]' \ + '-q[Suppress verbose build output]' \ + '--rm[Remove intermediate containers after a successful build]' \ + '-t=-:repository:__docker_repositories_with_tags' \ ':path or URL:_directories' ;; (commit) _arguments \ + '--author=-[Author]:author: ' \ + '-m=-[Commit message]:message: ' \ + '--run=-[Configuration automatically applied when the image is run]:configuration: ' \ ':container:__docker_containers' \ - ':repository:__docker_repositories' \ - ':tag: ' + ':repository:__docker_repositories_with_tags' ;; - (diff|export|logs) + (cp) + _arguments \ + ':container:->container' \ + ':hostpath:_files' + case $state in + (container) + if compset -P '*:'; then + _files + else + __docker_containers -qS ":" + fi + ;; + esac + ;; + (diff|export) _arguments '*:containers:__docker_containers' ;; (history) - _arguments '*:images:__docker_images' + _arguments \ + '--no-trunc[Do not truncate output]' \ + '-q[Only show numeric IDs]' \ + '*:images:__docker_images' ;; (images) _arguments \ '-a[Show all images]' \ + '--no-trunc[Do not truncate output]' \ + '-q[Only show numeric IDs]' \ + '--tree[Output graph in tree format]' \ + '--viz[Output graph in graphviz format]' \ ':repository:__docker_repositories' ;; (inspect) - _arguments '*:containers:__docker_containers' + _arguments \ + '--format=-[Format the output using the given go template]:template: ' \ + '*:containers:__docker_containers' ;; - (history) - _arguments ':images:__docker_images' + (import) + _arguments \ + ':URL:(- http:// file://)' \ + ':repository:__docker_repositories_with_tags' + ;; + (info) + ;; + (import) + _arguments \ + ':URL:(- http:// file://)' \ + ':repository:__docker_repositories_with_tags' + ;; + (insert) + _arguments '1:containers:__docker_containers' \ + '2:URL:(http:// file://)' \ + '3:file:_files' ;; (kill) _arguments '*:containers:__docker_runningcontainers' ;; + (load) + ;; + (login) + _arguments \ + '-e=-[Email]:email: ' \ + '-p=-[Password]:password: ' \ + '-u=-[Username]:username: ' \ + ':server: ' + ;; + (logs) + _arguments \ + '-f[Follow log output]' \ + '*:containers:__docker_containers' + ;; (port) - _arguments '1:containers:__docker_runningcontainers' + _arguments \ + '1:containers:__docker_runningcontainers' \ + '2:port:_ports' ;; (start) - _arguments '*:containers:__docker_stoppedcontainers' + _arguments \ + '-a[Attach container'"'"'s stdout/stderr and forward all signals]' \ + '-i[Attach container'"'"'s stding]' \ + '*:containers:__docker_stoppedcontainers' ;; (rm) - _arguments '-v[Remove the volumes associated to the container]' \ + _arguments \ + '--link[Remove the specified link and not the underlying container]' \ + '-v[Remove the volumes associated to the container]' \ '*:containers:__docker_stoppedcontainers' ;; (rmi) - _arguments '-v[Remove the volumes associated to the container]' \ + _arguments \ '*:images:__docker_images' ;; - (top) - _arguments '1:containers:__docker_runningcontainers' - ;; (restart|stop) _arguments '-t=-[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)' \ '*:containers:__docker_runningcontainers' ;; (top) - _arguments ':containers:__docker_runningcontainers' + _arguments \ + '1:containers:__docker_runningcontainers' \ + '(-)*:: :->ps-arguments' + case $state in + (ps-arguments) + _ps + ;; + esac + ;; (ps) - _arguments '-a[Show all containers. Only running containers are shown by default]' \ - '-h[Show help]' \ - '--before-id=-[Show only container created before Id, include non-running one]:containers:__docker_containers' \ - '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' + _arguments \ + '-a[Show all containers]' \ + '--before=-[Show only container created before...]:containers:__docker_containers' \ + '-l[Show only the latest created container]' \ + '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' \ + '--no-trunc[Do not truncate output]' \ + '-q[Only show numeric IDs]' \ + '-s[Display sizes]' \ + '--since=-[Show only containers created since...]:containers:__docker_containers' ;; (tag) _arguments \ '-f[force]'\ ':image:__docker_images'\ - ':repository:__docker_repositories' \ - ':tag:__docker_tags' + ':repository:__docker_repositories_with_tags' ;; (run) _arguments \ - '-a=-[Attach to stdin, stdout or stderr]:toggle:(true false)' \ - '-c=-[CPU shares (relative weight)]:CPU shares: ' \ + '-P[Publish all exposed ports to the host]' \ + '-a[Attach to stdin, stdout or stderr]' \ + '-c=-[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)' \ + '--cidfile=-[Write the container ID to the file]:CID file:_files' \ '-d[Detached mode: leave the container running in the background]' \ - '*--dns=[Set custom dns servers]:dns server: ' \ - '*-e=[Set environment variables]:environment variable: ' \ + '*--dns=-[Set custom dns servers]:dns server: ' \ + '*-e=-[Set environment variables]:environment variable: ' \ '--entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \ + '*--expose=-[Expose a port from the container without publishing it]: ' \ '-h=-[Container host name]:hostname:_hosts' \ '-i[Keep stdin open even if not attached]' \ + '--link=-[Add link to another container]:link:->link' \ + '--lxc-conf=-[Add custom lxc options]:lxc options: ' \ '-m=-[Memory limit (in bytes)]:limit: ' \ - '*-p=-[Expose a container''s port to the host]:port:_ports' \ - '-t=-[Allocate a pseudo-tty]:toggle:(true false)' \ + '--name=-[Container name]:name: ' \ + '*-p=-[Expose a container'"'"'s port to the host]:port:_ports' \ + '--privileged[Give extended privileges to this container]' \ + '--rm[Remove intermediate containers when it exits]' \ + '--sig-proxy[Proxify all received signal]' \ + '-t[Allocate a pseudo-tty]' \ '-u=-[Username or UID]:user:_users' \ '*-v=-[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\ '--volumes-from=-[Mount volumes from the specified container]:volume: ' \ + '-w=-[Working directory inside the container]:directory:_directories' \ '(-):images:__docker_images' \ '(-):command: _command_names -e' \ '*::arguments: _normal' - ;; + + case $state in + (link) + if compset -P '*:'; then + _wanted alias expl 'Alias' compadd -E "" + else + __docker_runningcontainers -qS ":" + fi + ;; + esac + + ;; (pull|search) _arguments ':name:__docker_search' ;; + (push) + _arguments ':repository:__docker_repositories_with_tags' + ;; + (save) + _arguments \ + ':images:__docker_images' + ;; + (wait) + _arguments ':containers:__docker_runningcontainers' + ;; (help) _arguments ':subcommand:__docker_commands' ;; @@ -212,24 +378,31 @@ __docker_subcommand () { } _docker () { + # Support for subservices, which allows for `compdef _docker docker-shell=_docker_containers`. + # Based on /usr/share/zsh/functions/Completion/Unix/_git without support for `ret`. + if [[ $service != docker ]]; then + _call_function - _$service + return + fi + local curcontext="$curcontext" state line typeset -A opt_args _arguments -C \ '-H=-[tcp://host:port to bind/connect to]:socket: ' \ '(-): :->command' \ - '(-)*:: :->option-or-argument' + '(-)*:: :->option-or-argument' if (( CURRENT == 1 )); then fi - case $state in + case $state in (command) __docker_commands ;; (option-or-argument) curcontext=${curcontext%:*:*}:docker-$words[1]: - __docker_subcommand + __docker_subcommand ;; esac } From dbec9b15d4a40db79cb0288e0fffd28bf6029e5a Mon Sep 17 00:00:00 2001 From: Fred Lifton Date: Wed, 16 Jul 2014 16:39:44 -0700 Subject: [PATCH 0236/2538] Added info re: image[:tag] to make docs consistent. Fixed a markdown issue. Closes issue #6833 Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) --- docs/sources/reference/run.md | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 9e4ba574df..903d750d74 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -26,18 +26,16 @@ see [*Option types*](/reference/commandline/cli/#option-types). The list of `[OPTIONS]` breaks down into two groups: 1. Settings exclusive to operators, including: - - - Detached or Foreground running, - - Container Identification, - - Network settings, and - - Runtime Constraints on CPU and Memory - - Privileges and LXC Configuration - -2. Setting shared between operators and developers, where operators can + * Detached or Foreground running, + * Container Identification, + * Network settings, and + * Runtime Constraints on CPU and Memory + * Privileges and LXC Configuration +2. Settings shared between operators and developers, where operators can override defaults developers set in images at build time. -Together, the `docker run [OPTIONS]` give complete control over runtime -behavior to the operator, allowing them to override all defaults set by +Together, the `docker run [OPTIONS]` give the operator complete control over runtime +behavior, allowing them to override all defaults set by the developer during `docker build` and nearly all the defaults set by the Docker runtime itself. @@ -126,6 +124,12 @@ programs might write out their process ID to a file (you've seen them as PID files): --cidfile="": Write the container ID to the file + +### Image[:tag] + +While not strictly a means of identifying a container, you can specify a version of an +image you'd like to run the container with by adding `image[:tag]` to the command. For +example, `docker run ubuntu:14.04`. ## Network Settings From eaca49cde5ccc80030ad569f2ea7feea12576c86 Mon Sep 17 00:00:00 2001 From: "Daniel, Dao Quang Minh" Date: Fri, 27 Jun 2014 02:52:36 -0400 Subject: [PATCH 0237/2538] Add logout command "docker logout [SERVER]" will remove the registry server' credentials from .dockercfg file. If a server is not specified, it will log user out of the default docker registry server Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh (github: dqminh) --- docs/sources/reference/commandline/cli.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index dac7c1610b..43acb17578 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -732,6 +732,15 @@ specify this by adding the server name. example: $ docker login localhost:8080 +## logout + + Usage: docker logout [SERVER] + + Log the user out of a docker registry server, if no server is specified "https://index.docker.io/v1/" is the default. + + example: + $ docker logout localhost:8080 + ## logs Usage: docker logs CONTAINER From c66ab76c1ad175918b1e89576a6ded8aa619478a Mon Sep 17 00:00:00 2001 From: "Daniel, Dao Quang Minh" Date: Sun, 29 Jun 2014 13:10:20 -0400 Subject: [PATCH 0238/2538] fix doc references Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh (github: dqminh) --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 43acb17578..56acc33310 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -736,7 +736,7 @@ specify this by adding the server name. Usage: docker logout [SERVER] - Log the user out of a docker registry server, if no server is specified "https://index.docker.io/v1/" is the default. + Log out from a Docker registry, if no server is specified "https://index.docker.io/v1/" is the default. example: $ docker logout localhost:8080 From 73a3580711a44b5d3ad7cca8190ef65cdf3ab092 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Fri, 18 Jul 2014 12:32:04 -0400 Subject: [PATCH 0239/2538] Update docs on --sig-proxy to indicate that SIGKILL and SIGSTOP cannot be proxied Docker-DCO-1.1-Signed-off-by: Matt Heon (github: mheon) --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 56acc33310..f1142d2a4f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -135,7 +135,7 @@ like this: Attach to a running container --no-stdin=false Do not attach STDIN - --sig-proxy=true Proxify all received signals to the process (even in non-TTY mode). SIGCHLD is not proxied. + --sig-proxy=true Proxy all received signals to the process (even in non-TTY mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The `attach` command will allow you to view or interact with any running container, detached (`-d`) @@ -981,7 +981,7 @@ removed before the image is removed. (use 'docker port' to see the actual mapping) --privileged=false Give extended privileges to this container --rm=false Automatically remove the container when it exits (incompatible with -d) - --sig-proxy=true Proxify received signals to the process (even in non-tty mode). SIGCHLD is not proxied. + --sig-proxy=true Proxy received signals to the process (even in non-tty mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. -t, --tty=false Allocate a pseudo-tty -u, --user="" Username or UID -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container) From a5b9d338c1d02807e00b2243c45ce0e02ce6324f Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Wed, 23 Jul 2014 12:40:10 +1000 Subject: [PATCH 0240/2538] user facing documentation changes in master atm Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 33 ++++++++++++----------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f1142d2a4f..8b03531fc8 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -738,7 +738,8 @@ specify this by adding the server name. Log out from a Docker registry, if no server is specified "https://index.docker.io/v1/" is the default. - example: +For example: + $ docker logout localhost:8080 ## logs @@ -953,20 +954,23 @@ removed before the image is removed. Run a command in a new container - -a, --attach=[] Attach to stdin, stdout or stderr. + -a, --attach=[] Attach to STDIN, STDOUT or STDERR. -c, --cpu-shares=0 CPU shares (relative weight) + --cap-add=[] Add Linux capabilities + --cap-drop=[] Drop Linux capabilities --cidfile="" Write the container ID to the file --cpuset="" CPUs in which to allow execution (0-3, 0,1) - -d, --detach=false Detached mode: Run container in the background, print new container id - --dns=[] Set custom dns servers - --dns-search=[] Set custom dns search domains + -d, --detach=false Detached mode: run container in the background and print new container ID + --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc) + --dns=[] Set custom DNS servers + --dns-search=[] Set custom DNS search domains -e, --env=[] Set environment variables - --entrypoint="" Overwrite the default entrypoint of the image - --env-file=[] Read in a line delimited file of ENV variables + --entrypoint="" Overwrite the default ENTRYPOINT of the image + --env-file=[] Read in a line delimited file of environment variables --expose=[] Expose a port from the container without publishing it to your host -h, --hostname="" Container host name - -i, --interactive=false Keep stdin open even if not attached - --link=[] Add link to another container (name:alias) + -i, --interactive=false Keep STDIN open even if not attached + --link=[] Add link to another container in the form of name:alias --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -m, --memory="" Memory limit (format: , where unit = b, k, m or g) --name="" Assign a name to the container @@ -981,12 +985,11 @@ removed before the image is removed. (use 'docker port' to see the actual mapping) --privileged=false Give extended privileges to this container --rm=false Automatically remove the container when it exits (incompatible with -d) - --sig-proxy=true Proxy received signals to the process (even in non-tty mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. - -t, --tty=false Allocate a pseudo-tty + --sig-proxy=true Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. + -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID - -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from docker: -v /container) + -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) --volumes-from=[] Mount volumes from the specified container(s) - --device=[] Add a host device to the container (e.g. --device=/dev/sdc[:/dev/xvdc[:rwm]]) -w, --workdir="" Working directory inside the container The `docker run` command first `creates` a writeable container layer over the @@ -1272,7 +1275,7 @@ grace period, SIGKILL ## tag - Usage: docker tag [OPTIONS] IMAGE [REGISTRYHOST/][USERNAME/]NAME[:TAG] + Usage: docker tag [OPTIONS] IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG] Tag an image into a repository @@ -1292,7 +1295,7 @@ them to [*Share Images via Repositories*]( Usage: docker unpause CONTAINER - Resumes a paused container. + Unpause all processes within a container The `docker unpause` command uses the cgroups freezer to un-suspend all processes in a container. From 4fc06d1790f38a1fc89955b88905ebfa90b4fcd9 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 24 Jul 2014 22:19:50 +0000 Subject: [PATCH 0241/2538] update go import path and libcontainer Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- docs/README.md | 2 +- docs/sources/reference/builder.md | 2 +- docs/sources/reference/commandline/cli.md | 12 ++++++------ docs/sources/reference/run.md | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/README.md b/docs/README.md index 17299401e7..ba1feb50d4 100755 --- a/docs/README.md +++ b/docs/README.md @@ -5,7 +5,7 @@ Markdown, as implemented by [MkDocs](http://mkdocs.org). The HTML files are built and hosted on `https://docs.docker.com`, and update automatically after each change to the master or release branch of [Docker on -GitHub](https://github.com/dotcloud/docker) thanks to post-commit hooks. The +GitHub](https://github.com/docker/docker) thanks to post-commit hooks. The `docs` branch maps to the "latest" documentation and the `master` (unreleased development) branch maps to the "master" documentation. diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 57ddb52984..680fe2642f 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -175,7 +175,7 @@ The cache for `RUN` instructions can be invalidated by `ADD` instructions. See ### Known Issues (RUN) -- [Issue 783](https://github.com/dotcloud/docker/issues/783) is about file +- [Issue 783](https://github.com/docker/docker/issues/783) is about file permissions problems that can occur when using the AUFS file system. You might notice it during an attempt to `rm` a file, for example. The issue describes a workaround. diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8b03531fc8..9a5ace4716 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -117,7 +117,7 @@ you can also specify individual sockets too `docker -d -H fd://3`. If the specified socket activated files aren't found then docker will exit. You can find examples of using systemd socket activation with docker and systemd in the [docker source tree]( -https://github.com/dotcloud/docker/blob/master/contrib/init/systemd/socket-activation/). +https://github.com/docker/docker/blob/master/contrib/init/systemd/socket-activation/). Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set @@ -396,9 +396,9 @@ For example: A /go A /go/src A /go/src/github.com - A /go/src/github.com/dotcloud - A /go/src/github.com/dotcloud/docker - A /go/src/github.com/dotcloud/docker/.git + A /go/src/github.com/docker + A /go/src/github.com/docker/docker + A /go/src/github.com/docker/docker/.git .... ## events @@ -871,7 +871,7 @@ registry or to a self-hosted one. ### Known Issues (rm) -- [Issue 197](https://github.com/dotcloud/docker/issues/197) indicates +- [Issue 197](https://github.com/docker/docker/issues/197) indicates that `docker kill` may leave directories behind and make it difficult to remove the container. @@ -1008,7 +1008,7 @@ and linking containers. ### Known Issues (run –volumes-from) -- [Issue 2702](https://github.com/dotcloud/docker/issues/2702): +- [Issue 2702](https://github.com/docker/docker/issues/2702): "lxc-start: Permission denied - failed to mount" could indicate a permissions problem with AppArmor. Please see the issue for a workaround. diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 903d750d74..a933a32bea 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -86,7 +86,7 @@ and pass along signals. All of that is configurable: -i=false : Keep STDIN open even if not attached If you do not specify `-a` then Docker will [attach all standard -streams]( https://github.com/dotcloud/docker/blob/ +streams]( https://github.com/docker/docker/blob/ 75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). You can specify to which of the three standard streams (`STDIN`, `STDOUT`, `STDERR`) you'd like to connect instead, as in: @@ -237,7 +237,7 @@ By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a "privileged" container is given access to all devices (see [lxc-template.go]( -https://github.com/dotcloud/docker/blob/master/daemon/execdriver/lxc/lxc_template.go) +https://github.com/docker/docker/blob/master/daemon/execdriver/lxc/lxc_template.go) and documentation on [cgroups devices]( https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). @@ -262,7 +262,7 @@ If the Docker daemon was started using the `lxc` exec-driver (`docker -d --exec-driver=lxc`) then the operator can also specify LXC options using one or more `--lxc-conf` parameters. These can be new parameters or override existing parameters from the [lxc-template.go]( -https://github.com/dotcloud/docker/blob/master/daemon/execdriver/lxc/lxc_template.go). +https://github.com/docker/docker/blob/master/daemon/execdriver/lxc/lxc_template.go). Note that in the future, a given host's docker daemon may not use LXC, so this is an implementation-specific configuration meant for operators already familiar with using LXC directly. From c290eb9a8c92c32c8b69913195f21e9169c5c602 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 23 Jul 2014 14:44:17 +0200 Subject: [PATCH 0242/2538] Fix incorrect path in ENTRYPOINT example The ENTRYPOINT example uses "/usr/bin/ls" as path, but `ls` is located at `/bin/ls`. Docker-DCO-1.1-Signed-off-by: Sebastiaan van Stijn (github: thaJeztah) --- docs/sources/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 680fe2642f..80035c1e9d 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -409,7 +409,7 @@ optional but default, you could use a `CMD` instruction: FROM ubuntu CMD ["-l"] - ENTRYPOINT ["/usr/bin/ls"] + ENTRYPOINT ["ls"] > **Note**: > It is preferable to use the JSON array format for specifying From 0e2490cad0016e5a437f8379b079d1ef9920e677 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Thu, 24 Jul 2014 11:42:38 -0400 Subject: [PATCH 0243/2538] Add OS to docker info Docker-DCO-1.1-Signed-off-by: Tibor Vass (github: tiborvass) --- docs/sources/reference/commandline/cli.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 9a5ace4716..83590a60e1 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -605,18 +605,19 @@ tar, then the ownerships might not get preserved. For example: $ sudo docker -D info - Containers: 16 - Images: 2138 + Containers: 14 + Images: 52 Storage Driver: btrfs - Execution Driver: native-0.1 - Kernel Version: 3.12.0-1-amd64 + Execution Driver: native-0.2 + Kernel Version: 3.13.0-24-generic + Operating System: Ubuntu 14.04 LTS Debug mode (server): false Debug mode (client): true - Fds: 16 - Goroutines: 104 + Fds: 10 + Goroutines: 9 EventsListeners: 0 Init Path: /usr/bin/docker - Sockets: [unix:///var/run/docker.sock tcp://0.0.0.0:4243] + Sockets: [unix:///var/run/docker.sock] Username: svendowideit Registry: [https://index.docker.io/v1/] From cc74364de9aa3ceaf776b393d60eb86f64f706b5 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 7 Jul 2014 12:06:34 -0600 Subject: [PATCH 0244/2538] Standardize "apt-get install" usage across the repo I might have missed some, but I think this is most of the offenders. Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- docs/sources/reference/builder.md | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 80035c1e9d..730d176efb 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -516,23 +516,16 @@ For example you might add something like this: FROM ubuntu MAINTAINER Victor Vieux - # make sure the package repository is up to date - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update - - RUN apt-get install -y inotify-tools nginx apache2 openssh-server + RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server # Firefox over VNC # # VERSION 0.3 FROM ubuntu - # make sure the package repository is up to date - RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list - RUN apt-get update # Install vnc, xvfb in order to create a 'fake' display and firefox - RUN apt-get install -y x11vnc xvfb firefox + RUN apt-get update && apt-get install -y x11vnc xvfb firefox RUN mkdir /.vnc # Setup a password RUN x11vnc -storepasswd 1234 ~/.vnc/passwd From 83b89cd5cd1618a8188f9ebd3aa387a146abbed6 Mon Sep 17 00:00:00 2001 From: LK4D4 Date: Sun, 3 Aug 2014 12:28:25 +0400 Subject: [PATCH 0245/2538] Fix example of relative WORKDIR Docker-DCO-1.1-Signed-off-by: Alexandr Morozov (github: LK4D4) --- docs/sources/reference/builder.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 730d176efb..73f48b8248 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -444,7 +444,10 @@ It can be used multiple times in the one `Dockerfile`. If a relative path is provided, it will be relative to the path of the previous `WORKDIR` instruction. For example: - WORKDIR /a WORKDIR b WORKDIR c RUN pwd + WORKDIR /a + WORKDIR b + WORKDIR c + RUN pwd The output of the final `pwd` command in this Dockerfile would be `/a/b/c`. From 6d9e4e513aaf7ed61348bdb06430b0a002cdd6a7 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 5 Aug 2014 16:43:33 -0400 Subject: [PATCH 0246/2538] Docker should use /var/lib/container/tmp for large temporary files. /tmp is often a tmpfs file system and large temporary files could cause docker commands to fail. Also using /tmp potentially allows users on the system to get access to content, or even attack the content. Moving the tmpdir to /var/lib/container/tmp will protect the data. Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) Conflicts: docker/docker.go --- docs/sources/reference/commandline/cli.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 83590a60e1..83cd56a206 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -120,12 +120,11 @@ systemd in the [docker source tree]( https://github.com/docker/docker/blob/master/contrib/init/systemd/socket-activation/). Docker supports softlinks for the Docker data directory -(`/var/lib/docker`) and for `/tmp`. TMPDIR and the data directory can be set -like this: +(`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this: - TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 + DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 # or - export TMPDIR=/mnt/disk2/tmp + export DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 ## attach From 3c5c02ba5a3aa9bce27d62a6e4738cbab9007184 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 7 Aug 2014 14:50:59 -0400 Subject: [PATCH 0247/2538] Revert `rm -f` deprecation use SIGKILL instead `rm -f` was originally deprecated in favor of `rm --stop/--kill` since `rm -f` was sending SIGTERM and potentially very slow. Instead this will bring back `rm -f` but use SIGKILL isntead Docker-DCO-1.1-Signed-off-by: Brian Goff (github: cpuguy83) --- docs/sources/reference/commandline/cli.md | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 83cd56a206..3ee0c81761 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -864,8 +864,7 @@ registry or to a self-hosted one. Remove one or more containers - -s, --stop=false Stop and remove a running container - -k, --kill=false Kill and remove a running container + -f, --force=false Force removal of a running container. Uses SIGKILL to stop the container. -l, --link=false Remove the specified link and not the underlying container -v, --volumes=false Remove the volumes associated with the container @@ -890,21 +889,12 @@ This will remove the underlying link between `/webapp` and the `/redis` containers removing all network communication. - $ sudo docker rm --stop redis - redis - -The main process inside the container referenced under the link `/redis` will receive -SIGTERM, and after a grace period, SIGKILL, then the container will be removed. - - $ sudo docker rm --kill redis + $ sudo docker rm --force redis redis The main process inside the container referenced under the link `/redis` will receive SIGKILL, then the container will be removed. -NOTE: If you try to use `stop` and `kill` simultaneously, Docker will return an error. - - $ sudo docker rm $(docker ps -a -q) This command will delete all stopped containers. The command `docker ps -a -q` will return all existing container From e77887585855327ca452a8aa0df209fdfbb66d82 Mon Sep 17 00:00:00 2001 From: satoru Date: Thu, 7 Aug 2014 14:39:14 +0800 Subject: [PATCH 0248/2538] Make it clear that JSON array format should be used if CMD is used as default arguments Signed-off-by: Xuecong Liao --- docs/sources/reference/builder.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 73f48b8248..5788e8167f 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -196,6 +196,11 @@ container.** These defaults can include an executable, or they can omit the executable, in which case you must specify an `ENTRYPOINT` instruction as well. +> **Note**: +> If `CMD` is used to provide default arguments for the `ENTRYPOINT` +> instruction, both the `CMD` and `ENTRYPOINT` instructions should be specified +> with the JSON array format. + When used in the shell or exec formats, the `CMD` instruction sets the command to be executed when running the image. From 827784fc312b1b50c96b6598e803c64ec2564da0 Mon Sep 17 00:00:00 2001 From: Patrick Hemmer Date: Sun, 10 Aug 2014 12:47:46 -0400 Subject: [PATCH 0249/2538] fix command output examples in cli documentation f87a97f accidentally added a few too many `$` line prefixes Docker-DCO-1.1-Signed-off-by: Patrick Hemmer (github: phemmer) --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 3ee0c81761..9d5a950220 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -499,7 +499,7 @@ by default. 77af4d6b9913 19 hours ago 1.089 GB committest latest b6fa739cedf5 19 hours ago 1.089 GB 78a85c484f71 19 hours ago 1.089 GB - $ docker latest 30557a29d5ab 20 hours ago 1.089 GB + docker latest 30557a29d5ab 20 hours ago 1.089 GB 0124422dd9f9 20 hours ago 1.089 GB 18ad6fad3402 22 hours ago 1.082 GB f9f1e26352f0 23 hours ago 1.089 GB @@ -513,7 +513,7 @@ by default. 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - $ docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB + docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB From d31f289d2279ac8e67305a2fd693c09e51a20547 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 8 Aug 2014 15:26:22 -0400 Subject: [PATCH 0250/2538] fix for issue 7281 add missing comma per O.S. Tezer's commment Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 5788e8167f..d2c848b11e 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -164,6 +164,11 @@ any point in an image's history, much like source control. The *exec* form makes it possible to avoid shell string munging, and to `RUN` commands using a base image that does not contain `/bin/sh`. +> **Note**: +> To use a different shell, other than '/bin/sh', use the *exec* form +> passing in the desired shell. For example, +> `RUN ["/bin/bash", "-c", "echo hello"]` + The cache for `RUN` instructions isn't invalidated automatically during the next build. The cache for an instruction like `RUN apt-get dist-upgrade -y` will be reused during the next build. The cache for From b1aa5d84a71a40b93db548db3cb271cea7054aca Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Mon, 2 Jun 2014 15:08:39 -0400 Subject: [PATCH 0251/2538] docker ps: introducing filters * starting with filtering for exit codes. `docker ps -a --filter 'exited=1'` * API doc for filter parameter * formatting filters for help usage * tweaks for review This requires https://github.com/dotcloud/docker/pull/4430 Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 9d5a950220..311fc849e9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -794,6 +794,7 @@ further details. -a, --all=false Show all containers. Only running containers are shown by default. --before="" Show only container created before Id or Name, include non-running ones. + -f, --filter=[] Provide filter values (i.e. 'exited=0') -l, --latest=false Show only the latest created container, include non-running ones. -n=-1 Show n last created containers, include non-running ones. --no-trunc=false Don't truncate output @@ -811,6 +812,25 @@ Running `docker ps` showing 2 linked containers. `docker ps` will show only running containers by default. To see all containers: `docker ps -a` +### Filtering + +The filtering flag (-f or --filter) format is a "key=value" pair. If there is more +than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) + +Current filters: + * exited (int - the code of exited containers. Only useful with '--all') + + +#### Successfully exited containers + + $ sudo docker ps -a --filter 'exited=0' + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago Exited (0) 2 weeks ago 127.0.0.1:5000->5000/tcp desperate_leakey + 106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani + 48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds + +This shows all the containers that have exited with status of '0' + ## pull Usage: docker pull NAME[:TAG] From 9f2253c926f3caa180e7495722509a48be50685c Mon Sep 17 00:00:00 2001 From: Solomon Hykes Date: Mon, 11 Aug 2014 22:30:01 +0000 Subject: [PATCH 0252/2538] Move remote API config out of daemon/ Signed-off-by: Solomon Hykes --- docs/sources/reference/commandline/cli.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 311fc849e9..5e6107cfaa 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -616,7 +616,6 @@ For example: Goroutines: 9 EventsListeners: 0 Init Path: /usr/bin/docker - Sockets: [unix:///var/run/docker.sock] Username: svendowideit Registry: [https://index.docker.io/v1/] From 8f67e34cbade8e1a4db194864ce017b658e39331 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 4 Aug 2014 18:20:53 -0700 Subject: [PATCH 0253/2538] Add documentation and update restart rules. Implement time backed backoff for restarting and fix failure count when the maximum is 0 Signed-off-by: Michael Crosby --- docs/sources/reference/commandline/cli.md | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5e6107cfaa..8f4ed19a27 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -993,6 +993,7 @@ removed before the image is removed. format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort (use 'docker port' to see the actual mapping) --privileged=false Give extended privileges to this container + --restart="" Restart policy to apply when a container exits (no, on-failure, always) --rm=false Automatically remove the container when it exits (incompatible with -d) --sig-proxy=true Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. -t, --tty=false Allocate a pseudo-TTY @@ -1220,6 +1221,31 @@ application change: `--rm` option means that when the container exits, the container's layer is removed. +#### Restart Policies + +Using the `--restart` flag on docker run you can specify a restart policy for +how a container should or should not be restarted on exit. + +** no ** - Do not restart the container when it exits. + +** on-failure ** - Restart the container only if it exits with a non zero exit status. + +** always ** - Always restart the container reguardless of the exit status. + +You can also specify the maximum amount of times docker will try to restart the +container when using the ** on-failure ** policy. The default is that docker will try forever to restart the container. + + $ sudo docker run --restart=always redis + +This will run the redis container with a restart policy of ** always ** so that if +the container exits, docker will restart it. + + $ sudo docker run --restart=on-failure:10 redis + +This will run the redis container with a restart policy of ** on-failure ** and a +maximum restart count of 10. If the redis container exits with a non-zero exit +status more than 10 times in a row docker will abort trying to restart the container. + ## save Usage: docker save IMAGE From 9d8d982e5c8176b345107a0374b6d0994a9f1d95 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Tue, 5 Aug 2014 14:40:50 -0700 Subject: [PATCH 0254/2538] Update docs based on feedback from review for --restart Signed-off-by: Michael Crosby --- docs/sources/reference/commandline/cli.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8f4ed19a27..4a756cc16e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1223,7 +1223,7 @@ application change: #### Restart Policies -Using the `--restart` flag on docker run you can specify a restart policy for +Using the `--restart` flag on Docker run you can specify a restart policy for how a container should or should not be restarted on exit. ** no ** - Do not restart the container when it exits. @@ -1232,19 +1232,19 @@ how a container should or should not be restarted on exit. ** always ** - Always restart the container reguardless of the exit status. -You can also specify the maximum amount of times docker will try to restart the -container when using the ** on-failure ** policy. The default is that docker will try forever to restart the container. +You can also specify the maximum amount of times Docker will try to restart the +container when using the ** on-failure ** policy. The default is that Docker will try forever to restart the container. $ sudo docker run --restart=always redis -This will run the redis container with a restart policy of ** always ** so that if -the container exits, docker will restart it. +This will run the `redis` container with a restart policy of ** always ** so that if +the container exits, Docker will restart it. $ sudo docker run --restart=on-failure:10 redis -This will run the redis container with a restart policy of ** on-failure ** and a -maximum restart count of 10. If the redis container exits with a non-zero exit -status more than 10 times in a row docker will abort trying to restart the container. +This will run the `redis` container with a restart policy of ** on-failure ** and a +maximum restart count of 10. If the `redis` container exits with a non-zero exit +status more than 10 times in a row Docker will abort trying to restart the container. ## save From 0142098e673b5eb2a784ede78df8bc532aac30d0 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 13 Aug 2014 14:58:57 -0700 Subject: [PATCH 0255/2538] Deprecate --restart on the daemon Signed-off-by: Michael Crosby --- docs/sources/reference/commandline/cli.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4a756cc16e..9afa691b6b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -71,7 +71,6 @@ expect an integer, and they can only be specified once. --mtu=0 Set the containers network MTU if no value is provided: default to the default route MTU or 1500 if no default route is available -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file - -r, --restart=true Restart previously running containers -s, --storage-driver="" Force the Docker runtime to use a specific storage driver --selinux-enabled=false Enable selinux support. SELinux does not presently support the BTRFS storage driver --storage-opt=[] Set storage driver options From d8b3ccd8698db3f7131cea5b090e577c4e5b2253 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Mon, 18 Aug 2014 09:31:58 +1000 Subject: [PATCH 0256/2538] update the cli / man page docs based on what is in master right now Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 9afa691b6b..8a8ef0696b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -65,7 +65,7 @@ expect an integer, and they can only be specified once. -H, --host=[] The socket(s) to bind to in daemon mode specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --icc=true Enable inter-container communication - --ip="0.0.0.0" Default IP address to use when binding container ports + --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward --iptables=true Enable Docker's addition of iptables rules --mtu=0 Set the containers network MTU @@ -792,7 +792,8 @@ further details. -a, --all=false Show all containers. Only running containers are shown by default. --before="" Show only container created before Id or Name, include non-running ones. - -f, --filter=[] Provide filter values (i.e. 'exited=0') + -f, --filter=[] Provide filter values. Valid filters: + exited= - containers with exit code of -l, --latest=false Show only the latest created container, include non-running ones. -n=-1 Show n last created containers, include non-running ones. --no-trunc=false Don't truncate output @@ -882,7 +883,7 @@ registry or to a self-hosted one. Remove one or more containers - -f, --force=false Force removal of a running container. Uses SIGKILL to stop the container. + -f, --force=false Force the removal of a running container (uses SIGKILL) -l, --link=false Remove the specified link and not the underlying container -v, --volumes=false Remove the volumes associated with the container From 46121c5eddf4700f28bfcb28f80824704ca5b8be Mon Sep 17 00:00:00 2001 From: Deshi Xiao Date: Wed, 20 Aug 2014 15:56:50 +0800 Subject: [PATCH 0257/2538] Cleanup: correct cli --volumes-from description issue #7580 volumes-from comma separated list mentioned this case. Options like --volumes-from=[] indicate they can be specified multiple times: docker run -it --rm --volumes-from TEST_DATA --volumes-from TEST_DATA2 ubuntu bash Signed-off-by: Deshi Xiao --- docs/sources/reference/commandline/cli.md | 30 +++++++++++------------ 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8a8ef0696b..7b9e2ab610 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -322,7 +322,7 @@ schema. > **Note:** `docker build` will return a `no such file or directory` error > if the file or directory does not exist in the uploaded context. This may -> happen if there is no context, or if you specify a file that is elsewhere +> happen if there is no context, or if you specify a file that is elsewhere > on the Host system. The context is limited to the current directory (and its > children) for security reasons, and to ensure repeatable builds on remote > Docker hosts. This is also the reason why `ADD ../file` will not work. @@ -824,8 +824,8 @@ Current filters: $ sudo docker ps -a --filter 'exited=0' CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago Exited (0) 2 weeks ago 127.0.0.1:5000->5000/tcp desperate_leakey - 106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani + ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago Exited (0) 2 weeks ago 127.0.0.1:5000->5000/tcp desperate_leakey + 106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani 48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds This shows all the containers that have exited with status of '0' @@ -1145,14 +1145,14 @@ network and environment of the `redis` container via environment variables. The `--name` flag will assign the name `console` to the newly created container. - $ sudo docker run --volumes-from 777f7dc92da7,ba8c0c54f0f2:ro -i -t ubuntu pwd + $ sudo docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd The `--volumes-from` flag mounts all the defined volumes from the referenced -containers. Containers can be specified by a comma separated list or by -repetitions of the `--volumes-from` argument. The container ID may be -optionally suffixed with `:ro` or `:rw` to mount the volumes in read-only -or read-write mode, respectively. By default, the volumes are mounted in -the same mode (read write or read only) as the reference container. +containers. Containers can be specified by repetitions of the `--volumes-from` +argument. The container ID may be optionally suffixed with `:ro` or `:rw` to +mount the volumes in read-only or read-write mode, respectively. By default, +the volumes are mounted in the same mode (read write or read only) as +the reference container. The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or `STDERR`. This makes it possible to manipulate the output and input as needed. @@ -1223,7 +1223,7 @@ application change: #### Restart Policies -Using the `--restart` flag on Docker run you can specify a restart policy for +Using the `--restart` flag on Docker run you can specify a restart policy for how a container should or should not be restarted on exit. ** no ** - Do not restart the container when it exits. @@ -1232,18 +1232,18 @@ how a container should or should not be restarted on exit. ** always ** - Always restart the container reguardless of the exit status. -You can also specify the maximum amount of times Docker will try to restart the +You can also specify the maximum amount of times Docker will try to restart the container when using the ** on-failure ** policy. The default is that Docker will try forever to restart the container. $ sudo docker run --restart=always redis -This will run the `redis` container with a restart policy of ** always ** so that if +This will run the `redis` container with a restart policy of ** always ** so that if the container exits, Docker will restart it. $ sudo docker run --restart=on-failure:10 redis -This will run the `redis` container with a restart policy of ** on-failure ** and a -maximum restart count of 10. If the `redis` container exits with a non-zero exit +This will run the `redis` container with a restart policy of ** on-failure ** and a +maximum restart count of 10. If the `redis` container exits with a non-zero exit status more than 10 times in a row Docker will abort trying to restart the container. ## save @@ -1294,7 +1294,7 @@ more details on finding shared images from the command line. -a, --attach=false Attach container's STDOUT and STDERR and forward all signals to the process -i, --interactive=false Attach container's STDIN -When run on a container that has already been started, +When run on a container that has already been started, takes no action and succeeds unconditionally. ## stop From f30add12fe0b027028b15160c4338fee6f3fbadc Mon Sep 17 00:00:00 2001 From: Fred Lifton Date: Tue, 19 Aug 2014 13:39:50 -0700 Subject: [PATCH 0258/2538] Added warning re: using root for dockerfile root. Fixes #7612 Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) --- docs/sources/reference/builder.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index d2c848b11e..3720a7387c 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -27,6 +27,19 @@ the build. The build is run by the Docker daemon, not by the CLI, so the whole context must be transferred to the daemon. The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to the daemon. +> **Warning** +> Avoid using your root directory, `/`, as the root of the source repository. The +> `docker build` command will use whatever directory contains the Dockerfile as the build +> context(including all of its subdirectories). The build context will be sent to the +> Docker daemon before building the image, which means if you use `/` as the source +> repository, the entire contents of your hard drive will get sent to the daemon. You +> probably don't want that. + +In most cases, it's best to put each Dockerfile in an empty directory, and then add only +the files needed for building that Dockerfile to that directory. To further speed up the +build, you can exclude files and directories by adding a `.dockerignore` file to the same +directory. + You can specify a repository and tag at which to save the new image if the build succeeds: From e06e910b87ee467f62c38017874372c34685eddf Mon Sep 17 00:00:00 2001 From: Fred Lifton Date: Tue, 19 Aug 2014 17:22:11 -0700 Subject: [PATCH 0259/2538] Fixed a typo and added a bit based on Sven's feedback Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) --- docs/sources/reference/builder.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 3720a7387c..796d07d98e 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -30,10 +30,10 @@ whole context must be transferred to the daemon. The Docker CLI reports > **Warning** > Avoid using your root directory, `/`, as the root of the source repository. The > `docker build` command will use whatever directory contains the Dockerfile as the build -> context(including all of its subdirectories). The build context will be sent to the +> context (including all of its subdirectories). The build context will be sent to the > Docker daemon before building the image, which means if you use `/` as the source -> repository, the entire contents of your hard drive will get sent to the daemon. You -> probably don't want that. +> repository, the entire contents of your hard drive will get sent to the daemon (and +> thus to the machine running the daemon). You probably don't want that. In most cases, it's best to put each Dockerfile in an empty directory, and then add only the files needed for building that Dockerfile to that directory. To further speed up the From 496b9b1977a9ed44cdcbc34390c8a951d2800577 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 13 Aug 2014 18:21:15 -0700 Subject: [PATCH 0260/2538] Update flag usages and docs for max restart count Signed-off-by: Michael Crosby --- docs/sources/reference/commandline/cli.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 7b9e2ab610..bae418d10b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -993,7 +993,7 @@ removed before the image is removed. format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort (use 'docker port' to see the actual mapping) --privileged=false Give extended privileges to this container - --restart="" Restart policy to apply when a container exits (no, on-failure, always) + --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) --rm=false Automatically remove the container when it exits (incompatible with -d) --sig-proxy=true Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. -t, --tty=false Allocate a pseudo-TTY @@ -1245,6 +1245,7 @@ the container exits, Docker will restart it. This will run the `redis` container with a restart policy of ** on-failure ** and a maximum restart count of 10. If the `redis` container exits with a non-zero exit status more than 10 times in a row Docker will abort trying to restart the container. +Providing a maximum restart limit is only valid for the ** on-failure ** policy. ## save From f64630480820f734c67a78b3dcf7977f5980c4d3 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 21 Aug 2014 15:35:20 -0400 Subject: [PATCH 0261/2538] --help option and help command should print to stdout not stderr --help and help are successful commands so output should not go to error. QE teams have requested this change, also users doing docker help | less or docker run --help | less would expect this to work. Usage statement should only be printed when the user asks for it. Errors should print error message and then suggest the docker COMMAND --help command to see usage information. The current behaviour causes the user to have to search for the error message and sometimes scrolls right off the screen. For example a error on a "docker run" command is very difficult to diagnose. Finally erros should always exit with a non 0 exit code, if the user makes a CLI error. Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/sources/reference/commandline/cli.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index bae418d10b..b06bc5dada 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -15,6 +15,19 @@ or execute `docker help`: ... +## Help +To list the help on any command just execute the command, followed by the `--help` option. + + $ sudo docker run --help + + Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] + + Run a command in a new container + + -a, --attach=[] Attach to STDIN, STDOUT or STDERR. + -c, --cpu-shares=0 CPU shares (relative weight) + ... + ## Option types Single character commandline options can be combined, so rather than From 116bf8fdfb3363b06466105addec527425622584 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 27 Aug 2014 18:59:13 +0000 Subject: [PATCH 0262/2538] Revert "--help option and help command should print to stdout not stderr" This reverts commit 61b129d81802e3c988cc0e67e488b24968dd748a. Signed-off-by: Victor Vieux --- docs/sources/reference/commandline/cli.md | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b06bc5dada..bae418d10b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -15,19 +15,6 @@ or execute `docker help`: ... -## Help -To list the help on any command just execute the command, followed by the `--help` option. - - $ sudo docker run --help - - Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] - - Run a command in a new container - - -a, --attach=[] Attach to STDIN, STDOUT or STDERR. - -c, --cpu-shares=0 CPU shares (relative weight) - ... - ## Option types Single character commandline options can be combined, so rather than From 8b869694be1a72b96398e2793d3f55f776557ee7 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Mon, 25 Aug 2014 11:53:31 +1000 Subject: [PATCH 0263/2538] add the [OPTIONS] string automatically if there are flags defined Signed-off-by: SvenDowideit Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index bae418d10b..f67527b380 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -625,7 +625,7 @@ ensure we know how your setup is configured. ## inspect - Usage: docker inspect CONTAINER|IMAGE [CONTAINER|IMAGE...] + Usage: docker inspect [OPTIONS] CONTAINER|IMAGE [CONTAINER|IMAGE...] Return low-level information on a container or image @@ -690,7 +690,7 @@ signal specified with option `--signal`. ## load - Usage: docker load + Usage: docker load [OPTIONS] Load an image from a tar archive on STDIN @@ -742,7 +742,7 @@ For example: ## logs - Usage: docker logs CONTAINER + Usage: docker logs [OPTIONS] CONTAINER Fetch the logs of a container @@ -832,7 +832,7 @@ This shows all the containers that have exited with status of '0' ## pull - Usage: docker pull NAME[:TAG] + Usage: docker pull [OPTIONS] NAME[:TAG] Pull an image or a repository from the registry @@ -922,7 +922,7 @@ delete them. Any running containers will not be deleted. ## rmi - Usage: docker rmi IMAGE [IMAGE...] + Usage: docker rmi [OPTIONS] IMAGE [IMAGE...] Remove one or more images @@ -1249,7 +1249,7 @@ Providing a maximum restart limit is only valid for the ** on-failure ** policy. ## save - Usage: docker save IMAGE + Usage: docker save [OPTIONS] IMAGE Save an image to a tar archive (streamed to STDOUT by default) @@ -1274,7 +1274,7 @@ It is used to create a backup that can then be used with Search [Docker Hub](https://hub.docker.com) for images - Usage: docker search TERM + Usage: docker search [OPTIONS] TERM Search the Docker Hub for images @@ -1288,7 +1288,7 @@ more details on finding shared images from the command line. ## start - Usage: docker start CONTAINER [CONTAINER...] + Usage: docker start [OPTIONS] CONTAINER [CONTAINER...] Restart a stopped container From bbea6aa42d6d5a026933208082cb6009a6d60b94 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Mon, 14 Jul 2014 23:19:37 +0000 Subject: [PATCH 0264/2538] Update /etc/hosts when linked container is restarted Docker-DCO-1.1-Signed-off-by: Victor Vieux (github: vieux) --- docs/sources/reference/run.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index a933a32bea..6dc7b40721 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -432,6 +432,9 @@ mechanism to communicate with a linked container by its alias: $ docker run -d --name servicename busybox sleep 30 $ docker run -i -t --link servicename:servicealias busybox ping -c 1 servicealias +If you restart the source container (`servicename` in this case), the recipient +container's `/etc/hosts` entry will be automatically updated. + ## VOLUME (Shared Filesystems) -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. From 28b535f82596084c9de51ba021e1c46900806d23 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Thu, 1 May 2014 00:26:24 -0400 Subject: [PATCH 0265/2538] docker save: ability to save multiple images Now from a single invocation of `docker save`, you can specify multiple images to include in the output tar, or even just multiple tags of a particular image/repo. ``` > docker save -o bundle.tar busybox ubuntu:lucid ubuntu:saucy fedora:latest > tar tf ./bundle.tar | wc -l 42 > tar xOf ./bundle.tar repositories {"busybox":{"latest":"2d8e5b282c81244037eb15b2068e1c46319c1a42b80493acb128da24b2090739"},"fedora":{"latest":"58394af373423902a1b97f209a31e3777932d9321ef10e64feaaa7b4df609cf9"},"ubuntu":{"lucid":"9cc9ea5ea540116b89e41898dd30858107c1175260fb7ff50322b34704092232","saucy":"9f676bd305a43a931a8d98b13e5840ffbebcd908370765373315926024c7c35e"}} ``` Further, this fixes the bug where the `repositories` file is not created when saving a specific tag of an image (e.g. ubuntu:latest) document multi-image save and updated API docs Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- docs/sources/reference/commandline/cli.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f67527b380..ef30113882 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1249,17 +1249,17 @@ Providing a maximum restart limit is only valid for the ** on-failure ** policy. ## save - Usage: docker save [OPTIONS] IMAGE + Usage: docker save [OPTIONS] IMAGE [IMAGE...] - Save an image to a tar archive (streamed to STDOUT by default) + Save an image(s) to a tar archive (streamed to STDOUT by default) -o, --output="" Write to an file, instead of STDOUT -Produces a tarred repository to the standard output stream. Contains all -parent layers, and all tags + versions, or specified repo:tag. +Produces a tarred repository to the standard output stream. +Contains all parent layers, and all tags + versions, or specified repo:tag, for +each argument provided. -It is used to create a backup that can then be used with -`docker load` +It is used to create a backup that can then be used with ``docker load`` $ sudo docker save busybox > busybox.tar $ ls -sh busybox.tar @@ -1270,6 +1270,11 @@ It is used to create a backup that can then be used with $ sudo docker save -o fedora-all.tar fedora $ sudo docker save -o fedora-latest.tar fedora:latest +It is even useful to cherry-pick particular tags of an image repository + + $ sudo docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy + + ## search Search [Docker Hub](https://hub.docker.com) for images From 6f480a86670857c01306f8958a8aff3f26a8f3b6 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Tue, 24 Jun 2014 12:03:08 +1000 Subject: [PATCH 0266/2538] List all ports when calling `docker port container` Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ef30113882..9c313b0c78 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -764,9 +764,25 @@ log entry. ## port - Usage: docker port CONTAINER PRIVATE_PORT + Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]] - Lookup the public-facing port that is NAT-ed to PRIVATE_PORT + List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT + +You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or +just a specific mapping: + + $ docker ps test + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test + $ docker port test + 7890/tcp -> 0.0.0.0:4321 + 9876/tcp -> 0.0.0.0:1234 + $ docker port test 7890/tcp + 0.0.0.0:4321 + $ docker port test 7890/udp + 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test + $ docker port test 7890 + 0.0.0.0:4321 ## pause From 621e17a26756a4ba586dc1233dd24f9263a188be Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 27 Aug 2014 15:19:00 +1000 Subject: [PATCH 0267/2538] document the cherry-pick process I'm using to make docs updates Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/README.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/docs/README.md b/docs/README.md index ba1feb50d4..fd8fdfa6d2 100755 --- a/docs/README.md +++ b/docs/README.md @@ -97,3 +97,46 @@ to - which you call from the `docker` directory: make AWS_S3_BUCKET=dowideit-docs docs-release +This will publish _only_ to the `http://bucket-url/v1.2/` version of the +documentation. + +If you're publishing the current release's documentation, you need to +also update the root docs pages by running + + make AWS_S3_BUCKET=dowideit-docs BUILD_ROOT=yes docs-release + +## Cherry picking documentation changes to update an existing release. + +Whenever the core team makes a release, they publish the documentation based +on the `release` branch (which is copied into the `docs` branch). The +documentation team can make updates in the meantime, by cherry-picking changes +from `master` into any of the docs branches. + +For example, to update the current release's docs: + + git fetch upstream + git checkout -b post-1.2.0-docs-update-1 upstream/docs + # Then go through the Merge commit linked to PR's (making sure they apply + to that release) + # see https://github.com/docker/docker/commits/master + git cherry-pick -x fe845c4 + # Repeat until you have cherry picked everything you will propose to be merged + git push upstream post-1.2.0-docs-update-1 + +Then make a pull request to merge into the `docs` branch __NOT__ master. + +Once the PR has the needed `LGTM`'s, merge it, then publish to our beta server +to test: + + git fetch upstream + git checkout post-1.2.0-docs-update-1 + git reset --hard upstream/post-1.2.0-docs-update-1 + make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release + +Then go to http://beta-docs.docker.io.s3-website-us-west-2.amazonaws.com/ +and make sure that what you have published is good. + +When you're happy with it, publish the docs to our live site: + + make AWS_S3_BUCKET=docs.docker.com BUILD_ROOT=yes docs-release + From 90d2156bc6cb3e79218b0cd0638898d1a5415fb1 Mon Sep 17 00:00:00 2001 From: Fred Lifton Date: Tue, 2 Sep 2014 17:44:36 -0700 Subject: [PATCH 0268/2538] Adding Docs Deploy process to Docs ReadMe Additions and revisions to Sven's cherry-pick process doc. Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) --- docs/README.md | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/docs/README.md b/docs/README.md index fd8fdfa6d2..c12869603e 100755 --- a/docs/README.md +++ b/docs/README.md @@ -85,9 +85,9 @@ work!](../CONTRIBUTING.md#sign-your-work) ## Publishing Documentation -To publish a copy of the documentation you need a `docs/awsconfig` -file containing AWS settings to deploy to. The release script will -create an s3 if needed, and will then push the files to it. +To publish a copy of the documentation you need to have Docker up and running on your +machine. You'll also need a `docs/awsconfig` file containing AWS settings to deploy to. +The release script will create an s3 if needed, and will then push the files to it. [profile dowideit-docs] aws_access_key_id = IHOIUAHSIDH234rwf.... aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... region = ap-southeast-2 @@ -105,7 +105,13 @@ also update the root docs pages by running make AWS_S3_BUCKET=dowideit-docs BUILD_ROOT=yes docs-release -## Cherry picking documentation changes to update an existing release. +> **Note:** if you are using Boot2Docker on OSX and the above command returns an error, +> `Post http:///var/run/docker.sock/build?rm=1&t=docker-docs%3Apost-1.2.0-docs_update-2: +> dial unix /var/run/docker.sock: no such file or directory', you need to set the Docker +> host. Run `$(boot2docker shellinit)` to see the correct variable to set. The command +> will return the full `export` command, so you can just cut and paste. + +## Cherry-picking documentation changes to update an existing release. Whenever the core team makes a release, they publish the documentation based on the `release` branch (which is copied into the `docs` branch). The @@ -123,9 +129,9 @@ For example, to update the current release's docs: # Repeat until you have cherry picked everything you will propose to be merged git push upstream post-1.2.0-docs-update-1 -Then make a pull request to merge into the `docs` branch __NOT__ master. +Then make a pull request to merge into the `docs` branch, __NOT__ into master. -Once the PR has the needed `LGTM`'s, merge it, then publish to our beta server +Once the PR has the needed `LGTM`s, merge it, then publish to our beta server to test: git fetch upstream @@ -134,7 +140,7 @@ to test: make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release Then go to http://beta-docs.docker.io.s3-website-us-west-2.amazonaws.com/ -and make sure that what you have published is good. +to view your results and make sure what you published is what you wanted. When you're happy with it, publish the docs to our live site: From 0678d92b2621f7af964cdc912c770d7794dfc424 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20L=C3=89VEIL?= Date: Sun, 31 Aug 2014 22:08:28 +0200 Subject: [PATCH 0269/2538] Add --force-rm to docker build command completion Signed-off-by: Thomas LEVEIL --- contrib/completion/bash/docker | 2 +- contrib/completion/fish/docker.fish | 1 + contrib/completion/zsh/_docker | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d6d622ff33..13fd57ba12 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -151,7 +151,7 @@ _docker_build() case "$cur" in -*) - COMPREPLY=( $( compgen -W "-t --tag -q --quiet --no-cache --rm" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-t --tag -q --quiet --no-cache --rm --force-rm" -- "$cur" ) ) ;; *) local counter="$(__docker_pos_first_nonflag '-t|--tag')" diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index ba83526c75..2b106ad62e 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -72,6 +72,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_pri # build complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build an image from a Dockerfile' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l force-rm -d 'Always remove intermediate containers, even after unsuccessful builds' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the verbose output generated by the containers' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index faf17b2bea..824266d400 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -176,6 +176,7 @@ __docker_subcommand () { ;; (build) _arguments \ + '--force-rm[Always remove intermediate containers, even after unsuccessful builds]' \ '--no-cache[Do not use cache when building the image]' \ '-q[Suppress verbose build output]' \ '--rm[Remove intermediate containers after a successful build]' \ From 65c06ca59a17cb16324c9dcbcc59f14f37a5e7de Mon Sep 17 00:00:00 2001 From: Fred Lifton Date: Thu, 4 Sep 2014 13:32:16 -0700 Subject: [PATCH 0270/2538] Changes to Sven's cherry pick process Added content and revised after walk-through Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) --- docs/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/README.md b/docs/README.md index c12869603e..afcc1451a4 100755 --- a/docs/README.md +++ b/docs/README.md @@ -145,4 +145,8 @@ to view your results and make sure what you published is what you wanted. When you're happy with it, publish the docs to our live site: make AWS_S3_BUCKET=docs.docker.com BUILD_ROOT=yes docs-release + +Note that the new docs will not appear live on the site until the cache (a complex, +distributed CDN system) is flushed. This requires someone with S3 keys. Contact Docker +(Sven Dowideit or John Costa) for assistance. From 0296063f1e56dfec735af1cf2e328c32d30e21a5 Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Wed, 3 Sep 2014 22:30:11 +0200 Subject: [PATCH 0271/2538] zsh: update zsh completion for docker command zsh completion is updated with the content of felixr/docker-zsh-completion. The major change since the last merge is the removal of use of sed/awk. This should help a lot OSX users who previously had to install gawk and gsed. Docker-DCO-1.1-Signed-off-by: Vincent Bernat (github: vincentbernat) --- contrib/completion/zsh/_docker | 155 +++++++++++++++++++-------------- 1 file changed, 91 insertions(+), 64 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 824266d400..eab269684f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -5,7 +5,7 @@ # version: 0.3.0 # github: https://github.com/felixr/docker-zsh-completion # -# contributers: +# contributors: # - Felix Riedel # - Vincent Bernat # @@ -37,65 +37,86 @@ # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # -__parse_docker_list() { - awk ' -NR == 1 { - idx=1;i=0;f[i]=0 - header=$0 - while ( match(header, / ([A-Z]+|[A-Z]+ [A-Z]+)/) ) { - idx += RSTART+1 - f[++i]=idx - header = substr($0,idx) - } - f[++i]=999 -} +__docker_get_containers() { + local kind expl + declare -a running stopped lines args -NR > 1 '"$1"' { - for(j=0;j 1 && $1 != ""){printf("%s", $1);if ($2 != "") printf("\\:%s", $2); printf("\n")}')"}) - images=($images ${(f)"$(_call_program commands docker images | awk '(NR > 1){printf("%s:%-15s in %s\n", $3,$2,$1)}')"}) - _describe -t docker-images "Images" images + images=(${${${${(f)"$(_call_program commands docker images)"}[2,-1]}/ ##/\\:}%% *}) + images=(${${images%\\:}#} ${${${(f)"$(_call_program commands docker images)"}[2,-1]}/(#b)([^ ]##) ##([^ ]##) ##([^ ]##)*/${match[3]}:${(r:15:: :::)match[2]} in ${match[1]}}) + _describe -t docker-images "images" images } __docker_tags() { local expl declare -a tags - tags=(${(f)"$(_call_program commands docker images | awk '(NR>1){print $2}'| sort | uniq)"}) + tags=(${${${${${(f)"$(_call_program commands docker images)"}#* }## #}%% *}[2,-1]}) _describe -t docker-tags "tags" tags } @@ -124,16 +145,15 @@ __docker_search() { if ( [[ ${(P)+cachename} -eq 0 ]] || _cache_invalid ${cachename#_} ) \ && ! _retrieve_cache ${cachename#_}; then _message "Searching for ${searchterm}..." - result=(${(f)"$(_call_program commands docker search ${searchterm} | awk '(NR>2){print $1}')"}) + result=(${${${(f)"$(_call_program commands docker search ${searchterm})"}%% *}[2,-1]}) _store_cache ${cachename#_} result fi - _wanted dockersearch expl 'Available images' compadd -a result + _wanted dockersearch expl 'available images' compadd -a result } __docker_caching_policy() { - # oldp=( "$1"(Nmh+24) ) # 24 hour - oldp=( "$1"(Nmh+1) ) # 24 hour + oldp=( "$1"(Nmh+1) ) # 1 hour (( $#oldp )) } @@ -141,8 +161,8 @@ __docker_caching_policy() __docker_repositories () { local expl declare -a repos - repos=(${(f)"$(_call_program commands docker images | sed -e '1d' -e 's/[ ].*//' | sort | uniq)"}) - _describe -t docker-repos "Repositories" repos "$@" + repos=(${${${(f)"$(_call_program commands docker images)"}%% *}[2,-1]}) + _describe -t docker-repos "repositories" repos "$@" } __docker_commands () { @@ -157,8 +177,7 @@ __docker_commands () { if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands) \ && ! _retrieve_cache docker_subcommands; then - _docker_subcommands=(${${(f)"$(_call_program commands - docker 2>&1 | sed -e '1,6d' -e '/^[ ]*$/d' -e 's/[ ]*\([^ ]\+\)\s*\([^ ].*\)/\1:\2/' )"}}) + _docker_subcommands=(${${${${(f)"$(_call_program commands docker 2>&1)"}[5,-1]}## #}/ ##/:}) _docker_subcommands=($_docker_subcommands 'help:Show help for a command') _store_cache docker_subcommands _docker_subcommands fi @@ -180,13 +199,13 @@ __docker_subcommand () { '--no-cache[Do not use cache when building the image]' \ '-q[Suppress verbose build output]' \ '--rm[Remove intermediate containers after a successful build]' \ - '-t=-:repository:__docker_repositories_with_tags' \ + '-t:repository:__docker_repositories_with_tags' \ ':path or URL:_directories' ;; (commit) _arguments \ '--author=-[Author]:author: ' \ - '-m=-[Commit message]:message: ' \ + '-m[Commit message]:message: ' \ '--run=-[Configuration automatically applied when the image is run]:configuration: ' \ ':container:__docker_containers' \ ':repository:__docker_repositories_with_tags' @@ -252,9 +271,9 @@ __docker_subcommand () { ;; (login) _arguments \ - '-e=-[Email]:email: ' \ - '-p=-[Password]:password: ' \ - '-u=-[Username]:username: ' \ + '-e[Email]:email: ' \ + '-p[Password]:password: ' \ + '-u[Username]:username: ' \ ':server: ' ;; (logs) @@ -284,7 +303,7 @@ __docker_subcommand () { '*:images:__docker_images' ;; (restart|stop) - _arguments '-t=-[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)' \ + _arguments '-t[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)' \ '*:containers:__docker_runningcontainers' ;; (top) @@ -303,7 +322,7 @@ __docker_subcommand () { '-a[Show all containers]' \ '--before=-[Show only container created before...]:containers:__docker_containers' \ '-l[Show only the latest created container]' \ - '-n=-[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' \ + '-n[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' \ '--no-trunc[Do not truncate output]' \ '-q[Only show numeric IDs]' \ '-s[Display sizes]' \ @@ -319,28 +338,28 @@ __docker_subcommand () { _arguments \ '-P[Publish all exposed ports to the host]' \ '-a[Attach to stdin, stdout or stderr]' \ - '-c=-[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)' \ + '-c[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)' \ '--cidfile=-[Write the container ID to the file]:CID file:_files' \ '-d[Detached mode: leave the container running in the background]' \ '*--dns=-[Set custom dns servers]:dns server: ' \ - '*-e=-[Set environment variables]:environment variable: ' \ + '*-e[Set environment variables]:environment variable: ' \ '--entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \ '*--expose=-[Expose a port from the container without publishing it]: ' \ - '-h=-[Container host name]:hostname:_hosts' \ + '-h[Container host name]:hostname:_hosts' \ '-i[Keep stdin open even if not attached]' \ '--link=-[Add link to another container]:link:->link' \ '--lxc-conf=-[Add custom lxc options]:lxc options: ' \ - '-m=-[Memory limit (in bytes)]:limit: ' \ + '-m[Memory limit (in bytes)]:limit: ' \ '--name=-[Container name]:name: ' \ - '*-p=-[Expose a container'"'"'s port to the host]:port:_ports' \ + '*-p[Expose a container'"'"'s port to the host]:port:_ports' \ '--privileged[Give extended privileges to this container]' \ '--rm[Remove intermediate containers when it exits]' \ '--sig-proxy[Proxify all received signal]' \ '-t[Allocate a pseudo-tty]' \ - '-u=-[Username or UID]:user:_users' \ - '*-v=-[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\ + '-u[Username or UID]:user:_users' \ + '*-v[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\ '--volumes-from=-[Mount volumes from the specified container]:volume: ' \ - '-w=-[Working directory inside the container]:directory:_directories' \ + '-w[Working directory inside the container]:directory:_directories' \ '(-):images:__docker_images' \ '(-):command: _command_names -e' \ '*::arguments: _normal' @@ -360,7 +379,7 @@ __docker_subcommand () { _arguments ':name:__docker_search' ;; (push) - _arguments ':repository:__docker_repositories_with_tags' + _arguments ':images:__docker_images' ;; (save) _arguments \ @@ -390,7 +409,7 @@ _docker () { typeset -A opt_args _arguments -C \ - '-H=-[tcp://host:port to bind/connect to]:socket: ' \ + '-H[tcp://host:port to bind/connect to]:socket: ' \ '(-): :->command' \ '(-)*:: :->option-or-argument' @@ -409,3 +428,11 @@ _docker () { } _docker "$@" + +# Local Variables: +# mode: Shell-Script +# sh-indentation: 4 +# indent-tabs-mode: nil +# sh-basic-offset: 4 +# End: +# vim: ft=zsh sw=4 ts=4 et From aa499ca76e69a6a8cfe05428b4a7e49f6cda6956 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Fri, 29 Aug 2014 10:16:40 +1000 Subject: [PATCH 0272/2538] add a little documentation for docker pull Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 9c313b0c78..c8edc11d0a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -852,6 +852,8 @@ This shows all the containers that have exited with status of '0' Pull an image or a repository from the registry + -a, --all-tags=false Download all tagged images in the repository + Most of your images will be created on top of a base image from the [Docker Hub](https://hub.docker.com) registry. @@ -867,11 +869,13 @@ To download a particular image, or set of images (i.e., a repository), use `docker pull`: $ docker pull debian - # will pull all the images in the debian repository + # will pull only the debian:latest image and its intermediate layers $ docker pull debian:testing # will pull only the image named debian:testing and any intermediate layers - # it is based on. (Typically the empty `scratch` image, a MAINTAINERs layer, + # it is based on. (Typically the empty `scratch` image, a MAINTAINER layer, # and the un-tarred base). + $ docker pull --all-tags centos + # will pull all the images from the centos repository $ docker pull registry.hub.docker.com/debian # manually specifies the path to the default Docker registry. This could # be replaced with the path to a local registry to pull from another source. From 5547dedac36dcf5160a6cc9a02c5c12493061c89 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Sun, 7 Sep 2014 22:49:46 -0400 Subject: [PATCH 0273/2538] Added --device flag to run reference Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/run.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 6dc7b40721..1b56c74299 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -231,6 +231,7 @@ them via Docker. --cap-add: Add Linux capabilities --cap-drop: Drop Linux capabilities --privileged=false: Give extended privileges to this container + --device=[]: Allows you to run devices inside the container without the --privileged flag. --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" By default, Docker containers are "unprivileged" and cannot, for @@ -243,11 +244,17 @@ https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). When the operator executes `docker run --privileged`, Docker will enable to access to all devices on the host as well as set some configuration -in AppArmor to allow the container nearly all the same access to the +in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with `--privileged` is available on the [Docker Blog](http://blog.docker.com/2013/09/docker-can-now-run-within-docker/). +If you want to limit access to a specific device or devices you can use +the `--device` flag. It allows you to specify one or more devices that +will be accessible within the container. + + $ docker run --device=/dev/snd:/dev/snd ... + In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default list of capabilities that are kept. Both flags support the value `all`, so if the From 70abfec84920a867e275aa9e048e9694538d5658 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 9 Sep 2014 11:16:02 +1000 Subject: [PATCH 0274/2538] add -p PORT as a valid format specification Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 2 +- docs/sources/reference/run.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c8edc11d0a..714116ddc5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1010,7 +1010,7 @@ removed before the image is removed. 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. -P, --publish-all=false Publish all exposed ports to the host interfaces -p, --publish=[] Publish a container's port to the host - format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort (use 'docker port' to see the actual mapping) --privileged=false Give extended privileges to this container --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 1b56c74299..085c250d70 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -345,7 +345,7 @@ or override the Dockerfile's exposed defaults: -P=false : Publish all exposed ports to the host interfaces -p=[] : Publish a container᾿s port to the host (format: ip:hostPort:containerPort | ip::containerPort | - hostPort:containerPort) + hostPort:containerPort | containerPort) (use 'docker port' to see the actual mapping) --link="" : Add link to another container (name:alias) From 7ecebf2877b1a927f83d1ff005f537f16c852873 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Fri, 18 Jul 2014 18:48:19 +0000 Subject: [PATCH 0275/2538] Add daemon flag to specify public registry mirrors Adds support for a --registry-mirror=scheme://[:port] daemon flag. The flag may be present multiple times. If provided, mirrors are prepended to the list of endpoints used for image pull. Note that only mirrors of the public index.docker.io registry are supported, and image/tag resolution is still performed via the official index. Docker-DCO-1.1-Signed-off-by: Tim Smith (github: timbot) --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 714116ddc5..286ba4a7a8 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -71,6 +71,7 @@ expect an integer, and they can only be specified once. --mtu=0 Set the containers network MTU if no value is provided: default to the default route MTU or 1500 if no default route is available -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file + --registry-mirror=[] Specify a preferred Docker registry mirror -s, --storage-driver="" Force the Docker runtime to use a specific storage driver --selinux-enabled=false Enable selinux support. SELinux does not presently support the BTRFS storage driver --storage-opt=[] Set storage driver options From f0b5f2601fffba16b83b21f5b260371ad697b8c2 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 11 Sep 2014 10:09:18 -0700 Subject: [PATCH 0276/2538] Add notes about single-quotes Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 796d07d98e..87ac8bc890 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -182,6 +182,10 @@ commands using a base image that does not contain `/bin/sh`. > passing in the desired shell. For example, > `RUN ["/bin/bash", "-c", "echo hello"]` +> **Note**: +> The *exec* form is parsed as a JSON array, which means that +> you must use double-quotes (") around words not single-quotes ('). + The cache for `RUN` instructions isn't invalidated automatically during the next build. The cache for an instruction like `RUN apt-get dist-upgrade -y` will be reused during the next build. The cache for @@ -219,6 +223,10 @@ instruction as well. > instruction, both the `CMD` and `ENTRYPOINT` instructions should be specified > with the JSON array format. +> **Note**: +> The *exec* form is parsed as a JSON array, which means that +> you must use double-quotes (") around words not single-quotes ('). + When used in the shell or exec formats, the `CMD` instruction sets the command to be executed when running the image. @@ -434,6 +442,10 @@ optional but default, you could use a `CMD` instruction: CMD ["-l"] ENTRYPOINT ["ls"] +> **Note**: +> The *exec* form is parsed as a JSON array, which means that +> you must use double-quotes (") around words not single-quotes ('). + > **Note**: > It is preferable to use the JSON array format for specifying > `ENTRYPOINT` instructions. @@ -449,6 +461,10 @@ string, `VOLUME /var/log`. For more information/examples and mounting instructions via the Docker client, refer to [*Share Directories via Volumes*]( /userguide/dockervolumes/#volume-def) documentation. +> **Note**: +> The list is parsed a JSON array, which means that +> you must use double-quotes (") around words not single-quotes ('). + ## USER USER daemon From b7cb370393c5485ca611d303eb2c88879d385f6b Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 11 Sep 2014 15:54:03 +1000 Subject: [PATCH 0277/2538] Override prettyPrint's colour choice (red) for strings in quotes. I've moved the docs.css to last so it can tweak any existing css, and then set that to the same grey colour used for 'normal' text. While testing I found and fixed an over-zealous line wrap. Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 286ba4a7a8..4fc63040c2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -208,8 +208,8 @@ When a single Dockerfile is given as `URL` or is piped through `STDIN` (`docker build - < Dockerfile`), then no context is set. When a Git repository is set as `URL`, then the repository is used as -the context. The Git repository is cloned with its submodules (`git -clone -recursive`). A fresh `git clone` occurs in a temporary directory +the context. The Git repository is cloned with its submodules +(`git clone -recursive`). A fresh `git clone` occurs in a temporary directory on your local host, and then this is sent to the Docker daemon as the context. This way, your local user credentials and VPN's etc can be used to access private repositories. From 3ca630d38171394cdc16de8ec3a8217aca638af1 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 16 Sep 2014 11:49:05 +1000 Subject: [PATCH 0278/2538] Consistently use 'sudo docker' in examples Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.md | 6 ++-- docs/sources/reference/commandline/cli.md | 42 +++++++++++------------ docs/sources/reference/run.md | 36 +++++++++---------- 3 files changed, 42 insertions(+), 42 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 87ac8bc890..4b16e0365c 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -57,7 +57,7 @@ instructions. Whenever possible, Docker will re-use the intermediate images, accelerating `docker build` significantly (indicated by `Using cache`): - $ docker build -t SvenDowideit/ambassador . + $ sudo docker build -t SvenDowideit/ambassador . Uploading context 10.24 kB Uploading context Step 1 : FROM docker-ut @@ -109,7 +109,7 @@ The following example shows the use of the `.dockerignore` file to exclude the `.git` directory from the context. Its effect can be seen in the changed size of the uploaded context. - $ docker build . + $ sudo docker build . Uploading context 18.829 MB Uploading context Step 0 : FROM busybox @@ -119,7 +119,7 @@ the uploaded context. ---> 99cc1ad10469 Successfully built 99cc1ad10469 $ echo ".git" > .dockerignore - $ docker build . + $ sudo docker build . Uploading context 6.76 MB Uploading context Step 0 : FROM busybox diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4fc63040c2..343c2e3113 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -35,11 +35,11 @@ will set the value to the opposite of the default value. Options like `-a=[]` indicate they can be specified multiple times: - $ docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash + $ sudo docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash Sometimes this can use a more complex value string, as for `-v`: - $ docker run -v /host:/container example/mysql + $ sudo docker run -v /host:/container example/mysql ### Strings and Integers @@ -104,10 +104,10 @@ To use lxc as the execution driver, use `docker -d -e lxc`. The docker client will also honor the `DOCKER_HOST` environment variable to set the `-H` flag for the client. - $ docker -H tcp://0.0.0.0:2375 ps + $ sudo docker -H tcp://0.0.0.0:2375 ps # or $ export DOCKER_HOST="tcp://0.0.0.0:2375" - $ docker ps + $ sudo docker ps # both are equal To run the daemon with [systemd socket activation]( @@ -271,7 +271,7 @@ If you wish to keep the intermediate containers after the build is complete, you must use `--rm=false`. This does not affect the build cache. - $ docker build . + $ sudo docker build . Uploading context 18.829 MB Uploading context Step 0 : FROM busybox @@ -281,7 +281,7 @@ affect the build cache. ---> 99cc1ad10469 Successfully built 99cc1ad10469 $ echo ".git" > .dockerignore - $ docker build . + $ sudo docker build . Uploading context 6.76 MB Uploading context Step 0 : FROM busybox @@ -355,9 +355,9 @@ If this behavior is undesired, set the 'p' option to false. ID IMAGE COMMAND CREATED STATUS PORTS c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 + $ sudo docker commit c3f279d17e0a SvenDowideit/testimage:version3 f5283438590d - $ docker images | head + $ sudo docker images | head REPOSITORY TAG ID CREATED VIRTUAL SIZE SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB @@ -464,7 +464,7 @@ For example: To see how the `docker:latest` image was built: - $ docker history docker + $ sudo docker history docker IMAGE CREATED CREATED BY SIZE 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB @@ -729,7 +729,7 @@ If you want to login to a self-hosted registry you can specify this by adding the server name. example: - $ docker login localhost:8080 + $ sudo docker login localhost:8080 ## logout @@ -739,7 +739,7 @@ specify this by adding the server name. For example: - $ docker logout localhost:8080 + $ sudo docker logout localhost:8080 ## logs @@ -772,17 +772,17 @@ log entry. You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or just a specific mapping: - $ docker ps test + $ sudo docker ps test CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test - $ docker port test + $ sudo docker port test 7890/tcp -> 0.0.0.0:4321 9876/tcp -> 0.0.0.0:1234 - $ docker port test 7890/tcp + $ sudo docker port test 7890/tcp 0.0.0.0:4321 - $ docker port test 7890/udp + $ sudo docker port test 7890/udp 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test - $ docker port test 7890 + $ sudo docker port test 7890 0.0.0.0:4321 ## pause @@ -820,7 +820,7 @@ further details. Running `docker ps` showing 2 linked containers. - $ docker ps + $ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db @@ -869,15 +869,15 @@ a protocol specifier (https://, for example). To download a particular image, or set of images (i.e., a repository), use `docker pull`: - $ docker pull debian + $ sudo docker pull debian # will pull only the debian:latest image and its intermediate layers - $ docker pull debian:testing + $ sudo docker pull debian:testing # will pull only the image named debian:testing and any intermediate layers # it is based on. (Typically the empty `scratch` image, a MAINTAINER layer, # and the un-tarred base). - $ docker pull --all-tags centos + $ sudo docker pull --all-tags centos # will pull all the images from the centos repository - $ docker pull registry.hub.docker.com/debian + $ sudo docker pull registry.hub.docker.com/debian # manually specifies the path to the default Docker registry. This could # be replaced with the path to a local registry to pull from another source. diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 085c250d70..4334e2572e 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -18,7 +18,7 @@ other `docker` command. The basic `docker run` command takes this form: - $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + $ sudo docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] To learn how to interpret the types of `[OPTIONS]`, see [*Option types*](/reference/commandline/cli/#option-types). @@ -91,7 +91,7 @@ streams]( https://github.com/docker/docker/blob/ specify to which of the three standard streams (`STDIN`, `STDOUT`, `STDERR`) you'd like to connect instead, as in: - $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash + $ sudo docker run -a stdin -a stdout -i -t ubuntu /bin/bash For interactive processes (like a shell) you will typically want a tty as well as persistent standard input (`STDIN`), so you'll use `-i -t` @@ -192,9 +192,9 @@ Example running a Redis container with Redis binding to `localhost` then running the `redis-cli` command and connecting to the Redis server over the `localhost` interface. - $ docker run -d --name redis example/redis --bind 127.0.0.1 + $ sudo docker run -d --name redis example/redis --bind 127.0.0.1 $ # use the redis container's network stack to access localhost - $ docker run --rm -ti --net container:redis example/redis-cli -h 127.0.0.1 + $ sudo docker run --rm -ti --net container:redis example/redis-cli -h 127.0.0.1 ## Clean Up (–-rm) @@ -253,14 +253,14 @@ If you want to limit access to a specific device or devices you can use the `--device` flag. It allows you to specify one or more devices that will be accessible within the container. - $ docker run --device=/dev/snd:/dev/snd ... + $ sudo docker run --device=/dev/snd:/dev/snd ... In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default list of capabilities that are kept. Both flags support the value `all`, so if the operator wants to have all capabilities but `MKNOD` they could use: - $ docker run --cap-add=ALL --cap-drop=MKNOD ... + $ sudo docker run --cap-add=ALL --cap-drop=MKNOD ... For interacting with the network stack, instead of using `--privileged` they should use `--cap-add=NET_ADMIN` to modify the network interfaces. @@ -299,7 +299,7 @@ Dockerfile instruction and how the operator can override that setting. Recall the optional `COMMAND` in the Docker commandline: - $ docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + $ sudo docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] This command is optional because the person who created the `IMAGE` may have already provided a default `COMMAND` using the Dockerfile `CMD` @@ -326,12 +326,12 @@ runtime by using a string to specify the new `ENTRYPOINT`. Here is an example of how to run a shell in a container that has been set up to automatically run something else (like `/usr/bin/redis-server`): - $ docker run -i -t --entrypoint /bin/bash example/redis + $ sudo docker run -i -t --entrypoint /bin/bash example/redis or two examples of how to pass more parameters to that ENTRYPOINT: - $ docker run -i -t --entrypoint /bin/bash example/redis -c ls -l - $ docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help + $ sudo docker run -i -t --entrypoint /bin/bash example/redis -c ls -l + $ sudo docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help ## EXPOSE (Incoming Ports) @@ -378,7 +378,7 @@ The operator can **set any environment variable** in the container by using one or more `-e` flags, even overriding those already defined by the developer with a Dockerfile `ENV`: - $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export + $ sudo docker run -e "deep=purple" --rm ubuntu /bin/bash -c export declare -x HOME="/" declare -x HOSTNAME="85bc26a0e200" declare -x OLDPWD @@ -396,23 +396,23 @@ information for connecting to the service container. Let's imagine we have a container running Redis: # Start the service container, named redis-name - $ docker run -d --name redis-name dockerfiles/redis + $ sudo docker run -d --name redis-name dockerfiles/redis 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 # The redis-name container exposed port 6379 - $ docker ps + $ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4241164edf6f $ dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name # Note that there are no public ports exposed since we didn᾿t use -p or -P - $ docker port 4241164edf6f 6379 + $ sudo docker port 4241164edf6f 6379 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f Yet we can get information about the Redis container's exposed ports with `--link`. Choose an alias that will form a valid environment variable! - $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export + $ sudo docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export declare -x HOME="/" declare -x HOSTNAME="acda7f7b1cdc" declare -x OLDPWD @@ -429,15 +429,15 @@ valid environment variable! And we can use that information to connect from another container as a client: - $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' + $ sudo docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' 172.17.0.32:6379> Docker will also map the private IP address to the alias of a linked container by inserting an entry into `/etc/hosts`. You can use this mechanism to communicate with a linked container by its alias: - $ docker run -d --name servicename busybox sleep 30 - $ docker run -i -t --link servicename:servicealias busybox ping -c 1 servicealias + $ sudo docker run -d --name servicename busybox sleep 30 + $ sudo docker run -i -t --link servicename:servicealias busybox ping -c 1 servicealias If you restart the source container (`servicename` in this case), the recipient container's `/etc/hosts` entry will be automatically updated. From 4b80189b3bb0c7e3dee0207decbec176c38fc861 Mon Sep 17 00:00:00 2001 From: Vishnu Kannan Date: Wed, 10 Sep 2014 07:39:20 +0000 Subject: [PATCH 0279/2538] Update cli.md to include 'docker exec' feature. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan (github: vishh) --- docs/sources/reference/commandline/cli.md | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 343c2e3113..7bf3eed59a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1295,6 +1295,36 @@ It is even useful to cherry-pick particular tags of an image repository $ sudo docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy +## exec + + Usage: docker exec CONTAINER COMMAND [ARG...] + + Run a command in an existing container + + -d, --detach=false Detached mode: run the process in the background and exit + -i, --interactive=false Keep STDIN open even if not attached + -t, --tty=false Allocate a pseudo-TTY + +The `docker exec` command runs a user specified command as a new process in an existing +user specified container. The container needs to be active. + +The `docker exec` command will typically be used after `docker run`. + +### Examples: + + $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash + +This will create a container named 'ubuntu_bash' and start a bash session. + + $ sudo docker exec -d ubuntu_bash touch /tmp/execWorks + +This will create a new file '/tmp/execWorks' inside the existing and active container +'ubuntu_bash', in the background. + + $ sudo docker exec ubuntu_bash -it bash + +This will create a new bash session in the container 'ubuntu_bash'. + ## search From 733ac4b1e7085e393556cec2e7860a09376fb29b Mon Sep 17 00:00:00 2001 From: Vishnu Kannan Date: Thu, 11 Sep 2014 00:06:59 +0000 Subject: [PATCH 0280/2538] Address review comments. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan (github: vishh) --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 7bf3eed59a..a5d439668e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1297,7 +1297,7 @@ It is even useful to cherry-pick particular tags of an image repository ## exec - Usage: docker exec CONTAINER COMMAND [ARG...] + Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] Run a command in an existing container From 09bfb139f1ffc54abe0f36f63b8ff698e9bbad84 Mon Sep 17 00:00:00 2001 From: Vishnu Kannan Date: Mon, 15 Sep 2014 17:06:07 +0000 Subject: [PATCH 0281/2538] Removing 'exec' feature from the CLI until the docker daemon supports resizing of tty sessions for exec'ed commands. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan (github: vishh) --- docs/sources/reference/commandline/cli.md | 31 ----------------------- 1 file changed, 31 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a5d439668e..622842808e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1295,37 +1295,6 @@ It is even useful to cherry-pick particular tags of an image repository $ sudo docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy -## exec - - Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] - - Run a command in an existing container - - -d, --detach=false Detached mode: run the process in the background and exit - -i, --interactive=false Keep STDIN open even if not attached - -t, --tty=false Allocate a pseudo-TTY - -The `docker exec` command runs a user specified command as a new process in an existing -user specified container. The container needs to be active. - -The `docker exec` command will typically be used after `docker run`. - -### Examples: - - $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash - -This will create a container named 'ubuntu_bash' and start a bash session. - - $ sudo docker exec -d ubuntu_bash touch /tmp/execWorks - -This will create a new file '/tmp/execWorks' inside the existing and active container -'ubuntu_bash', in the background. - - $ sudo docker exec ubuntu_bash -it bash - -This will create a new bash session in the container 'ubuntu_bash'. - - ## search Search [Docker Hub](https://hub.docker.com) for images From aa620970422e8e96b10730eba7063eba5c8ab269 Mon Sep 17 00:00:00 2001 From: Vishnu Kannan Date: Tue, 16 Sep 2014 06:43:43 +0000 Subject: [PATCH 0282/2538] Adding docker exec support in CLI. Fixed a bug in daemon that resulted in accessing of a closed pipe. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan (github: vishh) --- docs/sources/reference/commandline/cli.md | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 622842808e..936ef26a00 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1295,6 +1295,36 @@ It is even useful to cherry-pick particular tags of an image repository $ sudo docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy +## exec + + Usage: docker exec CONTAINER COMMAND [ARG...] + + Run a command in an existing container + + -d, --detach=false Detached mode: run the process in the background and exit + -i, --interactive=false Keep STDIN open even if not attached + -t, --tty=false Allocate a pseudo-TTY + +The `docker exec` command runs a user specified command as a new process in an existing +user specified container. The container needs to be active. + +The `docker exec` command will typically be used after `docker run`. + +### Examples: + + $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash + +This will create a container named 'ubuntu_bash' and start a bash session. + + $ sudo docker exec -d ubuntu_bash touch /tmp/execWorks + +This will create a new file '/tmp/execWorks' inside the existing and active container +'ubuntu_bash', in the background. + + $ sudo docker exec ubuntu_bash -it bash + +This will create a new bash session in the container 'ubuntu_bash'. + ## search Search [Docker Hub](https://hub.docker.com) for images From 98c2ff06edf368b87d6a13c98b57be75f6cdcb39 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 16 Sep 2014 11:46:24 -0700 Subject: [PATCH 0283/2538] Add exec to autocompletions Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) --- contrib/completion/bash/docker | 19 ++++++++++++++++--- contrib/completion/zsh/_docker | 7 +++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 13fd57ba12..33b92eb3d7 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -244,6 +244,18 @@ _docker_events() esac } +_docker_exec() +{ + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-d --detach -i --interactive -t --tty" -- "$cur" ) ) + ;; + *) + __docker_containers_running + ;; + esac +} + _docker_export() { local counter=$(__docker_pos_first_nonflag) @@ -530,7 +542,7 @@ _docker_run() esac return ;; - --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf) + --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf) return ;; *) @@ -539,10 +551,10 @@ _docker_run() case "$cur" in -*) - COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') + local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids @@ -660,6 +672,7 @@ _docker() cp diff events + exec export history images diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index eab269684f..70c67e0391 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -227,6 +227,13 @@ __docker_subcommand () { (diff|export) _arguments '*:containers:__docker_containers' ;; + (exec) + _arguments \ + '-d[Detached mode: leave the container running in the background]' \ + '-i[Keep stdin open even if not attached]' \ + '-t[Allocate a pseudo-tty]' \ + ':containers:__docker_runningcontainers' + ;; (history) _arguments \ '--no-trunc[Do not truncate output]' \ From dbb8b6e280e2864d35a2fcdd122e984d970796d6 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 10 Sep 2014 12:36:01 -0700 Subject: [PATCH 0284/2538] Fix for issue 7902. Use utils.RFC3339NanoFixed ("2006-01-02T15:04:05.000000000Z07:00") instead of time.RFC3339Nano to format our log timestamps - this way things are aligned, in particular the nano seconds are padded with zeros Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 936ef26a00..0920917f93 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -760,8 +760,9 @@ Passing a negative number or a non-integer to `--tail` is invalid and the value is set to `all` in that case. This behavior may change in the future. The `docker logs --timestamp` commands will add an RFC3339Nano -timestamp, for example `2014-05-10T17:42:14.999999999Z07:00`, to each -log entry. +timestamp, for example `2014-09-16T06:17:46.000000000Z`, to each +log entry. To ensure that the timestamps for are aligned the +nano-second part of the timestamp will be padded with zero when necessary. ## port From 5886a029807ba06430516fb6e798c11a7aea8977 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Mon, 10 Mar 2014 14:11:23 +0100 Subject: [PATCH 0285/2538] Add "docker create" support This exposes the already existing "create container" operation. It is very similar to "docker run -d" except it doesn't actually start the container, but just prepares it. It can then be manually started using "docker start" at any point. Docker-DCO-1.1-Signed-off-by: Alexander Larsson (github: alexlarsson) Conflicts: api/client/commands.go runconfig/parse.go server/container.go Docker-DCO-1.1-Signed-off-by: Tibor Vass (github: tiborvass) --- docs/sources/reference/commandline/cli.md | 57 +++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0920917f93..57c7d528b0 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -370,6 +370,63 @@ path. Paths are relative to the root of the filesystem. Copy files/folders from the PATH to the HOSTPATH + +## create + +Creates a new container. + + Usage: docker create [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + + + -a, --attach=[] Attach to stdin, stdout or stderr. + -c, --cpu-shares=0 CPU shares (relative weight) + --cidfile="" Write the container ID to the file + --dns=[] Set custom dns servers + --dns-search=[] Set custom dns search domains + -e, --env=[] Set environment variables + --entrypoint="" Overwrite the default entrypoint of the image + --env-file=[] Read in a line delimited file of ENV variables + --expose=[] Expose a port from the container without publishing it to your host + -h, --hostname="" Container host name + -i, --interactive=false Keep stdin open even if not attached + --link=[] Add link to another container (name:alias) + --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + -m, --memory="" Memory limit (format: , where unit = b, k, m or g) + --name="" Assign a name to the container + --net="bridge" Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the contaner + -p, --publish=[] Publish a container's port to the host + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort + (use 'docker port' to see the actual mapping) + -P, --publish-all=false Publish all exposed ports to the host interfaces + --privileged=false Give extended privileges to this container + -t, --tty=false Allocate a pseudo-tty + -u, --user="" Username or UID + -v, --volume=[] Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) + --volumes-from=[] Mount volumes from the specified container(s) + -w, --workdir="" Working directory inside the container + + +The `docker create` command `creates` a writeable container layer over +the specified image, and prepares it for running the specified +command. The container id is then printed to stdout. This is similar +to what `docker run -d `, does except the container is never +started. You can then use the `docker start ` command to +start the container at any point. + +This is useful when you want to set up a container configuration ahead +of time, so that it is ready to start when you need it. + +### Example: + + $ sudo docker create -t -i fedora bash + 6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752 + $ sudo docker start -a -i 6d8af538ec5 + bash-4.2# + ## diff List the changed files and directories in a container᾿s filesystem From 7786198ec845cc233f3bbfb792eccdf1e1c871ed Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Fri, 18 Jul 2014 19:38:27 -0500 Subject: [PATCH 0286/2538] docs fix Docker-DCO-1.1-Signed-off-by: Tibor Vass (github: tiborvass) --- docs/sources/reference/commandline/cli.md | 28 +++++++++++------------ 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 57c7d528b0..3f7800786f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -378,17 +378,17 @@ Creates a new container. Usage: docker create [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] - -a, --attach=[] Attach to stdin, stdout or stderr. + -a, --attach=[] Attach to STDIN, STDOUT, STDERR. -c, --cpu-shares=0 CPU shares (relative weight) --cidfile="" Write the container ID to the file - --dns=[] Set custom dns servers - --dns-search=[] Set custom dns search domains + --dns=[] Set custom DNS servers + --dns-search=[] Set custom DNS search domains -e, --env=[] Set environment variables --entrypoint="" Overwrite the default entrypoint of the image - --env-file=[] Read in a line delimited file of ENV variables + --env-file=[] Read in a line delimited file of environment variables --expose=[] Expose a port from the container without publishing it to your host -h, --hostname="" Container host name - -i, --interactive=false Keep stdin open even if not attached + -i, --interactive=false Keep `STDIN` open even if not attached --link=[] Add link to another container (name:alias) --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -m, --memory="" Memory limit (format: , where unit = b, k, m or g) @@ -397,28 +397,28 @@ Creates a new container. 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container 'container:': reuses another container network stack - 'host': use the host network stack inside the contaner + 'host': use the host network stack inside the container -p, --publish=[] Publish a container's port to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort (use 'docker port' to see the actual mapping) -P, --publish-all=false Publish all exposed ports to the host interfaces --privileged=false Give extended privileges to this container - -t, --tty=false Allocate a pseudo-tty + -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID -v, --volume=[] Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container -The `docker create` command `creates` a writeable container layer over -the specified image, and prepares it for running the specified -command. The container id is then printed to stdout. This is similar -to what `docker run -d `, does except the container is never -started. You can then use the `docker start ` command to -start the container at any point. +The `docker create` command creates a writeable container layer over +the specified image and prepares it for running the specified command. +The container ID is then printed to `STDOUT`. +This is similar to `docker run -d` except the container is never started. +You can then use the `docker start ` command to start the +container at any point. This is useful when you want to set up a container configuration ahead -of time, so that it is ready to start when you need it. +of time so that it is ready to start when you need it. ### Example: From 442ac2bc318012640d24ded6e464427716e10f3a Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Mon, 11 Aug 2014 13:12:09 -0400 Subject: [PATCH 0287/2538] Add create to contrib/completion Signed-off-by: Tibor Vass --- contrib/completion/bash/docker | 70 +++++++++++++++++++++++++++++ contrib/completion/fish/docker.fish | 29 +++++++++++- contrib/completion/zsh/_docker | 26 +++++++++++ 3 files changed, 124 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 33b92eb3d7..b88f64d59d 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -217,6 +217,75 @@ _docker_cp() fi } +_docker_create() +{ + case "$prev" in + -a|--attach) + COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) + return + ;; + --cidfile|--env-file) + _filedir + return + ;; + --volumes-from) + __docker_containers_all + return + ;; + -v|--volume) + case "$cur" in + *:*) + # TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine) + ;; + '') + COMPREPLY=( $( compgen -W '/' -- "$cur" ) ) + compopt -o nospace + ;; + /*) + _filedir + compopt -o nospace + ;; + esac + return + ;; + -e|--env) + COMPREPLY=( $( compgen -e -- "$cur" ) ) + compopt -o nospace + return + ;; + --link) + case "$cur" in + *:*) + ;; + *) + __docker_containers_running + COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) + compopt -o nospace + ;; + esac + return + ;; + --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf) + return + ;; + *) + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir -c --cpu-shares --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') + + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags_and_ids + fi + ;; + esac +} + _docker_diff() { local counter=$(__docker_pos_first_nonflag) @@ -670,6 +739,7 @@ _docker() build commit cp + create diff events exec diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 2b106ad62e..48b0279cee 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -16,7 +16,7 @@ function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand' for i in (commandline -opc) - if contains -- $i attach build commit cp diff events export history images import info insert inspect kill load login logs port ps pull push restart rm rmi run save search start stop tag top version wait + if contains -- $i attach build commit cp create diff events export history images import info insert inspect kill load login logs port ps pull push restart rm rmi run save search start stop tag top version wait return 1 end end @@ -88,6 +88,33 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_pri # cp complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders from a container's filesystem to the host path" +# create +complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to stdin, stdout or stderr.' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom dns servers' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default entrypoint of the image' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port from the container without publishing it to your host' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping)" +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-tty' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image" + + # diff complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem" complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print_docker_containers all)' -d "Container" diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 70c67e0391..aff59ee77c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -224,6 +224,32 @@ __docker_subcommand () { ;; esac ;; + (create) + _arguments \ + '-P[Publish all exposed ports to the host]' \ + '-a[Attach to stdin, stdout or stderr]' \ + '-c=-[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)' \ + '--cidfile=-[Write the container ID to the file]:CID file:_files' \ + '*--dns=-[Set custom dns servers]:dns server: ' \ + '*-e=-[Set environment variables]:environment variable: ' \ + '--entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \ + '*--expose=-[Expose a port from the container without publishing it]: ' \ + '-h=-[Container host name]:hostname:_hosts' \ + '-i[Keep stdin open even if not attached]' \ + '--link=-[Add link to another container]:link:->link' \ + '--lxc-conf=-[Add custom lxc options]:lxc options: ' \ + '-m=-[Memory limit (in bytes)]:limit: ' \ + '--name=-[Container name]:name: ' \ + '*-p=-[Expose a container'"'"'s port to the host]:port:_ports' \ + '--privileged[Give extended privileges to this container]' \ + '-t[Allocate a pseudo-tty]' \ + '-u=-[Username or UID]:user:_users' \ + '*-v=-[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\ + '--volumes-from=-[Mount volumes from the specified container]:volume: ' \ + '-w=-[Working directory inside the container]:directory:_directories' \ + '(-):images:__docker_images' \ + '(-):command: _command_names -e' \ + '*::arguments: _normal' (diff|export) _arguments '*:containers:__docker_containers' ;; From 14c0f0781dd8c669946d72f0c27037d56038a9b9 Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Sat, 13 Sep 2014 04:35:59 +0000 Subject: [PATCH 0288/2538] Allow extra lines in /etc/hosts This adds a --add-host host:ip flag which appends lines to /etc/hosts. This is needed in places where you want the container to get a different name resolution than it would through DNS. This was submitted before as #5525, closed, and now I am re-opening. It has come up 2 or 3 times in the last couple days. Signed-off-by: Tim Hockin --- docs/sources/reference/commandline/cli.md | 1 + docs/sources/reference/run.md | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 3f7800786f..a566bf6820 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1043,6 +1043,7 @@ removed before the image is removed. Run a command in a new container -a, --attach=[] Attach to STDIN, STDOUT or STDERR. + --add-host=[] Add a custom host-to-IP mapping (host:ip) -c, --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 4334e2572e..81afb96cd1 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -139,6 +139,7 @@ example, `docker run ubuntu:14.04`. 'none': no networking for this container 'container:': reuses another container network stack 'host': use the host network stack inside the container + --add-host="" : Add a line to /etc/hosts (host:IP) By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking @@ -196,6 +197,22 @@ running the `redis-cli` command and connecting to the Redis server over the $ # use the redis container's network stack to access localhost $ sudo docker run --rm -ti --net container:redis example/redis-cli -h 127.0.0.1 +### Managing /etc/hosts + +Your container will have lines in `/etc/hosts` which define the hostname of the +container itself as well as `localhost` and a few other common things. The +`--add-host` flag can be used to add additional lines to `/etc/hosts`. + + $ /docker run -ti --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts + 172.17.0.22 09d03f76bf2c + fe00::0 ip6-localnet + ff00::0 ip6-mcastprefix + ff02::1 ip6-allnodes + ff02::2 ip6-allrouters + 127.0.0.1 localhost + ::1 localhost ip6-localhost ip6-loopback + 86.75.30.9 db-static + ## Clean Up (–-rm) By default a container's file system persists even after the container From 54f5e16a387a4db620fd7074dc30c7474d7d928a Mon Sep 17 00:00:00 2001 From: Albert Callarisa Date: Thu, 18 Sep 2014 22:55:38 +0800 Subject: [PATCH 0289/2538] 'an file' -> 'a file' grammar fix Signed-off-by: Albert Callarisa Roca --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a566bf6820..a43f485b48 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1333,7 +1333,7 @@ Providing a maximum restart limit is only valid for the ** on-failure ** policy. Save an image(s) to a tar archive (streamed to STDOUT by default) - -o, --output="" Write to an file, instead of STDOUT + -o, --output="" Write to a file, instead of STDOUT Produces a tarred repository to the standard output stream. Contains all parent layers, and all tags + versions, or specified repo:tag, for From a492b97cd047ad58ade8e332088f92aa040f8b54 Mon Sep 17 00:00:00 2001 From: Eugene Yakubovich Date: Tue, 16 Sep 2014 20:00:15 -0700 Subject: [PATCH 0290/2538] Add an option to disable IP masquerading For the cases where --bip option is used it is sometimes best to disable IP masquerading as the provided bridge IP range may be routable. Signed-off-by: Eugene Yakubovich --- docs/sources/reference/commandline/cli.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a43f485b48..74f1b7b3e5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -67,6 +67,7 @@ expect an integer, and they can only be specified once. --icc=true Enable inter-container communication --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward + --ip-masq=true Enable IP masquerading for bridge's IP range. --iptables=true Enable Docker's addition of iptables rules --mtu=0 Set the containers network MTU if no value is provided: default to the default route MTU or 1500 if no default route is available @@ -110,6 +111,10 @@ the `-H` flag for the client. $ sudo docker ps # both are equal +IP masquerading uses address translation to allow containers without a public IP to talk +to other machines on the Internet. This may interfere with some network topologies and +can be disabled with --ip-masq=false. + To run the daemon with [systemd socket activation]( http://0pointer.de/blog/projects/socket-activation.html), use `docker -d -H fd://`. Using `fd://` will work perfectly for most setups but From 6ea2cc5e0e40facce791c510e8f167806ab94af2 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Tue, 16 Sep 2014 09:58:20 -0700 Subject: [PATCH 0291/2538] Add support for copy/add with multiple src files Part one of solution for issue #6820 Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 4b16e0365c..1f5bd4dada 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -284,13 +284,15 @@ change them using `docker run --env =`. ## ADD - ADD + ADD ... -The `ADD` instruction will copy new files from `` and add them to the -container's filesystem at path ``. +The `ADD` instruction copies new files,directories or remote file URLs to +the filesystem of the container from `` and add them to the at +path ``. -`` must be the path to a file or directory relative to the source directory -being built (also called the *context* of the build) or a remote file URL. +Multiple resource may be specified but if they are files or +directories then they must be relative to the source directory that is +being built (the context of the build). `` is the absolute path to which the source will be copied inside the destination container. @@ -353,6 +355,9 @@ The copy obeys the following rules: will be considered a directory and the contents of `` will be written at `/base()`. +- If multiple `` resources are specified then `` must be a + directory, and it must end with a slash `/`. + - If `` does not end with a trailing slash, it will be considered a regular file and the contents of `` will be written at ``. @@ -361,13 +366,15 @@ The copy obeys the following rules: ## COPY - COPY + COPY ... -The `COPY` instruction will copy new files from `` and add them to the -container's filesystem at path ``. +The `COPY` instruction copies new files,directories or remote file URLs to +the filesystem of the container from `` and add them to the at +path ``. -`` must be the path to a file or directory relative to the source directory -being built (also called the *context* of the build). +Multiple resource may be specified but if they are files or +directories then they must be relative to the source directory that is being +built (the context of the build). `` is the absolute path to which the source will be copied inside the destination container. @@ -393,6 +400,9 @@ The copy obeys the following rules: will be considered a directory and the contents of `` will be written at `/base()`. +- If multiple `` resources are specified then `` must be a + directory, and it must end with a slash `/`. + - If `` does not end with a trailing slash, it will be considered a regular file and the contents of `` will be written at ``. From 9c74cf01e226e116e5a963fe27da8f6f4cee226f Mon Sep 17 00:00:00 2001 From: Andrey Petrov Date: Sat, 20 Sep 2014 17:59:52 -0700 Subject: [PATCH 0292/2538] Cleanup: Fix cli docs: Sorted command headers. Signed-off-by: Andrey Petrov --- docs/sources/reference/commandline/cli.md | 60 +++++++++++------------ 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 74f1b7b3e5..f3bbcf4112 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -505,6 +505,36 @@ You'll need two shells for this example. 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop +## exec + + Usage: docker exec CONTAINER COMMAND [ARG...] + + Run a command in an existing container + + -d, --detach=false Detached mode: run the process in the background and exit + -i, --interactive=false Keep STDIN open even if not attached + -t, --tty=false Allocate a pseudo-TTY + +The `docker exec` command runs a user specified command as a new process in an existing +user specified container. The container needs to be active. + +The `docker exec` command will typically be used after `docker run`. + +### Examples: + + $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash + +This will create a container named 'ubuntu_bash' and start a bash session. + + $ sudo docker exec -d ubuntu_bash touch /tmp/execWorks + +This will create a new file '/tmp/execWorks' inside the existing and active container +'ubuntu_bash', in the background. + + $ sudo docker exec ubuntu_bash -it bash + +This will create a new bash session in the container 'ubuntu_bash'. + ## export Usage: docker export CONTAINER @@ -1359,36 +1389,6 @@ It is even useful to cherry-pick particular tags of an image repository $ sudo docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy -## exec - - Usage: docker exec CONTAINER COMMAND [ARG...] - - Run a command in an existing container - - -d, --detach=false Detached mode: run the process in the background and exit - -i, --interactive=false Keep STDIN open even if not attached - -t, --tty=false Allocate a pseudo-TTY - -The `docker exec` command runs a user specified command as a new process in an existing -user specified container. The container needs to be active. - -The `docker exec` command will typically be used after `docker run`. - -### Examples: - - $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash - -This will create a container named 'ubuntu_bash' and start a bash session. - - $ sudo docker exec -d ubuntu_bash touch /tmp/execWorks - -This will create a new file '/tmp/execWorks' inside the existing and active container -'ubuntu_bash', in the background. - - $ sudo docker exec ubuntu_bash -it bash - -This will create a new bash session in the container 'ubuntu_bash'. - ## search Search [Docker Hub](https://hub.docker.com) for images From 5afc964a9e486d0ae1e7bf088104d55d0334ea7c Mon Sep 17 00:00:00 2001 From: Jyrki Puttonen Date: Fri, 19 Sep 2014 14:57:38 +0300 Subject: [PATCH 0293/2538] Fix detaching from attached container Text was copied from man-pages https://raw.githubusercontent.com/docker/docker/master/docs/man/docker-attach.1.md Signed-off-by: Jyrki Puttonen --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f3bbcf4112..106d4c1182 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -148,10 +148,10 @@ container at the same time - screen sharing style, or quickly view the progress of your daemonized process. You can detach from the container again (and leave it running) with -`CTRL-C` (for a quiet exit) or `CTRL-\` -to get a stacktrace of the Docker client when it quits. When -you detach from the container's process the exit code will be returned -to the client. +`CTRL-p CTRL-q` (for a quiet exit), or `CTRL-c` which will send a +SIGKILL to the container, or `CTRL-\` to get a stacktrace of the +Docker client when it quits. When you detach from the container's +process the exit code will be returned to the client. To stop a container, use `docker stop`. From 1798f722544abba8b0bd791eb33e6409824be258 Mon Sep 17 00:00:00 2001 From: Alexandr Morozov Date: Thu, 29 May 2014 00:06:23 +0400 Subject: [PATCH 0294/2538] Implement allocating IPs from CIDR within bridge network Fixes #4986 Signed-off-by: Alexandr Morozov --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 106d4c1182..0b458c821e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -54,6 +54,7 @@ expect an integer, and they can only be specified once. -b, --bridge="" Attach containers to a pre-existing network bridge use 'none' to disable container networking --bip="" Use this CIDR notation address for the network bridge's IP, not compatible with -b + --fixed-cidr="" IPv4 subnet for fixed IPs (ex: 10.20.0.0/16) -D, --debug=false Enable debug mode -d, --daemon=false Enable daemon mode --dns=[] Force Docker to use specific DNS servers From e938ac9e78b2b36b68a015547d626f65680c0c48 Mon Sep 17 00:00:00 2001 From: "Frederick F. Kautz IV" Date: Mon, 21 Jul 2014 15:30:21 -0400 Subject: [PATCH 0295/2538] Adding additional documentation for fixed-cidr networking Docker-DCO-1.1-Signed-off-by: Frederick F. Kautz IV (github: fkautz) Signed-off-by: Alexandr Morozov --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0b458c821e..d801d65f95 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -55,6 +55,7 @@ expect an integer, and they can only be specified once. use 'none' to disable container networking --bip="" Use this CIDR notation address for the network bridge's IP, not compatible with -b --fixed-cidr="" IPv4 subnet for fixed IPs (ex: 10.20.0.0/16) + this subnet must be nested in the bridge subnet (which is defined by -b or --bip) -D, --debug=false Enable debug mode -d, --daemon=false Enable daemon mode --dns=[] Force Docker to use specific DNS servers From d6d5dcd55ad77010b7b7042847bb34215f701a76 Mon Sep 17 00:00:00 2001 From: Dan Cotora Date: Mon, 22 Sep 2014 08:36:20 +0300 Subject: [PATCH 0296/2538] Doc update to clarify random port mapping on docker run -P Signed-off-by: Dan Cotora --- docs/sources/reference/run.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 81afb96cd1..5bdaa256d6 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -381,8 +381,9 @@ with `-P` or `-p,` or start the client container with `--link`. If the operator uses `-P` or `-p` then Docker will make the exposed port accessible on the host and the ports will be available to any client -that can reach the host. To find the map between the host ports and the -exposed ports, use `docker port`) +that can reach the host. When using `-P`, Docker will bind the exposed +ports to a random port on the host between 49153 and 65535. To find the +mapping between the host ports and the exposed ports, use `docker port`. If the operator uses `--link` when starting the new client container, then the client container can access the exposed port via a private From 056efbbe1471c2cd87efbee1aa40d42c4e64595c Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 23 Sep 2014 15:04:00 +1000 Subject: [PATCH 0297/2538] That URL isn't there anymore Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d801d65f95..daa2760c14 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -124,7 +124,7 @@ you can also specify individual sockets too `docker -d -H fd://3`. If the specified socket activated files aren't found then docker will exit. You can find examples of using systemd socket activation with docker and systemd in the [docker source tree]( -https://github.com/docker/docker/blob/master/contrib/init/systemd/socket-activation/). +https://github.com/docker/docker/tree/master/contrib/init/systemd/). Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this: From 85808d776d0f2dd5990b422f9f8f242179a7e819 Mon Sep 17 00:00:00 2001 From: Fred Lifton Date: Tue, 23 Sep 2014 14:21:00 -0700 Subject: [PATCH 0298/2538] Adding new Dockerfile Best Practices doc, and links thereto. Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) --- docs/sources/reference/builder.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 1f5bd4dada..07b99dd5ba 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -11,6 +11,11 @@ Docker image. By calling `docker build` from your terminal, you can have Docker build your image step by step, executing the instructions successively. +This page discusses the specifics of all the instructions you can use in your +`Dockerfile`. To further help you write a clear, readable, maintainable +`Dockerfile`, we've also written a [`Dockerfile` Best Practices guide](/articles/dockerfile_best-practices). + + ## Usage To [*build*](../commandline/cli/#cli-build) an image from a source repository, From b6e31537340d199e0754fed23ebc51054f3348ce Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 23 Sep 2014 19:18:09 -0400 Subject: [PATCH 0299/2538] Replace get.docker.io -> get.docker.com and test.docker.io -> test.docker.com Signed-off-by: Tibor Vass --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index daa2760c14..28c7e2dae1 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1191,8 +1191,8 @@ folder before starting your container. $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh By bind-mounting the docker unix socket and statically linked docker -binary (such as that provided by [https://get.docker.io]( -https://get.docker.io)), you give the container the full access to create and +binary (such as that provided by [https://get.docker.com]( +https://get.docker.com)), you give the container the full access to create and manipulate the host's docker daemon. $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash From 82ff6f0c9f31d2c1950bb4d4b5a76082437cc7f3 Mon Sep 17 00:00:00 2001 From: Erik Hollensbe Date: Thu, 11 Sep 2014 06:27:51 -0700 Subject: [PATCH 0300/2538] builder: Fix handling of VOLUME command where multiple volumes are specified in a space delimited list. Docker-DCO-1.1-Signed-off-by: Erik Hollensbe (github: erikh) --- docs/sources/reference/builder.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 07b99dd5ba..d3560de718 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -472,9 +472,10 @@ optional but default, you could use a `CMD` instruction: The `VOLUME` instruction will create a mount point with the specified name and mark it as holding externally mounted volumes from native host or other containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain -string, `VOLUME /var/log`. For more information/examples and mounting -instructions via the Docker client, refer to [*Share Directories via Volumes*]( -/userguide/dockervolumes/#volume-def) documentation. +string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log +/var/db`. For more information/examples and mounting instructions via the +Docker client, refer to [*Share Directories via Volumes*](/userguide/dockervolumes/#volume-def) +documentation. > **Note**: > The list is parsed a JSON array, which means that From 5c9bb30d906c73461cd57c393fd0729a38c821d9 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Thu, 25 Sep 2014 16:07:55 +1000 Subject: [PATCH 0301/2538] Updated output from the docker cli help Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 93 +++++++++++++---------- 1 file changed, 51 insertions(+), 42 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 28c7e2dae1..1721b24386 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -49,27 +49,30 @@ expect an integer, and they can only be specified once. ## daemon - Usage of docker: + Usage: docker [OPTIONS] COMMAND [arg...] + + A self-sufficient runtime for linux containers. + + Options: --api-enable-cors=false Enable CORS headers in the remote API -b, --bridge="" Attach containers to a pre-existing network bridge use 'none' to disable container networking --bip="" Use this CIDR notation address for the network bridge's IP, not compatible with -b - --fixed-cidr="" IPv4 subnet for fixed IPs (ex: 10.20.0.0/16) - this subnet must be nested in the bridge subnet (which is defined by -b or --bip) -D, --debug=false Enable debug mode -d, --daemon=false Enable daemon mode --dns=[] Force Docker to use specific DNS servers --dns-search=[] Force Docker to use specific DNS search domains -e, --exec-driver="native" Force the Docker runtime to use a specific exec driver + --fixed-cidr="" IPv4 subnet for fixed IPs (ex: 10.20.0.0/16) + this subnet must be nested in the bridge subnet (which is defined by -b or --bip) -G, --group="docker" Group to assign the unix socket specified by -H when running in daemon mode use '' (the empty string) to disable setting of a group -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime - -H, --host=[] The socket(s) to bind to in daemon mode - specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --icc=true Enable inter-container communication --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward - --ip-masq=true Enable IP masquerading for bridge's IP range. + --ip-masq=true Enable IP masquerading for bridge's IP range --iptables=true Enable Docker's addition of iptables rules --mtu=0 Set the containers network MTU if no value is provided: default to the default route MTU or 1500 if no default route is available @@ -85,6 +88,7 @@ expect an integer, and they can only be specified once. --tlsverify=false Use TLS and verify the remote (daemon: verify client, client: verify daemon) -v, --version=false Print version information and quit + Options with [] may be specified multiple times. The Docker daemon is the persistent process that manages containers. @@ -377,45 +381,50 @@ path. Paths are relative to the root of the filesystem. Copy files/folders from the PATH to the HOSTPATH - ## create Creates a new container. - Usage: docker create [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...] + Create a new container - -a, --attach=[] Attach to STDIN, STDOUT, STDERR. - -c, --cpu-shares=0 CPU shares (relative weight) - --cidfile="" Write the container ID to the file - --dns=[] Set custom DNS servers - --dns-search=[] Set custom DNS search domains - -e, --env=[] Set environment variables - --entrypoint="" Overwrite the default entrypoint of the image - --env-file=[] Read in a line delimited file of environment variables - --expose=[] Expose a port from the container without publishing it to your host - -h, --hostname="" Container host name - -i, --interactive=false Keep `STDIN` open even if not attached - --link=[] Add link to another container (name:alias) - --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -m, --memory="" Memory limit (format: , where unit = b, k, m or g) - --name="" Assign a name to the container - --net="bridge" Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container - -p, --publish=[] Publish a container's port to the host - format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort - (use 'docker port' to see the actual mapping) - -P, --publish-all=false Publish all exposed ports to the host interfaces - --privileged=false Give extended privileges to this container - -t, --tty=false Allocate a pseudo-TTY - -u, --user="" Username or UID - -v, --volume=[] Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container) - --volumes-from=[] Mount volumes from the specified container(s) - -w, --workdir="" Working directory inside the container - + -a, --attach=[] Attach to STDIN, STDOUT or STDERR. + --add-host=[] Add a custom host-to-IP mapping (host:ip) + -c, --cpu-shares=0 CPU shares (relative weight) + --cap-add=[] Add Linux capabilities + --cap-drop=[] Drop Linux capabilities + --cidfile="" Write the container ID to the file + --cpuset="" CPUs in which to allow execution (0-3, 0,1) + --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc) + --dns=[] Set custom DNS servers + --dns-search=[] Set custom DNS search domains + -e, --env=[] Set environment variables + --entrypoint="" Overwrite the default ENTRYPOINT of the image + --env-file=[] Read in a line delimited file of environment variables + --expose=[] Expose a port from the container without publishing it to your host + -h, --hostname="" Container host name + -i, --interactive=false Keep STDIN open even if not attached + --link=[] Add link to another container in the form of name:alias + --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + -m, --memory="" Memory limit (format: , where unit = b, k, m or g) + --name="" Assign a name to the container + --net="bridge" Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + -P, --publish-all=false Publish all exposed ports to the host interfaces + -p, --publish=[] Publish a container's port to the host + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort + (use 'docker port' to see the actual mapping) + --privileged=false Give extended privileges to this container + --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + -t, --tty=false Allocate a pseudo-TTY + -u, --user="" Username or UID + -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) + --volumes-from=[] Mount volumes from the specified container(s) + -w, --workdir="" Working directory inside the container The `docker create` command creates a writeable container layer over the specified image and prepares it for running the specified command. @@ -509,11 +518,11 @@ You'll need two shells for this example. ## exec - Usage: docker exec CONTAINER COMMAND [ARG...] + Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] Run a command in an existing container - -d, --detach=false Detached mode: run the process in the background and exit + -d, --detach=false Detached mode: run command in the background -i, --interactive=false Keep STDIN open even if not attached -t, --tty=false Allocate a pseudo-TTY @@ -1086,7 +1095,7 @@ removed before the image is removed. --cap-drop=[] Drop Linux capabilities --cidfile="" Write the container ID to the file --cpuset="" CPUs in which to allow execution (0-3, 0,1) - -d, --detach=false Detached mode: run container in the background and print new container ID + -d, --detach=false Detached mode: run the container in the background and print the new container ID --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc) --dns=[] Set custom DNS servers --dns-search=[] Set custom DNS search domains From 3e3d368b742839e2c07ccdd4bb99baca71eca8ed Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 23 Sep 2014 15:58:05 -0700 Subject: [PATCH 0302/2538] Pull all image aliases for id. Closes #8141. Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) --- docs/sources/reference/commandline/cli.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1721b24386..5032e3ff9d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -156,7 +156,7 @@ progress of your daemonized process. You can detach from the container again (and leave it running) with `CTRL-p CTRL-q` (for a quiet exit), or `CTRL-c` which will send a SIGKILL to the container, or `CTRL-\` to get a stacktrace of the -Docker client when it quits. When you detach from the container's +Docker client when it quits. When you detach from the container's process the exit code will be returned to the client. To stop a container, use `docker stop`. @@ -974,10 +974,13 @@ To download a particular image, or set of images (i.e., a repository), use `docker pull`: $ sudo docker pull debian - # will pull only the debian:latest image and its intermediate layers + # will pull the debian:latest image, its intermediate layers + # and any aliases of the same id $ sudo docker pull debian:testing - # will pull only the image named debian:testing and any intermediate layers - # it is based on. (Typically the empty `scratch` image, a MAINTAINER layer, + # will pull the image named ubuntu:trusty, ubuntu:14.04 + # which is an alias of the same image + # and any intermediate layers it is based on. + # (Typically the empty `scratch` image, a MAINTAINER layer, # and the un-tarred base). $ sudo docker pull --all-tags centos # will pull all the images from the centos repository From 62cc00b765f87c9fb7f5972a90fd0ef09354eddf Mon Sep 17 00:00:00 2001 From: Srini Brahmaroutu Date: Tue, 23 Sep 2014 18:23:15 +0000 Subject: [PATCH 0303/2538] Adding details on how to use .dockerignore file Addresses #7724 Signed-off-by: Srini Brahmaroutu --- docs/sources/reference/commandline/cli.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5032e3ff9d..5c87b96c45 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -231,6 +231,26 @@ Exclusion patterns match files or directories relative to `PATH` that will be excluded from the context. Globbing is done using Go's [filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. +Please note that `.dockerignore` files in other subdirectories are considered as +normal files. Filepaths in .dockerignore are absolute with the current directory +as the root. Wildcards are allowed but the search is not recursive. + +### Example .dockerignore file + */temp* + */*/temp* + temp? + +The first line above `*/temp*`, would ignore all files with names starting with +`temp` from any subdirectory below the root directory, for example file named +`/somedir/temporary.txt` will be ignored. The second line `*/*/temp*`, will +ignore files starting with name `temp` from any subdirectory that is two levels +below the root directory, for example a file `/somedir/subdir/temporary.txt` is +ignored in this case. The last line in the above example `temp?`, will ignore +the files that match the pattern from the root directory, for example files +`tempa`, `tempb` are ignored from the root directory. Currently there is no +support for regular expressions, formats like `[^temp*]` are ignored. + + See also: [*Dockerfile Reference*](/reference/builder). From 1a83c9f87e7f0d7bd8889811b5f3af8b49d1c0ef Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 22 Sep 2014 06:41:02 -0700 Subject: [PATCH 0304/2538] add wildcard support to copy/add Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 32 +++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index d3560de718..7618a8f0d2 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -295,11 +295,18 @@ The `ADD` instruction copies new files,directories or remote file URLs to the filesystem of the container from `` and add them to the at path ``. -Multiple resource may be specified but if they are files or +Multiple `` resource may be specified but if they are files or directories then they must be relative to the source directory that is being built (the context of the build). -`` is the absolute path to which the source will be copied inside the +Each `` may contain wildcards and matching will be done using Go's +[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. +For most command line uses this should act as expected, for example: + + ADD hom* /mydir/ # adds all files starting with "hom" + ADD hom?.txt /mydir/ # ? is replaced with any single character + +The `` is the absolute path to which the source will be copied inside the destination container. All new files and directories are created with a UID and GID of 0. @@ -360,8 +367,9 @@ The copy obeys the following rules: will be considered a directory and the contents of `` will be written at `/base()`. -- If multiple `` resources are specified then `` must be a - directory, and it must end with a slash `/`. +- If multiple `` resources are specified, either directly or due to the + use of a wildcard, then `` must be a directory, and it must end with + a slash `/`. - If `` does not end with a trailing slash, it will be considered a regular file and the contents of `` will be written at ``. @@ -377,11 +385,18 @@ The `COPY` instruction copies new files,directories or remote file URLs to the filesystem of the container from `` and add them to the at path ``. -Multiple resource may be specified but if they are files or +Multiple `` resource may be specified but if they are files or directories then they must be relative to the source directory that is being built (the context of the build). -`` is the absolute path to which the source will be copied inside the +Each `` may contain wildcards and matching will be done using Go's +[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. +For most command line uses this should act as expected, for example: + + COPY hom* /mydir/ # adds all files starting with "hom" + COPY hom?.txt /mydir/ # ? is replaced with any single character + +The `` is the absolute path to which the source will be copied inside the destination container. All new files and directories are created with a UID and GID of 0. @@ -405,8 +420,9 @@ The copy obeys the following rules: will be considered a directory and the contents of `` will be written at `/base()`. -- If multiple `` resources are specified then `` must be a - directory, and it must end with a slash `/`. +- If multiple `` resources are specified, either directly or due to the + use of a wildcard, then `` must be a directory, and it must end with + a slash `/`. - If `` does not end with a trailing slash, it will be considered a regular file and the contents of `` will be written at ``. From 003ddf6100709f522398c6d5848458d4e97a9212 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Thu, 25 Sep 2014 15:32:51 +1000 Subject: [PATCH 0305/2538] The list of events that 'grep' told me about docker(master) $ git grep 'LogEvent("' | sed 's/.*("//' | sed 's/").*//' | sort | uniq | paste -s -d"," create,destroy,die,export,kill,pause,restart,start,stop,unpause Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5c87b96c45..b5fa29a5e3 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -502,6 +502,10 @@ For example: --since="" Show all events created since timestamp --until="" Stream events until this timestamp +Docker containers will report the following events: + + create, destroy, die, export, kill, pause, restart, start, stop, unpause + ### Examples You'll need two shells for this example. From ed49f5cab17fe1d99e0def5cda2c9470b03d1ab4 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Fri, 26 Sep 2014 11:55:36 +1000 Subject: [PATCH 0306/2538] Add the 2 image events found using git grep 'Job("log"' Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b5fa29a5e3..d02c1a860d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -506,6 +506,10 @@ Docker containers will report the following events: create, destroy, die, export, kill, pause, restart, start, stop, unpause +and Docker images will report: + + untag, delete + ### Examples You'll need two shells for this example. From 0e82ab713b00201d5dc4304c2e308c24254f7662 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 29 Sep 2014 08:34:58 -0700 Subject: [PATCH 0307/2538] Add more info about when build cache is invalidated/used - Issue #3636 Plus some edits as suggested by @jamtur01 Closes #3636 Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 7618a8f0d2..c1e43189c7 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -13,8 +13,8 @@ successively. This page discusses the specifics of all the instructions you can use in your `Dockerfile`. To further help you write a clear, readable, maintainable -`Dockerfile`, we've also written a [`Dockerfile` Best Practices guide](/articles/dockerfile_best-practices). - +`Dockerfile`, we've also written a [`Dockerfile` Best Practices +guide](/articles/dockerfile_best-practices). ## Usage @@ -60,7 +60,9 @@ to be created - so `RUN cd /tmp` will not have any effect on the next instructions. Whenever possible, Docker will re-use the intermediate images, -accelerating `docker build` significantly (indicated by `Using cache`): +accelerating `docker build` significantly (indicated by `Using cache` - +see the [`Dockerfile` Best Practices +guide](/articles/dockerfile_best-practices/#build-cache) for more information): $ sudo docker build -t SvenDowideit/ambassador . Uploading context 10.24 kB @@ -192,10 +194,13 @@ commands using a base image that does not contain `/bin/sh`. > you must use double-quotes (") around words not single-quotes ('). The cache for `RUN` instructions isn't invalidated automatically during -the next build. The cache for an instruction like `RUN apt-get -dist-upgrade -y` will be reused during the next build. The cache for -`RUN` instructions can be invalidated by using the `--no-cache` flag, -for example `docker build --no-cache`. +the next build. The cache for an instruction like +`RUN apt-get dist-upgrade -y` will be reused during the next build. The +cache for `RUN` instructions can be invalidated by using the `--no-cache` +flag, for example `docker build --no-cache`. + +See the [`Dockerfile` Best Practices +guide](/articles/dockerfile_best-practices/#build-cache) for more information. The cache for `RUN` instructions can be invalidated by `ADD` instructions. See [below](#add) for details. @@ -332,6 +337,9 @@ have permissions of 600. > The first encountered `ADD` instruction will invalidate the cache for all > following instructions from the Dockerfile if the contents of `` have > changed. This includes invalidating the cache for `RUN` instructions. +> See the [`Dockerfile` Best Practices +guide](/articles/dockerfile_best-practices/#build-cache) for more information. + The copy obeys the following rules: From 1d2bb271aceb6ad0a4b1e1bf803dee6492d94093 Mon Sep 17 00:00:00 2001 From: Daniel Farrell Date: Sun, 28 Sep 2014 19:45:41 -0400 Subject: [PATCH 0308/2538] Doc update to clarify EXPOSE vs -p functionality. Signed-off-by: Daniel Farrell --- docs/sources/reference/builder.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index c1e43189c7..ea9122407d 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -273,7 +273,10 @@ default specified in `CMD`. The `EXPOSE` instructions informs Docker that the container will listen on the specified network ports at runtime. Docker uses this information to interconnect containers using links (see the [Docker User -Guide](/userguide/dockerlinks)). +Guide](/userguide/dockerlinks)). Note that `EXPOSE` only works for +inter-container links. It doesn't make ports accessible from the host. To +expose ports to the host, at runtime, +[use the `-p` flag](/userguide/dockerlinks). ## ENV From 5419043a5d46d0a42528735e0f5086d19d50d6f4 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Fri, 26 Sep 2014 16:25:50 -0700 Subject: [PATCH 0309/2538] Filter containers by status. A continuation of #7616. Adds `docker ps --filter=status=(restarting|running|paused|stopped)` option. Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) --- docs/sources/reference/commandline/cli.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d02c1a860d..9859b9b31f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -241,14 +241,15 @@ as the root. Wildcards are allowed but the search is not recursive. temp? The first line above `*/temp*`, would ignore all files with names starting with -`temp` from any subdirectory below the root directory, for example file named -`/somedir/temporary.txt` will be ignored. The second line `*/*/temp*`, will +`temp` from any subdirectory below the root directory. For example, a file named +`/somedir/temporary.txt` would be ignored. The second line `*/*/temp*`, will ignore files starting with name `temp` from any subdirectory that is two levels -below the root directory, for example a file `/somedir/subdir/temporary.txt` is -ignored in this case. The last line in the above example `temp?`, will ignore -the files that match the pattern from the root directory, for example files -`tempa`, `tempb` are ignored from the root directory. Currently there is no -support for regular expressions, formats like `[^temp*]` are ignored. +below the root directory. For example, the file `/somedir/subdir/temporary.txt` +would get ignored in this case. The last line in the above example `temp?` +will ignore the files that match the pattern from the root directory. +For example, the files `tempa`, `tempb` are ignored from the root directory. +Currently there is no support for regular expressions. Formats +like `[^temp*]` are ignored. See also: @@ -943,6 +944,7 @@ further details. --before="" Show only container created before Id or Name, include non-running ones. -f, --filter=[] Provide filter values. Valid filters: exited= - containers with exit code of + status=(restarting|running|paused|exited) -l, --latest=false Show only the latest created container, include non-running ones. -n=-1 Show n last created containers, include non-running ones. --no-trunc=false Don't truncate output From 6f116d084adf0300809d3e2e568556cbb198c1f7 Mon Sep 17 00:00:00 2001 From: Vishnu Kannan Date: Wed, 17 Sep 2014 18:36:51 +0000 Subject: [PATCH 0310/2538] Adding exec remote API documentation along with minor code cleanup. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan (github: vishh) --- docs/sources/reference/commandline/cli.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 9859b9b31f..d709547bff 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -555,25 +555,24 @@ You'll need two shells for this example. -i, --interactive=false Keep STDIN open even if not attached -t, --tty=false Allocate a pseudo-TTY -The `docker exec` command runs a user specified command as a new process in an existing -user specified container. The container needs to be active. +The `docker exec` command runs a new command in a running container. -The `docker exec` command will typically be used after `docker run`. +The `docker exec` command will typically be used after `docker run` or `docker start`. ### Examples: $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash -This will create a container named 'ubuntu_bash' and start a bash session. +This will create a container named `ubuntu_bash` and start a Bash session. $ sudo docker exec -d ubuntu_bash touch /tmp/execWorks -This will create a new file '/tmp/execWorks' inside the existing and active container -'ubuntu_bash', in the background. +This will create a new file `/tmp/execWorks` inside the running container +`ubuntu_bash`, in the background. $ sudo docker exec ubuntu_bash -it bash -This will create a new bash session in the container 'ubuntu_bash'. +This will create a new Bash session in the container `ubuntu_bash`. ## export From 5619082f2bbd47a9bbeb710626da310c1ed072bf Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 29 Sep 2014 06:44:32 -0400 Subject: [PATCH 0311/2538] Add --security-opts options to allow user to customize security configuration security-opts will allow you to customise the security subsystem. For example the labeling system like SELinux will run on a container. --security-opt="label:user:USER" : Set the label user for the container --security-opt="label:role:ROLE" : Set the label role for the container --security-opt="label:type:TYPE" : Set the label type for the container --security-opt="label:level:LEVEL" : Set the label level for the container --security-opt="label:disabled" : Turn off label confinement for the container Since we are passing a list of string options instead of a space separated string of options, I will change function calls to use InitLabels instead of GenLabels. Genlabels interface is Depracated. Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- contrib/completion/bash/docker | 5 +++-- docs/sources/reference/run.md | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b88f64d59d..3cc85be203 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -620,10 +620,11 @@ _docker_run() case "$cur" in -*) - COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf --security-opt" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') + + local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt') if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 5bdaa256d6..095319f133 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -225,6 +225,32 @@ the container exits**, you can add the `--rm` flag: --rm=false: Automatically remove the container when it exits (incompatible with -d) +## Security Configuration + --security-opt="label:user:USER" : Set the label user for the container + --security-opt="label:role:ROLE" : Set the label role for the container + --security-opt="label:type:TYPE" : Set the label type for the container + --security-opt="label:level:LEVEL" : Set the label level for the container + --security-opt="label:disable" : Turn off label confinement for the container + +If you want to use the same label for multiple containers you can override use +the security-opt flag to select an MCS level. This is a common practive for MLS +systems. But it also might help in cases where you want to share the same +content between containers. Run the following command. + + # docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash + +Run the follwing command if you want to disable the labeling controls for just +this container. + + # docker run --security-opt label:disable -i -t fedora bash + +If you decide you would like to work with a tighter policy on your container. +For example if you want to run a container that could only listen on apache +ports, and not connect to the network. You could select an alternate type to +run the container execute the following command. + + # docker run --security-opt label:type:svirt_apache_t -i -t fedora bash + ## Runtime Constraints on CPU and Memory The operator can also adjust the performance parameters of the From c5f3535b068342b71efeb3cbe8565e59d9227f1f Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 30 Sep 2014 00:59:29 +0000 Subject: [PATCH 0312/2538] update docs Signed-off-by: Victor Vieux --- docs/sources/reference/run.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 095319f133..f5d6cc45e5 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -231,23 +231,23 @@ the container exits**, you can add the `--rm` flag: --security-opt="label:type:TYPE" : Set the label type for the container --security-opt="label:level:LEVEL" : Set the label level for the container --security-opt="label:disable" : Turn off label confinement for the container + --secutity-opt="apparmor:PROFILE" : Set the apparmor profile to be applied + to the container -If you want to use the same label for multiple containers you can override use -the security-opt flag to select an MCS level. This is a common practive for MLS +If you want to use the same label for multiple containers, you can override use +the security-opt flag to select an MCS level. This is a common practice for MLS systems. But it also might help in cases where you want to share the same content between containers. Run the following command. # docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash -Run the follwing command if you want to disable the labeling controls for just +Run the following command if you want to disable the labeling controls for just this container. # docker run --security-opt label:disable -i -t fedora bash -If you decide you would like to work with a tighter policy on your container. -For example if you want to run a container that could only listen on apache -ports, and not connect to the network. You could select an alternate type to -run the container execute the following command. +Run the following command if you want to run a container that could only listen +on apache ports. # docker run --security-opt label:type:svirt_apache_t -i -t fedora bash From e775b26a78f2fdb9c9cd1fa3b73a7224688d28f4 Mon Sep 17 00:00:00 2001 From: Michael Scharf Date: Thu, 2 Oct 2014 19:01:10 +0200 Subject: [PATCH 0313/2538] add bash completion support for pause and unpause Signed-off-by: Michael Scharf --- contrib/completion/bash/docker | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 3cc85be203..40a8544050 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -46,6 +46,22 @@ __docker_containers_stopped() COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) } +__docker_containers_paused() +{ + local containers="$( __docker_q ps -q)" + local names="$( __docker_q inspect --format='{{.State.Paused}} {{.Name}}' $containers | sed 's/^false.*//' | sed 's,^true /,,' )" + local hostnames="$( __docker_q inspect --format='{{.State.Paused}} {{.Config.Hostname}}' $containers | sed 's/^false.*//' | sed 's,^true ,,' )" + COMPREPLY=( $( compgen -W "$names $hostnames" -- "$cur" ) ) +} + +__docker_containers_not_paused() +{ + local containers="$( __docker_q ps -q)" + local names="$( __docker_q inspect --format='{{.State.Paused}} {{.Name}}' $containers | sed 's/^true.*//' | sed 's,^false /,,' )" + local hostnames="$( __docker_q inspect --format='{{.State.Paused}} {{.Config.Hostname}}' $containers | sed 's/^true.*//' | sed 's/^false //' )" + COMPREPLY=( $( compgen -W "$names $hostnames" -- "$cur" ) ) +} + __docker_image_repos() { local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^$' )" @@ -453,6 +469,13 @@ _docker_logs() ;; esac } +_docker_pause() +{ + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_not_paused + fi +} _docker_port() { @@ -715,6 +738,14 @@ _docker_tag() esac } +_docker_unpause() +{ + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_paused + fi +} + _docker_top() { local counter=$(__docker_pos_first_nonflag) @@ -755,6 +786,7 @@ _docker() load login logs + pause port ps pull @@ -769,6 +801,7 @@ _docker() stop tag top + unpause version wait " From f0715994710f0663d8a9981a099ca1072208f8f6 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 2 Oct 2014 15:13:37 -0600 Subject: [PATCH 0314/2538] Optimize the bash completion even further The biggest/bestest change here is cutting down on the number of calls to Docker in the filtering helpers (`__docker_containers_running`, etc), especially calls to the really heavy `docker images`. Signed-off-by: Andrew Page --- contrib/completion/bash/docker | 290 +++++++++++++-------------------- 1 file changed, 116 insertions(+), 174 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 40a8544050..cc16d4825f 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -25,79 +25,59 @@ __docker_q() { docker 2>/dev/null "$@" } -__docker_containers_all() -{ - local containers="$( __docker_q ps -a -q )" - local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" - COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) +__docker_containers_all() { + local IFS=$'\n' + local containers=( $(__docker_q ps -aq --no-trunc) ) + if [ "$1" ]; then + containers=( $(__docker_q inspect --format "{{if $1}}{{.Id}}{{end}}" "${containers[@]}") ) + fi + local names=( $(__docker_q inspect --format '{{.Name}}' "${containers[@]}") ) + names=( "${names[@]#/}" ) # trim off the leading "/" from the container names + unset IFS + COMPREPLY=( $(compgen -W "${names[*]} ${containers[*]}" -- "$cur") ) } -__docker_containers_running() -{ - local containers="$( __docker_q ps -q )" - local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" - COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) +__docker_containers_running() { + __docker_containers_all '.State.Running' } -__docker_containers_stopped() -{ - local containers="$( { __docker_q ps -a -q; __docker_q ps -q; } | sort | uniq -u )" - local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" - COMPREPLY=( $( compgen -W "$names $containers" -- "$cur" ) ) +__docker_containers_stopped() { + __docker_containers_all 'not .State.Running' } -__docker_containers_paused() -{ - local containers="$( __docker_q ps -q)" - local names="$( __docker_q inspect --format='{{.State.Paused}} {{.Name}}' $containers | sed 's/^false.*//' | sed 's,^true /,,' )" - local hostnames="$( __docker_q inspect --format='{{.State.Paused}} {{.Config.Hostname}}' $containers | sed 's/^false.*//' | sed 's,^true ,,' )" - COMPREPLY=( $( compgen -W "$names $hostnames" -- "$cur" ) ) +__docker_containers_pauseable() { + __docker_containers_all 'and .State.Running (not .State.Paused)' } -__docker_containers_not_paused() -{ - local containers="$( __docker_q ps -q)" - local names="$( __docker_q inspect --format='{{.State.Paused}} {{.Name}}' $containers | sed 's/^true.*//' | sed 's,^false /,,' )" - local hostnames="$( __docker_q inspect --format='{{.State.Paused}} {{.Config.Hostname}}' $containers | sed 's/^true.*//' | sed 's/^false //' )" - COMPREPLY=( $( compgen -W "$names $hostnames" -- "$cur" ) ) +__docker_containers_unpauseable() { + __docker_containers_all '.State.Paused' } -__docker_image_repos() -{ - local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^$' )" - COMPREPLY=( $( compgen -W "$repos" -- "$cur" ) ) +__docker_image_repos() { + local repos="$(__docker_q images | awk 'NR>1 && $1 != "" { print $1 }')" + COMPREPLY=( $(compgen -W "$repos" -- "$cur") ) } -__docker_image_repos_and_tags() -{ - local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^$' )" - local images="$( __docker_q images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" - COMPREPLY=( $( compgen -W "$repos $images" -- "$cur" ) ) +__docker_image_repos_and_tags() { + local reposAndTags="$(__docker_q images | awk 'NR>1 && $1 != "" { print $1; print $1":"$2 }')" + COMPREPLY=( $(compgen -W "$reposAndTags" -- "$cur") ) __ltrim_colon_completions "$cur" } -__docker_image_repos_and_tags_and_ids() -{ - local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^$' )" - local images="$( __docker_q images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" - local ids="$( __docker_q images -a -q )" - COMPREPLY=( $( compgen -W "$repos $images $ids" -- "$cur" ) ) +__docker_image_repos_and_tags_and_ids() { + local images="$(__docker_q images -a --no-trunc | awk 'NR>1 { print $3; if ($1 != "") { print $1; print $1":"$2 } }')" + COMPREPLY=( $(compgen -W "$images" -- "$cur") ) __ltrim_colon_completions "$cur" } -__docker_containers_and_images() -{ - local containers="$( __docker_q ps -a -q )" - local names="$( __docker_q inspect --format '{{.Name}}' $containers | sed 's,^/,,' )" - local repos="$( __docker_q images | awk 'NR>1{print $1}' | grep -v '^$' )" - local images="$( __docker_q images | awk 'NR>1{print $1":"$2}' | grep -v '^:' )" - local ids="$( __docker_q images -a -q )" - COMPREPLY=( $( compgen -W "$containers $names $repos $images $ids" -- "$cur" ) ) - __ltrim_colon_completions "$cur" +__docker_containers_and_images() { + __docker_containers_all + local containers=( "${COMPREPLY[@]}" ) + __docker_image_repos_and_tags_and_ids + COMPREPLY+=( "${containers[@]}" ) } -__docker_pos_first_nonflag() -{ +__docker_pos_first_nonflag() { local argument_flags=$1 local counter=$cpos @@ -119,8 +99,7 @@ __docker_pos_first_nonflag() echo $counter } -_docker_docker() -{ +_docker_docker() { case "$prev" in -H) return @@ -134,13 +113,12 @@ _docker_docker() COMPREPLY=( $( compgen -W "-H" -- "$cur" ) ) ;; *) - COMPREPLY=( $( compgen -W "$commands help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "${commands[*]} help" -- "$cur" ) ) ;; esac } -_docker_attach() -{ +_docker_attach() { case "$cur" in -*) COMPREPLY=( $( compgen -W "--no-stdin --sig-proxy" -- "$cur" ) ) @@ -154,8 +132,7 @@ _docker_attach() esac } -_docker_build() -{ +_docker_build() { case "$prev" in -t|--tag) __docker_image_repos_and_tags @@ -178,8 +155,7 @@ _docker_build() esac } -_docker_commit() -{ +_docker_commit() { case "$prev" in -m|--message|-a|--author|--run) return @@ -209,8 +185,7 @@ _docker_commit() esac } -_docker_cp() -{ +_docker_cp() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then case "$cur" in @@ -233,8 +208,7 @@ _docker_cp() fi } -_docker_create() -{ +_docker_create() { case "$prev" in -a|--attach) COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) @@ -302,16 +276,14 @@ _docker_create() esac } -_docker_diff() -{ +_docker_diff() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then __docker_containers_all fi } -_docker_events() -{ +_docker_events() { case "$prev" in --since) return @@ -329,8 +301,7 @@ _docker_events() esac } -_docker_exec() -{ +_docker_exec() { case "$cur" in -*) COMPREPLY=( $( compgen -W "-d --detach -i --interactive -t --tty" -- "$cur" ) ) @@ -341,24 +312,21 @@ _docker_exec() esac } -_docker_export() -{ +_docker_export() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then __docker_containers_all fi } -_docker_help() -{ +_docker_help() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - COMPREPLY=( $( compgen -W "$commands" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "${commands[*]}" -- "$cur" ) ) fi } -_docker_history() -{ +_docker_history() { case "$cur" in -*) COMPREPLY=( $( compgen -W "-q --quiet --no-trunc" -- "$cur" ) ) @@ -372,8 +340,7 @@ _docker_history() esac } -_docker_images() -{ +_docker_images() { case "$cur" in -*) COMPREPLY=( $( compgen -W "-q --quiet -a --all --no-trunc -v --viz -t --tree" -- "$cur" ) ) @@ -387,8 +354,7 @@ _docker_images() esac } -_docker_import() -{ +_docker_import() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then return @@ -401,13 +367,11 @@ _docker_import() fi } -_docker_info() -{ +_docker_info() { return } -_docker_inspect() -{ +_docker_inspect() { case "$prev" in -f|--format) return @@ -426,18 +390,15 @@ _docker_inspect() esac } -_docker_kill() -{ +_docker_kill() { __docker_containers_running } -_docker_load() -{ +_docker_load() { return } -_docker_login() -{ +_docker_login() { case "$prev" in -u|--username|-p|--password|-e|--email) return @@ -455,8 +416,7 @@ _docker_login() esac } -_docker_logs() -{ +_docker_logs() { case "$cur" in -*) COMPREPLY=( $( compgen -W "-f --follow" -- "$cur" ) ) @@ -469,24 +429,22 @@ _docker_logs() ;; esac } -_docker_pause() -{ + +_docker_pause() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_containers_not_paused + __docker_containers_pauseable fi } -_docker_port() -{ +_docker_port() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then __docker_containers_all fi } -_docker_ps() -{ +_docker_ps() { case "$prev" in --since|--before) __docker_containers_all @@ -507,8 +465,7 @@ _docker_ps() esac } -_docker_pull() -{ +_docker_pull() { case "$prev" in -t|--tag) return @@ -530,16 +487,14 @@ _docker_pull() esac } -_docker_push() -{ +_docker_push() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then __docker_image_repos_and_tags fi } -_docker_restart() -{ +_docker_restart() { case "$prev" in -t|--time) return @@ -558,8 +513,7 @@ _docker_restart() esac } -_docker_rm() -{ +_docker_rm() { case "$cur" in -*) COMPREPLY=( $( compgen -W "-f --force -l --link -v --volumes" -- "$cur" ) ) @@ -581,13 +535,11 @@ _docker_rm() esac } -_docker_rmi() -{ +_docker_rmi() { __docker_image_repos_and_tags_and_ids } -_docker_run() -{ +_docker_run() { case "$prev" in -a|--attach) COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) @@ -656,16 +608,14 @@ _docker_run() esac } -_docker_save() -{ +_docker_save() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids fi } -_docker_search() -{ +_docker_search() { case "$prev" in -s|--stars) return @@ -683,8 +633,7 @@ _docker_search() esac } -_docker_start() -{ +_docker_start() { case "$cur" in -*) COMPREPLY=( $( compgen -W "-a --attach -i --interactive" -- "$cur" ) ) @@ -695,8 +644,7 @@ _docker_start() esac } -_docker_stop() -{ +_docker_stop() { case "$prev" in -t|--time) return @@ -715,8 +663,7 @@ _docker_stop() esac } -_docker_tag() -{ +_docker_tag() { case "$cur" in -*) COMPREPLY=( $( compgen -W "-f --force" -- "$cur" ) ) @@ -738,73 +685,68 @@ _docker_tag() esac } -_docker_unpause() -{ +_docker_unpause() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_containers_paused + __docker_containers_unpauseable fi } -_docker_top() -{ +_docker_top() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then __docker_containers_running fi } -_docker_version() -{ +_docker_version() { return } -_docker_wait() -{ +_docker_wait() { __docker_containers_all } -_docker() -{ - local commands=" - attach - build - commit - cp - create - diff - events - exec - export - history - images - import - info - insert - inspect - kill - load - login - logs - pause - port - ps - pull - push - restart - rm - rmi - run - save - search - start - stop - tag - top - unpause - version - wait - " +_docker() { + local commands=( + attach + build + commit + cp + create + diff + events + exec + export + history + images + import + info + insert + inspect + kill + load + login + logs + pause + port + ps + pull + push + restart + rm + rmi + run + save + search + start + stop + tag + top + unpause + version + wait + ) COMPREPLY=() local cur prev words cword From 49323dfac98aaf16199e4b9c4c8c87200300765f Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 2 Oct 2014 11:16:51 -0700 Subject: [PATCH 0315/2538] Add note to docs about lack of shell processing in JSON form Closes #5509 Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index ea9122407d..9322599414 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -170,7 +170,7 @@ generated images. RUN has 2 forms: -- `RUN ` (the command is run in a shell - `/bin/sh -c`) +- `RUN ` (the command is run in a shell - `/bin/sh -c` - *shell* form) - `RUN ["executable", "param1", "param2"]` (*exec* form) The `RUN` instruction will execute any commands in a new layer on top of the @@ -193,6 +193,13 @@ commands using a base image that does not contain `/bin/sh`. > The *exec* form is parsed as a JSON array, which means that > you must use double-quotes (") around words not single-quotes ('). +> **Note**: +> Unlike the *shell* form, the *exec* form does not invoke a command shell. +> This means that normal shell processing does not happen. For example, +> `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. +> If you want shell processing then either use the *shell* form or execute +> a shell directly, for example: `CMD [ "sh", "-c", "echo", "$HOME" ]`. + The cache for `RUN` instructions isn't invalidated automatically during the next build. The cache for an instruction like `RUN apt-get dist-upgrade -y` will be reused during the next build. The @@ -216,9 +223,9 @@ The cache for `RUN` instructions can be invalidated by `ADD` instructions. See The `CMD` instruction has three forms: -- `CMD ["executable","param1","param2"]` (like an *exec*, this is the preferred form) +- `CMD ["executable","param1","param2"]` (*exec* form, this is the preferred form) - `CMD ["param1","param2"]` (as *default parameters to ENTRYPOINT*) -- `CMD command param1 param2` (as a *shell*) +- `CMD command param1 param2` (*shell* form) There can only be one `CMD` instruction in a `Dockerfile`. If you list more than one `CMD` then only the last `CMD` will take effect. @@ -237,6 +244,13 @@ instruction as well. > The *exec* form is parsed as a JSON array, which means that > you must use double-quotes (") around words not single-quotes ('). +> **Note**: +> Unlike the *shell* form, the *exec* form does not invoke a command shell. +> This means that normal shell processing does not happen. For example, +> `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. +> If you want shell processing then either use the *shell* form or execute +> a shell directly, for example: `CMD [ "sh", "-c", "echo", "$HOME" ]`. + When used in the shell or exec formats, the `CMD` instruction sets the command to be executed when running the image. @@ -446,9 +460,9 @@ The copy obeys the following rules: ENTRYPOINT has two forms: - `ENTRYPOINT ["executable", "param1", "param2"]` - (like an *exec*, the preferred form) + (*exec* form, the preferred form) - `ENTRYPOINT command param1 param2` - (as a *shell*) + (*shell* form) There can only be one `ENTRYPOINT` in a `Dockerfile`. If you have more than one `ENTRYPOINT`, then only the last one in the `Dockerfile` will @@ -488,6 +502,13 @@ optional but default, you could use a `CMD` instruction: > The *exec* form is parsed as a JSON array, which means that > you must use double-quotes (") around words not single-quotes ('). +> **Note**: +> Unlike the *shell* form, the *exec* form does not invoke a command shell. +> This means that normal shell processing does not happen. For example, +> `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. +> If you want shell processing then either use the *shell* form or execute +> a shell directly, for example: `CMD [ "sh", "-c", "echo", "$HOME" ]`. + > **Note**: > It is preferable to use the JSON array format for specifying > `ENTRYPOINT` instructions. From 410719e6df618c4aea303cdea9667c3edba2f350 Mon Sep 17 00:00:00 2001 From: Adrien Folie Date: Tue, 15 Jul 2014 19:17:20 +0200 Subject: [PATCH 0316/2538] Add ENV variables support to WORKDIR build command Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) Docker-DCO-1.1-Signed-off-by: Adrien Folie (github: folieadrien) Conflicts: builder/builder.go This file has been deleted. --- docs/sources/reference/builder.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 9322599414..2678a87a19 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -552,9 +552,19 @@ instruction. For example: WORKDIR c RUN pwd -The output of the final `pwd` command in this Dockerfile would be +The output of the final `pwd` command in this `Dockerfile` would be `/a/b/c`. +The `WORKDIR` instruction can resolve environment variables previously set using +`ENV`. You can only use environment variables explicitly set in the `Dockerfile`. +For example: + + ENV DIRPATH /path + WORKDIR $DIRPATH/$DIRNAME + +The output of the final `pwd` command in this `Dockerfile` would be +`/path/$DIRNAME` + ## ONBUILD ONBUILD [INSTRUCTION] From a62d8740bf395f89af881f4502cd530eb9f23d39 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Fri, 3 Oct 2014 10:38:22 -0400 Subject: [PATCH 0317/2538] Multiple fixes to the cli.md document. *. Fixed headings so the side menu will now be consistent. Some sections had H3s that were displaying and others did not leaving the left menu very mismatched. * Fixed several spelling errors. * Re-formatted several long lines and badly laid out paragraphs. * Fixed several double backticks. * Added backticks to several outputs and variables. * Removed two issues that are no longer valid. * Removed several double spaces and extra lines. Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/sources/reference/commandline/cli.md | 161 ++++++++++------------ 1 file changed, 71 insertions(+), 90 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d709547bff..2722aaa4ef 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -88,7 +88,6 @@ expect an integer, and they can only be specified once. --tlsverify=false Use TLS and verify the remote (daemon: verify client, client: verify daemon) -v, --version=false Print version information and quit - Options with [] may be specified multiple times. The Docker daemon is the persistent process that manages containers. @@ -163,7 +162,7 @@ To stop a container, use `docker stop`. To kill the container, use `docker kill`. -### Examples: +#### Examples $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) $ sudo docker attach $ID @@ -231,11 +230,12 @@ Exclusion patterns match files or directories relative to `PATH` that will be excluded from the context. Globbing is done using Go's [filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. -Please note that `.dockerignore` files in other subdirectories are considered as -normal files. Filepaths in .dockerignore are absolute with the current directory -as the root. Wildcards are allowed but the search is not recursive. +Please note that `.dockerignore` files in other subdirectories are +considered as normal files. Filepaths in .dockerignore are absolute with +the current directory as the root. Wildcards are allowed but the search +is not recursive. -### Example .dockerignore file +#### Example .dockerignore file */temp* */*/temp* temp? @@ -256,7 +256,7 @@ See also: [*Dockerfile Reference*](/reference/builder). -### Examples: +#### Examples $ sudo docker build . Uploading context 10240 bytes @@ -381,7 +381,7 @@ while the image is committed. This reduces the likelihood of encountering data corruption during the process of creating the commit. If this behavior is undesired, set the 'p' option to false. -### Commit an existing container +#### Commit an existing container $ sudo docker ps ID IMAGE COMMAND CREATED STATUS PORTS @@ -457,7 +457,7 @@ container at any point. This is useful when you want to set up a container configuration ahead of time so that it is ready to start when you need it. -### Example: +#### Example $ sudo docker create -t -i fedora bash 6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752 @@ -511,7 +511,7 @@ and Docker images will report: untag, delete -### Examples +#### Examples You'll need two shells for this example. @@ -559,7 +559,7 @@ The `docker exec` command runs a new command in a running container. The `docker exec` command will typically be used after `docker run` or `docker start`. -### Examples: +#### Examples $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash @@ -623,7 +623,7 @@ decrease disk usage, and speed up `docker build` by allowing each step to be cached. These intermediate layers are not shown by default. -### Listing the most recently created images +#### Listing the most recently created images $ sudo docker images | head REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE @@ -637,7 +637,7 @@ by default. tryout latest 2629d1fa0b81 23 hours ago 131.5 MB 5ed6274db6ce 24 hours ago 1.089 GB -### Listing the full length image IDs +#### Listing the full length image IDs $ sudo docker images --no-trunc | head REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE @@ -651,7 +651,7 @@ by default. tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB -### Filtering +#### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there are more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -659,7 +659,7 @@ than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "b Current filters: * dangling (boolean - true or false) -#### untagged images +##### Untagged images $ sudo docker images --filter "dangling=true" @@ -673,7 +673,7 @@ Current filters: This will display untagged images, that are the leaves of the images tree (not intermediary layers). These images occur when a new build of an image takes the -repo:tag away from the IMAGE ID, leaving it untagged. A warning will be issued +`repo:tag` away from the image ID, leaving it untagged. A warning will be issued if trying to remove an image when a container is presently using it. By having this flag it allows for batch cleanup. @@ -690,7 +690,6 @@ Ready for use by `docker rmi ...`, like: NOTE: Docker will warn you if any containers exist that are using these untagged images. - ## import Usage: docker import URL|- [REPOSITORY[:TAG]] @@ -702,7 +701,7 @@ URLs must start with `http` and point to a single file archive (.tar, you would like to import from a local directory or archive, you can use the `-` parameter to take the data from `STDIN`. -### Examples +#### Examples **Import from a remote location:** @@ -750,7 +749,7 @@ For example: Username: svendowideit Registry: [https://index.docker.io/v1/] -The global `-D` option tells all `docker` comands to output debug information. +The global `-D` option tells all `docker` commands to output debug information. When sending issue reports, please use `docker version` and `docker -D info` to ensure we know how your setup is configured. @@ -769,9 +768,9 @@ specified, the given template will be executed for each result. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. -### Examples +#### Examples -**Get an instance'sIP Address:** +**Get an instance's IP address:** For the most part, you can pick out any field from the JSON in a fairly straightforward manner. @@ -787,25 +786,22 @@ output: **Find a Specific Port Mapping:** -The `.Field` syntax doesn't work when the field name -begins with a number, but the template language's `index` -function does. The `.NetworkSettings.Ports` -section contains a map of the internal port mappings to a list -of external address/port objects, so to grab just the numeric public -port, you use `index` to find the specific port map, -and then `index` 0 contains first object inside of -that. Then we ask for the `HostPort` field to get -the public address. +The `.Field` syntax doesn't work when the field name begins with a +number, but the template language's `index` function does. The +`.NetworkSettings.Ports` section contains a map of the internal port +mappings to a list of external address/port objects, so to grab just the +numeric public port, you use `index` to find the specific port map, and +then `index` 0 contains the first object inside of that. Then we ask for +the `HostPort` field to get the public address. $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID **Get config:** -The `.Field` syntax doesn't work when the field -contains JSON data, but the template language's custom `json` -function does. The `.config` section -contains complex json object, so to grab it as JSON, you use -`json` to convert config object into JSON +The `.Field` syntax doesn't work when the field contains JSON data, but +the template language's custom `json` function does. The `.config` +section contains complex JSON object, so to grab it as JSON, you use +`json` to convert the configuration object into JSON. $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID @@ -856,8 +852,8 @@ Restores both images and tags. -p, --password="" Password -u, --username="" Username -If you want to login to a self-hosted registry you can -specify this by adding the server name. +If you want to login to a self-hosted registry you can specify this by +adding the server name. example: $ sudo docker login localhost:8080 @@ -961,16 +957,15 @@ Running `docker ps` showing 2 linked containers. `docker ps` will show only running containers by default. To see all containers: `docker ps -a` -### Filtering +#### Filtering -The filtering flag (-f or --filter) format is a "key=value" pair. If there is more +The filtering flag (`-f` or `--filter)` format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) Current filters: * exited (int - the code of exited containers. Only useful with '--all') - -#### Successfully exited containers +##### Successfully exited containers $ sudo docker ps -a --filter 'exited=0' CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES @@ -997,7 +992,7 @@ can `pull` and try without needing to define and configure your own. It is also possible to manually specify the path of a registry to pull from. For example, if you have set up a local registry, you can specify its path to pull from it. A repository path is similar to a URL, but does not contain -a protocol specifier (https://, for example). +a protocol specifier (`https://`, for example). To download a particular image, or set of images (i.e., a repository), use `docker pull`: @@ -1044,13 +1039,7 @@ registry or to a self-hosted one. -l, --link=false Remove the specified link and not the underlying container -v, --volumes=false Remove the volumes associated with the container -### Known Issues (rm) - -- [Issue 197](https://github.com/docker/docker/issues/197) indicates - that `docker kill` may leave directories behind - and make it difficult to remove the container. - -### Examples: +#### Examples $ sudo docker rm /redis /redis @@ -1061,21 +1050,19 @@ This will remove the container referenced under the link $ sudo docker rm --link /webapp/redis /webapp/redis -This will remove the underlying link between `/webapp` -and the `/redis` containers removing all -network communication. +This will remove the underlying link between `/webapp` and the `/redis` +containers removing all network communication. $ sudo docker rm --force redis redis The main process inside the container referenced under the link `/redis` will receive -SIGKILL, then the container will be removed. +`SIGKILL`, then the container will be removed. - -This command will delete all stopped containers. The command -`docker ps -a -q` will return all existing container -IDs and pass them to the `rm` command which will -delete them. Any running containers will not be deleted. +This command will delete all stopped containers. The command `docker ps +-a -q` will return all existing container IDs and pass them to the `rm` +command which will delete them. Any running containers will not be +deleted. ## rmi @@ -1086,9 +1073,9 @@ delete them. Any running containers will not be deleted. -f, --force=false Force removal of the image --no-prune=false Do not delete untagged parents -### Removing tagged images +#### Removing tagged images -Images can be removed either by their short or long ID`s, or their image +Images can be removed either by their short or long IDs, or their image names. If an image has more than one name, each of them needs to be removed before the image is removed. @@ -1174,14 +1161,7 @@ See the [Docker User Guide](/userguide/dockerlinks/) for more detailed information about the `--expose`, `-p`, `-P` and `--link` parameters, and linking containers. -### Known Issues (run –volumes-from) - -- [Issue 2702](https://github.com/docker/docker/issues/2702): - "lxc-start: Permission denied - failed to mount" could indicate a - permissions problem with AppArmor. Please see the issue for a - workaround. - -### Examples: +#### Examples $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" @@ -1234,7 +1214,7 @@ folder before starting your container. By bind-mounting the docker unix socket and statically linked docker binary (such as that provided by [https://get.docker.com]( https://get.docker.com)), you give the container the full access to create and -manipulate the host's docker daemon. +manipulate the host's Docker daemon. $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash @@ -1254,7 +1234,7 @@ ports in Docker. This sets environmental variables in the container. For illustration all three flags are shown here. Where `-e`, `--env` take an environment variable and value, or if no "=" is provided, then that variable's current value is passed -through (i.e. $MYVAR1 from the host is set to $MYVAR1 in the container). All +through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container). All three flags, `-e`, `--env` and `--env-file` can be repeated. Regardless of the order of these three flags, the `--env-file` are processed @@ -1267,7 +1247,7 @@ override variables as needed. TEST_FOO=This is a test The `--env-file` flag takes a filename as an argument and expects each line -to be in the VAR=VAL format, mimicking the argument passed to `--env`. Comment +to be in the `VAR=VAL` format, mimicking the argument passed to `--env`. Comment lines need only be prefixed with `#` An example of a file passed with `--env-file` @@ -1339,14 +1319,13 @@ retrieve the container's ID once the container has finished running. brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo -It is often necessary to directly expose devices to a container. ``--device`` +It is often necessary to directly expose devices to a container. The `--device` option enables that. For example, a specific block storage device or loop device or audio device can be added to an otherwise unprivileged container -(without the ``--privileged`` flag) and have the application directly access it. +(without the `--privileged` flag) and have the application directly access it. -** Security note: ** - -``--device`` cannot be safely used with ephemeral devices. Block devices that may be removed should not be added to untrusted containers with ``--device``! +**Note:** +> `--device` cannot be safely used with ephemeral devices. Block devices that may be removed should not be added to untrusted containers with `--device`. **A complete example:** @@ -1356,7 +1335,7 @@ device or audio device can be added to an otherwise unprivileged container $ sudo docker run -d -p 1443:443 --dns=10.0.0.1 --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log -This example shows 5 containers that might be set up to test a web +This example shows five containers that might be set up to test a web application change: 1. Start a pre-prepared volume image `static-web-files` (in the background) @@ -1390,8 +1369,9 @@ how a container should or should not be restarted on exit. ** always ** - Always restart the container reguardless of the exit status. -You can also specify the maximum amount of times Docker will try to restart the -container when using the ** on-failure ** policy. The default is that Docker will try forever to restart the container. +You can also specify the maximum amount of times Docker will try to +restart the container when using the ** on-failure ** policy. The +default is that Docker will try forever to restart the container. $ sudo docker run --restart=always redis @@ -1400,10 +1380,11 @@ the container exits, Docker will restart it. $ sudo docker run --restart=on-failure:10 redis -This will run the `redis` container with a restart policy of ** on-failure ** and a -maximum restart count of 10. If the `redis` container exits with a non-zero exit -status more than 10 times in a row Docker will abort trying to restart the container. -Providing a maximum restart limit is only valid for the ** on-failure ** policy. +This will run the `redis` container with a restart policy of ** +on-failure ** and a maximum restart count of 10. If the `redis` +container exits with a non-zero exit status more than 10 times in a row +Docker will abort trying to restart the container. Providing a maximum +restart limit is only valid for the ** on-failure ** policy. ## save @@ -1414,10 +1395,10 @@ Providing a maximum restart limit is only valid for the ** on-failure ** policy. -o, --output="" Write to a file, instead of STDOUT Produces a tarred repository to the standard output stream. -Contains all parent layers, and all tags + versions, or specified repo:tag, for +Contains all parent layers, and all tags + versions, or specified `repo:tag`, for each argument provided. -It is used to create a backup that can then be used with ``docker load`` +It is used to create a backup that can then be used with `docker load` $ sudo docker save busybox > busybox.tar $ ls -sh busybox.tar @@ -1454,8 +1435,8 @@ more details on finding shared images from the command line. Restart a stopped container - -a, --attach=false Attach container's STDOUT and STDERR and forward all signals to the process - -i, --interactive=false Attach container's STDIN + -a, --attach=false Attach container's `STDOUT` and `STDERR` and forward all signals to the process + -i, --interactive=false Attach container's `STDIN` When run on a container that has already been started, takes no action and succeeds unconditionally. @@ -1464,12 +1445,12 @@ takes no action and succeeds unconditionally. Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a running container by sending SIGTERM and then SIGKILL after a grace period + Stop a running container by sending `SIGTERM` and then `SIGKILL` after a grace period -t, --time=10 Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. -The main process inside the container will receive SIGTERM, and after a -grace period, SIGKILL +The main process inside the container will receive `SIGTERM`, and after a +grace period, `SIGKILL`. ## tag From 53ee6d2237146316f0fda42c658434f891ef4b54 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 3 Oct 2014 11:43:22 -0400 Subject: [PATCH 0318/2538] Fix security-opt docs Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/sources/reference/run.md | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index f5d6cc45e5..c72d28a000 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -234,22 +234,32 @@ the container exits**, you can add the `--rm` flag: --secutity-opt="apparmor:PROFILE" : Set the apparmor profile to be applied to the container -If you want to use the same label for multiple containers, you can override use -the security-opt flag to select an MCS level. This is a common practice for MLS -systems. But it also might help in cases where you want to share the same -content between containers. Run the following command. +You can override the default labeling scheme for each container by specifying +the `--security-opt` flag. For example, you can specify the MCS/MLS level, a +requirement for MLS systems. Specifying the level in the following command +allows you to share the same content between containers. # docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash -Run the following command if you want to disable the labeling controls for just -this container. +An MLS example might be: + + # docker run --security-opt label:level:TopSecret -i -t rhel7 bash + +To disable the security labeling for this container versus running with the +`--permissive` flag, use the following command: # docker run --security-opt label:disable -i -t fedora bash -Run the following command if you want to run a container that could only listen -on apache ports. +If you want a tighter security policy on the processes within a container, +you can specify an alternate type for the container. You could run a container +that is only allowed to listen on Apache ports by executing the following +command: - # docker run --security-opt label:type:svirt_apache_t -i -t fedora bash + # docker run --security-opt label:type:svirt_apache_t -i -t centos bash + +Note: + +You would have to write policy defining a `svirt_apache_t` type. ## Runtime Constraints on CPU and Memory From 3be32c5e8ef0e2d6d55ffafa5bd83ddd7c1d9997 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 10 Oct 2014 15:40:52 -0700 Subject: [PATCH 0319/2538] Add some docs about which env vars are defined in new containers @SvenDowideit FYI Closes #3087 Signed-off-by: Doug Davis --- docs/sources/reference/run.md | 45 ++++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index c72d28a000..67007ccff7 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -428,9 +428,48 @@ client container to help indicate which interface and port to use. ## ENV (Environment Variables) -The operator can **set any environment variable** in the container by -using one or more `-e` flags, even overriding those already defined by -the developer with a Dockerfile `ENV`: +When a new container is created, Docker will set the following environment +variables automatically: + + + + + + + + + + + + + + + + + + + + + +
Variable Value
HOME + Set based on the value of USER +
HOSTNAME + The hostname associated with the container +
PATH + Includes popular directories, such as :
+ /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +
TERM + xterm if the container is allocated a psuedo-TTY +
+ +The container may also include environment variables defined +as a result of the container being linked with another container. See +the [*Container Links*](/userguide/dockerlinks/#container-linking) +section for more details. + +Additionally, the operator can **set any environment variable** in the +container by using one or more `-e` flags, even overriding those mentioned +above, or already defined by the developer with a Dockerfile `ENV`: $ sudo docker run -e "deep=purple" --rm ubuntu /bin/bash -c export declare -x HOME="/" From 6ad404ac571e3c14012fd772ab412a9502bd68ce Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Sun, 12 Oct 2014 14:41:24 -0700 Subject: [PATCH 0320/2538] Fix typo: reguardless should be regardless Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2722aaa4ef..1f96b1d5b6 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1367,7 +1367,7 @@ how a container should or should not be restarted on exit. ** on-failure ** - Restart the container only if it exits with a non zero exit status. -** always ** - Always restart the container reguardless of the exit status. +** always ** - Always restart the container regardless of the exit status. You can also specify the maximum amount of times Docker will try to restart the container when using the ** on-failure ** policy. The From b8ab53507611cc0d494a4630bc21d0b6400c64a6 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Sun, 12 Oct 2014 12:59:46 -0700 Subject: [PATCH 0321/2538] Fix href in docs w.r.t. cgroups freezer pointer Apparently, the [...] and (http...) need to be right after each other instead of on different lines. Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1f96b1d5b6..31de4acf6b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -925,9 +925,9 @@ used, which is observable by the process being suspended. With the cgroups freez the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed. -See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for -further details. +See the +[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) +for further details. ## ps @@ -1479,9 +1479,9 @@ them to [*Share Images via Repositories*]( The `docker unpause` command uses the cgroups freezer to un-suspend all processes in a container. -See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for -further details. +See the +[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) +for further details. ## version From c5e74b80e22be9d9f076b575e2b8761f044ca139 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 7 Oct 2014 13:56:55 +1000 Subject: [PATCH 0322/2538] Add more info on attach inspired by discussion in #2855 Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 31de4acf6b..8a43e20d0d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -146,11 +146,14 @@ Docker supports softlinks for the Docker data directory --no-stdin=false Do not attach STDIN --sig-proxy=true Proxy all received signals to the process (even in non-TTY mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. -The `attach` command will allow you to view or -interact with any running container, detached (`-d`) -or interactive (`-i`). You can attach to the same -container at the same time - screen sharing style, or quickly view the -progress of your daemonized process. +The `attach` command lets you view or interact with any running container's +primary process (`pid 1`). + +You can attach to the same contained process multiple times simultaneously, screen +sharing style, or quickly view the progress of your daemonized process. + +> **Note:** This command is not for running a new process in a container. +> See: [`docker exec`](#exec). You can detach from the container again (and leave it running) with `CTRL-p CTRL-q` (for a quiet exit), or `CTRL-c` which will send a From 57d75938cd20f90022dd719878d6eca51337c798 Mon Sep 17 00:00:00 2001 From: Aanand Prasad Date: Fri, 10 Oct 2014 16:02:04 +0100 Subject: [PATCH 0323/2538] Add DOCKER_TLS_VERIFY environment variable, equivalent to --tlsverify flag This makes it possible to make the Docker client "secure by default" without wrapping the binary in a shell alias so that `--tlsverify` is always passed. Signed-off-by: Aanand Prasad --- docs/sources/reference/commandline/cli.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8a43e20d0d..f83feca923 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -116,6 +116,14 @@ the `-H` flag for the client. $ sudo docker ps # both are equal +Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than the empty +string is equivalent to setting the `--tlsverify` flag. The following are equivalent: + + $ sudo docker --tlsverify ps + # or + $ export DOCKER_TLS_VERIFY=1 + $ sudo docker ps + IP masquerading uses address translation to allow containers without a public IP to talk to other machines on the Internet. This may interfere with some network topologies and can be disabled with --ip-masq=false. From eecd9e7003d3cb2ec6921db327ab2a49b0e12253 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 8 Oct 2014 11:44:01 +1000 Subject: [PATCH 0324/2538] Mention the mkdocs.yml file for adding new documents and move the complicated discussion about branches lower down, hopefully most won't need to know Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/README.md | 56 +++++++++++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 23 deletions(-) diff --git a/docs/README.md b/docs/README.md index afcc1451a4..27ed7eef11 100755 --- a/docs/README.md +++ b/docs/README.md @@ -9,28 +9,6 @@ GitHub](https://github.com/docker/docker) thanks to post-commit hooks. The `docs` branch maps to the "latest" documentation and the `master` (unreleased development) branch maps to the "master" documentation. -## Branches - -**There are two branches related to editing docs**: `master` and a `docs` -branch. You should always edit documentation on a local branch of the `master` -branch, and send a PR against `master`. - -That way your fixes will automatically get included in later releases, and docs -maintainers can easily cherry-pick your changes into the `docs` release branch. -In the rare case where your change is not forward-compatible, you may need to -base your changes on the `docs` branch. - -Also, now that we have a `docs` branch, we can keep the -[http://docs.docker.com](http://docs.docker.com) docs up to date with any bugs -found between Docker code releases. - -**Warning**: When *reading* the docs, the -[http://docs-stage.docker.com](http://docs-stage.docker.com) documentation may -include features not yet part of any official Docker release. The `beta-docs` -site should be used only for understanding bleeding-edge development and -`docs.docker.com` (which points to the `docs` branch`) should be used for the -latest official release. - ## Contributing - Follow the contribution guidelines ([see @@ -46,11 +24,21 @@ changes. In the root of the `docker` source directory: - make docs + $ make docs + .... (lots of output) .... + $ docker run --rm -it -e AWS_S3_BUCKET -p 8000:8000 "docker-docs:master" mkdocs serve + Running at: http://0.0.0.0:8000/ + Live reload enabled. + Hold ctrl+c to quit. If you have any issues you need to debug, you can use `make docs-shell` and then run `mkdocs serve` +## Adding a new document + +New document (`.md`) files are added to the documentation builds by adding them +to the menu definition in the `docs/mkdocs.yml` file. + ## Style guide The documentation is written with paragraphs wrapped at 80 column lines to make @@ -83,6 +71,28 @@ Markdown](http://www.mkdocs.org/user-guide/writing-your-docs/)). Just be careful not to create many commits. And you must still [sign your work!](../CONTRIBUTING.md#sign-your-work) +## Branches + +**There are two branches related to editing docs**: `master` and a `docs` +branch. You should always edit the documentation on a local branch of the `master` +branch, and send a PR against `master`. + +That way your edits will automatically get included in later releases, and docs +maintainers can easily cherry-pick your changes into the `docs` release branch. +In the rare case where your change is not forward-compatible, you may need to +base your changes on the `docs` branch. + +Also, now that we have a `docs` branch, we can keep the +[http://docs.docker.com](http://docs.docker.com) docs up to date with any bugs +found between Docker code releases. + +> **Warning**: When *reading* the docs, the +> [http://docs-stage.docker.com](http://docs-stage.docker.com) documentation may +> include features not yet part of any official Docker release. The `beta-docs` +> site should be used only for understanding bleeding-edge development and +> `docs.docker.com` (which points to the `docs` branch`) should be used for the +> latest official release. + ## Publishing Documentation To publish a copy of the documentation you need to have Docker up and running on your From 22c0b17eb2e3d56b0adb0743c6027134c7147d38 Mon Sep 17 00:00:00 2001 From: SvenDowideit Date: Thu, 25 Sep 2014 14:13:30 +1000 Subject: [PATCH 0325/2538] Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) Add some information about the storage and execution driver choices Docker-DCO-1.1-Signed-off-by: SvenDowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 95 ++++++++++++++++++----- 1 file changed, 77 insertions(+), 18 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f83feca923..86f02b6cf1 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -94,20 +94,41 @@ The Docker daemon is the persistent process that manages containers. Docker uses the same binary for both the daemon and client. To run the daemon you provide the `-d` flag. -To force Docker to use devicemapper as the storage driver, use -`docker -d -s devicemapper`. - -To set the DNS server for all Docker containers, use -`docker -d --dns 8.8.8.8`. - -To set the DNS search domain for all Docker containers, use -`docker -d --dns-search example.com`. To run the daemon with debug output, use `docker -d -D`. -To use lxc as the execution driver, use `docker -d -e lxc`. +### Daemon socket option -The docker client will also honor the `DOCKER_HOST` environment variable to set +The Docker daemon can listen for [Docker Remote API](reference/api/docker_remote_api/) +requests via three different types of Socket: `unix`, `tcp`, and `fd`. + +By default, a `unix` domain socket (or IPC socket) is created at `/var/run/docker.sock`, +requiring either `root` permission, or `docker` group membership. + +If you need to access the Docker daemon remotely, you need to enable the `tcp` +Socket. Beware that the default setup provides un-encrypted and un-authenticated +direct access to the Docker daemon - and should be secured either using the +[built in https encrypted socket](/articles/https/), or by putting a secure web +proxy in front of it. You can listen on port `2375` on all network interfaces +with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP +address: `-H tcp://192.168.59.103:2375`. + +On Systemd based systems, you can communicate with the daemon via +[systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use +`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but +you can also specify individual sockets: `docker -d -H fd://3`. If the +specified socket activated files aren't found, then Docker will exit. You +can find examples of using Systemd socket activation with Docker and +Systemd in the [Docker source tree]( +https://github.com/docker/docker/tree/master/contrib/init/systemd/). + +You can configure the Docker daemon to listen to multiple sockets at the same +time using multiple `-H` options: + + # listen using the default unix socket, and on 2 specific IP addresses on this host. + docker -d -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2 + +The Docker client will honor the `DOCKER_HOST` environment variable to set the `-H` flag for the client. $ sudo docker -H tcp://0.0.0.0:2375 ps @@ -124,18 +145,55 @@ string is equivalent to setting the `--tlsverify` flag. The following are equiva $ export DOCKER_TLS_VERIFY=1 $ sudo docker ps +### Daemon storage-driver option + +The Docker daemon has support for three different image layer storage drivers: `aufs`, +`devicemapper`, and `btrfs`. + +The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that +is unlikely to be merged into the main kernel. These are also known to cause some +serious kernel crashes. However, `aufs` is also the only storage driver that allows +containers to share executable and shared library memory, so is a useful choice +when running thousands of containers with the same program or libraries. + +The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) snapshots. +This driver will create a 100GB sparse file containing all your images and +containers. Each container will be limited to a 10 GB thin volume, and either of +these will require tuning - see [~jpetazzo/Resizing Docker containers with the +Device Mapper plugin]( http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/) +To tell the Docker daemon to use `devicemapper`, use +`docker -d -s devicemapper`. + +The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not +share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`. + + +### Docker exec-driver option + +The Docker daemon uses a specifically built `libcontainer` execution driver as its +interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. + +There is still legacy support for the original [LXC userspace tools]( +https://linuxcontainers.org/) via the `lxc` execution driver, however, this is +not where the primary development of new functionality is taking place. +Add `-e lxc` to the daemon flags to use the `lxc` execution driver. + + +### Daemon DNS options + +To set the DNS server for all Docker containers, use +`docker -d --dns 8.8.8.8`. + +To set the DNS search domain for all Docker containers, use +`docker -d --dns-search example.com`. + +### Miscellaneous options + IP masquerading uses address translation to allow containers without a public IP to talk to other machines on the Internet. This may interfere with some network topologies and can be disabled with --ip-masq=false. -To run the daemon with [systemd socket activation]( -http://0pointer.de/blog/projects/socket-activation.html), use -`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but -you can also specify individual sockets too `docker -d -H fd://3`. If the -specified socket activated files aren't found then docker will exit. You -can find examples of using systemd socket activation with docker and -systemd in the [docker source tree]( -https://github.com/docker/docker/tree/master/contrib/init/systemd/). + Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this: @@ -145,6 +203,7 @@ Docker supports softlinks for the Docker data directory export DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 + ## attach Usage: docker attach [OPTIONS] CONTAINER From 15490a58b2c4f639494c47742e6395a3c23e15d8 Mon Sep 17 00:00:00 2001 From: unclejack Date: Sat, 16 Aug 2014 13:27:04 +0300 Subject: [PATCH 0326/2538] make http usage for registry explicit Docker-DCO-1.1-Signed-off-by: Cristian Staretu (github: unclejack) Conflicts: daemon/config.go daemon/daemon.go graph/pull.go graph/push.go graph/tags.go registry/registry.go registry/service.go --- docs/sources/reference/commandline/cli.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 86f02b6cf1..94cbb580b4 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -70,7 +70,8 @@ expect an integer, and they can only be specified once. -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --icc=true Enable inter-container communication - --ip=0.0.0.0 Default IP address to use when binding container ports + --insecure-registry=[] Make these registries use http + --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward --ip-masq=true Enable IP masquerading for bridge's IP range --iptables=true Enable Docker's addition of iptables rules From c77355712154a6881575683b955978ab8fa49b16 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Tue, 19 Aug 2014 12:27:23 -0700 Subject: [PATCH 0327/2538] Expand documentation for --insecure-registries Signed-off-by: Michael Crosby --- docs/sources/reference/commandline/cli.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 94cbb580b4..ddfc983d3a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -71,7 +71,7 @@ expect an integer, and they can only be specified once. -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --icc=true Enable inter-container communication --insecure-registry=[] Make these registries use http - --ip=0.0.0.0 Default IP address to use when binding container ports + --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward --ip-masq=true Enable IP masquerading for bridge's IP range --iptables=true Enable Docker's addition of iptables rules @@ -196,6 +196,16 @@ can be disabled with --ip-masq=false. +By default docker will assume all registries are securied via TLS. Prior versions +of docker used an auto fallback if a registry did not support TLS. This introduces +the opportunity for MITM attacks so in Docker 1.2 the user must specify `--insecure-registries` +when starting the Docker daemon to state which registries are not using TLS and to communicate +with these registries via plain text. If you are running a local registry over plain text +on `127.0.0.1:5000` you will be required to specify `--insecure-registries 127.0.0.1:500` +when starting the docker daemon to be able to push and pull images to that registry. +No automatic fallback will happen after Docker 1.2 to detect if a registry is using +HTTP or HTTPS. + Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this: From 8d6cc5b994e98c93f8a977b9079a4b22a359716b Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Fri, 10 Oct 2014 23:22:12 -0400 Subject: [PATCH 0328/2538] Do not verify certificate when using --insecure-registry on an HTTPS registry Signed-off-by: Tibor Vass Conflicts: registry/registry.go registry/registry_test.go registry/service.go registry/session.go --- docs/sources/reference/commandline/cli.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ddfc983d3a..4c863ee7bd 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -70,7 +70,7 @@ expect an integer, and they can only be specified once. -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --icc=true Enable inter-container communication - --insecure-registry=[] Make these registries use http + --insecure-registry=[] Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward --ip-masq=true Enable IP masquerading for bridge's IP range @@ -195,16 +195,16 @@ to other machines on the Internet. This may interfere with some network topologi can be disabled with --ip-masq=false. +By default, Docker will assume all registries are secured via TLS with certificate verification +enabled. Prior versions of Docker used an auto fallback if a registry did not support TLS +(or if the TLS connection failed). This introduced the opportunity for Man In The Middle (MITM) +attacks, so as of Docker 1.3.1, the user must now specify the `--insecure-registry` daemon flag +for each insecure registry. An insecure registry is either not using TLS (i.e. plain text HTTP), +or is using TLS with a CA certificate not known by the Docker daemon (i.e. certification +verification disabled). For example, if there is a registry listening for HTTP at 127.0.0.1:5000, +as of Docker 1.3.1 you are required to specify `--insecure-registry 127.0.0.1:5000` when starting +the Docker daemon. -By default docker will assume all registries are securied via TLS. Prior versions -of docker used an auto fallback if a registry did not support TLS. This introduces -the opportunity for MITM attacks so in Docker 1.2 the user must specify `--insecure-registries` -when starting the Docker daemon to state which registries are not using TLS and to communicate -with these registries via plain text. If you are running a local registry over plain text -on `127.0.0.1:5000` you will be required to specify `--insecure-registries 127.0.0.1:500` -when starting the docker daemon to be able to push and pull images to that registry. -No automatic fallback will happen after Docker 1.2 to detect if a registry is using -HTTP or HTTPS. Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this: From f58767aceda453377e4f6913eef8d7fd1912e74b Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Wed, 22 Oct 2014 08:30:48 -0400 Subject: [PATCH 0329/2538] Docs edits for dropping SSLv3 and under + release notes for 1.3.1 Signed-off-by: Tibor Vass Conflicts: docs/sources/index.md --- docs/sources/reference/commandline/cli.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4c863ee7bd..a57b4cc28e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -112,7 +112,12 @@ direct access to the Docker daemon - and should be secured either using the [built in https encrypted socket](/articles/https/), or by putting a secure web proxy in front of it. You can listen on port `2375` on all network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP -address: `-H tcp://192.168.59.103:2375`. +address: `-H tcp://192.168.59.103:2375`. It is conventional to use port `2375` +for un-encrypted, and port `2376` for encrypted communication with the daemon. + +> **Note** If you're using an HTTPS encrypted socket, keep in mind that only TLS1.0 +> and greater are supported. Protocols SSLv3 and under are not supported anymore +> for security reasons. On Systemd based systems, you can communicate with the daemon via [systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use From 5b491e69422a8c887156aef29069f3af4a81fe30 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 11 Nov 2014 16:31:15 -0500 Subject: [PATCH 0330/2538] Add the possibility of specifying a subnet for --insecure-registry Signed-off-by: Tibor Vass Conflicts: registry/endpoint.go --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a57b4cc28e..728f95ceec 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -70,7 +70,7 @@ expect an integer, and they can only be specified once. -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --icc=true Enable inter-container communication - --insecure-registry=[] Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) + --insecure-registry=[] Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) (ex: localhost:5000 or 10.20.0.0/16) --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward --ip-masq=true Enable IP masquerading for bridge's IP range From d227c88e19f89aad909088836f7f31cee10c7147 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Fri, 14 Nov 2014 11:04:47 -0800 Subject: [PATCH 0331/2538] Rewrite documentation for insecure registries Signed-off-by: Tibor Vass Conflicts: docs/sources/reference/commandline/cli.md --- docs/sources/reference/commandline/cli.md | 46 ++++++++++++++++------- 1 file changed, 33 insertions(+), 13 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 728f95ceec..6e6ccd69aa 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -70,7 +70,7 @@ expect an integer, and they can only be specified once. -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. --icc=true Enable inter-container communication - --insecure-registry=[] Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) (ex: localhost:5000 or 10.20.0.0/16) + --insecure-registry=[] Enable insecure communication with specified registries (disables certificate verification for HTTPS and enables HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16) --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward --ip-masq=true Enable IP masquerading for bridge's IP range @@ -193,24 +193,44 @@ To set the DNS server for all Docker containers, use To set the DNS search domain for all Docker containers, use `docker -d --dns-search example.com`. +### Insecure registries + +Docker considers a private registry either secure or insecure. +In the rest of this section, *registry* is used for *private registry*, and `myregistry:5000` +is a placeholder example for a private registry. + +A secure registry uses TLS and a copy of its CA certificate is placed on the Docker host at +`/etc/docker/certs.d/myregistry:5000/ca.crt`. +An insecure registry is either not using TLS (i.e., listening on plain text HTTP), or is using +TLS with a CA certificate not known by the Docker daemon. The latter can happen when the +certificate was not found under `/etc/docker/certs.d/myregistry:5000/`, or if the certificate +verification failed (i.e., wrong CA). + +By default, Docker assumes all, but local (see local registries below), registries are secure. +Communicating with an insecure registry is not possible if Docker assumes that registry is secure. +In order to communicate with an insecure registry, the Docker daemon requires `--insecure-registry` +in one of the following two forms: + +* `--insecure-registry myregistry:5000` tells the Docker daemon that myregistry:5000 should be considered insecure. +* `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries whose domain resolve to an IP address is part +of the subnet described by the CIDR syntax, should be considered insecure. + +The flag can be used multiple times to allow multiple registries to be marked as insecure. + +If an insecure registry is not marked as insecure, `docker pull`, `docker push`, and `docker search` +will result in an error message prompting the user to either secure or pass the `--insecure-registry` +flag to the Docker daemon as described above. + +Local registries, whose IP address falls in the 127.0.0.0/8 range, are automatically marked as insecure +as of Docker 1.3.2. It is not recommended to rely on this, as it may change in the future. + + ### Miscellaneous options IP masquerading uses address translation to allow containers without a public IP to talk to other machines on the Internet. This may interfere with some network topologies and can be disabled with --ip-masq=false. - -By default, Docker will assume all registries are secured via TLS with certificate verification -enabled. Prior versions of Docker used an auto fallback if a registry did not support TLS -(or if the TLS connection failed). This introduced the opportunity for Man In The Middle (MITM) -attacks, so as of Docker 1.3.1, the user must now specify the `--insecure-registry` daemon flag -for each insecure registry. An insecure registry is either not using TLS (i.e. plain text HTTP), -or is using TLS with a CA certificate not known by the Docker daemon (i.e. certification -verification disabled). For example, if there is a registry listening for HTTP at 127.0.0.1:5000, -as of Docker 1.3.1 you are required to specify `--insecure-registry 127.0.0.1:5000` when starting -the Docker daemon. - - Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this: From 981a612adf35c62f69ba6bd9c3d7e0f2823c83ce Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 8 Oct 2014 13:10:31 +1000 Subject: [PATCH 0332/2538] Add info on --device flag permissions ':rwm' Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 31 ++++++++++++++++++++--- docs/sources/reference/run.md | 20 +++++++++++++++ 2 files changed, 48 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6e6ccd69aa..c0fcbff27b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -523,7 +523,7 @@ Creates a new container. --cap-drop=[] Drop Linux capabilities --cidfile="" Write the container ID to the file --cpuset="" CPUs in which to allow execution (0-3, 0,1) - --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc) + --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) --dns=[] Set custom DNS servers --dns-search=[] Set custom DNS search domains -e, --env=[] Set environment variables @@ -563,6 +563,8 @@ container at any point. This is useful when you want to set up a container configuration ahead of time so that it is ready to start when you need it. +Please see the [run command](#run) section for more details. + #### Example $ sudo docker create -t -i fedora bash @@ -1221,7 +1223,7 @@ removed before the image is removed. --cidfile="" Write the container ID to the file --cpuset="" CPUs in which to allow execution (0-3, 0,1) -d, --detach=false Detached mode: run the container in the background and print the new container ID - --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc) + --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) --dns=[] Set custom DNS servers --dns-search=[] Set custom DNS search domains -e, --env=[] Set environment variables @@ -1430,8 +1432,31 @@ option enables that. For example, a specific block storage device or loop device or audio device can be added to an otherwise unprivileged container (without the `--privileged` flag) and have the application directly access it. +By default, the container will be able to `read`, `write` and `mknod` these devices. +This can be overridden using a third `:rwm` set of options to each `--device` +flag: + + +``` + $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + + Command (m for help): q + $ sudo docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc + You will not be able to write the partition table. + + Command (m for help): q + + $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + + Command (m for help): q + + $ sudo docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc + fdisk: unable to open /dev/xvdc: Operation not permitted +``` + **Note:** -> `--device` cannot be safely used with ephemeral devices. Block devices that may be removed should not be added to untrusted containers with `--device`. +> `--device` cannot be safely used with ephemeral devices. Block devices that +> may be removed should not be added to untrusted containers with `--device`. **A complete example:** diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 67007ccff7..2183ee957c 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -308,6 +308,26 @@ will be accessible within the container. $ sudo docker run --device=/dev/snd:/dev/snd ... +By default, the container will be able to `read`, `write`, and `mknod` these devices. +This can be overridden using a third `:rwm` set of options to each `--device` flag: + + +``` + $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + + Command (m for help): q + $ sudo docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc + You will not be able to write the partition table. + + Command (m for help): q + + $ sudo docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk /dev/xvdc + crash.... + + $ sudo docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc + fdisk: unable to open /dev/xvdc: Operation not permitted +``` + In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default list of capabilities that are kept. Both flags support the value `all`, so if the From ff38494bbedb38af01a71bf5b99883d0b7417c3c Mon Sep 17 00:00:00 2001 From: Ryan Detzel Date: Thu, 16 Oct 2014 15:57:38 -0400 Subject: [PATCH 0333/2538] Docs syntax fix the flags must come before the container name. --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c0fcbff27b..5698a6af30 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -678,7 +678,7 @@ This will create a container named `ubuntu_bash` and start a Bash session. This will create a new file `/tmp/execWorks` inside the running container `ubuntu_bash`, in the background. - $ sudo docker exec ubuntu_bash -it bash + $ sudo docker exec -it ubuntu_bash bash This will create a new Bash session in the container `ubuntu_bash`. From f1a49f25605bef182d9b1833bfd081258cb89cfe Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 14 Oct 2014 17:45:29 +0200 Subject: [PATCH 0334/2538] Fix support for --env-file in bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index cc16d4825f..dbe7c71442 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -264,10 +264,10 @@ _docker_create() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir -c --cpu-shares --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir -c --cpu-shares --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') + local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids @@ -595,11 +595,11 @@ _docker_run() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env -p --publish --expose --dns --volumes-from --lxc-conf --security-opt" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt') + local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt') if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids From a6594e13ce68aa8c8b8e94d46ec466ff27962e31 Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Sun, 19 Oct 2014 10:06:58 -0700 Subject: [PATCH 0335/2538] Fixed a minor docs issue in a Dockerfile Example The Dockerfile Instruction to create the .vnc directory results in a failure : -storepasswd failed for file: /root/.vnc/passwd Signed-off-by: Madhu Venugopal --- docs/sources/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 2678a87a19..2f36942ce6 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -642,7 +642,7 @@ For example you might add something like this: # Install vnc, xvfb in order to create a 'fake' display and firefox RUN apt-get update && apt-get install -y x11vnc xvfb firefox - RUN mkdir /.vnc + RUN mkdir ~/.vnc # Setup a password RUN x11vnc -storepasswd 1234 ~/.vnc/passwd # Autostart firefox (might not be the best way, but it does the trick) From c55facc917e5bf753abd7ca421747b5122d81db3 Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Mon, 20 Oct 2014 15:33:17 +0200 Subject: [PATCH 0336/2538] zsh: update zsh completion for docker command zsh completion is updated with the content of felixr/docker-zsh-completion. The major change since the last merge is the addition of exec/create (but they were already present in the docker repository) as well as pause/unpause/logout/events and the use of short/long options when they are available. Some missing options were also added. 12f00abd7178 Add completion for `exec' 4e2faa075f9a Merge `run' and `create' commands. 34134de077de Add missing long/short options for most commands. d09f62339ab5 Add completion for `pause' and `unpause' e4754c3b3b9d Add completion for `logout' e0935eb3d5d2 Add completion for `events' dae353cb9afb Add completion for `create` Docker-DCO-1.1-Signed-off-by: Vincent Bernat (github: vincentbernat) --- contrib/completion/zsh/_docker | 148 ++++++++++++++++++--------------- 1 file changed, 79 insertions(+), 69 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index aff59ee77c..4c0937e10c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -195,17 +195,18 @@ __docker_subcommand () { ;; (build) _arguments \ - '--force-rm[Always remove intermediate containers, even after unsuccessful builds]' \ + '--force-rm[Always remove intermediate containers]' \ '--no-cache[Do not use cache when building the image]' \ - '-q[Suppress verbose build output]' \ + {-q,--quiet}'[Suppress verbose build output]' \ '--rm[Remove intermediate containers after a successful build]' \ - '-t:repository:__docker_repositories_with_tags' \ + {-t,--tag=-}'[Repository, name and tag to be applied]:repository:__docker_repositories_with_tags' \ ':path or URL:_directories' ;; (commit) _arguments \ - '--author=-[Author]:author: ' \ - '-m[Commit message]:message: ' \ + {-a,--author=-}'[Author]:author: ' \ + {-m,--message=-}'[Commit message]:message: ' \ + {-p,--pause}'[Pause container during commit]' \ '--run=-[Configuration automatically applied when the image is run]:configuration: ' \ ':container:__docker_containers' \ ':repository:__docker_repositories_with_tags' @@ -224,60 +225,40 @@ __docker_subcommand () { ;; esac ;; - (create) - _arguments \ - '-P[Publish all exposed ports to the host]' \ - '-a[Attach to stdin, stdout or stderr]' \ - '-c=-[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)' \ - '--cidfile=-[Write the container ID to the file]:CID file:_files' \ - '*--dns=-[Set custom dns servers]:dns server: ' \ - '*-e=-[Set environment variables]:environment variable: ' \ - '--entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \ - '*--expose=-[Expose a port from the container without publishing it]: ' \ - '-h=-[Container host name]:hostname:_hosts' \ - '-i[Keep stdin open even if not attached]' \ - '--link=-[Add link to another container]:link:->link' \ - '--lxc-conf=-[Add custom lxc options]:lxc options: ' \ - '-m=-[Memory limit (in bytes)]:limit: ' \ - '--name=-[Container name]:name: ' \ - '*-p=-[Expose a container'"'"'s port to the host]:port:_ports' \ - '--privileged[Give extended privileges to this container]' \ - '-t[Allocate a pseudo-tty]' \ - '-u=-[Username or UID]:user:_users' \ - '*-v=-[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\ - '--volumes-from=-[Mount volumes from the specified container]:volume: ' \ - '-w=-[Working directory inside the container]:directory:_directories' \ - '(-):images:__docker_images' \ - '(-):command: _command_names -e' \ - '*::arguments: _normal' (diff|export) _arguments '*:containers:__docker_containers' ;; + (events) + _arguments \ + '--since=-[Events created since this timestamp]:timestamp: ' \ + '--until=-[Events created until this timestamp]:timestamp: ' + ;; (exec) _arguments \ - '-d[Detached mode: leave the container running in the background]' \ - '-i[Keep stdin open even if not attached]' \ - '-t[Allocate a pseudo-tty]' \ + {-d,--detach}'[Detached mode: leave the container running in the background]' \ + {-i,--interactive}'[Keep stdin open even if not attached]' \ + {-t,--tty}'[Allocate a pseudo-tty]' \ ':containers:__docker_runningcontainers' ;; (history) _arguments \ '--no-trunc[Do not truncate output]' \ - '-q[Only show numeric IDs]' \ + {-q,--quiet}'[Only show numeric IDs]' \ '*:images:__docker_images' ;; (images) _arguments \ - '-a[Show all images]' \ + {-a,--all}'[Show all images]' \ + '*'{-f,--filter=-}'[Filter values]:filter: ' \ '--no-trunc[Do not truncate output]' \ - '-q[Only show numeric IDs]' \ + {-q,--quiet}'[Only show numeric IDs]' \ '--tree[Output graph in tree format]' \ '--viz[Output graph in graphviz format]' \ ':repository:__docker_repositories' ;; (inspect) _arguments \ - '--format=-[Format the output using the given go template]:template: ' \ + {-f,--format=-}'[Format the output using the given go template]:template: ' \ '*:containers:__docker_containers' ;; (import) @@ -298,20 +279,29 @@ __docker_subcommand () { '3:file:_files' ;; (kill) - _arguments '*:containers:__docker_runningcontainers' + _arguments \ + {-s,--signal=-}'[Signal to send]:signal:_signals' \ + '*:containers:__docker_runningcontainers' ;; (load) + _arguments \ + {-i,--input=-}'[Read from tar archive file]:tar:_files' ;; (login) _arguments \ - '-e[Email]:email: ' \ - '-p[Password]:password: ' \ - '-u[Username]:username: ' \ + {-e,--email=-}'[Email]:email: ' \ + {-p,--password=-}'[Password]:password: ' \ + {-u,--user=-}'[Username]:username: ' \ + ':server: ' + ;; + (logout) + _arguments \ ':server: ' ;; (logs) _arguments \ - '-f[Follow log output]' \ + {-f,--follow}'[Follow log output]' \ + {-t,--timestamps}'[Show timestamps]' \ '*:containers:__docker_containers' ;; (port) @@ -319,24 +309,32 @@ __docker_subcommand () { '1:containers:__docker_runningcontainers' \ '2:port:_ports' ;; + (pause|unpause) + _arguments \ + '1:containers:__docker_runningcontainers' + ;; (start) _arguments \ - '-a[Attach container'"'"'s stdout/stderr and forward all signals]' \ - '-i[Attach container'"'"'s stding]' \ + {-a,--attach}'[Attach container'"'"'s stdout/stderr and forward all signals]' \ + {-i,--interactive}'[Attach container'"'"'s stding]' \ '*:containers:__docker_stoppedcontainers' ;; (rm) _arguments \ - '--link[Remove the specified link and not the underlying container]' \ - '-v[Remove the volumes associated to the container]' \ + {-f,--force}'[Force removal]' \ + {-l,--link}'[Remove the specified link and not the underlying container]' \ + {-v,--volumes}'[Remove the volumes associated to the container]' \ '*:containers:__docker_stoppedcontainers' ;; (rmi) _arguments \ + {-f,--force}'[Force removal]' \ + '--no-prune[Do not delete untagged parents]' \ '*:images:__docker_images' ;; (restart|stop) - _arguments '-t[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)' \ + _arguments \ + {-t,--time=-}'[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)' \ '*:containers:__docker_runningcontainers' ;; (top) @@ -352,47 +350,58 @@ __docker_subcommand () { ;; (ps) _arguments \ - '-a[Show all containers]' \ + {-a,--all}'[Show all containers]' \ '--before=-[Show only container created before...]:containers:__docker_containers' \ - '-l[Show only the latest created container]' \ + '*'{-f,--filter=-}'[Filter values]:filter: ' \ + {-l,--latest}'[Show only the latest created container]' \ '-n[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' \ '--no-trunc[Do not truncate output]' \ - '-q[Only show numeric IDs]' \ - '-s[Display sizes]' \ + {-q,--quiet}'[Only show numeric IDs]' \ + {-s,--size}'[Display sizes]' \ '--since=-[Show only containers created since...]:containers:__docker_containers' ;; (tag) _arguments \ - '-f[force]'\ + {-f,--force}'[force]'\ ':image:__docker_images'\ ':repository:__docker_repositories_with_tags' ;; - (run) + (create|run) _arguments \ - '-P[Publish all exposed ports to the host]' \ - '-a[Attach to stdin, stdout or stderr]' \ - '-c[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)' \ + {-a,--attach}'[Attach to stdin, stdout or stderr]' \ + '*--add-host=-[Add a custom host-to-IP mapping]:host\:ip mapping: ' \ + {-c,--cpu-shares=-}'[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)' \ + '*--cap-add=-[Add Linux capabilities]:capability: ' \ + '*--cap-drop=-[Drop Linux capabilities]:capability: ' \ '--cidfile=-[Write the container ID to the file]:CID file:_files' \ - '-d[Detached mode: leave the container running in the background]' \ + '--cpuset=-[CPUs in which to allow execution]:CPU set: ' \ + {-d,--detach}'[Detached mode: leave the container running in the background]' \ + '*--device=-[Add a host device to the container]:device:_files' \ '*--dns=-[Set custom dns servers]:dns server: ' \ - '*-e[Set environment variables]:environment variable: ' \ + '*--dns-search=-[Set custom DNS search domains]:dns domains: ' \ + '*'{-e,--environment=-}'[Set environment variables]:environment variable: ' \ '--entrypoint=-[Overwrite the default entrypoint of the image]:entry point: ' \ + '*--env-file=-[Read environment variables from a file]:environment file:_files' \ '*--expose=-[Expose a port from the container without publishing it]: ' \ - '-h[Container host name]:hostname:_hosts' \ - '-i[Keep stdin open even if not attached]' \ - '--link=-[Add link to another container]:link:->link' \ - '--lxc-conf=-[Add custom lxc options]:lxc options: ' \ + {-h,--hostname=-}'[Container host name]:hostname:_hosts' \ + {-i,--interactive}'[Keep stdin open even if not attached]' \ + '*--link=-[Add link to another container]:link:->link' \ + '*--lxc-conf=-[Add custom lxc options]:lxc options: ' \ '-m[Memory limit (in bytes)]:limit: ' \ '--name=-[Container name]:name: ' \ - '*-p[Expose a container'"'"'s port to the host]:port:_ports' \ + '--net=-[Network mode]:network mode:(bridge none container: host)' \ + {-P,--publish-all}'[Publish all exposed ports]' \ + '*'{-p,--publish=-}'[Expose a container'"'"'s port to the host]:port:_ports' \ '--privileged[Give extended privileges to this container]' \ + '--restart=-[Restart policy]:restart policy:(no on-failure always)' \ '--rm[Remove intermediate containers when it exits]' \ + '*--security-opt=-[Security options]:security option: ' \ '--sig-proxy[Proxify all received signal]' \ - '-t[Allocate a pseudo-tty]' \ - '-u[Username or UID]:user:_users' \ - '*-v[Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)]:volume: '\ - '--volumes-from=-[Mount volumes from the specified container]:volume: ' \ - '-w[Working directory inside the container]:directory:_directories' \ + {-t,--tty}'[Allocate a pseudo-tty]' \ + {-u,--user=-}'[Username or UID]:user:_users' \ + '*-v[Bind mount a volume]:volume: '\ + '*--volumes-from=-[Mount volumes from the specified container]:volume: ' \ + {-w,--workdir=-}'[Working directory inside the container]:directory:_directories' \ '(-):images:__docker_images' \ '(-):command: _command_names -e' \ '*::arguments: _normal' @@ -416,6 +425,7 @@ __docker_subcommand () { ;; (save) _arguments \ + {-o,--output=-}'[Write to file]:file:_files' \ ':images:__docker_images' ;; (wait) From aedfc622937ee6bcc59ceeab591f3a1d5891c084 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 21 Oct 2014 10:48:58 +1000 Subject: [PATCH 0337/2538] Link to run reference from cli doc Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 3 ++ docs/sources/reference/run.md | 36 +++++++++++------------ 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5698a6af30..4b5c709ab3 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1262,6 +1262,9 @@ specified image, and then `starts` it using the specified command. That is, previous changes intact using `docker start`. See `docker ps -a` to view a list of all containers. +There is detailed infortmation about `docker run` in the [Docker run reference]( +/reference/run/). + The `docker run` command can be used in combination with `docker commit` to [*change the command that a container runs*](#commit-an-existing-container). diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 2183ee957c..88e3f5d491 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -1,8 +1,8 @@ -page_title: Docker Run Reference +page_title: Docker run reference page_description: Configure containers at runtime page_keywords: docker, run, configure, runtime -# Docker Run Reference +# Docker run reference **Docker runs processes in isolated containers**. When an operator executes `docker run`, she starts a process with its own file system, @@ -14,7 +14,7 @@ the container from the image. That's the main reason [*run*](/reference/commandline/cli/#run) has more options than any other `docker` command. -## General Form +## General form The basic `docker run` command takes this form: @@ -39,7 +39,7 @@ behavior, allowing them to override all defaults set by the developer during `docker build` and nearly all the defaults set by the Docker runtime itself. -## Operator Exclusive Options +## Operator exclusive options Only the operator (the person executing `docker run`) can set the following options. @@ -55,7 +55,7 @@ following options. - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory) - [Runtime Privilege, Linux Capabilities, and LXC Configuration](#runtime-privilege-linux-capabilities-and-lxc-configuration) -## Detached vs Foreground +## Detached vs foreground When starting a Docker container, you must first decide if you want to run the container in the background in a "detached" mode or in the @@ -97,7 +97,7 @@ For interactive processes (like a shell) you will typically want a tty as well as persistent standard input (`STDIN`), so you'll use `-i -t` together in most interactive cases. -## Container Identification +## Container identification ### Name (–-name) @@ -116,7 +116,7 @@ add meaning to a container since you can use this name when defining other place you need to identify a container). This works for both background and foreground Docker containers. -### PID Equivalent +### PID equivalent Finally, to help with automation, you can have Docker write the container ID out to a file of your choosing. This is similar to how some @@ -131,7 +131,7 @@ While not strictly a means of identifying a container, you can specify a version image you'd like to run the container with by adding `image[:tag]` to the command. For example, `docker run ubuntu:14.04`. -## Network Settings +## Network settings --dns=[] : Set custom dns servers for the container --net="bridge" : Set the Network mode for the container @@ -213,7 +213,7 @@ container itself as well as `localhost` and a few other common things. The ::1 localhost ip6-localhost ip6-loopback 86.75.30.9 db-static -## Clean Up (–-rm) +## Clean up (–-rm) By default a container's file system persists even after the container exits. This makes debugging a lot easier (since you can inspect the @@ -225,7 +225,7 @@ the container exits**, you can add the `--rm` flag: --rm=false: Automatically remove the container when it exits (incompatible with -d) -## Security Configuration +## Security configuration --security-opt="label:user:USER" : Set the label user for the container --security-opt="label:role:ROLE" : Set the label role for the container --security-opt="label:type:TYPE" : Set the label type for the container @@ -261,7 +261,7 @@ Note: You would have to write policy defining a `svirt_apache_t` type. -## Runtime Constraints on CPU and Memory +## Runtime constraints on CPU and memory The operator can also adjust the performance parameters of the container: @@ -279,7 +279,7 @@ get the same proportion of CPU cycles, but you can tell the kernel to give more shares of CPU time to one or more containers when you start them via Docker. -## Runtime Privilege, Linux Capabilities, and LXC Configuration +## Runtime privilege, Linux capabilities, and LXC configuration --cap-add: Add Linux capabilities --cap-drop: Drop Linux capabilities @@ -347,7 +347,7 @@ Note that in the future, a given host's docker daemon may not use LXC, so this is an implementation-specific configuration meant for operators already familiar with using LXC directly. -## Overriding Dockerfile Image Defaults +## Overriding Dockerfile image defaults When a developer builds an image from a [*Dockerfile*](/reference/builder/#dockerbuilder) or when she commits it, the developer can set a number of default parameters @@ -367,7 +367,7 @@ Dockerfile instruction and how the operator can override that setting. - [USER](#user) - [WORKDIR](#workdir) -## CMD (Default Command or Options) +## CMD (default command or options) Recall the optional `COMMAND` in the Docker commandline: @@ -383,7 +383,7 @@ image), you can override that `CMD` instruction just by specifying a new If the image also specifies an `ENTRYPOINT` then the `CMD` or `COMMAND` get appended as arguments to the `ENTRYPOINT`. -## ENTRYPOINT (Default Command to Execute at Runtime) +## ENTRYPOINT (default command to execute at runtime) --entrypoint="": Overwrite the default entrypoint set by the image @@ -406,7 +406,7 @@ or two examples of how to pass more parameters to that ENTRYPOINT: $ sudo docker run -i -t --entrypoint /bin/bash example/redis -c ls -l $ sudo docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help -## EXPOSE (Incoming Ports) +## EXPOSE (incoming ports) The Dockerfile doesn't give much control over networking, only providing the `EXPOSE` instruction to give a hint to the operator about what @@ -446,7 +446,7 @@ then the client container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. -## ENV (Environment Variables) +## ENV (environment variables) When a new container is created, Docker will set the following environment variables automatically: @@ -555,7 +555,7 @@ mechanism to communicate with a linked container by its alias: If you restart the source container (`servicename` in this case), the recipient container's `/etc/hosts` entry will be automatically updated. -## VOLUME (Shared Filesystems) +## VOLUME (shared filesystems) -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. If "container-dir" is missing, then docker creates a new volume. From 9efb51fbc1ec20982cbabbec4b70832cd3099087 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 22 Oct 2014 12:30:59 +1000 Subject: [PATCH 0338/2538] Rewrite ENTRYPOINT documentation covering all the combinations with examples. Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/builder.md | 217 +++++++++++++++++++++++++----- 1 file changed, 186 insertions(+), 31 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 2f36942ce6..4bb02e3e21 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -460,43 +460,140 @@ The copy obeys the following rules: ENTRYPOINT has two forms: - `ENTRYPOINT ["executable", "param1", "param2"]` - (*exec* form, the preferred form) + (the preferred *exec* form) - `ENTRYPOINT command param1 param2` (*shell* form) -There can only be one `ENTRYPOINT` in a `Dockerfile`. If you have more -than one `ENTRYPOINT`, then only the last one in the `Dockerfile` will -have an effect. +An `ENTRYPOINT` allows you to configure a container that will run as an executable. -An `ENTRYPOINT` helps you to configure a container that you can run as -an executable. That is, when you specify an `ENTRYPOINT`, then the whole -container runs as if it was just that executable. +For example, the following will start nginx with its default content, listening +on port 80: -Unlike the behavior of the `CMD` instruction, The `ENTRYPOINT` -instruction adds an entry command that will **not** be overwritten when -arguments are passed to `docker run`. This allows arguments to be passed -to the entry point, i.e. `docker run -d` will pass the `-d` -argument to the entry point. + docker run -i -t --rm -p 80:80 nginx -You can specify parameters either in the `ENTRYPOINT` JSON array (as in -"like an exec" above), or by using a `CMD` instruction. Parameters in -the `ENTRYPOINT` instruction will not be overridden by the `docker run` -arguments, but parameters specified via a `CMD` instruction will be -overridden by `docker run` arguments. +Command line arguments to `docker run ` will be appended after all +elements in an *exec* form `ENTRYPOINT`, and will override all elements specified +using `CMD`. +This allows arguments to be passed to the entry point, i.e., `docker run -d` +will pass the `-d` argument to the entry point. +You can override the `ENTRYPOINT` instruction using the `docker run --entrypoint` +flag. -Like a `CMD`, you can specify a plain string for the `ENTRYPOINT` and it -will execute in `/bin/sh -c`: +The *shell* form prevents any `CMD` or `run` command line arguments from being +used, but has the disadvantage that your `ENTRYPOINT` will be started as a +subcommand of `/bin/sh -c`, which does not pass signals. +This means that the executable will not be the container's `PID 1` - and +will _not_ receive Unix signals - so your executable will not receive a +`SIGTERM` from `docker stop `. + +Only the last `ENTRYPOINT` instruction in the `Dockerfile` will have an effect. + +### Exec form ENTRYPOINT example + +You can use the *exec* form of `ENTRYPOINT` to set fairly stable default commands +and arguments and then use either form of `CMD` to set additional defaults that +are more likely to be changed. FROM ubuntu - ENTRYPOINT ls -l + ENTRYPOINT ["top", "-b"] + CMD ["-c"] -For example, that `Dockerfile`'s image will *always* take a directory as -an input and return a directory listing. If you wanted to make this -optional but default, you could use a `CMD` instruction: +When you run the container, you can see that `top` is the only process: - FROM ubuntu - CMD ["-l"] - ENTRYPOINT ["ls"] + $ docker run -it --rm --name test top -H + top - 08:25:00 up 7:27, 0 users, load average: 0.00, 0.01, 0.05 + Threads: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + %Cpu(s): 0.1 us, 0.1 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st + KiB Mem: 2056668 total, 1616832 used, 439836 free, 99352 buffers + KiB Swap: 1441840 total, 0 used, 1441840 free. 1324440 cached Mem + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 19744 2336 2080 R 0.0 0.1 0:00.04 top + +To examine the result further, you can use `docker exec`: + + $ docker exec -it test ps aux + USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND + root 1 2.6 0.1 19752 2352 ? Ss+ 08:24 0:00 top -b -H + root 7 0.0 0.1 15572 2164 ? R+ 08:25 0:00 ps aux + +And you can gracefully request `top` to shut down using `docker stop test`. + +If you need to write a starter script for a single executable, you can ensure that +the final executable receives the Unix signals by using `exec` and `gosu` +(see [the Dockerfile best practices](/articles/dockerfile_best-practices/#entrypoint) +for more details): + +```bash +#!/bin/bash +set -e + +if [ "$1" = 'postgres' ]; then + chown -R postgres "$PGDATA" + + if [ -z "$(ls -A "$PGDATA")" ]; then + gosu postgres initdb + fi + + exec gosu postgres "$@" +fi + +exec "$@" +``` + +Lastly, if you need to do some extra cleanup (or communicate with other containers) +on shutdown, or are co-ordinating more than one executable, you may need to ensure +that the `ENTRYPOINT` script receives the Unix signals, passes them on, and then +does some more work: + +``` +#!/bin/sh +# Note: I've written this using sh so it works in the busybox container too + +# USE the trap if you need to also do manual cleanup after the service is stopped, +# or need to start multiple services in the one container +trap "echo TRAPed signal" HUP INT QUIT KILL TERM + +# start service in background here +/usr/sbin/apachectl start + +echo "[hit enter key to exit] or run 'docker stop '" +read + +# stop service and clean up here +echo "stopping apache" +/usr/sbin/apachectl stop + +echo "exited $0" +``` + +If you run this image with `docker run -it --rm -p 80:80 --name test apache`, +you can then examine the container's processes with `docker exec`, or `docker top`, +and then ask the script to stop Apache: + +```bash +$ docker exec -it test ps aux +USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND +root 1 0.1 0.0 4448 692 ? Ss+ 00:42 0:00 /bin/sh /run.sh 123 cmd cmd2 +root 19 0.0 0.2 71304 4440 ? Ss 00:42 0:00 /usr/sbin/apache2 -k start +www-data 20 0.2 0.2 360468 6004 ? Sl 00:42 0:00 /usr/sbin/apache2 -k start +www-data 21 0.2 0.2 360468 6000 ? Sl 00:42 0:00 /usr/sbin/apache2 -k start +root 81 0.0 0.1 15572 2140 ? R+ 00:44 0:00 ps aux +$ docker top test +PID USER COMMAND +10035 root {run.sh} /bin/sh /run.sh 123 cmd cmd2 +10054 root /usr/sbin/apache2 -k start +10055 33 /usr/sbin/apache2 -k start +10056 33 /usr/sbin/apache2 -k start +$ /usr/bin/time docker stop test +test +real 0m 0.27s +user 0m 0.03s +sys 0m 0.03s +``` + +> **Note:** you can over ride the `ENTRYPOINT` setting using `--entrypoint`, +> but this can only set the binary to *exec* (no `sh -c` will be used). > **Note**: > The *exec* form is parsed as a JSON array, which means that @@ -505,13 +602,71 @@ optional but default, you could use a `CMD` instruction: > **Note**: > Unlike the *shell* form, the *exec* form does not invoke a command shell. > This means that normal shell processing does not happen. For example, -> `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. +> `ENTRYPOINT [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. > If you want shell processing then either use the *shell* form or execute -> a shell directly, for example: `CMD [ "sh", "-c", "echo", "$HOME" ]`. +> a shell directly, for example: `ENTRYPOINT [ "sh", "-c", "echo", "$HOME" ]`. +> Variables that are defined in the `Dockerfile`using `ENV`, will be substituted by +> the `Dockerfile` parser. -> **Note**: -> It is preferable to use the JSON array format for specifying -> `ENTRYPOINT` instructions. +### Shell form ENTRYPOINT example + +You can specify a plain string for the `ENTRYPOINT` and it will execute in `/bin/sh -c`. +This form will use shell processing to substitute shell environment variables, +and will ignore any `CMD` or `docker run` command line arguments. +To ensure that `docker stop` will signal any long running `ENTRYPOINT` executable +correctly, you need to remember to start it with `exec`: + + FROM ubuntu + ENTRYPOINT exec top -b + +When you run this image, you'll see the single `PID 1` process: + + $ docker run -it --rm --name test top + Mem: 1704520K used, 352148K free, 0K shrd, 0K buff, 140368121167873K cached + CPU: 5% usr 0% sys 0% nic 94% idle 0% io 0% irq 0% sirq + Load average: 0.08 0.03 0.05 2/98 6 + PID PPID USER STAT VSZ %VSZ %CPU COMMAND + 1 0 root R 3164 0% 0% top -b + +Which will exit cleanly on `docker stop`: + + $ /usr/bin/time docker stop test + test + real 0m 0.20s + user 0m 0.02s + sys 0m 0.04s + +If you forget to add `exec` to the beginning of your `ENTRYPOINT`: + + FROM ubuntu + ENTRYPOINT top -b + CMD --ignored-param1 + +You can then run it (giving it a name for the next step): + + $ docker run -it --name test top --ignored-param2 + Mem: 1704184K used, 352484K free, 0K shrd, 0K buff, 140621524238337K cached + CPU: 9% usr 2% sys 0% nic 88% idle 0% io 0% irq 0% sirq + Load average: 0.01 0.02 0.05 2/101 7 + PID PPID USER STAT VSZ %VSZ %CPU COMMAND + 1 0 root S 3168 0% 0% /bin/sh -c top -b cmd cmd2 + 7 1 root R 3164 0% 0% top -b + +You can see from the output of `top` that the specified `ENTRYPOINT` is not `PID 1`. + +If you then run `docker stop test`, the container will not exit cleanly - the +`stop` command will be forced to send a `SIGKILL` after the timeout: + + $ docker exec -it test ps aux + PID USER COMMAND + 1 root /bin/sh -c top -b cmd cmd2 + 7 root top -b + 8 root ps aux + $ /usr/bin/time docker stop test + test + real 0m 10.19s + user 0m 0.04s + sys 0m 0.03s ## VOLUME From 15192a0bc1264ff0069f10234508390bf049d063 Mon Sep 17 00:00:00 2001 From: Erik Hollensbe Date: Mon, 27 Oct 2014 20:05:29 +0000 Subject: [PATCH 0339/2538] builder: Update documentation WRT environment replacement Docker-DCO-1.1-Signed-off-by: Erik Hollensbe (github: erikh) --- docs/sources/reference/builder.md | 41 +++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 4bb02e3e21..cf8e0a6e29 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -104,6 +104,47 @@ be treated as an argument. This allows statements like: Here is the set of instructions you can use in a `Dockerfile` for building images. +### Environment Replacement + +**Note:** prior to 1.3, `Dockerfile` environment variables were handled +similarly, in that they would be replaced as described below. However, there +was no formal definition on as to which instructions handled environment +replacement at the time. After 1.3 this behavior will be preserved and +canonical. + +Environment variables (declared with the `ENV` statement) can also be used in +certain instructions as variables to be interpreted by the `Dockerfile`. Escapes +are also handled for including variable-like syntax into a statement literally. + +Environment variables are notated in the `Dockerfile` either with +`$variable_name` or `${variable_name}`. They are treated equivalently and the +brace syntax is typically used to address issues with variable names with no +whitespace, like `${foo}_bar`. + +Escaping is possible by adding a `\` before the variable: `\$foo` or `\${foo}`, +for example, will translate to `$foo` and `${foo}` literals respectively. + +Example (parsed representation is displayed after the `#`): + + FROM busybox + ENV foo /bar + WORKDIR ${foo} # WORKDIR /bar + ADD . $foo # ADD . /bar + COPY \$foo /quux # COPY $foo /quux + +The instructions that handle environment variables in the `Dockerfile` are: + +* `ENV` +* `ADD` +* `COPY` +* `WORKDIR` +* `EXPOSE` +* `VOLUME` +* `USER` + +`ONBUILD` instructions are **NOT** supported for environment replacement, even +the instructions above. + ## The `.dockerignore` file If a file named `.dockerignore` exists in the source repository, then it From 588d30ecca8293568a85b04f5d50ec000e6492cf Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Fri, 24 Oct 2014 15:48:23 -0700 Subject: [PATCH 0340/2538] Expose # of CPUs and memory available on docker info. Signed-off-by: Andrea Luzzardi --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4b5c709ab3..597afede85 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -848,6 +848,8 @@ For example: Execution Driver: native-0.2 Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS + CPUs: 1 + Total Memory: 2 GiB Debug mode (server): false Debug mode (client): true Fds: 10 From a6ba3f585b166de2e85d05a1a33f6fea1beacbc4 Mon Sep 17 00:00:00 2001 From: Fred Lifton Date: Fri, 24 Oct 2014 12:00:47 -0700 Subject: [PATCH 0341/2538] Tweaks to Dockerfile tutorial Made a few tweaks to Dockerfile tutorial links and removed some cruft from the tutorial itself. Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) --- docs/sources/reference/builder.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index cf8e0a6e29..ae0771d685 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -14,7 +14,8 @@ successively. This page discusses the specifics of all the instructions you can use in your `Dockerfile`. To further help you write a clear, readable, maintainable `Dockerfile`, we've also written a [`Dockerfile` Best Practices -guide](/articles/dockerfile_best-practices). +guide](/articles/dockerfile_best-practices). Lastly, you can test your +Dockerfile knowledge with the [Dockerfile tutorial](/userguide/level1). ## Usage From d83b0689339cb413f30eddb214ed10ae57844640 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 23 Sep 2014 17:24:52 -0700 Subject: [PATCH 0342/2538] Adding self to various maintainers files. Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) --- contrib/completion/MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 contrib/completion/MAINTAINERS diff --git a/contrib/completion/MAINTAINERS b/contrib/completion/MAINTAINERS new file mode 100644 index 0000000000..03ee2dde3d --- /dev/null +++ b/contrib/completion/MAINTAINERS @@ -0,0 +1,2 @@ +Tianon Gravi (@tianon) +Jessie Frazelle (@jfrazelle) From c90e4b1bc5c843878ed4048f37249fe78a841c46 Mon Sep 17 00:00:00 2001 From: Fred Lifton Date: Wed, 29 Oct 2014 16:43:18 -0700 Subject: [PATCH 0343/2538] Adds new Docs Style Guide. Includes changes to mkdocs yml and removes style info from docs Read Me, adding a link instead. Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) Conflicts: docs/README.md Revisions to style guide based on review. Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) More Style Guide revisions based on review. Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) A few more style guide copy edits Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) --- docs/README.md | 44 +++++++++++++++----------------------------- 1 file changed, 15 insertions(+), 29 deletions(-) diff --git a/docs/README.md b/docs/README.md index 27ed7eef11..f5ccb753da 100755 --- a/docs/README.md +++ b/docs/README.md @@ -11,9 +11,8 @@ development) branch maps to the "master" documentation. ## Contributing -- Follow the contribution guidelines ([see - `../CONTRIBUTING.md`](../CONTRIBUTING.md)). -- [Remember to sign your work!](../CONTRIBUTING.md#sign-your-work) +Be sure to follow the [contribution guidelines](../CONTRIBUTING.md)). +In particular, [remember to sign your work!](../CONTRIBUTING.md#sign-your-work) ## Getting Started @@ -41,26 +40,10 @@ to the menu definition in the `docs/mkdocs.yml` file. ## Style guide -The documentation is written with paragraphs wrapped at 80 column lines to make -it easier for terminal use. - -### Examples - -When writing examples, give the user hints by making them resemble what they see -in their shell: - -- Indent shell examples by 4 spaces so they get rendered as code. -- Start typed commands with `$ ` (dollar space), so that they are easily - differentiated from program output. -- Program output has no prefix. -- Comments begin with `# ` (hash space). -- In-container shell commands begin with `$$ ` (dollar dollar space). - -### Images - -When you need to add images, try to make them as small as possible (e.g., as -gifs). Usually images should go in the same directory as the `.md` file which -references them, or in a subdirectory if one already exists. +If you have questions about how to write for Docker's documentation (e.g., +questions about grammar, syntax, formatting, styling, language, or tone) please +see the [style guide](sources/contributing/docs_style-guide.md). If something +isn't clear in the guide, please submit a PR to help us improve it. ## Working using GitHub's file editor @@ -73,11 +56,11 @@ work!](../CONTRIBUTING.md#sign-your-work) ## Branches -**There are two branches related to editing docs**: `master` and a `docs` -branch. You should always edit the documentation on a local branch of the `master` +**There are two branches related to editing docs**: `master` and `docs`. You +should always edit the documentation on a local branch of the `master` branch, and send a PR against `master`. -That way your edits will automatically get included in later releases, and docs +That way your fixes will automatically get included in later releases, and docs maintainers can easily cherry-pick your changes into the `docs` release branch. In the rare case where your change is not forward-compatible, you may need to base your changes on the `docs` branch. @@ -95,8 +78,10 @@ found between Docker code releases. ## Publishing Documentation -To publish a copy of the documentation you need to have Docker up and running on your -machine. You'll also need a `docs/awsconfig` file containing AWS settings to deploy to. +To publish a copy of the documentation you need to have Docker up and running on +your machine. You'll also need a `docs/awsconfig` file containing the settings +you need to access the AWS bucket you'll be deploying to. + The release script will create an s3 if needed, and will then push the files to it. [profile dowideit-docs] aws_access_key_id = IHOIUAHSIDH234rwf.... @@ -115,7 +100,8 @@ also update the root docs pages by running make AWS_S3_BUCKET=dowideit-docs BUILD_ROOT=yes docs-release -> **Note:** if you are using Boot2Docker on OSX and the above command returns an error, +> **Note:** +> if you are using Boot2Docker on OSX and the above command returns an error, > `Post http:///var/run/docker.sock/build?rm=1&t=docker-docs%3Apost-1.2.0-docs_update-2: > dial unix /var/run/docker.sock: no such file or directory', you need to set the Docker > host. Run `$(boot2docker shellinit)` to see the correct variable to set. The command From deabfbc88f1044a79e7c6b4b92ceeb15926cbc48 Mon Sep 17 00:00:00 2001 From: Huayi Zhang Date: Wed, 29 Oct 2014 17:17:02 +0800 Subject: [PATCH 0344/2538] Add docs for --dns-search=. PR 6720 introduce that use `--dns-search=.` will not set `search` in `/etc/resolv.conf`. Signed-off-by: Huayi Zhang --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 597afede85..fe1955c209 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -119,7 +119,7 @@ for un-encrypted, and port `2376` for encrypted communication with the daemon. > and greater are supported. Protocols SSLv3 and under are not supported anymore > for security reasons. -On Systemd based systems, you can communicate with the daemon via +On Systemd based systems, you can communicate with the daemon via [systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use `docker -d -H fd://`. Using `fd://` will work perfectly for most setups but you can also specify individual sockets: `docker -d -H fd://3`. If the @@ -1035,7 +1035,7 @@ used, which is observable by the process being suspended. With the cgroups freez the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed. -See the +See the [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for further details. @@ -1227,7 +1227,7 @@ removed before the image is removed. -d, --detach=false Detached mode: run the container in the background and print the new container ID --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) --dns=[] Set custom DNS servers - --dns-search=[] Set custom DNS search domains + --dns-search=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) -e, --env=[] Set environment variables --entrypoint="" Overwrite the default ENTRYPOINT of the image --env-file=[] Read in a line delimited file of environment variables @@ -1615,7 +1615,7 @@ them to [*Share Images via Repositories*]( The `docker unpause` command uses the cgroups freezer to un-suspend all processes in a container. -See the +See the [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for further details. From 166109859e32af13fce8d2bc57043d90d7a18b26 Mon Sep 17 00:00:00 2001 From: Huayi Zhang Date: Fri, 31 Oct 2014 09:57:54 +0800 Subject: [PATCH 0345/2538] Mapping change in code Signed-off-by: Huayi Zhang --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index fe1955c209..312f6b9d1b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -525,7 +525,7 @@ Creates a new container. --cpuset="" CPUs in which to allow execution (0-3, 0,1) --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) --dns=[] Set custom DNS servers - --dns-search=[] Set custom DNS search domains + --dns-search=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) -e, --env=[] Set environment variables --entrypoint="" Overwrite the default ENTRYPOINT of the image --env-file=[] Read in a line delimited file of environment variables From 39b226dc848073871ac920c49809ca8668242077 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 31 Oct 2014 18:28:10 +0000 Subject: [PATCH 0346/2538] add missing 'current filter' to ps Signed-off-by: Victor Vieux --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 312f6b9d1b..2de896a082 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1074,6 +1074,7 @@ than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bi Current filters: * exited (int - the code of exited containers. Only useful with '--all') + * status (restarting|running|paused|exited) ##### Successfully exited containers From 01b86d0d329a92cf95b402b6a69a6b8994f05987 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Thu, 30 Oct 2014 09:38:44 +0800 Subject: [PATCH 0347/2538] Fix docker exec command help messages Signed-off-by: Lei Jitang --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2de896a082..6857f4df46 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -657,7 +657,7 @@ You'll need two shells for this example. Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] - Run a command in an existing container + Run a command in a running container -d, --detach=false Detached mode: run command in the background -i, --interactive=false Keep STDIN open even if not attached From 5b9405b38863783c4add2d9230397ad0e96ed004 Mon Sep 17 00:00:00 2001 From: Srini Brahmaroutu Date: Wed, 17 Sep 2014 01:08:30 +0000 Subject: [PATCH 0348/2538] adding support for port ranges on --expose Closes #1834 Signed-off-by: Srini Brahmaroutu --- docs/sources/reference/commandline/cli.md | 4 ++-- docs/sources/reference/run.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6857f4df46..f6d43e365f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -529,7 +529,7 @@ Creates a new container. -e, --env=[] Set environment variables --entrypoint="" Overwrite the default ENTRYPOINT of the image --env-file=[] Read in a line delimited file of environment variables - --expose=[] Expose a port from the container without publishing it to your host + --expose=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host -h, --hostname="" Container host name -i, --interactive=false Keep STDIN open even if not attached --link=[] Add link to another container in the form of name:alias @@ -1232,7 +1232,7 @@ removed before the image is removed. -e, --env=[] Set environment variables --entrypoint="" Overwrite the default ENTRYPOINT of the image --env-file=[] Read in a line delimited file of environment variables - --expose=[] Expose a port from the container without publishing it to your host + --expose=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host -h, --hostname="" Container host name -i, --interactive=false Keep STDIN open even if not attached --link=[] Add link to another container in the form of name:alias diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 88e3f5d491..b17afde23f 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -413,7 +413,7 @@ the `EXPOSE` instruction to give a hint to the operator about what incoming ports might provide services. The following options work with or override the Dockerfile's exposed defaults: - --expose=[]: Expose a port from the container + --expose=[]: Expose a port or a range of ports from the container without publishing it to your host -P=false : Publish all exposed ports to the host interfaces -p=[] : Publish a container᾿s port to the host (format: @@ -422,7 +422,7 @@ or override the Dockerfile's exposed defaults: (use 'docker port' to see the actual mapping) --link="" : Add link to another container (name:alias) -As mentioned previously, `EXPOSE` (and `--expose`) make a port available +As mentioned previously, `EXPOSE` (and `--expose`) makes ports available **in** a container for incoming connections. The port number on the inside of the container (where the service listens) does not need to be the same number as the port exposed on the outside of the container From 7caa149d5fcf8da444ba18a403e79faf1d1b9505 Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Sat, 1 Nov 2014 13:58:18 -0700 Subject: [PATCH 0349/2538] Clarify USER instruction documentation Reuse WORKDIR wording to specify that the USER instructions affect the following RUN, CMD, and ENTRYPOINT instructions. Signed-off-by: Arnaud Porterie --- docs/sources/reference/builder.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index ae0771d685..cb096640bd 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -731,7 +731,8 @@ documentation. USER daemon The `USER` instruction sets the user name or UID to use when running the image -and for any following `RUN` directives. +and for any `RUN`, `CMD` and `ENTRYPOINT` instructions that follow it in the +`Dockerfile`. ## WORKDIR From ad1a9d8d2fa5b5c466f73a745fcd11296ee1f436 Mon Sep 17 00:00:00 2001 From: Malte Janduda Date: Fri, 3 Oct 2014 23:02:17 +0200 Subject: [PATCH 0350/2538] Adding docker-cli run param to set MAC address Signed-off-by: Malte Janduda --- docs/sources/reference/commandline/cli.md | 8 ++++++++ docs/sources/reference/run.md | 19 ++++++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f6d43e365f..d58b9754d5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -536,6 +536,7 @@ Creates a new container. --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -m, --memory="" Memory limit (format: , where unit = b, k, m or g) --name="" Assign a name to the container + --mac-address="" Set the container's MAC address --net="bridge" Set the Network mode for the container 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container @@ -887,6 +888,13 @@ straightforward manner. $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID +**Get an instance's MAC Address:** + +For the most part, you can pick out any field from the JSON in a fairly +straightforward manner. + + $ sudo docker inspect --format='{{.NetworkSettings.MacAddress}}' $INSTANCE_ID + **List All Port Bindings:** One can loop over arrays and maps in the results to produce simple text diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index b17afde23f..c8a141de06 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -133,13 +133,14 @@ example, `docker run ubuntu:14.04`. ## Network settings - --dns=[] : Set custom dns servers for the container - --net="bridge" : Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container - --add-host="" : Add a line to /etc/hosts (host:IP) + --dns=[] : Set custom dns servers for the container + --net="bridge" : Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the container + --add-host="" : Add a line to /etc/hosts (host:IP) + --mac-address="" : Sets the container's ethernet device's mac address By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking @@ -150,6 +151,10 @@ networking. In cases like this, you would perform I/O through files or Your container will use the same DNS servers as the host by default, but you can override this with `--dns`. +By default a random mac is generated. You can set the container's mac address +explicitly by providing a mac via the `--mac-address` parameter (format: +12:34:56:78:9a:bc). + Supported networking modes are: * none - no networking in the container From a9e9f21f0fcbef168a1868c8ecf727cf58af15eb Mon Sep 17 00:00:00 2001 From: Malte Janduda Date: Mon, 3 Nov 2014 11:43:11 +0100 Subject: [PATCH 0351/2538] enhancing set-macaddress docu Signed-off-by: Malte Janduda --- docs/sources/reference/run.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index c8a141de06..4ec867f1a6 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -140,7 +140,7 @@ example, `docker run ubuntu:14.04`. 'container:': reuses another container network stack 'host': use the host network stack inside the container --add-host="" : Add a line to /etc/hosts (host:IP) - --mac-address="" : Sets the container's ethernet device's mac address + --mac-address="" : Sets the container's ethernet device's MAC address By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking @@ -151,9 +151,9 @@ networking. In cases like this, you would perform I/O through files or Your container will use the same DNS servers as the host by default, but you can override this with `--dns`. -By default a random mac is generated. You can set the container's mac address -explicitly by providing a mac via the `--mac-address` parameter (format: -12:34:56:78:9a:bc). +By default a random MAC is generated. You can set the container's MAC address +explicitly by providing a MAC via the `--mac-address` parameter (format: +`12:34:56:78:9a:bc`). Supported networking modes are: From 7a545897fe41a77dc3efe0191990986b6c2a05ca Mon Sep 17 00:00:00 2001 From: Malte Janduda Date: Tue, 4 Nov 2014 15:19:47 +0100 Subject: [PATCH 0352/2538] enhancing set-macaddress docu #2 Signed-off-by: Malte Janduda --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 4ec867f1a6..826e1c8b6c 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -140,7 +140,7 @@ example, `docker run ubuntu:14.04`. 'container:': reuses another container network stack 'host': use the host network stack inside the container --add-host="" : Add a line to /etc/hosts (host:IP) - --mac-address="" : Sets the container's ethernet device's MAC address + --mac-address="" : Sets the container's Ethernet device's MAC address By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking From 86e72c6e0691adeb0c816eadde51250b9e60b0ef Mon Sep 17 00:00:00 2001 From: Huu Nguyen Date: Thu, 30 Oct 2014 22:50:02 -0400 Subject: [PATCH 0353/2538] Fix apparent copy paste mistake The note under the RUN header refers to the CMD instruction. It should refer to the RUN instruction instead. Signed-off-by: Huu Nguyen --- docs/sources/reference/builder.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index cb096640bd..1f18f0c63a 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -238,9 +238,9 @@ commands using a base image that does not contain `/bin/sh`. > **Note**: > Unlike the *shell* form, the *exec* form does not invoke a command shell. > This means that normal shell processing does not happen. For example, -> `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. +> `RUN [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. > If you want shell processing then either use the *shell* form or execute -> a shell directly, for example: `CMD [ "sh", "-c", "echo", "$HOME" ]`. +> a shell directly, for example: `RUN [ "sh", "-c", "echo", "$HOME" ]`. The cache for `RUN` instructions isn't invalidated automatically during the next build. The cache for an instruction like From fb4c349f4012f3a0f951e99933c6e5b62ecd6031 Mon Sep 17 00:00:00 2001 From: George Xie Date: Wed, 5 Nov 2014 12:26:17 +0800 Subject: [PATCH 0354/2538] =?UTF-8?q?unify=20`=E2=80=93`(en=20dash)=20to?= =?UTF-8?q?=20`-`=20when=20specifying=20options?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Xie Shi --- docs/sources/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 826e1c8b6c..1abb7d0575 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -99,7 +99,7 @@ together in most interactive cases. ## Container identification -### Name (–-name) +### Name (--name) The operator can identify a container in three ways: @@ -218,7 +218,7 @@ container itself as well as `localhost` and a few other common things. The ::1 localhost ip6-localhost ip6-loopback 86.75.30.9 db-static -## Clean up (–-rm) +## Clean up (--rm) By default a container's file system persists even after the container exits. This makes debugging a lot easier (since you can inspect the From 0d41e6a758c9754823ab0c4133637b2085ee557c Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 22 Oct 2014 11:16:42 -0700 Subject: [PATCH 0355/2538] Use the HTTP Last-Modified http header as the mtime value for ADD cmd when present Closes #8331 Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 1f18f0c63a..00d9ba3eb8 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -376,7 +376,11 @@ destination container. All new files and directories are created with a UID and GID of 0. In the case where `` is a remote file URL, the destination will -have permissions of 600. +have permissions of 600. If the remote file being retrieved has an HTTP +`Last-Modified` header, the timestamp from that header will be used +to set the `mtime` on the destination file. Then, like any other file +processed during an `ADD`, `mtime` will be included in the determination +of whether or not the file has changed and the cache should be updated. > **Note**: > If you build by passing a `Dockerfile` through STDIN (`docker From e4401e3fe13a2fc1b015ce96c1868dc135aebece Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 11 Nov 2014 15:54:31 +1000 Subject: [PATCH 0356/2538] Add some details about the lifecycle of commands started with docker exec Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d58b9754d5..bf34b7d923 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -666,7 +666,11 @@ You'll need two shells for this example. The `docker exec` command runs a new command in a running container. -The `docker exec` command will typically be used after `docker run` or `docker start`. +The command started using `docker exec` will only run while the container's primary +process (`PID 1`) is running, and will not be restarted if the container is restarted. + +If the container is paused, then the `docker exec` command will wait until the +container is unpaused, and then run. #### Examples From 2c1368cd2ffef070f925105ee19b2fa285855483 Mon Sep 17 00:00:00 2001 From: decadent Date: Wed, 29 Oct 2014 12:36:38 +0300 Subject: [PATCH 0357/2538] Updated the COPY directive reference: Source can't be a URL for COPY (+ formatting error fixes) Signed-off-by: Roman Dudin --- docs/sources/reference/builder.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 00d9ba3eb8..19cc16ad0f 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -355,9 +355,8 @@ change them using `docker run --env =`. ADD ... -The `ADD` instruction copies new files,directories or remote file URLs to -the filesystem of the container from `` and add them to the at -path ``. +The `ADD` instruction copies new files, directories or remote file URLs from `` +and adds them to the filesystem of the container at the path ``. Multiple `` resource may be specified but if they are files or directories then they must be relative to the source directory that is @@ -452,13 +451,11 @@ The copy obeys the following rules: COPY ... -The `COPY` instruction copies new files,directories or remote file URLs to -the filesystem of the container from `` and add them to the at -path ``. +The `COPY` instruction copies new files or directories from `` +and adds them to the filesystem of the container at the path ``. -Multiple `` resource may be specified but if they are files or -directories then they must be relative to the source directory that is being -built (the context of the build). +Multiple `` resource may be specified but they must be relative +to the source directory that is being built (the context of the build). Each `` may contain wildcards and matching will be done using Go's [filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. From 7f24369ab586ce5e4d725def4aadd528e2b18b66 Mon Sep 17 00:00:00 2001 From: pixelistik Date: Thu, 13 Nov 2014 23:26:49 +0100 Subject: [PATCH 0358/2538] Fix typo "infortmation" in docs for `docker run` --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index bf34b7d923..2da65a2bd1 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1277,7 +1277,7 @@ specified image, and then `starts` it using the specified command. That is, previous changes intact using `docker start`. See `docker ps -a` to view a list of all containers. -There is detailed infortmation about `docker run` in the [Docker run reference]( +There is detailed information about `docker run` in the [Docker run reference]( /reference/run/). The `docker run` command can be used in combination with `docker commit` to From 4d80935bff5e522ab3996109d8672b0ca9308915 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 10 Nov 2014 16:14:17 -0500 Subject: [PATCH 0359/2538] Allow IPC namespace to be shared between containers or with the host Some workloads rely on IPC for communications with other processes. We would like to split workloads between two container but still allow them to communicate though shared IPC. This patch mimics the --net code to allow --ipc=host to not split off the IPC Namespace. ipc=container:CONTAINERID to share ipc between containers If you share IPC between containers, then you need to make sure SELinux labels match. Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/sources/reference/run.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 1abb7d0575..31029e2a11 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -50,6 +50,7 @@ following options. - [Container Identification](#container-identification) - [Name (--name)](#name-name) - [PID Equivalent](#pid-equivalent) + - [IPC Settings](#ipc-settings) - [Network Settings](#network-settings) - [Clean Up (--rm)](#clean-up-rm) - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory) @@ -131,6 +132,22 @@ While not strictly a means of identifying a container, you can specify a version image you'd like to run the container with by adding `image[:tag]` to the command. For example, `docker run ubuntu:14.04`. +## IPC Settings + --ipc="" : Set the IPC mode for the container, + 'container:': reuses another container's IPC namespace + 'host': use the host's IPC namespace inside the container +By default, all containers have the IPC namespace enabled + +IPC (POSIX/SysV IPC) namespace provides separation of named shared memory segments, semaphores and message queues. + +Shared memory segments are used to accelerate inter-process communication at +memory speed, rather than through pipes or through the network stack. Shared +memory is commonly used by databases and custom-built (typically C/OpenMPI, +C++/using boost libraries) high performance applications for scientific +computing and financial services industries. If these types of applications +are broken into multiple containers, you might need to share the IPC mechanisms +of the containers. + ## Network settings --dns=[] : Set custom dns servers for the container From aa2c30847157dfa68d8ffcc19b8ae2614596ccf6 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 1 Oct 2014 06:07:24 -0700 Subject: [PATCH 0360/2538] Add --log-level support Next steps, in another PR, would be: - make all logging go through the logrus stuff - I'd like to see if we can remove the env var stuff (like DEBUG) but we'll see Closes #5198 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2da65a2bd1..7526954b12 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -75,6 +75,8 @@ expect an integer, and they can only be specified once. --ip-forward=true Enable net.ipv4.ip_forward --ip-masq=true Enable IP masquerading for bridge's IP range --iptables=true Enable Docker's addition of iptables rules + -l, --log-level="info" Set the logging level + --mtu=0 Set the containers network MTU if no value is provided: default to the default route MTU or 1500 if no default route is available -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file From ef4fe0e404b38818bbe2dc3dbde85891334e69d0 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 6 Nov 2014 13:39:42 +1000 Subject: [PATCH 0361/2538] makes the -s --size option documentation clearer #8950 Signed-off-by: Sven Dowideit --- contrib/completion/fish/docker.fish | 2 +- contrib/completion/zsh/_docker | 2 +- docs/sources/reference/commandline/cli.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 48b0279cee..b250dfd0b1 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -185,7 +185,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d ' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display sizes' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display total file sizes' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.' # pull diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4c0937e10c..f867d76a78 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -357,7 +357,7 @@ __docker_subcommand () { '-n[Show n last created containers, include non-running one]:n:(1 5 10 25 50)' \ '--no-trunc[Do not truncate output]' \ {-q,--quiet}'[Only show numeric IDs]' \ - {-s,--size}'[Display sizes]' \ + {-s,--size}'[Display total file sizes]' \ '--since=-[Show only containers created since...]:containers:__docker_containers' ;; (tag) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 7526954b12..ab80f2ff51 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1068,7 +1068,7 @@ for further details. -n=-1 Show n last created containers, include non-running ones. --no-trunc=false Don't truncate output -q, --quiet=false Only display numeric IDs - -s, --size=false Display sizes + -s, --size=false Display total file sizes --since="" Show only containers created since Id or Name, include non-running ones. Running `docker ps` showing 2 linked containers. From fec9e65e600121e70b7942726415d1d41ecd7e97 Mon Sep 17 00:00:00 2001 From: Michal Minar Date: Thu, 13 Nov 2014 10:40:45 +0100 Subject: [PATCH 0362/2538] Corrected description of --sig-proxy Signal proxy does work only in non-TTY mode (--tty=false). Man pages and commands should not lie about it. Signed-off-by: Michal Minar --- contrib/completion/fish/docker.fish | 4 ++-- docs/sources/reference/commandline/cli.md | 4 ++-- docs/sources/reference/run.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index b250dfd0b1..73c2966393 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -67,7 +67,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -s v -l version -d 'Print # attach complete -c docker -f -n '__fish_docker_no_subcommand' -a attach -d 'Attach to a running container' complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach stdin' -complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxify all received signal to the process (even in non-tty mode)' +complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxify all received signal to the process (non-TTY mode only)' complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container" # build @@ -237,7 +237,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping)" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxify all received signal to the process (even in non-tty mode)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxify all received signal to the process (non-TTY mode only)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-tty' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)' diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ab80f2ff51..581b6bc6f2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -249,7 +249,7 @@ Docker supports softlinks for the Docker data directory Attach to a running container --no-stdin=false Do not attach STDIN - --sig-proxy=true Proxy all received signals to the process (even in non-TTY mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. + --sig-proxy=true Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The `attach` command lets you view or interact with any running container's primary process (`pid 1`). @@ -1265,7 +1265,7 @@ removed before the image is removed. --privileged=false Give extended privileges to this container --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) --rm=false Automatically remove the container when it exits (incompatible with -d) - --sig-proxy=true Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. + --sig-proxy=true Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 31029e2a11..8b0c6a1591 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -83,7 +83,7 @@ and pass along signals. All of that is configurable: -a=[] : Attach to `STDIN`, `STDOUT` and/or `STDERR` -t=false : Allocate a pseudo-tty - --sig-proxy=true: Proxify all received signal to the process (even in non-tty mode) + --sig-proxy=true: Proxify all received signal to the process (non-TTY mode only) -i=false : Keep STDIN open even if not attached If you do not specify `-a` then Docker will [attach all standard From 0205c641fab7944433a4d7f73181224dc5cfad8d Mon Sep 17 00:00:00 2001 From: Michal Minar Date: Wed, 19 Nov 2014 09:08:39 +0100 Subject: [PATCH 0363/2538] Updated sig-proxy text also in zsh completion script Signed-off-by: Michal Minar --- contrib/completion/zsh/_docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index f867d76a78..c13a849783 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -190,7 +190,7 @@ __docker_subcommand () { (attach) _arguments \ '--no-stdin[Do not attach stdin]' \ - '--sig-proxy[Proxify all received signal]' \ + '--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]' \ ':containers:__docker_runningcontainers' ;; (build) @@ -396,7 +396,7 @@ __docker_subcommand () { '--restart=-[Restart policy]:restart policy:(no on-failure always)' \ '--rm[Remove intermediate containers when it exits]' \ '*--security-opt=-[Security options]:security option: ' \ - '--sig-proxy[Proxify all received signal]' \ + '--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]' \ {-t,--tty}'[Allocate a pseudo-tty]' \ {-u,--user=-}'[Username or UID]:user:_users' \ '*-v[Bind mount a volume]:volume: '\ From da3b6648fd0bf092a6bc93944211b1ed59489ae9 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Sun, 16 Nov 2014 05:13:14 -0800 Subject: [PATCH 0364/2538] Be clearer in docs about COPY/ADD dirs COPY/ADD just copies the contents of dirs, not dirs themselves. This PR tries to clear that up in the docs. Closes #8775 Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 19cc16ad0f..198e81cf8c 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -420,8 +420,10 @@ The copy obeys the following rules: appropriate filename can be discovered in this case (`http://example.com` will not work). -- If `` is a directory, the entire directory is copied, including - filesystem metadata. +- If `` is a directory, the entire contents of the directory are copied, + including filesystem metadata. +> **Note**: +> The directory itself is not copied, just its contents. - If `` is a *local* tar archive in a recognized compression format (identity, gzip, bzip2 or xz) then it is unpacked as a directory. Resources @@ -480,8 +482,10 @@ The copy obeys the following rules: `docker build` is to send the context directory (and subdirectories) to the docker daemon. -- If `` is a directory, the entire directory is copied, including - filesystem metadata. +- If `` is a directory, the entire contents of the directory are copied, + including filesystem metadata. +> **Note**: +> The directory itself is not copied, just its contents. - If `` is any other kind of file, it is copied individually along with its metadata. In this case, if `` ends with a trailing slash `/`, it From d0e9a94ae0d9fe68bf0ddfc02231876a659f8fe3 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Mon, 17 Nov 2014 19:26:39 +0000 Subject: [PATCH 0365/2538] add docs Signed-off-by: Victor Vieux --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 581b6bc6f2..849f381db8 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -856,6 +856,8 @@ For example: Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS CPUs: 1 + Hostname: prod-server-42 + ID: 7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS Total Memory: 2 GiB Debug mode (server): false Debug mode (client): true From 44071eb4ce6ed0291cddd2c92e4e762b8f02cb79 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Mon, 17 Nov 2014 21:54:11 +0000 Subject: [PATCH 0366/2538] Hostname -> Name Signed-off-by: Victor Vieux --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 849f381db8..7772059411 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -856,7 +856,7 @@ For example: Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS CPUs: 1 - Hostname: prod-server-42 + Name: prod-server-42 ID: 7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS Total Memory: 2 GiB Debug mode (server): false From 489d01ee7df3599750af3554e6fb8b0439a597b1 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 25 Sep 2014 19:28:24 -0700 Subject: [PATCH 0367/2538] Add support for ENV of the form: ENV name=value ... still supports the old form: ENV name value Also, fixed an issue with the parser where it would ignore lines at the end of the Dockerfile that ended with \ Closes #2333 Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 198e81cf8c..aac21b3272 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -337,11 +337,36 @@ expose ports to the host, at runtime, ## ENV ENV + ENV = ... The `ENV` instruction sets the environment variable `` to the value ``. This value will be passed to all future `RUN` instructions. This is functionally equivalent to prefixing the command with `=` +The `ENV` instruction has two forms. The first form, `ENV `, +will set a single variable to a value. The entire string after the first +space will be treated as the `` - including characters such as +spaces and quotes. + +The second form, `ENV = ...`, allows for multiple variables to +be set at one time. Notice that the second form uses the equals sign (=) +in the syntax, while the first form does not. Like command line parsing, +quotes and backslashes can be used to include spaces within values. + +For example: + + ENV myName="John Doe" myDog=Rex\ The\ Dog \ + myCat=fluffy + +and + + ENV myName John Doe + ENV myDog Rex The Dog + ENV myCat fluffy + +will yield the same net results in the final container, but the first form +does it all in one layer. + The environment variables set using `ENV` will persist when a container is run from the resulting image. You can view the values using `docker inspect`, and change them using `docker run --env =`. From 9af3e1ad094feca857a6e6f50859a0e6e5b5a511 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 18 Nov 2014 17:42:25 -0800 Subject: [PATCH 0368/2538] tlsverify flag has no dash Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 7772059411..ca7b7b7836 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -84,7 +84,7 @@ expect an integer, and they can only be specified once. -s, --storage-driver="" Force the Docker runtime to use a specific storage driver --selinux-enabled=false Enable selinux support. SELinux does not presently support the BTRFS storage driver --storage-opt=[] Set storage driver options - --tls=false Use TLS; implied by tls-verify flags + --tls=false Use TLS; implied by --tlsverify=true --tlscacert="/home/sven/.docker/ca.pem" Trust only remotes providing a certificate signed by the CA given here --tlscert="/home/sven/.docker/cert.pem" Path to TLS certificate file --tlskey="/home/sven/.docker/key.pem" Path to TLS key file From 440a18bb50ad57edf7669af246f1780e74891232 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 18 Nov 2014 11:42:54 -0800 Subject: [PATCH 0369/2538] Add an example that shows starting apache in the foreground Signed-off-by: Sven Dowideit --- docs/sources/reference/builder.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index aac21b3272..121018cff5 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -591,6 +591,17 @@ To examine the result further, you can use `docker exec`: And you can gracefully request `top` to shut down using `docker stop test`. +The following `Dockerfile` shows using the `ENTRYPOINT` to run Apache in the +foreground (i.e., as `PID 1`): + +``` +FROM debian:stable +RUN apt-get update && apt-get install -y --force-yes apache2 +EXPOSE 80 443 +VOLUME ["/var/www", "/var/log/apache2", "/etc/apache2"] +ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] +``` + If you need to write a starter script for a single executable, you can ensure that the final executable receives the Unix signals by using `exec` and `gosu` (see [the Dockerfile best practices](/articles/dockerfile_best-practices/#entrypoint) From d9382df2b3c8ed1e153f23ed5eccbac1998a6433 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 20 Nov 2014 07:29:04 -0800 Subject: [PATCH 0370/2538] Make --tlsverify enable tls regardless of value specified I also needed to add a mflag.IsSet() function that allows you to check to see if a certain flag was actually specified on the cmd line. Per #9221 - also tweaked the docs to fix a typo. Closes #9221 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ca7b7b7836..ff13d6222c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -84,7 +84,7 @@ expect an integer, and they can only be specified once. -s, --storage-driver="" Force the Docker runtime to use a specific storage driver --selinux-enabled=false Enable selinux support. SELinux does not presently support the BTRFS storage driver --storage-opt=[] Set storage driver options - --tls=false Use TLS; implied by --tlsverify=true + --tls=false Use TLS; implied by --tlsverify flag --tlscacert="/home/sven/.docker/ca.pem" Trust only remotes providing a certificate signed by the CA given here --tlscert="/home/sven/.docker/cert.pem" Path to TLS certificate file --tlskey="/home/sven/.docker/key.pem" Path to TLS key file From 43cd8c95864b720e3e87feabd98bf1038a4641cb Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 17 Nov 2014 16:41:54 -0800 Subject: [PATCH 0371/2538] If an image has more than one repo name or tag, it'll be listed more than once Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 29 +++++++++++++---------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ff13d6222c..2ec5cdf26f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -11,7 +11,7 @@ or execute `docker help`: Usage: docker [OPTIONS] COMMAND [arg...] -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. - A self-sufficient runtime for linux containers. + A self-sufficient runtime for Linux containers. ... @@ -111,7 +111,7 @@ requiring either `root` permission, or `docker` group membership. If you need to access the Docker daemon remotely, you need to enable the `tcp` Socket. Beware that the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon - and should be secured either using the -[built in https encrypted socket](/articles/https/), or by putting a secure web +[built in HTTPS encrypted socket](/articles/https/), or by putting a secure web proxy in front of it. You can listen on port `2375` on all network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP address: `-H tcp://192.168.59.103:2375`. It is conventional to use port `2375` @@ -738,19 +738,24 @@ decrease disk usage, and speed up `docker build` by allowing each step to be cached. These intermediate layers are not shown by default. +An image will be listed more than once if it has multiple repository names +or tags. This single image (identifiable by its matching `IMAGE ID`) +uses up the `VIRTUAL SIZE` listed only once. + #### Listing the most recently created images $ sudo docker images | head - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - 77af4d6b9913 19 hours ago 1.089 GB - committest latest b6fa739cedf5 19 hours ago 1.089 GB - 78a85c484f71 19 hours ago 1.089 GB - docker latest 30557a29d5ab 20 hours ago 1.089 GB - 0124422dd9f9 20 hours ago 1.089 GB - 18ad6fad3402 22 hours ago 1.082 GB - f9f1e26352f0 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81 23 hours ago 131.5 MB - 5ed6274db6ce 24 hours ago 1.089 GB + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + 77af4d6b9913 19 hours ago 1.089 GB + committ latest b6fa739cedf5 19 hours ago 1.089 GB + 78a85c484f71 19 hours ago 1.089 GB + docker latest 30557a29d5ab 20 hours ago 1.089 GB + 5ed6274db6ce 24 hours ago 1.089 GB + postgres 9 746b819f315e 4 days ago 213.4 MB + postgres 9.3 746b819f315e 4 days ago 213.4 MB + postgres 9.3.5 746b819f315e 4 days ago 213.4 MB + postgres latest 746b819f315e 4 days ago 213.4 MB + #### Listing the full length image IDs From 1d559f6ade7ce13cedc730744992c1777a0bfb68 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 20 Nov 2014 18:36:05 +0000 Subject: [PATCH 0372/2538] add daemon labels Signed-off-by: Victor Vieux --- docs/sources/reference/commandline/cli.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2ec5cdf26f..295570c936 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -76,7 +76,7 @@ expect an integer, and they can only be specified once. --ip-masq=true Enable IP masquerading for bridge's IP range --iptables=true Enable Docker's addition of iptables rules -l, --log-level="info" Set the logging level - + --label=[] Set key=values labels to the daemon (displayed in `docker info`) --mtu=0 Set the containers network MTU if no value is provided: default to the default route MTU or 1500 if no default route is available -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file @@ -856,7 +856,9 @@ For example: $ sudo docker -D info Containers: 14 Images: 52 - Storage Driver: btrfs + Storage Driver: aufs + Root Dir: /var/lib/docker/aufs + Dirs: 545 Execution Driver: native-0.2 Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS @@ -872,6 +874,8 @@ For example: Init Path: /usr/bin/docker Username: svendowideit Registry: [https://index.docker.io/v1/] + Labels: + storage=ssd The global `-D` option tells all `docker` commands to output debug information. From ddef8db902cc5f5a18858431f4085f27e3e0b01d Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 21 Nov 2014 19:15:22 +0000 Subject: [PATCH 0373/2538] key=values -> key=value Signed-off-by: Victor Vieux --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 295570c936..b4af794fbc 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -76,7 +76,7 @@ expect an integer, and they can only be specified once. --ip-masq=true Enable IP masquerading for bridge's IP range --iptables=true Enable Docker's addition of iptables rules -l, --log-level="info" Set the logging level - --label=[] Set key=values labels to the daemon (displayed in `docker info`) + --label=[] Set key=value labels to the daemon (displayed in `docker info`) --mtu=0 Set the containers network MTU if no value is provided: default to the default route MTU or 1500 if no default route is available -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file From acb8b1b5f63bd565429ea8e03cd2d5823a024bd1 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Tue, 18 Nov 2014 23:22:32 -0500 Subject: [PATCH 0374/2538] overlayfs: add --storage-driver doc Signed-off-by: Vincent Batts --- docs/sources/reference/commandline/cli.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b4af794fbc..6dedb4799f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -156,7 +156,7 @@ string is equivalent to setting the `--tlsverify` flag. The following are equiva ### Daemon storage-driver option The Docker daemon has support for three different image layer storage drivers: `aufs`, -`devicemapper`, and `btrfs`. +`devicemapper`, `btrfs` and `overlayfs`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that is unlikely to be merged into the main kernel. These are also known to cause some @@ -175,6 +175,9 @@ To tell the Docker daemon to use `devicemapper`, use The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`. +The `overlayfs` is a very fast union filesystem. It is now merged in the main +Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). +Call `docker -d -s overlayfs` to use it. ### Docker exec-driver option From 494cc3ad71c845e7463fad7c4ab00281e68747bb Mon Sep 17 00:00:00 2001 From: unclejack Date: Fri, 21 Nov 2014 19:51:32 +0200 Subject: [PATCH 0375/2538] build: add pull flag to force image pulling Signed-off-by: Cristian Staretu --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6dedb4799f..66253a7d60 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -315,6 +315,7 @@ To kill the container, use `docker kill`. --force-rm=false Always remove intermediate containers, even after unsuccessful builds --no-cache=false Do not use cache when building the image + --pull=false Always attempt to pull a newer version of the image -q, --quiet=false Suppress the verbose output generated by the containers --rm=true Remove intermediate containers after a successful build -t, --tag="" Repository name (and optionally a tag) to be applied to the resulting image in case of success From 536361ff1878f293b2eea3ad59aed7560e6d5e7c Mon Sep 17 00:00:00 2001 From: "Dmitry V. Krivenok" Date: Sun, 23 Nov 2014 22:59:35 +0300 Subject: [PATCH 0376/2538] Fixed typo in documentation. --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 66253a7d60..4bbbd35b83 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -155,7 +155,7 @@ string is equivalent to setting the `--tlsverify` flag. The following are equiva ### Daemon storage-driver option -The Docker daemon has support for three different image layer storage drivers: `aufs`, +The Docker daemon has support for four different image layer storage drivers: `aufs`, `devicemapper`, `btrfs` and `overlayfs`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that From 536f41a73e8e6aaac17b8e1d6671d26009aae32e Mon Sep 17 00:00:00 2001 From: "Dmitry V. Krivenok" Date: Mon, 24 Nov 2014 21:22:54 +0300 Subject: [PATCH 0377/2538] Made wording a bit more generic. --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4bbbd35b83..07cc578eb2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -155,7 +155,7 @@ string is equivalent to setting the `--tlsverify` flag. The following are equiva ### Daemon storage-driver option -The Docker daemon has support for four different image layer storage drivers: `aufs`, +The Docker daemon has support for several different image layer storage drivers: `aufs`, `devicemapper`, `btrfs` and `overlayfs`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that From 69d7e8443d85b241e17bac1d2859c2c0198651e3 Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Sun, 23 Nov 2014 00:45:14 +0100 Subject: [PATCH 0378/2538] zsh: correctly parse available subcommands A lot of flags have been added on the output of `docker help`. Use a more robust method to extract the list of available subcommands by spotting the `Command:` line and the next blank line. Signed-off-by: Vincent Bernat --- contrib/completion/zsh/_docker | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index c13a849783..9104f385d7 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -177,7 +177,9 @@ __docker_commands () { if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands) \ && ! _retrieve_cache docker_subcommands; then - _docker_subcommands=(${${${${(f)"$(_call_program commands docker 2>&1)"}[5,-1]}## #}/ ##/:}) + local -a lines + lines=(${(f)"$(_call_program commands docker 2>&1)"}) + _docker_subcommands=(${${${lines[$((${lines[(i)Commands:]} + 1)),${lines[(I) *]}]}## #}/ ##/:}) _docker_subcommands=($_docker_subcommands 'help:Show help for a command') _store_cache docker_subcommands _docker_subcommands fi From 923e1ecbc526bc4011c2ebf187751820793f7fb9 Mon Sep 17 00:00:00 2001 From: Aidan Hobson Sayers Date: Fri, 14 Nov 2014 01:52:55 +0000 Subject: [PATCH 0379/2538] Allow git@ prefixes for any hosted git service Signed-off-by: Aidan Hobson Sayers --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 07cc578eb2..b9c2945707 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -462,7 +462,7 @@ Supported formats are: bzip2, gzip and xz. This will clone the GitHub repository and use the cloned repository as context. The Dockerfile at the root of the repository is used as Dockerfile. Note that you -can specify an arbitrary Git repository by using the `git://` +can specify an arbitrary Git repository by using the `git://` or `git@` schema. > **Note:** `docker build` will return a `no such file or directory` error From 055b224c90bab34beb32f40b27065f2ce947aef5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 17 Nov 2014 17:13:58 +0100 Subject: [PATCH 0380/2538] Add missing options to bash completion for the run and create commands Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 175 +++++++++++++++++++++++++++++++-- 1 file changed, 167 insertions(+), 8 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index dbe7c71442..089ebfea67 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -99,6 +99,55 @@ __docker_pos_first_nonflag() { echo $counter } +__docker_resolve_hostname() { + command -v host >/dev/null 2>&1 || return + COMPREPLY=( $(host 2>/dev/null "${cur%:}" | awk '/has address/ {print $4}') ) +} + +__docker_capabilities() { + # The list of capabilities is defined in types.go, ALL was added manually. + COMPREPLY=( $( compgen -W " + ALL + AUDIT_CONTROL + AUDIT_WRITE + BLOCK_SUSPEND + CHOWN + DAC_OVERRIDE + DAC_READ_SEARCH + FOWNER + FSETID + IPC_LOCK + IPC_OWNER + KILL + LEASE + LINUX_IMMUTABLE + MAC_ADMIN + MAC_OVERRIDE + MKNOD + NET_ADMIN + NET_BIND_SERVICE + NET_BROADCAST + NET_RAW + SETFCAP + SETGID + SETPCAP + SETUID + SYS_ADMIN + SYS_BOOT + SYS_CHROOT + SYSLOG + SYS_MODULE + SYS_NICE + SYS_PACCT + SYS_PTRACE + SYS_RAWIO + SYS_RESOURCE + SYS_TIME + SYS_TTY_CONFIG + WAKE_ALARM + " -- "$cur" ) ) +} + _docker_docker() { case "$prev" in -H) @@ -222,7 +271,7 @@ _docker_create() { __docker_containers_all return ;; - -v|--volume) + -v|--volume|--device) case "$cur" in *:*) # TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine) @@ -255,7 +304,62 @@ _docker_create() { esac return ;; - --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf) + --add-host) + case "$cur" in + *:) + __docker_resolve_hostname + return + ;; + esac + ;; + --cap-add|--cap-drop) + __docker_capabilities + return + ;; + --net) + case "$cur" in + container:*) + local cur=${cur#*:} + __docker_containers_all + ;; + *) + COMPREPLY=( $( compgen -W "bridge none container: host" -- "$cur") ) + if [ "${COMPREPLY[*]}" = "container:" ] ; then + compopt -o nospace + fi + ;; + esac + return + ;; + --restart) + case "$cur" in + on-failure:*) + ;; + *) + COMPREPLY=( $( compgen -W "no on-failure on-failure: always" -- "$cur") ) + ;; + esac + return + ;; + --security-opt) + case "$cur" in + label:*:*) + ;; + label:*) + local cur=${cur##*:} + COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "$cur") ) + if [ "${COMPREPLY[*]}" != "disable" ] ; then + compopt -o nospace + fi + ;; + *) + COMPREPLY=( $( compgen -W "label apparmor" -S ":" -- "$cur") ) + compopt -o nospace + ;; + esac + return + ;; + --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf|--dns-search) return ;; *) @@ -264,10 +368,10 @@ _docker_create() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir -c --cpu-shares --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt --add-host --cap-add --cap-drop --device --dns-search --net --restart" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf') + local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt|--add-host|--cap-add|--cap-drop|--device|--dns-search|--net|--restart') if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids @@ -553,7 +657,7 @@ _docker_run() { __docker_containers_all return ;; - -v|--volume) + -v|--volume|--device) case "$cur" in *:*) # TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine) @@ -586,7 +690,62 @@ _docker_run() { esac return ;; - --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf) + --add-host) + case "$cur" in + *:) + __docker_resolve_hostname + return + ;; + esac + ;; + --cap-add|--cap-drop) + __docker_capabilities + return + ;; + --net) + case "$cur" in + container:*) + local cur=${cur#*:} + __docker_containers_all + ;; + *) + COMPREPLY=( $( compgen -W "bridge none container: host" -- "$cur") ) + if [ "${COMPREPLY[*]}" = "container:" ] ; then + compopt -o nospace + fi + ;; + esac + return + ;; + --restart) + case "$cur" in + on-failure:*) + ;; + *) + COMPREPLY=( $( compgen -W "no on-failure on-failure: always" -- "$cur") ) + ;; + esac + return + ;; + --security-opt) + case "$cur" in + label:*:*) + ;; + label:*) + local cur=${cur##*:} + COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "$cur") ) + if [ "${COMPREPLY[*]}" != "disable" ] ; then + compopt -o nospace + fi + ;; + *) + COMPREPLY=( $( compgen -W "label apparmor" -S ":" -- "$cur") ) + compopt -o nospace + ;; + esac + return + ;; + --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf|--dns-search) return ;; *) @@ -595,11 +754,11 @@ _docker_run() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt --add-host --cap-add --cap-drop --device --dns-search --net --restart" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt') + local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt|--add-host|--cap-add|--cap-drop|--device|--dns-search|--net|--restart') if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids From 3addb4d642a570be258e9f5b4fae90dfac59031e Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 19 Nov 2014 14:29:56 +0100 Subject: [PATCH 0381/2538] Minor bash completion cleanup The -n and --networking options were removed because they are unsupported. Bash completion should not reveal the existence of otherwise undocumented unsupported options. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 52 ++++++---------------------------- 1 file changed, 8 insertions(+), 44 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 089ebfea67..5364944faf 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1,8 +1,8 @@ -#!bash +#!/bin/bash # # bash completion file for core docker commands # -# This script provides supports completion of: +# This script provides completion of: # - commands and their options # - container ids and names # - image repos and tags @@ -11,9 +11,9 @@ # To enable the completions either: # - place this file in /etc/bash_completion.d # or -# - copy this file and add the line below to your .bashrc after -# bash completion features are loaded -# . docker.bash +# - copy this file to e.g. ~/.docker-completion.sh and add the line +# below to your .bashrc after bash completion features are loaded +# . ~/.docker-completion.sh # # Note: # Currently, the completions will not work if the docker daemon is not @@ -153,8 +153,6 @@ _docker_docker() { -H) return ;; - *) - ;; esac case "$cur" in @@ -187,8 +185,6 @@ _docker_build() { __docker_image_repos_and_tags return ;; - *) - ;; esac case "$cur" in @@ -209,8 +205,6 @@ _docker_commit() { -m|--message|-a|--author|--run) return ;; - *) - ;; esac case "$cur" in @@ -362,13 +356,11 @@ _docker_create() { --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf|--dns-search) return ;; - *) - ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "-n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt --add-host --cap-add --cap-drop --device --dns-search --net --restart" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt --add-host --cap-add --cap-drop --device --dns-search --net --restart" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt|--add-host|--cap-add|--cap-drop|--device|--dns-search|--net|--restart') @@ -392,16 +384,12 @@ _docker_events() { --since) return ;; - *) - ;; esac case "$cur" in -*) COMPREPLY=( $( compgen -W "--since" -- "$cur" ) ) ;; - *) - ;; esac } @@ -480,8 +468,6 @@ _docker_inspect() { -f|--format) return ;; - *) - ;; esac case "$cur" in @@ -507,16 +493,12 @@ _docker_login() { -u|--username|-p|--password|-e|--email) return ;; - *) - ;; esac case "$cur" in -*) COMPREPLY=( $( compgen -W "-u --username -p --password -e --email" -- "$cur" ) ) ;; - *) - ;; esac } @@ -556,16 +538,12 @@ _docker_ps() { -n) return ;; - *) - ;; esac case "$cur" in -*) COMPREPLY=( $( compgen -W "-q --quiet -s --size -a --all --no-trunc -l --latest --since --before -n" -- "$cur" ) ) ;; - *) - ;; esac } @@ -574,8 +552,6 @@ _docker_pull() { -t|--tag) return ;; - *) - ;; esac case "$cur" in @@ -603,8 +579,6 @@ _docker_restart() { -t|--time) return ;; - *) - ;; esac case "$cur" in @@ -624,7 +598,6 @@ _docker_rm() { return ;; *) - local force= for arg in "${COMP_WORDS[@]}"; do case "$arg" in -f|--force) @@ -748,16 +721,13 @@ _docker_run() { --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf|--dns-search) return ;; - *) - ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--rm -d --detach -n --networking --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt --add-host --cap-add --cap-drop --device --dns-search --net --restart" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--rm -d --detach --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt --add-host --cap-add --cap-drop --device --dns-search --net --restart" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt|--add-host|--cap-add|--cap-drop|--device|--dns-search|--net|--restart') if [ $cword -eq $counter ]; then @@ -779,16 +749,12 @@ _docker_search() { -s|--stars) return ;; - *) - ;; esac case "$cur" in -*) COMPREPLY=( $( compgen -W "--no-trunc --automated -s --stars" -- "$cur" ) ) ;; - *) - ;; esac } @@ -808,8 +774,6 @@ _docker_stop() { -t|--time) return ;; - *) - ;; esac case "$cur" in @@ -911,7 +875,7 @@ _docker() { local cur prev words cword _get_comp_words_by_ref -n : cur prev words cword - local command='docker' + local command='docker' cpos=0 local counter=1 while [ $counter -lt $cword ]; do case "${words[$counter]}" in From 8434115c69b35d1b0ee7f79aa64ac399d5ef620e Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 20 Nov 2014 19:46:48 +0000 Subject: [PATCH 0382/2538] events filtering Signed-off-by: Victor Vieux --- docs/sources/reference/commandline/cli.md | 80 +++++++++++++++++++---- 1 file changed, 67 insertions(+), 13 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b9c2945707..98ee79ee79 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -614,7 +614,10 @@ For example: Usage: docker events [OPTIONS] Get real time events from the server - + -f, --filter=[] Provide filter values. Valid filters: + event= - event to filter + image= - image to filter + container= - container to filter --since="" Show all events created since timestamp --until="" Stream events until this timestamp @@ -626,6 +629,24 @@ and Docker images will report: untag, delete +#### Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If you would like to use +multiple filters, pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +Using the same filter multiple times will be handled as a `OR`; for example +`--filter container=588a23dac085 --filter container=a8f7720b8c22` will display events for +container 588a23dac085 `OR` container a8f7720b8c22 + +Using multiple filters will be handled as a `AND`; for example +`--filter container=588a23dac085 --filter event=start` will display events for container +container 588a23dac085 `AND` only when the event type is `start` + +Current filters: + * event + * image + * container + #### Examples You'll need two shells for this example. @@ -634,31 +655,64 @@ You'll need two shells for this example. $ sudo docker events -**Shell 2: Start and Stop a Container:** +**Shell 2: Start and Stop containers:** $ sudo docker start 4386fb97867d $ sudo docker stop 4386fb97867d + $ sudo docker stop 7805c1d35632 **Shell 1: (Again .. now showing events):** - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) start - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop + 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop **Show events in the past from a specified time:** $ sudo docker events --since 1378216169 - 2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die - 2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop + 2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop + 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2014-03-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop $ sudo docker events --since '2013-09-03' - 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) start - 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die - 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop + 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start + 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop + 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' - 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from 12de384bfb10) die - 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from 12de384bfb10) stop + 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop + 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + +**Filter events:** + + $ sudo docker events --filter 'event=stop' + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop + 2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + + $ sudo docker events --filter 'image=ubuntu-1:14.04' + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop + + $ sudo docker events --filter 'container=7805c1d35632' + 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + + $ sudo docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d' + 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop + 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + + $ sudo docker events --filter 'container=7805c1d35632' --filter 'event=stop' + 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop ## exec @@ -777,7 +831,7 @@ uses up the `VIRTUAL SIZE` listed only once. #### Filtering -The filtering flag (`-f` or `--filter`) format is of "key=value". If there are more +The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) Current filters: From 3b475ff060f29f9df8e88a96b6cebfc102fec690 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 20 Nov 2014 19:54:03 +0000 Subject: [PATCH 0383/2538] docs nits Signed-off-by: Victor Vieux --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 98ee79ee79..9868424b7e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -634,13 +634,13 @@ and Docker images will report: The filtering flag (`-f` or `--filter`) format is of "key=value". If you would like to use multiple filters, pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) -Using the same filter multiple times will be handled as a `OR`; for example +Using the same filter multiple times will be handled as a *OR*; for example `--filter container=588a23dac085 --filter container=a8f7720b8c22` will display events for -container 588a23dac085 `OR` container a8f7720b8c22 +container 588a23dac085 *OR* container a8f7720b8c22 -Using multiple filters will be handled as a `AND`; for example +Using multiple filters will be handled as a *AND*; for example `--filter container=588a23dac085 --filter event=start` will display events for container -container 588a23dac085 `AND` only when the event type is `start` +container 588a23dac085 *AND* the event type is *start* Current filters: * event From 11d4be97199d8629e367b0871f12b7bfc14425cc Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 21 Nov 2014 13:47:03 -0800 Subject: [PATCH 0384/2538] Explain what the VIRTUAL SIZE means Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 9868424b7e..e676fd3682 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -796,6 +796,10 @@ decrease disk usage, and speed up `docker build` by allowing each step to be cached. These intermediate layers are not shown by default. +The `VIRTUAL SIZE` is the cumulative space taken up by the image and all +its parent images. This is also the disk space used by the contents of the +Tar file created when you `docker save` an image. + An image will be listed more than once if it has multiple repository names or tags. This single image (identifiable by its matching `IMAGE ID`) uses up the `VIRTUAL SIZE` listed only once. From ab6092640038d0080313a7abfad858838859d052 Mon Sep 17 00:00:00 2001 From: Michael Steinert Date: Wed, 26 Nov 2014 13:09:44 -0600 Subject: [PATCH 0385/2538] Fix a small typo Signed-off-by: Michael Steinert --- docs/sources/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 121018cff5..5ee0358479 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -764,7 +764,7 @@ Docker client, refer to [*Share Directories via Volumes*](/userguide/dockervolum documentation. > **Note**: -> The list is parsed a JSON array, which means that +> The list is parsed as a JSON array, which means that > you must use double-quotes (") around words not single-quotes ('). ## USER From 00a5a3fa8a4f75330a6591294a292ce112532f9e Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 18 Nov 2014 15:55:40 -0800 Subject: [PATCH 0386/2538] Add an example of how to add your client IP to the container hosts file Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 24 +++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e676fd3682..06220be22a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1610,6 +1610,30 @@ container exits with a non-zero exit status more than 10 times in a row Docker will abort trying to restart the container. Providing a maximum restart limit is only valid for the ** on-failure ** policy. +### Adding entries to a container hosts file + +You can add other hosts into a container's `/etc/hosts` file by using one or more +`--add-host` flags. This example adds a static address for a host named `docker`: + +``` + $ docker run --add-host=docker:10.180.0.1 --rm -it debian + $$ ping docker + PING docker (10.180.0.1): 48 data bytes + 56 bytes from 10.180.0.1: icmp_seq=0 ttl=254 time=7.600 ms + 56 bytes from 10.180.0.1: icmp_seq=1 ttl=254 time=30.705 ms + ^C--- docker ping statistics --- + 2 packets transmitted, 2 packets received, 0% packet loss + round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms +``` + +> **Note:** +> Sometimes you need to connect to the Docker host, which means getting the IP +> address of the host. You can use the following shell commands to simplify this +> process: +> +> $ alias hostip="ip route show 0.0.0.0/0 | grep -Eo 'via \S+' | awk '{ print \$2 }'" +> $ docker run --add-host=docker:$(hostip) --rm -it debian + ## save Usage: docker save [OPTIONS] IMAGE [IMAGE...] From 407a4a1916af65a9967d3927ad4d806a6237c2e1 Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Tue, 25 Nov 2014 10:38:16 -0500 Subject: [PATCH 0387/2538] Removed extraneous ) Docker-DCO-1.1-Signed-off-by: James Turnbull (github: jamtur01) --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index f5ccb753da..c113a884a3 100755 --- a/docs/README.md +++ b/docs/README.md @@ -11,7 +11,7 @@ development) branch maps to the "master" documentation. ## Contributing -Be sure to follow the [contribution guidelines](../CONTRIBUTING.md)). +Be sure to follow the [contribution guidelines](../CONTRIBUTING.md). In particular, [remember to sign your work!](../CONTRIBUTING.md#sign-your-work) ## Getting Started From d40014d0963baed2502f3824878b3f4ffbc4bb58 Mon Sep 17 00:00:00 2001 From: Jacob Atzen Date: Tue, 25 Nov 2014 12:07:02 +0100 Subject: [PATCH 0388/2538] Update documentation for EXPOSE The documentation for EXPOSE seems to indicate, that EXPOSE is only relevant in the context of links, which is not the case. Signed-off-by: Jacob Atzen --- docs/sources/reference/builder.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 5ee0358479..dffabaff3a 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -329,10 +329,13 @@ default specified in `CMD`. The `EXPOSE` instructions informs Docker that the container will listen on the specified network ports at runtime. Docker uses this information to interconnect containers using links (see the [Docker User -Guide](/userguide/dockerlinks)). Note that `EXPOSE` only works for -inter-container links. It doesn't make ports accessible from the host. To -expose ports to the host, at runtime, -[use the `-p` flag](/userguide/dockerlinks). +Guide](/userguide/dockerlinks)) and to determine which ports to expose to the +host when [using the -P flag](/reference/run/#expose-incoming-ports). +**Note:** +`EXPOSE` doesn't define which ports can be exposed to the host or make ports +accessible from the host by default. To expose ports to the host, at runtime, +[use the `-p` flag](/userguide/dockerlinks) or +[the -P flag](/reference/run/#expose-incoming-ports). ## ENV From ed00fc5e27db813de25b4c955b53e2f3842595d4 Mon Sep 17 00:00:00 2001 From: Alexander Boyd Date: Mon, 24 Nov 2014 16:22:50 -0700 Subject: [PATCH 0389/2538] Correct inaccuracy in docker pull documentation Signed-off-by: Alexander Boyd --- docs/sources/reference/commandline/cli.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 06220be22a..72144d3b5a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1199,9 +1199,8 @@ use `docker pull`: # will pull the debian:latest image, its intermediate layers # and any aliases of the same id $ sudo docker pull debian:testing - # will pull the image named ubuntu:trusty, ubuntu:14.04 - # which is an alias of the same image - # and any intermediate layers it is based on. + # will pull the image named debian:testing and any intermediate + # layers it is based on. # (Typically the empty `scratch` image, a MAINTAINER layer, # and the un-tarred base). $ sudo docker pull --all-tags centos From 5d4d002c2324f6333bec846e67c8bd48060a647f Mon Sep 17 00:00:00 2001 From: Sindhu S Date: Mon, 1 Dec 2014 19:35:58 +0530 Subject: [PATCH 0390/2538] Fix dead link build.md --- docs/sources/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index dffabaff3a..adc308c9d6 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -19,7 +19,7 @@ Dockerfile knowledge with the [Dockerfile tutorial](/userguide/level1). ## Usage -To [*build*](../commandline/cli/#cli-build) an image from a source repository, +To [*build*](/reference/commandline/cli/#build) an image from a source repository, create a description file called `Dockerfile` at the root of your repository. This file will describe the steps to assemble the image. From 82436ff167afd3e74f75512d37b1964a4d20db69 Mon Sep 17 00:00:00 2001 From: Tomas Tomecek Date: Thu, 27 Nov 2014 12:54:36 +0100 Subject: [PATCH 0391/2538] docs: man docker-images: inconsistent naming Synopsis is mentioning "NAME" while description is describing "REPOSITORY". Signed-off-by: Tomas Tomecek --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 72144d3b5a..d668725d14 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -779,7 +779,7 @@ To see how the `docker:latest` image was built: ## images - Usage: docker images [OPTIONS] [NAME] + Usage: docker images [OPTIONS] [REPOSITORY] List images From f7c051492c44d74e6df97660ec9390ba9defb61f Mon Sep 17 00:00:00 2001 From: Sindhu S Date: Mon, 1 Dec 2014 19:28:02 +0530 Subject: [PATCH 0392/2538] Fix dead link cli.md --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d668725d14..32b5f669f3 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -102,7 +102,7 @@ To run the daemon with debug output, use `docker -d -D`. ### Daemon socket option -The Docker daemon can listen for [Docker Remote API](reference/api/docker_remote_api/) +The Docker daemon can listen for [Docker Remote API](/reference/api/docker_remote_api/) requests via three different types of Socket: `unix`, `tcp`, and `fd`. By default, a `unix` domain socket (or IPC socket) is created at `/var/run/docker.sock`, From 12a763ba5a8b1fe066616182d745f9d3e871ea56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= Date: Wed, 3 Dec 2014 13:57:23 +0100 Subject: [PATCH 0393/2538] Rename the overlay storage driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit so that docker is started with `docker -d -s overlay` instead of `docker -d -s overlayfs` Signed-off-by: Lénaïc Huard --- docs/sources/reference/commandline/cli.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 32b5f669f3..c9989926ce 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -156,7 +156,7 @@ string is equivalent to setting the `--tlsverify` flag. The following are equiva ### Daemon storage-driver option The Docker daemon has support for several different image layer storage drivers: `aufs`, -`devicemapper`, `btrfs` and `overlayfs`. +`devicemapper`, `btrfs` and `overlay`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that is unlikely to be merged into the main kernel. These are also known to cause some @@ -175,9 +175,9 @@ To tell the Docker daemon to use `devicemapper`, use The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`. -The `overlayfs` is a very fast union filesystem. It is now merged in the main +The `overlay` is a very fast union filesystem. It is now merged in the main Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). -Call `docker -d -s overlayfs` to use it. +Call `docker -d -s overlay` to use it. ### Docker exec-driver option From bc4f74bc1dbee373819450e89bb31da2e2b8e90e Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 4 Dec 2014 16:05:45 +1000 Subject: [PATCH 0394/2538] Something changed, broke the docs release script, and it seems that --exclude still doesn't work, so I'm removing it Signed-off-by: Sven Dowideit --- docs/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/README.md b/docs/README.md index c113a884a3..de3999ba78 100755 --- a/docs/README.md +++ b/docs/README.md @@ -131,8 +131,8 @@ Once the PR has the needed `LGTM`s, merge it, then publish to our beta server to test: git fetch upstream - git checkout post-1.2.0-docs-update-1 - git reset --hard upstream/post-1.2.0-docs-update-1 + git checkout docs + git reset --hard upstream/docs make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release Then go to http://beta-docs.docker.io.s3-website-us-west-2.amazonaws.com/ @@ -141,6 +141,8 @@ to view your results and make sure what you published is what you wanted. When you're happy with it, publish the docs to our live site: make AWS_S3_BUCKET=docs.docker.com BUILD_ROOT=yes docs-release + +Test the uncached version of the live docs at http://docs.docker.com.s3-website-us-east-1.amazonaws.com/ Note that the new docs will not appear live on the site until the cache (a complex, distributed CDN system) is flushed. This requires someone with S3 keys. Contact Docker From f79055e6107567beb900fa1e1917c26ffd65aa1b Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 28 Nov 2014 14:21:55 +1000 Subject: [PATCH 0395/2538] Auto-update documentation from the output of the cli. I've re-jigged the run man page so that each option's text begins with the cli's help text for that flag, and then ay subsequent lines in the man page are carried forward. Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c9989926ce..090d8180dd 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -315,7 +315,6 @@ To kill the container, use `docker kill`. --force-rm=false Always remove intermediate containers, even after unsuccessful builds --no-cache=false Do not use cache when building the image - --pull=false Always attempt to pull a newer version of the image -q, --quiet=false Suppress the verbose output generated by the containers --rm=true Remove intermediate containers after a successful build -t, --tag="" Repository name (and optionally a tag) to be applied to the resulting image in case of success @@ -538,11 +537,14 @@ Creates a new container. --expose=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host -h, --hostname="" Container host name -i, --interactive=false Keep STDIN open even if not attached + --ipc="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container + 'container:': reuses another container shared memory, semaphores and message queues + 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. --link=[] Add link to another container in the form of name:alias --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -m, --memory="" Memory limit (format: , where unit = b, k, m or g) + --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --name="" Assign a name to the container - --mac-address="" Set the container's MAC address --net="bridge" Set the Network mode for the container 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container @@ -554,6 +556,7 @@ Creates a new container. (use 'docker port' to see the actual mapping) --privileged=false Give extended privileges to this container --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + --security-opt=[] Security Options -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) @@ -614,10 +617,7 @@ For example: Usage: docker events [OPTIONS] Get real time events from the server - -f, --filter=[] Provide filter values. Valid filters: - event= - event to filter - image= - image to filter - container= - container to filter + --since="" Show all events created since timestamp --until="" Stream events until this timestamp @@ -1321,9 +1321,13 @@ removed before the image is removed. --expose=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host -h, --hostname="" Container host name -i, --interactive=false Keep STDIN open even if not attached + --ipc="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container + 'container:': reuses another container shared memory, semaphores and message queues + 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. --link=[] Add link to another container in the form of name:alias --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -m, --memory="" Memory limit (format: , where unit = b, k, m or g) + --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --name="" Assign a name to the container --net="bridge" Set the Network mode for the container 'bridge': creates a new network stack for the container on the docker bridge @@ -1337,6 +1341,7 @@ removed before the image is removed. --privileged=false Give extended privileges to this container --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) --rm=false Automatically remove the container when it exits (incompatible with -d) + --security-opt=[] Security Options --sig-proxy=true Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID @@ -1682,8 +1687,8 @@ more details on finding shared images from the command line. Restart a stopped container - -a, --attach=false Attach container's `STDOUT` and `STDERR` and forward all signals to the process - -i, --interactive=false Attach container's `STDIN` + -a, --attach=false Attach container's STDOUT and STDERR and forward all signals to the process + -i, --interactive=false Attach container's STDIN When run on a container that has already been started, takes no action and succeeds unconditionally. @@ -1692,7 +1697,7 @@ takes no action and succeeds unconditionally. Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a running container by sending `SIGTERM` and then `SIGKILL` after a grace period + Stop a running container by sending SIGTERM and then SIGKILL after a grace period -t, --time=10 Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. From 0f2e87fcf8e0931204cccd0a847bd902ebe4def7 Mon Sep 17 00:00:00 2001 From: Michal Minar Date: Thu, 6 Nov 2014 15:09:09 +0100 Subject: [PATCH 0396/2538] Man: describe --icc option better Current description is misleading. It make an impression the --icc=false prevents containers to talk with each other. Signed-off-by: Michal Minar Docker-DCO-1.1-Signed-off-by: Michal Minar (github: SvenDowideit) --- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 73c2966393..23c2085686 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -53,7 +53,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force docker to use specific DNS servers' complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the docker runtime to use a specific exec driver' complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the docker runtime' -complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Enable inter-container communication' +complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Enable inter-container communication without any restriction' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Disable enabling of net.ipv4.ip_forward' complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Disable docker's addition of iptables rules" diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 090d8180dd..a6bc9c78d4 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -69,7 +69,7 @@ expect an integer, and they can only be specified once. use '' (the empty string) to disable setting of a group -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. - --icc=true Enable inter-container communication + --icc=true Enable inter-container communication without any restriction --insecure-registry=[] Enable insecure communication with specified registries (disables certificate verification for HTTPS and enables HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16) --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward From 716e63974851f24ac9e333afbcd22bc953c7c21c Mon Sep 17 00:00:00 2001 From: Michal Minar Date: Mon, 10 Nov 2014 11:30:30 +0100 Subject: [PATCH 0397/2538] Doc: described storage-driver options in cli reference Documented --storage-opt=[] option in cli reference page. Content taken from: daemon/graphdriver/devmapper/README.md Signed-off-by: Michal Minar Docker-DCO-1.1-Signed-off-by: Michal Minar (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 146 ++++++++++++++++++++-- 1 file changed, 139 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a6bc9c78d4..56ef9d5904 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -164,13 +164,16 @@ serious kernel crashes. However, `aufs` is also the only storage driver that all containers to share executable and shared library memory, so is a useful choice when running thousands of containers with the same program or libraries. -The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) snapshots. -This driver will create a 100GB sparse file containing all your images and -containers. Each container will be limited to a 10 GB thin volume, and either of -these will require tuning - see [~jpetazzo/Resizing Docker containers with the -Device Mapper plugin]( http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/) -To tell the Docker daemon to use `devicemapper`, use -`docker -d -s devicemapper`. +The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) +snapshots. For each devicemapper graph location – typically +`/var/lib/docker/devicemapper` – a thin pool is created based on two block +devices, one for data and one for metadata. By default, these block devices +are created automatically by using loopback mounts of automatically created +sparse files. Refer to [Storage driver options](#storage-driver-options) below +for a way how to customize this setup. +[~jpetazzo/Resizing Docker containers with the Device Mapper plugin]( +http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/) article +explains how to tune your existing setup without the use of options. The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`. @@ -179,6 +182,135 @@ The `overlay` is a very fast union filesystem. It is now merged in the main Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). Call `docker -d -s overlay` to use it. +#### Storage driver options + +Particular storage-driver can be configured with options specified with +`--storage-opt` flags. The only driver accepting options is `devicemapper` as +of now. All its options are prefixed with `dm`. + +Currently supported options are: + + * `dm.basesize` + + Specifies the size to use when creating the base device, which limits the + size of images and containers. The default value is 10G. Note, thin devices + are inherently "sparse", so a 10G device which is mostly empty doesn't use + 10 GB of space on the pool. However, the filesystem will use more space for + the empty case the larger the device is. + + **Warning**: This value affects the system-wide "base" empty filesystem + that may already be initialized and inherited by pulled images. Typically, + a change to this value will require additional steps to take effect: + + $ sudo service docker stop + $ sudo rm -rf /var/lib/docker + $ sudo service docker start + + Example use: + + $ sudo docker -d --storage-opt dm.basesize=20G + + * `dm.loopdatasize` + + Specifies the size to use when creating the loopback file for the "data" + device which is used for the thin pool. The default size is 100G. Note that + the file is sparse, so it will not initially take up this much space. + + Example use: + + $ sudo docker -d --storage-opt dm.loopdatasize=200G + + * `dm.loopmetadatasize` + + Specifies the size to use when creating the loopback file for the + "metadata" device which is used for the thin pool. The default size is 2G. + Note that the file is sparse, so it will not initially take up this much + space. + + Example use: + + $ sudo docker -d --storage-opt dm.loopmetadatasize=4G + + * `dm.fs` + + Specifies the filesystem type to use for the base device. The supported + options are "ext4" and "xfs". The default is "ext4" + + Example use: + + $ sudo docker -d --storage-opt dm.fs=xfs + + * `dm.mkfsarg` + + Specifies extra mkfs arguments to be used when creating the base device. + + Example use: + + $ sudo docker -d --storage-opt "dm.mkfsarg=-O ^has_journal" + + * `dm.mountopt` + + Specifies extra mount options used when mounting the thin devices. + + Example use: + + $ sudo docker -d --storage-opt dm.mountopt=nodiscard + + * `dm.datadev` + + Specifies a custom blockdevice to use for data for the thin pool. + + If using a block device for device mapper storage, ideally both datadev and + metadatadev should be specified to completely avoid using the loopback + device. + + Example use: + + $ sudo docker -d \ + --storage-opt dm.datadev=/dev/sdb1 \ + --storage-opt dm.metadatadev=/dev/sdc1 + + * `dm.metadatadev` + + Specifies a custom blockdevice to use for metadata for the thin pool. + + For best performance the metadata should be on a different spindle than the + data, or even better on an SSD. + + If setting up a new metadata pool it is required to be valid. This can be + achieved by zeroing the first 4k to indicate empty metadata, like this: + + $ dd if=/dev/zero of=$metadata_dev bs=4096 count=1 + + Example use: + + $ sudo docker -d \ + --storage-opt dm.datadev=/dev/sdb1 \ + --storage-opt dm.metadatadev=/dev/sdc1 + + * `dm.blocksize` + + Specifies a custom blocksize to use for the thin pool. The default + blocksize is 64K. + + Example use: + + $ sudo docker -d --storage-opt dm.blocksize=512K + + * `dm.blkdiscard` + + Enables or disables the use of blkdiscard when removing devicemapper + devices. This is enabled by default (only) if using loopback devices and is + required to res-parsify the loopback file on image/container removal. + + Disabling this on loopback can lead to *much* faster container removal + times, but will make the space used in `/var/lib/docker` directory not be + returned to the system for other use when containers are removed. + + Example use: + + $ sudo docker -d --storage-opt dm.blkdiscard=false + ### Docker exec-driver option The Docker daemon uses a specifically built `libcontainer` execution driver as its From 87353ddc98b0dd3d7be228bfaab43b2041f0f9ae Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 20 Nov 2014 16:48:27 -0800 Subject: [PATCH 0398/2538] Try out a different phrase for --icc Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 23c2085686..aa0b88678b 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -53,7 +53,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force docker to use specific DNS servers' complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the docker runtime to use a specific exec driver' complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the docker runtime' -complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Enable inter-container communication without any restriction' +complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Allow unrestricted inter-container (and host) communication' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Disable enabling of net.ipv4.ip_forward' complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Disable docker's addition of iptables rules" diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 56ef9d5904..16ddeb1c2f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -69,7 +69,7 @@ expect an integer, and they can only be specified once. use '' (the empty string) to disable setting of a group -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. - --icc=true Enable inter-container communication without any restriction + --icc=true Allow unrestricted inter-container (and host) communication --insecure-registry=[] Enable insecure communication with specified registries (disables certificate verification for HTTPS and enables HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16) --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward From 640fabe8da7b0720b389fa4394fd0f3c9444e367 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 21 Nov 2014 14:17:13 -0800 Subject: [PATCH 0399/2538] fixes as per feedback Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index aa0b88678b..a082adc02c 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -53,7 +53,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force docker to use specific DNS servers' complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the docker runtime to use a specific exec driver' complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the docker runtime' -complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Allow unrestricted inter-container (and host) communication' +complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Allow unrestricted inter-container and Docker daemon host communication' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Disable enabling of net.ipv4.ip_forward' complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Disable docker's addition of iptables rules" diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 16ddeb1c2f..6224c5223f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -69,7 +69,7 @@ expect an integer, and they can only be specified once. use '' (the empty string) to disable setting of a group -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. - --icc=true Allow unrestricted inter-container (and host) communication + --icc=true Allow unrestricted inter-container and Docker daemon host communication --insecure-registry=[] Enable insecure communication with specified registries (disables certificate verification for HTTPS and enables HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16) --ip=0.0.0.0 Default IP address to use when binding container ports --ip-forward=true Enable net.ipv4.ip_forward From dc2868ee11d83fe0ade66e258dd8c5d8d23536d8 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 4 Dec 2014 11:49:06 +1000 Subject: [PATCH 0400/2538] Note that using -lxc-conf to change things Docker manages has pitfalls Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/run.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 8b0c6a1591..9c26ec7fa6 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -369,6 +369,13 @@ Note that in the future, a given host's docker daemon may not use LXC, so this is an implementation-specific configuration meant for operators already familiar with using LXC directly. +> **Note:** +> If you use `--lxc-conf` to modify a container's configuration which is also +> managed by the Docker daemon, then the Docker daemon will not know about this +> modification, and you will need to manage any conflicts yourself. For example, +> you can use `--lxc-conf` to set a container's IP address, but this will not be +> reflected in the `/etc/hosts` file. + ## Overriding Dockerfile image defaults When a developer builds an image from a [*Dockerfile*](/reference/builder/#dockerbuilder) From f96a52c955bdf4bff3255fd5a320c85fcc4f273e Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 3 Dec 2014 15:29:54 -0800 Subject: [PATCH 0401/2538] Return docker's root dir in docker -D info This adds the docker daemon's root directory to docker info when running in debug mode. This allows the user to view the root directory where docker is writing and storing state. Signed-off-by: Michael Crosby --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6224c5223f..7ffdcabb54 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1066,6 +1066,7 @@ For example: Goroutines: 9 EventsListeners: 0 Init Path: /usr/bin/docker + Docker Root Dir: /var/lib/docker Username: svendowideit Registry: [https://index.docker.io/v1/] Labels: From c5e525eb4c45cc7c2c7479d5b8599d9e3cadcfe6 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 5 Dec 2014 16:30:47 +1000 Subject: [PATCH 0402/2538] add --cap-add=NET_ADMIN to make a new network device inspired by #9452 Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) Signed-off-by: Sven Dowideit --- docs/sources/reference/run.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 9c26ec7fa6..65cf21f510 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -360,6 +360,10 @@ operator wants to have all capabilities but `MKNOD` they could use: For interacting with the network stack, instead of using `--privileged` they should use `--cap-add=NET_ADMIN` to modify the network interfaces. + $ docker run -t -i --rm ubuntu:14.04 ip link add dummy0 type dummy + RTNETLINK answers: Operation not permitted + $ docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy + If the Docker daemon was started using the `lxc` exec-driver (`docker -d --exec-driver=lxc`) then the operator can also specify LXC options using one or more `--lxc-conf` parameters. These can be new parameters or From acd8287c74a7134c6d5b5a1f21e4fdfc4e91f87b Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 5 Dec 2014 16:41:18 +1000 Subject: [PATCH 0403/2538] Add a fuse example, combining both SYS_ADMIN and --device inspired by #9448 and #9487 Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) Signed-off-by: Sven Dowideit --- docs/sources/reference/run.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 65cf21f510..8ac9f9d789 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -364,6 +364,30 @@ should use `--cap-add=NET_ADMIN` to modify the network interfaces. RTNETLINK answers: Operation not permitted $ docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy +To mount a FUSE based filesystem, you need to combine both `--cap-add` and +`--device`: + + $ docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt + fuse: failed to open /dev/fuse: Operation not permitted + $ docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt + fusermount: mount failed: Operation not permitted + $ docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs + # sshfs sven@10.10.10.20:/home/sven /mnt + The authenticity of host '10.10.10.20 (10.10.10.20)' can't be established. + ECDSA key fingerprint is 25:34:85:75:25:b0:17:46:05:19:04:93:b5:dd:5f:c6. + Are you sure you want to continue connecting (yes/no)? yes + sven@10.10.10.20's password: + root@30aa0cfaf1b5:/# ls -la /mnt/src/docker + total 1516 + drwxrwxr-x 1 1000 1000 4096 Dec 4 06:08 . + drwxrwxr-x 1 1000 1000 4096 Dec 4 11:46 .. + -rw-rw-r-- 1 1000 1000 16 Oct 8 00:09 .dockerignore + -rwxrwxr-x 1 1000 1000 464 Oct 8 00:09 .drone.yml + drwxrwxr-x 1 1000 1000 4096 Dec 4 06:11 .git + -rw-rw-r-- 1 1000 1000 461 Dec 4 06:08 .gitignore + .... + + If the Docker daemon was started using the `lxc` exec-driver (`docker -d --exec-driver=lxc`) then the operator can also specify LXC options using one or more `--lxc-conf` parameters. These can be new parameters or From 76daef2b9a022d26594280215fce4cef80df8dd6 Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Fri, 5 Dec 2014 16:50:56 -0800 Subject: [PATCH 0404/2538] Forbid client piping to tty enabled container Forbid `docker run -t` with a redirected stdin (such as `echo test | docker run -ti busybox cat`). Forbid `docker exec -t` with a redirected stdin. Forbid `docker attach` with a redirect stdin toward a tty enabled container. Signed-off-by: Arnaud Porterie --- docs/sources/reference/run.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 8ac9f9d789..74a567c00b 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -94,9 +94,10 @@ specify to which of the three standard streams (`STDIN`, `STDOUT`, $ sudo docker run -a stdin -a stdout -i -t ubuntu /bin/bash -For interactive processes (like a shell) you will typically want a tty -as well as persistent standard input (`STDIN`), so you'll use `-i -t` -together in most interactive cases. +For interactive processes (like a shell), you must use `-i -t` together in +order to allocate a tty for the container process. Specifying `-t` is however +forbidden when the client standard output is redirected or pipe, such as in: +`echo test | docker run -i busybox cat`. ## Container identification From 41d3d7dc7289a0ed035a92f51c4444a91e1a37a5 Mon Sep 17 00:00:00 2001 From: shishir-a412ed Date: Mon, 24 Nov 2014 16:20:18 -0500 Subject: [PATCH 0405/2538] Added description for 'docker run' command, -c/--cpu-shares flag Signed-off-by: Shishir Mahajan --- docs/sources/reference/run.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 74a567c00b..e9ecfff442 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -302,6 +302,19 @@ get the same proportion of CPU cycles, but you can tell the kernel to give more shares of CPU time to one or more containers when you start them via Docker. +The flag `-c` or `--cpu-shares` with value 0 indicates that the running +container has access to all 1024 (default) CPU shares. However, this value +can be modified to run a container with a different priority or different +proportion of CPU cycles. + +E.g., If we start three {C0, C1, C2} containers with default values +(`-c` OR `--cpu-shares` = 0) and one {C3} with (`-c` or `--cpu-shares`=512) +then C0, C1, and C2 would have access to 100% CPU shares (1024) and C3 would +only have access to 50% CPU shares (512). In the context of a time-sliced OS +with time quantum set as 100 milliseconds, containers C0, C1, and C2 will run +for full-time quantum, and container C3 will run for half-time quantum i.e 50 +milliseconds. + ## Runtime privilege, Linux capabilities, and LXC configuration --cap-add: Add Linux capabilities From e6d8a17cf59657fbb2702d315b1a19713b5951c5 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Mon, 8 Dec 2014 10:18:17 -0800 Subject: [PATCH 0406/2538] add note to docs about overlay + btrfs Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) --- docs/sources/reference/commandline/cli.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 7ffdcabb54..577a4c68c0 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -180,7 +180,10 @@ share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_p The `overlay` is a very fast union filesystem. It is now merged in the main Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). -Call `docker -d -s overlay` to use it. +Call `docker -d -s overlay` to use it. +> **Note:** +> It is currently unsupported on `btrfs` or any Copy on Write filesystem +> and should only be used over `ext4` partitions. #### Storage driver options From 6a94570d5af81ed7fbe2be5f1da9ef933ee4c91f Mon Sep 17 00:00:00 2001 From: Barnaby Gray Date: Sun, 7 Dec 2014 12:40:29 +0000 Subject: [PATCH 0407/2538] Update fish shell completions. Fixes #9550 Signed-off-by: Barnaby Gray --- contrib/completion/fish/docker.fish | 205 +++++++++++++++++----------- 1 file changed, 128 insertions(+), 77 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index a082adc02c..5eef6f30bf 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -16,7 +16,7 @@ function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand' for i in (commandline -opc) - if contains -- $i attach build commit cp create diff events export history images import info insert inspect kill load login logs port ps pull push restart rm rmi run save search start stop tag top version wait + if contains -- $i attach build commit cp create diff events exec export history images import info insert inspect kill load login logout logs pause port ps pull push restart rm rmi run save search start stop tag top unpause version wait return 1 end end @@ -43,31 +43,42 @@ function __fish_print_docker_repositories --description 'Print a list of docker end # common options -complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode' -complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d "Group to assign the unix socket specified by -H when running in daemon mode; use '' (the empty string) to disable setting of a group" -complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'tcp://host:port, unix://path/to/socket, fd://* or fd://socketfd to use in daemon mode. Multiple sockets can be specified' complete -c docker -f -n '__fish_docker_no_subcommand' -l api-enable-cors -d 'Enable CORS headers in the remote API' -complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d "Attach containers to a pre-existing network bridge; use 'none' to disable container networking" +complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d 'Attach containers to a pre-existing network bridge' complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b" +complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode' complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode' -complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force docker to use specific DNS servers' -complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the docker runtime to use a specific exec driver' -complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the docker runtime' -complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Allow unrestricted inter-container and Docker daemon host communication' +complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force Docker to use specific DNS servers' +complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-search -d 'Force Docker to use specific DNS search domains' +complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the Docker runtime to use a specific exec driver' +complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr -d 'IPv4 subnet for fixed IPs (ex: 10.20.0.0/16)' +complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d 'Group to assign the unix socket specified by -H when running in daemon mode' +complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the Docker runtime' +complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.' +complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Enable inter-container communication' +complete -c docker -f -n '__fish_docker_no_subcommand' -l insecure-registry -d 'Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16)' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports' -complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Disable enabling of net.ipv4.ip_forward' -complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Disable docker's addition of iptables rules" -complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU; if no value is provided: default to the default route MTU or 1500 if no default route is available' +complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Enable net.ipv4.ip_forward' +complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-masq -d "Enable IP masquerading for bridge's IP range" +complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Enable Docker's addition of iptables rules" +complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU' complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file' -complete -c docker -f -n '__fish_docker_no_subcommand' -s r -l restart -d 'Restart previously running containers' -complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the docker runtime to use a specific storage driver' +complete -c docker -f -n '__fish_docker_no_subcommand' -l registry-mirror -d 'Specify a preferred Docker registry mirror' +complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the Docker runtime to use a specific storage driver' +complete -c docker -f -n '__fish_docker_no_subcommand' -l selinux-enabled -d 'Enable selinux support. SELinux does not presently support the BTRFS storage driver' +complete -c docker -f -n '__fish_docker_no_subcommand' -l storage-opt -d 'Set storage driver options' +complete -c docker -f -n '__fish_docker_no_subcommand' -l tls -d 'Use TLS; implied by tls-verify flags' +complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscacert -d 'Trust only remotes providing a certificate signed by the CA given here' +complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscert -d 'Path to TLS certificate file' +complete -c docker -f -n '__fish_docker_no_subcommand' -l tlskey -d 'Path to TLS key file' +complete -c docker -f -n '__fish_docker_no_subcommand' -l tlsverify -d 'Use TLS and verify the remote (daemon: verify client, client: verify daemon)' complete -c docker -f -n '__fish_docker_no_subcommand' -s v -l version -d 'Print version information and quit' # subcommands # attach complete -c docker -f -n '__fish_docker_no_subcommand' -a attach -d 'Attach to a running container' -complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach stdin' -complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxify all received signal to the process (non-TTY mode only)' +complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach STDIN' +complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxy all received signals to the process (even in non-TTY mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.' complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container" # build @@ -80,40 +91,48 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d ' # commit complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes" -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (e.g., "John Hannibal Smith "' +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (e.g., "John Hannibal Smith ")' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message' -complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l run -d 'Config automatically applied when the image is run. (ex: -run=\'{"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}\')' +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s p -l pause -d 'Pause container during commit' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" # cp complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders from a container's filesystem to the host path" # create -complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to stdin, stdout or stderr.' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom dns servers' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default entrypoint of the image' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port from the container without publishing it to your host' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping)" -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-tty' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image" - +complete -c docker -f -n '__fish_docker_no_subcommand' -a create -d 'Create a new container' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s c -l cpu-shares -d 'CPU shares (relative weight)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-add -d 'Add Linux capabilities' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-drop -d 'Drop Linux capabilities' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cidfile -d 'Write the container ID to the file' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns -d 'Set custom DNS servers' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-search -d 'Set custom DNS search domains' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s e -l env -d 'Set environment variables' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l env-file -d 'Read in a line delimited file of environment variables' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l expose -d 'Expose a port from the container without publishing it to your host' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s h -l hostname -d 'Container host name' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interactive -d 'Keep STDIN open even if not attached' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of name:alias' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l lxc-conf -d '(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s p -l publish -d "Publish a container's port to the host" +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l privileged -d 'Give extended privileges to this container' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l security-opt -d 'Security Options' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s t -l tty -d 'Allocate a pseudo-TTY' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s u -l user -d 'Username or UID' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l volumes-from -d 'Mount volumes from the specified container(s)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s w -l workdir -d 'Working directory inside the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -a '(__fish_print_docker_images)' -d "Image" # diff complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem" @@ -121,7 +140,15 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print # events complete -c docker -f -n '__fish_docker_no_subcommand' -a events -d 'Get real time events from the server' -complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show previously created events and then stream.' +complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show all events created since timestamp' +complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l until -d 'Stream events until this timestamp' + +# exec +complete -c docker -f -n '__fish_docker_no_subcommand' -a exec -d 'Run a command in an existing container' +complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s d -l detach -d 'Detached mode: run command in the background' +complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s i -l interactive -d 'Keep STDIN open even if not attached' +complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s t -l tty -d 'Allocate a pseudo-TTY' +complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -a '(__fish_print_docker_containers running)' -d "Container" # export complete -c docker -f -n '__fish_docker_no_subcommand' -a export -d 'Stream the contents of a container as a tar archive' @@ -136,10 +163,9 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_pr # images complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)' +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s f -l filter -d "Provide filter values (i.e. 'dangling=true')" complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s t -l tree -d 'Output graph in tree format' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s v -l viz -d 'Output graph in graphviz format' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository" # import @@ -161,122 +187,147 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -a '(__fish_print # load complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load an image from a tar archive' +complete -c docker -A -f -n '__fish_seen_subcommand_from load' -s i -l input -d 'Read from a tar archive file, instead of STDIN' # login -complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Register or Login to the docker registry server' +complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Register or log in to a Docker registry server' complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'Email' complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password' complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username' +# logout +complete -c docker -f -n '__fish_docker_no_subcommand' -a logout -d 'Log out from a Docker registry server' + # logs complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s f -l follow -d 'Follow log output' +complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s t -l timestamps -d 'Show timestamps' +complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l tail -d 'Output the specified number of lines at the end of logs (defaults to all logs)' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -a '(__fish_print_docker_containers running)' -d "Container" # port -complete -c docker -f -n '__fish_docker_no_subcommand' -a port -d 'Lookup the public-facing port which is NAT-ed to PRIVATE_PORT' +complete -c docker -f -n '__fish_docker_no_subcommand' -a port -d 'Lookup the public-facing port that is NAT-ed to PRIVATE_PORT' complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print_docker_containers running)' -d "Container" +# pause +complete -c docker -f -n '__fish_docker_no_subcommand' -a pause -d 'Pause all processes within a container' +complete -c docker -A -f -n '__fish_seen_subcommand_from pause' -a '(__fish_print_docker_containers running)' -d "Container" + # ps complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before -d 'Show only container created before Id or Name, include non-running ones.' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s f -l filter -d 'Provide filter values. Valid filters:' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display total file sizes' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display sizes' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.' # pull -complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from the docker registry server' -complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s t -l tag -d 'Download tagged image in repository' +complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from a Docker registry server' +complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s a -l all-tags -d 'Download all tagged images in the repository' complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_images)' -d "Image" complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_repositories)' -d "Repository" # push -complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to the docker registry server' +complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to a Docker registry server' complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_images)' -d "Image" complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_repositories)' -d "Repository" # restart complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a running container' -complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default=10' +complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.' complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container" # rm complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers' -complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force removal of running container' +complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force the removal of a running container (uses SIGKILL)' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container' -complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated to the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated with the container' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container" # rmi complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images' -complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force' +complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force removal of the image' +complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l no-prune -d 'Do not delete untagged parents' complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image" # run complete -c docker -f -n '__fish_docker_no_subcommand' -a run -d 'Run a command in a new container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to stdin, stdout or stderr.' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s a -l attach -d 'Attach to STDIN, STDOUT or STDERR.' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l add-host -d 'Add a custom host-to-IP mapping (host:ip)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s c -l cpu-shares -d 'CPU shares (relative weight)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-add -d 'Add Linux capabilities' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-drop -d 'Drop Linux capabilities' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: Run container in the background, print new container id' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom dns servers' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: run the container in the background and print the new container ID' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom DNS servers' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-search -d 'Set custom DNS search domains' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default entrypoint of the image' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l env-file -d 'Read in a line delimited file of environment variables' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port from the container without publishing it to your host' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep stdin open even if not attached' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container (name:alias)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d 'Add custom lxc options -lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep STDIN open even if not attached' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of name:alias' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d '(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s n -l networking -d 'Enable networking for this container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort) (use 'docker port' to see the actual mapping)" +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxify all received signal to the process (non-TTY mode only)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-tty' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l security-opt -d 'Security Options' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-TTY' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g. from the host: -v /host:/container, from docker: -v /container)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_docker_images)' -d "Image" # save complete -c docker -f -n '__fish_docker_no_subcommand' -a save -d 'Save an image to a tar archive' +complete -c docker -A -f -n '__fish_seen_subcommand_from save' -s o -l output -d 'Write to a file, instead of STDOUT' complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image" # search -complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image in the docker index' -complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output" -complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least xxx stars' +complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image on the Docker Hub' complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l automated -d 'Only show automated builds' +complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output" +complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least x stars' # start complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a stopped container' -complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's stdout/stderr and forward all signals to the process" -complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's stdin" +complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's STDOUT and STDERR and forward all signals to the process" +complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's STDIN" complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_print_docker_containers stopped)' -d "Container" # stop complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a running container' -complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it.' +complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.' complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container" # tag complete -c docker -f -n '__fish_docker_no_subcommand' -a tag -d 'Tag an image into a repository' complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -s f -l force -d 'Force' -complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -a '(__fish_print_docker_images)' -d "Image" # top complete -c docker -f -n '__fish_docker_no_subcommand' -a top -d 'Lookup the running processes of a container' complete -c docker -A -f -n '__fish_seen_subcommand_from top' -a '(__fish_print_docker_containers running)' -d "Container" +# unpause +complete -c docker -f -n '__fish_docker_no_subcommand' -a unpause -d 'Unpause a paused container' +complete -c docker -A -f -n '__fish_seen_subcommand_from unpause' -a '(__fish_print_docker_containers running)' -d "Container" + # version -complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the docker version information' +complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the Docker version information' # wait complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code' From ce7267e5976659f940635f600db5ab97a788e28d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 15 Dec 2014 21:07:41 +0100 Subject: [PATCH 0408/2538] Refactor completion for docker run and docker create _docker_run and _docker_create had only one differing line. This refactoring features: - direct completion for both commands to the same function - factor out the common arguments, sort & format them nicely - compute the argument for _docker_pos_first_nonflag. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 166 +++++++++------------------------ 1 file changed, 46 insertions(+), 120 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5364944faf..7fcbfca548 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -252,124 +252,7 @@ _docker_cp() { } _docker_create() { - case "$prev" in - -a|--attach) - COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) - return - ;; - --cidfile|--env-file) - _filedir - return - ;; - --volumes-from) - __docker_containers_all - return - ;; - -v|--volume|--device) - case "$cur" in - *:*) - # TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine) - ;; - '') - COMPREPLY=( $( compgen -W '/' -- "$cur" ) ) - compopt -o nospace - ;; - /*) - _filedir - compopt -o nospace - ;; - esac - return - ;; - -e|--env) - COMPREPLY=( $( compgen -e -- "$cur" ) ) - compopt -o nospace - return - ;; - --link) - case "$cur" in - *:*) - ;; - *) - __docker_containers_running - COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) - compopt -o nospace - ;; - esac - return - ;; - --add-host) - case "$cur" in - *:) - __docker_resolve_hostname - return - ;; - esac - ;; - --cap-add|--cap-drop) - __docker_capabilities - return - ;; - --net) - case "$cur" in - container:*) - local cur=${cur#*:} - __docker_containers_all - ;; - *) - COMPREPLY=( $( compgen -W "bridge none container: host" -- "$cur") ) - if [ "${COMPREPLY[*]}" = "container:" ] ; then - compopt -o nospace - fi - ;; - esac - return - ;; - --restart) - case "$cur" in - on-failure:*) - ;; - *) - COMPREPLY=( $( compgen -W "no on-failure on-failure: always" -- "$cur") ) - ;; - esac - return - ;; - --security-opt) - case "$cur" in - label:*:*) - ;; - label:*) - local cur=${cur##*:} - COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "$cur") ) - if [ "${COMPREPLY[*]}" != "disable" ] ; then - compopt -o nospace - fi - ;; - *) - COMPREPLY=( $( compgen -W "label apparmor" -S ":" -- "$cur") ) - compopt -o nospace - ;; - esac - return - ;; - --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf|--dns-search) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt --add-host --cap-add --cap-drop --device --dns-search --net --restart" -- "$cur" ) ) - ;; - *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt|--add-host|--cap-add|--cap-drop|--device|--dns-search|--net|--restart') - - if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags_and_ids - fi - ;; - esac + _docker_run } _docker_diff() { @@ -617,6 +500,49 @@ _docker_rmi() { } _docker_run() { + local options_with_args=" + -a --attach + --add-host + --cap-add + --cap-drop + -c --cpu-shares + --cidfile + --cpuset + --device + --dns + --dns-search + -e --env + --entrypoint + --env-file + --expose + -h --hostname + --link + --lxc-conf + -m --memory + --name + --net + -p --publish + --restart + --security-opt + -u --user + --volumes-from + -v --volume + -w --workdir + " + + local all_options="$options_with_args + -i --interactive + -P --publish-all + --privileged + -t --tty + " + + [ "$command" = "run" ] && all_options="$all_options + -d --detach + --rm + --sig-proxy + " + case "$prev" in -a|--attach) COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) @@ -725,10 +651,10 @@ _docker_run() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--rm -d --detach --privileged -P --publish-all -i --interactive -t --tty --cidfile --entrypoint -h --hostname -m --memory -u --user -w --workdir --cpuset -c --cpu-shares --sig-proxy --name -a --attach -v --volume --link -e --env --env-file -p --publish --expose --dns --volumes-from --lxc-conf --security-opt --add-host --cap-add --cap-drop --device --dns-search --net --restart" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--cidfile|--volumes-from|-v|--volume|-e|--env|--env-file|--entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-a|--attach|--link|-p|--publish|--expose|--dns|--lxc-conf|--security-opt|--add-host|--cap-add|--cap-drop|--device|--dns-search|--net|--restart') + local counter=$( __docker_pos_first_nonflag $( echo $options_with_args | tr -d "\n" | tr " " "|" ) ) if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids From 0ed37792d6ed7e08f6ba617016db5d03e873da73 Mon Sep 17 00:00:00 2001 From: Fred Lifton Date: Tue, 16 Dec 2014 17:40:02 -0800 Subject: [PATCH 0409/2538] Additions for 1.4.1 release Docker-DCO-1.1-Signed-off-by: Fred Lifton (github: fredlf) --- docs/sources/reference/commandline/cli.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 577a4c68c0..b7175561fc 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -708,6 +708,9 @@ container at any point. This is useful when you want to set up a container configuration ahead of time so that it is ready to start when you need it. +Note that volumes set by `create` may be over-ridden by options set with +`start`. + Please see the [run command](#run) section for more details. #### Example From 1cc7a4eb81b4bcfca2098080ceafdfff4f565fbe Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 16 Dec 2014 14:25:37 +1000 Subject: [PATCH 0410/2538] add Scott's link checker script, and fix what it finds Signed-off-by: Sven Dowideit --- docs/README.md | 5 +++++ docs/sources/reference/builder.md | 10 +++++----- docs/sources/reference/commandline/cli.md | 8 ++++---- docs/sources/reference/run.md | 8 ++++---- 4 files changed, 18 insertions(+), 13 deletions(-) diff --git a/docs/README.md b/docs/README.md index de3999ba78..b3e9b32306 100755 --- a/docs/README.md +++ b/docs/README.md @@ -33,6 +33,11 @@ In the root of the `docker` source directory: If you have any issues you need to debug, you can use `make docs-shell` and then run `mkdocs serve` +## Testing the links + +You can use `make docs-test` to generate a report of missing links that are referenced in +the documentation - there should be none. + ## Adding a new document New document (`.md`) files are added to the documentation builds by adding them diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index adc308c9d6..10689bb1f8 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -79,7 +79,7 @@ guide](/articles/dockerfile_best-practices/#build-cache) for more information): Successfully built 1a5ffc17324d When you're done with your build, you're ready to look into [*Pushing a -repository to its registry*]( /userguide/dockerrepos/#image-push). +repository to its registry*]( /userguide/dockerrepos/#contributing-to-docker-hub). ## Format @@ -93,7 +93,7 @@ be UPPERCASE in order to distinguish them from arguments more easily. Docker runs the instructions in a `Dockerfile` in order. **The first instruction must be \`FROM\`** in order to specify the [*Base -Image*](/terms/image/#base-image-def) from which you are building. +Image*](/terms/image/#base-image) from which you are building. Docker will treat lines that *begin* with `#` as a comment. A `#` marker anywhere else in the line will @@ -186,11 +186,11 @@ Or FROM : -The `FROM` instruction sets the [*Base Image*](/terms/image/#base-image-def) +The `FROM` instruction sets the [*Base Image*](/terms/image/#base-image) for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as its first instruction. The image can be any valid image – it is especially easy to start by **pulling an image** from the [*Public Repositories*]( -/userguide/dockerrepos/#using-public-repositories). +/userguide/dockerrepos). `FROM` must be the first non-comment instruction in the `Dockerfile`. @@ -763,7 +763,7 @@ and mark it as holding externally mounted volumes from native host or other containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log /var/db`. For more information/examples and mounting instructions via the -Docker client, refer to [*Share Directories via Volumes*](/userguide/dockervolumes/#volume-def) +Docker client, refer to [*Share Directories via Volumes*](/userguide/dockervolumes/#volume) documentation. > **Note**: diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b7175561fc..cbf18c5ef2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -459,7 +459,7 @@ Use this command to build Docker images from a Dockerfile and a The files at `PATH` or `URL` are called the "context" of the build. The build process may refer to any of the files in the context, for example -when using an [*ADD*](/reference/builder/#dockerfile-add) instruction. +when using an [*ADD*](/reference/builder/#add) instruction. When a single Dockerfile is given as `URL` or is piped through `STDIN` (`docker build - < Dockerfile`), then no context is set. @@ -539,7 +539,7 @@ machine and that no parsing of the Dockerfile happens at the client side (where you're running `docker build`). That means that *all* the files at `PATH` get sent, not just the ones listed to -[*ADD*](/reference/builder/#dockerfile-add) in the Dockerfile. +[*ADD*](/reference/builder/#add) in the Dockerfile. The transfer of context from the local machine to the Docker daemon is what the `docker` client means when you see the @@ -1817,7 +1817,7 @@ Search [Docker Hub](https://hub.docker.com) for images -s, --stars=0 Only displays with at least x stars See [*Find Public Images on Docker Hub*]( -/userguide/dockerrepos/#find-public-images-on-docker-hub) for +/userguide/dockerrepos/#searching-for-images) for more details on finding shared images from the command line. ## start @@ -1853,7 +1853,7 @@ grace period, `SIGKILL`. You can group your images together using names and tags, and then upload them to [*Share Images via Repositories*]( -/userguide/dockerrepos/#working-with-the-repository). +/userguide/dockerrepos/#contributing-to-docker-hub). ## top diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index e9ecfff442..d13284b5d0 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -7,7 +7,7 @@ page_keywords: docker, run, configure, runtime **Docker runs processes in isolated containers**. When an operator executes `docker run`, she starts a process with its own file system, its own networking, and its own isolated process tree. The -[*Image*](/terms/image/#image-def) which starts the process may define +[*Image*](/terms/image/#image) which starts the process may define defaults related to the binary to run, the networking to expose, and more, but `docker run` gives final control to the operator who starts the container from the image. That's the main reason @@ -114,7 +114,7 @@ The UUID identifiers come from the Docker daemon, and if you do not assign a name to the container with `--name` then the daemon will also generate a random string name too. The name can become a handy way to add meaning to a container since you can use this name when defining -[*links*](/userguide/dockerlinks/#working-with-links-names) (or any +[*links*](/userguide/dockerlinks) (or any other place you need to identify a container). This works for both background and foreground Docker containers. @@ -420,7 +420,7 @@ familiar with using LXC directly. ## Overriding Dockerfile image defaults -When a developer builds an image from a [*Dockerfile*](/reference/builder/#dockerbuilder) +When a developer builds an image from a [*Dockerfile*](/reference/builder) or when she commits it, the developer can set a number of default parameters that take effect when the image starts up as a container. @@ -634,7 +634,7 @@ container's `/etc/hosts` entry will be automatically updated. The volumes commands are complex enough to have their own documentation in section [*Managing data in -containers*](/userguide/dockervolumes/#volume-def). A developer can define +containers*](/userguide/dockervolumes). A developer can define one or more `VOLUME`'s associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). From 8b6198a7f28b9d16b0be75552d9bef06d34528c2 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 16 Dec 2014 15:25:09 +1000 Subject: [PATCH 0411/2538] Update the documentation for #9356 fix Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index cbf18c5ef2..f31f1bdddd 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -867,8 +867,17 @@ The `docker exec` command runs a new command in a running container. The command started using `docker exec` will only run while the container's primary process (`PID 1`) is running, and will not be restarted if the container is restarted. -If the container is paused, then the `docker exec` command will wait until the -container is unpaused, and then run. +If the container is paused, then the `docker exec` command will fail with an error: + + $ docker pause test + test + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 1ae3b36715d2 ubuntu:latest "bash" 17 seconds ago Up 16 seconds (Paused) test + $ docker exec test ls + FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec + $ echo $? + 1 #### Examples From c5bc5057449d79b5d1e3151b1af0203e939a8658 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 12 Dec 2014 10:32:11 -0800 Subject: [PATCH 0412/2538] Allow for relative paths on ADD/COPY Moved Tianon's PR from: https://github.com/docker/docker/pull/7870 on top of the latest code Closes: #3936 Signed-off-by: Andrew Page Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 10689bb1f8..fa7393efa3 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -397,8 +397,10 @@ For most command line uses this should act as expected, for example: ADD hom* /mydir/ # adds all files starting with "hom" ADD hom?.txt /mydir/ # ? is replaced with any single character -The `` is the absolute path to which the source will be copied inside the -destination container. +The `` is an absolute path, or a path relative to `WORKDIR`, into which +the source will be copied inside the destination container. + + ADD test aDir/ # adds "test" to `WORKDIR`/aDir/ All new files and directories are created with a UID and GID of 0. @@ -494,8 +496,10 @@ For most command line uses this should act as expected, for example: COPY hom* /mydir/ # adds all files starting with "hom" COPY hom?.txt /mydir/ # ? is replaced with any single character -The `` is the absolute path to which the source will be copied inside the -destination container. +The `` is an absolute path, or a path relative to `WORKDIR`, into which +the source will be copied inside the destination container. + + COPY test aDir/ # adds "test" to `WORKDIR`/aDir/ All new files and directories are created with a UID and GID of 0. From bd4bbf003447779761afcc0481942484f051ccd9 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Wed, 19 Nov 2014 14:50:16 -0500 Subject: [PATCH 0413/2538] Add "OOM killed" event based on OOM state information Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f31f1bdddd..379871fe50 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -761,7 +761,7 @@ For example: Docker containers will report the following events: - create, destroy, die, export, kill, pause, restart, start, stop, unpause + create, destroy, die, export, kill, oom, pause, restart, start, stop, unpause and Docker images will report: From 04e44cef6b2a8c7fa09409cef9601868f34b6d79 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 5 Dec 2014 14:31:54 +1000 Subject: [PATCH 0414/2538] Talk up the 1.4 change to initialise volumes at time Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 31 ++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 379871fe50..fb314e2403 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -713,13 +713,42 @@ Note that volumes set by `create` may be over-ridden by options set with Please see the [run command](#run) section for more details. -#### Example +#### Examples $ sudo docker create -t -i fedora bash 6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752 $ sudo docker start -a -i 6d8af538ec5 bash-4.2# +As of v1.4.0 container volumes are initialized during the `docker create` +phase (i.e., `docker run` too). For example, this allows you to `create` the +`data` volume container, and then use it from another container: + + $ docker create -v /data --name data ubuntu + 240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57 + $ docker run --rm --volumes-from data ubuntu ls -la /data + total 8 + drwxr-xr-x 2 root root 4096 Dec 5 04:10 . + drwxr-xr-x 48 root root 4096 Dec 5 04:11 .. + +Similarly, `create` a host directory bind mounted volume container, which +can then be used from the subsequent container: + + $ docker create -v /home/docker:/docker --name docker ubuntu + 9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03 + $ docker run --rm --volumes-from docker ubuntu ls -la /docker + total 20 + drwxr-sr-x 5 1000 staff 180 Dec 5 04:00 . + drwxr-xr-x 48 root root 4096 Dec 5 04:13 .. + -rw-rw-r-- 1 1000 staff 3833 Dec 5 04:01 .ash_history + -rw-r--r-- 1 1000 staff 446 Nov 28 11:51 .ashrc + -rw-r--r-- 1 1000 staff 25 Dec 5 04:00 .gitconfig + drwxr-sr-x 3 1000 staff 60 Dec 1 03:28 .local + -rw-r--r-- 1 1000 staff 920 Nov 28 11:51 .profile + drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh + drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker + + ## diff List the changed files and directories in a container᾿s filesystem From 6345932ff1324f8f53ef19463d706e5ecf74e963 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 30 Dec 2014 12:14:08 +1000 Subject: [PATCH 0415/2538] Document that there is a delay before the --restart policy restart, and that its double the last one Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index fb314e2403..aab3d6af47 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1768,6 +1768,16 @@ application change: Using the `--restart` flag on Docker run you can specify a restart policy for how a container should or should not be restarted on exit. +An ever increasing delay (double the previous delay, starting at 100 milliseconds) +is added before each restart to prevent flooding the server. This means the daemaon +will wait for 100 mS, then 200 mS, 400, 800, 1600, and so on until either the +`on-failure` limit is hit, or when you `docker stop` or even `docker rm -f` +the container. + +When a restart policy is active on a container, it will be shown in `docker ps` +as either `Up` or `Restarting` in `docker ps`. It can also be useful to use +`docker events` to see the restart policy in effect. + ** no ** - Do not restart the container when it exits. ** on-failure ** - Restart the container only if it exits with a non zero exit status. From 1d3be0eae9858f7bf0b0e9c14254df1166a5ff3c Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 29 Dec 2014 19:21:45 +0100 Subject: [PATCH 0416/2538] Add missing options to bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 51 ++++++++++++++++++++++++++++++---- 1 file changed, 45 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7fcbfca548..cf253e9cee 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -368,7 +368,18 @@ _docker_kill() { } _docker_load() { - return + case "$prev" in + -i|--input) + _filedir + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-i --input" -- "$cur" ) ) + ;; + esac } _docker_login() { @@ -516,9 +527,11 @@ _docker_run() { --env-file --expose -h --hostname + --ipc --link --lxc-conf -m --memory + --mac-address --name --net -p --publish @@ -577,6 +590,21 @@ _docker_run() { compopt -o nospace return ;; + --ipc) + case "$cur" in + *:*) + cur="${cur#*:}" + __docker_containers_running + ;; + *) + COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) ) + if [ "$COMPREPLY" = "container:" ]; then + compopt -o nospace + fi + ;; + esac + return + ;; --link) case "$cur" in *:*) @@ -644,7 +672,7 @@ _docker_run() { esac return ;; - --entrypoint|-h|--hostname|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf|--dns-search) + --entrypoint|-h|--hostname|--mac-address|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf|--dns-search) return ;; esac @@ -664,10 +692,21 @@ _docker_run() { } _docker_save() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags_and_ids - fi + case "$prev" in + -o|--output) + _filedir + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-o --output" -- "$cur" ) ) + ;; + *) + __docker_image_repos_and_tags_and_ids + ;; + esac } _docker_search() { From 3fb5792b25f05cbc034d6606bbec0fb5d0220705 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 30 Dec 2014 19:18:21 +0100 Subject: [PATCH 0417/2538] Sort options in bash completion alphabetically This introduces a sort order for options: Arrange options sorted alphabetically by long name with the short options immediately following their corresponding long form. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 135 +++++++++++++++++---------------- 1 file changed, 70 insertions(+), 65 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index cf253e9cee..7dd23b8538 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -20,6 +20,11 @@ # bound to the default communication port/socket # If the docker daemon is using a unix socket for communication your user # must have access to the socket for the completions to function correctly +# +# Note for developers: +# Please arrange options sorted alphabetically by long name with the short +# options immediately following their corresponding long form. +# This order should be applied to lists, alternatives and code blocks. __docker_q() { docker 2>/dev/null "$@" @@ -181,7 +186,7 @@ _docker_attach() { _docker_build() { case "$prev" in - -t|--tag) + --tag|-t) __docker_image_repos_and_tags return ;; @@ -189,10 +194,10 @@ _docker_build() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-t --tag -q --quiet --no-cache --rm --force-rm" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force-rm --no-cache --quiet -q --rm --tag -t" -- "$cur" ) ) ;; *) - local counter="$(__docker_pos_first_nonflag '-t|--tag')" + local counter="$(__docker_pos_first_nonflag '--tag|-t')" if [ $cword -eq $counter ]; then _filedir -d fi @@ -202,17 +207,17 @@ _docker_build() { _docker_commit() { case "$prev" in - -m|--message|-a|--author|--run) + --author|-a|--message|-m|--run) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "-m --message -a --author --run" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--author -a --message -m --run" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '-m|--message|-a|--author|--run') + local counter=$(__docker_pos_first_nonflag '--author|-a|--message|-m|--run') if [ $cword -eq $counter ]; then __docker_containers_all @@ -279,7 +284,7 @@ _docker_events() { _docker_exec() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-d --detach -i --interactive -t --tty" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--detach -d --interactive -i -t --tty" -- "$cur" ) ) ;; *) __docker_containers_running @@ -304,7 +309,7 @@ _docker_help() { _docker_history() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-q --quiet --no-trunc" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--no-trunc --quiet -q" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) @@ -318,7 +323,7 @@ _docker_history() { _docker_images() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-q --quiet -a --all --no-trunc -v --viz -t --tree" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --no-trunc --quiet -q" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) @@ -348,14 +353,14 @@ _docker_info() { _docker_inspect() { case "$prev" in - -f|--format) + --format|-f) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "-f --format" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f" -- "$cur" ) ) ;; *) __docker_containers_and_images @@ -369,7 +374,7 @@ _docker_kill() { _docker_load() { case "$prev" in - -i|--input) + --input|-i) _filedir return ;; @@ -377,21 +382,21 @@ _docker_load() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-i --input" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--input -i" -- "$cur" ) ) ;; esac } _docker_login() { case "$prev" in - -u|--username|-p|--password|-e|--email) + --email|-e|--password|-p|--username|-u) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "-u --username -p --password -e --email" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--email -e --password -p --username -u" -- "$cur" ) ) ;; esac } @@ -399,7 +404,7 @@ _docker_login() { _docker_logs() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-f --follow" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--follow -f" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) @@ -426,7 +431,7 @@ _docker_port() { _docker_ps() { case "$prev" in - --since|--before) + --before|--since) __docker_containers_all ;; -n) @@ -436,24 +441,24 @@ _docker_ps() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-q --quiet -s --size -a --all --no-trunc -l --latest --since --before -n" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --before --latest -l --no-trunc -n --quiet -q --size -s --since" -- "$cur" ) ) ;; esac } _docker_pull() { case "$prev" in - -t|--tag) + --tag|-t) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "-t --tag" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--tag -t" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '-t|--tag') + local counter=$(__docker_pos_first_nonflag '--tag|-t') if [ $cword -eq $counter ]; then __docker_image_repos_and_tags fi @@ -470,14 +475,14 @@ _docker_push() { _docker_restart() { case "$prev" in - -t|--time) + --time|-t) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "-t --time" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--time -t" -- "$cur" ) ) ;; *) __docker_containers_all @@ -488,13 +493,13 @@ _docker_restart() { _docker_rm() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-f --force -l --link -v --volumes" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force -f --link -l --volumes -v" -- "$cur" ) ) return ;; *) for arg in "${COMP_WORDS[@]}"; do case "$arg" in - -f|--force) + --force|-f) __docker_containers_all return ;; @@ -512,64 +517,72 @@ _docker_rmi() { _docker_run() { local options_with_args=" - -a --attach --add-host + --attach -a --cap-add --cap-drop - -c --cpu-shares --cidfile --cpuset + --cpu-shares -c --device --dns --dns-search - -e --env --entrypoint + --env -e --env-file --expose - -h --hostname + --hostname -h --ipc --link --lxc-conf - -m --memory --mac-address + --memory -m --name --net - -p --publish + --publish -p --restart --security-opt - -u --user + --user -u --volumes-from - -v --volume - -w --workdir + --volume -v + --workdir -w " local all_options="$options_with_args - -i --interactive - -P --publish-all + --interactive -i --privileged - -t --tty + --publish-all -P + --tty -t " [ "$command" = "run" ] && all_options="$all_options - -d --detach + --detach -d --rm --sig-proxy " case "$prev" in - -a|--attach) + --add-host) + case "$cur" in + *:) + __docker_resolve_hostname + return + ;; + esac + ;; + --attach|-a) COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) return ;; + --cap-add|--cap-drop) + __docker_capabilities + return + ;; --cidfile|--env-file) _filedir return ;; - --volumes-from) - __docker_containers_all - return - ;; - -v|--volume|--device) + --device|-d|--volume) case "$cur" in *:*) # TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine) @@ -585,7 +598,7 @@ _docker_run() { esac return ;; - -e|--env) + --env|-e) COMPREPLY=( $( compgen -e -- "$cur" ) ) compopt -o nospace return @@ -617,18 +630,6 @@ _docker_run() { esac return ;; - --add-host) - case "$cur" in - *:) - __docker_resolve_hostname - return - ;; - esac - ;; - --cap-add|--cap-drop) - __docker_capabilities - return - ;; --net) case "$cur" in container:*) @@ -672,7 +673,11 @@ _docker_run() { esac return ;; - --entrypoint|-h|--hostname|--mac-address|-m|--memory|-u|--user|-w|--workdir|--cpuset|-c|--cpu-shares|-n|--name|-p|--publish|--expose|--dns|--lxc-conf|--dns-search) + --volumes-from) + __docker_containers_all + return + ;; + --cpuset|--cpu-shares|-c|--dns|--dns-search|--entrypoint|--expose|--hostname|-h|--lxc-conf|--mac-address|--memory|-m|--name|-n|--publish|-p|--user|-u|--workdir|-w) return ;; esac @@ -693,7 +698,7 @@ _docker_run() { _docker_save() { case "$prev" in - -o|--output) + --output|-o) _filedir return ;; @@ -711,14 +716,14 @@ _docker_save() { _docker_search() { case "$prev" in - -s|--stars) + --stars|-s) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--no-trunc --automated -s --stars" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--automated --no-trunc --stars -s" -- "$cur" ) ) ;; esac } @@ -726,7 +731,7 @@ _docker_search() { _docker_start() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-a --attach -i --interactive" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--attach -a --interactive -i" -- "$cur" ) ) ;; *) __docker_containers_stopped @@ -736,14 +741,14 @@ _docker_start() { _docker_stop() { case "$prev" in - -t|--time) + --time|-t) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "-t --time" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--time -t" -- "$cur" ) ) ;; *) __docker_containers_running @@ -754,7 +759,7 @@ _docker_stop() { _docker_tag() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-f --force" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force -f" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) From c33d198609632d9ca9d1a7cb1f8b35980bc65cb7 Mon Sep 17 00:00:00 2001 From: Srini Brahmaroutu Date: Mon, 3 Nov 2014 18:15:55 +0000 Subject: [PATCH 0418/2538] add ability to publish range of ports Closes #8899 Signed-off-by: Srini Brahmaroutu --- docs/sources/reference/commandline/cli.md | 6 +++++- docs/sources/reference/run.md | 9 +++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index aab3d6af47..e48a393b79 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -686,8 +686,10 @@ Creates a new container. 'container:': reuses another container network stack 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. -P, --publish-all=false Publish all exposed ports to the host interfaces - -p, --publish=[] Publish a container's port to the host + -p, --publish=[] Publish a container's port, or a range of ports (e.g., `-p 3300-3310`), to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort + Both hostPort and containerPort can be specified as a range of ports. + When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) (use 'docker port' to see the actual mapping) --privileged=false Give extended privileges to this container --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) @@ -1514,6 +1516,8 @@ removed before the image is removed. -P, --publish-all=false Publish all exposed ports to the host interfaces -p, --publish=[] Publish a container's port to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort + Both hostPort and containerPort can be specified as a range of ports. + When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) (use 'docker port' to see the actual mapping) --privileged=false Give extended privileges to this container --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index d13284b5d0..1cd6231751 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -487,10 +487,11 @@ or override the Dockerfile's exposed defaults: --expose=[]: Expose a port or a range of ports from the container without publishing it to your host -P=false : Publish all exposed ports to the host interfaces - -p=[] : Publish a container᾿s port to the host (format: - ip:hostPort:containerPort | ip::containerPort | - hostPort:containerPort | containerPort) - (use 'docker port' to see the actual mapping) + -p=[] : Publish a container᾿s port or a range of ports to the host + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort + Both hostPort and containerPort can be specified as a range of ports. + When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) + (use 'docker port' to see the actual mapping) --link="" : Add link to another container (name:alias) As mentioned previously, `EXPOSE` (and `--expose`) makes ports available From bc5dd0cd32e348fa55eaadbb5b63d3102ebb7b8e Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 18 Dec 2014 16:46:43 +1000 Subject: [PATCH 0419/2538] Add docs Cloudfront cache invalidation Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) Signed-off-by: Sven Dowideit --- docs/README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/README.md b/docs/README.md index b3e9b32306..b730982e3c 100755 --- a/docs/README.md +++ b/docs/README.md @@ -145,11 +145,13 @@ to view your results and make sure what you published is what you wanted. When you're happy with it, publish the docs to our live site: - make AWS_S3_BUCKET=docs.docker.com BUILD_ROOT=yes docs-release + make AWS_S3_BUCKET=docs.docker.com BUILD_ROOT=yes DISTRIBUTION_ID=C2K6......FL2F docs-release Test the uncached version of the live docs at http://docs.docker.com.s3-website-us-east-1.amazonaws.com/ Note that the new docs will not appear live on the site until the cache (a complex, -distributed CDN system) is flushed. This requires someone with S3 keys. Contact Docker -(Sven Dowideit or John Costa) for assistance. +distributed CDN system) is flushed. The `make docs-release` command will do this +_if_ the `DISTRIBUTION_ID` is set to the Cloudfront distribution ID (ask the meta +team) - this will take at least 15 minutes to run and you can check its progress +with the CDN Cloudfront Chrome addin. From ea4024d2bdb29f2a1fdc6b6ae6546d179e59dcee Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 15 Oct 2014 17:14:12 -0400 Subject: [PATCH 0420/2538] --help option and help command should print to stdout not stderr --help and help are successful commands so output should not go to error. QE teams have requested this change, also users doing docker help | less or docker run --help | less would expect this to work. Usage statement should only be printed when the user asks for it. Errors should print error message and then suggest the docker COMMAND --help command to see usage information. The current behaviour causes the user to have to search for the error message and sometimes scrolls right off the screen. For example a error on a "docker run" command is very difficult to diagnose. Finally erros should always exit with a non 0 exit code, if the user makes a CLI error. Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/sources/reference/commandline/cli.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e48a393b79..8d10bcf9cb 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -15,6 +15,19 @@ or execute `docker help`: ... +## Help +To list the help on any command just execute the command, followed by the `--help` option. + + $ sudo docker run --help + + Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] + + Run a command in a new container + + -a, --attach=[] Attach to STDIN, STDOUT or STDERR. + -c, --cpu-shares=0 CPU shares (relative weight) + ... + ## Option types Single character commandline options can be combined, so rather than From d8d520cfbc0c70040ab0598da39a4f0b3640618d Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 6 Jan 2015 17:01:10 +1000 Subject: [PATCH 0421/2538] Explicitly mention that '-P' maps to random ports as noted in https://github.com/boot2docker/boot2docker/issues/690 Signed-off-by: Sven Dowideit Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- contrib/completion/fish/docker.fish | 4 ++-- docs/sources/reference/commandline/cli.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 5eef6f30bf..c0a5725a1d 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -122,7 +122,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l lxc-conf -d complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s p -l publish -d "Publish a container's port to the host" complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l privileged -d 'Give extended privileges to this container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)' @@ -278,7 +278,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d '(l complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to the host interfaces' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)' diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8d10bcf9cb..2d7caedc7b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -698,7 +698,7 @@ Creates a new container. 'none': no networking for this container 'container:': reuses another container network stack 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - -P, --publish-all=false Publish all exposed ports to the host interfaces + -P, --publish-all=false Publish all exposed ports to random ports on the host interfaces -p, --publish=[] Publish a container's port, or a range of ports (e.g., `-p 3300-3310`), to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort Both hostPort and containerPort can be specified as a range of ports. @@ -1526,7 +1526,7 @@ removed before the image is removed. 'none': no networking for this container 'container:': reuses another container network stack 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - -P, --publish-all=false Publish all exposed ports to the host interfaces + -P, --publish-all=false Publish all exposed ports to random ports on the host interfaces -p, --publish=[] Publish a container's port to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort Both hostPort and containerPort can be specified as a range of ports. From c5bd80c7386c7e278aa2022510c885deadabe7be Mon Sep 17 00:00:00 2001 From: Christian Stefanescu Date: Tue, 6 Jan 2015 12:34:14 +0100 Subject: [PATCH 0422/2538] Fixed minor typo Signed-off-by: Christian Stefanescu --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 1cd6231751..012a6e71ff 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -254,7 +254,7 @@ the container exits**, you can add the `--rm` flag: --security-opt="label:type:TYPE" : Set the label type for the container --security-opt="label:level:LEVEL" : Set the label level for the container --security-opt="label:disable" : Turn off label confinement for the container - --secutity-opt="apparmor:PROFILE" : Set the apparmor profile to be applied + --security-opt="apparmor:PROFILE" : Set the apparmor profile to be applied to the container You can override the default labeling scheme for each container by specifying From c88762b38b03e5a7df9f8f4613f9f1c7f69603ca Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 23 Oct 2014 14:30:11 -0700 Subject: [PATCH 0423/2538] Have .dockerignore support Dockerfile/.dockerignore If .dockerignore mentions either then the client will send them to the daemon but the daemon will erase them after the Dockerfile has been parsed to simulate them never being sent in the first place. an events test kept failing for me so I tried to fix that too Closes #8330 Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index fa7393efa3..90862334ef 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -154,6 +154,12 @@ Exclusion patterns match files or directories relative to the source repository that will be excluded from the context. Globbing is done using Go's [filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. +> **Note**: +> The `.dockerignore` file can even be used to ignore the `Dockerfile` and +> `.dockerignore` files. This might be useful if you are copying files from +> the root of the build context into your new containter but do not want to +> include the `Dockerfile` or `.dockerignore` files (e.g. `ADD . /someDir/`). + The following example shows the use of the `.dockerignore` file to exclude the `.git` directory from the context. Its effect can be seen in the changed size of the uploaded context. From 350d2e33b79b8d664a8215af48326497a7627b7c Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 11 Sep 2014 07:42:17 -0700 Subject: [PATCH 0424/2538] Allow for Dockerfile to be named something else. Add a check to make sure Dockerfile is in the build context Add docs and a testcase Make -f relative to current dir, not build context Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 40 ++++++++++++++++++++--- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2d7caedc7b..799c0148c7 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -461,11 +461,12 @@ To kill the container, use `docker kill`. Build a new image from the source code at PATH - --force-rm=false Always remove intermediate containers, even after unsuccessful builds - --no-cache=false Do not use cache when building the image - -q, --quiet=false Suppress the verbose output generated by the containers - --rm=true Remove intermediate containers after a successful build - -t, --tag="" Repository name (and optionally a tag) to be applied to the resulting image in case of success + -f, --file="" Location of the Dockerfile to use. Default is 'Dockerfile' at the root of the build context + --force-rm=false Always remove intermediate containers, even after unsuccessful builds + --no-cache=false Do not use cache when building the image + -q, --quiet=false Suppress the verbose output generated by the containers + --rm=true Remove intermediate containers after a successful build + -t, --tag="" Repository name (and optionally a tag) to be applied to the resulting image in case of success Use this command to build Docker images from a Dockerfile and a "context". @@ -510,6 +511,13 @@ For example, the files `tempa`, `tempb` are ignored from the root directory. Currently there is no support for regular expressions. Formats like `[^temp*]` are ignored. +By default the `docker build` command will look for a `Dockerfile` at the +root of the build context. The `-f`, `--file`, option lets you specify +the path to an alternative file to use instead. This is useful +in cases where the same set of files are used for multiple builds. The path +must be to a file within the build context. If a relative path is specified +then it must to be relative to the current directory. + See also: @@ -612,6 +620,28 @@ repository is used as Dockerfile. Note that you can specify an arbitrary Git repository by using the `git://` or `git@` schema. + $ sudo docker build -f Dockerfile.debug . + +This will use a file called `Dockerfile.debug` for the build +instructions instead of `Dockerfile`. + + $ sudo docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . + $ sudo docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . + +The above commands will build the current build context (as specified by +the `.`) twice, once using a debug version of a `Dockerfile` and once using +a production version. + + $ cd /home/me/myapp/some/dir/really/deep + $ sudo docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp + $ sudo docker build -f ../../../../dockerfiles/debug /home/me/myapp + +These two `docker build` commands do the exact same thing. They both +use the contents of the `debug` file instead of looking for a `Dockerfile` +and will use `/home/me/myapp` as the root of the build context. Note that +`debug` is in the directory structure of the build context, regardless of how +you refer to it on the command line. + > **Note:** `docker build` will return a `no such file or directory` error > if the file or directory does not exist in the uploaded context. This may > happen if there is no context, or if you specify a file that is elsewhere From fbe252581aea18f483f5235ae833d4f49b72b453 Mon Sep 17 00:00:00 2001 From: Jan Koprowski Date: Mon, 15 Dec 2014 13:28:42 +0100 Subject: [PATCH 0425/2538] Specify ENV variables are also used for CMD. Signed-off-by: Michael Crosby --- docs/sources/reference/builder.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 90862334ef..73af35c6ff 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -349,7 +349,8 @@ accessible from the host by default. To expose ports to the host, at runtime, ENV = ... The `ENV` instruction sets the environment variable `` to the value -``. This value will be passed to all future `RUN` instructions. This is +``. This value will be passed to all future +`RUN`, `ENTRYPOINT`, and `CMD` instructions. This is functionally equivalent to prefixing the command with `=` The `ENV` instruction has two forms. The first form, `ENV `, From 2b97e7c82e203da9fd25e09a91a1068e599e41a1 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 5 Jan 2015 10:53:39 +1000 Subject: [PATCH 0426/2538] Add @ArikaChen's tip for using HTTPS proxy to pull Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 799c0148c7..a92c72d6c9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -377,6 +377,22 @@ flag to the Docker daemon as described above. Local registries, whose IP address falls in the 127.0.0.0/8 range, are automatically marked as insecure as of Docker 1.3.2. It is not recommended to rely on this, as it may change in the future. +### Running a Docker daemon behind a HTTPS_PROXY + +When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub certificates +will be replaced by the proxy's certificates. These certificates need to be added +to your Docker host's configuration: + +1. Install the `ca-certificates` package for your distribution +2. Ask your network admin for the proxy's CA certificate and append them to + `/etc/pki/tls/certs/ca-bundle.crt` +3. Then start your Docker daemon with `HTTPS_PROXY=http://username:password@proxy:port/ docker -d`. + The `username:` and `password@` are optional - and are only needed if your proxy + is set up to require authentication. + +This will only add the proxy and authentication to the Docker daemon's requests - +your `docker build`s and running containers will need extra configuration to use +the proxy ### Miscellaneous options From 663bc8e9695db5ea695fdb4ca3bee502251a3f76 Mon Sep 17 00:00:00 2001 From: Malte Janduda Date: Fri, 9 Jan 2015 00:03:19 +0100 Subject: [PATCH 0427/2538] Adding IPv6 network support to docker Signed-off-by: Malte Janduda --- docs/sources/reference/commandline/cli.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a92c72d6c9..048f521bbc 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -76,8 +76,9 @@ expect an integer, and they can only be specified once. --dns=[] Force Docker to use specific DNS servers --dns-search=[] Force Docker to use specific DNS search domains -e, --exec-driver="native" Force the Docker runtime to use a specific exec driver - --fixed-cidr="" IPv4 subnet for fixed IPs (ex: 10.20.0.0/16) + --fixed-cidr="" IPv4 subnet for fixed IPs (e.g.: 10.20.0.0/16) this subnet must be nested in the bridge subnet (which is defined by -b or --bip) + --fixed-cidr-v6="" IPv6 subnet for global IPs (e.g.: 2a00:1450::/64) -G, --group="docker" Group to assign the unix socket specified by -H when running in daemon mode use '' (the empty string) to disable setting of a group -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime @@ -85,9 +86,10 @@ expect an integer, and they can only be specified once. --icc=true Allow unrestricted inter-container and Docker daemon host communication --insecure-registry=[] Enable insecure communication with specified registries (disables certificate verification for HTTPS and enables HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16) --ip=0.0.0.0 Default IP address to use when binding container ports - --ip-forward=true Enable net.ipv4.ip_forward + --ip-forward=true Enable net.ipv4.ip_forward and IPv6 forwarding if --fixed-cidr-v6 is defined. IPv6 forwarding may interfere with your existing IPv6 configuration when using Router Advertisement. --ip-masq=true Enable IP masquerading for bridge's IP range --iptables=true Enable Docker's addition of iptables rules + --ipv6=false Enable Docker IPv6 support -l, --log-level="info" Set the logging level --label=[] Set key=value labels to the daemon (displayed in `docker info`) --mtu=0 Set the containers network MTU From dde41d008e39ba1c0c0f285243244adc6e154eab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20K=C3=B6hler?= Date: Wed, 7 Jan 2015 20:27:24 +0100 Subject: [PATCH 0428/2538] Fix order of pause and port in command line documentation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andreas Köhler --- docs/sources/reference/commandline/cli.md | 32 +++++++++++------------ 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 048f521bbc..2baf4699d6 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1328,6 +1328,22 @@ timestamp, for example `2014-09-16T06:17:46.000000000Z`, to each log entry. To ensure that the timestamps for are aligned the nano-second part of the timestamp will be padded with zero when necessary. +## pause + + Usage: docker pause CONTAINER + + Pause all processes within a container + +The `docker pause` command uses the cgroups freezer to suspend all processes in +a container. Traditionally, when suspending a process the `SIGSTOP` signal is +used, which is observable by the process being suspended. With the cgroups freezer +the process is unaware, and unable to capture, that it is being suspended, +and subsequently resumed. + +See the +[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) +for further details. + ## port Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]] @@ -1350,22 +1366,6 @@ just a specific mapping: $ sudo docker port test 7890 0.0.0.0:4321 -## pause - - Usage: docker pause CONTAINER - - Pause all processes within a container - -The `docker pause` command uses the cgroups freezer to suspend all processes in -a container. Traditionally when suspending a process the `SIGSTOP` signal is -used, which is observable by the process being suspended. With the cgroups freezer -the process is unaware, and unable to capture, that it is being suspended, -and subsequently resumed. - -See the -[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) -for further details. - ## ps Usage: docker ps [OPTIONS] From d246ce1f3de50e515b860848fb687d8ad0960ab3 Mon Sep 17 00:00:00 2001 From: Srini Brahmaroutu Date: Sun, 5 Oct 2014 02:47:54 +0000 Subject: [PATCH 0429/2538] rename a existing container Closes #3036 Signed-off-by: Srini Brahmaroutu --- docs/sources/reference/commandline/cli.md | 24 +++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2baf4699d6..877a19508c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1366,6 +1366,30 @@ just a specific mapping: $ sudo docker port test 7890 0.0.0.0:4321 +## pause + + Usage: docker pause CONTAINER + + Pause all processes within a container + +The `docker pause` command uses the cgroups freezer to suspend all processes in +a container. Traditionally when suspending a process the `SIGSTOP` signal is +used, which is observable by the process being suspended. With the cgroups freezer +the process is unaware, and unable to capture, that it is being suspended, +and subsequently resumed. + +See the +[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) +for further details. + +## rename + + Usage: docker rename OLD_NAME NEW_NAME + + rename a existing container to a NEW_NAME + +The `docker rename` command allows the container to be renamed to a different name. + ## ps Usage: docker ps [OPTIONS] From f4573ee0bc6490c7b7255b709bd5170b8b698a19 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 25 Nov 2014 15:10:53 -0500 Subject: [PATCH 0430/2538] Allow the container to share the PID namespace with the host We want to be able to use container without the PID namespace. We basically want containers that can manage the host os, which I call Super Privileged Containers. We eventually would like to get to the point where the only namespace we use is the MNT namespace to bring the Apps userspace with it. By eliminating the PID namespace we can get better communication between the host and the clients and potentially tools like strace and gdb become easier to use. We also see tools like libvirtd running within a container telling systemd to place a VM in a particular cgroup, we need to have communications of the PID. I don't see us needing to share PID namespaces between containers, since this is really what docker exec does. So currently I see us just needing docker run --pid=host Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/sources/reference/commandline/cli.md | 1 + docs/sources/reference/run.md | 22 +++++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 877a19508c..0b7b0cda03 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1604,6 +1604,7 @@ removed before the image is removed. Both hostPort and containerPort can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) (use 'docker port' to see the actual mapping) + --pid=host 'host': use the host PID namespace inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. --privileged=false Give extended privileges to this container --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) --rm=false Automatically remove the container when it exits (incompatible with -d) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 012a6e71ff..d594066ad0 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -133,11 +133,31 @@ While not strictly a means of identifying a container, you can specify a version image you'd like to run the container with by adding `image[:tag]` to the command. For example, `docker run ubuntu:14.04`. +## PID Settings + --pid="" : Set the PID (Process) Namespace mode for the container, + 'host': use the host's PID namespace inside the container +By default, all containers have the PID namespace enabled. + +PID namespace provides separation of processes. The PID Namespace removes the +view of the system processes, and allows process ids to be reused including +pid 1. + +In certain cases you want your container to share the host's process namespace, +basically allowing processes within the container to see all of the processes +on the system. For example, you could build a container with debugging tools +like `strace` or `gdb`, but want to use these tools when debugging processes +within the container. + + $ sudo docker run --pid=host rhel7 strace -p 1234 + +This command would allow you to use `strace` inside the container on pid 1234 on +the host. + ## IPC Settings --ipc="" : Set the IPC mode for the container, 'container:': reuses another container's IPC namespace 'host': use the host's IPC namespace inside the container -By default, all containers have the IPC namespace enabled +By default, all containers have the IPC namespace enabled. IPC (POSIX/SysV IPC) namespace provides separation of named shared memory segments, semaphores and message queues. From e14d0cf87e8f92759aec2c438a69caab769a16a1 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 29 Dec 2014 18:19:42 +1000 Subject: [PATCH 0431/2538] Add a note that remote and Boot2Docker users should not type sudo Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0b7b0cda03..38ee3d2cbc 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -4,6 +4,8 @@ page_keywords: Docker, Docker documentation, CLI, command line # Command Line +{{ include "no-remote-sudo.md" }} + To list available commands, either run `docker` with no parameters or execute `docker help`: From 221cd67e25e9b118a76d7d46b4377021d133e3e5 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Tue, 13 Jan 2015 13:52:51 -0800 Subject: [PATCH 0432/2538] Add --readonly for read only container rootfs Add a --readonly flag to allow the container's root filesystem to be mounted as readonly. This can be used in combination with volumes to force a container's process to only write to locations that will be persisted. This is useful in many cases where the admin controls where they would like developers to write files and error on any other locations. Closes #7923 Closes #8752 Signed-off-by: Michael Crosby --- docs/sources/reference/commandline/cli.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 38ee3d2cbc..50bb2ccfb6 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -755,6 +755,7 @@ Creates a new container. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) (use 'docker port' to see the actual mapping) --privileged=false Give extended privileges to this container + --read-only=false Mount the container's root filesystem as read only --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) --security-opt=[] Security Options -t, --tty=false Allocate a pseudo-TTY @@ -1608,6 +1609,7 @@ removed before the image is removed. (use 'docker port' to see the actual mapping) --pid=host 'host': use the host PID namespace inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. --privileged=false Give extended privileges to this container + --read-only=false Mount the container's root filesystem as read only --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) --rm=false Automatically remove the container when it exits (incompatible with -d) --security-opt=[] Security Options @@ -1683,6 +1685,13 @@ will automatically create this directory on the host for you. In the example above, Docker will create the `/doesnt/exist` folder before starting your container. + $ sudo docker run --read-only -v /icanwrite busybox touch /icanwrite here + +Volumes can be used in combination with `--read-only` to control where +a container writes files. The `--read only` flag mounts the container's root +filesystem as read only prohibiting writes to locations other than the +specified volumes for the container. + $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh By bind-mounting the docker unix socket and statically linked docker From 1c6f4dc7fb68b45f08836d6424a0d59e828a9579 Mon Sep 17 00:00:00 2001 From: Nathan Hsieh Date: Wed, 14 Jan 2015 18:03:09 -0800 Subject: [PATCH 0433/2538] added note to man & cli docs on search limit Signed-off-by: Nathan Hsieh --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 50bb2ccfb6..72b5358a69 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1969,6 +1969,8 @@ See [*Find Public Images on Docker Hub*]( /userguide/dockerrepos/#searching-for-images) for more details on finding shared images from the command line. +*Note* - Search queries will only return up to 25 results + ## start Usage: docker start [OPTIONS] CONTAINER [CONTAINER...] From 40ee6737eadeb90284eaeaeb79279ebc066274f1 Mon Sep 17 00:00:00 2001 From: Nathan Hsieh Date: Thu, 15 Jan 2015 08:39:16 -0800 Subject: [PATCH 0434/2538] changed format of cli note Signed-off-by: Nathan Hsieh --- docs/sources/reference/commandline/cli.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 72b5358a69..1152b9397f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1969,7 +1969,8 @@ See [*Find Public Images on Docker Hub*]( /userguide/dockerrepos/#searching-for-images) for more details on finding shared images from the command line. -*Note* - Search queries will only return up to 25 results +> **Note:** +> Search queries will only return up to 25 results ## start From 72aae7c0465e0b0159a1fcdf7a825f4c1f0c1aec Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 14 Jan 2015 23:47:17 +0100 Subject: [PATCH 0435/2538] Docs: Add note that export doesn't include volume data. The documentation on `docker export` doesn't mention that data in volumes is not included in the export. This adds a note that volumes are not part of the export and refers to the "Backup, restore, or migrate data volumes" to give the user some pointers. Relates to https://github.com/docker/docker/issues/10095 Signed-off-by: Sebastiaan van Stijn --- docs/sources/reference/commandline/cli.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1152b9397f..e79664e6af 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -999,6 +999,15 @@ For example: $ sudo docker export red_panda > latest.tar +> **Note:** +> `docker export` does not export the contents of volumes associated with the +> container. If a volume is mounted on top of an existing directory in the +> container, `docker export` will export the contents of the *underlying* +> directory, not the contents of the volume. +> +> Refer to [Backup, restore, or migrate data volumes](/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes) +> in the user guide for examples on exporting data in a volume. + ## history Usage: docker history [OPTIONS] IMAGE From 74b009e81694132c35c78b19506e09b1e23ed75d Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Thu, 15 Jan 2015 16:40:39 -0500 Subject: [PATCH 0436/2538] Add backing filesystem info to `docker info` command where applicable Fixes #9960 This adds the output of a "Backing Filesystem:" entry to `docker info` to overlay, aufs, and devicemapper graphdrivers. The default list includes a fairly complete list of common filesystem names from linux/include/uapi/linux/magic.h, but if the backing filesystem is not recognized, the code will simply show "" Docker-DCO-1.1-Signed-off-by: Phil Estes --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e79664e6af..ef83446e53 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1171,6 +1171,7 @@ For example: Images: 52 Storage Driver: aufs Root Dir: /var/lib/docker/aufs + Backing Filesystem: extfs Dirs: 545 Execution Driver: native-0.2 Kernel Version: 3.13.0-24-generic From 11c19fc0f344d73a035ce3d26e936b1b68606856 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 6 Jan 2015 23:23:32 -0500 Subject: [PATCH 0437/2538] Add build --pull and evenets --filter flags to the docs for 1.4 Signed-off-by: Sven Dowideit --- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index c0a5725a1d..41c4a33008 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -163,7 +163,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_pr # images complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)' -complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s f -l filter -d "Provide filter values (i.e. 'dangling=true')" +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s f -l filter -d "Provide filter values (i.e., 'dangling=true')" complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository" diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ef83446e53..47d32b4d96 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -481,9 +481,9 @@ To kill the container, use `docker kill`. Build a new image from the source code at PATH - -f, --file="" Location of the Dockerfile to use. Default is 'Dockerfile' at the root of the build context --force-rm=false Always remove intermediate containers, even after unsuccessful builds --no-cache=false Do not use cache when building the image + --pull=false Always attempt to pull a newer version of the image -q, --quiet=false Suppress the verbose output generated by the containers --rm=true Remove intermediate containers after a successful build -t, --tag="" Repository name (and optionally a tag) to be applied to the resulting image in case of success @@ -851,6 +851,7 @@ For example: Get real time events from the server + -f, --filter=[] Provide filter values (i.e., 'event=stop') --since="" Show all events created since timestamp --until="" Stream events until this timestamp @@ -1035,7 +1036,7 @@ To see how the `docker:latest` image was built: List images -a, --all=false Show all images (by default filter out the intermediate image layers) - -f, --filter=[] Provide filter values (i.e. 'dangling=true') + -f, --filter=[] Provide filter values (i.e., 'dangling=true') --no-trunc=false Don't truncate output -q, --quiet=false Only show numeric IDs From da1720cca2e22c3b0e8482dc6955163131f0d97b Mon Sep 17 00:00:00 2001 From: Liang-Chi Hsieh Date: Mon, 19 Jan 2015 18:02:23 +0800 Subject: [PATCH 0438/2538] Fix typo. Signed-off-by: Liang-Chi Hsieh --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 47d32b4d96..cb17a67eb2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1699,7 +1699,7 @@ folder before starting your container. $ sudo docker run --read-only -v /icanwrite busybox touch /icanwrite here Volumes can be used in combination with `--read-only` to control where -a container writes files. The `--read only` flag mounts the container's root +a container writes files. The `--read-only` flag mounts the container's root filesystem as read only prohibiting writes to locations other than the specified volumes for the container. From 776f4e478ef6e4967da64c32b4c5c72507c6cb9c Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Fri, 26 Dec 2014 16:30:34 -0800 Subject: [PATCH 0439/2538] Support whitespaces in ADD and COPY continued Add tests and documentation for this new feature. Signed-off-by: Arnaud Porterie --- docs/sources/reference/builder.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 73af35c6ff..43e88c766d 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -388,7 +388,11 @@ change them using `docker run --env =`. ## ADD - ADD ... +ADD has two forms: + +- `ADD ... ` +- `ADD [""... ""]` (this form is required for paths containing +whitespace) The `ADD` instruction copies new files, directories or remote file URLs from `` and adds them to the filesystem of the container at the path ``. @@ -488,7 +492,11 @@ The copy obeys the following rules: ## COPY - COPY ... +COPY has two forms: + +- `COPY ... ` +- `COPY [""... ""]` (this form is required for paths containing +whitespace) The `COPY` instruction copies new files or directories from `` and adds them to the filesystem of the container at the path ``. From 4939c04b288f0031e6571ac06b8383a572ed4fce Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Mon, 19 Jan 2015 11:23:31 -0800 Subject: [PATCH 0440/2538] Add documentation for HTTP proxies Signed-off-by: Arnaud Porterie --- docs/sources/reference/commandline/cli.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index cb17a67eb2..c3788a1d2e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -170,6 +170,14 @@ string is equivalent to setting the `--tlsverify` flag. The following are equiva $ export DOCKER_TLS_VERIFY=1 $ sudo docker ps +The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` +environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes +precedence over `HTTP_PROXY`. If you happen to have a proxy configured with the +`HTTP_PROXY` or `HTTPS_PROXY` environment variables but still want to +communicate with the Docker daemon over its default `unix` domain socket, +setting the `NO_PROXY` environment variable to the path of the socket +(`/var/run/docker.sock`) is required. + ### Daemon storage-driver option The Docker daemon has support for several different image layer storage drivers: `aufs`, From 7c63b49df6c35cf8c97369a5d6a1f13a17142ad0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 19 Jan 2015 00:23:57 +0100 Subject: [PATCH 0441/2538] Document that ENV vars are not automatically updated Unlike the entries in `/etc/hosts`, environment-variables for linked containers are not automatically updated if the linked container is restarted. This adds a note to the documentation in; https://docs.docker.com/userguide/dockerlinks/#environment-variables and https://docs.docker.com/reference/run/#env-environment-variables To make users aware that this is the case and recommends them to use the `/etc/hosts` entries in stead. I added this change because users were expecting environment variables to be updated automatically as well (https://github.com/docker/docker/issues/10164). Signed-off-by: Sebastiaan van Stijn --- docs/sources/reference/run.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index d594066ad0..8bf0d3633f 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -647,6 +647,12 @@ mechanism to communicate with a linked container by its alias: If you restart the source container (`servicename` in this case), the recipient container's `/etc/hosts` entry will be automatically updated. +> **Note**: +> Unlike host entries in the `/ets/hosts` file, IP addresses stored in the +> environment variables are not automatically updated if the source container is +> restarted. We recommend using the host entries in `/etc/hosts` to resolve the +> IP address of linked containers. + ## VOLUME (shared filesystems) -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. From 6f56148726c39747134ab94872d114bf5a33b6b8 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 15 Jan 2015 12:19:19 -0800 Subject: [PATCH 0442/2538] Add the list of possible values for --log-level to help text Closes #10034 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c3788a1d2e..e142afde79 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -92,7 +92,7 @@ expect an integer, and they can only be specified once. --ip-masq=true Enable IP masquerading for bridge's IP range --iptables=true Enable Docker's addition of iptables rules --ipv6=false Enable Docker IPv6 support - -l, --log-level="info" Set the logging level + -l, --log-level="info" Set the logging level (debug, info, warn, error, fatal) --label=[] Set key=value labels to the daemon (displayed in `docker info`) --mtu=0 Set the containers network MTU if no value is provided: default to the default route MTU or 1500 if no default route is available From ca57d01f87e6f6bd8930512cf9b1015725eadf16 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 19 Jan 2015 09:57:44 +0800 Subject: [PATCH 0443/2538] Update the docs for --link accept container id Signed-off-by: Lei Jitang --- docs/sources/reference/commandline/cli.md | 2 +- docs/sources/reference/run.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e142afde79..0565d09385 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -746,7 +746,7 @@ Creates a new container. --ipc="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container 'container:': reuses another container shared memory, semaphores and message queues 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. - --link=[] Add link to another container in the form of name:alias + --link=[] Add link to another container in the form of :alias --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -m, --memory="" Memory limit (format: , where unit = b, k, m or g) --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 8bf0d3633f..ca7480beb8 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -512,7 +512,7 @@ or override the Dockerfile's exposed defaults: Both hostPort and containerPort can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) (use 'docker port' to see the actual mapping) - --link="" : Add link to another container (name:alias) + --link="" : Add link to another container (:alias) As mentioned previously, `EXPOSE` (and `--expose`) makes ports available **in** a container for incoming connections. The port number on the @@ -595,7 +595,7 @@ above, or already defined by the developer with a Dockerfile `ENV`: Similarly the operator can set the **hostname** with `-h`. -`--link name:alias` also sets environment variables, using the *alias* string to +`--link :alias` also sets environment variables, using the *alias* string to define environment variables within the container that give the IP and PORT information for connecting to the service container. Let's imagine we have a container running Redis: From f870b2c6f5486e32e7ced7505026652253c5b647 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Mon, 19 Jan 2015 16:16:36 -0800 Subject: [PATCH 0444/2538] Add docs for `--memory-swap`. Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0565d09385..36d0b18cc3 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1613,6 +1613,7 @@ removed before the image is removed. --link=[] Add link to another container in the form of name:alias --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -m, --memory="" Memory limit (format: , where unit = b, k, m or g) + -memory-swap="" Total memory usage (memory + swap), set '-1' to disable swap (format: , where unit = b, k, m or g) --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --name="" Assign a name to the container --net="bridge" Set the Network mode for the container From ff12640c2b50c4ceb7df767579fd1c3ad2a38f62 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 19 Jan 2015 09:55:08 +1000 Subject: [PATCH 0445/2538] An initial quick import of documentation from Compose, Machine and Swarm Docker-DCO-1.1-Signed-off-by: Sven Dowideit (github: SvenDowideit) --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index b730982e3c..4121fe7235 100755 --- a/docs/README.md +++ b/docs/README.md @@ -25,7 +25,7 @@ In the root of the `docker` source directory: $ make docs .... (lots of output) .... - $ docker run --rm -it -e AWS_S3_BUCKET -p 8000:8000 "docker-docs:master" mkdocs serve + docker run --rm -it -e AWS_S3_BUCKET -p 8000:8000 "docker-docs:master" mkdocs serve Running at: http://0.0.0.0:8000/ Live reload enabled. Hold ctrl+c to quit. From 9da6238f41be814cbd9344664e127fa5af6a79ef Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 19 Jan 2015 16:10:26 -0800 Subject: [PATCH 0446/2538] Add documentation for stats feature Signed-off-by: Michael Crosby --- docs/sources/reference/commandline/cli.md | 24 +++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 36d0b18cc3..b8af02da30 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2001,8 +2001,28 @@ more details on finding shared images from the command line. -a, --attach=false Attach container's STDOUT and STDERR and forward all signals to the process -i, --interactive=false Attach container's STDIN -When run on a container that has already been started, -takes no action and succeeds unconditionally. +## stats + + Usage: docker stats [CONTAINERS] + + Display live container stats based on resource usage + + --help=false Print usage + +Running `docker stats` on two redis containers + + $ sudo docker stats redis1 redis2 + CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O + redis1 0.07% 796 KiB/64 MiB 1.21% 788 B/648 B + redis2 0.07% 2.746 MiB/64 MiB 4.29% 1.266 KiB/648 B + + +When run on running containers live container stats will be streamed +back and displayed to the client. Stopped containers will not +receive any updates to their stats unless the container is started again. + +> **Note:** +> If you want more in depth resource usage for a container use the API endpoint ## stop From 3296ada2ed81c675c595d4f82061a829411bf564 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 21 Jan 2015 11:44:23 -0800 Subject: [PATCH 0447/2538] Update to docker stats documentation Signed-off-by: Michael Crosby --- docs/sources/reference/commandline/cli.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b8af02da30..98dd483263 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2005,11 +2005,11 @@ more details on finding shared images from the command line. Usage: docker stats [CONTAINERS] - Display live container stats based on resource usage + Display a live stream of one or more containers' resource usage statistics --help=false Print usage -Running `docker stats` on two redis containers +Running `docker stats` on multiple containers $ sudo docker stats redis1 redis2 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O @@ -2017,12 +2017,11 @@ Running `docker stats` on two redis containers redis2 0.07% 2.746 MiB/64 MiB 4.29% 1.266 KiB/648 B -When run on running containers live container stats will be streamed -back and displayed to the client. Stopped containers will not -receive any updates to their stats unless the container is started again. +The `docker stats` command will only return a live stream of data for running +containers. Stopped containers will not return any data. > **Note:** -> If you want more in depth resource usage for a container use the API endpoint +> If you want more detailed information about a container's resource usage, use the API endpoint. ## stop From 642218cefae5e713e4dead56ba264f2066c39076 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 16 Jan 2015 12:57:08 -0800 Subject: [PATCH 0448/2538] Docker run -e FOO should erase FOO if FOO isn't set in client env See #10141 for more info, but the main point of this is to make sure that if you do "docker run -e FOO ..." that FOO from the current env is passed into the container. This means that if there's a value, its set. But it also means that if FOO isn't set then it should be unset in the container too - even if it has to remove it from the env. So, unset HOSTNAME docker run -e HOSTNAME busybox env should _NOT_ show HOSTNAME in the list at all Closes #10141 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 98dd483263..3cfb1854d7 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1736,9 +1736,12 @@ ports in Docker. This sets environmental variables in the container. For illustration all three flags are shown here. Where `-e`, `--env` take an environment variable and -value, or if no "=" is provided, then that variable's current value is passed -through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container). All -three flags, `-e`, `--env` and `--env-file` can be repeated. +value, or if no `=` is provided, then that variable's current value is passed +through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container). +When no `=` is provided and that variable is not defined in the client's +environment then that variable will be removed from the container's list of +environment variables. +All three flags, `-e`, `--env` and `--env-file` can be repeated. Regardless of the order of these three flags, the `--env-file` are processed first, and then `-e`, `--env` flags. This way, the `-e` or `--env` will From 0dafe480ab5c1189654c16eff5e9a535017e89bd Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 19 Jan 2015 18:35:40 +0100 Subject: [PATCH 0449/2538] Add bash completions for daemon flags, simplify with extglob Implementing the deamon flags the traditional way introduced even more redundancy than usual because the same list of options with flags had to be added twice. This can be avoided by using variables in the case statements when using the extglob shell option. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 91 ++++++++++++++++++++++++++++++++-- 1 file changed, 86 insertions(+), 5 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7dd23b8538..4891194bd8 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -104,6 +104,22 @@ __docker_pos_first_nonflag() { echo $counter } +# Transforms a multiline list of strings into a single line string +# with the words separated by "|". +# This is used to prepare arguments to __docker_pos_first_nonflag(). +__docker_to_alternatives() { + local parts=( $1 ) + local IFS='|' + echo "${parts[*]}" +} + +# Transforms a multiline list of options into an extglob pattern +# suitable for use in case statements. +__docker_to_extglob() { + local extglob=$( __docker_to_alternatives "$1" ) + echo "@($extglob)" +} + __docker_resolve_hostname() { command -v host >/dev/null 2>&1 || return COMPREPLY=( $(host 2>/dev/null "${cur%:}" | awk '/has address/ {print $4}') ) @@ -154,15 +170,47 @@ __docker_capabilities() { } _docker_docker() { + local boolean_options=" + --api-enable-cors + --daemon -d + --debug -D + --help -h + --icc + --ip-forward + --ip-masq + --iptables + --ipv6 + --selinux-enabled + --tls + --tlsverify + --version -v + " + case "$prev" in - -H) + --graph|-g) + _filedir -d + return + ;; + --log-level|-l) + COMPREPLY=( $( compgen -W "debug info warn error fatal" -- "$cur" ) ) + return + ;; + --pidfile|-p|--tlscacert|--tlscert|--tlskey) + _filedir + return + ;; + --storage-driver|-s) + COMPREPLY=( $( compgen -W "aufs devicemapper btrfs overlay" -- "$(echo $cur | tr '[:upper:]' '[:lower:]')" ) ) + return + ;; + $main_options_with_args_glob ) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "-H" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$boolean_options $main_options_with_args" -- "$cur" ) ) ;; *) COMPREPLY=( $( compgen -W "${commands[*]} help" -- "$cur" ) ) @@ -561,6 +609,8 @@ _docker_run() { --sig-proxy " + local options_with_args_glob=$(__docker_to_extglob "$options_with_args") + case "$prev" in --add-host) case "$cur" in @@ -677,7 +727,7 @@ _docker_run() { __docker_containers_all return ;; - --cpuset|--cpu-shares|-c|--dns|--dns-search|--entrypoint|--expose|--hostname|-h|--lxc-conf|--mac-address|--memory|-m|--name|-n|--publish|-p|--user|-u|--workdir|-w) + $options_with_args_glob ) return ;; esac @@ -687,7 +737,7 @@ _docker_run() { COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) ) ;; *) - local counter=$( __docker_pos_first_nonflag $( echo $options_with_args | tr -d "\n" | tr " " "|" ) ) + local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) ) if [ $cword -eq $counter ]; then __docker_image_repos_and_tags_and_ids @@ -801,6 +851,9 @@ _docker_wait() { } _docker() { + local previous_extglob_setting=$(shopt -p extglob) + shopt -s extglob + local commands=( attach build @@ -841,6 +894,33 @@ _docker() { wait ) + local main_options_with_args=" + --bip + --bridge -b + --dns + --dns-search + --exec-driver -e + --fixed-cidr + --fixed-cidr-v6 + --graph -g + --group -G + --host -H + --insecure-registry + --ip + --label + --log-level -l + --mtu + --pidfile -p + --registry-mirror + --storage-driver -s + --storage-opt + --tlscacert + --tlscert + --tlskey + " + + local main_options_with_args_glob=$(__docker_to_extglob "$main_options_with_args") + COMPREPLY=() local cur prev words cword _get_comp_words_by_ref -n : cur prev words cword @@ -849,7 +929,7 @@ _docker() { local counter=1 while [ $counter -lt $cword ]; do case "${words[$counter]}" in - -H) + $main_options_with_args_glob ) (( counter++ )) ;; -*) @@ -867,6 +947,7 @@ _docker() { local completions_func=_docker_${command} declare -F $completions_func >/dev/null && $completions_func + eval "$previous_extglob_setting" return 0 } From e6158378b56ecf618400ad9afb48f3301633cbc9 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Mon, 26 Jan 2015 11:01:40 -0800 Subject: [PATCH 0450/2538] Add completion for stats. Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) --- contrib/completion/bash/docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4891194bd8..1d553941bc 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -789,6 +789,10 @@ _docker_start() { esac } +_docker_stats() { + __docker_containers_running +} + _docker_stop() { case "$prev" in --time|-t) @@ -886,6 +890,7 @@ _docker() { save search start + stats stop tag top From dc7a9b9c0e77d4f38443b303d64aad21a0053cfe Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Wed, 28 Jan 2015 08:52:06 -0800 Subject: [PATCH 0451/2538] Update fish completion for 1.5.0 Signed-off-by: Arnaud Porterie --- contrib/completion/fish/docker.fish | 94 +++++++++++++++++++++++------ 1 file changed, 76 insertions(+), 18 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 41c4a33008..fe92ecc56f 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -51,23 +51,28 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force Docker to use specific DNS servers' complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-search -d 'Force Docker to use specific DNS search domains' complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the Docker runtime to use a specific exec driver' -complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr -d 'IPv4 subnet for fixed IPs (ex: 10.20.0.0/16)' +complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr -d 'IPv4 subnet for fixed IPs (e.g. 10.20.0.0/16)' +complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr-v6 -d 'IPv6 subnet for fixed IPs (e.g.: 2001:a02b/48)' complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d 'Group to assign the unix socket specified by -H when running in daemon mode' complete -c docker -f -n '__fish_docker_no_subcommand' -s g -l graph -d 'Path to use as the root of the Docker runtime' complete -c docker -f -n '__fish_docker_no_subcommand' -s H -l host -d 'The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd.' -complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Enable inter-container communication' +complete -c docker -f -n '__fish_docker_no_subcommand' -s h -l help -d 'Print usage' +complete -c docker -f -n '__fish_docker_no_subcommand' -l icc -d 'Allow unrestricted inter-container and Docker daemon host communication' complete -c docker -f -n '__fish_docker_no_subcommand' -l insecure-registry -d 'Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16)' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip -d 'Default IP address to use when binding container ports' -complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Enable net.ipv4.ip_forward' +complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Enable net.ipv4.ip_forward and IPv6 forwarding if --fixed-cidr-v6 is defined. IPv6 forwarding may interfere with your existing IPv6 configuration when using Router Advertisement.' complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-masq -d "Enable IP masquerading for bridge's IP range" complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Enable Docker's addition of iptables rules" +complete -c docker -f -n '__fish_docker_no_subcommand' -l ipv6 -d 'Enable IPv6 networking' +complete -c docker -f -n '__fish_docker_no_subcommand' -s l -l log-level -d 'Set the logging level (debug, info, warn, error, fatal)' +complete -c docker -f -n '__fish_docker_no_subcommand' -l label -d 'Set key=value labels to the daemon (displayed in `docker info`)' complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU' complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file' complete -c docker -f -n '__fish_docker_no_subcommand' -l registry-mirror -d 'Specify a preferred Docker registry mirror' complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the Docker runtime to use a specific storage driver' complete -c docker -f -n '__fish_docker_no_subcommand' -l selinux-enabled -d 'Enable selinux support. SELinux does not presently support the BTRFS storage driver' complete -c docker -f -n '__fish_docker_no_subcommand' -l storage-opt -d 'Set storage driver options' -complete -c docker -f -n '__fish_docker_no_subcommand' -l tls -d 'Use TLS; implied by tls-verify flags' +complete -c docker -f -n '__fish_docker_no_subcommand' -l tls -d 'Use TLS; implied by --tlsverify flag' complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscacert -d 'Trust only remotes providing a certificate signed by the CA given here' complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscert -d 'Path to TLS certificate file' complete -c docker -f -n '__fish_docker_no_subcommand' -l tlskey -d 'Path to TLS key file' @@ -77,14 +82,18 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -s v -l version -d 'Print # subcommands # attach complete -c docker -f -n '__fish_docker_no_subcommand' -a attach -d 'Attach to a running container' +complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l no-stdin -d 'Do not attach STDIN' -complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxy all received signals to the process (even in non-TTY mode). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.' +complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -l sig-proxy -d 'Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied.' complete -c docker -A -f -n '__fish_seen_subcommand_from attach' -a '(__fish_print_docker_containers running)' -d "Container" # build complete -c docker -f -n '__fish_docker_no_subcommand' -a build -d 'Build an image from a Dockerfile' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s f -l file -d "Name of the Dockerfile(Default is 'Dockerfile' at context root)" complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l force-rm -d 'Always remove intermediate containers, even after unsuccessful builds' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l pull -d 'Always attempt to pull a newer version of the image' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the verbose output generated by the containers' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success' @@ -92,12 +101,14 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d ' # commit complete -c docker -f -n '__fish_docker_no_subcommand' -a commit -d "Create a new image from a container's changes" complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s a -l author -d 'Author (e.g., "John Hannibal Smith ")' +complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s m -l message -d 'Commit message' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s p -l pause -d 'Pause container during commit' complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" # cp complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders from a container's filesystem to the host path" +complete -c docker -A -f -n '__fish_seen_subcommand_from cp' -l help -d 'Print usage' # create complete -c docker -f -n '__fish_docker_no_subcommand' -a create -d 'Create a new container' @@ -108,23 +119,29 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-add -d ' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cap-drop -d 'Drop Linux capabilities' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cidfile -d 'Write the container ID to the file' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns -d 'Set custom DNS servers' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-search -d 'Set custom DNS search domains' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)" complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s e -l env -d 'Set environment variables' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l env-file -d 'Read in a line delimited file of environment variables' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l expose -d 'Expose a port from the container without publishing it to your host' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s h -l hostname -d 'Container host name' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interactive -d 'Keep STDIN open even if not attached' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of name:alias' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of :alias' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l lxc-conf -d '(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: , where unit = b, k, m or g)" complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s p -l publish -d "Publish a container's port to the host" +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l pid -d 'Default is to create a private PID namespace for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l privileged -d 'Give extended privileges to this container' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l read-only -d "Mount the container's root filesystem as read only" complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l security-opt -d 'Security Options' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s t -l tty -d 'Allocate a pseudo-TTY' @@ -136,26 +153,32 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -a '(__fish_pri # diff complete -c docker -f -n '__fish_docker_no_subcommand' -a diff -d "Inspect changes on a container's filesystem" +complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from diff' -a '(__fish_print_docker_containers all)' -d "Container" # events complete -c docker -f -n '__fish_docker_no_subcommand' -a events -d 'Get real time events from the server' +complete -c docker -A -f -n '__fish_seen_subcommand_from events' -s f -l filter -d "Provide filter values (i.e., 'event=stop')" +complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show all events created since timestamp' complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l until -d 'Stream events until this timestamp' # exec -complete -c docker -f -n '__fish_docker_no_subcommand' -a exec -d 'Run a command in an existing container' +complete -c docker -f -n '__fish_docker_no_subcommand' -a exec -d 'Run a command in a running container' complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s d -l detach -d 'Detached mode: run command in the background' +complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s i -l interactive -d 'Keep STDIN open even if not attached' complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -s t -l tty -d 'Allocate a pseudo-TTY' complete -c docker -A -f -n '__fish_seen_subcommand_from exec' -a '(__fish_print_docker_containers running)' -d "Container" # export complete -c docker -f -n '__fish_docker_no_subcommand' -a export -d 'Stream the contents of a container as a tar archive' +complete -c docker -A -f -n '__fish_seen_subcommand_from export' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from export' -a '(__fish_print_docker_containers all)' -d "Container" # history complete -c docker -f -n '__fish_docker_no_subcommand' -a history -d 'Show the history of an image' +complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from history' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from history' -s q -l quiet -d 'Only show numeric IDs' complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_print_docker_images)' -d "Image" @@ -164,34 +187,40 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from history' -a '(__fish_pr complete -c docker -f -n '__fish_docker_no_subcommand' -a images -d 'List images' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s a -l all -d 'Show all images (by default filter out the intermediate image layers)' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s f -l filter -d "Provide filter values (i.e., 'dangling=true')" +complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from images' -s q -l quiet -d 'Only show numeric IDs' complete -c docker -A -f -n '__fish_seen_subcommand_from images' -a '(__fish_print_docker_repositories)' -d "Repository" # import complete -c docker -f -n '__fish_docker_no_subcommand' -a import -d 'Create a new filesystem image from the contents of a tarball' +complete -c docker -A -f -n '__fish_seen_subcommand_from import' -l help -d 'Print usage' # info complete -c docker -f -n '__fish_docker_no_subcommand' -a info -d 'Display system-wide information' # inspect -complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container' +complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container or image' complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -s f -l format -d 'Format the output using the given go template.' +complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_images)' -d "Image" complete -c docker -A -f -n '__fish_seen_subcommand_from inspect' -a '(__fish_print_docker_containers all)' -d "Container" # kill complete -c docker -f -n '__fish_docker_no_subcommand' -a kill -d 'Kill a running container' +complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -s s -l signal -d 'Signal to send to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from kill' -a '(__fish_print_docker_containers running)' -d "Container" # load complete -c docker -f -n '__fish_docker_no_subcommand' -a load -d 'Load an image from a tar archive' +complete -c docker -A -f -n '__fish_seen_subcommand_from load' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from load' -s i -l input -d 'Read from a tar archive file, instead of STDIN' # login complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Register or log in to a Docker registry server' complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'Email' +complete -c docker -A -f -n '__fish_seen_subcommand_from login' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password' complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username' @@ -201,12 +230,14 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -a logout -d 'Log out fro # logs complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the logs of a container' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s f -l follow -d 'Follow log output' +complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s t -l timestamps -d 'Show timestamps' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l tail -d 'Output the specified number of lines at the end of logs (defaults to all logs)' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -a '(__fish_print_docker_containers running)' -d "Container" # port complete -c docker -f -n '__fish_docker_no_subcommand' -a port -d 'Lookup the public-facing port that is NAT-ed to PRIVATE_PORT' +complete -c docker -A -f -n '__fish_seen_subcommand_from port' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from port' -a '(__fish_print_docker_containers running)' -d "Container" # pause @@ -218,32 +249,40 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -a ps -d 'List containers complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s a -l all -d 'Show all containers. Only running containers are shown by default.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l before -d 'Show only container created before Id or Name, include non-running ones.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s f -l filter -d 'Provide filter values. Valid filters:' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s l -l latest -d 'Show only the latest created container, include non-running ones.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s n -d 'Show n last created containers, include non-running ones.' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s q -l quiet -d 'Only display numeric IDs' -complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display sizes' +complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -s s -l size -d 'Display total file sizes' complete -c docker -A -f -n '__fish_seen_subcommand_from ps' -l since -d 'Show only containers created since Id or Name, include non-running ones.' # pull complete -c docker -f -n '__fish_docker_no_subcommand' -a pull -d 'Pull an image or a repository from a Docker registry server' complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -s a -l all-tags -d 'Download all tagged images in the repository' +complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_images)' -d "Image" complete -c docker -A -f -n '__fish_seen_subcommand_from pull' -a '(__fish_print_docker_repositories)' -d "Repository" # push complete -c docker -f -n '__fish_docker_no_subcommand' -a push -d 'Push an image or a repository to a Docker registry server' +complete -c docker -A -f -n '__fish_seen_subcommand_from push' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_images)' -d "Image" complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print_docker_repositories)' -d "Repository" +# rename +complete -c docker -f -n '__fish_docker_no_subcommand' -a rename -d 'Rename an existing container' + # restart complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a running container' +complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.' complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container" # rm complete -c docker -f -n '__fish_docker_no_subcommand' -a rm -d 'Remove one or more containers' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -d 'Force the removal of a running container (uses SIGKILL)' +complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated with the container' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container" @@ -251,6 +290,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_d # rmi complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images' complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -s f -l force -d 'Force removal of the image' +complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -l no-prune -d 'Do not delete untagged parents' complete -c docker -A -f -n '__fish_seen_subcommand_from rmi' -a '(__fish_print_docker_images)' -d "Image" @@ -264,27 +304,33 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cap-drop -d 'Dr complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cidfile -d 'Write the container ID to the file' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: run the container in the background and print the new container ID' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom DNS servers' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-search -d 'Set custom DNS search domains' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l env-file -d 'Read in a line delimited file of environment variables' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port from the container without publishing it to your host' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l expose -d 'Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s h -l hostname -d 'Container host name' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactive -d 'Keep STDIN open even if not attached' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of name:alias' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of :alias' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d '(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: , where unit = b, k, m or g)" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s p -l publish -d "Publish a container's port to the host" +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l pid -d 'Default is to create a private PID namespace for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l privileged -d 'Give extended privileges to this container' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l read-only -d "Mount the container's root filesystem as read only" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l restart -d 'Restart policy to apply when a container exits (no, on-failure[:max-retry], always)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l security-opt -d 'Security Options' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxy received signals to the process (even in non-TTY mode). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-TTY' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)' @@ -294,32 +340,43 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -a '(__fish_print_ # save complete -c docker -f -n '__fish_docker_no_subcommand' -a save -d 'Save an image to a tar archive' -complete -c docker -A -f -n '__fish_seen_subcommand_from save' -s o -l output -d 'Write to a file, instead of STDOUT' +complete -c docker -A -f -n '__fish_seen_subcommand_from save' -l help -d 'Print usage' +complete -c docker -A -f -n '__fish_seen_subcommand_from save' -s o -l output -d 'Write to an file, instead of STDOUT' complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image" # search complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image on the Docker Hub' complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l automated -d 'Only show automated builds' +complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output" complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least x stars' # start complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a stopped container' complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's STDOUT and STDERR and forward all signals to the process" +complete -c docker -A -f -n '__fish_seen_subcommand_from start' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's STDIN" complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_print_docker_containers stopped)' -d "Container" +# stats +complete -c docker -f -n '__fish_docker_no_subcommand' -a stats -d "Display a live stream of one or more containers' resource usage statistics" +complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l help -d 'Print usage' +complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -a '(__fish_print_docker_containers running)' -d "Container" + # stop complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a running container' +complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.' complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container" # tag complete -c docker -f -n '__fish_docker_no_subcommand' -a tag -d 'Tag an image into a repository' complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -s f -l force -d 'Force' +complete -c docker -A -f -n '__fish_seen_subcommand_from tag' -l help -d 'Print usage' # top complete -c docker -f -n '__fish_docker_no_subcommand' -a top -d 'Lookup the running processes of a container' +complete -c docker -A -f -n '__fish_seen_subcommand_from top' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from top' -a '(__fish_print_docker_containers running)' -d "Container" # unpause @@ -331,6 +388,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the D # wait complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code' +complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -a '(__fish_print_docker_containers running)' -d "Container" From 37fd964edbcfe3d531ed2f2406e5b2bc59df5ac1 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 26 Jan 2015 05:29:49 -0800 Subject: [PATCH 0452/2538] Fix docs so WORKDIR mentions it works for COPY and ADD too The docs around COPY/ADD already mentioned that it will do a relative copy/add based on WORKDIR, so that part is already ok. Just needed to tweak the WORKDIR section since w/o mentioning COPY/ADD it can be misleading. Noticed by @phemmer Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 43e88c766d..3931bb28a5 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -801,8 +801,8 @@ and for any `RUN`, `CMD` and `ENTRYPOINT` instructions that follow it in the WORKDIR /path/to/workdir -The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD` and -`ENTRYPOINT` instructions that follow it in the `Dockerfile`. +The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD`, +`ENTRYPOINT`, `COPY` and `ADD` instructions that follow it in the `Dockerfile`. It can be used multiple times in the one `Dockerfile`. If a relative path is provided, it will be relative to the path of the previous `WORKDIR` From 2627488a274f5e63696af66bd370e80e4c5b8aac Mon Sep 17 00:00:00 2001 From: Chen Hanxiao Date: Mon, 2 Feb 2015 22:39:03 +0800 Subject: [PATCH 0453/2538] docs: change events --since to fit RFC3339Nano PR6931 changed time format to RFC3339Nano. But the example in cli.md does not changed. Signed-off-by: Chen Hanxiao --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 3cfb1854d7..d6b3824a86 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -926,7 +926,7 @@ You'll need two shells for this example. 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop - $ sudo docker events --since '2013-09-03 15:49:29 +0200 CEST' + $ sudo docker events --since '2013-09-03T15:49:29' 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die From c995dee4c1cec03da1da84daca22e8820c9ab2b9 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 4 Feb 2015 12:12:46 +1000 Subject: [PATCH 0454/2538] Spelling mistake in dockerlinks Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d6b3824a86..73e6f5e789 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -139,7 +139,7 @@ for un-encrypted, and port `2376` for encrypted communication with the daemon. > for security reasons. On Systemd based systems, you can communicate with the daemon via -[systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use +[Systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use `docker -d -H fd://`. Using `fd://` will work perfectly for most setups but you can also specify individual sockets: `docker -d -H fd://3`. If the specified socket activated files aren't found, then Docker will exit. You From 130c0bf0948e2a0b812421edd9f48bacbcab494d Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Tue, 3 Feb 2015 19:51:35 -0800 Subject: [PATCH 0455/2538] Pretty the help text This modifies the "docker help" text so that it is no wider than 80 chars and each description fits on one line. This will also try to use ~ when possible Added a test to make sure we don't go over 80 chars again. Added a test to make sure we use ~ Applied rules/tests to all docker commands - not just main help text Closes #10214 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 145 ++++++++++------------ docs/sources/reference/run.md | 2 +- 2 files changed, 70 insertions(+), 77 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 73e6f5e789..17b378ecfb 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -70,42 +70,38 @@ expect an integer, and they can only be specified once. Options: --api-enable-cors=false Enable CORS headers in the remote API - -b, --bridge="" Attach containers to a pre-existing network bridge - use 'none' to disable container networking - --bip="" Use this CIDR notation address for the network bridge's IP, not compatible with -b + -b, --bridge="" Attach containers to a network bridge + --bip="" Specify network bridge IP -D, --debug=false Enable debug mode -d, --daemon=false Enable daemon mode - --dns=[] Force Docker to use specific DNS servers - --dns-search=[] Force Docker to use specific DNS search domains - -e, --exec-driver="native" Force the Docker runtime to use a specific exec driver - --fixed-cidr="" IPv4 subnet for fixed IPs (e.g.: 10.20.0.0/16) - this subnet must be nested in the bridge subnet (which is defined by -b or --bip) - --fixed-cidr-v6="" IPv6 subnet for global IPs (e.g.: 2a00:1450::/64) - -G, --group="docker" Group to assign the unix socket specified by -H when running in daemon mode - use '' (the empty string) to disable setting of a group - -g, --graph="/var/lib/docker" Path to use as the root of the Docker runtime - -H, --host=[] The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. - --icc=true Allow unrestricted inter-container and Docker daemon host communication - --insecure-registry=[] Enable insecure communication with specified registries (disables certificate verification for HTTPS and enables HTTP fallback) (e.g., localhost:5000 or 10.20.0.0/16) - --ip=0.0.0.0 Default IP address to use when binding container ports - --ip-forward=true Enable net.ipv4.ip_forward and IPv6 forwarding if --fixed-cidr-v6 is defined. IPv6 forwarding may interfere with your existing IPv6 configuration when using Router Advertisement. - --ip-masq=true Enable IP masquerading for bridge's IP range - --iptables=true Enable Docker's addition of iptables rules - --ipv6=false Enable Docker IPv6 support - -l, --log-level="info" Set the logging level (debug, info, warn, error, fatal) - --label=[] Set key=value labels to the daemon (displayed in `docker info`) + --dns=[] DNS server to use + --dns-search=[] DNS search domains to use + -e, --exec-driver="native" Exec driver to use + --fixed-cidr="" IPv4 subnet for fixed IPs + --fixed-cidr-v6="" IPv6 subnet for fixed IPs + -G, --group="docker" Group for the unix socket + -g, --graph="/var/lib/docker" Root of the Docker runtime + -H, --host=[] Daemon socket(s) to use or connect to + --icc=true Enable inter-container communication + --insecure-registry=[] Enable insecure registry communication + --ip=0.0.0.0 Default IP when binding container ports + --ip-forward=true Enable net.ipv4.ip_forward + --ip-masq=true Enable IP masquerading + --iptables=true Enable addition of iptables rules + --ipv6=false Enable IPv6 networking + -l, --log-level="info" Set the logging level + --label=[] Set key=value labels to the daemon --mtu=0 Set the containers network MTU - if no value is provided: default to the default route MTU or 1500 if no default route is available -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file - --registry-mirror=[] Specify a preferred Docker registry mirror - -s, --storage-driver="" Force the Docker runtime to use a specific storage driver - --selinux-enabled=false Enable selinux support. SELinux does not presently support the BTRFS storage driver + --registry-mirror=[] Preferred Docker registry mirror + -s, --storage-driver="" Storage driver to use + --selinux-enabled=false Enable selinux support --storage-opt=[] Set storage driver options --tls=false Use TLS; implied by --tlsverify flag - --tlscacert="/home/sven/.docker/ca.pem" Trust only remotes providing a certificate signed by the CA given here + --tlscacert="/home/sven/.docker/ca.pem" Trust certs signed only by this CA --tlscert="/home/sven/.docker/cert.pem" Path to TLS certificate file --tlskey="/home/sven/.docker/key.pem" Path to TLS key file - --tlsverify=false Use TLS and verify the remote (daemon: verify client, client: verify daemon) + --tlsverify=false Use TLS and verify the remote -v, --version=false Print version information and quit Options with [] may be specified multiple times. @@ -428,7 +424,7 @@ Docker supports softlinks for the Docker data directory Attach to a running container --no-stdin=false Do not attach STDIN - --sig-proxy=true Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. + --sig-proxy=true Proxy all received signals to the process The `attach` command lets you view or interact with any running container's primary process (`pid 1`). @@ -489,12 +485,13 @@ To kill the container, use `docker kill`. Build a new image from the source code at PATH - --force-rm=false Always remove intermediate containers, even after unsuccessful builds + -f, --file="" Name of the Dockerfile(Default is 'Dockerfile') + --force-rm=false Always remove intermediate containers --no-cache=false Do not use cache when building the image --pull=false Always attempt to pull a newer version of the image -q, --quiet=false Suppress the verbose output generated by the containers --rm=true Remove intermediate containers after a successful build - -t, --tag="" Repository name (and optionally a tag) to be applied to the resulting image in case of success + -t, --tag="" Repository name (and optionally a tag) for the image Use this command to build Docker images from a Dockerfile and a "context". @@ -734,41 +731,31 @@ Creates a new container. --cap-drop=[] Drop Linux capabilities --cidfile="" Write the container ID to the file --cpuset="" CPUs in which to allow execution (0-3, 0,1) - --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) + --device=[] Add a host device to the container --dns=[] Set custom DNS servers - --dns-search=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) + --dns-search=[] Set custom DNS search domains -e, --env=[] Set environment variables --entrypoint="" Overwrite the default ENTRYPOINT of the image - --env-file=[] Read in a line delimited file of environment variables - --expose=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host + --env-file=[] Read in a file of environment variables + --expose=[] Expose a port or a range of ports -h, --hostname="" Container host name -i, --interactive=false Keep STDIN open even if not attached - --ipc="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container - 'container:': reuses another container shared memory, semaphores and message queues - 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. - --link=[] Add link to another container in the form of :alias - --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -m, --memory="" Memory limit (format: , where unit = b, k, m or g) + --ipc="" IPC namespace to use + --link=[] Add link to another container + --lxc-conf=[] Add custom lxc options + -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --name="" Assign a name to the container --net="bridge" Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - -P, --publish-all=false Publish all exposed ports to random ports on the host interfaces - -p, --publish=[] Publish a container's port, or a range of ports (e.g., `-p 3300-3310`), to the host - format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort - Both hostPort and containerPort can be specified as a range of ports. - When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) - (use 'docker port' to see the actual mapping) + -P, --publish-all=false Publish all exposed ports to random ports + -p, --publish=[] Publish a container's port(s) to the host --privileged=false Give extended privileges to this container - --read-only=false Mount the container's root filesystem as read only - --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + --read-only=false Mount the container's root filesystem as read only + --restart="" Restart policy to apply when a container exits --security-opt=[] Security Options -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID - -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) + -v, --volume=[] Bind mount a volume --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container @@ -1043,7 +1030,7 @@ To see how the `docker:latest` image was built: List images - -a, --all=false Show all images (by default filter out the intermediate image layers) + -a, --all=false Show all images (default hides intermediate images) -f, --filter=[] Provide filter values (i.e., 'dangling=true') --no-trunc=false Don't truncate output -q, --quiet=false Only show numeric IDs @@ -1136,7 +1123,9 @@ NOTE: Docker will warn you if any containers exist that are using these untagged Usage: docker import URL|- [REPOSITORY[:TAG]] - Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + Create an empty filesystem image and import the contents of the + tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then + optionally tag it. URLs must start with `http` and point to a single file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a root filesystem. If @@ -1305,7 +1294,8 @@ Restores both images and tags. Usage: docker login [OPTIONS] [SERVER] - Register or log in to a Docker registry server, if no server is specified "https://index.docker.io/v1/" is the default. + Register or log in to a Docker registry server, if no server is + specified "https://index.docker.io/v1/" is the default. -e, --email="" Email -p, --password="" Password @@ -1321,7 +1311,8 @@ adding the server name. Usage: docker logout [SERVER] - Log out from a Docker registry, if no server is specified "https://index.docker.io/v1/" is the default. + Log out from a Docker registry, if no server is + specified "https://index.docker.io/v1/" is the default. For example: @@ -1335,7 +1326,7 @@ For example: -f, --follow=false Follow log output -t, --timestamps=false Show timestamps - --tail="all" Output the specified number of lines at the end of logs (defaults to all logs) + --tail="all" Number of lines to show from the end of the logs The `docker logs` command batch-retrieves logs present at the time of execution. @@ -1370,7 +1361,8 @@ for further details. Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]] - List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT + List port mappings for the CONTAINER, or lookup the public-facing port that is + NAT-ed to the PRIVATE_PORT You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or just a specific mapping: @@ -1418,17 +1410,17 @@ The `docker rename` command allows the container to be renamed to a different na List containers - -a, --all=false Show all containers. Only running containers are shown by default. - --before="" Show only container created before Id or Name, include non-running ones. + -a, --all=false Show all containers (default shows just running) + --before="" Show only container created before Id or Name. -f, --filter=[] Provide filter values. Valid filters: exited= - containers with exit code of status=(restarting|running|paused|exited) - -l, --latest=false Show only the latest created container, include non-running ones. - -n=-1 Show n last created containers, include non-running ones. + -l, --latest=false Show the latest created container, include non-running. + -n=-1 Show n last created containers, include non-running . --no-trunc=false Don't truncate output -q, --quiet=false Only display numeric IDs -s, --size=false Display total file sizes - --since="" Show only containers created since Id or Name, include non-running ones. + --since="" Show created since Id or Name, include non-running. Running `docker ps` showing 2 linked containers. @@ -1510,7 +1502,7 @@ registry or to a self-hosted one. Restart a running container - -t, --time=10 Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds. + -t, --time=10 Seconds to wait for stop before killing the container. ## rm @@ -1519,7 +1511,7 @@ registry or to a self-hosted one. Remove one or more containers -f, --force=false Force the removal of a running container (uses SIGKILL) - -l, --link=false Remove the specified link and not the underlying container + -l, --link=false Remove the specified link -v, --volumes=false Remove the volumes associated with the container #### Examples @@ -1597,7 +1589,7 @@ removed before the image is removed. --cap-drop=[] Drop Linux capabilities --cidfile="" Write the container ID to the file --cpuset="" CPUs in which to allow execution (0-3, 0,1) - -d, --detach=false Detached mode: run the container in the background and print the new container ID + -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) --dns=[] Set custom DNS servers --dns-search=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) @@ -1611,9 +1603,9 @@ removed before the image is removed. 'container:': reuses another container shared memory, semaphores and message queues 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. --link=[] Add link to another container in the form of name:alias - --lxc-conf=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" - -m, --memory="" Memory limit (format: , where unit = b, k, m or g) - -memory-swap="" Total memory usage (memory + swap), set '-1' to disable swap (format: , where unit = b, k, m or g) + --lxc-conf=[] Add custom lxc options + -m, --memory="" Memory limit + -memory-swap="" Total memory (memory+swap), '-1' to disable swap --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --name="" Assign a name to the container --net="bridge" Set the Network mode for the container @@ -1631,9 +1623,9 @@ removed before the image is removed. --privileged=false Give extended privileges to this container --read-only=false Mount the container's root filesystem as read only --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) - --rm=false Automatically remove the container when it exits (incompatible with -d) + --rm=false Automatically remove the container when it exits --security-opt=[] Security Options - --sig-proxy=true Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. + --sig-proxy=true Proxy received signals to the process -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) @@ -2001,7 +1993,7 @@ more details on finding shared images from the command line. Restart a stopped container - -a, --attach=false Attach container's STDOUT and STDERR and forward all signals to the process + -a, --attach=false Attach STDOUT/STDERR and forward signals -i, --interactive=false Attach container's STDIN ## stats @@ -2030,9 +2022,10 @@ containers. Stopped containers will not return any data. Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a running container by sending SIGTERM and then SIGKILL after a grace period + Stop a running container by sending SIGTERM and then SIGKILL after a + grace period - -t, --time=10 Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. + -t, --time=10 Seconds to wait for stop before killing it. The main process inside the container will receive `SIGTERM`, and after a grace period, `SIGKILL`. diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index ca7480beb8..253c83a512 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -341,7 +341,7 @@ milliseconds. --cap-drop: Drop Linux capabilities --privileged=false: Give extended privileges to this container --device=[]: Allows you to run devices inside the container without the --privileged flag. - --lxc-conf=[]: (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + --lxc-conf=[]: Add custom lxc options By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because From 89e02d9d882550d92b87c2957ba048589500fd2b Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 2 Feb 2015 22:48:12 +1000 Subject: [PATCH 0456/2538] Docker attach documentation didn't make sense to me Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 62 ++++++++++++++++------- 1 file changed, 43 insertions(+), 19 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 17b378ecfb..c1c2f30cbb 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -426,29 +426,24 @@ Docker supports softlinks for the Docker data directory --no-stdin=false Do not attach STDIN --sig-proxy=true Proxy all received signals to the process -The `attach` command lets you view or interact with any running container's -primary process (`pid 1`). +The `docker attach` command allows you to attach to a running container using +the container's ID or name, either to view its ongoing output or to control it +interactively. You can attach to the same contained process multiple times +simultaneously, screen sharing style, or quickly view the progress of your +daemonized process. -You can attach to the same contained process multiple times simultaneously, screen -sharing style, or quickly view the progress of your daemonized process. +You can detach from the container (and leave it running) with `CTRL-p CTRL-q` +(for a quiet exit) or `CTRL-c` which will send a `SIGKILL` to the container. +When you are attached to a container, and exit its main process, the process's +exit code will be returned to the client. -> **Note:** This command is not for running a new process in a container. -> See: [`docker exec`](#exec). - -You can detach from the container again (and leave it running) with -`CTRL-p CTRL-q` (for a quiet exit), or `CTRL-c` which will send a -SIGKILL to the container, or `CTRL-\` to get a stacktrace of the -Docker client when it quits. When you detach from the container's -process the exit code will be returned to the client. - -To stop a container, use `docker stop`. - -To kill the container, use `docker kill`. +It is forbidden to redirect the standard input of a `docker attach` command while +attaching to a tty-enabled container (i.e.: launched with `-t`). #### Examples - $ ID=$(sudo docker run -d ubuntu /usr/bin/top -b) - $ sudo docker attach $ID + $ sudo docker run -d --name topdemo ubuntu /usr/bin/top -b) + $ sudo docker attach topdemo top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st @@ -477,7 +472,23 @@ To kill the container, use `docker kill`. PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top ^C$ - $ sudo docker stop $ID + $ echo $? + 0 + $ docker ps -a | grep topdemo + 7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo + +And in this second example, you can see the exit code returned by the `bash` process +is returned by the `docker attach` command to its caller too: + + $ sudo docker run --name test -d -it debian + 275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab + $ sudo docker attach test + $$ exit 13 + exit + $ echo $? + 13 + $ sudo docker ps -a | grep test + 275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test ## build @@ -1651,6 +1662,19 @@ and linking containers. #### Examples + $ sudo docker run --name test -it debian + $$ exit 13 + exit + $ echo $? + 13 + $ sudo docker ps -a | grep test + 275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test + +In this example, we are running `bash` interactively in the `debian:latest` image, and giving +the container the name `test`. We then quit `bash` by running `exit 13`, which means `bash` +will have an exit code of `13`. This is then passed on to the caller of `docker run`, and +is recorded in the `test` container metadata. + $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" This will create a container and print `test` to the console. The `cidfile` From aa33ee11d0b6743b118fe6e360931b78e1bcc9a0 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 5 Feb 2015 10:57:33 +1000 Subject: [PATCH 0457/2538] Fix a small spelling error in the dm.blkdiscard docs Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c1c2f30cbb..c753dbf1e2 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -325,7 +325,7 @@ Currently supported options are: Enables or disables the use of blkdiscard when removing devicemapper devices. This is enabled by default (only) if using loopback devices and is - required to res-parsify the loopback file on image/container removal. + required to resparsify the loopback file on image/container removal. Disabling this on loopback can lead to *much* faster container removal times, but will make the space used in `/var/lib/docker` directory not be From 063a4f574a6b7e3940a2794420ec5cb9e452aa47 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 2 Feb 2015 21:16:18 +0100 Subject: [PATCH 0458/2538] Bash completion for docker kill Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1d553941bc..ee895a0c10 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -169,6 +169,23 @@ __docker_capabilities() { " -- "$cur" ) ) } +# a selection of the available signals that is most likely of interest in the +# context of docker containers. +__docker_signals() { + local signals=( + SIGCONT + SIGHUP + SIGINT + SIGKILL + SIGQUIT + SIGSTOP + SIGTERM + SIGUSR1 + SIGUSR2 + ) + COMPREPLY=( $( compgen -W "${signals[*]} ${signals[*]#SIG}" -- "$( echo $cur | tr '[:lower:]' '[:upper:]')" ) ) +} + _docker_docker() { local boolean_options=" --api-enable-cors @@ -417,7 +434,21 @@ _docker_inspect() { } _docker_kill() { - __docker_containers_running + case "$prev" in + --signal|-s) + __docker_signals + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--signal -s" -- "$cur" ) ) + ;; + *) + __docker_containers_running + ;; + esac } _docker_load() { From e52b4ad35cbd3a47dd7d47e59ed7f232a94f9645 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 5 Feb 2015 10:12:05 +1000 Subject: [PATCH 0459/2538] For now, docker stats appears to be libcontainer only Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c753dbf1e2..c572b32315 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2028,6 +2028,8 @@ more details on finding shared images from the command line. --help=false Print usage +> **Note**: this functionality currently only works when using the *libcontainer* exec-driver. + Running `docker stats` on multiple containers $ sudo docker stats redis1 redis2 From c03b0700a4769e555ee2d1b5aeadb0228bac53a3 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Thu, 5 Feb 2015 09:12:56 +0800 Subject: [PATCH 0460/2538] update docs for memory and memoryswap Signed-off-by: Qiang Huang --- docs/sources/reference/run.md | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 253c83a512..8faf9ad77c 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -310,13 +310,26 @@ The operator can also adjust the performance parameters of the container: -m="": Memory limit (format: , where unit = b, k, m or g) + -memory-swap="": Total memory limit (memory + swap, format: , where unit = b, k, m or g) -c=0 : CPU shares (relative weight) -The operator can constrain the memory available to a container easily -with `docker run -m`. If the host supports swap memory, then the `-m` -memory setting can be larger than physical RAM. +We have four ways to set memory usage: + - memory=inf, memory-swap=inf (not specify any of them) + There is no memory limit, you can use as much as you want. -Similarly the operator can increase the priority of this container with + - memory=L Date: Fri, 6 Feb 2015 13:45:10 +1100 Subject: [PATCH 0461/2538] Format `awsconfig` sample config correctly Reflow change in commit 195f3a3f removed newlines in the config format. This change reverts the sample config to the original formatting, which matches the actual config format of a `awsconfig` file. Signed-off-by: Katie McLaughlin --- docs/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/README.md b/docs/README.md index 4121fe7235..3b471555cd 100755 --- a/docs/README.md +++ b/docs/README.md @@ -89,8 +89,10 @@ you need to access the AWS bucket you'll be deploying to. The release script will create an s3 if needed, and will then push the files to it. - [profile dowideit-docs] aws_access_key_id = IHOIUAHSIDH234rwf.... - aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... region = ap-southeast-2 + [profile dowideit-docs] + aws_access_key_id = IHOIUAHSIDH234rwf.... + aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... + region = ap-southeast-2 The `profile` name must be the same as the name of the bucket you are deploying to - which you call from the `docker` directory: From 74279772e58d5bcd553e77c3d17a1440e34a3ef0 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Thu, 15 Jan 2015 11:06:35 -0800 Subject: [PATCH 0462/2538] Fix example about ps and linked containers Signed-off-by: Alexander Morozov --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c572b32315..f7d0f5895e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1433,12 +1433,12 @@ The `docker rename` command allows the container to be renamed to a different na -s, --size=false Display total file sizes --since="" Show created since Id or Name, include non-running. -Running `docker ps` showing 2 linked containers. +Running `docker ps --no-trunc` showing 2 linked containers. $ sudo docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + f7ee772232194fcc088c6bdec6ea09f7b3f6c54d53934658164b8602d7cd4744 ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp + d0963715a061c7c7b7cc80b2646da913a959fbf13e80a971d4a60f6997a2f595 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db `docker ps` will show only running containers by default. To see all containers: `docker ps -a` From 95fe3a1a937a1452b24dc8e94d6389d3dcdaf087 Mon Sep 17 00:00:00 2001 From: "Michael A. Smith" Date: Thu, 22 Jan 2015 10:09:50 -0500 Subject: [PATCH 0463/2538] Distinguish ENV from setting environment inline It's ambiguous to say that `ENV` is _functionally equivalent to prefixing the command with `=`_. `ENV` sets the environment for all future commands, but `RUN` can take chained commands like `RUN foo=bar bash -c 'echo $foo' && bash -c 'echo $foo $bar'`. Users with a solid understanding of `exec` may grok this without confusion, but less experienced users may need this distinction. Signed-off-by: Michael A. Smith Improve Environment Handling Descriptions - Link `ENV` and `Environment Replacement` - Improve side-effects of `ENV` text - Rearrange avoiding side effects text Signed-off-by: Michael A. Smith --- docs/sources/reference/builder.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 3931bb28a5..d0c928188d 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -113,7 +113,7 @@ was no formal definition on as to which instructions handled environment replacement at the time. After 1.3 this behavior will be preserved and canonical. -Environment variables (declared with the `ENV` statement) can also be used in +Environment variables (declared with [the `ENV` statement](#env)) can also be used in certain instructions as variables to be interpreted by the `Dockerfile`. Escapes are also handled for including variable-like syntax into a statement literally. @@ -349,9 +349,8 @@ accessible from the host by default. To expose ports to the host, at runtime, ENV = ... The `ENV` instruction sets the environment variable `` to the value -``. This value will be passed to all future -`RUN`, `ENTRYPOINT`, and `CMD` instructions. This is -functionally equivalent to prefixing the command with `=` +``. This value will be in the environment of all "descendent" `Dockerfile` +commands and can be [replaced inline](#environment-replacement) in many as well. The `ENV` instruction has two forms. The first form, `ENV `, will set a single variable to a value. The entire string after the first @@ -382,9 +381,10 @@ from the resulting image. You can view the values using `docker inspect`, and change them using `docker run --env =`. > **Note**: -> One example where this can cause unexpected consequences, is setting -> `ENV DEBIAN_FRONTEND noninteractive`. Which will persist when the container -> is run interactively; for example: `docker run -t -i image bash` +> Environment persistence can cause unexpected effects. For example, +> setting `ENV DEBIAN_FRONTEND noninteractive` may confuse apt-get +> users on a Debian-based image. To set a value for a single command, use +> `RUN = `. ## ADD From 2202790fcd4fd0d37c835408cd4e7d1e81736ce5 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 4 Feb 2015 13:36:52 +1000 Subject: [PATCH 0464/2538] Documentation on boolean flags is wrong #10517 Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f7d0f5895e..1d784d72e1 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -32,19 +32,24 @@ To list the help on any command just execute the command, followed by the `--hel ## Option types -Single character commandline options can be combined, so rather than +Single character command line options can be combined, so rather than typing `docker run -t -i --name test busybox sh`, you can write `docker run -ti --name test busybox sh`. ### Boolean -Boolean options look like `-d=false`. The value you -see is the default value which gets set if you do **not** use the -boolean flag. If you do call `run -d`, that sets the -opposite boolean value, so in this case, `true`, and -so `docker run -d` **will** run in "detached" mode, -in the background. Other boolean options are similar – specifying them -will set the value to the opposite of the default value. +Boolean options take the form `-d=false`. The value you see in the help text is the +default value which is set if you do **not** specify that flag. If you specify +a Boolean flag without a value, this will set the flag to `true`, irrespective +of the default value. + +For example, running `docker run -d` will set the value to `true`, so +your container **will** run in "detached" mode, in the background. + +Options which default to `true` (e.g., `docker build --rm=true`) can only +be set to the non-default value by explicitly setting them to `false`: + + $ docker build --rm=false . ### Multi From 01187a4030233ab9fb36c95bb34fac5704db7a1f Mon Sep 17 00:00:00 2001 From: Coenraad Loubser Date: Wed, 21 Jan 2015 17:24:19 -0500 Subject: [PATCH 0465/2538] Update docker.fish Docker-DCO-1.1-Signed-off-by: Jessie Frazelle (github: jfrazelle) Signed-off-by: Coenraad Loubser --- contrib/completion/fish/docker.fish | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index fe92ecc56f..b7bd914177 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -345,7 +345,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from save' -s o -l output -d complete -c docker -A -f -n '__fish_seen_subcommand_from save' -a '(__fish_print_docker_images)' -d "Image" # search -complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image on the Docker Hub' +complete -c docker -f -n '__fish_docker_no_subcommand' -a search -d 'Search for an image on the registry (defaults to the Docker Hub)' complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l automated -d 'Only show automated builds' complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d "Don't truncate output" From 8c6610787a6df4eff52045dbb1919c286a0262ce Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Thu, 12 Feb 2015 11:40:56 -0800 Subject: [PATCH 0466/2538] Update docs for HTTP_PROXY Signed-off-by: Arnaud Porterie --- docs/sources/reference/commandline/cli.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1d784d72e1..4b257ae776 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -173,11 +173,7 @@ string is equivalent to setting the `--tlsverify` flag. The following are equiva The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes -precedence over `HTTP_PROXY`. If you happen to have a proxy configured with the -`HTTP_PROXY` or `HTTPS_PROXY` environment variables but still want to -communicate with the Docker daemon over its default `unix` domain socket, -setting the `NO_PROXY` environment variable to the path of the socket -(`/var/run/docker.sock`) is required. +precedence over `HTTP_PROXY`. ### Daemon storage-driver option From e2ac0fc91790287ef54090bdb3a9b353b3fe03c2 Mon Sep 17 00:00:00 2001 From: Peter Salvatore Date: Thu, 12 Feb 2015 16:50:39 -0500 Subject: [PATCH 0467/2538] Clean up explanation of doc branches. Signed-off-by: Peter Salvatore --- docs/README.md | 39 +++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/docs/README.md b/docs/README.md index 3b471555cd..8e49af7aa2 100755 --- a/docs/README.md +++ b/docs/README.md @@ -3,11 +3,10 @@ The source for Docker documentation is here under `sources/` and uses extended Markdown, as implemented by [MkDocs](http://mkdocs.org). -The HTML files are built and hosted on `https://docs.docker.com`, and update -automatically after each change to the master or release branch of [Docker on -GitHub](https://github.com/docker/docker) thanks to post-commit hooks. The -`docs` branch maps to the "latest" documentation and the `master` (unreleased -development) branch maps to the "master" documentation. +The HTML files are built and hosted on +[http://docs.docker.com](http://docs.docker.com), and update automatically +after each change to the `docs` branch of [Docker on +GitHub](https://github.com/docker/docker) thanks to post-commit hooks. ## Contributing @@ -61,25 +60,21 @@ work!](../CONTRIBUTING.md#sign-your-work) ## Branches +| Branch | Description | URL (published via commit-hook) | +|----------|--------------------------------|------------------------------------------------------------------------------| +| `docs` | Official release documentation | [http://docs.docker.com](http://docs.docker.com) | +| `master` | Unreleased development work | [http://docs.master.dockerproject.com](http://docs.master.dockerproject.com) | + **There are two branches related to editing docs**: `master` and `docs`. You -should always edit the documentation on a local branch of the `master` -branch, and send a PR against `master`. +should always edit the documentation on a local branch of the `master` branch, +and send a PR against `master`. That way your fixes will automatically get +included in later releases, and docs maintainers can easily cherry-pick your +changes into the `docs` release branch. In the rare case where your change is +not forward-compatible, you may need to base your changes on the `docs` branch. -That way your fixes will automatically get included in later releases, and docs -maintainers can easily cherry-pick your changes into the `docs` release branch. -In the rare case where your change is not forward-compatible, you may need to -base your changes on the `docs` branch. - -Also, now that we have a `docs` branch, we can keep the -[http://docs.docker.com](http://docs.docker.com) docs up to date with any bugs -found between Docker code releases. - -> **Warning**: When *reading* the docs, the -> [http://docs-stage.docker.com](http://docs-stage.docker.com) documentation may -> include features not yet part of any official Docker release. The `beta-docs` -> site should be used only for understanding bleeding-edge development and -> `docs.docker.com` (which points to the `docs` branch`) should be used for the -> latest official release. +Also, since there is a separate `docs` branch, we can keep +[http://docs.docker.com](http://docs.docker.com) up to date with any bugs found +between Docker code releases. ## Publishing Documentation From 3820b31267909d4fca62c9f42ad7d47a3c9f57d9 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 16 Feb 2015 08:43:09 -0800 Subject: [PATCH 0468/2538] Use newer help out for 'docker' and 'docker run' Closes #10828 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 146 ++++++++++------------ 1 file changed, 69 insertions(+), 77 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4b257ae776..16d5ea0c83 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -74,40 +74,41 @@ expect an integer, and they can only be specified once. A self-sufficient runtime for linux containers. Options: - --api-enable-cors=false Enable CORS headers in the remote API - -b, --bridge="" Attach containers to a network bridge - --bip="" Specify network bridge IP - -D, --debug=false Enable debug mode - -d, --daemon=false Enable daemon mode - --dns=[] DNS server to use - --dns-search=[] DNS search domains to use - -e, --exec-driver="native" Exec driver to use - --fixed-cidr="" IPv4 subnet for fixed IPs - --fixed-cidr-v6="" IPv6 subnet for fixed IPs - -G, --group="docker" Group for the unix socket - -g, --graph="/var/lib/docker" Root of the Docker runtime - -H, --host=[] Daemon socket(s) to use or connect to - --icc=true Enable inter-container communication - --insecure-registry=[] Enable insecure registry communication - --ip=0.0.0.0 Default IP when binding container ports - --ip-forward=true Enable net.ipv4.ip_forward - --ip-masq=true Enable IP masquerading - --iptables=true Enable addition of iptables rules - --ipv6=false Enable IPv6 networking - -l, --log-level="info" Set the logging level - --label=[] Set key=value labels to the daemon - --mtu=0 Set the containers network MTU - -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file - --registry-mirror=[] Preferred Docker registry mirror - -s, --storage-driver="" Storage driver to use - --selinux-enabled=false Enable selinux support - --storage-opt=[] Set storage driver options - --tls=false Use TLS; implied by --tlsverify flag - --tlscacert="/home/sven/.docker/ca.pem" Trust certs signed only by this CA - --tlscert="/home/sven/.docker/cert.pem" Path to TLS certificate file - --tlskey="/home/sven/.docker/key.pem" Path to TLS key file - --tlsverify=false Use TLS and verify the remote - -v, --version=false Print version information and quit + --api-enable-cors=false Enable CORS headers in the remote API + -b, --bridge="" Attach containers to a network bridge + --bip="" Specify network bridge IP + -D, --debug=false Enable debug mode + -d, --daemon=false Enable daemon mode + --dns=[] DNS server to use + --dns-search=[] DNS search domains to use + -e, --exec-driver="native" Exec driver to use + --fixed-cidr="" IPv4 subnet for fixed IPs + --fixed-cidr-v6="" IPv6 subnet for fixed IPs + -G, --group="docker" Group for the unix socket + -g, --graph="/var/lib/docker" Root of the Docker runtime + -H, --host=[] Daemon socket(s) to use or connect to + -h, --help=false Print usage + --icc=true Enable inter-container communication + --insecure-registry=[] Enable insecure registry communication + --ip=0.0.0.0 Default IP when binding container ports + --ip-forward=true Enable net.ipv4.ip_forward + --ip-masq=true Enable IP masquerading + --iptables=true Enable addition of iptables rules + --ipv6=false Enable IPv6 networking + -l, --log-level="info" Set the logging level + --label=[] Set key=value labels to the daemon + --mtu=0 Set the containers network MTU + -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file + --registry-mirror=[] Preferred Docker registry mirror + -s, --storage-driver="" Storage driver to use + --selinux-enabled=false Enable selinux support + --storage-opt=[] Set storage driver options + --tls=false Use TLS; implied by --tlsverify flag + --tlscacert="~/.docker/ca.pem" Trust certs signed only by this CA + --tlscert="~/.docker/cert.pem" Path to TLS certificate file + --tlskey="~/.docker/key.pem" Path to TLS key file + --tlsverify=false Use TLS and verify the remote + -v, --version=false Print version information and quit Options with [] may be specified multiple times. @@ -202,8 +203,8 @@ share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_p The `overlay` is a very fast union filesystem. It is now merged in the main Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). -Call `docker -d -s overlay` to use it. -> **Note:** +Call `docker -d -s overlay` to use it. +> **Note:** > It is currently unsupported on `btrfs` or any Copy on Write filesystem > and should only be used over `ext4` partitions. @@ -222,11 +223,11 @@ Currently supported options are: are inherently "sparse", so a 10G device which is mostly empty doesn't use 10 GB of space on the pool. However, the filesystem will use more space for the empty case the larger the device is. - + **Warning**: This value affects the system-wide "base" empty filesystem that may already be initialized and inherited by pulled images. Typically, a change to this value will require additional steps to take effect: - + $ sudo service docker stop $ sudo rm -rf /var/lib/docker $ sudo service docker start @@ -371,7 +372,7 @@ verification failed (i.e., wrong CA). By default, Docker assumes all, but local (see local registries below), registries are secure. Communicating with an insecure registry is not possible if Docker assumes that registry is secure. In order to communicate with an insecure registry, the Docker daemon requires `--insecure-registry` -in one of the following two forms: +in one of the following two forms: * `--insecure-registry myregistry:5000` tells the Docker daemon that myregistry:5000 should be considered insecure. * `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries whose domain resolve to an IP address is part @@ -476,7 +477,7 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). $ echo $? 0 $ docker ps -a | grep topdemo - 7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo + 7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo And in this second example, you can see the exit code returned by the `bash` process is returned by the `docker attach` command to its caller too: @@ -665,8 +666,8 @@ instructions instead of `Dockerfile`. $ sudo docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . $ sudo docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . -The above commands will build the current build context (as specified by -the `.`) twice, once using a debug version of a `Dockerfile` and once using +The above commands will build the current build context (as specified by +the `.`) twice, once using a debug version of a `Dockerfile` and once using a production version. $ cd /home/me/myapp/some/dir/really/deep @@ -674,9 +675,9 @@ a production version. $ sudo docker build -f ../../../../dockerfiles/debug /home/me/myapp These two `docker build` commands do the exact same thing. They both -use the contents of the `debug` file instead of looking for a `Dockerfile` -and will use `/home/me/myapp` as the root of the build context. Note that -`debug` is in the directory structure of the build context, regardless of how +use the contents of the `debug` file instead of looking for a `Dockerfile` +and will use `/home/me/myapp` as the root of the build context. Note that +`debug` is in the directory structure of the build context, regardless of how you refer to it on the command line. > **Note:** `docker build` will return a `no such file or directory` error @@ -1009,8 +1010,8 @@ For example: > **Note:** > `docker export` does not export the contents of volumes associated with the -> container. If a volume is mounted on top of an existing directory in the -> container, `docker export` will export the contents of the *underlying* +> container. If a volume is mounted on top of an existing directory in the +> container, `docker export` will export the contents of the *underlying* > directory, not the contents of the volume. > > Refer to [Backup, restore, or migrate data volumes](/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes) @@ -1414,7 +1415,7 @@ for further details. rename a existing container to a NEW_NAME -The `docker rename` command allows the container to be renamed to a different name. +The `docker rename` command allows the container to be renamed to a different name. ## ps @@ -1602,45 +1603,36 @@ removed before the image is removed. --cidfile="" Write the container ID to the file --cpuset="" CPUs in which to allow execution (0-3, 0,1) -d, --detach=false Run container in background and print container ID - --device=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) + --device=[] Add a host device to the container --dns=[] Set custom DNS servers - --dns-search=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) + --dns-search=[] Set custom DNS search domains -e, --env=[] Set environment variables --entrypoint="" Overwrite the default ENTRYPOINT of the image - --env-file=[] Read in a line delimited file of environment variables - --expose=[] Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host + --env-file=[] Read in a file of environment variables + --expose=[] Expose a port or a range of ports -h, --hostname="" Container host name + --help=false Print usage -i, --interactive=false Keep STDIN open even if not attached - --ipc="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container - 'container:': reuses another container shared memory, semaphores and message queues - 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. - --link=[] Add link to another container in the form of name:alias + --ipc="" IPC namespace to use + --link=[] Add link to another container --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit - -memory-swap="" Total memory (memory+swap), '-1' to disable swap --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) + --memory-swap="" Total memory (memory + swap), '-1' to disable swap --name="" Assign a name to the container --net="bridge" Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - -P, --publish-all=false Publish all exposed ports to random ports on the host interfaces - -p, --publish=[] Publish a container's port to the host - format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort - Both hostPort and containerPort can be specified as a range of ports. - When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) - (use 'docker port' to see the actual mapping) - --pid=host 'host': use the host PID namespace inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + -P, --publish-all=false Publish all exposed ports to random ports + -p, --publish=[] Publish a container's port(s) to the host + --pid="" PID namespace to use --privileged=false Give extended privileges to this container - --read-only=false Mount the container's root filesystem as read only - --restart="" Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + --read-only=false Mount the container's root filesystem as read only + --restart="" Restart policy to apply when a container exits --rm=false Automatically remove the container when it exits --security-opt=[] Security Options --sig-proxy=true Proxy received signals to the process -t, --tty=false Allocate a pseudo-TTY - -u, --user="" Username or UID - -v, --volume=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) + -u, --user="" Username or UID (format: [:]) + -v, --volume=[] Bind mount a volume --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container @@ -1724,7 +1716,7 @@ folder before starting your container. $ sudo docker run --read-only -v /icanwrite busybox touch /icanwrite here -Volumes can be used in combination with `--read-only` to control where +Volumes can be used in combination with `--read-only` to control where a container writes files. The `--read-only` flag mounts the container's root filesystem as read only prohibiting writes to locations other than the specified volumes for the container. @@ -1754,7 +1746,7 @@ ports in Docker. This sets environmental variables in the container. For illustration all three flags are shown here. Where `-e`, `--env` take an environment variable and value, or if no `=` is provided, then that variable's current value is passed -through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container). +through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container). When no `=` is provided and that variable is not defined in the client's environment then that variable will be removed from the container's list of environment variables. @@ -2009,8 +2001,8 @@ See [*Find Public Images on Docker Hub*]( /userguide/dockerrepos/#searching-for-images) for more details on finding shared images from the command line. -> **Note:** -> Search queries will only return up to 25 results +> **Note:** +> Search queries will only return up to 25 results ## start @@ -2039,7 +2031,7 @@ Running `docker stats` on multiple containers redis2 0.07% 2.746 MiB/64 MiB 4.29% 1.266 KiB/648 B -The `docker stats` command will only return a live stream of data for running +The `docker stats` command will only return a live stream of data for running containers. Stopped containers will not return any data. > **Note:** From 16b4b98c34cfb5b6b1af13c0c5d3920ed6a9c99b Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Wed, 4 Feb 2015 15:06:34 -0800 Subject: [PATCH 0469/2538] Removes the feature to pull all image aliases. It didn't work on v2 anyways. And an image with a lot of aliases was slow to fetch. Docker-DCO-1.1-Signed-off-by: Jessie Frazelle (github: jfrazelle) --- docs/sources/reference/commandline/cli.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 16d5ea0c83..4a55c824ea 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1487,8 +1487,7 @@ To download a particular image, or set of images (i.e., a repository), use `docker pull`: $ sudo docker pull debian - # will pull the debian:latest image, its intermediate layers - # and any aliases of the same id + # will pull the debian:latest image and its intermediate layers $ sudo docker pull debian:testing # will pull the image named debian:testing and any intermediate # layers it is based on. From f91ddd939ffa14f265735a6c83ccd7b4a16994f0 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 13 Feb 2015 12:09:56 -0800 Subject: [PATCH 0470/2538] Fix 'docker stats' help message Closes #10771 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4a55c824ea..2f6d57d43b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2014,7 +2014,7 @@ more details on finding shared images from the command line. ## stats - Usage: docker stats [CONTAINERS] + Usage: docker stats CONTAINER [CONTAINER...] Display a live stream of one or more containers' resource usage statistics From 3bb3eae782378fbb141778b07f2599bfb215fabc Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 16 Feb 2015 19:23:29 +0100 Subject: [PATCH 0471/2538] Fix bash completion for docker run -d Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ee895a0c10..670206ba12 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -663,7 +663,7 @@ _docker_run() { _filedir return ;; - --device|-d|--volume) + --device|--volume|-v) case "$cur" in *:*) # TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine) From ceee2175bdd2d8f10e556f2d80a6b926af91ea49 Mon Sep 17 00:00:00 2001 From: Mike Dillon Date: Wed, 18 Feb 2015 11:49:05 -0800 Subject: [PATCH 0472/2538] Add bash completion for `docker rename` Signed-off-by: Mike Dillon --- contrib/completion/bash/docker | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 670206ba12..cd09e4ba62 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -552,6 +552,13 @@ _docker_push() { fi } +_docker_rename() { + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_all + fi +} + _docker_restart() { case "$prev" in --time|-t) @@ -914,6 +921,7 @@ _docker() { ps pull push + rename restart rm rmi From ee1b138b2b947b7dcc00329ae277cc7f2aebc3cb Mon Sep 17 00:00:00 2001 From: Ahmet Alp Balkan Date: Wed, 18 Feb 2015 14:04:42 -0800 Subject: [PATCH 0473/2538] Shorten help messages for docker cmd flags In order to fit printed messages to fit 80 chars, rewording messages for `-H` and `--tls` flags. Signed-off-by: Ahmet Alp Balkan --- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index b7bd914177..88caf15ea8 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -72,7 +72,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -l registry-mirror -d 'Sp complete -c docker -f -n '__fish_docker_no_subcommand' -s s -l storage-driver -d 'Force the Docker runtime to use a specific storage driver' complete -c docker -f -n '__fish_docker_no_subcommand' -l selinux-enabled -d 'Enable selinux support. SELinux does not presently support the BTRFS storage driver' complete -c docker -f -n '__fish_docker_no_subcommand' -l storage-opt -d 'Set storage driver options' -complete -c docker -f -n '__fish_docker_no_subcommand' -l tls -d 'Use TLS; implied by --tlsverify flag' +complete -c docker -f -n '__fish_docker_no_subcommand' -l tls -d 'Use TLS; implied by --tlsverify' complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscacert -d 'Trust only remotes providing a certificate signed by the CA given here' complete -c docker -f -n '__fish_docker_no_subcommand' -l tlscert -d 'Path to TLS certificate file' complete -c docker -f -n '__fish_docker_no_subcommand' -l tlskey -d 'Path to TLS key file' diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2f6d57d43b..356a9566ff 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -86,7 +86,7 @@ expect an integer, and they can only be specified once. --fixed-cidr-v6="" IPv6 subnet for fixed IPs -G, --group="docker" Group for the unix socket -g, --graph="/var/lib/docker" Root of the Docker runtime - -H, --host=[] Daemon socket(s) to use or connect to + -H, --host=[] Daemon socket(s) to connect to -h, --help=false Print usage --icc=true Enable inter-container communication --insecure-registry=[] Enable insecure registry communication @@ -103,7 +103,7 @@ expect an integer, and they can only be specified once. -s, --storage-driver="" Storage driver to use --selinux-enabled=false Enable selinux support --storage-opt=[] Set storage driver options - --tls=false Use TLS; implied by --tlsverify flag + --tls=false Use TLS; implied by --tlsverify --tlscacert="~/.docker/ca.pem" Trust certs signed only by this CA --tlscert="~/.docker/cert.pem" Path to TLS certificate file --tlskey="~/.docker/key.pem" Path to TLS key file From f99a52dc6cac133f5bd6a2c1c1514ac32ba07c67 Mon Sep 17 00:00:00 2001 From: Bradley Cicenas Date: Fri, 6 Feb 2015 12:25:42 -0500 Subject: [PATCH 0474/2538] add logpath to docker inspect. Signed-off-by: Bradley Cicenas --- docs/sources/reference/commandline/cli.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 356a9566ff..093479644e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1238,6 +1238,10 @@ straightforward manner. $ sudo docker inspect --format='{{.NetworkSettings.MacAddress}}' $INSTANCE_ID +**Get an instance's log path:** + + $ sudo docker inspect --format='{{.LogPath}}' $INSTANCE_ID + **List All Port Bindings:** One can loop over arrays and maps in the results to produce simple text From 6ecd6bb0691daeea5fc0bbeb5ed6f6ba913fcaf4 Mon Sep 17 00:00:00 2001 From: Colm Hally Date: Wed, 28 Jan 2015 12:56:22 +0000 Subject: [PATCH 0475/2538] Group published and exposed ports by contiguous ranges Signed-off-by: Colm Hally --- docs/sources/reference/commandline/cli.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 093479644e..6da9f2f1b4 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1442,13 +1442,15 @@ The `docker rename` command allows the container to be renamed to a different na Running `docker ps --no-trunc` showing 2 linked containers. $ sudo docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - f7ee772232194fcc088c6bdec6ea09f7b3f6c54d53934658164b8602d7cd4744 ubuntu:12.04 bash 17 seconds ago Up 16 seconds webapp - d0963715a061c7c7b7cc80b2646da913a959fbf13e80a971d4a60f6997a2f595 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds 3300-3310/tcp webapp + d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db `docker ps` will show only running containers by default. To see all containers: `docker ps -a` +`docker ps` will group exposed ports into a single range if possible. E.g., a container that exposes TCP ports `100, 101, 102` will display `100-102/tcp` in the `PORTS` column. + #### Filtering The filtering flag (`-f` or `--filter)` format is a `key=value` pair. If there is more From d73a9d48f565ac0ce0a96ec42169524774eebef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Martins?= Date: Sat, 31 Jan 2015 00:23:47 +0000 Subject: [PATCH 0476/2538] Fixes #10457-Pause-and-unpause-accept-multi-containers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Applied multi parameters to pause and unpause. Created a new test file dedicated for pause commands. Created a new utility function to get a slice of paused containers. Updated documentation Signed-off-by: André Martins --- docs/sources/reference/commandline/cli.md | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6da9f2f1b4..87acc6cfb8 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1360,7 +1360,7 @@ nano-second part of the timestamp will be padded with zero when necessary. ## pause - Usage: docker pause CONTAINER + Usage: docker pause CONTAINER [CONTAINER...] Pause all processes within a container @@ -1397,22 +1397,6 @@ just a specific mapping: $ sudo docker port test 7890 0.0.0.0:4321 -## pause - - Usage: docker pause CONTAINER - - Pause all processes within a container - -The `docker pause` command uses the cgroups freezer to suspend all processes in -a container. Traditionally when suspending a process the `SIGSTOP` signal is -used, which is observable by the process being suspended. With the cgroups freezer -the process is unaware, and unable to capture, that it is being suspended, -and subsequently resumed. - -See the -[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) -for further details. - ## rename Usage: docker rename OLD_NAME NEW_NAME @@ -2074,7 +2058,7 @@ them to [*Share Images via Repositories*]( ## unpause - Usage: docker unpause CONTAINER + Usage: docker unpause CONTAINER [CONTAINER...] Unpause all processes within a container From 209f3889e08bd5c53a0ea2139f1b9209a2867ed6 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 20 Feb 2015 11:51:42 -0500 Subject: [PATCH 0477/2538] Remove CLI doc entry related to API-only function Closes #10278 Signed-off-by: Brian Goff --- docs/sources/reference/commandline/cli.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 87acc6cfb8..e865b635db 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -782,9 +782,6 @@ container at any point. This is useful when you want to set up a container configuration ahead of time so that it is ready to start when you need it. -Note that volumes set by `create` may be over-ridden by options set with -`start`. - Please see the [run command](#run) section for more details. #### Examples From b67b89f4cd23f5e85b78d6ffbd918426c0d4a815 Mon Sep 17 00:00:00 2001 From: Ahmet Alp Balkan Date: Sat, 21 Feb 2015 21:20:03 -0800 Subject: [PATCH 0478/2538] cli: Add server OS/Arch info to 'version' cmd Signed-off-by: Ahmet Alp Balkan --- docs/sources/reference/commandline/cli.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e865b635db..0a277fd8ab 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2072,8 +2072,21 @@ for further details. Show the Docker version information. -Show the Docker version, API version, Git commit, and Go version of -both Docker client and daemon. +Show the Docker version, API version, Git commit, Go version and OS/architecture +of both Docker client and daemon. Example use: + + $ sudo docker version + Client version: 1.5.0 + Client API version: 1.17 + Go version (client): go1.4.1 + Git commit (client): a8a31ef + OS/Arch (client): darwin/amd64 + Server version: 1.5.0 + Server API version: 1.17 + Go version (server): go1.4.1 + Git commit (server): a8a31ef + OS/Arch (server): linux/amd64 + ## wait From e49fa872b4dd980829c1502ef2afb2f6b0deae60 Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Sun, 22 Feb 2015 19:48:09 +0100 Subject: [PATCH 0479/2538] zsh: update zsh completion for docker command zsh completion is updated with the content of felixr/docker-zsh-completion. ef4a3fce0437 Update completion for `wait' as per 1.5.0 ace5aa9c1282 Add completion for `stats' 91f112834865 Update completion for `search' as per 1.5.0 a5e4febe4bf6 Update completion for `save' as per 1.5.0 1cdbdb18a384 Add completion for `rename' 2f004bb724b9 Update completion for `pull' as per 1.5.0 773b88e0885b Update completion for `logs' as per 1.5.0 c57e5d5c4551 Update completion for `load' to favor archive files 9af7d12b487e Update completion for `images` as per 1.5.0 0d59e66aff30 update completion for `exec' to complete on commands 46b6c66760d7 Update completion for `events' as per 1.5.0 307e0bdc4c34 Update completion for `commit' as per 1.5.0 c4b331f38cc4 Update completion for `build' as per 1.5.0 Also added myself in the `MAINTAINERS` file. Signed-off-by: Vincent Bernat --- contrib/completion/zsh/MAINTAINERS | 3 ++ contrib/completion/zsh/_docker | 51 ++++++++++++++++++++++++------ 2 files changed, 44 insertions(+), 10 deletions(-) create mode 100644 contrib/completion/zsh/MAINTAINERS diff --git a/contrib/completion/zsh/MAINTAINERS b/contrib/completion/zsh/MAINTAINERS new file mode 100644 index 0000000000..a9d0da5132 --- /dev/null +++ b/contrib/completion/zsh/MAINTAINERS @@ -0,0 +1,3 @@ +Tianon Gravi (@tianon) +Jessie Frazelle (@jfrazelle) +Vincent Bernat (@vincentbernat) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 9104f385d7..3215814313 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -197,8 +197,10 @@ __docker_subcommand () { ;; (build) _arguments \ + {-f,--file=-}'[Dockerfile to use]:Dockerfile:_files' \ '--force-rm[Always remove intermediate containers]' \ '--no-cache[Do not use cache when building the image]' \ + '--pull[Attempt to pull a newer version of the image]' \ {-q,--quiet}'[Suppress verbose build output]' \ '--rm[Remove intermediate containers after a successful build]' \ {-t,--tag=-}'[Repository, name and tag to be applied]:repository:__docker_repositories_with_tags' \ @@ -209,7 +211,6 @@ __docker_subcommand () { {-a,--author=-}'[Author]:author: ' \ {-m,--message=-}'[Commit message]:message: ' \ {-p,--pause}'[Pause container during commit]' \ - '--run=-[Configuration automatically applied when the image is run]:configuration: ' \ ':container:__docker_containers' \ ':repository:__docker_repositories_with_tags' ;; @@ -232,15 +233,28 @@ __docker_subcommand () { ;; (events) _arguments \ + '*'{-f,--filter=-}'[Filter values]:filter: ' \ '--since=-[Events created since this timestamp]:timestamp: ' \ '--until=-[Events created until this timestamp]:timestamp: ' ;; (exec) + local state ret _arguments \ {-d,--detach}'[Detached mode: leave the container running in the background]' \ {-i,--interactive}'[Keep stdin open even if not attached]' \ {-t,--tty}'[Allocate a pseudo-tty]' \ - ':containers:__docker_runningcontainers' + ':containers:__docker_runningcontainers' \ + '*::command:->anycommand' && ret=0 + + case $state in + (anycommand) + shift 1 words + (( CURRENT-- )) + _normal + ;; + esac + + return ret ;; (history) _arguments \ @@ -254,8 +268,6 @@ __docker_subcommand () { '*'{-f,--filter=-}'[Filter values]:filter: ' \ '--no-trunc[Do not truncate output]' \ {-q,--quiet}'[Only show numeric IDs]' \ - '--tree[Output graph in tree format]' \ - '--viz[Output graph in graphviz format]' \ ':repository:__docker_repositories' ;; (inspect) @@ -287,7 +299,7 @@ __docker_subcommand () { ;; (load) _arguments \ - {-i,--input=-}'[Read from tar archive file]:tar:_files' + {-i,--input=-}'[Read from tar archive file]:archive file:_files -g "*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)"' ;; (login) _arguments \ @@ -304,6 +316,7 @@ __docker_subcommand () { _arguments \ {-f,--follow}'[Follow log output]' \ {-t,--timestamps}'[Show timestamps]' \ + '--tail=-[Output the last K lines]:lines:(1 10 20 50 all)' \ '*:containers:__docker_containers' ;; (port) @@ -321,6 +334,10 @@ __docker_subcommand () { {-i,--interactive}'[Attach container'"'"'s stding]' \ '*:containers:__docker_stoppedcontainers' ;; + (stats) + _arguments \ + '*:containers:__docker_runningcontainers' + ;; (rm) _arguments \ {-f,--force}'[Force removal]' \ @@ -391,7 +408,7 @@ __docker_subcommand () { '*--lxc-conf=-[Add custom lxc options]:lxc options: ' \ '-m[Memory limit (in bytes)]:limit: ' \ '--name=-[Container name]:name: ' \ - '--net=-[Network mode]:network mode:(bridge none container: host)' \ + '--net=-[Network mode]:network mode:(bridge none container host)' \ {-P,--publish-all}'[Publish all exposed ports]' \ '*'{-p,--publish=-}'[Expose a container'"'"'s port to the host]:port:_ports' \ '--privileged[Give extended privileges to this container]' \ @@ -419,19 +436,33 @@ __docker_subcommand () { esac ;; - (pull|search) - _arguments ':name:__docker_search' + (pull) + _arguments \ + {-a,--all-tags}'[Download all tagged images]' \ + ':name:__docker_search' ;; (push) _arguments ':images:__docker_images' ;; + (rename) + _arguments \ + ':old name:__docker_containers' \ + ':new name: ' + ;; (save) _arguments \ {-o,--output=-}'[Write to file]:file:_files' \ - ':images:__docker_images' + '*:images:__docker_images' + ;; + (search) + _arguments \ + '--automated[Only show automated builds]' \ + '--no-trunc[Do not truncate output]' \ + {-s,--stars=-}'[Only display with at least X stars]:stars:(0 10 100 1000)' \ + ':term: ' ;; (wait) - _arguments ':containers:__docker_runningcontainers' + _arguments '*:containers:__docker_runningcontainers' ;; (help) _arguments ':subcommand:__docker_commands' From 10560b0a8fab8e47553cac6132e2470c015fe416 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 12 Feb 2015 13:48:12 +1000 Subject: [PATCH 0480/2538] a little re-writing Signed-off-by: Sven Dowideit --- docs/sources/reference/builder.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index d0c928188d..ca25072900 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -626,8 +626,7 @@ ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] If you need to write a starter script for a single executable, you can ensure that the final executable receives the Unix signals by using `exec` and `gosu` -(see [the Dockerfile best practices](/articles/dockerfile_best-practices/#entrypoint) -for more details): +commands: ```bash #!/bin/bash From 6042a6f9a4f55bdea560c38be41789ef7a113e57 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 9 Jan 2015 16:08:26 -0500 Subject: [PATCH 0481/2538] add docs for commit --change Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh (github: dqminh) Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/sources/reference/commandline/cli.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0a277fd8ab..a1d73c9b5a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -694,6 +694,7 @@ you refer to it on the command line. Create a new image from a container's changes -a, --author="" Author (e.g., "John Hannibal Smith ") + -c, --change=[] Apply a modification in Dockerfile format before committing the image -m, --message="" Commit message -p, --pause=true Pause container during commit @@ -720,6 +721,19 @@ If this behavior is undesired, set the 'p' option to false. REPOSITORY TAG ID CREATED VIRTUAL SIZE SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB +#### Commit an existing container with new configurations + + $ sudo docker ps + ID IMAGE COMMAND CREATED STATUS PORTS + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + $ sudo docker inspect -f "{{ .Config.Env }}" c3f279d17e0a + [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] + $ sudo docker commit --change "ENV DEBUG true" c3f279d17e0a SvenDowideit/testimage:version3 + f5283438590d + $ sudo docker inspect -f "{{ .Config.Env }}" f5283438590d + [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] + ## cp Copy files/folders from a container's filesystem to the host From 99ef14ddab9c8edba7ef4f9fcac141dddab085ea Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 5 Feb 2015 12:26:05 +0100 Subject: [PATCH 0482/2538] pass --change changes to the import job Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/sources/reference/commandline/cli.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a1d73c9b5a..1b4a650357 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -694,7 +694,7 @@ you refer to it on the command line. Create a new image from a container's changes -a, --author="" Author (e.g., "John Hannibal Smith ") - -c, --change=[] Apply a modification in Dockerfile format before committing the image + -c, --change=[] Apply specified Dockerfile instructions while committing the image -m, --message="" Commit message -p, --pause=true Pause container during commit @@ -709,7 +709,12 @@ while the image is committed. This reduces the likelihood of encountering data corruption during the process of creating the commit. If this behavior is undesired, set the 'p' option to false. -#### Commit an existing container +The `--change` option will apply `Dockerfile` instructions to the image +that is created. +Supported `Dockerfile` instructions: `CMD`, `ENTRYPOINT`, `ENV`, `EXPOSE`, +`ONBUILD`, `USER`, `VOLUME`, `WORKDIR` + +#### Commit a container $ sudo docker ps ID IMAGE COMMAND CREATED STATUS PORTS @@ -721,7 +726,7 @@ If this behavior is undesired, set the 'p' option to false. REPOSITORY TAG ID CREATED VIRTUAL SIZE SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB -#### Commit an existing container with new configurations +#### Commit a container with new configurations $ sudo docker ps ID IMAGE COMMAND CREATED STATUS PORTS @@ -1151,11 +1156,18 @@ NOTE: Docker will warn you if any containers exist that are using these untagged tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + -c, --change=[] Apply specified Dockerfile instructions while importing the image + URLs must start with `http` and point to a single file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a root filesystem. If you would like to import from a local directory or archive, you can use the `-` parameter to take the data from `STDIN`. +The `--change` option will apply `Dockerfile` instructions to the image +that is created. +Supported `Dockerfile` instructions: `CMD`, `ENTRYPOINT`, `ENV`, `EXPOSE`, +`ONBUILD`, `USER`, `VOLUME`, `WORKDIR` + #### Examples **Import from a remote location:** @@ -1174,6 +1186,10 @@ Import to docker via pipe and `STDIN`. $ sudo tar -c . | sudo docker import - exampleimagedir +**Import from a local directory with new configurations:** + + $ sudo tar -c . | sudo docker import --change "ENV DEBUG true" - exampleimagedir + Note the `sudo` in this example – you must preserve the ownership of the files (especially root ownership) during the archiving with tar. If you are not root (or the sudo command) when you From 91b4e8ad5620c661dbfe2209ae60e910335ba7e2 Mon Sep 17 00:00:00 2001 From: Abin Shahab Date: Fri, 30 Jan 2015 17:29:46 +0000 Subject: [PATCH 0483/2538] Implements stats for lxc driver Implements stats and fixes stats test. Signed-off-by: Abin Shahab (github: ashahab-altiscale) --- docs/sources/reference/commandline/cli.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1b4a650357..2f34c32926 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2037,8 +2037,6 @@ more details on finding shared images from the command line. --help=false Print usage -> **Note**: this functionality currently only works when using the *libcontainer* exec-driver. - Running `docker stats` on multiple containers $ sudo docker stats redis1 redis2 From 3004c90b517441c753a2b37d07f536ce3e49d37b Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Thu, 19 Feb 2015 09:40:23 -0800 Subject: [PATCH 0484/2538] Correct --add-host documentation regarding host IP address retrieval Fixes: 10855 The example was actually incorrect for many situations, and also, now that we have IPv6 we should not that the example is for IPv4 and note how to find IPv6 addresses. Also, the device they want to connect to could be the bridge, or main ethernet device, or some other device name, so note that as well. Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- docs/sources/reference/commandline/cli.md | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2f34c32926..345d11fcc0 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1966,13 +1966,21 @@ You can add other hosts into a container's `/etc/hosts` file by using one or mor round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms ``` -> **Note:** -> Sometimes you need to connect to the Docker host, which means getting the IP -> address of the host. You can use the following shell commands to simplify this -> process: -> -> $ alias hostip="ip route show 0.0.0.0/0 | grep -Eo 'via \S+' | awk '{ print \$2 }'" -> $ docker run --add-host=docker:$(hostip) --rm -it debian +Sometimes you need to connect to the Docker host from within your +container. To enable this, pass the Docker host's IP address to +the container using the `--add-host` flag. To find the host's address, +use the `ip addr show` command. + +The flags you pass to `ip addr show` depend on whether you are +using IPv4 or IPv6 networking in your containers. Use the following +flags for IPv4 address retrieval for a network device named `eth0`: + + $ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print \$2}' | cut -d / -f 1` + $ docker run --add-host=docker:${HOSTIP} --rm -it debian + +For IPv6 use the `-6` flag instead of the `-4` flag. For other network +devices, replace `eth0` with the correct device name (for example `docker0` +for the bridge device). ## save From aadc671cf09a956e45272d5f46e4256234487045 Mon Sep 17 00:00:00 2001 From: Dmitry Gusev Date: Fri, 27 Feb 2015 17:45:37 +0300 Subject: [PATCH 0485/2538] Update cli.md Use `-it` combination in example instead of `-ti`, because this is how it used everywhere in examples. Update dockerfile_best-practices.md Fix typo in command name Signed-off-by: Dmitry Gusev --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 345d11fcc0..38e9e3f3d5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -33,8 +33,8 @@ To list the help on any command just execute the command, followed by the `--hel ## Option types Single character command line options can be combined, so rather than -typing `docker run -t -i --name test busybox sh`, -you can write `docker run -ti --name test busybox sh`. +typing `docker run -i -t --name test busybox sh`, +you can write `docker run -it --name test busybox sh`. ### Boolean From 8ac0e4d95e834cbb95cdd17774aa3a3274483eeb Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 3 Mar 2015 13:58:35 -0800 Subject: [PATCH 0486/2538] Notes should be indented Signed-off-by: Sven Dowideit --- docs/sources/reference/builder.md | 21 +++++++++++---------- docs/sources/reference/commandline/cli.md | 2 +- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index ca25072900..6ee41f5b76 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -107,11 +107,11 @@ images. ### Environment Replacement -**Note:** prior to 1.3, `Dockerfile` environment variables were handled -similarly, in that they would be replaced as described below. However, there -was no formal definition on as to which instructions handled environment -replacement at the time. After 1.3 this behavior will be preserved and -canonical. +> **Note**: prior to 1.3, `Dockerfile` environment variables were handled +> similarly, in that they would be replaced as described below. However, there +> was no formal definition on as to which instructions handled environment +> replacement at the time. After 1.3 this behavior will be preserved and +> canonical. Environment variables (declared with [the `ENV` statement](#env)) can also be used in certain instructions as variables to be interpreted by the `Dockerfile`. Escapes @@ -337,11 +337,12 @@ specified network ports at runtime. Docker uses this information to interconnect containers using links (see the [Docker User Guide](/userguide/dockerlinks)) and to determine which ports to expose to the host when [using the -P flag](/reference/run/#expose-incoming-ports). -**Note:** -`EXPOSE` doesn't define which ports can be exposed to the host or make ports -accessible from the host by default. To expose ports to the host, at runtime, -[use the `-p` flag](/userguide/dockerlinks) or -[the -P flag](/reference/run/#expose-incoming-ports). + +> **Note**: +> `EXPOSE` doesn't define which ports can be exposed to the host or make ports +> accessible from the host by default. To expose ports to the host, at runtime, +> [use the `-p` flag](/userguide/dockerlinks) or +> [the -P flag](/reference/run/#expose-incoming-ports). ## ENV diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 38e9e3f3d5..f480f89cf3 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1877,7 +1877,7 @@ flag: fdisk: unable to open /dev/xvdc: Operation not permitted ``` -**Note:** +> **Note:** > `--device` cannot be safely used with ephemeral devices. Block devices that > may be removed should not be added to untrusted containers with `--device`. From 9574a12badf60649e2a455eeaaf6c83c9d3a945b Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Tue, 17 Feb 2015 10:25:36 -0800 Subject: [PATCH 0487/2538] Support dockerfile and Dockerfile Closes #10807 Adds support for `dockerfile` ONLY when `Dockerfile` can't be found. If we're building from a Dockerfile via stdin/URL then always download it a `Dockerfile` and ignore the -f flag. Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 34 +++++++++++++---------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f480f89cf3..f1dcba9669 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -506,21 +506,27 @@ is returned by the `docker attach` command to its caller too: --rm=true Remove intermediate containers after a successful build -t, --tag="" Repository name (and optionally a tag) for the image -Use this command to build Docker images from a Dockerfile and a -"context". +Builds Docker images from a Dockerfile and a "context". A build's context is +the files located in the specified `PATH` or `URL`. The build process can +refer to any of the files in the context. For example, your build can use +an [*ADD*](/reference/builder/#add) instruction to reference a file in the +context. -The files at `PATH` or `URL` are called the "context" of the build. The -build process may refer to any of the files in the context, for example -when using an [*ADD*](/reference/builder/#add) instruction. -When a single Dockerfile is given as `URL` or is piped through `STDIN` -(`docker build - < Dockerfile`), then no context is set. +The `URL` parameter can specify the location of a Git repository; in this +case, the repository is the context. The Git repository is recursively +cloned with its submodules. The system does a fresh `git clone -recursive` +in a temporary directory on your local host. Then, this clone is sent to +the Docker daemon as the context. Local clones give you the ability to +access private repositories using local user credentials, VPN's, and so forth. -When a Git repository is set as `URL`, then the repository is used as -the context. The Git repository is cloned with its submodules -(`git clone -recursive`). A fresh `git clone` occurs in a temporary directory -on your local host, and then this is sent to the Docker daemon as the -context. This way, your local user credentials and VPN's etc can be -used to access private repositories. +Instead of specifying a context, you can pass a single Dockerfile in the +`URL` or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: + + docker build - < Dockerfile + +If you use STDIN or specify a `URL`, the system places the contents into a +file called `Dockerfile`, and any `-f`, `--file` option is ignored. In this +scenario, there is no context. If a file named `.dockerignore` exists in the root of `PATH` then it is interpreted as a newline-separated list of exclusion patterns. @@ -529,7 +535,7 @@ will be excluded from the context. Globbing is done using Go's [filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. Please note that `.dockerignore` files in other subdirectories are -considered as normal files. Filepaths in .dockerignore are absolute with +considered as normal files. Filepaths in `.dockerignore` are absolute with the current directory as the root. Wildcards are allowed but the search is not recursive. From d20a7f0d85e4be7dbb3e375296a425fbf3db0e8d Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Wed, 11 Feb 2015 14:21:38 -0500 Subject: [PATCH 0488/2538] Allow setting ulimits for containers Signed-off-by: Brian Goff --- docs/sources/reference/commandline/cli.md | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f1dcba9669..451168a58c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -109,6 +109,7 @@ expect an integer, and they can only be specified once. --tlskey="~/.docker/key.pem" Path to TLS key file --tlsverify=false Use TLS and verify the remote -v, --version=false Print version information and quit + --default-ulimit=[] Set default ulimit settings for containers. Options with [] may be specified multiple times. @@ -404,6 +405,14 @@ This will only add the proxy and authentication to the Docker daemon's requests your `docker build`s and running containers will need extra configuration to use the proxy +### Default Ulimits + +`--default-ulimit` allows you to set the default `ulimit` options to use for all +containers. It takes the same options as `--ulimit` for `docker run`. If these +defaults are not set, `ulimit` settings will be inheritted, if not set on +`docker run`, from the Docker daemon. Any `--ulimit` options passed to +`docker run` will overwrite these defaults. + ### Miscellaneous options IP masquerading uses address translation to allow containers without a public IP to talk @@ -1988,6 +1997,23 @@ For IPv6 use the `-6` flag instead of the `-4` flag. For other network devices, replace `eth0` with the correct device name (for example `docker0` for the bridge device). +### Setting ulimits in a container + +Since setting `ulimit` settings in a container requires extra privileges not +available in the default container, you can set these using the `--ulimit` flag. +`--ulimit` is specified with a soft and hard limit as such: +`=[:]`, for example: + +``` + $ docker run --ulimit nofile=1024:1024 --rm debian ulimit -n + 1024 +``` + +>**Note:** +> If you do not provide a `hard limit`, the `soft limit` will be used for both +values. If no `ulimits` are set, they will be inherited from the default `ulimits` +set on the daemon. + ## save Usage: docker save [OPTIONS] IMAGE [IMAGE...] From 71a1c3353373899dd34e896b829f7aad825428a3 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Tue, 3 Mar 2015 09:04:06 -0800 Subject: [PATCH 0489/2538] Fix 'docker ps --help' so the options don't span more than one line and add a testcase to catch this in the future. While in there I also: - removed extra periods from the few options that had them (new test) - made the --filter option consistent across all command Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 28 +++++++++++------------ 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 451168a58c..69f602b4f9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -26,7 +26,7 @@ To list the help on any command just execute the command, followed by the `--hel Run a command in a new container - -a, --attach=[] Attach to STDIN, STDOUT or STDERR. + -a, --attach=[] Attach to STDIN, STDOUT or STDERR -c, --cpu-shares=0 CPU shares (relative weight) ... @@ -771,7 +771,7 @@ Creates a new container. Create a new container - -a, --attach=[] Attach to STDIN, STDOUT or STDERR. + -a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) -c, --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities @@ -890,7 +890,7 @@ For example: Get real time events from the server - -f, --filter=[] Provide filter values (i.e., 'event=stop') + -f, --filter=[] Filter output based on conditions provided --since="" Show all events created since timestamp --until="" Stream events until this timestamp @@ -1075,7 +1075,7 @@ To see how the `docker:latest` image was built: List images -a, --all=false Show all images (default hides intermediate images) - -f, --filter=[] Provide filter values (i.e., 'dangling=true') + -f, --filter=[] Filter output based on conditions provided --no-trunc=false Don't truncate output -q, --quiet=false Only show numeric IDs @@ -1256,7 +1256,7 @@ ensure we know how your setup is configured. Return low-level information on a container or image - -f, --format="" Format the output using the given go template. + -f, --format="" Format the output using the given go template By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. @@ -1454,16 +1454,14 @@ The `docker rename` command allows the container to be renamed to a different na List containers -a, --all=false Show all containers (default shows just running) - --before="" Show only container created before Id or Name. - -f, --filter=[] Provide filter values. Valid filters: - exited= - containers with exit code of - status=(restarting|running|paused|exited) - -l, --latest=false Show the latest created container, include non-running. - -n=-1 Show n last created containers, include non-running . + --before="" Show only container created before Id or Name + -f, --filter=[] Filter output based on conditions provided + -l, --latest=false Show the latest created container, include non-running + -n=-1 Show n last created containers, include non-running --no-trunc=false Don't truncate output -q, --quiet=false Only display numeric IDs -s, --size=false Display total file sizes - --since="" Show created since Id or Name, include non-running. + --since="" Show created since Id or Name, include non-running Running `docker ps --no-trunc` showing 2 linked containers. @@ -1546,7 +1544,7 @@ registry or to a self-hosted one. Restart a running container - -t, --time=10 Seconds to wait for stop before killing the container. + -t, --time=10 Seconds to wait for stop before killing the container ## rm @@ -1626,7 +1624,7 @@ removed before the image is removed. Run a command in a new container - -a, --attach=[] Attach to STDIN, STDOUT or STDERR. + -a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) -c, --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities @@ -2098,7 +2096,7 @@ containers. Stopped containers will not return any data. Stop a running container by sending SIGTERM and then SIGKILL after a grace period - -t, --time=10 Seconds to wait for stop before killing it. + -t, --time=10 Seconds to wait for stop before killing it The main process inside the container will receive `SIGTERM`, and after a grace period, `SIGKILL`. From 92b48f975ad229dee1eb37c97a4f0be9cc56162b Mon Sep 17 00:00:00 2001 From: resouer Date: Mon, 9 Feb 2015 15:15:07 +0800 Subject: [PATCH 0490/2538] Add cors header flag and leave boolean flag not changed Deprecate api-enable-cors Update docs & man files Signed-off-by: harry zhang --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 69f602b4f9..eb61872dae 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -75,6 +75,7 @@ expect an integer, and they can only be specified once. Options: --api-enable-cors=false Enable CORS headers in the remote API + --api-cors-header="" Set CORS headers in the remote API -b, --bridge="" Attach containers to a network bridge --bip="" Specify network bridge IP -D, --debug=false Enable debug mode From 93b07b4a634121b1be26b20722578e2c86e3884e Mon Sep 17 00:00:00 2001 From: Zhang Wentao Date: Tue, 3 Mar 2015 11:15:17 +0800 Subject: [PATCH 0491/2538] docker info display http/https_proxy setting Signed-off-by: Zhang Wentao --- docs/sources/reference/commandline/cli.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index eb61872dae..8ffaa5adc3 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1241,6 +1241,9 @@ For example: EventsListeners: 0 Init Path: /usr/bin/docker Docker Root Dir: /var/lib/docker + Http Proxy: http://test:test@localhost:8080 + Https Proxy: https://test:test@localhost:8080 + No Proxy: 9.81.1.160 Username: svendowideit Registry: [https://index.docker.io/v1/] Labels: From 5bc113a640cca71ecb458a118aa476198e4383fc Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Fri, 6 Mar 2015 15:13:27 +0800 Subject: [PATCH 0492/2538] Fix docker build and docker run bash completion Signed-off-by: Lei Jitang --- contrib/completion/bash/docker | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index cd09e4ba62..01140d8c7d 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -255,11 +255,15 @@ _docker_build() { __docker_image_repos_and_tags return ;; + --file|-f) + _filedir + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--force-rm --no-cache --quiet -q --rm --tag -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--file -f --force-rm --no-cache --quiet -q --rm --tag -t" -- "$cur" ) ) ;; *) local counter="$(__docker_pos_first_nonflag '--tag|-t')" @@ -623,8 +627,10 @@ _docker_run() { --lxc-conf --mac-address --memory -m + --memory-swap --name --net + --pid --publish -p --restart --security-opt @@ -635,9 +641,11 @@ _docker_run() { " local all_options="$options_with_args + --help --interactive -i --privileged --publish-all -P + --read-only --tty -t " From d69dea3c441e07cc01e697df543da83729e2d844 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 6 Mar 2015 06:36:23 -0800 Subject: [PATCH 0493/2538] Tell users about how VOLUME initializes the new mount point/volume Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 6ee41f5b76..3d34db38cc 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -777,14 +777,28 @@ If you then run `docker stop test`, the container will not exit cleanly - the VOLUME ["/data"] -The `VOLUME` instruction will create a mount point with the specified name -and mark it as holding externally mounted volumes from native host or other +The `VOLUME` instruction creates a mount point with the specified name +and marks it as holding externally mounted volumes from native host or other containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log /var/db`. For more information/examples and mounting instructions via the -Docker client, refer to [*Share Directories via Volumes*](/userguide/dockervolumes/#volume) +Docker client, refer to +[*Share Directories via Volumes*](/userguide/dockervolumes/#volume) documentation. +The `docker run` command initializes the newly created volume with any data +that exists at the specified location within the base image. For example, +consider the following Dockerfile snippet: + + FROM ubuntu + RUN mkdir /myvol + RUN echo "hello world" > /myvol/greating + VOLUME /myvol + +This Dockerfile results in an image that causes `docker run`, to +create a new mount point at `/myvol` and copy the `greating` file +into the newly created volume. + > **Note**: > The list is parsed as a JSON array, which means that > you must use double-quotes (") around words not single-quotes ('). From 99a47ff6006fbc1bd14c4cd8d46fb4eb5babcdff Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 1 Mar 2015 21:13:33 +0100 Subject: [PATCH 0494/2538] Docs: add restart-policies to 'Run reference' This moves some information on restart-policies from the "command line" page to "run reference". Also fixes some minor typos and adds a "NOTE" about --rm and --restart not allowed to be combined. Also removes inline CSS styles from tables, which will be styled by the stylesheet, and fixes some minor MarkDown errors (`<` -> <) depends on https://github.com/docker/docs-base/pull/1 resolves #11069 Signed-off-by: Sebastiaan van Stijn --- docs/sources/reference/commandline/cli.md | 75 +++++++----- docs/sources/reference/run.md | 132 ++++++++++++++++++---- 2 files changed, 157 insertions(+), 50 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8ffaa5adc3..da4daec88b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1931,41 +1931,56 @@ application change: #### Restart Policies -Using the `--restart` flag on Docker run you can specify a restart policy for -how a container should or should not be restarted on exit. +Use Docker's `--restart` to specify a container's *restart policy*. A restart +policy controls whether the Docker daemon restarts a container after exit. +Docker supports the following restart policies: -An ever increasing delay (double the previous delay, starting at 100 milliseconds) -is added before each restart to prevent flooding the server. This means the daemaon -will wait for 100 mS, then 200 mS, 400, 800, 1600, and so on until either the -`on-failure` limit is hit, or when you `docker stop` or even `docker rm -f` -the container. - -When a restart policy is active on a container, it will be shown in `docker ps` -as either `Up` or `Restarting` in `docker ps`. It can also be useful to use -`docker events` to see the restart policy in effect. - -** no ** - Do not restart the container when it exits. - -** on-failure ** - Restart the container only if it exits with a non zero exit status. - -** always ** - Always restart the container regardless of the exit status. - -You can also specify the maximum amount of times Docker will try to -restart the container when using the ** on-failure ** policy. The -default is that Docker will try forever to restart the container. + + + + + + + + + + + + + + + + + + + + + +
PolicyResult
no + Do not automatically restart the container when it exits. This is the + default. +
+ + on-failure[:max-retries] + + + Restart only if the container exits with a non-zero exit status. + Optionally, limit the number of restart retries the Docker + daemon attempts. +
always + Always restart the container regardless of the exit status. + When you specify always, the Docker daemon will try to restart + the container indefinitely. +
$ sudo docker run --restart=always redis -This will run the `redis` container with a restart policy of ** always ** so that if -the container exits, Docker will restart it. +This will run the `redis` container with a restart policy of **always** +so that if the container exits, Docker will restart it. - $ sudo docker run --restart=on-failure:10 redis - -This will run the `redis` container with a restart policy of ** -on-failure ** and a maximum restart count of 10. If the `redis` -container exits with a non-zero exit status more than 10 times in a row -Docker will abort trying to restart the container. Providing a maximum -restart limit is only valid for the ** on-failure ** policy. +More detailed information on restart policies can be found in the +[Restart Policies (--restart)](/reference/run/#restart-policies-restart) section +of the Docker run reference page. ### Adding entries to a container hosts file diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 8faf9ad77c..268ade05ee 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -52,6 +52,7 @@ following options. - [PID Equivalent](#pid-equivalent) - [IPC Settings](#ipc-settings) - [Network Settings](#network-settings) + - [Restart Policies
(--restart)](#restart-policies-restart) - [Clean Up (--rm)](#clean-up-rm) - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory) - [Runtime Privilege, Linux Capabilities, and LXC Configuration](#runtime-privilege-linux-capabilities-and-lxc-configuration) @@ -256,6 +257,99 @@ container itself as well as `localhost` and a few other common things. The ::1 localhost ip6-localhost ip6-loopback 86.75.30.9 db-static +## Restart policies (--restart) + +Using the `--restart` flag on Docker run you can specify a restart policy for +how a container should or should not be restarted on exit. + +When a restart policy is active on a container, it will be shown as either `Up` +or `Restarting` in [`docker ps`](/reference/commandline/cli/#ps). It can also be +useful to use [`docker events`](/reference/commandline/cli/#events) to see the +restart policy in effect. + +Docker supports the following restart policies: + + + + + + + + + + + + + + + + + + + + + + +
PolicyResult
no + Do not automatically restart the container when it exits. This is the + default. +
+ + on-failure[:max-retries] + + + Restart only if the container exits with a non-zero exit status. + Optionally, limit the number of restart retries the Docker + daemon attempts. +
always + Always restart the container regardless of the exit status. + When you specify always, the Docker daemon will try to restart + the container indefinitely. +
+ +An ever increasing delay (double the previous delay, starting at 100 +milliseconds) is added before each restart to prevent flooding the server. +This means the daemon will wait for 100 ms, then 200 ms, 400, 800, 1600, +and so on until either the `on-failure` limit is hit, or when you `docker stop` +or `docker rm -f` the container. + +If a container is succesfully restarted (the container is started and runs +for at least 10 seconds), the delay is reset to its default value of 100 ms. + +You can specify the maximum amount of times Docker will try to restart the +container when using the **on-failure** policy. The default is that Docker +will try forever to restart the container. The number of (attempted) restarts +for a container can be obtained via [`docker inspect`]( +/reference/commandline/cli/#inspect). For example, to get the number of restarts +for container "my-container"; + + $ sudo docker inspect -f "{{ .RestartCount }}" my-container + # 2 + +Or, to get the last time the container was (re)started; + + $ docker inspect -f "{{ .State.StartedAt }}" my-container + # 2015-03-04T23:47:07.691840179Z + +You cannot set any restart policy in combination with +["clean up (--rm)"](#clean-up-rm). Setting both `--restart` and `--rm` +results in an error. + +###Examples + + $ sudo docker run --restart=always redis + +This will run the `redis` container with a restart policy of **always** +so that if the container exits, Docker will restart it. + + $ sudo docker run --restart=on-failure:10 redis + +This will run the `redis` container with a restart policy of **on-failure** +and a maximum restart count of 10. If the `redis` container exits with a +non-zero exit status more than 10 times in a row Docker will abort trying to +restart the container. Providing a maximum restart limit is only valid for the +**on-failure** policy. + ## Clean up (--rm) By default a container's file system persists even after the container @@ -317,15 +411,15 @@ We have four ways to set memory usage: - memory=inf, memory-swap=inf (not specify any of them) There is no memory limit, you can use as much as you want. - - memory=L - - Variable - Value + + + + - - + - - - + + - - + - - - + + +
VariableValue
HOME + HOME Set based on the value of USER
HOSTNAME +
HOSTNAME The hostname associated with the container
PATH + PATH Includes popular directories, such as :
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TERM - xterm if the container is allocated a psuedo-TTY -
TERMxterm if the container is allocated a psuedo-TTY
@@ -619,7 +711,7 @@ container running Redis: # The redis-name container exposed port 6379 $ sudo docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4241164edf6f $ dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name # Note that there are no public ports exposed since we didn᾿t use -p or -P From 80728bcd7ba2ac112896571f35a69e4b6ec5a46e Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Fri, 6 Mar 2015 17:39:32 -0800 Subject: [PATCH 0495/2538] Remove subdirectories MAINTAINERS files Signed-off-by: Arnaud Porterie --- contrib/completion/{MAINTAINERS => REVIEWERS} | 0 contrib/completion/zsh/{MAINTAINERS => REVIEWERS} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename contrib/completion/{MAINTAINERS => REVIEWERS} (100%) rename contrib/completion/zsh/{MAINTAINERS => REVIEWERS} (100%) diff --git a/contrib/completion/MAINTAINERS b/contrib/completion/REVIEWERS similarity index 100% rename from contrib/completion/MAINTAINERS rename to contrib/completion/REVIEWERS diff --git a/contrib/completion/zsh/MAINTAINERS b/contrib/completion/zsh/REVIEWERS similarity index 100% rename from contrib/completion/zsh/MAINTAINERS rename to contrib/completion/zsh/REVIEWERS From ef5874f0a9680c04273e485a204fb9051bd187e5 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Tue, 3 Mar 2015 11:15:34 +0800 Subject: [PATCH 0496/2538] docs: fix cpu.shares part in man pages The original description has some mistakes and lack of many useful information, I rewrite them to make it accurate and complete. Signed-off-by: Qiang Huang --- docs/sources/reference/run.md | 43 ++++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 268ade05ee..5e5d21154a 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -423,24 +423,35 @@ We have four ways to set memory usage: It is not allowed to use more than L bytes of memory, swap *plus* memory usage is limited by S. -The operator can increase the priority of this container with -the `-c` option. By default, all containers run at the same priority and -get the same proportion of CPU cycles, but you can tell the kernel to -give more shares of CPU time to one or more containers when you start -them via Docker. +The operator can modify the priority of this container with +the `-c` option. By default, all containers run at the same priority +and get the same proportion of CPU cycles, the value specified must be 2 +or higher, if you are not setting `-c` or `--cpu-shares`, the default +shares of CPU time would be 1024. -The flag `-c` or `--cpu-shares` with value 0 indicates that the running -container has access to all 1024 (default) CPU shares. However, this value -can be modified to run a container with a different priority or different -proportion of CPU cycles. +CPU shares is kind of CPU bandwidth weight, the proportion will only +reflect when CPU-intensive processes are running. When tasks in one +container are idle, other containers are allowed to borrow the left-over +CPU time. -E.g., If we start three {C0, C1, C2} containers with default values -(`-c` OR `--cpu-shares` = 0) and one {C3} with (`-c` or `--cpu-shares`=512) -then C0, C1, and C2 would have access to 100% CPU shares (1024) and C3 would -only have access to 50% CPU shares (512). In the context of a time-sliced OS -with time quantum set as 100 milliseconds, containers C0, C1, and C2 will run -for full-time quantum, and container C3 will run for half-time quantum i.e 50 -milliseconds. +The actual amount of CPU time can very depending on the number of containers +running on the system. If a container have a share of 1024 and two other +containers have share of 512, when processes in all containers attempt to +use 100% of CPU, the first container would receive 50% of all CPU time, if +another container with share of 1024 is added, the first container would +only get 33% of the CPU (the rest receive 16.5%, 16.5% and 33% of CPU). + +Note that shares of CPU time are distributed per all CPU cores on multi-core +systems. Even if a container is limited to less than 100% of CPU time, it +may use 100% of each individual CPU core. E.g., if we start {C0} container +with (`-c` = 512) and {C1} with (`-c` = 1024), we start three CPU-intensive +processes (one in {C0} and two in {C1}) on a system with more than three +cores, might results in the following division of CPU shares: + +PID container CPU CPU share +100 {C0} 0 100% of CPU0 +101 {C1} 1 100% of CPU1 +102 {C1} 2 100% of CPU2 ## Runtime privilege, Linux capabilities, and LXC configuration From 5f274ccd57c03dca2e99aaf89d8aac4c73ce7a2f Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 3 Mar 2015 18:17:46 -0800 Subject: [PATCH 0497/2538] fix to cpu.shares documentation by @hqhq Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 3 +- docs/sources/reference/run.md | 59 +++++++++++++---------- 2 files changed, 35 insertions(+), 27 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index da4daec88b..abe752260c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -817,7 +817,8 @@ container at any point. This is useful when you want to set up a container configuration ahead of time so that it is ready to start when you need it. -Please see the [run command](#run) section for more details. +Please see the [run command](#run) section and the [Docker run reference]( +/reference/run/) for more details. #### Examples diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 5e5d21154a..f2400ecfc4 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -405,7 +405,9 @@ container: -m="": Memory limit (format: , where unit = b, k, m or g) -memory-swap="": Total memory limit (memory + swap, format: , where unit = b, k, m or g) - -c=0 : CPU shares (relative weight) + -c, --cpu-shares=0 CPU shares (relative weight) + +### Memory constraints We have four ways to set memory usage: - memory=inf, memory-swap=inf (not specify any of them) @@ -423,35 +425,40 @@ We have four ways to set memory usage: It is not allowed to use more than L bytes of memory, swap *plus* memory usage is limited by S. -The operator can modify the priority of this container with -the `-c` option. By default, all containers run at the same priority -and get the same proportion of CPU cycles, the value specified must be 2 -or higher, if you are not setting `-c` or `--cpu-shares`, the default -shares of CPU time would be 1024. +### CPU share constraint -CPU shares is kind of CPU bandwidth weight, the proportion will only -reflect when CPU-intensive processes are running. When tasks in one -container are idle, other containers are allowed to borrow the left-over -CPU time. +By default, all containers get the same proportion of CPU cycles. This proportion +can be modified by changing the container's CPU share weighting relative +to the weighting of all other running containers. -The actual amount of CPU time can very depending on the number of containers -running on the system. If a container have a share of 1024 and two other -containers have share of 512, when processes in all containers attempt to -use 100% of CPU, the first container would receive 50% of all CPU time, if -another container with share of 1024 is added, the first container would -only get 33% of the CPU (the rest receive 16.5%, 16.5% and 33% of CPU). +To modify the proportion from the default of 1024, use the `-c` or `--cpu-shares` +flag to set the weighting to 2 or higher. -Note that shares of CPU time are distributed per all CPU cores on multi-core -systems. Even if a container is limited to less than 100% of CPU time, it -may use 100% of each individual CPU core. E.g., if we start {C0} container -with (`-c` = 512) and {C1} with (`-c` = 1024), we start three CPU-intensive -processes (one in {C0} and two in {C1}) on a system with more than three -cores, might results in the following division of CPU shares: +The proportion will only apply when CPU-intensive processes are running. +When tasks in one container are idle, other containers can use the +left-over CPU time. The actual amount of CPU time will vary depending on +the number of containers running on the system. -PID container CPU CPU share -100 {C0} 0 100% of CPU0 -101 {C1} 1 100% of CPU1 -102 {C1} 2 100% of CPU2 +For example, consider three containers, one has a cpu-share of 1024 and +two others have a cpu-share setting of 512. When processes in all three +containers attempt to use 100% of CPU, the first container would receive +50% of the total CPU time. If you add a fouth container with a cpu-share +of 1024, the first container only gets 33% of the CPU. The remaining containers +receive 16.5%, 16.5% and 33% of the CPU. + +On a multi-core system, the shares of CPU time are distributed over all CPU +cores. Even if a container is limited to less than 100% of CPU time, it can +use 100% of each individual CPU core. + +For example, consider a system with more than three cores. If you start one +container `{C0}` with `-c=512` running one process, and another container +`{C1}` with `-c=1024` running two processes, this can result in the following +division of CPU shares: + + PID container CPU CPU share + 100 {C0} 0 100% of CPU0 + 101 {C1} 1 100% of CPU1 + 102 {C1} 2 100% of CPU2 ## Runtime privilege, Linux capabilities, and LXC configuration From 863f296d3aaad2923534f710e2eed0a4c453582a Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 6 Mar 2015 14:05:26 -0800 Subject: [PATCH 0498/2538] Show how to remove a file from the docs s3 bucket, and then invalidate the cloudflare cache Signed-off-by: Sven Dowideit --- docs/README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/README.md b/docs/README.md index 8e49af7aa2..361affab3d 100755 --- a/docs/README.md +++ b/docs/README.md @@ -152,3 +152,32 @@ _if_ the `DISTRIBUTION_ID` is set to the Cloudfront distribution ID (ask the met team) - this will take at least 15 minutes to run and you can check its progress with the CDN Cloudfront Chrome addin. +## Removing files from the docs.docker.com site + +Sometimes it becomes necessary to remove files from the historical published documentation. +The most reliable way to do this is to do it directly using `aws s3` commands running in a +docs container: + +Start the docs container like `make docs-shell`, but bind mount in your `awsconfig`: + +``` +docker run --rm -it -v $(CURDIR)/docs/awsconfig:/docs/awsconfig docker-docs:master bash +``` + +and then the following example shows deleting 2 documents from s3, and then requesting the +CloudFlare cache to invalidate them: + + +``` +export BUCKET BUCKET=docs.docker.com +export AWS_CONFIG_FILE=$(pwd)/awsconfig +aws s3 --profile $BUCKET ls s3://$BUCKET +aws s3 --profile $BUCKET rm s3://$BUCKET/v1.0/reference/api/docker_io_oauth_api/index.html +aws s3 --profile $BUCKET rm s3://$BUCKET/v1.1/reference/api/docker_io_oauth_api/index.html + +aws configure set preview.cloudfront true +export DISTRIBUTION_ID=YUTIYUTIUTIUYTIUT +aws cloudfront create-invalidation --profile docs.docker.com --distribution-id $DISTRIBUTION_ID --invalidation-batch '{"Paths":{"Quantity":1, "Items":["/v1.0/reference/api/docker_io_oauth_api/"]},"CallerReference":"6Mar2015sventest1"}' +aws cloudfront create-invalidation --profile docs.docker.com --distribution-id $DISTRIBUTION_ID --invalidation-batch '{"Paths":{"Quantity":1, "Items":["/v1.1/reference/api/docker_io_oauth_api/"]},"CallerReference":"6Mar2015sventest1"}' +``` + From 30240ffc53bf30b2153e9b9973fa4bb44adf9655 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Thu, 5 Mar 2015 08:39:32 -0800 Subject: [PATCH 0499/2538] Add support for 'docker cp' to write to stdout Closes #10805 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index abe752260c..f4dd5a5ac4 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -757,12 +757,15 @@ Supported `Dockerfile` instructions: `CMD`, `ENTRYPOINT`, `ENV`, `EXPOSE`, ## cp -Copy files/folders from a container's filesystem to the host -path. Paths are relative to the root of the filesystem. +Copy files/folders from a container's filesystem to the +path. Use '-' to write the data as a tar file to STDOUT. +Paths are relative to the root of the filesystem. - Usage: docker cp CONTAINER:PATH HOSTPATH + Usage: docker cp CONTAINER:PATH HOSTPATH|- + + Copy files/folders from the PATH to the HOSTPATH. Use '-' to write the data + as a tar file to STDOUT. - Copy files/folders from the PATH to the HOSTPATH ## create From a9394281b48b835c307319545c55eb170e4aa32d Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Sat, 7 Mar 2015 20:45:46 +0800 Subject: [PATCH 0500/2538] Fix docker start help message Signed-off-by: Lei Jitang --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f4dd5a5ac4..f8073d8505 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2085,7 +2085,7 @@ more details on finding shared images from the command line. Usage: docker start [OPTIONS] CONTAINER [CONTAINER...] - Restart a stopped container + Start one or more stopped containers -a, --attach=false Attach STDOUT/STDERR and forward signals -i, --interactive=false Attach container's STDIN From 9690067dee884a682be628d0756dd84091e7f79b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 19 Feb 2015 13:43:09 +0100 Subject: [PATCH 0501/2538] Add bash completion for docker events --filter and --until. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 01140d8c7d..b5b864cd57 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -338,14 +338,38 @@ _docker_diff() { _docker_events() { case "$prev" in - --since) + --filter|-f) + COMPREPLY=( $( compgen -S = -W "container event image" -- "$cur" ) ) + compopt -o nospace + return + ;; + --since|--until) + return + ;; + esac + + # "=" gets parsed to a word and assigned to either $cur or $prev depending on whether + # it is the last character or not. So we search for "xxx=" in the the last two words. + case "${words[$cword-2]}$prev=" in + *container=*) + cur="${cur#=}" + __docker_containers_all + return + ;; + *event=*) + COMPREPLY=( $( compgen -W "create destroy die export kill pause restart start stop unpause" -- "${cur#=}" ) ) + return + ;; + *image=*) + cur="${cur#=}" + __docker_image_repos_and_tags_and_ids return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--since" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --since --until" -- "$cur" ) ) ;; esac } From d8c4619844c5438f29034042482a630c66f3b8e4 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 9 Mar 2015 20:36:09 +0800 Subject: [PATCH 0502/2538] Add --ulimit and --default-ulimit to bash completion Signed-off-by: Lei Jitang --- contrib/completion/bash/docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b5b864cd57..7f32cefa29 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -659,6 +659,7 @@ _docker_run() { --restart --security-opt --user -u + --ulimit --volumes-from --volume -v --workdir -w @@ -973,6 +974,7 @@ _docker() { local main_options_with_args=" --bip --bridge -b + --default-ulimit --dns --dns-search --exec-driver -e From 688dc5977b16b28b9dda62f245ea6f4a4dd34558 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Tue, 10 Mar 2015 10:09:12 +0800 Subject: [PATCH 0503/2538] Set default restart policy name to 'no' Closes #10874 Signed-off-by: Lei Jitang --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f8073d8505..efcf5bff81 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -802,7 +802,7 @@ Creates a new container. -p, --publish=[] Publish a container's port(s) to the host --privileged=false Give extended privileges to this container --read-only=false Mount the container's root filesystem as read only - --restart="" Restart policy to apply when a container exits + --restart="no" Restart policy to apply when a container exits --security-opt=[] Security Options -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID From e75c4494ed57b03a8a20ac4207ecf38da8406e1d Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 11 Feb 2015 08:46:32 +0100 Subject: [PATCH 0504/2538] Need to support new linux capability AUDIT_READ Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7f32cefa29..63bb86bb37 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -131,6 +131,7 @@ __docker_capabilities() { ALL AUDIT_CONTROL AUDIT_WRITE + AUDIT_READ BLOCK_SUSPEND CHOWN DAC_OVERRIDE From d174e92779fa28e2ff469b5a46cd5d2988fd0049 Mon Sep 17 00:00:00 2001 From: Srini Brahmaroutu Date: Mon, 9 Feb 2015 06:03:42 +0000 Subject: [PATCH 0505/2538] filter events by container name,id or partial id Addresses #10645 Signed-off-by: Srini Brahmaroutu --- docs/sources/reference/commandline/cli.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index efcf5bff81..4987764bfb 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -992,6 +992,12 @@ You'll need two shells for this example. $ sudo docker events --filter 'container=7805c1d35632' --filter 'event=stop' 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + $ sudo docker events --filter 'container=container_1' --filter 'container=container_2' + 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop + 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + ## exec Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] From 50caf393cb6b230ad49d052d471f32420d575c8f Mon Sep 17 00:00:00 2001 From: ChristoperBiscardi Date: Sun, 8 Mar 2015 16:18:43 -0700 Subject: [PATCH 0506/2538] Fix a few code rendering errors in docs Signed-off-by: ChristoperBiscardi --- docs/sources/reference/run.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index f2400ecfc4..f06ca968ea 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -493,7 +493,6 @@ By default, the container will be able to `read`, `write`, and `mknod` these dev This can be overridden using a third `:rwm` set of options to each `--device` flag: -``` $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc Command (m for help): q @@ -507,7 +506,6 @@ This can be overridden using a third `:rwm` set of options to each `--device` fl $ sudo docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc fdisk: unable to open /dev/xvdc: Operation not permitted -``` In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default From cbbc74c2aca344092933b781fc2ef04676e31b43 Mon Sep 17 00:00:00 2001 From: Ahmet Alp Balkan Date: Tue, 10 Mar 2015 11:25:47 -0700 Subject: [PATCH 0507/2538] Add system time to /info This change adds daemon's system time as RFC3339Nano to the `/info` endpoint and shows in a more readable format (UnixDate) in `docker -D info` output. I will be using this to fix the clock skew between the remote test host and the CI machines running `docker events`-related tests as they're using `--since` and `--until` and the timestamps are not matching when daemon is not on the same machine. Signed-off-by: Ahmet Alp Balkan --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4987764bfb..0e4f805f83 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1248,6 +1248,7 @@ For example: Debug mode (client): true Fds: 10 Goroutines: 9 + System Time: Tue Mar 10 18:38:57 UTC 2015 EventsListeners: 0 Init Path: /usr/bin/docker Docker Root Dir: /var/lib/docker From 1fcf42aa8d2f4d8b50083f3510314f37f2a07772 Mon Sep 17 00:00:00 2001 From: Rick Wieman Date: Wed, 11 Mar 2015 07:41:56 +0100 Subject: [PATCH 0508/2538] Adds 'name' filter to the CLI reference. Also sorts the filter and fixes the bullet list. Signed-off-by: Rick Wieman --- docs/sources/reference/commandline/cli.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0e4f805f83..4ba938f2f1 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -921,9 +921,11 @@ Using multiple filters will be handled as a *AND*; for example container 588a23dac085 *AND* the event type is *start* Current filters: - * event - * image - * container + +* container +* event +* image +* name #### Examples From 10a12ec17e241774760f0ad8e202fae0f4e4fb88 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 11 Mar 2015 09:04:30 -0700 Subject: [PATCH 0509/2538] Minor tweak to build -f text to make it clear Dockerfile is in context Closes #11289 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4ba938f2f1..b10ab83058 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -508,7 +508,7 @@ is returned by the `docker attach` command to its caller too: Build a new image from the source code at PATH - -f, --file="" Name of the Dockerfile(Default is 'Dockerfile') + -f, --file="" Name of the Dockerfile (Default is 'PATH/Dockerfile') --force-rm=false Always remove intermediate containers --no-cache=false Do not use cache when building the image --pull=false Always attempt to pull a newer version of the image From 0be893a352b4930877457d1d1e54a143cb3948dd Mon Sep 17 00:00:00 2001 From: Mabin Date: Tue, 10 Mar 2015 16:14:43 +0800 Subject: [PATCH 0510/2538] docs: api-enable-cors is deprecated,updated docs description Signed-off-by: Mabin --- contrib/completion/bash/docker | 2 +- contrib/completion/fish/docker.fish | 2 +- docs/sources/reference/commandline/cli.md | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 63bb86bb37..5d48e02cf3 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -189,7 +189,6 @@ __docker_signals() { _docker_docker() { local boolean_options=" - --api-enable-cors --daemon -d --debug -D --help -h @@ -973,6 +972,7 @@ _docker() { ) local main_options_with_args=" + --api-cors-header --bip --bridge -b --default-ulimit diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 88caf15ea8..efee52f806 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -43,7 +43,7 @@ function __fish_print_docker_repositories --description 'Print a list of docker end # common options -complete -c docker -f -n '__fish_docker_no_subcommand' -l api-enable-cors -d 'Enable CORS headers in the remote API' +complete -c docker -f -n '__fish_docker_no_subcommand' -l api-cors-header -d "Set CORS headers in the remote API. Default is cors disabled" complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d 'Attach containers to a pre-existing network bridge' complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b" complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode' diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b10ab83058..1f61432b5a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -74,7 +74,6 @@ expect an integer, and they can only be specified once. A self-sufficient runtime for linux containers. Options: - --api-enable-cors=false Enable CORS headers in the remote API --api-cors-header="" Set CORS headers in the remote API -b, --bridge="" Attach containers to a network bridge --bip="" Specify network bridge IP From 6098d0f443190e2a3cfe7b29089e59f668ec5187 Mon Sep 17 00:00:00 2001 From: Michal Minar Date: Wed, 21 Jan 2015 13:40:59 +0100 Subject: [PATCH 0511/2538] Use system's ephemeral port range for port allocation Read `/proc/sys/net/ipv4/ip_local_port_range` kernel parameter to obtain ephemeral port range that now sets the boundaries of port allocator which finds free host ports for those exported by containers. Signed-off-by: Michal Minar --- docs/sources/reference/run.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index f06ca968ea..7529b848ea 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -651,10 +651,11 @@ developer, the operator has three choices: start the server container with `-P` or `-p,` or start the client container with `--link`. If the operator uses `-P` or `-p` then Docker will make the exposed port -accessible on the host and the ports will be available to any client -that can reach the host. When using `-P`, Docker will bind the exposed -ports to a random port on the host between 49153 and 65535. To find the -mapping between the host ports and the exposed ports, use `docker port`. +accessible on the host and the ports will be available to any client that can +reach the host. When using `-P`, Docker will bind the exposed port to a random +port on the host within an *ephemeral port range* defined by +`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host +ports and the exposed ports, use `docker port`. If the operator uses `--link` when starting the new client container, then the client container can access the exposed port via a private From 90e99d521dae81e768a321bf76b66d7e6c4db7b2 Mon Sep 17 00:00:00 2001 From: Deng Guangxing Date: Thu, 12 Mar 2015 19:06:48 +0800 Subject: [PATCH 0512/2538] Change cli.md to show right `docker rmi` output `docker rmi` output in docs/sources/reference/commandline/cli.md is different from real scene. This commit fixes it. Signed-off-by: Deng Guangxing --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1f61432b5a..d28ec7765b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1619,19 +1619,19 @@ removed before the image is removed. test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) $ sudo docker rmi fd484f19954f - Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories + Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories, use -f to force 2013/12/11 05:47:16 Error: failed to remove one or more images $ sudo docker rmi test1 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + Untagged: test1:latest $ sudo docker rmi test2 - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + Untagged: test2:latest $ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) $ sudo docker rmi test - Untagged: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + Untagged: test:latest Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 ## run From 84883d9d6f2256811aa8bbf10661b5ebc6fbc256 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Tue, 10 Mar 2015 14:10:28 -0700 Subject: [PATCH 0513/2538] Consistency in the restart policy docs Signed-off-by: Mary Anthony --- docs/sources/reference/commandline/cli.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d28ec7765b..e47e388f74 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -801,8 +801,8 @@ Creates a new container. -p, --publish=[] Publish a container's port(s) to the host --privileged=false Give extended privileges to this container --read-only=false Mount the container's root filesystem as read only - --restart="no" Restart policy to apply when a container exits - --security-opt=[] Security Options + --restart="no" Restart policy (no, on-failure[:max-retry], always) + --security-opt=[] Security options -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID -v, --volume=[] Bind mount a volume @@ -1011,8 +1011,8 @@ You'll need two shells for this example. The `docker exec` command runs a new command in a running container. -The command started using `docker exec` will only run while the container's primary -process (`PID 1`) is running, and will not be restarted if the container is restarted. +The command started using `docker exec` only runs while the container's primary +process (`PID 1`) is running, and it is not restarted if the container is restarted. If the container is paused, then the `docker exec` command will fail with an error: @@ -1671,7 +1671,7 @@ removed before the image is removed. --pid="" PID namespace to use --privileged=false Give extended privileges to this container --read-only=false Mount the container's root filesystem as read only - --restart="" Restart policy to apply when a container exits + --restart="no" Restart policy (no, on-failure[:max-retry], always) --rm=false Automatically remove the container when it exits --security-opt=[] Security Options --sig-proxy=true Proxy received signals to the process From 9e6338b24dd04922c11d25918977a0c29ad95c4b Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 11 Mar 2015 07:40:46 -0700 Subject: [PATCH 0514/2538] Add "Docker" to Reference pull-down for Command Line A minor thing, but I noticed that the "Reference" drop-down menu just says "Command line". This was fine when we just had one command line, but now there's also 'Compose command line' and I suspect we may add others later. We should qualify the Docker one with the word "Docker" in front Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e47e388f74..685bbbcbff 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2,7 +2,7 @@ page_title: Command Line Interface page_description: Docker's CLI command description and usage page_keywords: Docker, Docker documentation, CLI, command line -# Command Line +# Docker Command Line {{ include "no-remote-sudo.md" }} From 40d499514f8823e190f735046f8250657d69c870 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 11 Mar 2015 09:31:18 +0800 Subject: [PATCH 0515/2538] move resources from Config to HostConfig Cgroup resources are host dependent, they should be in hostConfig. For backward compatibility, we just copy it to hostConfig, and leave it in Config for now, so there is no regressions, but the right way to use this throught json is to put it in HostConfig, like: { "Hostname": "", ... "HostConfig": { "CpuShares": 512, "Memory": 314572800, ... } } As we will add CpusetMems, CpusetCpus is definitely a better name, but some users are already using Cpuset in their http APIs, we also make it compatible. The main idea is keep using Cpuset in Config Struct, and make it has the same value as CpusetCpus, but not always, some scenarios: - Users use --cpuset in docker command, it can setup cpuset.cpus and can get Cpuset field from docker inspect or other http API which will get config info. - Users use --cpuset-cpus in docker command, ditto. - Users use Cpuset field in their http APIs, ditto. - Users use CpusetCpus field in their http APIs, they won't get Cpuset field in Config info, because by then, they should already know what happens to Cpuset. Signed-off-by: Qiang Huang --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 685bbbcbff..1ca43cb9aa 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -780,7 +780,7 @@ Creates a new container. --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities --cidfile="" Write the container ID to the file - --cpuset="" CPUs in which to allow execution (0-3, 0,1) + --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --device=[] Add a host device to the container --dns=[] Set custom DNS servers --dns-search=[] Set custom DNS search domains @@ -1646,7 +1646,7 @@ removed before the image is removed. --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities --cidfile="" Write the container ID to the file - --cpuset="" CPUs in which to allow execution (0-3, 0,1) + --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container --dns=[] Set custom DNS servers From 18fea6ea4ae7b79e5ecca051c84ef9e1dc239fe2 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 16 Feb 2015 10:02:56 +1000 Subject: [PATCH 0516/2538] Add some information about the docker build return code Signed-off-by: Sven Dowideit --- docs/sources/reference/commandline/cli.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1ca43cb9aa..6b2d7c1bdd 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -537,6 +537,29 @@ If you use STDIN or specify a `URL`, the system places the contents into a file called `Dockerfile`, and any `-f`, `--file` option is ignored. In this scenario, there is no context. +### Return code + +On a successful build, a return code of success `0` will be returned. +When the build fails, a non-zero failure code will be returned. + +There should be informational output of the reason for failure output +to `STDERR`: + +``` +$ docker build -t fail . +Sending build context to Docker daemon 2.048 kB +Sending build context to Docker daemon +Step 0 : FROM busybox + ---> 4986bf8c1536 +Step 1 : RUN exit 13 + ---> Running in e26670ec7a0a +INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13 +$ echo $? +1 +``` + +### .dockerignore file + If a file named `.dockerignore` exists in the root of `PATH` then it is interpreted as a newline-separated list of exclusion patterns. Exclusion patterns match files or directories relative to `PATH` that From 3359add0825bf98bd348397116adf651740ceae9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 8 Mar 2015 17:42:14 +0100 Subject: [PATCH 0517/2538] docs: use more tables in run reference and minor fixups This adds two more tables to the run reference documentation. - the list of 'modes' for Network settings is now a table. - the "note" for `--net="host"` was moved from the list to the detailed description. - the 'options' for "Runtime constraints on CPU and memory" are now a table - slightly re-worded the description for "memory" options, e.g. "It is not allowed..." was rewriten to "The *container* is not allowed..." - fix example in "Runtime privilege, Linux capabilities, and LXC configuration" being indented twice - slightly reduced indenting in some `usage` output to be better readable. - fixes a typo `/ets/hosts` -> `/etc/hosts` Signed-off-by: Sebastiaan van Stijn --- docs/sources/reference/run.md | 153 +++++++++++++++++++++++++--------- 1 file changed, 114 insertions(+), 39 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 7529b848ea..44d4c04561 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -2,6 +2,12 @@ page_title: Docker run reference page_description: Configure containers at runtime page_keywords: docker, run, configure, runtime + + # Docker run reference **Docker runs processes in isolated containers**. When an operator @@ -50,9 +56,9 @@ following options. - [Container Identification](#container-identification) - [Name (--name)](#name-name) - [PID Equivalent](#pid-equivalent) - - [IPC Settings](#ipc-settings) + - [IPC Settings (--ipc)](#ipc-settings-ipc) - [Network Settings](#network-settings) - - [Restart Policies
(--restart)](#restart-policies-restart) + - [Restart Policies (--restart)](#restart-policies-restart) - [Clean Up (--rm)](#clean-up-rm) - [Runtime Constraints on CPU and Memory](#runtime-constraints-on-cpu-and-memory) - [Runtime Privilege, Linux Capabilities, and LXC Configuration](#runtime-privilege-linux-capabilities-and-lxc-configuration) @@ -127,16 +133,17 @@ programs might write out their process ID to a file (you've seen them as PID files): --cidfile="": Write the container ID to the file - + ### Image[:tag] While not strictly a means of identifying a container, you can specify a version of an image you'd like to run the container with by adding `image[:tag]` to the command. For example, `docker run ubuntu:14.04`. -## PID Settings +## PID Settings (--pid) --pid="" : Set the PID (Process) Namespace mode for the container, 'host': use the host's PID namespace inside the container + By default, all containers have the PID namespace enabled. PID namespace provides separation of processes. The PID Namespace removes the @@ -154,13 +161,16 @@ within the container. This command would allow you to use `strace` inside the container on pid 1234 on the host. -## IPC Settings +## IPC Settings (--ipc) + --ipc="" : Set the IPC mode for the container, - 'container:': reuses another container's IPC namespace - 'host': use the host's IPC namespace inside the container + 'container:': reuses another container's IPC namespace + 'host': use the host's IPC namespace inside the container + By default, all containers have the IPC namespace enabled. -IPC (POSIX/SysV IPC) namespace provides separation of named shared memory segments, semaphores and message queues. +IPC (POSIX/SysV IPC) namespace provides separation of named shared memory +segments, semaphores and message queues. Shared memory segments are used to accelerate inter-process communication at memory speed, rather than through pipes or through the network stack. Shared @@ -174,10 +184,10 @@ of the containers. --dns=[] : Set custom dns servers for the container --net="bridge" : Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the container --add-host="" : Add a line to /etc/hosts (host:IP) --mac-address="" : Sets the container's Ethernet device's MAC address @@ -196,10 +206,41 @@ explicitly by providing a MAC via the `--mac-address` parameter (format: Supported networking modes are: -* none - no networking in the container -* bridge - (default) connect the container to the bridge via veth interfaces -* host - use the host's network stack inside the container. Note: This gives the container full access to local system services such as D-bus and is therefore considered insecure. -* container - use another container's network stack + + + + + + + + + + + + + + + + + + + + + + + + + +
ModeDescription
none + No networking in the container. +
bridge (default) + Connect the container to the bridge via veth interfaces. +
host + Use the host's network stack inside the container. +
container:<name|id> + Use the network stack of another container, specified via + its *name* or *id*. +
#### Mode: none @@ -227,6 +268,9 @@ container. The container's hostname will match the hostname on the host system. Publishing ports and linking to other containers will not work when sharing the host's network stack. +> **Note**: `--net="host"` gives the container full access to local system +> services such as D-bus and is therefore considered insecure. + #### Mode: container With the networking mode set to `container` a container will share the @@ -410,20 +454,52 @@ container: ### Memory constraints We have four ways to set memory usage: - - memory=inf, memory-swap=inf (not specify any of them) - There is no memory limit, you can use as much as you want. - - memory=L<inf, memory-swap=inf (specify memory and set memory-swap as `-1`) - It is not allowed to use more than L bytes of memory, but use as much swap - as you want (only if the host supports swap memory). - - - memory=L<inf, memory-swap=2*L (specify memory without memory-swap) - It is not allowed to use more than L bytes of memory, swap *plus* memory - usage is double of that. - - - memory=L<inf, memory-swap=S<inf, L<=S (specify both memory and memory-swap) - It is not allowed to use more than L bytes of memory, swap *plus* memory - usage is limited by S. + + + + + + + + + + + + + + + + + + + + + + + + + +
OptionResult
+ memory=inf, memory-swap=inf (default) + + There is no memory limit for the container. The container can use + as much memory as needed. +
memory=L<inf, memory-swap=inf + (specify memory and set memory-swap as -1) The container is + not allowed to use more than L bytes of memory, but can use as much swap + as is needed (if the host supports swap memory). +
memory=L<inf, memory-swap=2*L + (specify memory without memory-swap) The container is not allowed to + use more than L bytes of memory, swap *plus* memory usage is double + of that. +
+ memory=L<inf, memory-swap=S<inf, L<=S + + (specify both memory and memory-swap) The container is not allowed to + use more than L bytes of memory, swap *plus* memory usage is limited + by S. +
### CPU share constraint @@ -492,20 +568,19 @@ will be accessible within the container. By default, the container will be able to `read`, `write`, and `mknod` these devices. This can be overridden using a third `:rwm` set of options to each `--device` flag: + $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc - $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + Command (m for help): q + $ sudo docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc + You will not be able to write the partition table. - Command (m for help): q - $ sudo docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc - You will not be able to write the partition table. + Command (m for help): q - Command (m for help): q - - $ sudo docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk /dev/xvdc + $ sudo docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk /dev/xvdc crash.... - $ sudo docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc - fdisk: unable to open /dev/xvdc: Operation not permitted + $ sudo docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc + fdisk: unable to open /dev/xvdc: Operation not permitted In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default @@ -770,7 +845,7 @@ If you restart the source container (`servicename` in this case), the recipient container's `/etc/hosts` entry will be automatically updated. > **Note**: -> Unlike host entries in the `/ets/hosts` file, IP addresses stored in the +> Unlike host entries in the `/etc/hosts` file, IP addresses stored in the > environment variables are not automatically updated if the source container is > restarted. We recommend using the host entries in `/etc/hosts` to resolve the > IP address of linked containers. From fd05b908be080855d3d3f7ae222a045c0e1b1e35 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 16 Mar 2015 18:21:32 -0600 Subject: [PATCH 0518/2538] Add "eval" to every invocation of "boot2docker shellinit" See http://unix.stackexchange.com/a/181581 for the rationale behind this change. Signed-off-by: Andrew "Tianon" Page --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 361affab3d..72172112ce 100755 --- a/docs/README.md +++ b/docs/README.md @@ -106,7 +106,7 @@ also update the root docs pages by running > if you are using Boot2Docker on OSX and the above command returns an error, > `Post http:///var/run/docker.sock/build?rm=1&t=docker-docs%3Apost-1.2.0-docs_update-2: > dial unix /var/run/docker.sock: no such file or directory', you need to set the Docker -> host. Run `$(boot2docker shellinit)` to see the correct variable to set. The command +> host. Run `eval "$(boot2docker shellinit)"` to see the correct variable to set. The command > will return the full `export` command, so you can just cut and paste. ## Cherry-picking documentation changes to update an existing release. From 72b8275268c30e425e8fa60c89e88bf97beb9ff3 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 17 Feb 2015 07:20:06 -0800 Subject: [PATCH 0519/2538] Allow specification of Label Name/Value pairs in image json content Save "LABEL" field in Dockerfile into image content. This will allow a user to save user data into an image, which can later be retrieved using: docker inspect IMAGEID I have copied this from the "Comment" handling in docker images. We want to be able to add Name/Value data to an image to describe the image, and then be able to use other tools to look at this data, to be able to do security checks based on this data. We are thinking about adding version names, Perhaps listing the content of the dockerfile. Descriptions of where the code came from etc. This LABEL field should also be allowed to be specified in the docker import --change LABEL:Name=Value docker commit --change LABEL:Name=Value Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/sources/reference/builder.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 3d34db38cc..00c70e6fa1 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -328,6 +328,17 @@ default specified in `CMD`. > the result; `CMD` does not execute anything at build time, but specifies > the intended command for the image. +## LABEL + LABEL = = = ... + + --The `LABEL` instruction allows you to describe the image your `Dockerfile` +is building. `LABEL` is specified as name value pairs. This data can +be retrieved using the `docker inspect` command + + + LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" + LABEL Version="1.0" + ## EXPOSE EXPOSE [...] @@ -907,6 +918,7 @@ For example you might add something like this: FROM ubuntu MAINTAINER Victor Vieux + LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" Version="1.0" RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server # Firefox over VNC From f39af7acf46ee7ebe02b0a793c82c79111b30885 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Thu, 22 Jan 2015 13:47:10 -0700 Subject: [PATCH 0520/2538] Add docs for container/image labels Signed-off-by: Darren Shepherd --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6b2d7c1bdd..64a5f9a82c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1685,6 +1685,8 @@ removed before the image is removed. --link=[] Add link to another container --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit + -l, --label=[] Set meta data on a container, for example com.example.key=value + -label-file=[] Read in a line delimited file of labels --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --memory-swap="" Total memory (memory + swap), '-1' to disable swap --name="" Assign a name to the container From b5c9f3f13a66c0651e54db2feaf86b627bf88dce Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 17 Feb 2015 01:36:03 +0100 Subject: [PATCH 0521/2538] Add labels documentation Adds more documentation for labels and adds the label instruction to the man-pages. Also included is a document called "Labels - custom meta-data in Docker" in the user-guide, this is still a work-in-progress I started to describe the "namespaces" conventions, an example on storing structured data. I ran a bit "out of steam" (writers block?) on that document, but kept it in (for now), in case it still ends up useful. The Remote API documentation changes will need to be moved to the docker_remote_api_v1.18.md document when rebasing the whole PR. Signed-off-by: Sebastiaan van Stijn Signed-off-by: Darren Shepherd --- docs/sources/reference/builder.md | 18 ++++++++--- docs/sources/reference/commandline/cli.md | 37 +++++++++++++++++++++-- 2 files changed, 49 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 00c70e6fa1..ff5821286d 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -331,13 +331,23 @@ default specified in `CMD`. ## LABEL LABEL = = = ... - --The `LABEL` instruction allows you to describe the image your `Dockerfile` -is building. `LABEL` is specified as name value pairs. This data can +The `LABEL` instruction allows you to add meta-data to the image your +`Dockerfile` is building. `LABEL` is specified as name value pairs. This data can be retrieved using the `docker inspect` command + LABEL com.example.label-without-value + LABEL com.example.label-with-value="foo" + LABEL version="1.0" + LABEL description="This my ACME image" vendor="ACME Products" - LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" - LABEL Version="1.0" +As illustrated above, the `LABEL` instruction allows for multiple labels to be +set at one time. Like command line parsing, quotes and backslashes can be used +to include spaces within values. + +For example: + + LABEL description="This text illustrates \ + that label-values can span multiple lines." ## EXPOSE diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 64a5f9a82c..2ba42004cf 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -814,6 +814,8 @@ Creates a new container. -h, --hostname="" Container host name -i, --interactive=false Keep STDIN open even if not attached --ipc="" IPC namespace to use + -l, --label=[] Set meta data on the container (e.g., --label=com.example.key=value) + --label-file=[] Read in a line delimited file of labels --link=[] Add link to another container --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit @@ -1166,6 +1168,7 @@ than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "b Current filters: * dangling (boolean - true or false) + * label (`label=` or `label==`) ##### Untagged images @@ -1685,8 +1688,8 @@ removed before the image is removed. --link=[] Add link to another container --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit - -l, --label=[] Set meta data on a container, for example com.example.key=value - -label-file=[] Read in a line delimited file of labels + -l, --label=[] Set meta data on the container (e.g., --label=com.example.key=value) + --label-file=[] Read in a line delimited file of labels --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --memory-swap="" Total memory (memory + swap), '-1' to disable swap --name="" Assign a name to the container @@ -1860,6 +1863,36 @@ An example of a file passed with `--env-file` This will create and run a new container with the container name being `console`. + $ sudo docker run -l my-label --env com.example.foo=bar ubuntu bash + +This sets two labels on the container. Label "my-label" doesn't have a value +specified and will default to "" (empty string) for its value. Both `-l` and +`--env` can be repeated to add more labels. Label names are unique; if the same +label is specified multiple times, latter values overwrite the previous value. + +Labels can also be loaded from a line delimited file of labels using the +`--label-file` flag. The example below will load labels from a file named `labels` +in the current directory; + + $ sudo docker run --env-file ./labels ubuntu bash + +The format of the labels-file is similar to that used for loading environment +variables (see `--env-file` above). An example of a file passed with `--env-file`; + + $ cat ./labels + com.example.label1="a label" + + # this is a comment + com.example.label2=another\ label + com.example.label3 + +Multiple label-files can be loaded by providing the `--label-file` multiple +times. + +For additional information on working with labels, see +[*Labels - custom meta-data in Docker*](/userguide/labels-custom-metadata/) in +the user guide. + $ sudo docker run --link /redis:redis --name console ubuntu bash The `--link` flag will link the container named `/redis` into the newly From 6b65e560cb41d43cd96494ff9b8efa1f0cf493a3 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Fri, 13 Mar 2015 09:38:41 -0700 Subject: [PATCH 0522/2538] Docs changes for labels based on feedback Signed-off-by: Darren Shepherd --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2ba42004cf..f69ff67fd7 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1863,21 +1863,21 @@ An example of a file passed with `--env-file` This will create and run a new container with the container name being `console`. - $ sudo docker run -l my-label --env com.example.foo=bar ubuntu bash + $ sudo docker run -l my-label --label com.example.foo=bar ubuntu bash This sets two labels on the container. Label "my-label" doesn't have a value specified and will default to "" (empty string) for its value. Both `-l` and -`--env` can be repeated to add more labels. Label names are unique; if the same +`--label` can be repeated to add more labels. Label names are unique; if the same label is specified multiple times, latter values overwrite the previous value. Labels can also be loaded from a line delimited file of labels using the `--label-file` flag. The example below will load labels from a file named `labels` in the current directory; - $ sudo docker run --env-file ./labels ubuntu bash + $ sudo docker run --label-file ./labels ubuntu bash The format of the labels-file is similar to that used for loading environment -variables (see `--env-file` above). An example of a file passed with `--env-file`; +variables (see `--label-file` above). An example of a file passed with `--label-file`; $ cat ./labels com.example.label1="a label" From bfca1f4258346e1990b090342b5b1898ad8f41a8 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Mon, 16 Mar 2015 13:28:55 -0700 Subject: [PATCH 0523/2538] Documentation changes for labels Signed-off-by: Darren Shepherd --- docs/sources/reference/builder.md | 24 +++++++------- docs/sources/reference/commandline/cli.md | 39 ++++++++++++----------- 2 files changed, 32 insertions(+), 31 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index ff5821286d..9a03c516ee 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -329,26 +329,26 @@ default specified in `CMD`. > the intended command for the image. ## LABEL - LABEL = = = ... -The `LABEL` instruction allows you to add meta-data to the image your -`Dockerfile` is building. `LABEL` is specified as name value pairs. This data can -be retrieved using the `docker inspect` command + LABEL = = = ... + +The `LABEL` instruction adds metadata to an image. A `LABEL` is a +key-value pair. To include spaces within a `LABEL` value, use quotes and +blackslashes as you would in command-line parsing. + + LABEL "com.example.vendor"="ACME Incorporated" + +An image can have more than one label. To specify multiple labels, separate each +key-value pair by an EOL. LABEL com.example.label-without-value LABEL com.example.label-with-value="foo" LABEL version="1.0" - LABEL description="This my ACME image" vendor="ACME Products" - -As illustrated above, the `LABEL` instruction allows for multiple labels to be -set at one time. Like command line parsing, quotes and backslashes can be used -to include spaces within values. - -For example: - LABEL description="This text illustrates \ that label-values can span multiple lines." +To view an image's labels, use the `docker inspect` command. + ## EXPOSE EXPOSE [...] diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f69ff67fd7..4ce50a7bae 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -814,7 +814,7 @@ Creates a new container. -h, --hostname="" Container host name -i, --interactive=false Keep STDIN open even if not attached --ipc="" IPC namespace to use - -l, --label=[] Set meta data on the container (e.g., --label=com.example.key=value) + -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) --label-file=[] Read in a line delimited file of labels --link=[] Add link to another container --lxc-conf=[] Add custom lxc options @@ -1688,8 +1688,8 @@ removed before the image is removed. --link=[] Add link to another container --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit - -l, --label=[] Set meta data on the container (e.g., --label=com.example.key=value) - --label-file=[] Read in a line delimited file of labels + -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) + --label-file=[] Read in a file of labels (EOL delimited) --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --memory-swap="" Total memory (memory + swap), '-1' to disable swap --name="" Assign a name to the container @@ -1860,38 +1860,39 @@ An example of a file passed with `--env-file` $ sudo docker run --name console -t -i ubuntu bash -This will create and run a new container with the container name being -`console`. +A label is a a `key=value` pair that applies metadata to a container. To label a container with two labels: $ sudo docker run -l my-label --label com.example.foo=bar ubuntu bash -This sets two labels on the container. Label "my-label" doesn't have a value -specified and will default to "" (empty string) for its value. Both `-l` and -`--label` can be repeated to add more labels. Label names are unique; if the same -label is specified multiple times, latter values overwrite the previous value. +The `my-label` key doesn't specify so the label defaults to an empty +string(`""`). To add multiple labels, repeat the label flag (`-l` or +`--label`). -Labels can also be loaded from a line delimited file of labels using the -`--label-file` flag. The example below will load labels from a file named `labels` -in the current directory; +The `key=value` must be unique. If you specify the same key multiple times +with different values, each subsequent value overwrites the previous. Docker +applies the last `key=value` you supply. + +Use the `--label-file` flag to load multiple labels from a file. Delimit each +label in the file with an EOL mark. The example below loads labels from a +labels file in the current directory; $ sudo docker run --label-file ./labels ubuntu bash -The format of the labels-file is similar to that used for loading environment -variables (see `--label-file` above). An example of a file passed with `--label-file`; +The label-file format is similar to the format for loading environment variables +(see `--env-file` above). The following example illustrates a label-file format; - $ cat ./labels com.example.label1="a label" # this is a comment com.example.label2=another\ label com.example.label3 -Multiple label-files can be loaded by providing the `--label-file` multiple +You can load multiple label-files by supplying the `--label-file` flag multiple times. -For additional information on working with labels, see -[*Labels - custom meta-data in Docker*](/userguide/labels-custom-metadata/) in -the user guide. +For additional information on working with labels, see +[*Labels - custom metadata in Docker*](/userguide/labels-custom-metadata/) in +the Docker User Guide. $ sudo docker run --link /redis:redis --name console ubuntu bash From 2eaa831df5c46a781a469ba735a5ec4f673e6d03 Mon Sep 17 00:00:00 2001 From: Andy Goldstein Date: Fri, 27 Feb 2015 02:23:50 +0000 Subject: [PATCH 0524/2538] Add ability to refer to image by name + digest Add ability to refer to an image by repository name and digest using the format repository@digest. Works for pull, push, run, build, and rmi. Signed-off-by: Andy Goldstein --- docs/sources/reference/builder.md | 9 +++-- docs/sources/reference/commandline/cli.md | 42 +++++++++++++++++++++-- docs/sources/reference/run.md | 10 ++++-- 3 files changed, 54 insertions(+), 7 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 9a03c516ee..9ba7286a6a 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -192,6 +192,10 @@ Or FROM : +Or + + FROM @ + The `FROM` instruction sets the [*Base Image*](/terms/image/#base-image) for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as its first instruction. The image can be any valid image – it is especially easy @@ -204,8 +208,9 @@ to start by **pulling an image** from the [*Public Repositories*]( multiple images. Simply make a note of the last image ID output by the commit before each new `FROM` command. -If no `tag` is given to the `FROM` instruction, `latest` is assumed. If the -used tag does not exist, an error will be returned. +The `tag` or `digest` values are optional. If you omit either of them, the builder +assumes a `latest` by default. The builder returns an error if it cannot match +the `tag` value. ## MAINTAINER diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 4ce50a7bae..c1fcd3ea90 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1112,7 +1112,9 @@ To see how the `docker:latest` image was built: List images -a, --all=false Show all images (default hides intermediate images) + --digests=false Show digests -f, --filter=[] Filter output based on conditions provided + --help=false Print usage --no-trunc=false Don't truncate output -q, --quiet=false Only show numeric IDs @@ -1161,6 +1163,22 @@ uses up the `VIRTUAL SIZE` listed only once. tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB +#### Listing image digests + +Images that use the v2 or later format have a content-addressable identifier +called a `digest`. As long as the input used to generate the image is +unchanged, the digest value is predictable. To list image digest values, use +the `--digests` flag: + + $ sudo docker images --digests | head + REPOSITORY TAG DIGEST IMAGE ID CREATED VIRTUAL SIZE + localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB + +When pushing or pulling to a 2.0 registry, the `push` or `pull` command +output includes the image digest. You can `pull` using a digest value. You can +also reference by digest in `create`, `run`, and `rmi` commands, as well as the +`FROM` image reference in a Dockerfile. + #### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more @@ -1563,6 +1581,10 @@ use `docker pull`: $ sudo docker pull debian:testing # will pull the image named debian:testing and any intermediate # layers it is based on. + $ sudo docker pull debian@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf + # will pull the image from the debian repository with the digest + # sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf + # and any intermediate layers it is based on. # (Typically the empty `scratch` image, a MAINTAINER layer, # and the un-tarred base). $ sudo docker pull --all-tags centos @@ -1634,9 +1656,9 @@ deleted. #### Removing tagged images -Images can be removed either by their short or long IDs, or their image -names. If an image has more than one name, each of them needs to be -removed before the image is removed. +You can remove an image using its short or long ID, its tag, or its digest. If +an image has one or more tag or digest reference, you must remove all of them +before the image is removed. $ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE @@ -1660,6 +1682,20 @@ removed before the image is removed. Untagged: test:latest Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 +An image pulled by digest has no tag associated with it: + + $ sudo docker images --digests + REPOSITORY TAG DIGEST IMAGE ID CREATED VIRTUAL SIZE + localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB + +To remove an image using its digest: + + $ sudo docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf + Untagged: localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf + Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 + Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2 + Deleted: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b + ## run Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 44d4c04561..571c0a46fe 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -24,7 +24,7 @@ other `docker` command. The basic `docker run` command takes this form: - $ sudo docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + $ sudo docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] To learn how to interpret the types of `[OPTIONS]`, see [*Option types*](/reference/commandline/cli/#option-types). @@ -140,6 +140,12 @@ While not strictly a means of identifying a container, you can specify a version image you'd like to run the container with by adding `image[:tag]` to the command. For example, `docker run ubuntu:14.04`. +### Image[@digest] + +Images using the v2 or later image format have a content-addressable identifier +called a digest. As long as the input used to generate the image is unchanged, +the digest value is predictable and referenceable. + ## PID Settings (--pid) --pid="" : Set the PID (Process) Namespace mode for the container, 'host': use the host's PID namespace inside the container @@ -661,7 +667,7 @@ Dockerfile instruction and how the operator can override that setting. Recall the optional `COMMAND` in the Docker commandline: - $ sudo docker run [OPTIONS] IMAGE[:TAG] [COMMAND] [ARG...] + $ sudo docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] This command is optional because the person who created the `IMAGE` may have already provided a default `COMMAND` using the Dockerfile `CMD` From 145950131228ea05849a1dba632278f0d2da600e Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Wed, 4 Feb 2015 11:04:58 -0800 Subject: [PATCH 0525/2538] Default 'json-file' logging driver and none logging driver Signed-off-by: Alexander Morozov --- docs/sources/reference/commandline/cli.md | 3 +++ docs/sources/reference/run.md | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c1fcd3ea90..c617c9a16a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -97,6 +97,7 @@ expect an integer, and they can only be specified once. --ipv6=false Enable IPv6 networking -l, --log-level="info" Set the logging level --label=[] Set key=value labels to the daemon + --log-driver="json-file" Container's logging driver (json-file/none) --mtu=0 Set the containers network MTU -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --registry-mirror=[] Preferred Docker registry mirror @@ -817,6 +818,7 @@ Creates a new container. -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) --label-file=[] Read in a line delimited file of labels --link=[] Add link to another container + --log-driver="" Logging driver for container --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) @@ -1722,6 +1724,7 @@ To remove an image using its digest: -i, --interactive=false Keep STDIN open even if not attached --ipc="" IPC namespace to use --link=[] Add link to another container + --log-driver="" Logging driver for container --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 571c0a46fe..23bdd4e7f8 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -642,6 +642,18 @@ familiar with using LXC directly. > you can use `--lxc-conf` to set a container's IP address, but this will not be > reflected in the `/etc/hosts` file. +## Logging drivers (--log-driver) + +You can specify a different logging driver for the container than for the daemon. + +### Log driver: none + +Disables any logging for the container. + +### Log driver: json-file + +Default logging driver for Docker. Writes JSON messages to file. + ## Overriding Dockerfile image defaults When a developer builds an image from a [*Dockerfile*](/reference/builder) From e30532cf3fc74d899ba995e74598e3bc06988a9f Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Thu, 5 Feb 2015 16:24:47 -0800 Subject: [PATCH 0526/2538] Fail docker logs on all logging drivers apart from 'json-file' Signed-off-by: Alexander Morozov --- docs/sources/reference/commandline/cli.md | 3 +++ docs/sources/reference/run.md | 8 +++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c617c9a16a..b6a2bad0ad 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1449,6 +1449,9 @@ For example: -t, --timestamps=false Show timestamps --tail="all" Number of lines to show from the end of the logs +NOTE: this command is available only for containers with `json-file` logging +driver. + The `docker logs` command batch-retrieves logs present at the time of execution. The `docker logs --follow` command will continue streaming the new output from diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 23bdd4e7f8..052a35823e 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -646,13 +646,15 @@ familiar with using LXC directly. You can specify a different logging driver for the container than for the daemon. -### Log driver: none +### Logging driver: none -Disables any logging for the container. +Disables any logging for the container. `docker logs` won't be available with +this driver. ### Log driver: json-file -Default logging driver for Docker. Writes JSON messages to file. +Default logging driver for Docker. Writes JSON messages to file. `docker logs` +command is available only for this logging driver ## Overriding Dockerfile image defaults From ade615a458f98c6c5d7596b181f5b43c6ac7d9c0 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Mon, 16 Mar 2015 21:49:33 -0700 Subject: [PATCH 0527/2538] Updating with Sven's comments and other tweaks Signed-off-by: Mary Anthony --- docs/sources/reference/builder.md | 9 +++++++ docs/sources/reference/commandline/cli.md | 31 +++++++++++------------ 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 9ba7286a6a..6955d31e0e 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -352,6 +352,15 @@ key-value pair by an EOL. LABEL description="This text illustrates \ that label-values can span multiple lines." +Docker recommends combining labels in a single `LABEL` instruction where +possible. Each `LABEL` instruction produces a new layer which can result in an +inefficient image if you use many labels. This example results in four image +layers. + +Labels are additive including `LABEL`s in `FROM` images. As the system +encounters and then applies a new label, new `key`s override any previous labels +with identical keys. + To view an image's labels, use the `docker inspect` command. ## EXPOSE diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b6a2bad0ad..5b233d7151 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -750,8 +750,7 @@ If this behavior is undesired, set the 'p' option to false. The `--change` option will apply `Dockerfile` instructions to the image that is created. -Supported `Dockerfile` instructions: `CMD`, `ENTRYPOINT`, `ENV`, `EXPOSE`, -`ONBUILD`, `USER`, `VOLUME`, `WORKDIR` +Supported `Dockerfile` instructions: `ADD`|`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`FROM`|`MAINTAINER`|`RUN`|`USER`|`LABEL`|`VOLUME`|`WORKDIR`|`COPY` #### Commit a container @@ -1906,22 +1905,23 @@ A label is a a `key=value` pair that applies metadata to a container. To label a $ sudo docker run -l my-label --label com.example.foo=bar ubuntu bash -The `my-label` key doesn't specify so the label defaults to an empty -string(`""`). To add multiple labels, repeat the label flag (`-l` or -`--label`). +The `my-label` key doesn't specify a value so the label defaults to an empty +string(`""`). To add multiple labels, repeat the label flag (`-l` or `--label`). -The `key=value` must be unique. If you specify the same key multiple times -with different values, each subsequent value overwrites the previous. Docker -applies the last `key=value` you supply. +The `key=value` must be unique to avoid overwriting the label value. If you +specify labels with identical keys but different values, each subsequent value +overwrites the previous. Docker uses the last `key=value` you supply. Use the `--label-file` flag to load multiple labels from a file. Delimit each label in the file with an EOL mark. The example below loads labels from a -labels file in the current directory; +labels file in the current directory: $ sudo docker run --label-file ./labels ubuntu bash -The label-file format is similar to the format for loading environment variables -(see `--env-file` above). The following example illustrates a label-file format; +The label-file format is similar to the format for loading environment +variables. (Unlike environment variables, labels are not visislbe to processes +running inside a container.) The following example illustrates a label-file +format: com.example.label1="a label" @@ -1929,12 +1929,11 @@ The label-file format is similar to the format for loading environment variables com.example.label2=another\ label com.example.label3 -You can load multiple label-files by supplying the `--label-file` flag multiple -times. +You can load multiple label-files by supplying multiple `--label-file` flags. -For additional information on working with labels, see -[*Labels - custom metadata in Docker*](/userguide/labels-custom-metadata/) in -the Docker User Guide. +For additional information on working with labels, see [*Labels - custom +metadata in Docker*](/userguide/labels-custom-metadata/) in the Docker User +Guide. $ sudo docker run --link /redis:redis --name console ubuntu bash From e2b5fc47e35a3b3205711d8f54db1c5adca4b03f Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 17 Mar 2015 17:06:23 +0100 Subject: [PATCH 0528/2538] Updates to bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 345 +++++++++++++++++++++++---------- 1 file changed, 238 insertions(+), 107 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5d48e02cf3..115cc15b39 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -238,7 +238,7 @@ _docker_docker() { _docker_attach() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--no-stdin --sig-proxy" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --no-stdin --sig-proxy" -- "$cur" ) ) ;; *) local counter="$(__docker_pos_first_nonflag)" @@ -263,7 +263,7 @@ _docker_build() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--file -f --force-rm --no-cache --quiet -q --rm --tag -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--file -f --force-rm --help --no-cache --pull --quiet -q --rm --tag -t" -- "$cur" ) ) ;; *) local counter="$(__docker_pos_first_nonflag '--tag|-t')" @@ -276,17 +276,17 @@ _docker_build() { _docker_commit() { case "$prev" in - --author|-a|--message|-m|--run) + --author|-a|--change|-c|--message|-m) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--author -a --message -m --run" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--author -a --change -c --help --message -m --pause -p" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--author|-a|--message|-m|--run') + local counter=$(__docker_pos_first_nonflag '--author|-a|--change|-c|--message|-m') if [ $cword -eq $counter ]; then __docker_containers_all @@ -303,26 +303,33 @@ _docker_commit() { } _docker_cp() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - case "$cur" in - *:) - return - ;; - *) - __docker_containers_all - COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) - compopt -o nospace - return - ;; - esac - fi - (( counter++ )) + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + case "$cur" in + *:) + return + ;; + *) + __docker_containers_all + COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) + compopt -o nospace + return + ;; + esac + fi + (( counter++ )) - if [ $cword -eq $counter ]; then - _filedir - return - fi + if [ $cword -eq $counter ]; then + _filedir + return + fi + ;; + esac } _docker_create() { @@ -330,10 +337,17 @@ _docker_create() { } _docker_diff() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_containers_all - fi + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_all + fi + ;; + esac } _docker_events() { @@ -369,7 +383,7 @@ _docker_events() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --since --until" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --help --since --until" -- "$cur" ) ) ;; esac } @@ -377,7 +391,7 @@ _docker_events() { _docker_exec() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--detach -d --interactive -i -t --tty" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i -t --tty" -- "$cur" ) ) ;; *) __docker_containers_running @@ -386,10 +400,17 @@ _docker_exec() { } _docker_export() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_containers_all - fi + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_all + fi + ;; + esac } _docker_help() { @@ -402,7 +423,7 @@ _docker_help() { _docker_history() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --no-trunc --quiet -q" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) @@ -414,9 +435,23 @@ _docker_history() { } _docker_images() { + case "$prev" in + --filter|-f) + COMPREPLY=( $( compgen -W "dangling=true" -- "$cur" ) ) + return + ;; + esac + + case "${words[$cword-2]}$prev=" in + *dangling=*) + COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-trunc --quiet -q" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) @@ -428,20 +463,31 @@ _docker_images() { } _docker_import() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - return - fi - (( counter++ )) + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + return + fi + (( counter++ )) - if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags - return - fi + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags + return + fi + ;; + esac } _docker_info() { - return + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + esac } _docker_inspect() { @@ -453,7 +499,7 @@ _docker_inspect() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--format -f" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) ;; *) __docker_containers_and_images @@ -471,7 +517,7 @@ _docker_kill() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--signal -s" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --signal -s" -- "$cur" ) ) ;; *) __docker_containers_running @@ -489,7 +535,7 @@ _docker_load() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--input -i" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --input -i" -- "$cur" ) ) ;; esac } @@ -503,15 +549,57 @@ _docker_login() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--email -e --password -p --username -u" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--email -e --help --password -p --username -u" -- "$cur" ) ) + ;; + esac +} + +_docker_logout() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; esac } _docker_logs() { + case "$prev" in + --tail) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--follow -f" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--follow -f --help --tail --timestamps -t" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag '--tail') + if [ $cword -eq $counter ]; then + __docker_containers_all + fi + ;; + esac +} + +_docker_pause() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_pauseable + fi + ;; + esac +} + +_docker_port() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) @@ -522,50 +610,42 @@ _docker_logs() { esac } -_docker_pause() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_containers_pauseable - fi -} - -_docker_port() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_containers_all - fi -} - _docker_ps() { case "$prev" in --before|--since) __docker_containers_all ;; + --filter|-f) + COMPREPLY=( $( compgen -S = -W "exited status" -- "$cur" ) ) + compopt -o nospace + return + ;; -n) return ;; esac - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--all -a --before --latest -l --no-trunc -n --quiet -q --size -s --since" -- "$cur" ) ) - ;; - esac -} - -_docker_pull() { - case "$prev" in - --tag|-t) + case "${words[$cword-2]}$prev=" in + *status=*) + COMPREPLY=( $( compgen -W "exited paused restarting running" -- "${cur#=}" ) ) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--tag -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --before --filter -f --help --latest -l -n --no-trunc --quiet -q --size -s --since" -- "$cur" ) ) + ;; + esac +} + +_docker_pull() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--all-tags -a --help" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--tag|-t') + local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then __docker_image_repos_and_tags fi @@ -574,17 +654,31 @@ _docker_pull() { } _docker_push() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags - fi + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_image_repos_and_tags + fi + ;; + esac } _docker_rename() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_containers_all - fi + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_all + fi + ;; + esac } _docker_restart() { @@ -596,7 +690,7 @@ _docker_restart() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--time -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) ) ;; *) __docker_containers_all @@ -607,8 +701,7 @@ _docker_restart() { _docker_rm() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--force -f --link -l --volumes -v" -- "$cur" ) ) - return + COMPREPLY=( $( compgen -W "--force -f --help --link -l --volumes -v" -- "$cur" ) ) ;; *) for arg in "${COMP_WORDS[@]}"; do @@ -620,13 +713,19 @@ _docker_rm() { esac done __docker_containers_stopped - return ;; esac } _docker_rmi() { - __docker_image_repos_and_tags_and_ids + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--force -f --help --no-prune" -- "$cur" ) ) + ;; + *) + __docker_image_repos_and_tags_and_ids + ;; + esac } _docker_run() { @@ -827,7 +926,7 @@ _docker_save() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "-o --output" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --output -o" -- "$cur" ) ) ;; *) __docker_image_repos_and_tags_and_ids @@ -844,7 +943,7 @@ _docker_search() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--automated --no-trunc --stars -s" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--automated --help --no-trunc --stars -s" -- "$cur" ) ) ;; esac } @@ -852,7 +951,7 @@ _docker_search() { _docker_start() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--attach -a --interactive -i" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--attach -a --help --interactive -i" -- "$cur" ) ) ;; *) __docker_containers_stopped @@ -861,7 +960,14 @@ _docker_start() { } _docker_stats() { - __docker_containers_running + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_containers_running + ;; + esac } _docker_stop() { @@ -873,7 +979,7 @@ _docker_stop() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--time -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) ) ;; *) __docker_containers_running @@ -884,7 +990,7 @@ _docker_stop() { _docker_tag() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--force -f" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) @@ -904,25 +1010,50 @@ _docker_tag() { } _docker_unpause() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_containers_unpauseable - fi + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_unpauseable + fi + ;; + esac } _docker_top() { - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_containers_running - fi + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_containers_running + fi + ;; + esac } _docker_version() { - return + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + esac } _docker_wait() { - __docker_containers_all + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_containers_all + ;; + esac } _docker() { @@ -943,11 +1074,11 @@ _docker() { images import info - insert inspect kill load login + logout logs pause port From f1cb33631f998241cb9417efd9d24b7cf7545f6b Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Tue, 10 Mar 2015 18:40:20 -0700 Subject: [PATCH 0529/2538] Clarify behavior of docker cp The STDOUT behavior of cp is not yet released in 1.50 so removed. Also, tested against 1.5 all other behaviors and extended documentation to match. Renamed HOSTPATH to HOSTDIR to give a self documenting name. Adding back in the references to STDOUT fix the command string Entering Doug's comment re append and ~/tmp/foo in the glass Adding in Doug's comments regarding PATHs and missing |- Updating with James comments Signed-off-by: Mary Anthony --- docs/sources/reference/commandline/cli.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5b233d7151..7a89426a98 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -779,14 +779,13 @@ Supported `Dockerfile` instructions: `ADD`|`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`FR ## cp -Copy files/folders from a container's filesystem to the -path. Use '-' to write the data as a tar file to STDOUT. -Paths are relative to the root of the filesystem. +Copy files or folders from a container's filesystem to the directory on the +host. Use '-' to write the data as a tar file to `STDOUT`. `CONTAINER:PATH` is +relative to the root of the container's filesystem. - Usage: docker cp CONTAINER:PATH HOSTPATH|- + Usage: docker cp CONTAINER:PATH HOSTDIR|- - Copy files/folders from the PATH to the HOSTPATH. Use '-' to write the data - as a tar file to STDOUT. + Copy files/folders from the PATH to the HOSTDIR. ## create From 4aa65f26aa428c70e4d508ecfc2667532660ba13 Mon Sep 17 00:00:00 2001 From: Joseph Kern Date: Fri, 19 Dec 2014 13:25:33 +0300 Subject: [PATCH 0530/2538] Modified `docker export` to allow an --output flag Copied code from CmdSave into CmdExport. This should work, not an expert in the API calls being made. But it does make more sense to have a consistent export/save flag. Signed-off-by: Joseph Kern checkpoint before edits on the export functions Signed-off-by: Joseph Kern Added an --output flag to docker export and created tests. Signed-off-by: Joseph Kern White space cleanup. Signed-off-by: Joseph Kern Docker-DCO-1.1-Signed-off-by: Joseph Kern (github: jfrazelle) checkpoint before edits on the export functions Signed-off-by: Joseph Kern White space cleanup. Signed-off-by: Joseph Kern Added text to reflect a new output option for the export command. Signed-off-by: Joseph Kern Whitespace clean up Signed-off-by: Joseph Kern Added man page documentation for the new --output flag in export Signed-off-by: Joseph Kern --- docs/sources/reference/commandline/cli.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 7a89426a98..f31707b565 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1068,14 +1068,22 @@ This will create a new Bash session in the container `ubuntu_bash`. ## export - Usage: docker export CONTAINER + Usage: docker export [OPTIONS] CONTAINER - Export the contents of a filesystem as a tar archive to STDOUT + Export the contents of a filesystem to a tar archive (streamed to STDOUT by default) -For example: + -o, --output="" Write to a file, instead of STDOUT + + Produces a tarred repository to the standard output stream. + + For example: $ sudo docker export red_panda > latest.tar + Or + + $ sudo docker export --output="latest.tar" red_panda + > **Note:** > `docker export` does not export the contents of volumes associated with the > container. If a volume is mounted on top of an existing directory in the From edc7c886402e803908f3c1fda0850a914dbaf38f Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 6 Feb 2015 09:33:01 -0500 Subject: [PATCH 0531/2538] Allow setting resource constrains for build Closes #10191 Allow `docker build` to set --cpu-shares, --cpuset, --memory, --memory-swap for all containers created by the build. Signed-off-by: Brian Goff --- docs/sources/reference/commandline/cli.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f31707b565..0ab5cfe897 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -515,6 +515,10 @@ is returned by the `docker attach` command to its caller too: -q, --quiet=false Suppress the verbose output generated by the containers --rm=true Remove intermediate containers after a successful build -t, --tag="" Repository name (and optionally a tag) for the image + -m, --memory="" Memory limit for all build containers + --memory-swap="" Total memory (memory + swap), `-1` to disable swap + -c, --cpu-shares CPU Shares (relative weight) + --cpuset-cpus="" CPUs in which to allow exection, e.g. `0-3`, `0,1` Builds Docker images from a Dockerfile and a "context". A build's context is the files located in the specified `PATH` or `URL`. The build process can From ae117d58d45b894c147d433925c903829ddae52c Mon Sep 17 00:00:00 2001 From: Vishnu Kannan Date: Mon, 16 Mar 2015 23:06:47 +0000 Subject: [PATCH 0532/2538] Adding documentation for '--cgroup-parent' option. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan (github: vishh) --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0ab5cfe897..7b6d1bf60c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -805,6 +805,7 @@ Creates a new container. -c, --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities + --cgroup-parent= Optional parent cgroup for the container --cidfile="" Write the container ID to the file --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --device=[] Add a host device to the container From d3a6b5adff27c915b1341bb3a066713c70ae1ae2 Mon Sep 17 00:00:00 2001 From: Vishnu Kannan Date: Mon, 16 Mar 2015 23:41:38 +0000 Subject: [PATCH 0533/2538] Adding integration tests for --cgroup-parent feature. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan (github: vishh) --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 7b6d1bf60c..81f6b04d77 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -805,7 +805,7 @@ Creates a new container. -c, --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities - --cgroup-parent= Optional parent cgroup for the container + --cgroup-parent="" Optional parent cgroup for the container --cidfile="" Write the container ID to the file --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --device=[] Add a host device to the container From fe7a340316ccc5279fbd776afdfd4661a8d4dd34 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 18 Mar 2015 18:31:24 +0100 Subject: [PATCH 0534/2538] Remove 'name' filter from docker events documentation Signed-off-by: Harald Albers --- docs/sources/reference/commandline/cli.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 81f6b04d77..322f5f401e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -954,7 +954,6 @@ Current filters: * container * event * image -* name #### Examples From f86dcef4865e50ecaedae553f53fb111380b57c8 Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Mon, 16 Mar 2015 19:02:53 +0800 Subject: [PATCH 0535/2538] fix wrong tab completion Signed-off-by: Ma Shimiao --- contrib/completion/fish/docker.fish | 2 +- contrib/completion/zsh/_docker | 16 +++------------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index efee52f806..d3237588ef 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -16,7 +16,7 @@ function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand' for i in (commandline -opc) - if contains -- $i attach build commit cp create diff events exec export history images import info insert inspect kill load login logout logs pause port ps pull push restart rm rmi run save search start stop tag top unpause version wait + if contains -- $i attach build commit cp create diff events exec export history images import info inspect kill load login logout logs pause port ps pull push rename restart rm rmi run save search start stop tag top unpause version wait return 1 end end diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3215814313..28398f7524 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -270,11 +270,6 @@ __docker_subcommand () { {-q,--quiet}'[Only show numeric IDs]' \ ':repository:__docker_repositories' ;; - (inspect) - _arguments \ - {-f,--format=-}'[Format the output using the given go template]:template: ' \ - '*:containers:__docker_containers' - ;; (import) _arguments \ ':URL:(- http:// file://)' \ @@ -282,15 +277,10 @@ __docker_subcommand () { ;; (info) ;; - (import) + (inspect) _arguments \ - ':URL:(- http:// file://)' \ - ':repository:__docker_repositories_with_tags' - ;; - (insert) - _arguments '1:containers:__docker_containers' \ - '2:URL:(http:// file://)' \ - '3:file:_files' + {-f,--format=-}'[Format the output using the given go template]:template: ' \ + '*:containers:__docker_containers' ;; (kill) _arguments \ From 698b8d3ed0d923901c5d24b14695e00ce68bfab2 Mon Sep 17 00:00:00 2001 From: Todd Whiteman Date: Fri, 20 Mar 2015 14:46:42 -0700 Subject: [PATCH 0536/2538] docs: cli: reorder rename command to be in alphabetical order Signed-off-by: Todd Whiteman --- docs/sources/reference/commandline/cli.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 322f5f401e..93be377baf 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1514,14 +1514,6 @@ just a specific mapping: $ sudo docker port test 7890 0.0.0.0:4321 -## rename - - Usage: docker rename OLD_NAME NEW_NAME - - rename a existing container to a NEW_NAME - -The `docker rename` command allows the container to be renamed to a different name. - ## ps Usage: docker ps [OPTIONS] @@ -1617,6 +1609,14 @@ use `docker pull`: Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) registry or to a self-hosted one. +## rename + + Usage: docker rename OLD_NAME NEW_NAME + + rename a existing container to a NEW_NAME + +The `docker rename` command allows the container to be renamed to a different name. + ## restart Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...] From fc39612aaa5b4671aad54687302b1de459a6ab25 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Fri, 6 Mar 2015 22:10:08 -0800 Subject: [PATCH 0537/2538] Updating in light of new contributors guide Link to new guide. Added a quickstart contributor guide for experienced people. Converting narrative style to procedures for easier use. I think there is something missing in the release publishing section...but it looks like it was missing in the original. Updates per thaJeztah Edits per Fred Updating with comments from Sven Signed-off-by: Mary Anthony --- docs/README.md | 339 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 219 insertions(+), 120 deletions(-) diff --git a/docs/README.md b/docs/README.md index 72172112ce..5feb496a73 100755 --- a/docs/README.md +++ b/docs/README.md @@ -1,156 +1,255 @@ # Docker Documentation -The source for Docker documentation is here under `sources/` and uses extended -Markdown, as implemented by [MkDocs](http://mkdocs.org). +The source for Docker documentation is in this directory under `sources/`. Our +documentation uses extended Markdown, as implemented by +[MkDocs](http://mkdocs.org). The current release of the Docker documentation +resides on [http://docs.docker.com](http://docs.docker.com). -The HTML files are built and hosted on -[http://docs.docker.com](http://docs.docker.com), and update automatically -after each change to the `docs` branch of [Docker on -GitHub](https://github.com/docker/docker) thanks to post-commit hooks. +## Understanding the documentation branches and processes -## Contributing - -Be sure to follow the [contribution guidelines](../CONTRIBUTING.md). -In particular, [remember to sign your work!](../CONTRIBUTING.md#sign-your-work) - -## Getting Started - -Docker documentation builds are done in a Docker container, which installs all -the required tools, adds the local `docs/` directory and builds the HTML docs. -It then starts a HTTP server on port 8000 so that you can connect and see your -changes. - -In the root of the `docker` source directory: - - $ make docs - .... (lots of output) .... - docker run --rm -it -e AWS_S3_BUCKET -p 8000:8000 "docker-docs:master" mkdocs serve - Running at: http://0.0.0.0:8000/ - Live reload enabled. - Hold ctrl+c to quit. - -If you have any issues you need to debug, you can use `make docs-shell` and then -run `mkdocs serve` - -## Testing the links - -You can use `make docs-test` to generate a report of missing links that are referenced in -the documentation - there should be none. - -## Adding a new document - -New document (`.md`) files are added to the documentation builds by adding them -to the menu definition in the `docs/mkdocs.yml` file. - -## Style guide - -If you have questions about how to write for Docker's documentation (e.g., -questions about grammar, syntax, formatting, styling, language, or tone) please -see the [style guide](sources/contributing/docs_style-guide.md). If something -isn't clear in the guide, please submit a PR to help us improve it. - -## Working using GitHub's file editor - -Alternatively, for small changes and typos you might want to use GitHub's built- -in file editor. It allows you to preview your changes right on-line (though -there can be some differences between GitHub Markdown and [MkDocs -Markdown](http://www.mkdocs.org/user-guide/writing-your-docs/)). Just be -careful not to create many commits. And you must still [sign your -work!](../CONTRIBUTING.md#sign-your-work) - -## Branches +Docker has two primary branches for documentation: | Branch | Description | URL (published via commit-hook) | |----------|--------------------------------|------------------------------------------------------------------------------| | `docs` | Official release documentation | [http://docs.docker.com](http://docs.docker.com) | -| `master` | Unreleased development work | [http://docs.master.dockerproject.com](http://docs.master.dockerproject.com) | +| `master` | Merged but unreleased development work | [http://docs.master.dockerproject.com](http://docs.master.dockerproject.com) | -**There are two branches related to editing docs**: `master` and `docs`. You -should always edit the documentation on a local branch of the `master` branch, -and send a PR against `master`. That way your fixes will automatically get -included in later releases, and docs maintainers can easily cherry-pick your -changes into the `docs` release branch. In the rare case where your change is -not forward-compatible, you may need to base your changes on the `docs` branch. +Additions and updates to upcoming releases are made in a feature branch off of +the `master` branch. The Docker maintainers also support a `docs` branch that +contains the last release of documentation. -Also, since there is a separate `docs` branch, we can keep -[http://docs.docker.com](http://docs.docker.com) up to date with any bugs found -between Docker code releases. +After a release, documentation updates are continually merged into `master` as +they occur. This work includes new documentation for forthcoming features, bug +fixes, and other updates. Docker's CI system automatically builds and updates +the `master` documentation after each merge and posts it to +[http://docs.master.dockerproject.com](http://docs.master.dockerproject.com). -## Publishing Documentation +Periodically, the Docker maintainers update `docs.docker.com` between official +releases of Docker. They do this by cherry-picking commits from `master`, +merging them into `docs`, and then publishing the result. -To publish a copy of the documentation you need to have Docker up and running on -your machine. You'll also need a `docs/awsconfig` file containing the settings -you need to access the AWS bucket you'll be deploying to. +In the rare case where a change is not forward-compatible, changes may be made +on other branches by special arrangement with the Docker maintainers. -The release script will create an s3 if needed, and will then push the files to it. +### Quickstart for documentation contributors - [profile dowideit-docs] - aws_access_key_id = IHOIUAHSIDH234rwf.... - aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... - region = ap-southeast-2 +If you are a new or beginner contributor, we encourage you to read through the +[our detailed contributors +guide](https://docs.docker.com/project/who-written-for/). The guide explains in +detail, with examples, how to contribute. If you are an experienced contributor +this quickstart should be enough to get you started. -The `profile` name must be the same as the name of the bucket you are deploying -to - which you call from the `docker` directory: +The following is the essential workflow for contributing to the documentation: - make AWS_S3_BUCKET=dowideit-docs docs-release +1. Fork the `docker/docker` repository. -This will publish _only_ to the `http://bucket-url/v1.2/` version of the -documentation. +2. Clone the repository to your local machine. -If you're publishing the current release's documentation, you need to -also update the root docs pages by running +3. Select an issue from `docker/docker` to work on or submit a proposal of your +own. - make AWS_S3_BUCKET=dowideit-docs BUILD_ROOT=yes docs-release +4. Create a feature branch from `master` in which to work. -> **Note:** -> if you are using Boot2Docker on OSX and the above command returns an error, -> `Post http:///var/run/docker.sock/build?rm=1&t=docker-docs%3Apost-1.2.0-docs_update-2: -> dial unix /var/run/docker.sock: no such file or directory', you need to set the Docker -> host. Run `eval "$(boot2docker shellinit)"` to see the correct variable to set. The command -> will return the full `export` command, so you can just cut and paste. + By basing from `master` your work is automatically included in the next + release. It also allows docs maintainers to easily cherry-pick your changes + into the `docs` release branch. + +4. Modify existing or add new `.md` files to the `docs/sources` directory. + + If you add a new document (`.md`) file, you must also add it to the + appropriate section of the `docs/mkdocs.yml` file in this repository. + + +5. As you work, build the documentation site locally to see your changes. + + The `docker/docker` repository contains a `Dockerfile` and a `Makefile`. + Together, these create a development environment in which you can build and + run a container running the Docker documentation website. To build the + documentation site, enter `make docs` at the root of your `docker/docker` + fork: + + $ make docs + .... (lots of output) .... + docker run --rm -it -e AWS_S3_BUCKET -p 8000:8000 "docker-docs:master" mkdocs serve + Running at: http://0.0.0.0:8000/ + Live reload enabled. + Hold ctrl+c to quit. + + + The build creates an image containing all the required tools, adds the local + `docs/` directory and generates the HTML files. Then, it runs a Docker + container with this image. + + The container exposes port 8000 on the localhost so that you can connect and + see your changes. If you are running Boot2Docker, use the `boot2docker ip` + to get the address of your server. + +6. Check your writing for style and mechanical errors. + + Use our [documentation style + guide](https://docs.docker.com/project/doc-style/) to check style. There are + several [good grammar and spelling online + checkers](http://www.hemingwayapp.com/) that can check your writing + mechanics. + +7. Squash your commits on your branch. + +8. Make a pull request from your fork back to Docker's `master` branch. + +9. Work with the reviewers until your change is approved and merged. + +### Debugging and testing + +If you have any issues you need to debug, you can use `make docs-shell` and then +run `mkdocs serve`. You can use `make docs-test` to generate a report of missing +links that are referenced in the documentation—there should be none. + +## Style guide + +If you have questions about how to write for Docker's documentation, please see +the [style guide](sources/project/doc-style.md). The style guide provides +guidance about grammar, syntax, formatting, styling, language, or tone. If +something isn't clear in the guide, please submit an issue to let us know or +submit a pull request to help us improve it. + + +## Publishing documentation (for Docker maintainers) + +To publish Docker's documentation you need to have Docker up and running on your +machine. You'll also need a `docs/awsconfig` file containing the settings you +need to access the AWS bucket you'll be deploying to. + +The process for publishing is to build first to an AWS bucket, verify the build, +and then publish the final release. + +1. Have Docker installed and running on your machine. + +2. Ask the core maintainers for the `awsconfig` file. + +3. Copy the `awsconfig` file to the `docs/` directory. + + The `awsconfig` file contains the profiles of the S3 buckets for our + documentation sites. (If needed, the release script creates an S3 bucket and + pushes the files to it.) Each profile has this format: + + [profile dowideit-docs] + aws_access_key_id = IHOIUAHSIDH234rwf.... + aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... + region = ap-southeast-2 + + The `profile` name must be the same as the name of the bucket you are + deploying to. + +4. Call the `make` from the `docker` directory. + + $ make AWS_S3_BUCKET=dowideit-docs docs-release + + This publishes _only_ to the `http://bucket-url/v1.2/` version of the + documentation. + +5. If you're publishing the current release's documentation, you need to also +update the root docs pages by running + + $ make AWS_S3_BUCKET=dowideit-docs BUILD_ROOT=yes docs-release + +### Errors publishing using Boot2Docker + +Sometimes, in a Boot2Docker environment, the publishing procedure returns this +error: + + Post http:///var/run/docker.sock/build?rm=1&t=docker-docs%3Apost-1.2.0-docs_update-2: + dial unix /var/run/docker.sock: no such file or directory. + +If this happens, set the Docker host. Run the following command to set the +variables in your shell: + + $ eval "$(boot2docker shellinit)" ## Cherry-picking documentation changes to update an existing release. -Whenever the core team makes a release, they publish the documentation based -on the `release` branch (which is copied into the `docs` branch). The -documentation team can make updates in the meantime, by cherry-picking changes -from `master` into any of the docs branches. +Whenever the core team makes a release, they publish the documentation based on +the `release` branch. At that time, the `release` branch is copied into the +`docs` branch. The documentation team makes updates between Docker releases by +cherry-picking changes from `master` into any of the documentation branches. +Typically, we cherry-pick into the `docs` branch. -For example, to update the current release's docs: +For example, to update the current release's docs, do the following: - git fetch upstream - git checkout -b post-1.2.0-docs-update-1 upstream/docs - # Then go through the Merge commit linked to PR's (making sure they apply - to that release) - # see https://github.com/docker/docker/commits/master - git cherry-pick -x fe845c4 - # Repeat until you have cherry picked everything you will propose to be merged - git push upstream post-1.2.0-docs-update-1 +1. Go to your `docker/docker` fork and get the latest from master. -Then make a pull request to merge into the `docs` branch, __NOT__ into master. + $ git fetch upstream + +2. Checkout a new branch based on `upstream/docs`. -Once the PR has the needed `LGTM`s, merge it, then publish to our beta server -to test: + You should give your new branch a descriptive name. - git fetch upstream - git checkout docs - git reset --hard upstream/docs - make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release + $ git checkout -b post-1.2.0-docs-update-1 upstream/docs + +3. In a browser window, open [https://github.com/docker/docker/commits/master]. -Then go to http://beta-docs.docker.io.s3-website-us-west-2.amazonaws.com/ -to view your results and make sure what you published is what you wanted. +4. Locate the merges you want to publish. -When you're happy with it, publish the docs to our live site: + You should only cherry-pick individual commits; do not cherry-pick merge + commits. To minimize merge conflicts, start with the oldest commit and work + your way forward in time. - make AWS_S3_BUCKET=docs.docker.com BUILD_ROOT=yes DISTRIBUTION_ID=C2K6......FL2F docs-release +5. Copy the commit SHA from GitHub. -Test the uncached version of the live docs at http://docs.docker.com.s3-website-us-east-1.amazonaws.com/ +6. Cherry-pick the commit. + + $ git cherry-pick -x fe845c4 + +7. Repeat until you have cherry-picked everything you want to merge. + +8. Push your changes to your fork. + + $ git push origin post-1.2.0-docs-update-1 + +9. Make a pull request to merge into the `docs` branch. + + Do __NOT__ merge into `master`. + +10. Have maintainers review your pull request. + +11. Once the PR has the needed "LGTMs", merge it on GitHub. + +12. Return to your local fork and make sure you are still on the `docs` branch. + + $ git checkout docs + +13. Fetch your merged pull request from `docs`. + + $ git fetch upstream/docs + +14. Ensure your branch is clean and set to the latest. + + $ git reset --hard upstream/docs -Note that the new docs will not appear live on the site until the cache (a complex, -distributed CDN system) is flushed. The `make docs-release` command will do this -_if_ the `DISTRIBUTION_ID` is set to the Cloudfront distribution ID (ask the meta -team) - this will take at least 15 minutes to run and you can check its progress -with the CDN Cloudfront Chrome addin. +15. Copy the `awsconfig` file into the `docs` directory. + +16. Make the beta documentation + + $ make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release + +17. Open [the beta +website](http://beta-docs.docker.io.s3-website-us-west-2.amazonaws.com/) site +and make sure what you published is correct. + +19. When you're happy with your content, publish the docs to our live site: + + $ make AWS_S3_BUCKET=docs.docker.com BUILD_ROOT=yes +DISTRIBUTION_ID=C2K6......FL2F docs-release + +20. Test the uncached version of the live docs at [http://docs.docker.com.s3-website-us-east-1.amazonaws.com/] + + +### Caching and the docs + +New docs do not appear live on the site until the cache (a complex, distributed +CDN system) is flushed. The `make docs-release` command flushes the cache _if_ +the `DISTRIBUTION_ID` is set to the Cloudfront distribution ID. The cache flush +can take at least 15 minutes to run and you can check its progress with the CDN +Cloudfront Purge Tool Chrome app. ## Removing files from the docs.docker.com site From f672cb24cbd9e8dd6406f32e4a2f773f8b45e2fa Mon Sep 17 00:00:00 2001 From: Lloyd Dewolf Date: Thu, 19 Mar 2015 12:41:06 -0700 Subject: [PATCH 0538/2538] doc: reference/run introduce -it . Also: - Fix "docker" cmd always "sudo docker" for docs. - Fix "-ti" with "-it". - fix "/docker" typo. Signed-off-by: Lloyd Dewolf --- docs/sources/reference/run.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 052a35823e..3c9c6a68d6 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -102,9 +102,10 @@ specify to which of the three standard streams (`STDIN`, `STDOUT`, $ sudo docker run -a stdin -a stdout -i -t ubuntu /bin/bash For interactive processes (like a shell), you must use `-i -t` together in -order to allocate a tty for the container process. Specifying `-t` is however -forbidden when the client standard output is redirected or pipe, such as in: -`echo test | docker run -i busybox cat`. +order to allocate a tty for the container process. `-i -t` is often written `-it` +as you'll see in later examples. Specifying `-t` is forbidden when the client +standard output is redirected or piped, such as in: +`echo test | sudo docker run -i busybox cat`. ## Container identification @@ -289,7 +290,7 @@ running the `redis-cli` command and connecting to the Redis server over the $ sudo docker run -d --name redis example/redis --bind 127.0.0.1 $ # use the redis container's network stack to access localhost - $ sudo docker run --rm -ti --net container:redis example/redis-cli -h 127.0.0.1 + $ sudo docker run --rm -it --net container:redis example/redis-cli -h 127.0.0.1 ### Managing /etc/hosts @@ -297,7 +298,7 @@ Your container will have lines in `/etc/hosts` which define the hostname of the container itself as well as `localhost` and a few other common things. The `--add-host` flag can be used to add additional lines to `/etc/hosts`. - $ /docker run -ti --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts + $ sudo docker run -it --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts 172.17.0.22 09d03f76bf2c fe00::0 ip6-localnet ff00::0 ip6-mcastprefix From e9942aeb8a44cf0ff6e3d183e6b07e0452fe7ec9 Mon Sep 17 00:00:00 2001 From: Peter Waller Date: Tue, 10 Mar 2015 22:10:00 +0000 Subject: [PATCH 0539/2538] Implement build cancellation Add the capability to cancel the build by disconnecting the client. This adds a `cancelled` channel which is used to signal that a build should halt. The build is halted by sending a Kill signal and noticing that the cancellation channel is closed. This first pass implementation does not allow cancellation during a pull, but that will come in a subsequent PR. * Add documentation of cancellation to cli and API * Protect job cancellation with sync.Once * Add TestBuildCancelationKillsSleep * Add test case for build cancellation of RUN statements. Signed-off-by: Peter Waller --- docs/sources/reference/commandline/cli.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 93be377baf..6c3eb1c8dd 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -599,6 +599,12 @@ in cases where the same set of files are used for multiple builds. The path must be to a file within the build context. If a relative path is specified then it must to be relative to the current directory. +If the Docker client loses connection to the daemon, the build is canceled. +This happens if you interrupt the Docker client with `ctrl-c` or if the Docker +client is killed for any reason. + +> **Note:** Currently only the "run" phase of the build can be canceled until +> pull cancelation is implemented). See also: From f32b6eb23cb9e10301ecee673de2c52ac6d6b146 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 28 Jan 2015 18:28:48 -0800 Subject: [PATCH 0540/2538] Fix some escaping around env var processing Clarify in the docs that ENV is not recursive Closes #10391 Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 6955d31e0e..9e56abf639 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -146,6 +146,17 @@ The instructions that handle environment variables in the `Dockerfile` are: `ONBUILD` instructions are **NOT** supported for environment replacement, even the instructions above. +Environment variable subtitution will use the same value for each variable +throughout the entire command. In other words, in this example: + + ENV abc=hello + ENV abc=bye def=$abc + ENV ghi=$abc + +will result in `def` having a value of `hello`, not `bye`. However, +`ghi` will have a value of `bye` because it is not part of the same command +that set `abc` to `bye`. + ## The `.dockerignore` file If a file named `.dockerignore` exists in the source repository, then it From 72bb8565650ba7b35c4af199d0963c6eb827ef18 Mon Sep 17 00:00:00 2001 From: sidharthamani Date: Mon, 9 Mar 2015 11:40:57 -0700 Subject: [PATCH 0541/2538] add syslog driver Signed-off-by: wlan0 --- docs/sources/reference/run.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 3c9c6a68d6..5a466461e6 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -657,6 +657,11 @@ this driver. Default logging driver for Docker. Writes JSON messages to file. `docker logs` command is available only for this logging driver +## Logging driver: syslog + +Syslog logging driver for Docker. Writes log messages to syslog. `docker logs` +command is not available for this logging driver + ## Overriding Dockerfile image defaults When a developer builds an image from a [*Dockerfile*](/reference/builder) From fc2a7eea915b6e6647e2b1e2591a7bac05445a9a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 18 Mar 2015 18:10:51 +0100 Subject: [PATCH 0542/2538] restrict bash completion for hostdir arg to directories The previous state assumed that the HOSTPATH argument referred to a file. As clarified by moxiegirl in PR #11305, it is a directory. Adjusted completion to reflect this. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 115cc15b39..ca874bc10c 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -325,7 +325,7 @@ _docker_cp() { (( counter++ )) if [ $cword -eq $counter ]; then - _filedir + _filedir -d return fi ;; From 886b571641ba327115e40c61213dcf61888c2443 Mon Sep 17 00:00:00 2001 From: Natalie Parker Date: Mon, 23 Mar 2015 20:15:29 +0000 Subject: [PATCH 0543/2538] Added missing code example in the RM command reference of command to delete all stopped containers Signed-off-by: Natalie Parker --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6c3eb1c8dd..30a8a6b42c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1661,6 +1661,8 @@ containers removing all network communication. The main process inside the container referenced under the link `/redis` will receive `SIGKILL`, then the container will be removed. + $ docker rm $(docker ps -a -q) + This command will delete all stopped containers. The command `docker ps -a -q` will return all existing container IDs and pass them to the `rm` command which will delete them. Any running containers will not be From 653fdbc2f8c855f3ce1de3ef12288665413c3697 Mon Sep 17 00:00:00 2001 From: jimmyxian Date: Tue, 17 Mar 2015 19:37:25 +0800 Subject: [PATCH 0544/2538] fix docker ps help message Signed-off-by: Xian Chaobo --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 30a8a6b42c..bdd3a7ead9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1554,6 +1554,8 @@ The filtering flag (`-f` or `--filter)` format is a `key=value` pair. If there i than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) Current filters: + * id (container's id) + * name (container's name) * exited (int - the code of exited containers. Only useful with '--all') * status (restarting|running|paused|exited) From 1f934f1094329be36008a63ba5f31b0b9fb4a31d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Martins?= Date: Tue, 10 Feb 2015 14:57:41 +0000 Subject: [PATCH 0545/2538] Dealing with trailing whitespaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Created a validation that detects all trailing whitespaces from every text file that isn't *.go, *.md, vendor/*, docs/theme/mkdocs/tipuesearch* Removed trailing whitespaces from every text file except from vendor/* builder/parser/testfiles*, docs/theme/mkdocs/tipuesearch* and *.md Signed-off-by: André Martins --- contrib/completion/bash/docker | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ca874bc10c..35dd4d8980 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -22,7 +22,7 @@ # must have access to the socket for the completions to function correctly # # Note for developers: -# Please arrange options sorted alphabetically by long name with the short +# Please arrange options sorted alphabetically by long name with the short # options immediately following their corresponding long form. # This order should be applied to lists, alternatives and code blocks. @@ -257,8 +257,8 @@ _docker_build() { ;; --file|-f) _filedir - return - ;; + return + ;; esac case "$cur" in From 645b49d05b90a28640ec68c3af366adff456e7d5 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Tue, 24 Mar 2015 13:45:16 +0800 Subject: [PATCH 0546/2538] docs: add memory and swap memory usage examples fix: https://github.com/docker/docker/issues/11629 Signed-off-by: Qiang Huang --- docs/sources/reference/run.md | 45 +++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 5a466461e6..dc7bdcff84 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -427,23 +427,23 @@ the `--security-opt` flag. For example, you can specify the MCS/MLS level, a requirement for MLS systems. Specifying the level in the following command allows you to share the same content between containers. - # docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash + $ sudo docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash An MLS example might be: - # docker run --security-opt label:level:TopSecret -i -t rhel7 bash + $ sudo docker run --security-opt label:level:TopSecret -i -t rhel7 bash To disable the security labeling for this container versus running with the `--permissive` flag, use the following command: - # docker run --security-opt label:disable -i -t fedora bash + $ sudo docker run --security-opt label:disable -i -t fedora bash If you want a tighter security policy on the processes within a container, you can specify an alternate type for the container. You could run a container that is only allowed to listen on Apache ports by executing the following command: - # docker run --security-opt label:type:svirt_apache_t -i -t centos bash + $ sudo docker run --security-opt label:type:svirt_apache_t -i -t centos bash Note: @@ -456,7 +456,7 @@ container: -m="": Memory limit (format: , where unit = b, k, m or g) -memory-swap="": Total memory limit (memory + swap, format: , where unit = b, k, m or g) - -c, --cpu-shares=0 CPU shares (relative weight) + -c, --cpu-shares=0: CPU shares (relative weight) ### Memory constraints @@ -508,6 +508,31 @@ We have four ways to set memory usage: +Examples: + + $ sudo docker run -ti ubuntu:14.04 /bin/bash + +We set nothing about memory, this means the processes in the container can use +as much memory and swap memory as they need. + + $ sudo docker run -ti -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash + +We set memory limit and disabled swap memory limit, this means the processes in +the container can use 300M memory and as much swap memory as they need (if the +host supports swap memory). + + $ sudo docker run -ti -m 300M ubuntu:14.04 /bin/bash + +We set memory limit only, this means the processes in the container can use +300M memory and 300M swap memory, by default, the total virtual memory size +(--memory-swap) will be set as double of memory, in this case, memory + swap +would be 2*300M, so processes can use 300M swap memory as well. + + $ sudo docker run -ti -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash + +We set both memory and swap memory, so the processes in the container can use +300M memory and 700M swap memory. + ### CPU share constraint By default, all containers get the same proportion of CPU cycles. This proportion @@ -599,18 +624,18 @@ operator wants to have all capabilities but `MKNOD` they could use: For interacting with the network stack, instead of using `--privileged` they should use `--cap-add=NET_ADMIN` to modify the network interfaces. - $ docker run -t -i --rm ubuntu:14.04 ip link add dummy0 type dummy + $ sudo docker run -t -i --rm ubuntu:14.04 ip link add dummy0 type dummy RTNETLINK answers: Operation not permitted - $ docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy + $ sudo docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy To mount a FUSE based filesystem, you need to combine both `--cap-add` and `--device`: - $ docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt + $ sudo docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt fuse: failed to open /dev/fuse: Operation not permitted - $ docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt + $ sudo docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt fusermount: mount failed: Operation not permitted - $ docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs + $ sudo docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs # sshfs sven@10.10.10.20:/home/sven /mnt The authenticity of host '10.10.10.20 (10.10.10.20)' can't be established. ECDSA key fingerprint is 25:34:85:75:25:b0:17:46:05:19:04:93:b5:dd:5f:c6. From 7618ff84f88afab6d269a7d62defd7088dd3c121 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Tue, 24 Mar 2015 18:48:08 +0800 Subject: [PATCH 0547/2538] add cpuset and examples to run.md Signed-off-by: Qiang Huang --- docs/sources/reference/run.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index dc7bdcff84..3023da69c9 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -449,14 +449,15 @@ Note: You would have to write policy defining a `svirt_apache_t` type. -## Runtime constraints on CPU and memory +## Runtime constraints on resources The operator can also adjust the performance parameters of the container: - -m="": Memory limit (format: , where unit = b, k, m or g) + -m, --memory="": Memory limit (format: , where unit = b, k, m or g) -memory-swap="": Total memory limit (memory + swap, format: , where unit = b, k, m or g) -c, --cpu-shares=0: CPU shares (relative weight) + --cpuset-cpus="": CPUs in which to allow execution (0-3, 0,1) ### Memory constraints @@ -568,6 +569,20 @@ division of CPU shares: 101 {C1} 1 100% of CPU1 102 {C1} 2 100% of CPU2 +### Cpuset constraint + +We can set cpus in which to allow execution for containers. + +Examples: + + $ sudo docker run -ti --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash + +This means processes in container can be executed on cpu 1 and cpu 3. + + $ sudo docker run -ti --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash + +This means processes in container can be executed on cpu 0, cpu 1 and cpu 2. + ## Runtime privilege, Linux capabilities, and LXC configuration --cap-add: Add Linux capabilities From d25b8ec29765cea1b43e76a529ea67e2b7bfc3a9 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Tue, 24 Mar 2015 10:08:37 -0700 Subject: [PATCH 0548/2538] Add some info about what environment variables are available Having the list in one spot makes it easier for people to see what's avaiable instead of having to scan all of the docs and extract the info. Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 40 ++++++++++++++++++----- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index bdd3a7ead9..6d39d4541f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -17,6 +17,30 @@ or execute `docker help`: ... +## Environment Variables + +For easy reference, the following list of environment variables are supported +by the `docker` command line: + +* `DOCKER_CERT_PATH` The location of your authentication keys. +* `DOCKER_DRIVER` The graph driver to use. +* `DOCKER_HOST` Daemon socket to connect to. +* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is unsuitable for Docker. +* `DOCKER_RAMDISK` If set this will disable 'pivot_root'. +* `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote. +* `DOCKER_TMPDIR` Location for temporary Docker files. + +Because Docker is developed using 'Go', you can also use any environment +variables used by the 'Go' runtime. In particular, you may find these useful: + +* `HTTP_PROXY` +* `HTTPS_PROXY` +* `NO_PROXY` + +These Go environment variables are case-insensitive. See the +[Go specification](http://golang.org/pkg/net/http/) for details on these +variables. + ## Help To list the help on any command just execute the command, followed by the `--help` option. @@ -539,7 +563,7 @@ Instead of specifying a context, you can pass a single Dockerfile in the docker build - < Dockerfile If you use STDIN or specify a `URL`, the system places the contents into a -file called `Dockerfile`, and any `-f`, `--file` option is ignored. In this +file called `Dockerfile`, and any `-f`, `--file` option is ignored. In this scenario, there is no context. ### Return code @@ -795,7 +819,7 @@ relative to the root of the container's filesystem. Usage: docker cp CONTAINER:PATH HOSTDIR|- - Copy files/folders from the PATH to the HOSTDIR. + Copy files/folders from the PATH to the HOSTDIR. ## create @@ -1530,7 +1554,7 @@ just a specific mapping: --before="" Show only container created before Id or Name -f, --filter=[] Filter output based on conditions provided -l, --latest=false Show the latest created container, include non-running - -n=-1 Show n last created containers, include non-running + -n=-1 Show n last created containers, include non-running --no-trunc=false Don't truncate output -q, --quiet=false Only display numeric IDs -s, --size=false Display total file sizes @@ -1950,7 +1974,7 @@ format: com.example.label2=another\ label com.example.label3 -You can load multiple label-files by supplying multiple `--label-file` flags. +You can load multiple label-files by supplying multiple `--label-file` flags. For additional information on working with labels, see [*Labels - custom metadata in Docker*](/userguide/labels-custom-metadata/) in the Docker User @@ -2064,7 +2088,7 @@ application change: #### Restart Policies -Use Docker's `--restart` to specify a container's *restart policy*. A restart +Use Docker's `--restart` to specify a container's *restart policy*. A restart policy controls whether the Docker daemon restarts a container after exit. Docker supports the following restart policies: @@ -2079,7 +2103,7 @@ Docker supports the following restart policies: no - Do not automatically restart the container when it exits. This is the + Do not automatically restart the container when it exits. This is the default. @@ -2091,7 +2115,7 @@ Docker supports the following restart policies: Restart only if the container exits with a non-zero exit status. - Optionally, limit the number of restart retries the Docker + Optionally, limit the number of restart retries the Docker daemon attempts. @@ -2111,7 +2135,7 @@ Docker supports the following restart policies: This will run the `redis` container with a restart policy of **always** so that if the container exits, Docker will restart it. -More detailed information on restart policies can be found in the +More detailed information on restart policies can be found in the [Restart Policies (--restart)](/reference/run/#restart-policies-restart) section of the Docker run reference page. From 3574eda4c1b0ad509d7fc4a3368b16efed653402 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Wed, 25 Mar 2015 09:56:49 -0600 Subject: [PATCH 0549/2538] Revert "Dealing with trailing whitespaces" The validation script from #10681 is too pedantic, and does not handle well situations like: ``` cat < --- contrib/completion/bash/docker | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 35dd4d8980..ca874bc10c 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -22,7 +22,7 @@ # must have access to the socket for the completions to function correctly # # Note for developers: -# Please arrange options sorted alphabetically by long name with the short +# Please arrange options sorted alphabetically by long name with the short # options immediately following their corresponding long form. # This order should be applied to lists, alternatives and code blocks. @@ -257,8 +257,8 @@ _docker_build() { ;; --file|-f) _filedir - return - ;; + return + ;; esac case "$cur" in From 1bca003519163812efcad4a1062595117ae7de31 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Wed, 25 Mar 2015 13:38:17 -0400 Subject: [PATCH 0550/2538] .: remove trailing white spaces blame tibor this one ;-) ``` find . -type f -not -name '*.png' -not -name '*.go' -not -name '*.md' -not -name '*.tar' -not -name '*.pem' -not -path './vendor/*' -not -path './.git/*' -not -path '*/testdata/*' -not -path './docs/*images*' -not -path '*/testfiles/*' -not -path './bundles/*' -not -path './docs/*static*/*' -not -path './docs/*article-img/*' -exec grep -HnEl '[[:space:]]$' {} \; | xargs sed -iE 's/[[:space:]]*$//' ``` Signed-off-by: Vincent Batts --- contrib/completion/bash/docker | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ca874bc10c..35dd4d8980 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -22,7 +22,7 @@ # must have access to the socket for the completions to function correctly # # Note for developers: -# Please arrange options sorted alphabetically by long name with the short +# Please arrange options sorted alphabetically by long name with the short # options immediately following their corresponding long form. # This order should be applied to lists, alternatives and code blocks. @@ -257,8 +257,8 @@ _docker_build() { ;; --file|-f) _filedir - return - ;; + return + ;; esac case "$cur" in From bce6adadff4ba22c9821dc5c43f89e3ec211adce Mon Sep 17 00:00:00 2001 From: Ankush Agarwal Date: Wed, 25 Mar 2015 11:01:52 -0700 Subject: [PATCH 0551/2538] Rename Fds to File Descriptors in docker info This makes the docker info more readable. Also change a log line in a test file renaming Fds Signed-off-by: Ankush Agarwal --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 6d39d4541f..a6c1990d02 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1333,7 +1333,7 @@ For example: Total Memory: 2 GiB Debug mode (server): false Debug mode (client): true - Fds: 10 + File Descriptors: 10 Goroutines: 9 System Time: Tue Mar 10 18:38:57 UTC 2015 EventsListeners: 0 From c4323175d9d3ca9073b141cce5b2156af1312db9 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Wed, 25 Mar 2015 07:48:35 -0700 Subject: [PATCH 0552/2538] Removing sudo from examples We now have instructions in our Unix installs about setting up docker group to avoid sudo. Also, Mac/Windows shouldn't use sudo. So, I've removed sudo from our examples and added a section at the top reminding them that if they have to use sudo to run docker they can change that. Signed-off-by: Mary Anthony --- docs/sources/reference/run.md | 116 ++++++++++++++++++---------------- 1 file changed, 60 insertions(+), 56 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 3023da69c9..b1d0e92bd1 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -24,26 +24,30 @@ other `docker` command. The basic `docker run` command takes this form: - $ sudo docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] + $ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] To learn how to interpret the types of `[OPTIONS]`, see [*Option types*](/reference/commandline/cli/#option-types). -The list of `[OPTIONS]` breaks down into two groups: +The `run` options control the image's runtime behavior in a container. These +settings affect: -1. Settings exclusive to operators, including: - * Detached or Foreground running, - * Container Identification, - * Network settings, and - * Runtime Constraints on CPU and Memory - * Privileges and LXC Configuration -2. Settings shared between operators and developers, where operators can - override defaults developers set in images at build time. + * detached or foreground running + * container identification + * network settings + * runtime constraints on CPU and memory + * privileges and LXC configuration + +An image developer may set defaults for these same settings when they create the +image using the `docker build` command. Operators, however, can override all +defaults set by the developer using the `run` options. And, operators can also +override nearly all the defaults set by the Docker runtime itself. -Together, the `docker run [OPTIONS]` give the operator complete control over runtime -behavior, allowing them to override all defaults set by -the developer during `docker build` and nearly all the defaults set by -the Docker runtime itself. +Finally, depending on your Docker system configuration, you may be required to +preface each `docker` command with `sudo`. To avoid having to use `sudo` with +the `docker` command, your system administrator can create a Unix group called +`docker` and add users to it. For more information about this configuration, +refer to the Docker installation documentation for your operating system. ## Operator exclusive options @@ -99,13 +103,13 @@ streams]( https://github.com/docker/docker/blob/ specify to which of the three standard streams (`STDIN`, `STDOUT`, `STDERR`) you'd like to connect instead, as in: - $ sudo docker run -a stdin -a stdout -i -t ubuntu /bin/bash + $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash For interactive processes (like a shell), you must use `-i -t` together in order to allocate a tty for the container process. `-i -t` is often written `-it` as you'll see in later examples. Specifying `-t` is forbidden when the client standard output is redirected or piped, such as in: -`echo test | sudo docker run -i busybox cat`. +`echo test | docker run -i busybox cat`. ## Container identification @@ -163,7 +167,7 @@ on the system. For example, you could build a container with debugging tools like `strace` or `gdb`, but want to use these tools when debugging processes within the container. - $ sudo docker run --pid=host rhel7 strace -p 1234 + $ docker run --pid=host rhel7 strace -p 1234 This command would allow you to use `strace` inside the container on pid 1234 on the host. @@ -288,9 +292,9 @@ Example running a Redis container with Redis binding to `localhost` then running the `redis-cli` command and connecting to the Redis server over the `localhost` interface. - $ sudo docker run -d --name redis example/redis --bind 127.0.0.1 + $ docker run -d --name redis example/redis --bind 127.0.0.1 $ # use the redis container's network stack to access localhost - $ sudo docker run --rm -it --net container:redis example/redis-cli -h 127.0.0.1 + $ docker run --rm -it --net container:redis example/redis-cli -h 127.0.0.1 ### Managing /etc/hosts @@ -298,7 +302,7 @@ Your container will have lines in `/etc/hosts` which define the hostname of the container itself as well as `localhost` and a few other common things. The `--add-host` flag can be used to add additional lines to `/etc/hosts`. - $ sudo docker run -it --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts + $ docker run -it --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts 172.17.0.22 09d03f76bf2c fe00::0 ip6-localnet ff00::0 ip6-mcastprefix @@ -374,7 +378,7 @@ for a container can be obtained via [`docker inspect`]( /reference/commandline/cli/#inspect). For example, to get the number of restarts for container "my-container"; - $ sudo docker inspect -f "{{ .RestartCount }}" my-container + $ docker inspect -f "{{ .RestartCount }}" my-container # 2 Or, to get the last time the container was (re)started; @@ -388,12 +392,12 @@ results in an error. ###Examples - $ sudo docker run --restart=always redis + $ docker run --restart=always redis This will run the `redis` container with a restart policy of **always** so that if the container exits, Docker will restart it. - $ sudo docker run --restart=on-failure:10 redis + $ docker run --restart=on-failure:10 redis This will run the `redis` container with a restart policy of **on-failure** and a maximum restart count of 10. If the `redis` container exits with a @@ -427,23 +431,23 @@ the `--security-opt` flag. For example, you can specify the MCS/MLS level, a requirement for MLS systems. Specifying the level in the following command allows you to share the same content between containers. - $ sudo docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash + $ docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash An MLS example might be: - $ sudo docker run --security-opt label:level:TopSecret -i -t rhel7 bash + $ docker run --security-opt label:level:TopSecret -i -t rhel7 bash To disable the security labeling for this container versus running with the `--permissive` flag, use the following command: - $ sudo docker run --security-opt label:disable -i -t fedora bash + $ docker run --security-opt label:disable -i -t fedora bash If you want a tighter security policy on the processes within a container, you can specify an alternate type for the container. You could run a container that is only allowed to listen on Apache ports by executing the following command: - $ sudo docker run --security-opt label:type:svirt_apache_t -i -t centos bash + $ docker run --security-opt label:type:svirt_apache_t -i -t centos bash Note: @@ -511,25 +515,25 @@ We have four ways to set memory usage: Examples: - $ sudo docker run -ti ubuntu:14.04 /bin/bash + $ docker run -ti ubuntu:14.04 /bin/bash We set nothing about memory, this means the processes in the container can use as much memory and swap memory as they need. - $ sudo docker run -ti -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash + $ docker run -ti -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash We set memory limit and disabled swap memory limit, this means the processes in the container can use 300M memory and as much swap memory as they need (if the host supports swap memory). - $ sudo docker run -ti -m 300M ubuntu:14.04 /bin/bash + $ docker run -ti -m 300M ubuntu:14.04 /bin/bash We set memory limit only, this means the processes in the container can use 300M memory and 300M swap memory, by default, the total virtual memory size (--memory-swap) will be set as double of memory, in this case, memory + swap would be 2*300M, so processes can use 300M swap memory as well. - $ sudo docker run -ti -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash + $ docker run -ti -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash We set both memory and swap memory, so the processes in the container can use 300M memory and 700M swap memory. @@ -575,11 +579,11 @@ We can set cpus in which to allow execution for containers. Examples: - $ sudo docker run -ti --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash + $ docker run -ti --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash This means processes in container can be executed on cpu 1 and cpu 3. - $ sudo docker run -ti --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash + $ docker run -ti --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash This means processes in container can be executed on cpu 0, cpu 1 and cpu 2. @@ -610,23 +614,23 @@ If you want to limit access to a specific device or devices you can use the `--device` flag. It allows you to specify one or more devices that will be accessible within the container. - $ sudo docker run --device=/dev/snd:/dev/snd ... + $ docker run --device=/dev/snd:/dev/snd ... By default, the container will be able to `read`, `write`, and `mknod` these devices. This can be overridden using a third `:rwm` set of options to each `--device` flag: - $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc Command (m for help): q - $ sudo docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc You will not be able to write the partition table. Command (m for help): q - $ sudo docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc:w --rm -it ubuntu fdisk /dev/xvdc crash.... - $ sudo docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc fdisk: unable to open /dev/xvdc: Operation not permitted In addition to `--privileged`, the operator can have fine grain control over the @@ -634,23 +638,23 @@ capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a defaul list of capabilities that are kept. Both flags support the value `all`, so if the operator wants to have all capabilities but `MKNOD` they could use: - $ sudo docker run --cap-add=ALL --cap-drop=MKNOD ... + $ docker run --cap-add=ALL --cap-drop=MKNOD ... For interacting with the network stack, instead of using `--privileged` they should use `--cap-add=NET_ADMIN` to modify the network interfaces. - $ sudo docker run -t -i --rm ubuntu:14.04 ip link add dummy0 type dummy + $ docker run -t -i --rm ubuntu:14.04 ip link add dummy0 type dummy RTNETLINK answers: Operation not permitted - $ sudo docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy + $ docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy To mount a FUSE based filesystem, you need to combine both `--cap-add` and `--device`: - $ sudo docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt + $ docker run --rm -it --cap-add SYS_ADMIN sshfs sshfs sven@10.10.10.20:/home/sven /mnt fuse: failed to open /dev/fuse: Operation not permitted - $ sudo docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt + $ docker run --rm -it --device /dev/fuse sshfs sshfs sven@10.10.10.20:/home/sven /mnt fusermount: mount failed: Operation not permitted - $ sudo docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs + $ docker run --rm -it --cap-add SYS_ADMIN --device /dev/fuse sshfs # sshfs sven@10.10.10.20:/home/sven /mnt The authenticity of host '10.10.10.20 (10.10.10.20)' can't be established. ECDSA key fingerprint is 25:34:85:75:25:b0:17:46:05:19:04:93:b5:dd:5f:c6. @@ -727,7 +731,7 @@ Dockerfile instruction and how the operator can override that setting. Recall the optional `COMMAND` in the Docker commandline: - $ sudo docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] + $ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] This command is optional because the person who created the `IMAGE` may have already provided a default `COMMAND` using the Dockerfile `CMD` @@ -754,12 +758,12 @@ runtime by using a string to specify the new `ENTRYPOINT`. Here is an example of how to run a shell in a container that has been set up to automatically run something else (like `/usr/bin/redis-server`): - $ sudo docker run -i -t --entrypoint /bin/bash example/redis + $ docker run -i -t --entrypoint /bin/bash example/redis or two examples of how to pass more parameters to that ENTRYPOINT: - $ sudo docker run -i -t --entrypoint /bin/bash example/redis -c ls -l - $ sudo docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help + $ docker run -i -t --entrypoint /bin/bash example/redis -c ls -l + $ docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help ## EXPOSE (incoming ports) @@ -846,7 +850,7 @@ Additionally, the operator can **set any environment variable** in the container by using one or more `-e` flags, even overriding those mentioned above, or already defined by the developer with a Dockerfile `ENV`: - $ sudo docker run -e "deep=purple" --rm ubuntu /bin/bash -c export + $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export declare -x HOME="/" declare -x HOSTNAME="85bc26a0e200" declare -x OLDPWD @@ -864,23 +868,23 @@ information for connecting to the service container. Let's imagine we have a container running Redis: # Start the service container, named redis-name - $ sudo docker run -d --name redis-name dockerfiles/redis + $ docker run -d --name redis-name dockerfiles/redis 4241164edf6f5aca5b0e9e4c9eccd899b0b8080c64c0cd26efe02166c73208f3 # The redis-name container exposed port 6379 - $ sudo docker ps + $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4241164edf6f $ dockerfiles/redis:latest /redis-stable/src/re 5 seconds ago Up 4 seconds 6379/tcp redis-name # Note that there are no public ports exposed since we didn᾿t use -p or -P - $ sudo docker port 4241164edf6f 6379 + $ docker port 4241164edf6f 6379 2014/01/25 00:55:38 Error: No public port '6379' published for 4241164edf6f Yet we can get information about the Redis container's exposed ports with `--link`. Choose an alias that will form a valid environment variable! - $ sudo docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export + $ docker run --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c export declare -x HOME="/" declare -x HOSTNAME="acda7f7b1cdc" declare -x OLDPWD @@ -897,15 +901,15 @@ valid environment variable! And we can use that information to connect from another container as a client: - $ sudo docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' + $ docker run -i -t --rm --link redis-name:redis_alias --entrypoint /bin/bash dockerfiles/redis -c '/redis-stable/src/redis-cli -h $REDIS_ALIAS_PORT_6379_TCP_ADDR -p $REDIS_ALIAS_PORT_6379_TCP_PORT' 172.17.0.32:6379> Docker will also map the private IP address to the alias of a linked container by inserting an entry into `/etc/hosts`. You can use this mechanism to communicate with a linked container by its alias: - $ sudo docker run -d --name servicename busybox sleep 30 - $ sudo docker run -i -t --link servicename:servicealias busybox ping -c 1 servicealias + $ docker run -d --name servicename busybox sleep 30 + $ docker run -i -t --link servicename:servicealias busybox ping -c 1 servicealias If you restart the source container (`servicename` in this case), the recipient container's `/etc/hosts` entry will be automatically updated. From fb7eb87b94d21018589bf0835ea4f08b544c1c93 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Thu, 26 Mar 2015 11:12:37 -0700 Subject: [PATCH 0553/2538] Removing sudo from command line examples We now advise people to configure docker group and add to sudo. Mac shouldn't use sudo. Removed sudo from command examples. Left in installation to be removed in installation doc sweep -- removing requires finer grain control. Signed-off-by: Mary Anthony --- docs/sources/reference/builder.md | 10 +- docs/sources/reference/commandline/cli.md | 307 +++++++++++----------- 2 files changed, 162 insertions(+), 155 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 9e56abf639..46d0e21e88 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -26,7 +26,7 @@ This file will describe the steps to assemble the image. Then call `docker build` with the path of your source repository as the argument (for example, `.`): - $ sudo docker build . + $ docker build . The path to the source repository defines where to find the *context* of the build. The build is run by the Docker daemon, not by the CLI, so the @@ -49,7 +49,7 @@ directory. You can specify a repository and tag at which to save the new image if the build succeeds: - $ sudo docker build -t shykes/myapp . + $ docker build -t shykes/myapp . The Docker daemon will run your steps one-by-one, committing the result to a new image if necessary, before finally outputting the ID of your @@ -65,7 +65,7 @@ accelerating `docker build` significantly (indicated by `Using cache` - see the [`Dockerfile` Best Practices guide](/articles/dockerfile_best-practices/#build-cache) for more information): - $ sudo docker build -t SvenDowideit/ambassador . + $ docker build -t SvenDowideit/ambassador . Uploading context 10.24 kB Uploading context Step 1 : FROM docker-ut @@ -175,7 +175,7 @@ The following example shows the use of the `.dockerignore` file to exclude the `.git` directory from the context. Its effect can be seen in the changed size of the uploaded context. - $ sudo docker build . + $ docker build . Uploading context 18.829 MB Uploading context Step 0 : FROM busybox @@ -185,7 +185,7 @@ the uploaded context. ---> 99cc1ad10469 Successfully built 99cc1ad10469 $ echo ".git" > .dockerignore - $ sudo docker build . + $ docker build . Uploading context 6.76 MB Uploading context Step 0 : FROM busybox diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a6c1990d02..e6f09a0785 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -9,13 +9,20 @@ page_keywords: Docker, Docker documentation, CLI, command line To list available commands, either run `docker` with no parameters or execute `docker help`: - $ sudo docker + $ docker Usage: docker [OPTIONS] COMMAND [arg...] -H, --host=[]: The socket(s) to bind to in daemon mode, specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. A self-sufficient runtime for Linux containers. ... +Depending on your Docker system configuration, you may be required +to preface each `docker` command with `sudo`. To avoid having to use `sudo` with +the `docker` command, your system administrator can create a Unix group called +`docker` and add users to it. + +For more information about installing Docker or `sudo` configuration, refer to +the [installation](/installation) instructions for your operating system. ## Environment Variables @@ -44,7 +51,7 @@ variables. ## Help To list the help on any command just execute the command, followed by the `--help` option. - $ sudo docker run --help + $ docker run --help Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] @@ -79,11 +86,11 @@ be set to the non-default value by explicitly setting them to `false`: Options like `-a=[]` indicate they can be specified multiple times: - $ sudo docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash + $ docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash Sometimes this can use a more complex value string, as for `-v`: - $ sudo docker run -v /host:/container example/mysql + $ docker run -v /host:/container example/mysql ### Strings and Integers @@ -184,19 +191,19 @@ time using multiple `-H` options: The Docker client will honor the `DOCKER_HOST` environment variable to set the `-H` flag for the client. - $ sudo docker -H tcp://0.0.0.0:2375 ps + $ docker -H tcp://0.0.0.0:2375 ps # or $ export DOCKER_HOST="tcp://0.0.0.0:2375" - $ sudo docker ps + $ docker ps # both are equal Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than the empty string is equivalent to setting the `--tlsverify` flag. The following are equivalent: - $ sudo docker --tlsverify ps + $ docker --tlsverify ps # or $ export DOCKER_TLS_VERIFY=1 - $ sudo docker ps + $ docker ps The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes @@ -260,7 +267,7 @@ Currently supported options are: Example use: - $ sudo docker -d --storage-opt dm.basesize=20G + $ docker -d --storage-opt dm.basesize=20G * `dm.loopdatasize` @@ -270,7 +277,7 @@ Currently supported options are: Example use: - $ sudo docker -d --storage-opt dm.loopdatasize=200G + $ docker -d --storage-opt dm.loopdatasize=200G * `dm.loopmetadatasize` @@ -281,7 +288,7 @@ Currently supported options are: Example use: - $ sudo docker -d --storage-opt dm.loopmetadatasize=4G + $ docker -d --storage-opt dm.loopmetadatasize=4G * `dm.fs` @@ -290,7 +297,7 @@ Currently supported options are: Example use: - $ sudo docker -d --storage-opt dm.fs=xfs + $ docker -d --storage-opt dm.fs=xfs * `dm.mkfsarg` @@ -298,7 +305,7 @@ Currently supported options are: Example use: - $ sudo docker -d --storage-opt "dm.mkfsarg=-O ^has_journal" + $ docker -d --storage-opt "dm.mkfsarg=-O ^has_journal" * `dm.mountopt` @@ -306,7 +313,7 @@ Currently supported options are: Example use: - $ sudo docker -d --storage-opt dm.mountopt=nodiscard + $ docker -d --storage-opt dm.mountopt=nodiscard * `dm.datadev` @@ -318,7 +325,7 @@ Currently supported options are: Example use: - $ sudo docker -d \ + $ docker -d \ --storage-opt dm.datadev=/dev/sdb1 \ --storage-opt dm.metadatadev=/dev/sdc1 @@ -336,7 +343,7 @@ Currently supported options are: Example use: - $ sudo docker -d \ + $ docker -d \ --storage-opt dm.datadev=/dev/sdb1 \ --storage-opt dm.metadatadev=/dev/sdc1 @@ -347,7 +354,7 @@ Currently supported options are: Example use: - $ sudo docker -d --storage-opt dm.blocksize=512K + $ docker -d --storage-opt dm.blocksize=512K * `dm.blkdiscard` @@ -361,7 +368,7 @@ Currently supported options are: Example use: - $ sudo docker -d --storage-opt dm.blkdiscard=false + $ docker -d --storage-opt dm.blkdiscard=false ### Docker exec-driver option @@ -478,8 +485,8 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). #### Examples - $ sudo docker run -d --name topdemo ubuntu /usr/bin/top -b) - $ sudo docker attach topdemo + $ docker run -d --name topdemo ubuntu /usr/bin/top -b) + $ docker attach topdemo top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st @@ -516,14 +523,14 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). And in this second example, you can see the exit code returned by the `bash` process is returned by the `docker attach` command to its caller too: - $ sudo docker run --name test -d -it debian + $ docker run --name test -d -it debian 275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab - $ sudo docker attach test + $ docker attach test $$ exit 13 exit $ echo $? 13 - $ sudo docker ps -a | grep test + $ docker ps -a | grep test 275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test ## build @@ -636,7 +643,7 @@ See also: #### Examples - $ sudo docker build . + $ docker build . Uploading context 10240 bytes Step 1 : FROM busybox Pulling repository busybox @@ -681,7 +688,7 @@ If you wish to keep the intermediate containers after the build is complete, you must use `--rm=false`. This does not affect the build cache. - $ sudo docker build . + $ docker build . Uploading context 18.829 MB Uploading context Step 0 : FROM busybox @@ -691,7 +698,7 @@ affect the build cache. ---> 99cc1ad10469 Successfully built 99cc1ad10469 $ echo ".git" > .dockerignore - $ sudo docker build . + $ docker build . Uploading context 6.76 MB Uploading context Step 0 : FROM busybox @@ -705,25 +712,25 @@ This example shows the use of the `.dockerignore` file to exclude the `.git` directory from the context. Its effect can be seen in the changed size of the uploaded context. - $ sudo docker build -t vieux/apache:2.0 . + $ docker build -t vieux/apache:2.0 . This will build like the previous example, but it will then tag the resulting image. The repository name will be `vieux/apache` and the tag will be `2.0` - $ sudo docker build - < Dockerfile + $ docker build - < Dockerfile This will read a Dockerfile from `STDIN` without context. Due to the lack of a context, no contents of any local directory will be sent to the Docker daemon. Since there is no context, a Dockerfile `ADD` only works if it refers to a remote URL. - $ sudo docker build - < context.tar.gz + $ docker build - < context.tar.gz This will build an image for a compressed context read from `STDIN`. Supported formats are: bzip2, gzip and xz. - $ sudo docker build github.com/creack/docker-firefox + $ docker build github.com/creack/docker-firefox This will clone the GitHub repository and use the cloned repository as context. The Dockerfile at the root of the @@ -731,21 +738,21 @@ repository is used as Dockerfile. Note that you can specify an arbitrary Git repository by using the `git://` or `git@` schema. - $ sudo docker build -f Dockerfile.debug . + $ docker build -f Dockerfile.debug . This will use a file called `Dockerfile.debug` for the build instructions instead of `Dockerfile`. - $ sudo docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . - $ sudo docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . + $ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . + $ docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . The above commands will build the current build context (as specified by the `.`) twice, once using a debug version of a `Dockerfile` and once using a production version. $ cd /home/me/myapp/some/dir/really/deep - $ sudo docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp - $ sudo docker build -f ../../../../dockerfiles/debug /home/me/myapp + $ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp + $ docker build -f ../../../../dockerfiles/debug /home/me/myapp These two `docker build` commands do the exact same thing. They both use the contents of the `debug` file instead of looking for a `Dockerfile` @@ -788,27 +795,27 @@ Supported `Dockerfile` instructions: `ADD`|`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`FR #### Commit a container - $ sudo docker ps + $ docker ps ID IMAGE COMMAND CREATED STATUS PORTS c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - $ sudo docker commit c3f279d17e0a SvenDowideit/testimage:version3 + $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 f5283438590d - $ sudo docker images | head + $ docker images | head REPOSITORY TAG ID CREATED VIRTUAL SIZE SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB #### Commit a container with new configurations - $ sudo docker ps + $ docker ps ID IMAGE COMMAND CREATED STATUS PORTS c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - $ sudo docker inspect -f "{{ .Config.Env }}" c3f279d17e0a + $ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] - $ sudo docker commit --change "ENV DEBUG true" c3f279d17e0a SvenDowideit/testimage:version3 + $ docker commit --change "ENV DEBUG true" c3f279d17e0a SvenDowideit/testimage:version3 f5283438590d - $ sudo docker inspect -f "{{ .Config.Env }}" f5283438590d + $ docker inspect -f "{{ .Config.Env }}" f5283438590d [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] ## cp @@ -884,9 +891,9 @@ Please see the [run command](#run) section and the [Docker run reference]( #### Examples - $ sudo docker create -t -i fedora bash + $ docker create -t -i fedora bash 6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752 - $ sudo docker start -a -i 6d8af538ec5 + $ docker start -a -i 6d8af538ec5 bash-4.2# As of v1.4.0 container volumes are initialized during the `docker create` @@ -934,7 +941,7 @@ There are 3 events that are listed in the `diff`: For example: - $ sudo docker diff 7bb0e258aefe + $ docker diff 7bb0e258aefe C /dev A /dev/kmsg @@ -991,13 +998,13 @@ You'll need two shells for this example. **Shell 1: Listening for events:** - $ sudo docker events + $ docker events **Shell 2: Start and Stop containers:** - $ sudo docker start 4386fb97867d - $ sudo docker stop 4386fb97867d - $ sudo docker stop 7805c1d35632 + $ docker start 4386fb97867d + $ docker stop 4386fb97867d + $ docker stop 7805c1d35632 **Shell 1: (Again .. now showing events):** @@ -1009,20 +1016,20 @@ You'll need two shells for this example. **Show events in the past from a specified time:** - $ sudo docker events --since 1378216169 + $ docker events --since 1378216169 2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 2014-03-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop - $ sudo docker events --since '2013-09-03' + $ docker events --since '2013-09-03' 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop - $ sudo docker events --since '2013-09-03T15:49:29' + $ docker events --since '2013-09-03T15:49:29' 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die @@ -1030,29 +1037,29 @@ You'll need two shells for this example. **Filter events:** - $ sudo docker events --filter 'event=stop' + $ docker events --filter 'event=stop' 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop - $ sudo docker events --filter 'image=ubuntu-1:14.04' + $ docker events --filter 'image=ubuntu-1:14.04' 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop - $ sudo docker events --filter 'container=7805c1d35632' + $ docker events --filter 'container=7805c1d35632' 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop - $ sudo docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d' + $ docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d' 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop - $ sudo docker events --filter 'container=7805c1d35632' --filter 'event=stop' + $ docker events --filter 'container=7805c1d35632' --filter 'event=stop' 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop - $ sudo docker events --filter 'container=container_1' --filter 'container=container_2' + $ docker events --filter 'container=container_1' --filter 'container=container_2' 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die @@ -1087,16 +1094,16 @@ If the container is paused, then the `docker exec` command will fail with an err #### Examples - $ sudo docker run --name ubuntu_bash --rm -i -t ubuntu bash + $ docker run --name ubuntu_bash --rm -i -t ubuntu bash This will create a container named `ubuntu_bash` and start a Bash session. - $ sudo docker exec -d ubuntu_bash touch /tmp/execWorks + $ docker exec -d ubuntu_bash touch /tmp/execWorks This will create a new file `/tmp/execWorks` inside the running container `ubuntu_bash`, in the background. - $ sudo docker exec -it ubuntu_bash bash + $ docker exec -it ubuntu_bash bash This will create a new Bash session in the container `ubuntu_bash`. @@ -1112,11 +1119,11 @@ This will create a new Bash session in the container `ubuntu_bash`. For example: - $ sudo docker export red_panda > latest.tar + $ docker export red_panda > latest.tar Or - $ sudo docker export --output="latest.tar" red_panda + $ docker export --output="latest.tar" red_panda > **Note:** > `docker export` does not export the contents of volumes associated with the @@ -1138,7 +1145,7 @@ This will create a new Bash session in the container `ubuntu_bash`. To see how the `docker:latest` image was built: - $ sudo docker history docker + $ docker history docker IMAGE CREATED CREATED BY SIZE 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB @@ -1178,7 +1185,7 @@ uses up the `VIRTUAL SIZE` listed only once. #### Listing the most recently created images - $ sudo docker images | head + $ docker images | head REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 77af4d6b9913 19 hours ago 1.089 GB committ latest b6fa739cedf5 19 hours ago 1.089 GB @@ -1193,7 +1200,7 @@ uses up the `VIRTUAL SIZE` listed only once. #### Listing the full length image IDs - $ sudo docker images --no-trunc | head + $ docker images --no-trunc | head REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB @@ -1212,7 +1219,7 @@ called a `digest`. As long as the input used to generate the image is unchanged, the digest value is predictable. To list image digest values, use the `--digests` flag: - $ sudo docker images --digests | head + $ docker images --digests | head REPOSITORY TAG DIGEST IMAGE ID CREATED VIRTUAL SIZE localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB @@ -1232,7 +1239,7 @@ Current filters: ##### Untagged images - $ sudo docker images --filter "dangling=true" + $ docker images --filter "dangling=true" REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 8abc22fbb042 4 weeks ago 0 B @@ -1250,7 +1257,7 @@ By having this flag it allows for batch cleanup. Ready for use by `docker rmi ...`, like: - $ sudo docker rmi $(sudo docker images -f "dangling=true" -q) + $ docker rmi $(docker images -f "dangling=true" -q) 8abc22fbb042 48e5f45168b9 @@ -1287,21 +1294,21 @@ Supported `Dockerfile` instructions: `CMD`, `ENTRYPOINT`, `ENV`, `EXPOSE`, This will create a new untagged image. - $ sudo docker import http://example.com/exampleimage.tgz + $ docker import http://example.com/exampleimage.tgz **Import from a local file:** Import to docker via pipe and `STDIN`. - $ cat exampleimage.tgz | sudo docker import - exampleimagelocal:new + $ cat exampleimage.tgz | docker import - exampleimagelocal:new **Import from a local directory:** - $ sudo tar -c . | sudo docker import - exampleimagedir + $ sudo tar -c . | docker import - exampleimagedir **Import from a local directory with new configurations:** - $ sudo tar -c . | sudo docker import --change "ENV DEBUG true" - exampleimagedir + $ sudo tar -c . | docker import --change "ENV DEBUG true" - exampleimagedir Note the `sudo` in this example – you must preserve the ownership of the files (especially root ownership) during the @@ -1317,7 +1324,7 @@ tar, then the ownerships might not get preserved. For example: - $ sudo docker -D info + $ docker -D info Containers: 14 Images: 52 Storage Driver: aufs @@ -1373,25 +1380,25 @@ describes all the details of the format. For the most part, you can pick out any field from the JSON in a fairly straightforward manner. - $ sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID + $ docker inspect --format='{{.NetworkSettings.IPAddress}}' $INSTANCE_ID **Get an instance's MAC Address:** For the most part, you can pick out any field from the JSON in a fairly straightforward manner. - $ sudo docker inspect --format='{{.NetworkSettings.MacAddress}}' $INSTANCE_ID + $ docker inspect --format='{{.NetworkSettings.MacAddress}}' $INSTANCE_ID **Get an instance's log path:** - $ sudo docker inspect --format='{{.LogPath}}' $INSTANCE_ID + $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID **List All Port Bindings:** One can loop over arrays and maps in the results to produce simple text output: - $ sudo docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID + $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID **Find a Specific Port Mapping:** @@ -1403,7 +1410,7 @@ numeric public port, you use `index` to find the specific port map, and then `index` 0 contains the first object inside of that. Then we ask for the `HostPort` field to get the public address. - $ sudo docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID + $ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID **Get config:** @@ -1412,7 +1419,7 @@ the template language's custom `json` function does. The `.config` section contains complex JSON object, so to grab it as JSON, you use `json` to convert the configuration object into JSON. - $ sudo docker inspect --format='{{json .config}}' $INSTANCE_ID + $ docker inspect --format='{{json .config}}' $INSTANCE_ID ## kill @@ -1436,14 +1443,14 @@ signal specified with option `--signal`. Loads a tarred repository from a file or the standard input stream. Restores both images and tags. - $ sudo docker images + $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - $ sudo docker load < busybox.tar - $ sudo docker images + $ docker load < busybox.tar + $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB - $ sudo docker load --input fedora.tar - $ sudo docker images + $ docker load --input fedora.tar + $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB fedora rawhide 0d20aec6529d 7 weeks ago 387 MB @@ -1466,7 +1473,7 @@ If you want to login to a self-hosted registry you can specify this by adding the server name. example: - $ sudo docker login localhost:8080 + $ docker login localhost:8080 ## logout @@ -1477,7 +1484,7 @@ adding the server name. For example: - $ sudo docker logout localhost:8080 + $ docker logout localhost:8080 ## logs @@ -1531,17 +1538,17 @@ for further details. You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or just a specific mapping: - $ sudo docker ps test + $ docker ps test CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test - $ sudo docker port test + $ docker port test 7890/tcp -> 0.0.0.0:4321 9876/tcp -> 0.0.0.0:1234 - $ sudo docker port test 7890/tcp + $ docker port test 7890/tcp 0.0.0.0:4321 - $ sudo docker port test 7890/udp + $ docker port test 7890/udp 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test - $ sudo docker port test 7890 + $ docker port test 7890 0.0.0.0:4321 ## ps @@ -1562,7 +1569,7 @@ just a specific mapping: Running `docker ps --no-trunc` showing 2 linked containers. - $ sudo docker ps + $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds 3300-3310/tcp webapp d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db @@ -1585,7 +1592,7 @@ Current filters: ##### Successfully exited containers - $ sudo docker ps -a --filter 'exited=0' + $ docker ps -a --filter 'exited=0' CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago Exited (0) 2 weeks ago 127.0.0.1:5000->5000/tcp desperate_leakey 106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani @@ -1615,20 +1622,20 @@ a protocol specifier (`https://`, for example). To download a particular image, or set of images (i.e., a repository), use `docker pull`: - $ sudo docker pull debian + $ docker pull debian # will pull the debian:latest image and its intermediate layers - $ sudo docker pull debian:testing + $ docker pull debian:testing # will pull the image named debian:testing and any intermediate # layers it is based on. - $ sudo docker pull debian@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf + $ docker pull debian@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf # will pull the image from the debian repository with the digest # sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf # and any intermediate layers it is based on. # (Typically the empty `scratch` image, a MAINTAINER layer, # and the un-tarred base). - $ sudo docker pull --all-tags centos + $ docker pull --all-tags centos # will pull all the images from the centos repository - $ sudo docker pull registry.hub.docker.com/debian + $ docker pull registry.hub.docker.com/debian # manually specifies the path to the default Docker registry. This could # be replaced with the path to a local registry to pull from another source. @@ -1669,19 +1676,19 @@ The `docker rename` command allows the container to be renamed to a different na #### Examples - $ sudo docker rm /redis + $ docker rm /redis /redis This will remove the container referenced under the link `/redis`. - $ sudo docker rm --link /webapp/redis + $ docker rm --link /webapp/redis /webapp/redis This will remove the underlying link between `/webapp` and the `/redis` containers removing all network communication. - $ sudo docker rm --force redis + $ docker rm --force redis redis The main process inside the container referenced under the link `/redis` will receive @@ -1709,37 +1716,37 @@ You can remove an image using its short or long ID, its tag, or its digest. If an image has one or more tag or digest reference, you must remove all of them before the image is removed. - $ sudo docker images + $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - $ sudo docker rmi fd484f19954f + $ docker rmi fd484f19954f Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories, use -f to force 2013/12/11 05:47:16 Error: failed to remove one or more images - $ sudo docker rmi test1 + $ docker rmi test1 Untagged: test1:latest - $ sudo docker rmi test2 + $ docker rmi test2 Untagged: test2:latest - $ sudo docker images + $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - $ sudo docker rmi test + $ docker rmi test Untagged: test:latest Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 An image pulled by digest has no tag associated with it: - $ sudo docker images --digests + $ docker images --digests REPOSITORY TAG DIGEST IMAGE ID CREATED VIRTUAL SIZE localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB To remove an image using its digest: - $ sudo docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf + $ docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf Untagged: localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2 @@ -1814,12 +1821,12 @@ and linking containers. #### Examples - $ sudo docker run --name test -it debian + $ docker run --name test -it debian $$ exit 13 exit $ echo $? 13 - $ sudo docker ps -a | grep test + $ docker ps -a | grep test 275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test In this example, we are running `bash` interactively in the `debian:latest` image, and giving @@ -1827,14 +1834,14 @@ the container the name `test`. We then quit `bash` by running `exit 13`, which m will have an exit code of `13`. This is then passed on to the caller of `docker run`, and is recorded in the `test` container metadata. - $ sudo docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" + $ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" This will create a container and print `test` to the console. The `cidfile` flag makes Docker attempt to create a new file and write the container ID to it. If the file exists already, Docker will return an error. Docker will close this file when `docker run` exits. - $ sudo docker run -t -i --rm ubuntu bash + $ docker run -t -i --rm ubuntu bash root@bc338942ef20:/# mount -t tmpfs none /mnt mount: permission denied @@ -1842,7 +1849,7 @@ This will *not* work, because by default, most potentially dangerous kernel capabilities are dropped; including `cap_sys_admin` (which is required to mount filesystems). However, the `--privileged` flag will allow it to run: - $ sudo docker run --privileged ubuntu bash + $ docker run --privileged ubuntu bash root@50e3f57e16e6:/# mount -t tmpfs none /mnt root@50e3f57e16e6:/# df -h Filesystem Size Used Avail Use% Mounted on @@ -1853,12 +1860,12 @@ lifts all the limitations enforced by the `device` cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker. - $ sudo docker run -w /path/to/dir/ -i -t ubuntu pwd + $ docker run -w /path/to/dir/ -i -t ubuntu pwd The `-w` lets the command being executed inside directory given, here `/path/to/dir/`. If the path does not exists it is created inside the container. - $ sudo docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd + $ docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd The `-v` flag mounts the current working directory into the container. The `-w` lets the command being executed inside the current working directory, by @@ -1866,41 +1873,41 @@ changing into the directory to the value returned by `pwd`. So this combination executes the command using the container, but inside the current working directory. - $ sudo docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash + $ docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash When the host directory of a bind-mounted volume doesn't exist, Docker will automatically create this directory on the host for you. In the example above, Docker will create the `/doesnt/exist` folder before starting your container. - $ sudo docker run --read-only -v /icanwrite busybox touch /icanwrite here + $ docker run --read-only -v /icanwrite busybox touch /icanwrite here Volumes can be used in combination with `--read-only` to control where a container writes files. The `--read-only` flag mounts the container's root filesystem as read only prohibiting writes to locations other than the specified volumes for the container. - $ sudo docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh + $ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh By bind-mounting the docker unix socket and statically linked docker binary (such as that provided by [https://get.docker.com]( https://get.docker.com)), you give the container the full access to create and manipulate the host's Docker daemon. - $ sudo docker run -p 127.0.0.1:80:8080 ubuntu bash + $ docker run -p 127.0.0.1:80:8080 ubuntu bash This binds port `8080` of the container to port `80` on `127.0.0.1` of the host machine. The [Docker User Guide](/userguide/dockerlinks/) explains in detail how to manipulate ports in Docker. - $ sudo docker run --expose 80 ubuntu bash + $ docker run --expose 80 ubuntu bash This exposes port `80` of the container for use within a link without publishing the port to the host system's interfaces. The [Docker User Guide](/userguide/dockerlinks) explains in detail how to manipulate ports in Docker. - $ sudo docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash + $ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash This sets environmental variables in the container. For illustration all three flags are shown here. Where `-e`, `--env` take an environment variable and @@ -1917,7 +1924,7 @@ override variables as needed. $ cat ./env.list TEST_FOO=BAR - $ sudo docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO + $ docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO TEST_FOO=This is a test The `--env-file` flag takes a filename as an argument and expects each line @@ -1944,11 +1951,11 @@ An example of a file passed with `--env-file` TEST_APP_DEST_PORT=8888 TEST_PASSTHROUGH=howdy - $ sudo docker run --name console -t -i ubuntu bash + $ docker run --name console -t -i ubuntu bash A label is a a `key=value` pair that applies metadata to a container. To label a container with two labels: - $ sudo docker run -l my-label --label com.example.foo=bar ubuntu bash + $ docker run -l my-label --label com.example.foo=bar ubuntu bash The `my-label` key doesn't specify a value so the label defaults to an empty string(`""`). To add multiple labels, repeat the label flag (`-l` or `--label`). @@ -1961,7 +1968,7 @@ Use the `--label-file` flag to load multiple labels from a file. Delimit each label in the file with an EOL mark. The example below loads labels from a labels file in the current directory: - $ sudo docker run --label-file ./labels ubuntu bash + $ docker run --label-file ./labels ubuntu bash The label-file format is similar to the format for loading environment variables. (Unlike environment variables, labels are not visislbe to processes @@ -1980,7 +1987,7 @@ For additional information on working with labels, see [*Labels - custom metadata in Docker*](/userguide/labels-custom-metadata/) in the Docker User Guide. - $ sudo docker run --link /redis:redis --name console ubuntu bash + $ docker run --link /redis:redis --name console ubuntu bash The `--link` flag will link the container named `/redis` into the newly created container with the alias `redis`. The new container can access the @@ -1988,7 +1995,7 @@ network and environment of the `redis` container via environment variables. The `--name` flag will assign the name `console` to the newly created container. - $ sudo docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd + $ docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd The `--volumes-from` flag mounts all the defined volumes from the referenced containers. Containers can be specified by repetitions of the `--volumes-from` @@ -2000,18 +2007,18 @@ the reference container. The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or `STDERR`. This makes it possible to manipulate the output and input as needed. - $ echo "test" | sudo docker run -i -a stdin ubuntu cat - + $ echo "test" | docker run -i -a stdin ubuntu cat - This pipes data into a container and prints the container's ID by attaching only to the container's `STDIN`. - $ sudo docker run -a stderr ubuntu echo test + $ docker run -a stderr ubuntu echo test This isn't going to print anything unless there's an error because we've only attached to the `STDERR` of the container. The container's logs still store what's been written to `STDERR` and `STDOUT`. - $ cat somefile | sudo docker run -i -a stdin mybuilder dobuild + $ cat somefile | docker run -i -a stdin mybuilder dobuild This is how piping a file into a container could be done for a build. The container's ID will be printed after the build is done and the build @@ -2019,7 +2026,7 @@ logs could be retrieved using `docker logs`. This is useful if you need to pipe a file or something else into a container and retrieve the container's ID once the container has finished running. - $ sudo docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo} + $ docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo} brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo @@ -2035,19 +2042,19 @@ flag: ``` - $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc Command (m for help): q - $ sudo docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc You will not be able to write the partition table. Command (m for help): q - $ sudo docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc Command (m for help): q - $ sudo docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc fdisk: unable to open /dev/xvdc: Operation not permitted ``` @@ -2057,11 +2064,11 @@ flag: **A complete example:** - $ sudo docker run -d --name static static-web-files sh - $ sudo docker run -d --expose=8098 --name riak riakserver - $ sudo docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver - $ sudo docker run -d -p 1443:443 --dns=10.0.0.1 --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver - $ sudo docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log + $ docker run -d --name static static-web-files sh + $ docker run -d --expose=8098 --name riak riakserver + $ docker run -d -m 100m -e DEVELOPMENT=1 -e BRANCH=example-code -v $(pwd):/app/bin:ro --name app appserver + $ docker run -d -p 1443:443 --dns=10.0.0.1 --dns-search=dev.org -v /var/log/httpd --volumes-from static --link riak --link app -h www.sven.dev.org --name web webserver + $ docker run -t -i --rm --volumes-from web -w /var/log/httpd busybox tail -f access.log This example shows five containers that might be set up to test a web application change: @@ -2130,7 +2137,7 @@ Docker supports the following restart policies: - $ sudo docker run --restart=always redis + $ docker run --restart=always redis This will run the `redis` container with a restart policy of **always** so that if the container exits, Docker will restart it. @@ -2202,18 +2209,18 @@ each argument provided. It is used to create a backup that can then be used with `docker load` - $ sudo docker save busybox > busybox.tar + $ docker save busybox > busybox.tar $ ls -sh busybox.tar 2.7M busybox.tar - $ sudo docker save --output busybox.tar busybox + $ docker save --output busybox.tar busybox $ ls -sh busybox.tar 2.7M busybox.tar - $ sudo docker save -o fedora-all.tar fedora - $ sudo docker save -o fedora-latest.tar fedora:latest + $ docker save -o fedora-all.tar fedora + $ docker save -o fedora-latest.tar fedora:latest It is even useful to cherry-pick particular tags of an image repository - $ sudo docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy + $ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy ## search @@ -2253,7 +2260,7 @@ more details on finding shared images from the command line. Running `docker stats` on multiple containers - $ sudo docker stats redis1 redis2 + $ docker stats redis1 redis2 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O redis1 0.07% 796 KiB/64 MiB 1.21% 788 B/648 B redis2 0.07% 2.746 MiB/64 MiB 4.29% 1.266 KiB/648 B @@ -2317,7 +2324,7 @@ for further details. Show the Docker version, API version, Git commit, Go version and OS/architecture of both Docker client and daemon. Example use: - $ sudo docker version + $ docker version Client version: 1.5.0 Client API version: 1.17 Go version (client): go1.4.1 From 984a0d8dee6be5fef5ea5fbcd1073e17da7b1ad2 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Tue, 24 Mar 2015 20:15:16 +0800 Subject: [PATCH 0554/2538] Add some run option to bash completion Signed-off-by: Lei Jitang --- contrib/completion/bash/docker | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 35dd4d8980..2397cb59fc 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -734,6 +734,7 @@ _docker_run() { --attach -a --cap-add --cap-drop + --cgroup-parent --cidfile --cpuset --cpu-shares -c @@ -746,7 +747,10 @@ _docker_run() { --expose --hostname -h --ipc + --label -l + --label-file --link + --log-driver --lxc-conf --mac-address --memory -m @@ -798,7 +802,7 @@ _docker_run() { __docker_capabilities return ;; - --cidfile|--env-file) + --cidfile|--cgroup-parent|--env-file|--label-file) _filedir return ;; @@ -850,6 +854,10 @@ _docker_run() { esac return ;; + --log-driver) + COMPREPLY=( $( compgen -W "json-file syslog none" -- "$cur") ) + return + ;; --net) case "$cur" in container:*) From 443da2a625477f84f2687b911efdec6f33ececd0 Mon Sep 17 00:00:00 2001 From: Michael West Date: Fri, 27 Mar 2015 23:23:50 -0400 Subject: [PATCH 0555/2538] Add man pages generation instructions. Signed-off-by: Michael West --- docs/README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/README.md b/docs/README.md index 5feb496a73..24f91e115b 100755 --- a/docs/README.md +++ b/docs/README.md @@ -280,3 +280,24 @@ aws cloudfront create-invalidation --profile docs.docker.com --distribution-id aws cloudfront create-invalidation --profile docs.docker.com --distribution-id $DISTRIBUTION_ID --invalidation-batch '{"Paths":{"Quantity":1, "Items":["/v1.1/reference/api/docker_io_oauth_api/"]},"CallerReference":"6Mar2015sventest1"}' ``` +### Generate the man pages for Mac OSX + +When using Docker on Mac OSX the man pages will be missing by default. You can manually generate them by following these steps: + +1. Checkout the docker source. You must clone into your `/Users` directory because Boot2Docker can only share this path + with docker containers. + + $ git clone https://github.com/docker/docker.git + +2. Build the docker image. + + $ cd docker/docs/man + $ docker build -t docker/md2man . + +3. Build the man pages. + + $ docker run -v /Users//docker/docs/man:/docs:rw -w /docs -i docker/md2man /docs/md2man-all.sh + +4. Copy the generated man pages to `/usr/share/man` + + $ cp -R man* /usr/share/man/ From 229fa7b7b9f82bf678786e4343836fd682ee30a7 Mon Sep 17 00:00:00 2001 From: Michael West Date: Fri, 27 Mar 2015 23:25:12 -0400 Subject: [PATCH 0556/2538] Add a missing definite article Signed-off-by: Michael West --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 24f91e115b..15fee1d364 100755 --- a/docs/README.md +++ b/docs/README.md @@ -285,7 +285,7 @@ aws cloudfront create-invalidation --profile docs.docker.com --distribution-id When using Docker on Mac OSX the man pages will be missing by default. You can manually generate them by following these steps: 1. Checkout the docker source. You must clone into your `/Users` directory because Boot2Docker can only share this path - with docker containers. + with the docker containers. $ git clone https://github.com/docker/docker.git From 5dad1f409fdfa409fd1416129871aec2304df843 Mon Sep 17 00:00:00 2001 From: Ankush Agarwal Date: Sun, 29 Mar 2015 03:48:59 -0700 Subject: [PATCH 0557/2538] Add Glossary to documentation Closes #11057 Signed-off-by: Ankush Agarwal --- docs/sources/reference/glossary.md | 201 +++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 docs/sources/reference/glossary.md diff --git a/docs/sources/reference/glossary.md b/docs/sources/reference/glossary.md new file mode 100644 index 0000000000..d33d015693 --- /dev/null +++ b/docs/sources/reference/glossary.md @@ -0,0 +1,201 @@ +page_title: Docker Glossary +page_description: Glossary of terms used around Docker +page_keywords: glossary, docker, terms, definitions + +# Glossary + +A list of terms used around the Docker project. + +## aufs + +aufs (advanced multi layered unification filesystem) is a Linux [filesystem](#filesystem) that +Docker supports as a storage backend. It implements the +[union mount](http://en.wikipedia.org/wiki/Union_mount) for Linux file systems. + +## boot2docker + +[boot2docker](http://boot2docker.io/) is a lightweight Linux distribution made +specifically to run Docker containers. It is a common choice for a [VM](#virtual-machine) +to run Docker on Windows and Mac OS X. + +boot2docker can also refer to the boot2docker management tool on Windows and +Mac OS X which manages the boot2docker VM. + +## btrfs + +btrfs (B-tree file system) is a Linux [filesystem](#filesystem) that Docker +supports as a storage backend. It is a [copy-on-write](http://en.wikipedia.org/wiki/Copy-on-write) +filesystem. + +## build + +build is the process of building Docker images using a [Dockerfile](#dockerfile). +The build uses a Dockerfile and a "context". The context is the set of files in the +directory in which the image is built. + +## cgroups + +cgroups is a Linux kernel feature that limits, accounts for, and isolates +the resource usage (CPU, memory, disk I/O, network, etc.) of a collection +of processes. Docker relies on cgroups to control and isolate resource limits. + +*Also known as : control groups* + +## Compose + +[Compose](https://github.com/docker/compose) is a tool for defining and +running complex applications with Docker. With compose, you define a +multi-container application in a single file, then spin your +application up in a single command which does everything that needs to +be done to get it running. + +*Also known as : docker-compose, fig* + +## container + +A container is a runtime instance of a [docker image](#image). + +A Docker container consists of + +- A Docker image +- Execution environment +- A standard set of instructions + +The concept is borrowed from Shipping Containers, which define a standard to ship +goods globally. Docker defines a standard to ship software. + +## data volume + +A data volume is a specially-designated directory within one or more containers +that bypasses the Union File System. Data volumes are designed to persist data, +independent of the container's life cycle. Docker therefore never automatically +delete volumes when you remove a container, nor will it "garbage collect" +volumes that are no longer referenced by a container. + + +## Docker + +The term Docker can refer to + +- The Docker project as a whole, which is a platform for developers and sysadmins to +develop, ship, and run applications +- The docker daemon process running on the host which manages images and containers + + +## Docker Hub + +The [Docker Hub](https://hub.docker.com/) is a centralized resource for working with +Docker and its components. It provides the following services: + +- Docker image hosting +- User authentication +- Automated image builds and work-flow tools such as build triggers and web hooks +- Integration with GitHub and BitBucket + + +## Dockerfile + +A Dockerfile is a text document that contains all the commands you would +normally execute manually in order to build a Docker image. Docker can +build images automatically by reading the instructions from a Dockerfile. + +## filesystem + +A file system is the method an operating system uses to name files +and assign them locations for efficient storage and retrieval. + +Examples : + +- Linux : ext4, aufs, btrfs, zfs +- Windows : NTFS +- OS X : HFS+ + +## image + +Docker images are the basis of [containers](#container). An Image is an +ordered collection of root filesystem changes and the corresponding +execution parameters for use within a container runtime. An image typically +contains a union of layered filesystems stacked on top of each other. An image +does not have state and it never changes. + +## libcontainer + +libcontainer provides a native Go implementation for creating containers with +namespaces, cgroups, capabilities, and filesystem access controls. It allows +you to manage the lifecycle of the container performing additional operations +after the container is created. + +## link + +links provide an interface to connect Docker containers running on the same host +to each other without exposing the hosts' network ports. When you set up a link, +you create a conduit between a source container and a recipient container. +The recipient can then access select data about the source. To create a link, +you can use the `--link` flag. + +## Machine + +[Machine](https://github.com/docker/machine) is a Docker tool which +makes it really easy to create Docker hosts on your computer, on +cloud providers and inside your own data center. It creates servers, +installs Docker on them, then configures the Docker client to talk to them. + +*Also known as : docker-machine* + +## overlay + +OverlayFS is a [filesystem](#filesystem) service for Linux which implements a +[union mount](http://en.wikipedia.org/wiki/Union_mount) for other file systems. +It is supported by the Docker daemon as a storage driver. + +## registry + +A Registry is a hosted service containing [repositories](#repository) of [images](#image) +which responds to the Registry API. + +The default registry can be accessed using a browser at [Docker Hub](#docker-hub) +or using the `docker search` command. + +## repository + +A repository is a set of Docker images. A repository can be shared by pushing it +to a [registry](#registry) server. The different images in the repository can be +labeled using [tags](#tag). + +Here is an example of the shared [nginx repository](https://registry.hub.docker.com/_/nginx/) +and its [tags](https://registry.hub.docker.com/_/nginx/tags/manage/) + +## Swarm + +[Swarm](https://github.com/docker/swarm) is a native clustering tool for Docker. +Swarm pools together several Docker hosts and exposes them as a single virtual +Docker host. It serves the standard Docker API, so any tool that already works +with Docker can now transparently scale up to multiple hosts. + +*Also known as : docker-swarm* + +## tag + +A tag is a label applied to a Docker image in a [repository](#repository). +tags are how various images in a repository are distinguished from each other. + +*Note : This label is not related to the key=value labels set for docker daemon* + +## Union file system + +Union file systems, or UnionFS, are file systems that operate by creating layers, making them +very lightweight and fast. Docker uses union file systems to provide the building +blocks for containers. + + +## Virtual Machine + +A Virtual Machine is a program that emulates a complete computer and imitates dedicated hardware. +It shares physical hardware resources with other users but isolates the operating system. The +end user has the same experience on a Virtual Machine as they would have on dedicated hardware. + +Compared to to containers, a Virtual Machine is heavier to run, provides more isolation, +gets its own set of resources and does minimal sharing. + +*Also known as : VM* + From e1cbe1c3981e3325b2bc14325028ae118136a3b2 Mon Sep 17 00:00:00 2001 From: John Willis Date: Mon, 23 Mar 2015 21:00:02 -0400 Subject: [PATCH 0558/2538] #11465 Add additional doc for locagi registries onn pull command Signed-off-by: John Willis --- docs/sources/reference/commandline/cli.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e6f09a0785..e3344991b5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1602,7 +1602,7 @@ This shows all the containers that have exited with status of '0' ## pull - Usage: docker pull [OPTIONS] NAME[:TAG] + Usage: docker pull [OPTIONS] NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] Pull an image or a repository from the registry @@ -1638,6 +1638,7 @@ use `docker pull`: $ docker pull registry.hub.docker.com/debian # manually specifies the path to the default Docker registry. This could # be replaced with the path to a local registry to pull from another source. + # sudo docker pull myhub.com:8080/test-image ## push From 7ac28ecb2cf14a89320d759d4f6ac4a91341d3b6 Mon Sep 17 00:00:00 2001 From: Ankush Agarwal Date: Sat, 28 Mar 2015 18:32:00 -0700 Subject: [PATCH 0559/2538] Explain --net=host option usage Fixes #11630 Signed-off-by: Ankush Agarwal --- docs/sources/reference/run.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index b1d0e92bd1..3fed51a189 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -279,6 +279,13 @@ container. The container's hostname will match the hostname on the host system. Publishing ports and linking to other containers will not work when sharing the host's network stack. +Compared to the default `bridge` mode, the `host` mode gives *significantly* +better networking performance since it uses the host's native networking stack +wheras the bridge has to go through one level of virtualizaion through the +docker daemon. It is recommended to run containers in this mode when their +networking performance is critical, for example, a production Load Balancer +or a High Performance Web Server. + > **Note**: `--net="host"` gives the container full access to local system > services such as D-bus and is therefore considered insecure. From 729035faffa3c047df4fc08a6e401e78a884d5d7 Mon Sep 17 00:00:00 2001 From: "Daniel, Dao Quang Minh" Date: Thu, 26 Mar 2015 07:46:13 +0000 Subject: [PATCH 0560/2538] document dirperm1 fix for #783 in known issues Since `dirperm1` requires a more recent aufs patch than many current OS release, we cant remove #783 completely. This documents that docker will apply `dirperm1` automatically for systems that support it Signed-off-by: Daniel, Dao Quang Minh --- docs/sources/reference/builder.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 46d0e21e88..adf42ae764 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -280,8 +280,14 @@ The cache for `RUN` instructions can be invalidated by `ADD` instructions. See - [Issue 783](https://github.com/docker/docker/issues/783) is about file permissions problems that can occur when using the AUFS file system. You - might notice it during an attempt to `rm` a file, for example. The issue - describes a workaround. + might notice it during an attempt to `rm` a file, for example. + + For systems that have recent aufs version (i.e., `dirperm1` mount option can + be set), docker will attempt to fix the issue automatically by mounting + the layers with `dirperm1` option. More details on `dirperm1` option can be + found at [`aufs` man page](http://aufs.sourceforge.net/aufs3/man.html) + + If your system doesnt have support for `dirperm1`, the issue describes a workaround. ## CMD From 4d5758b252f7316c6fe17aaa9caf6037ee5976b1 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 28 Mar 2015 11:32:33 -0700 Subject: [PATCH 0561/2538] Do not complete --cgroup-parent as _filedir This is a follow-up on PR 11708, as suggested by tianon. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2397cb59fc..69117890f5 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -802,7 +802,7 @@ _docker_run() { __docker_capabilities return ;; - --cidfile|--cgroup-parent|--env-file|--label-file) + --cidfile|--env-file|--label-file) _filedir return ;; From d0fefccd8d6f3fd7973e35931909f9d7d055ff31 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 29 Mar 2015 09:24:08 -0700 Subject: [PATCH 0562/2538] Add missing filters to bash completion for docker images and docker ps Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 40 +++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 69117890f5..19544c4da6 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -58,6 +58,18 @@ __docker_containers_unpauseable() { __docker_containers_all '.State.Paused' } +__docker_container_names() { + local containers=( $(__docker_q ps -aq --no-trunc) ) + local names=( $(__docker_q inspect --format '{{.Name}}' "${containers[@]}") ) + names=( "${names[@]#/}" ) # trim off the leading "/" from the container names + COMPREPLY=( $(compgen -W "${names[*]}" -- "$cur") ) +} + +__docker_container_ids() { + local containers=( $(__docker_q ps -aq) ) + COMPREPLY=( $(compgen -W "${containers[*]}" -- "$cur") ) +} + __docker_image_repos() { local repos="$(__docker_q images | awk 'NR>1 && $1 != "" { print $1 }')" COMPREPLY=( $(compgen -W "$repos" -- "$cur") ) @@ -437,7 +449,10 @@ _docker_history() { _docker_images() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -W "dangling=true" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "dangling=true label=" -- "$cur" ) ) + if [ "$COMPREPLY" = "label=" ]; then + compopt -o nospace + fi return ;; esac @@ -447,17 +462,20 @@ _docker_images() { COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) return ;; + *label=*) + return + ;; esac case "$cur" in -*) COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-trunc --quiet -q" -- "$cur" ) ) ;; + =) + return + ;; *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_image_repos - fi + __docker_image_repos ;; esac } @@ -616,7 +634,7 @@ _docker_ps() { __docker_containers_all ;; --filter|-f) - COMPREPLY=( $( compgen -S = -W "exited status" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "exited id label name status" -- "$cur" ) ) compopt -o nospace return ;; @@ -626,6 +644,16 @@ _docker_ps() { esac case "${words[$cword-2]}$prev=" in + *id=*) + cur="${cur#=}" + __docker_container_ids + return + ;; + *name=*) + cur="${cur#=}" + __docker_container_names + return + ;; *status=*) COMPREPLY=( $( compgen -W "exited paused restarting running" -- "${cur#=}" ) ) return From 08642641593d606dd6e173c22352f62c78b303ae Mon Sep 17 00:00:00 2001 From: cheney90 Date: Fri, 27 Mar 2015 16:41:06 +0800 Subject: [PATCH 0563/2538] Add capabilities list information table. Signed-off-by: Chen Qiu <21321229@zju.edu.cn> --- docs/sources/reference/run.md | 45 ++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 3fed51a189..da5aab969a 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -642,7 +642,50 @@ This can be overridden using a third `:rwm` set of options to each `--device` fl In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default -list of capabilities that are kept. Both flags support the value `all`, so if the +list of capabilities that are kept. Here is a table to list the reference information on capabilities. + +| Capability Key | Capability Value | Capability Description | +| :----------------- | :---------------| :-------------------- | +| SETPCAP | capability.CAP_SETPCAP | Modify process capabilities. | +| SYS_MODULE | capability.CAP_SYS_MODULE | Load and unload kernel modules. | +| SYS_RAWIO | capability.CAP_SYS_RAWIO | Perform I/O port operations (iopl(2) and ioperm(2)). | +| SYS_PACCT | capability.CAP_SYS_PACCT | Use acct(2), switch process accounting on or off. | +| SYS_ADMIN | capability.CAP_SYS_ADMIN | Perform a range of system administration operations. | +| SYS_NICE | capability.CAP_SYS_NICE | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes. | +| SYS_RESOURCE | capability.CAP_SYS_RESOURCE | Override Resource Limits. | +| SYS_TIME | capability.CAP_SYS_TIME | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock. | +| SYS_TTY_CONFIG | capability.CAP_SYS_TTY_CONFIG | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals. | +| MKNOD | capability.CAP_MKNOD | Create special files using mknod(2). | +| AUDIT_WRITE | capability.CAP_AUDIT_WRITE | Write records to kernel auditing log. | +| AUDIT_CONTROL | capability.CAP_AUDIT_CONTROL | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules. | +| MAC_OVERRIDE | capability.CAP_MAC_OVERRIDE | Allow MAC configuration or state changes. Implemented for the Smack LSM. | +| MAC_ADMIN | capability.CAP_MAC_ADMIN | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM). | +| NET_ADMIN | capability.CAP_NET_ADMIN | Perform various network-related operations. | +| SYSLOG | capability.CAP_SYSLOG | Perform privileged syslog(2) operations. | +| CHOWN | capability.CAP_CHOWN | Make arbitrary changes to file UIDs and GIDs (see chown(2)). | +| NET_RAW | capability.CAP_NET_RAW | Use RAW and PACKET sockets. | +| DAC_OVERRIDE | capability.CAP_DAC_OVERRIDE | Bypass file read, write, and execute permission checks. | +| FOWNER | capability.CAP_FOWNER | Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file. | +| DAC_READ_SEARCH | capability.CAP_DAC_READ_SEARCH | Bypass file read permission checks and directory read and execute permission checks. | +| FSETID | capability.CAP_FSETID | Don't clear set-user-ID and set-group-ID permission bits when a file is modified. | +| KILL | apability.CAP_KILL | Bypass permission checks for sending signals. | +| SETGID | capability.CAP_SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. | +| SETUID | capability.CAP_SETUID | Make arbitrary manipulations of process UIDs. | +| LINUX_IMMUTABLE | capability.CAP_LINUX_IMMUTABLE | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags. | +| NET_BIND_SERVICE | capability.CAP_NET_BIND_SERVICE | Bind a socket to Internet domain privileged ports (port numbers less than 1024). | +| NET_BROADCAST | capability.CAP_NET_BROADCAST} | Make socket broadcasts, and listen to multicasts. | +| IPC_LOCK | capability.CAP_IPC_LOCK | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)). | +| IPC_OWNER | capability.CAP_IPC_OWNER | Bypass permission checks for operations on System V IPC objects. | +| SYS_CHROOT | capability.CAP_SYS_CHROOT | Use chroot(2), change root directory. | +| SYS_PTRACE | capability.CAP_SYS_PTRACE | Trace arbitrary processes using ptrace(2). | +| SYS_BOOT | capability.CAP_SYS_BOOT | Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution. | +| LEASE | capability.CAP_LEASE | Establish leases on arbitrary files (see fcntl(2)). | +| SETFCAP | capability.CAP_SETFCAP | Set file capabilities.| +| WAKE_ALARM | capability.CAP_WAKE_ALARM | Trigger something that will wake up the system. | +| BLOCK_SUSPEND | capability.CAP_BLOCK_SUSPEND | Employ features that can block system suspend. | + + +Both flags support the value `all`, so if the operator wants to have all capabilities but `MKNOD` they could use: $ docker run --cap-add=ALL --cap-drop=MKNOD ... From 5b000494ee5cef14a87cfa7457146f667d27d8d9 Mon Sep 17 00:00:00 2001 From: Harry Zhang Date: Fri, 27 Mar 2015 12:06:49 +0000 Subject: [PATCH 0564/2538] Remove dupllicated prefix to make table shorter & fix bugs Signed-off-by: Harry Zhang --- docs/sources/reference/run.md | 77 ++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 38 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index da5aab969a..71d03ac251 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -644,46 +644,47 @@ In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default list of capabilities that are kept. Here is a table to list the reference information on capabilities. -| Capability Key | Capability Value | Capability Description | +| Capability Key | Capability Description | | :----------------- | :---------------| :-------------------- | -| SETPCAP | capability.CAP_SETPCAP | Modify process capabilities. | -| SYS_MODULE | capability.CAP_SYS_MODULE | Load and unload kernel modules. | -| SYS_RAWIO | capability.CAP_SYS_RAWIO | Perform I/O port operations (iopl(2) and ioperm(2)). | -| SYS_PACCT | capability.CAP_SYS_PACCT | Use acct(2), switch process accounting on or off. | -| SYS_ADMIN | capability.CAP_SYS_ADMIN | Perform a range of system administration operations. | -| SYS_NICE | capability.CAP_SYS_NICE | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes. | -| SYS_RESOURCE | capability.CAP_SYS_RESOURCE | Override Resource Limits. | -| SYS_TIME | capability.CAP_SYS_TIME | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock. | -| SYS_TTY_CONFIG | capability.CAP_SYS_TTY_CONFIG | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals. | -| MKNOD | capability.CAP_MKNOD | Create special files using mknod(2). | -| AUDIT_WRITE | capability.CAP_AUDIT_WRITE | Write records to kernel auditing log. | -| AUDIT_CONTROL | capability.CAP_AUDIT_CONTROL | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules. | -| MAC_OVERRIDE | capability.CAP_MAC_OVERRIDE | Allow MAC configuration or state changes. Implemented for the Smack LSM. | -| MAC_ADMIN | capability.CAP_MAC_ADMIN | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM). | -| NET_ADMIN | capability.CAP_NET_ADMIN | Perform various network-related operations. | -| SYSLOG | capability.CAP_SYSLOG | Perform privileged syslog(2) operations. | -| CHOWN | capability.CAP_CHOWN | Make arbitrary changes to file UIDs and GIDs (see chown(2)). | -| NET_RAW | capability.CAP_NET_RAW | Use RAW and PACKET sockets. | -| DAC_OVERRIDE | capability.CAP_DAC_OVERRIDE | Bypass file read, write, and execute permission checks. | -| FOWNER | capability.CAP_FOWNER | Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file. | -| DAC_READ_SEARCH | capability.CAP_DAC_READ_SEARCH | Bypass file read permission checks and directory read and execute permission checks. | -| FSETID | capability.CAP_FSETID | Don't clear set-user-ID and set-group-ID permission bits when a file is modified. | -| KILL | apability.CAP_KILL | Bypass permission checks for sending signals. | -| SETGID | capability.CAP_SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. | -| SETUID | capability.CAP_SETUID | Make arbitrary manipulations of process UIDs. | -| LINUX_IMMUTABLE | capability.CAP_LINUX_IMMUTABLE | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags. | -| NET_BIND_SERVICE | capability.CAP_NET_BIND_SERVICE | Bind a socket to Internet domain privileged ports (port numbers less than 1024). | -| NET_BROADCAST | capability.CAP_NET_BROADCAST} | Make socket broadcasts, and listen to multicasts. | -| IPC_LOCK | capability.CAP_IPC_LOCK | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)). | -| IPC_OWNER | capability.CAP_IPC_OWNER | Bypass permission checks for operations on System V IPC objects. | -| SYS_CHROOT | capability.CAP_SYS_CHROOT | Use chroot(2), change root directory. | -| SYS_PTRACE | capability.CAP_SYS_PTRACE | Trace arbitrary processes using ptrace(2). | -| SYS_BOOT | capability.CAP_SYS_BOOT | Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution. | -| LEASE | capability.CAP_LEASE | Establish leases on arbitrary files (see fcntl(2)). | -| SETFCAP | capability.CAP_SETFCAP | Set file capabilities.| -| WAKE_ALARM | capability.CAP_WAKE_ALARM | Trigger something that will wake up the system. | -| BLOCK_SUSPEND | capability.CAP_BLOCK_SUSPEND | Employ features that can block system suspend. | +| SETPCAP | Modify process capabilities. | +| SYS_MODULE| Load and unload kernel modules. | +| SYS_RAWIO | Perform I/O port operations (iopl(2) and ioperm(2)). | +| SYS_PACCT | Use acct(2), switch process accounting on or off. | +| SYS_ADMIN | Perform a range of system administration operations. | +| SYS_NICE | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes. | +| SYS_RESOURCE | Override Resource Limits. | +| SYS_TIME | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock. | +| SYS_TTY_CONFIG | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals. | +| MKNOD | Create special files using mknod(2). | +| AUDIT_WRITE | Write records to kernel auditing log. | +| AUDIT_CONTROL | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules. | +| MAC_OVERRIDE | Allow MAC configuration or state changes. Implemented for the Smack LSM. | +| MAC_ADMIN | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM). | +| NET_ADMIN | Perform various network-related operations. | +| SYSLOG | Perform privileged syslog(2) operations. | +| CHOWN | Make arbitrary changes to file UIDs and GIDs (see chown(2)). | +| NET_RAW | Use RAW and PACKET sockets. | +| DAC_OVERRIDE | Bypass file read, write, and execute permission checks. | +| FOWNER | Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file. | +| DAC_READ_SEARCH | Bypass file read permission checks and directory read and execute permission checks. | +| FSETID | Don't clear set-user-ID and set-group-ID permission bits when a file is modified. | +| KILL | Bypass permission checks for sending signals. | +| SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. | +| SETUID | Make arbitrary manipulations of process UIDs. | +| LINUX_IMMUTABLE | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags. | +| NET_BIND_SERVICE | Bind a socket to Internet domain privileged ports (port numbers less than 1024). | +| NET_BROADCAST | Make socket broadcasts, and listen to multicasts. | +| IPC_LOCK | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)). | +| IPC_OWNER | Bypass permission checks for operations on System V IPC objects. | +| SYS_CHROOT | Use chroot(2), change root directory. | +| SYS_PTRACE | Trace arbitrary processes using ptrace(2). | +| SYS_BOOT | Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution. | +| LEASE | Establish leases on arbitrary files (see fcntl(2)). | +| SETFCAP | Set file capabilities.| +| WAKE_ALARM | Trigger something that will wake up the system. | +| BLOCK_SUSPEND | Employ features that can block system suspend. | +For futher understanding, please check [capabilities(7) - Linux man page](http://linux.die.net/man/7/capabilities) Both flags support the value `all`, so if the operator wants to have all capabilities but `MKNOD` they could use: From 5ed0d9c3debef504136b1c874ee531cf7dce0ca2 Mon Sep 17 00:00:00 2001 From: Harry Zhang Date: Tue, 31 Mar 2015 02:41:49 +0000 Subject: [PATCH 0565/2538] Revison the some columns to make table clearer Signed-off-by: Harry Zhang --- docs/sources/reference/run.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 71d03ac251..ea98fee38d 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -642,7 +642,7 @@ This can be overridden using a third `:rwm` set of options to each `--device` fl In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default -list of capabilities that are kept. Here is a table to list the reference information on capabilities. +list of capabilities that are kept. The following table lists the Linux capability options which can be added or dropped. | Capability Key | Capability Description | | :----------------- | :---------------| :-------------------- | @@ -652,7 +652,7 @@ list of capabilities that are kept. Here is a table to list the reference inform | SYS_PACCT | Use acct(2), switch process accounting on or off. | | SYS_ADMIN | Perform a range of system administration operations. | | SYS_NICE | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes. | -| SYS_RESOURCE | Override Resource Limits. | +| SYS_RESOURCE | Override resource Limits. | | SYS_TIME | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock. | | SYS_TTY_CONFIG | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals. | | MKNOD | Create special files using mknod(2). | @@ -672,7 +672,7 @@ list of capabilities that are kept. Here is a table to list the reference inform | SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. | | SETUID | Make arbitrary manipulations of process UIDs. | | LINUX_IMMUTABLE | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags. | -| NET_BIND_SERVICE | Bind a socket to Internet domain privileged ports (port numbers less than 1024). | +| NET_BIND_SERVICE | Bind a socket to internet domain privileged ports (port numbers less than 1024). | | NET_BROADCAST | Make socket broadcasts, and listen to multicasts. | | IPC_LOCK | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)). | | IPC_OWNER | Bypass permission checks for operations on System V IPC objects. | @@ -684,7 +684,7 @@ list of capabilities that are kept. Here is a table to list the reference inform | WAKE_ALARM | Trigger something that will wake up the system. | | BLOCK_SUSPEND | Employ features that can block system suspend. | -For futher understanding, please check [capabilities(7) - Linux man page](http://linux.die.net/man/7/capabilities) +Further reference information is available on the [capabilities(7) - Linux man page](http://linux.die.net/man/7/capabilities) Both flags support the value `all`, so if the operator wants to have all capabilities but `MKNOD` they could use: From 07995c4ef37244b4044220b670ef6f8917a22c41 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 1 Apr 2015 00:45:40 +0200 Subject: [PATCH 0566/2538] Fix heading level of logging drivers Syslog was a heading-2, but should be heading-3; changed the headings to heading-4 to match the "network settings" section. Also changed "Log driver" to "logging driver" for JSON. Signed-off-by: Sebastiaan van Stijn --- docs/sources/reference/run.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index ea98fee38d..000adcb7ae 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -742,17 +742,17 @@ familiar with using LXC directly. You can specify a different logging driver for the container than for the daemon. -### Logging driver: none +#### Logging driver: none Disables any logging for the container. `docker logs` won't be available with this driver. -### Log driver: json-file +#### Logging driver: json-file Default logging driver for Docker. Writes JSON messages to file. `docker logs` command is available only for this logging driver -## Logging driver: syslog +#### Logging driver: syslog Syslog logging driver for Docker. Writes log messages to syslog. `docker logs` command is not available for this logging driver From efc478e33c91f2f30943aff5c73991c7e07b8266 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 28 Jan 2015 18:28:48 -0800 Subject: [PATCH 0567/2538] Add support for more advanced ${xxx:...} syntax Just ${xxx:+...} and ${xxx:-...} for now Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index adf42ae764..d837541aa2 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -113,18 +113,30 @@ images. > replacement at the time. After 1.3 this behavior will be preserved and > canonical. -Environment variables (declared with [the `ENV` statement](#env)) can also be used in -certain instructions as variables to be interpreted by the `Dockerfile`. Escapes -are also handled for including variable-like syntax into a statement literally. +Environment variables (declared with [the `ENV` statement](#env)) can also be +used in certain instructions as variables to be interpreted by the +`Dockerfile`. Escapes are also handled for including variable-like syntax +into a statement literally. Environment variables are notated in the `Dockerfile` either with `$variable_name` or `${variable_name}`. They are treated equivalently and the brace syntax is typically used to address issues with variable names with no whitespace, like `${foo}_bar`. +The `${variable_name}` syntax also supports a few of the standard `bash` +modifiers as specified below: + +* `${variable:-word}` indicates that if `variable` is set then the result + will be that value. If `variable` is not set then `word` will be the result. +* `${variable:+word}` indiates that if `variable` is set then `word` will be + the result, otherwise the result is the empty string. + +In all cases, `word` can be any string, including additional environment +variables. + Escaping is possible by adding a `\` before the variable: `\$foo` or `\${foo}`, for example, will translate to `$foo` and `${foo}` literals respectively. - + Example (parsed representation is displayed after the `#`): FROM busybox From 26c3652d5ef5d67cacc7849c3f903518215f1aa2 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Wed, 1 Apr 2015 10:35:05 +0800 Subject: [PATCH 0568/2538] Add some missing option to bash completion Signed-off-by: Lei Jitang --- contrib/completion/bash/docker | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 19544c4da6..ad48f2886c 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -220,6 +220,10 @@ _docker_docker() { _filedir -d return ;; + --log-driver) + COMPREPLY=( $( compgen -W "json-file syslog none" -- "$cur" ) ) + return + ;; --log-level|-l) COMPREPLY=( $( compgen -W "debug info warn error fatal" -- "$cur" ) ) return @@ -275,7 +279,7 @@ _docker_build() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--file -f --force-rm --help --no-cache --pull --quiet -q --rm --tag -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--cpu-shares -c --cpuset-cpus --file -f --force-rm --help --memory -m --memory-swap --no-cache --pull --quiet -q --rm --tag -t" -- "$cur" ) ) ;; *) local counter="$(__docker_pos_first_nonflag '--tag|-t')" @@ -469,7 +473,7 @@ _docker_images() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --digests --filter -f --help --no-trunc --quiet -q" -- "$cur" ) ) ;; =) return @@ -1154,6 +1158,7 @@ _docker() { --insecure-registry --ip --label + --log-driver --log-level -l --mtu --pidfile -p From 48add9c908d4875ddf2e60a82eed228f9fef3bed Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 1 Apr 2015 00:16:43 +0200 Subject: [PATCH 0569/2538] docs: fix bullet list and missing label filter Some bullet lists didn't render as bullet-lists because of a missing newline. Also added missing "label" filter for `docker ps` and slightly re-worded the header above the supported filters. Signed-off-by: Sebastiaan van Stijn --- docs/sources/reference/commandline/cli.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e3344991b5..5ba261374c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -986,7 +986,7 @@ Using multiple filters will be handled as a *AND*; for example `--filter container=588a23dac085 --filter event=start` will display events for container container 588a23dac085 *AND* the event type is *start* -Current filters: +The currently supported filters are: * container * event @@ -1233,9 +1233,10 @@ also reference by digest in `create`, `run`, and `rmi` commands, as well as the The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) -Current filters: - * dangling (boolean - true or false) - * label (`label=` or `label==`) +The currently supported filters are: + +* dangling (boolean - true or false) +* label (`label=` or `label==`) ##### Untagged images @@ -1584,11 +1585,13 @@ Running `docker ps --no-trunc` showing 2 linked containers. The filtering flag (`-f` or `--filter)` format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) -Current filters: - * id (container's id) - * name (container's name) - * exited (int - the code of exited containers. Only useful with '--all') - * status (restarting|running|paused|exited) +The currently supported filters are: + +* id (container's id) +* label (`label=` or `label==`) +* name (container's name) +* exited (int - the code of exited containers. Only useful with `--all`) +* status (restarting|running|paused|exited) ##### Successfully exited containers From e2ecc5c6defdcb91103f590a25567c38e4701596 Mon Sep 17 00:00:00 2001 From: Deng Guangxing Date: Mon, 6 Apr 2015 14:37:19 +0800 Subject: [PATCH 0570/2538] fix typo in cli.md Signed-off-by: Deng Guangxing --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5ba261374c..8d4cdcbaaf 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -441,7 +441,7 @@ the proxy `--default-ulimit` allows you to set the default `ulimit` options to use for all containers. It takes the same options as `--ulimit` for `docker run`. If these -defaults are not set, `ulimit` settings will be inheritted, if not set on +defaults are not set, `ulimit` settings will be inherited, if not set on `docker run`, from the Docker daemon. Any `--ulimit` options passed to `docker run` will overwrite these defaults. @@ -485,7 +485,7 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). #### Examples - $ docker run -d --name topdemo ubuntu /usr/bin/top -b) + $ docker run -d --name topdemo ubuntu /usr/bin/top -b $ docker attach topdemo top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie @@ -549,7 +549,7 @@ is returned by the `docker attach` command to its caller too: -m, --memory="" Memory limit for all build containers --memory-swap="" Total memory (memory + swap), `-1` to disable swap -c, --cpu-shares CPU Shares (relative weight) - --cpuset-cpus="" CPUs in which to allow exection, e.g. `0-3`, `0,1` + --cpuset-cpus="" CPUs in which to allow execution, e.g. `0-3`, `0,1` Builds Docker images from a Dockerfile and a "context". A build's context is the files located in the specified `PATH` or `URL`. The build process can @@ -1975,7 +1975,7 @@ labels file in the current directory: $ docker run --label-file ./labels ubuntu bash The label-file format is similar to the format for loading environment -variables. (Unlike environment variables, labels are not visislbe to processes +variables. (Unlike environment variables, labels are not visible to processes running inside a container.) The following example illustrates a label-file format: From a4c88adc4dd32b227767aff48e60dcf07784ca9c Mon Sep 17 00:00:00 2001 From: dalanlan Date: Mon, 30 Mar 2015 09:00:05 +0800 Subject: [PATCH 0571/2538] fix issue #11676 #11754, disable RLIMIT_AS,edit DOCKER_OPTS Signed-off-by: Simei He --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8d4cdcbaaf..d167acc6e3 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2198,6 +2198,8 @@ available in the default container, you can set these using the `--ulimit` flag. > If you do not provide a `hard limit`, the `soft limit` will be used for both values. If no `ulimits` are set, they will be inherited from the default `ulimits` set on the daemon. +> `as` option is disabled for now. In other words, the following script is not supported: +> `$docker run -it --ulimit as=1024 fedora /bin/bash` ## save From 097e382e783955c05dad4e241bea2af0a7c2684f Mon Sep 17 00:00:00 2001 From: Simei He Date: Fri, 3 Apr 2015 14:43:21 +0800 Subject: [PATCH 0572/2538] minor edits. Signed-off-by: Simei He --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d167acc6e3..8b7e007f0f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2198,7 +2198,7 @@ available in the default container, you can set these using the `--ulimit` flag. > If you do not provide a `hard limit`, the `soft limit` will be used for both values. If no `ulimits` are set, they will be inherited from the default `ulimits` set on the daemon. -> `as` option is disabled for now. In other words, the following script is not supported: +> `as` option is disabled now. In other words, the following script is not supported: > `$docker run -it --ulimit as=1024 fedora /bin/bash` ## save From 4f146e1a81bcf5fa69b3b31dbecaa6fb3e4ded7c Mon Sep 17 00:00:00 2001 From: Simei He Date: Mon, 6 Apr 2015 09:00:59 +0800 Subject: [PATCH 0573/2538] fix the space thing. Signed-off-by: Simei He --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8b7e007f0f..0c6d6f7f90 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2199,7 +2199,7 @@ available in the default container, you can set these using the `--ulimit` flag. values. If no `ulimits` are set, they will be inherited from the default `ulimits` set on the daemon. > `as` option is disabled now. In other words, the following script is not supported: -> `$docker run -it --ulimit as=1024 fedora /bin/bash` +> `$ docker run -it --ulimit as=1024 fedora /bin/bash` ## save From 850a1672bbc9b0292fce14f830801df99dca99a8 Mon Sep 17 00:00:00 2001 From: Deng Guangxing Date: Wed, 1 Apr 2015 09:58:07 +0800 Subject: [PATCH 0574/2538] docker info show logging driver info Signed-off-by: Deng Guangxing --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0c6d6f7f90..2d59a64bb1 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1333,6 +1333,7 @@ For example: Backing Filesystem: extfs Dirs: 545 Execution Driver: native-0.2 + Logging Driver: json-file Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS CPUs: 1 From 4836b6041a904cd76c38fbe09151bb81a7fea4df Mon Sep 17 00:00:00 2001 From: Yan Feng Date: Tue, 7 Apr 2015 14:15:05 -0400 Subject: [PATCH 0575/2538] Fix 2 typos in /doc/sources/reference/run.md Signed-off-by: Yan Feng --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 000adcb7ae..151892ea7e 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -281,7 +281,7 @@ when sharing the host's network stack. Compared to the default `bridge` mode, the `host` mode gives *significantly* better networking performance since it uses the host's native networking stack -wheras the bridge has to go through one level of virtualizaion through the +whereas the bridge has to go through one level of virtualization through the docker daemon. It is recommended to run containers in this mode when their networking performance is critical, for example, a production Load Balancer or a High Performance Web Server. From 959ae3c2119ddd9744bce957eb6b5ecffebbe359 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Tue, 7 Apr 2015 13:25:48 -0700 Subject: [PATCH 0576/2538] Carry PR 12008 for contributor Closes #8040 Remove a tic for the hawk Signed-off-by: Mary Anthony --- docs/sources/reference/commandline/cli.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 2d59a64bb1..9f8daa03f5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -84,14 +84,20 @@ be set to the non-default value by explicitly setting them to `false`: ### Multi -Options like `-a=[]` indicate they can be specified multiple times: +You can specify options like `-a=[]` multiple times in a single command line, +for example in these commands: - $ docker run -a stdin -a stdout -a stderr -i -t ubuntu /bin/bash + $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash + $ docker run -a stdin -a stdout -a stderr ubuntu /bin/ls -Sometimes this can use a more complex value string, as for `-v`: +Sometimes, multiple options can call for a more complex value string as for `-v`: $ docker run -v /host:/container example/mysql +> **Note**: +> Do not use the `-t` and `-a stderr` options together due to limitations +> in the `pty` implementation. All `stderr` in `pty` mode simply goes to `stdout`. + ### Strings and Integers Options like `--name=""` expect a string, and they From cd83db8e079aeafa6c44639416cec81f75feb17d Mon Sep 17 00:00:00 2001 From: Yan Feng Date: Wed, 8 Apr 2015 11:23:47 -0400 Subject: [PATCH 0577/2538] Fix a typo in /doc/sources/reference/run.md Signed-off-by: Yan Feng --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 151892ea7e..daf26bff8f 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -562,7 +562,7 @@ the number of containers running on the system. For example, consider three containers, one has a cpu-share of 1024 and two others have a cpu-share setting of 512. When processes in all three containers attempt to use 100% of CPU, the first container would receive -50% of the total CPU time. If you add a fouth container with a cpu-share +50% of the total CPU time. If you add a fourth container with a cpu-share of 1024, the first container only gets 33% of the CPU. The remaining containers receive 16.5%, 16.5% and 33% of the CPU. From b43ebd8449583135d7b9009a392d9d75d9eab79b Mon Sep 17 00:00:00 2001 From: David Young Date: Sun, 4 Jan 2015 14:47:01 +0800 Subject: [PATCH 0578/2538] Add comment column in docker history command output Signed-off-by: David Young --- docs/sources/reference/commandline/cli.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 9f8daa03f5..f7d47edb04 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1151,6 +1151,7 @@ This will create a new Bash session in the container `ubuntu_bash`. To see how the `docker:latest` image was built: +<<<<<<< HEAD $ docker history docker IMAGE CREATED CREATED BY SIZE 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B @@ -1159,6 +1160,26 @@ To see how the `docker:latest` image was built: 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B +======= + $ sudo docker history docker + IMAGE CREATED CREATED BY SIZE COMMENT + 3e23a5875458 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B + 8578938dd170 8 days ago /bin/sh -c dpkg-reconfigure locales && loc 1.245 MB + be51b77efb42 8 days ago /bin/sh -c apt-get update && apt-get install 338.3 MB + 4b137612be55 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB + 750d58736b4b 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi >>>>>> Add comment column in docker history command output ## images From 6ad4157d89f5463f0eb33480be04ac94352fe227 Mon Sep 17 00:00:00 2001 From: David Young Date: Thu, 26 Mar 2015 12:39:50 +0800 Subject: [PATCH 0579/2538] Refine document by review comments Signed-off-by: David Young --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index f7d47edb04..ec26d0418c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1170,7 +1170,7 @@ To see how the `docker:latest` image was built: 750d58736b4b 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi Date: Wed, 8 Apr 2015 19:43:25 -0400 Subject: [PATCH 0580/2538] Rebase + some fixes Signed-off-by: Tibor Vass --- docs/sources/reference/commandline/cli.md | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ec26d0418c..507f2990b9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1151,17 +1151,7 @@ This will create a new Bash session in the container `ubuntu_bash`. To see how the `docker:latest` image was built: -<<<<<<< HEAD $ docker history docker - IMAGE CREATED CREATED BY SIZE - 3e23a5875458790b7a806f95f7ec0d0b2a5c1659bfc899c89f939f6d5b8f7094 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B - 8578938dd17054dce7993d21de79e96a037400e8d28e15e7290fea4f65128a36 8 days ago /bin/sh -c dpkg-reconfigure locales && locale-gen C.UTF-8 && /usr/sbin/update-locale LANG=C.UTF-8 1.245 MB - be51b77efb42f67a5e96437b3e102f81e0a1399038f77bf28cea0ed23a65cf60 8 days ago /bin/sh -c apt-get update && apt-get install -y git libxml2-dev python build-essential make gcc python-dev locales python-pip 338.3 MB - 4b137612be55ca69776c7f30c2d2dd0aa2e7d72059820abf3e25b629f887a084 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB - 750d58736b4b6cc0f9a9abe8f258cef269e3e9dceced1146503522be9f985ada 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi - mkimage-debootstrap.sh -t jessie.tar.xz jessie http://http.debian.net/debian 0 B - 511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 9 months ago 0 B -======= - $ sudo docker history docker IMAGE CREATED CREATED BY SIZE COMMENT 3e23a5875458 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B 8578938dd170 8 days ago /bin/sh -c dpkg-reconfigure locales && loc 1.245 MB @@ -1172,14 +1162,13 @@ To see how the `docker:latest` image was built: To see how the `docker:apache` image was added to a container's base image: - $ sudo docker history docker:scm + $ docker history docker:scm IMAGE CREATED CREATED BY SIZE COMMENT 2ac9d1098bf1 3 months ago /bin/bash 241.4 MB Added Apache to Fedora base image 88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B 511136ea3c5a 19 months ago 0 B Imported from - ->>>>>>> Add comment column in docker history command output ## images From 298268dd0ad52e339ee4df4f340055a9df8e0a07 Mon Sep 17 00:00:00 2001 From: Ahmet Alp Balkan Date: Wed, 8 Apr 2015 16:37:39 -0700 Subject: [PATCH 0581/2538] cli: Better wording for daemon --log-driver This flag is passed to the daemon CLI. In my opinion, "Container's logging driver" is not accurate and refers to 'one container'. Also the `syslog` driver was missing from the list. Having the list of all logging drivers won't scale here (should be <80 chars per line) and we have `rotation` driver coming up in the pipeline as well (gh11485). Signed-off-by: Ahmet Alp Balkan --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 507f2990b9..d892aeb6f4 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -134,7 +134,7 @@ expect an integer, and they can only be specified once. --ipv6=false Enable IPv6 networking -l, --log-level="info" Set the logging level --label=[] Set key=value labels to the daemon - --log-driver="json-file" Container's logging driver (json-file/none) + --log-driver="json-file" Default driver for container logs --mtu=0 Set the containers network MTU -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --registry-mirror=[] Preferred Docker registry mirror From c121c241254aa5c0407d089b32d4c5e32475ac56 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Tue, 17 Mar 2015 10:44:42 -0400 Subject: [PATCH 0582/2538] devmapper: storage-opt override for udev sync This provides an override for forcing the daemon to still attempt running the devicemapper driver even when udev sync is not supported. Intended to be a very clear impairment for those choosing to use it. If udev sync is false, there will still be an error in the daemon logs, even when the override is in place. The docs have an explicit WARNING. Including link to the docs for users that encounter this daemon error during an upgrade. Signed-off-by: Vincent Batts --- docs/sources/reference/commandline/cli.md | 35 +++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d892aeb6f4..79f59f5f2d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -376,6 +376,41 @@ Currently supported options are: $ docker -d --storage-opt dm.blkdiscard=false + * `dm.override_udev_sync_check` + + Overrides the `udev` synchronization checks between `devicemapper` and `udev`. + `udev` is the device manager for the Linux kernel. + + To view the `udev` sync support of a Docker daemon that is using the + `devicemapper` driver, run: + + $ docker info + [...] + Udev Sync Supported: true + [...] + + When `udev` sync support is `true`, then `devicemapper` and udev can + coordinate the activation and deactivation of devices for containers. + + When `udev` sync support is `false`, a race condition occurs between + the`devicemapper` and `udev` during create and cleanup. The race condition + results in errors and failures. (For information on these failures, see + [docker#4036](https://github.com/docker/docker/issues/4036)) + + To allow the `docker` daemon to start, regardless of `udev` sync not being + supported, set `dm.override_udev_sync_check` to true: + + $ docker -d --storage-opt dm.override_udev_sync_check=true + + When this value is `true`, the `devicemapper` continues and simply warns + you the errors are happening. + + > **Note**: The ideal is to pursue a `docker` daemon and environment that + > does support synchronizing with `udev`. For further discussion on this + > topic, see [docker#4036](https://github.com/docker/docker/issues/4036). + > Otherwise, set this flag for migrating existing Docker daemons to a + > daemon with a supported environment. + ### Docker exec-driver option The Docker daemon uses a specifically built `libcontainer` execution driver as its From d5fb91f48cc0afdeaf7d69cfc9303bba60bd86cd Mon Sep 17 00:00:00 2001 From: Deng Guangxing Date: Sat, 11 Apr 2015 09:24:21 +0800 Subject: [PATCH 0583/2538] 'docker rmi -f IMAGE_ID' untag all names and delete the image If an image has been tagged to multiple repos and tags, 'docker rmi -f IMAGE_ID' will just untag one random repo instead of untagging all and deleting the image. This patch implement this. This commit is composed of: *untag all names and delete the image *add test to this feature *modify commandline/cli.md to explain this Signed-off-by: Deng Guangxing --- docs/sources/reference/commandline/cli.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 79f59f5f2d..b9f506a6c8 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1794,6 +1794,21 @@ before the image is removed. Untagged: test:latest Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 +If you use the `-f` flag and specify the image's short or long ID, then this +command untags and removes all images that match the specified ID. + + $ docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + + $ docker rmi -f fd484f19954f + Untagged: test1:latest + Untagged: test:latest + Untagged: test2:latest + Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 + An image pulled by digest has no tag associated with it: $ docker images --digests From b22aaac04763ec3749d7235ecb0f67be6ebf59ae Mon Sep 17 00:00:00 2001 From: Eric Windisch Date: Sat, 11 Apr 2015 13:42:17 -0400 Subject: [PATCH 0584/2538] HTTPS URLs for docs top-level & man pages This updates all of docs outside of sources. Signed-off-by: Eric Windisch --- docs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/README.md b/docs/README.md index 15fee1d364..8ff25adab7 100755 --- a/docs/README.md +++ b/docs/README.md @@ -3,7 +3,7 @@ The source for Docker documentation is in this directory under `sources/`. Our documentation uses extended Markdown, as implemented by [MkDocs](http://mkdocs.org). The current release of the Docker documentation -resides on [http://docs.docker.com](http://docs.docker.com). +resides on [https://docs.docker.com](https://docs.docker.com). ## Understanding the documentation branches and processes @@ -11,7 +11,7 @@ Docker has two primary branches for documentation: | Branch | Description | URL (published via commit-hook) | |----------|--------------------------------|------------------------------------------------------------------------------| -| `docs` | Official release documentation | [http://docs.docker.com](http://docs.docker.com) | +| `docs` | Official release documentation | [https://docs.docker.com](https://docs.docker.com) | | `master` | Merged but unreleased development work | [http://docs.master.dockerproject.com](http://docs.master.dockerproject.com) | Additions and updates to upcoming releases are made in a feature branch off of From 07ee4d5ec20bf6dd03cee4873c7a17e833adc61e Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Mon, 13 Apr 2015 17:33:59 +0100 Subject: [PATCH 0585/2538] Add a note about PID 1 not terminating on SIGINT/SIGTERM. Also re-arranged the description of CTRL-c to make it clearer. Signed-off-by: Bryan Boreham --- docs/sources/reference/commandline/cli.md | 14 ++++++++++---- docs/sources/reference/run.md | 5 +++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b9f506a6c8..b78a169b5f 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -516,10 +516,16 @@ interactively. You can attach to the same contained process multiple times simultaneously, screen sharing style, or quickly view the progress of your daemonized process. -You can detach from the container (and leave it running) with `CTRL-p CTRL-q` -(for a quiet exit) or `CTRL-c` which will send a `SIGKILL` to the container. -When you are attached to a container, and exit its main process, the process's -exit code will be returned to the client. +You can detach from the container and leave it running with `CTRL-p +CTRL-q` (for a quiet exit) or with `CTRL-c` if `--sig-proxy` is false. + +If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` +to the container. + +>**Note**: A process running as PID 1 inside a container is treated +>specially by Linux: it ignores any signal with the default action. +>So, the process will not terminate on `SIGINT` or `SIGTERM` unless it is +>coded to do so. It is forbidden to redirect the standard input of a `docker attach` command while attaching to a tty-enabled container (i.e.: launched with `-t`). diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index daf26bff8f..d41b686c4b 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -111,6 +111,11 @@ as you'll see in later examples. Specifying `-t` is forbidden when the client standard output is redirected or piped, such as in: `echo test | docker run -i busybox cat`. +>**Note**: A process running as PID 1 inside a container is treated +>specially by Linux: it ignores any signal with the default action. +>So, the process will not terminate on `SIGINT` or `SIGTERM` unless it is +>coded to do so. + ## Container identification ### Name (--name) From a878ece03232cf209626ba48957a35838403b603 Mon Sep 17 00:00:00 2001 From: jianbosun Date: Wed, 8 Apr 2015 12:25:41 +0800 Subject: [PATCH 0586/2538] change memory usage display using standard unix postfixes add unit test for display also change doc for memory usage display change for example GiB will be GB Signed-off-by: Sun Jianbo --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b78a169b5f..10953dc2d5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2342,7 +2342,7 @@ Running `docker stats` on multiple containers $ docker stats redis1 redis2 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O redis1 0.07% 796 KiB/64 MiB 1.21% 788 B/648 B - redis2 0.07% 2.746 MiB/64 MiB 4.29% 1.266 KiB/648 B + redis2 0.07% 2.746 MB/64 MB 4.29% 1.266 KB/648 B The `docker stats` command will only return a live stream of data for running From 3ca275df6d415e46deebbe3bfe7c6039ca9ed4b7 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Sat, 11 Apr 2015 11:04:24 +0800 Subject: [PATCH 0587/2538] Add `-u|--user` flag to docker exec for running command as a different user Signed-off-by: Lei Jitang --- contrib/completion/bash/docker | 2 +- docs/sources/reference/commandline/cli.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ad48f2886c..ef7f0f3356 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -407,7 +407,7 @@ _docker_events() { _docker_exec() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i -t --tty" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i -t --tty -u --user" -- "$cur" ) ) ;; *) __docker_containers_running diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 10953dc2d5..8a7809532d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1121,6 +1121,7 @@ You'll need two shells for this example. -d, --detach=false Detached mode: run command in the background -i, --interactive=false Keep STDIN open even if not attached -t, --tty=false Allocate a pseudo-TTY + -u, --user= Username or UID (format: [:]) The `docker exec` command runs a new command in a running container. From cae7221b8d8cde44e5b6248f6e075d12a0f5b781 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Sat, 11 Apr 2015 11:26:37 +0800 Subject: [PATCH 0588/2538] Add docker exec run a command in privileged mode Signed-off-by: Lei Jitang --- contrib/completion/bash/docker | 2 +- docs/sources/reference/commandline/cli.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ef7f0f3356..f669352119 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -407,7 +407,7 @@ _docker_events() { _docker_exec() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i -t --tty -u --user" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) ) ;; *) __docker_containers_running diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 8a7809532d..e607120c87 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1120,6 +1120,7 @@ You'll need two shells for this example. -d, --detach=false Detached mode: run command in the background -i, --interactive=false Keep STDIN open even if not attached + --privileged=false Give extended privileges to the command -t, --tty=false Allocate a pseudo-TTY -u, --user= Username or UID (format: [:]) From 2040dff996c943dc37a0dc6d643bd5be9051ae06 Mon Sep 17 00:00:00 2001 From: wonderflow Date: Tue, 14 Apr 2015 18:34:20 +0800 Subject: [PATCH 0589/2538] fix memory stats display document Signed-off-by: Sun Jianbo --- docs/sources/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e607120c87..7375261230 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2343,7 +2343,7 @@ Running `docker stats` on multiple containers $ docker stats redis1 redis2 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O - redis1 0.07% 796 KiB/64 MiB 1.21% 788 B/648 B + redis1 0.07% 796 KB/64 MB 1.21% 788 B/648 B redis2 0.07% 2.746 MB/64 MB 4.29% 1.266 KB/648 B From 84861b2109a16cadb2979179d798a0e7bd39e9cf Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 15 Apr 2015 09:33:46 +0800 Subject: [PATCH 0590/2538] add support for cpuset.mems Signed-off-by: Qiang Huang --- docs/sources/reference/commandline/cli.md | 2 ++ docs/sources/reference/run.md | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 7375261230..60a604b8bb 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -892,6 +892,7 @@ Creates a new container. --cgroup-parent="" Optional parent cgroup for the container --cidfile="" Write the container ID to the file --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) --device=[] Add a host device to the container --dns=[] Set custom DNS servers --dns-search=[] Set custom DNS search domains @@ -1844,6 +1845,7 @@ To remove an image using its digest: --cap-drop=[] Drop Linux capabilities --cidfile="" Write the container ID to the file --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container --dns=[] Set custom DNS servers diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index d41b686c4b..b5784cba78 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -474,6 +474,7 @@ container: -memory-swap="": Total memory limit (memory + swap, format: , where unit = b, k, m or g) -c, --cpu-shares=0: CPU shares (relative weight) --cpuset-cpus="": CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems="": Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. ### Memory constraints @@ -599,6 +600,21 @@ This means processes in container can be executed on cpu 1 and cpu 3. This means processes in container can be executed on cpu 0, cpu 1 and cpu 2. +We can set mems in which to allow execution for containers. Only effective +on NUMA systems. + +Examples: + + $ docker run -ti --cpuset-mems="1,3" ubuntu:14.04 /bin/bash + +This example restricts the processes in the container to only use memory from +memory nodes 1 and 3. + + $ docker run -ti --cpuset-mems="0-2" ubuntu:14.04 /bin/bash + +This example restricts the processes in the container to only use memory from +memory nodes 0, 1 and 2. + ## Runtime privilege, Linux capabilities, and LXC configuration --cap-add: Add Linux capabilities From 39840874a3982222811467f6dee486e9632cc08a Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Tue, 14 Apr 2015 10:00:48 +0800 Subject: [PATCH 0591/2538] Add cpuset-mems support for docker build Signed-off-by: Qiang Huang --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 60a604b8bb..607f670762 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -597,6 +597,7 @@ is returned by the `docker attach` command to its caller too: --memory-swap="" Total memory (memory + swap), `-1` to disable swap -c, --cpu-shares CPU Shares (relative weight) --cpuset-cpus="" CPUs in which to allow execution, e.g. `0-3`, `0,1` + --cpuset-mems="" MEMs in which to allow execution, e.g. `0-3`, `0,1` Builds Docker images from a Dockerfile and a "context". A build's context is the files located in the specified `PATH` or `URL`. The build process can From 9dd7c2c70df8d2f00646a6b1918cd56304b1953f Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 1 Apr 2015 15:39:37 -0700 Subject: [PATCH 0592/2538] Add .docker/config.json and support for HTTP Headers This PR does the following: - migrated ~/.dockerfg to ~/.docker/config.json. The data is migrated but the old file remains in case its needed - moves the auth json in that fie into an "auth" property so we can add new top-level properties w/o messing with the auth stuff - adds support for an HttpHeaders property in ~/.docker/config.json which adds these http headers to all msgs from the cli In a follow-on PR I'll move the config file process out from under "registry" since it not specific to that any more. I didn't do it here because I wanted the diff to be smaller so people can make sure I didn't break/miss any auth code during my edits. Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 29 +++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 607f670762..821de99e30 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -48,6 +48,35 @@ These Go environment variables are case-insensitive. See the [Go specification](http://golang.org/pkg/net/http/) for details on these variables. +## Configuration Files + +The Docker command line stores its configuration files in a directory called +`.docker` within your `HOME` directory. Docker manages most of the files in +`.docker` and you should not modify them. However, you *can modify* the +`.docker/config.json` file to control certain aspects of how the `docker` +command behaves. + +Currently, you can modify the `docker` command behavior using environment +variables or command-line options. You can also use options within +`config.json` to modify some of the same behavior. When using these +mechanisms, you must keep in mind the order of precedence among them. Command +line options override environment variables and environment variables override +properties you specify in a `config.json` file. + +The `config.json` file stores a JSON encoding of a single `HttpHeaders` +property. The property specifies a set of headers to include in all +messages sent from the Docker client to the daemon. Docker does not try to +interpret or understand these header; it simply puts them into the messages. +Docker does not allow these headers to change any headers it sets for itself. + +Following is a sample `config.json` file: + + { + "HttpHeaders: { + "MyHeader": "MyValue" + } + } + ## Help To list the help on any command just execute the command, followed by the `--help` option. From 7604419278d4dbd29cfd1186fa3bdc9495014575 Mon Sep 17 00:00:00 2001 From: Sylvain Baubeau Date: Thu, 18 Dec 2014 10:09:42 +0100 Subject: [PATCH 0593/2538] Allow specifying a default gateway for bridge networking Signed-off-by: Sylvain Baubeau --- docs/sources/reference/commandline/cli.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 821de99e30..986c0d45fb 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -145,6 +145,8 @@ expect an integer, and they can only be specified once. --bip="" Specify network bridge IP -D, --debug=false Enable debug mode -d, --daemon=false Enable daemon mode + --default-gateway="" Container default gateway IPv4 address + --default-gateway-v6="" Container default gateway IPv6 address --dns=[] DNS server to use --dns-search=[] DNS search domains to use -e, --exec-driver="native" Exec driver to use From f00c5d0720f1c559e8b3a165984a1be9c77ef679 Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Thu, 16 Apr 2015 08:29:04 -0700 Subject: [PATCH 0594/2538] Add -H|--human flag to `docker history` Add a flag to print sizes and dates in human readable format. Signed-off-by: Arnaud Porterie --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 986c0d45fb..88250f7625 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1222,6 +1222,7 @@ This will create a new Bash session in the container `ubuntu_bash`. Show the history of an image + -H, --human=true Print sizes and dates in human readable format --no-trunc=false Don't truncate output -q, --quiet=false Only show numeric IDs From 6c60a3415cde10c46b055b0bad34c1bfce695b5b Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 20 Apr 2015 08:16:47 -0700 Subject: [PATCH 0595/2538] Add support cpu cfs quota Signed-off-by: Lei Jitang --- contrib/completion/bash/docker | 1 + docs/sources/reference/commandline/cli.md | 2 ++ docs/sources/reference/run.md | 10 ++++++++++ 3 files changed, 13 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f669352119..7f87e50f5d 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -770,6 +770,7 @@ _docker_run() { --cidfile --cpuset --cpu-shares -c + --cpu-quota --device --dns --dns-search diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 88250f7625..642aa735a9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -925,6 +925,7 @@ Creates a new container. --cidfile="" Write the container ID to the file --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) + --cpu-quota=0 Limit the CPU CFS (Completely Fair Scheduler) quota --device=[] Add a host device to the container --dns=[] Set custom DNS servers --dns-search=[] Set custom DNS search domains @@ -1879,6 +1880,7 @@ To remove an image using its digest: --cidfile="" Write the container ID to the file --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) + --cpu-quota=0 Limit the CPU CFS (Completely Fair Scheduler) quota -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container --dns=[] Set custom DNS servers diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index b5784cba78..10178b382a 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -475,6 +475,7 @@ container: -c, --cpu-shares=0: CPU shares (relative weight) --cpuset-cpus="": CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="": Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. + --cpu-quota=0: Limit the CPU CFS (Completely Fair Scheduler) quota ### Memory constraints @@ -615,6 +616,15 @@ memory nodes 1 and 3. This example restricts the processes in the container to only use memory from memory nodes 0, 1 and 2. +### CPU quota constraint + +The `--cpu-quota` flag limits the container's CPU usage. The default 0 value +allows the container to take 100% of a CPU resource (1 CPU). The CFS (Completely Fair +Scheduler) handles resource allocation for executing processes and is default +Linux Scheduler used by the kernel. Set this value to 50000 to limit the container +to 50% of a CPU resource. For multiple CPUs, adjust the `--cpu-quota` as necessary. +For more information, see the [CFS documentation on bandwidth limiting](https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt). + ## Runtime privilege, Linux capabilities, and LXC configuration --cap-add: Add Linux capabilities From 66d3021b4911e148868da4072d9385fd893e9d38 Mon Sep 17 00:00:00 2001 From: Shijiang Wei Date: Mon, 20 Apr 2015 16:48:17 +0800 Subject: [PATCH 0596/2538] Remove some unsupported instructions in the docs. Signed-off-by: Shijiang Wei --- docs/sources/reference/commandline/cli.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 642aa735a9..96aef620c9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -870,7 +870,8 @@ If this behavior is undesired, set the 'p' option to false. The `--change` option will apply `Dockerfile` instructions to the image that is created. -Supported `Dockerfile` instructions: `ADD`|`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`FROM`|`MAINTAINER`|`RUN`|`USER`|`LABEL`|`VOLUME`|`WORKDIR`|`COPY` +Supported `Dockerfile` instructions: +`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` #### Commit a container @@ -1380,8 +1381,8 @@ the `-` parameter to take the data from `STDIN`. The `--change` option will apply `Dockerfile` instructions to the image that is created. -Supported `Dockerfile` instructions: `CMD`, `ENTRYPOINT`, `ENV`, `EXPOSE`, -`ONBUILD`, `USER`, `VOLUME`, `WORKDIR` +Supported `Dockerfile` instructions: +`CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` #### Examples From 8bf56348e9d0c513a1f4961dc7be89ef8f5b1cd1 Mon Sep 17 00:00:00 2001 From: Jeff Nickoloff Date: Sat, 18 Apr 2015 11:34:28 -0700 Subject: [PATCH 0597/2538] Update builder.md Single value labels do not work in 1.6 and multi-label instructions only work when separated by non-EOL whitespace. I also added an example snip from the inspect output with the labels that are included in this guide. Signed-off-by: Jeff Nickoloff --- docs/sources/reference/builder.md | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index d837541aa2..a4fcbebc1b 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -373,9 +373,8 @@ blackslashes as you would in command-line parsing. LABEL "com.example.vendor"="ACME Incorporated" An image can have more than one label. To specify multiple labels, separate each -key-value pair by an EOL. +key-value pair with whitespace. - LABEL com.example.label-without-value LABEL com.example.label-with-value="foo" LABEL version="1.0" LABEL description="This text illustrates \ @@ -385,6 +384,8 @@ Docker recommends combining labels in a single `LABEL` instruction where possible. Each `LABEL` instruction produces a new layer which can result in an inefficient image if you use many labels. This example results in four image layers. + + LABEL multi.label1="value1" multi.label2="value2" other="value3" Labels are additive including `LABEL`s in `FROM` images. As the system encounters and then applies a new label, new `key`s override any previous labels @@ -392,6 +393,16 @@ with identical keys. To view an image's labels, use the `docker inspect` command. + "Labels": { + "com.example.vendor": "ACME Incorporated" + "com.example.label-with-value": "foo", + "version": "1.0", + "description": "This text illustrates that label-values can span multiple lines.", + "multi.label1": "value1", + "multi.label2": "value2", + "other": "value3" + }, + ## EXPOSE EXPOSE [...] From 33e6a5b9c5ed7042cbb03d6bb65cac715e1307aa Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 20 Apr 2015 14:26:39 -0400 Subject: [PATCH 0598/2538] Add journald as a supported logger for containers Docker-DCO-1.1-Signed-off-by: Dan Walsh (github: rhatdan) --- docs/sources/reference/run.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 10178b382a..a0d66937f1 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -788,6 +788,10 @@ command is available only for this logging driver Syslog logging driver for Docker. Writes log messages to syslog. `docker logs` command is not available for this logging driver +#### Logging driver: journald + +Journald logging driver for Docker. Writes log messages to journald. `docker logs` command is not available for this logging driver + ## Overriding Dockerfile image defaults When a developer builds an image from a [*Dockerfile*](/reference/builder) From acc0eac695a22791eaaa4ea029e829b9c0c71514 Mon Sep 17 00:00:00 2001 From: Rick Wieman Date: Tue, 21 Apr 2015 17:50:09 +0200 Subject: [PATCH 0599/2538] Makes headings in documentation consistent Fixes #10673. Signed-off-by: Rick Wieman --- docs/sources/reference/builder.md | 10 +++++----- docs/sources/reference/commandline/cli.md | 6 +++--- docs/sources/reference/run.md | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index a4fcbebc1b..583698d882 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -1,8 +1,8 @@ -page_title: Dockerfile Reference +page_title: Dockerfile reference page_description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image. page_keywords: builder, docker, Dockerfile, automation, image creation -# Dockerfile Reference +# Dockerfile reference **Docker can build images automatically** by reading the instructions from a `Dockerfile`. A `Dockerfile` is a text document that contains all @@ -105,7 +105,7 @@ be treated as an argument. This allows statements like: Here is the set of instructions you can use in a `Dockerfile` for building images. -### Environment Replacement +### Environment replacement > **Note**: prior to 1.3, `Dockerfile` environment variables were handled > similarly, in that they would be replaced as described below. However, there @@ -288,7 +288,7 @@ guide](/articles/dockerfile_best-practices/#build-cache) for more information. The cache for `RUN` instructions can be invalidated by `ADD` instructions. See [below](#add) for details. -### Known Issues (RUN) +### Known issues (RUN) - [Issue 783](https://github.com/docker/docker/issues/783) is about file permissions problems that can occur when using the AUFS file system. You @@ -973,7 +973,7 @@ For example you might add something like this: > **Warning**: The `ONBUILD` instruction may not trigger `FROM` or `MAINTAINER` instructions. -## Dockerfile Examples +## Dockerfile examples # Nginx # diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 96aef620c9..a871162049 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -24,7 +24,7 @@ the `docker` command, your system administrator can create a Unix group called For more information about installing Docker or `sudo` configuration, refer to the [installation](/installation) instructions for your operating system. -## Environment Variables +## Environment variables For easy reference, the following list of environment variables are supported by the `docker` command line: @@ -48,7 +48,7 @@ These Go environment variables are case-insensitive. See the [Go specification](http://golang.org/pkg/net/http/) for details on these variables. -## Configuration Files +## Configuration files The Docker command line stores its configuration files in a directory called `.docker` within your `HOME` directory. Docker manages most of the files in @@ -2210,7 +2210,7 @@ application change: `--rm` option means that when the container exits, the container's layer is removed. -#### Restart Policies +#### Restart policies Use Docker's `--restart` to specify a container's *restart policy*. A restart policy controls whether the Docker daemon restarts a container after exit. diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index a0d66937f1..7218fab649 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -156,7 +156,7 @@ Images using the v2 or later image format have a content-addressable identifier called a digest. As long as the input used to generate the image is unchanged, the digest value is predictable and referenceable. -## PID Settings (--pid) +## PID settings (--pid) --pid="" : Set the PID (Process) Namespace mode for the container, 'host': use the host's PID namespace inside the container @@ -177,7 +177,7 @@ within the container. This command would allow you to use `strace` inside the container on pid 1234 on the host. -## IPC Settings (--ipc) +## IPC settings (--ipc) --ipc="" : Set the IPC mode for the container, 'container:': reuses another container's IPC namespace From 3f2bc86a4f5a0e58a4eac511ab70150f9bc19bf0 Mon Sep 17 00:00:00 2001 From: Tristan Carel Date: Thu, 23 Apr 2015 12:10:47 +0200 Subject: [PATCH 0600/2538] Fix typo in builder reference Signed-off-by: Tristan Carel --- docs/sources/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 583698d882..83121e6bd9 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -180,7 +180,7 @@ that will be excluded from the context. Globbing is done using Go's > **Note**: > The `.dockerignore` file can even be used to ignore the `Dockerfile` and > `.dockerignore` files. This might be useful if you are copying files from -> the root of the build context into your new containter but do not want to +> the root of the build context into your new container but do not want to > include the `Dockerfile` or `.dockerignore` files (e.g. `ADD . /someDir/`). The following example shows the use of the `.dockerignore` file to exclude the From 433f49684e51576bbd607c3727315f67d2960145 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Fri, 24 Apr 2015 08:54:08 +0800 Subject: [PATCH 0601/2538] Add cpu cfs quota to build Signed-off-by: Lei Jitang --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7f87e50f5d..f3b8331587 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -279,7 +279,7 @@ _docker_build() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--cpu-shares -c --cpuset-cpus --file -f --force-rm --help --memory -m --memory-swap --no-cache --pull --quiet -q --rm --tag -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--cpu-shares -c --cpuset-cpus --cpu-quota --file -f --force-rm --help --memory -m --memory-swap --no-cache --pull --quiet -q --rm --tag -t" -- "$cur" ) ) ;; *) local counter="$(__docker_pos_first_nonflag '--tag|-t')" From 72f4a6bc1c08bc1bf96167085184c53cac73ba8c Mon Sep 17 00:00:00 2001 From: David Calavera Date: Thu, 23 Apr 2015 09:35:19 -0700 Subject: [PATCH 0602/2538] Document the extra `depth` argument in git contexts. Signed-off-by: David Calavera --- docs/sources/reference/commandline/cli.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a871162049..26659c8ffa 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -636,12 +636,13 @@ refer to any of the files in the context. For example, your build can use an [*ADD*](/reference/builder/#add) instruction to reference a file in the context. -The `URL` parameter can specify the location of a Git repository; in this -case, the repository is the context. The Git repository is recursively -cloned with its submodules. The system does a fresh `git clone -recursive` -in a temporary directory on your local host. Then, this clone is sent to -the Docker daemon as the context. Local clones give you the ability to -access private repositories using local user credentials, VPN's, and so forth. +The `URL` parameter can specify the location of a Git repository; +the repository acts as the build context. The system recursively clones the repository +and its submodules using a `git clone --depth 1 --recursive` command. +This command runs in a temporary directory on your local host. +After the command succeeds, the directory is sent to the Docker daemon as the context. +Local clones give you the ability to access private repositories using +local user credentials, VPN's, and so forth. Instead of specifying a context, you can pass a single Dockerfile in the `URL` or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: From fcf01194a9e10c4b6d52f771fdab350ac870b255 Mon Sep 17 00:00:00 2001 From: Ed Costello Date: Sat, 25 Apr 2015 14:57:01 -0400 Subject: [PATCH 0603/2538] Copy edits for typos Signed-off-by: Ed Costello --- docs/sources/reference/builder.md | 8 ++++---- docs/sources/reference/run.md | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 83121e6bd9..c5392f8474 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -128,7 +128,7 @@ modifiers as specified below: * `${variable:-word}` indicates that if `variable` is set then the result will be that value. If `variable` is not set then `word` will be the result. -* `${variable:+word}` indiates that if `variable` is set then `word` will be +* `${variable:+word}` indicates that if `variable` is set then `word` will be the result, otherwise the result is the empty string. In all cases, `word` can be any string, including additional environment @@ -158,7 +158,7 @@ The instructions that handle environment variables in the `Dockerfile` are: `ONBUILD` instructions are **NOT** supported for environment replacement, even the instructions above. -Environment variable subtitution will use the same value for each variable +Environment variable substitution will use the same value for each variable throughout the entire command. In other words, in this example: ENV abc=hello @@ -299,7 +299,7 @@ The cache for `RUN` instructions can be invalidated by `ADD` instructions. See the layers with `dirperm1` option. More details on `dirperm1` option can be found at [`aufs` man page](http://aufs.sourceforge.net/aufs3/man.html) - If your system doesnt have support for `dirperm1`, the issue describes a workaround. + If your system doesn't have support for `dirperm1`, the issue describes a workaround. ## CMD @@ -368,7 +368,7 @@ default specified in `CMD`. The `LABEL` instruction adds metadata to an image. A `LABEL` is a key-value pair. To include spaces within a `LABEL` value, use quotes and -blackslashes as you would in command-line parsing. +backslashes as you would in command-line parsing. LABEL "com.example.vendor"="ACME Incorporated" diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 7218fab649..990faaf6c0 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -380,7 +380,7 @@ This means the daemon will wait for 100 ms, then 200 ms, 400, 800, 1600, and so on until either the `on-failure` limit is hit, or when you `docker stop` or `docker rm -f` the container. -If a container is succesfully restarted (the container is started and runs +If a container is successfully restarted (the container is started and runs for at least 10 seconds), the delay is reset to its default value of 100 ms. You can specify the maximum amount of times Docker will try to restart the From 63193b17b164d6128449c22c6cf27a85008c52a9 Mon Sep 17 00:00:00 2001 From: buddhamagnet Date: Thu, 9 Apr 2015 20:07:06 +0100 Subject: [PATCH 0604/2538] add support for exclusion rules in dockerignore Signed-off-by: Dave Goodchild --- docs/sources/reference/builder.md | 97 ++++++++++++++--------- docs/sources/reference/commandline/cli.md | 69 ++++++---------- 2 files changed, 84 insertions(+), 82 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index c5392f8474..7dbe549237 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -41,10 +41,11 @@ whole context must be transferred to the daemon. The Docker CLI reports > repository, the entire contents of your hard drive will get sent to the daemon (and > thus to the machine running the daemon). You probably don't want that. -In most cases, it's best to put each Dockerfile in an empty directory, and then add only -the files needed for building that Dockerfile to that directory. To further speed up the -build, you can exclude files and directories by adding a `.dockerignore` file to the same -directory. +In most cases, it's best to put each Dockerfile in an empty directory. Then, +only add the files needed for building the Dockerfile to the directory. To +increase the build's performance, you can exclude files and directories by +adding a `.dockerignore` file to the directory. For information about how to +[create a `.dockerignore` file](#the-dockerignore-file) on this page. You can specify a repository and tag at which to save the new image if the build succeeds: @@ -169,43 +170,67 @@ will result in `def` having a value of `hello`, not `bye`. However, `ghi` will have a value of `bye` because it is not part of the same command that set `abc` to `bye`. -## The `.dockerignore` file +### .dockerignore file -If a file named `.dockerignore` exists in the source repository, then it -is interpreted as a newline-separated list of exclusion patterns. -Exclusion patterns match files or directories relative to the source repository -that will be excluded from the context. Globbing is done using Go's +If a file named `.dockerignore` exists in the root of `PATH`, then Docker +interprets it as a newline-separated list of exclusion patterns. Docker excludes +files or directories relative to `PATH` that match these exclusion patterns. If +there are any `.dockerignore` files in `PATH` subdirectories, Docker treats +them as normal files. + +Filepaths in `.dockerignore` are absolute with the current directory as the +root. Wildcards are allowed but the search is not recursive. Globbing (file name +expansion) is done using Go's [filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. -> **Note**: -> The `.dockerignore` file can even be used to ignore the `Dockerfile` and -> `.dockerignore` files. This might be useful if you are copying files from -> the root of the build context into your new container but do not want to -> include the `Dockerfile` or `.dockerignore` files (e.g. `ADD . /someDir/`). +You can specify exceptions to exclusion rules. To do this, simply prefix a +pattern with an `!` (exclamation mark) in the same way you would in a +`.gitignore` file. Currently there is no support for regular expressions. +Formats like `[^temp*]` are ignored. -The following example shows the use of the `.dockerignore` file to exclude the -`.git` directory from the context. Its effect can be seen in the changed size of -the uploaded context. +The following is an example `.dockerignore` file: + +``` + */temp* + */*/temp* + temp? + *.md + !LICENCSE.md +``` + +This file causes the following build behavior: + +| Rule | Behavior | +|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `*/temp*` | Exclude all files with names starting with`temp` in any subdirectory below the root directory. For example, a file named`/somedir/temporary.txt` is ignored. | +| `*/*/temp*` | Exclude files starting with name `temp` from any subdirectory that is two levels below the root directory. For example, the file `/somedir/subdir/temporary.txt` is ignored. | +| `temp?` | Exclude the files that match the pattern in the root directory. For example, the files `tempa`, `tempb` in the root directory are ignored. | +| `*.md ` | Exclude all markdown files. | +| `!LICENSE.md` | Exception to the exclude all Markdown files is this file, `LICENSE.md`, include this file in the build. | + +The placement of `!` exception rules influences the matching algorithm; the +last line of the `.dockerignore` that matches a particular file determines +whether it is included or excluded. In the above example, the `LICENSE.md` file +matches both the `*.md` and `!LICENSE.md` rule. If you reverse the lines in the +example: + +``` + */temp* + */*/temp* + temp? + !LICENCSE.md + *.md +``` + +The build would exclude `LICENSE.md` because the last `*.md` rule adds all +Markdown files back onto the ignore list. The `!LICENSE.md` rule has no effect +because the subsequent `*.md` rule overrides it. + +You can even use the `.dockerignore` file to ignore the `Dockerfile` and +`.dockerignore` files. This is useful if you are copying files from the root of +the build context into your new container but do not want to include the +`Dockerfile` or `.dockerignore` files (e.g. `ADD . /someDir/`). - $ docker build . - Uploading context 18.829 MB - Uploading context - Step 0 : FROM busybox - ---> 769b9341d937 - Step 1 : CMD echo Hello World - ---> Using cache - ---> 99cc1ad10469 - Successfully built 99cc1ad10469 - $ echo ".git" > .dockerignore - $ docker build . - Uploading context 6.76 MB - Uploading context - Step 0 : FROM busybox - ---> 769b9341d937 - Step 1 : CMD echo Hello World - ---> Using cache - ---> 99cc1ad10469 - Successfully built 99cc1ad10469 ## FROM diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 26659c8ffa..597324eae0 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -653,6 +653,26 @@ If you use STDIN or specify a `URL`, the system places the contents into a file called `Dockerfile`, and any `-f`, `--file` option is ignored. In this scenario, there is no context. +By default the `docker build` command will look for a `Dockerfile` at the +root of the build context. The `-f`, `--file`, option lets you specify +the path to an alternative file to use instead. This is useful +in cases where the same set of files are used for multiple builds. The path +must be to a file within the build context. If a relative path is specified +then it must to be relative to the current directory. + +In most cases, it's best to put each Dockerfile in an empty directory. Then, add +to that directory only the files needed for building the Dockerfile. To increase +the build's performance, you can exclude files and directories by adding a +`.dockerignore` file to that directory as well. For information on creating one, +see the [.dockerignore file](../../reference/builder/#dockerignore-file). + +If the Docker client loses connection to the daemon, the build is canceled. +This happens if you interrupt the Docker client with `ctrl-c` or if the Docker +client is killed for any reason. + +> **Note:** Currently only the "run" phase of the build can be canceled until +> pull cancelation is implemented). + ### Return code On a successful build, a return code of success `0` will be returned. @@ -673,55 +693,11 @@ INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13 $ echo $? 1 ``` - -### .dockerignore file - -If a file named `.dockerignore` exists in the root of `PATH` then it -is interpreted as a newline-separated list of exclusion patterns. -Exclusion patterns match files or directories relative to `PATH` that -will be excluded from the context. Globbing is done using Go's -[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. - -Please note that `.dockerignore` files in other subdirectories are -considered as normal files. Filepaths in `.dockerignore` are absolute with -the current directory as the root. Wildcards are allowed but the search -is not recursive. - -#### Example .dockerignore file - */temp* - */*/temp* - temp? - -The first line above `*/temp*`, would ignore all files with names starting with -`temp` from any subdirectory below the root directory. For example, a file named -`/somedir/temporary.txt` would be ignored. The second line `*/*/temp*`, will -ignore files starting with name `temp` from any subdirectory that is two levels -below the root directory. For example, the file `/somedir/subdir/temporary.txt` -would get ignored in this case. The last line in the above example `temp?` -will ignore the files that match the pattern from the root directory. -For example, the files `tempa`, `tempb` are ignored from the root directory. -Currently there is no support for regular expressions. Formats -like `[^temp*]` are ignored. - -By default the `docker build` command will look for a `Dockerfile` at the -root of the build context. The `-f`, `--file`, option lets you specify -the path to an alternative file to use instead. This is useful -in cases where the same set of files are used for multiple builds. The path -must be to a file within the build context. If a relative path is specified -then it must to be relative to the current directory. - -If the Docker client loses connection to the daemon, the build is canceled. -This happens if you interrupt the Docker client with `ctrl-c` or if the Docker -client is killed for any reason. - -> **Note:** Currently only the "run" phase of the build can be canceled until -> pull cancelation is implemented). - See also: [*Dockerfile Reference*](/reference/builder). -#### Examples +### Examples $ docker build . Uploading context 10240 bytes @@ -790,7 +766,8 @@ affect the build cache. This example shows the use of the `.dockerignore` file to exclude the `.git` directory from the context. Its effect can be seen in the changed size of the -uploaded context. +uploaded context. The builder reference contains detailed information on +[creating a .dockerignore file](../../builder/#dockerignore-file) $ docker build -t vieux/apache:2.0 . From 734430c44c6f88d6e9961a225669a920ce80f597 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Wed, 28 Jan 2015 14:54:25 -0800 Subject: [PATCH 0605/2538] Add docs for `--exec-opt` and setting `native.cgroupdriver`. update man pages. update bash completion. Docker-DCO-1.1-Signed-off-by: Jessica Frazelle (github: jfrazelle) Docker-DCO-1.1-Signed-off-by: Jessie Frazelle (github: jfrazelle) --- contrib/completion/bash/docker | 1 + contrib/completion/fish/docker.fish | 1 + docs/sources/reference/commandline/cli.md | 21 +++++++++++++++++++++ 3 files changed, 23 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f3b8331587..5b7a102a68 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1151,6 +1151,7 @@ _docker() { --dns --dns-search --exec-driver -e + --exec-opt --fixed-cidr --fixed-cidr-v6 --graph -g diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index d3237588ef..c535911853 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -51,6 +51,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force Docker to use specific DNS servers' complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-search -d 'Force Docker to use specific DNS search domains' complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the Docker runtime to use a specific exec driver' +complete -c docker -f -n '__fish_docker_no_subcommand' -l exec-opt -d 'Set exec driver options' complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr -d 'IPv4 subnet for fixed IPs (e.g. 10.20.0.0/16)' complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr-v6 -d 'IPv6 subnet for fixed IPs (e.g.: 2001:a02b/48)' complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d 'Group to assign the unix socket specified by -H when running in daemon mode' diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 597324eae0..ce65c1a0fe 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -452,6 +452,27 @@ https://linuxcontainers.org/) via the `lxc` execution driver, however, this is not where the primary development of new functionality is taking place. Add `-e lxc` to the daemon flags to use the `lxc` execution driver. +#### Exec driver options + +Particular exec-driver can be configured with options specified with +`--exec-opt` flags. The only driver accepting options is `native` +(libcontainer) as of now. All its options are prefixed with `native`. + +Currently supported options are: + + * `native.cgroupdriver` + + Specifies the management of the container's cgroups. As of now the only + viable options are `cgroupfs` and `systemd`. The option will always + fallback to `cgroupfs`. By default, if no option is specified, the + execdriver will try `systemd` and fallback to `cgroupfs`. Same applies if + `systemd` is passed as the `cgroupdriver` but is not capable of being used. + + Example use: + + $ sudo docker -d --exec-opt native.cgroupdriver=cgroupfs + + ### Daemon DNS options From 109f9996a9e416b07675b82d595faa8c7385381d Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Mon, 6 Apr 2015 11:47:55 -0700 Subject: [PATCH 0606/2538] option to configure cgroups Signed-off-by: Jessica Frazelle --- docs/sources/reference/commandline/cli.md | 32 +++++++++-------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index ce65c1a0fe..c69f0a170e 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -442,7 +442,7 @@ Currently supported options are: > Otherwise, set this flag for migrating existing Docker daemons to a > daemon with a supported environment. -### Docker exec-driver option +### Docker execdriver option The Docker daemon uses a specifically built `libcontainer` execution driver as its interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. @@ -452,27 +452,21 @@ https://linuxcontainers.org/) via the `lxc` execution driver, however, this is not where the primary development of new functionality is taking place. Add `-e lxc` to the daemon flags to use the `lxc` execution driver. -#### Exec driver options +#### Options for the native execdriver -Particular exec-driver can be configured with options specified with -`--exec-opt` flags. The only driver accepting options is `native` -(libcontainer) as of now. All its options are prefixed with `native`. - -Currently supported options are: - - * `native.cgroupdriver` - - Specifies the management of the container's cgroups. As of now the only - viable options are `cgroupfs` and `systemd`. The option will always - fallback to `cgroupfs`. By default, if no option is specified, the - execdriver will try `systemd` and fallback to `cgroupfs`. Same applies if - `systemd` is passed as the `cgroupdriver` but is not capable of being used. - - Example use: - - $ sudo docker -d --exec-opt native.cgroupdriver=cgroupfs +You can configure the `native` (libcontainer) execdriver using options specified +with the `--exec-opt` flag. All the flag's options have the `native` prefix. A +single `native.cgroupdriver` option is available. +The `native.cgroupdriver` option specifies the management of the container's +cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and +it is not available, the system uses `cgroupfs`. By default, if no option is +specified, the execdriver first tries `systemd` and falls back to `cgroupfs`. +This example sets the execdriver to `cgroupfs`: + $ sudo docker -d --exec-opt native.cgroupdriver=cgroupfs + +Setting this option applies to all containers the daemon launches. ### Daemon DNS options From 14411fae610e63006a6bc1048c06caab11fc0e29 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Fri, 1 May 2015 10:04:24 -0600 Subject: [PATCH 0607/2538] Only complete repos with "docker pull -a" With this, `docker pull deb` will show all `debian:*` tags, as before, but `docker pull -a deb` will complete directly to just `debian`. :+1: Signed-off-by: Andrew "Tianon" Page --- contrib/completion/bash/docker | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5b7a102a68..1aa0835140 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -679,6 +679,14 @@ _docker_pull() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then + for arg in "${COMP_WORDS[@]}"; do + case "$arg" in + --all-tags|-a) + __docker_image_repos + return + ;; + esac + done __docker_image_repos_and_tags fi ;; From 16d979a292fd5195b0dcd85bed244e19701a4948 Mon Sep 17 00:00:00 2001 From: HuKeping Date: Thu, 26 Feb 2015 19:53:55 +0800 Subject: [PATCH 0608/2538] Feature: option for disable OOM killer Add cgroup support for disable OOM killer. Signed-off-by: Hu Keping --- docs/sources/reference/commandline/cli.md | 2 ++ docs/sources/reference/run.md | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c69f0a170e..c0c7e9ee58 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -939,6 +939,7 @@ Creates a new container. --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --name="" Assign a name to the container --net="bridge" Set the Network mode for the container + --oom-kill-disable=false Whether to disable OOM Killer for the container or not -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --privileged=false Give extended privileges to this container @@ -1897,6 +1898,7 @@ To remove an image using its digest: --memory-swap="" Total memory (memory + swap), '-1' to disable swap --name="" Assign a name to the container --net="bridge" Set the Network mode for the container + --oom-kill-disable=false Whether to disable OOM Killer for the container or not -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --pid="" PID namespace to use diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 990faaf6c0..8d97ad7aec 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -476,6 +476,7 @@ container: --cpuset-cpus="": CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="": Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. --cpu-quota=0: Limit the CPU CFS (Completely Fair Scheduler) quota + --oom-kill-disable=true|false: Whether to disable OOM Killer for the container or not. ### Memory constraints @@ -552,6 +553,27 @@ would be 2*300M, so processes can use 300M swap memory as well. We set both memory and swap memory, so the processes in the container can use 300M memory and 700M swap memory. +By default, Docker kills processes in a container if an out-of-memory (OOM) +error occurs. To change this behaviour, use the `--oom-kill-disable` option. +Only disable the OOM killer on containers where you have also set the +`-m/--memory` option. If the `-m` flag is not set, this can result in the host +running out of memory and require killing the host's system processes to free +memory. + +Examples: + +The following example limits the memory to 100M and disables the OOM killer for +this container: + + $ docker run -ti -m 100M --oom-kill-disable ubuntu:14.04 /bin/bash + +The following example, illustrates a dangerous way to use the flag: + + $ docker run -ti --oom-kill-disable ubuntu:14.04 /bin/bash + +The container has unlimited memory which can cause the host to run out memory +and require killing system processes to free memory. + ### CPU share constraint By default, all containers get the same proportion of CPU cycles. This proportion From c6bcaacce7067d77cb3552b8f4a97cf3b3c92785 Mon Sep 17 00:00:00 2001 From: Lars Kellogg-Stedman Date: Tue, 28 Apr 2015 21:23:27 -0400 Subject: [PATCH 0609/2538] journald log driver: use CONTAINER_ID field for container id This patch modifies the journald log driver to store the container ID in a field named CONTAINER_ID, rather than (ab)using the MESSAGE_ID field. Additionally, this adds the CONTAINER_ID_FULL field containing the complete container ID and CONTAINER_NAME, containing the container name. When using the journald log driver, this permits you to see log messages from a particular container like this: # journalctl CONTAINER_ID=a9238443e193 Example output from "journalctl -o verbose" includes the following: CONTAINER_ID=27aae7361e67 CONTAINER_ID_FULL=27aae7361e67e2b4d3864280acd2b80e78daf8ec73786d8b68f3afeeaabbd4c4 CONTAINER_NAME=web Closes: #12864 Signed-off-by: Lars Kellogg-Stedman --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 8d97ad7aec..60a180584f 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -812,7 +812,7 @@ command is not available for this logging driver #### Logging driver: journald -Journald logging driver for Docker. Writes log messages to journald. `docker logs` command is not available for this logging driver +Journald logging driver for Docker. Writes log messages to journald; the container id will be stored in the journal's `CONTAINER_ID` field. `docker logs` command is not available for this logging driver. For detailed information on working with this logging driver, see [the journald logging driver](reference/logging/journald) reference documentation. ## Overriding Dockerfile image defaults From bbfd8f5e045484c67d6be3710571b66d6368c20f Mon Sep 17 00:00:00 2001 From: David Calavera Date: Fri, 24 Apr 2015 15:12:45 -0700 Subject: [PATCH 0610/2538] Use git url fragment to specify reference and dir context. Signed-off-by: David Calavera --- docs/sources/reference/commandline/cli.md | 25 ++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c0c7e9ee58..aef60d9dca 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -652,13 +652,36 @@ an [*ADD*](/reference/builder/#add) instruction to reference a file in the context. The `URL` parameter can specify the location of a Git repository; -the repository acts as the build context. The system recursively clones the repository +the repository acts as the build context. The system recursively clones the repository and its submodules using a `git clone --depth 1 --recursive` command. This command runs in a temporary directory on your local host. After the command succeeds, the directory is sent to the Docker daemon as the context. Local clones give you the ability to access private repositories using local user credentials, VPN's, and so forth. +Git URLs accept context configuration in their fragment section, separated by a colon `:`. +The first part represents the reference that Git will check out, this can be either +a branch, a tag, or a commit SHA. The second part represents a subdirectory +inside the repository that will be used as a build context. + +For example, run this command to use a directory called `docker` in the branch `container`: + + $ docker build https://github.com/docker/rootfs.git#container:docker + +The following table represents all the valid suffixes with their build contexts: + +Build Syntax Suffix | Commit Used | Build Context Used +--------------------|-------------|------------------- +`myrepo.git` | `refs/heads/master` | `/` +`myrepo.git#mytag` | `refs/tags/mytag` | `/` +`myrepo.git#mybranch` | `refs/heads/mybranch` | `/` +`myrepo.git#abcdef` | `sha1 = abcdef` | `/` +`myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder` +`myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder` +`myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder` +`myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` +`myrepo.git#abcdef:myfolder` | `sha1 = abcdef` | `/myfolder` + Instead of specifying a context, you can pass a single Dockerfile in the `URL` or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: From 5b8040c9356d3d3b240e0aff06e4d979e25c5ce7 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Tue, 5 May 2015 00:38:41 +0000 Subject: [PATCH 0611/2538] spelling fix from Marc MERLIN Signed-off-by: Sven Dowideit --- docs/sources/reference/builder.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index 7dbe549237..fb4d5ce1d7 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -892,11 +892,11 @@ consider the following Dockerfile snippet: FROM ubuntu RUN mkdir /myvol - RUN echo "hello world" > /myvol/greating + RUN echo "hello world" > /myvol/greeting VOLUME /myvol This Dockerfile results in an image that causes `docker run`, to -create a new mount point at `/myvol` and copy the `greating` file +create a new mount point at `/myvol` and copy the `greeting` file into the newly created volume. > **Note**: From 485c6d868ba3c569219fd1db8498ed3af0b53c95 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 13 Feb 2015 11:45:04 -0500 Subject: [PATCH 0612/2538] Allow pulling stats once and disconnecting. Adds a `stream` query param to the stats API which allows API users to only collect one stats entry and disconnect instead of keeping the connection alive to stream more stats. Also adds a `--no-stream` flag to `docker stats` which does the same Signed-off-by: Brian Goff --- contrib/completion/bash/docker | 2 +- contrib/completion/fish/docker.fish | 3 ++- contrib/completion/zsh/_docker | 1 + docs/sources/reference/commandline/cli.md | 1 + 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1aa0835140..bb2b4fe8a4 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1011,7 +1011,7 @@ _docker_start() { _docker_stats() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--no-stream --help" -- "$cur" ) ) ;; *) __docker_containers_running diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index c535911853..42f33e3858 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -16,7 +16,7 @@ function __fish_docker_no_subcommand --description 'Test if docker has yet to be given the subcommand' for i in (commandline -opc) - if contains -- $i attach build commit cp create diff events exec export history images import info inspect kill load login logout logs pause port ps pull push rename restart rm rmi run save search start stop tag top unpause version wait + if contains -- $i attach build commit cp create diff events exec export history images import info inspect kill load login logout logs pause port ps pull push rename restart rm rmi run save search start stop tag top unpause version wait stats return 1 end end @@ -362,6 +362,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from start' -a '(__fish_prin # stats complete -c docker -f -n '__fish_docker_no_subcommand' -a stats -d "Display a live stream of one or more containers' resource usage statistics" complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l help -d 'Print usage' +complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l no-stream -d 'Disable streaming stats and only pull the first result' complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -a '(__fish_print_docker_containers running)' -d "Container" # stop diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 28398f7524..3cff8fbbb6 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -326,6 +326,7 @@ __docker_subcommand () { ;; (stats) _arguments \ + '--no-stream[Disable streaming stats and only pull the first result]' \ '*:containers:__docker_runningcontainers' ;; (rm) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index aef60d9dca..76d934fc31 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2394,6 +2394,7 @@ more details on finding shared images from the command line. Display a live stream of one or more containers' resource usage statistics --help=false Print usage + --no-stream=false Disable streaming stats and only pull the first result Running `docker stats` on multiple containers From 3fca935671f722ba207ca850c69d08e414c424e0 Mon Sep 17 00:00:00 2001 From: Julien Barbier Date: Thu, 26 Mar 2015 23:45:17 +0000 Subject: [PATCH 0613/2538] Adding doc Signed-off-by: Julien Barbier --- docs/sources/reference/commandline/cli.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 76d934fc31..e31c3b48c7 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -642,8 +642,9 @@ is returned by the `docker attach` command to its caller too: -m, --memory="" Memory limit for all build containers --memory-swap="" Total memory (memory + swap), `-1` to disable swap -c, --cpu-shares CPU Shares (relative weight) - --cpuset-cpus="" CPUs in which to allow execution, e.g. `0-3`, `0,1` --cpuset-mems="" MEMs in which to allow execution, e.g. `0-3`, `0,1` + --cpuset-cpus="" CPUs in which to allow exection, e.g. `0-3`, `0,1` + --cgroup-parent="" Optional parent cgroup for the container Builds Docker images from a Dockerfile and a "context". A build's context is the files located in the specified `PATH` or `URL`. The build process can @@ -862,6 +863,9 @@ you refer to it on the command line. > children) for security reasons, and to ensure repeatable builds on remote > Docker hosts. This is also the reason why `ADD ../file` will not work. +`docker build` has a `--cgroup-parent` option that causes the containers used +in the build to be run with this option. + ## commit Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] From 2cf6bfdc61aa3edcd579110df676182f033ee07b Mon Sep 17 00:00:00 2001 From: Marianna Date: Fri, 17 Apr 2015 19:01:16 -0700 Subject: [PATCH 0614/2538] Make the docs for --cgroup-parent better Signed-off-by: Marianna --- docs/sources/reference/commandline/cli.md | 6 ++++-- docs/sources/reference/run.md | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e31c3b48c7..5a92739529 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -863,8 +863,10 @@ you refer to it on the command line. > children) for security reasons, and to ensure repeatable builds on remote > Docker hosts. This is also the reason why `ADD ../file` will not work. -`docker build` has a `--cgroup-parent` option that causes the containers used -in the build to be run with this option. +When `docker build` is run with the `--cgroup-parent` option the containers used +in the build will be run with the [corresponding `docker run` +flag](/reference/run/#specifying-custom-cgroups). + ## commit diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 60a180584f..6d9c314dd7 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -465,6 +465,13 @@ Note: You would have to write policy defining a `svirt_apache_t` type. +## Specifying custom cgroups + +Using the `--cgroup-parent` flag, you can pass a specific cgroup to run a +container in. This allows you to create and manage cgroups on their own. You can +define custom resources for those cgroups and put containers under a common +parent group. + ## Runtime constraints on resources The operator can also adjust the performance parameters of the From ee666e8d4b58672fc37bda0d64191ef2309a5363 Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Mon, 10 Nov 2014 16:19:16 -0800 Subject: [PATCH 0615/2538] Add `--userland-proxy` daemon flag The `--userland-proxy` daemon flag makes it possible to rely on hairpin NAT and additional iptables routes instead of userland proxy for port publishing and inter-container communication. Usage of the userland proxy remains the default as hairpin NAT is unsupported by older kernels. Signed-off-by: Arnaud Porterie --- docs/sources/reference/commandline/cli.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5a92739529..227f971494 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -149,6 +149,7 @@ expect an integer, and they can only be specified once. --default-gateway-v6="" Container default gateway IPv6 address --dns=[] DNS server to use --dns-search=[] DNS search domains to use + --default-ulimit=[] Set default ulimit settings for containers -e, --exec-driver="native" Exec driver to use --fixed-cidr="" IPv4 subnet for fixed IPs --fixed-cidr-v6="" IPv6 subnet for fixed IPs @@ -177,8 +178,8 @@ expect an integer, and they can only be specified once. --tlscert="~/.docker/cert.pem" Path to TLS certificate file --tlskey="~/.docker/key.pem" Path to TLS key file --tlsverify=false Use TLS and verify the remote + --userland-proxy=true Use userland proxy for loopback traffic -v, --version=false Print version information and quit - --default-ulimit=[] Set default ulimit settings for containers. Options with [] may be specified multiple times. From 19815c878d76308b5350672b5104978883d3c888 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Thu, 7 May 2015 11:55:58 +0800 Subject: [PATCH 0616/2538] add blkio.weight support We can use this to control block IO weight of a container. Signed-off-by: Qiang Huang --- docs/sources/reference/commandline/cli.md | 2 ++ docs/sources/reference/run.md | 25 +++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 227f971494..1efc528b09 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -942,6 +942,7 @@ Creates a new container. -a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) + --blkio-weight=0 Block IO weight (relative weight) -c, --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities @@ -1899,6 +1900,7 @@ To remove an image using its digest: -a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) + --blkio-weight=0 Block IO weight (relative weight) -c, --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 6d9c314dd7..bcbbe4a9a2 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -483,6 +483,7 @@ container: --cpuset-cpus="": CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="": Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. --cpu-quota=0: Limit the CPU CFS (Completely Fair Scheduler) quota + --blkio-weight=0: Block IO weight (relative weight) accepts a weight value between 10 and 1000. --oom-kill-disable=true|false: Whether to disable OOM Killer for the container or not. ### Memory constraints @@ -654,6 +655,30 @@ Linux Scheduler used by the kernel. Set this value to 50000 to limit the contain to 50% of a CPU resource. For multiple CPUs, adjust the `--cpu-quota` as necessary. For more information, see the [CFS documentation on bandwidth limiting](https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt). +### Block IO bandwidth (Blkio) constraint + +By default, all containers get the same proportion of block IO bandwidth +(blkio). This proportion is 500. To modify this proportion, change the +container's blkio weight relative to the weighting of all other running +containers using the `--blkio-weight` flag. + +The `--blkio-weight` flag can set the weighting to a value between 10 to 1000. +For example, the commands below create two containers with different blkio +weight: + + $ docker run -ti --name c1 --blkio-weight 300 ubuntu:14.04 /bin/bash + $ docker run -ti --name c2 --blkio-weight 600 ubuntu:14.04 /bin/bash + +If you do block IO in the two containers at the same time, by, for example: + + $ time dd if=/mnt/zerofile of=test.out bs=1M count=1024 oflag=direct + +You'll find that the proportion of time is the same as the proportion of blkio +weights of the two containers. + +> **Note:** The blkio weight setting is only available for direct IO. Buffered IO +> is not currently supported. + ## Runtime privilege, Linux capabilities, and LXC configuration --cap-add: Add Linux capabilities From 68f8a90e3d3215df643372f3a96959e1d126830e Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Tue, 5 May 2015 19:27:07 +0800 Subject: [PATCH 0617/2538] Add support --net=container with --mac-address,--add-host error out Signed-off-by: Lei Jitang --- docs/sources/reference/run.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index bcbbe4a9a2..0145828024 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -282,7 +282,8 @@ With the networking mode set to `host` a container will share the host's network stack and all interfaces from the host will be available to the container. The container's hostname will match the hostname on the host system. Publishing ports and linking to other containers will not work -when sharing the host's network stack. +when sharing the host's network stack. Note that `--add-host` `--hostname` +`--dns` `--dns-search` and `--mac-address` is invalid in `host` netmode. Compared to the default `bridge` mode, the `host` mode gives *significantly* better networking performance since it uses the host's native networking stack @@ -298,7 +299,9 @@ or a High Performance Web Server. With the networking mode set to `container` a container will share the network stack of another container. The other container's name must be -provided in the format of `--net container:`. +provided in the format of `--net container:`. Note that `--add-host` +`--hostname` `--dns` `--dns-search` and `--mac-address` is invalid +in `container` netmode. Example running a Redis container with Redis binding to `localhost` then running the `redis-cli` command and connecting to the Redis server over the From 99499053598917732d3cf5097105f89b17ccb595 Mon Sep 17 00:00:00 2001 From: wlan0 Date: Mon, 4 May 2015 14:39:48 -0700 Subject: [PATCH 0618/2538] Add log opts flag to pass in logging options Signed-off-by: wlan0 --- docs/sources/reference/run.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 0145828024..ff6cfa80ba 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -849,6 +849,10 @@ command is not available for this logging driver Journald logging driver for Docker. Writes log messages to journald; the container id will be stored in the journal's `CONTAINER_ID` field. `docker logs` command is not available for this logging driver. For detailed information on working with this logging driver, see [the journald logging driver](reference/logging/journald) reference documentation. +#### Log Opts : + +Logging options for configuring a log driver. The following log options are supported: [none] + ## Overriding Dockerfile image defaults When a developer builds an image from a [*Dockerfile*](/reference/builder) From edbbcc6dae92bc194fe08ec2866ddc8eaac5913d Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Wed, 8 Apr 2015 16:58:59 +0800 Subject: [PATCH 0619/2538] add cpu.cfs_period_us support Signed-off-by: Ma Shimiao --- contrib/completion/bash/docker | 1 + docs/sources/reference/commandline/cli.md | 2 ++ docs/sources/reference/run.md | 15 +++++++++++++++ 3 files changed, 18 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index bb2b4fe8a4..325e50c000 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -778,6 +778,7 @@ _docker_run() { --cidfile --cpuset --cpu-shares -c + --cpu-period --cpu-quota --device --dns diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 1efc528b09..30e2f80d0b 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -950,6 +950,7 @@ Creates a new container. --cidfile="" Write the container ID to the file --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) + --cpu-period=0 Limit the CPU CFS (Completely Fair Scheduler) period --cpu-quota=0 Limit the CPU CFS (Completely Fair Scheduler) quota --device=[] Add a host device to the container --dns=[] Set custom DNS servers @@ -1907,6 +1908,7 @@ To remove an image using its digest: --cidfile="" Write the container ID to the file --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) + --cpu-period=0 Limit the CPU CFS (Completely Fair Scheduler) period --cpu-quota=0 Limit the CPU CFS (Completely Fair Scheduler) quota -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index ff6cfa80ba..93ca0d07f5 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -483,6 +483,7 @@ container: -m, --memory="": Memory limit (format: , where unit = b, k, m or g) -memory-swap="": Total memory limit (memory + swap, format: , where unit = b, k, m or g) -c, --cpu-shares=0: CPU shares (relative weight) + --cpu-period=0: Limit the CPU CFS (Completely Fair Scheduler) period --cpuset-cpus="": CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="": Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. --cpu-quota=0: Limit the CPU CFS (Completely Fair Scheduler) quota @@ -620,6 +621,20 @@ division of CPU shares: 101 {C1} 1 100% of CPU1 102 {C1} 2 100% of CPU2 +### CPU period constraint + +The default CPU CFS (Completely Fair Scheduler) period is 100ms. We can use +`--cpu-period` to set the period of CPUs to limit the container's CPU usage. +And usually `--cpu-period` should work with `--cpu-quota`. + +Examples: + + $ docker run -ti --cpu-period=50000 --cpu-quota=25000 ubuntu:14.04 /bin/bash + +If there is 1 CPU, this means the container can get 50% CPU worth of run-time every 50ms. + +For more information, see the [CFS documentation on bandwidth limiting](https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt). + ### Cpuset constraint We can set cpus in which to allow execution for containers. From ed206bfca4c26cbfe6fcb195e842456003e7a1c5 Mon Sep 17 00:00:00 2001 From: Gianluca Borello Date: Sat, 9 May 2015 22:36:16 -0700 Subject: [PATCH 0620/2538] Default MAC address generation is not random and should be stated in the documentation. Signed-off-by: Gianluca Borello --- docs/sources/reference/run.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 93ca0d07f5..aafa34dfc8 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -216,9 +216,9 @@ networking. In cases like this, you would perform I/O through files or Your container will use the same DNS servers as the host by default, but you can override this with `--dns`. -By default a random MAC is generated. You can set the container's MAC address -explicitly by providing a MAC via the `--mac-address` parameter (format: -`12:34:56:78:9a:bc`). +By default, the MAC address is generated using the IP address allocated to the +container. You can set the container's MAC address explicitly by providing a +MAC address via the `--mac-address` parameter (format:`12:34:56:78:9a:bc`). Supported networking modes are: From 313659dd18ca252b87a739e4165378944438f7ca Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Thu, 7 May 2015 22:02:14 +0200 Subject: [PATCH 0621/2538] Allow links to be specified with only the name if this matches the alias Signed-off-by: Antonio Murdaca --- docs/sources/reference/commandline/cli.md | 6 ++++++ docs/sources/reference/run.md | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 30e2f80d0b..c0a88fb737 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2138,6 +2138,12 @@ Guide. The `--link` flag will link the container named `/redis` into the newly created container with the alias `redis`. The new container can access the network and environment of the `redis` container via environment variables. +The `--link` flag will also just accept the form `` in which case +the alias will match the name. For instance, you could have written the previous +example as: + + $ docker run --link redis --name console ubuntu bash + The `--name` flag will assign the name `console` to the newly created container. diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index aafa34dfc8..fdc905fe44 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -942,7 +942,7 @@ or override the Dockerfile's exposed defaults: Both hostPort and containerPort can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) (use 'docker port' to see the actual mapping) - --link="" : Add link to another container (:alias) + --link="" : Add link to another container (:alias or ) As mentioned previously, `EXPOSE` (and `--expose`) makes ports available **in** a container for incoming connections. The port number on the From 35172ee02189432a92ccb73b595e748f88ad495e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 3 Sep 2014 16:26:19 +0200 Subject: [PATCH 0622/2538] Implement Docker on ZFS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Arthur Gautier Signed-off-by: Jörg Thalheim --- docs/sources/reference/commandline/cli.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c0a88fb737..3281e61a02 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -250,7 +250,7 @@ precedence over `HTTP_PROXY`. ### Daemon storage-driver option The Docker daemon has support for several different image layer storage drivers: `aufs`, -`devicemapper`, `btrfs` and `overlay`. +`devicemapper`, `btrfs`, `zfs` and `overlay`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that is unlikely to be merged into the main kernel. These are also known to cause some @@ -272,6 +272,12 @@ explains how to tune your existing setup without the use of options. The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`. +The `zfs` driver is probably not fast as `btrfs` but has a longer track record +on stability. Thanks to `Single Copy ARC` shared blocks between clones will be +cached only once. Use `docker -d -s zfs`. To select a different zfs filesystem +as backingstore use the storage option `zfs.fsname`: +`docker -d -s zfs --storage-opt zfs.fsname=zroot/docker` + The `overlay` is a very fast union filesystem. It is now merged in the main Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). Call `docker -d -s overlay` to use it. From 4edc51e28316a2ea2aed560b33e5b0745f645043 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 2 Apr 2015 21:56:18 +0200 Subject: [PATCH 0623/2538] docs: move zfs.fsname option to storage option section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörg Thalheim --- docs/sources/reference/commandline/cli.md | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 3281e61a02..e5f761b881 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -275,8 +275,7 @@ share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_p The `zfs` driver is probably not fast as `btrfs` but has a longer track record on stability. Thanks to `Single Copy ARC` shared blocks between clones will be cached only once. Use `docker -d -s zfs`. To select a different zfs filesystem -as backingstore use the storage option `zfs.fsname`: -`docker -d -s zfs --storage-opt zfs.fsname=zroot/docker` +set `zfs.fsname` option as described in [Storage driver options](#storage-driver-options): The `overlay` is a very fast union filesystem. It is now merged in the main Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). @@ -288,10 +287,10 @@ Call `docker -d -s overlay` to use it. #### Storage driver options Particular storage-driver can be configured with options specified with -`--storage-opt` flags. The only driver accepting options is `devicemapper` as -of now. All its options are prefixed with `dm`. +`--storage-opt` flags. Options for `devicemapper` are prefixed with `dm` and +options for `zfs` start with `zfs`. -Currently supported options are: +Currently supported options of `devicemapper`: * `dm.basesize` @@ -450,6 +449,17 @@ Currently supported options are: > daemon with a supported environment. ### Docker execdriver option +Currently supported options of `zfs`: + + * `zfs.fsname` + + Set zfs filesystem under which docker will create its own datasets. + By default docker will pick up the zfs filesystem where docker graph + (`/var/lib/docker`) is located. + + Example use: + + $ docker -d -s zfs --storage-opt zfs.fsname=zroot/docker The Docker daemon uses a specifically built `libcontainer` execution driver as its interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. From a92995bc1462058401c64a153ccdf07bf40ee5da Mon Sep 17 00:00:00 2001 From: Ahmet Alp Balkan Date: Tue, 14 Apr 2015 04:36:12 +0000 Subject: [PATCH 0624/2538] Add --since argument to docker logs cmd Added --since argument to `docker logs` command. Accept unix timestamps and shows logs only created after the specified date. Default value is 0 and passing default value or not specifying the value in the request causes parameter to be ignored (behavior prior to this change). Signed-off-by: Ahmet Alp Balkan --- contrib/completion/bash/docker | 2 +- contrib/completion/fish/docker.fish | 1 + contrib/completion/zsh/_docker | 1 + docs/sources/reference/commandline/cli.md | 5 +++++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 325e50c000..64c53f6de6 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -593,7 +593,7 @@ _docker_logs() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--follow -f --help --tail --timestamps -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--follow -f --help --since --tail --timestamps -t" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--tail') diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 42f33e3858..79f7ed4bad 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -233,6 +233,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -a logs -d 'Fetch the log complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s f -l follow -d 'Follow log output' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -s t -l timestamps -d 'Show timestamps' +complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l since -d 'Show logs since timestamp' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -l tail -d 'Output the specified number of lines at the end of logs (defaults to all logs)' complete -c docker -A -f -n '__fish_seen_subcommand_from logs' -a '(__fish_print_docker_containers running)' -d "Container" diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3cff8fbbb6..abd666313e 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -305,6 +305,7 @@ __docker_subcommand () { (logs) _arguments \ {-f,--follow}'[Follow log output]' \ + '-s,--since[Show logs since timestamp]' \ {-t,--timestamps}'[Show timestamps]' \ '--tail=-[Output the last K lines]:lines:(1 10 20 50 all)' \ '*:containers:__docker_containers' diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e5f761b881..d9d1eee0f8 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1632,6 +1632,7 @@ For example: Fetch the logs of a container -f, --follow=false Follow log output + --since="" Show logs since timestamp -t, --timestamps=false Show timestamps --tail="all" Number of lines to show from the end of the logs @@ -1651,6 +1652,10 @@ timestamp, for example `2014-09-16T06:17:46.000000000Z`, to each log entry. To ensure that the timestamps for are aligned the nano-second part of the timestamp will be padded with zero when necessary. +The `--since` option shows logs of a container generated only after +the given date, specified as RFC 3339 or UNIX timestamp. The `--since` option +can be combined with the `--follow` and `--tail` options. + ## pause Usage: docker pause CONTAINER [CONTAINER...] From 2f114119bdf907db6c58118573512645e4202f0e Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Mon, 11 May 2015 14:55:44 -0400 Subject: [PATCH 0625/2538] Missing exec-opt[] option in CommandLine docs Signed-off-by: Shishir Mahajan --- docs/sources/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index d9d1eee0f8..3b7d88e35c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -151,6 +151,7 @@ expect an integer, and they can only be specified once. --dns-search=[] DNS search domains to use --default-ulimit=[] Set default ulimit settings for containers -e, --exec-driver="native" Exec driver to use + --exec-opt=[] Set exec driver options --fixed-cidr="" IPv4 subnet for fixed IPs --fixed-cidr-v6="" IPv6 subnet for fixed IPs -G, --group="docker" Group for the unix socket From 02c900f4c56e9cd9b5975e89cf5b288dc0c91edb Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Tue, 5 May 2015 15:32:36 -0700 Subject: [PATCH 0626/2538] Add --uts=host to allow sharing the UTS namespace Signed-off-by: Darren Shepherd --- docs/sources/reference/commandline/cli.md | 3 +++ docs/sources/reference/run.md | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 3b7d88e35c..940f0f0abd 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -991,6 +991,8 @@ Creates a new container. --oom-kill-disable=false Whether to disable OOM Killer for the container or not -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host + --pid="" PID namespace to use + --uts="" UTS namespace to use --privileged=false Give extended privileges to this container --read-only=false Mount the container's root filesystem as read only --restart="no" Restart policy (no, on-failure[:max-retry], always) @@ -1958,6 +1960,7 @@ To remove an image using its digest: -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --pid="" PID namespace to use + --uts="" UTS namespace to use --privileged=false Give extended privileges to this container --read-only=false Mount the container's root filesystem as read only --restart="no" Restart policy (no, on-failure[:max-retry], always) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index fdc905fe44..7c5113f6de 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -157,6 +157,7 @@ called a digest. As long as the input used to generate the image is unchanged, the digest value is predictable and referenceable. ## PID settings (--pid) + --pid="" : Set the PID (Process) Namespace mode for the container, 'host': use the host's PID namespace inside the container @@ -177,6 +178,23 @@ within the container. This command would allow you to use `strace` inside the container on pid 1234 on the host. +## UTS settings (--uts) + + --uts="" : Set the UTS namespace mode for the container, + 'host': use the host's UTS namespace inside the container + +The UTS namespace is for setting the hostname and the domain that is visible +to running processes in that namespace. By default, all containers, including +those with `--net=host`, have their own UTS namespace. The `host` setting will +result in the container using the same UTS namespace as the host. + +You may wish to share the UTS namespace with the host if you would like the +hostname of the container to change as the hostname of the host changes. A +more advanced use case would be changing the host's hostname from a container. + +> **Note**: `--uts="host"` gives the container full access to change the +> hostname of the host and is therefore considered insecure. + ## IPC settings (--ipc) --ipc="" : Set the IPC mode for the container, From 7defdb0868d39a1ac925b740bc9e389071ceb601 Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Thu, 14 May 2015 22:59:11 -0400 Subject: [PATCH 0627/2538] root dir for execdriver (/var/run/docker) should be configurable Signed-off-by: Shishir Mahajan --- contrib/completion/bash/docker | 1 + docs/sources/reference/commandline/cli.md | 1 + 2 files changed, 2 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 64c53f6de6..881ce4543e 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1161,6 +1161,7 @@ _docker() { --dns-search --exec-driver -e --exec-opt + --exec-root --fixed-cidr --fixed-cidr-v6 --graph -g diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 940f0f0abd..a4a44fbb54 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -152,6 +152,7 @@ expect an integer, and they can only be specified once. --default-ulimit=[] Set default ulimit settings for containers -e, --exec-driver="native" Exec driver to use --exec-opt=[] Set exec driver options + --exec-root="/var/run/docker" Root of the Docker execdriver --fixed-cidr="" IPv4 subnet for fixed IPs --fixed-cidr-v6="" IPv6 subnet for fixed IPs -G, --group="docker" Group for the unix socket From 9c413dcfc4f32e4a7771b93e1a1533b95f9ba57b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 13 May 2015 13:39:25 -0700 Subject: [PATCH 0628/2538] respect -H in bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 881ce4543e..93c48966c0 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -27,7 +27,7 @@ # This order should be applied to lists, alternatives and code blocks. __docker_q() { - docker 2>/dev/null "$@" + docker ${host:+-H "$host"} 2>/dev/null "$@" } __docker_containers_all() { @@ -1183,6 +1183,7 @@ _docker() { " local main_options_with_args_glob=$(__docker_to_extglob "$main_options_with_args") + local host COMPREPLY=() local cur prev words cword @@ -1192,6 +1193,11 @@ _docker() { local counter=1 while [ $counter -lt $cword ]; do case "${words[$counter]}" in + # save host so that completion can use custom daemon + --host|-H) + (( counter++ )) + host="${words[$counter]}" + ;; $main_options_with_args_glob ) (( counter++ )) ;; From 12c58642baef682965a5146aadef8230773ed0bf Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Mon, 18 May 2015 06:17:07 -0700 Subject: [PATCH 0629/2538] Experimental features placeholder Signed-off-by: Mary Anthony Adding experimental features into the mix Signed-off-by: Mary Anthony renaming file Signed-off-by: Mary Anthony --- docs/sources/experimental/experimental.md | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 docs/sources/experimental/experimental.md diff --git a/docs/sources/experimental/experimental.md b/docs/sources/experimental/experimental.md new file mode 100644 index 0000000000..58d14bec1b --- /dev/null +++ b/docs/sources/experimental/experimental.md @@ -0,0 +1,28 @@ +page_title: Overview of Experimental Features +page_keywords: experimental, Docker, feature + +# Overview + +This page contains a list of features in the Docker engine which are experimental as of the current release. Experimental features are **not** ready for production. They are provided to for test and evaluation in your sandbox environments. + +The information below describes each feature and the Github pull requests and issues associated with it. If necessary, links are provided to additional documentation on an issue. As an active Docker user and community member, please feel free to provide any feedback on these features you wish. + +## XXXXX + +Short two sentence description of the feature. Why someone would use it. + +### How to use XXXXX + +No more than two paragraphs. If longer, link to a page with the documentation. + +### Known issues, limitations, and risks + +* one +* two +* three + +### Related GitHub PRs and issues + +* one +* two +* three From ef99ac464b9bf86151660972d47e89a04861ae5e Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 19 May 2015 13:05:25 -0700 Subject: [PATCH 0630/2538] Volumes refactor and external plugin implementation. Signed by all authors: Signed-off-by: Michael Crosby Signed-off-by: Arnaud Porterie Signed-off-by: David Calavera Signed-off-by: Jeff Lindsay Signed-off-by: Alexander Morozov Signed-off-by: Luke Marsden Signed-off-by: David Calavera --- docs/sources/reference/commandline/cli.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a4a44fbb54..e1c9f56ad3 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1000,7 +1000,8 @@ Creates a new container. --security-opt=[] Security options -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID - -v, --volume=[] Bind mount a volume + -v, --volume=[] Bind mount a volume, or specify name for volume plugin + --volume-driver= Optional volume driver (plugin name) for the container --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container @@ -1970,7 +1971,8 @@ To remove an image using its digest: --sig-proxy=true Proxy received signals to the process -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID (format: [:]) - -v, --volume=[] Bind mount a volume + -v, --volume=[] Bind mount a volume, or specify name for volume plugin + --volume-driver= Optional volume driver (plugin name) for the container --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container @@ -2066,6 +2068,18 @@ binary (such as that provided by [https://get.docker.com]( https://get.docker.com)), you give the container the full access to create and manipulate the host's Docker daemon. + $ docker run -ti -v volumename:/data --volume-driver=flocker busybox sh + +By specifying a volume name in conjunction with a volume driver, volume plugins +such as [Flocker](https://clusterhq.com/docker-plugin/), once installed, can be +used to manage volumes external to a single host, such as those on EBS. In this +example, "volumename" is passed through to the volume plugin as a user-given +name for the volume which allows the plugin to associate it with an external +volume beyond the lifetime of a single container or container host. This can be +used, for example, to move a stateful container from one server to another. + +The `volumename` must not begin with a `/`. + $ docker run -p 127.0.0.1:80:8080 ubuntu bash This binds port `8080` of the container to port `80` on `127.0.0.1` of From 93d3cc3101b029041a90465d1d9690a6e0c4f86c Mon Sep 17 00:00:00 2001 From: David Calavera Date: Thu, 21 May 2015 14:46:54 -0700 Subject: [PATCH 0631/2538] Mark volume drivers and plugins as experimental in the documentation. Signed-off-by: David Calavera --- docs/sources/reference/commandline/cli.md | 31 +++++++++++++---------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e1c9f56ad3..b5171b1b34 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1001,7 +1001,7 @@ Creates a new container. -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID -v, --volume=[] Bind mount a volume, or specify name for volume plugin - --volume-driver= Optional volume driver (plugin name) for the container + --volume-driver= Optional volume driver (plugin name) for the container (Experimental) --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container @@ -1972,7 +1972,7 @@ To remove an image using its digest: -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID (format: [:]) -v, --volume=[] Bind mount a volume, or specify name for volume plugin - --volume-driver= Optional volume driver (plugin name) for the container + --volume-driver= Optional volume driver (plugin name) for the container (Experimental) --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container @@ -2068,18 +2068,6 @@ binary (such as that provided by [https://get.docker.com]( https://get.docker.com)), you give the container the full access to create and manipulate the host's Docker daemon. - $ docker run -ti -v volumename:/data --volume-driver=flocker busybox sh - -By specifying a volume name in conjunction with a volume driver, volume plugins -such as [Flocker](https://clusterhq.com/docker-plugin/), once installed, can be -used to manage volumes external to a single host, such as those on EBS. In this -example, "volumename" is passed through to the volume plugin as a user-given -name for the volume which allows the plugin to associate it with an external -volume beyond the lifetime of a single container or container host. This can be -used, for example, to move a stateful container from one server to another. - -The `volumename` must not begin with a `/`. - $ docker run -p 127.0.0.1:80:8080 ubuntu bash This binds port `8080` of the container to port `80` on `127.0.0.1` of @@ -2285,6 +2273,21 @@ application change: `--rm` option means that when the container exits, the container's layer is removed. + +*Experimental*: + + $ docker run -ti -v volumename:/data --volume-driver=flocker busybox sh + +By specifying a volume name in conjunction with a volume driver, volume plugins +such as [Flocker](https://clusterhq.com/docker-plugin/), once installed, can be +used to manage volumes external to a single host, such as those on EBS. In this +example, "volumename" is passed through to the volume plugin as a user-given +name for the volume which allows the plugin to associate it with an external +volume beyond the lifetime of a single container or container host. This can be +used, for example, to move a stateful container from one server to another. + +The `volumename` must not begin with a `/`. + #### Restart policies Use Docker's `--restart` to specify a container's *restart policy*. A restart From 7809f8a5ef560af2bb5f820351997552c5436373 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Fri, 22 May 2015 16:57:05 -0700 Subject: [PATCH 0632/2538] Move Documentation changes out or this PR. The will come in a follow up PR inside the experimental section. Signed-off-by: David Calavera --- docs/sources/reference/commandline/cli.md | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index b5171b1b34..a4a44fbb54 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1000,8 +1000,7 @@ Creates a new container. --security-opt=[] Security options -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID - -v, --volume=[] Bind mount a volume, or specify name for volume plugin - --volume-driver= Optional volume driver (plugin name) for the container (Experimental) + -v, --volume=[] Bind mount a volume --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container @@ -1971,8 +1970,7 @@ To remove an image using its digest: --sig-proxy=true Proxy received signals to the process -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID (format: [:]) - -v, --volume=[] Bind mount a volume, or specify name for volume plugin - --volume-driver= Optional volume driver (plugin name) for the container (Experimental) + -v, --volume=[] Bind mount a volume --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container @@ -2273,21 +2271,6 @@ application change: `--rm` option means that when the container exits, the container's layer is removed. - -*Experimental*: - - $ docker run -ti -v volumename:/data --volume-driver=flocker busybox sh - -By specifying a volume name in conjunction with a volume driver, volume plugins -such as [Flocker](https://clusterhq.com/docker-plugin/), once installed, can be -used to manage volumes external to a single host, such as those on EBS. In this -example, "volumename" is passed through to the volume plugin as a user-given -name for the volume which allows the plugin to associate it with an external -volume beyond the lifetime of a single container or container host. This can be -used, for example, to move a stateful container from one server to another. - -The `volumename` must not begin with a `/`. - #### Restart policies Use Docker's `--restart` to specify a container's *restart policy*. A restart From f79ccc117107cfe21e66fa7c3240dd325caec428 Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Fri, 22 May 2015 16:47:28 -0700 Subject: [PATCH 0633/2538] Document in the experimental section Signed-off-by: Arnaud Porterie (cherry picked from commit a31633c2707c78c2ffd684a5a3e576f310af0fb5) --- docs/sources/experimental/plugin_api.md | 223 ++++++++++++++++++++ docs/sources/experimental/plugins.md | 46 ++++ docs/sources/experimental/plugins_volume.md | 43 ++++ 3 files changed, 312 insertions(+) create mode 100644 docs/sources/experimental/plugin_api.md create mode 100644 docs/sources/experimental/plugins.md create mode 100644 docs/sources/experimental/plugins_volume.md diff --git a/docs/sources/experimental/plugin_api.md b/docs/sources/experimental/plugin_api.md new file mode 100644 index 0000000000..770f606b4c --- /dev/null +++ b/docs/sources/experimental/plugin_api.md @@ -0,0 +1,223 @@ +page_title: Plugin API documentation +page_description: Documentation for writing a Docker plugin. +page_keywords: docker, plugins, api, extensions + +# Docker Plugin API + +Docker plugins are out-of-process extensions which add capabilities to the +Docker Engine. + +This page is intended for people who want to develop their own Docker plugin. +If you just want to learn about or use Docker plugins, look +[here](/userguide/plugins). + +## What plugins are + +A plugin is a process running on the same docker host as the docker daemon, +which registers itself by placing a file in `/usr/share/docker/plugins` (the +"plugin directory"). + +Plugins have human-readable names, which are short, lowercase strings. For +example, `flocker` or `weave`. + +Plugins can run inside or outside containers. Currently running them outside +containers is recommended. + +## Plugin discovery + +Docker discovers plugins by looking for them in the plugin directory whenever a +user or container tries to use one by name. + +There are two types of files which can be put in the plugin directory. + +* `.sock` files are UNIX domain sockets. +* `.spec` files are text files containing a URL, such as `unix:///other.sock`. + +The name of the file (excluding the extension) determines the plugin name. + +For example, the `flocker` plugin might create a UNIX socket at +`/usr/share/docker/plugins/flocker.sock`. + +Plugins must be run locally on the same machine as the Docker daemon. UNIX +domain sockets are strongly encouraged for security reasons. + +## Plugin lifecycle + +Plugins should be started before Docker, and stopped after Docker. For +example, when packaging a plugin for a platform which supports `systemd`, you +might use [`systemd` dependencies]( +http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=) to +manage startup and shutdown order. + +When upgrading a plugin, you should first stop the Docker daemon, upgrade the +plugin, then start Docker again. + +If a plugin is packaged as a container, this may cause issues. Plugins as +containers are currently considered experimental due to these shutdown/startup +ordering issues. These issues are mitigated by plugin retries (see below). + +## Plugin activation + +When a plugin is first referred to -- either by a user referring to it by name +(e.g. `docker run --volume-driver=foo`) or a container already configured to +use a plugin being started -- Docker looks for the named plugin in the plugin +directory and activates it with a handshake. See Handshake API below. + +Plugins are *not* activated automatically at Docker daemon startup. Rather, +they are activated only lazily, or on-demand, when they are needed. + +## API design + +The Plugin API is RPC-style JSON over HTTP, much like webhooks. + +Requests flow *from* the Docker daemon *to* the plugin. So the plugin needs to +implement an HTTP server and bind this to the UNIX socket mentioned in the +"plugin discovery" section. + +All requests are HTTP `POST` requests. + +The API is versioned via an Accept header, which currently is always set to +`application/vnd.docker.plugins.v1+json`. + +## Handshake API + +Plugins are activated via the following "handshake" API call. + +### /Plugin.Activate + +**Request:** empty body + +**Response:** +``` +{ + "Implements": ["VolumeDriver"] +} +``` + +Responds with a list of Docker subsystems which this plugin implements. +After activation, the plugin will then be sent events from this subsystem. + +## Volume API + +If a plugin registers itself as a `VolumeDriver` (see above) then it is +expected to provide writeable paths on the host filesystem for the Docker +daemon to provide to containers to consume. + +The Docker daemon handles bind-mounting the provided paths into user +containers. + +### /VolumeDriver.Create + +**Request**: +``` +{ + "Name": "volume_name" +} +``` + +Instruct the plugin that the user wants to create a volume, given a user +specified volume name. The plugin does not need to actually manifest the +volume on the filesystem yet (until Mount is called). + +**Response**: +``` +{ + "Err": null +} +``` + +Respond with a string error if an error occurred. + +### /VolumeDriver.Remove + +**Request**: +``` +{ + "Name": "volume_name" +} +``` + +Create a volume, given a user specified volume name. + +**Response**: +``` +{ + "Err": null +} +``` + +Respond with a string error if an error occurred. + +### /VolumeDriver.Mount + +**Request**: +``` +{ + "Name": "volume_name" +} +``` + +Docker requires the plugin to provide a volume, given a user specified volume +name. This is called once per container start. + +**Response**: +``` +{ + "Mountpoint": "/path/to/directory/on/host", + "Err": null +} +``` + +Respond with the path on the host filesystem where the volume has been made +available, and/or a string error if an error occurred. + +### /VolumeDriver.Path + +**Request**: +``` +{ + "Name": "volume_name" +} +``` + +Docker needs reminding of the path to the volume on the host. + +**Response**: +``` +{ + "Mountpoint": "/path/to/directory/on/host", + "Err": null +} +``` + +Respond with the path on the host filesystem where the volume has been made +available, and/or a string error if an error occurred. + +### /VolumeDriver.Unmount + +**Request**: +``` +{ + "Name": "volume_name" +} +``` + +Indication that Docker no longer is using the named volume. This is called once +per container stop. Plugin may deduce that it is safe to deprovision it at +this point. + +**Response**: +``` +{ + "Err": null +} +``` + +Respond with a string error if an error occurred. + +## Plugin retries + +Attempts to call a method on a plugin are retried with an exponential backoff +for up to 30 seconds. This may help when packaging plugins as containers, since +it gives plugin containers a chance to start up before failing any user +containers which depend on them. diff --git a/docs/sources/experimental/plugins.md b/docs/sources/experimental/plugins.md new file mode 100644 index 0000000000..d113e50a53 --- /dev/null +++ b/docs/sources/experimental/plugins.md @@ -0,0 +1,46 @@ +page_title: Experimental feature - Plugins +page_keywords: experimental, Docker, plugins + +# Overview + +You can extend the capabilities of the Docker Engine by loading third-party +plugins. + +## Types of plugins + +Plugins extend Docker's functionality. They come in specific types. For +example, a [volume plugin](/experimental/plugins_volume) might enable Docker +volumes to persist across multiple Docker hosts. + +Currently Docker supports volume plugins. In the future it will support +additional plugin types. + +## Installing a plugin + +Follow the instructions in the plugin's documentation. + +## Finding a plugin + +The following plugins exist: + +* The [Flocker plugin](https://clusterhq.com/docker-plugin/) is a volume plugin +which provides multi-host portable volumes for Docker, enabling you to run + databases and other stateful containers and move them around across a cluster + of machines. + +## Troubleshooting a plugin + +If you are having problems with Docker after loading a plugin, ask the authors +of the plugin for help. The Docker team may not be able to assist you. + +## Writing a plugin + +If you are interested in writing a plugin for Docker, or seeing how they work +under the hood, see the [docker plugins reference](/experimental/plugin_api). + +# Related GitHub PRs and issues + +- [#13222](https://github.com/docker/docker/pull/13222) Plugins plumbing + +Send us feedback and comments on [#13419](https://github.com/docker/docker/issues/13419), +or on the usual Google Groups (docker-user, docker-dev) and IRC channels. diff --git a/docs/sources/experimental/plugins_volume.md b/docs/sources/experimental/plugins_volume.md new file mode 100644 index 0000000000..81112e18ae --- /dev/null +++ b/docs/sources/experimental/plugins_volume.md @@ -0,0 +1,43 @@ +page_title: Experimental feature - Volume plugins +page_keywords: experimental, Docker, plugins, volume + +# Overview + +Docker volume plugins enable Docker deployments to be integrated with external +storage systems, such as Amazon EBS, and enable data volumes to persist beyond +the lifetime of a single Docker host. See the [plugin documentation](/experimental/plugins) +for more information. + +# Command-line changes + +This experimental features introduces two changes to the `docker run` command: + +- The `--volume-driver` flag is introduced. +- The `-v` syntax is changed to accept a volume name a first component. + +Example: + + $ docker run -ti -v volumename:/data --volume-driver=flocker busybox sh + +By specifying a volume name in conjunction with a volume driver, volume plugins +such as [Flocker](https://clusterhq.com/docker-plugin/), once installed, can be +used to manage volumes external to a single host, such as those on EBS. In this +example, "volumename" is passed through to the volume plugin as a user-given +name for the volume which allows the plugin to associate it with an external +volume beyond the lifetime of a single container or container host. This can be +used, for example, to move a stateful container from one server to another. + +The `volumename` must not begin with a `/`. + +# API changes + +The container creation endpoint (`/containers/create`) accepts a `VolumeDriver` +field of type `string` allowing to specify the name of the driver. It's default +value of `"local"` (the default driver for local volumes). + +# Related GitHub PRs and issues + +- [#13161](https://github.com/docker/docker/pull/13161) Volume refactor and external volume plugins + +Send us feedback and comments on [#13420](https://github.com/docker/docker/issues/13420), +or on the usual Google Groups (docker-user, docker-dev) and IRC channels. From 6dbd08344f4d9e7b4b6d883b2cc2fd1fa70e2182 Mon Sep 17 00:00:00 2001 From: Lloyd Dewolf Date: Sun, 24 May 2015 13:41:03 -0700 Subject: [PATCH 0634/2538] doc: cli images examples rm "| head". It's a given that lines of example output might be truncated or come from a contrived environment. Signed-off-by: Lloyd Dewolf --- docs/sources/reference/commandline/cli.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index a4a44fbb54..5d5a0e6c33 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -922,7 +922,7 @@ Supported `Dockerfile` instructions: 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 f5283438590d - $ docker images | head + $ docker images REPOSITORY TAG ID CREATED VIRTUAL SIZE SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB @@ -1326,7 +1326,7 @@ uses up the `VIRTUAL SIZE` listed only once. #### Listing the most recently created images - $ docker images | head + $ docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 77af4d6b9913 19 hours ago 1.089 GB committ latest b6fa739cedf5 19 hours ago 1.089 GB @@ -1341,7 +1341,7 @@ uses up the `VIRTUAL SIZE` listed only once. #### Listing the full length image IDs - $ docker images --no-trunc | head + $ docker images --no-trunc REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB @@ -1360,7 +1360,7 @@ called a `digest`. As long as the input used to generate the image is unchanged, the digest value is predictable. To list image digest values, use the `--digests` flag: - $ docker images --digests | head + $ docker images --digests REPOSITORY TAG DIGEST IMAGE ID CREATED VIRTUAL SIZE localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB From dc770ac858a3fbc727ddf61dc1ff65f59a191718 Mon Sep 17 00:00:00 2001 From: Jan-Jaap Driessen Date: Mon, 25 May 2015 17:24:41 +0200 Subject: [PATCH 0635/2538] Markdown changes (thanks to runcom for the rebase+squash handholding) Signed-off-by: Jan-Jaap Driessen --- docs/sources/reference/commandline/cli.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5d5a0e6c33..3093aa2e50 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2204,10 +2204,10 @@ logs could be retrieved using `docker logs`. This is useful if you need to pipe a file or something else into a container and retrieve the container's ID once the container has finished running. - $ docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo} - brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc - brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd - crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo + $ docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo} + brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc + brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd + crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo It is often necessary to directly expose devices to a container. The `--device` option enables that. For example, a specific block storage device or loop @@ -2400,7 +2400,7 @@ It is used to create a backup that can then be used with `docker load` It is even useful to cherry-pick particular tags of an image repository - $ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy + $ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy ## search From 05c0da3b96b4128fa463b61649824894fc0019ac Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 26 May 2015 14:02:10 -0700 Subject: [PATCH 0636/2538] Revert "Add docker exec run a command in privileged mode" This reverts commit 72a500e9e5929b038816d8bd18d462a19e571c99. Signed-off-by: Jessica Frazelle Conflicts: daemon/execdriver/native/exec.go integration-cli/docker_cli_exec_test.go runconfig/exec.go --- contrib/completion/bash/docker | 2 +- docs/sources/reference/commandline/cli.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 93c48966c0..0f4e2f1a75 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -407,7 +407,7 @@ _docker_events() { _docker_exec() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i -t --tty -u --user" -- "$cur" ) ) ;; *) __docker_containers_running diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 3093aa2e50..3d92b3ed67 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1201,7 +1201,6 @@ You'll need two shells for this example. -d, --detach=false Detached mode: run command in the background -i, --interactive=false Keep STDIN open even if not attached - --privileged=false Give extended privileges to the command -t, --tty=false Allocate a pseudo-TTY -u, --user= Username or UID (format: [:]) From b4bef542a7640967ebbf14154fdaf966ed7c35db Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Fri, 22 May 2015 09:18:19 -0700 Subject: [PATCH 0637/2538] Fixes title, line wrap, and Adds install area Tibor's comment Updating with the new plugins Entering comments from Seb Signed-off-by: Mary Anthony --- docs/sources/experimental/experimental.md | 53 +++++++++++++++------ docs/sources/experimental/plugin_api.md | 4 +- docs/sources/experimental/plugins.md | 6 ++- docs/sources/experimental/plugins_volume.md | 4 +- 4 files changed, 48 insertions(+), 19 deletions(-) diff --git a/docs/sources/experimental/experimental.md b/docs/sources/experimental/experimental.md index 58d14bec1b..b0d72b90b0 100644 --- a/docs/sources/experimental/experimental.md +++ b/docs/sources/experimental/experimental.md @@ -1,28 +1,51 @@ page_title: Overview of Experimental Features page_keywords: experimental, Docker, feature -# Overview +# Experimental Features in this Release -This page contains a list of features in the Docker engine which are experimental as of the current release. Experimental features are **not** ready for production. They are provided to for test and evaluation in your sandbox environments. +This page contains a list of features in the Docker engine which are +experimental as of the current release. Experimental features are **not** ready +for production. They are provided for test and evaluation in your sandbox +environments. -The information below describes each feature and the Github pull requests and issues associated with it. If necessary, links are provided to additional documentation on an issue. As an active Docker user and community member, please feel free to provide any feedback on these features you wish. +The information below describes each feature and the Github pull requests and +issues associated with it. If necessary, links are provided to additional +documentation on an issue. As an active Docker user and community member, +please feel free to provide any feedback on these features you wish. -## XXXXX +## Install Docker experimental -Short two sentence description of the feature. Why someone would use it. +1. Verify that you have `wget` installed. -### How to use XXXXX + $ which wget -No more than two paragraphs. If longer, link to a page with the documentation. + If `wget` isn't installed, install it after updating your manager: -### Known issues, limitations, and risks + $ sudo apt-get update + $ sudo apt-get install wget -* one -* two -* three +2. Get the latest Docker package. -### Related GitHub PRs and issues + $ wget -qO- https://experimental.docker.com/ | sh + + The system prompts you for your `sudo` password. Then, it downloads and + installs Docker and its dependencies. + + >**Note**: If your company is behind a filtering proxy, you may find that the + >`apt-key` + >command fails for the Docker repo during installation. To work around this, + >add the key directly using the following: + > + > $ wget -qO- https://experimental.docker.com/gpg | sudo apt-key add - + +3. Verify `docker` is installed correctly. + + $ sudo docker run hello-world + + This command downloads a test image and runs it in a container. + +## Experimental features in this Release + +* [Support for Docker plugins](plugins.md) +* [Volume plugins](plugins_volume.md) -* one -* two -* three diff --git a/docs/sources/experimental/plugin_api.md b/docs/sources/experimental/plugin_api.md index 770f606b4c..6454fc2a97 100644 --- a/docs/sources/experimental/plugin_api.md +++ b/docs/sources/experimental/plugin_api.md @@ -2,7 +2,7 @@ page_title: Plugin API documentation page_description: Documentation for writing a Docker plugin. page_keywords: docker, plugins, api, extensions -# Docker Plugin API +# Experimental: Docker Plugin API Docker plugins are out-of-process extensions which add capabilities to the Docker Engine. @@ -11,6 +11,8 @@ This page is intended for people who want to develop their own Docker plugin. If you just want to learn about or use Docker plugins, look [here](/userguide/plugins). +This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](experimental.md). + ## What plugins are A plugin is a process running on the same docker host as the docker daemon, diff --git a/docs/sources/experimental/plugins.md b/docs/sources/experimental/plugins.md index d113e50a53..dbcb70ce67 100644 --- a/docs/sources/experimental/plugins.md +++ b/docs/sources/experimental/plugins.md @@ -1,10 +1,12 @@ page_title: Experimental feature - Plugins page_keywords: experimental, Docker, plugins -# Overview +# Experimental: Extend Docker with a plugin You can extend the capabilities of the Docker Engine by loading third-party -plugins. +plugins. + +This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](experimental.md). ## Types of plugins diff --git a/docs/sources/experimental/plugins_volume.md b/docs/sources/experimental/plugins_volume.md index 81112e18ae..399dda71e3 100644 --- a/docs/sources/experimental/plugins_volume.md +++ b/docs/sources/experimental/plugins_volume.md @@ -1,13 +1,15 @@ page_title: Experimental feature - Volume plugins page_keywords: experimental, Docker, plugins, volume -# Overview +# Experimental: Docker volume plugins Docker volume plugins enable Docker deployments to be integrated with external storage systems, such as Amazon EBS, and enable data volumes to persist beyond the lifetime of a single Docker host. See the [plugin documentation](/experimental/plugins) for more information. +This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](experimental.md). + # Command-line changes This experimental features introduces two changes to the `docker run` command: From 011e17933c5b4f3ab2e2b65086a2530c5a921fc1 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 11 May 2015 18:28:36 -0400 Subject: [PATCH 0638/2538] Modify volume mounts SELinux labels on the fly based on :Z or :z This patch is extending the qualifiers on the -v command to allow an admin to tell the system to relabel, content. There might be a need for something similar for changing the DAC Permissions. Signed-off-by: Jessica Frazelle --- docs/sources/reference/commandline/cli.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 3d92b3ed67..c5e276e3a3 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2181,6 +2181,19 @@ mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted in the same mode (read write or read only) as the reference container. +Labeling systems like SELinux require proper labels be placed on volume content +mounted into a container, otherwise the security system might prevent the +processes running inside the container from using the content. By default, +volumes are not relabeled. + +Two suffixes :z or :Z can be added to the volume mount. These suffixes tell +Docker to relabel file objects on the shared volumes. The 'z' option tells +Docker that the volume content will be shared between containers. Docker will +label the content with a shared content label. Shared volumes labels allow all +containers to read/write content. The 'Z' option tells Docker to label the +content with a private unshared label. Private volumes can only be used by the +current container. + The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or `STDERR`. This makes it possible to manipulate the output and input as needed. @@ -2222,7 +2235,7 @@ flag: $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc Command (m for help): q - $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc:ro --rm -it ubuntu fdisk /dev/xvdc You will not be able to write the partition table. Command (m for help): q From 739c2672a701ba13294acaaaef5750a880bdd942 Mon Sep 17 00:00:00 2001 From: Lloyd Dewolf Date: Wed, 27 May 2015 10:38:29 -0700 Subject: [PATCH 0639/2538] doc cli lint. - 79 char line length (non-command). - Consistent single space between sentences. - Replace start of line tabs with spaces. - Remove trailing white space. - Consistent "**Note:**" style. https://docs.docker.com/project/doc-style/#notes - Replace the ``` sections with indented code. Signed-off-by: Lloyd Dewolf --- docs/sources/reference/commandline/cli.md | 645 +++++++++++----------- 1 file changed, 328 insertions(+), 317 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c5e276e3a3..5fb1acf5de 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -16,9 +16,10 @@ or execute `docker help`: A self-sufficient runtime for Linux containers. ... -Depending on your Docker system configuration, you may be required -to preface each `docker` command with `sudo`. To avoid having to use `sudo` with -the `docker` command, your system administrator can create a Unix group called + +Depending on your Docker system configuration, you may be required to preface +each `docker` command with `sudo`. To avoid having to use `sudo` with the +`docker` command, your system administrator can create a Unix group called `docker` and add users to it. For more information about installing Docker or `sudo` configuration, refer to @@ -32,7 +33,8 @@ by the `docker` command line: * `DOCKER_CERT_PATH` The location of your authentication keys. * `DOCKER_DRIVER` The graph driver to use. * `DOCKER_HOST` Daemon socket to connect to. -* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is unsuitable for Docker. +* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is + unsuitable for Docker. * `DOCKER_RAMDISK` If set this will disable 'pivot_root'. * `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote. * `DOCKER_TMPDIR` Location for temporary Docker files. @@ -56,18 +58,18 @@ The Docker command line stores its configuration files in a directory called `.docker/config.json` file to control certain aspects of how the `docker` command behaves. -Currently, you can modify the `docker` command behavior using environment -variables or command-line options. You can also use options within -`config.json` to modify some of the same behavior. When using these -mechanisms, you must keep in mind the order of precedence among them. Command -line options override environment variables and environment variables override +Currently, you can modify the `docker` command behavior using environment +variables or command-line options. You can also use options within +`config.json` to modify some of the same behavior. When using these +mechanisms, you must keep in mind the order of precedence among them. Command +line options override environment variables and environment variables override properties you specify in a `config.json` file. The `config.json` file stores a JSON encoding of a single `HttpHeaders` -property. The property specifies a set of headers to include in all -messages sent from the Docker client to the daemon. Docker does not try to -interpret or understand these header; it simply puts them into the messages. -Docker does not allow these headers to change any headers it sets for itself. +property. The property specifies a set of headers to include in all messages +sent from the Docker client to the daemon. Docker does not try to interpret or +understand these header; it simply puts them into the messages. Docker does +not allow these headers to change any headers it sets for itself. Following is a sample `config.json` file: @@ -78,7 +80,9 @@ Following is a sample `config.json` file: } ## Help -To list the help on any command just execute the command, followed by the `--help` option. + +To list the help on any command just execute the command, followed by the +`--help` option. $ docker run --help @@ -98,16 +102,16 @@ you can write `docker run -it --name test busybox sh`. ### Boolean -Boolean options take the form `-d=false`. The value you see in the help text is the -default value which is set if you do **not** specify that flag. If you specify -a Boolean flag without a value, this will set the flag to `true`, irrespective -of the default value. +Boolean options take the form `-d=false`. The value you see in the help text is +the default value which is set if you do **not** specify that flag. If you +specify a Boolean flag without a value, this will set the flag to `true`, +irrespective of the default value. -For example, running `docker run -d` will set the value to `true`, so -your container **will** run in "detached" mode, in the background. +For example, running `docker run -d` will set the value to `true`, so your +container **will** run in "detached" mode, in the background. -Options which default to `true` (e.g., `docker build --rm=true`) can only -be set to the non-default value by explicitly setting them to `false`: +Options which default to `true` (e.g., `docker build --rm=true`) can only be +set to the non-default value by explicitly setting them to `false`: $ docker build --rm=false . @@ -119,13 +123,15 @@ for example in these commands: $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash $ docker run -a stdin -a stdout -a stderr ubuntu /bin/ls -Sometimes, multiple options can call for a more complex value string as for `-v`: +Sometimes, multiple options can call for a more complex value string as for +`-v`: $ docker run -v /host:/container example/mysql -> **Note**: -> Do not use the `-t` and `-a stderr` options together due to limitations -> in the `pty` implementation. All `stderr` in `pty` mode simply goes to `stdout`. +> **Note:** +> Do not use the `-t` and `-a stderr` options together due to +> limitations in the `pty` implementation. All `stderr` in `pty` mode +> simply goes to `stdout`. ### Strings and Integers @@ -185,10 +191,9 @@ expect an integer, and they can only be specified once. Options with [] may be specified multiple times. -The Docker daemon is the persistent process that manages containers. -Docker uses the same binary for both the daemon and client. To run the -daemon you provide the `-d` flag. - +The Docker daemon is the persistent process that manages containers. Docker +uses the same binary for both the daemon and client. To run the daemon you +provide the `-d` flag. To run the daemon with debug output, use `docker -d -D`. @@ -197,30 +202,32 @@ To run the daemon with debug output, use `docker -d -D`. The Docker daemon can listen for [Docker Remote API](/reference/api/docker_remote_api/) requests via three different types of Socket: `unix`, `tcp`, and `fd`. -By default, a `unix` domain socket (or IPC socket) is created at `/var/run/docker.sock`, -requiring either `root` permission, or `docker` group membership. +By default, a `unix` domain socket (or IPC socket) is created at +`/var/run/docker.sock`, requiring either `root` permission, or `docker` group +membership. If you need to access the Docker daemon remotely, you need to enable the `tcp` -Socket. Beware that the default setup provides un-encrypted and un-authenticated -direct access to the Docker daemon - and should be secured either using the -[built in HTTPS encrypted socket](/articles/https/), or by putting a secure web -proxy in front of it. You can listen on port `2375` on all network interfaces -with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP -address: `-H tcp://192.168.59.103:2375`. It is conventional to use port `2375` -for un-encrypted, and port `2376` for encrypted communication with the daemon. +Socket. Beware that the default setup provides un-encrypted and +un-authenticated direct access to the Docker daemon - and should be secured +either using the [built in HTTPS encrypted socket](/articles/https/), or by +putting a secure web proxy in front of it. You can listen on port `2375` on all +network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network +interface using its IP address: `-H tcp://192.168.59.103:2375`. It is +conventional to use port `2375` for un-encrypted, and port `2376` for encrypted +communication with the daemon. -> **Note** If you're using an HTTPS encrypted socket, keep in mind that only TLS1.0 -> and greater are supported. Protocols SSLv3 and under are not supported anymore -> for security reasons. +> **Note:** +> If you're using an HTTPS encrypted socket, keep in mind that only +> TLS1.0 and greater are supported. Protocols SSLv3 and under are not +> supported anymore for security reasons. On Systemd based systems, you can communicate with the daemon via -[Systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), use -`docker -d -H fd://`. Using `fd://` will work perfectly for most setups but +[Systemd socket activation](http://0pointer.de/blog/projects/socket-activation.html), +use `docker -d -H fd://`. Using `fd://` will work perfectly for most setups but you can also specify individual sockets: `docker -d -H fd://3`. If the -specified socket activated files aren't found, then Docker will exit. You -can find examples of using Systemd socket activation with Docker and -Systemd in the [Docker source tree]( -https://github.com/docker/docker/tree/master/contrib/init/systemd/). +specified socket activated files aren't found, then Docker will exit. You can +find examples of using Systemd socket activation with Docker and Systemd in the +[Docker source tree](https://github.com/docker/docker/tree/master/contrib/init/systemd/). You can configure the Docker daemon to listen to multiple sockets at the same time using multiple `-H` options: @@ -228,8 +235,8 @@ time using multiple `-H` options: # listen using the default unix socket, and on 2 specific IP addresses on this host. docker -d -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2 -The Docker client will honor the `DOCKER_HOST` environment variable to set -the `-H` flag for the client. +The Docker client will honor the `DOCKER_HOST` environment variable to set the +`-H` flag for the client. $ docker -H tcp://0.0.0.0:2375 ps # or @@ -237,8 +244,9 @@ the `-H` flag for the client. $ docker ps # both are equal -Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than the empty -string is equivalent to setting the `--tlsverify` flag. The following are equivalent: +Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than +the empty string is equivalent to setting the `--tlsverify` flag. The following +are equivalent: $ docker --tlsverify ps # or @@ -251,37 +259,39 @@ precedence over `HTTP_PROXY`. ### Daemon storage-driver option -The Docker daemon has support for several different image layer storage drivers: `aufs`, -`devicemapper`, `btrfs`, `zfs` and `overlay`. +The Docker daemon has support for several different image layer storage +drivers: `aufs`, `devicemapper`, `btrfs`, `zfs` and `overlay`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that -is unlikely to be merged into the main kernel. These are also known to cause some -serious kernel crashes. However, `aufs` is also the only storage driver that allows -containers to share executable and shared library memory, so is a useful choice -when running thousands of containers with the same program or libraries. +is unlikely to be merged into the main kernel. These are also known to cause +some serious kernel crashes. However, `aufs` is also the only storage driver +that allows containers to share executable and shared library memory, so is a +useful choice when running thousands of containers with the same program or +libraries. The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) snapshots. For each devicemapper graph location – typically `/var/lib/docker/devicemapper` – a thin pool is created based on two block -devices, one for data and one for metadata. By default, these block devices +devices, one for data and one for metadata. By default, these block devices are created automatically by using loopback mounts of automatically created sparse files. Refer to [Storage driver options](#storage-driver-options) below for a way how to customize this setup. -[~jpetazzo/Resizing Docker containers with the Device Mapper plugin]( -http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/) article -explains how to tune your existing setup without the use of options. +[~jpetazzo/Resizing Docker containers with the Device Mapper plugin](http://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/) +article explains how to tune your existing setup without the use of options. -The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not -share executable memory between devices. Use `docker -d -s btrfs -g /mnt/btrfs_partition`. +The `btrfs` driver is very fast for `docker build` - but like `devicemapper` +does not share executable memory between devices. Use +`docker -d -s btrfs -g /mnt/btrfs_partition`. The `zfs` driver is probably not fast as `btrfs` but has a longer track record on stability. Thanks to `Single Copy ARC` shared blocks between clones will be cached only once. Use `docker -d -s zfs`. To select a different zfs filesystem -set `zfs.fsname` option as described in [Storage driver options](#storage-driver-options): +set `zfs.fsname` option as described in [Storage driver options](#storage-driver-options). The `overlay` is a very fast union filesystem. It is now merged in the main -Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). -Call `docker -d -s overlay` to use it. +Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). Call +`docker -d -s overlay` to use it. + > **Note:** > It is currently unsupported on `btrfs` or any Copy on Write filesystem > and should only be used over `ext4` partitions. @@ -302,7 +312,7 @@ Currently supported options of `devicemapper`: 10 GB of space on the pool. However, the filesystem will use more space for the empty case the larger the device is. - **Warning**: This value affects the system-wide "base" empty filesystem + **Warning:** This value affects the system-wide "base" empty filesystem that may already be initialized and inherited by pulled images. Typically, a change to this value will require additional steps to take effect: @@ -424,9 +434,9 @@ Currently supported options of `devicemapper`: `devicemapper` driver, run: $ docker info - [...] - Udev Sync Supported: true - [...] + [...] + Udev Sync Supported: true + [...] When `udev` sync support is `true`, then `devicemapper` and udev can coordinate the activation and deactivation of devices for containers. @@ -444,13 +454,15 @@ Currently supported options of `devicemapper`: When this value is `true`, the `devicemapper` continues and simply warns you the errors are happening. - > **Note**: The ideal is to pursue a `docker` daemon and environment that - > does support synchronizing with `udev`. For further discussion on this + > **Note:** + > The ideal is to pursue a `docker` daemon and environment that does + > support synchronizing with `udev`. For further discussion on this > topic, see [docker#4036](https://github.com/docker/docker/issues/4036). - > Otherwise, set this flag for migrating existing Docker daemons to a - > daemon with a supported environment. + > Otherwise, set this flag for migrating existing Docker daemons to + > a daemon with a supported environment. ### Docker execdriver option + Currently supported options of `zfs`: * `zfs.fsname` @@ -461,10 +473,10 @@ Currently supported options of `zfs`: Example use: - $ docker -d -s zfs --storage-opt zfs.fsname=zroot/docker + $ docker -d -s zfs --storage-opt zfs.fsname=zroot/docker -The Docker daemon uses a specifically built `libcontainer` execution driver as its -interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. +The Docker daemon uses a specifically built `libcontainer` execution driver as +its interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. There is still legacy support for the original [LXC userspace tools]( https://linuxcontainers.org/) via the `lxc` execution driver, however, this is @@ -477,14 +489,14 @@ You can configure the `native` (libcontainer) execdriver using options specified with the `--exec-opt` flag. All the flag's options have the `native` prefix. A single `native.cgroupdriver` option is available. -The `native.cgroupdriver` option specifies the management of the container's -cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and -it is not available, the system uses `cgroupfs`. By default, if no option is -specified, the execdriver first tries `systemd` and falls back to `cgroupfs`. +The `native.cgroupdriver` option specifies the management of the container's +cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and +it is not available, the system uses `cgroupfs`. By default, if no option is +specified, the execdriver first tries `systemd` and falls back to `cgroupfs`. This example sets the execdriver to `cgroupfs`: $ sudo docker -d --exec-opt native.cgroupdriver=cgroupfs - + Setting this option applies to all containers the daemon launches. ### Daemon DNS options @@ -497,75 +509,82 @@ To set the DNS search domain for all Docker containers, use ### Insecure registries -Docker considers a private registry either secure or insecure. -In the rest of this section, *registry* is used for *private registry*, and `myregistry:5000` +Docker considers a private registry either secure or insecure. In the rest of +this section, *registry* is used for *private registry*, and `myregistry:5000` is a placeholder example for a private registry. -A secure registry uses TLS and a copy of its CA certificate is placed on the Docker host at -`/etc/docker/certs.d/myregistry:5000/ca.crt`. -An insecure registry is either not using TLS (i.e., listening on plain text HTTP), or is using -TLS with a CA certificate not known by the Docker daemon. The latter can happen when the -certificate was not found under `/etc/docker/certs.d/myregistry:5000/`, or if the certificate -verification failed (i.e., wrong CA). +A secure registry uses TLS and a copy of its CA certificate is placed on the +Docker host at `/etc/docker/certs.d/myregistry:5000/ca.crt`. An insecure +registry is either not using TLS (i.e., listening on plain text HTTP), or is +using TLS with a CA certificate not known by the Docker daemon. The latter can +happen when the certificate was not found under +`/etc/docker/certs.d/myregistry:5000/`, or if the certificate verification +failed (i.e., wrong CA). -By default, Docker assumes all, but local (see local registries below), registries are secure. -Communicating with an insecure registry is not possible if Docker assumes that registry is secure. -In order to communicate with an insecure registry, the Docker daemon requires `--insecure-registry` -in one of the following two forms: +By default, Docker assumes all, but local (see local registries below), +registries are secure. Communicating with an insecure registry is not possible +if Docker assumes that registry is secure. In order to communicate with an +insecure registry, the Docker daemon requires `--insecure-registry` in one of +the following two forms: -* `--insecure-registry myregistry:5000` tells the Docker daemon that myregistry:5000 should be considered insecure. -* `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries whose domain resolve to an IP address is part -of the subnet described by the CIDR syntax, should be considered insecure. +* `--insecure-registry myregistry:5000` tells the Docker daemon that + myregistry:5000 should be considered insecure. +* `--insecure-registry 10.1.0.0/16` tells the Docker daemon that all registries + whose domain resolve to an IP address is part of the subnet described by the + CIDR syntax, should be considered insecure. -The flag can be used multiple times to allow multiple registries to be marked as insecure. +The flag can be used multiple times to allow multiple registries to be marked +as insecure. -If an insecure registry is not marked as insecure, `docker pull`, `docker push`, and `docker search` -will result in an error message prompting the user to either secure or pass the `--insecure-registry` -flag to the Docker daemon as described above. +If an insecure registry is not marked as insecure, `docker pull`, +`docker push`, and `docker search` will result in an error message prompting +the user to either secure or pass the `--insecure-registry` flag to the Docker +daemon as described above. -Local registries, whose IP address falls in the 127.0.0.0/8 range, are automatically marked as insecure -as of Docker 1.3.2. It is not recommended to rely on this, as it may change in the future. +Local registries, whose IP address falls in the 127.0.0.0/8 range, are +automatically marked as insecure as of Docker 1.3.2. It is not recommended to +rely on this, as it may change in the future. ### Running a Docker daemon behind a HTTPS_PROXY -When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub certificates -will be replaced by the proxy's certificates. These certificates need to be added -to your Docker host's configuration: +When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub +certificates will be replaced by the proxy's certificates. These certificates +need to be added to your Docker host's configuration: 1. Install the `ca-certificates` package for your distribution 2. Ask your network admin for the proxy's CA certificate and append them to `/etc/pki/tls/certs/ca-bundle.crt` 3. Then start your Docker daemon with `HTTPS_PROXY=http://username:password@proxy:port/ docker -d`. - The `username:` and `password@` are optional - and are only needed if your proxy - is set up to require authentication. + The `username:` and `password@` are optional - and are only needed if your + proxy is set up to require authentication. This will only add the proxy and authentication to the Docker daemon's requests - -your `docker build`s and running containers will need extra configuration to use -the proxy +your `docker build`s and running containers will need extra configuration to +use the proxy ### Default Ulimits -`--default-ulimit` allows you to set the default `ulimit` options to use for all -containers. It takes the same options as `--ulimit` for `docker run`. If these -defaults are not set, `ulimit` settings will be inherited, if not set on -`docker run`, from the Docker daemon. Any `--ulimit` options passed to -`docker run` will overwrite these defaults. +`--default-ulimit` allows you to set the default `ulimit` options to use for +all containers. It takes the same options as `--ulimit` for `docker run`. If +these defaults are not set, `ulimit` settings will be inherited, if not set on +`docker run`, from the Docker daemon. Any `--ulimit` options passed to `docker +run` will overwrite these defaults. ### Miscellaneous options -IP masquerading uses address translation to allow containers without a public IP to talk -to other machines on the Internet. This may interfere with some network topologies and -can be disabled with --ip-masq=false. +IP masquerading uses address translation to allow containers without a public +IP to talk to other machines on the Internet. This may interfere with some +network topologies and can be disabled with --ip-masq=false. -Docker supports softlinks for the Docker data directory -(`/var/lib/docker`) and for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be set like this: +Docker supports softlinks for the Docker data directory (`/var/lib/docker`) and +for `/var/lib/docker/tmp`. The `DOCKER_TMPDIR` and the data directory can be +set like this: DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 # or export DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker -d -D -g /var/lib/docker -H unix:// > /var/lib/boot2docker/docker.log 2>&1 - ## attach Usage: docker attach [OPTIONS] CONTAINER @@ -577,23 +596,24 @@ Docker supports softlinks for the Docker data directory The `docker attach` command allows you to attach to a running container using the container's ID or name, either to view its ongoing output or to control it -interactively. You can attach to the same contained process multiple times +interactively. You can attach to the same contained process multiple times simultaneously, screen sharing style, or quickly view the progress of your daemonized process. -You can detach from the container and leave it running with `CTRL-p -CTRL-q` (for a quiet exit) or with `CTRL-c` if `--sig-proxy` is false. +You can detach from the container and leave it running with `CTRL-p CTRL-q` +(for a quiet exit) or with `CTRL-c` if `--sig-proxy` is false. -If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` -to the container. +If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to the +container. ->**Note**: A process running as PID 1 inside a container is treated ->specially by Linux: it ignores any signal with the default action. ->So, the process will not terminate on `SIGINT` or `SIGTERM` unless it is ->coded to do so. +> **Note:** +> A process running as PID 1 inside a container is treated specially by +> Linux: it ignores any signal with the default action. So, the process +> will not terminate on `SIGINT` or `SIGTERM` unless it is coded to do +> so. -It is forbidden to redirect the standard input of a `docker attach` command while -attaching to a tty-enabled container (i.e.: launched with `-t`). +It is forbidden to redirect the standard input of a `docker attach` command +while attaching to a tty-enabled container (i.e.: launched with `-t`). #### Examples @@ -632,8 +652,8 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). $ docker ps -a | grep topdemo 7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo -And in this second example, you can see the exit code returned by the `bash` process -is returned by the `docker attach` command to its caller too: +And in this second example, you can see the exit code returned by the `bash` +process is returned by the `docker attach` command to its caller too: $ docker run --name test -d -it debian 275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab @@ -666,29 +686,31 @@ is returned by the `docker attach` command to its caller too: --cgroup-parent="" Optional parent cgroup for the container Builds Docker images from a Dockerfile and a "context". A build's context is -the files located in the specified `PATH` or `URL`. The build process can -refer to any of the files in the context. For example, your build can use -an [*ADD*](/reference/builder/#add) instruction to reference a file in the +the files located in the specified `PATH` or `URL`. The build process can refer +to any of the files in the context. For example, your build can use an +[*ADD*](/reference/builder/#add) instruction to reference a file in the context. -The `URL` parameter can specify the location of a Git repository; -the repository acts as the build context. The system recursively clones the repository -and its submodules using a `git clone --depth 1 --recursive` command. -This command runs in a temporary directory on your local host. -After the command succeeds, the directory is sent to the Docker daemon as the context. -Local clones give you the ability to access private repositories using +The `URL` parameter can specify the location of a Git repository; the +repository acts as the build context. The system recursively clones the +repository and its submodules using a `git clone --depth 1 --recursive` +command. This command runs in a temporary directory on your local host. After +the command succeeds, the directory is sent to the Docker daemon as the +context. Local clones give you the ability to access private repositories using local user credentials, VPN's, and so forth. -Git URLs accept context configuration in their fragment section, separated by a colon `:`. -The first part represents the reference that Git will check out, this can be either -a branch, a tag, or a commit SHA. The second part represents a subdirectory -inside the repository that will be used as a build context. +Git URLs accept context configuration in their fragment section, separated by a +colon `:`. The first part represents the reference that Git will check out, +this can be either a branch, a tag, or a commit SHA. The second part represents +a subdirectory inside the repository that will be used as a build context. -For example, run this command to use a directory called `docker` in the branch `container`: +For example, run this command to use a directory called `docker` in the branch +`container`: $ docker build https://github.com/docker/rootfs.git#container:docker -The following table represents all the valid suffixes with their build contexts: +The following table represents all the valid suffixes with their build +contexts: Build Syntax Suffix | Commit Used | Build Context Used --------------------|-------------|------------------- @@ -702,55 +724,55 @@ Build Syntax Suffix | Commit Used | Build Context Used `myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` `myrepo.git#abcdef:myfolder` | `sha1 = abcdef` | `/myfolder` -Instead of specifying a context, you can pass a single Dockerfile in the -`URL` or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: +Instead of specifying a context, you can pass a single Dockerfile in the `URL` +or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: - docker build - < Dockerfile + docker build - < Dockerfile -If you use STDIN or specify a `URL`, the system places the contents into a -file called `Dockerfile`, and any `-f`, `--file` option is ignored. In this +If you use STDIN or specify a `URL`, the system places the contents into a file +called `Dockerfile`, and any `-f`, `--file` option is ignored. In this scenario, there is no context. -By default the `docker build` command will look for a `Dockerfile` at the -root of the build context. The `-f`, `--file`, option lets you specify -the path to an alternative file to use instead. This is useful -in cases where the same set of files are used for multiple builds. The path -must be to a file within the build context. If a relative path is specified -then it must to be relative to the current directory. +By default the `docker build` command will look for a `Dockerfile` at the root +of the build context. The `-f`, `--file`, option lets you specify the path to +an alternative file to use instead. This is useful in cases where the same set +of files are used for multiple builds. The path must be to a file within the +build context. If a relative path is specified then it must to be relative to +the current directory. -In most cases, it's best to put each Dockerfile in an empty directory. Then, add -to that directory only the files needed for building the Dockerfile. To increase -the build's performance, you can exclude files and directories by adding a -`.dockerignore` file to that directory as well. For information on creating one, -see the [.dockerignore file](../../reference/builder/#dockerignore-file). +In most cases, it's best to put each Dockerfile in an empty directory. Then, +add to that directory only the files needed for building the Dockerfile. To +increase the build's performance, you can exclude files and directories by +adding a `.dockerignore` file to that directory as well. For information on +creating one, see the [.dockerignore file](../../reference/builder/#dockerignore-file). If the Docker client loses connection to the daemon, the build is canceled. This happens if you interrupt the Docker client with `ctrl-c` or if the Docker client is killed for any reason. -> **Note:** Currently only the "run" phase of the build can be canceled until -> pull cancelation is implemented). +> **Note:** +> Currently only the "run" phase of the build can be canceled until pull +> cancelation is implemented). ### Return code -On a successful build, a return code of success `0` will be returned. -When the build fails, a non-zero failure code will be returned. +On a successful build, a return code of success `0` will be returned. When the +build fails, a non-zero failure code will be returned. -There should be informational output of the reason for failure output -to `STDERR`: +There should be informational output of the reason for failure output to +`STDERR`: + + $ docker build -t fail . + Sending build context to Docker daemon 2.048 kB + Sending build context to Docker daemon + Step 0 : FROM busybox + ---> 4986bf8c1536 + Step 1 : RUN exit 13 + ---> Running in e26670ec7a0a + INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13 + $ echo $? + 1 -``` -$ docker build -t fail . -Sending build context to Docker daemon 2.048 kB -Sending build context to Docker daemon -Step 0 : FROM busybox - ---> 4986bf8c1536 -Step 1 : RUN exit 13 - ---> Running in e26670ec7a0a -INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13 -$ echo $? -1 -``` See also: [*Dockerfile Reference*](/reference/builder). @@ -783,24 +805,19 @@ See also: Removing intermediate container 9c9e81692ae9 Removing intermediate container 02071fceb21b -This example specifies that the `PATH` is -`.`, and so all the files in the local directory get -`tar`d and sent to the Docker daemon. The `PATH` -specifies where to find the files for the "context" of the build on the -Docker daemon. Remember that the daemon could be running on a remote -machine and that no parsing of the Dockerfile -happens at the client side (where you're running -`docker build`). That means that *all* the files at -`PATH` get sent, not just the ones listed to -[*ADD*](/reference/builder/#add) in the Dockerfile. +This example specifies that the `PATH` is `.`, and so all the files in the +local directory get `tar`d and sent to the Docker daemon. The `PATH` specifies +where to find the files for the "context" of the build on the Docker daemon. +Remember that the daemon could be running on a remote machine and that no +parsing of the Dockerfile happens at the client side (where you're running +`docker build`). That means that *all* the files at `PATH` get sent, not just +the ones listed to [*ADD*](/reference/builder/#add) in the Dockerfile. -The transfer of context from the local machine to the Docker daemon is -what the `docker` client means when you see the -"Sending build context" message. +The transfer of context from the local machine to the Docker daemon is what the +`docker` client means when you see the "Sending build context" message. -If you wish to keep the intermediate containers after the build is -complete, you must use `--rm=false`. This does not -affect the build cache. +If you wish to keep the intermediate containers after the build is complete, +you must use `--rm=false`. This does not affect the build cache. $ docker build . Uploading context 18.829 MB @@ -829,63 +846,62 @@ uploaded context. The builder reference contains detailed information on $ docker build -t vieux/apache:2.0 . -This will build like the previous example, but it will then tag the -resulting image. The repository name will be `vieux/apache` -and the tag will be `2.0` +This will build like the previous example, but it will then tag the resulting +image. The repository name will be `vieux/apache` and the tag will be `2.0` $ docker build - < Dockerfile -This will read a Dockerfile from `STDIN` without context. Due to the -lack of a context, no contents of any local directory will be sent to -the Docker daemon. Since there is no context, a Dockerfile `ADD` only -works if it refers to a remote URL. +This will read a Dockerfile from `STDIN` without context. Due to the lack of a +context, no contents of any local directory will be sent to the Docker daemon. +Since there is no context, a Dockerfile `ADD` only works if it refers to a +remote URL. $ docker build - < context.tar.gz -This will build an image for a compressed context read from `STDIN`. -Supported formats are: bzip2, gzip and xz. +This will build an image for a compressed context read from `STDIN`. Supported +formats are: bzip2, gzip and xz. $ docker build github.com/creack/docker-firefox -This will clone the GitHub repository and use the cloned repository as -context. The Dockerfile at the root of the -repository is used as Dockerfile. Note that you -can specify an arbitrary Git repository by using the `git://` or `git@` +This will clone the GitHub repository and use the cloned repository as context. +The Dockerfile at the root of the repository is used as Dockerfile. Note that +you can specify an arbitrary Git repository by using the `git://` or `git@` schema. $ docker build -f Dockerfile.debug . -This will use a file called `Dockerfile.debug` for the build -instructions instead of `Dockerfile`. +This will use a file called `Dockerfile.debug` for the build instructions +instead of `Dockerfile`. $ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . $ docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . -The above commands will build the current build context (as specified by -the `.`) twice, once using a debug version of a `Dockerfile` and once using -a production version. +The above commands will build the current build context (as specified by the +`.`) twice, once using a debug version of a `Dockerfile` and once using a +production version. $ cd /home/me/myapp/some/dir/really/deep $ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp $ docker build -f ../../../../dockerfiles/debug /home/me/myapp -These two `docker build` commands do the exact same thing. They both -use the contents of the `debug` file instead of looking for a `Dockerfile` -and will use `/home/me/myapp` as the root of the build context. Note that -`debug` is in the directory structure of the build context, regardless of how -you refer to it on the command line. +These two `docker build` commands do the exact same thing. They both use the +contents of the `debug` file instead of looking for a `Dockerfile` and will use +`/home/me/myapp` as the root of the build context. Note that `debug` is in the +directory structure of the build context, regardless of how you refer to it on +the command line. -> **Note:** `docker build` will return a `no such file or directory` error -> if the file or directory does not exist in the uploaded context. This may -> happen if there is no context, or if you specify a file that is elsewhere -> on the Host system. The context is limited to the current directory (and its -> children) for security reasons, and to ensure repeatable builds on remote -> Docker hosts. This is also the reason why `ADD ../file` will not work. - -When `docker build` is run with the `--cgroup-parent` option the containers used -in the build will be run with the [corresponding `docker run` -flag](/reference/run/#specifying-custom-cgroups). +> **Note:** +> `docker build` will return a `no such file or directory` error if the +> file or directory does not exist in the uploaded context. This may +> happen if there is no context, or if you specify a file that is +> elsewhere on the Host system. The context is limited to the current +> directory (and its children) for security reasons, and to ensure +> repeatable builds on remote Docker hosts. This is also the reason why +> `ADD ../file` will not work. +When `docker build` is run with the `--cgroup-parent` option the containers +used in the build will be run with the [corresponding `docker run` +flag](/reference/run/#specifying-custom-cgroups). ## commit @@ -898,20 +914,18 @@ flag](/reference/run/#specifying-custom-cgroups). -m, --message="" Commit message -p, --pause=true Pause container during commit -It can be useful to commit a container's file changes or settings into a -new image. This allows you debug a container by running an interactive -shell, or to export a working dataset to another server. Generally, it -is better to use Dockerfiles to manage your images in a documented and -maintainable way. +It can be useful to commit a container's file changes or settings into a new +image. This allows you debug a container by running an interactive shell, or to +export a working dataset to another server. Generally, it is better to use +Dockerfiles to manage your images in a documented and maintainable way. By default, the container being committed and its processes will be paused -while the image is committed. This reduces the likelihood of -encountering data corruption during the process of creating the commit. -If this behavior is undesired, set the 'p' option to false. +while the image is committed. This reduces the likelihood of encountering data +corruption during the process of creating the commit. If this behavior is +undesired, set the 'p' option to false. -The `--change` option will apply `Dockerfile` instructions to the image -that is created. -Supported `Dockerfile` instructions: +The `--change` option will apply `Dockerfile` instructions to the image that is +created. Supported `Dockerfile` instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` #### Commit a container @@ -942,7 +956,7 @@ Supported `Dockerfile` instructions: ## cp Copy files or folders from a container's filesystem to the directory on the -host. Use '-' to write the data as a tar file to `STDOUT`. `CONTAINER:PATH` is +host. Use '-' to write the data as a tar file to `STDOUT`. `CONTAINER:PATH` is relative to the root of the container's filesystem. Usage: docker cp CONTAINER:PATH HOSTDIR|- @@ -1004,15 +1018,14 @@ Creates a new container. --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container -The `docker create` command creates a writeable container layer over -the specified image and prepares it for running the specified command. -The container ID is then printed to `STDOUT`. -This is similar to `docker run -d` except the container is never started. -You can then use the `docker start ` command to start the -container at any point. +The `docker create` command creates a writeable container layer over the +specified image and prepares it for running the specified command. The +container ID is then printed to `STDOUT`. This is similar to `docker run -d` +except the container is never started. You can then use the `docker start +` command to start the container at any point. -This is useful when you want to set up a container configuration ahead -of time so that it is ready to start when you need it. +This is useful when you want to set up a container configuration ahead of time +so that it is ready to start when you need it. Please see the [run command](#run) section and the [Docker run reference]( /reference/run/) for more details. @@ -1024,9 +1037,9 @@ Please see the [run command](#run) section and the [Docker run reference]( $ docker start -a -i 6d8af538ec5 bash-4.2# -As of v1.4.0 container volumes are initialized during the `docker create` -phase (i.e., `docker run` too). For example, this allows you to `create` the -`data` volume container, and then use it from another container: +As of v1.4.0 container volumes are initialized during the `docker create` phase +(i.e., `docker run` too). For example, this allows you to `create` the `data` +volume container, and then use it from another container: $ docker create -v /data --name data ubuntu 240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57 @@ -1035,8 +1048,8 @@ phase (i.e., `docker run` too). For example, this allows you to `create` the drwxr-xr-x 2 root root 4096 Dec 5 04:10 . drwxr-xr-x 48 root root 4096 Dec 5 04:11 .. -Similarly, `create` a host directory bind mounted volume container, which -can then be used from the subsequent container: +Similarly, `create` a host directory bind mounted volume container, which can +then be used from the subsequent container: $ docker create -v /home/docker:/docker --name docker ubuntu 9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03 @@ -1063,9 +1076,9 @@ List the changed files and directories in a container᾿s filesystem There are 3 events that are listed in the `diff`: -1. `A` - Add -2. `D` - Delete -3. `C` - Change +1. `A` - Add +2. `D` - Delete +3. `C` - Change For example: @@ -1103,16 +1116,17 @@ and Docker images will report: #### Filtering -The filtering flag (`-f` or `--filter`) format is of "key=value". If you would like to use -multiple filters, pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) +The filtering flag (`-f` or `--filter`) format is of "key=value". If you would +like to use multiple filters, pass multiple flags (e.g., `--filter "foo=bar" +--filter "bif=baz"`) Using the same filter multiple times will be handled as a *OR*; for example -`--filter container=588a23dac085 --filter container=a8f7720b8c22` will display events for -container 588a23dac085 *OR* container a8f7720b8c22 +`--filter container=588a23dac085 --filter container=a8f7720b8c22` will display +events for container 588a23dac085 *OR* container a8f7720b8c22 Using multiple filters will be handled as a *AND*; for example -`--filter container=588a23dac085 --filter event=start` will display events for container -container 588a23dac085 *AND* the event type is *start* +`--filter container=588a23dac085 --filter event=start` will display events for +container container 588a23dac085 *AND* the event type is *start* The currently supported filters are: @@ -1207,7 +1221,8 @@ You'll need two shells for this example. The `docker exec` command runs a new command in a running container. The command started using `docker exec` only runs while the container's primary -process (`PID 1`) is running, and it is not restarted if the container is restarted. +process (`PID 1`) is running, and it is not restarted if the container is +restarted. If the container is paused, then the `docker exec` command will fail with an error: @@ -1255,10 +1270,10 @@ This will create a new Bash session in the container `ubuntu_bash`. $ docker export --output="latest.tar" red_panda > **Note:** -> `docker export` does not export the contents of volumes associated with the -> container. If a volume is mounted on top of an existing directory in the -> container, `docker export` will export the contents of the *underlying* -> directory, not the contents of the volume. +> `docker export` does not export the contents of volumes associated +> with the container. If a volume is mounted on top of an existing +> directory in the container, `docker export` will export the contents +> of the *underlying* directory, not the contents of the volume. > > Refer to [Backup, restore, or migrate data volumes](/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes) > in the user guide for examples on exporting data in a volume. @@ -1289,8 +1304,8 @@ To see how the `docker:apache` image was added to a container's base image: $ docker history docker:scm IMAGE CREATED CREATED BY SIZE COMMENT 2ac9d1098bf1 3 months ago /bin/bash 241.4 MB Added Apache to Fedora base image - 88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB - c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B + 88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB + c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B 511136ea3c5a 19 months ago 0 B Imported from - @@ -1666,7 +1681,7 @@ can be combined with the `--follow` and `--tail` options. Pause all processes within a container The `docker pause` command uses the cgroups freezer to suspend all processes in -a container. Traditionally, when suspending a process the `SIGSTOP` signal is +a container. Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed. @@ -2054,7 +2069,7 @@ folder before starting your container. $ docker run --read-only -v /icanwrite busybox touch /icanwrite here Volumes can be used in combination with `--read-only` to control where -a container writes files. The `--read-only` flag mounts the container's root +a container writes files. The `--read-only` flag mounts the container's root filesystem as read only prohibiting writes to locations other than the specified volumes for the container. @@ -2194,8 +2209,9 @@ containers to read/write content. The 'Z' option tells Docker to label the content with a private unshared label. Private volumes can only be used by the current container. -The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or -`STDERR`. This makes it possible to manipulate the output and input as needed. +The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` +or `STDERR`. This makes it possible to manipulate the output and input as +needed. $ echo "test" | docker run -i -a stdin ubuntu cat - @@ -2222,7 +2238,7 @@ retrieve the container's ID once the container has finished running. crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo It is often necessary to directly expose devices to a container. The `--device` -option enables that. For example, a specific block storage device or loop +option enables that. For example, a specific block storage device or loop device or audio device can be added to an otherwise unprivileged container (without the `--privileged` flag) and have the application directly access it. @@ -2231,26 +2247,25 @@ This can be overridden using a third `:rwm` set of options to each `--device` flag: -``` - $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc - Command (m for help): q - $ docker run --device=/dev/sda:/dev/xvdc:ro --rm -it ubuntu fdisk /dev/xvdc - You will not be able to write the partition table. + Command (m for help): q + $ docker run --device=/dev/sda:/dev/xvdc:ro --rm -it ubuntu fdisk /dev/xvdc + You will not be able to write the partition table. - Command (m for help): q + Command (m for help): q - $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc - Command (m for help): q + Command (m for help): q - $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc - fdisk: unable to open /dev/xvdc: Operation not permitted -``` + $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc + fdisk: unable to open /dev/xvdc: Operation not permitted > **Note:** -> `--device` cannot be safely used with ephemeral devices. Block devices that -> may be removed should not be added to untrusted containers with `--device`. +> `--device` cannot be safely used with ephemeral devices. Block devices +> that may be removed should not be added to untrusted containers with +> `--device`. **A complete example:** @@ -2333,15 +2348,15 @@ This will run the `redis` container with a restart policy of **always** so that if the container exits, Docker will restart it. More detailed information on restart policies can be found in the -[Restart Policies (--restart)](/reference/run/#restart-policies-restart) section -of the Docker run reference page. +[Restart Policies (--restart)](/reference/run/#restart-policies-restart) +section of the Docker run reference page. ### Adding entries to a container hosts file -You can add other hosts into a container's `/etc/hosts` file by using one or more -`--add-host` flags. This example adds a static address for a host named `docker`: +You can add other hosts into a container's `/etc/hosts` file by using one or +more `--add-host` flags. This example adds a static address for a host named +`docker`: -``` $ docker run --add-host=docker:10.180.0.1 --rm -it debian $$ ping docker PING docker (10.180.0.1): 48 data bytes @@ -2350,10 +2365,9 @@ You can add other hosts into a container's `/etc/hosts` file by using one or mor ^C--- docker ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms -``` Sometimes you need to connect to the Docker host from within your -container. To enable this, pass the Docker host's IP address to +container. To enable this, pass the Docker host's IP address to the container using the `--add-host` flag. To find the host's address, use the `ip addr show` command. @@ -2375,17 +2389,15 @@ available in the default container, you can set these using the `--ulimit` flag. `--ulimit` is specified with a soft and hard limit as such: `=[:]`, for example: -``` $ docker run --ulimit nofile=1024:1024 --rm debian ulimit -n 1024 -``` ->**Note:** -> If you do not provide a `hard limit`, the `soft limit` will be used for both -values. If no `ulimits` are set, they will be inherited from the default `ulimits` -set on the daemon. -> `as` option is disabled now. In other words, the following script is not supported: -> `$ docker run -it --ulimit as=1024 fedora /bin/bash` +> **Note:** +> If you do not provide a `hard limit`, the `soft limit` will be used +> for both values. If no `ulimits` are set, they will be inherited from +> the default `ulimits` set on the daemon. `as` option is disabled now. +> In other words, the following script is not supported: +> `$ docker run -it --ulimit as=1024 fedora /bin/bash` ## save @@ -2463,19 +2475,20 @@ The `docker stats` command will only return a live stream of data for running containers. Stopped containers will not return any data. > **Note:** -> If you want more detailed information about a container's resource usage, use the API endpoint. +> If you want more detailed information about a container's resource +> usage, use the API endpoint. ## stop Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] Stop a running container by sending SIGTERM and then SIGKILL after a - grace period + grace period -t, --time=10 Seconds to wait for stop before killing it -The main process inside the container will receive `SIGTERM`, and after a -grace period, `SIGKILL`. +The main process inside the container will receive `SIGTERM`, and after a grace +period, `SIGKILL`. ## tag @@ -2485,9 +2498,8 @@ grace period, `SIGKILL`. -f, --force=false Force -You can group your images together using names and tags, and then upload -them to [*Share Images via Repositories*]( -/userguide/dockerrepos/#contributing-to-docker-hub). +You can group your images together using names and tags, and then upload them +to [*Share Images via Repositories*](/userguide/dockerrepos/#contributing-to-docker-hub). ## top @@ -2514,8 +2526,8 @@ for further details. Show the Docker version information. -Show the Docker version, API version, Git commit, Go version and OS/architecture -of both Docker client and daemon. Example use: +Show the Docker version, API version, Git commit, Go version and +OS/architecture of both Docker client and daemon. Example use: $ docker version Client version: 1.5.0 @@ -2535,4 +2547,3 @@ of both Docker client and daemon. Example use: Usage: docker wait CONTAINER [CONTAINER...] Block until a container stops, then print its exit code. - From 51fee8e7aefa3016cd1d1b8d1c028e56688d11e7 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Thu, 28 May 2015 12:06:11 -0700 Subject: [PATCH 0640/2538] Add comment about ulimit format. Fixes #12116 Signed-off-by: David Calavera --- docs/sources/reference/commandline/cli.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5fb1acf5de..662ddacd9c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2399,6 +2399,9 @@ available in the default container, you can set these using the `--ulimit` flag. > In other words, the following script is not supported: > `$ docker run -it --ulimit as=1024 fedora /bin/bash` +The values are sent to the appropriate `syscall` as they are set. +Docker doesn't perform any byte conversion. Take this into account when setting the values. + ## save Usage: docker save [OPTIONS] IMAGE [IMAGE...] From 342d0cd04cb21441d3d85aa298864d65ed9f1d57 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 28 May 2015 17:06:47 +0200 Subject: [PATCH 0641/2538] Update bash completion for 1.7.0 Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0f4e2f1a75..72d5c3e341 100755 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -212,11 +212,12 @@ _docker_docker() { --selinux-enabled --tls --tlsverify + --userland-proxy=false --version -v " case "$prev" in - --graph|-g) + --exec-root|--graph|-g) _filedir -d return ;; @@ -267,22 +268,25 @@ _docker_attach() { _docker_build() { case "$prev" in - --tag|-t) - __docker_image_repos_and_tags + --cgroup-parent|--cpuset-cpus|--cpuset-mems|--cpu-shares|-c|--cpu-period|--cpu-quota|--memory|-m|--memory-swap) return ;; --file|-f) _filedir return ;; + --tag|-t) + __docker_image_repos_and_tags + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--cpu-shares -c --cpuset-cpus --cpu-quota --file -f --force-rm --help --memory -m --memory-swap --no-cache --pull --quiet -q --rm --tag -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--cgroup-parent --cpuset-cpus --cpuset-mems --cpu-shares -c --cpu-period --cpu-quota --file -f --force-rm --help --memory -m --memory-swap --no-cache --pull --quiet -q --rm --tag -t" -- "$cur" ) ) ;; *) - local counter="$(__docker_pos_first_nonflag '--tag|-t')" + local counter="$(__docker_pos_first_nonflag '--cgroup-parent|--cpuset-cpus|--cpuset-mems|--cpu-shares|-c|--cpu-period|--cpu-quota|--file|-f|--memory|-m|--memory-swap|--tag|-t')" if [ $cword -eq $counter ]; then _filedir -d fi @@ -405,6 +409,12 @@ _docker_events() { } _docker_exec() { + case "$prev" in + --user|-u) + return + ;; + esac + case "$cur" in -*) COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i -t --tty -u --user" -- "$cur" ) ) @@ -586,7 +596,7 @@ _docker_logout() { _docker_logs() { case "$prev" in - --tail) + --since|--tail) return ;; esac @@ -771,15 +781,16 @@ _docker_rmi() { _docker_run() { local options_with_args=" --add-host + --blkio-weight --attach -a --cap-add --cap-drop --cgroup-parent --cidfile --cpuset - --cpu-shares -c --cpu-period --cpu-quota + --cpu-shares -c --device --dns --dns-search @@ -805,6 +816,7 @@ _docker_run() { --security-opt --user -u --ulimit + --uts --volumes-from --volume -v --workdir -w @@ -1156,6 +1168,8 @@ _docker() { --api-cors-header --bip --bridge -b + --default-gateway + --default-gateway-v6 --default-ulimit --dns --dns-search @@ -1203,6 +1217,9 @@ _docker() { ;; -*) ;; + =) + (( counter++ )) + ;; *) command="${words[$counter]}" cpos=$counter From ba522b3391bfb3f9c8cc819cb566e87afa353e94 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Thu, 21 May 2015 22:20:25 +0200 Subject: [PATCH 0642/2538] Add syslog-address log-opt Signed-off-by: Antonio Murdaca --- docs/sources/reference/commandline/cli.md | 3 +++ docs/sources/reference/run.md | 19 ++++++++++++++++--- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 662ddacd9c..986bcdedac 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -175,6 +175,7 @@ expect an integer, and they can only be specified once. -l, --log-level="info" Set the logging level --label=[] Set key=value labels to the daemon --log-driver="json-file" Default driver for container logs + --log-opt=[] Log driver specific options --mtu=0 Set the containers network MTU -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --registry-mirror=[] Preferred Docker registry mirror @@ -998,6 +999,7 @@ Creates a new container. --label-file=[] Read in a line delimited file of labels --link=[] Add link to another container --log-driver="" Logging driver for container + --log-opt=[] Log driver specific options --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) @@ -1963,6 +1965,7 @@ To remove an image using its digest: --ipc="" IPC namespace to use --link=[] Add link to another container --log-driver="" Logging driver for container + --log-opt=[] Log driver specific options --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 7c5113f6de..f1c4a44d7c 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -873,18 +873,31 @@ this driver. Default logging driver for Docker. Writes JSON messages to file. `docker logs` command is available only for this logging driver +The following logging options are supported for this logging driver: [none] + #### Logging driver: syslog Syslog logging driver for Docker. Writes log messages to syslog. `docker logs` command is not available for this logging driver +The following logging options are supported for this logging driver: + + --log-opt address=[tcp|udp]://host:port + --log-opt address=unix://path + +`address` specifies the remote syslog server address where the driver connects to. +If not specified it defaults to the local unix socket of the running system. +If transport is either `tcp` or `udp` and `port` is not specified it defaults to `514` +The following example shows how to have the `syslog` driver connect to a `syslog` +remote server at `192.168.0.42` on port `123` + + $ docker run --log-driver=syslog --log-opt address=tcp://192.168.0.42:123 + #### Logging driver: journald Journald logging driver for Docker. Writes log messages to journald; the container id will be stored in the journal's `CONTAINER_ID` field. `docker logs` command is not available for this logging driver. For detailed information on working with this logging driver, see [the journald logging driver](reference/logging/journald) reference documentation. -#### Log Opts : - -Logging options for configuring a log driver. The following log options are supported: [none] +The following logging options are supported for this logging driver: [none] ## Overriding Dockerfile image defaults From c23cfcf30d2a2b66bfb5397d4423b78b85f3685f Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Thu, 28 May 2015 13:24:28 -0700 Subject: [PATCH 0643/2538] Add note about overlay not being production ready Add a paragraph in cli.md mentioning that overlay is not a production ready graphdriver. Signed-off-by: Arnaud Porterie --- docs/sources/reference/commandline/cli.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 986bcdedac..0a6ef38bb0 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -293,6 +293,12 @@ The `overlay` is a very fast union filesystem. It is now merged in the main Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). Call `docker -d -s overlay` to use it. +> **Note:** +> As promising as `overlay` is, the feature is still quite young and should not +> be used in production. Most notably, using `overlay` can cause excessive +> inode consumption (especially as the number of images grows), as well as +> being incompatible with the use of RPMs. + > **Note:** > It is currently unsupported on `btrfs` or any Copy on Write filesystem > and should only be used over `ext4` partitions. From 8eec36a1ea531abe508e9c804030caaa92bf1ef8 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Sat, 30 May 2015 04:37:53 -0700 Subject: [PATCH 0644/2538] Premature newline insertions Noticed that there were a few newlines in the middle of a \`...\` blocks that made the text look funny when displayed in HTML. Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 0a6ef38bb0..c4d012515c 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -574,8 +574,8 @@ use the proxy `--default-ulimit` allows you to set the default `ulimit` options to use for all containers. It takes the same options as `--ulimit` for `docker run`. If these defaults are not set, `ulimit` settings will be inherited, if not set on -`docker run`, from the Docker daemon. Any `--ulimit` options passed to `docker -run` will overwrite these defaults. +`docker run`, from the Docker daemon. Any `--ulimit` options passed to +`docker run` will overwrite these defaults. ### Miscellaneous options @@ -1029,8 +1029,8 @@ Creates a new container. The `docker create` command creates a writeable container layer over the specified image and prepares it for running the specified command. The container ID is then printed to `STDOUT`. This is similar to `docker run -d` -except the container is never started. You can then use the `docker start -` command to start the container at any point. +except the container is never started. You can then use the +`docker start ` command to start the container at any point. This is useful when you want to set up a container configuration ahead of time so that it is ready to start when you need it. @@ -1125,8 +1125,8 @@ and Docker images will report: #### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If you would -like to use multiple filters, pass multiple flags (e.g., `--filter "foo=bar" ---filter "bif=baz"`) +like to use multiple filters, pass multiple flags (e.g., +`--filter "foo=bar" --filter "bif=baz"`) Using the same filter multiple times will be handled as a *OR*; for example `--filter container=588a23dac085 --filter container=a8f7720b8c22` will display @@ -1869,9 +1869,9 @@ The main process inside the container referenced under the link `/redis` will re $ docker rm $(docker ps -a -q) -This command will delete all stopped containers. The command `docker ps --a -q` will return all existing container IDs and pass them to the `rm` -command which will delete them. Any running containers will not be +This command will delete all stopped containers. The command +`docker ps -a -q` will return all existing container IDs and pass them to +the `rm` command which will delete them. Any running containers will not be deleted. ## rmi From 835d319cc024a5c459ee32e83a9dd1acdbd3d9c6 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 20 May 2015 14:51:58 -0700 Subject: [PATCH 0645/2538] Add a "Created" state for new containers that haven't been run yet Closes #13353 Signed-off-by: Doug Davis --- docs/sources/reference/commandline/cli.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c4d012515c..770d2d3527 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1033,7 +1033,8 @@ except the container is never started. You can then use the `docker start ` command to start the container at any point. This is useful when you want to set up a container configuration ahead of time -so that it is ready to start when you need it. +so that it is ready to start when you need it. The initial status of the +new container is `created`. Please see the [run command](#run) section and the [Docker run reference]( /reference/run/) for more details. @@ -1760,7 +1761,7 @@ The currently supported filters are: * label (`label=` or `label==`) * name (container's name) * exited (int - the code of exited containers. Only useful with `--all`) -* status (restarting|running|paused|exited) +* status (created|restarting|running|paused|exited) ##### Successfully exited containers From bb27aa0ce94d50f0b8b2a833a5fbc2ca48ccd574 Mon Sep 17 00:00:00 2001 From: Joe Gordon Date: Sun, 31 May 2015 11:47:49 -0700 Subject: [PATCH 0646/2538] Fix spelling mistakes in documentation While reading some of the docs I noticed a few errors, so I ran misspellings (https://pypi.python.org/pypi/misspellings) on markdown files Signed-off-by: Joe Gordon --- docs/sources/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 770d2d3527..5fdb17cbe5 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -689,7 +689,7 @@ process is returned by the `docker attach` command to its caller too: --memory-swap="" Total memory (memory + swap), `-1` to disable swap -c, --cpu-shares CPU Shares (relative weight) --cpuset-mems="" MEMs in which to allow execution, e.g. `0-3`, `0,1` - --cpuset-cpus="" CPUs in which to allow exection, e.g. `0-3`, `0,1` + --cpuset-cpus="" CPUs in which to allow execution, e.g. `0-3`, `0,1` --cgroup-parent="" Optional parent cgroup for the container Builds Docker images from a Dockerfile and a "context". A build's context is @@ -759,7 +759,7 @@ client is killed for any reason. > **Note:** > Currently only the "run" phase of the build can be canceled until pull -> cancelation is implemented). +> cancellation is implemented). ### Return code From 0cc368b4238e95a230268cea8bb9f9f2ba108020 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Wed, 27 May 2015 15:11:05 -0700 Subject: [PATCH 0647/2538] Updating after the pr went through Updating with comments. Signed-off-by: Mary Anthony --- docs/sources/reference/commandline/cli.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 5fdb17cbe5..c0297b518d 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -2206,18 +2206,18 @@ mount the volumes in read-only or read-write mode, respectively. By default, the volumes are mounted in the same mode (read write or read only) as the reference container. -Labeling systems like SELinux require proper labels be placed on volume content -mounted into a container, otherwise the security system might prevent the -processes running inside the container from using the content. By default, -volumes are not relabeled. +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a container. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Docker does not change the labels set by the OS. -Two suffixes :z or :Z can be added to the volume mount. These suffixes tell -Docker to relabel file objects on the shared volumes. The 'z' option tells -Docker that the volume content will be shared between containers. Docker will -label the content with a shared content label. Shared volumes labels allow all -containers to read/write content. The 'Z' option tells Docker to label the -content with a private unshared label. Private volumes can only be used by the -current container. +To change the label in the container context, you can add either of two suffixes +`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file +objects on the shared volumes. The `z` option tells Docker that two containers +share the volume content. As a result, Docker labels the content with a shared +content label. Shared volume labels allow all containers to read/write content. +The `Z` option tells Docker to label the content with a private unshared label. +Only the current container can use a private volume. The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or `STDERR`. This makes it possible to manipulate the output and input as From 0558f93aa91be7b6fa16ff482a20854903dbc701 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Tue, 2 Jun 2015 12:43:00 -0700 Subject: [PATCH 0648/2538] Add syslog-tag option for syslog log-driver Signed-off-by: Alexander Morozov --- docs/sources/reference/run.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index f1c4a44d7c..0806c91ea2 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -884,6 +884,7 @@ The following logging options are supported for this logging driver: --log-opt address=[tcp|udp]://host:port --log-opt address=unix://path + --log-opt syslog-tag="mailer" `address` specifies the remote syslog server address where the driver connects to. If not specified it defaults to the local unix socket of the running system. @@ -893,6 +894,8 @@ remote server at `192.168.0.42` on port `123` $ docker run --log-driver=syslog --log-opt address=tcp://192.168.0.42:123 +`syslog-tag` specifies tag for syslog messages from container. + #### Logging driver: journald Journald logging driver for Docker. Writes log messages to journald; the container id will be stored in the journal's `CONTAINER_ID` field. `docker logs` command is not available for this logging driver. For detailed information on working with this logging driver, see [the journald logging driver](reference/logging/journald) reference documentation. From f9f6d8a353e7a16b17ef5f5340e8c3dbd98fb3c6 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Tue, 2 Jun 2015 12:44:23 -0700 Subject: [PATCH 0649/2538] Change address to syslog-address in syslog docs Signed-off-by: Alexander Morozov --- docs/sources/reference/run.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 0806c91ea2..7438fe8cd6 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -882,17 +882,17 @@ command is not available for this logging driver The following logging options are supported for this logging driver: - --log-opt address=[tcp|udp]://host:port - --log-opt address=unix://path + --log-opt syslog-address=[tcp|udp]://host:port + --log-opt syslog-address=unix://path --log-opt syslog-tag="mailer" -`address` specifies the remote syslog server address where the driver connects to. +`syslog-address` specifies the remote syslog server address where the driver connects to. If not specified it defaults to the local unix socket of the running system. If transport is either `tcp` or `udp` and `port` is not specified it defaults to `514` The following example shows how to have the `syslog` driver connect to a `syslog` remote server at `192.168.0.42` on port `123` - $ docker run --log-driver=syslog --log-opt address=tcp://192.168.0.42:123 + $ docker run --log-driver=syslog --log-opt syslog-address=tcp://192.168.0.42:123 `syslog-tag` specifies tag for syslog messages from container. From cf8790f920ac2498d7f6fa8de2abccae316c8cf4 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Tue, 2 Jun 2015 12:46:51 -0700 Subject: [PATCH 0650/2538] Wrap lines for journald docs Signed-off-by: Alexander Morozov --- docs/sources/reference/run.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 7438fe8cd6..1f75b87c4c 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -898,7 +898,11 @@ remote server at `192.168.0.42` on port `123` #### Logging driver: journald -Journald logging driver for Docker. Writes log messages to journald; the container id will be stored in the journal's `CONTAINER_ID` field. `docker logs` command is not available for this logging driver. For detailed information on working with this logging driver, see [the journald logging driver](reference/logging/journald) reference documentation. +Journald logging driver for Docker. Writes log messages to journald; the +container id will be stored in the journal's `CONTAINER_ID` field. `docker logs` +command is not available for this logging driver. For detailed information on +working with this logging driver, see [the journald logging driver](reference/logging/journald) +reference documentation. The following logging options are supported for this logging driver: [none] From 326cf83bcc639bf4bd44ea0ee45399c556a4d156 Mon Sep 17 00:00:00 2001 From: Ahmet Alp Balkan Date: Tue, 12 May 2015 19:59:34 +0000 Subject: [PATCH 0651/2538] Allow duration strings as --since/--until MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #13107. This change enables Go duration strings computed relative to the client machine’s time to be used as input parameters to `docker events --since/--until` and `docker logs --since` arguments. Added unit tests for pkg/timeutils.GetTimestamp as well. Signed-off-by: Ahmet Alp Balkan --- docs/sources/reference/commandline/cli.md | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index c0297b518d..e97738e5e6 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1123,6 +1123,10 @@ and Docker images will report: untag, delete +The `--since` and `--until` parameters can be Unix timestamps, RFC3339 +dates or Go duration strings (e.g. `10m`, `1h30m`) computed relative to +client machine’s time. + #### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If you would @@ -1186,6 +1190,15 @@ You'll need two shells for this example. 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop +This example outputs all events that were generated in the last 3 minutes, +relative to the current time on the client machine: + + $ docker events --since '3m' + 2015-05-12T11:51:30.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2015-05-12T15:52:12.999999999Z07:00 4 4386fb97867d: (from ubuntu-1:14.04) stop + 2015-05-12T15:53:45.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2015-05-12T15:54:03.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + **Filter events:** $ docker events --filter 'event=stop' @@ -1679,9 +1692,11 @@ timestamp, for example `2014-09-16T06:17:46.000000000Z`, to each log entry. To ensure that the timestamps for are aligned the nano-second part of the timestamp will be padded with zero when necessary. -The `--since` option shows logs of a container generated only after -the given date, specified as RFC 3339 or UNIX timestamp. The `--since` option -can be combined with the `--follow` and `--tail` options. +The `--since` option shows only the container logs generated after +a given date. You can specify the date as an RFC 3339 date, a UNIX +timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Docker computes +the date relative to the client machine’s time. You can combine +the `--since` option with either or both of the `--follow` or `--tail` options. ## pause From 9ac00da7cea7a65ec199bb0f06dae3ed82db784b Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Wed, 3 Jun 2015 12:08:40 -0700 Subject: [PATCH 0652/2538] Update urls from .com to .org. I added 301 redirects from dockerproject.com to dockerproject.org but may as well make sure everything is updated anyways. Signed-off-by: Jessica Frazelle --- docs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/README.md b/docs/README.md index 8ff25adab7..bb41dbf10a 100755 --- a/docs/README.md +++ b/docs/README.md @@ -12,7 +12,7 @@ Docker has two primary branches for documentation: | Branch | Description | URL (published via commit-hook) | |----------|--------------------------------|------------------------------------------------------------------------------| | `docs` | Official release documentation | [https://docs.docker.com](https://docs.docker.com) | -| `master` | Merged but unreleased development work | [http://docs.master.dockerproject.com](http://docs.master.dockerproject.com) | +| `master` | Merged but unreleased development work | [http://docs.master.dockerproject.org](http://docs.master.dockerproject.org) | Additions and updates to upcoming releases are made in a feature branch off of the `master` branch. The Docker maintainers also support a `docs` branch that @@ -22,7 +22,7 @@ After a release, documentation updates are continually merged into `master` as they occur. This work includes new documentation for forthcoming features, bug fixes, and other updates. Docker's CI system automatically builds and updates the `master` documentation after each merge and posts it to -[http://docs.master.dockerproject.com](http://docs.master.dockerproject.com). +[http://docs.master.dockerproject.org](http://docs.master.dockerproject.org). Periodically, the Docker maintainers update `docs.docker.com` between official releases of Docker. They do this by cherry-picking commits from `master`, From 17d4c36de4374c69322b166164849824701d80da Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Wed, 3 Jun 2015 13:43:27 -0700 Subject: [PATCH 0653/2538] Moving experimental Signed-off-by: Mary Anthony --- .../EXPERIMENTAL.md | 19 +++++++++++-------- .../plugin_api.md | 4 ---- .../experimental => experimental}/plugins.md | 3 --- .../plugins_volume.md | 3 --- 4 files changed, 11 insertions(+), 18 deletions(-) rename docs/sources/experimental/experimental.md => experimental/EXPERIMENTAL.md (58%) rename {docs/sources/experimental => experimental}/plugin_api.md (97%) rename {docs/sources/experimental => experimental}/plugins.md (94%) rename {docs/sources/experimental => experimental}/plugins_volume.md (94%) diff --git a/docs/sources/experimental/experimental.md b/experimental/EXPERIMENTAL.md similarity index 58% rename from docs/sources/experimental/experimental.md rename to experimental/EXPERIMENTAL.md index b0d72b90b0..37e9baf06e 100644 --- a/docs/sources/experimental/experimental.md +++ b/experimental/EXPERIMENTAL.md @@ -1,12 +1,8 @@ -page_title: Overview of Experimental Features -page_keywords: experimental, Docker, feature +# Docker Experimental Features -# Experimental Features in this Release - -This page contains a list of features in the Docker engine which are -experimental as of the current release. Experimental features are **not** ready -for production. They are provided for test and evaluation in your sandbox -environments. + This page contains a list of features in the Docker engine which are +experimental. Experimental features are **not** ready for production. They are +provided for test and evaluation in your sandbox environments. The information below describes each feature and the Github pull requests and issues associated with it. If necessary, links are provided to additional @@ -15,6 +11,8 @@ please feel free to provide any feedback on these features you wish. ## Install Docker experimental +Unlike the regular Docker binary, the experimental channels is built and updated nightly on https://experimental.docker.com. From one day to the next, new features may appear, while existing experimental features may be refined or entirely removed. + 1. Verify that you have `wget` installed. $ which wget @@ -49,3 +47,8 @@ please feel free to provide any feedback on these features you wish. * [Support for Docker plugins](plugins.md) * [Volume plugins](plugins_volume.md) +## How to comment on an experimental feature + +Each feature's documentation includes a list of proposal pull requests or PRs associated with the feature. If you want to comment on or suggest a change to a feature, please add it to the existing feature PR. + +Issues or problems with a feature? Inquire for help on the `#docker` IRC channel or in on the [Docker Google group](https://groups.google.com/forum/#!forum/docker-user). \ No newline at end of file diff --git a/docs/sources/experimental/plugin_api.md b/experimental/plugin_api.md similarity index 97% rename from docs/sources/experimental/plugin_api.md rename to experimental/plugin_api.md index 6454fc2a97..ad83ffd0a5 100644 --- a/docs/sources/experimental/plugin_api.md +++ b/experimental/plugin_api.md @@ -1,7 +1,3 @@ -page_title: Plugin API documentation -page_description: Documentation for writing a Docker plugin. -page_keywords: docker, plugins, api, extensions - # Experimental: Docker Plugin API Docker plugins are out-of-process extensions which add capabilities to the diff --git a/docs/sources/experimental/plugins.md b/experimental/plugins.md similarity index 94% rename from docs/sources/experimental/plugins.md rename to experimental/plugins.md index dbcb70ce67..0b7ca42a2c 100644 --- a/docs/sources/experimental/plugins.md +++ b/experimental/plugins.md @@ -1,6 +1,3 @@ -page_title: Experimental feature - Plugins -page_keywords: experimental, Docker, plugins - # Experimental: Extend Docker with a plugin You can extend the capabilities of the Docker Engine by loading third-party diff --git a/docs/sources/experimental/plugins_volume.md b/experimental/plugins_volume.md similarity index 94% rename from docs/sources/experimental/plugins_volume.md rename to experimental/plugins_volume.md index 399dda71e3..fe2ab0dc45 100644 --- a/docs/sources/experimental/plugins_volume.md +++ b/experimental/plugins_volume.md @@ -1,6 +1,3 @@ -page_title: Experimental feature - Volume plugins -page_keywords: experimental, Docker, plugins, volume - # Experimental: Docker volume plugins Docker volume plugins enable Docker deployments to be integrated with external From c632793d43493882c4d321844cd5b3db5fb386e0 Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Thu, 4 Jun 2015 10:32:50 -0700 Subject: [PATCH 0654/2538] Rename EXPERIMENTAL.md to README.md Signed-off-by: Arnaud Porterie --- experimental/{EXPERIMENTAL.md => README.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename experimental/{EXPERIMENTAL.md => README.md} (100%) diff --git a/experimental/EXPERIMENTAL.md b/experimental/README.md similarity index 100% rename from experimental/EXPERIMENTAL.md rename to experimental/README.md From 299e90305cfeba0233611c6f0cfb73262853a0b4 Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Thu, 4 Jun 2015 10:33:20 -0700 Subject: [PATCH 0655/2538] Remove reference to experimental release Remove reference to experimental releases as it is really a nightly channel rather than a scheduled release. Signed-off-by: Arnaud Porterie --- experimental/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/experimental/README.md b/experimental/README.md index 37e9baf06e..0933e7eca0 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -42,7 +42,7 @@ Unlike the regular Docker binary, the experimental channels is built and updated This command downloads a test image and runs it in a container. -## Experimental features in this Release +## Current experimental features * [Support for Docker plugins](plugins.md) * [Volume plugins](plugins_volume.md) @@ -51,4 +51,4 @@ Unlike the regular Docker binary, the experimental channels is built and updated Each feature's documentation includes a list of proposal pull requests or PRs associated with the feature. If you want to comment on or suggest a change to a feature, please add it to the existing feature PR. -Issues or problems with a feature? Inquire for help on the `#docker` IRC channel or in on the [Docker Google group](https://groups.google.com/forum/#!forum/docker-user). \ No newline at end of file +Issues or problems with a feature? Inquire for help on the `#docker` IRC channel or in on the [Docker Google group](https://groups.google.com/forum/#!forum/docker-user). From 5683dcc183855e0ccdcc39d83bcb9622b56b29da Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 5 Jun 2015 12:42:48 -0700 Subject: [PATCH 0656/2538] Minor doc edit to add clarity around the --volume path format Also add a comment to the ValidatePath func so devs/reviewers know exactly what its looking for. Signed-off-by: Doug Davis --- docs/sources/reference/run.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 1f75b87c4c..a14a6084d3 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -1122,8 +1122,10 @@ container's `/etc/hosts` entry will be automatically updated. ## VOLUME (shared filesystems) - -v=[]: Create a bind mount with: [host-dir]:[container-dir]:[rw|ro]. - If "container-dir" is missing, then docker creates a new volume. + -v=[]: Create a bind mount with: [host-dir:]container-dir[:rw|ro]. + If 'host-dir' is missing, then docker creates a new volume. + If neither 'rw' or 'ro' is specified then the volume is mounted + in read-write mode. --volumes-from="": Mount all volumes from the given container(s) The volumes commands are complex enough to have their own documentation From 0e820ef647f738e322a476a81b0aa47bd64d8986 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 8 Jun 2015 16:29:12 -0700 Subject: [PATCH 0657/2538] Fix COPY/ADD quoted/json form Minor tweak to the quoted/json form and made man page look like the Dockerfile docs. W/o the `,` people may think there should be a space delimited list. Signed-off-by: Doug Davis --- docs/sources/reference/builder.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index fb4d5ce1d7..e847446286 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -492,7 +492,7 @@ change them using `docker run --env =`. ADD has two forms: - `ADD ... ` -- `ADD [""... ""]` (this form is required for paths containing +- `ADD ["",... ""]` (this form is required for paths containing whitespace) The `ADD` instruction copies new files, directories or remote file URLs from `` @@ -596,7 +596,7 @@ The copy obeys the following rules: COPY has two forms: - `COPY ... ` -- `COPY [""... ""]` (this form is required for paths containing +- `COPY ["",... ""]` (this form is required for paths containing whitespace) The `COPY` instruction copies new files or directories from `` From 1de916edadf86b2c9afc11d5668ae4e88517514f Mon Sep 17 00:00:00 2001 From: Josh Hawn Date: Mon, 8 Jun 2015 11:42:00 -0700 Subject: [PATCH 0658/2538] [docs] Update builder docs on last-modified times Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) --- docs/sources/reference/builder.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/sources/reference/builder.md b/docs/sources/reference/builder.md index e847446286..16f918d26a 100644 --- a/docs/sources/reference/builder.md +++ b/docs/sources/reference/builder.md @@ -519,8 +519,8 @@ All new files and directories are created with a UID and GID of 0. In the case where `` is a remote file URL, the destination will have permissions of 600. If the remote file being retrieved has an HTTP `Last-Modified` header, the timestamp from that header will be used -to set the `mtime` on the destination file. Then, like any other file -processed during an `ADD`, `mtime` will be included in the determination +to set the `mtime` on the destination file. However, like any other file +processed during an `ADD`, `mtime` will not be included in the determination of whether or not the file has changed and the cache should be updated. > **Note**: From 355f241838b57ac9de5fc038e343addbb066df87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Borbo=C3=ABn?= Date: Wed, 10 Jun 2015 13:22:27 +0200 Subject: [PATCH 0659/2538] Typo psuedo - pseudo Signed-off-by: ponsfrilus --- docs/sources/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index a14a6084d3..90e8ae4992 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -1037,7 +1037,7 @@ variables automatically: TERM - xterm if the container is allocated a psuedo-TTY + xterm if the container is allocated a pseudo-TTY From f062b77f18cbbbaa0871a3732d2325b9143a27fa Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 4 Jun 2015 19:47:46 -0700 Subject: [PATCH 0660/2538] Default events since to current time Signed-off-by: Brian Goff --- docs/sources/reference/commandline/cli.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index e97738e5e6..3b98c6fcd9 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -1125,7 +1125,8 @@ and Docker images will report: The `--since` and `--until` parameters can be Unix timestamps, RFC3339 dates or Go duration strings (e.g. `10m`, `1h30m`) computed relative to -client machine’s time. +client machine’s time. If you do not provide the --since option, the command +returns only new and/or live events. #### Filtering From 972214455d18ee9682608b51e538e3581e506e8e Mon Sep 17 00:00:00 2001 From: Marius Sturm Date: Fri, 29 May 2015 23:00:46 +0200 Subject: [PATCH 0661/2538] add UDP GELF logging-driver allows to send container logs to Graylog or Logstash. Signed-off-by: Marius Sturm --- docs/sources/reference/run.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index 90e8ae4992..db0a7d5def 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -906,6 +906,25 @@ reference documentation. The following logging options are supported for this logging driver: [none] +#### Logging driver: gelf + +Graylog Extended Log Format (GELF) logging driver for Docker. Writes log messages to a GELF endpoint like +Graylog or Logstash. The `docker logs` command is not available for this logging driver. + +The GELF logging driver supports the following options: + + --log-opt gelf-address=udp://host:port + --log-opt gelf-tag="database" + +The `gelf-address` option specifies the remote GELF server address that the +driver connects to. Currently, only `udp` is supported as the transport and you must +specify a `port` value. The following example shows how to connect the `gelf` +driver to a GELF remote server at `192.168.0.42` on port `12201` + + $ docker run --log-driver=gelf --log-opt gelf-address=udp://192.168.0.42:12201 + +The `gelf-tag` option specifies a tag for easy container identification. + ## Overriding Dockerfile image defaults When a developer builds an image from a [*Dockerfile*](/reference/builder) From 77868b76b94986a5d067df825fea57753ac324a2 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Mon, 8 Jun 2015 10:48:20 -0700 Subject: [PATCH 0662/2538] Moving man pages out of docs Adding in other areas per comments Updating with comments; equalizing generating man page info Updating with duglin's comments Doug is right here again;fixing. Signed-off-by: Mary Anthony --- docs/README.md | 21 +- man/Dockerfile | 7 + man/Dockerfile.5.md | 329 ++++++++++++++++++++ man/README.md | 44 +++ man/docker-attach.1.md | 70 +++++ man/docker-build.1.md | 215 +++++++++++++ man/docker-commit.1.md | 59 ++++ man/docker-cp.1.md | 70 +++++ man/docker-create.1.md | 246 +++++++++++++++ man/docker-diff.1.md | 49 +++ man/docker-events.1.md | 86 ++++++ man/docker-exec.1.md | 51 ++++ man/docker-export.1.md | 44 +++ man/docker-history.1.md | 51 ++++ man/docker-images.1.md | 84 +++++ man/docker-import.1.md | 59 ++++ man/docker-info.1.md | 49 +++ man/docker-inspect.1.md | 267 ++++++++++++++++ man/docker-kill.1.md | 28 ++ man/docker-load.1.md | 45 +++ man/docker-login.1.md | 51 ++++ man/docker-logout.1.md | 32 ++ man/docker-logs.1.md | 55 ++++ man/docker-pause.1.md | 30 ++ man/docker-port.1.md | 47 +++ man/docker-ps.1.md | 91 ++++++ man/docker-pull.1.md | 73 +++++ man/docker-push.1.md | 51 ++++ man/docker-rename.1.md | 13 + man/docker-restart.1.md | 26 ++ man/docker-rm.1.md | 56 ++++ man/docker-rmi.1.md | 42 +++ man/docker-run.1.md | 658 ++++++++++++++++++++++++++++++++++++++++ man/docker-save.1.md | 45 +++ man/docker-search.1.md | 65 ++++ man/docker-start.1.md | 34 +++ man/docker-stats.1.md | 31 ++ man/docker-stop.1.md | 30 ++ man/docker-tag.1.md | 65 ++++ man/docker-top.1.md | 33 ++ man/docker-unpause.1.md | 27 ++ man/docker-version.1.md | 15 + man/docker-wait.1.md | 30 ++ man/docker.1.md | 393 ++++++++++++++++++++++++ man/md2man-all.sh | 22 ++ 45 files changed, 3872 insertions(+), 17 deletions(-) create mode 100644 man/Dockerfile create mode 100644 man/Dockerfile.5.md create mode 100644 man/README.md create mode 100644 man/docker-attach.1.md create mode 100644 man/docker-build.1.md create mode 100644 man/docker-commit.1.md create mode 100644 man/docker-cp.1.md create mode 100644 man/docker-create.1.md create mode 100644 man/docker-diff.1.md create mode 100644 man/docker-events.1.md create mode 100644 man/docker-exec.1.md create mode 100644 man/docker-export.1.md create mode 100644 man/docker-history.1.md create mode 100644 man/docker-images.1.md create mode 100644 man/docker-import.1.md create mode 100644 man/docker-info.1.md create mode 100644 man/docker-inspect.1.md create mode 100644 man/docker-kill.1.md create mode 100644 man/docker-load.1.md create mode 100644 man/docker-login.1.md create mode 100644 man/docker-logout.1.md create mode 100644 man/docker-logs.1.md create mode 100644 man/docker-pause.1.md create mode 100644 man/docker-port.1.md create mode 100644 man/docker-ps.1.md create mode 100644 man/docker-pull.1.md create mode 100644 man/docker-push.1.md create mode 100644 man/docker-rename.1.md create mode 100644 man/docker-restart.1.md create mode 100644 man/docker-rm.1.md create mode 100644 man/docker-rmi.1.md create mode 100644 man/docker-run.1.md create mode 100644 man/docker-save.1.md create mode 100644 man/docker-search.1.md create mode 100644 man/docker-start.1.md create mode 100644 man/docker-stats.1.md create mode 100644 man/docker-stop.1.md create mode 100644 man/docker-tag.1.md create mode 100644 man/docker-top.1.md create mode 100644 man/docker-unpause.1.md create mode 100644 man/docker-version.1.md create mode 100644 man/docker-wait.1.md create mode 100644 man/docker.1.md create mode 100755 man/md2man-all.sh diff --git a/docs/README.md b/docs/README.md index bb41dbf10a..9cdb20984a 100755 --- a/docs/README.md +++ b/docs/README.md @@ -280,24 +280,11 @@ aws cloudfront create-invalidation --profile docs.docker.com --distribution-id aws cloudfront create-invalidation --profile docs.docker.com --distribution-id $DISTRIBUTION_ID --invalidation-batch '{"Paths":{"Quantity":1, "Items":["/v1.1/reference/api/docker_io_oauth_api/"]},"CallerReference":"6Mar2015sventest1"}' ``` -### Generate the man pages for Mac OSX +### Generate the man pages -When using Docker on Mac OSX the man pages will be missing by default. You can manually generate them by following these steps: +For information on generating man pages (short for manual page), see [the man +page directory](https://github.com/docker/docker/tree/master/docker) in this +project. -1. Checkout the docker source. You must clone into your `/Users` directory because Boot2Docker can only share this path - with the docker containers. - $ git clone https://github.com/docker/docker.git - -2. Build the docker image. - - $ cd docker/docs/man - $ docker build -t docker/md2man . -3. Build the man pages. - - $ docker run -v /Users//docker/docs/man:/docs:rw -w /docs -i docker/md2man /docs/md2man-all.sh - -4. Copy the generated man pages to `/usr/share/man` - - $ cp -R man* /usr/share/man/ diff --git a/man/Dockerfile b/man/Dockerfile new file mode 100644 index 0000000000..9910bd48f9 --- /dev/null +++ b/man/Dockerfile @@ -0,0 +1,7 @@ +FROM golang:1.3 +RUN mkdir -p /go/src/github.com/cpuguy83 +RUN mkdir -p /go/src/github.com/cpuguy83 \ + && git clone -b v1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ + && cd /go/src/github.com/cpuguy83/go-md2man \ + && go get -v ./... +CMD ["/go/bin/go-md2man", "--help"] diff --git a/man/Dockerfile.5.md b/man/Dockerfile.5.md new file mode 100644 index 0000000000..b4ef771a45 --- /dev/null +++ b/man/Dockerfile.5.md @@ -0,0 +1,329 @@ +% DOCKERFILE(5) Docker User Manuals +% Zac Dover +% May 2014 +# NAME + +Dockerfile - automate the steps of creating a Docker image + +# INTRODUCTION + +The **Dockerfile** is a configuration file that automates the steps of creating +a Docker image. It is similar to a Makefile. Docker reads instructions from the +**Dockerfile** to automate the steps otherwise performed manually to create an +image. To build an image, create a file called **Dockerfile**. + +The **Dockerfile** describes the steps taken to assemble the image. When the +**Dockerfile** has been created, call the `docker build` command, using the +path of directory that contains **Dockerfile** as the argument. + +# SYNOPSIS + +INSTRUCTION arguments + +For example: + + FROM image + +# DESCRIPTION + +A Dockerfile is a file that automates the steps of creating a Docker image. +A Dockerfile is similar to a Makefile. + +# USAGE + + docker build . + + -- Runs the steps and commits them, building a final image. + The path to the source repository defines where to find the context of the + build. The build is run by the Docker daemon, not the CLI. The whole + context must be transferred to the daemon. The Docker CLI reports + `"Sending build context to Docker daemon"` when the context is sent to the + daemon. + + ``` + docker build -t repository/tag . + ``` + + -- specifies a repository and tag at which to save the new image if the build + succeeds. The Docker daemon runs the steps one-by-one, committing the result + to a new image if necessary, before finally outputting the ID of the new + image. The Docker daemon automatically cleans up the context it is given. + + Docker re-uses intermediate images whenever possible. This significantly + accelerates the *docker build* process. + +# FORMAT + + `FROM image` + + `FROM image:tag` + + -- The **FROM** instruction sets the base image for subsequent instructions. A + valid Dockerfile must have **FROM** as its first instruction. The image can be any + valid image. It is easy to start by pulling an image from the public + repositories. + + -- **FROM** must be the first non-comment instruction in Dockerfile. + + -- **FROM** may appear multiple times within a single Dockerfile in order to create + multiple images. Make a note of the last image ID output by the commit before + each new **FROM** command. + + -- If no tag is given to the **FROM** instruction, Docker applies the + `latest` tag. If the used tag does not exist, an error is returned. + +**MAINTAINER** + -- **MAINTAINER** sets the Author field for the generated images. + +**RUN** + -- **RUN** has two forms: + + ``` + # the command is run in a shell - /bin/sh -c + RUN + + # Executable form + RUN ["executable", "param1", "param2"] + ``` + + + -- The **RUN** instruction executes any commands in a new layer on top of the current + image and commits the results. The committed image is used for the next step in + Dockerfile. + + -- Layering **RUN** instructions and generating commits conforms to the core + concepts of Docker where commits are cheap and containers can be created from + any point in the history of an image. This is similar to source control. The + exec form makes it possible to avoid shell string munging. The exec form makes + it possible to **RUN** commands using a base image that does not contain `/bin/sh`. + + Note that the exec form is parsed as a JSON array, which means that you must + use double-quotes (") around words not single-quotes ('). + +**CMD** + -- **CMD** has three forms: + + ``` + # Executable form + CMD ["executable", "param1", "param2"]` + + # Provide default arguments to ENTRYPOINT + CMD ["param1", "param2"]` + + # the command is run in a shell - /bin/sh -c + CMD command param1 param2 + ``` + + -- There can be only one **CMD** in a Dockerfile. If more than one **CMD** is listed, only + the last **CMD** takes effect. + The main purpose of a **CMD** is to provide defaults for an executing container. + These defaults may include an executable, or they can omit the executable. If + they omit the executable, an **ENTRYPOINT** must be specified. + When used in the shell or exec formats, the **CMD** instruction sets the command to + be executed when running the image. + If you use the shell form of the **CMD**, the `` executes in `/bin/sh -c`: + + Note that the exec form is parsed as a JSON array, which means that you must + use double-quotes (") around words not single-quotes ('). + + ``` + FROM ubuntu + CMD echo "This is a test." | wc - + ``` + + -- If you run **command** without a shell, then you must express the command as a + JSON array and give the full path to the executable. This array form is the + preferred form of **CMD**. All additional parameters must be individually expressed + as strings in the array: + + ``` + FROM ubuntu + CMD ["/usr/bin/wc","--help"] + ``` + + -- To make the container run the same executable every time, use **ENTRYPOINT** in + combination with **CMD**. + If the user specifies arguments to `docker run`, the specified commands + override the default in **CMD**. + Do not confuse **RUN** with **CMD**. **RUN** runs a command and commits the result. + **CMD** executes nothing at build time, but specifies the intended command for + the image. + +**LABEL** + -- `LABEL [=] [[=] ...]` + The **LABEL** instruction adds metadata to an image. A **LABEL** is a + key-value pair. To include spaces within a **LABEL** value, use quotes and + backslashes as you would in command-line parsing. + + ``` + LABEL "com.example.vendor"="ACME Incorporated" + ``` + + An image can have more than one label. To specify multiple labels, separate + each key-value pair by a space. + + Labels are additive including `LABEL`s in `FROM` images. As the system + encounters and then applies a new label, new `key`s override any previous + labels with identical keys. + + To display an image's labels, use the `docker inspect` command. + +**EXPOSE** + -- `EXPOSE [...]` + The **EXPOSE** instruction informs Docker that the container listens on the + specified network ports at runtime. Docker uses this information to + interconnect containers using links, and to set up port redirection on the host + system. + +**ENV** + -- `ENV ` + The **ENV** instruction sets the environment variable to + the value ``. This value is passed to all future + RUN, **ENTRYPOINT**, and **CMD** instructions. This is + functionally equivalent to prefixing the command with `=`. The + environment variables that are set with **ENV** persist when a container is run + from the resulting image. Use `docker inspect` to inspect these values, and + change them using `docker run --env =`. + + Note that setting "`ENV DEBIAN_FRONTEND noninteractive`" may cause + unintended consequences, because it will persist when the container is run + interactively, as with the following command: `docker run -t -i image bash` + +**ADD** + -- **ADD** has two forms: + + ``` + ADD + + # Required for paths with whitespace + ADD ["",... ""] + ``` + + The **ADD** instruction copies new files, directories + or remote file URLs to the filesystem of the container at path ``. + Multiple `` resources may be specified but if they are files or directories + then they must be relative to the source directory that is being built + (the context of the build). The `` is the absolute path, or path relative + to **WORKDIR**, into which the source is copied inside the target container. + All new files and directories are created with mode 0755 and with the uid + and gid of **0**. + +**COPY** + -- **COPY** has two forms: + + ``` + COPY + + # Required for paths with whitespace + COPY ["",... ""] + ``` + + The **COPY** instruction copies new files from `` and + adds them to the filesystem of the container at path . The `` must be + the path to a file or directory relative to the source directory that is + being built (the context of the build) or a remote file URL. The `` is an + absolute path, or a path relative to **WORKDIR**, into which the source will + be copied inside the target container. All new files and directories are + created with mode **0755** and with the uid and gid of **0**. + +**ENTRYPOINT** + -- **ENTRYPOINT** has two forms: + + ``` + # executable form + ENTRYPOINT ["executable", "param1", "param2"]` + + # run command in a shell - /bin/sh -c + ENTRYPOINT command param1 param2 + ``` + + -- An **ENTRYPOINT** helps you configure a + container that can be run as an executable. When you specify an **ENTRYPOINT**, + the whole container runs as if it was only that executable. The **ENTRYPOINT** + instruction adds an entry command that is not overwritten when arguments are + passed to docker run. This is different from the behavior of CMD. This allows + arguments to be passed to the entrypoint, for instance `docker run -d` + passes the -d argument to the **ENTRYPOINT**. Specify parameters either in the + **ENTRYPOINT** JSON array (as in the preferred exec form above), or by using a **CMD** + statement. Parameters in the **ENTRYPOINT** are not overwritten by the docker run + arguments. Parameters specified via **CMD** are overwritten by docker run + arguments. Specify a plain string for the **ENTRYPOINT**, and it will execute in + `/bin/sh -c`, like a **CMD** instruction: + + ``` + FROM ubuntu + ENTRYPOINT wc -l - + ``` + + This means that the Dockerfile's image always takes stdin as input (that's + what "-" means), and prints the number of lines (that's what "-l" means). To + make this optional but default, use a **CMD**: + + ``` + FROM ubuntu + CMD ["-l", "-"] + ENTRYPOINT ["/usr/bin/wc"] + ``` + +**VOLUME** + -- `VOLUME ["/data"]` + The **VOLUME** instruction creates a mount point with the specified name and marks + it as holding externally-mounted volumes from the native host or from other + containers. + +**USER** + -- `USER daemon` + Sets the username or UID used for running subsequent commands. + + The **USER** instruction can optionally be used to set the group or GID. The + followings examples are all valid: + USER [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Until the **USER** instruction is set, instructions will be run as root. The USER + instruction can be used any number of times in a Dockerfile, and will only affect + subsequent commands. + +**WORKDIR** + -- `WORKDIR /path/to/workdir` + The **WORKDIR** instruction sets the working directory for the **RUN**, **CMD**, + **ENTRYPOINT**, **COPY** and **ADD** Dockerfile commands that follow it. It can + be used multiple times in a single Dockerfile. Relative paths are defined + relative to the path of the previous **WORKDIR** instruction. For example: + + ``` + WORKDIR /a + WORKDIR b + WORKDIR c + RUN pwd + ``` + + In the above example, the output of the **pwd** command is **a/b/c**. + +**ONBUILD** + -- `ONBUILD [INSTRUCTION]` + The **ONBUILD** instruction adds a trigger instruction to an image. The + trigger is executed at a later time, when the image is used as the base for + another build. Docker executes the trigger in the context of the downstream + build, as if the trigger existed immediately after the **FROM** instruction in + the downstream Dockerfile. + + You can register any build instruction as a trigger. A trigger is useful if + you are defining an image to use as a base for building other images. For + example, if you are defining an application build environment or a daemon that + is customized with a user-specific configuration. + + Consider an image intended as a reusable python application builder. It must + add application source code to a particular directory, and might need a build + script called after that. You can't just call **ADD** and **RUN** now, because + you don't yet have access to the application source code, and it is different + for each application build. + + -- Providing application developers with a boilerplate Dockerfile to copy-paste + into their application is inefficient, error-prone, and + difficult to update because it mixes with application-specific code. + The solution is to use **ONBUILD** to register instructions in advance, to + run later, during the next build stage. + +# HISTORY +*May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation. +*Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability diff --git a/man/README.md b/man/README.md new file mode 100644 index 0000000000..9a5ed7eb55 --- /dev/null +++ b/man/README.md @@ -0,0 +1,44 @@ +Docker Documentation +==================== + +This directory contains the Docker user manual in the Markdown format. +Do *not* edit the man pages in the man1 directory. Instead, amend the +Markdown (*.md) files. + +# Generating man pages from the Markdown files + +The recommended approach for generating the man pages is via a Docker +container using the supplied `Dockerfile` to create an image with the correct +environment. This uses `go-md2man`, a pure Go Markdown to man page generator. + +### Generate the man pages + +On Linux installations, Docker includes a set of man pages you can access by typing `man command-name` on the command line. For example, `man docker` displays the `docker` man page. When using Docker on Mac OSX the man pages are not automatically included. + +You can generate and install the `man` pages yourself by following these steps: + +1. Checkout the `docker` source. + + $ git clone https://github.com/docker/docker.git + + If you are using Boot2Docker, you must clone into your `/Users` directory + because Boot2Docker can only share this path with the docker containers. + +2. Build the docker image. + + $ cd docker/man + $ docker build -t docker/md2man . + +3. Build the man pages. + + $ docker run -v /docker/man:/man:rw -w /man -i docker/md2man /man/md2man-all.sh + + The `md2man` Docker container processes the Markdown files and generates + a `man1` and `man5` subdirectories in the `docker/man` directory. + +4. Copy the generated man pages to `/usr/share/man` + + $ cp -R man* /usr/share/man/ + + + diff --git a/man/docker-attach.1.md b/man/docker-attach.1.md new file mode 100644 index 0000000000..1f73d8c9bb --- /dev/null +++ b/man/docker-attach.1.md @@ -0,0 +1,70 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-attach - Attach to a running container + +# SYNOPSIS +**docker attach** +[**--help**]/ +[**--no-stdin**[=*false*]] +[**--sig-proxy**[=*true*]] +CONTAINER + +# DESCRIPTION +The **docker attach** command allows you to attach to a running container using +the container's ID or name, either to view its ongoing output or to control it +interactively. You can attach to the same contained process multiple times +simultaneously, screen sharing style, or quickly view the progress of your +daemonized process. + +You can detach from the container (and leave it running) with `CTRL-p CTRL-q` +(for a quiet exit) or `CTRL-c` which will send a `SIGKILL` to the container. +When you are attached to a container, and exit its main process, the process's +exit code will be returned to the client. + +It is forbidden to redirect the standard input of a `docker attach` command while +attaching to a tty-enabled container (i.e.: launched with `-t`). + +# OPTIONS +**--help** + Print usage statement + +**--no-stdin**=*true*|*false* + Do not attach STDIN. The default is *false*. + +**--sig-proxy**=*true*|*false* + Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*. + +# EXAMPLES + +## Attaching to a container + +In this example the top command is run inside a container, from an image called +fedora, in detached mode. The ID from the container is passed into the **docker +attach** command: + + # ID=$(sudo docker run -d fedora /usr/bin/top -b) + # sudo docker attach $ID + top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355560k used, 18012k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221740k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top + + top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355244k used, 18328k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-build.1.md b/man/docker-build.1.md new file mode 100644 index 0000000000..7a5ceab0e2 --- /dev/null +++ b/man/docker-build.1.md @@ -0,0 +1,215 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-build - Build a new image from the source code at PATH + +# SYNOPSIS +**docker build** +[**--help**] +[**-f**|**--file**[=*PATH/Dockerfile*]] +[**--force-rm**[=*false*]] +[**--no-cache**[=*false*]] +[**--pull**[=*false*]] +[**-q**|**--quiet**[=*false*]] +[**--rm**[=*true*]] +[**-t**|**--tag**[=*TAG*]] +[**-m**|**--memory**[=*MEMORY*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +[**-c**|**--cpu-shares**[=*0*]] +[**--cpu-period**[=*0*]] +[**--cpu-quota**[=*0*]] +[**--cpuset-cpus**[=*CPUSET-CPUS*]] +[**--cpuset-mems**[=*CPUSET-MEMS*]] +[**--cgroup-parent**[=*CGROUP-PARENT*]] + +PATH | URL | - + +# DESCRIPTION +This will read the Dockerfile from the directory specified in **PATH**. +It also sends any other files and directories found in the current +directory to the Docker daemon. The contents of this directory would +be used by **ADD** commands found within the Dockerfile. + +Warning, this will send a lot of data to the Docker daemon depending +on the contents of the current directory. The build is run by the Docker +daemon, not by the CLI, so the whole context must be transferred to the daemon. +The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to +the daemon. + +When a single Dockerfile is given as the URL, then no context is set. +When a Git repository is set as the **URL**, the repository is used +as context. + +# OPTIONS +**-f**, **--file**=*PATH/Dockerfile* + Path to the Dockerfile to use. If the path is a relative path then it must be relative to the current directory. The file must be within the build context. The default is *Dockerfile*. + +**--force-rm**=*true*|*false* + Always remove intermediate containers, even after unsuccessful builds. The default is *false*. + +**--no-cache**=*true*|*false* + Do not use cache when building the image. The default is *false*. + +**--help** + Print usage statement + +**--pull**=*true*|*false* + Always attempt to pull a newer version of the image. The default is *false*. + +**-q**, **--quiet**=*true*|*false* + Suppress the verbose output generated by the containers. The default is *false*. + +**--rm**=*true*|*false* + Remove intermediate containers after a successful build. The default is *true*. + +**-t**, **--tag**="" + Repository name (and optionally a tag) to be applied to the resulting image in case of success + +**-m**, **--memory**=*MEMORY* + Memory limit + +**--memory-swap**=*MEMORY-SWAP* + Total memory (memory + swap), '-1' to disable swap. + +**-c**, **--cpu-shares**=*0* + CPU shares (relative weight). + + By default, all containers get the same proportion of CPU cycles. You can + change this proportion by adjusting the container's CPU share weighting + relative to the weighting of all other running containers. + + To modify the proportion from the default of 1024, use the **-c** or + **--cpu-shares** flag to set the weighting to 2 or higher. + + The proportion is only applied when CPU-intensive processes are running. + When tasks in one container are idle, the other containers can use the + left-over CPU time. The actual amount of CPU time used varies depending on + the number of containers running on the system. + + For example, consider three containers, one has a cpu-share of 1024 and + two others have a cpu-share setting of 512. When processes in all three + containers attempt to use 100% of CPU, the first container would receive + 50% of the total CPU time. If you add a fourth container with a cpu-share + of 1024, the first container only gets 33% of the CPU. The remaining containers + receive 16.5%, 16.5% and 33% of the CPU. + + On a multi-core system, the shares of CPU time are distributed across the CPU + cores. Even if a container is limited to less than 100% of CPU time, it can + use 100% of each individual CPU core. + + For example, consider a system with more than three cores. If you start one + container **{C0}** with **-c=512** running one process, and another container + **{C1}** with **-c=1024** running two processes, this can result in the following + division of CPU shares: + + PID container CPU CPU share + 100 {C0} 0 100% of CPU0 + 101 {C1} 1 100% of CPU1 + 102 {C1} 2 100% of CPU2 + +**--cpu-period**=*0* + Limit the CPU CFS (Completely Fair Scheduler) period. + + Limit the container's CPU usage. This flag causes the kernel to restrict the + container's CPU usage to the period you specify. + +**--cpu-quota**=*0* + Limit the CPU CFS (Completely Fair Scheduler) quota. + + By default, containers run with the full CPU resource. This flag causes the +kernel to restrict the container's CPU usage to the quota you specify. + +**--cpuset-cpus**=*CPUSET-CPUS* + CPUs in which to allow execution (0-3, 0,1). + +**--cpuset-mems**=*CPUSET-MEMS* + Memory nodes (MEMs) in which to allow execution (-1-3, 0,1). Only effective on + NUMA systems. + + For example, if you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` +to ensure the processes in your Docker container only use memory from the first +two memory nodes. + +**--cgroup-parent**=*CGROUP-PARENT* + Path to `cgroups` under which the container's `cgroup` are created. + + If the path is not absolute, the path is considered relative to the `cgroups` path of the init process. +Cgroups are created if they do not already exist. + +# EXAMPLES + +## Building an image using a Dockerfile located inside the current directory + +Docker images can be built using the build command and a Dockerfile: + + docker build . + +During the build process Docker creates intermediate images. In order to +keep them, you must explicitly set `--rm=false`. + + docker build --rm=false . + +A good practice is to make a sub-directory with a related name and create +the Dockerfile in that directory. For example, a directory called mongo may +contain a Dockerfile to create a Docker MongoDB image. Likewise, another +directory called httpd may be used to store Dockerfiles for Apache web +server images. + +It is also a good practice to add the files required for the image to the +sub-directory. These files will then be specified with the `COPY` or `ADD` +instructions in the `Dockerfile`. + +Note: If you include a tar file (a good practice), then Docker will +automatically extract the contents of the tar file specified within the `ADD` +instruction into the specified target. + +## Building an image and naming that image + +A good practice is to give a name to the image you are building. There are +no hard rules here but it is best to give the names consideration. + +The **-t**/**--tag** flag is used to rename an image. Here are some examples: + +Though it is not a good practice, image names can be arbitrary: + + docker build -t myimage . + +A better approach is to provide a fully qualified and meaningful repository, +name, and tag (where the tag in this context means the qualifier after +the ":"). In this example we build a JBoss image for the Fedora repository +and give it the version 1.0: + + docker build -t fedora/jboss:1.0 + +The next example is for the "whenry" user repository and uses Fedora and +JBoss and gives it the version 2.1 : + + docker build -t whenry/fedora-jboss:V2.1 + +If you do not provide a version tag then Docker will assign `latest`: + + docker build -t whenry/fedora-jboss + +When you list the images, the image above will have the tag `latest`. + +So renaming an image is arbitrary but consideration should be given to +a useful convention that makes sense for consumers and should also take +into account Docker community conventions. + + +## Building an image using a URL + +This will clone the specified Github repository from the URL and use it +as context. The Dockerfile at the root of the repository is used as +Dockerfile. This only works if the Github repository is a dedicated +repository. + + docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache + +Note: You can set an arbitrary Git repository via the `git://` schema. + +# HISTORY +March 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-commit.1.md b/man/docker-commit.1.md new file mode 100644 index 0000000000..5a290682d0 --- /dev/null +++ b/man/docker-commit.1.md @@ -0,0 +1,59 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-commit - Create a new image from a container's changes + +# SYNOPSIS +**docker commit** +[**-a**|**--author**[=*AUTHOR*]] +[**--help**] +[**-c**|**--change**[= []**]] +[**-m**|**--message**[=*MESSAGE*]] +[**-p**|**--pause**[=*true*]] +CONTAINER [REPOSITORY[:TAG]] + +# DESCRIPTION +Using an existing container's name or ID you can create a new image. + +# OPTIONS +**-a**, **--author**="" + Author (e.g., "John Hannibal Smith ") + +**-c** , **--change**=[] + Apply specified Dockerfile instructions while committing the image + Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` + +**--help** + Print usage statement + +**-m**, **--message**="" + Commit message + +**-p**, **--pause**=*true*|*false* + Pause container during commit. The default is *true*. + +# EXAMPLES + +## Creating a new image from an existing container +An existing Fedora based container has had Apache installed while running +in interactive mode with the bash shell. Apache is also running. To +create a new image run `docker ps` to find the container's ID and then run: + + # docker commit -m="Added Apache to Fedora base image" \ + -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20 + +## Apply specified Dockerfile instructions while committing the image +If an existing container was created without the DEBUG environment +variable set to "true", you can create a new image based on that +container by first getting the container's ID with `docker ps` and +then running: + + # docker commit -c="ENV DEBUG true" 98bd7fc99854 debug-image + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and in +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit +Oct 2014, updated by Daniel, Dao Quang Minh diff --git a/man/docker-cp.1.md b/man/docker-cp.1.md new file mode 100644 index 0000000000..3cd203a83d --- /dev/null +++ b/man/docker-cp.1.md @@ -0,0 +1,70 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-cp - Copy files or folders from a container's PATH to a HOSTDIR +or to STDOUT. + +# SYNOPSIS +**docker cp** +[**--help**] +CONTAINER:PATH HOSTDIR|- + +# DESCRIPTION + +Copy files or folders from a `CONTAINER:PATH` to the `HOSTDIR` or to `STDOUT`. +The `CONTAINER:PATH` is relative to the root of the container's filesystem. You +can copy from either a running or stopped container. + +The `PATH` can be a file or directory. The `docker cp` command assumes all +`PATH` values start at the `/` (root) directory. This means supplying the +initial forward slash is optional; The command sees +`compassionate_darwin:/tmp/foo/myfile.txt` and +`compassionate_darwin:tmp/foo/myfile.txt` as identical. + +The `HOSTDIR` refers to a directory on the host. If you do not specify an +absolute path for your `HOSTDIR` value, Docker creates the directory relative to +where you run the `docker cp` command. For example, suppose you want to copy the +`/tmp/foo` directory from a container to the `/tmp` directory on your host. If +you run `docker cp` in your `~` (home) directory on the host: + + $ docker cp compassionate_darwin:tmp/foo /tmp + +Docker creates a `/tmp/foo` directory on your host. Alternatively, you can omit +the leading slash in the command. If you execute this command from your home directory: + + $ docker cp compassionate_darwin:tmp/foo tmp + +Docker creates a `~/tmp/foo` subdirectory. + +When copying files to an existing `HOSTDIR`, the `cp` command adds the new files to +the directory. For example, this command: + + $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /tmp + +Creates a `/tmp/foo` directory on the host containing the `myfile.txt` file. If +you repeat the command but change the filename: + + $ docker cp sharp_ptolemy:/tmp/foo/secondfile.txt /tmp + +Your host's `/tmp/foo` directory will contain both files: + + $ ls /tmp/foo + myfile.txt secondfile.txt + +Finally, use '-' to write the data as a `tar` file to STDOUT. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES +An important shell script file, created in a bash shell, is copied from +the exited container to the current dir on the host: + + # docker cp c071f3c3ee81:setup.sh . + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-create.1.md b/man/docker-create.1.md new file mode 100644 index 0000000000..939fcbc1cf --- /dev/null +++ b/man/docker-create.1.md @@ -0,0 +1,246 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-create - Create a new container + +# SYNOPSIS +**docker create** +[**-a**|**--attach**[=*[]*]] +[**--add-host**[=*[]*]] +[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**-c**|**--cpu-shares**[=*0*]] +[**--cap-add**[=*[]*]] +[**--cap-drop**[=*[]*]] +[**--cidfile**[=*CIDFILE*]] +[**--cpu-period**[=*0*]] +[**--cpuset-cpus**[=*CPUSET-CPUS*]] +[**--cpuset-mems**[=*CPUSET-MEMS*]] +[**--cpu-quota**[=*0*]] +[**--device**[=*[]*]] +[**--dns-search**[=*[]*]] +[**--dns**[=*[]*]] +[**-e**|**--env**[=*[]*]] +[**--entrypoint**[=*ENTRYPOINT*]] +[**--env-file**[=*[]*]] +[**--expose**[=*[]*]] +[**-h**|**--hostname**[=*HOSTNAME*]] +[**--help**] +[**-i**|**--interactive**[=*false*]] +[**--ipc**[=*IPC*]] +[**-l**|**--label**[=*[]*]] +[**--label-file**[=*[]*]] +[**--link**[=*[]*]] +[**--lxc-conf**[=*[]*]] +[**--log-driver**[=*[]*]] +[**--log-opt**[=*[]*]] +[**-m**|**--memory**[=*MEMORY*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +[**--mac-address**[=*MAC-ADDRESS*]] +[**--name**[=*NAME*]] +[**--net**[=*"bridge"*]] +[**--oom-kill-disable**[=*false*]] +[**-P**|**--publish-all**[=*false*]] +[**-p**|**--publish**[=*[]*]] +[**--pid**[=*[]*]] +[**--uts**[=*[]*]] +[**--privileged**[=*false*]] +[**--read-only**[=*false*]] +[**--restart**[=*RESTART*]] +[**--security-opt**[=*[]*]] +[**-t**|**--tty**[=*false*]] +[**-u**|**--user**[=*USER*]] +[**-v**|**--volume**[=*[]*]] +[**--volumes-from**[=*[]*]] +[**-w**|**--workdir**[=*WORKDIR*]] +[**--cgroup-parent**[=*CGROUP-PATH*]] +IMAGE [COMMAND] [ARG...] + +# DESCRIPTION + +Creates a writeable container layer over the specified image and prepares it for +running the specified command. The container ID is then printed to STDOUT. This +is similar to **docker run -d** except the container is never started. You can +then use the **docker start ** command to start the container at +any point. + +The initial status of the container created with **docker create** is 'created'. + +# OPTIONS +**-a**, **--attach**=[] + Attach to STDIN, STDOUT or STDERR. + +**--add-host**=[] + Add a custom host-to-IP mapping (host:ip) + +**--blkio-weight**=0 + Block IO weight (relative weight) accepts a weight value between 10 and 1000. + +**-c**, **--cpu-shares**=0 + CPU shares (relative weight) + +**--cap-add**=[] + Add Linux capabilities + +**--cap-drop**=[] + Drop Linux capabilities + +**--cidfile**="" + Write the container ID to the file + +**--cgroup-parent**="" + Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. + +**--cpu-peroid**=0 + Limit the CPU CFS (Completely Fair Scheduler) period + +**--cpuset-cpus**="" + CPUs in which to allow execution (0-3, 0,1) + +**--cpuset-mems**="" + Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. + + If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` +then processes in your Docker container will only use memory from the first +two memory nodes. + +**-cpu-quota**=0 + Limit the CPU CFS (Completely Fair Scheduler) quota + +**--device**=[] + Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) + +**--dns-search**=[] + Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) + +**--dns**=[] + Set custom DNS servers + +**-e**, **--env**=[] + Set environment variables + +**--entrypoint**="" + Overwrite the default ENTRYPOINT of the image + +**--env-file**=[] + Read in a line delimited file of environment variables + +**--expose**=[] + Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host + +**-h**, **--hostname**="" + Container host name + +**--help** + Print usage statement + +**-i**, **--interactive**=*true*|*false* + Keep STDIN open even if not attached. The default is *false*. + +**--ipc**="" + Default is to create a private IPC namespace (POSIX SysV IPC) for the container + 'container:': reuses another container shared memory, semaphores and message queues + 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. + +**-l**, **--label**=[] + Adds metadata to a container (e.g., --label=com.example.key=value) + +**--label-file**=[] + Read labels from a file. Delimit each label with an EOL. + +**--link**=[] + Add link to another container in the form of :alias or just + in which case the alias will match the name. + +**--lxc-conf**=[] + (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*none*" + Logging driver for container. Default is defined by daemon `--log-driver` flag. + **Warning**: `docker logs` command works only for `json-file` logging driver. + +**--log-opt**=[] + Logging driver specific options. + +**-m**, **--memory**="" + Memory limit (format: , where unit = b, k, m or g) + + Allows you to constrain the memory available to a container. If the host +supports swap memory, then the **-m** memory setting can be larger than physical +RAM. If a limit of 0 is specified (not using **-m**), the container's memory is +not limited. The actual limit may be rounded up to a multiple of the operating +system's page size (the value would be very large, that's millions of trillions). + +**--memory-swap**="" + Total memory limit (memory + swap) + + Set `-1` to disable swap (format: , where unit = b, k, m or g). +This value should always larger than **-m**, so you should always use this with **-m**. + +**--mac-address**="" + Container MAC address (e.g. 92:d0:c6:0a:29:33) + +**--name**="" + Assign a name to the container + +**--net**="bridge" + Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + +**--oom-kill-disable**=*true*|*false* + Whether to disable OOM Killer for the container or not. + +**-P**, **--publish-all**=*true*|*false* + Publish all exposed ports to random ports on the host interfaces. The default is *false*. + +**-p**, **--publish**=[] + Publish a container's port, or a range of ports, to the host + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort + Both hostPort and containerPort can be specified as a range of ports. + When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) + (use 'docker port' to see the actual mapping) + +**--pid**=host + Set the PID mode for the container + **host**: use the host's PID namespace inside the container. + Note: the host mode gives the container full access to local PID and is therefore considered insecure. + +**--uts**=host + Set the UTS mode for the container + **host**: use the host's UTS namespace inside the container. + Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. + +**--privileged**=*true*|*false* + Give extended privileges to this container. The default is *false*. + +**--read-only**=*true*|*false* + Mount the container's root filesystem as read only. + +**--restart**="no" + Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + +**--security-opt**=[] + Security Options + +**-t**, **--tty**=*true*|*false* + Allocate a pseudo-TTY. The default is *false*. + +**-u**, **--user**="" + Username or UID + +**-v**, **--volume**=[] + Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) + +**--volumes-from**=[] + Mount volumes from the specified container(s) + +**-w**, **--workdir**="" + Working directory inside the container + +# HISTORY +August 2014, updated by Sven Dowideit +September 2014, updated by Sven Dowideit +November 2014, updated by Sven Dowideit diff --git a/man/docker-diff.1.md b/man/docker-diff.1.md new file mode 100644 index 0000000000..6c6c502533 --- /dev/null +++ b/man/docker-diff.1.md @@ -0,0 +1,49 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-diff - Inspect changes on a container's filesystem + +# SYNOPSIS +**docker diff** +[**--help**] +CONTAINER + +# DESCRIPTION +Inspect changes on a container's filesystem. You can use the full or +shortened container ID or the container name set using +**docker run --name** option. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES +Inspect the changes to on a nginx container: + + # docker diff 1fdfd1f54c1b + C /dev + C /dev/console + C /dev/core + C /dev/stdout + C /dev/fd + C /dev/ptmx + C /dev/stderr + C /dev/stdin + C /run + A /run/nginx.pid + C /var/lib/nginx/tmp + A /var/lib/nginx/tmp/client_body + A /var/lib/nginx/tmp/fastcgi + A /var/lib/nginx/tmp/proxy + A /var/lib/nginx/tmp/scgi + A /var/lib/nginx/tmp/uwsgi + C /var/log/nginx + A /var/log/nginx/access.log + A /var/log/nginx/error.log + + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-events.1.md b/man/docker-events.1.md new file mode 100644 index 0000000000..f854bbc1ad --- /dev/null +++ b/man/docker-events.1.md @@ -0,0 +1,86 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-events - Get real time events from the server + +# SYNOPSIS +**docker events** +[**--help**] +[**-f**|**--filter**[=*[]*]] +[**--since**[=*SINCE*]] +[**--until**[=*UNTIL*]] + + +# DESCRIPTION +Get event information from the Docker daemon. Information can include historical +information and real-time information. + +Docker containers will report the following events: + + create, destroy, die, export, kill, pause, restart, start, stop, unpause + +and Docker images will report: + + untag, delete + +# OPTIONS +**--help** + Print usage statement + +**-f**, **--filter**=[] + Provide filter values (i.e., 'event=stop') + +**--since**="" + Show all events created since timestamp + +**--until**="" + Stream events until this timestamp + +You can specify `--since` and `--until` parameters as an RFC 3339 date, +a UNIX timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Docker computes +the date relative to the client machine’s time. + +# EXAMPLES + +## Listening for Docker events + +After running docker events a container 786d698004576 is started and stopped +(The container name has been shortened in the output below): + + # docker events + 2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) start + 2015-01-28T20:21:31.000000000-08:00 59211849bc10: (from whenry/testimage:latest) die + 2015-01-28T20:21:32.000000000-08:00 59211849bc10: (from whenry/testimage:latest) stop + +## Listening for events since a given date +Again the output container IDs have been shortened for the purposes of this document: + + # docker events --since '2015-01-28' + 2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create + 2015-01-28T20:25:38.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start + 2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) create + 2015-01-28T20:25:39.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start + 2015-01-28T20:25:40.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die + 2015-01-28T20:25:42.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop + 2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) start + 2015-01-28T20:25:45.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) die + 2015-01-28T20:25:46.000000000-08:00 c21f6c22ba27: (from whenry/testimage:latest) stop + +The following example outputs all events that were generated in the last 3 minutes, +relative to the current time on the client machine: + + # docker events --since '3m' + 2015-05-12T11:51:30.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die + 2015-05-12T15:52:12.999999999Z07:00 4 4386fb97867d: (from ubuntu-1:14.04) stop + 2015-05-12T15:53:45.999999999Z07:00 7805c1d35632: (from redis:2.8) die + 2015-05-12T15:54:03.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + +If you do not provide the --since option, the command returns only new and/or +live events. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +June 2015, updated by Brian Goff diff --git a/man/docker-exec.1.md b/man/docker-exec.1.md new file mode 100644 index 0000000000..c1de7b59ed --- /dev/null +++ b/man/docker-exec.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-exec - Run a command in a running container + +# SYNOPSIS +**docker exec** +[**-d**|**--detach**[=*false*]] +[**--help**] +[**-i**|**--interactive**[=*false*]] +[**-t**|**--tty**[=*false*]] +[**-u**|**--user**[=*USER*]] +CONTAINER COMMAND [ARG...] + +# DESCRIPTION + +Run a process in a running container. + +The command started using `docker exec` will only run while the container's primary +process (`PID 1`) is running, and will not be restarted if the container is restarted. + +If the container is paused, then the `docker exec` command will wait until the +container is unpaused, and then run + +# OPTIONS +**-d**, **--detach**=*true*|*false* + Detached mode: run command in the background. The default is *false*. + +**--help** + Print usage statement + +**-i**, **--interactive**=*true*|*false* + Keep STDIN open even if not attached. The default is *false*. + +**-t**, **--tty**=*true*|*false* + Allocate a pseudo-TTY. The default is *false*. + +**-u**, **--user**="" + Sets the username or UID used and optionally the groupname or GID for the specified command. + + The followings examples are all valid: + --user [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Without this argument the command will be run as root in the container. + +The **-t** option is incompatible with a redirection of the docker client +standard input. + +# HISTORY +November 2014, updated by Sven Dowideit diff --git a/man/docker-export.1.md b/man/docker-export.1.md new file mode 100644 index 0000000000..0bc71ad89f --- /dev/null +++ b/man/docker-export.1.md @@ -0,0 +1,44 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-export - Export the contents of a filesystem as a tar archive to STDOUT + +# SYNOPSIS +**docker export** +[**--help**] +CONTAINER + +# DESCRIPTION +Export the contents of a container's filesystem using the full or shortened +container ID or container name. The output is exported to STDOUT and can be +redirected to a tar file. + +Stream to a file instead of STDOUT by using **-o**. + +# OPTIONS +**--help** + Print usage statement +**-o**, **--output**="" + Write to a file, instead of STDOUT + +# EXAMPLES +Export the contents of the container called angry_bell to a tar file +called angry_bell.tar: + + # docker export angry_bell > angry_bell.tar + # docker export --output=angry_bell-latest.tar angry_bell + # ls -sh angry_bell.tar + 321M angry_bell.tar + # ls -sh angry_bell-latest.tar + 321M angry_bell-latest.tar + +# See also +**docker-import(1)** to create an empty filesystem image +and import the contents of the tarball into it, then optionally tag it. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +January 2015, updated by Joseph Kern (josephakern at gmail dot com) diff --git a/man/docker-history.1.md b/man/docker-history.1.md new file mode 100644 index 0000000000..268e378d06 --- /dev/null +++ b/man/docker-history.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-history - Show the history of an image + +# SYNOPSIS +**docker history** +[**--help**] +[**--no-trunc**[=*false*]] +[**-q**|**--quiet**[=*false*]] +IMAGE + +# DESCRIPTION + +Show the history of when and how an image was created. + +# OPTIONS +**--help** + Print usage statement + +**-H**. **--human**=*true*|*false* + Print sizes and dates in human readable format. The default is *true*. + +**--no-trunc**=*true*|*false* + Don't truncate output. The default is *false*. + +**-q**, **--quiet**=*true*|*false* + Only show numeric IDs. The default is *false*. + +# EXAMPLES + $ docker history fedora + IMAGE CREATED CREATED BY SIZE COMMENT + 105182bb5e8b 5 days ago /bin/sh -c #(nop) ADD file:71356d2ad59aa3119d 372.7 MB + 73bd853d2ea5 13 days ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B + 511136ea3c5a 10 months ago 0 B Imported from - + +## Display comments in the image history +The `docker commit` command has a **-m** flag for adding comments to the image. These comments will be displayed in the image history. + + $ sudo docker history docker:scm + IMAGE CREATED CREATED BY SIZE COMMENT + 2ac9d1098bf1 3 months ago /bin/bash 241.4 MB Added Apache to Fedora base image + 88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB + c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B + 511136ea3c5a 19 months ago 0 B Imported from - + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-images.1.md b/man/docker-images.1.md new file mode 100644 index 0000000000..16dd864767 --- /dev/null +++ b/man/docker-images.1.md @@ -0,0 +1,84 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-images - List images + +# SYNOPSIS +**docker images** +[**--help**] +[**-a**|**--all**[=*false*]] +[**--digests**[=*false*]] +[**-f**|**--filter**[=*[]*]] +[**--no-trunc**[=*false*]] +[**-q**|**--quiet**[=*false*]] +[REPOSITORY] + +# DESCRIPTION +This command lists the images stored in the local Docker repository. + +By default, intermediate images, used during builds, are not listed. Some of the +output, e.g., image ID, is truncated, for space reasons. However the truncated +image ID, and often the first few characters, are enough to be used in other +Docker commands that use the image ID. The output includes repository, tag, image +ID, date created and the virtual size. + +The title REPOSITORY for the first title may seem confusing. It is essentially +the image name. However, because you can tag a specific image, and multiple tags +(image instances) can be associated with a single name, the name is really a +repository for all tagged images of the same name. For example consider an image +called fedora. It may be tagged with 18, 19, or 20, etc. to manage different +versions. + +# OPTIONS +**-a**, **--all**=*true*|*false* + Show all images (by default filter out the intermediate image layers). The default is *false*. + +**--digests**=*true*|*false* + Show image digests. The default is *false*. + +**-f**, **--filter**=[] + Filters the output. The dangling=true filter finds unused images. While label=com.foo=amd64 filters for images with a com.foo value of amd64. The label=com.foo filter finds images with the label com.foo of any value. + +**--help** + Print usage statement + +**--no-trunc**=*true*|*false* + Don't truncate output. The default is *false*. + +**-q**, **--quiet**=*true*|*false* + Only show numeric IDs. The default is *false*. + +# EXAMPLES + +## Listing the images + +To list the images in a local repository (not the registry) run: + + docker images + +The list will contain the image repository name, a tag for the image, and an +image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, +IMAGE ID, CREATED, and VIRTUAL SIZE. + +To get a verbose list of images which contains all the intermediate images +used in builds use **-a**: + + docker images -a + +Previously, the docker images command supported the --tree and --dot arguments, +which displayed different visualizations of the image data. Docker core removed +this functionality in the 1.7 version. If you liked this functionality, you can +still find it in the third-party dockviz tool: https://github.com/justone/dockviz. + +## Listing only the shortened image IDs + +Listing just the shortened image IDs. This can be useful for some automated +tools. + + docker images -q + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-import.1.md b/man/docker-import.1.md new file mode 100644 index 0000000000..b45bf5d4c6 --- /dev/null +++ b/man/docker-import.1.md @@ -0,0 +1,59 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-import - Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. + +# SYNOPSIS +**docker import** +[**-c**|**--change**[= []**]] +[**--help**] +URL|- [REPOSITORY[:TAG]] + +# OPTIONS +**-c**, **--change**=[] + Apply specified Dockerfile instructions while importing the image + Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` + +# DESCRIPTION +Create a new filesystem image from the contents of a tarball (`.tar`, +`.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + +## Import from a remote location + + # docker import http://example.com/exampleimage.tgz example/imagerepo + +## Import from a local file + +Import to docker via pipe and stdin: + + # cat exampleimage.tgz | docker import - example/imagelocal + +## Import from a local file and tag + +Import to docker via pipe and stdin: + + # cat exampleimageV2.tgz | docker import - example/imagelocal:V-2.0 + +## Import from a local directory + + # tar -c . | docker import - exampleimagedir + +## Apply specified Dockerfile instructions while importing the image +This example sets the docker image ENV variable DEBUG to true by default. + + # tar -c . | docker import -c="ENV DEBUG true" - exampleimagedir + +# See also +**docker-export(1)** to export the contents of a filesystem as a tar archive to STDOUT. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-info.1.md b/man/docker-info.1.md new file mode 100644 index 0000000000..a3bbd79828 --- /dev/null +++ b/man/docker-info.1.md @@ -0,0 +1,49 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-info - Display system-wide information + +# SYNOPSIS +**docker info** +[**--help**] + + +# DESCRIPTION +This command displays system wide information regarding the Docker installation. +Information displayed includes the number of containers and images, pool name, +data file, metadata file, data space used, total data space, metadata space used +, total metadata space, execution driver, and the kernel version. + +The data file is where the images are stored and the metadata file is where the +meta data regarding those images are stored. When run for the first time Docker +allocates a certain amount of data space and meta data space from the space +available on the volume where `/var/lib/docker` is mounted. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + +## Display Docker system information + +Here is a sample output: + + # docker info + Containers: 14 + Images: 52 + Storage Driver: aufs + Root Dir: /var/lib/docker/aufs + Dirs: 80 + Execution Driver: native-0.2 + Logging Driver: json-file + Kernel Version: 3.13.0-24-generic + Operating System: Ubuntu 14.04 LTS + CPUs: 1 + Total Memory: 2 GiB + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md new file mode 100644 index 0000000000..a8a2d8f493 --- /dev/null +++ b/man/docker-inspect.1.md @@ -0,0 +1,267 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-inspect - Return low-level information on a container or image + +# SYNOPSIS +**docker inspect** +[**--help**] +[**-f**|**--format**[=*FORMAT*]] +CONTAINER|IMAGE [CONTAINER|IMAGE...] + +# DESCRIPTION + +This displays all the information available in Docker for a given +container or image. By default, this will render all results in a JSON +array. If a format is specified, the given template will be executed for +each result. + +# OPTIONS +**--help** + Print usage statement + +**-f**, **--format**="" + Format the output using the given go template. + +# EXAMPLES + +## Getting information on a container + +To get information on a container use its ID or instance name: + + $ docker inspect 1eb5fabf5a03 + [{ + "AppArmorProfile": "", + "Args": [], + "Config": { + "AttachStderr": false, + "AttachStdin": false, + "AttachStdout": false, + "Cmd": [ + "/usr/sbin/nginx" + ], + "Domainname": "", + "Entrypoint": null, + "Env": [ + "HOME=/", + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "ExposedPorts": { + "80/tcp": {} + }, + "Hostname": "1eb5fabf5a03", + "Image": "summit/nginx", + "Labels": { + "com.example.vendor": "Acme", + "com.example.license": "GPL", + "com.example.version": "1.0" + }, + "MacAddress": "", + "NetworkDisabled": false, + "OnBuild": null, + "OpenStdin": false, + "StdinOnce": false, + "Tty": true, + "User": "", + "Volumes": null, + "WorkingDir": "", + }, + "Created": "2014-04-04T21:33:52.02361335Z", + "Driver": "devicemapper", + "ExecDriver": "native-0.1", + "ExecIDs": null, + "HostConfig": { + "Binds": null, + "CapAdd": null, + "CapDrop": null, + "CgroupParent": "", + "ContainerIDFile": "", + "CpuShares": 512, + "CpusetCpus": "0,1", + "CpusetMems": "", + "Devices": [], + "Dns": null, + "DnsSearch": null, + "ExtraHosts": null, + "IpcMode": "", + "Links": null, + "LogConfig": { + "Config": null, + "Type": "json-file" + }, + "LxcConf": null, + "Memory": 16777216, + "MemorySwap": -1, + "NetworkMode": "", + "PidMode": "", + "PortBindings": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "80" + } + ] + }, + "Privileged": false, + "PublishAllPorts": false, + "ReadonlyRootfs": false, + "RestartPolicy": { + "MaximumRetryCount": 0, + "Name": "" + }, + "SecurityOpt": null, + "Ulimits": null, + "VolumesFrom": null + } + "HostnamePath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hostname", + "HostsPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/hosts", + "ID": "1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b", + "Image": "df53773a4390e25936f9fd3739e0c0e60a62d024ea7b669282b27e65ae8458e6", + "LogPath": "/var/lib/docker/containers/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b/1eb5fabf5a03807136561b3c00adcd2992b535d624d5e18b6cdc6a6844d9767b-json.log", + "MountLabel": "", + "Name": "/ecstatic_ptolemy", + "NetworkSettings": { + "Bridge": "docker0", + "Gateway": "172.17.42.1", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "IPAddress": "172.17.0.2", + "IPPrefixLen": 16, + "IPv6Gateway": "", + "LinkLocalIPv6Address": "", + "LinkLocalIPv6PrefixLen": 0, + "MacAddress": "", + "PortMapping": null, + "Ports": { + "80/tcp": [ + { + "HostIp": "0.0.0.0", + "HostPort": "80" + } + ] + } + }, + "Path": "/usr/sbin/nginx", + "ProcessLabel": "", + "ResolvConfPath": "/etc/resolv.conf", + "RestartCount": 0, + "State": { + "Dead": false, + "Error": "", + "ExitCode": 0, + "FinishedAt": "0001-01-01T00:00:00Z", + "OOMKilled": false, + "Paused": false, + "Pid": 858, + "Restarting": false, + "Running": true, + "StartedAt": "2014-04-04T21:33:54.16259207Z", + }, + "Volumes": {}, + "VolumesRW": {}, + } + +## Getting the IP address of a container instance + +To get the IP address of a container use: + + $ docker inspect --format='{{.NetworkSettings.IPAddress}}' 1eb5fabf5a03 + 172.17.0.2 + +## Listing all port bindings + +One can loop over arrays and maps in the results to produce simple text +output: + + $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} \ + {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' 1eb5fabf5a03 + 80/tcp -> 80 + +You can get more information about how to write a go template from: +http://golang.org/pkg/text/template/. + +## Getting information on an image + +Use an image's ID or name (e.g., repository/name[:tag]) to get information +on it. + + $ docker inspect fc1203419df2 + [{ + "Architecture": "amd64", + "Author": "", + "Comment": "", + "Config": { + "AttachStderr": false, + "AttachStdin": false, + "AttachStdout": false, + "Cmd": [ + "make", + "direct-test" + ], + "Domainname": "", + "Entrypoint": [ + "/dind" + ], + "Env": [ + "PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + ], + "ExposedPorts": null, + "Hostname": "242978536a06", + "Image": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a", + "Labels": {}, + "MacAddress": "", + "NetworkDisabled": false, + "OnBuild": [], + "OpenStdin": false, + "StdinOnce": false, + "Tty": false, + "User": "", + "Volumes": null, + "WorkingDir": "/go/src/github.com/docker/libcontainer" + }, + "Container": "1c00417f3812a96d3ebc29e7fdee69f3d586d703ab89c8233fd4678d50707b39", + "ContainerConfig": { + "AttachStderr": false, + "AttachStdin": false, + "AttachStdout": false, + "Cmd": [ + "/bin/sh", + "-c", + "#(nop) CMD [\"make\" \"direct-test\"]" + ], + "Domainname": "", + "Entrypoint": [ + "/dind" + ], + "Env": [ + "PATH=/go/bin:/usr/src/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + ], + "ExposedPorts": null, + "Hostname": "242978536a06", + "Image": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a", + "Labels": {}, + "MacAddress": "", + "NetworkDisabled": false, + "OnBuild": [], + "OpenStdin": false, + "StdinOnce": false, + "Tty": false, + "User": "", + "Volumes": null, + "WorkingDir": "/go/src/github.com/docker/libcontainer" + }, + "Created": "2015-04-07T05:34:39.079489206Z", + "DockerVersion": "1.5.0-dev", + "Id": "fc1203419df26ca82cad1dd04c709cb1b8a8a947bd5bcbdfbef8241a76f031db", + "Os": "linux", + "Parent": "c2b774c744afc5bea603b5e6c5218539e506649326de3ea0135182f299d0519a", + "Size": 0, + "VirtualSize": 613136466 + }] + +# HISTORY +April 2014, originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Qiang Huang diff --git a/man/docker-kill.1.md b/man/docker-kill.1.md new file mode 100644 index 0000000000..cfab3f8e42 --- /dev/null +++ b/man/docker-kill.1.md @@ -0,0 +1,28 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-kill - Kill a running container using SIGKILL or a specified signal + +# SYNOPSIS +**docker kill** +[**--help**] +[**-s**|**--signal**[=*"KILL"*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +The main process inside each container specified will be sent SIGKILL, + or any signal specified with option --signal. + +# OPTIONS +**--help** + Print usage statement + +**-s**, **--signal**="KILL" + Signal to send to the container + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) + based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-load.1.md b/man/docker-load.1.md new file mode 100644 index 0000000000..c045443689 --- /dev/null +++ b/man/docker-load.1.md @@ -0,0 +1,45 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-load - Load an image from a tar archive on STDIN + +# SYNOPSIS +**docker load** +[**--help**] +[**-i**|**--input**[=*INPUT*]] + + +# DESCRIPTION + +Loads a tarred repository from a file or the standard input stream. +Restores both images and tags. + +# OPTIONS +**--help** + Print usage statement + +**-i**, **--input**="" + Read from a tar archive file, instead of STDIN + +# EXAMPLES + + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + $ docker load --input fedora.tar + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + busybox latest 769b9341d937 7 weeks ago 2.489 MB + fedora rawhide 0d20aec6529d 7 weeks ago 387 MB + fedora 20 58394af37342 7 weeks ago 385.5 MB + fedora heisenbug 58394af37342 7 weeks ago 385.5 MB + fedora latest 58394af37342 7 weeks ago 385.5 MB + +# See also +**docker-save(1)** to save an image(s) to a tar archive (streamed to STDOUT by default). + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-login.1.md b/man/docker-login.1.md new file mode 100644 index 0000000000..87ad31b703 --- /dev/null +++ b/man/docker-login.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-login - Register or log in to a Docker registry. + +# SYNOPSIS +**docker login** +[**-e**|**--email**[=*EMAIL*]] +[**--help**] +[**-p**|**--password**[=*PASSWORD*]] +[**-u**|**--username**[=*USERNAME*]] +[SERVER] + +# DESCRIPTION +Register or log in to a Docker Registry located on the specified +`SERVER`. You can specify a URL or a `hostname` for the `SERVER` value. If you +do not specify a `SERVER`, the command uses Docker's public registry located at +`https://registry-1.docker.io/` by default. To get a username/password for Docker's public registry, create an account on Docker Hub. + +You can log into any public or private repository for which you have +credentials. When you log in, the command stores encoded credentials in +`$HOME/.dockercfg` on Linux or `%USERPROFILE%/.dockercfg` on Windows. + +# OPTIONS +**-e**, **--email**="" + Email + +**--help** + Print usage statement + +**-p**, **--password**="" + Password + +**-u**, **--username**="" + Username + +# EXAMPLES + +## Login to a registry on your localhost + + # docker login localhost:8080 + +# See also +**docker-logout(1)** to log out from a Docker registry. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 diff --git a/man/docker-logout.1.md b/man/docker-logout.1.md new file mode 100644 index 0000000000..3726fd66ca --- /dev/null +++ b/man/docker-logout.1.md @@ -0,0 +1,32 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-logout - Log out from a Docker Registry. + +# SYNOPSIS +**docker logout** +[SERVER] + +# DESCRIPTION +Log out of a Docker Registry located on the specified `SERVER`. You can +specify a URL or a `hostname` for the `SERVER` value. If you do not specify a +`SERVER`, the command attempts to log you out of Docker's public registry +located at `https://registry-1.docker.io/` by default. + +# OPTIONS +There are no available options. + +# EXAMPLES + +## Log out from a registry on your localhost + + # docker logout localhost:8080 + +# See also +**docker-login(1)** to register or log in to a Docker registry server. + +# HISTORY +June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io) +July 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 diff --git a/man/docker-logs.1.md b/man/docker-logs.1.md new file mode 100644 index 0000000000..8ecc20df24 --- /dev/null +++ b/man/docker-logs.1.md @@ -0,0 +1,55 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-logs - Fetch the logs of a container + +# SYNOPSIS +**docker logs** +[**-f**|**--follow**[=*false*]] +[**--help**] +[**--since**[=*SINCE*]] +[**-t**|**--timestamps**[=*false*]] +[**--tail**[=*"all"*]] +CONTAINER + +# DESCRIPTION +The **docker logs** command batch-retrieves whatever logs are present for +a container at the time of execution. This does not guarantee execution +order when combined with a docker run (i.e., your run may not have generated +any logs at the time you execute docker logs). + +The **docker logs --follow** command combines commands **docker logs** and +**docker attach**. It will first return all logs from the beginning and +then continue streaming new output from the container’s stdout and stderr. + +**Warning**: This command works only for **json-file** logging driver. + +# OPTIONS +**--help** + Print usage statement + +**-f**, **--follow**=*true*|*false* + Follow log output. The default is *false*. + +**--since**="" + Show logs since timestamp + +**-t**, **--timestamps**=*true*|*false* + Show timestamps. The default is *false*. + +**--tail**="all" + Output the specified number of lines at the end of logs (defaults to all logs) + +The `--since` option shows only the container logs generated after +a given date. You can specify the date as an RFC 3339 date, a UNIX +timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Docker computes +the date relative to the client machine’s time. You can combine +the `--since` option with either or both of the `--follow` or `--tail` options. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit +April 2015, updated by Ahmet Alp Balkan diff --git a/man/docker-pause.1.md b/man/docker-pause.1.md new file mode 100644 index 0000000000..5d2267af62 --- /dev/null +++ b/man/docker-pause.1.md @@ -0,0 +1,30 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-pause - Pause all processes within a container + +# SYNOPSIS +**docker pause** +CONTAINER [CONTAINER...] + +# DESCRIPTION + +The `docker pause` command uses the cgroups freezer to suspend all processes in +a container. Traditionally when suspending a process the `SIGSTOP` signal is +used, which is observable by the process being suspended. With the cgroups freezer +the process is unaware, and unable to capture, that it is being suspended, +and subsequently resumed. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +further details. + +# OPTIONS +There are no available options. + +# See also +**docker-unpause(1)** to unpause all processes within a container. + +# HISTORY +June 2014, updated by Sven Dowideit diff --git a/man/docker-port.1.md b/man/docker-port.1.md new file mode 100644 index 0000000000..83e9cf93b6 --- /dev/null +++ b/man/docker-port.1.md @@ -0,0 +1,47 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-port - List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT + +# SYNOPSIS +**docker port** +[**--help**] +CONTAINER [PRIVATE_PORT[/PROTO]] + +# DESCRIPTION +List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + + # docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test + +## Find out all the ports mapped + + # docker port test + 7890/tcp -> 0.0.0.0:4321 + 9876/tcp -> 0.0.0.0:1234 + +## Find out a specific mapping + + # docker port test 7890/tcp + 0.0.0.0:4321 + + # docker port test 7890 + 0.0.0.0:4321 + +## An example showing error for non-existent mapping + + # docker port test 7890/udp + 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +June 2014, updated by Sven Dowideit +November 2014, updated by Sven Dowideit diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md new file mode 100644 index 0000000000..6c7b18ee34 --- /dev/null +++ b/man/docker-ps.1.md @@ -0,0 +1,91 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% FEBRUARY 2015 +# NAME +docker-ps - List containers + +# SYNOPSIS +**docker ps** +[**-a**|**--all**[=*false*]] +[**--before**[=*BEFORE*]] +[**--help**] +[**-f**|**--filter**[=*[]*]] +[**-l**|**--latest**[=*false*]] +[**-n**[=*-1*]] +[**--no-trunc**[=*false*]] +[**-q**|**--quiet**[=*false*]] +[**-s**|**--size**[=*false*]] +[**--since**[=*SINCE*]] + + +# DESCRIPTION + +List the containers in the local repository. By default this show only +the running containers. + +# OPTIONS +**-a**, **--all**=*true*|*false* + Show all containers. Only running containers are shown by default. The default is *false*. + +**--before**="" + Show only container created before Id or Name, include non-running ones. + +**--help** + Print usage statement + +**-f**, **--filter**=[] + Provide filter values. Valid filters: + exited= - containers with exit code of + label= or label== + status=(created|restarting|running|paused|exited) + name= - container's name + id= - container's ID + +**-l**, **--latest**=*true*|*false* + Show only the latest created container, include non-running ones. The default is *false*. + +**-n**=-1 + Show n last created containers, include non-running ones. + +**--no-trunc**=*true*|*false* + Don't truncate output. The default is *false*. + +**-q**, **--quiet**=*true*|*false* + Only display numeric IDs. The default is *false*. + +**-s**, **--size**=*true*|*false* + Display total file sizes. The default is *false*. + +**--since**="" + Show only containers created since Id or Name, include non-running ones. + +# EXAMPLES +# Display all containers, including non-running + + # docker ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + a87ecb4f327c fedora:20 /bin/sh -c #(nop) MA 20 minutes ago Exit 0 desperate_brattain + 01946d9d34d8 vpavlin/rhel7:latest /bin/sh -c #(nop) MA 33 minutes ago Exit 0 thirsty_bell + c1d3b0166030 acffc0358b9e /bin/sh -c yum -y up 2 weeks ago Exit 1 determined_torvalds + 41d50ecd2f57 fedora:20 /bin/sh -c #(nop) MA 2 weeks ago Exit 0 drunk_pike + +# Display only IDs of all containers, including non-running + + # docker ps -a -q + a87ecb4f327c + 01946d9d34d8 + c1d3b0166030 + 41d50ecd2f57 + +# Display only IDs of all containers that have the name `determined_torvalds` + + # docker ps -a -q --filter=name=determined_torvalds + c1d3b0166030 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +August 2014, updated by Sven Dowideit +November 2014, updated by Sven Dowideit +February 2015, updated by André Martins diff --git a/man/docker-pull.1.md b/man/docker-pull.1.md new file mode 100644 index 0000000000..30a949e81e --- /dev/null +++ b/man/docker-pull.1.md @@ -0,0 +1,73 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-pull - Pull an image or a repository from a registry + +# SYNOPSIS +**docker pull** +[**-a**|**--all-tags**[=*false*]] +[**--help**] +NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] + +# DESCRIPTION + +This command pulls down an image or a repository from a registry. If +there is more than one image for a repository (e.g., fedora) then all +images for that repository name are pulled down including any tags. + +If you do not specify a `REGISTRY_HOST`, the command uses Docker's public +registry located at `registry-1.docker.io` by default. + +# OPTIONS +**-a**, **--all-tags**=*true*|*false* + Download all tagged images in the repository. The default is *false*. +**--help** + Print usage statement + +# EXAMPLE + +# Pull a repository with multiple images +# Note that if the image is previously downloaded then the status would be +# 'Status: Image is up to date for fedora' + + $ docker pull fedora + Pulling repository fedora + ad57ef8d78d7: Download complete + 105182bb5e8b: Download complete + 511136ea3c5a: Download complete + 73bd853d2ea5: Download complete + + Status: Downloaded newer image for fedora + + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB + fedora 20 105182bb5e8b 5 days ago 372.7 MB + fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB + fedora latest 105182bb5e8b 5 days ago 372.7 MB + +# Pull an image, manually specifying path to Docker's public registry and tag +# Note that if the image is previously downloaded then the status would be +# 'Status: Image is up to date for registry.hub.docker.com/fedora:20' + + $ docker pull registry.hub.docker.com/fedora:20 + Pulling repository fedora + 3f2fed40e4b0: Download complete + 511136ea3c5a: Download complete + fd241224e9cf: Download complete + + Status: Downloaded newer image for registry.hub.docker.com/fedora:20 + + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + fedora 20 3f2fed40e4b0 4 days ago 372.7 MB + + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +August 2014, updated by Sven Dowideit +April 2015, updated by John Willis +April 2015, updated by Mary Anthony for v2 diff --git a/man/docker-push.1.md b/man/docker-push.1.md new file mode 100644 index 0000000000..b51bf5d281 --- /dev/null +++ b/man/docker-push.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-push - Push an image or a repository to a registry + +# SYNOPSIS +**docker push** +[**--help**] +NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] + +# DESCRIPTION + +This command pushes an image or a repository to a registry. If you do not +specify a `REGISTRY_HOST`, the command uses Docker's public registry located at +`registry-1.docker.io` by default. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + +# Pushing a new image to a registry + +First save the new image by finding the container ID (using **docker ps**) +and then committing it to a new image name: + + # docker commit c16378f943fe rhel-httpd + +Now, push the image to the registry using the image ID. In this example the +registry is on host named `registry-host` and listening on port `5000`. To do +this, tag the image with the host name or IP address, and the port of the +registry: + + # docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd + # docker push registry-host:5000/myadmin/rhel-httpd + +Check that this worked by running: + + # docker images + +You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` +listed. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 + diff --git a/man/docker-rename.1.md b/man/docker-rename.1.md new file mode 100644 index 0000000000..f741a15b47 --- /dev/null +++ b/man/docker-rename.1.md @@ -0,0 +1,13 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCTOBER 2014 +# NAME +docker-rename - Rename a container + +# SYNOPSIS +**docker rename** +OLD_NAME NEW_NAME + +# OPTIONS +There are no available options. + diff --git a/man/docker-restart.1.md b/man/docker-restart.1.md new file mode 100644 index 0000000000..77f99d51a6 --- /dev/null +++ b/man/docker-restart.1.md @@ -0,0 +1,26 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-restart - Restart a running container + +# SYNOPSIS +**docker restart** +[**--help**] +[**-t**|**--time**[=*10*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION +Restart each container listed. + +# OPTIONS +**--help** + Print usage statement + +**-t**, **--time**=10 + Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-rm.1.md b/man/docker-rm.1.md new file mode 100644 index 0000000000..82850a395a --- /dev/null +++ b/man/docker-rm.1.md @@ -0,0 +1,56 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-rm - Remove one or more containers + +# SYNOPSIS +**docker rm** +[**-f**|**--force**[=*false*]] +[**-l**|**--link**[=*false*]] +[**-v**|**--volumes**[=*false*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +**docker rm** will remove one or more containers from the host node. The +container name or ID can be used. This does not remove images. You cannot +remove a running container unless you use the \fB-f\fR option. To see all +containers on a host use the **docker ps -a** command. + +# OPTIONS +**--help** + Print usage statement + +**-f**, **--force**=*true*|*false* + Force the removal of a running container (uses SIGKILL). The default is *false*. + +**-l**, **--link**=*true*|*false* + Remove the specified link and not the underlying container. The default is *false*. + +**-v**, **--volumes**=*true*|*false* + Remove the volumes associated with the container. The default is *false*. + +# EXAMPLES + +##Removing a container using its ID## + +To remove a container using its ID, find either from a **docker ps -a** +command, or use the ID returned from the **docker run** command, or retrieve +it from a file used to store it using the **docker run --cidfile**: + + docker rm abebf7571666 + +##Removing a container using the container name## + +The name of the container can be found using the **docker ps -a** +command. The use that name as follows: + + docker rm hopeful_morse + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit +August 2014, updated by Sven Dowideit diff --git a/man/docker-rmi.1.md b/man/docker-rmi.1.md new file mode 100644 index 0000000000..c288a4e85c --- /dev/null +++ b/man/docker-rmi.1.md @@ -0,0 +1,42 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-rmi - Remove one or more images + +# SYNOPSIS +**docker rmi** +[**-f**|**--force**[=*false*]] +[**--help**] +[**--no-prune**[=*false*]] +IMAGE [IMAGE...] + +# DESCRIPTION + +Removes one or more images from the host node. This does not remove images from +a registry. You cannot remove an image of a running container unless you use the +**-f** option. To see all images on a host use the **docker images** command. + +# OPTIONS +**-f**, **--force**=*true*|*false* + Force removal of the image. The default is *false*. + +**--help** + Print usage statement + +**--no-prune**=*true*|*false* + Do not delete untagged parents. The default is *false*. + +# EXAMPLES + +## Removing an image + +Here is an example of removing and image: + + docker rmi fedora/httpd + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 diff --git a/man/docker-run.1.md b/man/docker-run.1.md new file mode 100644 index 0000000000..3c75443491 --- /dev/null +++ b/man/docker-run.1.md @@ -0,0 +1,658 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-run - Run a command in a new container + +# SYNOPSIS +**docker run** +[**-a**|**--attach**[=*[]*]] +[**--add-host**[=*[]*]] +[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**-c**|**--cpu-shares**[=*0*]] +[**--cap-add**[=*[]*]] +[**--cap-drop**[=*[]*]] +[**--cidfile**[=*CIDFILE*]] +[**--cpu-period**[=*0*]] +[**--cpuset-cpus**[=*CPUSET-CPUS*]] +[**--cpuset-mems**[=*CPUSET-MEMS*]] +[**-d**|**--detach**[=*false*]] +[**--cpu-quota**[=*0*]] +[**--device**[=*[]*]] +[**--dns-search**[=*[]*]] +[**--dns**[=*[]*]] +[**-e**|**--env**[=*[]*]] +[**--entrypoint**[=*ENTRYPOINT*]] +[**--env-file**[=*[]*]] +[**--expose**[=*[]*]] +[**-h**|**--hostname**[=*HOSTNAME*]] +[**--help**] +[**-i**|**--interactive**[=*false*]] +[**--ipc**[=*IPC*]] +[**-l**|**--label**[=*[]*]] +[**--label-file**[=*[]*]] +[**--link**[=*[]*]] +[**--lxc-conf**[=*[]*]] +[**--log-driver**[=*[]*]] +[**--log-opt**[=*[]*]] +[**-m**|**--memory**[=*MEMORY*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +[**--mac-address**[=*MAC-ADDRESS*]] +[**--name**[=*NAME*]] +[**--net**[=*"bridge"*]] +[**--oom-kill-disable**[=*false*]] +[**-P**|**--publish-all**[=*false*]] +[**-p**|**--publish**[=*[]*]] +[**--pid**[=*[]*]] +[**--uts**[=*[]*]] +[**--privileged**[=*false*]] +[**--read-only**[=*false*]] +[**--restart**[=*RESTART*]] +[**--rm**[=*false*]] +[**--security-opt**[=*[]*]] +[**--sig-proxy**[=*true*]] +[**-t**|**--tty**[=*false*]] +[**-u**|**--user**[=*USER*]] +[**-v**|**--volume**[=*[]*]] +[**--volumes-from**[=*[]*]] +[**-w**|**--workdir**[=*WORKDIR*]] +[**--cgroup-parent**[=*CGROUP-PATH*]] +IMAGE [COMMAND] [ARG...] + +# DESCRIPTION + +Run a process in a new container. **docker run** starts a process with its own +file system, its own networking, and its own isolated process tree. The IMAGE +which starts the process may define defaults related to the process that will be +run in the container, the networking to expose, and more, but **docker run** +gives final control to the operator or administrator who starts the container +from the image. For that reason **docker run** has more options than any other +Docker command. + +If the IMAGE is not already loaded then **docker run** will pull the IMAGE, and +all image dependencies, from the repository in the same way running **docker +pull** IMAGE, before it starts the container from that image. + +# OPTIONS +**-a**, **--attach**=[] + Attach to STDIN, STDOUT or STDERR. + + In foreground mode (the default when **-d** +is not specified), **docker run** can start the process in the container +and attach the console to the process’s standard input, output, and standard +error. It can even pretend to be a TTY (this is what most commandline +executables expect) and pass along signals. The **-a** option can be set for +each of stdin, stdout, and stderr. + +**--add-host**=[] + Add a custom host-to-IP mapping (host:ip) + + Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** +option can be set multiple times. + +**--blkio-weight**=0 + Block IO weight (relative weight) accepts a weight value between 10 and 1000. + +**-c**, **--cpu-shares**=0 + CPU shares (relative weight) + + By default, all containers get the same proportion of CPU cycles. This proportion +can be modified by changing the container's CPU share weighting relative +to the weighting of all other running containers. + +To modify the proportion from the default of 1024, use the **-c** or **--cpu-shares** +flag to set the weighting to 2 or higher. + +The proportion will only apply when CPU-intensive processes are running. +When tasks in one container are idle, other containers can use the +left-over CPU time. The actual amount of CPU time will vary depending on +the number of containers running on the system. + +For example, consider three containers, one has a cpu-share of 1024 and +two others have a cpu-share setting of 512. When processes in all three +containers attempt to use 100% of CPU, the first container would receive +50% of the total CPU time. If you add a fourth container with a cpu-share +of 1024, the first container only gets 33% of the CPU. The remaining containers +receive 16.5%, 16.5% and 33% of the CPU. + +On a multi-core system, the shares of CPU time are distributed over all CPU +cores. Even if a container is limited to less than 100% of CPU time, it can +use 100% of each individual CPU core. + +For example, consider a system with more than three cores. If you start one +container **{C0}** with **-c=512** running one process, and another container +**{C1}** with **-c=1024** running two processes, this can result in the following +division of CPU shares: + + PID container CPU CPU share + 100 {C0} 0 100% of CPU0 + 101 {C1} 1 100% of CPU1 + 102 {C1} 2 100% of CPU2 + +**--cap-add**=[] + Add Linux capabilities + +**--cap-drop**=[] + Drop Linux capabilities + +**--cgroup-parent**="" + Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. + +**--cidfile**="" + Write the container ID to the file + +**--cpu-period**=0 + Limit the CPU CFS (Completely Fair Scheduler) period + + Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify. + +**--cpuset-cpus**="" + CPUs in which to allow execution (0-3, 0,1) + +**--cpuset-mems**="" + Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. + + If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` +then processes in your Docker container will only use memory from the first +two memory nodes. + +**--cpu-quota**=0 + Limit the CPU CFS (Completely Fair Scheduler) quota + + Limit the container's CPU usage. By default, containers run with the full +CPU resource. This flag tell the kernel to restrict the container's CPU usage +to the quota you specify. + +**-d**, **--detach**=*true*|*false* + Detached mode: run the container in the background and print the new container ID. The default is *false*. + + At any time you can run **docker ps** in +the other shell to view a list of the running containers. You can reattach to a +detached container with **docker attach**. If you choose to run a container in +the detached mode, then you cannot use the **-rm** option. + + When attached in the tty mode, you can detach from a running container without +stopping the process by pressing the keys CTRL-P CTRL-Q. + +**--device**=[] + Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) + +**--dns-search**=[] + Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) + +**--dns**=[] + Set custom DNS servers + + This option can be used to override the DNS +configuration passed to the container. Typically this is necessary when the +host DNS configuration is invalid for the container (e.g., 127.0.0.1). When this +is the case the **--dns** flags is necessary for every run. + +**-e**, **--env**=[] + Set environment variables + + This option allows you to specify arbitrary +environment variables that are available for the process that will be launched +inside of the container. + +**--entrypoint**="" + Overwrite the default ENTRYPOINT of the image + + This option allows you to overwrite the default entrypoint of the image that +is set in the Dockerfile. The ENTRYPOINT of an image is similar to a COMMAND +because it specifies what executable to run when the container starts, but it is +(purposely) more difficult to override. The ENTRYPOINT gives a container its +default nature or behavior, so that when you set an ENTRYPOINT you can run the +container as if it were that binary, complete with default options, and you can +pass in more options via the COMMAND. But, sometimes an operator may want to run +something else inside the container, so you can override the default ENTRYPOINT +at runtime by using a **--entrypoint** and a string to specify the new +ENTRYPOINT. + +**--env-file**=[] + Read in a line delimited file of environment variables + +**--expose**=[] + Expose a port, or a range of ports (e.g. --expose=3300-3310), from the container without publishing it to your host + +**-h**, **--hostname**="" + Container host name + + Sets the container host name that is available inside the container. + +**--help** + Print usage statement + +**-i**, **--interactive**=*true*|*false* + Keep STDIN open even if not attached. The default is *false*. + + When set to true, keep stdin open even if not attached. The default is false. + +**--ipc**="" + Default is to create a private IPC namespace (POSIX SysV IPC) for the container + 'container:': reuses another container shared memory, semaphores and message queues + 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. + +**-l**, **--label**=[] + Set metadata on the container (e.g., --label com.example.key=value) + +**--label-file**=[] + Read in a line delimited file of labels + +**--link**=[] + Add link to another container in the form of :alias or just +in which case the alias will match the name + + If the operator +uses **--link** when starting the new client container, then the client +container can access the exposed port via a private networking interface. Docker +will set some environment variables in the client container to help indicate +which interface and port to use. + +**--lxc-conf**=[] + (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" + +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*none*" + Logging driver for container. Default is defined by daemon `--log-driver` flag. + **Warning**: `docker logs` command works only for `json-file` logging driver. + +**--log-opt**=[] + Logging driver specific options. + +**-m**, **--memory**="" + Memory limit (format: , where unit = b, k, m or g) + + Allows you to constrain the memory available to a container. If the host +supports swap memory, then the **-m** memory setting can be larger than physical +RAM. If a limit of 0 is specified (not using **-m**), the container's memory is +not limited. The actual limit may be rounded up to a multiple of the operating +system's page size (the value would be very large, that's millions of trillions). + +**--memory-swap**="" + Total memory limit (memory + swap) + + Set `-1` to disable swap (format: , where unit = b, k, m or g). +This value should always larger than **-m**, so you should always use this with **-m**. + +**--mac-address**="" + Container MAC address (e.g. 92:d0:c6:0a:29:33) + + Remember that the MAC address in an Ethernet network must be unique. +The IPv6 link-local address will be based on the device's MAC address +according to RFC4862. + +**--name**="" + Assign a name to the container + + The operator can identify a container in three ways: + UUID long identifier (“f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778”) + UUID short identifier (“f78375b1c487”) + Name (“jonah”) + + The UUID identifiers come from the Docker daemon, and if a name is not assigned +to the container with **--name** then the daemon will also generate a random +string name. The name is useful when defining links (see **--link**) (or any +other place you need to identify a container). This works for both background +and foreground Docker containers. + +**--net**="bridge" + Set the Network mode for the container + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + +**--oom-kill-disable**=*true*|*false* + Whether to disable OOM Killer for the container or not. + +**-P**, **--publish-all**=*true*|*false* + Publish all exposed ports to random ports on the host interfaces. The default is *false*. + + When set to true publish all exposed ports to the host interfaces. The +default is false. If the operator uses -P (or -p) then Docker will make the +exposed port accessible on the host and the ports will be available to any +client that can reach the host. When using -P, Docker will bind any exposed +port to a random port on the host within an *ephemeral port range* defined by +`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host +ports and the exposed ports, use `docker port`. + +**-p**, **--publish**=[] + Publish a container's port, or range of ports, to the host. + format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort + Both hostPort and containerPort can be specified as a range of ports. + When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) + (use 'docker port' to see the actual mapping) + +**--pid**=host + Set the PID mode for the container + **host**: use the host's PID namespace inside the container. + Note: the host mode gives the container full access to local PID and is therefore considered insecure. + +**--uts**=host + Set the UTS mode for the container + **host**: use the host's UTS namespace inside the container. + Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. + +**--privileged**=*true*|*false* + Give extended privileges to this container. The default is *false*. + + By default, Docker containers are +“unprivileged” (=false) and cannot, for example, run a Docker daemon inside the +Docker container. This is because by default a container is not allowed to +access any devices. A “privileged” container is given access to all devices. + + When the operator executes **docker run --privileged**, Docker will enable access +to all devices on the host as well as set some configuration in AppArmor to +allow the container nearly all the same access to the host as processes running +outside of a container on the host. + +**--read-only**=*true*|*false* + Mount the container's root filesystem as read only. + + By default a container will have its root filesystem writable allowing processes +to write files anywhere. By specifying the `--read-only` flag the container will have +its root filesystem mounted as read only prohibiting any writes. + +**--restart**="no" + Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + +**--rm**=*true*|*false* + Automatically remove the container when it exits (incompatible with -d). The default is *false*. + +**--security-opt**=[] + Security Options + + "label:user:USER" : Set the label user for the container + "label:role:ROLE" : Set the label role for the container + "label:type:TYPE" : Set the label type for the container + "label:level:LEVEL" : Set the label level for the container + "label:disable" : Turn off label confinement for the container + +**--sig-proxy**=*true*|*false* + Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. + +**-t**, **--tty**=*true*|*false* + Allocate a pseudo-TTY. The default is *false*. + + When set to true Docker can allocate a pseudo-tty and attach to the standard +input of any container. This can be used, for example, to run a throwaway +interactive shell. The default is value is false. + +The **-t** option is incompatible with a redirection of the docker client +standard input. + +**-u**, **--user**="" + Sets the username or UID used and optionally the groupname or GID for the specified command. + + The followings examples are all valid: + --user [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Without this argument the command will be run as root in the container. + +**-v**, **--volume**=[] + Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) + + The **-v** option can be used one or +more times to add one or more mounts to a container. These mounts can then be +used in other containers using the **--volumes-from** option. + + The volume may be optionally suffixed with :ro or :rw to mount the volumes in +read-only or read-write mode, respectively. By default, the volumes are mounted +read-write. See examples. + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a container. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Docker does not change the labels set by the OS. + +To change a label in the container context, you can add either of two suffixes +`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file +objects on the shared volumes. The `z` option tells Docker that two containers +share the volume content. As a result, Docker labels the content with a shared +content label. Shared volume labels allow all containers to read/write content. +The `Z` option tells Docker to label the content with a private unshared label. +Only the current container can use a private volume. + +Note: Multiple Volume options can be added separated by a "," + +**--volumes-from**=[] + Mount volumes from the specified container(s) + + Mounts already mounted volumes from a source container onto another + container. You must supply the source's container-id. To share + a volume, use the **--volumes-from** option when running + the target container. You can share volumes even if the source container + is not running. + + By default, Docker mounts the volumes in the same mode (read-write or + read-only) as it is mounted in the source container. Optionally, you + can change this by suffixing the container-id with either the `:ro` or + `:rw ` keyword. + + If the location of the volume from the source container overlaps with + data residing on a target container, then the volume hides + that data on the target. + +**-w**, **--workdir**="" + Working directory inside the container + + The default working directory for +running binaries within a container is the root directory (/). The developer can +set a different default with the Dockerfile WORKDIR instruction. The operator +can override the working directory by using the **-w** option. + +# EXAMPLES + +## Exposing log messages from the container to the host's log + +If you want messages that are logged in your container to show up in the host's +syslog/journal then you should bind mount the /dev/log directory as follows. + + # docker run -v /dev/log:/dev/log -i -t fedora /bin/bash + +From inside the container you can test this by sending a message to the log. + + (bash)# logger "Hello from my container" + +Then exit and check the journal. + + # exit + + # journalctl -b | grep Hello + +This should list the message sent to logger. + +## Attaching to one or more from STDIN, STDOUT, STDERR + +If you do not specify -a then Docker will attach everything (stdin,stdout,stderr) +. You can specify to which of the three standard streams (stdin, stdout, stderr) +you’d like to connect instead, as in: + + # docker run -a stdin -a stdout -i -t fedora /bin/bash + +## Sharing IPC between containers + +Using shm_server.c available here: https://www.cs.cf.ac.uk/Dave/C/node27.html + +Testing `--ipc=host` mode: + +Host shows a shared memory segment with 7 pids attached, happens to be from httpd: + +``` + $ sudo ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status + 0x01128e25 0 root 600 1000 7 +``` + +Now run a regular container, and it correctly does NOT see the shared memory segment from the host: + +``` + $ docker run -it shm ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status +``` + +Run a container with the new `--ipc=host` option, and it now sees the shared memory segment from the host httpd: + + ``` + $ docker run -it --ipc=host shm ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status + 0x01128e25 0 root 600 1000 7 +``` +Testing `--ipc=container:CONTAINERID` mode: + +Start a container with a program to create a shared memory segment: +``` + $ docker run -it shm bash + $ sudo shm/shm_server & + $ sudo ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status + 0x0000162e 0 root 666 27 1 +``` +Create a 2nd container correctly shows no shared memory segment from 1st container: +``` + $ docker run shm ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status +``` + +Create a 3rd container using the new --ipc=container:CONTAINERID option, now it shows the shared memory segment from the first: + +``` + $ docker run -it --ipc=container:ed735b2264ac shm ipcs -m + $ sudo ipcs -m + + ------ Shared Memory Segments -------- + key shmid owner perms bytes nattch status + 0x0000162e 0 root 666 27 1 +``` + +## Linking Containers + +The link feature allows multiple containers to communicate with each other. For +example, a container whose Dockerfile has exposed port 80 can be run and named +as follows: + + # docker run --name=link-test -d -i -t fedora/httpd + +A second container, in this case called linker, can communicate with the httpd +container, named link-test, by running with the **--link=:** + + # docker run -t -i --link=link-test:lt --name=linker fedora /bin/bash + +Now the container linker is linked to container link-test with the alias lt. +Running the **env** command in the linker container shows environment variables + with the LT (alias) context (**LT_**) + + # env + HOSTNAME=668231cb0978 + TERM=xterm + LT_PORT_80_TCP=tcp://172.17.0.3:80 + LT_PORT_80_TCP_PORT=80 + LT_PORT_80_TCP_PROTO=tcp + LT_PORT=tcp://172.17.0.3:80 + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + PWD=/ + LT_NAME=/linker/lt + SHLVL=1 + HOME=/ + LT_PORT_80_TCP_ADDR=172.17.0.3 + _=/usr/bin/env + +When linking two containers Docker will use the exposed ports of the container +to create a secure tunnel for the parent to access. + + +## Mapping Ports for External Usage + +The exposed port of an application can be mapped to a host port using the **-p** +flag. For example, a httpd port 80 can be mapped to the host port 8080 using the +following: + + # docker run -p 8080:80 -d -i -t fedora/httpd + +## Creating and Mounting a Data Volume Container + +Many applications require the sharing of persistent data across several +containers. Docker allows you to create a Data Volume Container that other +containers can mount from. For example, create a named container that contains +directories /var/volume1 and /tmp/volume2. The image will need to contain these +directories so a couple of RUN mkdir instructions might be required for you +fedora-data image: + + # docker run --name=data -v /var/volume1 -v /tmp/volume2 -i -t fedora-data true + # docker run --volumes-from=data --name=fedora-container1 -i -t fedora bash + +Multiple --volumes-from parameters will bring together multiple data volumes from +multiple containers. And it's possible to mount the volumes that came from the +DATA container in yet another container via the fedora-container1 intermediary +container, allowing to abstract the actual data source from users of that data: + + # docker run --volumes-from=fedora-container1 --name=fedora-container2 -i -t fedora bash + +## Mounting External Volumes + +To mount a host directory as a container volume, specify the absolute path to +the directory and the absolute path for the container directory separated by a +colon: + + # docker run -v /var/db:/data1 -i -t fedora bash + +When using SELinux, be aware that the host has no knowledge of container SELinux +policy. Therefore, in the above example, if SELinux policy is enforced, the +`/var/db` directory is not writable to the container. A "Permission Denied" +message will occur and an avc: message in the host's syslog. + + +To work around this, at time of writing this man page, the following command +needs to be run in order for the proper SELinux policy type label to be attached +to the host directory: + + # chcon -Rt svirt_sandbox_file_t /var/db + + +Now, writing to the /data1 volume in the container will be allowed and the +changes will also be reflected on the host in /var/db. + +## Using alternative security labeling + +You can override the default labeling scheme for each container by specifying +the `--security-opt` flag. For example, you can specify the MCS/MLS level, a +requirement for MLS systems. Specifying the level in the following command +allows you to share the same content between containers. + + # docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash + +An MLS example might be: + + # docker run --security-opt label:level:TopSecret -i -t rhel7 bash + +To disable the security labeling for this container versus running with the +`--permissive` flag, use the following command: + + # docker run --security-opt label:disable -i -t fedora bash + +If you want a tighter security policy on the processes within a container, +you can specify an alternate type for the container. You could run a container +that is only allowed to listen on Apache ports by executing the following +command: + + # docker run --security-opt label:type:svirt_apache_t -i -t centos bash + +Note: + +You would have to write policy defining a `svirt_apache_t` type. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit diff --git a/man/docker-save.1.md b/man/docker-save.1.md new file mode 100644 index 0000000000..5f336ffd34 --- /dev/null +++ b/man/docker-save.1.md @@ -0,0 +1,45 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-save - Save an image(s) to a tar archive (streamed to STDOUT by default) + +# SYNOPSIS +**docker save** +[**--help**] +[**-o**|**--output**[=*OUTPUT*]] +IMAGE [IMAGE...] + +# DESCRIPTION +Produces a tarred repository to the standard output stream. Contains all +parent layers, and all tags + versions, or specified repo:tag. + +Stream to a file instead of STDOUT by using **-o**. + +# OPTIONS +**--help** + Print usage statement + +**-o**, **--output**="" + Write to a file, instead of STDOUT + +# EXAMPLES + +Save all fedora repository images to a fedora-all.tar and save the latest +fedora image to a fedora-latest.tar: + + $ docker save fedora > fedora-all.tar + $ docker save --output=fedora-latest.tar fedora:latest + $ ls -sh fedora-all.tar + 721M fedora-all.tar + $ ls -sh fedora-latest.tar + 367M fedora-latest.tar + +# See also +**docker-load(1)** to load an image from a tar archive on STDIN. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +November 2014, updated by Sven Dowideit diff --git a/man/docker-search.1.md b/man/docker-search.1.md new file mode 100644 index 0000000000..6316008f50 --- /dev/null +++ b/man/docker-search.1.md @@ -0,0 +1,65 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-search - Search the Docker Hub for images + +# SYNOPSIS +**docker search** +[**--automated**[=*false*]] +[**--help**] +[**--no-trunc**[=*false*]] +[**-s**|**--stars**[=*0*]] +TERM + +# DESCRIPTION + +Search Docker Hub for an image with that matches the specified `TERM`. The table +of images returned displays the name, description (truncated by default), number +of stars awarded, whether the image is official, and whether it is automated. + +*Note* - Search queries will only return up to 25 results + +# OPTIONS +**--automated**=*true*|*false* + Only show automated builds. The default is *false*. + +**--help** + Print usage statement + +**--no-trunc**=*true*|*false* + Don't truncate output. The default is *false*. + +**-s**, **--stars**=0 + Only displays with at least x stars + +# EXAMPLES + +## Search Docker Hub for ranked images + +Search a registry for the term 'fedora' and only display those images +ranked 3 or higher: + + $ docker search -s 3 fedora + NAME DESCRIPTION STARS OFFICIAL AUTOMATED + mattdm/fedora A basic Fedora image corresponding roughly... 50 + fedora (Semi) Official Fedora base image. 38 + mattdm/fedora-small A small Fedora image on which to build. Co... 8 + goldmann/wildfly A WildFly application server running on a ... 3 [OK] + +## Search Docker Hub for automated images + +Search Docker Hub for the term 'fedora' and only display automated images +ranked 1 or higher: + + $ docker search -s 1 -t fedora + NAME DESCRIPTION STARS OFFICIAL AUTOMATED + goldmann/wildfly A WildFly application server running on a ... 3 [OK] + tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK] + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 + diff --git a/man/docker-start.1.md b/man/docker-start.1.md new file mode 100644 index 0000000000..523b315594 --- /dev/null +++ b/man/docker-start.1.md @@ -0,0 +1,34 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-start - Start one or more stopped containers + +# SYNOPSIS +**docker start** +[**-a**|**--attach**[=*false*]] +[**--help**] +[**-i**|**--interactive**[=*false*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +Start one or more stopped containers. + +# OPTIONS +**-a**, **--attach**=*true*|*false* + Attach container's STDOUT and STDERR and forward all signals to the process. The default is *false*. + +**--help** + Print usage statement + +**-i**, **--interactive**=*true*|*false* + Attach container's STDIN. The default is *false*. + +# See also +**docker-stop(1)** to stop a running container. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-stats.1.md b/man/docker-stats.1.md new file mode 100644 index 0000000000..4b48588559 --- /dev/null +++ b/man/docker-stats.1.md @@ -0,0 +1,31 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-stats - Display a live stream of one or more containers' resource usage statistics + +# SYNOPSIS +**docker stats** +[**--help**] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +Display a live stream of one or more containers' resource usage statistics + +# OPTIONS +**--help** + Print usage statement + +**--no-stream**="false" + Disable streaming stats and only pull the first result + +# EXAMPLES + +Run **docker stats** with multiple containers. + + $ docker stats redis1 redis2 + CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O + redis1 0.07% 796 KB/64 MB 1.21% 788 B/648 B + redis2 0.07% 2.746 MB/64 MB 4.29% 1.266 KB/648 B + diff --git a/man/docker-stop.1.md b/man/docker-stop.1.md new file mode 100644 index 0000000000..9b882db49d --- /dev/null +++ b/man/docker-stop.1.md @@ -0,0 +1,30 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-stop - Stop a running container by sending SIGTERM and then SIGKILL after a grace period + +# SYNOPSIS +**docker stop** +[**--help**] +[**-t**|**--time**[=*10*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION +Stop a running container (Send SIGTERM, and then SIGKILL after + grace period) + +# OPTIONS +**--help** + Print usage statement + +**-t**, **--time**=10 + Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. + +#See also +**docker-start(1)** to restart a stopped container. + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-tag.1.md b/man/docker-tag.1.md new file mode 100644 index 0000000000..898ecd8a1c --- /dev/null +++ b/man/docker-tag.1.md @@ -0,0 +1,65 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-tag - Tag an image into a repository + +# SYNOPSIS +**docker tag** +[**-f**|**--force**[=*false*]] +[**--help**] +IMAGE[:TAG] [REGISTRY_HOST/][USERNAME/]NAME[:TAG] + +# DESCRIPTION +Assigns a new alias to an image in a registry. An alias refers to the +entire image name including the optional `TAG` after the ':'. + +If you do not specify a `REGISTRY_HOST`, the command uses Docker's public +registry located at `registry-1.docker.io` by default. + +# "OPTIONS" +**-f**, **--force**=*true*|*false* + When set to true, force the alias. The default is *false*. + +**REGISTRYHOST** + The hostname of the registry if required. This may also include the port +separated by a ':' + +**USERNAME** + The username or other qualifying identifier for the image. + +**NAME** + The image name. + +**TAG** + The tag you are assigning to the image. Though this is arbitrary it is +recommended to be used for a version to distinguish images with the same name. +Note that here TAG is a part of the overall name or "tag". + +# OPTIONS +**-f**, **--force**=*true*|*false* + Force. The default is *false*. + +# EXAMPLES + +## Giving an image a new alias + +Here is an example of aliasing an image (e.g., 0e5574283393) as "httpd" and +tagging it into the "fedora" repository with "version1.0": + + docker tag 0e5574283393 fedora/httpd:version1.0 + +## Tagging an image for a private repository + +To push an image to an private registry and not the central Docker +registry you must tag it with the registry hostname and port (if needed). + + docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit +July 2014, updated by Sven Dowideit +April 2015, updated by Mary Anthony for v2 + diff --git a/man/docker-top.1.md b/man/docker-top.1.md new file mode 100644 index 0000000000..c3bbf883f7 --- /dev/null +++ b/man/docker-top.1.md @@ -0,0 +1,33 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-top - Display the running processes of a container + +# SYNOPSIS +**docker top** +[**--help**] +CONTAINER [ps OPTIONS] + +# DESCRIPTION + +Look up the running process of the container. ps-OPTION can be any of the + options you would pass to a Linux ps command. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + +Run **docker top** with the ps option of -x: + + $ docker top 8601afda2b -x + PID TTY STAT TIME COMMAND + 16623 ? Ss 0:00 sleep 99999 + + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker-unpause.1.md b/man/docker-unpause.1.md new file mode 100644 index 0000000000..466e1bb1a3 --- /dev/null +++ b/man/docker-unpause.1.md @@ -0,0 +1,27 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-unpause - Unpause all processes within a container + +# SYNOPSIS +**docker unpause** +CONTAINER [CONTAINER...] + +# DESCRIPTION + +The `docker unpause` command uses the cgroups freezer to un-suspend all +processes in a container. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +further details. + +# OPTIONS +There are no available options. + +# See also +**docker-pause(1)** to pause all processes within a container. + +# HISTORY +June 2014, updated by Sven Dowideit diff --git a/man/docker-version.1.md b/man/docker-version.1.md new file mode 100644 index 0000000000..9c029b239d --- /dev/null +++ b/man/docker-version.1.md @@ -0,0 +1,15 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-version - Show the Docker version information. + +# SYNOPSIS +**docker version** + + +# OPTIONS +There are no available options. + +# HISTORY +June 2014, updated by Sven Dowideit diff --git a/man/docker-wait.1.md b/man/docker-wait.1.md new file mode 100644 index 0000000000..5f07bacc0e --- /dev/null +++ b/man/docker-wait.1.md @@ -0,0 +1,30 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-wait - Block until a container stops, then print its exit code. + +# SYNOPSIS +**docker wait** +[**--help**] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +Block until a container stops, then print its exit code. + +# OPTIONS +**--help** + Print usage statement + +# EXAMPLES + + $ docker run -d fedora sleep 99 + 079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622 + $ docker wait 079b83f558a2bc + 0 + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) +based on docker.com source material and internal work. +June 2014, updated by Sven Dowideit diff --git a/man/docker.1.md b/man/docker.1.md new file mode 100644 index 0000000000..f77038139a --- /dev/null +++ b/man/docker.1.md @@ -0,0 +1,393 @@ +% DOCKER(1) Docker User Manuals +% William Henry +% APRIL 2014 +# NAME +docker \- Docker image and container command line interface + +# SYNOPSIS +**docker** [OPTIONS] COMMAND [arg...] + +# DESCRIPTION +**docker** has two distinct functions. It is used for starting the Docker +daemon and to run the CLI (i.e., to command the daemon to manage images, +containers etc.) So **docker** is both a server, as a daemon, and a client +to the daemon, through the CLI. + +To run the Docker daemon you do not specify any of the commands listed below but +must specify the **-d** option. The other options listed below are for the +daemon only. + +The Docker CLI has over 30 commands. The commands are listed below and each has +its own man page which explain usage and arguments. + +To see the man page for a command run **man docker **. + +# OPTIONS +**-h**, **--help** + Print usage statement + +**--api-cors-header**="" + Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. + +**-b**, **--bridge**="" + Attach containers to a pre\-existing network bridge; use 'none' to disable container networking + +**--bip**="" + Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b + +**-D**, **--debug**=*true*|*false* + Enable debug mode. Default is false. + +**-d**, **--daemon**=*true*|*false* + Enable daemon mode. Default is false. + +**--default-gateway**="" + IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) + +**--default-gateway-v6**="" + IPv6 address of the container default gateway + +**--dns**="" + Force Docker to use specific DNS servers + +**-e**, **--exec-driver**="" + Force Docker to use specific exec driver. Default is `native`. + +**--exec-opt**=[] + Set exec driver options. See EXEC DRIVER OPTIONS. + +**--exec-root**="" + Path to use as the root of the Docker execdriver. Default is `/var/run/docker`. + +**--fixed-cidr**="" + IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) + +**--fixed-cidr-v6**="" + IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) + +**-G**, **--group**="" + Group to assign the unix socket specified by -H when running in daemon mode. + use '' (the empty string) to disable setting of a group. Default is `docker`. + +**-g**, **--graph**="" + Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. + +**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or +unix://[/path/to/socket] to use. + The socket(s) to bind to in daemon mode specified using one or more + tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + +**--icc**=*true*|*false* + Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true. + +**--ip**="" + Default IP address to use when binding container ports. Default is `0.0.0.0`. + +**--ip-forward**=*true*|*false* + Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. + + This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". + +**--ip-masq**=*true*|*false* + Enable IP masquerading for bridge's IP range. Default is true. + +**--iptables**=*true*|*false* + Enable Docker's addition of iptables rules. Default is true. + +**--ipv6**=*true*|*false* + Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". + +**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" + Set the logging level. Default is `info`. + +**--label**="[]" + Set key=value labels to the daemon (displayed in `docker info`) + +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*none*" + Default driver for container logs. Default is `json-file`. + **Warning**: `docker logs` command works only for `json-file` logging driver. + +**--log-opt**=[] + Logging driver specific options. + +**--mtu**=VALUE + Set the containers network mtu. Default is `0`. + +**-p**, **--pidfile**="" + Path to use for daemon PID file. Default is `/var/run/docker.pid` + +**--registry-mirror**=:// + Prepend a registry mirror to be used for image pulls. May be specified multiple times. + +**-s**, **--storage-driver**="" + Force the Docker runtime to use a specific storage driver. + +**--selinux-enabled**=*true*|*false* + Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. + +**--storage-opt**=[] + Set storage driver options. See STORAGE DRIVER OPTIONS. + +**-tls**=*true*|*false* + Use TLS; implied by --tlsverify. Default is false. + +**-tlsverify**=*true*|*false* + Use TLS and verify the remote (daemon: verify client, client: verify daemon). + Default is false. + +**--userland-proxy**=*true*|*false* + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + +**-v**, **--version**=*true*|*false* + Print version information and quit. Default is false. + +# COMMANDS +**attach** + Attach to a running container + See **docker-attach(1)** for full documentation on the **attach** command. + +**build** + Build an image from a Dockerfile + See **docker-build(1)** for full documentation on the **build** command. + +**commit** + Create a new image from a container's changes + See **docker-commit(1)** for full documentation on the **commit** command. + +**cp** + Copy files/folders from a container's filesystem to the host + See **docker-cp(1)** for full documentation on the **cp** command. + +**create** + Create a new container + See **docker-create(1)** for full documentation on the **create** command. + +**diff** + Inspect changes on a container's filesystem + See **docker-diff(1)** for full documentation on the **diff** command. + +**events** + Get real time events from the server + See **docker-events(1)** for full documentation on the **events** command. + +**exec** + Run a command in a running container + See **docker-exec(1)** for full documentation on the **exec** command. + +**export** + Stream the contents of a container as a tar archive + See **docker-export(1)** for full documentation on the **export** command. + +**history** + Show the history of an image + See **docker-history(1)** for full documentation on the **history** command. + +**images** + List images + See **docker-images(1)** for full documentation on the **images** command. + +**import** + Create a new filesystem image from the contents of a tarball + See **docker-import(1)** for full documentation on the **import** command. + +**info** + Display system-wide information + See **docker-info(1)** for full documentation on the **info** command. + +**inspect** + Return low-level information on a container or image + See **docker-inspect(1)** for full documentation on the **inspect** command. + +**kill** + Kill a running container (which includes the wrapper process and everything +inside it) + See **docker-kill(1)** for full documentation on the **kill** command. + +**load** + Load an image from a tar archive + See **docker-load(1)** for full documentation on the **load** command. + +**login** + Register or login to a Docker Registry + See **docker-login(1)** for full documentation on the **login** command. + +**logout** + Log the user out of a Docker Registry + See **docker-logout(1)** for full documentation on the **logout** command. + +**logs** + Fetch the logs of a container + See **docker-logs(1)** for full documentation on the **logs** command. + +**pause** + Pause all processes within a container + See **docker-pause(1)** for full documentation on the **pause** command. + +**port** + Lookup the public-facing port which is NAT-ed to PRIVATE_PORT + See **docker-port(1)** for full documentation on the **port** command. + +**ps** + List containers + See **docker-ps(1)** for full documentation on the **ps** command. + +**pull** + Pull an image or a repository from a Docker Registry + See **docker-pull(1)** for full documentation on the **pull** command. + +**push** + Push an image or a repository to a Docker Registry + See **docker-push(1)** for full documentation on the **push** command. + +**restart** + Restart a running container + See **docker-restart(1)** for full documentation on the **restart** command. + +**rm** + Remove one or more containers + See **docker-rm(1)** for full documentation on the **rm** command. + +**rmi** + Remove one or more images + See **docker-rmi(1)** for full documentation on the **rmi** command. + +**run** + Run a command in a new container + See **docker-run(1)** for full documentation on the **run** command. + +**save** + Save an image to a tar archive + See **docker-save(1)** for full documentation on the **save** command. + +**search** + Search for an image in the Docker index + See **docker-search(1)** for full documentation on the **search** command. + +**start** + Start a stopped container + See **docker-start(1)** for full documentation on the **start** command. + +**stats** + Display a live stream of one or more containers' resource usage statistics + See **docker-stats(1)** for full documentation on the **stats** command. + +**stop** + Stop a running container + See **docker-stop(1)** for full documentation on the **stop** command. + +**tag** + Tag an image into a repository + See **docker-tag(1)** for full documentation on the **tag** command. + +**top** + Lookup the running processes of a container + See **docker-top(1)** for full documentation on the **top** command. + +**unpause** + Unpause all processes within a container + See **docker-unpause(1)** for full documentation on the **unpause** command. + +**version** + Show the Docker version information + See **docker-version(1)** for full documentation on the **version** command. + +**wait** + Block until a container stops, then print its exit code + See **docker-wait(1)** for full documentation on the **wait** command. + +# STORAGE DRIVER OPTIONS + +Options to storage backend can be specified with **--storage-opt** flags. The +only backend which currently takes options is *devicemapper*. Therefore use these +flags with **-s=**devicemapper. + +Here is the list of *devicemapper* options: + +#### dm.basesize +Specifies the size to use when creating the base device, which limits the size +of images and containers. The default value is 10G. Note, thin devices are +inherently "sparse", so a 10G device which is mostly empty doesn't use 10 GB +of space on the pool. However, the filesystem will use more space for the empty +case the larger the device is. **Warning**: This value affects the system-wide +"base" empty filesystem that may already be initialized and inherited by pulled +images. + +#### dm.loopdatasize +Specifies the size to use when creating the loopback file for the "data" +device which is used for the thin pool. The default size is 100G. Note that the +file is sparse, so it will not initially take up this much space. + +#### dm.loopmetadatasize +Specifies the size to use when creating the loopback file for the "metadadata" +device which is used for the thin pool. The default size is 2G. Note that the +file is sparse, so it will not initially take up this much space. + +#### dm.fs +Specifies the filesystem type to use for the base device. The supported +options are "ext4" and "xfs". The default is "ext4" + +#### dm.mkfsarg +Specifies extra mkfs arguments to be used when creating the base device. + +#### dm.mountopt +Specifies extra mount options used when mounting the thin devices. + +#### dm.datadev +Specifies a custom blockdevice to use for data for the thin pool. + +If using a block device for device mapper storage, ideally both datadev and +metadatadev should be specified to completely avoid using the loopback device. + +#### dm.metadatadev +Specifies a custom blockdevice to use for metadata for the thin pool. + +For best performance the metadata should be on a different spindle than the +data, or even better on an SSD. + +If setting up a new metadata pool it is required to be valid. This can be +achieved by zeroing the first 4k to indicate empty metadata, like this: + + dd if=/dev/zero of=/dev/metadata_dev bs=4096 count=1 + +#### dm.blocksize +Specifies a custom blocksize to use for the thin pool. The default blocksize +is 64K. + +#### dm.blkdiscard +Enables or disables the use of blkdiscard when removing devicemapper devices. +This is enabled by default (only) if using loopback devices and is required to +resparsify the loopback file on image/container removal. + +Disabling this on loopback can lead to *much* faster container removal times, +but will prevent the space used in `/var/lib/docker` directory from being returned to +the system for other use when containers are removed. + +# EXAMPLES +Launching docker daemon with *devicemapper* backend with particular block devices +for data and metadata: + + docker -d -s=devicemapper \ + --storage-opt dm.datadev=/dev/vdb \ + --storage-opt dm.metadatadev=/dev/vdc \ + --storage-opt dm.basesize=20G + +# EXEC DRIVER OPTIONS + +Use the **--exec-opt** flags to specify options to the exec-driver. The only +driver that accepts this flag is the *native* (libcontainer) driver. As a +result, you must also specify **-s=**native for this option to have effect. The +following is the only *native* option: + +#### native.cgroupdriver +Specifies the management of the container's `cgroups`. You can specify +`cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the +system uses `cgroupfs`. + +#### Client +For specific client examples please see the man page for the specific Docker +command. For example: + + man docker-run + +# HISTORY +April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. diff --git a/man/md2man-all.sh b/man/md2man-all.sh new file mode 100755 index 0000000000..97c65c93bc --- /dev/null +++ b/man/md2man-all.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +# get into this script's directory +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +[ "$1" = '-q' ] || { + set -x + pwd +} + +for FILE in *.md; do + base="$(basename "$FILE")" + name="${base%.md}" + num="${name##*.}" + if [ -z "$num" -o "$name" = "$num" ]; then + # skip files that aren't of the format xxxx.N.md (like README.md) + continue + fi + mkdir -p "./man${num}" + go-md2man -in "$FILE" -out "./man${num}/${name}" +done From 5f9164db1463f1edf12c8fc3882f207d950beb36 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Thu, 11 Jun 2015 12:48:01 -0700 Subject: [PATCH 0663/2538] Updating with fix for first line and the vieux/amy comment on website Signed-off-by: Mary Anthony --- experimental/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/experimental/README.md b/experimental/README.md index 0933e7eca0..c8a02cb9b2 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -1,6 +1,6 @@ # Docker Experimental Features - This page contains a list of features in the Docker engine which are +This page contains a list of features in the Docker engine which are experimental. Experimental features are **not** ready for production. They are provided for test and evaluation in your sandbox environments. @@ -11,7 +11,7 @@ please feel free to provide any feedback on these features you wish. ## Install Docker experimental -Unlike the regular Docker binary, the experimental channels is built and updated nightly on https://experimental.docker.com. From one day to the next, new features may appear, while existing experimental features may be refined or entirely removed. +Unlike the regular Docker binary, the experimental channels is built and updated nightly on TO.BE.ANNOUNCED. From one day to the next, new features may appear, while existing experimental features may be refined or entirely removed. 1. Verify that you have `wget` installed. From 6e8bfc5d5efd61bbd883a93abc7f5c90d6ff3fb9 Mon Sep 17 00:00:00 2001 From: "Brian (bex) Exelbierd" Date: Mon, 8 Jun 2015 14:30:33 +0200 Subject: [PATCH 0664/2538] Update man page Dockerfile to use go-md2man v1.0.1 and go-lang 1.4 The main Dockerfile to was updated - this update brings the sub-directory specific file inline with it. Fixes #12866 Signed-off-by: Brian Exelbierd --- man/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/Dockerfile b/man/Dockerfile index 9910bd48f9..33e515d85c 100644 --- a/man/Dockerfile +++ b/man/Dockerfile @@ -1,7 +1,7 @@ -FROM golang:1.3 +FROM golang:1.4 RUN mkdir -p /go/src/github.com/cpuguy83 RUN mkdir -p /go/src/github.com/cpuguy83 \ - && git clone -b v1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ + && git clone -b v1.0.1 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ && cd /go/src/github.com/cpuguy83/go-md2man \ && go get -v ./... CMD ["/go/bin/go-md2man", "--help"] From 097c3c2e8e75f4e73fd1a68c5c4260fa89f863a5 Mon Sep 17 00:00:00 2001 From: Amy Lindburg Date: Tue, 9 Jun 2015 22:20:48 -0700 Subject: [PATCH 0665/2538] Update plugins.md Fixed broken link. Signed-off-by: Amy Lindburg Update plugins.md Some other broken links! Signed-off-by: Amy Lindburg Update plugin_api.md FIxing broken links. Signed-off-by: Amy Lindburg Update plugins_volume.md Fixing more links. Signed-off-by: Amy Lindburg --- experimental/plugin_api.md | 4 ++-- experimental/plugins.md | 6 +++--- experimental/plugins_volume.md | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/experimental/plugin_api.md b/experimental/plugin_api.md index ad83ffd0a5..9309b28468 100644 --- a/experimental/plugin_api.md +++ b/experimental/plugin_api.md @@ -5,9 +5,9 @@ Docker Engine. This page is intended for people who want to develop their own Docker plugin. If you just want to learn about or use Docker plugins, look -[here](/userguide/plugins). +[here](/experimental/plugins.md). -This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](experimental.md). +This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](README.md). ## What plugins are diff --git a/experimental/plugins.md b/experimental/plugins.md index 0b7ca42a2c..9ba4f92963 100644 --- a/experimental/plugins.md +++ b/experimental/plugins.md @@ -3,12 +3,12 @@ You can extend the capabilities of the Docker Engine by loading third-party plugins. -This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](experimental.md). +This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](README.md). ## Types of plugins Plugins extend Docker's functionality. They come in specific types. For -example, a [volume plugin](/experimental/plugins_volume) might enable Docker +example, a [volume plugin](/experimental/plugins_volume.md) might enable Docker volumes to persist across multiple Docker hosts. Currently Docker supports volume plugins. In the future it will support @@ -35,7 +35,7 @@ of the plugin for help. The Docker team may not be able to assist you. ## Writing a plugin If you are interested in writing a plugin for Docker, or seeing how they work -under the hood, see the [docker plugins reference](/experimental/plugin_api). +under the hood, see the [docker plugins reference](/experimental/plugin_api.md). # Related GitHub PRs and issues diff --git a/experimental/plugins_volume.md b/experimental/plugins_volume.md index fe2ab0dc45..cc74796fbf 100644 --- a/experimental/plugins_volume.md +++ b/experimental/plugins_volume.md @@ -2,10 +2,10 @@ Docker volume plugins enable Docker deployments to be integrated with external storage systems, such as Amazon EBS, and enable data volumes to persist beyond -the lifetime of a single Docker host. See the [plugin documentation](/experimental/plugins) +the lifetime of a single Docker host. See the [plugin documentation](/experimental/plugins.md) for more information. -This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](experimental.md). +This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](README.md). # Command-line changes From 2b50e0f8524120276b118e55c8f0c9f8225846a6 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sat, 13 Jun 2015 09:21:50 -0700 Subject: [PATCH 0666/2538] Carry of PR #13520 Removinig files Signed-off-by: Mary Anthony --- docs/README.md | 1 + docs/sources/reference/commandline/cli.md | 14 +++++++------- docs/sources/reference/glossary.md | 2 +- experimental/README.md | 2 +- man/docker-build.1.md | 4 ++-- man/docker-create.1.md | 2 +- 6 files changed, 13 insertions(+), 12 deletions(-) diff --git a/docs/README.md b/docs/README.md index 9cdb20984a..f22ae49efa 100755 --- a/docs/README.md +++ b/docs/README.md @@ -288,3 +288,4 @@ project. + diff --git a/docs/sources/reference/commandline/cli.md b/docs/sources/reference/commandline/cli.md index 3b98c6fcd9..7f632e149a 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/sources/reference/commandline/cli.md @@ -698,13 +698,13 @@ to any of the files in the context. For example, your build can use an [*ADD*](/reference/builder/#add) instruction to reference a file in the context. -The `URL` parameter can specify the location of a Git repository; the -repository acts as the build context. The system recursively clones the -repository and its submodules using a `git clone --depth 1 --recursive` -command. This command runs in a temporary directory on your local host. After -the command succeeds, the directory is sent to the Docker daemon as the -context. Local clones give you the ability to access private repositories using -local user credentials, VPN's, and so forth. +The `URL` parameter can specify the location of a Git repository; the repository +acts as the build context. The system recursively clones the repository and its +submodules using a `git clone --depth 1 --recursive` command. This command runs +in a temporary directory on your local host. After the command succeeds, the +directory is sent to the Docker daemon as the context. Local clones give you the +ability to access private repositories using local user credentials, VPNs, and +so forth. Git URLs accept context configuration in their fragment section, separated by a colon `:`. The first part represents the reference that Git will check out, diff --git a/docs/sources/reference/glossary.md b/docs/sources/reference/glossary.md index d33d015693..c04f27d548 100644 --- a/docs/sources/reference/glossary.md +++ b/docs/sources/reference/glossary.md @@ -90,7 +90,7 @@ Docker and its components. It provides the following services: - Docker image hosting - User authentication - Automated image builds and work-flow tools such as build triggers and web hooks -- Integration with GitHub and BitBucket +- Integration with GitHub and Bitbucket ## Dockerfile diff --git a/experimental/README.md b/experimental/README.md index c8a02cb9b2..b129ec72d0 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -4,7 +4,7 @@ This page contains a list of features in the Docker engine which are experimental. Experimental features are **not** ready for production. They are provided for test and evaluation in your sandbox environments. -The information below describes each feature and the Github pull requests and +The information below describes each feature and the GitHub pull requests and issues associated with it. If necessary, links are provided to additional documentation on an issue. As an active Docker user and community member, please feel free to provide any feedback on these features you wish. diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 7a5ceab0e2..089091789e 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -200,9 +200,9 @@ into account Docker community conventions. ## Building an image using a URL -This will clone the specified Github repository from the URL and use it +This will clone the specified GitHub repository from the URL and use it as context. The Dockerfile at the root of the repository is used as -Dockerfile. This only works if the Github repository is a dedicated +Dockerfile. This only works if the GitHub repository is a dedicated repository. docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 939fcbc1cf..3882fbf031 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -91,7 +91,7 @@ The initial status of the container created with **docker create** is 'created'. **--cgroup-parent**="" Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. -**--cpu-peroid**=0 +**--cpu-period**=0 Limit the CPU CFS (Completely Fair Scheduler) period **--cpuset-cpus**="" From bd7b88932c3623fb7621958c2354d29fadab660b Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Wed, 27 May 2015 15:31:06 +0800 Subject: [PATCH 0667/2538] Add --net=container with --publish --publish-all --expose error out Signed-off-by: Lei Jitang --- docs/sources/reference/run.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/sources/reference/run.md b/docs/sources/reference/run.md index db0a7d5def..084af75c02 100644 --- a/docs/sources/reference/run.md +++ b/docs/sources/reference/run.md @@ -319,7 +319,8 @@ With the networking mode set to `container` a container will share the network stack of another container. The other container's name must be provided in the format of `--net container:`. Note that `--add-host` `--hostname` `--dns` `--dns-search` and `--mac-address` is invalid -in `container` netmode. +in `container` netmode, and `--publish` `--publish-all` `--expose` are also +invalid in `container` netmode. Example running a Redis container with Redis binding to `localhost` then running the `redis-cli` command and connecting to the Redis server over the From d1d033701ef163c950bfb68059ef0267aba20e3f Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sun, 7 Jun 2015 20:07:20 -0700 Subject: [PATCH 0668/2538] retooling for hugo Tweaking for Hugo Updating the Dockerfile with new sed; fix broken link on Kitematic Fixing image pull for Dockerfile Removing docs targets Signed-off-by: Mary Anthony --- docs/README.md | 6 +++ docs/{sources => }/reference/builder.md | 12 ++++-- .../reference/commandline/cli.md | 12 ++++-- .../reference/commandline/docker_images.gif | Bin docs/{sources => }/reference/glossary.md | 13 ++++-- docs/{sources => }/reference/run.md | 12 ++++-- man/README.md | 37 ++++++------------ 7 files changed, 56 insertions(+), 36 deletions(-) rename docs/{sources => }/reference/builder.md (99%) rename docs/{sources => }/reference/commandline/cli.md (99%) rename docs/{sources => }/reference/commandline/docker_images.gif (100%) rename docs/{sources => }/reference/glossary.md (96%) rename docs/{sources => }/reference/run.md (99%) diff --git a/docs/README.md b/docs/README.md index f22ae49efa..b8d50c8d91 100755 --- a/docs/README.md +++ b/docs/README.md @@ -1,3 +1,9 @@ + + # Docker Documentation The source for Docker documentation is in this directory under `sources/`. Our diff --git a/docs/sources/reference/builder.md b/docs/reference/builder.md similarity index 99% rename from docs/sources/reference/builder.md rename to docs/reference/builder.md index 16f918d26a..89b7602656 100644 --- a/docs/sources/reference/builder.md +++ b/docs/reference/builder.md @@ -1,6 +1,12 @@ -page_title: Dockerfile reference -page_description: Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image. -page_keywords: builder, docker, Dockerfile, automation, image creation + # Dockerfile reference diff --git a/docs/sources/reference/commandline/cli.md b/docs/reference/commandline/cli.md similarity index 99% rename from docs/sources/reference/commandline/cli.md rename to docs/reference/commandline/cli.md index 7f632e149a..89d0c90a99 100644 --- a/docs/sources/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -1,6 +1,12 @@ -page_title: Command Line Interface -page_description: Docker's CLI command description and usage -page_keywords: Docker, Docker documentation, CLI, command line + # Docker Command Line diff --git a/docs/sources/reference/commandline/docker_images.gif b/docs/reference/commandline/docker_images.gif similarity index 100% rename from docs/sources/reference/commandline/docker_images.gif rename to docs/reference/commandline/docker_images.gif diff --git a/docs/sources/reference/glossary.md b/docs/reference/glossary.md similarity index 96% rename from docs/sources/reference/glossary.md rename to docs/reference/glossary.md index c04f27d548..1e2f2884b5 100644 --- a/docs/sources/reference/glossary.md +++ b/docs/reference/glossary.md @@ -1,6 +1,13 @@ -page_title: Docker Glossary -page_description: Glossary of terms used around Docker -page_keywords: glossary, docker, terms, definitions + # Glossary diff --git a/docs/sources/reference/run.md b/docs/reference/run.md similarity index 99% rename from docs/sources/reference/run.md rename to docs/reference/run.md index 084af75c02..6b0b568dfd 100644 --- a/docs/sources/reference/run.md +++ b/docs/reference/run.md @@ -1,6 +1,12 @@ -page_title: Docker run reference -page_description: Configure containers at runtime -page_keywords: docker, run, configure, runtime + # Docker run reference -**Docker runs processes in isolated containers**. When an operator -executes `docker run`, she starts a process with its own file system, -its own networking, and its own isolated process tree. The -[*Image*](/reference/glossary/#image) which starts the process may define -defaults related to the binary to run, the networking to expose, and -more, but `docker run` gives additional control to the operator who starts -the container from the image. That's the main reason -[*run*](/reference/commandline/run) has more options than any -other `docker` command. +Docker runs processes in isolated containers. A container is a process +which runs on a host. The host may be local or remote. When an operator +executes `docker run`, the container process that runs is isolated in +that it has its own file system, its own networking, and its own +isolated process tree separate from the host. + +This page details how to use the `docker run` command to define the +container's resources at runtime. ## General form @@ -32,27 +31,33 @@ The basic `docker run` command takes this form: $ docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...] -To learn how to interpret the types of `[OPTIONS]`, -see [*Option types*](/reference/commandline/cli/#option-types). - -The `run` options control the image's runtime behavior in a container. These -settings affect: +The `docker run` command must specify an [*IMAGE*](/reference/glossary/#image) +to derive the container from. An image developer can define image +defaults related to: * detached or foreground running * container identification * network settings * runtime constraints on CPU and memory * privileges and LXC configuration - -An image developer may set defaults for these same settings when she creates the -image using the `docker build` command. Operators can use the `run` options to override most of the -defaults set by the developer. And, operators can override nearly all the defaults set by the Docker runtime itself. -Finally, depending on your Docker system configuration, you may be required to -preface each `docker` command with `sudo`. To avoid having to use `sudo` with -the `docker` command, your system administrator can create a Unix group called -`docker` and add users to it. For more information about this configuration, -refer to the Docker installation documentation for your operating system. +With the `docker run [OPTIONS]` an operator can add to or override the +image defaults set by a developer. And, additionally, operators can +override nearly all the defaults set by the Docker runtime itself. The +operator's ability to override image and Docker runtime defaults is why +[*run*](/reference/commandline/cli/run/) has more options than any +other `docker` command. + +To learn how to interpret the types of `[OPTIONS]`, see [*Option +types*](/reference/commandline/cli/#option-types). + +> **Note**: Depending on your Docker system configuration, you may be +> required to preface the `docker run` command with `sudo`. To avoid +> having to use `sudo` with the `docker` command, your system +> administrator can create a Unix group called `docker` and add users to +> it. For more information about this configuration, refer to the Docker +> installation documentation for your operating system. + ## Operator exclusive options @@ -971,45 +976,59 @@ or two examples of how to pass more parameters to that ENTRYPOINT: ### EXPOSE (incoming ports) -The Dockerfile doesn't give much control over networking, only providing -the `EXPOSE` instruction to specify incoming ports that provide services. The following `run` command options work with container networking: - --expose=[]: Expose a port or a range of ports from the container, - in addition to ports exposed by the `EXPOSE` Dockerfile instruction + --expose=[]: Expose a port or a range of ports inside the container. + These are additional to those exposed by the `EXPOSE` instruction -P=false : Publish all exposed ports to the host interfaces -p=[] : Publish a container᾿s port or a range of ports to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort - Both hostPort and containerPort can be specified as a range of ports. - When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) - When specifying a range for hostPort only, the containerPort must not be a range. In this case the container port is published somewhere within the specified hostPort range. (e.g., `-p 1234-1236:1234/tcp`) + Both hostPort and containerPort can be specified as a + range of ports. When specifying ranges for both, the + number of container ports in the range must match the + number of host ports in the range, for example: + -p 1234-1236:1234-1236/tcp + + When specifying a range for hostPort only, the + containerPort must not be a range. In this case the + container port is published somewhere within the + specified hostPort range. (e.g., `-p 1234-1236:1234/tcp`) + (use 'docker port' to see the actual mapping) + --link="" : Add link to another container (:alias or ) -As mentioned previously, `EXPOSE` (and `--expose`) makes ports available -**in** a container for incoming connections. The port number on the -inside of the container (where the service listens) does not need to be -the same number as the port exposed on the outside of the container -(where clients connect), so inside the container you might have an HTTP -service listening on port 80 (and so you `EXPOSE 80` in the Dockerfile), -but outside the container the port might be 42800. +With the exception of the `EXPOSE` directive, an image developer hasn't +got much control over networking. The `EXPOSE` instruction defines the +initial incoming ports that provide services. These ports are available +to processes inside the container. An operator can use the `--expose` +option to add to the exposed ports. -To help a new client container reach the server container's internal -port operator `--expose`'d by the operator or `EXPOSE`'d by the -developer, the operator has three choices: start the server container -with `-P` or `-p,` or start the client container with `--link`. +To expose a container's internal port, an operator can start the +container with the `-P` or `-p` flag. The exposed port is accessible on +the host and the ports are available to any client that can reach the +host. -If the operator uses `-P` or `-p` then Docker will make the exposed port -accessible on the host and the ports will be available to any client that can -reach the host. When using `-P`, Docker will bind the exposed port to a random -port on the host within an *ephemeral port range* defined by -`/proc/sys/net/ipv4/ip_local_port_range`. To find the mapping between the host -ports and the exposed ports, use `docker port`. +The `-P` option publishes all the ports to the host interfaces. Docker +binds each exposed port to a random port on the host. The range of +ports are within an *ephemeral port range* defined by +`/proc/sys/net/ipv4/ip_local_port_range`. Use the `-p` flag to +explicitly map a single port or range of ports. -If the operator uses `--link` when starting the new client container, +The port number inside the container (where the service listens) does +not need to match the port number exposed on the outside of the +container (where clients connect). For example, inside the container an +HTTP service is listening on port 80 (and so the image developer +specifies `EXPOSE 80` in the Dockerfile). At runtime, the port might be +bound to 42800 on the host. To find the mapping between the host ports +and the exposed ports, use `docker port`. + +If the operator uses `--link` when starting a new client container, then the client container can access the exposed port via a private -networking interface. Docker will set some environment variables in the -client container to help indicate which interface and port to use. +networking interface. Docker will set some environment variables in the +client container to help indicate which interface and port to use. For +more information on linking, see [the guide on linking container +together](/userguide/dockerlinks/) ### ENV (environment variables) From 1c26439cbbc3c807e012f9875b9ec85eff064024 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Wed, 19 Aug 2015 09:35:52 -0400 Subject: [PATCH 0815/2538] add -H to SYNOPSIS man-history Signed-off-by: Sally O'Malley --- man/docker-history.1.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/man/docker-history.1.md b/man/docker-history.1.md index 268e378d06..247d6503ee 100644 --- a/man/docker-history.1.md +++ b/man/docker-history.1.md @@ -7,6 +7,7 @@ docker-history - Show the history of an image # SYNOPSIS **docker history** [**--help**] +[**-H**|**--human**[=*true*]] [**--no-trunc**[=*false*]] [**-q**|**--quiet**[=*false*]] IMAGE @@ -19,7 +20,7 @@ Show the history of when and how an image was created. **--help** Print usage statement -**-H**. **--human**=*true*|*false* +**-H**, **--human**=*true*|*false* Print sizes and dates in human readable format. The default is *true*. **--no-trunc**=*true*|*false* From 91502290a556047b51628c2c19de4566f5416bce Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Wed, 19 Aug 2015 09:59:44 -0400 Subject: [PATCH 0816/2538] fix format man-commit Signed-off-by: Sally O'Malley --- man/docker-commit.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-commit.1.md b/man/docker-commit.1.md index 329bc0c663..b17b37c6bc 100644 --- a/man/docker-commit.1.md +++ b/man/docker-commit.1.md @@ -8,7 +8,7 @@ docker-commit - Create a new image from a container's changes **docker commit** [**-a**|**--author**[=*AUTHOR*]] [**--help**] -[**-c**|**--change**[= []**]] +[**-c**|**--change**[=\[*DOCKERFILE INSTRUCTIONS*\]]] [**-m**|**--message**[=*MESSAGE*]] [**-p**|**--pause**[=*true*]] CONTAINER [REPOSITORY[:TAG]] From 90cf0587f1a63be081760ce9851f8117233cd503 Mon Sep 17 00:00:00 2001 From: He Simei Date: Thu, 20 Aug 2015 18:26:17 +0800 Subject: [PATCH 0817/2538] specify the docker run --rm action Signed-off-by: He Simei --- docs/reference/run.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index caab5b4c94..f011e22879 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -463,6 +463,10 @@ the container exits**, you can add the `--rm` flag: --rm=false: Automatically remove the container when it exits (incompatible with -d) +> **Note**: When you set the `--rm` flag, Docker also removes the volumes +associated with the container when the container is removed. This is similar +to running `docker rm -v my-container`. + ## Security configuration --security-opt="label:user:USER" : Set the label user for the container --security-opt="label:role:ROLE" : Set the label role for the container From 573177566594df21bfaa86a0dfb30c7feb57ecbb Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 19 Aug 2015 23:56:55 +0800 Subject: [PATCH 0818/2538] Add support for kernel memory limit Signed-off-by: Qiang Huang --- contrib/completion/bash/docker | 1 + docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 1 + docs/reference/run.md | 77 ++++++++++++++++++++++++++-- man/docker-create.1.md | 10 ++++ man/docker-run.1.md | 10 ++++ 6 files changed, 97 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0df25bf6e2..8de381d346 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1075,6 +1075,7 @@ _docker_run() { --group-add --hostname -h --ipc + --kernel-memory --label-file --label -l --link diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 8c093f18eb..fd7db14e6f 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -40,6 +40,7 @@ Creates a new container. --help=false Print usage -i, --interactive=false Keep STDIN open even if not attached --ipc="" IPC namespace to use + --kernel-memory="" Kernel memory limit -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) --label-file=[] Read in a line delimited file of labels --link=[] Add link to another container diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index ab900d41b9..e563ab6382 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -40,6 +40,7 @@ weight=1 --help=false Print usage -i, --interactive=false Keep STDIN open even if not attached --ipc="" IPC namespace to use + --kernel-memory="" Kernel memory limit -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) --label-file=[] Read in a file of labels (EOL delimited) --link=[] Add link to another container diff --git a/docs/reference/run.md b/docs/reference/run.md index f011e22879..036918901d 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -517,6 +517,7 @@ container: |----------------------------|---------------------------------------------------------------------------------------------| | `-m`, `--memory="" ` | Memory limit (format: `[]`, where unit = b, k, m or g) | | `--memory-swap=""` | Total memory limit (memory + swap, format: `[]`, where unit = b, k, m or g) | +| `--kernel-memory=""` | Kernel memory limit (format: `[]`, where unit = b, k, m or g) | | `-c`, `--cpu-shares=0` | CPU shares (relative weight) | | `--cpu-period=0` | Limit the CPU CFS (Completely Fair Scheduler) period | | `--cpuset-cpus="" ` | CPUs in which to allow execution (0-3, 0,1) | @@ -526,9 +527,9 @@ container: | `--oom-kill-disable=false` | Whether to disable OOM Killer for the container or not. | | `--memory-swappiness="" ` | Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. | -### Memory constraints +### User memory constraints -We have four ways to set memory usage: +We have four ways to set user memory usage: @@ -576,7 +577,7 @@ We have four ways to set memory usage:
-### Examples +Examples: $ docker run -ti ubuntu:14.04 /bin/bash @@ -620,6 +621,76 @@ The following example, illustrates a dangerous way to use the flag: The container has unlimited memory which can cause the host to run out memory and require killing system processes to free memory. +### Kernel memory constraints + +Kernel memory is fundamentally different than user memory as kernel memory can't +be swapped out. The inability to swap makes it possible for the container to +block system services by consuming too much kernel memory. Kernel memory includes: + + - stack pages + - slab pages + - sockets memory pressure + - tcp memory pressure + +You can setup kernel memory limit to constrain these kinds of memory. For example, +every process consumes some stack pages. By limiting kernel memory, you can +prevent new processes from being created when the kernel memory usage is too high. + +Kernel memory is never completely independent of user memory. Instead, you limit +kernel memory in the context of the user memory limit. Assume "U" is the user memory +limit and "K" the kernel limit. There are three possible ways to set limits: + + + + + + + + + + + + + + + + + + + + + + +
OptionResult
U != 0, K = inf (default) + This is the standard memory limitation mechanism already present before using + kernel memory. Kernel memory is completely ignored. +
U != 0, K < U + Kernel memory is a subset of the user memory. This setup is useful in + deployments where the total amount of memory per-cgroup is overcommited. + Overcommiting kernel memory limits is definitely not recommended, since the + box can still run out of non-reclaimable memory. + In this case, the you can configure K so that the sum of all groups is + never greater than the total memory. Then, freely set U at the expense of + the system's service quality. +
U != 0, K > U + Since kernel memory charges are also fed to the user counter and reclaimation + is triggered for the container for both kinds of memory. This configuration + gives the admin a unified view of memory. It is also useful for people + who just want to track kernel memory usage. +
+ +Examples: + + $ docker run -ti -m 500M --kernel-memory 50M ubuntu:14.04 /bin/bash + +We set memory and kernel memory, so the processes in the container can use +500M memory in total, in this 500M memory, it can be 50M kernel memory tops. + + $ docker run -ti --kernel-memory 50M ubuntu:14.04 /bin/bash + +We set kernel memory without **-m**, so the processes in the container can +use as much memory as they want, but they can only use 50M kernel memory. + ### Swappiness constraint By default, a container's kernel can swap out a percentage of anonymous pages. diff --git a/man/docker-create.1.md b/man/docker-create.1.md index dd968400c8..c4243fa100 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -30,6 +30,7 @@ docker-create - Create a new container [**--help**] [**-i**|**--interactive**[=*false*]] [**--ipc**[=*IPC*]] +[**--kernel-memory**[=*KERNEL-MEMORY*]] [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] @@ -148,6 +149,15 @@ two memory nodes. 'container:': reuses another container shared memory, semaphores and message queues 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +**--kernel-memory**="" + Kernel memory limit (format: `[]`, where unit = b, k, m or g) + + Constrains the kernel memory available to a container. If a limit of 0 +is specified (not using `--kernel-memory`), the container's kernel memory +is not limited. If you specify a limit, it may be rounded up to a multiple +of the operating system's page size and the value can be very large, +millions of trillions. + **-l**, **--label**=[] Adds metadata to a container (e.g., --label=com.example.key=value) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index d48e412573..de48ba1bf6 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -31,6 +31,7 @@ docker-run - Run a command in a new container [**--help**] [**-i**|**--interactive**[=*false*]] [**--ipc**[=*IPC*]] +[**--kernel-memory**[=*KERNEL-MEMORY*]] [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] @@ -242,6 +243,15 @@ ENTRYPOINT. **-l**, **--label**=[] Set metadata on the container (e.g., --label com.example.key=value) +**--kernel-memory**="" + Kernel memory limit (format: `[]`, where unit = b, k, m or g) + + Constrains the kernel memory available to a container. If a limit of 0 +is specified (not using `--kernel-memory`), the container's kernel memory +is not limited. If you specify a limit, it may be rounded up to a multiple +of the operating system's page size and the value can be very large, +millions of trillions. + **--label-file**=[] Read in a line delimited file of labels From e7d0fd2b237cacf5f0ac7e1eab4c591220d36688 Mon Sep 17 00:00:00 2001 From: Rory Hunter Date: Thu, 30 Jul 2015 15:09:24 +0100 Subject: [PATCH 0819/2538] Make run and rmi bash completions configurable Allow the user to configure how Docker's bash completion works for the "events", "history", "inspect", "run", "rmi" and "save" commands through the following environment variables: DOCKER_COMPLETION_SHOW_IMAGE_IDS "none" - Show names only (default) "non-intermediate" - Show names and ids, but omit intermediate image IDs "all" - Show names and ids, including intermediate image IDs DOCKER_COMPLETION_SHOW_TAGS "yes" - include tags in completion options (default) "no" - don't include tags in completion options Fixes #9474. Signed-off-by: Rory Hunter --- contrib/completion/bash/docker | 71 +++++++++++++++++++++++++++------- 1 file changed, 57 insertions(+), 14 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8de381d346..59b7b64399 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -14,6 +14,22 @@ # - copy this file to e.g. ~/.docker-completion.sh and add the line # below to your .bashrc after bash completion features are loaded # . ~/.docker-completion.sh +# +# Configuration: +# +# You can tailor completion for the "events", "history", "inspect", "run", +# "rmi" and "save" commands by settings the following environment +# variables: +# +# DOCKER_COMPLETION_SHOW_IMAGE_IDS +# "none" - Show names only (default) +# "non-intermediate" - Show names and ids, but omit intermediate image IDs +# "all" - Show names and ids, including intermediate image IDs +# +# DOCKER_COMPLETION_SHOW_TAGS +# "yes" - include tags in completion options (default) +# "no" - don't include tags in completion options + # # Note: # Currently, the completions will not work if the docker daemon is not @@ -70,6 +86,40 @@ __docker_container_ids() { COMPREPLY=( $(compgen -W "${containers[*]}" -- "$cur") ) } +__docker_images() { + local images_args="" + + case "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" in + all) + images_args="--no-trunc -a" + ;; + non-intermediate) + images_args="--no-trunc" + ;; + esac + + local repo_print_command + if [ "${DOCKER_COMPLETION_SHOW_TAGS:-yes}" = "yes" ]; then + repo_print_command='print $1; print $1":"$2' + else + repo_print_command='print $1' + fi + + local awk_script + case "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" in + all|non-intermediate) + awk_script='NR>1 { print $3; if ($1 != "") { '"$repo_print_command"' } }' + ;; + none|*) + awk_script='NR>1 && $1 != "" { '"$repo_print_command"' }' + ;; + esac + + local images=$(__docker_q images $images_args | awk "$awk_script") + COMPREPLY=( $(compgen -W "$images" -- "$cur") ) + __ltrim_colon_completions "$cur" +} + __docker_image_repos() { local repos="$(__docker_q images | awk 'NR>1 && $1 != "" { print $1 }')" COMPREPLY=( $(compgen -W "$repos" -- "$cur") ) @@ -81,16 +131,10 @@ __docker_image_repos_and_tags() { __ltrim_colon_completions "$cur" } -__docker_image_repos_and_tags_and_ids() { - local images="$(__docker_q images -a --no-trunc | awk 'NR>1 { print $3; if ($1 != "") { print $1; print $1":"$2 } }')" - COMPREPLY=( $(compgen -W "$images" -- "$cur") ) - __ltrim_colon_completions "$cur" -} - __docker_containers_and_images() { __docker_containers_all local containers=( "${COMPREPLY[@]}" ) - __docker_image_repos_and_tags_and_ids + __docker_images COMPREPLY+=( "${containers[@]}" ) } @@ -655,7 +699,7 @@ _docker_events() { ;; *image=*) cur="${cur#=}" - __docker_image_repos_and_tags_and_ids + __docker_images return ;; esac @@ -713,7 +757,7 @@ _docker_history() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags_and_ids + __docker_images fi ;; esac @@ -806,7 +850,7 @@ _docker_inspect() { __docker_containers_all ;; image) - __docker_image_repos_and_tags_and_ids + __docker_images ;; esac esac @@ -1046,7 +1090,7 @@ _docker_rmi() { COMPREPLY=( $( compgen -W "--force -f --help --no-prune" -- "$cur" ) ) ;; *) - __docker_image_repos_and_tags_and_ids + __docker_images ;; esac } @@ -1256,9 +1300,8 @@ _docker_run() { ;; *) local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) ) - if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags_and_ids + __docker_images fi ;; esac @@ -1277,7 +1320,7 @@ _docker_save() { COMPREPLY=( $( compgen -W "--help --output -o" -- "$cur" ) ) ;; *) - __docker_image_repos_and_tags_and_ids + __docker_images ;; esac } From b64dba4262ead201961d775aeecb0841da43254d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexandre=20Gonz=C3=A1lez?= Date: Mon, 24 Aug 2015 10:44:08 +0100 Subject: [PATCH 0820/2538] Fix broken links at plugins documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Álex González --- docs/extend/plugins.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 847d844967..d171feaf23 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -17,7 +17,7 @@ plugins. ## Types of plugins Plugins extend Docker's functionality. They come in specific types. For -example, a [volume plugin](/extend/plugins_volume) might enable Docker +example, a [volume plugin](/docs/extend/plugins_volume.md) might enable Docker volumes to persist across multiple Docker hosts. Currently Docker supports volume and network driver plugins. In the future it @@ -62,4 +62,4 @@ of the plugin for help. The Docker team may not be able to assist you. ## Writing a plugin If you are interested in writing a plugin for Docker, or seeing how they work -under the hood, see the [docker plugins reference](/extend/plugin_api). +under the hood, see the [docker plugins reference](/docs/extend/plugin_api.md). From 445e4600f2e561bf83e055892f9b7711925f80d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Gonz=C3=A1lez?= Date: Mon, 24 Aug 2015 11:45:31 +0100 Subject: [PATCH 0821/2538] Revert "Fix broken links at plugins documentation" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 354147df012dd35f82e59e3511d9be4fc7610352. Signed-off-by: Álex González --- docs/extend/plugins.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index d171feaf23..847d844967 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -17,7 +17,7 @@ plugins. ## Types of plugins Plugins extend Docker's functionality. They come in specific types. For -example, a [volume plugin](/docs/extend/plugins_volume.md) might enable Docker +example, a [volume plugin](/extend/plugins_volume) might enable Docker volumes to persist across multiple Docker hosts. Currently Docker supports volume and network driver plugins. In the future it @@ -62,4 +62,4 @@ of the plugin for help. The Docker team may not be able to assist you. ## Writing a plugin If you are interested in writing a plugin for Docker, or seeing how they work -under the hood, see the [docker plugins reference](/docs/extend/plugin_api.md). +under the hood, see the [docker plugins reference](/extend/plugin_api). From b243bbed9c752aa77e7738c959a6653c3604e790 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Fri, 21 Aug 2015 21:29:52 -0700 Subject: [PATCH 0822/2538] Change all optional unit to [unit] As suggested before, we should change every signal one. Signed-off-by: Qiang Huang --- contrib/completion/fish/docker.fish | 8 ++++---- man/docker-create.1.md | 4 ++-- man/docker-run.1.md | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index e146ae6cf3..9a32f8c64e 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -134,9 +134,9 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interac complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of :alias' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l lxc-conf -d '(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: , where unit = b, k, m or g)" +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' @@ -321,9 +321,9 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactiv complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of :alias' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l lxc-conf -d '(lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1"' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: , where unit = b, k, m or g)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: , where unit = b, k, m or g)" +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' diff --git a/man/docker-create.1.md b/man/docker-create.1.md index c4243fa100..06965332dd 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -179,7 +179,7 @@ millions of trillions. (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" **-m**, **--memory**="" - Memory limit (format: , where unit = b, k, m or g) + Memory limit (format: [], where unit = b, k, m or g) Allows you to constrain the memory available to a container. If the host supports swap memory, then the **-m** memory setting can be larger than physical @@ -193,7 +193,7 @@ system's page size (the value would be very large, that's millions of trillions) **--memory-swap**="" Total memory limit (memory + swap) - Set `-1` to disable swap (format: , where unit = b, k, m or g). + Set `-1` to disable swap (format: [], where unit = b, k, m or g). This value should always larger than **-m**, so you should always use this with **-m**. **--memory-swappiness**="" diff --git a/man/docker-run.1.md b/man/docker-run.1.md index de48ba1bf6..b49c9b69d6 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -276,7 +276,7 @@ which interface and port to use. Logging driver specific options. **-m**, **--memory**="" - Memory limit (format: , where unit = b, k, m or g) + Memory limit (format: [], where unit = b, k, m or g) Allows you to constrain the memory available to a container. If the host supports swap memory, then the **-m** memory setting can be larger than physical @@ -287,7 +287,7 @@ system's page size (the value would be very large, that's millions of trillions) **--memory-swap**="" Total memory limit (memory + swap) - Set `-1` to disable swap (format: , where unit = b, k, m or g). + Set `-1` to disable swap (format: [], where unit = b, k, m or g). This value should always larger than **-m**, so you should always use this with **-m**. **--mac-address**="" From e1733b4db6c8f9bc1e7717a6a32502bbd79eebdf Mon Sep 17 00:00:00 2001 From: Florian Klein Date: Sun, 12 Jul 2015 13:22:53 +0200 Subject: [PATCH 0823/2538] explain how to make it work on awazon ec2. Signed-off-by: Klein Florian --- experimental/compose_swarm_networking.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/experimental/compose_swarm_networking.md b/experimental/compose_swarm_networking.md index 570f0be7f9..b3e734feed 100644 --- a/experimental/compose_swarm_networking.md +++ b/experimental/compose_swarm_networking.md @@ -19,7 +19,8 @@ Before you start, you’ll need to install the experimental build of Docker, and - To install Compose, follow the instructions [here](http://docs.docker.com/compose/install/). -You’ll also need a [Docker Hub](https://hub.docker.com/account/signup/) account and a [Digital Ocean](https://www.digitalocean.com/) account. +You’ll also need a [Docker Hub](https://hub.docker.com/account/signup/) account and a [Digital Ocean](https://www.digitalocean.com/) account. +It works with the amazonec2 driver as well (by adapting the commands accordingly), except you'll need to manually open the ports 8500 (consul) and 7946 (serf) by editing the inbound rules of the corresponding security group. ## Set up a swarm with multi-host networking From df39b0146b3add588db1c4cbaeb849d0707265a8 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Wed, 5 Aug 2015 14:09:08 -0700 Subject: [PATCH 0824/2538] Add unless-stopped restart policy Fixes #11008 Signed-off-by: Tonis Tiigi --- docs/reference/commandline/create.md | 2 +- docs/reference/commandline/run.md | 13 +++++++++++-- docs/reference/run.md | 11 ++++++++++- man/docker-create.1.md | 2 +- man/docker-run.1.md | 2 +- 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index fd7db14e6f..74d5185a34 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -59,7 +59,7 @@ Creates a new container. --pid="" PID namespace to use --privileged=false Give extended privileges to this container --read-only=false Mount the container's root filesystem as read only - --restart="no" Restart policy (no, on-failure[:max-retry], always) + --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) --security-opt=[] Security options -t, --tty=false Allocate a pseudo-TTY --disable-content-trust=true Skip image verification diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index e563ab6382..6ee97906d9 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -59,7 +59,7 @@ weight=1 --pid="" PID namespace to use --privileged=false Give extended privileges to this container --read-only=false Mount the container's root filesystem as read only - --restart="no" Restart policy (no, on-failure[:max-retry], always) + --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) --rm=false Automatically remove the container when it exits --security-opt=[] Security Options --sig-proxy=true Proxy received signals to the process @@ -441,7 +441,16 @@ Docker supports the following restart policies: Always restart the container regardless of the exit status. When you specify always, the Docker daemon will try to restart - the container indefinitely. + the container indefinitely. The container will also always start + on daemon startup, regardless of the current state of the container. + + + + unless-stopped + + Always restart the container regardless of the exit status, but + do not start it on daemon startup if the container has been put + to a stopped state before. diff --git a/docs/reference/run.md b/docs/reference/run.md index 036918901d..1dfef0c70f 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -402,7 +402,16 @@ Docker supports the following restart policies: Always restart the container regardless of the exit status. When you specify always, the Docker daemon will try to restart - the container indefinitely. + the container indefinitely. The container will also always start + on daemon startup, regardless of the current state of the container. + + + + unless-stopped + + Always restart the container regardless of the exit status, but + do not start it on daemon startup if the container has been put + to a stopped state before. diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 06965332dd..13ea642441 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -234,7 +234,7 @@ This value should always larger than **-m**, so you should always use this with Mount the container's root filesystem as read only. **--restart**="no" - Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). **--security-opt**=[] Security Options diff --git a/man/docker-run.1.md b/man/docker-run.1.md index b49c9b69d6..7fb9d0f162 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -370,7 +370,7 @@ to write files anywhere. By specifying the `--read-only` flag the container wil its root filesystem mounted as read only prohibiting any writes. **--restart**="no" - Restart policy to apply when a container exits (no, on-failure[:max-retry], always) + Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). **--rm**=*true*|*false* Automatically remove the container when it exits (incompatible with -d). The default is *false*. From a5c18a853e1e481003c143a5985972137078bbba Mon Sep 17 00:00:00 2001 From: Ed Costello Date: Mon, 24 Aug 2015 23:02:44 -0400 Subject: [PATCH 0825/2538] Copy edits for typos Signed-off-by: Ed Costello --- docs/reference/run.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 1dfef0c70f..2ad18b57b2 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -668,8 +668,8 @@ limit and "K" the kernel limit. There are three possible ways to set limits: U != 0, K < U Kernel memory is a subset of the user memory. This setup is useful in - deployments where the total amount of memory per-cgroup is overcommited. - Overcommiting kernel memory limits is definitely not recommended, since the + deployments where the total amount of memory per-cgroup is overcommitted. + Overcommitting kernel memory limits is definitely not recommended, since the box can still run out of non-reclaimable memory. In this case, the you can configure K so that the sum of all groups is never greater than the total memory. Then, freely set U at the expense of @@ -679,7 +679,7 @@ limit and "K" the kernel limit. There are three possible ways to set limits: U != 0, K > U - Since kernel memory charges are also fed to the user counter and reclaimation + Since kernel memory charges are also fed to the user counter and reclamation is triggered for the container for both kinds of memory. This configuration gives the admin a unified view of memory. It is also useful for people who just want to track kernel memory usage. From a5f2ecff80bd3e14501ca6322d42951c372e1dce Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Tue, 25 Aug 2015 11:57:17 -0700 Subject: [PATCH 0826/2538] Update plugins.md Add Convoy to Docker plugin list. Signed-off-by: Sheng Yang --- docs/extend/plugins.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 847d844967..30d6ec8172 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -37,6 +37,11 @@ The following plugins exist: environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. +* The [Convoy plugin](https://github.com/rancher/convoy) is a volume plugin for a + variety of storage back-ends including device mapper and NFS. It's a simple standalone + executable written in Go and provides the framework to support vendor-specific extensions + such as snapshots, backups and restore. + * The [Flocker plugin](https://clusterhq.com/docker-plugin/) is a volume plugin which provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster From f4060b1f65cc038c39d4fd69e313308a804e13d1 Mon Sep 17 00:00:00 2001 From: Taylor Jones Date: Thu, 20 Aug 2015 04:01:50 +0000 Subject: [PATCH 0827/2538] adding message option to the import subcommand Signed-off-by: Taylor Jones --- docs/reference/commandline/import.md | 5 +++++ man/docker-import.1.md | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/reference/commandline/import.md b/docs/reference/commandline/import.md index 20c790d21d..92bf878a1c 100644 --- a/docs/reference/commandline/import.md +++ b/docs/reference/commandline/import.md @@ -18,6 +18,7 @@ weight=1 optionally tag it. -c, --change=[] Apply specified Dockerfile instructions while importing the image + -m, --message= Set commit message for imported image You can specify a `URL` or `-` (dash) to take data directly from `STDIN`. The `URL` can point to an archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) @@ -46,6 +47,10 @@ Import to docker via pipe and `STDIN`. $ cat exampleimage.tgz | docker import - exampleimagelocal:new +Import with a commit message + + $ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new + Import to docker from a local archive. $ docker import /path/to/exampleimage.tgz diff --git a/man/docker-import.1.md b/man/docker-import.1.md index 5ac686677b..b812b83068 100644 --- a/man/docker-import.1.md +++ b/man/docker-import.1.md @@ -7,6 +7,7 @@ docker-import - Create an empty filesystem image and import the contents of the # SYNOPSIS **docker import** [**-c**|**--change**[= []**]] +[**-m**|**--message**[=*MESSAGE*]] [**--help**] file|URL|- [REPOSITORY[:TAG]] @@ -15,6 +16,9 @@ file|URL|- [REPOSITORY[:TAG]] Apply specified Dockerfile instructions while importing the image Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` +**-m**, **--message**="" + Set commit message for imported image + # DESCRIPTION Create a new filesystem image from the contents of a tarball (`.tar`, `.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it. @@ -35,6 +39,10 @@ Import to docker via pipe and stdin: # cat exampleimage.tgz | docker import - example/imagelocal +Import with a commit message + + # cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new + Import to a Docker image from a local file. # docker import /path/to/exampleimage.tgz From 1f10226bfd1aed4967be22f86ee122f4d565f799 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 12 Jun 2015 09:25:32 -0400 Subject: [PATCH 0828/2538] Add volume API/CLI Signed-off-by: Brian Goff --- docs/extend/plugins_volume.md | 4 +- docs/reference/commandline/ps.md | 2 +- docs/reference/commandline/volume_create.md | 42 ++++++++++++++++ docs/reference/commandline/volume_inspect.md | 39 +++++++++++++++ docs/reference/commandline/volume_ls.md | 34 +++++++++++++ docs/reference/commandline/volume_rm.md | 22 +++++++++ man/docker-volume-create.1.md | 51 ++++++++++++++++++++ man/docker-volume-inspect.1.md | 26 ++++++++++ man/docker-volume-ls.1.md | 27 +++++++++++ man/docker-volume-rm.1.md | 24 +++++++++ 10 files changed, 269 insertions(+), 2 deletions(-) create mode 100644 docs/reference/commandline/volume_create.md create mode 100644 docs/reference/commandline/volume_inspect.md create mode 100644 docs/reference/commandline/volume_ls.md create mode 100644 docs/reference/commandline/volume_rm.md create mode 100644 man/docker-volume-create.1.md create mode 100644 man/docker-volume-inspect.1.md create mode 100644 man/docker-volume-ls.1.md create mode 100644 man/docker-volume-rm.1.md diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 2752039d15..41c4dd2194 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -52,13 +52,15 @@ containers. **Request**: ``` { - "Name": "volume_name" + "Name": "volume_name", + "Opts": {} } ``` Instruct the plugin that the user wants to create a volume, given a user specified volume name. The plugin does not need to actually manifest the volume on the filesystem yet (until Mount is called). +Opts is a map of driver specific options passed through from the user request. **Response**: ``` diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 02df110e45..82677a3ada 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -40,7 +40,7 @@ Running `docker ps --no-trunc` showing 2 linked containers. ## Filtering -The filtering flag (`-f` or `--filter)` format is a `key=value` pair. If there is more +The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) The currently supported filters are: diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md new file mode 100644 index 0000000000..52216df2e8 --- /dev/null +++ b/docs/reference/commandline/volume_create.md @@ -0,0 +1,42 @@ + + +# volume create + + Usage: docker volume create [OPTIONS] + + Create a volume + + -d, --driver=local Specify volume driver name + --help=false Print usage + --name= Specify volume name + -o, --opt=map[] Set driver specific options + +Creates a new volume that containers can can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: + + $ docker volume create --name hello + hello + $ docker run -d -v hello:/world busybox ls /world + +The mount is created inside the container's `/src` directory. Docker does not support relative paths for mount points inside the container. + +Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data. + +## Driver specific options + +Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options: + + $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey + +These options are passed directly to the volume driver. Options for +different volume drivers may do different things (or nothing at all). + +*Note*: The built-in `local` volume driver does not currently accept any options. + diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md new file mode 100644 index 0000000000..f002636593 --- /dev/null +++ b/docs/reference/commandline/volume_inspect.md @@ -0,0 +1,39 @@ + + +# volume inspect + + Usage: docker volume inspect [OPTIONS] [VOLUME NAME] + + Inspect a volume + + -f, --format= Format the output using the given go template. + +Returns information about a volume. By default, this command renders all results +in a JSON array. You can specify an alternate format to execute a given template +is executed for each result. Go's +[text/template](http://golang.org/pkg/text/template/) package describes all the +details of the format. + +Example output: + + $ docker volume create + 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d + $ docker volume inspect 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d + [ + { + "Name": "85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d", + "Driver": "local", + "Mountpoint": "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data" + } + ] + + $ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d + "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data" diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md new file mode 100644 index 0000000000..63e98a47d5 --- /dev/null +++ b/docs/reference/commandline/volume_ls.md @@ -0,0 +1,34 @@ + + +# volume ls + + Usage: docker volume ls [OPTIONS] + + List volumes + + -f, --filter=[] Provide filter values (i.e. 'dangling=true') + --help=false Print usage + -q, --quiet=false Only display volume names + +Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. The filtering format is a `key=value` pair. To specify more than one filter, pass multiple flags (for example, `--filter "foo=bar" --filter "bif=baz"`) + +There is a single supported filter `dangling=value` which takes a boolean of `true` or `false`. + +Example output: + + $ docker volume create --name rose + rose + $docker volume create --name tyler + tyler + $ docker volume ls + DRIVER VOLUME NAME + local rose + local tyler diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md new file mode 100644 index 0000000000..9b83909a9b --- /dev/null +++ b/docs/reference/commandline/volume_rm.md @@ -0,0 +1,22 @@ + + +# volume rm + + Usage: docker volume rm [OPTIONS] [VOLUME NAME] + + Remove a volume + + --help=false Print usage + +Removes a volume. You cannot remove a volume that is in use by a container. + + $ docker volume rm hello + hello diff --git a/man/docker-volume-create.1.md b/man/docker-volume-create.1.md new file mode 100644 index 0000000000..37089e4d98 --- /dev/null +++ b/man/docker-volume-create.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JULY 2015 +# NAME +docker-volume-create - Create a new volume + +# SYNOPSIS +**docker volume create** +[**-d**|**--driver**[=*local*]] +[**--name**[=**]] +[**-o**|**--opt**[=**]] + +[OPTIONS] + +# DESCRIPTION + +Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: + + ``` + $ docker volume create --name hello + hello + $ docker run -d -v hello:/world busybox ls /world + ``` + +The mount is created inside the container's `/src` directory. Docker doesn't not support relative paths for mount points inside the container. + +Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data. + +## Driver specific options + +Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options: + + ``` + $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey + ``` + +These options are passed directly to the volume driver. Options for +different volume drivers may do different things (or nothing at all). + +*Note*: The built-in `local` volume driver does not currently accept any options. + +# OPTIONS +**-d**, **--driver**=[] + Specify volume driver name +**--name**="" + Specify volume name +**-o**, **--opt**=map[] + Set driver specific options + +# HISTORY +July 2015, created by Brian Goff diff --git a/man/docker-volume-inspect.1.md b/man/docker-volume-inspect.1.md new file mode 100644 index 0000000000..cc9d753bdb --- /dev/null +++ b/man/docker-volume-inspect.1.md @@ -0,0 +1,26 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JULY 2015 +# NAME +docker-volume-inspect - Get low-level information about a volume + +# SYNOPSIS +**docker volume inspect** +[**-f**|**--format**[=**]] + +[OPTIONS] [VOLUME NAME] + +# DESCRIPTION + +Returns information about a volume. By default, this command renders all results +in a JSON array. You can specify an alternate format to execute a given template +is executed for each result. Go's +http://golang.org/pkg/text/template/ package describes all the details of the +format. + +# OPTIONS +**-f**, **--format**="" + Format the output using the given go template. + +# HISTORY +July 2015, created by Brian Goff diff --git a/man/docker-volume-ls.1.md b/man/docker-volume-ls.1.md new file mode 100644 index 0000000000..785fd62550 --- /dev/null +++ b/man/docker-volume-ls.1.md @@ -0,0 +1,27 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JULY 2015 +# NAME +docker-volume-ls - List all volumes + +# SYNOPSIS +**docker volume ls** +[**-f**|**--filter**[=**]] +[**-q**|**--quiet**[=**]] + +[OPTIONS] + +# DESCRIPTION + +Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. The filtering format is a `key=value` pair. To specify more than one filter, pass multiple flags (for example, `--filter "foo=bar" --filter "bif=baz"`) + +There is a single supported filter `dangling=value` which takes a boolean of `true` or `false`. + +# OPTIONS +**-f**, **--filter**="" + Provide filter values (i.e. 'dangling=true') +**-q**, **--quiet**=false + Only display volume names + +# HISTORY +July 2015, created by Brian Goff diff --git a/man/docker-volume-rm.1.md b/man/docker-volume-rm.1.md new file mode 100644 index 0000000000..ff7c6d3168 --- /dev/null +++ b/man/docker-volume-rm.1.md @@ -0,0 +1,24 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JULY 2015 +# NAME +docker-volume-rm - Remove a volume + +# SYNOPSIS +**docker volume rm** + +[OPTIONS] [VOLUME NAME] + +# DESCRIPTION + +Removes a volume. You cannot remove a volume that is in use by a container. + + ``` + $ docker volume rm hello + hello + ``` + +# OPTIONS + +# HISTORY +July 2015, created by Brian Goff From 6d275805ade97403928321f609797f456db82c67 Mon Sep 17 00:00:00 2001 From: John Howard Date: Tue, 25 Aug 2015 10:05:46 -0700 Subject: [PATCH 0829/2538] Builder counts from 1 Signed-off-by: John Howard --- docs/reference/commandline/build.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 037003d9be..633d1132de 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -110,9 +110,9 @@ There should be informational output of the reason for failure output to $ docker build -t fail . Sending build context to Docker daemon 2.048 kB Sending build context to Docker daemon - Step 0 : FROM busybox + Step 1 : FROM busybox ---> 4986bf8c1536 - Step 1 : RUN exit 13 + Step 2 : RUN exit 13 ---> Running in e26670ec7a0a INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13 $ echo $? @@ -167,9 +167,9 @@ you must use `--rm=false`. This does not affect the build cache. $ docker build . Uploading context 18.829 MB Uploading context - Step 0 : FROM busybox + Step 1 : FROM busybox ---> 769b9341d937 - Step 1 : CMD echo Hello world + Step 2 : CMD echo Hello world ---> Using cache ---> 99cc1ad10469 Successfully built 99cc1ad10469 @@ -177,9 +177,9 @@ you must use `--rm=false`. This does not affect the build cache. $ docker build . Uploading context 6.76 MB Uploading context - Step 0 : FROM busybox + Step 1 : FROM busybox ---> 769b9341d937 - Step 1 : CMD echo Hello world + Step 2 : CMD echo Hello world ---> Using cache ---> 99cc1ad10469 Successfully built 99cc1ad10469 From 898614f30a9441dc741ed6b9f49ac8fba378fa1b Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 27 Aug 2015 08:47:03 +0200 Subject: [PATCH 0830/2538] Update filtering chapters on ps/images references Signed-off-by: Vincent Demeester --- docs/reference/commandline/images.md | 26 +++++++- docs/reference/commandline/ps.md | 99 +++++++++++++++++++++++++++- 2 files changed, 122 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index 8490e95722..6e979937a6 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -123,7 +123,7 @@ The currently supported filters are: * dangling (boolean - true or false) * label (`label=` or `label==`) -##### Untagged images +##### Untagged images (dangling) $ docker images --filter "dangling=true" @@ -155,3 +155,27 @@ Ready for use by `docker rmi ...`, like: NOTE: Docker will warn you if any containers exist that are using these untagged images. +##### Labeled images + +The `label` filter matches images based on the presence of a `label` alone or a `label` and a +value. + +The following filter matches images with the `com.example.version` label regardless of its value. + + $ docker images --filter "label=com.example.version" + + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + match-me-1 latest eeae25ada2aa About a minute ago 188.3 MB + match-me-2 latest eeae25ada2aa About a minute ago 188.3 MB + +The following filter matches images with the `com.example.version` label with the `1.0` value. + + $ docker images --filter "label=com.example.version=1.0" + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + match-me latest eeae25ada2aa About a minute ago 188.3 MB + +In this example, with the `0.1` value, it returns an empty set because no matches were found. + + $ docker images --filter "label=com.example.version=0.1" + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 82677a3ada..0e3335483b 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -51,7 +51,47 @@ The currently supported filters are: * exited (int - the code of exited containers. Only useful with `--all`) * status (created|restarting|running|paused|exited) -## Successfully exited containers + +#### Label + +The `label` filter matches containers based on the presence of a `label` alone or a `label` and a +value. + +The following filter matches containers with the `color` label regardless of its value. + + $ docker ps --filter "label=color" + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 673394ef1d4c busybox "top" 47 seconds ago Up 45 seconds nostalgic_shockley + d85756f57265 busybox "top" 52 seconds ago Up 51 seconds high_albattani + +The following filter matches containers with the `color` label with the `blue` value. + + $ docker ps --filter "label=color=blue" + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + d85756f57265 busybox "top" About a minute ago Up About a minute high_albattani + +#### Name + +The `name` filter matches on all or part of a container's name. + +The following filter matches all containers with a name containing the `nostalgic_stallman` string. + + $ docker ps --filter "name=nostalgic_stallman" + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 9b6247364a03 busybox "top" 2 minutes ago Up 2 minutes nostalgic_stallman + +You can also filter for a substring in a name as this shows: + + $ docker ps --filter "name=nostalgic" + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 715ebfcee040 busybox "top" 3 seconds ago Up 1 seconds i_am_nostalgic + 9b6247364a03 busybox "top" 7 minutes ago Up 7 minutes nostalgic_stallman + 673394ef1d4c busybox "top" 38 minutes ago Up 38 minutes nostalgic_shockley + +#### Exited + +The `exited` filter matches containers by exist status code. For example, to filter for containers +that have exited successfully: $ docker ps -a --filter 'exited=0' CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES @@ -59,7 +99,62 @@ The currently supported filters are: 106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani 48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds -This shows all the containers that have exited with status of '0' +#### Status + +The `status` filter matches containers by status. You can filter using `created`, `restarting`, `running`, `paused` and `exited`. For example, to filter for `running` containers: + + $ docker ps --filter status=running + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 715ebfcee040 busybox "top" 16 minutes ago Up 16 minutes i_am_nostalgic + d5c976d3c462 busybox "top" 23 minutes ago Up 23 minutes top + 9b6247364a03 busybox "top" 24 minutes ago Up 24 minutes nostalgic_stallman + +To filter for `paused` containers: + + $ docker ps --filter status=paused + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 673394ef1d4c busybox "top" About an hour ago Up About an hour (Paused) nostalgic_shockley + +#### Ancestor + +The `ancestor` filter matches containers based on its image or a descendant of it. The filter supports the +following image representation: + +- image +- image:tag +- image:tag@digest +- short-id +- full-id + +If you don't specify a `tag`, the `latest` tag is used. For example, to filter for containers that use the +latest `ubuntu` image: + + $ docker ps --filter ancestor=ubuntu + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace + 5d1e4a540723 ubuntu-c2 "top" About a minute ago Up About a minute admiring_sammet + 82a598284012 ubuntu "top" 3 minutes ago Up 3 minutes sleepy_bose + bab2a34ba363 ubuntu "top" 3 minutes ago Up 3 minutes focused_yonath + +Match containers based on the `ubuntu-c1` image which, in this case, is a child of `ubuntu`: + + $ docker ps --filter ancestor=ubuntu-c1 + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace + +Match containers based on the `ubuntu` version `12.04.5` image: + + $ docker ps --filter ancestor=ubuntu:12.04.5 + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose + +The following matches containers based on the layer `d0e008c6cf02` or an image that have this layer +in it's layer stack. + + $ docker ps --filter ancestor=d0e008c6cf02 + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose + ## Formatting From 23effb34d74b3847032e2f2bde20881639871f0a Mon Sep 17 00:00:00 2001 From: Dharmit Shah Date: Sun, 23 Aug 2015 18:08:50 +0530 Subject: [PATCH 0831/2538] Added note about process interaction with container in detached mode Signed-off-by: Dharmit Shah Added note about process interaction with container in detached mode Signed-off-by: Dharmit Shah --- docs/reference/run.md | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 2ad18b57b2..bcb4ed32e2 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -87,12 +87,30 @@ default foreground mode: ### Detached (-d) -In detached mode (`-d=true` or just `-d`), all I/O should be done -through network connections or shared volumes because the container is -no longer listening to the command line where you executed `docker run`. -You can reattach to a detached container with `docker` -[*attach*](/reference/commandline/attach). If you choose to run a -container in the detached mode, then you cannot use the `--rm` option. +To start a container in detached mode, you use `-d=true` or just `-d` option. By +design, containers started in detached mode exit when the root process used to +run the container exits. A container in detached mode cannot be automatically +removed when it stops, this means you cannot use the `--rm` option with `-d` option. + +Do not pass a `service x start` command to a detached container. For example, this +command attempts to start the `nginx` service. + + $ docker run -d -p 80:80 my_image service nginx start + +This succeeds in starting the `nginx` service inside the container. However, it +fails the detached container paradigm in that, the root process (`service nginx +start`) returns and the detached container stops as designed. As a result, the +`nginx` service is started but could not be used. Instead, to start a process +such as the `nginx` web server do the following: + + $ docker run -d -p 80:80 my_image nginx -g 'daemon off;' + +To do input/output with a detached container use network connections or shared +volumes. These are required because the container is no longer listening to the +command line where `docker run` was run. + +To reattach to a detached container, use `docker` +[*attach*](/reference/commandline/attach) command. ### Foreground From 67f663c7bfeab238aea0e6611b56326ca34ea4da Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 20 Aug 2015 09:57:15 +0200 Subject: [PATCH 0832/2538] Add 'ancestor' ps filter for image Makes it possible to filter containers by image, using --filter=ancestor=busybox and get all the container running busybox image and image based on busybox (to the bottom). Signed-off-by: Vincent Demeester --- docs/reference/commandline/ps.md | 1 + man/docker-ps.1.md | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 0e3335483b..328cac76b4 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -50,6 +50,7 @@ The currently supported filters are: * name (container's name) * exited (int - the code of exited containers. Only useful with `--all`) * status (created|restarting|running|paused|exited) +* ancestor (`[:]`, `` or ``) - filters containers that were created from the given image or a descendant. #### Label diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index 0fdf7ccc93..5e21926d73 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -41,6 +41,8 @@ the running containers. status=(created|restarting|running|paused|exited) name= - container's name id= - container's ID + ancestor=([:tag]||) - filters containers that were + created from the given image or a descendant. **-l**, **--latest**=*true*|*false* Show only the latest created container, include non-running ones. The default is *false*. From d05294bae4c14ea6ebfbacb666245ac7eb324ea0 Mon Sep 17 00:00:00 2001 From: Jordan Date: Tue, 25 Aug 2015 16:59:12 -0700 Subject: [PATCH 0833/2538] ubuntu-14-10-x64 is not a valid image on digital ocean Signed-off-by: Jordan Jennings --- experimental/compose_swarm_networking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/compose_swarm_networking.md b/experimental/compose_swarm_networking.md index b3e734feed..305833a131 100644 --- a/experimental/compose_swarm_networking.md +++ b/experimental/compose_swarm_networking.md @@ -50,7 +50,7 @@ Next, you create a Swarm master with Machine: docker-machine --debug create \ -d digitalocean \ - --digitalocean-image="ubuntu-14-10-x64" \ + --digitalocean-image="ubuntu-14-04-x64" \ --engine-install-url="https://experimental.docker.com" \ --engine-opt="default-network=overlay:multihost" \ --engine-opt="kv-store=consul:$(docker-machine ip consul):8500" \ From 8387eacedeb2c9c9a7712e6d54e1332c518c8dfb Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 28 Aug 2015 20:56:52 +0200 Subject: [PATCH 0834/2538] Update shell completion on docker ps for ancestor Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 59b7b64399..cc6fb3b4df 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -965,7 +965,7 @@ _docker_ps() { __docker_containers_all ;; --filter|-f) - COMPREPLY=( $( compgen -S = -W "exited id label name status" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "ancestor exited id label name status" -- "$cur" ) ) compopt -o nospace return ;; From d5394a0d5fdf2ad126daaa93f61c9ec94165f80f Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Tue, 4 Aug 2015 14:33:00 -0400 Subject: [PATCH 0835/2538] Warning message for lvm devmapper running on top of loopback devices Signed-off-by: Shishir Mahajan --- docs/reference/commandline/daemon.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 6ad15ede4c..632857c94c 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -192,6 +192,12 @@ options for `zfs` start with `zfs`. resize support, dynamically changing thin-pool features, automatic thinp metadata checking when lvm activates the thin-pool, etc. + As a fallback if no thin pool is provided, loopback files will be + created. Loopback is very slow, but can be used without any + pre-configuration of storage. It is strongly recommended that you do + not use loopback in production. Ensure your Docker daemon has a + `--storage-opt dm.thinpooldev` argument provided. + Example use: docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool From 1cf99bf1274f7c4df3161f871fe0d6e60e4ac0c7 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Tue, 1 Sep 2015 08:47:02 +0200 Subject: [PATCH 0836/2538] =?UTF-8?q?Add=20docker=20ps=20--filter=3D?= =?UTF-8?q?=E2=80=A6=20image=20completion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I missed that on #15919, thanks @albers Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index cc6fb3b4df..63d3fc5d55 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -975,6 +975,11 @@ _docker_ps() { esac case "${words[$cword-2]}$prev=" in + *ancestor=*) + cur="${cur#=}" + __docker_images + return + ;; *id=*) cur="${cur#=}" __docker_container_ids From 1c26392626be259f9c84bbdb97db4f26841ae30e Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Wed, 2 Sep 2015 14:01:25 +0200 Subject: [PATCH 0837/2538] Remove PortMapping from container NetworkSettings Signed-off-by: Antonio Murdaca --- man/docker-inspect.1.md | 1 - 1 file changed, 1 deletion(-) diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 5aaa1ca83a..a1bbb317a9 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -79,7 +79,6 @@ To get information on a container use its ID or instance name: "LinkLocalIPv6PrefixLen": 0, "MacAddress": "", "NetworkID": "", - "PortMapping": null, "Ports": null, "SandboxKey": "", "SecondaryIPAddresses": null, From c90013c4608e416149a4694df843487e0a3d818e Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Thu, 3 Sep 2015 14:10:41 -0400 Subject: [PATCH 0838/2538] clarify --insecure-registry in man docker Signed-off-by: Sally O'Malley --- man/docker.1.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/man/docker.1.md b/man/docker.1.md index 20983f494c..d6bba74eec 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -90,7 +90,11 @@ unix://[/path/to/socket] to use. Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true. **--insecure-registry**=[] - Enable insecure registry communication. + Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. + + List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. + + Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. **--ip**="" Default IP address to use when binding container ports. Default is `0.0.0.0`. From 621debd575f186fcdc14a4f7490e2c24c8b47f01 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Thu, 3 Sep 2015 05:49:19 -0400 Subject: [PATCH 0839/2538] man Dockerfile ADD/COPY/FROM clarify Signed-off-by: Sally O'Malley --- man/Dockerfile.5.md | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/man/Dockerfile.5.md b/man/Dockerfile.5.md index b4ef771a45..0b188ac330 100644 --- a/man/Dockerfile.5.md +++ b/man/Dockerfile.5.md @@ -58,6 +58,8 @@ A Dockerfile is similar to a Makefile. `FROM image:tag` + `FROM image@digest` + -- The **FROM** instruction sets the base image for subsequent instructions. A valid Dockerfile must have **FROM** as its first instruction. The image can be any valid image. It is easy to start by pulling an image from the public @@ -72,8 +74,12 @@ A Dockerfile is similar to a Makefile. -- If no tag is given to the **FROM** instruction, Docker applies the `latest` tag. If the used tag does not exist, an error is returned. + -- If no digest is given to the **FROM** instruction, Docker applies the + `latest` tag. If the used tag does not exist, an error is returned. + **MAINTAINER** -- **MAINTAINER** sets the Author field for the generated images. + Useful for providing users with an email or url for support. **RUN** -- **RUN** has two forms: @@ -114,7 +120,7 @@ A Dockerfile is similar to a Makefile. CMD command param1 param2 ``` - -- There can be only one **CMD** in a Dockerfile. If more than one **CMD** is listed, only + -- There should be only one **CMD** in a Dockerfile. If more than one **CMD** is listed, only the last **CMD** takes effect. The main purpose of a **CMD** is to provide defaults for an executing container. These defaults may include an executable, or they can omit the executable. If @@ -150,13 +156,20 @@ A Dockerfile is similar to a Makefile. the image. **LABEL** - -- `LABEL [=] [[=] ...]` + -- `LABEL [=] [[=] ...]`or + ``` + LABEL [ ] + LABEL [ ] + ... + ``` The **LABEL** instruction adds metadata to an image. A **LABEL** is a key-value pair. To include spaces within a **LABEL** value, use quotes and backslashes as you would in command-line parsing. ``` - LABEL "com.example.vendor"="ACME Incorporated" + LABEL com.example.vendor="ACME Incorporated" + or + LABEL com.example.vendor "ACME Incorporated" ``` An image can have more than one label. To specify multiple labels, separate @@ -179,7 +192,7 @@ A Dockerfile is similar to a Makefile. -- `ENV ` The **ENV** instruction sets the environment variable to the value ``. This value is passed to all future - RUN, **ENTRYPOINT**, and **CMD** instructions. This is + **RUN**, **ENTRYPOINT**, and **CMD** instructions. This is functionally equivalent to prefixing the command with `=`. The environment variables that are set with **ENV** persist when a container is run from the resulting image. Use `docker inspect` to inspect these values, and @@ -205,8 +218,11 @@ A Dockerfile is similar to a Makefile. then they must be relative to the source directory that is being built (the context of the build). The `` is the absolute path, or path relative to **WORKDIR**, into which the source is copied inside the target container. - All new files and directories are created with mode 0755 and with the uid - and gid of **0**. + If the `` argument is a local file in a recognized compression format + (tar, gzip, bzip2, etc) then it is unpacked at the specified `` in the + container's filesystem. Note that only local compressed files will be unpacked, + i.e., the URL download and archive unpacking features cannot be used together. + All new directories are created with mode 0755 and with the uid and gid of **0**. **COPY** -- **COPY** has two forms: @@ -223,8 +239,10 @@ A Dockerfile is similar to a Makefile. the path to a file or directory relative to the source directory that is being built (the context of the build) or a remote file URL. The `` is an absolute path, or a path relative to **WORKDIR**, into which the source will - be copied inside the target container. All new files and directories are - created with mode **0755** and with the uid and gid of **0**. + be copied inside the target container. If you **COPY** an archive file it will + land in the container exactly as it appears in the build context without any + attempt to unpack it. All new files and directories are created with mode **0755** + and with the uid and gid of **0**. **ENTRYPOINT** -- **ENTRYPOINT** has two forms: @@ -241,7 +259,7 @@ A Dockerfile is similar to a Makefile. container that can be run as an executable. When you specify an **ENTRYPOINT**, the whole container runs as if it was only that executable. The **ENTRYPOINT** instruction adds an entry command that is not overwritten when arguments are - passed to docker run. This is different from the behavior of CMD. This allows + passed to docker run. This is different from the behavior of **CMD**. This allows arguments to be passed to the entrypoint, for instance `docker run -d` passes the -d argument to the **ENTRYPOINT**. Specify parameters either in the **ENTRYPOINT** JSON array (as in the preferred exec form above), or by using a **CMD** @@ -327,3 +345,4 @@ A Dockerfile is similar to a Makefile. # HISTORY *May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation. *Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability +*Sept 2015, updated by Sally O'Malley (somalley@redhat.com) From 5d85be4a3c48fa42a166d12e00c38ad0ea76d629 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Fri, 4 Sep 2015 10:28:35 -0400 Subject: [PATCH 0840/2538] add --insecure-registry warning to online docs Signed-off-by: Sally O'Malley --- docs/reference/commandline/daemon.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 632857c94c..22394b72a8 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -448,6 +448,12 @@ Local registries, whose IP address falls in the 127.0.0.0/8 range, are automatically marked as insecure as of Docker 1.3.2. It is not recommended to rely on this, as it may change in the future. +Enabling `--insecure-registry`, i.e., allowing un-encrypted and/or untrusted +communication, can be useful when running a local registry. However, +because its use creates security vulnerabilities it should ONLY be enabled for +testing purposes. For increased security, users should add their CA to their +system's list of trusted CAs instead of enabling `--insecure-registry`. + ## Running a Docker daemon behind a HTTPS_PROXY When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub From ecbf92d66cb62e5ee81dfe7637ead10fb12c39df Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Fri, 4 Sep 2015 16:14:58 -0400 Subject: [PATCH 0841/2538] correct man docker-pull Signed-off-by: Sally O'Malley --- man/docker-pull.1.md | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/man/docker-pull.1.md b/man/docker-pull.1.md index 5a2cd83ecf..c4359fbdad 100644 --- a/man/docker-pull.1.md +++ b/man/docker-pull.1.md @@ -14,8 +14,9 @@ NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] This command pulls down an image or a repository from a registry. If there is more than one image for a repository (e.g., fedora) then all -images for that repository name are pulled down including any tags. - +images for that repository name can be pulled down including any tags +(see the option **-a** or **--all-tags**). + If you do not specify a `REGISTRY_HOST`, the command uses Docker's public registry located at `registry-1.docker.io` by default. @@ -28,11 +29,11 @@ registry located at `registry-1.docker.io` by default. # EXAMPLE -# Pull a repository with multiple images -# Note that if the image is previously downloaded then the status would be -# 'Status: Image is up to date for fedora' +## Pull a repository with multiple images with the -a|--all-tags option set to true. +Note that if the image is previously downloaded then the status would be +`Status: Image is up to date for fedora`. - $ docker pull fedora + $ docker pull --all-tags fedora Pulling repository fedora ad57ef8d78d7: Download complete 105182bb5e8b: Download complete @@ -48,9 +49,24 @@ registry located at `registry-1.docker.io` by default. fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB fedora latest 105182bb5e8b 5 days ago 372.7 MB -# Pull an image, manually specifying path to Docker's public registry and tag -# Note that if the image is previously downloaded then the status would be -# 'Status: Image is up to date for registry.hub.docker.com/fedora:20' +## Pull a repository with the -a|--all-tags option set to false (this is the default). + + $ docker pull debian + Using default tag: latest + latest: Pulling from library/debian + 2c49f83e0b13: Pull complete + 4a5e6db8c069: Pull complete + + Status: Downloaded newer image for debian:latest + + $ docker images + REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + debian latest 4a5e6db8c069 5 days ago 125.1 MB + + +## Pull an image, manually specifying path to Docker's public registry and tag +Note that if the image is previously downloaded then the status would be +`Status: Image is up to date for registry.hub.docker.com/fedora:20` $ docker pull registry.hub.docker.com/fedora:20 Pulling repository fedora @@ -72,3 +88,4 @@ June 2014, updated by Sven Dowideit August 2014, updated by Sven Dowideit April 2015, updated by John Willis April 2015, updated by Mary Anthony for v2 +September 2015, updated by Sally O'Malley From 2edd24ea8076135a2c182b6b7ea32390c77184ac Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 7 Sep 2015 21:16:38 +0200 Subject: [PATCH 0842/2538] Fix minor typo in docs Signed-off-by: Harald Albers --- docs/reference/commandline/volume_create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 52216df2e8..12b381eab4 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -19,7 +19,7 @@ parent = "smn_cli" --name= Specify volume name -o, --opt=map[] Set driver specific options -Creates a new volume that containers can can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: +Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: $ docker volume create --name hello hello From bf2625bf1fc928466dad02c73ddcbcef834c0697 Mon Sep 17 00:00:00 2001 From: Peter Edge Date: Thu, 3 Sep 2015 16:32:35 -0500 Subject: [PATCH 0843/2538] Add link to Pachyderm PFS volume driver plugin in plugins.md Signed-off-by: Peter Edge --- docs/extend/plugins.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 30d6ec8172..d482318306 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -59,6 +59,10 @@ The following plugins exist: which is written in Go and provides advanced storage functionality for many platforms including EC2, OpenStack, XtremIO, and ScaleIO. +* The [Pachyderm PFS plugin](https://github.com/pachyderm/pachyderm/tree/master/src/cmd/pfs-volume-driver) + is a volume plugin written in Go that provides functionality to mount Pachyderm File System (PFS) + repositories at specific commits as volumes within Docker containers. + ## Troubleshooting a plugin If you are having problems with Docker after loading a plugin, ask the authors From b2fbeee10ea24bbff6e43d3c317d891093b2ab56 Mon Sep 17 00:00:00 2001 From: Peter Edge Date: Mon, 7 Sep 2015 00:34:45 +0200 Subject: [PATCH 0844/2538] move pachyderm PFS link above rex ray link in docs/extend/plugins.md Signed-off-by: Peter Edge --- docs/extend/plugins.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index d482318306..37b4f2f0c4 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -55,14 +55,14 @@ The following plugins exist: a plugin that provides credentials and secret management using Keywhiz as a central repository. -* The [REX-Ray plugin](https://github.com/emccode/rexraycli) is a volume plugin - which is written in Go and provides advanced storage functionality for many - platforms including EC2, OpenStack, XtremIO, and ScaleIO. - * The [Pachyderm PFS plugin](https://github.com/pachyderm/pachyderm/tree/master/src/cmd/pfs-volume-driver) is a volume plugin written in Go that provides functionality to mount Pachyderm File System (PFS) repositories at specific commits as volumes within Docker containers. +* The [REX-Ray plugin](https://github.com/emccode/rexraycli) is a volume plugin + which is written in Go and provides advanced storage functionality for many + platforms including EC2, OpenStack, XtremIO, and ScaleIO. + ## Troubleshooting a plugin If you are having problems with Docker after loading a plugin, ask the authors From 56b46dca7623b95374c5304b4592719726218f12 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 7 Sep 2015 18:19:54 -0700 Subject: [PATCH 0845/2538] Typo in cp.md Closes #16124 Signed-off-by: Doug Davis --- docs/reference/commandline/cp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index 45c4b53955..c9c87a30eb 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -63,7 +63,7 @@ argument of `DST_PATH`, the behavior is as follows: - `DST_PATH` exists and is a directory - `SRC_PATH` does not end with `/.` - the source directory is copied into this directory - - `SRC_PAPTH` does end with `/.` + - `SRC_PATH` does end with `/.` - the *content* of the source directory is copied into this directory From 849b5b6d67f468fefcf5f69ac4fcdfb75858f616 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 8 Sep 2015 09:02:16 -0700 Subject: [PATCH 0846/2538] Fix usage for `docker volume inspect` and `docker volume rm` For both commands, volume is _not_ optional. Several volumes may be specified. Both commands now use the same name (VOLUME) for the command argument. Signed-off-by: Harald Albers --- docs/reference/commandline/volume_inspect.md | 4 ++-- docs/reference/commandline/volume_rm.md | 4 ++-- man/docker-volume-inspect.1.md | 4 ++-- man/docker-volume-rm.1.md | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index f002636593..291ecb3806 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -10,9 +10,9 @@ parent = "smn_cli" # volume inspect - Usage: docker volume inspect [OPTIONS] [VOLUME NAME] + Usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...] - Inspect a volume + Inspect one or more volumes -f, --format= Format the output using the given go template. diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index 9b83909a9b..e2f31b3cce 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -10,13 +10,13 @@ parent = "smn_cli" # volume rm - Usage: docker volume rm [OPTIONS] [VOLUME NAME] + Usage: docker volume rm [OPTIONS] VOLUME [VOLUME...] Remove a volume --help=false Print usage -Removes a volume. You cannot remove a volume that is in use by a container. +Removes one or more volumes. You cannot remove a volume that is in use by a container. $ docker volume rm hello hello diff --git a/man/docker-volume-inspect.1.md b/man/docker-volume-inspect.1.md index cc9d753bdb..afba3e6aca 100644 --- a/man/docker-volume-inspect.1.md +++ b/man/docker-volume-inspect.1.md @@ -8,11 +8,11 @@ docker-volume-inspect - Get low-level information about a volume **docker volume inspect** [**-f**|**--format**[=**]] -[OPTIONS] [VOLUME NAME] +[OPTIONS] VOLUME [VOLUME...] # DESCRIPTION -Returns information about a volume. By default, this command renders all results +Returns information about one or more volumes. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a given template is executed for each result. Go's http://golang.org/pkg/text/template/ package describes all the details of the diff --git a/man/docker-volume-rm.1.md b/man/docker-volume-rm.1.md index ff7c6d3168..a1d519012f 100644 --- a/man/docker-volume-rm.1.md +++ b/man/docker-volume-rm.1.md @@ -7,11 +7,11 @@ docker-volume-rm - Remove a volume # SYNOPSIS **docker volume rm** -[OPTIONS] [VOLUME NAME] +[OPTIONS] VOLUME [VOLUME...] # DESCRIPTION -Removes a volume. You cannot remove a volume that is in use by a container. +Removes one or more volumes. You cannot remove a volume that is in use by a container. ``` $ docker volume rm hello From 1f974f76add6937e3ea95c0e0fb14673099922ae Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Thu, 3 Sep 2015 12:15:08 -0400 Subject: [PATCH 0847/2538] man docker-tag minor fixup Signed-off-by: Sally O'Malley --- man/docker-tag.1.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/man/docker-tag.1.md b/man/docker-tag.1.md index 1a4a4a145d..ed4bffadb6 100644 --- a/man/docker-tag.1.md +++ b/man/docker-tag.1.md @@ -21,7 +21,10 @@ registry located at `registry-1.docker.io` by default. **-f**, **--force**=*true*|*false* When set to true, force the alias. The default is *false*. -**REGISTRYHOST** +**--help** + Print usage statement. + +**REGISTRY_HOST** The hostname of the registry if required. This may also include the port separated by a ':' @@ -37,10 +40,6 @@ recommended to be used for a version to distinguish images with the same name. Also, for consistency tags should only include a-z0-9-_. . Note that here TAG is a part of the overall name or "tag". -# OPTIONS -**-f**, **--force**=*true*|*false* - Force. The default is *false*. - # EXAMPLES ## Giving an image a new alias From 54a47bdcaad5f33fa30df82a0db1076338717747 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 8 Sep 2015 16:12:26 -0400 Subject: [PATCH 0848/2538] Add missing ps placeholder to the docs. Signed-off-by: David Calavera --- docs/reference/commandline/ps.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 328cac76b4..ddf87411d0 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -173,6 +173,7 @@ Placeholder | Description `.Ports` | Exposed ports. `.Status` | Container status. `.Size` | Container disk size. +`.Names` | Container names. `.Labels` | All labels assigned to the container. `.Label` | Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` From 6c98ca574f18babd8afe19fcc7e626308c72731b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 7 Sep 2015 13:18:29 -0700 Subject: [PATCH 0849/2538] bash completion for `docker volume` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 98 ++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 63d3fc5d55..447a75e03b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -138,6 +138,10 @@ __docker_containers_and_images() { COMPREPLY+=( "${containers[@]}" ) } +__docker_volumes() { + COMPREPLY=( $(compgen -W "$(__docker_q volume ls -q)" -- "$cur") ) +} + # Finds the position of the first word that is neither option nor an option's argument. # If there are options that require arguments, you should pass a glob describing those # options, e.g. "--option1|-o|--option2" @@ -1441,6 +1445,99 @@ _docker_version() { esac } +_docker_volume_create() { + case "$prev" in + --driver|-d) + COMPREPLY=( $( compgen -W "local" -- "$cur" ) ) + return + ;; + --name|--opt|-o) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--driver -d --help --name --opt -o" -- "$cur" ) ) + ;; + esac +} + +_docker_volume_inspect() { + case "$prev" in + --format|-f) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) + ;; + *) + __docker_volumes + ;; + esac +} + +_docker_volume_ls() { + case "$prev" in + --filter|-f) + COMPREPLY=( $( compgen -W "dangling=true" -- "$cur" ) ) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) ) + ;; + esac +} + +_docker_volume_rm() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_volumes + ;; + esac +} + +_docker_volume() { + local subcommands=( + create + inspect + ls + rm + ) + + local counter=$(($command_pos + 1)) + while [ $counter -lt $cword ]; do + case "${words[$counter]}" in + $(__docker_to_extglob "${subcommands[*]}") ) + local subcommand=${words[$counter]} + local completions_func=_docker_volume_$subcommand + declare -F $completions_func >/dev/null && $completions_func + return + ;; + + esac + (( counter++ )) + done + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $( compgen -W "${subcommands[*]}" -- "$cur" ) ) + ;; + esac +} + _docker_wait() { case "$cur" in -*) @@ -1496,6 +1593,7 @@ _docker() { top unpause version + volume wait ) From e8447c157d73abd689d76b4c0739bddd29a8a2aa Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 9 Sep 2015 17:45:28 +0200 Subject: [PATCH 0850/2538] update docker volume man pages - added --help option - fixed several formatting problems Also added --help to volume inspect reference page. Signed-off-by: Harald Albers --- docs/reference/commandline/volume_inspect.md | 1 + man/docker-volume-create.1.md | 20 ++++++++++++-------- man/docker-volume-inspect.1.md | 11 +++++++---- man/docker-volume-ls.1.md | 13 ++++++++----- man/docker-volume-rm.1.md | 14 ++++++++------ 5 files changed, 36 insertions(+), 23 deletions(-) diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 291ecb3806..28f5d1fb31 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -15,6 +15,7 @@ parent = "smn_cli" Inspect one or more volumes -f, --format= Format the output using the given go template. + --help=false Print usage Returns information about a volume. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a given template diff --git a/man/docker-volume-create.1.md b/man/docker-volume-create.1.md index 37089e4d98..b0cb10cbee 100644 --- a/man/docker-volume-create.1.md +++ b/man/docker-volume-create.1.md @@ -6,11 +6,10 @@ docker-volume-create - Create a new volume # SYNOPSIS **docker volume create** -[**-d**|**--driver**[=*local*]] -[**--name**[=**]] -[**-o**|**--opt**[=**]] - -[OPTIONS] +[**-d**|**--driver**[=*DRIVER*]] +[**--help**] +[**--name**[=*NAME*]] +[**-o**|**--opt**[=*[]*]] # DESCRIPTION @@ -40,11 +39,16 @@ different volume drivers may do different things (or nothing at all). *Note*: The built-in `local` volume driver does not currently accept any options. # OPTIONS -**-d**, **--driver**=[] - Specify volume driver name +**-d**, **--driver**="local" + Specify volume driver name + +**--help** + Print usage statement + **--name**="" Specify volume name -**-o**, **--opt**=map[] + +**-o**, **--opt**=[] Set driver specific options # HISTORY diff --git a/man/docker-volume-inspect.1.md b/man/docker-volume-inspect.1.md index afba3e6aca..6097e96e13 100644 --- a/man/docker-volume-inspect.1.md +++ b/man/docker-volume-inspect.1.md @@ -6,9 +6,9 @@ docker-volume-inspect - Get low-level information about a volume # SYNOPSIS **docker volume inspect** -[**-f**|**--format**[=**]] - -[OPTIONS] VOLUME [VOLUME...] +[**-f**|**--format**[=*FORMAT*]] +[**--help**] +VOLUME [VOLUME...] # DESCRIPTION @@ -20,7 +20,10 @@ format. # OPTIONS **-f**, **--format**="" - Format the output using the given go template. + Format the output using the given go template. + +**--help** + Print usage statement # HISTORY July 2015, created by Brian Goff diff --git a/man/docker-volume-ls.1.md b/man/docker-volume-ls.1.md index 785fd62550..dd79cae8a6 100644 --- a/man/docker-volume-ls.1.md +++ b/man/docker-volume-ls.1.md @@ -6,10 +6,9 @@ docker-volume-ls - List all volumes # SYNOPSIS **docker volume ls** -[**-f**|**--filter**[=**]] -[**-q**|**--quiet**[=**]] - -[OPTIONS] +[**-f**|**--filter**[=*FILTER*]] +[**--help**] +[**-q**|**--quiet**[=*true*|*false*]] # DESCRIPTION @@ -19,7 +18,11 @@ There is a single supported filter `dangling=value` which takes a boolean of `tr # OPTIONS **-f**, **--filter**="" - Provide filter values (i.e. 'dangling=true') + Provide filter values (i.e. 'dangling=true') + +**--help** + Print usage statement + **-q**, **--quiet**=false Only display volume names diff --git a/man/docker-volume-rm.1.md b/man/docker-volume-rm.1.md index a1d519012f..876700d4d4 100644 --- a/man/docker-volume-rm.1.md +++ b/man/docker-volume-rm.1.md @@ -6,19 +6,21 @@ docker-volume-rm - Remove a volume # SYNOPSIS **docker volume rm** - -[OPTIONS] VOLUME [VOLUME...] +[**--help**] +VOLUME [VOLUME...] # DESCRIPTION Removes one or more volumes. You cannot remove a volume that is in use by a container. - ``` - $ docker volume rm hello - hello - ``` + ``` + $ docker volume rm hello + hello + ``` # OPTIONS +**--help** + Print usage statement # HISTORY July 2015, created by Brian Goff From 0d2d916b132de8e3ca1095bbc1acf290ff15bd25 Mon Sep 17 00:00:00 2001 From: Samuel Karp Date: Wed, 5 Aug 2015 00:35:06 +0000 Subject: [PATCH 0851/2538] Add awslogs driver for Amazon CloudWatch Logs Signed-off-by: Samuel Karp --- contrib/completion/bash/docker | 4 ++++ contrib/completion/zsh/_docker | 4 ++-- docs/reference/run.md | 1 + man/docker-create.1.md | 2 +- man/docker-run.1.md | 2 +- man/docker.1.md | 2 +- 6 files changed, 10 insertions(+), 5 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 447a75e03b..4b8d9bd209 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -279,6 +279,7 @@ __docker_log_driver_options() { local gelf_options="gelf-address gelf-tag" local json_file_options="max-file max-size" local syslog_options="syslog-address syslog-facility syslog-tag" + local awslogs_options="awslogs-region awslogs-group awslogs-stream" case $(__docker_value_of_option --log-driver) in '') @@ -296,6 +297,9 @@ __docker_log_driver_options() { syslog) COMPREPLY=( $( compgen -W "$syslog_options" -S = -- "$cur" ) ) ;; + awslogs) + COMPREPLY=( $( compgen -W "$awslogs_options" -S = -- "$cur" ) ) + ;; *) return ;; diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 964cf6fda6..fc894c84b5 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -238,7 +238,7 @@ __docker_subcommand() { "($help)--ipc=-[IPC namespace to use]:IPC namespace: " "($help)*--link=-[Add link to another container]:link:->link" "($help)*"{-l,--label=-}"[Set meta data on a container]:label: " - "($help)--log-driver=-[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd none)" + "($help)--log-driver=-[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs none)" "($help)*--log-opt=-[Log driver specific options]:log driver options: " "($help)*--lxc-conf=-[Add custom lxc options]:lxc options: " "($help)--mac-address=-[Container MAC address]:MAC address: " @@ -617,7 +617,7 @@ _docker() { "($help)--ipv6[Enable IPv6 networking]" \ "($help -l --log-level)"{-l,--log-level=-}"[Set the logging level]:level:(debug info warn error fatal)" \ "($help)*--label=-[Set key=value labels to the daemon]:label: " \ - "($help)--log-driver=-[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd none)" \ + "($help)--log-driver=-[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs none)" \ "($help)*--log-opt=-[Log driver specific options]:log driver options: " \ "($help)--mtu=-[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ "($help -p --pidfile)"{-p,--pidfile=-}"[Path to use for daemon PID file]:PID file:_files" \ diff --git a/docs/reference/run.md b/docs/reference/run.md index bcb4ed32e2..ced540d2a2 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1011,6 +1011,7 @@ container's logging driver. The following options are supported: | `journald` | Journald logging driver for Docker. Writes log messages to `journald`. | | `gelf` | Graylog Extended Log Format (GELF) logging driver for Docker. Writes log messages to a GELF endpoint likeGraylog or Logstash. | | `fluentd` | Fluentd logging driver for Docker. Writes log messages to `fluentd` (forward input). | +| `awslogs` | Amazon CloudWatch Logs logging driver for Docker. Writes log messages to Amazon CloudWatch Logs | The `docker logs`command is available only for the `json-file` logging driver. For detailed information on working with logging drivers, see diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 13ea642441..9385c882be 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -168,7 +168,7 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 7fb9d0f162..0bb339d34e 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -268,7 +268,7 @@ which interface and port to use. **--lxc-conf**=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/man/docker.1.md b/man/docker.1.md index d6bba74eec..42410c4d91 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -119,7 +119,7 @@ unix://[/path/to/socket] to use. **--label**="[]" Set key=value labels to the daemon (displayed in `docker info`) -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Default driver for container logs. Default is `json-file`. **Warning**: `docker logs` command works only for `json-file` logging driver. From 36a36bdaf5230d1d59995ad65a06e734b35eb9d4 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 4 Aug 2015 13:51:48 -0700 Subject: [PATCH 0852/2538] Signal to stop a container. Allow to set the signal to stop a container in `docker run`: - Use `--stop-signal` with docker-run to set the default signal the container will use to exit. Signed-off-by: David Calavera --- contrib/completion/bash/docker | 1 + contrib/completion/fish/docker.fish | 1 + contrib/completion/zsh/_docker | 1 + man/docker-create.1.md | 4 ++++ man/docker-inspect.1.md | 3 ++- man/docker-run.1.md | 6 +++++- man/docker-stop.1.md | 2 +- 7 files changed, 15 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4b8d9bd209..9d63416c4b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1149,6 +1149,7 @@ _docker_run() { --publish -p --restart --security-opt + --stop-signal --ulimit --user -u --uts diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 9a32f8c64e..7dcc554139 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -335,6 +335,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l restart -d 'Res complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l rm -d 'Automatically remove the container when it exits (incompatible with -d)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l security-opt -d 'Security Options' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied.' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l stop-signal 'Signal to kill a container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-TTY' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index fc894c84b5..448dac9d59 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -502,6 +502,7 @@ __docker_subcommand() { "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ "($help)--rm[Remove intermediate containers when it exits]" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ + "($help)--stop-signal[Signal to kill a container]" \ "($help -): :__docker_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 9385c882be..d040e62b7b 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -51,6 +51,7 @@ docker-create - Create a new container [**--read-only**[=*false*]] [**--restart**[=*RESTART*]] [**--security-opt**[=*[]*]] +[**--stop-signal**[=*SIGNAL*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] @@ -239,6 +240,9 @@ This value should always larger than **-m**, so you should always use this with **--security-opt**=[] Security Options +**--stop-signal**=SIGTERM + Signal to stop a container. Default is SIGTERM. + **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index a1bbb317a9..e289899bbb 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -180,7 +180,8 @@ To get information on a container use its ID or instance name: "Memory": 0, "MemorySwap": 0, "CpuShares": 0, - "Cpuset": "" + "Cpuset": "", + "StopSignal": 15, } } ] diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 0bb339d34e..b37d07b0e9 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -53,6 +53,7 @@ docker-run - Run a command in a new container [**--restart**[=*RESTART*]] [**--rm**[=*false*]] [**--security-opt**[=*[]*]] +[**--stop-signal**[=*SIGNAL*]] [**--sig-proxy**[=*true*]] [**-t**|**--tty**[=*false*]] [**-u**|**--user**[=*USER*]] @@ -371,7 +372,7 @@ its root filesystem mounted as read only prohibiting any writes. **--restart**="no" Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). - + **--rm**=*true*|*false* Automatically remove the container when it exits (incompatible with -d). The default is *false*. @@ -384,6 +385,9 @@ its root filesystem mounted as read only prohibiting any writes. "label:level:LEVEL" : Set the label level for the container "label:disable" : Turn off label confinement for the container +**--stop-signal**=SIGTERM + Signal to stop a container. Default is SIGTERM. + **--sig-proxy**=*true*|*false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. diff --git a/man/docker-stop.1.md b/man/docker-stop.1.md index 9b882db49d..4939070d97 100644 --- a/man/docker-stop.1.md +++ b/man/docker-stop.1.md @@ -19,7 +19,7 @@ Stop a running container (Send SIGTERM, and then SIGKILL after Print usage statement **-t**, **--time**=10 - Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. + Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. #See also **docker-start(1)** to restart a stopped container. From f5b80326a13d169f59b452817e2ed94e788499a2 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 18 Aug 2015 10:30:44 -0700 Subject: [PATCH 0853/2538] Add `STOPSIGNAL` instruction to dockerfiles. This way, images creators can set the exit signal their programs use. Signed-off-by: David Calavera --- docs/reference/builder.md | 9 +++++++++ docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 7 +++++++ man/docker-inspect.1.md | 2 +- 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 3a73b87d29..195139758f 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -158,6 +158,7 @@ the `Dockerfile`: * `USER` * `WORKDIR` * `VOLUME` +* `STOPSIGNAL` as well as: @@ -1012,6 +1013,14 @@ For example you might add something like this: > **Warning**: The `ONBUILD` instruction may not trigger `FROM` or `MAINTAINER` instructions. +## STOPSIGNAL + + STOPSIGNAL signal + +The `STOPSIGNAL` instruction sets the system call signal that will be sent to the container to exit. +This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9, +or a signal name in the format SIGNAME, for instance SIGKILL. + ## Dockerfile examples # Nginx diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 74d5185a34..7c64d7297d 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -61,6 +61,7 @@ Creates a new container. --read-only=false Mount the container's root filesystem as read only --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) --security-opt=[] Security options + --stop-signal="SIGTERM" Signal to stop a container -t, --tty=false Allocate a pseudo-TTY --disable-content-trust=true Skip image verification -u, --user="" Username or UID diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 6ee97906d9..c7726497cc 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -62,6 +62,7 @@ weight=1 --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) --rm=false Automatically remove the container when it exits --security-opt=[] Security Options + --stop-signal="SIGTERM" Signal to stop a container --sig-proxy=true Proxy received signals to the process -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID (format: [:]) @@ -531,3 +532,9 @@ containers with `daemon` user: The 4th container fails and reports "[8] System error: resource temporarily unavailable" error. This fails because the caller set `nproc=3` resulting in the first three containers using up the three processes quota set for the `daemon` user. + +### Stopping a container with a specific signal + +The `--stop-signal` flag sets the system call signal that will be sent to the container to exit. +This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9, +or a signal name in the format SIGNAME, for instance SIGKILL. diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index e289899bbb..f7faf4a7b2 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -181,7 +181,7 @@ To get information on a container use its ID or instance name: "MemorySwap": 0, "CpuShares": 0, "Cpuset": "", - "StopSignal": 15, + "StopSignal": "SIGTERM" } } ] From 3dff6170d661cfb14dd964c71b24ad7e3c41bc86 Mon Sep 17 00:00:00 2001 From: Jana Radhakrishnan Date: Fri, 24 Jul 2015 14:32:30 -0700 Subject: [PATCH 0854/2538] Make daemon to start with no userlandproxy by default This PR makes a user visible behavior change with userland proxy disabled by default and rely on hairpin NAT to be enabled by default. This may not work in older (unsupported) kernels where the user will be forced to enable userlandproxy if needed. - Updated the Docs - Changed the integration-cli to start with userlandproxy desiabled by default. Signed-off-by: Jana Radhakrishnan --- docs/reference/commandline/daemon.md | 2 +- man/docker.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 22394b72a8..57f3ed7c12 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -56,7 +56,7 @@ weight=1 --tlscert="~/.docker/cert.pem" Path to TLS certificate file --tlskey="~/.docker/key.pem" Path to TLS key file --tlsverify=false Use TLS and verify the remote - --userland-proxy=true Use userland proxy for loopback traffic + --userland-proxy=false Use userland proxy for loopback traffic Options with [] may be specified multiple times. diff --git a/man/docker.1.md b/man/docker.1.md index 42410c4d91..2d001138f2 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -161,7 +161,7 @@ unix://[/path/to/socket] to use. Default is false. **--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is false. **-v**, **--version**=*true*|*false* Print version information and quit. Default is false. From a821292ec87632eb218d936080d8ec48678c82db Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 23 Jul 2015 11:02:56 -0400 Subject: [PATCH 0855/2538] Add log reading to the journald log driver If a logdriver doesn't register a callback function to validate log options, it won't be usable. Fix the journald driver by adding a dummy validator. Teach the client and the daemon's "logs" logic that the server can also supply "logs" data via the "journald" driver. Update documentation and tests that depend on error messages. Add support for reading log data from the systemd journal to the journald log driver. The internal logic uses a goroutine to scan the journal for matching entries after any specified cutoff time, formats the messages from those entries as JSONLog messages, and stuffs the results down a pipe whose reading end we hand back to the caller. If we are missing any of the 'linux', 'cgo', or 'journald' build tags, however, we don't implement a reader, so the 'logs' endpoint will still return an error. Make the necessary changes to the build setup to ensure that support for reading container logs from the systemd journal is built. Rename the Jmap member of the journald logdriver's struct to "vars" to make it non-public, and to make it easier to tell that it's just there to hold additional variable values that we want journald to record along with log data that we're sending to it. In the client, don't assume that we know which logdrivers the server implements, and remove the check that looks at the server. It's redundant because the server already knows, and the check also makes using older clients with newer servers (which may have new logdrivers in them) unnecessarily hard. When we try to "logs" and have to report that the container's logdriver doesn't support reading, send the error message through the might-be-a-multiplexer so that clients which are expecting multiplexed data will be able to properly display the error, instead of tripping over the data and printing a less helpful "Unrecognized input header" error. Signed-off-by: Nalin Dahyabhai (github: nalind) --- docs/reference/commandline/logs.md | 4 ++-- docs/reference/run.md | 4 ++-- man/docker-create.1.md | 3 ++- man/docker-logs.1.md | 3 ++- man/docker-run.1.md | 3 ++- man/docker.1.md | 3 ++- 6 files changed, 12 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index a2e69e4d21..49005d09db 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -20,8 +20,8 @@ weight=1 -t, --timestamps=false Show timestamps --tail="all" Number of lines to show from the end of the logs -NOTE: this command is available only for containers with `json-file` logging -driver. +NOTE: this command is available only for containers with `json-file` and +`journald` logging drivers. The `docker logs` command batch-retrieves logs present at the time of execution. diff --git a/docs/reference/run.md b/docs/reference/run.md index ced540d2a2..f4159114cc 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1013,8 +1013,8 @@ container's logging driver. The following options are supported: | `fluentd` | Fluentd logging driver for Docker. Writes log messages to `fluentd` (forward input). | | `awslogs` | Amazon CloudWatch Logs logging driver for Docker. Writes log messages to Amazon CloudWatch Logs | - The `docker logs`command is available only for the `json-file` logging -driver. For detailed information on working with logging drivers, see +The `docker logs` command is available only for the `json-file` and `journald` +logging drivers. For detailed information on working with logging drivers, see [Configure a logging driver](/reference/logging/overview/). diff --git a/man/docker-create.1.md b/man/docker-create.1.md index d040e62b7b..21f411a716 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -171,7 +171,8 @@ millions of trillions. **--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. - **Warning**: `docker logs` command works only for `json-file` logging driver. + **Warning**: the `docker logs` command works only for the `json-file` and + `journald` logging drivers. **--log-opt**=[] Logging driver specific options. diff --git a/man/docker-logs.1.md b/man/docker-logs.1.md index 8ecc20df24..2925c35009 100644 --- a/man/docker-logs.1.md +++ b/man/docker-logs.1.md @@ -23,7 +23,8 @@ The **docker logs --follow** command combines commands **docker logs** and **docker attach**. It will first return all logs from the beginning and then continue streaming new output from the container’s stdout and stderr. -**Warning**: This command works only for **json-file** logging driver. +**Warning**: This command works only for the **json-file** or **journald** +logging drivers. # OPTIONS **--help** diff --git a/man/docker-run.1.md b/man/docker-run.1.md index b37d07b0e9..9c7ae985de 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -271,7 +271,8 @@ which interface and port to use. **--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. - **Warning**: `docker logs` command works only for `json-file` logging driver. + **Warning**: the `docker logs` command works only for the `json-file` and + `journald` logging drivers. **--log-opt**=[] Logging driver specific options. diff --git a/man/docker.1.md b/man/docker.1.md index 2d001138f2..b5b93ba4b5 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -121,7 +121,8 @@ unix://[/path/to/socket] to use. **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" Default driver for container logs. Default is `json-file`. - **Warning**: `docker logs` command works only for `json-file` logging driver. + **Warning**: the `docker logs` command works only for the `json-file` and + `journald` logging drivers. **--log-opt**=[] Logging driver specific options. From d204132ee661dc04c3816d9494bfd4c06d4d2aab Mon Sep 17 00:00:00 2001 From: xlgao-zju Date: Sun, 6 Sep 2015 11:09:29 +0800 Subject: [PATCH 0856/2538] fix doc about vol Signed-off-by: xlgao-zju --- docs/reference/run.md | 13 +++++++++++++ man/docker-run.1.md | 15 ++++++++++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index f4159114cc..a115a6bb66 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1261,6 +1261,19 @@ one or more `VOLUME`'s associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). +The `container-dir` must always be an absolute path such as `/src/docs`. +The `host-dir` can either be an absolute path or a `name` value. If you +supply an absolute path for the `host-dir`, Docker bind-mounts to the path +you specify. If you supply a `name`, Docker creates a named volume by that `name`. + +A `name` value must start with start with an alphanumeric character, +followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen). +An absolute path starts with a `/` (forward slash). + +For example, you can specify either `/foo` or `foo` for a `host-dir` value. +If you supply the `/foo` value, Docker creates a bind-mount. If you supply +the `foo` specification, Docker creates a named volume. + ### USER `root` (id = 0) is the default user within a container. The image developer can diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 9c7ae985de..532f943f71 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -440,7 +440,20 @@ content label. Shared volume labels allow all containers to read/write content. The `Z` option tells Docker to label the content with a private unshared label. Only the current container can use a private volume. -Note: Multiple Volume options can be added separated by a "," +The `container-dir` must always be an absolute path such as `/src/docs`. +The `host-dir` can either be an absolute path or a `name` value. If you +supply an absolute path for the `host-dir`, Docker bind-mounts to the path +you specify. If you supply a `name`, Docker creates a named volume by that `name`. + +A `name` value must start with start with an alphanumeric character, +followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen). +An absolute path starts with a `/` (forward slash). + +For example, you can specify either `/foo` or `foo` for a `host-dir` value. +If you supply the `/foo` value, Docker creates a bind-mount. If you supply +the `foo` specification, Docker creates a named volume. + +**Note:** Multiple Volume options can be added separated by a , (comma). **--volumes-from**=[] Mount volumes from the specified container(s) From 0ece7ed9d40dd0e54994529d24e8ed4f7dbbeb0e Mon Sep 17 00:00:00 2001 From: Amen Belayneh Date: Sat, 12 Sep 2015 15:26:14 +0800 Subject: [PATCH 0857/2538] add a documentation note on backslash usage in shell form of RUN Signed-off-by: Amen Belayneh --- docs/reference/builder.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 195139758f..5ce217b220 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -311,6 +311,12 @@ commands using a base image that does not contain `/bin/sh`. > If you want shell processing then either use the *shell* form or execute > a shell directly, for example: `RUN [ "sh", "-c", "echo", "$HOME" ]`. +> **Note**: +> If you choose to use the *shell* form, any time you want to continue a single +> `RUN` instruction onto the next line, it has to be ended with a backslash `\`. +> For example, `RUN /bin/bash -c 'source $HOME/.bashrc ;\` then on the next +> line ` echo $HOME '`. + The cache for `RUN` instructions isn't invalidated automatically during the next build. The cache for an instruction like `RUN apt-get dist-upgrade -y` will be reused during the next build. The From 8ff51d382731cf3fc8ed3752091e803b9f9bc232 Mon Sep 17 00:00:00 2001 From: Amen Belayneh Date: Mon, 14 Sep 2015 19:08:27 +0800 Subject: [PATCH 0858/2538] update documentation styling as per suggestions Signed-off-by: Amen Belayneh --- docs/reference/builder.md | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 5ce217b220..537cc98ece 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -295,6 +295,17 @@ any point in an image's history, much like source control. The *exec* form makes it possible to avoid shell string munging, and to `RUN` commands using a base image that does not contain `/bin/sh`. +In the *shell* form you can use a `\` (backslash) to continue a single +RUN instruction onto the next line. For example, consider these two lines: +``` +RUN /bin/bash -c 'source $HOME/.bashrc ;\ +echo $HOME' +``` +Together they are equivalent to this single line: +``` +RUN /bin/bash -c 'source $HOME/.bashrc ; echo $HOME' +``` + > **Note**: > To use a different shell, other than '/bin/sh', use the *exec* form > passing in the desired shell. For example, @@ -311,12 +322,6 @@ commands using a base image that does not contain `/bin/sh`. > If you want shell processing then either use the *shell* form or execute > a shell directly, for example: `RUN [ "sh", "-c", "echo", "$HOME" ]`. -> **Note**: -> If you choose to use the *shell* form, any time you want to continue a single -> `RUN` instruction onto the next line, it has to be ended with a backslash `\`. -> For example, `RUN /bin/bash -c 'source $HOME/.bashrc ;\` then on the next -> line ` echo $HOME '`. - The cache for `RUN` instructions isn't invalidated automatically during the next build. The cache for an instruction like `RUN apt-get dist-upgrade -y` will be reused during the next build. The From aba3fa1040849d45e9bb431e1330e7dc37136393 Mon Sep 17 00:00:00 2001 From: Bill W Date: Tue, 15 Sep 2015 11:47:16 +1000 Subject: [PATCH 0859/2538] typo Signed-off-by: Bill Wang --- man/docker-cp.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-cp.1.md b/man/docker-cp.1.md index fe1cd9c9cc..7b56957579 100644 --- a/man/docker-cp.1.md +++ b/man/docker-cp.1.md @@ -57,7 +57,7 @@ argument of `DST_PATH`, the behavior is as follows: - `DST_PATH` exists and is a directory - `SRC_PATH` does not end with `/.` - the source directory is copied into this directory - - `SRC_PAPTH` does end with `/.` + - `SRC_PATH` does end with `/.` - the *content* of the source directory is copied into this directory From ccb5d7469a36652fdae7818c579a99079229f1b6 Mon Sep 17 00:00:00 2001 From: Mike Brown Date: Mon, 14 Sep 2015 16:10:33 -0500 Subject: [PATCH 0860/2538] updates to readme documents for manual page Signed-off-by: Mike Brown --- docs/README.md | 6 +++--- man/README.md | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/README.md b/docs/README.md index 340d84052c..ccf306dbde 100644 --- a/docs/README.md +++ b/docs/README.md @@ -286,9 +286,9 @@ aws cloudfront create-invalidation --profile docs.docker.com --distribution-id ### Generate the man pages -For information on generating man pages (short for manual page), see [the man -page directory](https://github.com/docker/docker/tree/master/docker) in this -project. +For information on generating man pages (short for manual page), see the README.md +document in [the man page directory](https://github.com/docker/docker/tree/master/docker) +in this project. diff --git a/man/README.md b/man/README.md index ca964026e8..922bc3cc74 100644 --- a/man/README.md +++ b/man/README.md @@ -13,7 +13,8 @@ environment. This uses `go-md2man`, a pure Go Markdown to man page generator. ## Building the md2man image -There is a `Dockerfile` provided in the `docker/man` directory. +There is a `Dockerfile` provided in the `/man` directory of your +'docker/docker' fork. Using this `Dockerfile`, create a Docker image tagged `docker/md2man`: @@ -21,13 +22,12 @@ Using this `Dockerfile`, create a Docker image tagged `docker/md2man`: ## Utilizing the image -Once the image is built, run a container using the image with *volumes*: - - docker run -v //docker/man:/docs:rw \ - -w /docs -i docker/md2man /docs/md2man-all.sh +From within the `/man` directory run the following command: + docker run -v $(pwd):/man -w /man -i docker/md2man ./md2man-all.sh + The `md2man` Docker container will process the Markdown files and generate -the man pages inside the `docker/man/man1` directory using +the man pages inside the `/man/man1` directory of your fork using Docker volumes. For more information on Docker volumes see the man page for `docker run` and also look at the article [Sharing Directories via Volumes] (https://docs.docker.com/use/working_with_volumes/). From 4948783f7c0350d5c17b7d232bcadc0e99768da5 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Wed, 16 Sep 2015 09:55:14 -0700 Subject: [PATCH 0861/2538] Revert "Make daemon to start with no userlandproxy by default" This reverts commit bf2b8ec8165468d7454f6bd86f4a78e7e8b58d8e. Signed-off-by: Jessica Frazelle --- docs/reference/commandline/daemon.md | 2 +- man/docker.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 57f3ed7c12..22394b72a8 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -56,7 +56,7 @@ weight=1 --tlscert="~/.docker/cert.pem" Path to TLS certificate file --tlskey="~/.docker/key.pem" Path to TLS key file --tlsverify=false Use TLS and verify the remote - --userland-proxy=false Use userland proxy for loopback traffic + --userland-proxy=true Use userland proxy for loopback traffic Options with [] may be specified multiple times. diff --git a/man/docker.1.md b/man/docker.1.md index b5b93ba4b5..50c9baa207 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -162,7 +162,7 @@ unix://[/path/to/socket] to use. Default is false. **--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is false. + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. **-v**, **--version**=*true*|*false* Print version information and quit. Default is false. From f5eb62c1801cc099c31eb5b3d1b6c6e6941c4d8e Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 16 Sep 2015 18:09:35 +0200 Subject: [PATCH 0862/2538] Fix bash completion when extglob is not set Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9d63416c4b..be229039d3 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -182,12 +182,12 @@ __docker_pos_first_nonflag() { # globs like '--log-level|-l' # Only positions between the command and the current word are considered. __docker_value_of_option() { - local option_glob=$1 + local option_extglob=$(__docker_to_extglob "$1") local counter=$((command_pos + 1)) while [ $counter -lt $cword ]; do case ${words[$counter]} in - @($option_glob) ) + $option_extglob ) echo ${words[$counter + 1]} break ;; From 8bdf17d8fe03ee605aeaa95c0759603d86e76519 Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Mon, 31 Aug 2015 11:47:25 -0700 Subject: [PATCH 0863/2538] Add support for DNS options Signed-off-by: Tim Hockin --- contrib/completion/bash/docker | 2 ++ contrib/completion/fish/docker.fish | 3 +++ contrib/completion/zsh/_docker | 8 +++++--- docs/reference/commandline/create.md | 1 + docs/reference/commandline/daemon.md | 1 + docs/reference/commandline/run.md | 1 + docs/reference/run.md | 10 +++++----- man/docker-create.1.md | 4 ++++ man/docker-inspect.1.md | 1 + man/docker-run.1.md | 4 ++++ man/docker.1.md | 3 +++ 11 files changed, 30 insertions(+), 8 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index be229039d3..9766a03115 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -533,6 +533,7 @@ _docker_daemon() { --default-ulimit --dns --dns-search + --dns-opt --exec-driver -e --exec-opt --exec-root @@ -1124,6 +1125,7 @@ _docker_run() { --cpu-shares -c --device --dns + --dns-opt --dns-search --entrypoint --env -e diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 7dcc554139..ad76de3ce6 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -49,6 +49,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode' complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable daemon mode' complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force Docker to use specific DNS servers' +complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-opt -d 'Force Docker to use specific DNS options' complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-search -d 'Force Docker to use specific DNS search domains' complete -c docker -f -n '__fish_docker_no_subcommand' -s e -l exec-driver -d 'Force the Docker runtime to use a specific exec driver' complete -c docker -f -n '__fish_docker_no_subcommand' -l exec-opt -d 'Set exec driver options' @@ -122,6 +123,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cidfile -d ' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l cpuset -d 'CPUs in which to allow execution (0-3, 0,1)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns -d 'Set custom DNS servers' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)" complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)" complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s e -l env -d 'Set environment variables' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' @@ -309,6 +311,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l cpuset -d 'CPUs complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s d -l detach -d 'Detached mode: run the container in the background and print the new container ID' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l device -d 'Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns -d 'Set custom DNS servers' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-opt -d "Set custom DNS options (Use --dns-opt='' if you don't wish to set options)" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l dns-search -d "Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain)" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s e -l env -d 'Set environment variables' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l entrypoint -d 'Overwrite the default ENTRYPOINT of the image' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 448dac9d59..52b5c75036 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -226,8 +226,9 @@ __docker_subcommand() { "($help)*--cap-drop=-[Drop Linux capabilities]:capability: " "($help)--cidfile=-[Write the container ID to the file]:CID file:_files" "($help)*--device=-[Add a host device to the container]:device:_files" - "($help)*--dns=-[Set custom dns servers]:dns server: " - "($help)*--dns-search=-[Set custom DNS search domains]:dns domains: " + "($help)*--dns=-[Set custom DNS servers]:DNS server: " + "($help)*--dns-opt=-[Set custom DNS options]:DNS option: " + "($help)*--dns-search=-[Set custom DNS search domains]:DNS domains: " "($help)*"{-e,--env=-}"[Set environment variables]:environment variable: " "($help)--entrypoint=-[Overwrite the default entrypoint of the image]:entry point: " "($help)*--env-file=-[Read environment variables from a file]:environment file:_files" @@ -599,7 +600,8 @@ _docker() { "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ "($help)*--dns=-[DNS server to use]:DNS: " \ - "($help)*--dns-search=-[DNS search domains to use]" \ + "($help)*--dns-search=-[DNS search domains to use]:DNS search: " \ + "($help)*--dns-opt=-[DNS options to use]:DNS option: " \ "($help)*--default-ulimit=-[Set default ulimit settings for containers]:ulimit: " \ "($help -e --exec-driver)"{-e,--exec-driver=-}"[Exec driver to use]:driver:(native lxc windows)" \ "($help)*--exec-opt=-[Set exec driver options]:exec driver options: " \ diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 7c64d7297d..ba8b33a387 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -31,6 +31,7 @@ Creates a new container. --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) --device=[] Add a host device to the container --dns=[] Set custom DNS servers + --dns-opt=[] Set custom DNS options --dns-search=[] Set custom DNS search domains -e, --env=[] Set environment variables --entrypoint="" Overwrite the default ENTRYPOINT of the image diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 22394b72a8..1fbfdcde7d 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -23,6 +23,7 @@ weight=1 --default-gateway="" Container default gateway IPv4 address --default-gateway-v6="" Container default gateway IPv6 address --dns=[] DNS server to use + --dns-opt=[] DNS options to use --dns-search=[] DNS search domains to use --default-ulimit=[] Set default ulimit settings for containers -e, --exec-driver="native" Exec driver to use diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index c7726497cc..313f61558b 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -30,6 +30,7 @@ weight=1 -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container --dns=[] Set custom DNS servers + --dns-opt=[] Set custom DNS options --dns-search=[] Set custom DNS search domains -e, --env=[] Set environment variables --entrypoint="" Overwrite the default ENTRYPOINT of the image diff --git a/docs/reference/run.md b/docs/reference/run.md index a115a6bb66..d00c7d9bc6 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -330,8 +330,8 @@ traffic will be routed though this bridge to the container. With the networking mode set to `host` a container will share the host's network stack and all interfaces from the host will be available to the container. The container's hostname will match the hostname on the host -system. Note that `--add-host` `--hostname` `--dns` `--dns-search` and -`--mac-address` is invalid in `host` netmode. +system. Note that `--add-host` `--hostname` `--dns` `--dns-search` +`--dns-opt` and `--mac-address` are invalid in `host` netmode. Compared to the default `bridge` mode, the `host` mode gives *significantly* better networking performance since it uses the host's native networking stack @@ -348,9 +348,9 @@ or a High Performance Web Server. With the networking mode set to `container` a container will share the network stack of another container. The other container's name must be provided in the format of `--net container:`. Note that `--add-host` -`--hostname` `--dns` `--dns-search` and `--mac-address` is invalid -in `container` netmode, and `--publish` `--publish-all` `--expose` are also -invalid in `container` netmode. +`--hostname` `--dns` `--dns-search` `--dns-opt` and `--mac-address` are +invalid in `container` netmode, and `--publish` `--publish-all` `--expose` are +also invalid in `container` netmode. Example running a Redis container with Redis binding to `localhost` then running the `redis-cli` command and connecting to the Redis server over the diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 21f411a716..e82ac3381c 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -21,6 +21,7 @@ docker-create - Create a new container [**--device**[=*[]*]] [**--dns**[=*[]*]] [**--dns-search**[=*[]*]] +[**--dns-opt**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] @@ -118,6 +119,9 @@ two memory nodes. **--dns**=[] Set custom DNS servers +**--dns-opt**=[] + Set custom DNS options + **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index f7faf4a7b2..3d1db2ed3e 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -123,6 +123,7 @@ To get information on a container use its ID or instance name: "PublishAllPorts": false, "Dns": null, "DnsSearch": null, + "DnsOptions": null, "ExtraHosts": null, "VolumesFrom": null, "Devices": [], diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 532f943f71..ebb65d71c7 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -21,6 +21,7 @@ docker-run - Run a command in a new container [**-d**|**--detach**[=*false*]] [**--device**[=*[]*]] [**--dns**[=*[]*]] +[**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] @@ -185,6 +186,9 @@ stopping the process by pressing the keys CTRL-P CTRL-Q. **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) +**--dns-opt**=[] + Set custom DNS options + **--dns**=[] Set custom DNS servers diff --git a/man/docker.1.md b/man/docker.1.md index 50c9baa207..17b92849bf 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -56,6 +56,9 @@ To see the man page for a command run **man docker **. **--dns**="" Force Docker to use specific DNS servers +**--dns-opt**=[] + DNS options to use. + **--dns-search**=[] DNS search domains to use. From 40a2dac738afa38eb01058e8187660a5d3ae85d5 Mon Sep 17 00:00:00 2001 From: Madhav Puri Date: Fri, 14 Nov 2014 10:59:14 -0800 Subject: [PATCH 0864/2538] Support for passing build-time variables in build context - The build-time variables are passed as environment-context for command(s) run as part of the RUN primitve. These variables are not persisted in environment of intermediate and final images when passed as context for RUN. The build environment is prepended to the intermediate continer's command string for aiding cache lookups. It also helps with build traceability. But this also makes the feature less secure from point of view of passing build time secrets. - The build-time variables also get used to expand the symbols used in certain Dockerfile primitves like ADD, COPY, USER etc, without an explicit prior definiton using a ENV primitive. These variables get persisted in the intermediate and final images whenever they are expanded. - The build-time variables are only expanded or passed to the RUN primtive if they are defined in Dockerfile using the ARG primitive or belong to list of built-in variables. HTTP_PROXY, HTTPS_PROXY, http_proxy, https_proxy, FTP_PROXY and NO_PROXY are built-in variables that needn't be explicitly defined in Dockerfile to use this feature. Signed-off-by: Madhav Puri --- docs/reference/builder.md | 121 ++++++++++++++++++++++++++++ docs/reference/commandline/build.md | 20 +++++ man/Dockerfile.5.md | 120 +++++++++++++++++++++++++++ man/docker-build.1.md | 19 +++++ 4 files changed, 280 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 537cc98ece..848d69717c 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -966,6 +966,127 @@ For example: The output of the final `pwd` command in this `Dockerfile` would be `/path/$DIRNAME` +## ARG + + ARG [=] + +The `ARG` instruction defines a variable that users can pass at build-time to +the builder with the `docker build` command using the `--build-arg +=` flag. If a user specifies a build argument that was not +defined in the Dockerfile, the build outputs an error. + +``` +One or more build-args were not consumed, failing build. +``` + +The Dockerfile author can define a single variable by specifying `ARG` once or many +variables by specifying `ARG` more than once. For example, a valid Dockerfile: + +``` +FROM busybox +ARG user1 +ARG buildno +... +``` + +A Dockerfile author may optionally specify a default value for an `ARG` instruction: + +``` +FROM busybox +ARG user1=someuser +ARG buildno=1 +... +``` + +If an `ARG` value has a default and if there is no value passed at build-time, the +builder uses the default. + +An `ARG` variable definition comes into effect from the line on which it is +defined in the `Dockerfile` not from the argument's use on the command-line or +elsewhere. For example, consider this Dockerfile: + +``` +1 FROM busybox +2 USER ${user:-some_user} +3 ARG user +4 USER $user +... +``` +A user builds this file by calling: + +``` +$ docker build --build-arg user=what_user Dockerfile +``` + +The `USER` at line 2 evaluates to `some_user` as the `user` variable is defined on the +subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is +defined and the `what_user` value was passed on the command line. Prior to its definition by an +`ARG` instruction, any use of a variable results in an empty string. + +> **Note:** It is not recommended to use build-time variables for +> passing secrets like github keys, user credentials etc. + +You can use an `ARG` or an `ENV` instruction to specify variables that are +available to the `RUN` instruction. Environment variables defined using the +`ENV` instruction always override an `ARG` instruction of the same name. Consider +this Dockerfile with an `ENV` and `ARG` instruction. + +``` +1 FROM ubuntu +2 ARG CONT_IMG_VER +3 ENV CONT_IMG_VER v1.0.0 +4 RUN echo $CONT_IMG_VER +``` +Then, assume this image is built with this command: + +``` +$ docker build --build-arg CONT_IMG_VER=v2.0.1 Dockerfile +``` + +In this case, the `RUN` instruction uses `v1.0.0` instead of the `ARG` setting +passed by the user:`v2.0.1` This behavior is similar to a shell +script where a locally scoped variable overrides the variables passed as +arguments or inherited from environment, from its point of definition. + +Using the example above but a different `ENV` specification you can create more +useful interactions between `ARG` and `ENV` instructions: + +``` +1 FROM ubuntu +2 ARG CONT_IMG_VER +3 ENV CONT_IMG_VER ${CONT_IMG_VER:-v1.0.0} +4 RUN echo $CONT_IMG_VER +``` + +The command line passes the `--build-arg` and sets the `v2.0.1` value. And the `ARG +CONT_IMG_VER` is defined on line 2 of the Dockerfile. On line 3, the `ENV` +instruction of the same name resolves to `v2.0.1` as the build-time variable +was passed from the command line and expanded here. + +The variable expansion technique in this example allows you to pass arguments +from the command line and persist them in the final image by leveraging the `ENV` +instruction. Variable expansion is only supported for the `Dockerfile` instructions +described [here](#environment-replacement). + +Unlike an `ARG` instruction, `ENV` values are always persisted in the built image. If +`docker build` were run without setting the `--build-arg` flag, then +`CONT_IMG_VER` is still persisted in the image but its value would be `v1.0.0`. + +Docker has a set of predefined `ARG` variables that you can use without a +corresponding `ARG` instruction in the Dockerfile. + +* `HTTP_PROXY` +* `http_proxy` +* `HTTPS_PROXY` +* `https_proxy` +* `FTP_PROXY` +* `ftp_proxy` +* `NO_PROXY` +* `no_proxy` + +To use these, simply pass them on the command line using the `--build-arg +=` flag. + ## ONBUILD ONBUILD [INSTRUCTION] diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 633d1132de..8cb6b13107 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -17,6 +17,7 @@ weight=1 -f, --file="" Name of the Dockerfile (Default is 'PATH/Dockerfile') --force-rm=false Always remove intermediate containers + --build-arg=[] Set build-time variables --no-cache=false Do not use cache when building the image --pull=false Always attempt to pull a newer version of the image -q, --quiet=false Suppress the verbose output generated by the containers @@ -251,3 +252,22 @@ flag](/reference/run/#specifying-custom-cgroups). Using the `--ulimit` option with `docker build` will cause each build step's container to be started using those [`--ulimit` flag values](/reference/run/#setting-ulimits-in-a-container). + +You can use `ENV` instructions in a Dockerfile to define variable +values. These values persist in the built image. However, often +persistence is not what you want. Users want to specify variables differently +depending on which host they build an image on. + +A good example is `http_proxy` or source versions for pulling intermediate +files. The `ARG` instruction lets Dockerfile authors define values that users +can set at build-time using the `---build-arg` flag: + + $ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 . + +This flag allows you to pass the build-time variables that are +accessed like regular environment variables in the `RUN` instruction of the +Dockerfile. Also, these values don't persist in the intermediate or final images +like `ENV` values do. + +For detailed information on using `ARG` and `ENV` instructions, see the +[Dockerfile reference](/reference/builder). diff --git a/man/Dockerfile.5.md b/man/Dockerfile.5.md index 0b188ac330..b29745e2e7 100644 --- a/man/Dockerfile.5.md +++ b/man/Dockerfile.5.md @@ -317,6 +317,126 @@ A Dockerfile is similar to a Makefile. In the above example, the output of the **pwd** command is **a/b/c**. +**ARG** + -- ARG [=] + + The `ARG` instruction defines a variable that users can pass at build-time to + the builder with the `docker build` command using the `--build-arg + =` flag. If a user specifies a build argument that was not + defined in the Dockerfile, the build outputs an error. + + ``` + One or more build-args were not consumed, failing build. + ``` + + The Dockerfile author can define a single variable by specifying `ARG` once or many + variables by specifying `ARG` more than once. For example, a valid Dockerfile: + + ``` + FROM busybox + ARG user1 + ARG buildno + ... + ``` + + A Dockerfile author may optionally specify a default value for an `ARG` instruction: + + ``` + FROM busybox + ARG user1=someuser + ARG buildno=1 + ... + ``` + + If an `ARG` value has a default and if there is no value passed at build-time, the + builder uses the default. + + An `ARG` variable definition comes into effect from the line on which it is + defined in the `Dockerfile` not from the argument's use on the command-line or + elsewhere. For example, consider this Dockerfile: + + ``` + 1 FROM busybox + 2 USER ${user:-some_user} + 3 ARG user + 4 USER $user + ... + ``` + A user builds this file by calling: + + ``` + $ docker build --build-arg user=what_user Dockerfile + ``` + + The `USER` at line 2 evaluates to `some_user` as the `user` variable is defined on the + subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is + defined and the `what_user` value was passed on the command line. Prior to its definition by an + `ARG` instruction, any use of a variable results in an empty string. + + > **Note:** It is not recommended to use build-time variables for + > passing secrets like github keys, user credentials etc. + + You can use an `ARG` or an `ENV` instruction to specify variables that are + available to the `RUN` instruction. Environment variables defined using the + `ENV` instruction always override an `ARG` instruction of the same name. Consider + this Dockerfile with an `ENV` and `ARG` instruction. + + ``` + 1 FROM ubuntu + 2 ARG CONT_IMG_VER + 3 ENV CONT_IMG_VER v1.0.0 + 4 RUN echo $CONT_IMG_VER + ``` + Then, assume this image is built with this command: + + ``` + $ docker build --build-arg CONT_IMG_VER=v2.0.1 Dockerfile + ``` + + In this case, the `RUN` instruction uses `v1.0.0` instead of the `ARG` setting + passed by the user:`v2.0.1` This behavior is similar to a shell + script where a locally scoped variable overrides the variables passed as + arguments or inherited from environment, from its point of definition. + + Using the example above but a different `ENV` specification you can create more + useful interactions between `ARG` and `ENV` instructions: + + ``` + 1 FROM ubuntu + 2 ARG CONT_IMG_VER + 3 ENV CONT_IMG_VER ${CONT_IMG_VER:-v1.0.0} + 4 RUN echo $CONT_IMG_VER + ``` + + The command line passes the `--build-arg` and sets the `v2.0.1` value. And the `ARG + CONT_IMG_VER` is defined on line 2 of the Dockerfile. On line 3, the `ENV` + instruction of the same name resolves to `v2.0.1` as the build-time variable + was passed from the command line and expanded here. + + The variable expansion technique in this example allows you to pass arguments + from the command line and persist them in the final image by leveraging the `ENV` + instruction. Variable expansion is only supported for the `Dockerfile` instructions + described [here](#environment-replacement). + + Unlike an `ARG` instruction, `ENV` values are always persisted in the built image. If + `docker build` were run without setting the `--build-arg` flag, then + `CONT_IMG_VER` is still persisted in the image but its value would be `v1.0.0`. + + Docker has a set of predefined `ARG` variables that you can use without a + corresponding `ARG` instruction in the Dockerfile. + + * `HTTP_PROXY` + * `http_proxy` + * `HTTPS_PROXY` + * `https_proxy` + * `FTP_PROXY` + * `ftp_proxy` + * `NO_PROXY` + * `no_proxy` + + To use these, simply pass them on the command line using the `--build-arg + =` flag. + **ONBUILD** -- `ONBUILD [INSTRUCTION]` The **ONBUILD** instruction adds a trigger instruction to an image. The diff --git a/man/docker-build.1.md b/man/docker-build.1.md index a8714b775a..f725f83aa8 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -8,6 +8,7 @@ docker-build - Build a new image from the source code at PATH **docker build** [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] +[**--build-arg**[=*[]*]] [**--force-rm**[=*false*]] [**--no-cache**[=*false*]] [**--pull**[=*false*]] @@ -51,6 +52,24 @@ cloned locally and then sent as the context. the remote context. In all cases, the file must be within the build context. The default is *Dockerfile*. +**--build-arg**=*variable* + Set value for build-time variable. This option allows you to specify +values of the variables that are available for expansion/substitution in the +Dockerfile instructions like ADD, COPY etc, without an explicit prior definition by +the ENV instruction. The build-time variables are also passed as environment +context for the command(s) that will be executed as part of RUN instruction +of Dockerfile, if there is no explicit prior definition by the ENV instruction. +Normally, these variables are not persisted in the resulting Docker image. This gives +the flexibility to build an image by passing host specific environment variables (like +http_proxy) that will be used on the RUN commands without affecting portability +of the generated image. +However, as with any variable, they can be persisted in the final image if they are used in an +ENV instruction (e.g. ENV myName=$myName will save myName in the image). + +Only the build-time variables that are defined using the ARG instruction of Dockerfile +are allowed to be expanded or passed as environment to the RUN command. Read more about +ARG instruction in Dockerfile reference. + **--force-rm**=*true*|*false* Always remove intermediate containers, even after unsuccessful builds. The default is *false*. From 9fab23902fd81cf4a876176940ae61fa2a83518e Mon Sep 17 00:00:00 2001 From: Madhav Puri Date: Wed, 16 Sep 2015 01:47:10 -0700 Subject: [PATCH 0865/2538] incorporate doc review comments Signed-off-by: Madhav Puri --- docs/reference/builder.md | 23 ++++++++++++----------- man/Dockerfile.5.md | 23 ++++++++++++----------- man/docker-build.1.md | 23 ++++++++--------------- 3 files changed, 32 insertions(+), 37 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 848d69717c..c519102052 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1058,19 +1058,20 @@ useful interactions between `ARG` and `ENV` instructions: 4 RUN echo $CONT_IMG_VER ``` -The command line passes the `--build-arg` and sets the `v2.0.1` value. And the `ARG -CONT_IMG_VER` is defined on line 2 of the Dockerfile. On line 3, the `ENV` -instruction of the same name resolves to `v2.0.1` as the build-time variable -was passed from the command line and expanded here. +Unlike an `ARG` instruction, `ENV` values are always persisted in the built +image. Consider a docker build without the --build-arg flag: + +``` +$ docker build Dockerfile +``` + +Using this Dockerfile example, `CONT_IMG_VER` is still persisted in the image but +its value would be `v1.0.0` as it is the default set in line 3 by the `ENV` instruction. The variable expansion technique in this example allows you to pass arguments -from the command line and persist them in the final image by leveraging the `ENV` -instruction. Variable expansion is only supported for the `Dockerfile` instructions -described [here](#environment-replacement). - -Unlike an `ARG` instruction, `ENV` values are always persisted in the built image. If -`docker build` were run without setting the `--build-arg` flag, then -`CONT_IMG_VER` is still persisted in the image but its value would be `v1.0.0`. +from the command line and persist them in the final image by leveraging the +`ENV` instruction. Variable expansion is only supported for [a limited set of +Dockerfile instructions.](#environment-replacement) Docker has a set of predefined `ARG` variables that you can use without a corresponding `ARG` instruction in the Dockerfile. diff --git a/man/Dockerfile.5.md b/man/Dockerfile.5.md index b29745e2e7..528fb67522 100644 --- a/man/Dockerfile.5.md +++ b/man/Dockerfile.5.md @@ -408,19 +408,20 @@ A Dockerfile is similar to a Makefile. 4 RUN echo $CONT_IMG_VER ``` - The command line passes the `--build-arg` and sets the `v2.0.1` value. And the `ARG - CONT_IMG_VER` is defined on line 2 of the Dockerfile. On line 3, the `ENV` - instruction of the same name resolves to `v2.0.1` as the build-time variable - was passed from the command line and expanded here. + Unlike an `ARG` instruction, `ENV` values are always persisted in the built + image. Consider a docker build without the --build-arg flag: + + ``` + $ docker build Dockerfile + ``` + + Using this Dockerfile example, `CONT_IMG_VER` is still persisted in the image but + its value would be `v1.0.0` as it is the default set in line 3 by the `ENV` instruction. The variable expansion technique in this example allows you to pass arguments - from the command line and persist them in the final image by leveraging the `ENV` - instruction. Variable expansion is only supported for the `Dockerfile` instructions - described [here](#environment-replacement). - - Unlike an `ARG` instruction, `ENV` values are always persisted in the built image. If - `docker build` were run without setting the `--build-arg` flag, then - `CONT_IMG_VER` is still persisted in the image but its value would be `v1.0.0`. + from the command line and persist them in the final image by leveraging the + `ENV` instruction. Variable expansion is only supported for [a limited set of + Dockerfile instructions.](#environment-replacement) Docker has a set of predefined `ARG` variables that you can use without a corresponding `ARG` instruction in the Dockerfile. diff --git a/man/docker-build.1.md b/man/docker-build.1.md index f725f83aa8..06cdefff1e 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -53,22 +53,15 @@ cloned locally and then sent as the context. The default is *Dockerfile*. **--build-arg**=*variable* - Set value for build-time variable. This option allows you to specify -values of the variables that are available for expansion/substitution in the -Dockerfile instructions like ADD, COPY etc, without an explicit prior definition by -the ENV instruction. The build-time variables are also passed as environment -context for the command(s) that will be executed as part of RUN instruction -of Dockerfile, if there is no explicit prior definition by the ENV instruction. -Normally, these variables are not persisted in the resulting Docker image. This gives -the flexibility to build an image by passing host specific environment variables (like -http_proxy) that will be used on the RUN commands without affecting portability -of the generated image. -However, as with any variable, they can be persisted in the final image if they are used in an -ENV instruction (e.g. ENV myName=$myName will save myName in the image). + name and value of a **buildarg**. -Only the build-time variables that are defined using the ARG instruction of Dockerfile -are allowed to be expanded or passed as environment to the RUN command. Read more about -ARG instruction in Dockerfile reference. + For example, if you want to pass a value for `http_proxy`, use + `--bulid-arg=http_proxy="http://some.proxy.url"` + + Users pass these values at build-time. Docker uses the `buildargs` as the + environment context for command(s) run via the Dockerfile's `RUN` instruction + or for variable expansion in other Dockerfile instructions. This is not meant + for passing secret values. [Read more about the buildargs instruction](/reference/builder/#arg) **--force-rm**=*true*|*false* Always remove intermediate containers, even after unsuccessful builds. The default is *false*. From cd90efa0401d339f552994496fc2c1629d66d54f Mon Sep 17 00:00:00 2001 From: Tom Denham Date: Wed, 16 Sep 2015 13:16:36 -0700 Subject: [PATCH 0866/2538] Update the instructions for building experimental docker binaries There is no dynbinary target. Signed-off-by: Tom Denham --- experimental/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/experimental/README.md b/experimental/README.md index 8da601d6f2..2ffdb854a5 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -65,9 +65,9 @@ After downloading the appropriate binary, you can follow the instructions ### Build an experimental binary You can also build the experimental binary from the standard development environment by adding `DOCKER_EXPERIMENTAL=1` to the environment where you run `make` to build Docker binaries. For example, -to build a dynamically-linked Docker binary with the experimental features enabled: +to build a Docker binary with the experimental features enabled: - $ DOCKER_EXPERIMENTAL=1 make dynbinary + $ DOCKER_EXPERIMENTAL=1 make binary ## Current experimental features From 17fda32a5356511315bb8451fff5ddf902a07d35 Mon Sep 17 00:00:00 2001 From: Charles Chan Date: Sat, 19 Sep 2015 08:53:11 -0700 Subject: [PATCH 0867/2538] Add missing '[OPTIONS]' arg to documentation for 'docker version'. Signed-off-by: Charles Chan --- docs/reference/commandline/version.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index a976546ef9..4570ed542f 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -11,7 +11,7 @@ weight=1 # version - Usage: docker version + Usage: docker version [OPTIONS] Show the Docker version information. From fac115815672039ea9ef5df442a6a1301f11d5f7 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Wed, 9 Sep 2015 06:27:41 -0400 Subject: [PATCH 0868/2538] docker restarts running OR stopped containers, docs edit rm "running" Signed-off-by: Sally O'Malley --- contrib/completion/fish/docker.fish | 2 +- docs/reference/commandline/restart.md | 2 +- man/docker-restart.1.md | 2 +- man/docker.1.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index ad76de3ce6..798f1ec3b4 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -279,7 +279,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from push' -a '(__fish_print complete -c docker -f -n '__fish_docker_no_subcommand' -a rename -d 'Rename an existing container' # restart -complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a running container' +complete -c docker -f -n '__fish_docker_no_subcommand' -a restart -d 'Restart a container' complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -s t -l time -d 'Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds.' complete -c docker -A -f -n '__fish_seen_subcommand_from restart' -a '(__fish_print_docker_containers running)' -d "Container" diff --git a/docs/reference/commandline/restart.md b/docs/reference/commandline/restart.md index 0b668eecf4..339f796044 100644 --- a/docs/reference/commandline/restart.md +++ b/docs/reference/commandline/restart.md @@ -13,7 +13,7 @@ weight=1 Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...] - Restart a running container + Restart a container -t, --time=10 Seconds to wait for stop before killing the container diff --git a/man/docker-restart.1.md b/man/docker-restart.1.md index 77f99d51a6..9f60bc5434 100644 --- a/man/docker-restart.1.md +++ b/man/docker-restart.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-restart - Restart a running container +docker-restart - Restart a container # SYNOPSIS **docker restart** diff --git a/man/docker.1.md b/man/docker.1.md index 17b92849bf..bee12512aa 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -273,7 +273,7 @@ inside it) See **docker-rename(1)** for full documentation on the **rename** command. **restart** - Restart a running container + Restart a container See **docker-restart(1)** for full documentation on the **restart** command. **rm** From 708318b076c91cd07989b77f921cb24ecf34b593 Mon Sep 17 00:00:00 2001 From: Zhang Kun Date: Mon, 21 Sep 2015 12:23:54 +0800 Subject: [PATCH 0869/2538] add docker server version to /info Signed-off-by: Zhang Kun --- docs/reference/commandline/info.md | 1 + man/docker-info.1.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index dc4653e835..b156696d75 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -21,6 +21,7 @@ For example: $ docker -D info Containers: 14 Images: 52 + Engine Version: 1.9.0 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Backing Filesystem: extfs diff --git a/man/docker-info.1.md b/man/docker-info.1.md index a3bbd79828..1aca0b5b20 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -33,6 +33,7 @@ Here is a sample output: # docker info Containers: 14 Images: 52 + Engine Version: 1.9.0 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Dirs: 80 From 3058fcf68b61d1c1ef9b81cc3be04323af8acf03 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 21 Sep 2015 21:05:33 +0200 Subject: [PATCH 0870/2538] reference: capability `all` should be `ALL` Signed-off-by: Harald Albers --- docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index d00c7d9bc6..6e109341f2 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -946,7 +946,7 @@ list of capabilities that are kept. The following table lists the Linux capabili Further reference information is available on the [capabilities(7) - Linux man page](http://linux.die.net/man/7/capabilities) -Both flags support the value `all`, so if the +Both flags support the value `ALL`, so if the operator wants to have all capabilities but `MKNOD` they could use: $ docker run --cap-add=ALL --cap-drop=MKNOD ... From eb684d2badb6345fe8f0967b337b92f6c8f250e0 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 18 Sep 2015 16:20:05 +0200 Subject: [PATCH 0871/2538] bash completion: use generic `tag` log driver option Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9766a03115..662e718f91 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -275,10 +275,10 @@ __docker_log_drivers() { __docker_log_driver_options() { # see docs/reference/logging/index.md - local fluentd_options="fluentd-address fluentd-tag" - local gelf_options="gelf-address gelf-tag" + local fluentd_options="fluentd-address tag" + local gelf_options="gelf-address tag" local json_file_options="max-file max-size" - local syslog_options="syslog-address syslog-facility syslog-tag" + local syslog_options="syslog-address syslog-facility tag" local awslogs_options="awslogs-region awslogs-group awslogs-stream" case $(__docker_value_of_option --log-driver) in From 83a6b3e927563917f40e7f4879c47911ded38fa1 Mon Sep 17 00:00:00 2001 From: Charles Chan Date: Sat, 19 Sep 2015 13:54:22 -0700 Subject: [PATCH 0872/2538] Touch up 'docker logs' documentation. * Update format for 'Note:' to match other pages. * Add link to Go's RFC3339Nano timestamp information. Signed-off-by: Charles Chan --- docs/reference/commandline/logs.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index 49005d09db..3b7a96c43c 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -20,8 +20,8 @@ weight=1 -t, --timestamps=false Show timestamps --tail="all" Number of lines to show from the end of the logs -NOTE: this command is available only for containers with `json-file` and -`journald` logging drivers. +> **Note**: this command is available only for containers with `json-file` and +> `journald` logging drivers. The `docker logs` command batch-retrieves logs present at the time of execution. @@ -31,8 +31,8 @@ the container's `STDOUT` and `STDERR`. Passing a negative number or a non-integer to `--tail` is invalid and the value is set to `all` in that case. -The `docker logs --timestamp` commands will add an RFC3339Nano -timestamp, for example `2014-09-16T06:17:46.000000000Z`, to each +The `docker logs --timestamp` commands will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants) +, for example `2014-09-16T06:17:46.000000000Z`, to each log entry. To ensure that the timestamps for are aligned the nano-second part of the timestamp will be padded with zero when necessary. From 7310f4a2bde0bd358b8d1c480efc907ee5f8201c Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 22 Sep 2015 12:17:30 -0700 Subject: [PATCH 0873/2538] Bash completion: avoid 'compopt: command not found' errors on Mac OS The shell builtin `compopt` is not available on the outdated bash version 3.2.57 that ships with Mac OS. It is used in Docker's bash completion to suppress trailing spaces in advanced completions of hash map options, e.g. `--log-opt`. If `compopt` is not available, the new behavior is to do nothing, i.e. the user will have to delete the additional space. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 38 ++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 662e718f91..c04326036a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -212,6 +212,12 @@ __docker_to_extglob() { echo "@($extglob)" } +# suppress trailing whitespace +__docker_nospace() { + # compopt is not available in ancient bash versions + type compopt &>/dev/null && compopt -o nospace +} + __docker_resolve_hostname() { command -v host >/dev/null 2>&1 || return COMPREPLY=( $(host 2>/dev/null "${cur%:}" | awk '/has address/ {print $4}') ) @@ -305,7 +311,7 @@ __docker_log_driver_options() { ;; esac - compopt -o nospace + __docker_nospace } __docker_complete_log_driver_options() { @@ -314,12 +320,12 @@ __docker_complete_log_driver_options() { case "${words[$cword-2]}$prev=" in *gelf-address=*) COMPREPLY=( $( compgen -W "udp" -S "://" -- "${cur#=}" ) ) - compopt -o nospace + __docker_nospace return ;; *syslog-address=*) COMPREPLY=( $( compgen -W "tcp udp unix" -S "://" -- "${cur#=}" ) ) - compopt -o nospace + __docker_nospace return ;; *syslog-facility=*) @@ -492,7 +498,7 @@ _docker_cp() { *) __docker_containers_all COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) - compopt -o nospace + __docker_nospace return ;; esac @@ -599,7 +605,7 @@ _docker_daemon() { return ;; esac - compopt -o nospace + __docker_nospace return ;; --log-level|-l) @@ -662,7 +668,7 @@ _docker_events() { case "$prev" in --filter|-f) COMPREPLY=( $( compgen -S = -W "container event image" -- "$cur" ) ) - compopt -o nospace + __docker_nospace return ;; --since|--until) @@ -777,7 +783,7 @@ _docker_images() { --filter|-f) COMPREPLY=( $( compgen -W "dangling=true label=" -- "$cur" ) ) if [ "$COMPREPLY" = "label=" ]; then - compopt -o nospace + __docker_nospace fi return ;; @@ -975,7 +981,7 @@ _docker_ps() { ;; --filter|-f) COMPREPLY=( $( compgen -S = -W "ancestor exited id label name status" -- "$cur" ) ) - compopt -o nospace + __docker_nospace return ;; --format|-n) @@ -1207,18 +1213,18 @@ _docker_run() { ;; '') COMPREPLY=( $( compgen -W '/' -- "$cur" ) ) - compopt -o nospace + __docker_nospace ;; /*) _filedir - compopt -o nospace + __docker_nospace ;; esac return ;; --env|-e) COMPREPLY=( $( compgen -e -- "$cur" ) ) - compopt -o nospace + __docker_nospace return ;; --ipc) @@ -1230,7 +1236,7 @@ _docker_run() { *) COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) ) if [ "$COMPREPLY" = "container:" ]; then - compopt -o nospace + __docker_nospace fi ;; esac @@ -1243,7 +1249,7 @@ _docker_run() { *) __docker_containers_running COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) - compopt -o nospace + __docker_nospace ;; esac return @@ -1265,7 +1271,7 @@ _docker_run() { *) COMPREPLY=( $( compgen -W "bridge none container: host" -- "$cur") ) if [ "${COMPREPLY[*]}" = "container:" ] ; then - compopt -o nospace + __docker_nospace fi ;; esac @@ -1289,12 +1295,12 @@ _docker_run() { local cur=${cur##*:} COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "$cur") ) if [ "${COMPREPLY[*]}" != "disable" ] ; then - compopt -o nospace + __docker_nospace fi ;; *) COMPREPLY=( $( compgen -W "label apparmor" -S ":" -- "$cur") ) - compopt -o nospace + __docker_nospace ;; esac return From 65c5e2b950cd7e98b5e3ab5263fc28d745847b11 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 28 Aug 2015 16:54:31 +0200 Subject: [PATCH 0874/2538] Catchup missing changes for the zsh completion - felixr/docker-zsh-completion@6ae6279: Add --privileged flag to docker exec command in zsh completion - felixr/docker-zsh-completion@259ea00: Remove -h help flag from subcommands in zsh completion - felixr/docker-zsh-completion@5f77b29: Add docker ps --format flag to zsh completion - felixr/docker-zsh-completion@a1f39f8: Add --config flag to zsh completion - felixr/docker-zsh-completion@6a503b4: Filter zsh completions of inspect command by --type - felixr/docker-zsh-completion@d286ccd: Add --ulimit flag to build command to zsh completion - felixr/docker-zsh-completion@bdc1261: Add support for kernel memory limit in zsh completion - felixr/docker-zsh-completion@c8ce164: Add docker volume command and subcommands in zsh completion - felixr/docker-zsh-completion@7f996bf: Add docker daemon command to zsh completion - felixr/docker-zsh-completion@4ccd292: Be more generic when parsing "docker ps" output. - felixr/docker-zsh-completion@cd0f1b9: Fix container completion by name - felixr/docker-zsh-completion@8bf9041: Use "docker ps --no-trunc" to build completion. - felixr/docker-zsh-completion@b721bbb: Only keep the last name for a running/stopped container - felixr/docker-zsh-completion@6791b3e: Fix "docker run --stop-signal" completion - felixr/docker-zsh-completion@961f628: Try some heuristics to determine the canonical container name Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 254 +++++++++++++++++++++++++-------- 1 file changed, 195 insertions(+), 59 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 52b5c75036..7f48c47b22 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -48,7 +48,7 @@ __docker_get_containers() { shift [[ $kind = (stopped|all) ]] && args=($args -a) - lines=(${(f)"$(_call_program commands docker $docker_options ps $args)"}) + lines=(${(f)"$(_call_program commands docker $docker_options ps --no-trunc $args)"}) # Parse header line to find columns local i=1 j=1 k header=${lines[1]} @@ -60,13 +60,14 @@ __docker_get_containers() { begin[${header[$i,$((j-1))]}]=$i end[${header[$i,$((j-1))]}]=$k done + end[${header[$i,$((j-1))]}]=-1 # Last column, should go to the end of the line lines=(${lines[2,-1]}) # Container ID local line local s for line in $lines; do - s="${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}" + s="${${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}[0,12]}" s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then @@ -76,20 +77,25 @@ __docker_get_containers() { fi done - # Names - local name + # Names: we only display the one without slash. All other names + # are generated and may clutter the completion. However, with + # Swarm, all names may be prefixed by the swarm node name. local -a names for line in $lines; do - names=(${(ps:,:)${${line[${begin[NAMES]},-1]}%% *}}) - for name in $names; do - s="${name}:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" - s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" - if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then - stopped=($stopped ${s#*/}) - else - running=($running ${s#*/}) - fi - done + names=(${(ps:,:)${${line[${begin[NAMES]},${end[NAMES]}]}%% *}}) + # First step: find a common prefix and strip it (swarm node case) + (( ${#${(u)names%%/*}} == 1 )) && names=${names#${names[1]%%/*}/} + # Second step: only keep the first name without a / + s=${${names:#*/*}[1]} + # If no name, well give up. + (( $#s != 0 )) || continue + s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" + s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" + if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then + stopped=($stopped $s) + else + running=($running $s) + fi done [[ $kind = (running|all) ]] && _describe -t containers-running "running containers" running "$@" && ret=0 @@ -177,6 +183,89 @@ __docker_search() { _wanted dockersearch expl 'available images' compadd -a result } +__docker_volumes() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + declare -a lines volumes + + lines=(${(f)"$(_call_program commands docker $docker_options volume ls)"}) + + # Parse header line to find columns + local i=1 j=1 k header=${lines[1]} + declare -A begin end + while (( j < ${#header} - 1 )); do + i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) + j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) + k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) + begin[${header[$i,$((j-1))]}]=$i + end[${header[$i,$((j-1))]}]=$k + done + end[${header[$i,$((j-1))]}]=-1 + lines=(${lines[2,-1]}) + + # Names + local line s + for line in $lines; do + s="${line[${begin[VOLUME NAME]},${end[VOLUME NAME]}]%% ##}" + s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}" + volumes=($volumes $s) + done + + _describe -t volumes-list "volumes" volumes && ret=0 + return ret +} + +__docker_volume_commands() { + local -a _docker_volume_subcommands + _docker_volume_subcommands=( + "create:Create a volume" + "inspect:Return low-level information on a volume" + "ls:List volumes" + "rm:Remove a volume" + ) + _describe -t docker-volume-commands "docker volume command" _docker_volume_subcommands +} + +__docker_volume_subcommand() { + local -a _command_args opts_help + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + + case "$words[1]" in + (create) + _arguments \ + $opts_help \ + "($help -d --driver)"{-d,--driver=-}"[Specify volume driver name]:Driver name: " \ + "($help)--name=-[Specify volume name]" \ + "($help -o --opt)*"{-o,--opt=-}"[Set driver specific options]:Driver option: " && ret=0 + ;; + (inspect) + _arguments \ + $opts_help \ + "($help -f --format=-)"{-f,--format=-}"[Format the output using the given go template]:template: " \ + "($help -)1:volume:__docker_volumes" && ret=0 + ;; + (ls) + _arguments \ + $opts_help \ + "($help -f --filter)*"{-f,--filter=-}"[Provide filter values (i.e. 'dangling=true')]:filter: " \ + "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0 + ;; + (rm) + _arguments \ + $opts_help \ + "($help -):volume:__docker_volumes" && ret=0 + ;; + (help) + _arguments ":subcommand:__docker_volume_commands" && ret=0 + ;; + esac + + return ret +} + __docker_caching_policy() { oldp=( "$1"(Nmh+1) ) # 1 hour (( $#oldp )) @@ -196,19 +285,19 @@ __docker_commands() { local -a lines lines=(${(f)"$(_call_program commands docker 2>&1)"}) _docker_subcommands=(${${${lines[$((${lines[(i)Commands:]} + 1)),${lines[(I) *]}]}## #}/ ##/:}) - _docker_subcommands=($_docker_subcommands 'help:Show help for a command') + _docker_subcommands=($_docker_subcommands 'daemon:Enable daemon mode' 'help:Show help for a command') _store_cache docker_subcommands _docker_subcommands fi _describe -t docker-commands "docker command" _docker_subcommands } __docker_subcommand() { - local -a _command_args opts_help opts_cpumem opts_create - local expl help="-h --help" + local -a _command_args opts_help opts_cpumemlimit opts_create + local expl help="--help" integer ret=1 - opts_help=("(: -)"{-h,--help}"[Print usage]") - opts_cpumem=( + opts_help=("(: -)--help[Print usage]") + opts_cpumemlimit=( "($help -c --cpu-shares)"{-c,--cpu-shares=-}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" "($help)--cgroup-parent=-[Parent cgroup for the container]:cgroup: " "($help)--cpu-period=-[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " @@ -217,6 +306,7 @@ __docker_subcommand() { "($help)--cpuset-mems=-[MEMs in which to allow execution]:MEMs: " "($help -m --memory)"{-m,--memory=-}"[Memory limit]:Memory limit: " "($help)--memory-swap=-[Total memory limit with swap]:Memory limit: " + "($help)*--ulimit=-[ulimit options]:ulimit: " ) opts_create=( "($help -a --attach)"{-a,--attach=-}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" @@ -237,6 +327,7 @@ __docker_subcommand() { "($help -h --hostname)"{-h,--hostname=-}"[Container host name]:hostname:_hosts" "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" "($help)--ipc=-[IPC namespace to use]:IPC namespace: " + "($help)--kernel-memory[Kernel memory limit in bytes.]:Memory limit: " "($help)*--link=-[Add link to another container]:link:->link" "($help)*"{-l,--label=-}"[Set meta data on a container]:label: " "($help)--log-driver=-[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs none)" @@ -255,7 +346,6 @@ __docker_subcommand() { "($help)*--security-opt=-[Security options]:security option: " "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" "($help -u --user)"{-u,--user=-}"[Username or UID]:user:_users" - "($help)*--ulimit=-[ulimit options]:ulimit: " "($help)*-v[Bind mount a volume]:volume: " "($help)*--volumes-from=-[Mount volumes from the specified container]:volume: " "($help -w --workdir)"{-w,--workdir=-}"[Working directory inside the container]:directory:_directories" @@ -272,7 +362,7 @@ __docker_subcommand() { (build) _arguments \ $opts_help \ - $opts_cpumem \ + $opts_cpumemlimit \ "($help -f --file)"{-f,--file=-}"[Name of the Dockerfile]:Dockerfile:_files" \ "($help)--force-rm[Always remove intermediate containers]" \ "($help)--no-cache[Do not use cache when building the image]" \ @@ -310,7 +400,7 @@ __docker_subcommand() { (create) _arguments \ $opts_help \ - $opts_cpumem \ + $opts_cpumemlimit \ $opts_create \ "($help -): :__docker_images" \ "($help -):command: _command_names -e" \ @@ -327,6 +417,51 @@ __docker_subcommand() { esac ;; + (daemon) + _arguments \ + $opts_help \ + "($help)--api-cors-header=-[Set CORS headers in the remote API]:CORS headers: " \ + "($help -b --bridge)"{-b,--bridge=-}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ + "($help)--bip=-[Specify network bridge IP]" \ + "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ + "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ + "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ + "($help)*--dns=-[DNS server to use]:DNS: " \ + "($help)*--dns-search=-[DNS search domains to use]:DNS search: " \ + "($help)*--dns-opt=-[DNS options to use]:DNS option: " \ + "($help)*--default-ulimit=-[Set default ulimit settings for containers]:ulimit: " \ + "($help -e --exec-driver)"{-e,--exec-driver=-}"[Exec driver to use]:driver:(native lxc windows)" \ + "($help)*--exec-opt=-[Set exec driver options]:exec driver options: " \ + "($help)--exec-root=-[Root of the Docker execdriver]:path:_directories" \ + "($help)--fixed-cidr=-[IPv4 subnet for fixed IPs]:IPv4 subnet: " \ + "($help)--fixed-cidr-v6=-[IPv6 subnet for fixed IPs]:IPv6 subnet: " \ + "($help -G --group)"{-G,--group=-}"[Group for the unix socket]:group:_groups" \ + "($help -g --graph)"{-g,--graph=-}"[Root of the Docker runtime]:path:_directories" \ + "($help -H --host)"{-H,--host=-}"[tcp://host:port to bind/connect to]:host: " \ + "($help)--icc[Enable inter-container communication]" \ + "($help)*--insecure-registry=-[Enable insecure registry communication]:registry: " \ + "($help)--ip=-[Default IP when binding container ports]" \ + "($help)--ip-forward[Enable net.ipv4.ip_forward]" \ + "($help)--ip-masq[Enable IP masquerading]" \ + "($help)--iptables[Enable addition of iptables rules]" \ + "($help)--ipv6[Enable IPv6 networking]" \ + "($help -l --log-level)"{-l,--log-level=-}"[Set the logging level]:level:(debug info warn error fatal)" \ + "($help)*--label=-[Set key=value labels to the daemon]:label: " \ + "($help)--log-driver=-[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs none)" \ + "($help)*--log-opt=-[Log driver specific options]:log driver options: " \ + "($help)--mtu=-[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ + "($help -p --pidfile)"{-p,--pidfile=-}"[Path to use for daemon PID file]:PID file:_files" \ + "($help)*--registry-mirror=-[Preferred Docker registry mirror]:registry mirror: " \ + "($help -s --storage-driver)"{-s,--storage-driver=-}"[Storage driver to use]:driver:(aufs devicemapper btrfs zfs overlay)" \ + "($help)--selinux-enabled[Enable selinux support]" \ + "($help)*--storage-opt=-[Set storage driver options]:storage driver options: " \ + "($help)--tls[Use TLS]" \ + "($help)--tlscacert=-[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \ + "($help)--tlscert=-[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \ + "($help)--tlskey=-[Path to TLS key file]:Key file:_files -g "*.(pem|key)"" \ + "($help)--tlsverify[Use TLS and verify the remote]" \ + "($help)--userland-proxy[Use userland proxy for loopback traffic]" && ret=0 + ;; (diff) _arguments \ $opts_help \ @@ -345,6 +480,7 @@ __docker_subcommand() { $opts_help \ "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \ + "($help)--privileged[Give extended Linux capabilities to the command]" \ "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" \ "($help -u --user)"{-u,--user=-}"[Username or UID]:user:_users" \ "($help -):containers:__docker_runningcontainers" \ @@ -394,11 +530,24 @@ __docker_subcommand() { $opts_help && ret=0 ;; (inspect) + local state _arguments \ $opts_help \ "($help -f --format=-)"{-f,--format=-}"[Format the output using the given go template]:template: " \ "($help)--type=-[Return JSON for specified type]:type:(image container)" \ - "($help -)*:containers:__docker_containers" && ret=0 + "($help -)*: :->values" && ret=0 + + case $state in + (values) + if [[ ${words[(r)--type=container]} == --type=container ]]; then + __docker_containers && ret=0 + elif [[ ${words[(r)--type=image]} == --type=image ]]; then + __docker_images && ret=0 + else + __docker_images && __docker_containers && ret=0 + fi + ;; + esac ;; (kill) _arguments \ @@ -450,6 +599,7 @@ __docker_subcommand() { "($help -a --all)"{-a,--all}"[Show all containers]" \ "($help)--before=-[Show only container created before...]:containers:__docker_containers" \ "($help)*"{-f,--filter=-}"[Filter values]:filter: " \ + "($help)--format[Pretty-print containers using a Go template]:format: " \ "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ "($help)-n[Show n last created containers, include non-running one]:n:(1 5 10 25 50)" \ "($help)--no-trunc[Do not truncate output]" \ @@ -498,12 +648,12 @@ __docker_subcommand() { (run) _arguments \ $opts_help \ - $opts_cpumem \ + $opts_cpumemlimit \ $opts_create \ "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ "($help)--rm[Remove intermediate containers when it exits]" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ - "($help)--stop-signal[Signal to kill a container]" \ + "($help)--stop-signal=-[Signal to kill a container]:signal:_signals" \ "($help -): :__docker_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 @@ -564,6 +714,23 @@ __docker_subcommand() { ;; esac + ;; + (volume) + local curcontext="$curcontext" state + _arguments \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_volume_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-$words[-1]: + __docker_volume_subcommand && ret=0 + ;; + esac ;; (wait) _arguments \ @@ -592,42 +759,10 @@ _docker() { _arguments -C \ "(: -)"{-h,--help}"[Print usage]" \ - "($help)--api-cors-header=-[Set CORS headers in the remote API]:CORS headers: " \ - "($help -b --bridge)"{-b,--bridge=-}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ - "($help)--bip=-[Specify network bridge IP]" \ + "($help)--config[Location of client config files]:path:_directories" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ - "($help -d --daeamon)"{-d,--daemon}"[Enable daemon mode]" \ - "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ - "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ - "($help)*--dns=-[DNS server to use]:DNS: " \ - "($help)*--dns-search=-[DNS search domains to use]:DNS search: " \ - "($help)*--dns-opt=-[DNS options to use]:DNS option: " \ - "($help)*--default-ulimit=-[Set default ulimit settings for containers]:ulimit: " \ - "($help -e --exec-driver)"{-e,--exec-driver=-}"[Exec driver to use]:driver:(native lxc windows)" \ - "($help)*--exec-opt=-[Set exec driver options]:exec driver options: " \ - "($help)--exec-root=-[Root of the Docker execdriver]:path:_directories" \ - "($help)--fixed-cidr=-[IPv4 subnet for fixed IPs]:IPv4 subnet: " \ - "($help)--fixed-cidr-v6=-[IPv6 subnet for fixed IPs]:IPv6 subnet: " \ - "($help -G --group)"{-G,--group=-}"[Group for the unix socket]:group:_groups" \ - "($help -g --graph)"{-g,--graph=-}"[Root of the Docker runtime]:path:_directories" \ "($help -H --host)"{-H,--host=-}"[tcp://host:port to bind/connect to]:host: " \ - "($help)--icc[Enable inter-container communication]" \ - "($help)*--insecure-registry=-[Enable insecure registry communication]:registry: " \ - "($help)--ip=-[Default IP when binding container ports]" \ - "($help)--ip-forward[Enable net.ipv4.ip_forward]" \ - "($help)--ip-masq[Enable IP masquerading]" \ - "($help)--iptables[Enable addition of iptables rules]" \ - "($help)--ipv6[Enable IPv6 networking]" \ "($help -l --log-level)"{-l,--log-level=-}"[Set the logging level]:level:(debug info warn error fatal)" \ - "($help)*--label=-[Set key=value labels to the daemon]:label: " \ - "($help)--log-driver=-[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs none)" \ - "($help)*--log-opt=-[Log driver specific options]:log driver options: " \ - "($help)--mtu=-[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ - "($help -p --pidfile)"{-p,--pidfile=-}"[Path to use for daemon PID file]:PID file:_files" \ - "($help)*--registry-mirror=-[Preferred Docker registry mirror]:registry mirror: " \ - "($help -s --storage-driver)"{-s,--storage-driver=-}"[Storage driver to use]:driver:(aufs devicemapper btrfs zfs overlay)" \ - "($help)--selinux-enabled[Enable selinux support]" \ - "($help)*--storage-opt=-[Set storage driver options]:storage driver options: " \ "($help)--tls[Use TLS]" \ "($help)--tlscacert=-[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \ "($help)--tlscert=-[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \ @@ -639,7 +774,8 @@ _docker() { "($help -)*:: :->option-or-argument" && ret=0 local host=${opt_args[-H]}${opt_args[--host]} - local docker_options=${host:+--host $host} + local config=${opt_args[--config]} + local docker_options="${host:+--host $host} ${config:+--config $config}" case $state in (command) From 9ec9856889263a19810bcc2fb55807aac833960e Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Sun, 20 Sep 2015 18:02:28 +0800 Subject: [PATCH 0875/2538] Docs: correct the description of docker cp Signed-off-by: Lei Jitang --- contrib/completion/fish/docker.fish | 2 +- man/docker.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 798f1ec3b4..cedd51a210 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -109,7 +109,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -s p -l pause - complete -c docker -A -f -n '__fish_seen_subcommand_from commit' -a '(__fish_print_docker_containers all)' -d "Container" # cp -complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders from a container's filesystem to the host path" +complete -c docker -f -n '__fish_docker_no_subcommand' -a cp -d "Copy files/folders between a container and the local filesystem" complete -c docker -A -f -n '__fish_seen_subcommand_from cp' -l help -d 'Print usage' # create diff --git a/man/docker.1.md b/man/docker.1.md index bee12512aa..ddcfab858b 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -184,7 +184,7 @@ unix://[/path/to/socket] to use. See **docker-commit(1)** for full documentation on the **commit** command. **cp** - Copy files/folders from a container's filesystem to the host + Copy files/folders between a container and the local filesystem See **docker-cp(1)** for full documentation on the **cp** command. **create** From b112dcfed4c979cd3b002066066feb16eb3e7639 Mon Sep 17 00:00:00 2001 From: Morgan Bauer Date: Wed, 23 Sep 2015 17:38:09 -0700 Subject: [PATCH 0876/2538] fix typo in man page - resolve #16536 Signed-off-by: Morgan Bauer --- man/docker-build.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 06cdefff1e..fcf2c633cd 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -56,7 +56,7 @@ cloned locally and then sent as the context. name and value of a **buildarg**. For example, if you want to pass a value for `http_proxy`, use - `--bulid-arg=http_proxy="http://some.proxy.url"` + `--build-arg=http_proxy="http://some.proxy.url"` Users pass these values at build-time. Docker uses the `buildargs` as the environment context for command(s) run via the Dockerfile's `RUN` instruction From 1ba09d5d083acd358cb76bc96353fe22d2a688ee Mon Sep 17 00:00:00 2001 From: Hu Keping Date: Sat, 19 Sep 2015 10:36:10 +0800 Subject: [PATCH 0877/2538] Format output of docker info Format those info which will only be displayed when daemon is in debug mode. Signed-off-by: Hu Keping --- docs/reference/commandline/info.md | 35 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index b156696d75..129c2ee6de 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -26,25 +26,26 @@ For example: Root Dir: /var/lib/docker/aufs Backing Filesystem: extfs Dirs: 545 + Dirperm1 Supported: true Execution Driver: native-0.2 Logging Driver: json-file - Kernel Version: 3.13.0-24-generic - Operating System: Ubuntu 14.04 LTS - CPUs: 1 - Name: prod-server-42 - ID: 7TRN:IPZB:QYBB:VPBQ:UMPP:KARE:6ZNR:XE6T:7EWV:PKF4:ZOJD:TPYS - Total Memory: 2 GiB - Debug mode (server): false - Debug mode (client): true - File Descriptors: 10 - Goroutines: 9 - System Time: Tue Mar 10 18:38:57 UTC 2015 - EventsListeners: 0 - Init Path: /usr/bin/docker - Docker Root Dir: /var/lib/docker - Http Proxy: http://test:test@localhost:8080 - Https Proxy: https://test:test@localhost:8080 - No Proxy: 9.81.1.160 + Kernel Version: 3.19.0-22-generic + Operating System: Ubuntu 15.04 + CPUs: 24 + Total Memory: 62.86 GiB + Name: docker + ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S + Debug mode (server): true + File Descriptors: 59 + Goroutines: 159 + System Time: 2015-09-23T14:04:20.699842089+08:00 + EventsListeners: 0 + Init SHA1: + Init Path: /usr/bin/docker + Docker Root Dir: /var/lib/docker + Http Proxy: http://test:test@localhost:8080 + Https Proxy: https://test:test@localhost:8080 + WARNING: No swap limit support Username: svendowideit Registry: [https://index.docker.io/v1/] Labels: From d5b1d055b8922e4d55b7a1afa4c0fe08b143f332 Mon Sep 17 00:00:00 2001 From: qhuang Date: Wed, 23 Sep 2015 14:02:45 +0800 Subject: [PATCH 0878/2538] Add support for memory reservation Signed-off-by: qhuang --- contrib/completion/bash/docker | 1 + docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 1 + docs/reference/run.md | 38 ++++++++++++++++++++++++++++ man/docker-create.1.md | 10 ++++++++ man/docker-run.1.md | 10 ++++++++ 6 files changed, 61 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c04326036a..6055ede511 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1151,6 +1151,7 @@ _docker_run() { --memory -m --memory-swap --memory-swappiness + --memory-reservation --name --net --pid diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index ba8b33a387..34ae6dfef7 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -50,6 +50,7 @@ Creates a new container. --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) + --memory-reservation="" Memory soft limit --memory-swap="" Total memory (memory + swap), '-1' to disable swap --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --name="" Assign a name to the container diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 313f61558b..766ca205dc 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -50,6 +50,7 @@ weight=1 --lxc-conf=[] Add custom lxc options -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) + --memory-reservation="" Memory soft limit --memory-swap="" Total memory (memory + swap), '-1' to disable swap --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --name="" Assign a name to the container diff --git a/docs/reference/run.md b/docs/reference/run.md index 6e109341f2..46dec11115 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -544,6 +544,7 @@ container: |----------------------------|---------------------------------------------------------------------------------------------| | `-m`, `--memory="" ` | Memory limit (format: `[]`, where unit = b, k, m or g) | | `--memory-swap=""` | Total memory limit (memory + swap, format: `[]`, where unit = b, k, m or g) | +| `--memory-reservation=""` | Memory soft limit (format: `[]`, where unit = b, k, m or g) | | `--kernel-memory=""` | Kernel memory limit (format: `[]`, where unit = b, k, m or g) | | `-c`, `--cpu-shares=0` | CPU shares (relative weight) | | `--cpu-period=0` | Limit the CPU CFS (Completely Fair Scheduler) period | @@ -629,6 +630,43 @@ would be 2*300M, so processes can use 300M swap memory as well. We set both memory and swap memory, so the processes in the container can use 300M memory and 700M swap memory. +Memory reservation is a kind of memory soft limit that allows for greater +sharing of memory. Under normal circumstances, containers can use as much of +the memory as needed and are constrained only by the hard limits set with the +`-m`/`--memory` option. When memory reservation is set, Docker detects memory +contention or low memory and forces containers to restrict their consumption to +a reservation limit. + +Always set the memory reservation value below the hard limit, otherwise the hard +limit takes precedence. A reservation of 0 is the same as setting no +reservation. By default (without reservation set), memory reservation is the +same as the hard memory limit. + +Memory reservation is a soft-limit feature and does not guarantee the limit +won't be exceeded. Instead, the feature attempts to ensure that, when memory is +heavily contended for, memory is allocated based on the reservation hints/setup. + +The following example limits the memory (`-m`) to 500M and sets the memory +reservation to 200M. + +```bash +$ docker run -ti -m 500M --memory-reservation 200M ubuntu:14.04 /bin/bash +``` + +Under this configuration, when the container consumes memory more than 200M and +less than 500M, the next system memory reclaim attempts to shrink container +memory below 200M. + +The following example set memory reservation to 1G without a hard memory limit. + +```bash +$ docker run -ti --memory-reservation 1G ubuntu:14.04 /bin/bash +``` + +The container can use as much memory as it needs. The memory reservation setting +ensures the container doesn't consume too much memory for long time, because +every memory reclaim shrinks the container's consumption to the reservation. + By default, kernel kills processes in a container if an out-of-memory (OOM) error occurs. To change this behaviour, use the `--oom-kill-disable` option. Only disable the OOM killer on containers where you have also set the diff --git a/man/docker-create.1.md b/man/docker-create.1.md index e82ac3381c..e845befe97 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -40,6 +40,7 @@ docker-create - Create a new container [**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] +[**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*MEMORY-SWAP*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] @@ -196,6 +197,15 @@ system's page size (the value would be very large, that's millions of trillions) **--mac-address**="" Container MAC address (e.g. 92:d0:c6:0a:29:33) +**--memory-reservation**="" + Memory soft limit (format: [], where unit = b, k, m or g) + + After setting memory reservation, when the system detects memory contention +or low memory, containers are forced to restrict their consumption to their +reservation. So you should always set the value below **--memory**, otherwise the +hard limit will take precedence. By default, memory reservation will be the same +as memory limit. + **--memory-swap**="" Total memory limit (memory + swap) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index ebb65d71c7..960ac9f27d 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -41,6 +41,7 @@ docker-run - Run a command in a new container [**--lxc-conf**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] +[**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*MEMORY-SWAP*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] @@ -290,6 +291,15 @@ RAM. If a limit of 0 is specified (not using **-m**), the container's memory is not limited. The actual limit may be rounded up to a multiple of the operating system's page size (the value would be very large, that's millions of trillions). +**--memory-reservation**="" + Memory soft limit (format: [], where unit = b, k, m or g) + + After setting memory reservation, when the system detects memory contention +or low memory, containers are forced to restrict their consumption to their +reservation. So you should always set the value below **--memory**, otherwise the +hard limit will take precedence. By default, memory reservation will be the same +as memory limit. + **--memory-swap**="" Total memory limit (memory + swap) From 2e8a8547d95d7fa3563cf373235618ce77e52d37 Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Thu, 17 Sep 2015 10:07:22 -0400 Subject: [PATCH 0879/2538] man page for docker daemon command Signed-off-by: Shishir Mahajan --- man/docker-daemon.8.md | 400 +++++++++++++++++++++++++++++++++++++++++ man/docker.1.md | 316 +------------------------------- 2 files changed, 407 insertions(+), 309 deletions(-) create mode 100644 man/docker-daemon.8.md diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md new file mode 100644 index 0000000000..63c43c36a4 --- /dev/null +++ b/man/docker-daemon.8.md @@ -0,0 +1,400 @@ +% DOCKER(1) Docker User Manuals + +% Shishir Mahajan + +% SEPTEMBER 2015 + +# NAME +docker-daemon - Enable daemon mode + +# SYNOPSIS +**docker daemon** +[**--api-cors-header**=[=*API-CORS-HEADER*]] +[**-b**|**--bridge**[=*BRIDGE*]] +[**--bip**[=*BIP*]] +[**-D**|**--debug**[=*false*]] +[**--default-gateway**[=*DEFAULT-GATEWAY*]] +[**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] +[**--default-ulimit**[=*[]*]] +[**--dns**[=*[]*]] +[**--dns-search**[=*[]*]] +[**-e**|**--exec-driver**[=*native*]] +[**--exec-opt**[=*[]*]] +[**--exec-root**[=*/var/run/docker*]] +[**--fixed-cidr**[=*FIXED-CIDR*]] +[**--fixed-cidr-v6**[=*FIXED-CIDR-V6*]] +[**-G**|**--group**[=*docker*]] +[**-g**|**--graph**[=*/var/lib/docker*]] +[**-H**|**--host**[=*[]*]] +[**--help**] +[**--icc**[=*true*]] +[**--insecure-registry**[=*[]*]] +[**--ip**[=*0.0.0.0*]] +[**--ip-forward**[=*true*]] +[**--ip-masq**[=*true*]] +[**--iptables**[=*true*]] +[**--ipv6**[=*false*]] +[**-l**|**--log-level**[=*info*]] +[**--label**[=*[]*]] +[**--log-driver**[=*json-file*]] +[**--log-opt**[=*map[]*]] +[**--mtu**[=*0*]] +[**-p**|**--pidfile**[=*/var/run/docker.pid*]] +[**--registry-mirror**[=*[]*]] +[**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] +[**--selinux-enabled**[=*false*]] +[**--storage-opt**[=*[]*]] +[**--tls**[=*false*]] +[**--tlscacert**[=*~/.docker/ca.pem*]] +[**--tlscert**[=*~/.docker/cert.pem*]] +[**--tlskey**[=*~/.docker/key.pem*]] +[**--tlsverify**[=*false*]] +[**--userland-proxy**[=*true*]] + +# DESCRIPTION +**docker** has two distinct functions. It is used for starting the Docker +daemon and to run the CLI (i.e., to command the daemon to manage images, +containers etc.) So **docker** is both a server, as a daemon, and a client +to the daemon, through the CLI. + +To run the Docker daemon you can specify **docker daemon**. +You can check the daemon options using **docker daemon --help**. +Daemon options should be specified after the **daemon** keyword in the following +format. + +**docker daemon [OPTIONS]** + +# OPTIONS + +**--api-cors-header**="" + Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. + +**-b**, **--bridge**="" + Attach containers to a pre\-existing network bridge; use 'none' to disable container networking + +**--bip**="" + Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b + +**-D**, **--debug**=*true*|*false* + Enable debug mode. Default is false. + +**--default-gateway**="" + IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) + +**--default-gateway-v6**="" + IPv6 address of the container default gateway + +**--default-ulimit**=[] + Set default ulimits for containers. + +**--dns**="" + Force Docker to use specific DNS servers + +**--dns-search**=[] + DNS search domains to use. + +**-e**, **--exec-driver**="" + Force Docker to use specific exec driver. Default is `native`. + +**--exec-opt**=[] + Set exec driver options. See EXEC DRIVER OPTIONS. + +**--exec-root**="" + Path to use as the root of the Docker exec driver. Default is `/var/run/docker`. + +**--fixed-cidr**="" + IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) + +**--fixed-cidr-v6**="" + IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) + +**-G**, **--group**="" + Group to assign the unix socket specified by -H when running in daemon mode. + use '' (the empty string) to disable setting of a group. Default is `docker`. + +**-g**, **--graph**="" + Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. + +**-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or +unix://[/path/to/socket] to use. + The socket(s) to bind to in daemon mode specified using one or more + tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. + +**--help** + Print usage statement + +**--icc**=*true*|*false* + Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true. + +**--insecure-registry**=[] + Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. + + List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. + + Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. + +**--ip**="" + Default IP address to use when binding container ports. Default is `0.0.0.0`. + +**--ip-forward**=*true*|*false* + Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. + + This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". + +**--ip-masq**=*true*|*false* + Enable IP masquerading for bridge's IP range. Default is true. + +**--iptables**=*true*|*false* + Enable Docker's addition of iptables rules. Default is true. + +**--ipv6**=*true*|*false* + Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". + +**-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" + Set the logging level. Default is `info`. + +**--label**="[]" + Set key=value labels to the daemon (displayed in `docker info`) + +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" + Default driver for container logs. Default is `json-file`. + **Warning**: `docker logs` command works only for `json-file` logging driver. + +**--log-opt**=[] + Logging driver specific options. + +**--mtu**=VALUE + Set the containers network mtu. Default is `0`. + +**-p**, **--pidfile**="" + Path to use for daemon PID file. Default is `/var/run/docker.pid` + +**--registry-mirror**=:// + Prepend a registry mirror to be used for image pulls. May be specified multiple times. + +**-s**, **--storage-driver**="" + Force the Docker runtime to use a specific storage driver. + +**--selinux-enabled**=*true*|*false* + Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. + +**--storage-opt**=[] + Set storage driver options. See STORAGE DRIVER OPTIONS. + +**--tls**=*true*|*false* + Use TLS; implied by --tlsverify. Default is false. + +**--tlscacert**=~/.docker/ca.pem + Trust certs signed only by this CA. + +**--tlscert**=~/.docker/cert.pem + Path to TLS certificate file. + +**--tlskey**=~/.docker/key.pem + Path to TLS key file. + +**--tlsverify**=*true*|*false* + Use TLS and verify the remote (daemon: verify client, client: verify daemon). + Default is false. + +**--userland-proxy**=*true*|*false* + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + +# STORAGE DRIVER OPTIONS + +Docker uses storage backends (known as "graphdrivers" in the Docker +internals) to create writable containers from images. Many of these +backends use operating system level technologies and can be +configured. + +Specify options to the storage backend with **--storage-opt** flags. The only +backend that currently takes options is *devicemapper*. Therefore use these +flags with **-s=**devicemapper. + +Specifically for devicemapper, the default is a "loopback" model which +requires no pre-configuration, but is extremely inefficient. Do not +use it in production. + +To make the best use of Docker with the devicemapper backend, you must +have a recent version of LVM. Use `lvm` to create a thin pool; for +more information see `man lvmthin`. Then, use `--storage-opt +dm.thinpooldev` to tell the Docker engine to use that pool for +allocating images and container snapshots. + +Here is the list of *devicemapper* options: + +#### dm.thinpooldev + +Specifies a custom block storage device to use for the thin pool. + +If using a block device for device mapper storage, it is best to use +`lvm` to create and manage the thin-pool volume. This volume is then +handed to Docker to create snapshot volumes needed for images and +containers. + +Managing the thin-pool outside of Docker makes for the most feature-rich method +of having Docker utilize device mapper thin provisioning as the backing storage +for Docker's containers. The highlights of the LVM-based thin-pool management +feature include: automatic or interactive thin-pool resize support, dynamically +changing thin-pool features, automatic thinp metadata checking when lvm activates +the thin-pool, etc. + +Example use: `docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` + +#### dm.basesize + +Specifies the size to use when creating the base device, which limits +the size of images and containers. The default value is 100G. Note, +thin devices are inherently "sparse", so a 100G device which is mostly +empty doesn't use 100 GB of space on the pool. However, the filesystem +will use more space for base images the larger the device +is. + +This value affects the system-wide "base" empty filesystem that may already +be initialized and inherited by pulled images. Typically, a change to this +value requires additional steps to take effect: + + $ sudo service docker stop + $ sudo rm -rf /var/lib/docker + $ sudo service docker start + +Example use: `docker daemon --storage-opt dm.basesize=20G` + +#### dm.fs + +Specifies the filesystem type to use for the base device. The +supported options are `ext4` and `xfs`. The default is `ext4`. + +Example use: `docker daemon --storage-opt dm.fs=xfs` + +#### dm.mkfsarg + +Specifies extra mkfs arguments to be used when creating the base device. + +Example use: `docker daemon --storage-opt "dm.mkfsarg=-O ^has_journal"` + +#### dm.mountopt + +Specifies extra mount options used when mounting the thin devices. + +Example use: `docker daemon --storage-opt dm.mountopt=nodiscard` + +#### dm.use_deferred_removal + +Enables use of deferred device removal if `libdm` and the kernel driver +support the mechanism. + +Deferred device removal means that if device is busy when devices are +being removed/deactivated, then a deferred removal is scheduled on +device. And devices automatically go away when last user of the device +exits. + +For example, when a container exits, its associated thin device is removed. If +that device has leaked into some other mount namespace and can't be removed, +the container exit still succeeds and this option causes the system to schedule +the device for deferred removal. It does not wait in a loop trying to remove a busy +device. + +Example use: `docker daemon --storage-opt dm.use_deferred_removal=true` + +#### dm.loopdatasize + +**Note**: This option configures devicemapper loopback, which should not be used in production. + +Specifies the size to use when creating the loopback file for the +"data" device which is used for the thin pool. The default size is +100G. The file is sparse, so it will not initially take up +this much space. + +Example use: `docker daemon --storage-opt dm.loopdatasize=200G` + +#### dm.loopmetadatasize + +**Note**: This option configures devicemapper loopback, which should not be used in production. + +Specifies the size to use when creating the loopback file for the +"metadata" device which is used for the thin pool. The default size +is 2G. The file is sparse, so it will not initially take up +this much space. + +Example use: `docker daemon --storage-opt dm.loopmetadatasize=4G` + +#### dm.datadev + +(Deprecated, use `dm.thinpooldev`) + +Specifies a custom blockdevice to use for data for a +Docker-managed thin pool. It is better to use `dm.thinpooldev` - see +the documentation for it above for discussion of the advantages. + +#### dm.metadatadev + +(Deprecated, use `dm.thinpooldev`) + +Specifies a custom blockdevice to use for metadata for a +Docker-managed thin pool. See `dm.datadev` for why this is +deprecated. + +#### dm.blocksize + +Specifies a custom blocksize to use for the thin pool. The default +blocksize is 64K. + +Example use: `docker daemon --storage-opt dm.blocksize=512K` + +#### dm.blkdiscard + +Enables or disables the use of `blkdiscard` when removing devicemapper +devices. This is disabled by default due to the additional latency, +but as a special case with loopback devices it will be enabled, in +order to re-sparsify the loopback file on image/container removal. + +Disabling this on loopback can lead to *much* faster container removal +times, but it also prevents the space used in `/var/lib/docker` directory +from being returned to the system for other use when containers are +removed. + +Example use: `docker daemon --storage-opt dm.blkdiscard=false` + +#### dm.override_udev_sync_check + +By default, the devicemapper backend attempts to synchronize with the +`udev` device manager for the Linux kernel. This option allows +disabling that synchronization, to continue even though the +configuration may be buggy. + +To view the `udev` sync support of a Docker daemon that is using the +`devicemapper` driver, run: + + $ docker info + [...] + Udev Sync Supported: true + [...] + +When `udev` sync support is `true`, then `devicemapper` and `udev` can +coordinate the activation and deactivation of devices for containers. + +When `udev` sync support is `false`, a race condition occurs between +the `devicemapper` and `udev` during create and cleanup. The race +condition results in errors and failures. (For information on these +failures, see +[docker#4036](https://github.com/docker/docker/issues/4036)) + +To allow the `docker` daemon to start, regardless of whether `udev` sync is +`false`, set `dm.override_udev_sync_check` to true: + + $ docker daemon --storage-opt dm.override_udev_sync_check=true + +When this value is `true`, the driver continues and simply warns you +the errors are happening. + +**Note**: The ideal is to pursue a `docker` daemon and environment +that does support synchronizing with `udev`. For further discussion on +this topic, see +[docker#4036](https://github.com/docker/docker/issues/4036). +Otherwise, set this flag for migrating existing Docker daemons to a +daemon with a supported environment. + +# HISTORY +Sept 2015, Originally compiled by Shishir Mahajan +based on docker.com source material and internal work. diff --git a/man/docker.1.md b/man/docker.1.md index ddcfab858b..88c62e7eeb 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -7,15 +7,19 @@ docker \- Docker image and container command line interface # SYNOPSIS **docker** [OPTIONS] COMMAND [arg...] +**docker** daemon [ --help | ... ] + +**docker** [ --help | -v | --version ] + # DESCRIPTION **docker** has two distinct functions. It is used for starting the Docker daemon and to run the CLI (i.e., to command the daemon to manage images, containers etc.) So **docker** is both a server, as a daemon, and a client to the daemon, through the CLI. -To run the Docker daemon you do not specify any of the commands listed below but -must specify the **-d** option. The other options listed below are for the -daemon only. +To run the Docker daemon you can specify **docker daemon**. +You can view the daemon options using **docker daemon --help**. +To see the man page for the daemon, run **man docker daemon**. The Docker CLI has over 30 commands. The commands are listed below and each has its own man page which explain usage and arguments. @@ -26,128 +30,20 @@ To see the man page for a command run **man docker **. **--help** Print usage statement -**--api-cors-header**="" - Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. - -**-b**, **--bridge**="" - Attach containers to a pre\-existing network bridge; use 'none' to disable container networking - -**--bip**="" - Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b - **--config**="" Specifies the location of the Docker client configuration files. The default is '~/.docker'. **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. -**-d**, **--daemon**=*true*|*false* - Enable daemon mode. Default is false. - -**--default-gateway**="" - IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) - -**--default-gateway-v6**="" - IPv6 address of the container default gateway - -**--default-ulimit**=[] - Set default ulimits for containers. - -**--dns**="" - Force Docker to use specific DNS servers - -**--dns-opt**=[] - DNS options to use. - -**--dns-search**=[] - DNS search domains to use. - -**-e**, **--exec-driver**="" - Force Docker to use specific exec driver. Default is `native`. - -**--exec-opt**=[] - Set exec driver options. See EXEC DRIVER OPTIONS. - -**--exec-root**="" - Path to use as the root of the Docker exec driver. Default is `/var/run/docker`. - -**--fixed-cidr**="" - IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) - -**--fixed-cidr-v6**="" - IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) - -**-G**, **--group**="" - Group to assign the unix socket specified by -H when running in daemon mode. - use '' (the empty string) to disable setting of a group. Default is `docker`. - -**-g**, **--graph**="" - Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. - **-H**, **--host**=[unix:///var/run/docker.sock]: tcp://[host:port] to bind or unix://[/path/to/socket] to use. The socket(s) to bind to in daemon mode specified using one or more tcp://host:port, unix:///path/to/socket, fd://* or fd://socketfd. -**--icc**=*true*|*false* - Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using **--link** option (see **docker-run(1)**). Default is true. - -**--insecure-registry**=[] - Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. - - List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. - - Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. - -**--ip**="" - Default IP address to use when binding container ports. Default is `0.0.0.0`. - -**--ip-forward**=*true*|*false* - Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. - - This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". - -**--ip-masq**=*true*|*false* - Enable IP masquerading for bridge's IP range. Default is true. - -**--iptables**=*true*|*false* - Enable Docker's addition of iptables rules. Default is true. - -**--ipv6**=*true*|*false* - Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". - **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*"" Set the logging level. Default is `info`. -**--label**="[]" - Set key=value labels to the daemon (displayed in `docker info`) - -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" - Default driver for container logs. Default is `json-file`. - **Warning**: the `docker logs` command works only for the `json-file` and - `journald` logging drivers. - -**--log-opt**=[] - Logging driver specific options. - -**--mtu**=VALUE - Set the containers network mtu. Default is `0`. - -**-p**, **--pidfile**="" - Path to use for daemon PID file. Default is `/var/run/docker.pid` - -**--registry-mirror**=:// - Prepend a registry mirror to be used for image pulls. May be specified multiple times. - -**-s**, **--storage-driver**="" - Force the Docker runtime to use a specific storage driver. - -**--selinux-enabled**=*true*|*false* - Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. - -**--storage-opt**=[] - Set storage driver options. See STORAGE DRIVER OPTIONS. - **--tls**=*true*|*false* Use TLS; implied by --tlsverify. Default is false. @@ -164,9 +60,6 @@ unix://[/path/to/socket] to use. Use TLS and verify the remote (daemon: verify client, client: verify daemon). Default is false. -**--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. - **-v**, **--version**=*true*|*false* Print version information and quit. Default is false. @@ -328,201 +221,6 @@ inside it) Block until a container stops, then print its exit code See **docker-wait(1)** for full documentation on the **wait** command. -# STORAGE DRIVER OPTIONS - -Docker uses storage backends (known as "graphdrivers" in the Docker -internals) to create writable containers from images. Many of these -backends use operating system level technologies and can be -configured. - -Specify options to the storage backend with **--storage-opt** flags. The only -backend that currently takes options is *devicemapper*. Therefore use these -flags with **-s=**devicemapper. - -Specifically for devicemapper, the default is a "loopback" model which -requires no pre-configuration, but is extremely inefficient. Do not -use it in production. - -To make the best use of Docker with the devicemapper backend, you must -have a recent version of LVM. Use `lvm` to create a thin pool; for -more information see `man lvmthin`. Then, use `--storage-opt -dm.thinpooldev` to tell the Docker engine to use that pool for -allocating images and container snapshots. - -Here is the list of *devicemapper* options: - -#### dm.thinpooldev - -Specifies a custom block storage device to use for the thin pool. - -If using a block device for device mapper storage, it is best to use -`lvm` to create and manage the thin-pool volume. This volume is then -handed to Docker to create snapshot volumes needed for images and -containers. - -Managing the thin-pool outside of Docker makes for the most feature-rich method -of having Docker utilize device mapper thin provisioning as the backing storage -for Docker's containers. The highlights of the LVM-based thin-pool management -feature include: automatic or interactive thin-pool resize support, dynamically -changing thin-pool features, automatic thinp metadata checking when lvm activates -the thin-pool, etc. - -Example use: `docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` - -#### dm.basesize - -Specifies the size to use when creating the base device, which limits -the size of images and containers. The default value is 100G. Note, -thin devices are inherently "sparse", so a 100G device which is mostly -empty doesn't use 100 GB of space on the pool. However, the filesystem -will use more space for base images the larger the device -is. - -This value affects the system-wide "base" empty filesystem that may already -be initialized and inherited by pulled images. Typically, a change to this -value requires additional steps to take effect: - - $ sudo service docker stop - $ sudo rm -rf /var/lib/docker - $ sudo service docker start - -Example use: `docker daemon --storage-opt dm.basesize=20G` - -#### dm.fs - -Specifies the filesystem type to use for the base device. The -supported options are `ext4` and `xfs`. The default is `ext4`. - -Example use: `docker daemon --storage-opt dm.fs=xfs` - -#### dm.mkfsarg - -Specifies extra mkfs arguments to be used when creating the base device. - -Example use: `docker daemon --storage-opt "dm.mkfsarg=-O ^has_journal"` - -#### dm.mountopt - -Specifies extra mount options used when mounting the thin devices. - -Example use: `docker daemon --storage-opt dm.mountopt=nodiscard` - -#### dm.use_deferred_removal - -Enables use of deferred device removal if `libdm` and the kernel driver -support the mechanism. - -Deferred device removal means that if device is busy when devices are -being removed/deactivated, then a deferred removal is scheduled on -device. And devices automatically go away when last user of the device -exits. - -For example, when a container exits, its associated thin device is removed. If -that device has leaked into some other mount namespace and can't be removed, -the container exit still succeeds and this option causes the system to schedule -the device for deferred removal. It does not wait in a loop trying to remove a busy -device. - -Example use: `docker daemon --storage-opt dm.use_deferred_removal=true` - -#### dm.loopdatasize - -**Note**: This option configures devicemapper loopback, which should not be used in production. - -Specifies the size to use when creating the loopback file for the -"data" device which is used for the thin pool. The default size is -100G. The file is sparse, so it will not initially take up -this much space. - -Example use: `docker daemon --storage-opt dm.loopdatasize=200G` - -#### dm.loopmetadatasize - -**Note**: This option configures devicemapper loopback, which should not be used in production. - -Specifies the size to use when creating the loopback file for the -"metadata" device which is used for the thin pool. The default size -is 2G. The file is sparse, so it will not initially take up -this much space. - -Example use: `docker daemon --storage-opt dm.loopmetadatasize=4G` - -#### dm.datadev - -(Deprecated, use `dm.thinpooldev`) - -Specifies a custom blockdevice to use for data for a -Docker-managed thin pool. It is better to use `dm.thinpooldev` - see -the documentation for it above for discussion of the advantages. - -#### dm.metadatadev - -(Deprecated, use `dm.thinpooldev`) - -Specifies a custom blockdevice to use for metadata for a -Docker-managed thin pool. See `dm.datadev` for why this is -deprecated. - -#### dm.blocksize - -Specifies a custom blocksize to use for the thin pool. The default -blocksize is 64K. - -Example use: `docker daemon --storage-opt dm.blocksize=512K` - -#### dm.blkdiscard - -Enables or disables the use of `blkdiscard` when removing devicemapper -devices. This is disabled by default due to the additional latency, -but as a special case with loopback devices it will be enabled, in -order to re-sparsify the loopback file on image/container removal. - -Disabling this on loopback can lead to *much* faster container removal -times, but it also prevents the space used in `/var/lib/docker` directory -from being returned to the system for other use when containers are -removed. - -Example use: `docker daemon --storage-opt dm.blkdiscard=false` - -#### dm.override_udev_sync_check - -By default, the devicemapper backend attempts to synchronize with the -`udev` device manager for the Linux kernel. This option allows -disabling that synchronization, to continue even though the -configuration may be buggy. - -To view the `udev` sync support of a Docker daemon that is using the -`devicemapper` driver, run: - - $ docker info - [...] - Udev Sync Supported: true - [...] - -When `udev` sync support is `true`, then `devicemapper` and `udev` can -coordinate the activation and deactivation of devices for containers. - -When `udev` sync support is `false`, a race condition occurs between -the `devicemapper` and `udev` during create and cleanup. The race -condition results in errors and failures. (For information on these -failures, see -[docker#4036](https://github.com/docker/docker/issues/4036)) - -To allow the `docker` daemon to start, regardless of whether `udev` sync is -`false`, set `dm.override_udev_sync_check` to true: - - $ docker daemon --storage-opt dm.override_udev_sync_check=true - -When this value is `true`, the driver continues and simply warns you -the errors are happening. - -**Note**: The ideal is to pursue a `docker` daemon and environment -that does support synchronizing with `udev`. For further discussion on -this topic, see -[docker#4036](https://github.com/docker/docker/issues/4036). -Otherwise, set this flag for migrating existing Docker daemons to a -daemon with a supported environment. - # EXEC DRIVER OPTIONS Use the **--exec-opt** flags to specify options to the exec-driver. The only From a8db81a89af92781e1ab210d8897af54c70b335b Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Wed, 16 Sep 2015 14:38:58 +0100 Subject: [PATCH 0880/2538] Add documentation note that LABEL allows environment replacement Signed-off-by: Tim Waugh --- docs/reference/builder.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index c519102052..29dd61aeeb 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -155,6 +155,7 @@ the `Dockerfile`: * `COPY` * `ENV` * `EXPOSE` +* `LABEL` * `USER` * `WORKDIR` * `VOLUME` From 0039e46e3ef2740fb3fe921bae976742f2d8ed93 Mon Sep 17 00:00:00 2001 From: Charles Chan Date: Sun, 6 Sep 2015 15:48:05 -0700 Subject: [PATCH 0881/2538] Touch up "Dockerfile reference" - add example for `docker build -f ...` - modifiy `FROM` explaination into bullet points - add/clarify examples for `LABEL` and `ADD` instructions - fix review comments (PR #16109) Signed-off-by: Charles Chan --- docs/reference/builder.md | 83 ++++++++++++++++++++++----------------- 1 file changed, 46 insertions(+), 37 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 29dd61aeeb..7c30511531 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -45,8 +45,8 @@ Dockerfile. >the build to transfer the entire contents of your hard drive to the Docker >daemon. -To use a file in the build context, the `Dockerfile` refers to the file with -an instruction, for example, a `COPY` instruction. To increase the build's +To use a file in the build context, the `Dockerfile` refers to the file specified +in an instruction, for example, a `COPY` instruction. To increase the build's performance, exclude files and directories by adding a `.dockerignore` file to the context directory. For information about how to [create a `.dockerignore` file](#dockerignore-file) see the documentation on this page. @@ -55,12 +55,15 @@ Traditionally, the `Dockerfile` is called `Dockerfile` and located in the root of the context. You use the `-f` flag with `docker build` to point to a Dockerfile anywhere in your file system. + $ docker build -f /path/to/a/Dockerfile . + You can specify a repository and tag at which to save the new image if the build succeeds: $ docker build -t shykes/myapp . -The Docker daemon will run your steps one-by-one, committing the result +The Docker daemon runs the instructions in the `Dockerfile` one-by-one, +committing the result of each instruction to a new image if necessary, before finally outputting the ID of your new image. The Docker daemon will automatically clean up the context you sent. @@ -69,10 +72,11 @@ Note that each instruction is run independently, and causes a new image to be created - so `RUN cd /tmp` will not have any effect on the next instructions. -Whenever possible, Docker will re-use the intermediate images, -accelerating `docker build` significantly (indicated by `Using cache` - -see the [`Dockerfile` Best Practices -guide](/articles/dockerfile_best-practices/#build-cache) for more information): +Whenever possible, Docker will re-use the intermediate images (cache), +to accelerate the `docker build` process significantly. This is indicated by +the `Using cache` message in the console output. +(For more information, see the [Build cache section](/articles/dockerfile_best-practices/#build-cache)) in the +`Dockerfile` best practices guide: $ docker build -t SvenDowideit/ambassador . Uploading context 10.24 kB @@ -97,7 +101,7 @@ Here is the format of the `Dockerfile`: # Comment INSTRUCTION arguments -The Instruction is not case-sensitive, however convention is for them to +The instruction is not case-sensitive, however convention is for them to be UPPERCASE in order to distinguish them from arguments more easily. Docker runs the instructions in a `Dockerfile` in order. **The @@ -216,7 +220,7 @@ This file causes the following build behavior: | `*/*/temp*` | Exclude files starting with name `temp` from any subdirectory that is two levels below the root directory. For example, the file `/somedir/subdir/temporary.txt` is ignored. | | `temp?` | Exclude the files that match the pattern in the root directory. For example, the files `tempa`, `tempb` in the root directory are ignored. | | `*.md ` | Exclude all markdown files in the root directory. | -| `!LICENSE.md` | Exception to the Markdown files exclusion is this file, `LICENSE.md`, Include this file in the build. | +| `!LICENSE.md` | Exception to the Markdown files exclusion. `LICENSE.md`is included in the build. | The placement of `!` exception rules influences the matching algorithm; the last line of the `.dockerignore` that matches a particular file determines @@ -261,13 +265,13 @@ its first instruction. The image can be any valid image – it is especially eas to start by **pulling an image** from the [*Public Repositories*]( /userguide/dockerrepos). -`FROM` must be the first non-comment instruction in the `Dockerfile`. +- `FROM` must be the first non-comment instruction in the `Dockerfile`. -`FROM` can appear multiple times within a single `Dockerfile` in order to create +- `FROM` can appear multiple times within a single `Dockerfile` in order to create multiple images. Simply make a note of the last image ID output by the commit before each new `FROM` command. -The `tag` or `digest` values are optional. If you omit either of them, the builder +- The `tag` or `digest` values are optional. If you omit either of them, the builder assumes a `latest` by default. The builder returns an error if it cannot match the `tag` value. @@ -282,7 +286,7 @@ generated images. RUN has 2 forms: -- `RUN ` (the command is run in a shell - `/bin/sh -c` - *shell* form) +- `RUN ` (*shell* form, the command is run in a shell - `/bin/sh -c`) - `RUN ["executable", "param1", "param2"]` (*exec* form) The `RUN` instruction will execute any commands in a new layer on top of the @@ -415,28 +419,31 @@ default specified in `CMD`. The `LABEL` instruction adds metadata to an image. A `LABEL` is a key-value pair. To include spaces within a `LABEL` value, use quotes and -backslashes as you would in command-line parsing. +backslashes as you would in command-line parsing. A few usage examples: LABEL "com.example.vendor"="ACME Incorporated" - -An image can have more than one label. To specify multiple labels, separate each -key-value pair with whitespace. - LABEL com.example.label-with-value="foo" LABEL version="1.0" LABEL description="This text illustrates \ that label-values can span multiple lines." -Docker recommends combining labels in a single `LABEL` instruction where +An image can have more than one label. To specify multiple labels, +Docker recommends combining labels into a single `LABEL` instruction where possible. Each `LABEL` instruction produces a new layer which can result in an -inefficient image if you use many labels. This example results in four image -layers. +inefficient image if you use many labels. This example results in a single image +layer. LABEL multi.label1="value1" multi.label2="value2" other="value3" + +The above can also be written as: + + LABEL multi.label1="value1" \ + multi.label2="value2" \ + other="value3" -Labels are additive including `LABEL`s in `FROM` images. As the system -encounters and then applies a new label, new `key`s override any previous labels -with identical keys. +Labels are additive including `LABEL`s in `FROM` images. If Docker +encounters a label/key that already exists, the new value overrides any previous +labels with identical keys. To view an image's labels, use the `docker inspect` command. @@ -497,14 +504,14 @@ and ENV myCat fluffy will yield the same net results in the final container, but the first form -does it all in one layer. +is preferred because it produces a single cache layer. The environment variables set using `ENV` will persist when a container is run from the resulting image. You can view the values using `docker inspect`, and change them using `docker run --env =`. > **Note**: -> Environment persistence can cause unexpected effects. For example, +> Environment persistence can cause unexpected side effects. For example, > setting `ENV DEBIAN_FRONTEND noninteractive` may confuse apt-get > users on a Debian-based image. To set a value for a single command, use > `RUN = `. @@ -525,16 +532,16 @@ directories then they must be relative to the source directory that is being built (the context of the build). Each `` may contain wildcards and matching will be done using Go's -[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. -For most command line uses this should act as expected, for example: +[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example: ADD hom* /mydir/ # adds all files starting with "hom" - ADD hom?.txt /mydir/ # ? is replaced with any single character + ADD hom?.txt /mydir/ # ? is replaced with any single character, e.g., "home.txt" The `` is an absolute path, or a path relative to `WORKDIR`, into which the source will be copied inside the destination container. - ADD test aDir/ # adds "test" to `WORKDIR`/aDir/ + ADD test relativeDir/ # adds "test" to `WORKDIR`/relativeDir/ + ADD test /absoluteDir # adds "test" to /absoluteDir All new files and directories are created with a UID and GID of 0. @@ -567,7 +574,7 @@ of whether or not the file has changed and the cache should be updated. guide](/articles/dockerfile_best-practices/#build-cache) for more information. -The copy obeys the following rules: +`ADD` obeys the following rules: - The `` path must be inside the *context* of the build; you cannot `ADD ../something /something`, because the first step of a @@ -586,6 +593,7 @@ The copy obeys the following rules: - If `` is a directory, the entire contents of the directory are copied, including filesystem metadata. + > **Note**: > The directory itself is not copied, just its contents. @@ -628,16 +636,16 @@ Multiple `` resource may be specified but they must be relative to the source directory that is being built (the context of the build). Each `` may contain wildcards and matching will be done using Go's -[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. -For most command line uses this should act as expected, for example: +[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. For example: COPY hom* /mydir/ # adds all files starting with "hom" - COPY hom?.txt /mydir/ # ? is replaced with any single character + COPY hom?.txt /mydir/ # ? is replaced with any single character, e.g., "home.txt" The `` is an absolute path, or a path relative to `WORKDIR`, into which the source will be copied inside the destination container. - COPY test aDir/ # adds "test" to `WORKDIR`/aDir/ + COPY test relativeDir/ # adds "test" to `WORKDIR`/relativeDir/ + COPY test /absoluteDir # adds "test" to /absoluteDir All new files and directories are created with a UID and GID of 0. @@ -645,7 +653,7 @@ All new files and directories are created with a UID and GID of 0. > If you build using STDIN (`docker build - < somefile`), there is no > build context, so `COPY` can't be used. -The copy obeys the following rules: +`COPY` obeys the following rules: - The `` path must be inside the *context* of the build; you cannot `COPY ../something /something`, because the first step of a @@ -654,6 +662,7 @@ The copy obeys the following rules: - If `` is a directory, the entire contents of the directory are copied, including filesystem metadata. + > **Note**: > The directory itself is not copied, just its contents. @@ -677,7 +686,7 @@ The copy obeys the following rules: ENTRYPOINT has two forms: - `ENTRYPOINT ["executable", "param1", "param2"]` - (the preferred *exec* form) + (*exec* form, preferred) - `ENTRYPOINT command param1 param2` (*shell* form) From f95e9f7c723f937c74b39380a899ed46576a91c9 Mon Sep 17 00:00:00 2001 From: Arnaud Porterie Date: Thu, 10 Sep 2015 16:12:00 -0700 Subject: [PATCH 0882/2538] Add builtin nodes discovery Use `pkg/discovery` to provide nodes discovery between daemon instances. The functionality is driven by two different command-line flags: the experimental `--cluster-store` (previously `--kv-store`) and `--cluster-advertise`. It can be used in two ways by interested components: 1. Externally by calling the `/info` API and examining the cluster store field. The `pkg/discovery` package can then be used to hit the same endpoint and watch for appearing or disappearing nodes. That is the method that will for example be used by Swarm. 2. Internally by using the `Daemon.discoveryWatcher` instance. That is the method that will for example be used by libnetwork. Signed-off-by: Arnaud Porterie --- docs/reference/commandline/daemon.md | 8 ++++++++ experimental/network_overlay.md | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 1fbfdcde7d..8b343373c1 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -22,6 +22,8 @@ weight=1 -D, --debug=false Enable debug mode --default-gateway="" Container default gateway IPv4 address --default-gateway-v6="" Container default gateway IPv6 address + --cluster-store="" URL of the distributed storage backend + --cluster-advertise="" Address of the daemon instance to advertise --dns=[] DNS server to use --dns-opt=[] DNS options to use --dns-search=[] DNS search domains to use @@ -484,6 +486,12 @@ Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linu set the maximum number of processes available to a user, not to a container. For details please check the [run](run.md) reference. +## Nodes discovery + +`--cluster-advertise` specifies the 'host:port' combination that this particular +daemon instance should use when advertising itself to the cluster. The daemon +should be reachable by remote hosts on this 'host:port' combination. + ## Miscellaneous options IP masquerading uses address translation to allow containers without a public diff --git a/experimental/network_overlay.md b/experimental/network_overlay.md index 9827d993b7..9270418cc7 100644 --- a/experimental/network_overlay.md +++ b/experimental/network_overlay.md @@ -5,10 +5,10 @@ Using the above experimental UI `docker network`, `docker service` and `--publis Since `network` and `service` objects are globally significant, this feature requires distributed states provided by the `libkv` project. Using `libkv`, the user can plug any of the supported Key-Value store (such as consul, etcd or zookeeper). -User can specify the Key-Value store of choice using the `--kv-store` daemon flag, which takes configuration value of format `PROVIDER:URL`, where +User can specify the Key-Value store of choice using the `--cluster-store` daemon flag, which takes configuration value of format `PROVIDER:URL`, where `PROVIDER` is the name of the Key-Value store (such as consul, etcd or zookeeper) and `URL` is the url to reach the Key-Value store. -Example : `docker daemon --kv-store=consul:localhost:8500` +Example : `docker daemon --cluster-store=consul://localhost:8500` Send us feedback and comments on [#14083](https://github.com/docker/docker/issues/14083) or on the usual Google Groups (docker-user, docker-dev) and IRC channels. From 841fc5d1555b7e54cfc8c712a9d7e36b6292ec3a Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Tue, 29 Sep 2015 12:31:51 -0400 Subject: [PATCH 0883/2538] Add dns-opt option to docker daemon man page Signed-off-by: Shishir Mahajan --- man/docker-daemon.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 63c43c36a4..3f1932d07d 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -17,6 +17,7 @@ docker-daemon - Enable daemon mode [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] [**--default-ulimit**[=*[]*]] [**--dns**[=*[]*]] +[**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] [**-e**|**--exec-driver**[=*native*]] [**--exec-opt**[=*[]*]] @@ -90,6 +91,9 @@ format. **--dns**="" Force Docker to use specific DNS servers +**--dns-opt**="" + DNS options to use. + **--dns-search**=[] DNS search domains to use. From 2f288fe89465092b2432109e3230e15b5977597a Mon Sep 17 00:00:00 2001 From: Richard Scothern Date: Fri, 25 Sep 2015 13:49:50 -0700 Subject: [PATCH 0884/2538] Command line, manpage and deprecation documentation. Signed-off-by: Richard Scothern --- docs/reference/commandline/daemon.md | 5 +++++ man/docker-daemon.8.md | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 8b343373c1..e3ed62ef42 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -49,6 +49,7 @@ weight=1 --log-driver="json-file" Default driver for container logs --log-opt=[] Log driver specific options --mtu=0 Set the containers network MTU + --no-legacy-registry=false Do not contact legacy registries -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --registry-mirror=[] Preferred Docker registry mirror -s, --storage-driver="" Storage driver to use @@ -457,6 +458,10 @@ because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of enabling `--insecure-registry`. +## Legacy Registries + +Enabling `--no-legacy-registry` forces a docker daemon to only interact with registries which support the V2 protocol. Specifically, the daemon will not attempt `push`, `pull` and `login` to v1 registries. The exception to this is `search` which can still be performed on v1 registries. + ## Running a Docker daemon behind a HTTPS_PROXY When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 3f1932d07d..20e5e5b370 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -40,6 +40,7 @@ docker-daemon - Enable daemon mode [**--log-driver**[=*json-file*]] [**--log-opt**[=*map[]*]] [**--mtu**[=*0*]] +[**--no-legacy-registry**[=*false*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] @@ -170,6 +171,9 @@ unix://[/path/to/socket] to use. **--mtu**=VALUE Set the containers network mtu. Default is `0`. +**--no-legacy-registry**=*true*|*false* + Do not contact legacy registries + **-p**, **--pidfile**="" Path to use for daemon PID file. Default is `/var/run/docker.pid` From 3fce5e1084312cdccae50604f48c4c605f6514f3 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 28 Sep 2015 11:23:23 +0200 Subject: [PATCH 0885/2538] bash completion for `docker daemon --cluster-*` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 6055ede511..2be852ddc1 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -534,6 +534,8 @@ _docker_daemon() { --api-cors-header --bip --bridge -b + --cluster-advertise + --cluster-store --default-gateway --default-gateway-v6 --default-ulimit @@ -560,6 +562,11 @@ _docker_daemon() { " case "$prev" in + --cluster-store) + COMPREPLY=( $( compgen -W "consul etcd zk" -S "://" -- "$cur" ) ) + __docker_nospace + return + ;; --exec-root|--graph|-g) _filedir -d return From 88ef8f31aae5fa90752e02e4b9ef89042763e0d0 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 28 Sep 2015 15:13:42 +0200 Subject: [PATCH 0886/2538] Add zsh completion for --cluster-store and --cluster-advertise options for docker daemon Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 7f48c47b22..4603aacbd4 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -426,6 +426,8 @@ __docker_subcommand() { "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ + "($help)--cluster-store=-[URL of the distributed storage backend]:Cluster Store:->cluser-store" \ + "($help)--cluster-advertise=-[Address of the daemon instance to advertise]:Instance to advertise (host\:port): " \ "($help)*--dns=-[DNS server to use]:DNS: " \ "($help)*--dns-search=-[DNS search domains to use]:DNS search: " \ "($help)*--dns-opt=-[DNS options to use]:DNS option: " \ @@ -461,6 +463,17 @@ __docker_subcommand() { "($help)--tlskey=-[Path to TLS key file]:Key file:_files -g "*.(pem|key)"" \ "($help)--tlsverify[Use TLS and verify the remote]" \ "($help)--userland-proxy[Use userland proxy for loopback traffic]" && ret=0 + + case $state in + (cluser-store) + if compset -P '*://'; then + _message 'host:port' && ret=0 + else + store=('consul' 'etcd' 'zk') + _describe -t cluster-store "Cluster Store" store -qS "://" && ret=0 + fi + ;; + esac ;; (diff) _arguments \ From a15bc5d01aec71b08ce1ddb145f8b2901756405d Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Fri, 2 Oct 2015 11:24:31 -0400 Subject: [PATCH 0887/2538] typo man/search Signed-off-by: Sally O'Malley --- man/docker-search.1.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/man/docker-search.1.md b/man/docker-search.1.md index 3eaefd068a..a199f80db7 100644 --- a/man/docker-search.1.md +++ b/man/docker-search.1.md @@ -30,8 +30,8 @@ of stars awarded, whether the image is official, and whether it is automated. **--no-trunc**=*true*|*false* Don't truncate output. The default is *false*. -**-s**, **--stars**=0 - Only displays with at least x stars +**-s**, **--stars**=X + Only displays with at least X stars. The default is zero. # EXAMPLES @@ -52,7 +52,7 @@ ranked 3 or higher: Search Docker Hub for the term 'fedora' and only display automated images ranked 1 or higher: - $ docker search -s 1 fedora + $ docker search --automated -s 1 fedora NAME DESCRIPTION STARS OFFICIAL AUTOMATED goldmann/wildfly A WildFly application server running on a ... 3 [OK] tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK] From f361ebdea6adccc72888f74c38ff60f966513593 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 30 Sep 2015 13:12:41 -0400 Subject: [PATCH 0888/2538] Documentation for filtering events by label Signed-off-by: Daniel Nephin --- docs/reference/commandline/events.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index f714621309..ad306943ff 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -48,9 +48,10 @@ container container 588a23dac085 *AND* the event type is *start* The currently supported filters are: -* container -* event -* image +* container (`container=`) +* event (`event=`) +* image (`image=`) +* label (`label=` or `label==`) ## Examples @@ -133,4 +134,3 @@ relative to the current time on the client machine: 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop - From 1b1a0a08358cfcf0d652bd8aad2f3ec3202d6a47 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 4 Oct 2015 06:49:42 -0700 Subject: [PATCH 0889/2538] Add bash completion for `--no-legacy-registry` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2be852ddc1..917a4f61d4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -526,6 +526,7 @@ _docker_daemon() { --ip-masq=false --iptables=false --ipv6 + --no-legacy-registry --selinux-enabled --userland-proxy=false " From cbd33a2b2725eabc1869b1478bc6f61df44deee9 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 3 Oct 2015 17:56:41 +0200 Subject: [PATCH 0890/2538] Fix man and commandline docs - missing help option in `docs/reference/commandline/*.md` (some files have it, the other I fixed didn't) - missing `[OPTIONS]` in Usage description - missing options - formatting - start/stop idempotence Signed-off-by: Antonio Murdaca --- contrib/completion/fish/docker.fish | 4 +- docs/reference/commandline/attach.md | 1 + docs/reference/commandline/build.md | 34 +++++++++-------- docs/reference/commandline/commit.md | 1 + docs/reference/commandline/cp.md | 8 ++-- docs/reference/commandline/create.md | 5 ++- docs/reference/commandline/diff.md | 4 +- docs/reference/commandline/events.md | 1 + docs/reference/commandline/exec.md | 1 + docs/reference/commandline/export.md | 24 ++++++------ docs/reference/commandline/history.md | 1 + docs/reference/commandline/import.md | 1 + docs/reference/commandline/info.md | 4 +- docs/reference/commandline/inspect.md | 8 ++-- docs/reference/commandline/kill.md | 1 + docs/reference/commandline/load.md | 1 + docs/reference/commandline/login.md | 1 + docs/reference/commandline/logout.md | 2 + docs/reference/commandline/logs.md | 1 + docs/reference/commandline/pause.md | 4 +- docs/reference/commandline/port.md | 4 +- docs/reference/commandline/ps.md | 3 +- docs/reference/commandline/pull.md | 1 + docs/reference/commandline/push.md | 5 ++- docs/reference/commandline/rename.md | 6 ++- docs/reference/commandline/restart.md | 1 + docs/reference/commandline/rm.md | 1 + docs/reference/commandline/rmi.md | 2 +- docs/reference/commandline/run.md | 6 +-- docs/reference/commandline/save.md | 1 + docs/reference/commandline/search.md | 1 + docs/reference/commandline/start.md | 3 +- docs/reference/commandline/stats.md | 2 +- docs/reference/commandline/stop.md | 5 ++- docs/reference/commandline/tag.md | 1 + docs/reference/commandline/top.md | 6 ++- docs/reference/commandline/unpause.md | 4 +- docs/reference/commandline/version.md | 1 + docs/reference/commandline/volume_create.md | 10 ++--- docs/reference/commandline/volume_inspect.md | 4 +- docs/reference/commandline/volume_ls.md | 6 +-- docs/reference/commandline/volume_rm.md | 2 +- docs/reference/commandline/wait.md | 6 ++- man/docker-build.1.md | 11 +++--- man/docker-commit.1.md | 2 +- man/docker-daemon.8.md | 5 +-- man/docker-ps.1.md | 39 ++++++++++---------- man/docker-start.1.md | 6 +-- man/docker-stop.1.md | 4 +- man/docker.1.md | 4 +- 50 files changed, 148 insertions(+), 111 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index cedd51a210..17d2a06d77 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -360,7 +360,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from search' -l no-trunc -d complete -c docker -A -f -n '__fish_seen_subcommand_from search' -s s -l stars -d 'Only displays with at least x stars' # start -complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a stopped container' +complete -c docker -f -n '__fish_docker_no_subcommand' -a start -d 'Start a container' complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s a -l attach -d "Attach container's STDOUT and STDERR and forward all signals to the process" complete -c docker -A -f -n '__fish_seen_subcommand_from start' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from start' -s i -l interactive -d "Attach container's STDIN" @@ -373,7 +373,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -l no-stream -d complete -c docker -A -f -n '__fish_seen_subcommand_from stats' -a '(__fish_print_docker_containers running)' -d "Container" # stop -complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a running container' +complete -c docker -f -n '__fish_docker_no_subcommand' -a stop -d 'Stop a container' complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -s t -l time -d 'Number of seconds to wait for the container to stop before killing it. Default is 10 seconds.' complete -c docker -A -f -n '__fish_seen_subcommand_from stop' -a '(__fish_print_docker_containers running)' -d "Container" diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 89cc3f25d7..1afce11a24 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -15,6 +15,7 @@ weight=1 Attach to a running container + --help=false Print usage --no-stdin=false Do not attach STDIN --sig-proxy=true Proxy all received signals to the process diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 8cb6b13107..c608c97c57 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -15,21 +15,25 @@ weight=1 Build a new image from the source code at PATH - -f, --file="" Name of the Dockerfile (Default is 'PATH/Dockerfile') - --force-rm=false Always remove intermediate containers - --build-arg=[] Set build-time variables - --no-cache=false Do not use cache when building the image - --pull=false Always attempt to pull a newer version of the image - -q, --quiet=false Suppress the verbose output generated by the containers - --rm=true Remove intermediate containers after a successful build - -t, --tag="" Repository name (and optionally a tag) for the image - -m, --memory="" Memory limit for all build containers - --memory-swap="" Total memory (memory + swap), `-1` to disable swap - -c, --cpu-shares CPU Shares (relative weight) - --cpuset-mems="" MEMs in which to allow execution, e.g. `0-3`, `0,1` - --cpuset-cpus="" CPUs in which to allow execution, e.g. `0-3`, `0,1` - --cgroup-parent="" Optional parent cgroup for the container - --ulimit=[] Ulimit options + --build-arg=[] Set build-time variables + -c, --cpu-shares CPU Shares (relative weight) + --cgroup-parent="" Optional parent cgroup for the container + --cpu-period=0 Limit the CPU CFS (Completely Fair Scheduler) period + --cpu-quota=0 Limit the CPU CFS (Completely Fair Scheduler) quota + --cpuset-cpus="" CPUs in which to allow execution, e.g. `0-3`, `0,1` + --cpuset-mems="" MEMs in which to allow execution, e.g. `0-3`, `0,1` + --disable-content-trust=true Skip image verification + -f, --file="" Name of the Dockerfile (Default is 'PATH/Dockerfile') + --force-rm=false Always remove intermediate containers + --help=false Print usage + -m, --memory="" Memory limit for all build containers + --memory-swap="" Total memory (memory + swap), `-1` to disable swap + --no-cache=false Do not use cache when building the image + --pull=false Always attempt to pull a newer version of the image + -q, --quiet=false Suppress the verbose output generated by the containers + --rm=true Remove intermediate containers after a successful build + -t, --tag="" Repository name (and optionally a tag) for the image + --ulimit=[] Ulimit options Builds Docker images from a Dockerfile and a "context". A build's context is the files located in the specified `PATH` or `URL`. The build process can refer diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index cec7de672c..dafdb396be 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -17,6 +17,7 @@ weight=1 -a, --author="" Author (e.g., "John Hannibal Smith ") -c, --change=[] Apply specified Dockerfile instructions while committing the image + --help=false Print usage -m, --message="" Commit message -p, --pause=true Pause container during commit diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index c9c87a30eb..1fd43dfa00 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -11,12 +11,12 @@ weight=1 # cp -Copy files/folders between a container and the local filesystem. + Usage: docker cp [OPTIONS] CONTAINER:PATH LOCALPATH|- + docker cp [OPTIONS] LOCALPATH|- CONTAINER:PATH - Usage: docker cp [options] CONTAINER:PATH LOCALPATH|- - docker cp [options] LOCALPATH|- CONTAINER:PATH + Copy files/folders between a container and the local filesystem - --help Print usage statement + --help=false Print usage In the first synopsis form, the `docker cp` utility copies the contents of `PATH` from the filesystem of `CONTAINER` to the `LOCALPATH` (or stream as diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 34ae6dfef7..1af6bc9d65 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -30,6 +30,7 @@ Creates a new container. --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) --device=[] Add a host device to the container + --disable-content-trust=true Skip image verification --dns=[] Set custom DNS servers --dns-opt=[] Set custom DNS options --dns-search=[] Set custom DNS search domains @@ -37,6 +38,7 @@ Creates a new container. --entrypoint="" Overwrite the default ENTRYPOINT of the image --env-file=[] Read in a file of environment variables --expose=[] Expose a port or a range of ports + --group-add=[] Add additional groups to join -h, --hostname="" Container host name --help=false Print usage -i, --interactive=false Keep STDIN open even if not attached @@ -54,7 +56,7 @@ Creates a new container. --memory-swap="" Total memory (memory + swap), '-1' to disable swap --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --name="" Assign a name to the container - --net="bridge" Set the Network mode for the container + --net="default" Set the Network mode for the container --oom-kill-disable=false Whether to disable OOM Killer for the container or not -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host @@ -65,7 +67,6 @@ Creates a new container. --security-opt=[] Security options --stop-signal="SIGTERM" Signal to stop a container -t, --tty=false Allocate a pseudo-TTY - --disable-content-trust=true Skip image verification -u, --user="" Username or UID --ulimit=[] Ulimit options --uts="" UTS namespace to use diff --git a/docs/reference/commandline/diff.md b/docs/reference/commandline/diff.md index ae5da0587f..64140ccbbc 100644 --- a/docs/reference/commandline/diff.md +++ b/docs/reference/commandline/diff.md @@ -11,10 +11,12 @@ weight=1 # diff - Usage: docker diff CONTAINER + Usage: docker diff [OPTIONS] CONTAINER Inspect changes on a container's filesystem + --help=false Print usage + List the changed files and directories in a container᾿s filesystem There are 3 events that are listed in the `diff`: diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index ad306943ff..93e09a38cf 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -16,6 +16,7 @@ weight=1 Get real time events from the server -f, --filter=[] Filter output based on conditions provided + --help=false Print usage --since="" Show all events created since timestamp --until="" Stream events until this timestamp diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index 2ff1205604..76a491d790 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -16,6 +16,7 @@ weight=1 Run a command in a running container -d, --detach=false Detached mode: run command in the background + --help=false Print usage -i, --interactive=false Keep STDIN open even if not attached --privileged=false Give extended Linux capabilities to the command -t, --tty=false Allocate a pseudo-TTY diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index 5b1812cb7e..ab7855b956 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -12,22 +12,12 @@ weight=1 # export Usage: docker export [OPTIONS] CONTAINER - - Export the contents of a filesystem to a tar archive (streamed to STDOUT by default). + Export the contents of a container's filesystem as a tar archive + + --help=false Print usage -o, --output="" Write to a file, instead of STDOUT - Produces a tarred repository to the standard output stream. - - - For example: - - $ docker export red_panda > latest.tar - - Or - - $ docker export --output="latest.tar" red_panda - The `docker export` command does not export the contents of volumes associated with the container. If a volume is mounted on top of an existing directory in the container, `docker export` will export the contents of the *underlying* @@ -36,3 +26,11 @@ directory, not the contents of the volume. Refer to [Backup, restore, or migrate data volumes](/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes) in the user guide for examples on exporting data in a volume. + +## Examples + + $ docker export red_panda > latest.tar + +Or + + $ docker export --output="latest.tar" red_panda diff --git a/docs/reference/commandline/history.md b/docs/reference/commandline/history.md index a67587ec74..2d8aa5ac9c 100644 --- a/docs/reference/commandline/history.md +++ b/docs/reference/commandline/history.md @@ -16,6 +16,7 @@ weight=1 Show the history of an image -H, --human=true Print sizes and dates in human readable format + --help=false Print usage --no-trunc=false Don't truncate output -q, --quiet=false Only show numeric IDs diff --git a/docs/reference/commandline/import.md b/docs/reference/commandline/import.md index 92bf878a1c..b673aaf648 100644 --- a/docs/reference/commandline/import.md +++ b/docs/reference/commandline/import.md @@ -18,6 +18,7 @@ weight=1 optionally tag it. -c, --change=[] Apply specified Dockerfile instructions while importing the image + --help=false Print usage -m, --message= Set commit message for imported image You can specify a `URL` or `-` (dash) to take data directly from `STDIN`. The diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 129c2ee6de..0ff60771ef 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -12,10 +12,12 @@ weight=1 # info - Usage: docker info + Usage: docker info [OPTIONS] Display system-wide information + --help=false Print usage + For example: $ docker -D info diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index c6c4721c68..e82f969ad1 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -15,10 +15,10 @@ weight=1 Return low-level information on a container or image - -f, --format="" Format the output using the given go template - - --type=container|image Return JSON for specified type, permissible - values are "image" or "container" + -f, --format="" Format the output using the given go template + --help=false Print usage + --type=container|image Return JSON for specified type, permissible + values are "image" or "container" By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. diff --git a/docs/reference/commandline/kill.md b/docs/reference/commandline/kill.md index 798b9cc9eb..d54b9d820a 100644 --- a/docs/reference/commandline/kill.md +++ b/docs/reference/commandline/kill.md @@ -15,6 +15,7 @@ weight=1 Kill a running container using SIGKILL or a specified signal + --help=false Print usage -s, --signal="KILL" Signal to send to the container The main process inside the container will be sent `SIGKILL`, or any diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index d4154cd5f7..858257977f 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -15,6 +15,7 @@ weight=1 Load an image from a tar archive or STDIN + --help=false Print usage -i, --input="" Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz Loads a tarred repository from a file or the standard input stream. diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index 5c2934a92c..ff82affa45 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -17,6 +17,7 @@ weight=1 specified "https://index.docker.io/v1/" is the default. -e, --email="" Email + --help=false Print usage -p, --password="" Password -u, --username="" Username diff --git a/docs/reference/commandline/logout.md b/docs/reference/commandline/logout.md index 3dc902786c..e936f05fd6 100644 --- a/docs/reference/commandline/logout.md +++ b/docs/reference/commandline/logout.md @@ -16,6 +16,8 @@ weight=1 Log out from a Docker registry, if no server is specified "https://index.docker.io/v1/" is the default. + --help=false Print usage + For example: $ docker logout localhost:8080 diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index 3b7a96c43c..678108c02a 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -16,6 +16,7 @@ weight=1 Fetch the logs of a container -f, --follow=false Follow log output + --help=false Print usage --since="" Show logs since timestamp -t, --timestamps=false Show timestamps --tail="all" Number of lines to show from the end of the logs diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index 20ee02904b..72174e07d1 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -11,10 +11,12 @@ weight=1 # pause - Usage: docker pause CONTAINER [CONTAINER...] + Usage: docker pause [OPTIONS] CONTAINER [CONTAINER...] Pause all processes within a container + --help=false Print usage + The `docker pause` command uses the cgroups freezer to suspend all processes in a container. Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer diff --git a/docs/reference/commandline/port.md b/docs/reference/commandline/port.md index 0a9a3fe958..a5e850deee 100644 --- a/docs/reference/commandline/port.md +++ b/docs/reference/commandline/port.md @@ -11,11 +11,13 @@ weight=1 # port - Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]] + Usage: docker port [OPTIONS] CONTAINER [PRIVATE_PORT[/PROTO]] List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT + --help=false Print usage + You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or just a specific mapping: diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index ddf87411d0..4b83268b22 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -18,13 +18,14 @@ weight=1 -a, --all=false Show all containers (default shows just running) --before="" Show only container created before Id or Name -f, --filter=[] Filter output based on conditions provided + --format=[] Pretty-print containers using a Go template + --help=false Print usage -l, --latest=false Show the latest created container, include non-running -n=-1 Show n last created containers, include non-running --no-trunc=false Don't truncate output -q, --quiet=false Only display numeric IDs -s, --size=false Display total file sizes --since="" Show created since Id or Name, include non-running - --format=[] Pretty-print containers using a Go template Running `docker ps --no-trunc` showing 2 linked containers. diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 53b0d4cb50..3e1ae495fd 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -17,6 +17,7 @@ weight=1 -a, --all-tags=false Download all tagged images in the repository --disable-content-trust=true Skip image verification + --help=false Print usage Most of your images will be created on top of a base image from the [Docker Hub](https://hub.docker.com) registry. diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 7f88887dc9..0ac05f8513 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -11,11 +11,12 @@ weight=1 # push - Usage: docker push NAME[:TAG] + Usage: docker push [OPTIONS] NAME[:TAG] Push an image or a repository to the registry - --disable-content-trust=true Skip image signing + --disable-content-trust=true Skip image signing + --help=false Print usage Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) registry or to a self-hosted one. diff --git a/docs/reference/commandline/rename.md b/docs/reference/commandline/rename.md index 43115ff264..b252739b16 100644 --- a/docs/reference/commandline/rename.md +++ b/docs/reference/commandline/rename.md @@ -11,8 +11,10 @@ weight=1 # rename - Usage: docker rename OLD_NAME NEW_NAME + Usage: docker rename [OPTIONS] OLD_NAME NEW_NAME - rename a existing container to a NEW_NAME + Rename a container + + --help=false Print usage The `docker rename` command allows the container to be renamed to a different name. diff --git a/docs/reference/commandline/restart.md b/docs/reference/commandline/restart.md index 339f796044..cfce954864 100644 --- a/docs/reference/commandline/restart.md +++ b/docs/reference/commandline/restart.md @@ -15,5 +15,6 @@ weight=1 Restart a container + --help=false Print usage -t, --time=10 Seconds to wait for stop before killing the container diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index 3e4f0716e7..dc82107288 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -16,6 +16,7 @@ weight=1 Remove one or more containers -f, --force=false Force the removal of a running container (uses SIGKILL) + --help=false Print usage -l, --link=false Remove the specified link -v, --volumes=false Remove the volumes associated with the container diff --git a/docs/reference/commandline/rmi.md b/docs/reference/commandline/rmi.md index e699be12f8..d0475c7386 100644 --- a/docs/reference/commandline/rmi.md +++ b/docs/reference/commandline/rmi.md @@ -16,9 +16,9 @@ weight=1 Remove one or more images -f, --force=false Force removal of the image + --help=false Print usage --no-prune=false Do not delete untagged parents - You can remove an image using its short or long ID, its tag, or its digest. If an image has one or more tag or digest reference, you must remove all of them before the image is removed. diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 766ca205dc..afb704872b 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -29,6 +29,7 @@ weight=1 --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container + --disable-content-trust=true Skip image verification --dns=[] Set custom DNS servers --dns-opt=[] Set custom DNS options --dns-search=[] Set custom DNS search domains @@ -54,7 +55,7 @@ weight=1 --memory-swap="" Total memory (memory + swap), '-1' to disable swap --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --name="" Assign a name to the container - --net="bridge" Set the Network mode for the container + --net="default" Set the Network mode for the container --oom-kill-disable=false Whether to disable OOM Killer for the container or not -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host @@ -64,12 +65,11 @@ weight=1 --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) --rm=false Automatically remove the container when it exits --security-opt=[] Security Options - --stop-signal="SIGTERM" Signal to stop a container --sig-proxy=true Proxy received signals to the process + --stop-signal="SIGTERM" Signal to stop a container -t, --tty=false Allocate a pseudo-TTY -u, --user="" Username or UID (format: [:]) --ulimit=[] Ulimit options - --disable-content-trust=true Skip image verification --uts="" UTS namespace to use -v, --volume=[] Bind mount a volume --volumes-from=[] Mount volumes from the specified container(s) diff --git a/docs/reference/commandline/save.md b/docs/reference/commandline/save.md index 83913c093b..06ad5dfa6a 100644 --- a/docs/reference/commandline/save.md +++ b/docs/reference/commandline/save.md @@ -15,6 +15,7 @@ weight=1 Save an image(s) to a tar archive (streamed to STDOUT by default) + --help=false Print usage -o, --output="" Write to a file, instead of STDOUT Produces a tarred repository to the standard output stream. diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 35b4ed4da1..ce6f0f33f7 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -16,6 +16,7 @@ weight=1 Search the Docker Hub for images --automated=false Only show automated builds + --help=false Print usage --no-trunc=false Don't truncate output -s, --stars=0 Only displays with at least x stars diff --git a/docs/reference/commandline/start.md b/docs/reference/commandline/start.md index c23f5b5f60..cdbff0842c 100644 --- a/docs/reference/commandline/start.md +++ b/docs/reference/commandline/start.md @@ -13,8 +13,9 @@ weight=1 Usage: docker start [OPTIONS] CONTAINER [CONTAINER...] - Start one or more stopped containers + Start one or more containers -a, --attach=false Attach STDOUT/STDERR and forward signals + --help=false Print usage -i, --interactive=false Attach container's STDIN diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index d3e667bac6..3ae7087ffc 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -11,7 +11,7 @@ weight=1 # stats - Usage: docker stats CONTAINER [CONTAINER...] + Usage: docker stats [OPTIONS] CONTAINER [CONTAINER...] Display a live stream of one or more containers' resource usage statistics diff --git a/docs/reference/commandline/stop.md b/docs/reference/commandline/stop.md index d2ef8f8527..b5a22d6a1a 100644 --- a/docs/reference/commandline/stop.md +++ b/docs/reference/commandline/stop.md @@ -13,10 +13,11 @@ weight=1 Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a running container by sending SIGTERM and then SIGKILL after a + Stop a container by sending SIGTERM and then SIGKILL after a grace period + --help=false Print usage -t, --time=10 Seconds to wait for stop before killing it The main process inside the container will receive `SIGTERM`, and after a grace -period, `SIGKILL`. \ No newline at end of file +period, `SIGKILL`. diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 57b2aa0193..ab8aacda37 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -16,6 +16,7 @@ weight=1 Tag an image into a repository -f, --force=false Force + --help=false Print usage You can group your images together using names and tags, and then upload them to [*Share Images via Repositories*](/userguide/dockerrepos/#contributing-to-docker-hub). diff --git a/docs/reference/commandline/top.md b/docs/reference/commandline/top.md index c56beb3144..eb0e39c1f7 100644 --- a/docs/reference/commandline/top.md +++ b/docs/reference/commandline/top.md @@ -11,6 +11,8 @@ weight=1 # top - Usage: docker top CONTAINER [ps OPTIONS] + Usage: docker top [OPTIONS] CONTAINER [ps OPTIONS] - Display the running processes of a container \ No newline at end of file + Display the running processes of a container + + --help=false Print usage diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index aab7d00854..8a9d41a63c 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -11,10 +11,12 @@ weight=1 # unpause - Usage: docker unpause CONTAINER [CONTAINER...] + Usage: docker unpause [OPTIONS] CONTAINER [CONTAINER...] Unpause all processes within a container + --help=false Print usage + The `docker unpause` command uses the cgroups freezer to un-suspend all processes in a container. diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index 4570ed542f..a173c8dd15 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -16,6 +16,7 @@ weight=1 Show the Docker version information. -f, --format="" Format the output using the given go template + --help=false Print usage By default, this will render all version information in an easy to read layout. If a format is specified, the given template will be executed instead. diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 12b381eab4..be9d4198f8 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -14,10 +14,10 @@ parent = "smn_cli" Create a volume - -d, --driver=local Specify volume driver name - --help=false Print usage - --name= Specify volume name - -o, --opt=map[] Set driver specific options + -d, --driver=local Specify volume driver name + --help=false Print usage + --name= Specify volume name + -o, --opt=map[] Set driver specific options Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: @@ -25,7 +25,7 @@ Creates a new volume that containers can consume and store data in. If a name is hello $ docker run -d -v hello:/world busybox ls /world -The mount is created inside the container's `/src` directory. Docker does not support relative paths for mount points inside the container. +The mount is created inside the container's `/src` directory. Docker does not support relative paths for mount points inside the container. Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data. diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 28f5d1fb31..0ca3bbf957 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -14,8 +14,8 @@ parent = "smn_cli" Inspect one or more volumes - -f, --format= Format the output using the given go template. - --help=false Print usage + -f, --format= Format the output using the given go template. + --help=false Print usage Returns information about a volume. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a given template diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 63e98a47d5..3368866e10 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -14,9 +14,9 @@ parent = "smn_cli" List volumes - -f, --filter=[] Provide filter values (i.e. 'dangling=true') - --help=false Print usage - -q, --quiet=false Only display volume names + -f, --filter=[] Provide filter values (i.e. 'dangling=true') + --help=false Print usage + -q, --quiet=false Only display volume names Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. The filtering format is a `key=value` pair. To specify more than one filter, pass multiple flags (for example, `--filter "foo=bar" --filter "bif=baz"`) diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index e2f31b3cce..6d09723ca4 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -14,7 +14,7 @@ parent = "smn_cli" Remove a volume - --help=false Print usage + --help=false Print usage Removes one or more volumes. You cannot remove a volume that is in use by a container. diff --git a/docs/reference/commandline/wait.md b/docs/reference/commandline/wait.md index 847f3007b5..ed1c2a874b 100644 --- a/docs/reference/commandline/wait.md +++ b/docs/reference/commandline/wait.md @@ -11,6 +11,8 @@ weight=1 # wait - Usage: docker wait CONTAINER [CONTAINER...] + Usage: docker wait [OPTIONS] CONTAINER [CONTAINER...] - Block until a container stops, then print its exit code. \ No newline at end of file + Block until a container stops, then print its exit code. + + --help=false Print usage diff --git a/man/docker-build.1.md b/man/docker-build.1.md index fcf2c633cd..bcf8ed2f22 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -6,9 +6,11 @@ docker-build - Build a new image from the source code at PATH # SYNOPSIS **docker build** +[**--build-arg**[=*[]*]] +[**-c**|**--cpu-shares**[=*0*]] +[**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] -[**--build-arg**[=*[]*]] [**--force-rm**[=*false*]] [**--no-cache**[=*false*]] [**--pull**[=*false*]] @@ -17,14 +19,11 @@ docker-build - Build a new image from the source code at PATH [**-t**|**--tag**[=*TAG*]] [**-m**|**--memory**[=*MEMORY*]] [**--memory-swap**[=*MEMORY-SWAP*]] -[**-c**|**--cpu-shares**[=*0*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] -[**--cgroup-parent**[=*CGROUP-PARENT*]] [**--ulimit**[=*[]*]] - PATH | URL | - # DESCRIPTION @@ -34,9 +33,9 @@ directory to the Docker daemon. The contents of this directory would be used by **ADD** commands found within the Dockerfile. Warning, this will send a lot of data to the Docker daemon depending -on the contents of the current directory. The build is run by the Docker +on the contents of the current directory. The build is run by the Docker daemon, not by the CLI, so the whole context must be transferred to the daemon. -The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to +The Docker CLI reports "Sending build context to Docker daemon" when the context is sent to the daemon. When the URL to a tarball archive or to a single Dockerfile is given, no context is sent from diff --git a/man/docker-commit.1.md b/man/docker-commit.1.md index b17b37c6bc..5912d3636d 100644 --- a/man/docker-commit.1.md +++ b/man/docker-commit.1.md @@ -7,8 +7,8 @@ docker-commit - Create a new image from a container's changes # SYNOPSIS **docker commit** [**-a**|**--author**[=*AUTHOR*]] -[**--help**] [**-c**|**--change**[=\[*DOCKERFILE INSTRUCTIONS*\]]] +[**--help**] [**-m**|**--message**[=*MESSAGE*]] [**-p**|**--pause**[=*true*]] CONTAINER [REPOSITORY[:TAG]] diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 20e5e5b370..b37bd25e0d 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -1,9 +1,6 @@ % DOCKER(1) Docker User Manuals - -% Shishir Mahajan - +% Shishir Mahajan % SEPTEMBER 2015 - # NAME docker-daemon - Enable daemon mode diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index 5e21926d73..3f3e0a3908 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -8,16 +8,15 @@ docker-ps - List containers **docker ps** [**-a**|**--all**[=*false*]] [**--before**[=*BEFORE*]] -[**--help**] [**-f**|**--filter**[=*[]*]] +[**--format**=*"TEMPLATE"*] +[**--help**] [**-l**|**--latest**[=*false*]] [**-n**[=*-1*]] [**--no-trunc**[=*false*]] [**-q**|**--quiet**[=*false*]] [**-s**|**--size**[=*false*]] [**--since**[=*SINCE*]] -[**--format**=*"TEMPLATE"*] - # DESCRIPTION @@ -31,9 +30,6 @@ the running containers. **--before**="" Show only containers created before Id or Name, including non-running containers. -**--help** - Print usage statement - **-f**, **--filter**=[] Provide filter values. Valid filters: exited= - containers with exit code of @@ -44,6 +40,23 @@ the running containers. ancestor=([:tag]||) - filters containers that were created from the given image or a descendant. +**--format**=*"TEMPLATE"* + Pretty-print containers using a Go template. + Valid placeholders: + .ID - Container ID + .Image - Image ID + .Command - Quoted command + .CreatedAt - Time when the container was created. + .RunningFor - Elapsed time since the container was started. + .Ports - Exposed ports. + .Status - Container status. + .Size - Container disk size. + .Labels - All labels asigned to the container. + .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` + +**--help** + Print usage statement + **-l**, **--latest**=*true*|*false* Show only the latest created container, include non-running ones. The default is *false*. @@ -62,20 +75,6 @@ the running containers. **--since**="" Show only containers created since Id or Name, include non-running ones. -**--format**=*"TEMPLATE"* - Pretty-print containers using a Go template. - Valid placeholders: - .ID - Container ID - .Image - Image ID - .Command - Quoted command - .CreatedAt - Time when the container was created. - .RunningFor - Elapsed time since the container was started. - .Ports - Exposed ports. - .Status - Container status. - .Size - Container disk size. - .Labels - All labels asigned to the container. - .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` - # EXAMPLES # Display all containers, including non-running diff --git a/man/docker-start.1.md b/man/docker-start.1.md index 523b315594..2e1191b095 100644 --- a/man/docker-start.1.md +++ b/man/docker-start.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-start - Start one or more stopped containers +docker-start - Start one or more containers # SYNOPSIS **docker start** @@ -13,7 +13,7 @@ CONTAINER [CONTAINER...] # DESCRIPTION -Start one or more stopped containers. +Start one or more containers. # OPTIONS **-a**, **--attach**=*true*|*false* @@ -26,7 +26,7 @@ Start one or more stopped containers. Attach container's STDIN. The default is *false*. # See also -**docker-stop(1)** to stop a running container. +**docker-stop(1)** to stop a container. # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) diff --git a/man/docker-stop.1.md b/man/docker-stop.1.md index 4939070d97..c4daffa3bb 100644 --- a/man/docker-stop.1.md +++ b/man/docker-stop.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-stop - Stop a running container by sending SIGTERM and then SIGKILL after a grace period +docker-stop - Stop a container by sending SIGTERM and then SIGKILL after a grace period # SYNOPSIS **docker stop** @@ -11,7 +11,7 @@ docker-stop - Stop a running container by sending SIGTERM and then SIGKILL after CONTAINER [CONTAINER...] # DESCRIPTION -Stop a running container (Send SIGTERM, and then SIGKILL after +Stop a container (Send SIGTERM, and then SIGKILL after grace period) # OPTIONS diff --git a/man/docker.1.md b/man/docker.1.md index 88c62e7eeb..41329deb3b 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -190,7 +190,7 @@ inside it) See **docker-search(1)** for full documentation on the **search** command. **start** - Start a stopped container + Start a container See **docker-start(1)** for full documentation on the **start** command. **stats** @@ -198,7 +198,7 @@ inside it) See **docker-stats(1)** for full documentation on the **stats** command. **stop** - Stop a running container + Stop a container See **docker-stop(1)** for full documentation on the **stop** command. **tag** From 53089d74fe9eb7d77e74e053046df5e60e9a9011 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 5 Oct 2015 08:30:25 +0200 Subject: [PATCH 0891/2538] Add zsh completion for 'docker daemon --no-legacy-registry' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4603aacbd4..8393e254fb 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -452,6 +452,7 @@ __docker_subcommand() { "($help)--log-driver=-[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs none)" \ "($help)*--log-opt=-[Log driver specific options]:log driver options: " \ "($help)--mtu=-[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ + "($help)--no-legacy-registry[Do not contact legacy registries]" \ "($help -p --pidfile)"{-p,--pidfile=-}"[Path to use for daemon PID file]:PID file:_files" \ "($help)*--registry-mirror=-[Preferred Docker registry mirror]:registry mirror: " \ "($help -s --storage-driver)"{-s,--storage-driver=-}"[Storage driver to use]:driver:(aufs devicemapper btrfs zfs overlay)" \ From 2a36a93d04f82d0253fd6c10e109c0cfeb551850 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sun, 4 Oct 2015 23:04:36 +0200 Subject: [PATCH 0892/2538] Update documentation on the revert on env validation Signed-off-by: Vincent Demeester --- docs/reference/commandline/run.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index afb704872b..471a2bd5c3 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -216,7 +216,8 @@ An example of a file passed with `--env-file` _TEST_BAR=FOO TEST_APP_42=magic helloWorld=true - # 123qwe=bar <- is not valid + 123qwe=bar + org.spring.config=something # pass through this variable from the caller TEST_PASSTHROUGH @@ -231,6 +232,8 @@ An example of a file passed with `--env-file` helloWorld=true TEST_PASSTHROUGH=howdy HOME=/root + 123qwe=bar + org.spring.config=something $ docker run --env-file ./env.list busybox env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -243,9 +246,8 @@ An example of a file passed with `--env-file` helloWorld=true TEST_PASSTHROUGH= HOME=/root - -> **Note**: Environment variables names must consist solely of letters, numbers, -> and underscores - and cannot start with a number. + 123qwe=bar + org.spring.config=something A label is a a `key=value` pair that applies metadata to a container. To label a container with two labels: From fba8aeb14bc476c33b86ae66f7291b9c6c9606ea Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Tue, 6 Oct 2015 17:37:21 -0400 Subject: [PATCH 0893/2538] devmapper: Provide option to enabled deferred device deletion Provide a command line option dm.use_deferred_deletion to enable deferred device deletion feature. By default feature will be turned off. Not sure if there is much value in deferred deletion being turned on without deferred removal being turned on. So for now, this feature can be enabled only if deferred removal is on. Signed-off-by: Vivek Goyal --- docs/reference/commandline/daemon.md | 40 ++++++++++++++++++++++++++++ man/docker-daemon.8.md | 22 +++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index e3ed62ef42..cef19ab038 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -368,6 +368,46 @@ options for `zfs` start with `zfs`. > Otherwise, set this flag for migrating existing Docker daemons to > a daemon with a supported environment. + * `dm.use_deferred_removal` + + Enables use of deferred device removal if `libdm` and the kernel driver + support the mechanism. + + Deferred device removal means that if device is busy when devices are + being removed/deactivated, then a deferred removal is scheduled on + device. And devices automatically go away when last user of the device + exits. + + For example, when a container exits, its associated thin device is removed. + If that device has leaked into some other mount namespace and can't be + removed, the container exit still succeeds and this option causes the + system to schedule the device for deferred removal. It does not wait in a + loop trying to remove a busy device. + + Example use: `docker daemon --storage-opt dm.use_deferred_removal=true` + + * `dm.use_deferred_deletion` + + Enables use of deferred device deletion for thin pool devices. By default, + thin pool device deletion is synchronous. Before a container is deleted, + the Docker daemon removes any associated devices. If the storage driver + can not remove a device, the container deletion fails and daemon returns. + + `Error deleting container: Error response from daemon: Cannot destroy container` + + To avoid this failure, enable both deferred device deletion and deferred + device removal on the daemon. + + `docker daemon --storage-opt dm.use_deferred_deletion=true --storage-opt dm.use_deferred_removal=true` + + With these two options enabled, if a device is busy when the driver is + deleting a container, the driver marks the device as deleted. Later, when + the device isn't in use, the driver deletes it. + + In general it should be safe to enable this option by default. It will help + when unintentional leaking of mount point happens across multiple mount + namespaces. + Currently supported options of `zfs`: * `zfs.fsname` diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index b37bd25e0d..59ba4d54f2 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -302,6 +302,28 @@ device. Example use: `docker daemon --storage-opt dm.use_deferred_removal=true` +#### dm.use_deferred_deletion + +Enables use of deferred device deletion for thin pool devices. By default, +thin pool device deletion is synchronous. Before a container is deleted, the +Docker daemon removes any associated devices. If the storage driver can not +remove a device, the container deletion fails and daemon returns. + +`Error deleting container: Error response from daemon: Cannot destroy container` + +To avoid this failure, enable both deferred device deletion and deferred +device removal on the daemon. + +`docker daemon --storage-opt dm.use_deferred_deletion=true --storage-opt dm.use_deferred_removal=true` + +With these two options enabled, if a device is busy when the driver is +deleting a container, the driver marks the device as deleted. Later, when the +device isn't in use, the driver deletes it. + +In general it should be safe to enable this option by default. It will help +when unintentional leaking of mount point happens across multiple mount +namespaces. + #### dm.loopdatasize **Note**: This option configures devicemapper loopback, which should not be used in production. From 0afb6cc862e381615d83a289672269f3276abf4f Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 6 Oct 2015 15:45:32 -0700 Subject: [PATCH 0894/2538] change flag name to better follow the other flags that start with disable; Signed-off-by: Jessica Frazelle --- contrib/completion/bash/docker | 6 +++--- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/daemon.md | 16 ++++++++-------- man/docker-daemon.8.md | 10 +++++----- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 917a4f61d4..ce35eb7e5e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -20,12 +20,12 @@ # You can tailor completion for the "events", "history", "inspect", "run", # "rmi" and "save" commands by settings the following environment # variables: -# +# # DOCKER_COMPLETION_SHOW_IMAGE_IDS # "none" - Show names only (default) # "non-intermediate" - Show names and ids, but omit intermediate image IDs # "all" - Show names and ids, including intermediate image IDs -# +# # DOCKER_COMPLETION_SHOW_TAGS # "yes" - include tags in completion options (default) # "no" - don't include tags in completion options @@ -520,13 +520,13 @@ _docker_create() { _docker_daemon() { local boolean_options=" $global_boolean_options + --disable-legacy-registry --help --icc=false --ip-forward=false --ip-masq=false --iptables=false --ipv6 - --no-legacy-registry --selinux-enabled --userland-proxy=false " diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8393e254fb..ced1a5eaef 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -432,6 +432,7 @@ __docker_subcommand() { "($help)*--dns-search=-[DNS search domains to use]:DNS search: " \ "($help)*--dns-opt=-[DNS options to use]:DNS option: " \ "($help)*--default-ulimit=-[Set default ulimit settings for containers]:ulimit: " \ + "($help)--disable-legacy-registry[Do not contact legacy registries]" \ "($help -e --exec-driver)"{-e,--exec-driver=-}"[Exec driver to use]:driver:(native lxc windows)" \ "($help)*--exec-opt=-[Set exec driver options]:exec driver options: " \ "($help)--exec-root=-[Root of the Docker execdriver]:path:_directories" \ @@ -452,7 +453,6 @@ __docker_subcommand() { "($help)--log-driver=-[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs none)" \ "($help)*--log-opt=-[Log driver specific options]:log driver options: " \ "($help)--mtu=-[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ - "($help)--no-legacy-registry[Do not contact legacy registries]" \ "($help -p --pidfile)"{-p,--pidfile=-}"[Path to use for daemon PID file]:PID file:_files" \ "($help)*--registry-mirror=-[Preferred Docker registry mirror]:registry mirror: " \ "($help -s --storage-driver)"{-s,--storage-driver=-}"[Storage driver to use]:driver:(aufs devicemapper btrfs zfs overlay)" \ diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index cef19ab038..d54a983c78 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -49,7 +49,7 @@ weight=1 --log-driver="json-file" Default driver for container logs --log-opt=[] Log driver specific options --mtu=0 Set the containers network MTU - --no-legacy-registry=false Do not contact legacy registries + --disable-legacy-registry=false Do not contact legacy registries -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --registry-mirror=[] Preferred Docker registry mirror -s, --storage-driver="" Storage driver to use @@ -187,7 +187,7 @@ options for `zfs` start with `zfs`. If using a block device for device mapper storage, it is best to use `lvm` to create and manage the thin-pool volume. This volume is then handed to Docker - to exclusively create snapshot volumes needed for images and containers. + to exclusively create snapshot volumes needed for images and containers. Managing the thin-pool outside of Docker makes for the most feature-rich method of having Docker utilize device mapper thin provisioning as the @@ -198,7 +198,7 @@ options for `zfs` start with `zfs`. As a fallback if no thin pool is provided, loopback files will be created. Loopback is very slow, but can be used without any - pre-configuration of storage. It is strongly recommended that you do + pre-configuration of storage. It is strongly recommended that you do not use loopback in production. Ensure your Docker daemon has a `--storage-opt dm.thinpooldev` argument provided. @@ -229,7 +229,7 @@ options for `zfs` start with `zfs`. * `dm.loopdatasize` >**Note**: This option configures devicemapper loopback, which should not be used in production. - + Specifies the size to use when creating the loopback file for the "data" device which is used for the thin pool. The default size is 100G. The file is sparse, so it will not initially take up this @@ -493,14 +493,14 @@ automatically marked as insecure as of Docker 1.3.2. It is not recommended to rely on this, as it may change in the future. Enabling `--insecure-registry`, i.e., allowing un-encrypted and/or untrusted -communication, can be useful when running a local registry. However, +communication, can be useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for -testing purposes. For increased security, users should add their CA to their +testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of enabling `--insecure-registry`. ## Legacy Registries -Enabling `--no-legacy-registry` forces a docker daemon to only interact with registries which support the V2 protocol. Specifically, the daemon will not attempt `push`, `pull` and `login` to v1 registries. The exception to this is `search` which can still be performed on v1 registries. +Enabling `--disable-legacy-registry` forces a docker daemon to only interact with registries which support the V2 protocol. Specifically, the daemon will not attempt `push`, `pull` and `login` to v1 registries. The exception to this is `search` which can still be performed on v1 registries. ## Running a Docker daemon behind a HTTPS_PROXY @@ -524,7 +524,7 @@ use the proxy `--default-ulimit` allows you to set the default `ulimit` options to use for all containers. It takes the same options as `--ulimit` for `docker run`. If these defaults are not set, `ulimit` settings will be inherited, if not set on -`docker run`, from the Docker daemon. Any `--ulimit` options passed to +`docker run`, from the Docker daemon. Any `--ulimit` options passed to `docker run` will overwrite these defaults. Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linux to diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 59ba4d54f2..c9bec5d552 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -13,6 +13,7 @@ docker-daemon - Enable daemon mode [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] [**--default-ulimit**[=*[]*]] +[**--disable-legacy-registry**[=*false*]] [**--dns**[=*[]*]] [**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] @@ -37,7 +38,6 @@ docker-daemon - Enable daemon mode [**--log-driver**[=*json-file*]] [**--log-opt**[=*map[]*]] [**--mtu**[=*0*]] -[**--no-legacy-registry**[=*false*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] @@ -86,6 +86,9 @@ format. **--default-ulimit**=[] Set default ulimits for containers. +**--disable-legacy-registry**=*true*|*false* + Do not contact legacy registries + **--dns**="" Force Docker to use specific DNS servers @@ -133,7 +136,7 @@ unix://[/path/to/socket] to use. List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. - Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. + Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. **--ip**="" Default IP address to use when binding container ports. Default is `0.0.0.0`. @@ -168,9 +171,6 @@ unix://[/path/to/socket] to use. **--mtu**=VALUE Set the containers network mtu. Default is `0`. -**--no-legacy-registry**=*true*|*false* - Do not contact legacy registries - **-p**, **--pidfile**="" Path to use for daemon PID file. Default is `/var/run/docker.pid` From da80c0929ad135bb8f0e7aa719bb046f998d877d Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Mon, 28 Sep 2015 18:57:03 -0700 Subject: [PATCH 0895/2538] Networking API and UX documentation More doc updates will follow Signed-off-by: Madhu Venugopal --- docs/extend/index.md | 7 +- docs/extend/plugins.md | 6 +- .../extend}/plugins_network.md | 13 +- docs/reference/commandline/network_connect.md | 30 ++ docs/reference/commandline/network_create.md | 32 ++ .../commandline/network_disconnect.md | 27 + docs/reference/commandline/network_inspect.md | 49 ++ docs/reference/commandline/network_ls.md | 32 ++ docs/reference/commandline/network_rm.md | 23 + docs/reference/glossary.md | 13 +- docs/reference/run.md | 44 +- experimental/README.md | 5 - experimental/compose_swarm_networking.md | 238 --------- experimental/network_overlay.md | 14 - experimental/networking.md | 120 ----- experimental/networking_api.md | 489 ------------------ 16 files changed, 250 insertions(+), 892 deletions(-) rename {experimental => docs/extend}/plugins_network.md (74%) create mode 100644 docs/reference/commandline/network_connect.md create mode 100644 docs/reference/commandline/network_create.md create mode 100644 docs/reference/commandline/network_disconnect.md create mode 100644 docs/reference/commandline/network_inspect.md create mode 100644 docs/reference/commandline/network_ls.md create mode 100644 docs/reference/commandline/network_rm.md delete mode 100644 experimental/compose_swarm_networking.md delete mode 100644 experimental/network_overlay.md delete mode 100644 experimental/networking.md delete mode 100644 experimental/networking_api.md diff --git a/docs/extend/index.md b/docs/extend/index.md index b32daddc91..fd847dd912 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -15,6 +15,7 @@ weight = 6 Currently, you can extend Docker by adding a plugin. This section contains the following topics: -* [Understand Docker plugins](/extend/plugins) -* [Write a volume plugin](/extend/plugins_volume) -* [Docker plugin API](/extend/plugin_api) +* [Understand Docker plugins](/extend/plugins.md) +* [Write a volume plugin](/extend/plugins_volume.md) +* [Write a network plugin](/extend/plugins_network.md) +* [Docker plugin API](/extend/plugin_api.md) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 37b4f2f0c4..c526773958 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -17,8 +17,10 @@ plugins. ## Types of plugins Plugins extend Docker's functionality. They come in specific types. For -example, a [volume plugin](/extend/plugins_volume) might enable Docker -volumes to persist across multiple Docker hosts. +example, a [volume plugin](/extend/plugins_volume.md) might enable Docker +volumes to persist across multiple Docker hosts and a +[network plugin](/extend/plugins_network.md) might provide network plumbing +using a favorite networking technology, such as vxlan overlay, ipvlan, EVPN, etc. Currently Docker supports volume and network driver plugins. In the future it will support additional plugin types. diff --git a/experimental/plugins_network.md b/docs/extend/plugins_network.md similarity index 74% rename from experimental/plugins_network.md rename to docs/extend/plugins_network.md index 0902bee475..c2175d2c4f 100644 --- a/experimental/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -1,4 +1,4 @@ -# Experimental: Docker network driver plugins +# Docker network driver plugins Docker supports network driver plugins via [LibNetwork](https://github.com/docker/libnetwork). Network driver plugins are @@ -21,7 +21,9 @@ commands. For example, Some network driver plugins are listed in [plugins.md](/docs/extend/plugins.md) The network thus created is owned by the plugin, so subsequent commands -referring to that network will also be run through the plugin. +referring to that network will also be run through the plugin such as, + + docker run --net=mynet busybox top ## Network driver plugin protocol @@ -36,10 +38,3 @@ Google Groups, or the IRC channel #docker-network. - [#14083](https://github.com/docker/docker/issues/14083) Feedback on experimental networking features - -Other pertinent issues: - - - [#13977](https://github.com/docker/docker/issues/13977) UI for using networks - - [#14023](https://github.com/docker/docker/pull/14023) --default-network option - - [#14051](https://github.com/docker/docker/pull/14051) --publish-service option - - [#13441](https://github.com/docker/docker/pull/13441) (Deprecated) Networks API & UI diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md new file mode 100644 index 0000000000..5b206d8fb2 --- /dev/null +++ b/docs/reference/commandline/network_connect.md @@ -0,0 +1,30 @@ + + +# network connect + + Usage: docker network connect [OPTIONS] NETWORK CONTAINER + + Connects a container to a network + + --help=false Print usage + +Connects a running container to a network. This enables instant communication with other containers belonging to the same network. + +``` + $ docker network create -d overlay multi-host-network + $ docker run -d --name=container1 busybox top + $ docker network connect multi-host-network container1 +``` + +the container will be connected to the network that is created and managed by the driver (multi-host overlay driver in the above example) or external network plugins. + +Multiple containers can be connected to the same network and the containers in the same network will start to communicate with each other. If the driver/plugin supports multi-host connectivity, then the containers connected to the same multi-host network will be able to communicate seamlessly. + diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md new file mode 100644 index 0000000000..ff55f70025 --- /dev/null +++ b/docs/reference/commandline/network_create.md @@ -0,0 +1,32 @@ + + +# network create + + Usage: docker network create [OPTIONS] NETWORK-NAME + + Creates a new network with a name specified by the user + + -d, --driver= Driver to manage the Network + --help=false Print usage + +Creates a new network that containers can connect to. If the driver supports multi-host networking, the created network will be made available across all the hosts in the cluster. Daemon will do its best to identify network name conflicts. But its the users responsibility to make sure network name is unique across the cluster. You create a network and then configure the container to use it, for example: + +``` + $ docker network create -d overlay multi-host-network + $ docker run -itd --net=multi-host-network busybox +``` + +the container will be connected to the network that is created and managed by the driver (multi-host overlay driver in the above example) or external network plugins. + +Multiple containers can be connected to the same network and the containers in the same network will start to communicate with each other. If the driver/plugin supports multi-host connectivity, then the containers connected to the same multi-host network will be able to communicate seamlessly. + +*Note*: UX needs enhancement to accept network options to be passed to the drivers + diff --git a/docs/reference/commandline/network_disconnect.md b/docs/reference/commandline/network_disconnect.md new file mode 100644 index 0000000000..bbc2372035 --- /dev/null +++ b/docs/reference/commandline/network_disconnect.md @@ -0,0 +1,27 @@ + + +# network disconnect + + Usage: docker network disconnect [OPTIONS] NETWORK CONTAINER + + Disconnects a container from a network + + --help=false Print usage + +Disconnects a running container from a network. + +``` + $ docker network create -d overlay multi-host-network + $ docker run -d --net=multi-host-network --name=container1 busybox top + $ docker network disconnect multi-host-network container1 +``` + +the container will be disconnected from the network. diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md new file mode 100644 index 0000000000..8f99f7ec4c --- /dev/null +++ b/docs/reference/commandline/network_inspect.md @@ -0,0 +1,49 @@ + + +# network inspect + + Usage: docker network inspect [OPTIONS] NETWORK + + Displays detailed information on a network + + --help=false Print usage + +Returns information about a network. By default, this command renders all results +in a JSON object. + +Example output: + +``` +$ sudo docker run -itd --name=container1 busybox +f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27 + +$ sudo docker run -itd --name=container2 busybox +bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727 + +$ sudo docker network inspect bridge +{ + "name": "bridge", + "id": "7fca4eb8c647e57e9d46c32714271e0c3f8bf8d17d346629e2820547b2d90039", + "driver": "bridge", + "containers": { + "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { + "endpoint": "e0ac95934f803d7e36384a2029b8d1eeb56cb88727aa2e8b7edfeebaa6dfd758", + "mac_address": "02:42:ac:11:00:03", + "ipv4_address": "172.17.0.3/16" + }, + "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { + "endpoint": "31de280881d2a774345bbfb1594159ade4ae4024ebfb1320cb74a30225f6a8ae", + "mac_address": "02:42:ac:11:00:02", + "ipv4_address": "172.17.0.2/16" + } + } +} +``` diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md new file mode 100644 index 0000000000..0d2294e6fc --- /dev/null +++ b/docs/reference/commandline/network_ls.md @@ -0,0 +1,32 @@ + + +# docker network ls + + Usage: docker network ls [OPTIONS] + + Lists all the networks created by the user + --help=false Print usage + -l, --latest=false Show the latest network created + -n=-1 Show n last created networks + --no-trunc=false Do not truncate the output + -q, --quiet=false Only display numeric IDs + +Lists all the networks Docker knows about. This include the networks that spans across multiple hosts in a cluster. + +Example output: + +``` + $ sudo docker network ls + NETWORK ID NAME DRIVER + 7fca4eb8c647 bridge bridge + 9f904ee27bf5 none null + cf03ee007fb4 host host +``` diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md new file mode 100644 index 0000000000..9588f0a953 --- /dev/null +++ b/docs/reference/commandline/network_rm.md @@ -0,0 +1,23 @@ + + +# network rm + + Usage: docker network rm [OPTIONS] NETWORK + + Deletes a network + + --help=false Print usage + +Removes a network. You cannot remove a network that is in use by 1 or more containers. + +``` + $ docker network rm my-network +``` diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index 375194cd0c..3f7e7a0326 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -132,6 +132,12 @@ namespaces, cgroups, capabilities, and filesystem access controls. It allows you to manage the lifecycle of the container performing additional operations after the container is created. +## libnetwork + +libnetwork provides a native Go implementation for creating and managing container +network namespaces and other network resources. It manage the networking lifecycle +of the container performing additional operations after the container is created. + ## link links provide an interface to connect Docker containers running on the same host @@ -149,7 +155,12 @@ installs Docker on them, then configures the Docker client to talk to them. *Also known as : docker-machine* -## overlay +## overlay network driver + +Overlay network driver provides out of the box multi-host network connectivity +for docker containers in a cluster. + +## overlay storage driver OverlayFS is a [filesystem](#filesystem) service for Linux which implements a [union mount](http://en.wikipedia.org/wiki/Union_mount) for other file systems. diff --git a/docs/reference/run.md b/docs/reference/run.md index 46dec11115..b4a50abc7f 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -245,11 +245,12 @@ of the containers. ## Network settings --dns=[] : Set custom dns servers for the container - --net="bridge" : Set the Network mode for the container + --net="bridge" : Connects a container to a network 'bridge': creates a new network stack for the container on the docker bridge 'none': no networking for this container 'container:': reuses another container network stack 'host': use the host network stack inside the container + 'NETWORK': connects the container to user-created network using `docker network create` command --add-host="" : Add a line to /etc/hosts (host:IP) --mac-address="" : Sets the container's Ethernet device's MAC address @@ -269,12 +270,12 @@ By default, the MAC address is generated using the IP address allocated to the container. You can set the container's MAC address explicitly by providing a MAC address via the `--mac-address` parameter (format:`12:34:56:78:9a:bc`). -Supported networking modes are: +Supported networks : - + @@ -304,19 +305,25 @@ Supported networking modes are: its *name* or *id*. + + + +
ModeNetwork Description
NETWORK + Connects the container to a user created network (using `docker network create` command) +
-#### Mode: none +#### Network: none -With the networking mode set to `none` a container will not have a +With the network is `none` a container will not have access to any external routes. The container will still have a `loopback` interface enabled in the container but it does not have any routes to external traffic. -#### Mode: bridge +#### Network: bridge -With the networking mode set to `bridge` a container will use docker's +With the network set to `bridge` a container will use docker's default networking setup. A bridge is setup on the host, commonly named `docker0`, and a pair of `veth` interfaces will be created for the container. One side of the `veth` pair will remain on the host attached @@ -325,9 +332,9 @@ container's namespaces in addition to the `loopback` interface. An IP address will be allocated for containers on the bridge's network and traffic will be routed though this bridge to the container. -#### Mode: host +#### Network: host -With the networking mode set to `host` a container will share the host's +With the network set to `host` a container will share the host's network stack and all interfaces from the host will be available to the container. The container's hostname will match the hostname on the host system. Note that `--add-host` `--hostname` `--dns` `--dns-search` @@ -343,9 +350,9 @@ or a High Performance Web Server. > **Note**: `--net="host"` gives the container full access to local system > services such as D-bus and is therefore considered insecure. -#### Mode: container +#### Network: container -With the networking mode set to `container` a container will share the +With the network set to `container` a container will share the network stack of another container. The other container's name must be provided in the format of `--net container:`. Note that `--add-host` `--hostname` `--dns` `--dns-search` `--dns-opt` and `--mac-address` are @@ -360,6 +367,21 @@ running the `redis-cli` command and connecting to the Redis server over the $ # use the redis container's network stack to access localhost $ docker run --rm -it --net container:redis example/redis-cli -h 127.0.0.1 +#### Network: User-Created NETWORK + +In addition to all the above special networks, user can create a network using +their favorite network driver or external plugin. The driver used to create the +network takes care of all the network plumbing requirements for the container +connected to that network. + +Example creating a network using the inbuilt overlay network driver and running +a container in the created network + +``` +$ docker network create -d overlay multi-host-network +$ docker run --net=multi-host-network -itd --name=container3 busybox +``` + ### Managing /etc/hosts Your container will have lines in `/etc/hosts` which define the hostname of the diff --git a/experimental/README.md b/experimental/README.md index 2ffdb854a5..74c7f68cc3 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -71,11 +71,6 @@ to build a Docker binary with the experimental features enabled: ## Current experimental features -* [Network plugins](plugins_network.md) -* [Networking and Services UI](networking.md) -* [Native multi-host networking](network_overlay.md) -* [Compose, Swarm and networking integration](compose_swarm_networking.md) - ## How to comment on an experimental feature Each feature's documentation includes a list of proposal pull requests or PRs associated with the feature. If you want to comment on or suggest a change to a feature, please add it to the existing feature PR. diff --git a/experimental/compose_swarm_networking.md b/experimental/compose_swarm_networking.md deleted file mode 100644 index 305833a131..0000000000 --- a/experimental/compose_swarm_networking.md +++ /dev/null @@ -1,238 +0,0 @@ -# Experimental: Compose, Swarm and Multi-Host Networking - -The [experimental build of Docker](https://github.com/docker/docker/tree/master/experimental) has an entirely new networking system, which enables secure communication between containers on multiple hosts. In combination with Docker Swarm and Docker Compose, you can now run multi-container apps on multi-host clusters with the same tooling and configuration format you use to develop them locally. - -> Note: This functionality is in the experimental stage, and contains some hacks and workarounds which will be removed as it matures. - -## Prerequisites - -Before you start, you’ll need to install the experimental build of Docker, and the latest versions of Machine and Compose. - -- To install the experimental Docker build on a Linux machine, follow the instructions [here](https://github.com/docker/docker/tree/master/experimental#install-docker-experimental). - -- To install the experimental Docker build on a Mac, run these commands: - - $ curl -L https://experimental.docker.com/builds/Darwin/x86_64/docker-latest > /usr/local/bin/docker - $ chmod +x /usr/local/bin/docker - -- To install Machine, follow the instructions [here](http://docs.docker.com/machine/). - -- To install Compose, follow the instructions [here](http://docs.docker.com/compose/install/). - -You’ll also need a [Docker Hub](https://hub.docker.com/account/signup/) account and a [Digital Ocean](https://www.digitalocean.com/) account. -It works with the amazonec2 driver as well (by adapting the commands accordingly), except you'll need to manually open the ports 8500 (consul) and 7946 (serf) by editing the inbound rules of the corresponding security group. - -## Set up a swarm with multi-host networking - -Set the `DIGITALOCEAN_ACCESS_TOKEN` environment variable to a valid Digital Ocean API token, which you can generate in the [API panel](https://cloud.digitalocean.com/settings/applications). - - export DIGITALOCEAN_ACCESS_TOKEN=abc12345 - -Start a consul server: - - docker-machine --debug create \ - -d digitalocean \ - --engine-install-url="https://experimental.docker.com" \ - consul - - docker $(docker-machine config consul) run -d \ - -p "8500:8500" \ - -h "consul" \ - progrium/consul -server -bootstrap - -(In a real world setting you’d set up a distributed consul, but that’s beyond the scope of this guide!) - -Create a Swarm token: - - export SWARM_TOKEN=$(docker run swarm create) - -Next, you create a Swarm master with Machine: - - docker-machine --debug create \ - -d digitalocean \ - --digitalocean-image="ubuntu-14-04-x64" \ - --engine-install-url="https://experimental.docker.com" \ - --engine-opt="default-network=overlay:multihost" \ - --engine-opt="kv-store=consul:$(docker-machine ip consul):8500" \ - --engine-label="com.docker.network.driver.overlay.bind_interface=eth0" \ - swarm-0 - -Usually Machine can create Swarms for you, but it doesn't yet fully support multi-host networks yet, so you'll have to start up the Swarm manually: - - docker $(docker-machine config swarm-0) run -d \ - --restart="always" \ - --net="bridge" \ - swarm:latest join \ - --addr "$(docker-machine ip swarm-0):2376" \ - "token://$SWARM_TOKEN" - - docker $(docker-machine config swarm-0) run -d \ - --restart="always" \ - --net="bridge" \ - -p "3376:3376" \ - -v "/etc/docker:/etc/docker" \ - swarm:latest manage \ - --tlsverify \ - --tlscacert="/etc/docker/ca.pem" \ - --tlscert="/etc/docker/server.pem" \ - --tlskey="/etc/docker/server-key.pem" \ - -H "tcp://0.0.0.0:3376" \ - --strategy spread \ - "token://$SWARM_TOKEN" - -Create a Swarm node: - - docker-machine --debug create \ - -d digitalocean \ - --digitalocean-image="ubuntu-14-10-x64" \ - --engine-install-url="https://experimental.docker.com" \ - --engine-opt="default-network=overlay:multihost" \ - --engine-opt="kv-store=consul:$(docker-machine ip consul):8500" \ - --engine-label="com.docker.network.driver.overlay.bind_interface=eth0" \ - --engine-label="com.docker.network.driver.overlay.neighbor_ip=$(docker-machine ip swarm-0)" \ - swarm-1 - - docker $(docker-machine config swarm-1) run -d \ - --restart="always" \ - --net="bridge" \ - swarm:latest join \ - --addr "$(docker-machine ip swarm-1):2376" \ - "token://$SWARM_TOKEN" - -You can create more Swarm nodes if you want - it’s best to give them sensible names (swarm-2, swarm-3, etc). - -Finally, point Docker at your swarm: - - export DOCKER_HOST=tcp://"$(docker-machine ip swarm-0):3376" - export DOCKER_TLS_VERIFY=1 - export DOCKER_CERT_PATH="$HOME/.docker/machine/machines/swarm-0" - -## Run containers and get them communicating - -Now that you’ve got a swarm up and running, you can create containers on it just like a single Docker instance: - - $ docker run busybox echo hello world - hello world - -If you run `docker ps -a`, you can see what node that container was started on by looking at its name (here it’s swarm-3): - - $ docker ps -a - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 41f59749737b busybox "echo hello world" 15 seconds ago Exited (0) 13 seconds ago swarm-3/trusting_leakey - -As you start more containers, they’ll be placed on different nodes across the cluster, thanks to Swarm’s default “spread” scheduling strategy. - -Every container started on this swarm will use the “overlay:multihost” network by default, meaning they can all intercommunicate. Each container gets an IP address on that network, and an `/etc/hosts` file which will be updated on-the-fly with every other container’s IP address and name. That means that if you have a running container named ‘foo’, other containers can access it at the hostname ‘foo’. - -Let’s verify that multi-host networking is functioning. Start a long-running container: - - $ docker run -d --name long-running busybox top - - -If you start a new container and inspect its /etc/hosts file, you’ll see the long-running container in there: - - $ docker run busybox cat /etc/hosts - ... - 172.21.0.6 long-running - -Verify that connectivity works between containers: - - $ docker run busybox ping long-running - PING long-running (172.21.0.6): 56 data bytes - 64 bytes from 172.21.0.6: seq=0 ttl=64 time=7.975 ms - 64 bytes from 172.21.0.6: seq=1 ttl=64 time=1.378 ms - 64 bytes from 172.21.0.6: seq=2 ttl=64 time=1.348 ms - ^C - --- long-running ping statistics --- - 3 packets transmitted, 3 packets received, 0% packet loss - round-trip min/avg/max = 1.140/2.099/7.975 ms - -## Run a Compose application - -Here’s an example of a simple Python + Redis app using multi-host networking on a swarm. - -Create a directory for the app: - - $ mkdir composetest - $ cd composetest - -Inside this directory, create 2 files. - -First, create `app.py` - a simple web app that uses the Flask framework and increments a value in Redis: - - from flask import Flask - from redis import Redis - import os - app = Flask(__name__) - redis = Redis(host='composetest_redis_1', port=6379) - - @app.route('/') - def hello(): - redis.incr('hits') - return 'Hello World! I have been seen %s times.' % redis.get('hits') - - if __name__ == "__main__": - app.run(host="0.0.0.0", debug=True) - -Note that we’re connecting to a host called `composetest_redis_1` - this is the name of the Redis container that Compose will start. - -Second, create a Dockerfile for the app container: - - FROM python:2.7 - RUN pip install flask redis - ADD . /code - WORKDIR /code - CMD ["python", "app.py"] - -Build the Docker image and push it to the Hub (you’ll need a Hub account). Replace `` with your Docker Hub username: - - $ docker build -t /counter . - $ docker push /counter - -Next, create a `docker-compose.yml`, which defines the configuration for the web and redis containers. Once again, replace `` with your Hub username: - - web: - image: /counter - ports: - - "80:5000" - redis: - image: redis - -Now start the app: - - $ docker-compose up -d - Pulling web (username/counter:latest)... - swarm-0: Pulling username/counter:latest... : downloaded - swarm-2: Pulling username/counter:latest... : downloaded - swarm-1: Pulling username/counter:latest... : downloaded - swarm-3: Pulling username/counter:latest... : downloaded - swarm-4: Pulling username/counter:latest... : downloaded - Creating composetest_web_1... - Pulling redis (redis:latest)... - swarm-2: Pulling redis:latest... : downloaded - swarm-1: Pulling redis:latest... : downloaded - swarm-3: Pulling redis:latest... : downloaded - swarm-4: Pulling redis:latest... : downloaded - swarm-0: Pulling redis:latest... : downloaded - Creating composetest_redis_1... - -Swarm has created containers for both web and redis, and placed them on different nodes, which you can check with `docker ps`: - - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 92faad2135c9 redis "/entrypoint.sh redi 43 seconds ago Up 42 seconds swarm-2/composetest_redis_1 - adb809e5cdac username/counter "/bin/sh -c 'python 55 seconds ago Up 54 seconds 45.67.8.9:80->5000/tcp swarm-1/composetest_web_1 - -You can also see that the web container has exposed port 80 on its swarm node. If you curl that IP, you’ll get a response from the container: - - $ curl http://45.67.8.9 - Hello World! I have been seen 1 times. - -If you hit it repeatedly, the counter will increment, demonstrating that the web and redis container are communicating: - - $ curl http://45.67.8.9 - Hello World! I have been seen 2 times. - $ curl http://45.67.8.9 - Hello World! I have been seen 3 times. - $ curl http://45.67.8.9 - Hello World! I have been seen 4 times. diff --git a/experimental/network_overlay.md b/experimental/network_overlay.md deleted file mode 100644 index 9270418cc7..0000000000 --- a/experimental/network_overlay.md +++ /dev/null @@ -1,14 +0,0 @@ -# Native Multi-host networking - -There is a lot to talk about the native multi-host networking and the `overlay` driver that makes it happen. The technical details are documented under https://github.com/docker/libnetwork/blob/master/docs/overlay.md. -Using the above experimental UI `docker network`, `docker service` and `--publish-service`, the user can exercise the power of multi-host networking. - -Since `network` and `service` objects are globally significant, this feature requires distributed states provided by the `libkv` project. -Using `libkv`, the user can plug any of the supported Key-Value store (such as consul, etcd or zookeeper). -User can specify the Key-Value store of choice using the `--cluster-store` daemon flag, which takes configuration value of format `PROVIDER:URL`, where -`PROVIDER` is the name of the Key-Value store (such as consul, etcd or zookeeper) and -`URL` is the url to reach the Key-Value store. -Example : `docker daemon --cluster-store=consul://localhost:8500` - -Send us feedback and comments on [#14083](https://github.com/docker/docker/issues/14083) -or on the usual Google Groups (docker-user, docker-dev) and IRC channels. diff --git a/experimental/networking.md b/experimental/networking.md deleted file mode 100644 index 89d988bd03..0000000000 --- a/experimental/networking.md +++ /dev/null @@ -1,120 +0,0 @@ -# Experimental: Networking and Services - -In this feature: - -- `network` and `service` become first class objects in the Docker UI - - one can now create networks, publish services on that network and attach containers to the services -- Native multi-host networking - - `network` and `service` objects are globally significant and provides multi-host container connectivity natively -- Inbuilt simple Service Discovery - - With multi-host networking and top-level `service` object, Docker now provides out of the box simple Service Discovery for containers running in a network -- Batteries included but removable - - Docker provides inbuilt native multi-host networking by default & can be swapped by any remote driver provided by external plugins. - -This is an experimental feature. For information on installing and using experimental features, see [the experimental feature overview](README.md). - -## Using Networks - - Usage: docker network [OPTIONS] COMMAND [OPTIONS] [arg...] - - Commands: - create Create a network - rm Remove a network - ls List all networks - info Display information of a network - - Run 'docker network COMMAND --help' for more information on a command. - - --help=false Print usage - -The `docker network` command is used to manage Networks. - -To create a network, `docker network create foo`. You can also specify a driver -if you have loaded a networking plugin e.g `docker network create -d foo` - - $ docker network create foo - aae601f43744bc1f57c515a16c8c7c4989a2cad577978a32e6910b799a6bccf6 - $ docker network create -d overlay bar - d9989793e2f5fe400a58ef77f706d03f668219688ee989ea68ea78b990fa2406 - -`docker network ls` is used to display the currently configured networks - - $ docker network ls - NETWORK ID NAME TYPE - d367e613ff7f none null - bd61375b6993 host host - cc455abccfeb bridge bridge - aae601f43744 foo bridge - d9989793e2f5 bar overlay - -To get detailed information on a network, you can use the `docker network info` -command. - - $ docker network info foo - Network Id: aae601f43744bc1f57c515a16c8c7c4989a2cad577978a32e6910b799a6bccf6 - Name: foo - Type: null - -If you no longer have need of a network, you can delete it with `docker network rm` - - $ docker network rm bar - bar - $ docker network ls - NETWORK ID NAME TYPE - aae601f43744 foo bridge - d367e613ff7f none null - bd61375b6993 host host - cc455abccfeb bridge bridge - -## User-Defined default network - -Docker daemon supports a configuration flag `--default-network` which takes configuration value of format `DRIVER:NETWORK`, where, -`DRIVER` represents the in-built drivers such as bridge, overlay, container, host and none. or Remote drivers via Network Plugins. -`NETWORK` is the name of the network created using the `docker network create` command -When a container is created and if the network mode (`--net`) is not specified, then this default network will be used to connect -the container. If `--default-network` is not specified, the default network will be the `bridge` driver. -Example : `docker daemon --default-network=overlay:multihost` - -## Using Services - - Usage: docker service COMMAND [OPTIONS] [arg...] - - Commands: - publish Publish a service - unpublish Remove a service - attach Attach a backend (container) to the service - detach Detach the backend from the service - ls Lists all services - info Display information about a service - - Run 'docker service COMMAND --help' for more information on a command. - - --help=false Print usage - -Assuming we want to publish a service from container `a0ebc12d3e48` on network `foo` as `my-service` we would use the following command: - - $ docker service publish my-service.foo - ec56fd74717d00f968c26675c9a77707e49ae64b8e54832ebf78888eb116e428 - $ docker service attach a0ebc12d3e48 my-service.foo - -This would make the container `a0ebc12d3e48` accessible as `my-service` on network `foo`. Any other container in network `foo` can use DNS to resolve the address of `my-service` - -This can also be achieved by using the `--publish-service` flag for `docker run`: - - docker run -itd --publish-service db.foo postgres - -`db.foo` in this instance means "place the container on network `foo`, and allow other hosts on `foo` to discover it under the name `db`" - -We can see the current services using the `docker service ls` command - - $ docker service ls - SERVICE ID NAME NETWORK PROVIDER - ec56fd74717d my-service foo a0ebc12d3e48 - -To remove the a service: - - $ docker service detach a0ebc12d3e48 my-service.foo - $ docker service unpublish my-service.foo - -Send us feedback and comments on [#14083](https://github.com/docker/docker/issues/14083) -or on the usual Google Groups (docker-user, docker-dev) and IRC channels. diff --git a/experimental/networking_api.md b/experimental/networking_api.md deleted file mode 100644 index 829c158718..0000000000 --- a/experimental/networking_api.md +++ /dev/null @@ -1,489 +0,0 @@ -# Networking API - -### List networks - -`GET /networks` - -List networks - -**Example request**: - - GET /networks HTTP/1.1 - -**Example response**: - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "name": "none", - "id": "8e4e55c6863ef4241c548c1c6fc77289045e9e5d5b5e4875401a675326981898", - "type": "null", - "endpoints": [] - }, - { - "name": "host", - "id": "062b6d9ea7913fde549e2d186ff0402770658f8c4e769958e1b943ff4e675011", - "type": "host", - "endpoints": [] - }, - { - "name": "bridge", - "id": "a87dd9a9d58f030962df1c15fb3fa142fbd9261339de458bc89be1895cef2c70", - "type": "bridge", - "endpoints": [] - } - ] - -Query Parameters: - -- **name** – Filter results with the given name -- **partial-id** – Filter results using the partial network ID - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **500** – server error - -### Create a Network - -`POST /networks` - -**Example request** - - POST /networks HTTP/1.1 - Content-Type: application/json - - { - "name": "foo", - "network_type": "", - "options": {} - } - -**Example Response** - - HTTP/1.1 200 OK - "32fbf63200e2897f5de72cb2a4b653e4b1a523b15116e96e3d73f7849e583653", - -Status Codes: - -- **200** – no error -- **400** – bad request -- **500** – server error - -### Get a network - -`GET /networks/` - -Get a network - -**Example request**: - - GET /networks/32fbf63200e2897f5de72cb2a4b653e4b1a523b15116e96e3d73f7849e583653 HTTP/1.1 - -**Example response**: - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "name": "foo", - "id": "32fbf63200e2897f5de72cb2a4b653e4b1a523b15116e96e3d73f7849e583653", - "type": "bridge", - "endpoints": [] - } - -Status Codes: - -- **200** – no error -- **404** – not found -- **500** – server error - -### List a networks endpoints - -`GET /networks//endpoints` - -**Example request** - - GET /networks/32fbf63200e2897f5de72cb2a4b653e4b1a523b15116e96e3d73f7849e583653/endpoints HTTP/1.1 - -**Example Response** - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "id": "7e0c116b882ee489a8a5345a2638c0129099aa47f4ba114edde34e75c1e4ae0d", - "name": "/lonely_pasteur", - "network": "foo" - } - ] - -Query Parameters: - -- **name** – Filter results with the given name -- **partial-id** – Filter results using the partial network ID - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **500** – server error - -### Create an endpoint on a network - -`POST /networks//endpoints` - -**Example request** - - POST /networks/32fbf63200e2897f5de72cb2a4b653e4b1a523b15116e96e3d73f7849e583653/endpoints HTTP/1.1 - Content-Type: application/json - - { - "name": "baz", - "exposed_ports": [ - { - "proto": 6, - "port": 8080 - } - ], - "port_mapping": null - } - -**Example Response** - - HTTP/1.1 200 OK - Content-Type: application/json - - "b18b795af8bad85cdd691ff24ffa2b08c02219d51992309dd120322689d2ab5a" - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **500** – server error - -### Get an endpoint - -`GET /networks//endpoints/` - -**Example request** - - GET /networks/32fbf63200e2897f5de72cb2a4b653e4b1a523b15116e96e3d73f7849e583653/endpoints/b18b795af8bad85cdd691ff24ffa2b08c02219d51992309dd120322689d2ab5a HTTP/1.1 - -**Example Response** - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "id": "b18b795af8bad85cdd691ff24ffa2b08c02219d51992309dd120322689d2ab5a", - "name": "baz", - "network": "foo" - } - -Status Codes: - -- **200** – no error -- **404** - not found -- **500** – server error - -### Join an endpoint to a container - -`POST /networks//endpoints//containers` - -**Example request** - - POST /networks/32fbf63200e2897f5de72cb2a4b653e4b1a523b15116e96e3d73f7849e583653//endpoints/b18b795af8bad85cdd691ff24ffa2b08c02219d51992309dd120322689d2ab5a/containers HTTP/1.1 - Content-Type: application/json - - { - "container_id": "e76f406417031bd24c17aeb9bb2f5968b628b9fb6067da264b234544754bf857", - "host_name": null, - "domain_name": null, - "hosts_path": null, - "resolv_conf_path": null, - "dns": null, - "extra_hosts": null, - "parent_updates": null, - "use_default_sandbox": true - } - -**Example response** - - HTTP/1.1 200 OK - Content-Type: application/json - - "/var/run/docker/netns/e76f40641703" - - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **404** - not found -- **500** – server error - -### Detach an endpoint from a container - -`DELETE /networks//endpoints//containers/` - -**Example request** - - DELETE /networks/32fbf63200e2897f5de72cb2a4b653e4b1a523b15116e96e3d73f7849e583653/endpoints/b18b795af8bad85cdd691ff24ffa2b08c02219d51992309dd120322689d2ab5a/containers/e76f406417031bd24c17aeb9bb2f5968b628b9fb6067da264b234544754bf857 HTTP/1.1 - Content-Type: application/json - -**Example response** - - HTTP/1.1 200 OK - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **404** - not found -- **500** – server error - - -### Delete an endpoint - -`DELETE /networks//endpoints/` - -**Example request** - - DELETE /networks/32fbf63200e2897f5de72cb2a4b653e4b1a523b15116e96e3d73f7849e583653/endpoints/b18b795af8bad85cdd691ff24ffa2b08c02219d51992309dd120322689d2ab5a HTTP/1.1 - -**Example Response** - - HTTP/1.1 200 OK - -Status Codes: - -- **200** – no error -- **404** - not found -- **500** – server error - -### Delete a network - -`DELETE /networks/` - -Delete a network - -**Example request**: - - DELETE /networks/0984d158bd8ae108e4d6bc8fcabedf51da9a174b32cc777026d4a29045654951 HTTP/1.1 - -**Example response**: - - HTTP/1.1 200 OK - -Status Codes: - -- **200** – no error -- **404** – not found -- **500** – server error - -# Services API - -### Publish a Service - -`POST /services` - -Publish a service - -**Example Request** - - POST /services HTTP/1.1 - Content-Type: application/json - - { - "name": "bar", - "network_name": "foo", - "exposed_ports": null, - "port_mapping": null - } - -**Example Response** - - HTTP/1.1 200 OK - Content-Type: application/json - - "0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff" - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **500** – server error - -### Get a Service - -`GET /services/0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff` - -Get a service - -**Example Request**: - - GET /services/0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff HTTP/1.1 - -**Example Response**: - - HTTP/1.1 200 OK - Content-Type: application/json - - { - "name": "bar", - "id": "0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff", - "network": "foo" - } - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **404** - not found -- **500** – server error - -### Attach a backend to a service - -`POST /services/0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff/backend` - -Attach a backend to a service - -**Example Request**: - - POST /services/0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff/backend HTTP/1.1 - Content-Type: application/json - - { - "container_id": "98c5241f9475e9efc17e7198e931fb48166010b80f96d48df204e251378ca547", - "host_name": "", - "domain_name": "", - "hosts_path": "", - "resolv_conf_path": "", - "dns": null, - "extra_hosts": null, - "parent_updates": null, - "use_default_sandbox": false - } - -**Example Response**: - - HTTP/1.1 200 OK - Content-Type: application/json - - "/var/run/docker/netns/98c5241f9475" - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **500** – server error - -### Get Backends for a Service - -Get all backends for a given service - -**Example Request** - - GET /services/0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff/backend HTTP/1.1 - -**Example Response** - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "id": "98c5241f9475e9efc17e7198e931fb48166010b80f96d48df204e251378ca547" - } - ] - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **500** – server error - -### List Services - -`GET /services` - -List services - -**Example request**: - - GET /services HTTP/1.1 - -**Example response**: - - HTTP/1.1 200 OK - Content-Type: application/json - - [ - { - "name": "/stupefied_stallman", - "id": "c826b26bf736fb4a77db33f83562e59f9a770724e259ab9c3d50d948f8233ae4", - "network": "bridge" - }, - { - "name": "bar", - "id": "0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff", - "network": "foo" - } - ] - -Query Parameters: - -- **name** – Filter results with the given name -- **partial-id** – Filter results using the partial network ID -- **network** - Filter results by the given network - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **500** – server error - -### Detach a Backend from a Service - -`DELETE /services/0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff/backend/98c5241f9475e9efc17e7198e931fb48166010b80f96d48df204e251378ca547` - -Detach a backend from a service - -**Example Request** - - DELETE /services/0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff/backend/98c5241f9475e9efc17e7198e931fb48166010b80f96d48df204e251378ca547 HTTP/1.1 - -**Example Response** - - HTTP/1.1 200 OK - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **500** – server error - -### Un-Publish a Service - -`DELETE /services/0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff` - -Unpublish a service - -**Example Request** - - DELETE /services/0aee0899e6c5e903cf3ef2bdc28a1c9aaf639c8c8c331fa4ae26344d9e32c1ff HTTP/1.1 - -**Example Response** - - HTTP/1.1 200 OK - -Status Codes: - -- **200** – no error -- **400** – bad parameter -- **500** – server error From 090ad2bb8a20ddc650378ccb16692093499bdd70 Mon Sep 17 00:00:00 2001 From: Aidan Hobson Sayers Date: Tue, 6 Oct 2015 22:58:23 +0100 Subject: [PATCH 0896/2538] Don't put dockerfiles in one continuous code block Signed-off-by: Aidan Hobson Sayers --- docs/reference/builder.md | 69 +++++++++++++++++++++------------------ 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 7c30511531..1f558c7e14 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1166,45 +1166,50 @@ or a signal name in the format SIGNAME, for instance SIGKILL. ## Dockerfile examples - # Nginx - # - # VERSION 0.0.1 +``` +# Nginx +# +# VERSION 0.0.1 - FROM ubuntu - MAINTAINER Victor Vieux +FROM ubuntu +MAINTAINER Victor Vieux - LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" Version="1.0" - RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server +LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" Version="1.0" +RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server +``` - # Firefox over VNC - # - # VERSION 0.3 +``` +# Firefox over VNC +# +# VERSION 0.3 - FROM ubuntu +FROM ubuntu - # Install vnc, xvfb in order to create a 'fake' display and firefox - RUN apt-get update && apt-get install -y x11vnc xvfb firefox - RUN mkdir ~/.vnc - # Setup a password - RUN x11vnc -storepasswd 1234 ~/.vnc/passwd - # Autostart firefox (might not be the best way, but it does the trick) - RUN bash -c 'echo "firefox" >> /.bashrc' +# Install vnc, xvfb in order to create a 'fake' display and firefox +RUN apt-get update && apt-get install -y x11vnc xvfb firefox +RUN mkdir ~/.vnc +# Setup a password +RUN x11vnc -storepasswd 1234 ~/.vnc/passwd +# Autostart firefox (might not be the best way, but it does the trick) +RUN bash -c 'echo "firefox" >> /.bashrc' - EXPOSE 5900 - CMD ["x11vnc", "-forever", "-usepw", "-create"] +EXPOSE 5900 +CMD ["x11vnc", "-forever", "-usepw", "-create"] +``` - # Multiple images example - # - # VERSION 0.1 +``` +# Multiple images example +# +# VERSION 0.1 - FROM ubuntu - RUN echo foo > bar - # Will output something like ===> 907ad6c2736f +FROM ubuntu +RUN echo foo > bar +# Will output something like ===> 907ad6c2736f - FROM ubuntu - RUN echo moo > oink - # Will output something like ===> 695d7793cbe4 - - # You᾿ll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with - # /oink. +FROM ubuntu +RUN echo moo > oink +# Will output something like ===> 695d7793cbe4 +# You᾿ll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with +# /oink. +``` From d86cfdfb84f77ae64349c583f5e30aebce0b22c7 Mon Sep 17 00:00:00 2001 From: Aidan Hobson Sayers Date: Wed, 7 Oct 2015 11:45:46 +0100 Subject: [PATCH 0897/2538] Mention more realistic examples are available Signed-off-by: Aidan Hobson Sayers --- docs/reference/builder.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 1f558c7e14..1e85f138b6 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1166,6 +1166,9 @@ or a signal name in the format SIGNAME, for instance SIGKILL. ## Dockerfile examples +Below you can see some examples of Dockerfile syntax. If you're interested in +something more realistic, take a look at the list of [Dockerization examples](/examples/). + ``` # Nginx # From 42fe72228dacd1d2914e3ec36455448d06c14439 Mon Sep 17 00:00:00 2001 From: Grant Reaber Date: Wed, 7 Oct 2015 15:51:57 -0500 Subject: [PATCH 0898/2538] clarify dockerignore semantics Signed-off-by: Grant Reaber --- docs/reference/builder.md | 102 +++++++++++++++++++++++--------------- 1 file changed, 63 insertions(+), 39 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 1e85f138b6..34a4fef0ef 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -186,66 +186,90 @@ that set `abc` to `bye`. ### .dockerignore file -If a file named `.dockerignore` exists in the root of `PATH`, then Docker -interprets it as a newline-separated list of exclusion patterns. Docker excludes -files or directories relative to `PATH` that match these exclusion patterns. If -there are any `.dockerignore` files in `PATH` subdirectories, Docker treats -them as normal files. +Before the docker CLI sends the context to the docker daemon, it looks +for a file named `.dockerignore` in the root directory of the context. +If this file exists, the CLI modifies the context to exclude files and +directories that match patterns in it. This helps to avoid +unnecessarily sending large or sensitive files and directories to the +daemon and potentially adding them to images using `ADD` or `COPY`. -Filepaths in `.dockerignore` are absolute with the current directory as the -root. Wildcards are allowed but the search is not recursive. Globbing (file name -expansion) is done using Go's -[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. +The CLI interprets the `.dockerignore` file as a newline-separated +list of patterns similar to the file globs of Unix shells. For the +purposes of matching, the root of the context is considered to be both +the working and the root directory. For example, the patterns +`/foo/bar` and `foo/bar` both exclude a file or directory named `bar` +in the `foo` subdirectory of `PATH` or in the root of the git +repository located at `URL`. Neither excludes anything else. -You can specify exceptions to exclusion rules. To do this, simply prefix a -pattern with an `!` (exclamation mark) in the same way you would in a -`.gitignore` file. Currently there is no support for regular expressions. -Formats like `[^temp*]` are ignored. - -The following is an example `.dockerignore` file: +Here is an example `.dockerignore` file: ``` */temp* */*/temp* temp? - *.md - !LICENSE.md ``` This file causes the following build behavior: | Rule | Behavior | |----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `*/temp*` | Exclude all files with names starting with`temp` in any subdirectory below the root directory. For example, a file named`/somedir/temporary.txt` is ignored. | -| `*/*/temp*` | Exclude files starting with name `temp` from any subdirectory that is two levels below the root directory. For example, the file `/somedir/subdir/temporary.txt` is ignored. | -| `temp?` | Exclude the files that match the pattern in the root directory. For example, the files `tempa`, `tempb` in the root directory are ignored. | -| `*.md ` | Exclude all markdown files in the root directory. | -| `!LICENSE.md` | Exception to the Markdown files exclusion. `LICENSE.md`is included in the build. | +| `*/temp*` | Exclude files and directories whose names start with `temp` in any immediate subdirectory of the root. For example, the plain file `/somedir/temporary.txt` is excluded, as is the directory `/somedir/temp`. | +| `*/*/temp*` | Exclude files and directories starting with `temp` from any subdirectory that is two levels below the root. For example, `/somedir/subdir/temporary.txt` is excluded. | +| `temp?` | Exclude files and directories in the root directory whose names are a one-character extension of `temp`. For example, `/tempa` and `/tempb` are excluded. -The placement of `!` exception rules influences the matching algorithm; the -last line of the `.dockerignore` that matches a particular file determines -whether it is included or excluded. In the above example, the `LICENSE.md` file -matches both the `*.md` and `!LICENSE.md` rule. If you reverse the lines in the -example: + +Matching is done using Go's +[filepath.Match](http://golang.org/pkg/path/filepath#Match) rules. A +preprocessing step removes leading and trailing whitespace and +eliminates `.` and `..` elements using Go's +[filepath.Clean](http://golang.org/pkg/path/filepath/#Clean). Lines +that are blank after preprocessing are ignored. + +Lines starting with `!` (exclamation mark) can be used to make exceptions +to exclusions. The following is an example `.dockerignore` file that +uses this mechanism: ``` - */temp* - */*/temp* - temp? - !LICENSE.md *.md + !README.md ``` -The build would exclude `LICENSE.md` because the last `*.md` rule adds all -Markdown files in the root directory back onto the ignore list. The -`!LICENSE.md` rule has no effect because the subsequent `*.md` rule overrides -it. +All markdown files *except* `README.md` are excluded from the context. -You can even use the `.dockerignore` file to ignore the `Dockerfile` and -`.dockerignore` files. This is useful if you are copying files from the root of -the build context into your new container but do not want to include the -`Dockerfile` or `.dockerignore` files (e.g. `ADD . /someDir/`). +The placement of `!` exception rules influences the behavior: the last +line of the `.dockerignore` that matches a particular file determines +whether it is included or excluded. Consider the following example: +``` + *.md + !README*.md + README-secret.md +``` + +No markdown files are included in the context except README files other than +`README-secret.md`. + +Now consider this example: + +``` + *.md + README-secret.md + !README*.md +``` + +All of the README files are included. The middle line has no effect because +`!README*.md` matches `README-secret.md` and comes last. + +You can even use the `.dockerignore` file to exclude the `Dockerfile` +and `.dockerignore` files. These files are still sent to the daemon +because it needs them to do its job. But the `ADD` and `COPY` commands +do not copy them to the the image. + +Finally, you may want to specify which files to include in the +context, rather than which to exclude. To achieve this, specify `*` as +the first pattern, followed by one or more `!` exception patterns. + +**Note**: For historical reasons, the pattern `.` is ignored. ## FROM From d45666f8694443eb3f2a23cd24540e03c02227b1 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Thu, 8 Oct 2015 07:20:06 -0700 Subject: [PATCH 0899/2538] Fixing issues in command ordering. Adding index.md Adjust bullets Entering Seb's comments Signed-off-by: Mary Anthony --- docs/reference/commandline/attach.md | 2 - docs/reference/commandline/build.md | 5 +- docs/reference/commandline/cli.md | 5 +- docs/reference/commandline/commit.md | 2 - docs/reference/commandline/cp.md | 1 - docs/reference/commandline/create.md | 5 +- docs/reference/commandline/daemon.md | 4 +- docs/reference/commandline/diff.md | 1 - docs/reference/commandline/events.md | 3 +- docs/reference/commandline/exec.md | 1 - docs/reference/commandline/export.md | 1 - docs/reference/commandline/history.md | 3 - docs/reference/commandline/images.md | 2 - docs/reference/commandline/import.md | 4 +- docs/reference/commandline/index.md | 85 +++++++++++++++++++ docs/reference/commandline/info.md | 3 - docs/reference/commandline/inspect.md | 2 - docs/reference/commandline/kill.md | 1 - docs/reference/commandline/load.md | 2 - docs/reference/commandline/login.md | 3 - docs/reference/commandline/logout.md | 4 - docs/reference/commandline/logs.md | 1 - docs/reference/commandline/network_connect.md | 3 +- docs/reference/commandline/network_create.md | 1 - docs/reference/commandline/network_inspect.md | 2 +- docs/reference/commandline/pause.md | 2 - docs/reference/commandline/port.md | 1 - docs/reference/commandline/ps.md | 1 - docs/reference/commandline/pull.md | 2 - docs/reference/commandline/push.md | 1 - docs/reference/commandline/rename.md | 1 - docs/reference/commandline/restart.md | 2 - docs/reference/commandline/rm.md | 6 +- docs/reference/commandline/rmi.md | 2 - docs/reference/commandline/run.md | 7 +- docs/reference/commandline/save.md | 1 - docs/reference/commandline/search.md | 2 - docs/reference/commandline/start.md | 2 - docs/reference/commandline/stats.md | 1 - docs/reference/commandline/stop.md | 1 - docs/reference/commandline/tag.md | 1 - docs/reference/commandline/top.md | 1 - docs/reference/commandline/unpause.md | 1 - docs/reference/commandline/version.md | 2 - docs/reference/commandline/volume_create.md | 1 - docs/reference/commandline/wait.md | 1 - 46 files changed, 101 insertions(+), 84 deletions(-) create mode 100644 docs/reference/commandline/index.md diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 1afce11a24..04a44cdd6d 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -5,7 +5,6 @@ description = "The attach command description and usage" keywords = ["attach, running, container"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -89,4 +88,3 @@ process is returned by the `docker attach` command to its caller too: 13 $ docker ps -a | grep test 275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test - diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index c608c97c57..83b405cd6d 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -5,7 +5,6 @@ description = "The build command description and usage" keywords = ["build, docker, image"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -251,9 +250,9 @@ the command line. When `docker build` is run with the `--cgroup-parent` option the containers used in the build will be run with the [corresponding `docker run` -flag](/reference/run/#specifying-custom-cgroups). +flag](/reference/run/#specifying-custom-cgroups). -Using the `--ulimit` option with `docker build` will cause each build step's +Using the `--ulimit` option with `docker build` will cause each build step's container to be started using those [`--ulimit` flag values](/reference/run/#setting-ulimits-in-a-container). diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index a07fc8b333..bef1d9e61d 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -1,14 +1,15 @@ -# Using the command line +# Use the Docker command line To list available commands, either run `docker` with no parameters or execute `docker help`: diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index dafdb396be..f2f0ca58bb 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -5,7 +5,6 @@ description = "The commit command description and usage" keywords = ["commit, file, changes"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -62,4 +61,3 @@ created. Supported `Dockerfile` instructions: f5283438590d $ docker inspect -f "{{ .Config.Env }}" f5283438590d [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] - diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index 1fd43dfa00..da27c20376 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -5,7 +5,6 @@ description = "The cp command description and usage" keywords = ["copy, container, files, folders"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 1af6bc9d65..c705919953 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -5,7 +5,6 @@ description = "The create command description and usage" keywords = ["docker, create, container"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -77,7 +76,7 @@ Creates a new container. The `docker create` command creates a writeable container layer over the specified image and prepares it for running the specified command. The container ID is then printed to `STDOUT`. This is similar to `docker run -d` -except the container is never started. You can then use the +except the container is never started. You can then use the `docker start ` command to start the container at any point. This is useful when you want to set up a container configuration ahead of time @@ -121,5 +120,3 @@ then be used from the subsequent container: -rw-r--r-- 1 1000 staff 920 Nov 28 11:51 .profile drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker - - diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index d54a983c78..238a9708d6 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -5,7 +5,7 @@ description = "The daemon command description and usage" keywords = ["container, daemon, runtime"] [menu.main] parent = "smn_cli" -weight=1 +weight = -1 +++ @@ -551,5 +551,3 @@ set like this: # or export DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/docker daemon -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1 - - diff --git a/docs/reference/commandline/diff.md b/docs/reference/commandline/diff.md index 64140ccbbc..17e870d35f 100644 --- a/docs/reference/commandline/diff.md +++ b/docs/reference/commandline/diff.md @@ -5,7 +5,6 @@ description = "The diff command description and usage" keywords = ["list, changed, files, container"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 93e09a38cf..ab7e8e6788 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -5,7 +5,6 @@ description = "The events command description and usage" keywords = ["events, container, report"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -36,7 +35,7 @@ returns only new and/or live events. ## Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If you would -like to use multiple filters, pass multiple flags (e.g., +like to use multiple filters, pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) Using the same filter multiple times will be handled as a *OR*; for example diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index 76a491d790..658292679f 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -5,7 +5,6 @@ description = "The exec command description and usage" keywords = ["command, container, run, execute"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index ab7855b956..49eb1ae047 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -5,7 +5,6 @@ description = "The export command description and usage" keywords = ["export, file, system, container"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/history.md b/docs/reference/commandline/history.md index 2d8aa5ac9c..43edf34620 100644 --- a/docs/reference/commandline/history.md +++ b/docs/reference/commandline/history.md @@ -5,7 +5,6 @@ description = "The history command description and usage" keywords = ["docker, image, history"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -39,5 +38,3 @@ To see how the `docker:apache` image was added to a container's base image: 88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B 511136ea3c5a 19 months ago 0 B Imported from - - - diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index 6e979937a6..e00840de22 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -5,7 +5,6 @@ description = "The images command description and usage" keywords = ["list, docker, images"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -178,4 +177,3 @@ In this example, with the `0.1` value, it returns an empty set because no matche $ docker images --filter "label=com.example.version=0.1" REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE - diff --git a/docs/reference/commandline/import.md b/docs/reference/commandline/import.md index b673aaf648..4881f016da 100644 --- a/docs/reference/commandline/import.md +++ b/docs/reference/commandline/import.md @@ -5,7 +5,6 @@ description = "The import command description and usage" keywords = ["import, file, system, container"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -48,7 +47,7 @@ Import to docker via pipe and `STDIN`. $ cat exampleimage.tgz | docker import - exampleimagelocal:new -Import with a commit message +Import with a commit message $ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new @@ -68,4 +67,3 @@ Note the `sudo` in this example – you must preserve the ownership of the files (especially root ownership) during the archiving with tar. If you are not root (or the sudo command) when you tar, then the ownerships might not get preserved. - diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md new file mode 100644 index 0000000000..d9216780f6 --- /dev/null +++ b/docs/reference/commandline/index.md @@ -0,0 +1,85 @@ + + + +# The Docker commands + +This section contains reference information on using Docker's command line client. Each command has a reference page along with samples. If you are unfamiliar with the command line, you should start by reading about how to ["Use the Docker command line"](cli). + +You start the Docker daemon with the command line. How you start the daemon affects your Docker containers. For that reason you should also make sure to read the [`daemon`](daemon) reference page. + +### Docker management commands + +* [daemon](daemon) +* [info](info) +* [inspect](inspect) +* [version](version) + +### Image commands + +* [build](build) +* [commit](commit) +* [export](export) +* [history](history) +* [images](images) +* [import](import) +* [load](load) +* [rmi](rmi) +* [save](save) +* [tag](tag) + +### Container commands + +* [attach](attach) +* [cp](cp) +* [create](create) +* [diff](diff) +* [events](events) +* [exec](exec) +* [kill](kill) +* [logs](logs) +* [pause](pause) +* [port](port) +* [ps](ps) +* [rename](rename) +* [restart](restart) +* [rm](rm) +* [run](run) +* [start](start) +* [stats](stats) +* [stop](stop) +* [top](top) +* [unpause](unpause) +* [wait](wait) + +### Hub and registry commands + +* [login](login) +* [logout](logout) +* [pull](pull) +* [push](push) +* [search](search) + +### Network and connectivity commands + +* [network_connect](network_connect) +* [network_create](network_create) +* [network_disconnect](network_disconnect) +* [network_inspect](network_inspect) +* [network_ls](network_ls) +* [network_rm](network_rm) + +### Shared data volume commands + +* [volume_create](volume_create) +* [volume_inspect](volume_inspect) +* [volume_ls](volume_ls) +* [volume_rm](volume_rm) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 0ff60771ef..446b686971 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -5,7 +5,6 @@ description = "The info command description and usage" keywords = ["display, docker, information"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -57,5 +56,3 @@ The global `-D` option tells all `docker` commands to output debug information. When sending issue reports, please use `docker version` and `docker -D info` to ensure we know how your setup is configured. - - diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index e82f969ad1..998e198fe7 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -5,7 +5,6 @@ description = "The inspect command description and usage" keywords = ["inspect, container, json"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -73,4 +72,3 @@ section contains complex JSON object, so to grab it as JSON, you use `json` to convert the configuration object into JSON. $ docker inspect --format='{{json .config}}' $INSTANCE_ID - diff --git a/docs/reference/commandline/kill.md b/docs/reference/commandline/kill.md index d54b9d820a..e25c899229 100644 --- a/docs/reference/commandline/kill.md +++ b/docs/reference/commandline/kill.md @@ -5,7 +5,6 @@ description = "The kill command description and usage" keywords = ["container, kill, signal"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index 858257977f..3a183f38e2 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -5,7 +5,6 @@ description = "The load command description and usage" keywords = ["stdin, tarred, repository"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -35,4 +34,3 @@ Restores both images and tags. fedora 20 58394af37342 7 weeks ago 385.5 MB fedora heisenbug 58394af37342 7 weeks ago 385.5 MB fedora latest 58394af37342 7 weeks ago 385.5 MB - diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index ff82affa45..6361d99f58 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -5,7 +5,6 @@ description = "The login command description and usage" keywords = ["registry, login, image"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -26,5 +25,3 @@ adding the server name. example: $ docker login localhost:8080 - - diff --git a/docs/reference/commandline/logout.md b/docs/reference/commandline/logout.md index e936f05fd6..36c85453f2 100644 --- a/docs/reference/commandline/logout.md +++ b/docs/reference/commandline/logout.md @@ -5,7 +5,6 @@ description = "The logout command description and usage" keywords = ["logout, docker, registry"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -21,6 +20,3 @@ weight=1 For example: $ docker logout localhost:8080 - - - diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index 678108c02a..27d68ead87 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -5,7 +5,6 @@ description = "The logs command description and usage" keywords = ["logs, retrieve, docker"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index 5b206d8fb2..dbde67df0a 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -16,7 +16,7 @@ parent = "smn_cli" --help=false Print usage -Connects a running container to a network. This enables instant communication with other containers belonging to the same network. +Connects a running container to a network. This enables instant communication with other containers belonging to the same network. ``` $ docker network create -d overlay multi-host-network @@ -27,4 +27,3 @@ Connects a running container to a network. This enables instant communication wi the container will be connected to the network that is created and managed by the driver (multi-host overlay driver in the above example) or external network plugins. Multiple containers can be connected to the same network and the containers in the same network will start to communicate with each other. If the driver/plugin supports multi-host connectivity, then the containers connected to the same multi-host network will be able to communicate seamlessly. - diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index ff55f70025..62302b886c 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -29,4 +29,3 @@ the container will be connected to the network that is created and managed by th Multiple containers can be connected to the same network and the containers in the same network will start to communicate with each other. If the driver/plugin supports multi-host connectivity, then the containers connected to the same multi-host network will be able to communicate seamlessly. *Note*: UX needs enhancement to accept network options to be passed to the drivers - diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 8f99f7ec4c..4d66046828 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -17,7 +17,7 @@ parent = "smn_cli" --help=false Print usage Returns information about a network. By default, this command renders all results -in a JSON object. +in a JSON object. Example output: diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index 72174e07d1..0e109478d9 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -5,7 +5,6 @@ description = "The pause command description and usage" keywords = ["cgroups, container, suspend, SIGSTOP"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -26,4 +25,3 @@ and subsequently resumed. See the [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for further details. - diff --git a/docs/reference/commandline/port.md b/docs/reference/commandline/port.md index a5e850deee..9fd6e8870b 100644 --- a/docs/reference/commandline/port.md +++ b/docs/reference/commandline/port.md @@ -5,7 +5,6 @@ description = "The port command description and usage" keywords = ["port, mapping, container"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 4b83268b22..0d67da9c0a 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -5,7 +5,6 @@ description = "The ps command description and usage" keywords = ["container, running, list"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 3e1ae495fd..efcaed6125 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -5,7 +5,6 @@ description = "The pull command description and usage" keywords = ["pull, image, hub, docker"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -50,4 +49,3 @@ use `docker pull`: # manually specifies the path to the default Docker registry. This could # be replaced with the path to a local registry to pull from another source. # sudo docker pull myhub.com:8080/test-image - diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 0ac05f8513..cdc6ac2da8 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -5,7 +5,6 @@ description = "The push command description and usage" keywords = ["share, push, image"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/rename.md b/docs/reference/commandline/rename.md index b252739b16..667e0d84d9 100644 --- a/docs/reference/commandline/rename.md +++ b/docs/reference/commandline/rename.md @@ -5,7 +5,6 @@ description = "The rename command description and usage" keywords = ["rename, docker, container"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/restart.md b/docs/reference/commandline/restart.md index cfce954864..61292d3a59 100644 --- a/docs/reference/commandline/restart.md +++ b/docs/reference/commandline/restart.md @@ -5,7 +5,6 @@ description = "The restart command description and usage" keywords = ["restart, container, Docker"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -17,4 +16,3 @@ weight=1 --help=false Print usage -t, --time=10 Seconds to wait for stop before killing the container - diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index dc82107288..943343a9a9 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -5,7 +5,6 @@ description = "The rm command description and usage" keywords = ["remove, Docker, container"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -42,8 +41,7 @@ The main process inside the container referenced under the link `/redis` will re $ docker rm $(docker ps -a -q) -This command will delete all stopped containers. The command -`docker ps -a -q` will return all existing container IDs and pass them to +This command will delete all stopped containers. The command +`docker ps -a -q` will return all existing container IDs and pass them to the `rm` command which will delete them. Any running containers will not be deleted. - diff --git a/docs/reference/commandline/rmi.md b/docs/reference/commandline/rmi.md index d0475c7386..09cffd0d29 100644 --- a/docs/reference/commandline/rmi.md +++ b/docs/reference/commandline/rmi.md @@ -5,7 +5,6 @@ description = "The rmi command description and usage" keywords = ["remove, image, Docker"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -73,4 +72,3 @@ To remove an image using its digest: Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2 Deleted: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b - diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 471a2bd5c3..4bb5ec1899 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -5,7 +5,6 @@ description = "The run command description and usage" keywords = ["run, command, container"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -101,7 +100,7 @@ and linking containers. $ docker ps -a | grep test d6c0fe130dba debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test -This example runs a container named `test` using the `debian:latest` +This example runs a container named `test` using the `debian:latest` image. The `-it` instructs Docker to allocate a pseudo-TTY connected to the container's stdin; creating an interactive `bash` shell in the container. In the example, the `bash` shell is quit by entering @@ -533,8 +532,8 @@ containers with `daemon` user: docker run -d -u daemon --ulimit nproc=3 busybox top docker run -d -u daemon --ulimit nproc=3 busybox top -The 4th container fails and reports "[8] System error: resource temporarily unavailable" error. -This fails because the caller set `nproc=3` resulting in the first three containers using up +The 4th container fails and reports "[8] System error: resource temporarily unavailable" error. +This fails because the caller set `nproc=3` resulting in the first three containers using up the three processes quota set for the `daemon` user. ### Stopping a container with a specific signal diff --git a/docs/reference/commandline/save.md b/docs/reference/commandline/save.md index 06ad5dfa6a..d384e81507 100644 --- a/docs/reference/commandline/save.md +++ b/docs/reference/commandline/save.md @@ -5,7 +5,6 @@ description = "The save command description and usage" keywords = ["tarred, repository, backup"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index ce6f0f33f7..07d9ca28c4 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -5,7 +5,6 @@ description = "The search command description and usage" keywords = ["search, hub, images"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -27,4 +26,3 @@ more details on finding shared images from the command line. > **Note:** > Search queries will only return up to 25 results - diff --git a/docs/reference/commandline/start.md b/docs/reference/commandline/start.md index cdbff0842c..31365a91fc 100644 --- a/docs/reference/commandline/start.md +++ b/docs/reference/commandline/start.md @@ -5,7 +5,6 @@ description = "The start command description and usage" keywords = ["Start, container, stopped"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -18,4 +17,3 @@ weight=1 -a, --attach=false Attach STDOUT/STDERR and forward signals --help=false Print usage -i, --interactive=false Attach container's STDIN - diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index 3ae7087ffc..b2790edf54 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -5,7 +5,6 @@ description = "The stats command description and usage" keywords = ["container, resource, statistics"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/stop.md b/docs/reference/commandline/stop.md index b5a22d6a1a..04b498e1d4 100644 --- a/docs/reference/commandline/stop.md +++ b/docs/reference/commandline/stop.md @@ -5,7 +5,6 @@ description = "The stop command description and usage" keywords = ["stop, SIGKILL, SIGTERM"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index ab8aacda37..abcc23a3de 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -5,7 +5,6 @@ description = "The tag command description and usage" keywords = ["tag, name, image"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/top.md b/docs/reference/commandline/top.md index eb0e39c1f7..3c78f6ae45 100644 --- a/docs/reference/commandline/top.md +++ b/docs/reference/commandline/top.md @@ -5,7 +5,6 @@ description = "The top command description and usage" keywords = ["container, running, processes"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index 8a9d41a63c..73248d4580 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -5,7 +5,6 @@ description = "The unpause command description and usage" keywords = ["cgroups, suspend, container"] [menu.main] parent = "smn_cli" -weight=1 +++ diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index a173c8dd15..16b947ed25 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -5,7 +5,6 @@ description = "The version command description and usage" keywords = ["version, architecture, api"] [menu.main] parent = "smn_cli" -weight=1 +++ @@ -54,4 +53,3 @@ describes all the details of the format. $ docker version --format '{{json .}}' {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} - diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index be9d4198f8..3684bda6d5 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -39,4 +39,3 @@ These options are passed directly to the volume driver. Options for different volume drivers may do different things (or nothing at all). *Note*: The built-in `local` volume driver does not currently accept any options. - diff --git a/docs/reference/commandline/wait.md b/docs/reference/commandline/wait.md index ed1c2a874b..cd91c0dded 100644 --- a/docs/reference/commandline/wait.md +++ b/docs/reference/commandline/wait.md @@ -5,7 +5,6 @@ description = "The wait command description and usage" keywords = ["container, stop, wait"] [menu.main] parent = "smn_cli" -weight=1 +++ From b923d8af3e6cef458b99566f48d4b936cb4d3d7e Mon Sep 17 00:00:00 2001 From: Deng Guangxing Date: Thu, 8 Oct 2015 14:27:44 +0800 Subject: [PATCH 0900/2538] update dockernetwork.md and network api Signed-off-by: Deng Guangxing --- docs/reference/commandline/network_inspect.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 4d66046828..b63bf181c8 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -37,12 +37,14 @@ $ sudo docker network inspect bridge "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { "endpoint": "e0ac95934f803d7e36384a2029b8d1eeb56cb88727aa2e8b7edfeebaa6dfd758", "mac_address": "02:42:ac:11:00:03", - "ipv4_address": "172.17.0.3/16" + "ipv4_address": "172.17.0.3/16", + "ipv6_address": "" }, "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { "endpoint": "31de280881d2a774345bbfb1594159ade4ae4024ebfb1320cb74a30225f6a8ae", "mac_address": "02:42:ac:11:00:02", - "ipv4_address": "172.17.0.2/16" + "ipv4_address": "172.17.0.2/16", + "ipv6_address": "" } } } From 7beb4061e1d802b9cf508674697041156a440a01 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Fri, 5 Jun 2015 15:09:53 -0500 Subject: [PATCH 0901/2538] Create extpoint for graphdrivers Allows people to create out-of-process graphdrivers that can be used with Docker. Extensions must be started before Docker otherwise Docker will fail to start. Signed-off-by: Brian Goff --- experimental/plugins_graphdriver.md | 321 ++++++++++++++++++++++++++++ 1 file changed, 321 insertions(+) create mode 100644 experimental/plugins_graphdriver.md diff --git a/experimental/plugins_graphdriver.md b/experimental/plugins_graphdriver.md new file mode 100644 index 0000000000..700fdde13b --- /dev/null +++ b/experimental/plugins_graphdriver.md @@ -0,0 +1,321 @@ +# Experimental: Docker graph driver plugins + +Docker graph driver plugins enable admins to use an external/out-of-process +graph driver for use with Docker engine. This is an alternative to using the +built-in storage drivers, such as aufs/overlay/devicemapper/btrfs. + +A graph driver plugin is used for image and container fs storage, as such +the plugin must be started and available for connections prior to Docker Engine +being started. + +# Write a graph driver plugin + +See the [plugin documentation](/docs/extend/plugins.md) for detailed information +on the underlying plugin protocol. + + +## Graph Driver plugin protocol + +If a plugin registers itself as a `GraphDriver` when activated, then it is +expected to provide the rootfs for containers as well as image layer storage. + +### /GraphDriver.Init + +**Request**: +``` +{ + "Home": "/graph/home/path", + "Opts": [] +} +``` + +Initialize the graph driver plugin with a home directory and array of options. +Plugins are not required to accept these options as the Docker Engine does not +require that the plugin use this path or options, they are only being passed +through from the user. + +**Response**: +``` +{ + "Err": null +} +``` + +Respond with a string error if an error occurred. + + +### /GraphDriver.Create + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", + "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" +} +``` + +Create a new, empty, filesystem layer with the specified `ID` and `Parent`. +`Parent` may be an empty string, which would indicate that there is no parent +layer. + +**Response**: +``` +{ + "Err: null +} +``` + +Respond with a string error if an error occurred. + + +### /GraphDriver.Remove + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" +} +``` + +Remove the filesystem layer with this given `ID`. + +**Response**: +``` +{ + "Err: null +} +``` + +Respond with a string error if an error occurred. + +### /GraphDriver.Get + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" + "MountLabel": "" +} +``` + +Get the mountpoint for the layered filesystem referred to by the given `ID`. + +**Response**: +``` +{ + "Dir": "/var/mygraph/46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", + "Err": "" +} +``` + +Respond with the absolute path to the mounted layered filesystem. +Respond with a string error if an error occurred. + +### /GraphDriver.Put + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" +} +``` + +Release the system resources for the specified `ID`, such as unmounting the +filesystem layer. + +**Response**: +``` +{ + "Err: null +} +``` + +Respond with a string error if an error occurred. + +### /GraphDriver.Exists + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" +} +``` + +Determine if a filesystem layer with the specified `ID` exists. + +**Response**: +``` +{ + "Exists": true +} +``` + +Respond with a boolean for whether or not the filesystem layer with the specified +`ID` exists. + +### /GraphDriver.Status + +**Request**: +``` +{} +``` + +Get low-level diagnostic information about the graph driver. + +**Response**: +``` +{ + "Status": [[]] +} +``` + +Respond with a 2-D array with key/value pairs for the underlying status +information. + + +### /GraphDriver.GetMetadata + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" +} +``` + +Get low-level diagnostic information about the layered filesystem with the +with the specified `ID` + +**Response**: +``` +{ + "Metadata": {}, + "Err": null +} +``` + +Respond with a set of key/value pairs containing the low-level diagnostic +information about the layered filesystem. +Respond with a string error if an error occurred. + +### /GraphDriver.Cleanup + +**Request**: +``` +{} +``` + +Perform neccessary tasks to release resources help by the plugin, for example +unmounting all the layered file systems. + +**Response**: +``` +{ + "Err: null +} +``` + +Respond with a string error if an error occurred. + + +### /GraphDriver.Diff + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", + "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" +} +``` + +Get an archive of the changes between the filesystem layers specified by the `ID` +and `Parent`. `Parent` may be an empty string, in which case there is no parent. + +**Response**: +``` +{{ TAR STREAM }} +``` + +### /GraphDriver.Changes + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", + "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" +} +``` + +Get a list of changes between the filesystem layers specified by the `ID` and +`Parent`. `Parent` may be an empty string, in which case there is no parent. + +**Response**: +``` +{ + "Changes": [{}], + "Err": null +} +``` + +Responds with a list of changes. The structure of a change is: +``` + "Path": "/some/path", + "Kind": 0, +``` + +Where teh `Path` is the filesystem path within the layered filesystem that is +changed and `Kind` is an integer specifying the type of change that occurred: + +- 0 - Modified +- 1 - Added +- 2 - Deleted + +Respond with a string error if an error occurred. + +### /GraphDriver.ApplyDiff + +**Request**: +``` +{{ TAR STREAM }} +``` + +Extract the changeset from the given diff into the layer with the specified `ID` +and `Parent` + +**Query Parameters**: + +- id (required)- the `ID` of the new filesystem layer to extract the diff to +- parent (required)- the `Parent` of the given `ID` + +**Response**: +``` +{ + "Size": 512366, + "Err": null +} +``` + +Respond with the size of the new layer in bytes. +Respond with a string error if an error occurred. + +### /GraphDriver.DiffSize + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", + "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" +} +``` + +Calculate the changes between the specified `ID` + +**Response**: +``` +{ + "Size": 512366, + "Err": null +} +``` + +Respond with the size changes between the specified `ID` and `Parent` +Respond with a string error if an error occurred. From 323fb21864c1af27c8001c60e37824ebfceca8ed Mon Sep 17 00:00:00 2001 From: Daniel Hiltgen Date: Mon, 28 Sep 2015 16:22:57 -0700 Subject: [PATCH 0902/2538] Add TLS support for discovery backend This leverages recent additions to libkv enabling client authentication via TLS so the discovery back-end can be locked down with mutual TLS. Example usage: docker daemon [other args] \ --cluster-advertise 192.168.122.168:2376 \ --cluster-store etcd://192.168.122.168:2379 \ --cluster-store-opt kv.cacertfile=/path/to/ca.pem \ --cluster-store-opt kv.certfile=/path/to/cert.pem \ --cluster-store-opt kv.keyfile=/path/to/key.pem Signed-off-by: Daniel Hiltgen --- docs/reference/commandline/daemon.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 238a9708d6..94b3df0c66 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -24,6 +24,7 @@ weight = -1 --default-gateway-v6="" Container default gateway IPv6 address --cluster-store="" URL of the distributed storage backend --cluster-advertise="" Address of the daemon instance to advertise + --cluster-store-opt=map[] Set cluster options --dns=[] DNS server to use --dns-opt=[] DNS options to use --dns-search=[] DNS search domains to use @@ -537,6 +538,20 @@ please check the [run](run.md) reference. daemon instance should use when advertising itself to the cluster. The daemon should be reachable by remote hosts on this 'host:port' combination. +The daemon uses [libkv](https://github.com/docker/libkv/) to advertise +the node within the cluster. Some Key/Value backends support mutual +TLS, and the client TLS settings used by the daemon can be configured +using the `--cluster-store-opt` flag, specifying the paths to PEM encoded +files. For example: + +```bash + --cluster-advertise 192.168.1.2:2376 \ + --cluster-store etcd://192.168.1.2:2379 \ + --cluster-store-opt kv.cacertfile=/path/to/ca.pem \ + --cluster-store-opt kv.certfile=/path/to/cert.pem \ + --cluster-store-opt kv.keyfile=/path/to/key.pem +``` + ## Miscellaneous options IP masquerading uses address translation to allow containers without a public From 92512fdf32f305e28a0b0f05163f2169f43ed0ef Mon Sep 17 00:00:00 2001 From: Yuan Sun Date: Thu, 8 Oct 2015 10:50:55 +0800 Subject: [PATCH 0903/2538] Add description for "--cpu-shares=0". Signed-off-by: Yuan Sun --- docs/reference/run.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index b4a50abc7f..73706908fd 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -800,7 +800,8 @@ can be modified by changing the container's CPU share weighting relative to the weighting of all other running containers. To modify the proportion from the default of 1024, use the `-c` or `--cpu-shares` -flag to set the weighting to 2 or higher. +flag to set the weighting to 2 or higher. If 0 is set, the system will ignore the +value and use the default of 1024. The proportion will only apply when CPU-intensive processes are running. When tasks in one container are idle, other containers can use the From f8a62fd1c55965f6c5e805b24c50122843ba7c9a Mon Sep 17 00:00:00 2001 From: Luca Marturana Date: Fri, 9 Oct 2015 10:48:18 +0200 Subject: [PATCH 0904/2538] Sync with remote API Signed-off-by: Luca Marturana Sync also container events Signed-off-by: Luca Marturana Sync also man page Signed-off-by: Luca Marturana --- docs/reference/commandline/events.md | 4 ++-- man/docker-events.1.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index ab7e8e6788..d923573096 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -21,11 +21,11 @@ parent = "smn_cli" Docker containers will report the following events: - create, destroy, die, export, kill, oom, pause, restart, start, stop, unpause + attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause and Docker images will report: - untag, delete + delete, import, pull, push, tag, untag The `--since` and `--until` parameters can be Unix timestamps, RFC3339 dates or Go duration strings (e.g. `10m`, `1h30m`) computed relative to diff --git a/man/docker-events.1.md b/man/docker-events.1.md index f854bbc1ad..87d921cdaa 100644 --- a/man/docker-events.1.md +++ b/man/docker-events.1.md @@ -18,11 +18,11 @@ information and real-time information. Docker containers will report the following events: - create, destroy, die, export, kill, pause, restart, start, stop, unpause + attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause and Docker images will report: - untag, delete + delete, import, pull, push, tag, untag # OPTIONS **--help** From b5a037443db0dd9ec5ca6d1d91aa83bf1515a89d Mon Sep 17 00:00:00 2001 From: Mike Brown Date: Mon, 14 Sep 2015 14:42:31 -0500 Subject: [PATCH 0905/2538] man update for docker run with host volumes Signed-off-by: Mike Brown cleaning up docker run -v documentation for man and web reference guide Signed-off-by: Mike Brown --- docs/reference/run.md | 8 ++++++-- man/docker-run.1.md | 16 +++++++++++----- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 73706908fd..287d91d44d 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1309,12 +1309,16 @@ container's `/etc/hosts` entry will be automatically updated. ### VOLUME (shared filesystems) - -v=[]: Create a bind mount with: [host-dir:]container-dir[:rw|ro]. - If 'host-dir' is missing, then docker creates a new volume. + -v=[]: Create a bind mount with: [host-dir:]container-dir[:], where + options are comma delimited and selected from [rw|ro] and [z|Z]. + If 'host-dir' is missing, then docker creates a new volume. If neither 'rw' or 'ro' is specified then the volume is mounted in read-write mode. --volumes-from="": Mount all volumes from the given container(s) +> **Note**: +> The auto-creation of the host path has been [*deprecated*](/misc/deprecated/#auto-creating-missing-host-paths-for-bind-mounts). + The volumes commands are complex enough to have their own documentation in section [*Managing data in containers*](/userguide/dockervolumes). A developer can define diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 960ac9f27d..bb7c38e01a 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -430,9 +430,17 @@ standard input. ""--ulimit""=[] Ulimit options -**-v**, **--volume**=[] - Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) - +**-v**, **--volume**=[] Create a bind mount + (format: `[host-dir:]container-dir[:]`, where suffix options +are comma delimited and selected from [rw|ro] and [z|Z].) + + (e.g., using -v /host-dir:/container-dir, bind mounts /host-dir in the +host to /container-dir in the Docker container) + + If 'host-dir' is missing, then docker automatically creates the new volume +on the host. **This auto-creation of the host path has been deprecated in +Release: v1.9.** + The **-v** option can be used one or more times to add one or more mounts to a container. These mounts can then be used in other containers using the **--volumes-from** option. @@ -467,8 +475,6 @@ For example, you can specify either `/foo` or `foo` for a `host-dir` value. If you supply the `/foo` value, Docker creates a bind-mount. If you supply the `foo` specification, Docker creates a named volume. -**Note:** Multiple Volume options can be added separated by a , (comma). - **--volumes-from**=[] Mount volumes from the specified container(s) From 4fcea5228736d64001bde098c969e8da82ba1994 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 9 Oct 2015 13:57:15 +0200 Subject: [PATCH 0906/2538] Add bash completion for `--cluster-store-opt` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ce35eb7e5e..c8c02ecbfc 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -537,6 +537,7 @@ _docker_daemon() { --bridge -b --cluster-advertise --cluster-store + --cluster-store-opt --default-gateway --default-gateway-v6 --default-ulimit @@ -568,6 +569,11 @@ _docker_daemon() { __docker_nospace return ;; + --cluster-store-opt) + COMPREPLY=( $( compgen -W "kv.cacertfile kv.certfile kv.keyfile" -S = -- "$cur" ) ) + __docker_nospace + return + ;; --exec-root|--graph|-g) _filedir -d return @@ -631,8 +637,8 @@ _docker_daemon() { __docker_complete_log_driver_options && return - # completions for --storage-opt case "${words[$cword-2]}$prev=" in + # completions for --storage-opt *dm.blkdiscard=*) COMPREPLY=( $( compgen -W "false true" -- "${cur#=}" ) ) return @@ -649,6 +655,11 @@ _docker_daemon() { _filedir return ;; + # completions for --cluster-store-opt + *kv.*file=*) + _filedir + return + ;; esac case "$cur" in From 40ec99e60a9c425338e5a1901a1240ca6fabdc2c Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Fri, 2 Oct 2015 07:26:13 -0400 Subject: [PATCH 0907/2538] add clarity/fix typos man/docker-build add needed clarity for 1) using STDIN to pass build context 2) --cpu-shares flag use also a few typos Signed-off-by: Sally O'Malley --- man/docker-build.1.md | 62 ++++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 21 deletions(-) diff --git a/man/docker-build.1.md b/man/docker-build.1.md index bcf8ed2f22..4bfadcbe49 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -39,8 +39,9 @@ The Docker CLI reports "Sending build context to Docker daemon" when the context the daemon. When the URL to a tarball archive or to a single Dockerfile is given, no context is sent from -the client to the Docker daemon. When a Git repository is set as the **URL**, the repository is -cloned locally and then sent as the context. +the client to the Docker daemon. In this case, the Dockerfile at the root of the archive and +the rest of the archive will get used as the context of the build. When a Git repository is +set as the **URL**, the repository is cloned locally and then sent as the context. # OPTIONS **-f**, **--file**=*PATH/Dockerfile* @@ -92,32 +93,50 @@ cloned locally and then sent as the context. **-c**, **--cpu-shares**=*0* CPU shares (relative weight). - By default, all containers get the same proportion of CPU cycles. You can - change this proportion by adjusting the container's CPU share weighting - relative to the weighting of all other running containers. + By default, all containers get the same proportion of CPU cycles. + CPU shares is a 'relative weight', relative to the default setting of 1024. + This default value is defined here: + ``` + cat /sys/fs/cgroup/cpu/cpu.shares + 1024 + ``` + You can change this proportion by adjusting the container's CPU share + weighting relative to the weighting of all other running containers. - To modify the proportion from the default of 1024, use the **-c** or - **--cpu-shares** flag to set the weighting to 2 or higher. + To modify the proportion from the default of 1024, use the **--cpu-shares** + flag to set the weighting to 2 or higher. + + Container CPU share Flag + {C0} 60% of CPU --cpu-shares=614 (614 is 60% of 1024) + {C1} 40% of CPU --cpu-shares=410 (410 is 40% of 1024) The proportion is only applied when CPU-intensive processes are running. When tasks in one container are idle, the other containers can use the left-over CPU time. The actual amount of CPU time used varies depending on the number of containers running on the system. - For example, consider three containers, one has a cpu-share of 1024 and - two others have a cpu-share setting of 512. When processes in all three + For example, consider three containers, where one has **--cpu-shares=1024** and + two others have **--cpu-shares=512**. When processes in all three containers attempt to use 100% of CPU, the first container would receive - 50% of the total CPU time. If you add a fourth container with a cpu-share - of 1024, the first container only gets 33% of the CPU. The remaining containers + 50% of the total CPU time. If you add a fourth container with **--cpu-shares=1024**, + the first container only gets 33% of the CPU. The remaining containers receive 16.5%, 16.5% and 33% of the CPU. + + Container CPU share Flag CPU time + {C0} 100% --cpu-shares=1024 33% + {C1} 50% --cpu-shares=512 16.5% + {C2} 50% --cpu-shares=512 16.5% + {C4} 100% --cpu-shares=1024 33% + + On a multi-core system, the shares of CPU time are distributed across the CPU cores. Even if a container is limited to less than 100% of CPU time, it can use 100% of each individual CPU core. For example, consider a system with more than three cores. If you start one - container **{C0}** with **-c=512** running one process, and another container - **{C1}** with **-c=1024** running two processes, this can result in the following + container **{C0}** with **--cpu-shares=512** running one process, and another container + **{C1}** with **--cpu-shares=1024** running two processes, this can result in the following division of CPU shares: PID container CPU CPU share @@ -141,7 +160,7 @@ kernel to restrict the container's CPU usage to the quota you specify. CPUs in which to allow execution (0-3, 0,1). **--cpuset-mems**=*CPUSET-MEMS* - Memory nodes (MEMs) in which to allow execution (-1-3, 0,1). Only effective on + Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. For example, if you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` @@ -203,16 +222,16 @@ name, and tag (where the tag in this context means the qualifier after the ":"). In this example we build a JBoss image for the Fedora repository and give it the version 1.0: - docker build -t fedora/jboss:1.0 + docker build -t fedora/jboss:1.0 . The next example is for the "whenry" user repository and uses Fedora and JBoss and gives it the version 2.1 : - docker build -t whenry/fedora-jboss:v2.1 + docker build -t whenry/fedora-jboss:v2.1 . If you do not provide a version tag then Docker will assign `latest`: - docker build -t whenry/fedora-jboss + docker build -t whenry/fedora-jboss . When you list the images, the image above will have the tag `latest`. @@ -228,16 +247,17 @@ as context. The Dockerfile at the root of the repository is used as Dockerfile. This only works if the GitHub repository is a dedicated repository. - docker build github.com/scollier/Fedora-Dockerfiles/tree/master/apache + docker build github.com/scollier/purpletest Note: You can set an arbitrary Git repository via the `git://` schema. ## Building an image using a URL to a tarball'ed context This will send the URL itself to the Docker daemon. The daemon will fetch the -tarball archive, decompress it and use its contents as the build context. If you -pass an *-f PATH/Dockerfile* option as well, the system will look for that file -inside the contents of the tarball. +tarball archive, decompress it and use its contents as the build context. The +Dockerfile at the root of the archive and the rest of the archive will get used +as the context of the build. If you pass an **-f PATH/Dockerfile** option as well, +the system will look for that file inside the contents of the tarball. docker build -f dev/Dockerfile https://10.10.10.1/docker/context.tar.gz From 64c577bdd8affd9b151ece427195385611fbfd89 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 10 Oct 2015 16:42:01 +0200 Subject: [PATCH 0908/2538] Add zsh completion for '--cluster-store-opt' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ced1a5eaef..def86303c2 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -426,8 +426,9 @@ __docker_subcommand() { "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ - "($help)--cluster-store=-[URL of the distributed storage backend]:Cluster Store:->cluser-store" \ + "($help)--cluster-store=-[URL of the distributed storage backend]:Cluster Store:->cluster-store" \ "($help)--cluster-advertise=-[Address of the daemon instance to advertise]:Instance to advertise (host\:port): " \ + "($help)*--cluster-store-opt[Set cluster options]:Cluster options:->cluster-store-options" \ "($help)*--dns=-[DNS server to use]:DNS: " \ "($help)*--dns-search=-[DNS search domains to use]:DNS search: " \ "($help)*--dns-opt=-[DNS options to use]:DNS option: " \ @@ -466,7 +467,7 @@ __docker_subcommand() { "($help)--userland-proxy[Use userland proxy for loopback traffic]" && ret=0 case $state in - (cluser-store) + (cluster-store) if compset -P '*://'; then _message 'host:port' && ret=0 else @@ -474,6 +475,14 @@ __docker_subcommand() { _describe -t cluster-store "Cluster Store" store -qS "://" && ret=0 fi ;; + (cluster-store-options) + if compset -P '*='; then + _files && ret=0 + else + opts=('kv.cacertfile' 'kv.certfile' 'kv.keyfile') + _describe -t cluster-store-opts "Cluster Store Options" opts -qS "=" && ret=0 + fi + ;; esac ;; (diff) From 1adb72225501d31824a53bd49c9c923882636ff0 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Thu, 8 Oct 2015 11:57:30 -0400 Subject: [PATCH 0909/2538] Add user namespace enable flag `--userns-remap` in experimental build This adds the capability to turn on user namespace support when using an experimental build Docker daemon binary using the `--userns-remap` flag. Also documentation is added to the experimental docs. Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- experimental/README.md | 3 ++ experimental/userns.md | 120 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+) create mode 100644 experimental/userns.md diff --git a/experimental/README.md b/experimental/README.md index 74c7f68cc3..ca4f102261 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -71,6 +71,9 @@ to build a Docker binary with the experimental features enabled: ## Current experimental features + * [External graphdriver plugins](plugins_graphdriver.md) + * [User namespaces](userns.md) + ## How to comment on an experimental feature Each feature's documentation includes a list of proposal pull requests or PRs associated with the feature. If you want to comment on or suggest a change to a feature, please add it to the existing feature PR. diff --git a/experimental/userns.md b/experimental/userns.md new file mode 100644 index 0000000000..79e06ee4a9 --- /dev/null +++ b/experimental/userns.md @@ -0,0 +1,120 @@ +# Experimental: User namespace support + +Linux kernel [user namespace support](http://man7.org/linux/man-pages/man7/user_namespaces.7.html) provides additional security by enabling +a process--and therefore a container--to have a unique range of user and +group IDs which are outside the traditional user and group range utilized by +the host system. Potentially the most important security improvement is that, +by default, container processes running as the `root` user will have expected +administrative privilege (with some restrictions) inside the container but will +effectively be mapped to an unprivileged `uid` on the host. + +In this experimental phase, the Docker daemon creates a single daemon-wide mapping +for all containers running on the same engine instance. The mappings will +utilize the existing subordinate user and group ID feature available on all modern +Linux distributions. +The [`/etc/subuid`](http://man7.org/linux/man-pages/man5/subuid.5.html) and +[`/etc/subgid`](http://man7.org/linux/man-pages/man5/subgid.5.html) files will be +read for the user, and optional group, specified to the `--userns-remap` +parameter. If you do not wish to specify your own user and/or group, you can +provide `default` as the value to this flag, and a user will be created on your behalf +and provided subordinate uid and gid ranges. This default user will be named +`dockremap`, and entries will be created for it in `/etc/passwd` and +`/etc/group` using your distro's standard user and group creation tools. + +> **Note**: The single mapping per-daemon restriction exists for this experimental +> phase because Docker shares image layers from its local cache across all +> containers running on the engine instance. Since file ownership must be +> the same for all containers sharing the same layer content, the decision +> was made to map the file ownership on `docker pull` to the daemon's user and +> group mappings so that there is no delay for running containers once the +> content is downloaded--exactly the same performance characteristics as with +> user namespaces disabled. + +## Starting the daemon with user namespaces enabled +To enable this experimental user namespace support for a Docker daemon instance, +start the daemon with the aforementioned `--userns-remap` flag, which accepts +values in the following formats: + + - uid + - uid:gid + - username + - username:groupname + +If numeric IDs are provided, translation back to valid user or group names +will occur so that the subordinate uid and gid information can be read, given +these resources are name-based, not id-based. If the numeric ID information +provided does not exist as entries in `/etc/passwd` or `/etc/group`, dameon +startup will fail with an error message. + +*An example: starting with default Docker user management:* + +``` + $ docker daemon --userns-remap=default +``` +In this case, Docker will create--or find the existing--user and group +named `dockremap`. If the user is created, and the Linux distribution has +appropriate support, the `/etc/subuid` and `/etc/subgid` files will be populated +with a contiguous 65536 length range of subordinate user and group IDs, starting +at an offset based on prior entries in those files. For example, Ubuntu will +create the following range, based on an existing user already having the first +65536 range: + +``` + $ cat /etc/subuid + user1:100000:65536 + dockremap:165536:65536 +``` + +> **Note:** On a fresh Fedora install, we found that we had to `touch` the +> `/etc/subuid` and `/etc/subgid` files to have ranges assigned when users +> were created. Once these files existed, range assigment on user creation +> worked properly. + +If you have a preferred/self-managed user with subordinate ID mappings already +configured, you can provide that username or uid to the `--userns-remap` flag. +If you have a group that doesn't match the username, you may provide the `gid` +or group name as well; otherwise the username will be used as the group name +when querying the system for the subordinate group ID range. + +## Detailed information on `subuid`/`subgid` ranges + +Given there may be advanced use of the subordinate ID ranges by power users, we will +describe how the Docker daemon uses the range entries within these files under the +current experimental user namespace support. + +The simplest case exists where only one contiguous range is defined for the +provided user or group. In this case, Docker will use that entire contiguous +range for the mapping of host uids and gids to the container process. This +means that the first ID in the range will be the remapped root user, and the +IDs above that initial ID will map host ID 1 through the end of the range. + +From the example `/etc/subid` content shown above, that means the remapped root +user would be uid 165536. + +If the system administrator has set up multiple ranges for a single user or +group, the Docker daemon will read all the available ranges and use the +following algorithm to create the mapping ranges: + +1. The ranges will be sorted by *start ID* ascending +2. Maps will be created from each range with where the host ID will increment starting at 0 for the first range, 0+*range1* length for the second, and so on. This means that the lowest range start ID will be the remapped root, and all further ranges will map IDs from 1 through the uid or gid that equals the sum of all range lengths. +3. Ranges segments above five will be ignored as the kernel ignores any ID maps after five (in `/proc/self/{u,g}id_map`) + +## User namespace known restrictions + +The following standard Docker features are currently incompatible when +running a Docker daemon with experimental user namespaces enabled: + + - sharing namespaces with the host (--pid=host, --net=host, etc.) + - sharing namespaces with other containers (--net=container:*other*) + - A `--readonly` container filesystem (a Linux kernel restriction on remount with new flags of a currently mounted filesystem when inside a user namespace) + - external (volume/graph) drivers which are unaware/incapable of using daemon user mappings + - Using `--privileged` mode containers + - Using the lxc execdriver (only the `native` execdriver is enabled to use user namespaces) + - volume use without pre-arranging proper file ownership in mounted volumes + +Additionally, while the `root` user inside a user namespaced container +process has many of the privileges of the administrative root user, the +following operations will fail: + + - Use of `mknod` - permission is denied for device creation by the container root + - others will be listed here when fully tested From e641a0f36352b3cf35ca19ec145edfcf73b6d81f Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Fri, 9 Oct 2015 16:50:41 -0700 Subject: [PATCH 0910/2538] Enabled GitHub Flavored Markdown GitHub flavored markdown is now supported for links and images. Also, ran LinkChecker and FileResolver. Yay! Fixes from Spider check Output for docker/docker now goes into engine directory Signed-off-by: Mary Anthony --- docs/README.md | 6 +- docs/extend/index.md | 8 +- docs/extend/plugin_api.md | 2 +- docs/extend/plugins.md | 6 +- docs/extend/plugins_network.md | 23 ++++-- docs/extend/plugins_volume.md | 2 +- docs/reference/builder.md | 31 ++++--- docs/reference/commandline/build.md | 16 ++-- docs/reference/commandline/cli.md | 4 +- docs/reference/commandline/create.md | 3 +- docs/reference/commandline/daemon.md | 4 +- docs/reference/commandline/export.md | 2 +- docs/reference/commandline/index.md | 104 ++++++++++++------------ docs/reference/commandline/run.md | 15 ++-- docs/reference/commandline/search.md | 2 +- docs/reference/commandline/tag.md | 2 +- docs/reference/commandline/volume_rm.md | 2 +- docs/reference/run.md | 29 ++++--- 18 files changed, 134 insertions(+), 127 deletions(-) diff --git a/docs/README.md b/docs/README.md index ccf306dbde..96ded0c51a 100644 --- a/docs/README.md +++ b/docs/README.md @@ -41,7 +41,7 @@ on other branches by special arrangement with the Docker maintainers. If you are a new or beginner contributor, we encourage you to read through the [our detailed contributors -guide](https://docs.docker.com/project/who-written-for/). The guide explains in +guide](who-written-for.md). The guide explains in detail, with examples, how to contribute. If you are an experienced contributor this quickstart should be enough to get you started. @@ -89,7 +89,7 @@ own. 6. Check your writing for style and mechanical errors. Use our [documentation style - guide](https://docs.docker.com/project/doc-style/) to check style. There are + guide](doc-style.md) to check style. There are several [good grammar and spelling online checkers](http://www.hemingwayapp.com/) that can check your writing mechanics. @@ -109,7 +109,7 @@ links that are referenced in the documentation—there should be none. ## Style guide If you have questions about how to write for Docker's documentation, please see -the [style guide](project/doc-style.md). The style guide provides +the [style guide](doc-style.md). The style guide provides guidance about grammar, syntax, formatting, styling, language, or tone. If something isn't clear in the guide, please submit an issue to let us know or submit a pull request to help us improve it. diff --git a/docs/extend/index.md b/docs/extend/index.md index fd847dd912..61afb720ca 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -15,7 +15,7 @@ weight = 6 Currently, you can extend Docker by adding a plugin. This section contains the following topics: -* [Understand Docker plugins](/extend/plugins.md) -* [Write a volume plugin](/extend/plugins_volume.md) -* [Write a network plugin](/extend/plugins_network.md) -* [Docker plugin API](/extend/plugin_api.md) +* [Understand Docker plugins](plugins.md) +* [Write a volume plugin](plugins_volume.md) +* [Write a network plugin](plugins_network.md) +* [Docker plugin API](plugin_api.md) diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index 7109aa7def..8e2862f6cb 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -16,7 +16,7 @@ Docker Engine. This page is intended for people who want to develop their own Docker plugin. If you just want to learn about or use Docker plugins, look -[here](/extend/plugins). +[here](plugins.md). ## What plugins are diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index c526773958..e04de760d3 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -17,9 +17,9 @@ plugins. ## Types of plugins Plugins extend Docker's functionality. They come in specific types. For -example, a [volume plugin](/extend/plugins_volume.md) might enable Docker +example, a [volume plugin](plugins_volume.md) might enable Docker volumes to persist across multiple Docker hosts and a -[network plugin](/extend/plugins_network.md) might provide network plumbing +[network plugin](plugins_network.md) might provide network plumbing using a favorite networking technology, such as vxlan overlay, ipvlan, EVPN, etc. Currently Docker supports volume and network driver plugins. In the future it @@ -73,4 +73,4 @@ of the plugin for help. The Docker team may not be able to assist you. ## Writing a plugin If you are interested in writing a plugin for Docker, or seeing how they work -under the hood, see the [docker plugins reference](/extend/plugin_api). +under the hood, see the [docker plugins reference](plugin_api.md). diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index c2175d2c4f..335ee9d04a 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -1,10 +1,21 @@ + + # Docker network driver plugins -Docker supports network driver plugins via -[LibNetwork](https://github.com/docker/libnetwork). Network driver plugins are -implemented as "remote drivers" for LibNetwork, which shares plugin -infrastructure with Docker. In effect this means that network driver plugins -are activated in the same way as other plugins, and use the same kind of +Docker supports network driver plugins via +[LibNetwork](https://github.com/docker/libnetwork). Network driver plugins are +implemented as "remote drivers" for LibNetwork, which shares plugin +infrastructure with Docker. In effect this means that network driver plugins +are activated in the same way as other plugins, and use the same kind of protocol. ## Using network driver plugins @@ -18,7 +29,7 @@ commands. For example, docker network create -d weave mynet -Some network driver plugins are listed in [plugins.md](/docs/extend/plugins.md) +Some network driver plugins are listed in [plugins](plugins.md) The network thus created is owned by the plugin, so subsequent commands referring to that network will also be run through the plugin such as, diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 41c4dd2194..6ab4bfbd7f 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -12,7 +12,7 @@ parent = "mn_extend" Docker volume plugins enable Docker deployments to be integrated with external storage systems, such as Amazon EBS, and enable data volumes to persist beyond -the lifetime of a single Docker host. See the [plugin documentation](/extend/plugins) +the lifetime of a single Docker host. See the [plugin documentation](plugins.md) for more information. # Command-line changes diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 34a4fef0ef..f022d51d1f 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -18,11 +18,11 @@ instructions in succession. This page describes the commands you can use in a `Dockerfile`. When you are done reading this page, refer to the [`Dockerfile` Best -Practices](/articles/dockerfile_best-practices) for a tip-oriented guide. +Practices](../articles/dockerfile_best-practices.md) for a tip-oriented guide. ## Usage -The [`docker build`](/reference/commandline/build/) command builds an image from +The [`docker build`](commandline/build.md) command builds an image from a `Dockerfile` and a *context*. The build's context is the files at a specified location `PATH` or `URL`. The `PATH` is a directory on your local filesystem. The `URL` is a the location of a Git repository. @@ -75,7 +75,7 @@ instructions. Whenever possible, Docker will re-use the intermediate images (cache), to accelerate the `docker build` process significantly. This is indicated by the `Using cache` message in the console output. -(For more information, see the [Build cache section](/articles/dockerfile_best-practices/#build-cache)) in the +(For more information, see the [Build cache section](../articles/dockerfile_best-practices.md#build-cache)) in the `Dockerfile` best practices guide: $ docker build -t SvenDowideit/ambassador . @@ -92,7 +92,7 @@ the `Using cache` message in the console output. Successfully built 1a5ffc17324d When you're done with your build, you're ready to look into [*Pushing a -repository to its registry*]( /userguide/dockerrepos/#contributing-to-docker-hub). +repository to its registry*](../userguide/dockerrepos.md#contributing-to-docker-hub). ## Format @@ -106,7 +106,7 @@ be UPPERCASE in order to distinguish them from arguments more easily. Docker runs the instructions in a `Dockerfile` in order. **The first instruction must be \`FROM\`** in order to specify the [*Base -Image*](/reference/glossary/#base-image) from which you are building. +Image*](glossary.md#base-image) from which you are building. Docker will treat lines that *begin* with `#` as a comment. A `#` marker anywhere else in the line will @@ -283,11 +283,10 @@ Or FROM @ -The `FROM` instruction sets the [*Base Image*](/reference/glossary/#base-image) +The `FROM` instruction sets the [*Base Image*](glossary.md#base-image) for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as its first instruction. The image can be any valid image – it is especially easy -to start by **pulling an image** from the [*Public Repositories*]( -/userguide/dockerrepos). +to start by **pulling an image** from the [*Public Repositories*](../userguide/dockerrepos.md). - `FROM` must be the first non-comment instruction in the `Dockerfile`. @@ -358,7 +357,7 @@ cache for `RUN` instructions can be invalidated by using the `--no-cache` flag, for example `docker build --no-cache`. See the [`Dockerfile` Best Practices -guide](/articles/dockerfile_best-practices/#build-cache) for more information. +guide](../articles/dockerfile_best-practices.md#build-cache) for more information. The cache for `RUN` instructions can be invalidated by `ADD` instructions. See [below](#add) for details. @@ -488,14 +487,14 @@ To view an image's labels, use the `docker inspect` command. The `EXPOSE` instructions informs Docker that the container will listen on the specified network ports at runtime. Docker uses this information to interconnect containers using links (see the [Docker User -Guide](/userguide/dockerlinks)) and to determine which ports to expose to the -host when [using the -P flag](/reference/run/#expose-incoming-ports). +Guide](../userguide/dockerlinks.md) and to determine which ports to expose to the +host when [using the -P flag](run.md#expose-incoming-ports). > **Note**: > `EXPOSE` doesn't define which ports can be exposed to the host or make ports > accessible from the host by default. To expose ports to the host, at runtime, -> [use the `-p` flag](/userguide/dockerlinks) or -> [the -P flag](/reference/run/#expose-incoming-ports). +> [use the `-p` flag](../userguide/dockerlinks.md) or +> [the -P flag](run.md#expose-incoming-ports). ## ENV @@ -595,7 +594,7 @@ of whether or not the file has changed and the cache should be updated. > following instructions from the Dockerfile if the contents of `` have > changed. This includes invalidating the cache for `RUN` instructions. > See the [`Dockerfile` Best Practices -guide](/articles/dockerfile_best-practices/#build-cache) for more information. +guide](../articles/dockerfile_best-practices.md#build-cache) for more information. `ADD` obeys the following rules: @@ -938,7 +937,7 @@ containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log /var/db`. For more information/examples and mounting instructions via the Docker client, refer to -[*Share Directories via Volumes*](/userguide/dockervolumes/#mount-a-host-directory-as-a-data-volume) +[*Share Directories via Volumes*](../userguide/dockervolumes.md#mount-a-host-directory-as-a-data-volume) documentation. The `docker run` command initializes the newly created volume with any data @@ -1191,7 +1190,7 @@ or a signal name in the format SIGNAME, for instance SIGKILL. ## Dockerfile examples Below you can see some examples of Dockerfile syntax. If you're interested in -something more realistic, take a look at the list of [Dockerization examples](/examples/). +something more realistic, take a look at the list of [Dockerization examples](../examples/). ``` # Nginx diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 83b405cd6d..94d2cc764e 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -37,7 +37,7 @@ parent = "smn_cli" Builds Docker images from a Dockerfile and a "context". A build's context is the files located in the specified `PATH` or `URL`. The build process can refer to any of the files in the context. For example, your build can use an -[*ADD*](/reference/builder/#add) instruction to reference a file in the +[*ADD*](../builder.md#add) instruction to reference a file in the context. The `URL` parameter can specify the location of a Git repository; the repository @@ -93,7 +93,7 @@ In most cases, it's best to put each Dockerfile in an empty directory. Then, add to that directory only the files needed for building the Dockerfile. To increase the build's performance, you can exclude files and directories by adding a `.dockerignore` file to that directory as well. For information on -creating one, see the [.dockerignore file](/reference/builder#dockerignore-file). +creating one, see the [.dockerignore file](../builder.md#dockerignore-file). If the Docker client loses connection to the daemon, the build is canceled. This happens if you interrupt the Docker client with `ctrl-c` or if the Docker @@ -124,7 +124,7 @@ There should be informational output of the reason for failure output to See also: -[*Dockerfile Reference*](/reference/builder). +[*Dockerfile Reference*](../builder.md). ## Examples @@ -160,7 +160,7 @@ where to find the files for the "context" of the build on the Docker daemon. Remember that the daemon could be running on a remote machine and that no parsing of the Dockerfile happens at the client side (where you're running `docker build`). That means that *all* the files at `PATH` get sent, not just -the ones listed to [*ADD*](/reference/builder/#add) in the Dockerfile. +the ones listed to [*ADD*](../builder.md#add) in the Dockerfile. The transfer of context from the local machine to the Docker daemon is what the `docker` client means when you see the "Sending build context" message. @@ -191,7 +191,7 @@ you must use `--rm=false`. This does not affect the build cache. This example shows the use of the `.dockerignore` file to exclude the `.git` directory from the context. Its effect can be seen in the changed size of the uploaded context. The builder reference contains detailed information on -[creating a .dockerignore file](../../builder/#dockerignore-file) +[creating a .dockerignore file](../builder.md#dockerignore-file) $ docker build -t vieux/apache:2.0 . @@ -250,11 +250,11 @@ the command line. When `docker build` is run with the `--cgroup-parent` option the containers used in the build will be run with the [corresponding `docker run` -flag](/reference/run/#specifying-custom-cgroups). +flag](../run.md#specifying-custom-cgroups). Using the `--ulimit` option with `docker build` will cause each build step's container to be started using those [`--ulimit` -flag values](/reference/run/#setting-ulimits-in-a-container). +flag values](../run.md#setting-ulimits-in-a-container). You can use `ENV` instructions in a Dockerfile to define variable values. These values persist in the built image. However, often @@ -273,4 +273,4 @@ Dockerfile. Also, these values don't persist in the intermediate or final images like `ENV` values do. For detailed information on using `ARG` and `ENV` instructions, see the -[Dockerfile reference](/reference/builder). +[Dockerfile reference](../builder.md). diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index bef1d9e61d..d2218667d7 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -31,7 +31,7 @@ each `docker` command with `sudo`. To avoid having to use `sudo` with the `docker` and add users to it. For more information about installing Docker or `sudo` configuration, refer to -the [installation](/installation) instructions for your operating system. +the [installation](../../installation) instructions for your operating system. ## Environment variables @@ -98,7 +98,7 @@ The property `psFormat` specifies the default format for `docker ps` output. When the `--format` flag is not provided with the `docker ps` command, Docker's client uses this property. If this property is not set, the client falls back to the default table format. For a list of supported formatting -directives, see the [**Formatting** section in the `docker ps` documentation](../ps) +directives, see the [**Formatting** section in the `docker ps` documentation](ps.md) Following is a sample `config.json` file: diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index c705919953..3324fc2818 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -83,8 +83,7 @@ This is useful when you want to set up a container configuration ahead of time so that it is ready to start when you need it. The initial status of the new container is `created`. -Please see the [run command](/reference/commandline/run) section and the [Docker run reference]( -/reference/run/) for more details. +Please see the [run command](run.md) section and the [Docker run reference](run.md) for more details. ## Examples diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 94b3df0c66..657b8d9778 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -73,7 +73,7 @@ To run the daemon with debug output, use `docker daemon -D`. ## Daemon socket option -The Docker daemon can listen for [Docker Remote API](/reference/api/docker_remote_api/) +The Docker daemon can listen for [Docker Remote API](../api/docker_remote_api.md) requests via three different types of Socket: `unix`, `tcp`, and `fd`. By default, a `unix` domain socket (or IPC socket) is created at @@ -83,7 +83,7 @@ membership. If you need to access the Docker daemon remotely, you need to enable the `tcp` Socket. Beware that the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon - and should be secured -either using the [built in HTTPS encrypted socket](/articles/https/), or by +either using the [built in HTTPS encrypted socket](../../articles/https/), or by putting a secure web proxy in front of it. You can listen on port `2375` on all network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP address: `-H tcp://192.168.59.103:2375`. It is diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index 49eb1ae047..96bf544733 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -23,7 +23,7 @@ the container, `docker export` will export the contents of the *underlying* directory, not the contents of the volume. Refer to [Backup, restore, or migrate data -volumes](/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes) in +volumes](../../userguide/dockervolumes.md#backup-restore-or-migrate-data-volumes) in the user guide for examples on exporting data in a volume. ## Examples diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index d9216780f6..ef99b91168 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -12,74 +12,74 @@ parent = "mn_reference" # The Docker commands -This section contains reference information on using Docker's command line client. Each command has a reference page along with samples. If you are unfamiliar with the command line, you should start by reading about how to ["Use the Docker command line"](cli). +This section contains reference information on using Docker's command line client. Each command has a reference page along with samples. If you are unfamiliar with the command line, you should start by reading about how to ["Use the Docker command line"](cli.md). -You start the Docker daemon with the command line. How you start the daemon affects your Docker containers. For that reason you should also make sure to read the [`daemon`](daemon) reference page. +You start the Docker daemon with the command line. How you start the daemon affects your Docker containers. For that reason you should also make sure to read the [`daemon`](daemon.md) reference page. ### Docker management commands -* [daemon](daemon) -* [info](info) -* [inspect](inspect) -* [version](version) +* [daemon](daemon.md) +* [info](info.md) +* [inspect](inspect.md) +* [version](version.md) ### Image commands -* [build](build) -* [commit](commit) -* [export](export) -* [history](history) -* [images](images) -* [import](import) -* [load](load) -* [rmi](rmi) -* [save](save) -* [tag](tag) +* [build](build.md) +* [commit](commit.md) +* [export](export.md) +* [history](history.md) +* [images](images.md) +* [import](import.md) +* [load](load.md) +* [rmi](rmi.md) +* [save](save.md) +* [tag](tag.md) ### Container commands -* [attach](attach) -* [cp](cp) -* [create](create) -* [diff](diff) -* [events](events) -* [exec](exec) -* [kill](kill) -* [logs](logs) -* [pause](pause) -* [port](port) -* [ps](ps) -* [rename](rename) -* [restart](restart) -* [rm](rm) -* [run](run) -* [start](start) -* [stats](stats) -* [stop](stop) -* [top](top) -* [unpause](unpause) -* [wait](wait) +* [attach](attach.md) +* [cp](cp.md) +* [create](create.md) +* [diff](diff.md) +* [events](events.md) +* [exec](exec.md) +* [kill](kill.md) +* [logs](logs.md) +* [pause](pause.md) +* [port](port.md) +* [ps](ps.md) +* [rename](rename.md) +* [restart](restart.md) +* [rm](rm.md) +* [run](run.md) +* [start](start.md) +* [stats](stats.md) +* [stop](stop.md) +* [top](top.md) +* [unpause](unpause.md) +* [wait](wait.md) ### Hub and registry commands -* [login](login) -* [logout](logout) -* [pull](pull) -* [push](push) -* [search](search) +* [login](login.md) +* [logout](logout.md) +* [pull](pull.md) +* [push](push.md) +* [search](search.md) ### Network and connectivity commands -* [network_connect](network_connect) -* [network_create](network_create) -* [network_disconnect](network_disconnect) -* [network_inspect](network_inspect) -* [network_ls](network_ls) -* [network_rm](network_rm) +* [network_connect](network_connect.md) +* [network_create](network_create.md) +* [network_disconnect](network_disconnect.md) +* [network_inspect](network_inspect.md) +* [network_ls](network_ls.md) +* [network_rm](network_rm.md) ### Shared data volume commands -* [volume_create](volume_create) -* [volume_inspect](volume_inspect) -* [volume_ls](volume_ls) -* [volume_rm](volume_rm) +* [volume_create](volume_create.md) +* [volume_inspect](volume_inspect.md) +* [volume_ls](volume_ls.md) +* [volume_rm](volume_rm.md) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 4bb5ec1899..9db6229a42 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -81,13 +81,12 @@ specified image, and then `starts` it using the specified command. That is, previous changes intact using `docker start`. See `docker ps -a` to view a list of all containers. -There is detailed information about `docker run` in the [Docker run reference]( -/reference/run/). +There is detailed information about `docker run` in the [Docker run reference](run.md). The `docker run` command can be used in combination with `docker commit` to -[*change the command that a container runs*](/reference/commandline/commit). +[*change the command that a container runs*](commit.md). -See the [Docker User Guide](/userguide/dockerlinks/) for more detailed +See the [Docker User Guide](../../userguide/dockerlinks.md) for more detailed information about the `--expose`, `-p`, `-P` and `--link` parameters, and linking containers. @@ -170,14 +169,14 @@ manipulate the host's Docker daemon. $ docker run -p 127.0.0.1:80:8080 ubuntu bash This binds port `8080` of the container to port `80` on `127.0.0.1` of -the host machine. The [Docker User Guide](/userguide/dockerlinks/) +the host machine. The [Docker User Guide](../../userguide/dockerlinks.md) explains in detail how to manipulate ports in Docker. $ docker run --expose 80 ubuntu bash This exposes port `80` of the container for use within a link without publishing the port to the host system's interfaces. The [Docker User -Guide](/userguide/dockerlinks) explains in detail how to manipulate +Guide](../../userguide/dockerlinks.md) explains in detail how to manipulate ports in Docker. $ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash @@ -279,7 +278,7 @@ format: You can load multiple label-files by supplying multiple `--label-file` flags. For additional information on working with labels, see [*Labels - custom -metadata in Docker*](/userguide/labels-custom-metadata/) in the Docker User +metadata in Docker*](../../userguide/labels-custom-metadata.md) in the Docker User Guide. $ docker run --link /redis:redis --name console ubuntu bash @@ -466,7 +465,7 @@ This will run the `redis` container with a restart policy of **always** so that if the container exits, Docker will restart it. More detailed information on restart policies can be found in the -[Restart Policies (--restart)](/reference/run/#restart-policies-restart) +[Restart Policies (--restart)](../run.md#restart-policies-restart) section of the Docker run reference page. ## Adding entries to a container hosts file diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 07d9ca28c4..7672c13b61 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -21,7 +21,7 @@ parent = "smn_cli" Search [Docker Hub](https://hub.docker.com) for images -See [*Find Public Images on Docker Hub*](/userguide/dockerrepos/#searching-for-images) for +See [*Find Public Images on Docker Hub*](../../userguide/dockerrepos.md#searching-for-images) for more details on finding shared images from the command line. > **Note:** diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index abcc23a3de..a325efaa4b 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -18,4 +18,4 @@ parent = "smn_cli" --help=false Print usage You can group your images together using names and tags, and then upload them -to [*Share Images via Repositories*](/userguide/dockerrepos/#contributing-to-docker-hub). +to [*Share Images via Repositories*](../../userguide/dockerrepos.md#contributing-to-docker-hub). diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index 6d09723ca4..93f746c4e2 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -1,6 +1,6 @@ cbba202fe96b - Step 2 : MAINTAINER SvenDowideit@home.org.au + $ docker build -t svendowideit/ambassador . + Sending build context to Docker daemon 15.36 kB + Step 0 : FROM alpine:3.2 + ---> 31f630c65071 + Step 1 : MAINTAINER SvenDowideit@home.org.au ---> Using cache - ---> 51182097be13 - Step 3 : CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' | sh && top + ---> 2a1c91448f5f + Step 2 : RUN apk update && apk add socat && rm -r /var/cache/ ---> Using cache - ---> 1a5ffc17324d - Successfully built 1a5ffc17324d + ---> 21ed6e7fbb73 + Step 3 : CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \& wait/' | sh + ---> Using cache + ---> 7ea8aef582cc + Successfully built 7ea8aef582cc When you're done with your build, you're ready to look into [*Pushing a repository to its registry*](../userguide/dockerrepos.md#contributing-to-docker-hub). From 4e6212f38905c21eb258fc14d118519d68174f22 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 18 Oct 2015 15:01:59 +0200 Subject: [PATCH 0943/2538] Add zsh completion for 'docker network create -o --opt' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8d49232e06..df4288538a 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -258,6 +258,7 @@ __docker_network_subcommand() { "($help)*--ip-range=[Allocate container ip from a sub-range]:IP/mask: " \ "($help)*--gateway=[ipv4 or ipv6 Gateway for the master subnet]:IP: " \ "($help)*--aux-address[Auxiliary ipv4 or ipv6 addresses used by network driver]:key=IP: " \ + "($help)*"{-o=,--opt=}"[Set driver specific options]:key=value: " \ "($help -)1:Network Name: " && ret=0 ;; (inspect|rm) From a2bbb2c61cf53120bc0c4d89e06da33e1db73d34 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 18 Oct 2015 05:42:23 -0700 Subject: [PATCH 0944/2538] bash completion for new `docker network create` options Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 69dbe24a2d..5410e79804 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1052,6 +1052,13 @@ _docker_network_connect() { _docker_network_create() { case "$prev" in + --aux-address|--gateway|--ip-range|--opt|-o|--subnet) + return + ;; + --ipam-driver) + COMPREPLY=( $( compgen -W "default" -- "$cur" ) ) + return + ;; --driver|-d) # no need to suggest drivers that allow one instance only # (host, null) @@ -1062,7 +1069,7 @@ _docker_network_create() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--driver -d --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--aux-address --driver -d --gateway --help --ip-range --ipam-driver --opt -o --subnet" -- "$cur" ) ) ;; esac } From 6b43a0aa73c371ea6fc98aaa07416cf8fe6ecbb2 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 18 Oct 2015 08:16:15 -0700 Subject: [PATCH 0945/2538] bash completion for `docker cp` supports copying both ways Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5410e79804..28e3e58984 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -561,9 +561,18 @@ _docker_cp() { return ;; *) + # combined container and filename completion + _filedir + local files=( ${COMPREPLY[@]} ) + __docker_containers_all COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) - __docker_nospace + local containers=( ${COMPREPLY[@]} ) + + COMPREPLY=( $( compgen -W "${files[*]} ${containers[*]}" -- "$cur" ) ) + if [[ "$COMPREPLY" == *: ]]; then + __docker_nospace + fi return ;; esac @@ -571,7 +580,13 @@ _docker_cp() { (( counter++ )) if [ $cword -eq $counter ]; then - _filedir -d + if [ -e "$prev" ]; then + __docker_containers_all + COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) + __docker_nospace + else + _filedir + fi return fi ;; From 48a8ca15d8091cb186348d0e626276c87c651699 Mon Sep 17 00:00:00 2001 From: Jeremy Unruh Date: Wed, 21 Oct 2015 08:28:37 -0700 Subject: [PATCH 0946/2538] docs: Add Netshare volume plugin to extend/plugins Signed-off-by: Jeremy Unruh --- docs/extend/plugins.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index e04de760d3..fc2cb97820 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -65,6 +65,9 @@ The following plugins exist: which is written in Go and provides advanced storage functionality for many platforms including EC2, OpenStack, XtremIO, and ScaleIO. +* The [Netshare plugin](https://github.com/gondor/docker-volume-netshare) is a volume plugin + which provides volume management for NFS 3/4, AWS EFS and CIFS file systems. + ## Troubleshooting a plugin If you are having problems with Docker after loading a plugin, ask the authors From 3e901572a5e8d8fbfabf33414b88d359ad0225ea Mon Sep 17 00:00:00 2001 From: Jeremy Unruh Date: Wed, 21 Oct 2015 18:07:55 -0700 Subject: [PATCH 0947/2538] changes from review - move up to conform to alphabetical order Signed-off-by: Jeremy Unruh --- docs/extend/plugins.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index fc2cb97820..c422b4011b 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -56,6 +56,9 @@ The following plugins exist: * The [Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) is a plugin that provides credentials and secret management using Keywhiz as a central repository. + +* The [Netshare plugin](https://github.com/gondor/docker-volume-netshare) is a volume plugin + which provides volume management for NFS 3/4, AWS EFS and CIFS file systems. * The [Pachyderm PFS plugin](https://github.com/pachyderm/pachyderm/tree/master/src/cmd/pfs-volume-driver) is a volume plugin written in Go that provides functionality to mount Pachyderm File System (PFS) @@ -65,9 +68,6 @@ The following plugins exist: which is written in Go and provides advanced storage functionality for many platforms including EC2, OpenStack, XtremIO, and ScaleIO. -* The [Netshare plugin](https://github.com/gondor/docker-volume-netshare) is a volume plugin - which provides volume management for NFS 3/4, AWS EFS and CIFS file systems. - ## Troubleshooting a plugin If you are having problems with Docker after loading a plugin, ask the authors From 91fbce30e8e6ac8a3239fb1dfa4dab913ae290f0 Mon Sep 17 00:00:00 2001 From: Jeremy Unruh Date: Wed, 21 Oct 2015 18:42:17 -0700 Subject: [PATCH 0948/2538] changes from review - which -> that Signed-off-by: Jeremy Unruh --- docs/extend/plugins.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index c422b4011b..2ea373a2ed 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -56,9 +56,9 @@ The following plugins exist: * The [Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) is a plugin that provides credentials and secret management using Keywhiz as a central repository. - + * The [Netshare plugin](https://github.com/gondor/docker-volume-netshare) is a volume plugin - which provides volume management for NFS 3/4, AWS EFS and CIFS file systems. + that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. * The [Pachyderm PFS plugin](https://github.com/pachyderm/pachyderm/tree/master/src/cmd/pfs-volume-driver) is a volume plugin written in Go that provides functionality to mount Pachyderm File System (PFS) From 428a0898582263b042450912ab193b3f8f2931a5 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 22 Oct 2015 16:59:16 +1000 Subject: [PATCH 0949/2538] Fix some errant links Signed-off-by: Sven Dowideit --- docs/reference/run.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 5d805b6e70..1cd55c7d6a 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -126,9 +126,8 @@ and pass along signals. All of that is configurable: -i=false : Keep STDIN open even if not attached If you do not specify `-a` then Docker will [attach all standard -streams]( https://github.com/docker/docker/blob/ -75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). You can -specify to which of the three standard streams (`STDIN`, `STDOUT`, +streams]( https://github.com/docker/docker/blob/75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). +You can specify to which of the three standard streams (`STDIN`, `STDOUT`, `STDERR`) you'd like to connect instead, as in: $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash From b20b7584de090e5824860aa56fb35f8a16188df0 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 22 Oct 2015 17:53:17 +0200 Subject: [PATCH 0950/2538] bash completion for `docker network inspect` supports multiple networks Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 28e3e58984..9829d65250 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1101,11 +1101,7 @@ _docker_network_inspect() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag) - if [ $cword -eq $counter ]; then - __docker_networks - fi - ;; + __docker_networks esac } From be7caf2647b90bc98a1cdd7d69534b45642d0f22 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 22 Oct 2015 18:50:41 +0200 Subject: [PATCH 0951/2538] bash completion can be configured to complete network IDs Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9829d65250..894aec6f9c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -17,6 +17,13 @@ # # Configuration: # +# For several commands, the amount of completions can be configured by +# setting environment variables. +# +# DOCKER_COMPLETION_SHOW_NETWORK_IDS +# "false" - Show names only (default) +# "true" - Show names and ids +# # You can tailor completion for the "events", "history", "inspect", "run", # "rmi" and "save" commands by settings the following environment # variables: @@ -139,7 +146,12 @@ __docker_containers_and_images() { } __docker_networks() { - COMPREPLY=( $(compgen -W "$(__docker_q network ls | awk 'NR>1 {print $2}')" -- "$cur") ) + # By default, only network names are completed. + # Set DOCKER_COMPLETION_SHOW_NETWORK_IDS=true to also complete network IDs. + local fields='$2' + [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS}" = true ] && fields='$1,$2' + local networks=$(__docker_q network ls --no-trunc | awk "NR>1 {print $fields}") + COMPREPLY=( $(compgen -W "$networks" -- "$cur") ) } __docker_volumes() { From f06b7a771399e94fed6e453d838eb55a12198732 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 23 Oct 2015 08:13:33 +0200 Subject: [PATCH 0952/2538] Zsh completion for 'docker network inspect' multiple networks Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index df4288538a..19ee5417df 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -264,7 +264,7 @@ __docker_network_subcommand() { (inspect|rm) _arguments \ $opts_help \ - "($help -):network:__docker_networks" && ret=0 + "($help -)*:network:__docker_networks" && ret=0 ;; (ls) _arguments \ From a41d4dbdde1832539f2e4c19a4f3e0c7b4d98668 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 23 Oct 2015 10:46:32 +0200 Subject: [PATCH 0953/2538] bash completion for log driver options `env` and `labels` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 894aec6f9c..6028d854ab 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -315,6 +315,7 @@ __docker_capabilities() { __docker_log_drivers() { COMPREPLY=( $( compgen -W " + awslogs fluentd gelf journald @@ -326,15 +327,21 @@ __docker_log_drivers() { __docker_log_driver_options() { # see docs/reference/logging/index.md - local fluentd_options="fluentd-address tag" - local gelf_options="gelf-address tag" - local json_file_options="max-file max-size" - local syslog_options="syslog-address syslog-facility tag" local awslogs_options="awslogs-region awslogs-group awslogs-stream" + local fluentd_options="env fluentd-address labels tag" + local gelf_options="env gelf-address labels tag" + local journald_options="env labels" + local json_file_options="env labels max-file max-size" + local syslog_options="syslog-address syslog-facility tag" + + local all_options="$fluentd_options $gelf_options $journald_options $json_file_options $syslog_options" case $(__docker_value_of_option --log-driver) in '') - COMPREPLY=( $( compgen -W "$fluentd_options $gelf_options $json_file_options $syslog_options" -S = -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$all_options" -S = -- "$cur" ) ) + ;; + awslogs) + COMPREPLY=( $( compgen -W "$awslogs_options" -S = -- "$cur" ) ) ;; fluentd) COMPREPLY=( $( compgen -W "$fluentd_options" -S = -- "$cur" ) ) @@ -342,15 +349,15 @@ __docker_log_driver_options() { gelf) COMPREPLY=( $( compgen -W "$gelf_options" -S = -- "$cur" ) ) ;; + journald) + COMPREPLY=( $( compgen -W "$journald_options" -S = -- "$cur" ) ) + ;; json-file) COMPREPLY=( $( compgen -W "$json_file_options" -S = -- "$cur" ) ) ;; syslog) COMPREPLY=( $( compgen -W "$syslog_options" -S = -- "$cur" ) ) ;; - awslogs) - COMPREPLY=( $( compgen -W "$awslogs_options" -S = -- "$cur" ) ) - ;; *) return ;; From 9d9976ae3a6129ce34d55865b501be9ab429d141 Mon Sep 17 00:00:00 2001 From: Shijiang Wei Date: Sun, 30 Aug 2015 21:48:03 +0800 Subject: [PATCH 0954/2538] Add ability to add multiple tags with docker build Signed-off-by: Shijiang Wei --- docs/reference/builder.md | 5 +++++ docs/reference/commandline/build.md | 10 +++++++++- man/docker-build.1.md | 12 ++++++++++-- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index c65f34c308..b1ed35ded2 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -62,6 +62,11 @@ the build succeeds: $ docker build -t shykes/myapp . +To tag the image into multiple repositories after the build, +add multiple `-t` parameters when you run the `build` command: + + $ docker build -t shykes/myapp:1.0.2 -t shykes/myapp:latest . + The Docker daemon runs the instructions in the `Dockerfile` one-by-one, committing the result of each instruction to a new image if necessary, before finally outputting the ID of your diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 23a34581f0..32a51ceb8b 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -31,7 +31,7 @@ parent = "smn_cli" --pull=false Always attempt to pull a newer version of the image -q, --quiet=false Suppress the verbose output generated by the containers --rm=true Remove intermediate containers after a successful build - -t, --tag="" Repository name (and optionally a tag) for the image + -t, --tag=[] Name and optionally a tag in the 'name:tag' format --ulimit=[] Ulimit options Builds Docker images from a Dockerfile and a "context". A build's context is @@ -227,6 +227,14 @@ uploaded context. The builder reference contains detailed information on This will build like the previous example, but it will then tag the resulting image. The repository name will be `vieux/apache` and the tag will be `2.0` +You can apply multiple tags to an image. For example, you can apply the `latest` +tag to a newly built image and add another tag that references a specific +version. +For example, to tag an image both as `whenry/fedora-jboss:latest` and +`whenry/fedora-jboss:v2.1`, use the following: + + $ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 . + ### Specify Dockerfile (-f) $ docker build -f Dockerfile.debug . diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 876d6fa9bb..4bf4deea59 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -16,7 +16,7 @@ docker-build - Build a new image from the source code at PATH [**--pull**[=*false*]] [**-q**|**--quiet**[=*false*]] [**--rm**[=*true*]] -[**-t**|**--tag**[=*TAG*]] +[**-t**|**--tag**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] [**--memory-swap**[=*MEMORY-SWAP*]] [**--cpu-period**[=*0*]] @@ -82,7 +82,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex Remove intermediate containers after a successful build. The default is *true*. **-t**, **--tag**="" - Repository name (and optionally a tag) to be applied to the resulting image in case of success + Repository names (and optionally with tags) to be applied to the resulting image in case of success. **-m**, **--memory**=*MEMORY* Memory limit @@ -235,6 +235,14 @@ If you do not provide a version tag then Docker will assign `latest`: When you list the images, the image above will have the tag `latest`. +You can apply multiple tags to an image. For example, you can apply the `latest` +tag to a newly built image and add another tag that references a specific +version. +For example, to tag an image both as `whenry/fedora-jboss:latest` and +`whenry/fedora-jboss:v2.1`, use the following: + + docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 . + So renaming an image is arbitrary but consideration should be given to a useful convention that makes sense for consumers and should also take into account Docker community conventions. From 1e2a27568b3765f254ff91e551fddacc786d764f Mon Sep 17 00:00:00 2001 From: Denis Gladkikh Date: Thu, 27 Aug 2015 16:03:46 -0700 Subject: [PATCH 0955/2538] Add Splunk logging driver #16207 Allow to send Splunk logs using Http Event Collector Signed-off-by: Denis Gladkikh --- contrib/completion/bash/docker | 18 +++++++++++++++++- docs/reference/run.md | 1 + man/docker-create.1.md | 2 +- man/docker-run.1.md | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 6028d854ab..bf3eec2d2e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -321,6 +321,7 @@ __docker_log_drivers() { journald json-file none + splunk syslog " -- "$cur" ) ) } @@ -333,8 +334,9 @@ __docker_log_driver_options() { local journald_options="env labels" local json_file_options="env labels max-file max-size" local syslog_options="syslog-address syslog-facility tag" + local splunk_options="splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url" - local all_options="$fluentd_options $gelf_options $journald_options $json_file_options $syslog_options" + local all_options="$fluentd_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" case $(__docker_value_of_option --log-driver) in '') @@ -358,6 +360,9 @@ __docker_log_driver_options() { syslog) COMPREPLY=( $( compgen -W "$syslog_options" -S = -- "$cur" ) ) ;; + splunk) + COMPREPLY=( $( compgen -W "$splunk_options" -S = -- "$cur" ) ) + ;; *) return ;; @@ -405,6 +410,17 @@ __docker_complete_log_driver_options() { " -- "${cur#=}" ) ) return ;; + *splunk-url=*) + COMPREPLY=( $( compgen -W "http:// https://" -- "${cur#=}" ) ) + compopt -o nospace + __ltrim_colon_completions "${cur}" + return + ;; + *splunk-insecureskipverify=*) + COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) + compopt -o nospace + return + ;; esac return 1 } diff --git a/docs/reference/run.md b/docs/reference/run.md index 1cd55c7d6a..7a5acf01b0 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1071,6 +1071,7 @@ container's logging driver. The following options are supported: | `gelf` | Graylog Extended Log Format (GELF) logging driver for Docker. Writes log messages to a GELF endpoint likeGraylog or Logstash. | | `fluentd` | Fluentd logging driver for Docker. Writes log messages to `fluentd` (forward input). | | `awslogs` | Amazon CloudWatch Logs logging driver for Docker. Writes log messages to Amazon CloudWatch Logs | +| `splunk` | Splunk logging driver for Docker. Writes log messages to `splunk` using Event Http Collector. | The `docker logs` command is available only for the `json-file` and `journald` logging drivers. For detailed information on working with logging drivers, see diff --git a/man/docker-create.1.md b/man/docker-create.1.md index ecea12c5f8..3620004005 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -174,7 +174,7 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index cb00f971e5..f40df07442 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -277,7 +277,7 @@ which interface and port to use. **--lxc-conf**=[] (lxc exec-driver only) Add custom lxc options --lxc-conf="lxc.cgroup.cpuset.cpus = 0,1" -**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" +**--log-driver**="|*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. From 526c8440048b07dad7253c9e47739fa36405bd21 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 23 Oct 2015 08:17:42 +0200 Subject: [PATCH 0956/2538] Add splunk log driver to zsh completion Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 19ee5417df..8b5d0e3cd6 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -427,7 +427,7 @@ __docker_subcommand() { "($help)--kernel-memory[Kernel memory limit in bytes.]:Memory limit: " "($help)*--link=[Add link to another container]:link:->link" "($help)*"{-l,--label=}"[Set meta data on a container]:label: " - "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs none)" + "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" "($help)*--log-opt=[Log driver specific options]:log driver options: " "($help)*--lxc-conf=[Add custom lxc options]:lxc options: " "($help)--mac-address=[Container MAC address]:MAC address: " @@ -549,7 +549,7 @@ __docker_subcommand() { "($help)--ipv6[Enable IPv6 networking]" \ "($help -l --log-level)"{-l,--log-level=}"[Set the logging level]:level:(debug info warn error fatal)" \ "($help)*--label=[Set key=value labels to the daemon]:label: " \ - "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs none)" \ + "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" \ "($help)*--log-opt=[Log driver specific options]:log driver options: " \ "($help)--mtu=[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ "($help -p --pidfile)"{-p,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ From cd95e0a5c534a34fc6c2e94b54e4a72f73fa5129 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sat, 24 Oct 2015 18:07:08 -0700 Subject: [PATCH 0957/2538] Tweaking some things Signed-off-by: Mary Anthony --- docs/README.md | 39 ++++++++++++++++----------------------- 1 file changed, 16 insertions(+), 23 deletions(-) diff --git a/docs/README.md b/docs/README.md index 96ded0c51a..de40d98864 100644 --- a/docs/README.md +++ b/docs/README.md @@ -18,7 +18,7 @@ Docker has two primary branches for documentation: | Branch | Description | URL (published via commit-hook) | |----------|--------------------------------|------------------------------------------------------------------------------| | `docs` | Official release documentation | [https://docs.docker.com](https://docs.docker.com) | -| `master` | Merged but unreleased development work | [http://docs.master.dockerproject.org](http://docs.master.dockerproject.org) | +| `master` | Merged but unreleased development work | | Additions and updates to upcoming releases are made in a feature branch off of the `master` branch. The Docker maintainers also support a `docs` branch that @@ -26,9 +26,7 @@ contains the last release of documentation. After a release, documentation updates are continually merged into `master` as they occur. This work includes new documentation for forthcoming features, bug -fixes, and other updates. Docker's CI system automatically builds and updates -the `master` documentation after each merge and posts it to -[http://docs.master.dockerproject.org](http://docs.master.dockerproject.org). +fixes, and other updates. Periodically, the Docker maintainers update `docs.docker.com` between official releases of Docker. They do this by cherry-picking commits from `master`, @@ -58,7 +56,7 @@ own. By basing from `master` your work is automatically included in the next release. It also allows docs maintainers to easily cherry-pick your changes - into the `docs` release branch. + into the `docs` release branch. 4. Modify existing or add new `.md` files to the `docs` directory. @@ -67,17 +65,16 @@ own. The `docker/docker` repository contains a `Dockerfile` and a `Makefile`. Together, these create a development environment in which you can build and run a container running the Docker documentation website. To build the - documentation site, enter `make docs` at the root of your `docker/docker` - fork: - + documentation site, enter `make docs` in the `docs` directory of your `docker/docker` fork: + $ make docs .... (lots of output) .... docker run --rm -it -e AWS_S3_BUCKET -p 8000:8000 "docker-docs:master" mkdocs serve Running at: http://0.0.0.0:8000/ Live reload enabled. Hold ctrl+c to quit. - - + + The build creates an image containing all the required tools, adds the local `docs/` directory and generates the HTML files. Then, it runs a Docker container with this image. @@ -166,7 +163,7 @@ If this happens, set the Docker host. Run the following command to get the variables in your shell: docker-machine env - + Then, set your environment accordingly. ## Cherry-picking documentation changes to update an existing release. @@ -182,13 +179,13 @@ For example, to update the current release's docs, do the following: 1. Go to your `docker/docker` fork and get the latest from master. $ git fetch upstream - + 2. Checkout a new branch based on `upstream/docs`. You should give your new branch a descriptive name. $ git checkout -b post-1.2.0-docs-update-1 upstream/docs - + 3. In a browser window, open [https://github.com/docker/docker/commits/master]. 4. Locate the merges you want to publish. @@ -200,9 +197,9 @@ For example, to update the current release's docs, do the following: 5. Copy the commit SHA from GitHub. 6. Cherry-pick the commit. - + $ git cherry-pick -x fe845c4 - + 7. Repeat until you have cherry-picked everything you want to merge. 8. Push your changes to your fork. @@ -224,13 +221,13 @@ For example, to update the current release's docs, do the following: 13. Fetch your merged pull request from `docs`. $ git fetch upstream/docs - + 14. Ensure your branch is clean and set to the latest. $ git reset --hard upstream/docs - + 15. Copy the `awsconfig` file into the `docs` directory. - + 16. Make the beta documentation $ make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release @@ -284,12 +281,8 @@ aws cloudfront create-invalidation --profile docs.docker.com --distribution-id aws cloudfront create-invalidation --profile docs.docker.com --distribution-id $DISTRIBUTION_ID --invalidation-batch '{"Paths":{"Quantity":1, "Items":["/v1.1/reference/api/docker_io_oauth_api/"]},"CallerReference":"6Mar2015sventest1"}' ``` -### Generate the man pages +### Generate the man pages For information on generating man pages (short for manual page), see the README.md document in [the man page directory](https://github.com/docker/docker/tree/master/docker) in this project. - - - - From 4332d3b5d8f69a6833590a5832a79e5a55e581c8 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 24 Oct 2015 16:38:41 +0200 Subject: [PATCH 0958/2538] Fix repeatable options in zsh completion Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8b5d0e3cd6..17977d856d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -336,7 +336,7 @@ __docker_volume_subcommand() { $opts_help \ "($help -d --driver)"{-d,--driver=}"[Specify volume driver name]:Driver name: " \ "($help)--name=[Specify volume name]" \ - "($help -o --opt)*"{-o,--opt=}"[Set driver specific options]:Driver option: " && ret=0 + "($help)*"{-o,--opt=}"[Set driver specific options]:Driver option: " && ret=0 ;; (inspect) _arguments \ @@ -347,7 +347,7 @@ __docker_volume_subcommand() { (ls) _arguments \ $opts_help \ - "($help -f --filter)*"{-f,--filter=}"[Provide filter values (i.e. 'dangling=true')]:filter: " \ + "($help)*"{-f,--filter=}"[Provide filter values (i.e. 'dangling=true')]:filter: " \ "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0 ;; (rm) @@ -474,7 +474,7 @@ __docker_subcommand() { _arguments \ $opts_help \ "($help -a --author)"{-a,--author=}"[Author]:author: " \ - "($help -c --change)*"{-c,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ + "($help)*"{-c,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ "($help -m --message)"{-m,--message=}"[Commit message]:message: " \ "($help -p --pause)"{-p,--pause}"[Pause container during commit]" \ "($help -):container:__docker_containers" \ @@ -642,7 +642,7 @@ __docker_subcommand() { (import) _arguments \ $opts_help \ - "($help -c --change)*"{-c,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ + "($help)*"{-c,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ "($help -m --message)"{-m,--message=}"[Set commit message for imported image]:message: " \ "($help -):URL:(- http:// file://)" \ "($help -): :__docker_repositories_with_tags" && ret=0 From 060e6e1935a9d06a6a8d69379f053ff2d556b7a7 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 17 Oct 2015 14:40:22 +0200 Subject: [PATCH 0959/2538] Add zsh completion for 'docker build' multi tags + Fix some others multi options Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 17977d856d..91d45935ec 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -467,7 +467,7 @@ __docker_subcommand() { "($help)--pull[Attempt to pull a newer version of the image]" \ "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ "($help)--rm[Remove intermediate containers after a successful build]" \ - "($help -t --tag)"{-t,--tag=}"[Repository, name and tag for the image]: :__docker_repositories_with_tags" \ + "($help -t --tag)*"{-t,--tag=}"[Repository, name and tag for the image]: :__docker_repositories_with_tags" \ "($help -):path or URL:_directories" && ret=0 ;; (commit) From 2102746489ada18e338af743d566827ee425ff2c Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Fri, 16 Oct 2015 23:23:58 +0200 Subject: [PATCH 0960/2538] zsh: allow short options to specify their arguments with "=" This is allowed by Docker and helps the completion to not get confused when a user uses this notation. This will also help to enable stacking of short options since Zsh needs that to not stack options with arguments. Signed-off-by: Vincent Bernat --- contrib/completion/zsh/_docker | 90 +++++++++++++++++----------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 91d45935ec..ff17076a93 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -252,7 +252,7 @@ __docker_network_subcommand() { (create) _arguments -A '-*' \ $opts_help \ - "($help -d --driver)"{-d,--driver=}"[Driver to manage the Network]:driver:(null host bridge overlay)" \ + "($help -d --driver)"{-d=,--driver=}"[Driver to manage the Network]:driver:(null host bridge overlay)" \ "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \ "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \ "($help)*--ip-range=[Allocate container ip from a sub-range]:IP/mask: " \ @@ -334,20 +334,20 @@ __docker_volume_subcommand() { (create) _arguments \ $opts_help \ - "($help -d --driver)"{-d,--driver=}"[Specify volume driver name]:Driver name: " \ + "($help -d --driver)"{-d=,--driver=}"[Specify volume driver name]:Driver name: " \ "($help)--name=[Specify volume name]" \ - "($help)*"{-o,--opt=}"[Set driver specific options]:Driver option: " && ret=0 + "($help)*"{-o=,--opt=}"[Set driver specific options]:Driver option: " && ret=0 ;; (inspect) _arguments \ $opts_help \ - "($help -f --format)"{-f,--format=}"[Format the output using the given go template]:template: " \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ "($help -)1:volume:__docker_volumes" && ret=0 ;; (ls) _arguments \ $opts_help \ - "($help)*"{-f,--filter=}"[Provide filter values (i.e. 'dangling=true')]:filter: " \ + "($help)*"{-f=,--filter=}"[Provide filter values (i.e. 'dangling=true')]:filter: " \ "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0 ;; (rm) @@ -401,12 +401,12 @@ __docker_subcommand() { "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " - "($help -m --memory)"{-m,--memory=}"[Memory limit]:Memory limit: " + "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " "($help)*--ulimit=[ulimit options]:ulimit: " ) opts_create=( - "($help -a --attach)"{-a,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" + "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" "($help)*--cap-add=[Add Linux capabilities]:capability: " @@ -416,17 +416,17 @@ __docker_subcommand() { "($help)*--dns=[Set custom DNS servers]:DNS server: " "($help)*--dns-opt=[Set custom DNS options]:DNS option: " "($help)*--dns-search=[Set custom DNS search domains]:DNS domains: " - "($help)*"{-e,--env=}"[Set environment variables]:environment variable: " + "($help)*"{-e=,--env=}"[Set environment variables]:environment variable: " "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: " "($help)*--env-file=[Read environment variables from a file]:environment file:_files" "($help)*--expose=[Expose a port from the container without publishing it]: " "($help)*--group-add=[Add additional groups to run as]:group:_groups" - "($help -h --hostname)"{-h,--hostname=}"[Container host name]:hostname:_hosts" + "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" "($help)--ipc=[IPC namespace to use]:IPC namespace: " "($help)--kernel-memory[Kernel memory limit in bytes.]:Memory limit: " "($help)*--link=[Add link to another container]:link:->link" - "($help)*"{-l,--label=}"[Set meta data on a container]:label: " + "($help)*"{-l=,--label=}"[Set meta data on a container]:label: " "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" "($help)*--log-opt=[Log driver specific options]:log driver options: " "($help)*--lxc-conf=[Add custom lxc options]:lxc options: " @@ -435,17 +435,17 @@ __docker_subcommand() { "($help)--net=[Connect a container to a network]:network mode:(bridge none container host)" "($help)--oom-kill-disable[Disable OOM Killer]" "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]" - "($help)*"{-p,--publish=}"[Expose a container's port to the host]:port:_ports" + "($help)*"{-p=,--publish=}"[Expose a container's port to the host]:port:_ports" "($help)--pid=[PID namespace to use]:PID: " "($help)--privileged[Give extended privileges to this container]" "($help)--read-only[Mount the container's root filesystem as read only]" "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)" "($help)*--security-opt=[Security options]:security option: " "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" - "($help -u --user)"{-u,--user=}"[Username or UID]:user:_users" + "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" "($help)*-v[Bind mount a volume]:volume: " "($help)*--volumes-from=[Mount volumes from the specified container]:volume: " - "($help -w --workdir)"{-w,--workdir=}"[Working directory inside the container]:directory:_directories" + "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" ) case "$words[1]" in @@ -461,21 +461,21 @@ __docker_subcommand() { $opts_help \ $opts_cpumemlimit \ "($help)*--build-arg[Set build-time variables]:=: " \ - "($help -f --file)"{-f,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ + "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ "($help)--force-rm[Always remove intermediate containers]" \ "($help)--no-cache[Do not use cache when building the image]" \ "($help)--pull[Attempt to pull a newer version of the image]" \ "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ "($help)--rm[Remove intermediate containers after a successful build]" \ - "($help -t --tag)*"{-t,--tag=}"[Repository, name and tag for the image]: :__docker_repositories_with_tags" \ + "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_repositories_with_tags" \ "($help -):path or URL:_directories" && ret=0 ;; (commit) _arguments \ $opts_help \ - "($help -a --author)"{-a,--author=}"[Author]:author: " \ - "($help)*"{-c,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ - "($help -m --message)"{-m,--message=}"[Commit message]:message: " \ + "($help -a --author)"{-a=,--author=}"[Author]:author: " \ + "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ + "($help -m --message)"{-m=,--message=}"[Commit message]:message: " \ "($help -p --pause)"{-p,--pause}"[Pause container during commit]" \ "($help -):container:__docker_containers" \ "($help -): :__docker_repositories_with_tags" && ret=0 @@ -519,7 +519,7 @@ __docker_subcommand() { _arguments \ $opts_help \ "($help)--api-cors-header=[Set CORS headers in the remote API]:CORS headers: " \ - "($help -b --bridge)"{-b,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ + "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ "($help)--bip=[Specify network bridge IP]" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ @@ -532,14 +532,14 @@ __docker_subcommand() { "($help)*--dns-opt=[DNS options to use]:DNS option: " \ "($help)*--default-ulimit=[Set default ulimit settings for containers]:ulimit: " \ "($help)--disable-legacy-registry[Do not contact legacy registries]" \ - "($help -e --exec-driver)"{-e,--exec-driver=}"[Exec driver to use]:driver:(native lxc windows)" \ + "($help -e --exec-driver)"{-e=,--exec-driver=}"[Exec driver to use]:driver:(native lxc windows)" \ "($help)*--exec-opt=[Set exec driver options]:exec driver options: " \ "($help)--exec-root=[Root of the Docker execdriver]:path:_directories" \ "($help)--fixed-cidr=[IPv4 subnet for fixed IPs]:IPv4 subnet: " \ "($help)--fixed-cidr-v6=[IPv6 subnet for fixed IPs]:IPv6 subnet: " \ - "($help -G --group)"{-G,--group=}"[Group for the unix socket]:group:_groups" \ - "($help -g --graph)"{-g,--graph=}"[Root of the Docker runtime]:path:_directories" \ - "($help -H --host)"{-H,--host=}"[tcp://host:port to bind/connect to]:host: " \ + "($help -G --group)"{-G=,--group=}"[Group for the unix socket]:group:_groups" \ + "($help -g --graph)"{-g=,--graph=}"[Root of the Docker runtime]:path:_directories" \ + "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \ "($help)--icc[Enable inter-container communication]" \ "($help)*--insecure-registry=[Enable insecure registry communication]:registry: " \ "($help)--ip=[Default IP when binding container ports]" \ @@ -547,14 +547,14 @@ __docker_subcommand() { "($help)--ip-masq[Enable IP masquerading]" \ "($help)--iptables[Enable addition of iptables rules]" \ "($help)--ipv6[Enable IPv6 networking]" \ - "($help -l --log-level)"{-l,--log-level=}"[Set the logging level]:level:(debug info warn error fatal)" \ + "($help -l --log-level)"{-l=,--log-level=}"[Set the logging level]:level:(debug info warn error fatal)" \ "($help)*--label=[Set key=value labels to the daemon]:label: " \ "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" \ "($help)*--log-opt=[Log driver specific options]:log driver options: " \ "($help)--mtu=[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ - "($help -p --pidfile)"{-p,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ + "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \ - "($help -s --storage-driver)"{-s,--storage-driver=}"[Storage driver to use]:driver:(aufs devicemapper btrfs zfs overlay)" \ + "($help -s --storage-driver)"{-s=,--storage-driver=}"[Storage driver to use]:driver:(aufs devicemapper btrfs zfs overlay)" \ "($help)--selinux-enabled[Enable selinux support]" \ "($help)*--storage-opt=[Set storage driver options]:storage driver options: " \ "($help)--tls[Use TLS]" \ @@ -591,7 +591,7 @@ __docker_subcommand() { (events) _arguments \ $opts_help \ - "($help)*"{-f,--filter=}"[Filter values]:filter: " \ + "($help)*"{-f=,--filter=}"[Filter values]:filter: " \ "($help)--since=[Events created since this timestamp]:timestamp: " \ "($help)--until=[Events created until this timestamp]:timestamp: " && ret=0 ;; @@ -603,7 +603,7 @@ __docker_subcommand() { "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \ "($help)--privileged[Give extended Linux capabilities to the command]" \ "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" \ - "($help -u --user)"{-u,--user=}"[Username or UID]:user:_users" \ + "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" \ "($help -):containers:__docker_runningcontainers" \ "($help -)*::command:->anycommand" && ret=0 @@ -618,7 +618,7 @@ __docker_subcommand() { (export) _arguments \ $opts_help \ - "($help -o --output)"{-o,--output=}"[Write to a file, instead of stdout]:output file:_files" \ + "($help -o --output)"{-o=,--output=}"[Write to a file, instead of stdout]:output file:_files" \ "($help -)*:containers:__docker_containers" && ret=0 ;; (history) @@ -634,7 +634,7 @@ __docker_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Show all images]" \ "($help)--digest[Show digests]" \ - "($help)*"{-f,--filter=}"[Filter values]:filter: " \ + "($help)*"{-f=,--filter=}"[Filter values]:filter: " \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -): :__docker_repositories" && ret=0 @@ -642,8 +642,8 @@ __docker_subcommand() { (import) _arguments \ $opts_help \ - "($help)*"{-c,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ - "($help -m --message)"{-m,--message=}"[Set commit message for imported image]:message: " \ + "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ + "($help -m --message)"{-m=,--message=}"[Set commit message for imported image]:message: " \ "($help -):URL:(- http:// file://)" \ "($help -): :__docker_repositories_with_tags" && ret=0 ;; @@ -655,7 +655,7 @@ __docker_subcommand() { local state _arguments \ $opts_help \ - "($help -f --format)"{-f,--format=}"[Format the output using the given go template]:template: " \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ "($help -s --size)"{-s,--size}"[Display total file sizes if the type is container]" \ "($help)--type=[Return JSON for specified type]:type:(image container)" \ "($help -)*: :->values" && ret=0 @@ -675,20 +675,20 @@ __docker_subcommand() { (kill) _arguments \ $opts_help \ - "($help -s --signal)"{-s,--signal=}"[Signal to send]:signal:_signals" \ + "($help -s --signal)"{-s=,--signal=}"[Signal to send]:signal:_signals" \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; (load) _arguments \ $opts_help \ - "($help -i --input)"{-i,--input=}"[Read from tar archive file]:archive file:_files -g "*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)"" && ret=0 + "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g "*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)"" && ret=0 ;; (login) _arguments \ $opts_help \ - "($help -e --email)"{-e,--email=}"[Email]:email: " \ - "($help -p --password)"{-p,--password=}"[Password]:password: " \ - "($help -u --user)"{-u,--user=}"[Username]:username: " \ + "($help -e --email)"{-e=,--email=}"[Email]:email: " \ + "($help -p --password)"{-p=,--password=}"[Password]:password: " \ + "($help -u --user)"{-u=,--user=}"[Username]:username: " \ "($help -)1:server: " && ret=0 ;; (logout) @@ -700,7 +700,7 @@ __docker_subcommand() { _arguments \ $opts_help \ "($help -f --follow)"{-f,--follow}"[Follow log output]" \ - "($help -s --since)"{-s,--since=}"[Show logs since this timestamp]:timestamp: " \ + "($help -s --since)"{-s=,--since=}"[Show logs since this timestamp]:timestamp: " \ "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \ "($help)--tail=[Output the last K lines]:lines:(1 10 20 50 all)" \ "($help -)*:containers:__docker_containers" && ret=0 @@ -738,7 +738,7 @@ __docker_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Show all containers]" \ "($help)--before=[Show only container created before...]:containers:__docker_containers" \ - "($help)*"{-f,--filter=}"[Filter values]:filter: " \ + "($help)*"{-f=,--filter=}"[Filter values]:filter: " \ "($help)--format[Pretty-print containers using a Go template]:format: " \ "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ "($help)-n[Show n last created containers, include non-running one]:n:(1 5 10 25 50)" \ @@ -767,7 +767,7 @@ __docker_subcommand() { (restart|stop) _arguments \ $opts_help \ - "($help -t --time)"{-t,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ + "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; (rm) @@ -812,7 +812,7 @@ __docker_subcommand() { (save) _arguments \ $opts_help \ - "($help -o --output)"{-o,--output=}"[Write to file]:file:_files" \ + "($help -o --output)"{-o=,--output=}"[Write to file]:file:_files" \ "($help -)*: :__docker_images" && ret=0 ;; (search) @@ -820,7 +820,7 @@ __docker_subcommand() { $opts_help \ "($help)--automated[Only show automated builds]" \ "($help)--no-trunc[Do not truncate output]" \ - "($help -s --stars)"{-s,--stars=}"[Only display with at least X stars]:stars:(0 10 100 1000)" \ + "($help -s --stars)"{-s=,--stars=}"[Only display with at least X stars]:stars:(0 10 100 1000)" \ "($help -):term: " && ret=0 ;; (start) @@ -901,8 +901,8 @@ _docker() { "(: -)"{-h,--help}"[Print usage]" \ "($help)--config[Location of client config files]:path:_directories" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ - "($help -H --host)"{-H,--host=}"[tcp://host:port to bind/connect to]:host: " \ - "($help -l --log-level)"{-l,--log-level=}"[Set the logging level]:level:(debug info warn error fatal)" \ + "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \ + "($help -l --log-level)"{-l=,--log-level=}[Set the logging level]:level:(debug info warn error fatal)" \ "($help)--tls[Use TLS]" \ "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \ "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \ From b10fb430481574b34997e4b0e00b703cfcd6669e Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Fri, 16 Oct 2015 23:29:15 +0200 Subject: [PATCH 0961/2538] zsh: allow option stacking for short options without arguments This enables Zsh to understand commands like "docker run -it ubuntu". However, by enabling this, this also makes Zsh completes "docker run -u" with "docker run -uapprox" which is not valid. The users have to put the space or the equal sign themselves before trying to complete. Therefore, this behavior is disabled by default. To enable it: zstyle ':completion:*:*:docker:*' option-stacking yes zstyle ':completion:*:*:docker-*:*' option-stacking yes Signed-off-by: Vincent Bernat --- contrib/completion/zsh/_docker | 111 ++++++++++++++++++--------------- 1 file changed, 60 insertions(+), 51 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ff17076a93..1829567089 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -38,6 +38,15 @@ # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +# Short-option stacking can be enabled with: +# zstyle ':completion:*:*:docker:*' option-stacking yes +# zstyle ':completion:*:*:docker-*:*' option-stacking yes +__docker_arguments() { + if zstyle -t ":completion:${curcontext}:" option-stacking; then + print -- -s + fi +} + __docker_get_containers() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -244,13 +253,13 @@ __docker_network_subcommand() { case "$words[1]" in (connect|disconnect) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -)1:network:__docker_networks" \ "($help -)2:containers:__docker_runningcontainers" && ret=0 ;; (create) - _arguments -A '-*' \ + _arguments $(__docker_arguments) -A '-*' \ $opts_help \ "($help -d --driver)"{-d=,--driver=}"[Driver to manage the Network]:driver:(null host bridge overlay)" \ "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \ @@ -262,18 +271,18 @@ __docker_network_subcommand() { "($help -)1:Network Name: " && ret=0 ;; (inspect|rm) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -)*:network:__docker_networks" && ret=0 ;; (ls) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help)--no-trunc[Do not truncate the output]" \ "($help -q --quiet)"{-q,--quiet}"[Only display numeric IDs]" && ret=0 ;; (help) - _arguments ":subcommand:__docker_network_commands" && ret=0 + _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0 ;; esac @@ -332,31 +341,31 @@ __docker_volume_subcommand() { case "$words[1]" in (create) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -d --driver)"{-d=,--driver=}"[Specify volume driver name]:Driver name: " \ "($help)--name=[Specify volume name]" \ "($help)*"{-o=,--opt=}"[Set driver specific options]:Driver option: " && ret=0 ;; (inspect) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ "($help -)1:volume:__docker_volumes" && ret=0 ;; (ls) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help)*"{-f=,--filter=}"[Provide filter values (i.e. 'dangling=true')]:filter: " \ "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0 ;; (rm) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -):volume:__docker_volumes" && ret=0 ;; (help) - _arguments ":subcommand:__docker_volume_commands" && ret=0 + _arguments $(__docker_arguments) ":subcommand:__docker_volume_commands" && ret=0 ;; esac @@ -450,14 +459,14 @@ __docker_subcommand() { case "$words[1]" in (attach) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help)--no-stdin[Do not attach stdin]" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ "($help -):containers:__docker_runningcontainers" && ret=0 ;; (build) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ $opts_cpumemlimit \ "($help)*--build-arg[Set build-time variables]:=: " \ @@ -471,7 +480,7 @@ __docker_subcommand() { "($help -):path or URL:_directories" && ret=0 ;; (commit) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -a --author)"{-a=,--author=}"[Author]:author: " \ "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ @@ -481,7 +490,7 @@ __docker_subcommand() { "($help -): :__docker_repositories_with_tags" && ret=0 ;; (cp) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -)1:container:->container" \ "($help -)2:hostpath:_files" && ret=0 @@ -496,7 +505,7 @@ __docker_subcommand() { esac ;; (create) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ $opts_cpumemlimit \ $opts_create \ @@ -516,7 +525,7 @@ __docker_subcommand() { ;; (daemon) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help)--api-cors-header=[Set CORS headers in the remote API]:CORS headers: " \ "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ @@ -584,12 +593,12 @@ __docker_subcommand() { esac ;; (diff) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -)*:containers:__docker_containers" && ret=0 ;; (events) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help)*"{-f=,--filter=}"[Filter values]:filter: " \ "($help)--since=[Events created since this timestamp]:timestamp: " \ @@ -597,7 +606,7 @@ __docker_subcommand() { ;; (exec) local state - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \ @@ -616,13 +625,13 @@ __docker_subcommand() { esac ;; (export) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -o --output)"{-o=,--output=}"[Write to a file, instead of stdout]:output file:_files" \ "($help -)*:containers:__docker_containers" && ret=0 ;; (history) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -H --human)"{-H,--human}"[Print sizes and dates in human readable format]" \ "($help)--no-trunc[Do not truncate output]" \ @@ -630,7 +639,7 @@ __docker_subcommand() { "($help -)*: :__docker_images" && ret=0 ;; (images) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Show all images]" \ "($help)--digest[Show digests]" \ @@ -640,7 +649,7 @@ __docker_subcommand() { "($help -): :__docker_repositories" && ret=0 ;; (import) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ "($help -m --message)"{-m=,--message=}"[Set commit message for imported image]:message: " \ @@ -648,12 +657,12 @@ __docker_subcommand() { "($help -): :__docker_repositories_with_tags" && ret=0 ;; (info|version) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help && ret=0 ;; (inspect) local state - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ "($help -s --size)"{-s,--size}"[Display total file sizes if the type is container]" \ @@ -673,18 +682,18 @@ __docker_subcommand() { esac ;; (kill) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -s --signal)"{-s=,--signal=}"[Signal to send]:signal:_signals" \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; (load) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g "*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)"" && ret=0 ;; (login) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -e --email)"{-e=,--email=}"[Email]:email: " \ "($help -p --password)"{-p=,--password=}"[Password]:password: " \ @@ -692,12 +701,12 @@ __docker_subcommand() { "($help -)1:server: " && ret=0 ;; (logout) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -)1:server: " && ret=0 ;; (logs) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -f --follow)"{-f,--follow}"[Follow log output]" \ "($help -s --since)"{-s=,--since=}"[Show logs since this timestamp]:timestamp: " \ @@ -707,7 +716,7 @@ __docker_subcommand() { ;; (network) local curcontext="$curcontext" state - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -): :->command" \ "($help -)*:: :->option-or-argument" && ret=0 @@ -723,18 +732,18 @@ __docker_subcommand() { esac ;; (pause|unpause) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; (port) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -)1:containers:__docker_runningcontainers" \ "($help -)2:port:_ports" && ret=0 ;; (ps) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Show all containers]" \ "($help)--before=[Show only container created before...]:containers:__docker_containers" \ @@ -748,30 +757,30 @@ __docker_subcommand() { "($help)--since=[Show only containers created since...]:containers:__docker_containers" && ret=0 ;; (pull) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all-tags)"{-a,--all-tags}"[Download all tagged images]" \ "($help -):name:__docker_search" && ret=0 ;; (push) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -): :__docker_images" && ret=0 ;; (rename) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -):old name:__docker_containers" \ "($help -):new name: " && ret=0 ;; (restart|stop) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; (rm) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -f --force)"{-f,--force}"[Force removal]" \ "($help -l --link)"{-l,--link}"[Remove the specified link and not the underlying container]" \ @@ -779,14 +788,14 @@ __docker_subcommand() { "($help -)*:containers:__docker_stoppedcontainers" && ret=0 ;; (rmi) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -f --force)"{-f,--force}"[Force removal]" \ "($help)--no-prune[Do not delete untagged parents]" \ "($help -)*: :__docker_images" && ret=0 ;; (run) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ $opts_cpumemlimit \ $opts_create \ @@ -810,13 +819,13 @@ __docker_subcommand() { ;; (save) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -o --output)"{-o=,--output=}"[Write to file]:file:_files" \ "($help -)*: :__docker_images" && ret=0 ;; (search) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help)--automated[Only show automated builds]" \ "($help)--no-trunc[Do not truncate output]" \ @@ -824,27 +833,27 @@ __docker_subcommand() { "($help -):term: " && ret=0 ;; (start) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \ "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \ "($help -)*:containers:__docker_stoppedcontainers" && ret=0 ;; (stats) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help)--no-stream[Disable streaming stats and only pull the first result]" \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; (tag) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -f --force)"{-f,--force}"[force]"\ "($help -):source:__docker_images"\ "($help -):destination:__docker_repositories_with_tags" && ret=0 ;; (top) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -)1:containers:__docker_runningcontainers" \ "($help -)*:: :->ps-arguments" && ret=0 @@ -857,7 +866,7 @@ __docker_subcommand() { ;; (volume) local curcontext="$curcontext" state - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -): :->command" \ "($help -)*:: :->option-or-argument" && ret=0 @@ -873,12 +882,12 @@ __docker_subcommand() { esac ;; (wait) - _arguments \ + _arguments $(__docker_arguments) \ $opts_help \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; (help) - _arguments ":subcommand:__docker_commands" && ret=0 + _arguments $(__docker_arguments) ":subcommand:__docker_commands" && ret=0 ;; esac @@ -897,7 +906,7 @@ _docker() { integer ret=1 typeset -A opt_args - _arguments -C \ + _arguments $(__docker_arguments) -C \ "(: -)"{-h,--help}"[Print usage]" \ "($help)--config[Location of client config files]:path:_directories" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ From 7f6859ce5a1ea06e630276b7a98bf56ef3e0327d Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 27 Oct 2015 10:50:45 +0100 Subject: [PATCH 0962/2538] Fix missing double quote in zsh completion Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1829567089..69b324c8dc 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -911,7 +911,7 @@ _docker() { "($help)--config[Location of client config files]:path:_directories" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \ - "($help -l --log-level)"{-l=,--log-level=}[Set the logging level]:level:(debug info warn error fatal)" \ + "($help -l --log-level)"{-l=,--log-level=}"[Set the logging level]:level:(debug info warn error fatal)" \ "($help)--tls[Use TLS]" \ "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \ "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \ From 4985b20ea1b9f81fd68bd516400e41cc9c60f34f Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sun, 18 Oct 2015 16:47:32 -0700 Subject: [PATCH 0963/2538] Updating network commands: adding man pages Adding Related information blocks Final first draft pass: ready for review Review comments Entering comments from the gang Updating connect to include paused Signed-off-by: Mary Anthony --- docs/reference/commandline/network_connect.md | 40 ++++- docs/reference/commandline/network_create.md | 119 ++++++++++++-- .../commandline/network_disconnect.md | 16 +- docs/reference/commandline/network_inspect.md | 67 ++++---- docs/reference/commandline/network_ls.md | 29 +++- docs/reference/commandline/network_rm.md | 15 +- docs/reference/commandline/run.md | 7 +- man/docker-network-connect.1.md | 55 +++++++ man/docker-network-create.1.md | 149 ++++++++++++++++++ man/docker-network-disconnect.1.md | 32 ++++ man/docker-network-inspect.1.md | 58 +++++++ man/docker-network-ls.1.md | 51 ++++++ man/docker-network-rm.1.md | 29 ++++ 13 files changed, 610 insertions(+), 57 deletions(-) create mode 100644 man/docker-network-connect.1.md create mode 100644 man/docker-network-create.1.md create mode 100644 man/docker-network-disconnect.1.md create mode 100644 man/docker-network-inspect.1.md create mode 100644 man/docker-network-ls.1.md create mode 100644 man/docker-network-rm.1.md diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index dbde67df0a..70f42f65b2 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -16,14 +16,40 @@ parent = "smn_cli" --help=false Print usage -Connects a running container to a network. This enables instant communication with other containers belonging to the same network. +Connects a running container to a network. You can connect a container by name +or by ID. Once connected, the container can communicate with other containers in +the same network. -``` - $ docker network create -d overlay multi-host-network - $ docker run -d --name=container1 busybox top - $ docker network connect multi-host-network container1 +```bash +$ docker network connect multi-host-network container1 ``` -the container will be connected to the network that is created and managed by the driver (multi-host overlay driver in the above example) or external network plugins. +You can also use the `docker run --net=` option to start a container and immediately connect it to a network. -Multiple containers can be connected to the same network and the containers in the same network will start to communicate with each other. If the driver/plugin supports multi-host connectivity, then the containers connected to the same multi-host network will be able to communicate seamlessly. +```bash +$ docker run -itd --net=multi-host-network busybox +``` + +You can pause, restart, and stop containers that are connected to a network. +Paused containers remain connected and a revealed by a `network inspect`. When +the container is stopped, it does not appear on the network until you restart +it. The container's IP address is not guaranteed to remain the same when a +stopped container rejoins the network. + +To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network. + +Once connected in network, containers can communicate using only another +container's IP address or name. For `overlay` networks or custom plugins that +support multi-host connectivity, containers connected to the same multi-host +network but launched from different Engines can also communicate in this way. + +You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks. + +## Related information + +* [network inspect](network_inspect.md) +* [network create](network_create.md) +* [network disconnect](network_disconnect.md) +* [network ls](network_ls.md) +* [network rm](network_rm.md) +* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 62302b886c..01ebda7222 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -2,7 +2,7 @@ +++ title = "network create" description = "The network create command description and usage" -keywords = ["network, create"] +keywords = ["network create"] [menu.main] parent = "smn_cli" +++ @@ -14,18 +14,117 @@ parent = "smn_cli" Creates a new network with a name specified by the user - -d, --driver= Driver to manage the Network - --help=false Print usage + --aux-address=map[] Auxiliary ipv4 or ipv6 addresses used by network driver + -d --driver=DRIVER Driver to manage the Network bridge or overlay. The default is bridge. + --gateway=[] ipv4 or ipv6 Gateway for the master subnet + --help=false Print usage + --ip-range=[] Allocate container ip from a sub-range + --ipam-driver=default IP Address Management Driver + -o --opt=map[] Set custom network plugin options + --subnet=[] Subnet in CIDR format that represents a network segment -Creates a new network that containers can connect to. If the driver supports multi-host networking, the created network will be made available across all the hosts in the cluster. Daemon will do its best to identify network name conflicts. But its the users responsibility to make sure network name is unique across the cluster. You create a network and then configure the container to use it, for example: +Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the +built-in network drivers. If you have installed a third party or your own custom +network driver you can specify that `DRIVER` here also. If you don't specify the +`--driver` option, the command automatically creates a `bridge` network for you. +When you install Docker Engine it creates a `bridge` network automatically. This +network corresponds to the `docker0` bridge that Engine has traditionally relied +on. When launch a new container with `docker run` it automatically connects to +this bridge network. You cannot remove this default bridge network but you can +create new ones using the `network create` command. -``` - $ docker network create -d overlay multi-host-network - $ docker run -itd --net=multi-host-network busybox +```bash +$ docker network create -d bridge my-bridge-network ``` -the container will be connected to the network that is created and managed by the driver (multi-host overlay driver in the above example) or external network plugins. +Bridge networks are isolated networks on a single Engine installation. If you +want to create a network that spans multiple Docker hosts each running an +Engine, you must create an `overlay` network. Unlike `bridge` networks overlay +networks require some pre-existing conditions before you can create one. These +conditions are: -Multiple containers can be connected to the same network and the containers in the same network will start to communicate with each other. If the driver/plugin supports multi-host connectivity, then the containers connected to the same multi-host network will be able to communicate seamlessly. +* Access to a key-value store. Engine supports Consul, Etcd, and Zookeeper (Distributed store) key-value stores. +* A cluster of hosts with connectivity to the key-value store. +* A properly configured Engine `daemon` on each host in the cluster. -*Note*: UX needs enhancement to accept network options to be passed to the drivers +The `docker daemon` options that support the `overlay` network are: + +* `--cluster-store` +* `--cluster-store-opt` +* `--cluster-advertise` + +To read more about these options and how to configure them, see ["*Get started +with multi-host network*"](../../userguide/networking/get-started-overlay.md). + +It is also a good idea, though not required, that you install Docker Swarm on to +manage the cluster that makes up your network. Swarm provides sophisticated +discovery and server management that can assist your implementation. + +Once you have prepared the `overlay` network prerequisites you simply choose a +Docker host in the cluster and issue the following to create the network: + +```bash +$ docker network create -d overlay my-multihost-network +``` + +Network names must be unique. The Docker daemon attempts to identify naming +conflicts but this is not guaranteed. It is the user's responsibility to avoid +name conflicts. + +## Connect containers + +When you start a container use the `--net` flag to connect it to a network. +This adds the `busybox` container to the `mynet` network. + +```bash +$ docker run -itd --net=mynet busybox +``` + +If you want to add a container to a network after the container is already +running use the `docker network connect` subcommand. + +You can connect multiple containers to the same network. Once connected, the +containers can communicate using only another container's IP address or name. +For `overlay` networks or custom plugins that support multi-host connectivity, +containers connected to the same multi-host network but launched from different +Engines can also communicate in this way. + +You can disconnect a container from a network using the `docker network +disconnect` command. + +## Specifying advanced options + +When you create a network, Engine creates a non-overlapping subnetwork for the network by default. This subnetwork is not a subdivision of an existing network. It is purely for ip-addressing purposes. You can override this default and specify subnetwork values directly using the the `--subnet` option. On a `bridge` network you can only create a single subnet: + +```bash +docker network create -d --subnet=192.168.0.0/16 +``` +Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` options. + +```bash +network create --driver=bridge --subnet=172.28.0.0/16 --ip-range=172.28.5.0/24 --gateway=172.28.5.254 br0 +``` + +If you omit the `--gateway` flag the Engine selects one for you from inside a +preferred pool. For `overlay` networks and for network driver plugins that +support it you can create multiple subnetworks. + +```bash +docker network create -d overlay + --subnet=192.168.0.0/16 --subnet=192.170.0.0/16 + --gateway=192.168.0.100 --gateway=192.170.0.100 + --ip-range=192.168.1.0/24 + --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 + --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 + my-multihost-newtork +``` +Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. + +## Related information + +* [network inspect](network_inspect.md) +* [network connect](network_connect.md) +* [network disconnect](network_disconnect.md) +* [network ls](network_ls.md) +* [network rm](network_rm.md) +* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) diff --git a/docs/reference/commandline/network_disconnect.md b/docs/reference/commandline/network_disconnect.md index bbc2372035..c0104d9ec6 100644 --- a/docs/reference/commandline/network_disconnect.md +++ b/docs/reference/commandline/network_disconnect.md @@ -16,12 +16,18 @@ parent = "smn_cli" --help=false Print usage -Disconnects a running container from a network. +Disconnects a container from a network. The container must be running to disconnect it from the network. -``` - $ docker network create -d overlay multi-host-network - $ docker run -d --net=multi-host-network --name=container1 busybox top +```bash $ docker network disconnect multi-host-network container1 ``` -the container will be disconnected from the network. + +## Related information + +* [network inspect](network_inspect.md) +* [network connect](network_connect.md) +* [network create](network_create.md) +* [network ls](network_ls.md) +* [network rm](network_rm.md) +* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index b63bf181c8..fa5b0b656d 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -10,42 +10,55 @@ parent = "smn_cli" # network inspect - Usage: docker network inspect [OPTIONS] NETWORK + Usage: docker network inspect [OPTIONS] NETWORK [NETWORK..] Displays detailed information on a network --help=false Print usage -Returns information about a network. By default, this command renders all results -in a JSON object. +Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to a network: -Example output: - -``` +```bash $ sudo docker run -itd --name=container1 busybox f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27 $ sudo docker run -itd --name=container2 busybox bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727 - -$ sudo docker network inspect bridge -{ - "name": "bridge", - "id": "7fca4eb8c647e57e9d46c32714271e0c3f8bf8d17d346629e2820547b2d90039", - "driver": "bridge", - "containers": { - "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { - "endpoint": "e0ac95934f803d7e36384a2029b8d1eeb56cb88727aa2e8b7edfeebaa6dfd758", - "mac_address": "02:42:ac:11:00:03", - "ipv4_address": "172.17.0.3/16", - "ipv6_address": "" - }, - "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { - "endpoint": "31de280881d2a774345bbfb1594159ade4ae4024ebfb1320cb74a30225f6a8ae", - "mac_address": "02:42:ac:11:00:02", - "ipv4_address": "172.17.0.2/16", - "ipv6_address": "" - } - } -} ``` + +The `network inspect` command shows the containers, by id, in its results. + +```bash +$ sudo docker network inspect bridge +[ + { + "name": "bridge", + "id": "7fca4eb8c647e57e9d46c32714271e0c3f8bf8d17d346629e2820547b2d90039", + "driver": "bridge", + "containers": { + "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { + "endpoint": "e0ac95934f803d7e36384a2029b8d1eeb56cb88727aa2e8b7edfeebaa6dfd758", + "mac_address": "02:42:ac:11:00:03", + "ipv4_address": "172.17.0.3/16", + "ipv6_address": "" + }, + "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { + "endpoint": "31de280881d2a774345bbfb1594159ade4ae4024ebfb1320cb74a30225f6a8ae", + "mac_address": "02:42:ac:11:00:02", + "ipv4_address": "172.17.0.2/16", + "ipv6_address": "" + } + } + } +] +``` + + +## Related information + +* [network disconnect ](network_disconnect.md) +* [network connect](network_connect.md) +* [network create](network_create.md) +* [network ls](network_ls.md) +* [network rm](network_rm.md) +* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 09f290f06c..2a102f5f6d 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -17,14 +17,35 @@ parent = "smn_cli" --no-trunc=false Do not truncate the output -q, --quiet=false Only display numeric IDs -Lists all the networks Docker knows about. This include the networks that spans across multiple hosts in a cluster. +Lists all the networks the Engine `daemon` knows about. This includes the +networks that span across multiple hosts in a cluster, for example: -Example output: - -``` +```bash $ sudo docker network ls NETWORK ID NAME DRIVER 7fca4eb8c647 bridge bridge 9f904ee27bf5 none null cf03ee007fb4 host host + 78b03ee04fc4 multi-host overlay ``` + +Use the `--no-trunc` option to display the full network id: + +```bash +docker network ls --no-trunc +NETWORK ID NAME DRIVER +18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null +c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host +7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge +95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge +``` + + +## Related information + +* [network disconnect ](network_disconnect.md) +* [network connect](network_connect.md) +* [network create](network_create.md) +* [network inspect](network_inspect.md) +* [network rm](network_rm.md) +* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index 9588f0a953..34093cd38f 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -10,14 +10,23 @@ parent = "smn_cli" # network rm - Usage: docker network rm [OPTIONS] NETWORK + Usage: docker network rm [OPTIONS] NAME | ID Deletes a network --help=false Print usage -Removes a network. You cannot remove a network that is in use by 1 or more containers. +Removes a network by name or identifier. To remove a network, you must first disconnect any containers connected to it. -``` +```bash $ docker network rm my-network ``` + +## Related information + +* [network disconnect ](network_disconnect.md) +* [network connect](network_connect.md) +* [network create](network_create.md) +* [network ls](network_ls.md) +* [network inspect](network_inspect.md) +* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index c25c5f3235..fdfd96b2da 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -54,7 +54,12 @@ parent = "smn_cli" --memory-swap="" Total memory (memory + swap), '-1' to disable swap --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --name="" Assign a name to the container - --net="default" Set the Network mode for the container + --net="bridge" Connects a container to a network + 'bridge': creates a new network stack for the container on the docker bridge + 'none': no networking for this container + 'container:': reuses another container network stack + 'host': use the host network stack inside the container + 'NETWORK': connects the container to user-created network using `docker network create` command --oom-kill-disable=false Whether to disable OOM Killer for the container or not -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host diff --git a/man/docker-network-connect.1.md b/man/docker-network-connect.1.md new file mode 100644 index 0000000000..7dc23eb313 --- /dev/null +++ b/man/docker-network-connect.1.md @@ -0,0 +1,55 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-connect - connect a container to a network + +# SYNOPSIS +**docker network connect NAME CONTAINER** + +[**--help**] + +# DESCRIPTION + +Connects a running container to a network. You can connect a container by name +or by ID. Once connected, the container can communicate with other containers in +the same network. + +```bash +$ docker network connect multi-host-network container1 +``` + +You can also use the `docker run --net=` option to start a container and immediately connect it to a network. + +```bash +$ docker run -itd --net=multi-host-network busybox +``` + +You can pause, restart, and stop containers that are connected to a network. +Paused containers remain connected and a revealed by a `network inspect`. When +the container is stopped, it does not appear on the network until you restart +it. The container's IP address is not guaranteed to remain the same when a +stopped container rejoins the network. + +To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network. + +Once connected in network, containers can communicate using only another +container's IP address or name. For `overlay` networks or custom plugins that +support multi-host connectivity, containers connected to the same multi-host +network but launched from different Engines can also communicate in this way. + +You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks. + + +# OPTIONS +**NAME** + Specify network driver name + +**CONTAINER** + Specify container name + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md new file mode 100644 index 0000000000..308f2d6bfc --- /dev/null +++ b/man/docker-network-create.1.md @@ -0,0 +1,149 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-create - create a new network + +# SYNOPSIS +**docker network create** + +**--aux-address=map[]** +**-d** | **--driver=DRIVER** +**--gateway=[]** +**--help=false** +**--ip-range=[]** +**--ipam-driver=default** +**-o** | **--opt=map[]** +**--subnet=[]** + +# DESCRIPTION + +Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the +built-in network drivers. If you have installed a third party or your own custom +network driver you can specify that `DRIVER` here also. If you don't specify the +`--driver` option, the command automatically creates a `bridge` network for you. +When you install Docker Engine it creates a `bridge` network automatically. This +network corresponds to the `docker0` bridge that Engine has traditionally relied +on. When launch a new container with `docker run` it automatically connects to +this bridge network. You cannot remove this default bridge network but you can +create new ones using the `network create` command. + +```bash +$ docker network create -d bridge my-bridge-network +``` + +Bridge networks are isolated networks on a single Engine installation. If you +want to create a network that spans multiple Docker hosts each running an +Engine, you must create an `overlay` network. Unlike `bridge` networks overlay +networks require some pre-existing conditions before you can create one. These +conditions are: + +* Access to a key-value store. Engine supports Consul, Etcd, and Zookeeper (Distributed store) key-value stores. +* A cluster of hosts with connectivity to the key-value store. +* A properly configured Engine `daemon` on each host in the cluster. + +The `docker daemon` options that support the `overlay` network are: + +* `--cluster-store` +* `--cluster-store-opt` +* `--cluster-advertise` + +To read more about these options and how to configure them, see ["*Get started +with multi-host +network*"](https://www.docker.com/engine/userguide/networking/get-started-overlay.md). + +It is also a good idea, though not required, that you install Docker Swarm on to +manage the cluster that makes up your network. Swarm provides sophisticated +discovery and server management that can assist your implementation. + +Once you have prepared the `overlay` network prerequisites you simply choose a +Docker host in the cluster and issue the following to create the network: + +```bash +$ docker network create -d overlay my-multihost-network +``` + +Network names must be unique. The Docker daemon attempts to identify naming +conflicts but this is not guaranteed. It is the user's responsibility to avoid +name conflicts. + +## Connect containers + +When you start a container use the `--net` flag to connect it to a network. +This adds the `busybox` container to the `mynet` network. + +```bash +$ docker run -itd --net=mynet busybox +``` + +If you want to add a container to a network after the container is already +running use the `docker network connect` subcommand. + +You can connect multiple containers to the same network. Once connected, the +containers can communicate using only another container's IP address or name. +For `overlay` networks or custom plugins that support multi-host connectivity, +containers connected to the same multi-host network but launched from different +Engines can also communicate in this way. + +You can disconnect a container from a network using the `docker network +disconnect` command. + +## Specifying advanced options + +When you create a network, Engine creates a non-overlapping subnetwork for the +network by default. This subnetwork is not a subdivision of an existing network. +It is purely for ip-addressing purposes. You can override this default and +specify subnetwork values directly using the the `--subnet` option. On a +`bridge` network you can only create a single subnet: + +```bash +docker network create -d --subnet=192.168.0.0/16 +``` +Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` options. + +```bash +network create --driver=bridge --subnet=172.28.0.0/16 --ip-range=172.28.5.0/24 --gateway=172.28.5.254 br0 +``` + +If you omit the `--gateway` flag the Engine selects one for you from inside a +preferred pool. For `overlay` networks and for network driver plugins that +support it you can create multiple subnetworks. + +```bash +docker network create -d overlay + --subnet=192.168.0.0/16 --subnet=192.170.0.0/16 + --gateway=192.168.0.100 --gateway=192.170.0.100 + --ip-range=192.168.1.0/24 + --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 + --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 + my-multihost-newtork +``` +Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. + +# OPTIONS +**--aux-address=map[]** + Auxiliary ipv4 or ipv6 addresses used by network driver + +**-d** | **--driver=DRIVER** + Driver to manage the Network bridge or overlay. The default is bridge. + +**--gateway=[] ** + ipv4 or ipv6 Gateway for the master subnet + +**--help=false ** + Print usage + +**--ip-range=[] ** + Allocate container ip from a sub-range + +**--ipam-driver=default ** + IP Address Management Driver + +**-o | --opt=map[]** + Set custom network plugin options + +**--subnet=[]** + Subnet in CIDR format that represents a network segment + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/man/docker-network-disconnect.1.md b/man/docker-network-disconnect.1.md new file mode 100644 index 0000000000..6cbc441195 --- /dev/null +++ b/man/docker-network-disconnect.1.md @@ -0,0 +1,32 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-disconnect - disconnect a container from a network + +# SYNOPSIS +**docker network disconnect NETWORK CONTAINER** + +[**--help**] + +# DESCRIPTION + +Disconnects a container from a network. The container must be running to disconnect it from the network. + +```bash + $ docker network disconnect multi-host-network container1 +``` + + +# OPTIONS +**NETWORK** + Specify network name + +**CONTAINER** + Specify container name + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/man/docker-network-inspect.1.md b/man/docker-network-inspect.1.md new file mode 100644 index 0000000000..3b128223c6 --- /dev/null +++ b/man/docker-network-inspect.1.md @@ -0,0 +1,58 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-inspect - inspect a network + +# SYNOPSIS +**docker network inspect NETWORK [NETWORK...]** + +[**--help**] + +# DESCRIPTION + +Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to a network: + +```bash +$ sudo docker run -itd --name=container1 busybox +f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27 + +$ sudo docker run -itd --name=container2 busybox +bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727 +``` + +The `network inspect` command shows the containers, by id, in its results. + +```bash +$ sudo docker network inspect bridge +[ + { + "name": "bridge", + "id": "7fca4eb8c647e57e9d46c32714271e0c3f8bf8d17d346629e2820547b2d90039", + "driver": "bridge", + "containers": { + "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { + "endpoint": "e0ac95934f803d7e36384a2029b8d1eeb56cb88727aa2e8b7edfeebaa6dfd758", + "mac_address": "02:42:ac:11:00:03", + "ipv4_address": "172.17.0.3/16", + "ipv6_address": "" + }, + "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { + "endpoint": "31de280881d2a774345bbfb1594159ade4ae4024ebfb1320cb74a30225f6a8ae", + "mac_address": "02:42:ac:11:00:02", + "ipv4_address": "172.17.0.2/16", + "ipv6_address": "" + } + } + } +] +``` + + +# OPTIONS + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/man/docker-network-ls.1.md b/man/docker-network-ls.1.md new file mode 100644 index 0000000000..5dd2ad4804 --- /dev/null +++ b/man/docker-network-ls.1.md @@ -0,0 +1,51 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-ls - list networks + +# SYNOPSIS +**docker network ls** + +[**--no-trunc**] +[**-q** | **--quiet**] +[**--help**] + +# DESCRIPTION + +Lists all the networks the Engine `daemon` knows about. This includes the +networks that span across multiple hosts in a cluster, for example: + +```bash + $ sudo docker network ls + NETWORK ID NAME DRIVER + 7fca4eb8c647 bridge bridge + 9f904ee27bf5 none null + cf03ee007fb4 host host + 78b03ee04fc4 multi-host overlay +``` + +Use the `--no-trunc` option to display the full network id: + +```bash +docker network ls --no-trunc +NETWORK ID NAME DRIVER +18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null +c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host +7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge +95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge +``` + +# OPTIONS + +[**--no-trunc**] + Do not truncate the output + +[**-q** | **--quiet**] + Only display numeric IDs + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony diff --git a/man/docker-network-rm.1.md b/man/docker-network-rm.1.md new file mode 100644 index 0000000000..d5c4515f67 --- /dev/null +++ b/man/docker-network-rm.1.md @@ -0,0 +1,29 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% OCT 2015 +# NAME +docker-network-rm - remove a new network + +# SYNOPSIS +**docker network rm NETWORK** + +[**--help**] + +# DESCRIPTION + +Removes a network by name or identifier. To remove a network, you must first disconnect any containers connected to it. + +``` + $ docker network rm my-network +``` + + +# OPTIONS +**NETWORK** + Specify network name + +**--help** + Print usage statement + +# HISTORY +OCT 2015, created by Mary Anthony From 05242a4c60a9fb2294d846338b2df3157af70194 Mon Sep 17 00:00:00 2001 From: Eric Rosenberg Date: Wed, 28 Oct 2015 13:06:21 -0500 Subject: [PATCH 0964/2538] Update kill.md Added Note to show users that signals will not propagate to the container if the preferred exec form isn't used. Signed-off-by: Eric Rosenberg --- docs/reference/commandline/kill.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/reference/commandline/kill.md b/docs/reference/commandline/kill.md index e25c899229..dabbabbe77 100644 --- a/docs/reference/commandline/kill.md +++ b/docs/reference/commandline/kill.md @@ -19,3 +19,8 @@ parent = "smn_cli" The main process inside the container will be sent `SIGKILL`, or any signal specified with option `--signal`. + +> **Note:** +> `ENTRYPOINT` and `CMD` in the *shell* form run as a subcommand of `/bin/sh -c`, +> which does not pass signals. This means that the executable is not the container’s PID 1 +> and does not receive Unix signals. From 02a859b9f3fdb965f1bba0ecab160521874bca74 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Wed, 30 Sep 2015 13:11:36 -0700 Subject: [PATCH 0965/2538] First pass at consolidating Removing old networking.md Updating dockernetworks.md with images Adding information on network plugins Adding blurb about links to docker networking Updating the working documentation Adding Overlay Getting Started Downplaying links by removing refs/examples, adding refs/examples for network. Updating getting started to reflect networks not links Pulling out old network material Updating per discussion with Madhu to add Default docs section Updating with bridge default Fix bad merge Updating with new cluster-advertise behavior Update working and NetworkSettings examples Correcting example for default bridge discovery behavior Entering comments Fixing broken Markdown Syntax Updating with comments Updating all the links Signed-off-by: Mary Anthony --- docs/extend/plugins.md | 5 +- docs/extend/plugins_network.md | 49 +++--- docs/reference/builder.md | 88 +++++------ docs/reference/commandline/attach.md | 2 +- docs/reference/commandline/daemon.md | 15 +- docs/reference/commandline/inspect.md | 6 +- docs/reference/commandline/network_connect.md | 2 +- docs/reference/commandline/network_create.md | 4 +- .../commandline/network_disconnect.md | 2 +- docs/reference/commandline/network_inspect.md | 2 +- docs/reference/commandline/network_ls.md | 2 +- docs/reference/commandline/network_rm.md | 2 +- docs/reference/commandline/run.md | 80 ++++------ docs/reference/glossary.md | 11 +- docs/reference/run.md | 142 ++++++------------ experimental/README.md | 2 +- man/docker-attach.1.md | 2 +- man/docker-daemon.8.md | 5 +- man/docker-inspect.1.md | 2 +- 19 files changed, 175 insertions(+), 248 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 2ea373a2ed..4d73c8e310 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -18,9 +18,8 @@ plugins. Plugins extend Docker's functionality. They come in specific types. For example, a [volume plugin](plugins_volume.md) might enable Docker -volumes to persist across multiple Docker hosts and a -[network plugin](plugins_network.md) might provide network plumbing -using a favorite networking technology, such as vxlan overlay, ipvlan, EVPN, etc. +volumes to persist across multiple Docker hosts and a +[network plugin](plugins_network.md) might provide network plumbing. Currently Docker supports volume and network driver plugins. In the future it will support additional plugin types. diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index 335ee9d04a..b1c05558d3 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -1,7 +1,7 @@ From 555f500ab47b376ee85a35357f47a88b470a5ee2 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Wed, 11 Nov 2015 14:29:02 -0800 Subject: [PATCH 0990/2538] Include xfsprogs in build environment. devmapper uses xfs by default now. So include xfsprogs in build environment. Also update docs to reflect the new default. Signed-off-by: Anusha Ragunathan --- docs/reference/commandline/daemon.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 8e3200d0ac..3cb93b375f 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -260,11 +260,11 @@ options for `zfs` start with `zfs`. * `dm.fs` Specifies the filesystem type to use for the base device. The supported - options are "ext4" and "xfs". The default is "ext4" + options are "ext4" and "xfs". The default is "xfs" Example use: - $ docker daemon --storage-opt dm.fs=xfs + $ docker daemon --storage-opt dm.fs=ext4 * `dm.mkfsarg` From cfe0fadee2dafd870961d56a3752844d955acd72 Mon Sep 17 00:00:00 2001 From: Viktor Stanchev Date: Mon, 26 Oct 2015 16:54:47 -0700 Subject: [PATCH 0991/2538] more notary documentation Signed-off-by: Viktor Stanchev --- docs/reference/commandline/cli.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 78d1963d35..573015d01b 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -48,6 +48,8 @@ by the `docker` command line: * `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote. * `DOCKER_CONTENT_TRUST` When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. +* `DOCKER_CONTENT_TRUST_SERVER` The URL of the Notary server to use. This defaults + to the same URL as the registry. * `DOCKER_TMPDIR` Location for temporary Docker files. Because Docker is developed using 'Go', you can also use any environment @@ -109,6 +111,15 @@ Following is a sample `config.json` file: "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}" } +### Notary + +If using your own notary server and a self-signed certificate or an internal +Certificate Authority, you need to place the certificate at +`tls//ca.crt` in your docker config directory. + +Alternatively you can trust the certificate globally by adding it to your system's +list of root Certificate Authorities. + ## Help To list the help on any command just execute the command, followed by the From c14094b895bdc8b71c692f3e2a4d70ff37c97415 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 12 Nov 2015 08:35:32 +0100 Subject: [PATCH 0992/2538] Add zsh completion for 'docker {run,create} --volume-driver' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d9d6678861..4ae3f140fd 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -343,7 +343,7 @@ __docker_volume_subcommand() { (create) _arguments $(__docker_arguments) \ $opts_help \ - "($help -d --driver)"{-d=,--driver=}"[Specify volume driver name]:Driver name: " \ + "($help -d --driver)"{-d=,--driver=}"[Specify volume driver name]:Driver name:(local)" \ "($help)--name=[Specify volume name]" \ "($help)*"{-o=,--opt=}"[Set driver specific options]:Driver option: " && ret=0 ;; @@ -452,6 +452,7 @@ __docker_subcommand() { "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" "($help)*-v[Bind mount a volume]:volume: " + "($help)--volume-driver=[Optional volume driver for the container]:volume driver:(local)" "($help)*--volumes-from=[Mount volumes from the specified container]:volume: " "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" ) From e1f83cb82b0a4ce6f3318a1acdde588cf55a88e6 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 12 Nov 2015 12:38:46 +0100 Subject: [PATCH 0993/2538] docs: fix link to "run reference" Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 2f11bfbd4d..38ad091e7e 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -82,7 +82,7 @@ This is useful when you want to set up a container configuration ahead of time so that it is ready to start when you need it. The initial status of the new container is `created`. -Please see the [run command](run.md) section and the [Docker run reference](run.md) for more details. +Please see the [run command](run.md) section and the [Docker run reference](../run.md) for more details. ## Examples From d6bac189148c22e838ff3a978038785bc5508ffb Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Mon, 2 Nov 2015 17:20:38 -0500 Subject: [PATCH 0994/2538] docker-login man/doc add security info Signed-off-by: Sally O'Malley --- docs/reference/commandline/login.md | 13 +++++++++++++ man/docker-login.1.md | 9 +++++++++ 2 files changed, 22 insertions(+) diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index 6361d99f58..c6e367c478 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -25,3 +25,16 @@ adding the server name. example: $ docker login localhost:8080 + + +`docker login` requires user to use `sudo` or be `root`, except when: + +1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details. + +You can log into any public or private repository for which you have +credentials. When you log in, the command stores encoded credentials in +`$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. + +> **Note**: When running `sudo docker login` credentials are saved in `/root/.docker/config.json`. +> diff --git a/man/docker-login.1.md b/man/docker-login.1.md index b87e2c1591..c32a49b075 100644 --- a/man/docker-login.1.md +++ b/man/docker-login.1.md @@ -18,10 +18,18 @@ Register or log in to a Docker Registry located on the specified do not specify a `SERVER`, the command uses Docker's public registry located at `https://registry-1.docker.io/` by default. To get a username/password for Docker's public registry, create an account on Docker Hub. +`docker login` requires user to use `sudo` or be `root`, except when: + +1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details. + You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. +> **Note**: When running `sudo docker login` credentials are saved in `/root/.docker/config.json`. +> + # OPTIONS **-e**, **--email**="" Email @@ -49,3 +57,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit April 2015, updated by Mary Anthony for v2 +November 2015, updated by Sally O'Malley From e303d6cc9ff092c840e4d0122045624e4ca9b12e Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Fri, 12 Jun 2015 08:34:20 +0800 Subject: [PATCH 0995/2538] Add support for blkio.weight_device Signed-off-by: Ma Shimiao --- contrib/completion/bash/docker | 1 + contrib/completion/zsh/_docker | 1 + docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 1 + docs/reference/run.md | 24 ++++++++++++++++++++++-- man/docker-create.1.md | 4 ++++ man/docker-run.1.md | 11 +++++++++++ 7 files changed, 41 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 851f30d1e6..2fbd5a82cf 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1355,6 +1355,7 @@ _docker_run() { --add-host --attach -a --blkio-weight + --blkio-weight-device --cap-add --cap-drop --cgroup-parent diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4ae3f140fd..6656161d7d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -418,6 +418,7 @@ __docker_subcommand() { "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" + "($help)--blkio-weight-device=-[Block IO (relative device weight)]:device:Block IO weight: " "($help)*--cap-add=[Add Linux capabilities]:capability: " "($help)*--cap-drop=[Drop Linux capabilities]:capability: " "($help)--cidfile=[Write the container ID to the file]:CID file:_files" diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 38ad091e7e..9c4b19bd8c 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -19,6 +19,7 @@ Creates a new container. -a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) --blkio-weight=0 Block IO weight (relative weight) + --blkio-weight-device="" Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 76446ca84b..3ad93f2fa3 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -17,6 +17,7 @@ parent = "smn_cli" -a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) --blkio-weight=0 Block IO weight (relative weight) + --blkio-weight-device="" Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities diff --git a/docs/reference/run.md b/docs/reference/run.md index eecc4a5765..5ea79d4b28 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -623,6 +623,7 @@ container: | `--cpuset-mems=""` | Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. | | `--cpu-quota=0` | Limit the CPU CFS (Completely Fair Scheduler) quota | | `--blkio-weight=0` | Block IO weight (relative weight) accepts a weight value between 10 and 1000. | +| `--blkio-weight-device=""` | Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) | | `--oom-kill-disable=false` | Whether to disable OOM Killer for the container or not. | | `--memory-swappiness="" ` | Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. | @@ -937,6 +938,9 @@ By default, all containers get the same proportion of block IO bandwidth container's blkio weight relative to the weighting of all other running containers using the `--blkio-weight` flag. +> **Note:** The blkio weight setting is only available for direct IO. Buffered IO +> is not currently supported. + The `--blkio-weight` flag can set the weighting to a value between 10 to 1000. For example, the commands below create two containers with different blkio weight: @@ -951,8 +955,24 @@ If you do block IO in the two containers at the same time, by, for example: You'll find that the proportion of time is the same as the proportion of blkio weights of the two containers. -> **Note:** The blkio weight setting is only available for direct IO. Buffered IO -> is not currently supported. +The `--blkio-weight-device="DEVICE_NAME:WEIGHT"` flag sets a specific device weight. +The `DEVICE_NAME:WEIGHT` is a string containing a colon-separated device name and weight. +For example, to set `/dev/sda` device weight to `200`: + +$ docker run -it \ + --blkio-weight-device "/dev/sda:200" \ + ubuntu + +If you specify both the `--blkio-weight` and `--blkio-weight-device`, Docker +uses the `--blkio-weight` as the default weight and uses `--blkio-weight-device` +to override this default with a new value on a specific device. +The following example uses a default weight of `300` and overrides this default +on `/dev/sda` setting that weight to `200`: + +$ docker run -it \ + --blkio-weight 300 \ + --blkio-weight-device "/dev/sda:200" \ + ubuntu ## Additional groups --group-add: Add Linux capabilities diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 939baf91ae..b919234073 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -9,6 +9,7 @@ docker-create - Create a new container [**-a**|**--attach**[=*[]*]] [**--add-host**[=*[]*]] [**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**--blkio-weight-device**[=*[]*]] [**--cpu-shares**[=*0*]] [**--cap-add**[=*[]*]] [**--cap-drop**[=*[]*]] @@ -82,6 +83,9 @@ The initial status of the container created with **docker create** is 'created'. **--blkio-weight**=*0* Block IO weight (relative weight) accepts a weight value between 10 and 1000. +**--blkio-weight-device**=[] + Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`). + **--cpu-shares**=*0* CPU shares (relative weight) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 76d207a760..72475b098a 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -9,6 +9,7 @@ docker-run - Run a command in a new container [**-a**|**--attach**[=*[]*]] [**--add-host**[=*[]*]] [**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**--blkio-weight-device**[=*[]*]] [**--cpu-shares**[=*0*]] [**--cap-add**[=*[]*]] [**--cap-drop**[=*[]*]] @@ -99,6 +100,9 @@ option can be set multiple times. **--blkio-weight**=*0* Block IO weight (relative weight) accepts a weight value between 10 and 1000. +**--blkio-weight-device**=[] + Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`). + **--cpu-shares**=*0* CPU shares (relative weight) @@ -755,6 +759,13 @@ Note: You would have to write policy defining a `svirt_apache_t` type. +## Setting device weight + +If you want to set `/dev/sda` device weight to `200`, you can specify the device +weight by `--blkio-weight-device` flag. Use the following command: + + # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 564b68091ed0d652e4cebb298e8aec83c5c28040 Mon Sep 17 00:00:00 2001 From: pidster Date: Fri, 13 Nov 2015 10:06:04 +0000 Subject: [PATCH 0996/2538] Add Weave Network Plugin to docs/extend/plugins.md Signed-off-by: pidster --- docs/extend/plugins.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 37147a2b50..6c17b9072d 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -80,6 +80,8 @@ multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards. +* The [Weave Network Plugin](https://github.com/weaveworks/docker-plugin) creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. + ## Troubleshooting a plugin If you are having problems with Docker after loading a plugin, ask the authors From 4978171903b6b41016d4e0d743d13206b9317cda Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 14 Oct 2015 14:42:21 -0700 Subject: [PATCH 0997/2538] Support multi-dir wildcards in .dockerignore Closes #13113 Signed-off-by: Doug Davis --- docs/reference/builder.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 5479bb001e..7c0e54d249 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -232,6 +232,11 @@ eliminates `.` and `..` elements using Go's [filepath.Clean](http://golang.org/pkg/path/filepath/#Clean). Lines that are blank after preprocessing are ignored. +Beyond Go's filepath.Match rules, Docker also supports a special +wildcard string `**` that matches any number of directories (including +zero). For example, `**/*.go` will exclude all files that end with `.go` +that are found in all directories, including the root of the build context. + Lines starting with `!` (exclamation mark) can be used to make exceptions to exclusions. The following is an example `.dockerignore` file that uses this mechanism: From d998542977884100fab42e9f4ecda2c260b3ba1e Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 15 Nov 2015 09:35:40 -0800 Subject: [PATCH 0998/2538] bash completion for `docker {run,create} --volume-driver` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2fbd5a82cf..0659c33fb9 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1397,6 +1397,7 @@ _docker_run() { --ulimit --user -u --uts + --volume-driver --volumes-from --volume -v --workdir -w @@ -1541,6 +1542,10 @@ _docker_run() { esac return ;; + --volume-driver) + COMPREPLY=( $( compgen -W "local" -- "$cur" ) ) + return + ;; --volumes-from) __docker_containers_all return From e71bd977cf1bef182c290d09ba125a8d0a1f58df Mon Sep 17 00:00:00 2001 From: Zhang Kun Date: Fri, 30 Oct 2015 10:48:56 +0800 Subject: [PATCH 0999/2538] fix doc Signed-off-by: Zhang Kun fix doc Signed-off-by: Zhang Kun --- docs/reference/commandline/volume_create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index f91c1e415c..b484724ffb 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -33,7 +33,7 @@ Multiple containers can use the same volume in the same time period. This is use Volume names must be unique among drivers. This means you cannot use the same volume name with two different drivers. If you attempt this `docker` returns an error: ``` -A volume named %s already exists with the %s driver. Choose a different volume name. +A volume named "hello" already exists with the "some-other" driver. Choose a different volume name. ``` If you specify a volume name already in use on the current driver, Docker assumes you want to re-use the existing volume and does not return an error. From a1483730621d58b756acd88b289828440598a056 Mon Sep 17 00:00:00 2001 From: Denis Gladkikh Date: Tue, 10 Nov 2015 16:42:27 -0800 Subject: [PATCH 1000/2538] Allow configurable metadata for Splunk log driver Add support of `tag`, `env` and `labels` for Splunk logging driver. Removed from message `containerId` as it is the same as `tag`. Signed-off-by: Denis Gladkikh --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0659c33fb9..f2648f70c0 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -337,7 +337,7 @@ __docker_log_driver_options() { local journald_options="env labels" local json_file_options="env labels max-file max-size" local syslog_options="syslog-address syslog-facility tag" - local splunk_options="splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url" + local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag" local all_options="$fluentd_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" From b1287de07b2d5a245c10357148dc21a52205dcae Mon Sep 17 00:00:00 2001 From: Kunal Kushwaha Date: Fri, 23 Oct 2015 15:08:26 +0900 Subject: [PATCH 1001/2538] Supported added for reterving Plugin list for Network and Volume. Also, plugin information in docker info output. Signed-off-by: Kunal Kushwaha --- man/docker-info.1.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/man/docker-info.1.md b/man/docker-info.1.md index f67a4fb00c..2abfb0b4ec 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -39,6 +39,9 @@ Here is a sample output: Dirs: 80 Execution Driver: native-0.2 Logging Driver: json-file + Plugins: + Volume: local + Network: bridge null host Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS CPUs: 1 From 212fe5f2d05524bae59a737b9975e07d16b1bb16 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 28 Oct 2015 09:19:51 -0400 Subject: [PATCH 1002/2538] Relabel BTRFS Content on container Creation This change will allow us to run SELinux in a container with BTRFS back end. We continue to work on fixing the kernel/BTRFS but this change will allow SELinux Security separation on BTRFS. It basically relabels the content on container creation. Just relabling -init directory in BTRFS use case. Everything looks like it works. I don't believe tar/achive stores the SELinux labels, so we are good as far as docker commit. Tested Speed on startup with BTRFS on top of loopback directory. BTRFS not on loopback should get even better perfomance on startup time. The more inodes inside of the container image will increase the relabel time. This patch will give people who care more about security the option of runnin BTRFS with SELinux. Those who don't want to take the slow down can disable SELinux either in individual containers or for all containers by continuing to disable SELinux in the daemon. Without relabel: > time docker run --security-opt label:disable fedora echo test test real 0m0.918s user 0m0.009s sys 0m0.026s With Relabel test real 0m1.942s user 0m0.007s sys 0m0.030s Signed-off-by: Dan Walsh Signed-off-by: Dan Walsh --- man/docker-daemon.8.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 31e20c7c67..de16f6849e 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -191,7 +191,7 @@ unix://[/path/to/socket] to use. Force the Docker runtime to use a specific storage driver. **--selinux-enabled**=*true*|*false* - Enable selinux support. Default is false. SELinux does not presently support the BTRFS storage driver. + Enable selinux support. Default is false. SELinux does not presently support the overlay storage driver. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. From 1de6fda3010e31fac5c1bf66f9cc4c0bcc14c9fe Mon Sep 17 00:00:00 2001 From: Olle Jonsson Date: Sat, 13 Jun 2015 09:39:19 +0200 Subject: [PATCH 1003/2538] /info: Add keys Architecture, OSType - introduces Swarm-relevant keys, see #13634 - docs updated Signed-off-by: Olle Jonsson --- docs/reference/commandline/info.md | 2 ++ man/docker-info.1.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 1794df40b5..e23d9d6780 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -31,6 +31,8 @@ For example: Execution Driver: native-0.2 Logging Driver: json-file Kernel Version: 3.19.0-22-generic + OSType: linux + Architecture: amd64 Operating System: Ubuntu 15.04 CPUs: 24 Total Memory: 62.86 GiB diff --git a/man/docker-info.1.md b/man/docker-info.1.md index 2abfb0b4ec..b2b5165121 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -44,6 +44,8 @@ Here is a sample output: Network: bridge null host Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS + OSType: linux + Architecture: amd64 CPUs: 1 Total Memory: 2 GiB From 8ab8a0f3c5c948ab748282878f07eabd06cd6196 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sat, 14 Nov 2015 23:03:02 +0100 Subject: [PATCH 1004/2538] Add pkg/parsers/architecture and pkg/platform Signed-off-by: Vincent Demeester --- docs/reference/commandline/info.md | 2 +- man/docker-info.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index e23d9d6780..c1f208418b 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -32,7 +32,7 @@ For example: Logging Driver: json-file Kernel Version: 3.19.0-22-generic OSType: linux - Architecture: amd64 + Architecture: x86_64 Operating System: Ubuntu 15.04 CPUs: 24 Total Memory: 62.86 GiB diff --git a/man/docker-info.1.md b/man/docker-info.1.md index b2b5165121..ae04e49edf 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -45,7 +45,7 @@ Here is a sample output: Kernel Version: 3.13.0-24-generic Operating System: Ubuntu 14.04 LTS OSType: linux - Architecture: amd64 + Architecture: x86_64 CPUs: 1 Total Memory: 2 GiB From 2788cfa6147804ed6eecbc84adb52bc2ec39e29b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 24 Oct 2015 16:35:21 +0200 Subject: [PATCH 1005/2538] Add zsh completion for log options Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 44 ++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 6656161d7d..9c24cbe65d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -192,6 +192,45 @@ __docker_search() { _wanted dockersearch expl 'available images' compadd -a result } +__docker_get_log_options() { + [[ $PREFIX = -* ]] && return 1 + + integer ret=1 + local log_driver=${opt_args[--log-driver]:-"all"} + local -a awslogs_options fluentd_options gelf_options journald_options json_file_options syslog_options splunk_options + + awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream") + fluentd_options=("env" "fluentd-address" "labels" "tag") + gelf_options=("env" "gelf-address" "labels" "tag") + journald_options=("env" "labels") + json_file_options=("env" "labels" "max-file" "max-size") + syslog_options=("syslog-address" "syslog-facility" "tag") + splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "tag") + + [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0 + [[ $log_driver = (fluentd|all) ]] && _describe -t fluentd-options "fluentd options" fluentd_options "$@" && ret=0 + [[ $log_driver = (gelf|all) ]] && _describe -t gelf-options "gelf options" gelf_options "$@" && ret=0 + [[ $log_driver = (journald|all) ]] && _describe -t journald-options "journald options" journald_options "$@" && ret=0 + [[ $log_driver = (json-file|all) ]] && _describe -t json-file-options "json-file options" json_file_options "$@" && ret=0 + [[ $log_driver = (syslog|all) ]] && _describe -t syslog-options "syslog options" syslog_options "$@" && ret=0 + [[ $log_driver = (splunk|all) ]] && _describe -t splunk-options "splunk options" splunk_options "$@" && ret=0 + + return ret +} + +__docker_log_options() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + if compset -P '*='; then + _message 'value' && ret=0 + else + __docker_get_log_options -qS "=" && ret=0 + fi + + return ret +} + __docker_networks() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -438,7 +477,8 @@ __docker_subcommand() { "($help)*--link=[Add link to another container]:link:->link" "($help)*"{-l=,--label=}"[Set meta data on a container]:label: " "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" - "($help)*--log-opt=[Log driver specific options]:log driver options: " + "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" + "($help)*--lxc-conf=[Add custom lxc options]:lxc options: " "($help)--mac-address=[Container MAC address]:MAC address: " "($help)--name=[Container name]:name: " "($help)--net=[Connect a container to a network]:network mode:(bridge none container host)" @@ -559,7 +599,7 @@ __docker_subcommand() { "($help -l --log-level)"{-l=,--log-level=}"[Set the logging level]:level:(debug info warn error fatal)" \ "($help)*--label=[Set key=value labels to the daemon]:label: " \ "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" \ - "($help)*--log-opt=[Log driver specific options]:log driver options: " \ + "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" \ "($help)--mtu=[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \ From 7eac998e7d8ed1d9f87073a609444136acf462ea Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Wed, 18 Nov 2015 08:13:03 +0100 Subject: [PATCH 1006/2538] zsh: remove lxc-related completion LXC support has been deprecated and the related completion has been removed in #17700 but was added back in #17334. Signed-off-by: Vincent Bernat --- contrib/completion/zsh/_docker | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 9c24cbe65d..7f883c7b54 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -478,7 +478,6 @@ __docker_subcommand() { "($help)*"{-l=,--label=}"[Set meta data on a container]:label: " "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" - "($help)*--lxc-conf=[Add custom lxc options]:lxc options: " "($help)--mac-address=[Container MAC address]:MAC address: " "($help)--name=[Container name]:name: " "($help)--net=[Connect a container to a network]:network mode:(bridge none container host)" From 00ea341609cba3353980403200f5ac94ea00a0c7 Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Wed, 18 Nov 2015 08:08:43 +0100 Subject: [PATCH 1007/2538] zsh: ensure we have enough commands to store in the cache Otherwise, the cache would be invalid and won't be refreshed soon. This can happen when the user has the completion installed before docker is installed. Signed-off-by: Vincent Bernat --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 7f883c7b54..91eb563584 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -431,7 +431,7 @@ __docker_commands() { lines=(${(f)"$(_call_program commands docker 2>&1)"}) _docker_subcommands=(${${${lines[$((${lines[(i)Commands:]} + 1)),${lines[(I) *]}]}## #}/ ##/:}) _docker_subcommands=($_docker_subcommands 'daemon:Enable daemon mode' 'help:Show help for a command') - _store_cache docker_subcommands _docker_subcommands + (( $#_docker_subcommands > 2 )) && _store_cache docker_subcommands _docker_subcommands fi _describe -t docker-commands "docker command" _docker_subcommands } From 3317b8b16d4de77b1837f2f11cf46d55ea7a69eb Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 18 Nov 2015 16:02:24 +0100 Subject: [PATCH 1008/2538] Fix a small typo in volume_inspect.md Signed-off-by: Vincent Demeester --- docs/reference/commandline/volume_inspect.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 02b9218879..3912cce867 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -18,8 +18,8 @@ parent = "smn_cli" --help=false Print usage Returns information about a volume. By default, this command renders all results -in a JSON array. You can specify an alternate format to execute a given template -is executed for each result. Go's +in a JSON array. You can specify an alternate format to execute a +given template for each result. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. From 941952972e37e8cedf2192d3e4e7a55d5446f132 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Wed, 4 Nov 2015 13:51:46 -0800 Subject: [PATCH 1009/2538] Use fs cgroups by default Our implementation of systemd cgroups is mixture of systemd api and plain filesystem api. It's hard to keep it up to date with systemd and it already contains some nasty bugs with new versions. Ideally it should be replaced with some daemon flag which will allow to set parent systemd slice. Signed-off-by: Alexander Morozov --- docs/reference/commandline/daemon.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 3cb93b375f..4b27e695e5 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -446,11 +446,11 @@ single `native.cgroupdriver` option is available. The `native.cgroupdriver` option specifies the management of the container's cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and -it is not available, the system uses `cgroupfs`. By default, if no option is -specified, the execdriver first tries `systemd` and falls back to `cgroupfs`. -This example sets the execdriver to `cgroupfs`: +it is not available, the system uses `cgroupfs`. If you omit the +`native.cgroupdriver` option,` cgroupfs` is used. +This example sets the `cgroupdriver` to `systemd`: - $ sudo docker daemon --exec-opt native.cgroupdriver=cgroupfs + $ sudo docker daemon --exec-opt native.cgroupdriver=systemd Setting this option applies to all containers the daemon launches. From cd4fc83dd1b3cb8041ebfbc5691a48a7cfe1a9a7 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Wed, 18 Nov 2015 16:32:23 -0800 Subject: [PATCH 1010/2538] Small changes to storage driver/commands ref Entering V's comments Signed-off-by: Mary Anthony --- docs/reference/commandline/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index ef99b91168..8fe6b1a235 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -1,6 +1,6 @@ + + # The Docker commands From 007df1d49491d2372ae670f71301eeafeb0bee2b Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Fri, 30 Oct 2015 00:10:20 +0800 Subject: [PATCH 1016/2538] Enhance `docker network rm` to delete multi net This commit enhance `docker network rm` command to allow user to delete multi networks at the same time. Signed-off-by: Zhang Wei --- docs/reference/commandline/network_rm.md | 21 +++++++++++++++--- man/docker-network-rm.1.md | 27 ++++++++++++++++++------ 2 files changed, 39 insertions(+), 9 deletions(-) diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index ef79fcac84..14e74717e0 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -10,18 +10,33 @@ parent = "smn_cli" # network rm - Usage: docker network rm [OPTIONS] NAME | ID + Usage: docker network rm [OPTIONS] NETWORK [NETWORK...] - Deletes a network + Deletes one or more networks --help=false Print usage -Removes a network by name or identifier. To remove a network, you must first disconnect any containers connected to it. +Removes one or more networks by name or identifier. To remove a network, +you must first disconnect any containers connected to it. +To remove the network named 'my-network': ```bash $ docker network rm my-network ``` +To delete multiple networks in a single `docker network rm` command, provide +multiple network names or id's. The following example deletes a network with id +`3695c422697f` and a network named `my-network`: + +```bash + $ docker network rm 3695c422697f my-network +``` + +When you specify multiple networks, the command attempts to delete each in turn. +If the deletion of one network fails, the command continues to the next on the +list and tries to delete that. The command reports success or failure for each +deletion. + ## Related information * [network disconnect ](network_disconnect.md) diff --git a/man/docker-network-rm.1.md b/man/docker-network-rm.1.md index 149503104a..7f8e3dae53 100644 --- a/man/docker-network-rm.1.md +++ b/man/docker-network-rm.1.md @@ -2,24 +2,39 @@ % Docker Community % OCT 2015 # NAME -docker-network-rm - remove a new network +docker-network-rm - remove one or more networks # SYNOPSIS -**docker network rm** +**docker network rm** [**--help**] -NETWORK +NETWORK [NETWORK...] # DESCRIPTION -Removes a network by name or identifier. To remove a network, you must first disconnect any containers connected to it. +Removes one or more networks by name or identifier. To remove a network, +you must first disconnect any containers connected to it. +To remove the network named 'my-network': -``` +```bash $ docker network rm my-network ``` +To delete multiple networks in a single `docker network rm` command, provide +multiple network names or id's. The following example deletes a network with id +`3695c422697f` and a network named `my-network`: + +```bash + $ docker network rm 3695c422697f my-network +``` + +When you specify multiple networks, the command attempts to delete each in turn. +If the deletion of one network fails, the command continues to the next on the +list and tries to delete that. The command reports success or failure for each +deletion. + # OPTIONS **NETWORK** - Specify network name + Specify network name or id **--help** Print usage statement From ec3aa7ede2983494ab77198f4a305aa5997cd4cd Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 23 Nov 2015 03:08:21 -0800 Subject: [PATCH 1017/2538] Add some docs about build-arg's impact on the cache Closes #18017 Signed-off-by: Doug Davis --- docs/reference/builder.md | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 55c0062582..5663e837a0 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -562,7 +562,7 @@ ADD has two forms: whitespace) The `ADD` instruction copies new files, directories or remote file URLs from `` -and adds them to the filesystem of the container at the path ``. +and adds them to the filesystem of the container at the path ``. Multiple `` resource may be specified but if they are files or directories then they must be relative to the source directory that is @@ -1135,6 +1135,40 @@ corresponding `ARG` instruction in the Dockerfile. To use these, simply pass them on the command line using the `--build-arg =` flag. +### Impact on build caching + +`ARG` variables are not persisted into the built image as `ENV` variables are. +However, `ARG` variables do impact the build cache in similar ways. If a +Dockerfile defines an `ARG` variable whose value is different from a previous +build, then a "cache miss" occurs upon its first usage, not its declaration. +For example, consider this Dockerfile: + +``` +1 FROM ubuntu +2 ARG CONT_IMG_VER +3 RUN echo $CONT_IMG_VER +``` + +If you specify `--build-arg CONT_IMG_VER=` on the command line the +specification on line 2 does not cause a cache miss; line 3 does cause a cache +miss. The definition on line 2 has no impact on the resulting image. The `RUN` +on line 3 executes a command and in doing so defines a set of environment +variables, including `CONT_IMG_VER`. At that point, the `ARG` variable may +impact the resulting image, so a cache miss occurs. + +Consider another example under the same command line: + +``` +1 FROM ubuntu +2 ARG CONT_IMG_VER +3 ENV CONT_IMG_VER $CONT_IMG_VER +4 RUN echo $CONT_IMG_VER +``` +In this example, the cache miss occurs on line 3. The miss happens because +the variable's value in the `ENV` references the `ARG` variable and that +variable is changed through the command line. In this example, the `ENV` +command causes the image to include the value. + ## ONBUILD ONBUILD [INSTRUCTION] From 87ba148cab6f1dfac47627e74251e97f948ae161 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Fri, 20 Nov 2015 19:41:25 +0800 Subject: [PATCH 1018/2538] Add API change to docs Add API change description to docs due to `docker network inspect` returns different data structure. Signed-off-by: Zhang Wei --- docs/reference/commandline/network_inspect.md | 58 ++++++++++++------ man/docker-network-inspect.1.md | 59 ++++++++++++------- 2 files changed, 78 insertions(+), 39 deletions(-) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index aedf5c41cc..e458ffff8e 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -31,25 +31,45 @@ The `network inspect` command shows the containers, by id, in its results. ```bash $ sudo docker network inspect bridge [ - { - "name": "bridge", - "id": "7fca4eb8c647e57e9d46c32714271e0c3f8bf8d17d346629e2820547b2d90039", - "driver": "bridge", - "containers": { - "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { - "endpoint": "e0ac95934f803d7e36384a2029b8d1eeb56cb88727aa2e8b7edfeebaa6dfd758", - "mac_address": "02:42:ac:11:00:03", - "ipv4_address": "172.17.0.3/16", - "ipv6_address": "" - }, - "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { - "endpoint": "31de280881d2a774345bbfb1594159ade4ae4024ebfb1320cb74a30225f6a8ae", - "mac_address": "02:42:ac:11:00:02", - "ipv4_address": "172.17.0.2/16", - "ipv6_address": "" - } - } - } + { + "Name": "bridge", + "Id": "b2b1a2cba717161d984383fd68218cf70bbbd17d328496885f7c921333228b0f", + "Scope": "local", + "Driver": "bridge", + "IPAM": { + "Driver": "default", + "Config": [ + { + "Subnet": "172.17.42.1/16", + "Gateway": "172.17.42.1" + } + ] + }, + "Containers": { + "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { + "Name": "container2", + "EndpointID": "0aebb8fcd2b282abe1365979536f21ee4ceaf3ed56177c628eae9f706e00e019", + "MacAddress": "02:42:ac:11:00:02", + "IPv4Address": "172.17.0.2/16", + "IPv6Address": "" + }, + "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { + "Name": "container1", + "EndpointID": "a00676d9c91a96bbe5bcfb34f705387a33d7cc365bac1a29e4e9728df92d10ad", + "MacAddress": "02:42:ac:11:00:01", + "IPv4Address": "172.17.0.1/16", + "IPv6Address": "" + } + }, + "Options": { + "com.docker.network.bridge.default_bridge": "true", + "com.docker.network.bridge.enable_icc": "true", + "com.docker.network.bridge.enable_ip_masquerade": "true", + "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", + "com.docker.network.bridge.name": "docker0", + "com.docker.network.driver.mtu": "1500" + } + } ] ``` diff --git a/man/docker-network-inspect.1.md b/man/docker-network-inspect.1.md index 0af6470101..90bd808ad6 100644 --- a/man/docker-network-inspect.1.md +++ b/man/docker-network-inspect.1.md @@ -26,29 +26,48 @@ The `network inspect` command shows the containers, by id, in its results. ```bash $ sudo docker network inspect bridge [ - { - "name": "bridge", - "id": "7fca4eb8c647e57e9d46c32714271e0c3f8bf8d17d346629e2820547b2d90039", - "driver": "bridge", - "containers": { - "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { - "endpoint": "e0ac95934f803d7e36384a2029b8d1eeb56cb88727aa2e8b7edfeebaa6dfd758", - "mac_address": "02:42:ac:11:00:03", - "ipv4_address": "172.17.0.3/16", - "ipv6_address": "" - }, - "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { - "endpoint": "31de280881d2a774345bbfb1594159ade4ae4024ebfb1320cb74a30225f6a8ae", - "mac_address": "02:42:ac:11:00:02", - "ipv4_address": "172.17.0.2/16", - "ipv6_address": "" - } - } - } + { + "Name": "bridge", + "Id": "b2b1a2cba717161d984383fd68218cf70bbbd17d328496885f7c921333228b0f", + "Scope": "local", + "Driver": "bridge", + "IPAM": { + "Driver": "default", + "Config": [ + { + "Subnet": "172.17.42.1/16", + "Gateway": "172.17.42.1" + } + ] + }, + "Containers": { + "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { + "Name": "container2", + "EndpointID": "0aebb8fcd2b282abe1365979536f21ee4ceaf3ed56177c628eae9f706e00e019", + "MacAddress": "02:42:ac:11:00:02", + "IPv4Address": "172.17.0.2/16", + "IPv6Address": "" + }, + "f2870c98fd504370fb86e59f32cd0753b1ac9b69b7d80566ffc7192a82b3ed27": { + "Name": "container1", + "EndpointID": "a00676d9c91a96bbe5bcfb34f705387a33d7cc365bac1a29e4e9728df92d10ad", + "MacAddress": "02:42:ac:11:00:01", + "IPv4Address": "172.17.0.1/16", + "IPv6Address": "" + } + }, + "Options": { + "com.docker.network.bridge.default_bridge": "true", + "com.docker.network.bridge.enable_icc": "true", + "com.docker.network.bridge.enable_ip_masquerade": "true", + "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", + "com.docker.network.bridge.name": "docker0", + "com.docker.network.driver.mtu": "1500" + } + } ] ``` - # OPTIONS **--help** From a7eb9308d5eea121927b898f6a5a08f4be60f8b3 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 23 Nov 2015 07:20:10 -0800 Subject: [PATCH 1019/2538] Add more to tag's -f flag's help Was noticed in #9798 Signed-off-by: Doug Davis --- docs/reference/commandline/tag.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index a325efaa4b..46554f3f49 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -14,7 +14,7 @@ parent = "smn_cli" Tag an image into a repository - -f, --force=false Force + -f, --force=false Force the tagging even if there's a conflict --help=false Print usage You can group your images together using names and tags, and then upload them From 0f6787a6360b5dd475fadbd212d32c5831e1b235 Mon Sep 17 00:00:00 2001 From: Christopher Jones Date: Tue, 24 Nov 2015 10:32:43 -0500 Subject: [PATCH 1020/2538] Fixed broken links, and updated some to https Signed-off-by: Christopher Jones --- docs/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/README.md b/docs/README.md index 26afaabb6a..f57f4526bb 100644 --- a/docs/README.md +++ b/docs/README.md @@ -86,7 +86,7 @@ own. 6. Check your writing for style and mechanical errors. Use our [documentation style - guide](/opensource/doc-style.md) to check style. There are + guide](https://docs.docker.com/opensource/doc-style/) to check style. There are several [good grammar and spelling online checkers](http://www.hemingwayapp.com/) that can check your writing mechanics. @@ -106,7 +106,7 @@ links that are referenced in the documentation—there should be none. ## Style guide If you have questions about how to write for Docker's documentation, please see -the [style guide](/opensource/doc-style.md). The style guide provides +the [style guide](https://docs.docker.com/opensource/doc-style/). The style guide provides guidance about grammar, syntax, formatting, styling, language, or tone. If something isn't clear in the guide, please submit an issue to let us know or submit a pull request to help us improve it. From 41afe87367ef35758df145b873e11ded5ab7219c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 25 Nov 2015 13:54:54 +0100 Subject: [PATCH 1021/2538] docs: fixups for plugin drivers in docker info Plugin drivers were added to docker info in https://github.com/docker/docker/pull/17300 but not added to the example output in the online docs. Also fixed mixed tabs/spaces in the API documentation. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/info.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index c1f208418b..f489a9b778 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -30,6 +30,9 @@ For example: Dirperm1 Supported: true Execution Driver: native-0.2 Logging Driver: json-file + Plugins: + Volume: local + Network: bridge null host Kernel Version: 3.19.0-22-generic OSType: linux Architecture: x86_64 From 4fbaeb5f25fa133841542fdd4b17b66ce9e067e1 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Wed, 11 Nov 2015 20:23:49 -0600 Subject: [PATCH 1022/2538] Fixing the volume options doc Fixes #15896 Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/create.md | 7 ++++++- docs/reference/commandline/run.md | 7 ++++++- docs/reference/run.md | 10 +++++----- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index a7ed5dda17..d096179642 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -70,7 +70,12 @@ Creates a new container. -u, --user="" Username or UID --ulimit=[] Ulimit options --uts="" UTS namespace to use - -v, --volume=[] Bind mount a volume + -v, --volume=[] Bind mount a volume with: [host-src:]container-dest[:], where + options are comma delimited and selected from [rw|ro] and [z|Z]. + The 'host-src' can either be an absolute path or a name value. + If 'host-src' is missing, then docker creates a new volume. + If neither 'rw' or 'ro' is specified then the volume is mounted + in read-write mode. --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 5d6ad1877f..a7dbc2f112 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -76,7 +76,12 @@ parent = "smn_cli" -u, --user="" Username or UID (format: [:]) --ulimit=[] Ulimit options --uts="" UTS namespace to use - -v, --volume=[] Bind mount a volume + -v, --volume=[] Bind mount a volume with: [host-src:]container-dest[:], where + options are comma delimited and selected from [rw|ro] and [z|Z]. + The 'host-src' can either be an absolute path or a name value. + If 'host-src' is missing, then docker creates a new volume. + If neither 'rw' or 'ro' is specified then the volume is mounted + in read-write mode. --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/docs/reference/run.md b/docs/reference/run.md index a14429651e..e9b3a85aaa 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1300,9 +1300,9 @@ Similarly the operator can set the **hostname** with `-h`. ### VOLUME (shared filesystems) - -v=[]: Create a bind mount with: [host-dir:]container-dir[:], where + -v=[]: Create a bind mount with: [host-src:]container-dest[:], where options are comma delimited and selected from [rw|ro] and [z|Z]. - If 'host-dir' is missing, then docker creates a new volume. + If 'host-src' is missing, then docker creates a new volume. If neither 'rw' or 'ro' is specified then the volume is mounted in read-write mode. --volumes-from="": Mount all volumes from the given container(s) @@ -1317,8 +1317,8 @@ one or more `VOLUME`'s associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). -The `container-dir` must always be an absolute path such as `/src/docs`. -The `host-dir` can either be an absolute path or a `name` value. If you +The `container-dest` must always be an absolute path such as `/src/docs`. +The `host-src` can either be an absolute path or a `name` value. If you supply an absolute path for the `host-dir`, Docker bind-mounts to the path you specify. If you supply a `name`, Docker creates a named volume by that `name`. @@ -1326,7 +1326,7 @@ A `name` value must start with start with an alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen). An absolute path starts with a `/` (forward slash). -For example, you can specify either `/foo` or `foo` for a `host-dir` value. +For example, you can specify either `/foo` or `foo` for a `host-src` value. If you supply the `/foo` value, Docker creates a bind-mount. If you supply the `foo` specification, Docker creates a named volume. From c072458308169ee3dcb256f70ca589599750af4e Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Wed, 11 Nov 2015 16:18:06 -0800 Subject: [PATCH 1023/2538] Make discovery ttl and heartbeat configurable Docker daemon uses kv-store as the host-discovery backend. Discovery module tracks the liveness of a node through a simple keepalive mechanism. The keepalive mechanism depends on every node performing heartbeat by registering itself with the discovery module (via KV-Store Put operation). And for every Put operation, the discovery module in all other nodes will receive a Watch notification. That keeps the node alive. Any node that fails to register itself within the TTL timer is considered dead and removed from the discovery database. The default timer (heartbeat = 20 seconds & ttl = 60 seconds) works fine for small clusters. But for large clusters, these default timers are extremely aggressive and that causes high CPU & most of the processing is spent managing the node discovery and that impacts normal daemon operation. Hence we need a way to make the discovery ttl and heartbeat configurable. As the cluster size grows, the user can change these timers to make sure the daemon scales. Signed-off-by: Madhu Venugopal --- docs/reference/commandline/daemon.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 4b27e695e5..beb012f57c 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -565,6 +565,18 @@ docker daemon \ The currently supported cluster store options are: +* `discovery.heartbeat` + + Specifies the heartbeat timer in seconds which is used by the daemon as a + keepalive mechanism to make sure discovery module treats the node as alive + in the cluster. If not configured, the default value is 20 seconds. + +* `discovery.ttl` + + Specifies the ttl (time-to-live) in seconds which is used by the discovery + module to timeout a node if a valid heartbeat is not received within the + configured ttl value. If not configured, the default value is 60 seconds. + * `kv.cacertfile` Specifies the path to a local file with PEM encoded CA certificates to trust From 67eea4d814379ccdfaee43f9c5a6bee42b1cab51 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Mon, 9 Nov 2015 17:11:10 +0800 Subject: [PATCH 1024/2538] Add docs for option `--isolation` Add docs for `run`/`create`/`build` command option `isolation` Signed-off-by: Zhang Wei --- docs/reference/commandline/build.md | 17 +++++++++++++ docs/reference/commandline/create.md | 17 +++++++++++++ docs/reference/commandline/daemon.md | 8 +++++++ docs/reference/commandline/run.md | 36 ++++++++++++++++++++++++++++ man/docker-build.1.md | 17 +++++++++++++ man/docker-create.1.md | 19 +++++++++++++++ man/docker-run.1.md | 36 ++++++++++++++++++++++++++++ 7 files changed, 150 insertions(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 72da56d80e..5118acd1b4 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -25,6 +25,7 @@ parent = "smn_cli" -f, --file="" Name of the Dockerfile (Default is 'PATH/Dockerfile') --force-rm=false Always remove intermediate containers --help=false Print usage + --isolation="" Container isolation technology -m, --memory="" Memory limit for all build containers --memory-swap="" Total memory (memory + swap), `-1` to disable swap --no-cache=false Do not use cache when building the image @@ -301,3 +302,19 @@ like `ENV` values do. For detailed information on using `ARG` and `ENV` instructions, see the [Dockerfile reference](../builder.md). + +### Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Windows. The `--isolation=` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. On Microsoft Windows, you can specify these values: + + +| Value | Description | +|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. | +| `process` | Namespace isolation only. | +| `hyperv` | Hyper-V hypervisor partition-based isolation. | + +Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index d096179642..036fdc9806 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -43,6 +43,7 @@ Creates a new container. --help=false Print usage -i, --interactive=false Keep STDIN open even if not attached --ipc="" IPC namespace to use + --isolation="" Container isolation technology --kernel-memory="" Kernel memory limit -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) --label-file=[] Read in a line delimited file of labels @@ -125,3 +126,19 @@ then be used from the subsequent container: -rw-r--r-- 1 1000 staff 920 Nov 28 11:51 .profile drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker + +### Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Windows. The `--isolation=` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. On Microsoft Windows, you can specify these values: + + +| Value | Description | +|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. | +| `process` | Namespace isolation only. | +| `hyperv` | Hyper-V hypervisor partition-based isolation. | + +Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index beb012f57c..9c5efa3bf0 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -454,6 +454,14 @@ This example sets the `cgroupdriver` to `systemd`: Setting this option applies to all containers the daemon launches. +Also Windows Container makes use of `--exec-opt` for special purpose. Docker user +can specify default container isolation technology with this, for example: + + $ docker daemon --exec-opt isolation=hyperv + +Will make `hyperv` the default isolation technology on Windows, without specifying +isolation value on daemon start, Windows isolation technology will default to `process`. + ## Daemon DNS options To set the DNS server for all Docker containers, use diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index a7dbc2f112..56f5bab25b 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -42,6 +42,7 @@ parent = "smn_cli" --help=false Print usage -i, --interactive=false Keep STDIN open even if not attached --ipc="" IPC namespace to use + --isolation="" Container isolation technology --kernel-memory="" Kernel memory limit -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) --label-file=[] Read in a file of labels (EOL delimited) @@ -546,3 +547,38 @@ the three processes quota set for the `daemon` user. The `--stop-signal` flag sets the system call signal that will be sent to the container to exit. This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9, or a signal name in the format SIGNAME, for instance SIGKILL. + +### Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Microsoft Windows. The `--isolation ` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. These two commands are equivalent on Linux: + +``` +$ docker run -d busybox top +$ docker run -d --isolation default busybox top +``` + +On Microsoft Windows, can take any of these values: + + +| Value | Description | +|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. | +| `process` | Namespace isolation only. | +| `hyperv` | Hyper-V hypervisor partition-based isolation. | + +In practice, when running on Microsoft Windows without a `daemon` option set, these two commands are equivalent: + +``` +$ docker run -d --isolation default busybox top +$ docker run -d --isolation process busybox top +``` + +If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, any of these commands also result in `hyperv` isolation: + +``` +$ docker run -d --isolation default busybox top +$ docker run -d --isolation hyperv busybox top +``` diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 01889f76d2..4a87c4d515 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -12,6 +12,7 @@ docker-build - Build a new image from the source code at PATH [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] [**--force-rm**[=*false*]] +[**--isolation**[=*default*]] [**--no-cache**[=*false*]] [**--pull**[=*false*]] [**-q**|**--quiet**[=*false*]] @@ -67,6 +68,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **--force-rm**=*true*|*false* Always remove intermediate containers, even after unsuccessful builds. The default is *false*. +**--isolation**="*default*" + Isolation specifies the type of isolation technology used by containers. + **--no-cache**=*true*|*false* Do not use cache when building the image. The default is *false*. @@ -277,6 +281,19 @@ the system will look for that file inside the contents of the tarball. Note: supported compression formats are 'xz', 'bzip2', 'gzip' and 'identity' (no compression). +## Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Windows. The `--isolation=` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. On Microsoft Windows, you can specify these values: + +* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. +* `process`: Namespace isolation only. +* `hyperv`: Hyper-V hypervisor partition-based isolation. + +Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. + # HISTORY March 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. diff --git a/man/docker-create.1.md b/man/docker-create.1.md index fed6278afe..bd143639e4 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -32,6 +32,7 @@ docker-create - Create a new container [**--help**] [**-i**|**--interactive**[=*false*]] [**--ipc**[=*IPC*]] +[**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] @@ -159,6 +160,9 @@ two memory nodes. 'container:': reuses another container shared memory, semaphores and message queues 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +**--isolation**="*default*" + Isolation specifies the type of isolation technology used by containers. + **--kernel-memory**="" Kernel memory limit (format: `[]`, where unit = b, k, m or g) @@ -287,6 +291,21 @@ This value should always larger than **-m**, so you should always use this with **-w**, **--workdir**="" Working directory inside the container +# EXAMPLES + +## Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Windows. The `--isolation=` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. On Microsoft Windows, you can specify these values: + +* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. +* `process`: Namespace isolation only. +* `hyperv`: Hyper-V hypervisor partition-based isolation. + +Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. + # HISTORY August 2014, updated by Sven Dowideit September 2014, updated by Sven Dowideit diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 2be6b1b5c0..03eb1b66c0 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -33,6 +33,7 @@ docker-run - Run a command in a new container [**--help**] [**-i**|**--interactive**[=*false*]] [**--ipc**[=*IPC*]] +[**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] @@ -253,6 +254,9 @@ redirection on the host system. 'container:': reuses another container shared memory, semaphores and message queues 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. +**--isolation**="*default*" + Isolation specifies the type of isolation technology used by containers. + **-l**, **--label**=[] Set metadata on the container (e.g., --label com.example.key=value) @@ -772,6 +776,38 @@ weight by `--blkio-weight-device` flag. Use the following command: # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu +## Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Microsoft Windows. The `--isolation ` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. These two commands are equivalent on Linux: + +``` +$ docker run -d busybox top +$ docker run -d --isolation default busybox top +``` + +On Microsoft Windows, can take any of these values: + +* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. +* `process`: Namespace isolation only. +* `hyperv`: Hyper-V hypervisor partition-based isolation. + +In practice, when running on Microsoft Windows without a `daemon` option set, these two commands are equivalent: + +``` +$ docker run -d --isolation default busybox top +$ docker run -d --isolation process busybox top +``` + +If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, any of these commands also result in `hyperv` isolation: + +``` +$ docker run -d --isolation default busybox top +$ docker run -d --isolation hyperv busybox top +``` + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From ecfc3613b264b92414cacf6a394d91488ab9b56c Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Tue, 1 Dec 2015 14:02:02 -0800 Subject: [PATCH 1025/2538] Deprecate -f flag from docker tag Closes #9798 @maintainers please note that this is a change to the UX. We no longer require the -f flag on `docker tag` to move a tag from an existing image. However, this does make us more consistent across our commands, see https://github.com/docker/docker/issues/9798 for the history. Signed-off-by: Doug Davis --- docs/reference/commandline/tag.md | 1 - man/docker-tag.1.md | 4 ---- 2 files changed, 5 deletions(-) diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 46554f3f49..83d237c77c 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -14,7 +14,6 @@ parent = "smn_cli" Tag an image into a repository - -f, --force=false Force the tagging even if there's a conflict --help=false Print usage You can group your images together using names and tags, and then upload them diff --git a/man/docker-tag.1.md b/man/docker-tag.1.md index ed4bffadb6..68c90b765c 100644 --- a/man/docker-tag.1.md +++ b/man/docker-tag.1.md @@ -6,7 +6,6 @@ docker-tag - Tag an image into a repository # SYNOPSIS **docker tag** -[**-f**|**--force**[=*false*]] [**--help**] IMAGE[:TAG] [REGISTRY_HOST/][USERNAME/]NAME[:TAG] @@ -18,9 +17,6 @@ If you do not specify a `REGISTRY_HOST`, the command uses Docker's public registry located at `registry-1.docker.io` by default. # "OPTIONS" -**-f**, **--force**=*true*|*false* - When set to true, force the alias. The default is *false*. - **--help** Print usage statement. From 70efcb00b405fdac4443f86e3b05721c54fc1f21 Mon Sep 17 00:00:00 2001 From: Pavel Pospisil Date: Wed, 2 Dec 2015 18:54:52 +0100 Subject: [PATCH 1026/2538] Improvement of docker top Man Page Some users expect that the `docker top $CONT` command displays information from the inside container perspective. They expect that the `docker top $CONT` command displays same information as the `docker exec $CONT ps -ef` command. But it does not. That's why the `docker top` man page shall explicitly state that the `docker top $CONT` displays information from the host's point of view. Signed-off-by: Pavel Pospisil --- man/docker-top.1.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/man/docker-top.1.md b/man/docker-top.1.md index 9828d98be5..a666f7cd37 100644 --- a/man/docker-top.1.md +++ b/man/docker-top.1.md @@ -11,8 +11,9 @@ CONTAINER [ps OPTIONS] # DESCRIPTION -Display the running process of the container. ps-OPTION can be any of the - options you would pass to a Linux ps command. +Display the running process of the container. ps-OPTION can be any of the options you would pass to a Linux ps command. + +All displayed information is from host's point of view. # OPTIONS **--help** @@ -32,3 +33,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit June 2015, updated by Ma Shimiao +December 2015, updated by Pavel Pospisil From 65120e88518d33de002a2ae5d501660bbc89d790 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 1 Dec 2015 13:39:34 -0500 Subject: [PATCH 1027/2538] This patch adds --tmpfs as a option for mounting tmpfs on directories It will Tar up contents of child directory onto tmpfs if mounted over This patch will use the new PreMount and PostMount hooks to "tar" up the contents of the base image on top of tmpfs mount points. Signed-off-by: Dan Walsh --- contrib/completion/bash/docker | 3 ++- contrib/completion/fish/docker.fish | 1 + contrib/completion/zsh/_docker | 1 + docs/reference/commandline/run.md | 8 ++++++++ docs/reference/run.md | 8 ++++++++ man/docker-create.1.md | 15 +++++++++++++++ man/docker-run.1.md | 28 ++++++++++++++++++++++++++++ 7 files changed, 63 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f2648f70c0..ced3724e53 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1394,6 +1394,7 @@ _docker_run() { --restart --security-opt --stop-signal + --tmpfs --ulimit --user -u --uts @@ -1443,7 +1444,7 @@ _docker_run() { _filedir return ;; - --device|--volume|-v) + --device|--tmpfs|--volume|-v) case "$cur" in *:*) # TODO somehow do _filedir for stuff inside the image, if it's already specified (which is also somewhat difficult to determine) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 04a1844388..33abfd0d37 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -339,6 +339,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l sig-proxy -d 'P complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l stop-signal -d 'Signal to kill a container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s t -l tty -d 'Allocate a pseudo-TTY' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s u -l user -d 'Username or UID' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l tmpfs -d 'Mount tmpfs on a directory' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s v -l volume -d 'Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l volumes-from -d 'Mount volumes from the specified container(s)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s w -l workdir -d 'Working directory inside the container' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 91eb563584..cde026b7eb 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -491,6 +491,7 @@ __docker_subcommand() { "($help)*--security-opt=[Security options]:security option: " "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" + "($help)--tmpfs[mount tmpfs] " "($help)*-v[Bind mount a volume]:volume: " "($help)--volume-driver=[Optional volume driver for the container]:volume driver:(local)" "($help)*--volumes-from=[Mount volumes from the specified container]:volume: " diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 56f5bab25b..87cef35445 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -153,6 +153,14 @@ flag exists to allow special use-cases, like running Docker within Docker. The `-w` lets the command being executed inside directory given, here `/path/to/dir/`. If the path does not exists it is created inside the container. +### mount tmpfs (--tmpfs) + + $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image + + The --tmpfs flag mounts a tmpfs into the container with the rw,noexec,nosuid,size=65536k options. + + Underlying content from the /run in the my_image image is copied into tmpfs. + ### Mount volume (-v, --read-only) $ docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd diff --git a/docs/reference/run.md b/docs/reference/run.md index e9b3a85aaa..b40888bf6d 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1298,6 +1298,14 @@ above, or already defined by the developer with a Dockerfile `ENV`: Similarly the operator can set the **hostname** with `-h`. +### TMPFS (mount tmpfs filesystems) + + --tmpfs=[]: Create a tmpfs mount with: container-dir[:], where the options are identical to the Linux `mount -t tmpfs -o` command. + + Underlying content from the "container-dir" is copied into tmpfs. + + $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image + ### VOLUME (shared filesystems) -v=[]: Create a bind mount with: [host-src:]container-dest[:], where diff --git a/man/docker-create.1.md b/man/docker-create.1.md index bd143639e4..dc6891da62 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -57,6 +57,7 @@ docker-create - Create a new container [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**-t**|**--tty**[=*false*]] +[**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] @@ -271,6 +272,20 @@ This value should always larger than **-m**, so you should always use this with **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. +**--tmpfs**=[] Create a tmpfs mount + + Mount a temporary filesystem (`tmpfs`) mount into a container, for example: + + $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image + + This command mounts a `tmpfs` at `/tmp` within the container. The mount copies +the underlying content of `my_image` into `/tmp`. For example if there was a +directory `/tmp/content` in the base image, docker will copy this directory and +all of its content on top of the tmpfs mounted on `/tmp`. The supported mount +options are the same as the Linux default `mount` flags. If you do not specify +any options, the systems uses the following options: +`rw,noexec,nosuid,nodev,size=65536k`. + **-u**, **--user**="" Username or UID diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 03eb1b66c0..7c56790f9f 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -60,6 +60,7 @@ docker-run - Run a command in a new container [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] [**-t**|**--tty**[=*false*]] +[**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] [**-v**|**--volume**[=*[]*]] [**--ulimit**[=*[]*]] @@ -436,6 +437,20 @@ interactive shell. The default is false. The **-t** option is incompatible with a redirection of the docker client standard input. +**--tmpfs**=[] Create a tmpfs mount + + Mount a temporary filesystem (`tmpfs`) mount into a container, for example: + + $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image + + This command mounts a `tmpfs` at `/tmp` within the container. The mount copies +the underlying content of `my_image` into `/tmp`. For example if there was a +directory `/tmp/content` in the base image, docker will copy this directory and +all of its content on top of the tmpfs mounted on `/tmp`. The supported mount +options are the same as the Linux default `mount` flags. If you do not specify +any options, the systems uses the following options: +`rw,noexec,nosuid,nodev,size=65536k`. + **-u**, **--user**="" Sets the username or UID used and optionally the groupname or GID for the specified command. @@ -552,6 +567,19 @@ the exit codes follow the `chroot` standard, see below: # EXAMPLES +## Running container in read-only mode + +During container image development, containers often need to write to the image +content. Installing packages into /usr, for example. In production, +applications seldom need to write to the image. Container applications write +to volumes if they need to write to file systems at all. Applications can be +made more secure by running them in read-only mode using the --read-only switch. +This protects the containers image from modification. Read only containers may +still need to write temporary data. The best way to handle this is to mount +tmpfs directories on /run and /tmp. + + # docker run --read-only --tmpfs /run --tmpfs /tmp -i -t fedora /bin/bash + ## Exposing log messages from the container to the host's log If you want messages that are logged in your container to show up in the host's From e9287cd43a8217b19f8105306986d91069b40983 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Tue, 13 Oct 2015 11:26:27 +0200 Subject: [PATCH 1028/2538] Add OomScoreAdj to configure container oom killer preferences libcontainer v0.0.4 introduces setting `/proc/self/oom_score_adj` to better tune oom killing preferences for container process. This patch simply integrates OomScoreAdj libcontainer's config option and adjust the cli with this new option. Signed-off-by: Antonio Murdaca Signed-off-by: Antonio Murdaca --- contrib/completion/bash/docker | 1 + contrib/completion/zsh/_docker | 1 + docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 1 + man/docker-create.1.md | 4 ++++ man/docker-run.1.md | 4 ++++ 6 files changed, 12 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ced3724e53..90c21a9ad4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1389,6 +1389,7 @@ _docker_run() { --memory-reservation --name --net + --oom-score-adj --pid --publish -p --restart diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index cde026b7eb..e5a3d9ce1c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -482,6 +482,7 @@ __docker_subcommand() { "($help)--name=[Container name]:name: " "($help)--net=[Connect a container to a network]:network mode:(bridge none container host)" "($help)--oom-kill-disable[Disable OOM Killer]" + "($help)--oom-score-adj[Tune the host's OOM preferences for containers (accepts -1000 to 1000)]" "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]" "($help)*"{-p=,--publish=}"[Expose a container's port to the host]:port:_ports" "($help)--pid=[PID namespace to use]:PID: " diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 036fdc9806..e5bc7b5ab2 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -58,6 +58,7 @@ Creates a new container. --name="" Assign a name to the container --net="default" Set the Network mode for the container --oom-kill-disable=false Whether to disable OOM Killer for the container or not + --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --pid="" PID namespace to use diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 87cef35445..794e37e8e3 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -62,6 +62,7 @@ parent = "smn_cli" 'host': use the host network stack inside the container 'NETWORK': connects the container to user-created network using `docker network create` command --oom-kill-disable=false Whether to disable OOM Killer for the container or not + --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) -P, --publish-all=false Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --pid="" PID namespace to use diff --git a/man/docker-create.1.md b/man/docker-create.1.md index dc6891da62..961aa85cbb 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -47,6 +47,7 @@ docker-create - Create a new container [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] [**--oom-kill-disable**[=*false*]] +[**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**[=*false*]] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] @@ -234,6 +235,9 @@ This value should always larger than **-m**, so you should always use this with **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. +**--oom-score-adj**="" + Tune the host's OOM preferences for containers (accepts -1000 to 1000) + **-P**, **--publish-all**=*true*|*false* Publish all exposed ports to random ports on the host interfaces. The default is *false*. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 7c56790f9f..1e1c7f0e0d 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -48,6 +48,7 @@ docker-run - Run a command in a new container [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] [**--oom-kill-disable**[=*false*]] +[**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**[=*false*]] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] @@ -346,6 +347,9 @@ and foreground Docker containers. **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. +**--oom-score-adj**="" + Tune the host's OOM preferences for containers (accepts -1000 to 1000) + **-P**, **--publish-all**=*true*|*false* Publish all exposed ports to random ports on the host interfaces. The default is *false*. From 01c09480dc9a07fd3a549d5fdec02d0b421a6fe2 Mon Sep 17 00:00:00 2001 From: gwx296173 Date: Fri, 23 Oct 2015 18:32:23 +0800 Subject: [PATCH 1029/2538] add examples in search.md Signed-off-by: gwx296173 --- docs/reference/commandline/search.md | 63 ++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 7672c13b61..9ab658ad19 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -19,6 +19,69 @@ parent = "smn_cli" --no-trunc=false Don't truncate output -s, --stars=0 Only displays with at least x stars +## Examples + +### Search images by keywords + + $ docker search busybox + NAME DESCRIPTION STARS OFFICIAL AUTOMATED + busybox Busybox base image. 316 [OK] + progrium/busybox 50 [OK] + radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] + odise/busybox-python 2 [OK] + azukiapp/busybox This image is meant to be used as the base... 2 [OK] + ofayau/busybox-jvm Prepare busybox to install a 32 bits JVM. 1 [OK] + shingonoide/archlinux-busybox Arch Linux, a lightweight and flexible Lin... 1 [OK] + odise/busybox-curl 1 [OK] + ofayau/busybox-libc32 Busybox with 32 bits (and 64 bits) libs 1 [OK] + peelsky/zulu-openjdk-busybox 1 [OK] + skomma/busybox-data Docker image suitable for data volume cont... 1 [OK] + elektritter/busybox-teamspeak Leightweight teamspeak3 container based on... 1 [OK] + socketplane/busybox 1 [OK] + oveits/docker-nginx-busybox This is a tiny NginX docker image based on... 0 [OK] + ggtools/busybox-ubuntu Busybox ubuntu version with extra goodies 0 [OK] + nikfoundas/busybox-confd Minimal busybox based distribution of confd 0 [OK] + openshift/busybox-http-app 0 [OK] + jllopis/busybox 0 [OK] + swyckoff/busybox 0 [OK] + powellquiring/busybox 0 [OK] + williamyeh/busybox-sh Docker image for BusyBox's sh 0 [OK] + simplexsys/busybox-cli-powered Docker busybox images, with a few often us... 0 [OK] + fhisamoto/busybox-java Busybox java 0 [OK] + scottabernethy/busybox 0 [OK] + marclop/busybox-solr + +This example will display images with the name containing busybox. + +### Search images by limiting stars' number(-s OR --stars) + + $ docker search --stars 3 busybox + NAME DESCRIPTION STARS OFFICIAL AUTOMATED + busybox Busybox base image. 325 [OK] + progrium/busybox 50 [OK] + radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] + +This example will display images with the name containing busybox and at least 3 stars. + +### Search automated images(--automated) + + $ docker search --stars=3 --automated=true busybox + NAME DESCRIPTION STARS OFFICIAL AUTOMATED + progrium/busybox 50 [OK] + radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] + +This example will display images with at least 3 stars and automated builds. + +### Fully display 'DESCRIPTION'(--no-trunc=true) + + $ docker search --stars=3 --no-trunc=true busybox + NAME DESCRIPTION STARS OFFICIAL AUTOMATED + busybox Busybox base image. 325 [OK] + progrium/busybox 50 [OK] + radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK] + +This example will display images with at least 3 stars and the console output isn't truncated. + Search [Docker Hub](https://hub.docker.com) for images See [*Find Public Images on Docker Hub*](../../userguide/dockerrepos.md#searching-for-images) for From 178a2cfe7c803d32e98b5613c9b9200f5d819f14 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 2 Dec 2015 14:40:44 +0100 Subject: [PATCH 1030/2538] update order and address review notes Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/search.md | 46 ++++++++++++++++------------ 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 9ab658ad19..d9ddb47c50 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -19,9 +19,19 @@ parent = "smn_cli" --no-trunc=false Don't truncate output -s, --stars=0 Only displays with at least x stars +Search [Docker Hub](https://hub.docker.com) for images + +See [*Find Public Images on Docker Hub*](../../userguide/dockerrepos.md#searching-for-images) for +more details on finding shared images from the command line. + +> **Note:** +> Search queries will only return up to 25 results + ## Examples -### Search images by keywords +### Search images by name + +This example displays images with a name containing 'busybox': $ docker search busybox NAME DESCRIPTION STARS OFFICIAL AUTOMATED @@ -51,41 +61,37 @@ parent = "smn_cli" scottabernethy/busybox 0 [OK] marclop/busybox-solr -This example will display images with the name containing busybox. +### Search images by name and number of stars (-s, --stars) -### Search images by limiting stars' number(-s OR --stars) - - $ docker search --stars 3 busybox +This example displays images with a name containing 'busybox' and at +least 3 stars: + + $ docker search --stars=3 busybox NAME DESCRIPTION STARS OFFICIAL AUTOMATED busybox Busybox base image. 325 [OK] progrium/busybox 50 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] -This example will display images with the name containing busybox and at least 3 stars. -### Search automated images(--automated) +### Search automated images (--automated) - $ docker search --stars=3 --automated=true busybox +This example displays images with a name containing 'busybox', at +least 3 stars and are automated builds: + + $ docker search --stars=3 --automated busybox NAME DESCRIPTION STARS OFFICIAL AUTOMATED progrium/busybox 50 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] -This example will display images with at least 3 stars and automated builds. -### Fully display 'DESCRIPTION'(--no-trunc=true) +### Display non-truncated description (--no-trunc) - $ docker search --stars=3 --no-trunc=true busybox +This example displays images with a name containing 'busybox', +at least 3 stars and the description isn't truncated in the output: + + $ docker search --stars=3 --no-trunc busybox NAME DESCRIPTION STARS OFFICIAL AUTOMATED busybox Busybox base image. 325 [OK] progrium/busybox 50 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK] -This example will display images with at least 3 stars and the console output isn't truncated. - -Search [Docker Hub](https://hub.docker.com) for images - -See [*Find Public Images on Docker Hub*](../../userguide/dockerrepos.md#searching-for-images) for -more details on finding shared images from the command line. - -> **Note:** -> Search queries will only return up to 25 results From deae0706ea32639a73a088ea183fac33f745eb2c Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Mon, 30 Nov 2015 16:28:54 +0800 Subject: [PATCH 1031/2538] Add NETWORK_NAME_or_ID value for --net= option Signed-off-by: Wen Cheng Ma --- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/create.md | 7 ++++++- docs/reference/commandline/run.md | 12 ++++++------ docs/reference/run.md | 12 ++++++------ man/docker-create.1.md | 9 +++++---- man/docker-run.1.md | 9 +++++---- 6 files changed, 29 insertions(+), 22 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index e5a3d9ce1c..4212d8172c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -278,7 +278,7 @@ __docker_network_commands() { "disconnect:Disconnects a container from a network" "inspect:Displays detailed information on a network" "ls:Lists all the networks created by the user" - "rm:Deletes a network" + "rm:Deletes one or more networks" ) _describe -t docker-network-commands "docker network command" _docker_network_subcommands } diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index e5bc7b5ab2..df41ccb75f 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -56,7 +56,12 @@ Creates a new container. --memory-swap="" Total memory (memory + swap), '-1' to disable swap --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --name="" Assign a name to the container - --net="default" Set the Network mode for the container + --net="bridge" Connect a container to a network + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack + '|': connect to a user-defined network --oom-kill-disable=false Whether to disable OOM Killer for the container or not --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) -P, --publish-all=false Publish all exposed ports to random ports diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 794e37e8e3..4841384681 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -55,12 +55,12 @@ parent = "smn_cli" --memory-swap="" Total memory (memory + swap), '-1' to disable swap --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --name="" Assign a name to the container - --net="bridge" Connects a container to a network - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container - 'NETWORK': connects the container to user-created network using `docker network create` command + --net="bridge" Connect a container to a network + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack + '|': connect to a user-defined network --oom-kill-disable=false Whether to disable OOM Killer for the container or not --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) -P, --publish-all=false Publish all exposed ports to random ports diff --git a/docs/reference/run.md b/docs/reference/run.md index b40888bf6d..80961f91c5 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -244,12 +244,12 @@ of the containers. ## Network settings --dns=[] : Set custom dns servers for the container - --net="bridge" : Connects a container to a network - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container - 'NETWORK': connects the container to user-created network using `docker network create` command + --net="bridge" : Connect a container to a network + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack + '|': connect to a user-defined network --add-host="" : Add a line to /etc/hosts (host:IP) --mac-address="" : Sets the container's Ethernet device's MAC address diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 961aa85cbb..1e1d2df6f7 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -227,10 +227,11 @@ This value should always larger than **-m**, so you should always use this with **--net**="*bridge*" Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + '|': connect to a user-defined network **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 1e1c7f0e0d..a423d55fac 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -339,10 +339,11 @@ and foreground Docker containers. **--net**="*bridge*" Set the Network mode for the container - 'bridge': creates a new network stack for the container on the docker bridge - 'none': no networking for this container - 'container:': reuses another container network stack - 'host': use the host network stack inside the container. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. + '|': connect to a user-defined network **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. From 22ce4b444850decaca878bd6b4c18c57863469aa Mon Sep 17 00:00:00 2001 From: Ben Firshman Date: Tue, 10 Nov 2015 15:25:53 +0000 Subject: [PATCH 1032/2538] Add docs and man page entry for --volume-driver Signed-off-by: Ben Firshman --- docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 1 + man/docker-create.1.md | 8 ++++++++ man/docker-run.1.md | 10 +++++++++- 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index df41ccb75f..8cddf9288f 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -83,6 +83,7 @@ Creates a new container. If 'host-src' is missing, then docker creates a new volume. If neither 'rw' or 'ro' is specified then the volume is mounted in read-write mode. + --volume-driver="" Optional volume driver for the container --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 4841384681..394c640183 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -84,6 +84,7 @@ parent = "smn_cli" If 'host-src' is missing, then docker creates a new volume. If neither 'rw' or 'ro' is specified then the volume is mounted in read-write mode. + --volume-driver="" Optional volume driver for the container --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 1e1d2df6f7..9e946f8c3f 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -63,6 +63,7 @@ docker-create - Create a new container [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] [**-v**|**--volume**[=*[]*]] +[**--volume-driver**[=*DRIVER*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] IMAGE [COMMAND] [ARG...] @@ -305,6 +306,13 @@ any options, the systems uses the following options: **-v**, **--volume**=[] Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) +**--volume-driver**="" + Optional volume driver for the container + + If the container has a volume either from the `VOLUME` instruction in a + Dockerfile or the `-v` flag, a driver can be specified to create the volumes + with. See **docker-volume-create(1)** for full details. + **--volumes-from**=[] Mount volumes from the specified container(s) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index a423d55fac..3db446240f 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -63,9 +63,10 @@ docker-run - Run a command in a new container [**-t**|**--tty**[=*false*]] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] -[**-v**|**--volume**[=*[]*]] [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] +[**-v**|**--volume**[=*[]*]] +[**--volume-driver**[=*DRIVER*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] IMAGE [COMMAND] [ARG...] @@ -512,6 +513,13 @@ For example, you can specify either `/foo` or `foo` for a `host-dir` value. If you supply the `/foo` value, Docker creates a bind-mount. If you supply the `foo` specification, Docker creates a named volume. +**--volume-driver**="" + Optional volume driver for the container + + If the container has a volume either from the `VOLUME` instruction in a + Dockerfile or the `-v` flag, a driver can be specified to create the volumes + with. See **docker-volume-create(1)** for full details. + **--volumes-from**=[] Mount volumes from the specified container(s) From c5f725e1c736797eb078e6d83270b21ff85a5a15 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 3 Dec 2015 16:07:54 +0100 Subject: [PATCH 1033/2538] Address review comments. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/create.md | 2 +- docs/reference/commandline/run.md | 2 +- man/docker-create.1.md | 8 +++----- man/docker-run.1.md | 8 +++----- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 8cddf9288f..f05c2d00dc 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -83,7 +83,7 @@ Creates a new container. If 'host-src' is missing, then docker creates a new volume. If neither 'rw' or 'ro' is specified then the volume is mounted in read-write mode. - --volume-driver="" Optional volume driver for the container + --volume-driver="" Container's volume driver --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 394c640183..7015991ea6 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -84,7 +84,7 @@ parent = "smn_cli" If 'host-src' is missing, then docker creates a new volume. If neither 'rw' or 'ro' is specified then the volume is mounted in read-write mode. - --volume-driver="" Optional volume driver for the container + --volume-driver="" Container's volume driver --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 9e946f8c3f..362eef7474 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -307,11 +307,9 @@ any options, the systems uses the following options: Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) **--volume-driver**="" - Optional volume driver for the container - - If the container has a volume either from the `VOLUME` instruction in a - Dockerfile or the `-v` flag, a driver can be specified to create the volumes - with. See **docker-volume-create(1)** for full details. + Container's volume driver. This driver creates volumes specified either from + a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. + See **docker-volume-create(1)** for full details. **--volumes-from**=[] Mount volumes from the specified container(s) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 3db446240f..5ee9dea044 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -514,11 +514,9 @@ If you supply the `/foo` value, Docker creates a bind-mount. If you supply the `foo` specification, Docker creates a named volume. **--volume-driver**="" - Optional volume driver for the container - - If the container has a volume either from the `VOLUME` instruction in a - Dockerfile or the `-v` flag, a driver can be specified to create the volumes - with. See **docker-volume-create(1)** for full details. + Container's volume driver. This driver creates volumes specified either from + a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. + See **docker-volume-create(1)** for full details. **--volumes-from**=[] Mount volumes from the specified container(s) From c6162061d92a3e8b58308785dfc85c273b842a73 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 2 Dec 2015 22:32:10 +0100 Subject: [PATCH 1034/2538] Add format flag to network inspect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …for consistency as docker inspect and docker volume inspect supports it too Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 8 +++++++- contrib/completion/zsh/_docker | 8 +++++++- docs/reference/commandline/network_inspect.md | 7 ++++++- man/docker-network-inspect.1.md | 9 ++++++++- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 90c21a9ad4..03c593f600 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1133,9 +1133,15 @@ _docker_network_disconnect() { } _docker_network_inspect() { + case "$prev" in + --format|-f) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) ;; *) __docker_networks diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4212d8172c..b5be7cff39 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -309,9 +309,10 @@ __docker_network_subcommand() { "($help)*"{-o=,--opt=}"[Set driver specific options]:key=value: " \ "($help -)1:Network Name: " && ret=0 ;; - (inspect|rm) + (inspect) _arguments $(__docker_arguments) \ $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ "($help -)*:network:__docker_networks" && ret=0 ;; (ls) @@ -320,6 +321,11 @@ __docker_network_subcommand() { "($help)--no-trunc[Do not truncate the output]" \ "($help -q --quiet)"{-q,--quiet}"[Only display numeric IDs]" && ret=0 ;; + (rm) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:network:__docker_networks" && ret=0 + ;; (help) _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0 ;; diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index e458ffff8e..0f6342f514 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -14,6 +14,7 @@ parent = "smn_cli" Displays detailed information on a network + -f, --format= Format the output using the given go template. --help=false Print usage Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to a network: @@ -26,7 +27,11 @@ $ sudo docker run -itd --name=container2 busybox bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727 ``` -The `network inspect` command shows the containers, by id, in its results. +The `network inspect` command shows the containers, by id, in its +results. You can specify an alternate format to execute a given +template for each result. Go's +[text/template](http://golang.org/pkg/text/template/) package describes all the +details of the format. ```bash $ sudo docker network inspect bridge diff --git a/man/docker-network-inspect.1.md b/man/docker-network-inspect.1.md index 90bd808ad6..889967ae85 100644 --- a/man/docker-network-inspect.1.md +++ b/man/docker-network-inspect.1.md @@ -6,6 +6,7 @@ docker-network-inspect - inspect a network # SYNOPSIS **docker network inspect** +[**-f**|**--format**[=*FORMAT*]] [**--help**] NETWORK [NETWORK...] @@ -21,7 +22,11 @@ $ sudo docker run -itd --name=container2 busybox bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727 ``` -The `network inspect` command shows the containers, by id, in its results. +The `network inspect` command shows the containers, by id, in its +results. You can specify an alternate format to execute a given +template for each result. Go's +[text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. ```bash $ sudo docker network inspect bridge @@ -69,6 +74,8 @@ $ sudo docker network inspect bridge ``` # OPTIONS +**-f**, **--format**="" + Format the output using the given go template. **--help** Print usage statement From 7880dcf5f2876c17929fe3a7c94f38b86f163fa1 Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Thu, 3 Dec 2015 11:14:05 +0800 Subject: [PATCH 1035/2538] docs: fix weight-deivce option args Signed-off-by: Ma Shimiao --- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/create.md | 2 +- docs/reference/commandline/run.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index b5be7cff39..cebaf07bdd 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -463,7 +463,7 @@ __docker_subcommand() { "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" - "($help)--blkio-weight-device=-[Block IO (relative device weight)]:device:Block IO weight: " + "($help)*--blkio-weight-device=[Block IO (relative device weight)]:device:Block IO weight: " "($help)*--cap-add=[Add Linux capabilities]:capability: " "($help)*--cap-drop=[Drop Linux capabilities]:capability: " "($help)--cidfile=[Write the container ID to the file]:CID file:_files" diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index f05c2d00dc..982d3b6a4e 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -19,7 +19,7 @@ Creates a new container. -a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) --blkio-weight=0 Block IO weight (relative weight) - --blkio-weight-device="" Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) + --blkio-weight-device=[] Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 7015991ea6..61f0480474 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -17,7 +17,7 @@ parent = "smn_cli" -a, --attach=[] Attach to STDIN, STDOUT or STDERR --add-host=[] Add a custom host-to-IP mapping (host:ip) --blkio-weight=0 Block IO weight (relative weight) - --blkio-weight-device="" Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) + --blkio-weight-device=[] Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) --cpu-shares=0 CPU shares (relative weight) --cap-add=[] Add Linux capabilities --cap-drop=[] Drop Linux capabilities From 9480c4763d5cf3af82cec15416205bce3523fb67 Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Wed, 8 Jul 2015 19:06:48 +0800 Subject: [PATCH 1036/2538] Add support for blkio read/write bps device Signed-off-by: Ma Shimiao --- contrib/completion/bash/docker | 2 ++ contrib/completion/zsh/_docker | 2 ++ docs/reference/commandline/create.md | 2 ++ docs/reference/commandline/run.md | 2 ++ docs/reference/run.md | 16 ++++++++++++++++ man/docker-create.1.md | 8 ++++++++ man/docker-run.1.md | 8 ++++++++ 7 files changed, 40 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 03c593f600..f3997a0c77 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1372,6 +1372,8 @@ _docker_run() { --cpuset-mems --cpu-shares --device + --device-read-bps + --device-write-bps --dns --dns-opt --dns-search diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index cebaf07bdd..b29d7a587b 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -468,6 +468,8 @@ __docker_subcommand() { "($help)*--cap-drop=[Drop Linux capabilities]:capability: " "($help)--cidfile=[Write the container ID to the file]:CID file:_files" "($help)*--device=[Add a host device to the container]:device:_files" + "($help)*--device-read-bps=[Limit the read rate (bytes per second) from a device]:device:IO rate: " + "($help)*--device-write-bps=[Limit the write rate (bytes per second) to a device]:device:IO rate: " "($help)*--dns=[Set custom DNS servers]:DNS server: " "($help)*--dns-opt=[Set custom DNS options]:DNS option: " "($help)*--dns-search=[Set custom DNS search domains]:DNS domains: " diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 982d3b6a4e..06e047f4aa 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -30,6 +30,8 @@ Creates a new container. --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) --device=[] Add a host device to the container + --device-read-bps=[] Limit read rate (bytes per second) from a device (e.g., --device-read-bps=/dev/sda:1mb) + --device-write-bps=[] Limit write rate (bytes per second) to a device (e.g., --device-write-bps=/dev/sda:1mb) --disable-content-trust=true Skip image verification --dns=[] Set custom DNS servers --dns-opt=[] Set custom DNS options diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 61f0480474..5794b65ba0 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -29,6 +29,8 @@ parent = "smn_cli" --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container + --device-read-bps=[] Limit read rate (bytes per second) from a device (e.g., --device-read-bps=/dev/sda:1mb) + --device-write-bps=[] Limit write rate (bytes per second) to a device (e.g., --device-write-bps=/dev/sda:1mb) --disable-content-trust=true Skip image verification --dns=[] Set custom DNS servers --dns-opt=[] Set custom DNS options diff --git a/docs/reference/run.md b/docs/reference/run.md index 80961f91c5..53923f9afa 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -624,6 +624,10 @@ container: | `--cpu-quota=0` | Limit the CPU CFS (Completely Fair Scheduler) quota | | `--blkio-weight=0` | Block IO weight (relative weight) accepts a weight value between 10 and 1000. | | `--blkio-weight-device=""` | Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) | +| `--device-read-bps="" ` | Limit read rate from a device (format: `:[]`. | +| | Number is a positive integer. Unit can be one of kb, mb, or gb. | +| `--device-write-bps="" ` | Limit write rate to a device (format: `:[]`. | +| | Number is a positive integer. Unit can be one of kb, mb, or gb. | | `--oom-kill-disable=false` | Whether to disable OOM Killer for the container or not. | | `--memory-swappiness="" ` | Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. | | `--shm-size="" ` | Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. | @@ -978,6 +982,18 @@ $ docker run -it \ --blkio-weight-device "/dev/sda:200" \ ubuntu +The `--device-read-bps` flag can limit read rate from a device. +For example, the command creates a container and limits theread rate to `1mb` per second from `/dev/sda`: + + $ docker run -ti --device-read-bps /dev/sda:1mb ubuntu + +The `--device-write-bps` flag can limit write rate to a device. +For example, the command creates a container and limits write rate to `1mb` per second to `/dev/sda`: + + $ docker run -ti --device-write-bps /dev/sda:1mb ubuntu + +Both flags take limits in the `:[unit]` format. Both read and write rates must be a positive integer. You can specify the rate in `kb` (kilobytes), `mb` (megabytes), or `gb` (gigabytes). + ## Additional groups --group-add: Add Linux capabilities diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 362eef7474..8212c6bd82 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -20,6 +20,8 @@ docker-create - Create a new container [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**--device**[=*[]*]] +[**--device-read-bps**[=*[]*]] +[**--device-write-bps**[=*[]*]] [**--dns**[=*[]*]] [**--dns-search**[=*[]*]] [**--dns-opt**[=*[]*]] @@ -125,6 +127,12 @@ two memory nodes. **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) +**--device-read-bps**=[] + Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb) + +**--device-write-bps**=[] + Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) + **--dns**=[] Set custom DNS servers diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 5ee9dea044..83c901006c 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -21,6 +21,8 @@ docker-run - Run a command in a new container [**--cpuset-mems**[=*CPUSET-MEMS*]] [**-d**|**--detach**[=*false*]] [**--device**[=*[]*]] +[**--device-read-bps**[=*[]*]] +[**--device-write-bps**[=*[]*]] [**--dns**[=*[]*]] [**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] @@ -192,6 +194,12 @@ stopping the process by pressing the keys CTRL-P CTRL-Q. **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) +**--device-read-bps**=[] + Limit read rate from a device (e.g. --device-read-bps=/dev/sda:1mb) + +**--device-write-bps**=[] + Limit write rate to a device (e.g. --device-write-bps=/dev/sda:1mb) + **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) From 66eef79e5818c38b55905ed464c721d8b66bf374 Mon Sep 17 00:00:00 2001 From: Chris Weyl Date: Mon, 30 Nov 2015 23:33:55 -0600 Subject: [PATCH 1037/2538] newtork -> network (minor spelling correction) ...yeah, that was bugging me. :) Signed-off-by: Chris Weyl --- docs/reference/commandline/network_create.md | 2 +- man/docker-network-create.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 4b794d8940..bdaafb4b5f 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -116,7 +116,7 @@ docker network create -d overlay --ip-range=192.168.1.0/24 --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 - my-multihost-newtork + my-multihost-network ``` Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index acbe267208..4d0782b697 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -116,7 +116,7 @@ docker network create -d overlay --ip-range=192.168.1.0/24 --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 - my-multihost-newtork + my-multihost-network ``` Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. From ac40ecf7119c4cefa8cb7b5150bd6d33dc18b087 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Wed, 18 Nov 2015 01:13:02 -0800 Subject: [PATCH 1038/2538] update bash completion for seccomp Signed-off-by: Jessica Frazelle --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f3997a0c77..1d3b986e04 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1546,7 +1546,7 @@ _docker_run() { fi ;; *) - COMPREPLY=( $( compgen -W "label apparmor" -S ":" -- "$cur") ) + COMPREPLY=( $( compgen -W "label apparmor seccomp" -S ":" -- "$cur") ) __docker_nospace ;; esac From 7071c15b5f8905b0c09bca4cd651a28bafc6fb1a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 4 Dec 2015 13:09:46 +0100 Subject: [PATCH 1039/2538] docs: markdown and textual fixups in reference/run.md This fixes markdown formatting, and formatting of tables; - Our markdown engine doesn't support spanning rows, so re-wrapped table contents. - Added a CSS-styles to prevent "code" blocks in tables from wrapping - The "logging drivers" table didn't have a header - Aligned table borders in source code for better readability. - Standardize on using `-it` in stead of -i -t or -ti - Some markup issues - Some minor textual fixups Signed-off-by: Sebastiaan van Stijn --- docs/reference/run.md | 232 ++++++++++++++++++++++-------------------- 1 file changed, 119 insertions(+), 113 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 53923f9afa..4cbe3ec140 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -10,7 +10,10 @@ parent = "mn_reference" @@ -135,7 +138,8 @@ For interactive processes (like a shell), you must use `-i -t` together in order to allocate a tty for the container process. `-i -t` is often written `-it` as you'll see in later examples. Specifying `-t` is forbidden when the client standard output is redirected or piped, such as in: -`echo test | docker run -i busybox cat`. + + $ echo test | docker run -i busybox cat >**Note**: A process running as PID 1 inside a container is treated >specially by Linux: it ignores any signal with the default action. @@ -148,10 +152,11 @@ standard output is redirected or piped, such as in: The operator can identify a container in three ways: -- UUID long identifier - ("f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778") -- UUID short identifier ("f78375b1c487") -- Name ("evil_ptolemy") +| Identifier type | Example value | +| --------------------- | ------------------------------------------------------------------ | +| UUID long identifier | "f78375b1c487e03c9438c729345e54db9d20cfa2ac1fc3494b6eb60872e74778" | +| UUID short identifier | "f78375b1c487" | +| Name | "evil_ptolemy" | The UUID identifiers come from the Docker daemon. If you do not assign a container name with the `--name` option, then the daemon generates a random @@ -160,7 +165,8 @@ container. If you specify a `name`, you can use it when referencing the container within a Docker network. This works for both background and foreground Docker containers. -**Note**: Containers on the default bridge network must be linked to communicate by name. +> **Note**: Containers on the default bridge network must be linked to +> communicate by name. ### PID equivalent @@ -390,7 +396,7 @@ $ docker run --net=my-net -itd --name=container3 busybox ### Managing /etc/hosts Your container will have lines in `/etc/hosts` which define the hostname of the -container itself as well as `localhost` and a few other common things. The +container itself as well as `localhost` and a few other common things. The `--add-host` flag can be used to add additional lines to `/etc/hosts`. $ docker run -it --add-host db-static:86.75.30.9 ubuntu cat /etc/hosts @@ -579,23 +585,23 @@ the `--security-opt` flag. For example, you can specify the MCS/MLS level, a requirement for MLS systems. Specifying the level in the following command allows you to share the same content between containers. - $ docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash + $ docker run --security-opt label:level:s0:c100,c200 -it fedora bash An MLS example might be: - $ docker run --security-opt label:level:TopSecret -i -t rhel7 bash + $ docker run --security-opt label:level:TopSecret -it rhel7 bash To disable the security labeling for this container versus running with the `--permissive` flag, use the following command: - $ docker run --security-opt label:disable -i -t fedora bash + $ docker run --security-opt label:disable -it fedora bash If you want a tighter security policy on the processes within a container, you can specify an alternate type for the container. You could run a container that is only allowed to listen on Apache ports by executing the following command: - $ docker run --security-opt label:type:svirt_apache_t -i -t centos bash + $ docker run --security-opt label:type:svirt_apache_t -it centos bash > **Note**: You would have to write policy defining a `svirt_apache_t` type. @@ -611,29 +617,24 @@ parent group. The operator can also adjust the performance parameters of the container: -| Option | Description | -|----------------------------|---------------------------------------------------------------------------------------------| -| `-m`, `--memory="" ` | Memory limit (format: `[]`, where unit = b, k, m or g) | -| `--memory-swap=""` | Total memory limit (memory + swap, format: `[]`, where unit = b, k, m or g) | -| `--memory-reservation=""` | Memory soft limit (format: `[]`, where unit = b, k, m or g) | -| `--kernel-memory=""` | Kernel memory limit (format: `[]`, where unit = b, k, m or g) | -| `-c`, `--cpu-shares=0` | CPU shares (relative weight) | -| `--cpu-period=0` | Limit the CPU CFS (Completely Fair Scheduler) period | -| `--cpuset-cpus="" ` | CPUs in which to allow execution (0-3, 0,1) | -| `--cpuset-mems=""` | Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. | -| `--cpu-quota=0` | Limit the CPU CFS (Completely Fair Scheduler) quota | -| `--blkio-weight=0` | Block IO weight (relative weight) accepts a weight value between 10 and 1000. | -| `--blkio-weight-device=""` | Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) | -| `--device-read-bps="" ` | Limit read rate from a device (format: `:[]`. | -| | Number is a positive integer. Unit can be one of kb, mb, or gb. | -| `--device-write-bps="" ` | Limit write rate to a device (format: `:[]`. | -| | Number is a positive integer. Unit can be one of kb, mb, or gb. | -| `--oom-kill-disable=false` | Whether to disable OOM Killer for the container or not. | -| `--memory-swappiness="" ` | Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. | -| `--shm-size="" ` | Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. | -| | Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or | -| | `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size | -| | entirely, the system uses `64m`. | +| Option | Description | +| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| `-m`, `--memory=""` | Memory limit (format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | +| `--memory-swap=""` | Total memory limit (memory + swap, format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | +| `--memory-reservation=""` | Memory soft limit (format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | +| `--kernel-memory=""` | Kernel memory limit (format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | +| `-c`, `--cpu-shares=0` | CPU shares (relative weight) | +| `--cpu-period=0` | Limit the CPU CFS (Completely Fair Scheduler) period | +| `--cpuset-cpus=""` | CPUs in which to allow execution (0-3, 0,1) | +| `--cpuset-mems=""` | Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. | +| `--cpu-quota=0` | Limit the CPU CFS (Completely Fair Scheduler) quota | +| `--blkio-weight=0` | Block IO weight (relative weight) accepts a weight value between 10 and 1000. | +| `--blkio-weight-device=""` | Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) | +| `--device-read-bps=""` | Limit read rate from a device (format: `:[]`). Number is a positive integer. Unit can be one of `kb`, `mb`, or `gb`. | +| `--device-write-bps=""` | Limit write rate to a device (format: `:[]`). Number is a positive integer. Unit can be one of `kb`, `mb`, or `gb`. | +| `--oom-kill-disable=false` | Whether to disable OOM Killer for the container or not. | +| `--memory-swappiness=""` | Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. | +| `--shm-size=""` | Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. | ### User memory constraints @@ -687,25 +688,25 @@ We have four ways to set user memory usage: Examples: - $ docker run -ti ubuntu:14.04 /bin/bash + $ docker run -it ubuntu:14.04 /bin/bash We set nothing about memory, this means the processes in the container can use as much memory and swap memory as they need. - $ docker run -ti -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash + $ docker run -it -m 300M --memory-swap -1 ubuntu:14.04 /bin/bash We set memory limit and disabled swap memory limit, this means the processes in the container can use 300M memory and as much swap memory as they need (if the host supports swap memory). - $ docker run -ti -m 300M ubuntu:14.04 /bin/bash + $ docker run -it -m 300M ubuntu:14.04 /bin/bash We set memory limit only, this means the processes in the container can use 300M memory and 300M swap memory, by default, the total virtual memory size (--memory-swap) will be set as double of memory, in this case, memory + swap would be 2*300M, so processes can use 300M swap memory as well. - $ docker run -ti -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash + $ docker run -it -m 300M --memory-swap 1G ubuntu:14.04 /bin/bash We set both memory and swap memory, so the processes in the container can use 300M memory and 700M swap memory. @@ -730,7 +731,7 @@ The following example limits the memory (`-m`) to 500M and sets the memory reservation to 200M. ```bash -$ docker run -ti -m 500M --memory-reservation 200M ubuntu:14.04 /bin/bash +$ docker run -it -m 500M --memory-reservation 200M ubuntu:14.04 /bin/bash ``` Under this configuration, when the container consumes memory more than 200M and @@ -740,7 +741,7 @@ memory below 200M. The following example set memory reservation to 1G without a hard memory limit. ```bash -$ docker run -ti --memory-reservation 1G ubuntu:14.04 /bin/bash +$ docker run -it --memory-reservation 1G ubuntu:14.04 /bin/bash ``` The container can use as much memory as it needs. The memory reservation setting @@ -757,11 +758,11 @@ memory. The following example limits the memory to 100M and disables the OOM killer for this container: - $ docker run -ti -m 100M --oom-kill-disable ubuntu:14.04 /bin/bash + $ docker run -it -m 100M --oom-kill-disable ubuntu:14.04 /bin/bash The following example, illustrates a dangerous way to use the flag: - $ docker run -ti --oom-kill-disable ubuntu:14.04 /bin/bash + $ docker run -it --oom-kill-disable ubuntu:14.04 /bin/bash The container has unlimited memory which can cause the host to run out memory and require killing system processes to free memory. @@ -826,12 +827,12 @@ limit and "K" the kernel limit. There are three possible ways to set limits: Examples: - $ docker run -ti -m 500M --kernel-memory 50M ubuntu:14.04 /bin/bash + $ docker run -it -m 500M --kernel-memory 50M ubuntu:14.04 /bin/bash We set memory and kernel memory, so the processes in the container can use 500M memory in total, in this 500M memory, it can be 50M kernel memory tops. - $ docker run -ti --kernel-memory 50M ubuntu:14.04 /bin/bash + $ docker run -it --kernel-memory 50M ubuntu:14.04 /bin/bash We set kernel memory without **-m**, so the processes in the container can use as much memory as they want, but they can only use 50M kernel memory. @@ -846,7 +847,7 @@ between 0 and 100. A value of 0 turns off anonymous page swapping. A value of For example, you can set: - $ docker run -ti --memory-swappiness=0 ubuntu:14.04 /bin/bash + $ docker run -it --memory-swappiness=0 ubuntu:14.04 /bin/bash Setting the `--memory-swappiness` option is helpful when you want to retain the container's working set and to avoid swapping performance penalties. @@ -895,7 +896,7 @@ And usually `--cpu-period` should work with `--cpu-quota`. Examples: - $ docker run -ti --cpu-period=50000 --cpu-quota=25000 ubuntu:14.04 /bin/bash + $ docker run -it --cpu-period=50000 --cpu-quota=25000 ubuntu:14.04 /bin/bash If there is 1 CPU, this means the container can get 50% CPU worth of run-time every 50ms. @@ -907,11 +908,11 @@ We can set cpus in which to allow execution for containers. Examples: - $ docker run -ti --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash + $ docker run -it --cpuset-cpus="1,3" ubuntu:14.04 /bin/bash This means processes in container can be executed on cpu 1 and cpu 3. - $ docker run -ti --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash + $ docker run -it --cpuset-cpus="0-2" ubuntu:14.04 /bin/bash This means processes in container can be executed on cpu 0, cpu 1 and cpu 2. @@ -920,12 +921,12 @@ on NUMA systems. Examples: - $ docker run -ti --cpuset-mems="1,3" ubuntu:14.04 /bin/bash + $ docker run -it --cpuset-mems="1,3" ubuntu:14.04 /bin/bash This example restricts the processes in the container to only use memory from memory nodes 1 and 3. - $ docker run -ti --cpuset-mems="0-2" ubuntu:14.04 /bin/bash + $ docker run -it --cpuset-mems="0-2" ubuntu:14.04 /bin/bash This example restricts the processes in the container to only use memory from memory nodes 0, 1 and 2. @@ -953,8 +954,8 @@ The `--blkio-weight` flag can set the weighting to a value between 10 to 1000. For example, the commands below create two containers with different blkio weight: - $ docker run -ti --name c1 --blkio-weight 300 ubuntu:14.04 /bin/bash - $ docker run -ti --name c2 --blkio-weight 600 ubuntu:14.04 /bin/bash + $ docker run -it --name c1 --blkio-weight 300 ubuntu:14.04 /bin/bash + $ docker run -it --name c2 --blkio-weight 600 ubuntu:14.04 /bin/bash If you do block IO in the two containers at the same time, by, for example: @@ -967,9 +968,9 @@ The `--blkio-weight-device="DEVICE_NAME:WEIGHT"` flag sets a specific device wei The `DEVICE_NAME:WEIGHT` is a string containing a colon-separated device name and weight. For example, to set `/dev/sda` device weight to `200`: -$ docker run -it \ - --blkio-weight-device "/dev/sda:200" \ - ubuntu + $ docker run -it \ + --blkio-weight-device "/dev/sda:200" \ + ubuntu If you specify both the `--blkio-weight` and `--blkio-weight-device`, Docker uses the `--blkio-weight` as the default weight and uses `--blkio-weight-device` @@ -977,22 +978,26 @@ to override this default with a new value on a specific device. The following example uses a default weight of `300` and overrides this default on `/dev/sda` setting that weight to `200`: -$ docker run -it \ - --blkio-weight 300 \ - --blkio-weight-device "/dev/sda:200" \ - ubuntu + $ docker run -it \ + --blkio-weight 300 \ + --blkio-weight-device "/dev/sda:200" \ + ubuntu -The `--device-read-bps` flag can limit read rate from a device. -For example, the command creates a container and limits theread rate to `1mb` per second from `/dev/sda`: +The `--device-read-bps` flag limits the read rate from a device. For example, +this command creates a container and limits the read rate to `1mb` per second +from `/dev/sda`: - $ docker run -ti --device-read-bps /dev/sda:1mb ubuntu + $ docker run -it --device-read-bps /dev/sda:1mb ubuntu -The `--device-write-bps` flag can limit write rate to a device. -For example, the command creates a container and limits write rate to `1mb` per second to `/dev/sda`: +The `--device-write-bps` flag limits the write rate to a device. For example, +this command creates a container and limits the write rate to `1mb` per second +for `/dev/sda`: - $ docker run -ti --device-write-bps /dev/sda:1mb ubuntu + $ docker run -it --device-write-bps /dev/sda:1mb ubuntu -Both flags take limits in the `:[unit]` format. Both read and write rates must be a positive integer. You can specify the rate in `kb` (kilobytes), `mb` (megabytes), or `gb` (gigabytes). +Both flags take limits in the `:[unit]` format. Both read +and write rates must be a positive integer. You can specify the rate in `kb` +(kilobytes), `mb` (megabytes), or `gb` (gigabytes). ## Additional groups --group-add: Add Linux capabilities @@ -1001,7 +1006,7 @@ By default, the docker container process runs with the supplementary groups look up for the specified user. If one wants to add more to that list of groups, then one can use this flag: - $ docker run -ti --rm --group-add audio --group-add dbus --group-add 777 busybox id + $ docker run -it --rm --group-add audio --group-add dbus --group-add 777 busybox id uid=0(root) gid=0(root) groups=10(wheel),29(audio),81(dbus),777 ## Runtime privilege and Linux capabilities @@ -1051,45 +1056,45 @@ In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default list of capabilities that are kept. The following table lists the Linux capability options which can be added or dropped. -| Capability Key | Capability Description | -| -------------- | ---------------------- | -| SETPCAP | Modify process capabilities. | -| SYS_MODULE| Load and unload kernel modules. | -| SYS_RAWIO | Perform I/O port operations (iopl(2) and ioperm(2)). | -| SYS_PACCT | Use acct(2), switch process accounting on or off. | -| SYS_ADMIN | Perform a range of system administration operations. | -| SYS_NICE | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes. | -| SYS_RESOURCE | Override resource Limits. | -| SYS_TIME | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock. | -| SYS_TTY_CONFIG | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals. | -| MKNOD | Create special files using mknod(2). | -| AUDIT_WRITE | Write records to kernel auditing log. | -| AUDIT_CONTROL | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules. | -| MAC_OVERRIDE | Allow MAC configuration or state changes. Implemented for the Smack LSM. | -| MAC_ADMIN | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM). | -| NET_ADMIN | Perform various network-related operations. | -| SYSLOG | Perform privileged syslog(2) operations. | -| CHOWN | Make arbitrary changes to file UIDs and GIDs (see chown(2)). | -| NET_RAW | Use RAW and PACKET sockets. | -| DAC_OVERRIDE | Bypass file read, write, and execute permission checks. | -| FOWNER | Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file. | -| DAC_READ_SEARCH | Bypass file read permission checks and directory read and execute permission checks. | -| FSETID | Don't clear set-user-ID and set-group-ID permission bits when a file is modified. | -| KILL | Bypass permission checks for sending signals. | -| SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. | -| SETUID | Make arbitrary manipulations of process UIDs. | -| LINUX_IMMUTABLE | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags. | -| NET_BIND_SERVICE | Bind a socket to internet domain privileged ports (port numbers less than 1024). | -| NET_BROADCAST | Make socket broadcasts, and listen to multicasts. | -| IPC_LOCK | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)). | -| IPC_OWNER | Bypass permission checks for operations on System V IPC objects. | -| SYS_CHROOT | Use chroot(2), change root directory. | -| SYS_PTRACE | Trace arbitrary processes using ptrace(2). | -| SYS_BOOT | Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution. | -| LEASE | Establish leases on arbitrary files (see fcntl(2)). | -| SETFCAP | Set file capabilities.| -| WAKE_ALARM | Trigger something that will wake up the system. | -| BLOCK_SUSPEND | Employ features that can block system suspend. | +| Capability Key | Capability Description | +| ---------------- | ----------------------------------------------------------------------------------------------------------------------------- | +| SETPCAP | Modify process capabilities. | +| SYS_MODULE | Load and unload kernel modules. | +| SYS_RAWIO | Perform I/O port operations (iopl(2) and ioperm(2)). | +| SYS_PACCT | Use acct(2), switch process accounting on or off. | +| SYS_ADMIN | Perform a range of system administration operations. | +| SYS_NICE | Raise process nice value (nice(2), setpriority(2)) and change the nice value for arbitrary processes. | +| SYS_RESOURCE | Override resource Limits. | +| SYS_TIME | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock. | +| SYS_TTY_CONFIG | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals. | +| MKNOD | Create special files using mknod(2). | +| AUDIT_WRITE | Write records to kernel auditing log. | +| AUDIT_CONTROL | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules. | +| MAC_OVERRIDE | Allow MAC configuration or state changes. Implemented for the Smack LSM. | +| MAC_ADMIN | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM). | +| NET_ADMIN | Perform various network-related operations. | +| SYSLOG | Perform privileged syslog(2) operations. | +| CHOWN | Make arbitrary changes to file UIDs and GIDs (see chown(2)). | +| NET_RAW | Use RAW and PACKET sockets. | +| DAC_OVERRIDE | Bypass file read, write, and execute permission checks. | +| FOWNER | Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file. | +| DAC_READ_SEARCH | Bypass file read permission checks and directory read and execute permission checks. | +| FSETID | Don't clear set-user-ID and set-group-ID permission bits when a file is modified. | +| KILL | Bypass permission checks for sending signals. | +| SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. | +| SETUID | Make arbitrary manipulations of process UIDs. | +| LINUX_IMMUTABLE | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags. | +| NET_BIND_SERVICE | Bind a socket to internet domain privileged ports (port numbers less than 1024). | +| NET_BROADCAST | Make socket broadcasts, and listen to multicasts. | +| IPC_LOCK | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)). | +| IPC_OWNER | Bypass permission checks for operations on System V IPC objects. | +| SYS_CHROOT | Use chroot(2), change root directory. | +| SYS_PTRACE | Trace arbitrary processes using ptrace(2). | +| SYS_BOOT | Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution. | +| LEASE | Establish leases on arbitrary files (see fcntl(2)). | +| SETFCAP | Set file capabilities. | +| WAKE_ALARM | Trigger something that will wake up the system. | +| BLOCK_SUSPEND | Employ features that can block system suspend. Further reference information is available on the [capabilities(7) - Linux man page](http://linux.die.net/man/7/capabilities) @@ -1101,9 +1106,9 @@ operator wants to have all capabilities but `MKNOD` they could use: For interacting with the network stack, instead of using `--privileged` they should use `--cap-add=NET_ADMIN` to modify the network interfaces. - $ docker run -t -i --rm ubuntu:14.04 ip link add dummy0 type dummy + $ docker run -it --rm ubuntu:14.04 ip link add dummy0 type dummy RTNETLINK answers: Operation not permitted - $ docker run -t -i --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy + $ docker run -it --rm --cap-add=NET_ADMIN ubuntu:14.04 ip link add dummy0 type dummy To mount a FUSE based filesystem, you need to combine both `--cap-add` and `--device`: @@ -1135,8 +1140,9 @@ The container can have a different logging driver than the Docker daemon. Use the `--log-driver=VALUE` with the `docker run` command to configure the container's logging driver. The following options are supported: +| Driver | Description | +| ----------- | ----------------------------------------------------------------------------------------------------------------------------- | | `none` | Disables any logging for the container. `docker logs` won't be available with this driver. | -|-------------|-------------------------------------------------------------------------------------------------------------------------------| | `json-file` | Default logging driver for Docker. Writes JSON messages to file. No logging options are supported for this driver. | | `syslog` | Syslog logging driver for Docker. Writes log messages to syslog. | | `journald` | Journald logging driver for Docker. Writes log messages to `journald`. | @@ -1202,12 +1208,12 @@ runtime by using a string to specify the new `ENTRYPOINT`. Here is an example of how to run a shell in a container that has been set up to automatically run something else (like `/usr/bin/redis-server`): - $ docker run -i -t --entrypoint /bin/bash example/redis + $ docker run -it --entrypoint /bin/bash example/redis or two examples of how to pass more parameters to that ENTRYPOINT: - $ docker run -i -t --entrypoint /bin/bash example/redis -c ls -l - $ docker run -i -t --entrypoint /usr/bin/redis-cli example/redis --help + $ docker run -it --entrypoint /bin/bash example/redis -c ls -l + $ docker run -it --entrypoint /usr/bin/redis-cli example/redis --help ### EXPOSE (incoming ports) From b4a012656c4636d4c4553ede7fb7f059f48449f4 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 15 Nov 2015 13:31:13 -0800 Subject: [PATCH 1040/2538] Improve bash completion for `docker network disconnect` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1d3b986e04..7210e42cb3 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -157,6 +157,11 @@ __docker_networks() { COMPREPLY=( $(compgen -W "$networks" -- "$cur") ) } +__docker_containers_in_network() { + local containers=$(__docker_q network inspect -f '{{range $i, $c := .Containers}}{{$i}} {{$c.Name}} {{end}}' "$1") + COMPREPLY=( $(compgen -W "$containers" -- "$cur") ) +} + __docker_volumes() { COMPREPLY=( $(compgen -W "$(__docker_q volume ls -q)" -- "$cur") ) } @@ -1092,7 +1097,7 @@ _docker_network_connect() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--tail') + local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then __docker_networks elif [ $cword -eq $(($counter + 1)) ]; then @@ -1127,9 +1132,19 @@ _docker_network_create() { } _docker_network_disconnect() { - # TODO disconnect should only complete running containers connected - # to the specified network. - _docker_network_connect + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_networks + elif [ $cword -eq $(($counter + 1)) ]; then + __docker_containers_in_network "$prev" + fi + ;; + esac } _docker_network_inspect() { From 93ce6fd9f547c7b3fe6328f6fccb0230f86f7c20 Mon Sep 17 00:00:00 2001 From: Sambuddha Basu Date: Tue, 8 Dec 2015 22:08:29 +0400 Subject: [PATCH 1041/2538] The docs now explain that images with repo:tag as : are dangling images. Signed-off-by: Sambuddha Basu --- docs/reference/commandline/images.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index e00840de22..651522c841 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -136,9 +136,9 @@ The currently supported filters are: This will display untagged images, that are the leaves of the images tree (not intermediary layers). These images occur when a new build of an image takes the -`repo:tag` away from the image ID, leaving it untagged. A warning will be issued -if trying to remove an image when a container is presently using it. -By having this flag it allows for batch cleanup. +`repo:tag` away from the image ID, leaving it as `:` or untagged. +A warning will be issued if trying to remove an image when a container is presently +using it. By having this flag it allows for batch cleanup. Ready for use by `docker rmi ...`, like: From d9278dd4a81d3f551f762f11735888c76847f749 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 9 Dec 2015 14:26:41 +0800 Subject: [PATCH 1042/2538] Check minimum kernel memory limit to be 4M Fixes: #18405 Signed-off-by: Qiang Huang --- docs/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 4cbe3ec140..160ad986c7 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -619,10 +619,10 @@ container: | Option | Description | | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | -| `-m`, `--memory=""` | Memory limit (format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | +| `-m`, `--memory=""` | Memory limit (format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. Minimum is 4M. | | `--memory-swap=""` | Total memory limit (memory + swap, format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | | `--memory-reservation=""` | Memory soft limit (format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | -| `--kernel-memory=""` | Kernel memory limit (format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. | +| `--kernel-memory=""` | Kernel memory limit (format: `[]`). Number is a positive integer. Unit can be one of `b`, `k`, `m`, or `g`. Minimum is 4M. | | `-c`, `--cpu-shares=0` | CPU shares (relative weight) | | `--cpu-period=0` | Limit the CPU CFS (Completely Fair Scheduler) period | | `--cpuset-cpus=""` | CPUs in which to allow execution (0-3, 0,1) | From fa963568726a0ca221c7ad3c2b66ab6aefa5b45c Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 9 Dec 2015 11:26:07 -0800 Subject: [PATCH 1043/2538] Update docs for addition of transfer manager Closing the HTTP connection requesting a push or pull will cancel the push or pull. This behavior also applies to the CLI. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/build.md | 9 +++------ docs/reference/commandline/pull.md | 3 +++ docs/reference/commandline/push.md | 3 +++ 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 5118acd1b4..88e57dce54 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -98,12 +98,9 @@ adding a `.dockerignore` file to that directory as well. For information on creating one, see the [.dockerignore file](../builder.md#dockerignore-file). If the Docker client loses connection to the daemon, the build is canceled. -This happens if you interrupt the Docker client with `ctrl-c` or if the Docker -client is killed for any reason. - -> **Note:** -> Currently only the "run" phase of the build can be canceled until pull -> cancellation is implemented). +This happens if you interrupt the Docker client with `CTRL-c` or if the Docker +client is killed for any reason. If the build initiated a pull which is still +running at the time the build is cancelled, the pull is cancelled as well. ## Return code diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index efcaed6125..460255ccd2 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -49,3 +49,6 @@ use `docker pull`: # manually specifies the path to the default Docker registry. This could # be replaced with the path to a local registry to pull from another source. # sudo docker pull myhub.com:8080/test-image + +Killing the `docker pull` process, for example by pressing `CTRL-c` while it is +running in a terminal, will terminate the pull operation. diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index cdc6ac2da8..c26169eb92 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -19,3 +19,6 @@ parent = "smn_cli" Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) registry or to a self-hosted one. + +Killing the `docker push` process, for example by pressing `CTRL-c` while it is +running in a terminal, will terminate the push operation. From 87f122321641c227494dab116d9617da0c58a4d0 Mon Sep 17 00:00:00 2001 From: Dima Stopel Date: Wed, 4 Nov 2015 15:49:53 +0200 Subject: [PATCH 1044/2538] Adding authorization subsystem documentation Signed-off-by: Dima Stopel --- docs/extend/authorization.md | 119 +++++++++++++++++++++++++++ docs/reference/commandline/daemon.md | 7 ++ 2 files changed, 126 insertions(+) create mode 100644 docs/extend/authorization.md diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md new file mode 100644 index 0000000000..2f722e6fa2 --- /dev/null +++ b/docs/extend/authorization.md @@ -0,0 +1,119 @@ + + + +# Access authorization + +By default Docker’s authorization model is all or nothing. Anyone who has access to the Docker daemon has the ability to run any Docker command. Authorization plugins enable creating granular access policies for managing access to Docker daemon. + +## Basic principles + +* The authorization sub-system is based on Docker's [Plugin API](http://docs.docker.com/engine/extend/plugin_api), so that anyone could add / develop an authorization plug-in. It is possible to add a plug-in to a deployed Docker daemon without the need to rebuild the daemon. Daemon restart is required. + +* The authorization sub-system enables approving or denying requests to the Docker daemon based on the current user and command context, where the authentication context contains all user details and the authentication method, and the command context contains all the relevant request data. + +* The authorization sub-system enables approving or denying the response from the Docker daemon based on the current user and the command context. + +## Basic architecture + +Authorization is integrated into Docker daemon by enabling external authorization plug-ins registration as part of the daemon stratup. Each plug-in will receive user's information (retrieved using the authentication sub-system) and HTTP request information and decide whether to allow or deny the request. Plugins can be chained together and only in case where all plug-ins allow accessing the resource, the is access granted. + +Recently Docker introduced a new extendability mechanism called [plug-in infrastructure](http://docs.docker.com/engine/extend/plugin_api), which enables extending Docker by dynamically loading, removing and communicating with third-party components using a generic, easily extendable, API. The authorization sub-system was build using this mechanism. + +To enable full extendability, each plugin receives the authenticated user name, the request context including the user, HTTP headers, and the request/response body. No authentication information will be passed to the authorization plug-in except for: 1) user name, and 2) authentication method that was used. Specifically, no user credentials or tokens will be passed. The request / response bodies will be sent to the plugin only in case the Content-Type is either `text/*` or `application/json`. + +For commands that involve the hijacking of the HTTP connection (HTTP Upgrade), such as `exec`, the authorization plugins will only be called for the initial HTTP requests, once the commands are approved, authorization will not be applied to the rest of the flow. Specifically, the streaming data will not be passed to the authorization plugins. For commands that return chunked HTTP response, such as `logs` and `events`, only the HTTP request will be sent to the authorization plug-ins as well. + +During request / response processing, some authorization plugins flows might require performing additional queries to the docker daemon. To complete such a flows plugins can call the daemon API similar to the regular user, which means the plugin admin will have to configure proper authentication and security policies. + +## API schema + +In addition to the standard plugin registration method, each plugin should implement the following two methods: + +`/AuthzPlugin.AuthZReq` The authorize request method, which is called before Docker daemon processes the client request. + +`/AuthzPlugin.AuthZRes` The authorize response method, which is called before the response is returned from Docker daemon to the client. + + +### Request authorization +#### Daemon -> Plugin + +Name | Type | Description +-----------------------|-------------------|------------------------------------------------------- +User | string | The user identification +Authentication method | string | The authentication method used +Request method | enum | The HTTP method (GET/DELETE/POST) +Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json) +Request headers | map[string]string | Request headers as key value pairs (without the authorization header) +Request body | []byte | Raw request body + + +#### Plugin -> Daemon + +Name | Type | Description +--------|--------|---------------------------------------------------------------------------------- +Allow | bool | Boolean value indicating whether the request is allowed or denied +Message | string | Authorization message (will be returned to the client in case the access is denied) + +### Response authorization +#### Daemon -> Plugin + + +Name | Type | Description +----------------------- |------------------ |---------------------------------------------------- +User | string | The user identification +Authentication method | string | The authentication method used +Request method | string | The HTTP method (GET/DELETE/POST) +Request URI | string | The http request URI including API version (e.g., v.1.17/containers/json) +Request headers | map[string]string | Request headers as key value pairs (without the authorization header) +Request body | []byte | Raw request body +Response status code | int | Status code from the docker daemon +Response headers | map[string]string | Response headers as key value pairs +Response body | []byte | Raw docker daemon response body + + +#### Plugin -> Daemon + +Name | Type | Description +--------|--------|---------------------------------------------------------------------------------- +Allow | bool | Boolean value indicating whether the response is allowed or denied +Message | string | Authorization message (will be returned to the client in case the access is denied) + +## UX flows + +### Setting up docker daemon + +Authorization plugins are enabled with a dedicated command line argument. The argument contains a comma separated list of the plugin names, which should be the same as the plugin’s socket or spec file. +``` +$ docker -d authz-plugins=plugin1,plugin2,... +``` + +### Calling authorized command (allow) + +No impact on command output +``` +$ docker pull centos +... +f1b10cd84249: Pull complete +... +``` + +### Calling unauthorized command (deny) + +``` +$ docker pull centos +… +Authorization failed. Pull command for user 'john_doe' is denied by authorization plugin 'ACME' with message ‘[ACME] User 'john_doe' is not allowed to perform the pull command’ +``` + + + + diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 9c5efa3bf0..05fb5428d3 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -17,6 +17,7 @@ weight = -1 Options: --api-cors-header="" Set CORS headers in the remote API + --authz-plugins=[] Set authorization plugins to load -b, --bridge="" Attach containers to a network bridge --bip="" Specify network bridge IP -D, --debug=false Enable debug mode @@ -601,6 +602,12 @@ The currently supported cluster store options are: private key is used as the client key for communication with the Key/Value store. +## Access authorization + +The `--authz-plugins` option instructs the daemon to load the authorization plugins. Authorization plugins must follow the rules described in [Docker Plugin API](http://docs.docker.com/engine/extend/plugin_api/) and reside within directories described under the [plugin discovery](http://docs.docker.com/engine/extend/plugin_api/#plugin-discovery) section. The option accepts a set of plugin names to load, for example `--authz-plugins=plugin1,plugin2`. + + +More information about how to create an authorization plugin can be found under the [authorization](https://docs.docker.com/engine/extend/authorization/) section in the user guide. ## Miscellaneous options From 67d3265c4bd6413434cff3614b0f5339e3b05024 Mon Sep 17 00:00:00 2001 From: Liron Levin Date: Thu, 12 Nov 2015 13:06:47 +0200 Subject: [PATCH 1045/2538] Docker authorization plug-in infrastructure enables extending the functionality of the Docker daemon with respect to user authorization. The infrastructure enables registering a set of external authorization plug-in. Each plug-in receives information about the user and the request and decides whether to allow or deny the request. Only in case all plug-ins allow accessing the resource the access is granted. Each plug-in operates as a separate service, and registers with Docker through general (plug-ins API) [https://blog.docker.com/2015/06/extending-docker-with-plugins/]. No Docker daemon recompilation is required in order to add / remove an authentication plug-in. Each plug-in is notified twice for each operation: 1) before the operation is performed and, 2) before the response is returned to the client. The plug-ins can modify the response that is returned to the client. The authorization depends on the authorization effort that takes place in parallel [https://github.com/docker/docker/issues/13697]. This is the official issue of the authorization effort: https://github.com/docker/docker/issues/14674 (Here)[https://github.com/rhatdan/docker-rbac] you can find an open document that discusses a default RBAC plug-in for Docker. Signed-off-by: Liron Levin Added container create flow test and extended the verification for ps --- docs/extend/authorization.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md index 2f722e6fa2..7b599b28c7 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/authorization.md @@ -91,9 +91,10 @@ Message | string | Authorization message (will be returned to the client in case ### Setting up docker daemon -Authorization plugins are enabled with a dedicated command line argument. The argument contains a comma separated list of the plugin names, which should be the same as the plugin’s socket or spec file. +Authorization plugins are enabled with a dedicated command line argument. The argument contains the plugin name, which should be the same as the plugin’s socket or spec file. +Multiple authz-plugin parameters are supported. ``` -$ docker -d authz-plugins=plugin1,plugin2,... +$ docker daemon --authz-plugins=plugin1 --auth-plugins=plugin2,... ``` ### Calling authorized command (allow) From 00962f362bc7d5fe3efd384176bef426fcaf2c67 Mon Sep 17 00:00:00 2001 From: Dima Stopel Date: Tue, 8 Dec 2015 14:54:33 +0200 Subject: [PATCH 1046/2538] Fixing documentation according to comments by @moxiegirl and @thaJeztah Signed-off-by: Dima Stopel --- docs/extend/authorization.md | 223 ++++++++++++++---- docs/extend/images/authz_additional_info.png | Bin 0 -> 45916 bytes docs/extend/images/authz_allow.png | Bin 0 -> 33505 bytes docs/extend/images/authz_chunked.png | Bin 0 -> 33168 bytes .../extend/images/authz_connection_hijack.png | Bin 0 -> 38780 bytes docs/extend/images/authz_deny.png | Bin 0 -> 27099 bytes docs/reference/commandline/daemon.md | 26 +- 7 files changed, 197 insertions(+), 52 deletions(-) create mode 100644 docs/extend/images/authz_additional_info.png create mode 100644 docs/extend/images/authz_allow.png create mode 100644 docs/extend/images/authz_chunked.png create mode 100644 docs/extend/images/authz_connection_hijack.png create mode 100644 docs/extend/images/authz_deny.png diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md index 7b599b28c7..d16ba350a7 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/authorization.md @@ -10,40 +10,192 @@ weight = -1 -# Access authorization +# Create an authorization plugin -By default Docker’s authorization model is all or nothing. Anyone who has access to the Docker daemon has the ability to run any Docker command. Authorization plugins enable creating granular access policies for managing access to Docker daemon. +Docker’s out-of-the-box authorization model is all or nothing. Any user with +permission to access to the Docker daemon can run any Docker client command. The +same is true for callers using Docker's remote API to contact the daemon. If you +require greater access control, you can create authorization plugins and add +them to your Docker daemon configuration. Using an authorization plugin, a +Docker administrator can configure granular access policies for managing access +to Docker daemon. + +Anyone with the appropriate skills can develop an authorization plugin. These +skills, at their most basic, are knowledge of Docker, understanding of REST, and +sound programming knowledge. This document describes the architecture, state, +and methods information available to an authorization plugin developer. ## Basic principles -* The authorization sub-system is based on Docker's [Plugin API](http://docs.docker.com/engine/extend/plugin_api), so that anyone could add / develop an authorization plug-in. It is possible to add a plug-in to a deployed Docker daemon without the need to rebuild the daemon. Daemon restart is required. +Docker's [plugin infrastructure](http://docs.docker.com/engine/extend/plugin_api) enables +extending Docker by dynamically loading, removing and communicating with +third-party components using a generic API. The access authorization subsystem +was built using this mechanism. -* The authorization sub-system enables approving or denying requests to the Docker daemon based on the current user and command context, where the authentication context contains all user details and the authentication method, and the command context contains all the relevant request data. +Using this subsystem, you don't need to rebuild the Docker daemon to add an +authorization plugin. You can add a plugin to a installed Docker daemon. You do +need to restart the Docker daemon to add a new plugin. -* The authorization sub-system enables approving or denying the response from the Docker daemon based on the current user and the command context. +An authorization plugin approves or denies requests to the Docker daemon based +on both the current authentication context and the command context. The +authentication context contains all user details and the authentication method. +The command context contains all the relevant request data. + +Authorization plugins must follow the rules described in [Docker Plugin API](http://docs.docker.com/engine/extend/plugin_api/). +Each plugin must reside within directories described under the [plugin discovery](http://docs.docker.com/engine/extend/plugin_api/#plugin-discovery) +section. ## Basic architecture -Authorization is integrated into Docker daemon by enabling external authorization plug-ins registration as part of the daemon stratup. Each plug-in will receive user's information (retrieved using the authentication sub-system) and HTTP request information and decide whether to allow or deny the request. Plugins can be chained together and only in case where all plug-ins allow accessing the resource, the is access granted. +You are responsible for registering your plugin as part of the Docker daemon +startup. You can install multiple plugins and chain them together. This chain +can be ordered. Each request to the daemon passes in order through the chain. +Only when all the plugins grant access to the resource, is the access granted. -Recently Docker introduced a new extendability mechanism called [plug-in infrastructure](http://docs.docker.com/engine/extend/plugin_api), which enables extending Docker by dynamically loading, removing and communicating with third-party components using a generic, easily extendable, API. The authorization sub-system was build using this mechanism. +When an HTTP request is made to the Docker daemon through the CLI or via the +remote API, the authentication subsystem passes the request to the installed +authentication plugin(s). The request contains the user (caller) and command +context. The plugin is responsible for deciding whether to allow or deny the +request. -To enable full extendability, each plugin receives the authenticated user name, the request context including the user, HTTP headers, and the request/response body. No authentication information will be passed to the authorization plug-in except for: 1) user name, and 2) authentication method that was used. Specifically, no user credentials or tokens will be passed. The request / response bodies will be sent to the plugin only in case the Content-Type is either `text/*` or `application/json`. +Below please find tow sequence diagrams describing the *allow* and *deny* +authorization flows: -For commands that involve the hijacking of the HTTP connection (HTTP Upgrade), such as `exec`, the authorization plugins will only be called for the initial HTTP requests, once the commands are approved, authorization will not be applied to the rest of the flow. Specifically, the streaming data will not be passed to the authorization plugins. For commands that return chunked HTTP response, such as `logs` and `events`, only the HTTP request will be sent to the authorization plug-ins as well. +![Bad Address](images/authz_allow.png) -During request / response processing, some authorization plugins flows might require performing additional queries to the docker daemon. To complete such a flows plugins can call the daemon API similar to the regular user, which means the plugin admin will have to configure proper authentication and security policies. +![Bad Address](images/authz_deny.png) -## API schema +Each request sent to the plugin includes the authenticated user, the HTTP +headers, and the request/response body. Only the user name and the +authentication method used are passed to the plugin. Most importantly, no user +credentials or tokens are passed. Finally, not all request/response bodies +are sent to the authorization plugin. Only those request/response bodies where +the `Content-Type` is either `text/*` or `application/json` are sent. -In addition to the standard plugin registration method, each plugin should implement the following two methods: +For commands that can potentially the hijack the HTTP connection (`HTTP +Upgrade`), such as `exec`, the authorization plugin are only called for the +initial HTTP requests. Once the plugin approves the command, authorization is +not applied to the rest of the flow. Specifically, the streaming data is not +passed to the authorization plugins. For commands that return chunked HTTP +response, such as `logs` and `events`, only the HTTP request are sent to the +authorization plugins as well. -`/AuthzPlugin.AuthZReq` The authorize request method, which is called before Docker daemon processes the client request. +During request/response processing, some authorization plugins flows might +need to do additional queries to the Docker daemon. To complete such flows, +plugins can call the daemon API similar to a regular user. To enable these +additional queries, the plugin must provide the means for an administrator to +configure proper authentication and security policies. -`/AuthzPlugin.AuthZRes` The authorize response method, which is called before the response is returned from Docker daemon to the client. +## Docker client flows + +To enable and configure the authorization plugin, the plugin developer must support the Docker client interactions detailed in this section. + +### Setting up Docker daemon + +Enable the authorization plugin with a dedicated command line flag in the +`--authz-plugins=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` value. +This value can be the plugin’s socket or a path to a specification file. + +``` +$ docker daemon --authz-plugins=plugin1 --auth-plugins=plugin2,... +``` + +Docker's authorization subsystem supports multiple `--authz-plugin` parameters. + +### Calling authorized command (allow) + +Your plugin must support calling the `allow` command to authorize a command. This call does not impact Docker's command line. + +``` +$ docker pull centos +... +f1b10cd84249: Pull complete +... +``` + +### Calling unauthorized command (deny) + +Your plugin must support calling the `deny` command to report on the outcome of a plugin interaction. This call returns messages to Docker's command line informing the user of the outcome of each call. + +``` +$ docker pull centos +… +Authorization failed. Pull command for user 'john_doe' is denied by authorization plugin 'ACME' with message ‘[ACME] User 'john_doe' is not allowed to perform the pull command’ +``` + +Where multiple authorization plugins are installed, multiple messages are expected. -### Request authorization +## API schema and implementation + +Sample code for a typical plugin can be found here [ADD LINK]. In addition to Docker's standard plugin registration method, each plugin should implement the following two methods: + +* `/AuthzPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request. + +* `/AuthzPlugin.AuthZRes` This authorize response method is called before the response is returned from Docker daemon to the client. + +#### /AuthzPlugin.AuthZReq + +**Request**: + +``` +{ + "User": "The user identification" + "UserAuthNMethod": "The authentication method used" + "RequestMethod": "The HTTP method" + "RequestUri": "The HTTP request URI" + "RequestBody": "Byte array containing the raw HTTP request body" + "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string " + "RequestStatusCode": "Request status code" +} +``` + +**Response**: + +``` +{ + "Allow" : "Determined whether the user is allowed or not" + "Msg": "The authorization message" +} +``` + +#### /AuthzPlugin.AuthZRes + +**Request**: +``` +{ + "User": "The user identification" + "UserAuthNMethod": "The authentication method used" + "RequestMethod": "The HTTP method" + "RequestUri": "The HTTP request URI" + "RequestBody": "Byte array containing the raw HTTP request body" + "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string" + "RequestStatusCode": "Request status code" + "ResponseBody": "Byte array containing the raw HTTP response body" + "ResponseHeader": "Byte array containing the raw HTTP response header as a map[string][]string" + "ResponseStatusCode":"Response status code" +} +``` + +**Response**: +``` +{ + "Allow" : "Determined whether the user is allowed or not" + "Msg": "The authorization message" + "ModifiedBody": "Byte array containing a modified body of the raw HTTP body (or nil if no changes required)" + "ModifiedHeader": "Byte array containing a modified header of the HTTP response (or nil if no changes required)" + "ModifiedStatusCode": "int containing the modified version of the status code (or 0 if not change is required)" +} +``` + +The modified response enables the authorization plugin to manipulate the content +of the HTTP response. In case of more than one plugin, each subsequent plugin +receives a response (optionally) modified by a previous plugin. + +### Request authorization + +Each plugin must support two request authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message. + #### Daemon -> Plugin Name | Type | Description @@ -63,7 +215,10 @@ Name | Type | Description Allow | bool | Boolean value indicating whether the request is allowed or denied Message | string | Authorization message (will be returned to the client in case the access is denied) -### Response authorization +### Response authorization + +The plugin must support two authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message. + #### Daemon -> Plugin @@ -72,7 +227,7 @@ Name | Type | Description User | string | The user identification Authentication method | string | The authentication method used Request method | string | The HTTP method (GET/DELETE/POST) -Request URI | string | The http request URI including API version (e.g., v.1.17/containers/json) +Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json) Request headers | map[string]string | Request headers as key value pairs (without the authorization header) Request body | []byte | Raw request body Response status code | int | Status code from the docker daemon @@ -85,36 +240,4 @@ Response body | []byte | Raw docker daemon response body Name | Type | Description --------|--------|---------------------------------------------------------------------------------- Allow | bool | Boolean value indicating whether the response is allowed or denied -Message | string | Authorization message (will be returned to the client in case the access is denied) - -## UX flows - -### Setting up docker daemon - -Authorization plugins are enabled with a dedicated command line argument. The argument contains the plugin name, which should be the same as the plugin’s socket or spec file. -Multiple authz-plugin parameters are supported. -``` -$ docker daemon --authz-plugins=plugin1 --auth-plugins=plugin2,... -``` - -### Calling authorized command (allow) - -No impact on command output -``` -$ docker pull centos -... -f1b10cd84249: Pull complete -... -``` - -### Calling unauthorized command (deny) - -``` -$ docker pull centos -… -Authorization failed. Pull command for user 'john_doe' is denied by authorization plugin 'ACME' with message ‘[ACME] User 'john_doe' is not allowed to perform the pull command’ -``` - - - - +Message | string | Authorization message (will be returned to the client in case the access is denied) \ No newline at end of file diff --git a/docs/extend/images/authz_additional_info.png b/docs/extend/images/authz_additional_info.png new file mode 100644 index 0000000000000000000000000000000000000000..1a6a6d01d2048fcb975b7d2b025cdfabd4c4f5f3 GIT binary patch literal 45916 zcmd43bx@UE)He)x5RM?JfJle5lt_rQlp>N6($cM@(x9NyQUU^sbT>#NA)(SC4bm-w zNPg=w?&o>uo%!bb^P4&MJ;U}~wXeO`TEAH5*`3>RXU|Zc!N9;cs~|6?8mEj#}{hMznYINBu?&oe6G$A5M8Mr ztp2%?yOZk~NktGSO(E}t`um}Kj_Q>uvLRE#Vv_j#d5(dNzJ`Sk$N2q`=ttiPm#IZt z{P`34KQ{W{zd!!}_0JMA*zHq|{>*G_?Q1M*>9Dh#VM&LRcFg&rSx zqV8j@3jHsWhM6dpm8o)fUw9v_7<@n2sL#1iD7KdpOnpr=U%!@JyZC-ld^Fc=n`(Vf zM)_vzcntLu*&9zJ`cVqiE^F_shw^Vnd;OY=O}q7q&(Hq!q}M^-d*1oauSeN#GtfA# zk7;ij$t%$jUG;sZpjTY`IUxJC_u*EcN>L!KmzLE~zAaVT!R<_nr_a?GDsE&_@Fi0) zP6ZiKT(Jn3mgzU2sByQuS+|h%I9TZ5=Z4@6OjFa=YRMOo=jYgFK8Dl#&*oRJKRBG@ z_I8}AvEDoSIXO@!_2i5&pJ~T8x6MWzY6I`1vQ&e5FZPXG?Gj3b_pTduQ9oglMuoy& zCkj8zwnkoMpS!nhmFGdZ$xQRJ(B*-gYj@1vJ1tQaX2DAceSOW9(*3ISU{|5!cH?dv zt+%?PzS}hR?0d05y!T=k_|2RWuepBSI^6zp?fH3*`3A?ij%ezK^Ig0h-Pc%@lbn96 zj`T%{dwa>naB5Q#iXRr5w1rX=e8P0zWwDv48NsZ6LB_Q#pDb3(sGKAk`rdg(gp5-w zoc&h>qa4-vd*_GWI%B^?2tPE_xU{U2DtlIg`{84{qUgQ#VN{3O#X6@YRZ|m~C5;oz z&gl<<*Df2><)&uZ(j6Yn&FAaieo{^4_T0Wj_Aoi_AbG-jDJ?cpaXVJIGlomUYtLZ3 z(8xd4X{mSFTTob7doH8%1DPk$TFmvwE<2JshbOe6Zrwd;H_7GJ$Ev7d(LNOY{*f`% z`*=I~_U=>zZNAGodH(rc8>fqld3JaPHqKth<O{E%xZw@1v&Si_61$gmMUD=>Y9uD`AKSVZ);YO=~aOVtu2P{+n;3-nzPj= zq^!!r-LRq5JxbRW?`9|`52jQ4bsHROR#xT2suU(rD{t+Dw9#JN`J^&**M3L3o1ONk zTgD);yZhJ9VvqEIL@bVD@X41emc5x_p?8b#E6Dj`VXKRb5&m!w+Q%cmOmXgT&T7cZ zNWHl&&e>YFZ^qct{jSbU-k)lV* zTNPn%C^&YXL{>-d4t5*X^Y{~RrhF+$*>*De@*=JBezPuz6q>?|e%P3k1dY-sr|Py^FNW@{3|+gd_x@e} z!J}b1>N=H074qPY#Tp0x?nch=&9Fk3H65ID0(Di(d&jsWN6G;>XZP$z%RlkjjR`Rl z2ESk2{L!a;alv{ZdrqswEQGy8JxjIK{o!M+kd08K6j68qcEbTZ5%ouF_MvQQ=|Wb6 zxt59cJ#U}n$J5In&e=ansD5+-yLx2noWZ2qVUgodzFz3hN$<(b6*cASb9>)AxzE0_ ziw^U$cx$tX>V&N)a=aDhok?jyQ#tWYfs{G!OQP^><-vOO*^6h$FRu>QKCYN;4Y^2g zNK1cN3^p(y>!OFpj$HLFUMfR6wSn#Qi@bsIUVMLBJhk(|dIn>kJkO<;zhqI?Wc*4& zJhWzeT)+L3#)e|btZms-c6)1}?M~GB1E;#i2Nho@%;t|puZ_{+cV=axNydA|Y*z+y z78*j()BRa$trh76)FMKX-Gq*~q(>oWhX|JDhKbt8A$#>ly9x1pjRM=Jx;t>6o!2Fx z5;8pGf7565aesejr6Xyh{$v8P(U@SiElhC6`+Gaf{7nLHnyW<4B4bq#km9;|J0cNy}-r55^xow;zzj zB^tk6P=EYhjaTzm9BuqY?aw4NeIcI7;7>IWvyRQ6T#jTPRI$fAio%&1dy5V6QJO8T~s7rs(4oNw&7KK${cDNFc4aJ^?&w&$A} zyRzC(u>4)C=$OU%YA)UgN&aZl6f&wI>PDEp@kOIUS;FE6x^? z-S~TE@uMFv@6~x|6VQleex4pjn|8)%9PFvRce0GGcVzIP<|v9pD1^HXtjq1S1ybu8n#%bC+FPfSngyMl&03W^N?PvBi+_( z5*&97vHIivoQ^cO&)c5N(ogZfckzFrU^Z09wcc!@-GaCu@0uBURMexU-S{0-&HjyQ znqsTz_G8Pgs|z0^J_My62;2^MXq&M>p(Y1UV|1#mYa@@C+>{(TpmwMCq z*VVL^o*2&2thSTo{AB(%Yfp>US|?G3GddBmn40vpX~&~qbEGRlP`R-8G&d&9L4wXY zo=TDXwwWbtI-?AIzaUaK;g=cYSEh}ucNJZKPN24>hglm+{pZ@|Q)qMd6VK~9Y&Txh zxFdM9@ z&)XYnrlw-9@T%2^Jh$YqysOeWL}geGVU|=Hzw^FO8RDbcbMkHx822u;FTZf2CbH-i zGVAc*Z25%Qfl*F=#)y|*hC~HSRFUv-Ic_O|2z6cQEC2bl`Y4?$oP=%O4V(u^+{Lys z;2HC`w0C$WLo2ZTvz&H-n55=)nWX<|D|IH5*5HoYH9rlz;&`8a8YwXs+}%pQd&pRQ zAbPwv8_92ed#6>LN$BBxaK!BmNLw-+l)BqW1cYkTc9V5^6ZI)!MPccZ+oEC{LKW79oZM>U8E(-R)DA}A5 zIV7#!Y{DysP}?Z|9s(#k-jRgl<3)$#L-$&18|7p%+f|b`E02t3Nt!rp&N|7e(+?*d zS@J!$Dw;l(t=^$NDDKe}Zv5V!C|uIET04?<5Sh_DJx^&>h1L zIK8w?y%dESx5y$JrRU*tPJv>**U>kBLa{q)bVNdrhM~;VGxiEHj57X`bX_E?XaEb7 zrHgQm*88w0j=eV`Z`iN+((Oc6H?Hq3FUYaWy|!A&t-ikVI@)KyDf({b!7`rYaalX3Equj=e#2 zyz3Re>5s*p@5culoxvCQQO2n0c9vvy-EUjNCSmPwZ@jp_|6^%6dUe^alQ!6R(TBXG zanhva`S}hxspKJD2x4WU6xZWK-HX4AOVmNFs_xuP=!CCq6=6sw3z6|nFs-=$?#5)n z3xaksMm}7_zDh?ENnuEQC0A_kC$+UDFztMr8+V;Ne|^S?j3%yFssUFqS6^ zTLv&bd8wSDQPeSDcf`>B=s?lDqWnxib+rg=vg(@!U$m>fXf2t%DOMg`+8DH3TPqmP zntAd`Z&0bVZbBMM*{tT{t;fA4ujrZ}y=3cuOZ$>gq1EE6!69<5_R+waj!O*==1ts) z!J3Zw;UW_P&N;q?XP%rlTkv`c?Y(&8&+DEhq)B8qcqpuem3wO0uEjwPC_vi)r*fh42NZj=S&#j7%PinPJBl)_@ zTY1AlqP2Oeg&l1*Bq(kUr?ZcqVCsLqPoOoP`YPkyJBrxCbNb0`FP4dNAC&3V^RO?N zwdv~a8C#d-N%fG~Wg8}bZyg_#+o^u#B<1>(m*c15>#&u<4$oFA+7e@f%t~Ebd;W(8 zKQG^PnHDYogo}WRypKNR|HTv+B{qp?mqo3<}UUF>%+W3}v!+a0E z$^ZKHQn}wkCW7Hcl=MX^MWZhZ$=>-k{ktgy_O&}Pl)S$7vQN&OZ_e#E=-heL(}b=HqOsc@BV32x_V&wbFhQ`mPk z(E}?lLnGg1h1_>=^sY#CnFih1^?@EJAk=68m1rJlv9504ugKVTv9?!s*%wJhmCbUf z*4%5`c+lXD^&xOxgJnxq++b%9iqdGhhC<`^NapCmKFdNBxfhdwRXe?IUm8Lm{%u_bi0U2D8)xEB_HOGbkY`631^n91a87 z8ok*X92KA66`tuMj-!0&X{7yw)2#guL-S0kK~s$B8P;{3oo2j+!2$zrH*-7>olOS* zy&S{+(_(^?-Y3^vC=cmOpwG3 zQ3{p&Z33Z!>!3O7P!{k_2L4E6kJ%SS$X$XgRZlr15C_8>7F(Q@9Wu zL6VWDt@ih#gq0_iVr? zg7^pCZpg5WWZ(yS^2_&v(6b{$#&2KQSl{Q|aUPYzFEaW;kLJB&Cijm}GkgtG5kR^Sh!qLnC{QPZ2t{N-GUd=Eb)r^9}DN>495(<;>G?qAQ1$#TmS`Y z3FF^aMpAg&$FEt0KmGR$M5Yjz7xPRc(J51x|Cqf&I7Z97_1u30^p_+gNsLpvLjTc$ z4I-FlNLISy{QeElHN#tx!jBsH`=T+>S}gG1USClAyUsDt0deqVgM9g}{e5qAm@6n7 zHu<`fZ*Et8!H3A_dzTLp0 zXX!4rR2x{JdAwQ_KDV}>)B~GGkCkLYsn~!tMUxzU zID~`?)S3%Iz0%L7>-U<3~m&gnk-Nb>Afk*2&C{j z+PTZDD!#wSs9kCifmD7m-|yci*_6RBuz+1$P)Fo>{A=OCw~xfBC+>=~D;})t7l5`* z9(p`EWZ=yuXg3xPsb1uj$?-|!lhF$MPADYjXixS6_g6xXYYNGFy{GlT+s(Xa^FYHlhMcRn}pjL;ztUac{38b`5xJzDXF`2!QRwD2UHjU!02xKa=l!|beOYEu z;l(P8AE_%%-bxl5pA}aIj`ZD~H&T8^o=^8K`KS~(`r~xMZvEB~&9R(LIVoVa#&E+B zYX8V-AWmG{w5TevdW&vSNzX3oh;G`6^R08&FJM4T2==C%0EKXbOXxBE?NQonauV^O$xeayQs;++Y`Fi{4g(R_qA@UzcjR*bqcc_)IUZh+>ROBY*q zy=N~QF`*xWk5`HH&}Ga1%!sKIT3d&y2FwaV8|7m%irNpJn3lwcRpy4MG}n!Z?2QJw zq|i&y7iLz4uNk zKYMLPiqX9%K#+Fie=W0Kv6y*OU}hlL&9oY7i+biY^@00?t`8|=^9`sIYHsl7Pq$)7 zV$%C39OH4He-b=(V27l|5_2yK4>Q%hlsT9CZ8Wu(6LCXhyTEffbo{e+HbiZ;c6Kn!ckPb`v6 z?b0hD$G1>JOY{5)5mT-A@)UO4Oo@LaWAI^9$U}GYta_kyAb|qRxas$A?W)=8Y)hjR z1wejDrYj{}0tTsm>Zu*U@ehTE9_u)A7^#f7)Yn|pbwyW+d0L1pHW!jGRjMD%Df;qr zc`S6_-Qqdf9ksts_QI0+)?MTG*nXPcD&ON8K0O()cFifd@q*0x;lNk6A9{!O9*0|P zR#6vsTGiPT9rZTK)*qM|xXLm6eip{UXP|h8tM@TkT>Pmh6@-JrsHM~}vFu*G+D95` z)}!TlB4S>Ll_Klo)fFOM5CC3(*DEr9A~Kn!#xm;x#P2{=M$)4Wp}^P37J9t_kK^bC z1oHA2;OLNtZ@!`hM(>QwDT^`6g*xHWhz=)bdbI${9XuoIb?8>G_4vo)o0+_ORjMu4 zW0ggWKp1WT0uW9EO19{^x!vrY9}x(%KQ~%vB;5wwc`#qH_p!UP7jOivRr8+`avmal zk0Ze~&}CE>Xdf-o&(=hXSu&k5X6aue4`35}`Sin}ZiSujne*)5J||*1!Y8am(GCtP6p(s z>}^8PO&_r}huXW=1oJ0KGA^zs0(@v=7OEo_+=p@f(+$#3IQw$2?cv!axE;8SY$?PH876@*NJN5K7F;DadLuIT-8jTRVqJ85cKL~!M6tEJy z5Zpt8y7h_<^;M3C-IxFoBSf0r@ds8MfI-UC3y!BV)bfDUw>-+2Zqqdl!CQmz`b9xI zbv4wy_3BGA%IQ&{zchyp&z)s7#NE_DD$8Y#M?aXT$PAvtrG!11!xxR^i>5q1;?2*`qS_B0Z52 ziQ?2&-N??XQ<$1=frpO0toOhw2XbWg?8Al6?Xc|LH8V}z^-G(@rC655)u8n)z{E-{ z_=L%D5tGB0Xet5Ygyq&+C7#1i_ zE%Z190HY^tiuWess_j>GgE*q4&FK$M;~HWw4;@cO^?29cdR2dC`h`KA$1l_g3sGy_ zXZ)*%a~F>by1W=flsQ$qPw@5=GxDtUhKH_4Jg?s_CuVZU^`nEF8fKVRo8e>6O`+77 zSY3cIiGkYlsR1UNCRKVQ!9T;BN;$N2zH}^%0JHYn-N~-0jIG|A+*z)Ji*qBJ^u2^0 z<1xOw#L90+hH#T<8n;T%NFB&F(za3!vwXVJR6?jy?eXhDwD6(O7}x68u?(Y1*U6=Mo+~~*b7w_W|O1lEpwC6ek*li+0V@pI!Vptc6@7?XQcw8#f8bmLBA8oi# z#+bc#l`z9($cOu;gKDcf9hD&Qj~|INj(wK*u+zk7pL0!wUYJi+SkIA+K7TWikoNLM&35Q_vNnge)(uKj8>bq?aR)yioT0#K z5!A$`zV)fHZv1?X$z~qz@oBBMmduOZsvMRSf}$uM@sOn}xjYgVO*&2)qr9Xj%mi_Q zW9S#{Ur(c#$ z&R4JnkB^TIIzeze^m-OvC3^kJ#?q*d@a3N$q%jy!f(yJRt*pss4p%Y!Tx4Yo_;5Jc zJX#Y(F8=cZ%thbrXRE~*O!RENS3VKg-D;oO5Q_?ZI?wZX*Jg*({)hKngL4l>*8`I< z5i2V7=&Nk7qR9^hDO_2fwRYbK?a6X8AH?0mWa@6GZNBN>Whzo%vz;8*=nP&8}XQ$w6!Siw;ZP<`+ z*gE&&ty{?yC}tZu`mN3$qm7%FYI+21hEwdWQk1ue<41`n_GA5;$Eqfp;;c6NM7bk& z#w$mlFwg^s(EfUTSOj*k&9p9gVhX*)rcZ+vJL<x!Un#tu4m5t{jkG=h0UOt6(V=zo0CZPzLcJa8`e2Qjb(rs8m#xUU2q|WAJ z60PO=_BY*n%y?v+nO@{LsoX>iZiSMK6&5{GXV9UNQ?DBP`ifhyr5f+I)3We%3n)92{igaPb0467W&o`dy%5KLz}{`G!>m+ zpm!o}8jvf!p07LhuKr;CS|gu9|0z!r-CP%+J8XCJ6Rk;T0$*XE(0=--SF(hTT=Z*l z@jY?Xyol)Bo?v)=$GZ8RS0m^kCTY3b9sBW@ZZCGCp?&YhKC%Lt}pFRpOwu z-51QdCIu`gGhWSVqpvrWm6z@n`jMo{QW%|SAw0kA;XhJ*f|BMIwX_wGB1vNByZaj# z`pOeEuoCIFW7HEr^hqX{`tbDZr;I9PtlKD?Iq8}E7YP4=U*qQ(6UEPm_zZh6C&K(9 zNcN%((-@nBex1$d)!?PPNDMHTxUowL`7+%x+K^J_feg?m>RIsRexA|=4%<)dMPFaOdV_kiwr_QLEw^IynLR}Rp++2x?;(Z6%z!8sj! zf^$)S5qtAhK;y%9;yTKIc>qUAIOpZ~i0Hq7-FFxP;KM)?VI9t&wg{N(Gk-(8kY<6a3h)*2o6iSf3DLCE9s=5EDa3?tW2WD7!bMGnA_!VHxc@M(F zqCcaqZ4rhl*PPyEJ}9-R`B`SDP*QOEX801Ll8+cu#HG*Q|06n7iGenH62S7`00T19 zz0KM*{}CPRFp*i|oB!r9T;d&KNQxKg{EzvNzX8XbCrSE``3SlKb1hG5?*1Rqkp)xv zPO6FYzkvv3vMpyg!~P>W&ciY4@^1gbeDuO>Gbkm_{l|Q~V~~)HJcCvq4rxfc8T$>; zl?(ri-9J1?KsYQJT%-LC07UnS0RyV{Y;rV%xOZnkx6F!JK|#Sz94f9<}b z_L_fA)Q)`l(iCdEtd7tpq;2DMI~Wpi#0gGdy-iH=_mZ z_1QFY^KqR+;*b+bq zK*rMPw_j(^0KF;yVBs^@TxV=7zygY`p*&p{jcoM@QTOlizy8q{<8Gs!Euh*q z48W${3r`u-E-^#PYKvmuA~t$=AHYr|z4Yk|eD{OiDJSb^Yv!?o6D!)XFTEY8pm*R< z@;fBv5m5zNN?Dt70sI?tyvoC_-@hpcoB<$DgWxTRcQTAltHUa+if<*8OyNZ`iTFA_ zBcSWu;Z}VY1aw+Y)-cduBGiF1hTvPWT0W)5`f)OWsAujxxBk5~8d0}9q14wdIW!GS z@2-tnEuZdV0fae_F;I@!UE1bP-D;zA>nzc)eZ=Rweox@}_Wnu%hwkK~6)q5fUkK*} zt#TXG-P0+xpx2SO@$L?p)bD^rM@9dv?>2^aaItCUnPxw6V-y9QJ`tS|yGAw>u(5(- zaUG59)VV)?{j5J(lR4WbglpM*m~jpKJAIY;)T*^}Xcqn9_{hk&>AoPgaDu^!KW5*m zI{4OyniA7aGG;{~RT8uAuHPZ}7VNxRJe3EuSQPXPR*7iROSsM0C>#&P)-c+FL%Gk1 z!l|>`nVaOBx&{PNnqi}#D)_Fl4C?C; ztun94*Sif?adZjWp(@x+vQ(vHU_x*3=mltqSr6u_j*uktt zOe&1#`aAEFV?MC6I8!|nKgS%A(#3~FyD4u}B-NwH6Yqr?JNy1jl?T8dT@Ze7e{A3r z!TF|aD$a!gZr2ijCEu@8BG&^{D23Lnl1X;cB-;7(-k}Q%WFY|J#bC(E`!Rp~;i%-p z$m}>?lS_pT_X&YeH=N09@%%bE?gm=(BJbY-l_b%`d2qB|y@ARRq>xfhfhq_~ZpdvO zPo>y#R(8iL$}Qh~@iETB->d!vmnoP|A@=g?M`z!AYf-#FsggSEa4S&zoBxT_Sj^!( zeyGWrt;cNmOj98~89jt+W6xtN_3AuEbjfP|2n$3QnET-Jbt+w+yV8XEzTADo=e?th9G2+s|^GX1gdW8$?xColpkpTwm(f*a%J-OeaB#)8`2 zcuw8&TM$0XD2hPz7GQ8(`zkPd4`jdlz`6CND_s=!+%I)n?pHAToM?G3`KoPv6uX8Z z#Dq(bI${yx)VkVrBL-L(1>jxNJbr!WGik+lreWl$dN3E+lPY%;?jy~j=dG*=I4_vK zR@ieRu297n#IM01+YYo()MY&#voA@u!$n|mj5Ywbs`@d|iNyUM?j{*{?nL+J>E3-X z-^B)Q%a_kcS)PBGCbD;-eDWah&-!72iDmE;E`D+g*hx^q8C}PnV-f!%B9E&sUS@7S;{MS#8`;%pi)&EidcuO z50||#Qs-H{I##7tw>N_)Nu_K`_o?dP!aE4?y>Fy(%IXapv6hAkk`FgO5GsmF_(*)C zn}FE_nd1hSeO3j&K$2v;mh3izHYJ>4B;=|T9m!hx%=KqY+=o>z^Yme}Vx#{fNJUmr zr=HCC9s~2584(~6LcwbsV5t5UOg&cbrV%&Hgqg_wk3~KYtAhko@H*SBf@~z;KR3^A_D=xy^`i zf5PwOWXOWGw0a-k7M+A4D>oIO1J-Ls{#!2$OQ)gozWVuIa#vXTu1F(W7Iq9;E6Tj{T*mWVjC-@Ufm{ET$D(Xvh}Pe;HR_u@3Ue?$nlCO_8x zoXA;T>f8lSUG~zYhe>f>O&^~TXs)e-)D%o5tjbbxM7D-CT@Ju=>1$ce73;xUz;C6< zB(H^J_`dNj? zagBGIsSGoO^M2`wu1n+laRu}P`Ng!!xI9_!Evgyq%z#M}WCZmc@0eSD`s|w!%V2~c z#UY}R+B0OwCVUIEkpjT>=!eU|9Q0rLeE4fSIxO%r9wS|xj&J1_86@X7bW;v)YhoH0FX%P(u4lmK+rdp-Qj<-a&HTXY-CI1*IiJb(GiT(Q@0Dz$3bS zDgkCATZ}^3@Aam+`@(D2cfh@htp&H?I*>i3{RAZ?7dJXgjwY8Ba*8LCQ!=>x%2ABC zo1{RcFgI9H1OYk5j1nm;V=3MZSBS9+a{J(SQn61aQ zg0iXMJ`SOx(5I$ycnPW@&k;vl(xYWIjnkSFh;C)okE*+*wd6m=rW_nVr;N*e>l31y zeII-HB`a(sUFK_>6=QI`l%s#R1Jv_h2?PJn<1eZ`QPk3?lda#$BGmgujqKkuxW$ye(fBSx*=xX6z56JGRdS-_>u%$UcO`uDDKaGXbD6|u`+zE?@- zW=ZDd5b^t7SEXRx|30r8%2*>9338xE(IMRiPzki0dq@dsnP?Ioa;Dl-yPAin!Fs4D z{!$E;mJz?#N+z(a(2*d#bIRXH;sYm=`{)d@5{uCk)TEc#F}>48KtH$f$H}n-e?9{e zIqM@66BBJNj#}U%lWGAE6_2W5nqu*V?cMo(uCq2YoT_4^mPzh{M^o!bnXb zd?Zt3o{=EI7|azf97F%+szyMH=ulcU7FNt#-glyyEM`l-!h9LgLkc6y?YcsY3xiS| zC801Ffz%dky__tU(RZSnO-qVZVNit*2C)}8`Rd@C&37LcUxmRQc;CyzebLWQJY$D|gyL%KwmnJlavmQJWt)S{{JSfBxf3%W?2W2;#*qM1bDh5|OQP(<7)s4LijB-R8w**>n9vlgxW zXt@#qRVt(=c=zE0mESwS$w;!IW;QD~|B@7PLD!NMFcO?XW&<*tA#R{n7D)=dIR zr9dRuqi_EDK4;n*d_nfmd1X)mJkU(gs?nRP&A-(B#vkdE2`7|wy%S16anvY)idws@ z45pC(FJM<$*Z!&-M_YpD`kotm@`3_g4{#bxj|dHqOrA;rZXJj^ldkc@93*6;GFmJn zplGs1anY`rsYD=9#2y{|#FLQ$H{QS^zK0;srz^nt3(P%)CJCh137=X-9rhRtQjY=S zP}$kLGzP5q^?9_fzbKv7?L;B^ftH0TOXtV#=; zi4hsTIfGa*G&H*cQ8ow!Ci^78DBmE68B8`cTK~&`De6ujz)L(?txaD-bjND}>lnkR z7PW?R#IlOzcH`^-fx+APR31vOG^>H^-U@qzS5Pe?t_gPaOuCP>n1l-=&dY8cy+ZX? z1MFe$O?600SBV2V>&G}=6VwcSe$4$bKv{KV!8L*QJZeZ z%-b&}q$E);+Q5o!2pR;aKW??0yuZj2~{ z=k@2e%={}J)Qq_P`fjRGGe29vb=)fbnoaRAt;NlSrGf2Ybp_EHqb~(R_uCtIWt8Sk z0cb2o%tp-Q$gSBnj*|%R8f5kaLt<}-h-(UkY_N0c;z=JWwU2bAehQBihcqKlxN{ngWfFr)Q-rM^E)Dt4D z*L0`8Enjvk`MoM0-n}jKStTmKpM5*{iZ4@O5>tp%J2B_~M$)L8rYc+VKAvo)dCxV3 zwLa$t18N5>-8t~sDthv^ey&V7-Sjbhm(9o^r08^7RTD9Z3l<5TZvZ`p zcuc-tb*rtXuqsJ~QUcNWR62zqGc#rg#}XLa?jO`uMRB+kH}xrCAuuBgpC_&t0FqE-LNHq7`@2h~{*UApL6>4cO8cx>>ohtb0jiuz zG`}~J=5SB>Mn#>Qwuj)arQbMl6HI>&;ioHZjVQFregR^c~IHvSq#vE zggAfb<7|u>xa8!)LubMC`q=?HZE4UqkZs7zOvz=p73Hb8% zAM_^mg`NRL#M&??L&SWJDd`c`mwya>6j~yRQ>Rp3n|R}GfFD!G>yVbe|KuZxwMnah zQjwCJ$s^yS{F^w3eIyuyNY0R4bh;A%FD=&LHdnJw7aJH{_Zj+oO}aBE!~la-(GXRx zMeCQ_XlsMb0_h~7 z{tUWf0C)oh=u|$W!ItC-lGwnbfY%&K@UZ|oa;(~||0dsM60c`&-6@i)l@3PjV7-EL zcgJOQczQej^IiM#k>#vg@3g^127L`Tz^cOt{K89UmHG$)U*k2e4(hZBQkv*}D9RA6 z9Z3COtaDeQu$uYBpSouvEA5Rn!;zyEUS&tpz57eZI zPT!2-R3Y34kE1-|Dgw7$wvGMJ7%|W28DdP`@o4w|mA?(Gp*D#=yZ-%3GF~YSlBJDT z{$}a;lHe6jxMe$i&EKv~shcS<(~(@dS9c%}%c9Lb#WRDqn(xeVUq%=u+eoEjD&oLI zhk(nc^Dm^ovn778%HL?w`GUKSwes}VA5x$g(r}}7Zy^4KxA_`>83lMcH7^b~e>T}$ zAS^IKBa2EZIV;t!+j}#Lh2m7(8zV^_&AKWakkK=*VaduZ_h-#Usx5zzScwqHXcm%| zjHFoW()mrn$>SP!V5>1*b6r>WVx&lG==T#o2YfZP6csQ?9UcnQv?5OO;RI^p^LGI9 zw?}itA`AhLC+WM6!Cydv1SNt|wLt&+t81?Lxq8)_A)$uZ3*dlK9dWBRyWCb&V7sGv zDP8$F8JE@VOQs!Bjv`lS4Mk2j>L&RPTU}6Wi(o*ac#6BnxCsfSwSHJ`p8)w zd-HS!1;!s7?K_($R9j=8Imbh8x@xUUFC-d`P%9bnZyT@NhD^w;6o2ATQ18B-9{*md z^(*}VaK!k#>V(7DYkc@hKGcANBp6GcBb$%tEEa(B=-S6W*%vfL3wg6$E_43+=LPuw z`Pv393gvMXOqkqID#burXT!O>=Xbw7@&-Z($QmF<9{IpP@xyCClyd_ar+GW=Be~~OhouiP^F^on0jxExMvFhDxz-q{zM2Su~` z>ZVwv3>s|Ty}h|CzXNj|hO87%nP1?QfDf=3FN0Ajao>>g^bnZYGd&cNJiaUZn(`;? zzk;t>oNG|856$Up*mz`7V0Xgxvas9RobIi9Xg;U@+yoah(Vvucw^nak!`a@{xP^$y z%!osCx4}FeRxkU_pf}LTnK>Z6`3$J15Z)(qT*?OJGi}@ZKR39c>fJVdGQAhdOS`3rtJ>BA(}xI zyEC{7rH@ED|9Ra>cmVuRuvSX{!(~KVSocgxxxRD8A`1n`XHbuy(3c|ie4V7Oe>AT= z9R>ttObHW`{}5g`f&;mf=l|L2nScO46N!<+i~gHq!X+#q23aOLSRTAO7Vdn4zY~Wg*0a5mpSi-3{XSCPu_;?2F znVA(4zV;}#mumY!W8Hl4pg32*Rzzc@$l)#M-AF1gNC(UI5VB?q92uOqAo@H%0eQ)j zOc=x*$$G@12pTybfaRr`HSda3Ndljx`}7lX(bj2fk|2aX+UkwWmAggS@B!eK z@$ySZ4vqfuw0|YvXu&oJV2MZzAyl_Wt{zkg&hw(!T_4wlT|^JFsj&r{mI;XM7{Cok zhgt9*D4Q=q>yrmQ{vB*fgzdg?%_a9yrty88xkaBI+I!LxBkSLtgsAu|y6M=!_Vw*c zvH_^Ftk55R#}bHLM&OTQz%$Ioo4zezk92TAH5&tbb~|9vbE$$8Zqgv0b0Q%F8UWNL zJb&tC>6B%|4`4{>dmlM7{<>@6$qYC=8fN{BkW!+MieZ?>CE2G8SeOHKo{xV)Op3Zr zfqCKjqf)Sot3e)M2MkOelqr6+r2M_W`{*VT6@h@)&~_`vA*W{@g5DXVrM60F{iVbh zu{^n}fbkP~x(*cRRPSVky37o9-hg#VB%pWgc{VmqOE253&@h$XIfV>JYW!RIeTitr#kVOPt7@NDSJBy(4G!U+5E`I@^ zKo&7JE}3Wz4gpoB7?BvHdQx28AcCL^u0}9r>;|4^`zWD%RRzle{z=h6!e$K++x4!E zx&u4+{iTe7(la)XK)W!7xXA9cJ^u+1KWFy%p(&QiJlDNS2T7$io5?!8XVH&0YVRtI z8^vcCw>($ml(M0MWXt=&{0sjVQAQ9iqQRxf?ieJ5&qP#!1iAvQ&PO+%U^L^_EmfcX zAHYDW+=Z?cqb+Ysz9@|0?724r9Iq)y=$@FF@7s!$!YJ}Tn!5^@n z(v17PaZ&!Yh_k4vWuifuRdk!E(Ik-61O6_cbATOz!k1!;#qiwBsC|7j4vkv_n+VMm zt`6%oMXF#Sbt*j$A&vT53_lD8^iB;tdH)Zz(9#qkDfQ4OnQ4m0<`X6OT@$7A)WF zHWj~43U~sIbE3InP;SU_IK}^wByJ@eer=@ch+;DlbNbr$1LyzX2;y%0=5692lDV4x zI)NdJ&8fQ&8`Mdq;;)?i%74;BOYK0w$O>qCo)?G8l-bG`@67kYiQE+*v1hIdI{=y))L;HhedUl>9VKZ zC7TjT#VA&KXn=Q6e9FdA;?`&SxMY&epN`Jzp+G3E!xR7IB7;geql~uGNaCAtYFQ3PrL)jUeV`^xfSLZOE zviBWe#3dp|T;?1ag&jBqMOxIe9Kb9X&!PV>UEa^trSfzXnwCl^NarjCTD#gM??K!X z+(+QTpQ~C(QllNJso`}Dxwu#)zMGOn6bSp{3!>W>3x-+?TlKU0wjDrTn5~S-)nUSo zJBSqIjl?+7^h>MN!b}Ca0ew8rH)VsDq3tmvJXYx_z5agXvOpR3!d-9ws)GH5r(5!L z@yK>l+ULAxhIS)m>>?JM#)>g{&S@@JxlRb_ox0 zgB5;m`m^#=)^XY7{3FKgmnRGlyib05^O}@sNN+8>?X5MmJ@G}&yvDdY()<{&#EYJ# z5Twau_hk)AF~(LmRBj#8tdgq#0<0l7#-BP+`e?{$o|^C)EiqTlX{Sg=y+y1;R*TvW zxg9)vR~dTM_e1_~-+*j{>&t_ig{fqUqeub)IYJ);da zgx`7uz!V!zP4+R=rghCZ=IQjVL%^#f&!9|TD7(5ssfu-unZBjH3u+LOL>TmQ#n2QN zg2Bcu6Dy>sKJRXhg-YZ)uMYF7YM2WDsnJf5rp(m*LW>>-sKJA4 zcE4H|+l=rDyR60;jYHAVFZc^G;)R7D^3uQ#e*;X}3+*MZgde6mdP2TJ`ecyq3a5<; zJ+R+c-g^vPmUDoH5YGDIg2x)C-g|ZM&agrAR0RBV1_;S|s9i&u(`^W#9zuQ)NqqvO z$26$jA_c591^8wyzsbhZq6wgUiiOm5AsHx5dE^%Y)+#1rAOu;fRsJdDgNS^ch}i>M z_9P7fghCdgty;;i{uUue69L^i24HZT=4Woc2|odF9}ED!nJSFTMB$6jD-;DkkfM)p zI!I~p1dqJqrLtJocYle-%ri1AkkGSaPuHAB_4ro)Kh(W>IMjdpH_SAav5rwuqQTgg z$WmFyzGlr96{2s6P?jOvNTTdZDN9*eM4}``HKG*SktoKRJ(N_BV1fEka{0G!w;_A6|>^ePesiA=o}cnETh1WUiM zx!6w!fTSf7W}~v;&9meRze8{p*%`4pEM@bS{qHJ4AEwqqZC|MAy>r+JNzCX}f@w@n z!$DRZJS&QUu~*+5F+)XafL?HR&j;QgJ!-Sc^j`)q*3sDkBMBXjwbDco3vTm#d|+We zB0iukk$?i~Fsr1En%#B0u?GQ1G2Zw--}D&mAa|1~9JF45ELV)wYCo;E0$InWy|)L= zk~|xvaKD*ju}d)hyPMb_0-~6VK~7e)!Tr0Kc$*0l=7Q@zu=^WgS>_laK5d#jry3)2 zd~~6|eR>bN%9b0hca!!{(hD^}h!*zkjS0&;-CoRz}@JR($N#)Kly=wmjvo%PU`xNflI%Y#~nejihwyS zFzMIaN_`6VB1xTjWtx`wLVEH}vt0*x=1g^d4)HgzQ&yHE(%( ziKV>;A5+8W^+`|NhZ^l;A_Z+f)Q87n2)9pwM=#E5H5*!SOAk$Dok? z%IfQZX75_5XjZ=rt)D+?J!<8_SK*q-kyJj}`=H035G?Yt27KZwC`Q}sCx=Nh_TtHltiqKwBYOO>XOi(dbehjQ< zmxD1JkLVd&f6PX_KQ`iLN0V!$%VtzV*jZpOx3TdOAhzqu3d_2Irk? z*gBnOH|XW|zmEcVeUF48V3m1zUFn?B$n1G3s%0j#F@!myhbU7Kae?sh&V zN@)hrz%-PRw$B&Bi!7X6s|U*lzVK;f7Q zykO|LXR1bQ6>q2UKeS3_oY03D~KH z$S01x^$@&r?XB9u*JQXK5N?$XO8L@KQJA=c$dwR(sej$+rs5hlo?YI6&DX4u{5szaIM9C9O0fJ7o2I{SN)pOqP?SqwKSJe9VOy$Qw}Ko)UDXGRpk zH^7=(fZx_@?FVR>)a;NFxYW6-h_Dg$ThN+VBT2_VG<0#XZ_Wzri?9vg9ze-wJ|$k@ zwnI{PHCgIm_-C`BIc$MD8tV-JkzH~Qe8eW`h{21o_f~9pdOn00L+3wXn-5x}=MY<$ zElsT*e^Y#_#NwP4BKT00i;Tm;5R~V)Fp%^6=;VFg^@1BFV7i7%CZUSY;Y9CaHEN=J zhoyDL)SwcY!HTG$;UPd5)UqnZ_uJt zB7ghNDF(mMqtmn&o4JG7XUL29J*dK7irR*sobzA$bl+4}F2miWj_&N+tW{@rKwIGO zju>#{$=yRq*XzH&)HElfK_W33K$li%y0APIGb~76MN3~>jDoLh#!^JIuQLSph&MP3 zIDBaYpFr`Zoa+q_?;c*>N`2J&N_Ryb5GJG^eAc(J96G$O=-vK}9K2q_5yBIc+3J(2 z_$8{6`N@#|jH9v+^iEY47F}&TNpbW-HL#&dY!ZoH3JjaR_qmv3G!_o&yZT9Gb?rsn-b4g3f zwIC76q*z5TXUf$y2!|BPbqx;`T2JhvNW>8-4 zDfzRT8=nUQD+FdCQt(1B4%OvZ-9*2`-o_Nn@ssa=w*s}@k>C9_buYCof zLGaKsXCwgotj1P@RX{m9zRUY7!!Ni1LePOT_?wyJO@tf(DK_auI70%> znE1j;&&Ybe9`)JaJ>uuJkJqFh0W`)uts0P*l+C&o#Q_YZOcYXCaPo_%lOy>4m!iUr z|8GTwvJV^k(;y%cDZM44mzUnc!1)0np8FvX#R5%JSv>@^A;KGg$m3q4uM1;U+5gi3 zQF#d5U*j9!dVD(wvTM8B2X@NruD-Sky_8lQm*ovB(wUyz#WII{E2iuvoMwt`z%$Yu zu`qATLyHi63&-0FV})iu=P+~JGX}e11uDmn2O_^ux*#*gWZ$EGFbv2?|9W?^1k$vD zf!YYT;l81&W)XWa68JJuhbMt0im@UB13ClypL_2eHNstdk-M!GhCe6-={FH(*U8UJ;;`_7D*ij*2H#r?Bz=+MfYy} zL$W#o(ag!dMn&@A*h(jY&BxT{zy=cD0|T+z4&oew4zD*agvM!9`}gftdK}9eVQMoC zE;($md;tbH3Ol56_z#X^%YXDNyY`|8L~+zgrh_3rVZFFU9}0e&(x-nL@34SW?n_NZ zke-VaLP4Umfz8#c>R^o9gBt+^kPhCv^oFLbH{ej^LsMd_inkyC#xd-lpmh$zlT z%We6=5F##DuT%Z21=w@{+O>ddPp-xD;02%`#wX+ejW+hq=gc4gh#NlRolc?Q3Is>( z?WtGi>OYizP3&ARt{NZ~&x>D!YeHICXMeqJYm6<4X>%&{gS&4r4X`llY=SSJu)T3S z0F0SbY3d1uxt(Tae3q}s@{C3#pQw1{6lzaF?Ok5A(;uf5;SDs^FR}HV;5alXRh2Hiawp^cAWt zwZbbfq1Hh!X1z?#{LR?uRw z(K;l&Wy{;occlBj?JRkIyWWOidUW*8(ZaTl17U!cnbY^^LJDH8i}5kfWTr*CZ?0Ue zp`wPB_gP<7CvN=Ke(v6~px)b}xX2F6_{AzR6r-xw=6`&@OT*;zEVcsWS?R550==R~n zP;d;H;aVI+X2=aP!(aIdzc$@P6bsbqMF>Qc&})!G z0%(E*!@|NyXByp0k`I+`54t=?yuva7W#Hct1=`yOQIk%{9^6)RFt_6 z!HR!hVt@e=)Uve~o^lHooOVG{h&FX$ZjdgRdSUwU;=Oxo&OR&WzcG!v2w)4Xeq%yO z6EESsczeJF&7khbFbm9-D8jjh1U~U0xJ2Go?KimxlaJwXITka+z}tUQ4=cC))fZ+{ z)7OK(@cWcN_1`>0F)OAbFNhbu{?YU_fg>Yfn;Pd|#r<)9kTn`K8R1wGA1q>TtZF@| z*YF9|(uKrCbCugRe+n+4QkM$9t+;q6I{MN{^xEJLo(}`Z5!zFMR$1h?$iWPORMXRs zR-!)KIehNj9UEc5gin*cGI|~8qXeaFpiORAJP6=S{&h+1@Na2Am8*69w8;mF#yYc+ zztR?Et4nZ9#im}xTj}XYIlT=~;dJtoF@0=w_9sIqwuw+1K7So$OoxA;ltE0lsZY+oU5pOHp-`N} z_q{*-lx3Pi!k4v4n`)`cY=Q9*{?rm^{&_HR8SgzlrRGxOdwvtjJZo9y6wKX%Mqlee zLGyL{5yXut0rYhaC;-#{!e!*#6fH*CJmZ}=il=&VS}#L<=I-{|$B#609@ zLNN4a9Tk;*ZjR;7qU&UL*;v8|f4LTP6B9f=cE_l(B(+1g714E2xt-aK0yR_yaO|@t zB4G^P>L6b{2T>YDaovmfd5ey@d+43yoxUC&6J{~s)FFaK zL@@r;iJdu0dfrb?ZpI9PiZ#|l(z>P)brCr1#I2l7 zAc+leJ$*;4J2JU4OqKH!SI58Cyt*S?PB$d}jN5$#C~AZfoqTvhX_b{;#>Olc z#@uhn#QZTIT_2x}ig(mrgEq3a{}5U*kS$OMa1KFOSOFGb$DW5JMGa4Y@q2r{ z7fLnE{|+VaMiJg_!dHpo{T}ZW<8Lx1&a2eU0usnJV2*Z0_I^Lq)7Cd#dx_`U zkkh%@=m?8Z!@0{UD#p(Q(d>(KDW7oz+tcuOsr`J%Gy(_WUPX>9Ime%B-1GR!yE_qF z=Z0S7zTXqltlq_K%@esd31Q~82y28B(SCLFOfq)mIFVrpl5AZrlxD#g(%3WeYqRUe9Acs4r^IvB>3n! zFm&?V8Ur=w_}aPZR~_os6A4cmY}VJCxI?%)L`e%-|2**^KbF)L=c0qoT)6Tnf=Y&i z7w8*kTzqae{lT<+ZOk5JPS(9lZb|4ZDDW$Dul#%!jq*_gx=(IZicpUH6%-r@FZK>_ z$R?3_Tkn@^&9~dzf%I2x2uWXt&y%&-VvRC0@Lp#M3z0q6WefXq(9T}pMjNilWk`g| zme%*>rg#dnHtM0pPH^g&1NNAePigoB8KBsz?Kv`W^Puf3^UL`V=k34f=J&NabKmDzs*#<+-litkb{DXlBTSc~dnKFTKB!ome_B`dmkr(PxpWU9! zoZwc(nN8bp@#-be?AP$&58>=<_!eX7?)fm*l-Ii;Eo|@5H{rHpaUuk%cDL2i%zPY= zRug5LVBe+kE!Bac9VN%kQBKB^gQR7>^H)ng8B-_`!}h?#xf}|T&j?8r>95 zRsT~L(_&sA1b7MS{`IeCU=yO24Ys^qH7pV;cOXFfB9kxUONC#HLq5TPQI_sMjR^pZ zU^?;q${+J$RVPXfAkx^1PyT%lc76=S3CE9%V<4cbubbTflfJy`t&*WtrX_Z}*Z$ZB zqt)hzNPUegk=&u3ep#L7=AXf&-GqzhrWrLi4Oq;b}cGGQ=tM3p+I9W4=By7t2Bh3E&(ZWtM;_Ur<2F|!4p@5wDP@_ zL2eXbnWq)D)yx={NVyCQ4oZM7!44J)AqGP*UKA<`q?=y3wzaYV#%L5;THFRcyJv8l z2~W78GOY+-^Tc;y1zvj$%b;HKN<4P37)S{8_f)hf)E0Ava z31V$wiy9eVh;oi82pK|CAYNra0YC$5^K*&{&mdT0cPRuD&c)JH-ok<+mj~f@=0Ie1 z#~c=UDMH7U4JGwC46Y^68lbkx|H-k<@X;Ewqo+5uk3>9C#8? zllw56l=p;IYbCKCR0i4qywWY%dCLZy7AQwUty>=L8eqm?E+Tx2g7-g5rU7}?B!gCS zNdVa4<7fr?O>a;c`gB@>w6_GvZSy?Xo0AvYl(-T2=$KXkYaaNK|*^BU(S9bU|n@jA6^s(L_hAfocV=Hx((Q!D8VSx}&on zr>Dh!pw;~v8wMhbbjD9uZWno%*uOy!xZ1O)W%P6;;qrVYiWlCo)5F4)7>u(?T1x!^ zm+s7?b>}3wZj8p2)|sNr;UaziQ_s46 zHxHFd^L#n#Ax5U-8y*)e?dSf9MCXNHk3Oip1(#q7>LM>768377G#q1Tro>%X zlnVuFD;|e==xLTDX`(`p(r20K_-So?T3K?El250lyQ0wf#4ZSDUreEwUWgb20w!n% zZ|{L~3LgX?p`J+_hgdeS%O&6CdmxGi&jAk>UV5n^9uE&T1xW~j0{>6U`!tiIejyAoTVde9!uQY}G^z7|spJQnzq$mx!X9-EOH|D}x;j=VpGMu1GdOyaN|=$@)W` z`#C|Q1~=FpBi9e6j2B0O7e{{UA6-FKKDgB$qM$gnZvgs09(x?AYQD*lAEeM8V8 zAsM_2fbry#rsn2W$gOCsYd)BNg6S8mS9y4J^tC9uMfYn8{E^m`o6u@vNzkv`fs+); z$sr@j06gFdU~bAl$>ML$ATkR4lJ5n4W~Xx??XyUzrFa&8oii|9F^6vxTl8`<6Nqp(BF} zS{69y{Pi)2ZP3Zn;%WoVH;LMBQU1ZC4#()8;l%u#A<)`c27w^z%p=k8Fd?Ig zGEPa`(9IU2u)F%T(Y@cxkXz+Ni(x+UB?TPSKhrp z>S+(+K5uvmwD}X11*ZwDGvFN#X3RjK)y{+{{XN3muT0=bMVhu2{@CP|g=XD$9m>9M z8lH|K5i@$!ZCC??+RFYS4v!PNE}O3lzMG;+q3lbm{n4ry7d_Gfd^H&|~*52+U(d_|{lyG$}YiY4>#j!w+au)Voib0J2 z?5^_tnq44<=&L%CeG(=bWXZe?itV`$r+sE{8Qt*Im;%hKl9{>ZXs( z?%D>CQ5$rl>V3N^^>A2<(cH+3GM*EQb!g})zjq`ke^Ua?104XXlnAqO5$ zOOT)z4oEJ^u-WhT*y1)@%Nc+CAzDznUcx4LVSnnjklq&R4ZIhOf4in=uQ?5~A3b-< z1(V;6_)dIK65XY#CjuNFvM(`>Zs`TDqpCN276!>BwCSA8JsgB49(PCX1101nas++g zR2N?fiur|-edW72`?^JZF_rAlcE3S*9&{re^4vowgd(7>Ma|1;i6*$x%6Ygv==yI! z12R8*mDu)FZwF+z-y_&0JctRs3i{BN9zue~QdP5%rvGpZTfL>ABRP+|UJLKKEV<8( z@8Yq+r`*FE^dNY0%^Tcuh*<*51@LI@xzHK{fSz*Hx_fhmE=jcwB1+qM(47e`J4kIkFIBGZ3h*xHLs7Y&Z;@*feUdhxwhsRZ~c zy?ihXk3O-k^U!yMOh?veyJM>b&0eYw$82a|n5$`zp+3uh3{%zCV$XS!;2@$NALID- z-HFB%q#LL=QGw<{^M_7PfhWdst@uIJUbVO%tc({!u0_Mlxq?f=XT{welrgUx;M_z)k#NU)Hc#MYJ1)H|83c!DI=;sw;c{W3*T52s@SQ}VRH87o#Cv%s_IT- zvaZv=^&7-D$jpnN#PAcr&`0ZgvdJ;P2WxnHTIu~Egc*Gz(5ZXBpZ0oH@M&VXy%)zk z*M0b=8FZ-jbv~U8O}!aRV;LmNHbcyc_zVD9tzZ|c=lSsMOW#T~TL1&2H>F82KTTUO zY=RU(OCo?h>j7&5A+`6Wc$JM6=u0Bsg11Hz66UQ|p#t1xo7MFb>yEtf7?@Z|bW@j0 zd!Q5Qx_tEmjJecy$elrmnn@Gkl5}EMg?A%#19qTtG?QKPPjI>kDE{YuWhnr`U=e|(O_v6reEiqb>Y;ER>@|6Y0iPi-MXtx?S{@Szkr7RU z4(&Vyjzk)v&JCPdWi^Azk71ck;Gzr!iY|1g>O;dv4~hW2)@A4ofYHrZ93Nq26jzj5 z?9PASC;9-8=@_B_%B;a)a2bf}lzEU6oxb_IyX2M5Vq4%xs4&^YLlBLM3hqDs+t8<5 z!U0dPtD()@lvs&Hv3+3g+jS8+E`f#@o&dYTx_ygx)J7seVwD9=K`V5S-thbyX9gDm z`a{yZG0=%26*tPz%)SXN9RntJxSnNsLDg({8;PgcaD?1_XU#LX_YyME+zS2Z%d3y$`5X*l6bf#6%g^7(#bRqM~}e$G>PJqqN3D zXwwP&{KeQOkkLB~FgjXQL{$Jpz^>61qK#&p`#@T?>-_YjFYM~<36b;`?;a>k?j1*c zeD>6Z!M^3Q^^1?8>Y)%gil`xu96=RWC>k7>`|mNLdT;gIorM=i4%;E$5XyVr3`bTW{Ha6vPck z(REO{s5Nphd0V@fVjEmO*Il={WTlWJ1f9JA4TE2Nti9{IzZ24qdh&`Pf&IwI3gvHNC4i# za~SbA4U1jsj1Y~lC4Z`=2`KDtPv_-y)`iw}ztG(H+I8zBAhF@=?u*+rgLf=POcY9R zZ42|+Z#Uk)>33;QUMNhVXr^d`;W6SxeY^0*+jO&?1;rsCPeE^**n;Pk@>9iLxVWx*nF z*$)s&S?B4X#T9>h8QMizJ~hCBz4^CZEwQ?rEwNv`sbIatriW&%WD$ZRl&Z(qHNi&Z ze2OXF4W$WyRwN6hO~W%WoPQwh)w5ANKyw!s2=dJZU~G4%Ler!WS2Gd6egLaiKNIJk z!zK`wkOSbl1q6zqjjoSK+JT-wBqAy-&l5|a*#YeWOJOO?x#_>jT$>T*`7=9Mq{3GN}>P3G6$ z!Bkg#V5f#mW zQ!g(Jy|=VBoBJ^PYzCd{BEQLUaHi`UGVz{hOtUAEZcFP0DD&f-6Pf<`;9Pq5;9+O{ z!s;~S;c>&@?TJWUMO7g`-@R)i1*y0Lp3%(GGPy%YfPW!qL zzlN_CIps!lI8Mi3bi*Cgx%K0d-5dk~q8sBy%i-Cp1@&_8!cYnWOO^iDL&b?Sp!d+o zN)Ql`f*?bssj5yfmc%>1&U7-^X&W3}+rY9@%v~@ZL9!@A5u`eI%B4NH67Rg!+|3Y< z!8iPaFD4ZBvKC=Q_~j(wbNar~?{B9dfDx>yx&=~zz%iQ&^rQ%QalkpdWC3_NUtaua zwbIk$V;qo(Aot}EW8y;}$5v)IMBwQz23F@Y!W(Gcu~9#V1vY2|T?75r)3JA;BHIzY zTu<-eNQ`abcwi{B+Og2qP$4dtv)_=j_2BtcOcLU0tsf~ z=}^w&t~OM+*rD&YV~^@t^h5ds zHZcP@L%LZ%cN*!%fti%@fB5rCadJU->LAJ%gl2;QKtWpD5G2WFA=mhR?K^zmkKeMt z`{H`v8%MRgkUw}_+*zhLMy#E|4j|Ff0L^1q2N@Lg9N6B?z+Nx}*|wP|3yt#-fW;C3 z#K1~Jwb*!5ghZ2aA?Dc$~6n2 z?gLLB9`FHlXzT6*FZ~?$rIWw_BGMBGk?E zFr;d%+YZH|7z{X10mDcF=iv6KML_71Ae;G9j!xu#J^_Kx)o9U$F;EuC06qyRD=R;R z1~D1hr;QLX6+HB{=2iOGO%^BDOxMq73vhP?09PjKHb;I-w*?VpqwC^);6i69=xUy7 zeyJb4liWMmK3p5MIPUa*sc`q_wB+DwaRqcLP}BHnX`Jz<&kXvPt z?(6e=6*0LQ$*BGG?OeZe>;Y!Wem}U{O5EXsPJ*JUp`|Fe9%Wu3Z5gZqxE>#Vpe?8H zG=mrpbLqM8QNwn|Dn#K#PR{J?>DXe!;7jy@U9UA-KzA zbJov8CYK|3HaU+ZDS6!^39vu=4=#JRKkIS~AQct{~?k9`l zSdbhWxhF7gux4-p*{Wo|v;w=ZEA2C!Kv{Ib9Y;%uR%@yV(gI=q$+U0#<&XD#KI43J zqJ3D5eI8sh=7ypbSAgUhxbgef_RzlG?*126q24ZsgtSSH;|kpjx^TT1lQnz1vsy^RHBqNoxJ4wCs<($4uC=d>*r3I zS|7$rwaR?0Ptezu3Ff+KDt}KnI07yq(p`2D*m=eDN}_<>Q55cobz%*y=i*{QL{}RI zL)-0=W#8mZ`97YVEZn(z;Jd59k*Yosp#CR$2u{^>rv0XmtDFupfF9J11DO-o=*B!Q z6K;yZW<2>b!oq(^7op}t6Y(#wpUMP$01j`u{;&9plokQc{`{Y2$ZKR&4j91=;fyB} zT^LSv^ixoBe3J4rDmdfDX+dnGUmAy?eo8WhMFL*ECDzNL%8Jg z1elU7A|mP`)ZYQc?1EfoeWOyzDx2WI+W8eOe$WyGXSu+pk@IkX?$76hkGd1t`#(J_ z9`-P&Lr?7C<1+IC1PpoKCO_D72q?;@YRx4;tZnB%mzz_BGvng0Xgf=uZuDMAF%n1B z4!~p!5Mp`3k#{`_(sf!POVAt60-xXT8qr>tLoivs(m?Up#3i_v;-WXd(dUE!?6Iz@ z;*;_`d8J6h3obTO7;zj5(d-LJrJSC|^=S4r1B9OCCrprX$aS|DPchzo_lN>A5%*@m zC}su&2Ez7_j=hyY(msG!U7;hGzCoFWPP397KH4)uYhQ3hgE6MIcpvaa3qnFz&VJ#0 zAyXGXwqyp1uM()dErX~I-Mo_zVSbPjG@ivaF_VYV$BT-Ju%2uMgqa(TH!h$EvsENJ zP$Na|fB5ta$!F4`633@Il>WmJZwDv4C|YMr;Kkz?(CV=#Cn&eEm=TzltX#kxDG%?> z;r7wpHNG-H$2i^&K?DitgzW~r047*VvTCo@$8>_E)^lpPc;16dlQ*u|_eg|w{pE)^ zym(br6=v23-c9pWNO+ioSb-L3QMER90J@BpmeLxJf`14}Ls6s?0014zf;A0E`H1ZT ze=eeE<{*OK9J-Ve({wSB)?psF#}32sP~{l?rdvsztUR}(iLDY7EDGE?6NQXoF!T-I zZ>{37W*^W~a%DBp#uFLmtJmY%94oF@>~_Fb?6SnoA>`ALhdTP~5QnQirqm+Fb11q# zdZGW+%8goikAp^1mYN3)eJ^zuI2`gLDgMkP2^`Lv!$?qClDrs|Y#k1eiK8 zn%O%!bYSTRUF85beA?fU7Ubsgfx~OabSPs!HEh$PVOK?%F3B@iG#SPjsB3YX(yU=E zJMX#C(SuO#Qkun;>*5lz`esb84(kz>U}{3arw-w#L*myl*K56W9ca8?|EB+8JCW%P zz?zO?G?h;C2S%=qu{2=t%dcDs7rHeD44QM7x%i}oJ9sXRLh|k+#=TX+Bu1HZc4F(s zO+FaP(a|EKGbMoZz=zH6bIe&69c_kKIIt2%jn&2O;K0_HQbf8_cpEg;)C8oJe)FmI zDN81>!%AbfP$qaC`uJT_Z$Ds`Alnjb^5j8RO#8D+|*Ihce7U!q>-L zwxCz&jFz^0*QLatl7pP`)sf-==z;{F;5a>eV_w zU4;v6;IJ+Sa$LNd1+gI#E+9e0bXl$tv@_@r(G49CmH$Xu7sx{(h0{gIpf-mHhfNcJ zKp|9c>|*5i^Mkc;%*g2>zwVCU@vN7R{r?t-!%#6qCkr4A47mk6q<{&{0Hs`WI4re& z@;=J%{*HY>OnXDqh~&9wv**i!1)cw9dKiWsXo-M>?}2t#0#=>a{p4;;131nC;!8=8 zI>9jJ0L9gf0u+$C;;%6WC7vQ{LG1pt|Cm6iJ5iX)V!)<)lmBi&_+2n=aQEil@9ZbL_p(j}$j0{a!fiT|#KTtQBNTgRAt7&Z_$_`QL} z^J$<~eFoV7Fnq9R*$3Lyh0;}!`53B$lNd=uV>eh_%i@>}4Iwb4{U2bvuYUx8rCk4Q zk4Dyeps_})RB%ZkjWq-IxE@G#WbX+^yMod1fjj*lEHK6u!rw~b??OOaf7L^f{#@Jo z>B9#Q3*Ma?GXC?8OaOLdXh<{$Kd<1--s3C3e`K35?`8S@{{$DBCp-W#aRyTSfb|$T zZqUMx7L8*gNpm?!CItD>io26WkM@E5=?**fE9eQ(7WwR2X&^WVJEU*J_a=LURecQW zLG9YmWdlo_(7E{j7myJ{Z>;u6KKj$~lv~igix3jhp&|VgTF7m9ZsZR}D8+RQtKqR7 z+bB~@D~|BjH+;VbfrAtXWZe-qSF+Lg&Ejqp&8v$1i4DKK}k$9e>VKq`-%MWnAE2I|F8No!428W8F6 zR%rr_1|ZkU?&@+5mL9Mt1`P}hc+HP@+}}Q*+%LLM|2e|Ag03f^ss(?}lH7Ylg>Hj< zwG+fXqHRw%z=8}8d2LX_5;lP#VQo`9QD;q~Ou|Zx(;5SP=T4m7HHciciDj*lgS+n> zOhTpm@k(cM&I7#n99$DwId7WpEq-?dxbsu?6Td(I3Sc4@ytpUNR;=u}?v=x$XtdgB z!}fqnr{9saUVtQXm*sPCi6i7L_R?F_(*Q*6P|gu+m#(zP+NjJPb8`C|y?VI%GEsbl zp8?qyVRmc=TM7uVG1?uc_A|QeBY(t)l{{3{_=2m4gmZt_fT+JP_Pj7GiMC}fukCrN zlw9^t6RY&nfzM-1mVGDj4U-$O@46+w#dMsA&LV=ce|3|&*zgeG?WSY7%i4xB`unFdx!K!_1T!Qq#&7mKynUuvTvgP@2 z!P0)>m%FBBm6t2J)@Y39N$#}Y^Ma|Zl@bK#8wGrv(D0S$vT1&x?frQYGDm^e_RG zFcBlOOV*-i8FU>yE+gd*J1gDRO33IQa>g*835c%?F;iF^lU)|}m#XLAm56CuF*R#R zWMkWmTl}X?Ry9LpBCg9Zjj6~b3rmn?xOf=d_)Kcd4HlfuA=|e#ey%Ielo`YhdX;1v zJ85w^9AzDV#et$vk^xx#hK?Z;g|#}^lU^W2Bzuw64p=h@E7780`N*+3EkN`LBz^7l`R5N#PdX!R@X zii66%Q{%#m)wzrsfO?9T4-9%%Ybi|O2 z)Ai9Wz1mU*Xn_p0jL)FvbbJTUsB9kXX&>f%+5+S&O3!JKzTmxVL20pJ%MKG zMaw7>JOs_t=$l6%5bPX^&H$)^ku3sBCySt?cS@BvpRSH^6lx~m4&D1==HPL>S3@8VwVIX1+RjKH` zK+bC2`jLO({iEf}^|mvnexRj!xUziw9x!`^o6*ZZucAx^9uck4W%nZz%(^)8&_L0r zoBMRim8_SW%E6*gEwtRr3UX+f8lC|fHH-1n!FkyFw1~D)a;4LywbAPt*&RW-D zZ%_O6zP@nc+kH@EhTr^zbiE-en~13$9}b6`>)N0C9OZSJNSm>-Nb^URt-)@MJ&nsP z`;Mg6AY>cAC<~3<5x&o`-Bd}ELoHQQIQ03a+95=og1z}HkbW{wl5Q(#Km~Yz$2w}2 zTf%vm@r+P}h1$~#u*9qsmi5s-UAKpg9Ycvy1vX^~!3{Z+Xv=-*SIul3%FavK?3rhv z0rRm1piV_@u-m@rrHA$$Lz5y<`!FyCZ5u&BCh;PH6%E=cUF$zm$3YdO zTnahD5uiUtVmIV}(psRO*y`~Z8#Y>a3adLhl9hGrZQjLJ8F8jB>~;WsbZk@nZYt<$ zdc?fNpVe>*SbLU+>V*8pd#BI*gw=Z!RlB+5JZcGz3i#?@#?J?tkA$GS8$Sh5TjxGl z_IrHq%t|tpE150Zx|0icVF&Locixvf|M|YAta|qWl1d`YjIS0vK1XV`&~lca4v;>h zb3LUla4=p28odyo-*CD6Jb<`0pGeTES`A0R;sl@L0GSB)^i&@zuF(doOp2egGu%eq zy}++Ge}@d;Qa_N61^IHe>tFi7+EP)Hr2^{#_k(EC?D>TfEtry>@&LylQ;UYL(%~W4 zWv)lSyJI2uhn~v{r((kCb#PQ2Jk#Lqz zNa!$3#xJ)+SDU$~;*oCnXYk=w{386mnt8R4>r->^c)K!4Kd;{wLW>5xwZL_q;#a|m z)>5|EgEMFlD4>cu?tLq|P-C1{q#!py-CZT)aIV|?V2SDOE@)4@d0RSgey3AYoq9lH zRk}^6;!($i6F;N*&wu*8tifT{ps)1u;@X@>1MWt4Azs|HM!#coP&HY?Fn7Q7wSfM| zn7a>m^jEA4eU1G0z4)&>6puDsg*}ODSm~q`vvwIBpyU=Z*Yp0A8lY0FSQ}kq<3#yO zh6==IPUqNz=D1z9rqSUhZ2B2)7ps>v4LGv}T!o*sJ)b?zTLuS|to1AKjke>dVVhr> zsU*`C8jrQsuTsvlT+&b2S`M^C|&sF~Vo2C^aDi1dA^|r*2%Uhu~ zPUpH5f9*fsmZRJ~SNMsST^I?~56@s8l_u*dL}Tctn5GiJw}kTL!lmWKNG>j>uiVNsv`p%FSK5 zDgGZ(QHrWyDabpmp6DMmG&1@W+8AdEm_TR(?qkrsg3VSezk^l09~M4N-Uk>Sc0~&R zRPd$cp~r38miC<=Gz>bQQ*voV;G4R2Uxi=)z3IeVLw>wMda*QF_6#VZ>?7UB&1;WS zx3TP>en{|KlZIb|mMKu$c)b0s3YG)4Sl(Vp9X@)HeN^VruV${mjawdk%LqS^Tu_iK zC>Gi9KJxs>V@;U{zYq7n6WL^an;7J~cEF=8@pH*}msXDA}UD($H z>!kXRM4Q(fvYpr+uj4cy(j+eWkfm3h5*7L6Q-3YUlENe1Vih$d`hGPWnI0IUs|DTt zv?o&Q{U_V1<{CIq*?Zvw&J3SU*rpd7T@FLJb#K(79~wF9zh^jh*4807_kI1xLwhg_ z9`Pp3xA!O+#@4CkSZ#c-a>sAwZk0LVD{Q~GIw6_btMdGshZQzKAUULO*n+3bwQyU^?Tl%+|yzjMR``uVB_lhL=YYDM1-vofuQSS#;`km_r zGr!{XA8I{<&Jmw}9d7-6MBr|Ej2Iq9rNPT+-5FR=t{n`l<=?{})ikTcv~w4yzvpSMik@;EUO76(hx`uk(x^^oJudl%E-PU#*t+I-M zs$|YIQ5WXstL)$;6?#)8VCr!G`-}csmp9Iez))LhmHb&j;!bjHx}gwM>+pS<#F6T4 za}V=Bk}=VI?75d5xjxWw<$_X708YdU-|tdI&%pxdMvVA?aSB^THd+V22m!y*v+4zY?kG4)Q2#cv5613ZI!Z= zi5SjyYM0dJ-j?$@;ogx4T!qP@#l*8%YW&DIXsk<{DT7O)$wtbb2anQm#8JUVIKjDh zdXp7*=;xK$Psjf-IR0Vgp+X6yZ+%P`{(QbpbRcW_0R2#hwf210>BJM;n%{lBuqhsU zP_)#qDUB=sKHW$^?S@rCN8^kPKSXZe)kO$`r={+Q8Dm3b1I`aH>n`xo;FhOw+?6hn z-wq4g_e~w0Z2rXaF*m_@AE<|ZRZ)9HR+Ma(+3hS|=5tQ!>sL-9XZu%aiqiy5WQN79 zettnmi*v@ezk*ZmHJ(^Yc2{3Vcq#PphG@(>gKaquF|&RjKRmvXbn5K+&6suN$C~)D z6hC4ubk1S(Y3gmS8-6B-UZI<4OT4O^*(G)NxKs?yCeLZ6J$z9+hDd8{d2K>T*l@t1 ze+jwQx_Q!Lq73EJ%G^!I{8{76`V*I8M!CYJU_%o<6{0Tru6ao zfLZARwb|ea-H(=f(Q4sMAm}j=rZ}8*y~*D4GiV{WSF( zG{RCjBWFVBc}?36Xp*mG$-BIr$5*hOXTst#3RovfHGT)})hg%ujE`R;l4sbN>*p}` z_my`g^eJe!7q*&@`NyZ&Q)@d{I13)m>hfJ1vK9)Q_S{b3nu$K$=Ud;!+iJSJ6vEaL zb#}in=Fp7l*`b^>oPk?;cUlG4XgqE41vcvX0log@7nYsk?w6NuXWZ!2pXK=JT!BkJCkk$+sx8VZ! znu2Un)qi9wZaW`)nIJ)`6^0iy#JbC1C@r!gtubb76devNi3FJjOOph?ul#Nb9ZDN> zWno&iV^NVqHd*R3sTdFZ?;=x6D;oc4{g z&H6)sUHz-X=SjJ|7`swDN$h@l@?XyIFjA0&ti1WVJ0yV}25-JM$-ay%CaM|@eV^6yb}|Sc!~cVqyO6Q{^nwcAuFq4kT{?%e`fQ4u{3{2bv{Ja6$yP{|2sy5 zVwQ0D$L1S1sYYzMG~`JEodj=)nv5a<8mIZXA2OBY0ibcsi<3~t4iLnG@>%^G9My3rQ}2vgXj6;DwJ?hbi#iP!Kry(pDXOf4+|yv^0{9 zIQ>`kL}1qeNMe=TA>qGc(H9MZgI9>fNc|AjL3cfQ~JDl zEP(ab`+4e5nerZA`rhO3(}lLUr_8lAigk_Nh|vD13M00RV|mV{6d+lHlN4vbqA~~L z5=xI2gE{IPOc}0U=60)Z1$(R$04@&q7Ic9A7<7IwnhRMKjwlU6u(_#8S`+4-@n?^~ zomc8~vp|;fGv{`+L48UWA}j_#*SpyiELSDa&HB{c-5T5j`(g@zu?C00=m$zDap<^h zLoVr5@00TXeeLV0zyC+Tdn93WJ_q(yY2G&g+HFC*Do;r^E7oI^S2h3E82D6FP#>5A zmZbvdX?VmnG`efSZ`J+%|LW=5t#}G@+>|$LSDvMH*M402Y);0B6m&r6( zOGtyQXz7r0-PW|pamiM0p;;wLE-4c!!Z2j`*RGLDa?_=BZufNRuK9~3Rz2bW8 zC8z^O)}pW?*Kxh3KzMO?Z^%GZJ|F5WHdIPXu*Vsbg-86=etI#yr9ruu0U0`f-=7w2 zP`^wlo6<2Nmn}j7y9qe>UMOffC5TtdKql9{JERjBmbxpW-w)!G)fm8cI$#tUhPDkC zzRkPPanrn>Gvcwf|F#>Zx(&z`3|0{ zZqR#Qvb_>@RhpF|@jf$%XgG~-G=f3I6hKs!69b|aJ|fz74 z`NA{EWP%InF45)F=1ab5LSj zx{P#jvh=3LSNFFviTg1jV(}?stXeK&81e)*EHZ<20Jp}CMN~Dl^R@4OR9Ao|bIy5Y zNkFxr<%Z@#Qan#A>y7W8&?b7C4!x}+adaz$ERA9q8j#WQW%uDKeSKjjT7V5>4+8D~ z(thm1Yv7u*)74ERfLIu_Ej@`xdH_~TkvPE>+gKseg`^n?Uk*zyewgPdDeSTGw_clq zidYf_TYC%a0M8X`pK@Vz#bN||CvsOzG3ws#prLQD>r&CJwl<47{Oa-0RjukHVFG?t zEtq~k-W20mbutk=L-fEw2{37;x=lQpq>7s-GwFmh3Ax%SFVKIx>-V4c_Z~%@T12H(Ar-^1rWx0h24RG zuk%>N1VUWeAqNqf8i5RR(cVLQWJ-#FiO7(IDPec&W32xLYdE#~k0|LzoE%0w<4eBH z>*r@qwN)+Wh#yxR4!>USLZ`GO%Q9bxo2>#k70Y}-6j{bD=j&0|QkmwOL=b|oAh(8W zO-sKmA+&oFxpHaMrsz7TetoTE?%=e5B;mCRuWsI#saWwddqf<35JW`wB)bF*lR(kHd zr{0cl*g^LN2;55T)RwVGffVR7uf#H>u}~i$70ATCZR|+#k$UG|=!z4jFU`rAHG!KU zGraC@f4k2+i^7tKICDe;8DR}X?zI_XByEr9`N6c$nTIulE;th&8>Xr(YkE}AG6)Z? zoH%*qn#B||OTCwK2;Ogv(vVHN`nbX+LU8TjWTmFxt3%_TeM1=ve6c~kzqFLW-B*8# zcaAFwfkFgwXZGW1RGpju9QRbniV`ViW z0?9ptTbPE)Ya@x>JMn=10T_{?+Z$YzOu)Ap#6SCd6sG^1fo!<_ zB2Y%N?(aan&;GDAkVB>QAu3kpzc`no)wZ4u-yp~a*kLP|vkwTi+^?>=rngg%ACD3x zic~IdFfnn@*SwRp2m{T|7;#ZQB#Gi6jmC}x19J$y&;TPCm6ON`vz_hF5=B^DZHT%K z9O@66i*ixgCY?-$mL`V}L&ZTPrcaA(z=ROO7Q-|c+sM)0r8bgQ39r~*htA345(yYnR5`czI#;WUf zbz5I5a~FFHQKnr#|ErraZ()Ct Ol5(_nwX52}O8Ou06wbc@ literal 0 HcmV?d00001 diff --git a/docs/extend/images/authz_allow.png b/docs/extend/images/authz_allow.png new file mode 100644 index 0000000000000000000000000000000000000000..f42108040bbbf9facb9fff0c320428323f061e10 GIT binary patch literal 33505 zcmdSB1yEIg6hBBjN;;%dQfW}S1ZgBh8UaD1rBg{Mr4a;_loDxCN>UIMkWxZGLZm?& zY4%+8xBK7!?9S}Y&d%)4ym98ryZ65PjdRW?&V8hn=q!g+ci8JxciMc^7!KkZ>@vJuSY|M72eJ0*RBf^rxl2wv9?-oiI(lUN6 zFTW}e7?N}zG8p>)$&@ceomwRb_4h-s%3R0l@IfsB4KM!BhYN$k&kUDM4g>j2Tfh;H zC||MCpF=t1ZlOD;t;3&{XH}UwaPy)c z8F$#SHy>}Q*9Dx^o2<#69lQG;Z+3qFK~_~|J8;3M>4C4MCgG9zOY@PkTYBQ(s%(fI zd{4!$4aQdJC#H>uqm_$~U)H-unBT8V;e7}Hxr~4PB?0TMq(oj5kvgBv7d;u021+rs z>~>!YVoC%_c}jH)HAA%CJk(o_6v27QB#zNAf1z_slYPL`xp4U0`{6HzTHRxB9foKK z=|qwivI5PV%p3jmP7nG5JGzTZYVLJ3>{VKIPQ==Lex}Dze6uL=aYXm&+YvM2L8+tF zs^!|6gN^&Ye|^fn`Y=x=;le9-ojNz`nk5t~IjJ?3o zd3weAucUs$)B9aCYpBgreWGMPTv9aX`@GP!&MjX@w()N3Hl3Zv{`_<2uV1gVhG4OK zE`LpARVFIZEsX6+6ISNb={#}WxEtZ>MzTBPz}PQ-v^!!xH)LR*EFX66Vy4Aqs}2J9 z>VO)|qLe8DGO-6as|I>ZH39bS|!itj*|`F#IXAkVzVyWC6cZ?&Caw%Y;ATj zsSmx5OzTOK-oHM|o^BGi9-cRKuXCHbu|}X3VtVv)>6}}T5L?W@{#If z(FotI^;#RVUKO?NXEw`t=e1@}fA+iiY|Tqb{VC6~;fKfP^&WgFxE}MSp5Vdyw<=|Z z^`YVv*M=MUY8}<$Yp<=lC%SwN=2999+QjF&Q@n3A_zb8_y|z|Q7IB~NDbq+3qFL}< z8NQzHyE|kMBj)tw@p!!pg7rBp&2*6+%F(#dTz!igB{D^8XQvk30Ps<&+?rWfmv zT>t*A=CRgOp0pL18l{FB!i?dGGC#VJ?%z{^&gou9drk&1v{#~qJS9#DB|XLb58tdL zC^K$8tJcnuFN3AIlvidk&Yg;kS2-d68-EYK0Lh3TvBFCwkJ5rDLp_!T>&ncV%ZQTs zZjJ4?N_nlOiq~;d=S;oxE-$v}%j}4oJX&vFH?F!Hv(gbmcS-9+A%dxAXX(qkjyR_E z!@Y6mTY(4N=F#rYM4j&?$=VIFvC1gN(w7Au&oY&1$)0@GD>c5tI+<>EHp&v1r)=!u zDB?7hx3$Bew9uR3&TClFvSxLf5V$j-OsILqVff~pJoVkr&*sLO{NFjWN0Nr~*5@XX z;5d7=v{Q$?+sk~j_3KguQ-Hv#5(7!V!5kGU z(c0n87cIJ>i+Zn;B*Ir(&1?O3UvVowrnux3LBwFXSn=YanD5pdDha%gR1D}0lfDZK zxjhn|%e74qIff?d+k#_o+p@{>*Uwj!S#SKE>CpX@w+xo@yLjw_YNv618wXtJ zADDLK7Gvy!BQgZ|1^&^GUD^auTsyILU1xfCI%63+hz()=MPo8O*a#+#W8!wlRa$hN ze5sQg-LQdaM|Af#?Pc3|*Tu=k`+Oc!8<@DahpwK*&no+!ot{XH?ZU{@u^OhkPq(0Z z_8eRNhAl+5v>VPZIM}%vqa(i6&gn2*QkE5X`c3S3HcqzwZeQlw){ev?>8)?Ctz+Jt zitWE<9X)*J8*qBCp!AKHN#?T83#$}u+yb*E$KU6f95Z0$7L2YCO(b2^joy=cey1mO z!1L_XpGqRHKBFi1fwSk8!Z4pQlN!xi3M%jJ|Gq~hfiWM?Z!VK8Dy0w6Q<#X?=ym&0 z#chQVhw{b(DKsiRQx|rvOw)X)siwvRBD(rE{MHd))VNve8+FU_6N~ZA(!_~MY4qL! z$vfvdObHutiCyOv?J^|2MG~(+7a`1$vXV8Wd+RVF^19=NT;n;$np2i^ad#zn0Gqcl zZ&KZd(cNc#h=PbxJ9h}?kEP=d#-=K*B0Sb7Z!u_QO4apbN}H%X<*{Sq*DZ+lSRK`Q zb+hQg_CjAulmAf{)9D6|c))S3nmarqt5XG?YU#RFob+9aN4^f9$=yHWg}DrI3wpkn zAP$Y86FoQV>NxgBb?t03E|B8Qr_awt=iaS1J%Qj#Gh{#6P*=I;gz0`7Cv*5x;*IBu zzFmKIu!TQfQ{~gPp2gK~RUyO}^V`BUy^eRjy->tAg6$JcFMi|m_co%Q6V~aynr5HIj|<1)Ci`vSV_RZO*tFRQxMrAXbU@*JNX{{_qMePtrDJ z#Way@z&_~?K_){`9xh#g?Pqk$xa>eNe)A?r`i={neHO9r+~yuH+c60>z@{sABJ5+0sLQS*uS(xNu;6 z=9PivGHQTP(yL^m)>T2;MHOFq3_EJPqJo^^ozr;r#ch@!=ehO2>TMpz#Pqdf$j+jyrz9lD+@x}N`vdhSbjvXV*gS($mmt7n z?oKl_GOc>czettzzQ?LQadDbPGeg4q+HJ)*HZ5vPa+vK5vRi&^usS7uw?B)1*Hl)< zdrzDYp^VNwQAx|B5k<-SYLMe5XAOb0SE8}GyQJ@(HE+@MT{Vr2<>6B9G$HF7B3A5; zdr!X>8)z+$l$ZYybsS~(YftaDH8Wt$Oml8N(cfDeFZ?wsr!1lnPOvO+?JPgVjLh^4 z)II}+A7Ln>ogA4Nls3m!^48ibYiq^k@Dw_`wlTGWY*b!0CJz3a<32x^sY#UBiyH5v z4^@+^)n_Z_XRq#2ZE0M-^O5Arix0flsJ~4sYn@SF;8kkOS4+N8xc058liL6JwqR5S zW5)A1ocat-Eyj!bC8_k%em7&L1?mTWX?lniXlB^o!E)UoxGO0Y=lg4Rn5%Y;bi;yF zm^;G@M#XLGr|R3IF7EP=6}Q`VSUer*yn19O=eICt;=dl!cA)A=9UDVF$q0Iec>jb{ zq+fHh_t_Qo^AY3IYAJlYB=@COW>(6ZMara|FD%>5<|srY6*K8x?UVkU-mp7tviy*U zu>duFrDZLDQTx3@yr{F;?oDM=a-WXSUn+b?udiMIp6%pXoLT4ieY4*>m*A&Sjy%?G ze1S!lRzi}Op!xkVM&~Km0L}*jy-g5E_nhAOJT~%8cVa zEyPu_oM>uf2&i@Xf3JU-C+TKOCor-}tutG%!ZlIv zsqSkLPt+HmDrEgQiAzVGh)KrLV^SbFZ=5>!h*$#nHh9644EIOCy zD+!cKh)mT)TlvjNG=SE6z~8 zd6tLytLtMjcgjdZr9IO~Fj4CpgNn7pR0k$6_5yzo|9z)GjPzV@Ih*SSt*eg#BQ(aw z{*KXkY{nL$*Y1+ih8cvVp2~DROQzAnj5wE){&)2v4)>rS?fXSs_irwB&y+bg&+U?< z8;I#QS%pa|X&TaFQE_GJhYJaq$C3uHVJIcKeE(r|U=c#K*OCb}0NuR@CAcG63>pLx zwqHd@{jj{?rjOFinuWz6-GN+ubRqO6?xMbOYl zI&#%gzII%3JSlZ=U}0L_}3y`&iFiyC%708ZdKcj z24t-P_X)YrYwYqJESf0blPRFBhjku}E0Fp~hlW@>E|7Mu2FH{*s+^lyQ88K>qC94PBvBWm+m+x+UExs zNYH^wOnQ4Z02fzoagDYsnY*wI-;8e0@oGvpJ493bw9N)a`EVf);d8sY)K5qhL)~{O z$F@pD|6q7I4H&h~Yr<8Df2XZdEl8fJn77aG$sd5gP^=eSbGMmty`@$hu1fFg-g!s~hjUoFIQbmU^(?UwWHX^d8TrMD`~D?OyIfx%}$H zeWAB5AHTB~0?wV;j+mK`&wNi)S~h0d^zOfi+2!=z`kBb0fPGQtMd&f0fh8=yuPD7?G6Eh8&-H6VG!IryE(U%CR4zmYV3DA;Lq+x7=Vo zB$nBiJB51mV{V+xtI(59robeK)5aTd!BGv6>0Ud26I%LG7}r;SJyXi4H&dFs&V6Ao zje`QGzv}l6U+4w%`I(HCsnb2tIq6^=>+Si^Ti?B>J`EKc=oM}NoJ@g<=>mMynAKyb zOeTjzY&lwPF1y<-27s1rM3~}igema2(zW!5-<80zH+H$#nr;@|7|c~B7QO#@M6CA! z2!*5?``zWCLvk&rv!q8L+O}18J3ki-MG@%PTGiNZ(=mwZo@9pFMVcmpW@O@ zm8QdG?zs+xDConN0XUNgB}4H2l-6&k>7hqaQBO`!j=D=tYQ7TZR5|pFrQ!9Y3Mv3Z zF9>D)avzXS-4^QE7ehNbhOfU@!vh&d&ir)}MRxEBBm zOfM5QP$DoParT$c%k)jjH@I>d3bO)?`ycHR0JCT-hw=MxdHVf+?c_1Pszd!Y%4mbGN+^T)5@xJ#^lOgAgs=L>X zV6TR>_hrfQBc5a1romcZ zlJe31w)^vm*7BVn2lu;H2IQ=Y3A=F{DR1=LKf*VBfHlyYCEMJ5r$g{qSmEWs)t0!W z;_{|fdxABm?c`dxr|6&2-J4b7)}d}ZS3oX6HBn+D{0*oEHDJgLfH9033y*Kniy*>K z@W7ppIOlXQ?%Yh{6pE#nx*SZkSX7vKV~t3sV8bNZjb|;)7Tp!uT{gP z;nL?VjgKAj?tQO!JKlG_f)(aK$Y)r>&|<3*fv|?jm-Ox&?{D6CW2>|Dt*S7I@0Kx# zW;$2kej5`?_WeA`$18T4O!(u}pIJQ?`>*;dTqB*f*L1}Fc}B}n4`uy1N_5K;k}}T7 zpUtPc{8=9?{m^yQUEbvi7vkW_Xl=Mnw*+Hes+J4JFpI^e3R}S+SqJEvv_P@j@rH_$ z)bEthuRCodSM(BPoIATvq=hy^eLM^}!N4sbLkTZ^K_-2~e54Vw8*V&tlfhQ~GF=Bl&HIsho`9;QWU#;|J zNM=Ud!n-vKEC1$*8?4A%6*R3?nwdxSB+j0WL$8uw;~XppNeq?UGWj42b*jYJ+`;`< z;;CnW@uTC;c?qgyBJW*K*jnkwGwstzrIl1&%6~jf)W#}t{E*bb8YgwZW&IhZk`eVL z5L0q7lb<`MuL$7OE|5$Q+Ej3$H-;P>?yhvnX?(WuFnDXPC;CvZUO8xmo~3dGS7~!z zyV6qeZIn;#LrcK+yU}6s zL0U?9;}x?-qZ05$H}5YGoSyaKey7xLYi+L?Y#k88!KywCgGF%2QsH6i{-T z*!U_Q0816}1gAF~6>6eSCF2E%IRq9z0lPhItW-#%tEEaki0Bn2_LpArDf!fLi0cKGa@n&@aZYG!W=499G?qbYi&siSU9mD?Dz#Vx`HOS_4 z%C;#p`LiKBW5dy}cLAT4%{crHVWICle~PoFjwV|`jc&CoX*x$;Iqmn}_M|-Uq}Xlg zDZjbdcg5fjN`|3%3VG$Eqmk2f^=9L_k{KH=g6*6^MIt^+0*CD(N_|1W7?g6BW7zn; zBs(`B@BLVGmy*<#kfE5Wtzp971sXD&awq(PR-iA+SowQvyTvCHIpxddO%EoC1baJB z@LN+?XvJKz5f-adBdohic)FAHch`>>9sc=vShe2--pk`)@cH!>F5P}BrG%T>_n}m~ z6?GDKzDHbxju9i(r2Wk~ec{}gnZxjpRt(stb@OQJL?Mj9VcWEVDaAG1H(zF#nMaG= zez@QndcTx(qn|5$AN6LOv6(!zZI58%=d@<{!S+ITs-V@)1+6$47Ry?8O&sSq%{@or z43Si4sXFrQrBrj}LLsug9Y|c%*K%TEea9KFdnCSz;GVpyH2N&ansT<)Gmdlew&wZY z54;GtC%Ls^<1lKl@unK@6B*v z>wG)yB*9;FHsTYq05SdLFjni)^hz3YI19@dJetdAt1e74VjiNe=qt$rLm#F!FrLy3 zVDe{1M~M6EjLkf4Q()hSi?T7aYNa=I_EG!Fne~9o#UXovn2J`v2_bV&g6Aq{DA#hGQFQ3cqgGs0lqk#UzE0=&^SHJ51l(HR zOV(~whS0b_p`L5?d=&95l}U=M3^ok=jJ2HdUb2Ci4)J>HV}H{rA2Z2-$R}?6wdFz? zBym_yw)cI`j!*jJZ8u5iT-w{5TsTohCj~S;EEPXgdxwbXz%f5SNT#hN%dBeQCsmb+w_$8FC zvZ;Bh1P10Y|BUx}{;#bf@&e7}Ij^%0LQ~{~q|liK73HSMeC;hCM-{oR_IQ1aXIU=8 zZ3vEU4M53%56J253%FKlBlt_ZbtfXTpr7(b8K;lu<-LYtU5WLGoXk1iB}+w&N9bRDTo z5ZMMk-g|`}Hfgq|=%5PnH?u0L0((&_@bJkY+eOw)M>?Q)YOd=JX#e9Ha5K@uWPI*Q z{YPy$Dg?tPdFb9M+=)2xvr>yTpYQ+5B#Xv!DZYef+X)j1R+qUV!t2?0<=n;AuSV#fLT>!vFCk zB5-cC-6dMJf4Y1td3HZeU$o6%4L?4}372gtU&PhbwYrFlFoqtzfuVcOO|eYwDTNS* zLIhE=_L=#%AFk1MyQ$JlEu$6Di%2$i_AM$JLW>k2kCXtx#a_NQG0MlG4orlTRq?m} zwegzng6q$FbYjP5_)&SWFXA{%^PmV7RTH zg@peb61hbfLWRC0@qfb~WR0u6$oqxja_B!U3Vwk+lV3qk!oOo4WWLi1vRVF{Z$FsN zeqrm_|K^JZ=BxWM7U8DiG-#A=Gw-p?BWSe#{JiN1SPR7I+Du)~t`zf_)(V(a`xKi^ zHTmm3DAq4!1J2$|7D|wW&{)-mO|WjEAMb;aX?{tsMuz8HaQEAVPq&x#OawU<25q*scI(^@%wuvnwHPk zyMYMp(Eqzc^jTrF45NO2Oi(yS$@5YM)asEcxysRCE?9Y!m1?sPxBu9kd>{RyX*$RJ=;V=w~n zgQXz_7Kqx>-kSCP#!SeA=@>b2i58P!D_pK|lT05yPP6;zpyGW3j`eG~x%u9&@5Q}# z-|OF+Hu&gBc&)ya5SK6y_{&kDfahbPE{xA#{#x|Jt+cJNOcp>op3&)~P{>9sov3Cq zPVgS3fPHV$#V3di!Q2b5`^F@yC&sFNrt$ZrZrK@PfT-$|;l{)!0KikG0!YIe$dk#} z9#QYWqR}Tc;3~(sh?_3yt%=BWCx^Sb3;f1!R34oHe) zDf#A0?W=x!s}}(cCIQEz0*DjqfYsu%d9gmPxe@Iq2)x^AoU4-HJJ_P7m+(*l%)~)* zW*bVxAc6ZqhW4is2VT5fEp8rxK}XMsWbpC9wmJaz38K3n<6E6%DI~2rWA*r4Y6laV zWrIiN&I7;U#3&nJ+M6!UYAE%x4H)7ie5QLl7+B{PZFj*~;9BFqO*FBEd%9JEm@k0a z@MW0v|9#7P1=MUVL>IL=pRfjiNgdc4MQ@D@H@NUwAQA-&kWEL*M7!jsU73HUp2WpM zG9!15vHFE>5E=`=Np*>7quSDFdf?f3slCerE1TA7R`(K!%^j|d@xA7m zh7WK}K;6nN!2I#!2iQpXI(R+D_*lOPI6HoOt@ub16`3MeYsD&(ta=sBoWUHG3>2()v#Un<9W=R&y`o6|)3Y>ZMdL&KSpw0!@o(_7d~_ zeUN;M75yWKnVy1wpm+(hcDphr2sh4j$Su zWUlpCx`E{Jo2ABjh(-r{;%4!dV4#fmFVnXwMBAreE783YDi(OSR2X81S#oGzX&GkB z8~5;Zs~tm;XIX(}kt>^?=Y5-qJVeQ#;H`N=%BuA8MCCYVR5?Vb8`4@ND);1U^CtTt{3+)2o)1YD_hsmm*F_>#8%qpf)a9ROVz>Exf(6F#I-its%2y zghTU9B^`#XE>h#|t2-t-$z%|Jr4koo!86J@cL`naWvG|idB}pUG##g|f!fyEa zGl?GtkP>7({q92Mk+ASrhE7g2%WM|QiIC_@;)Ef{x&y9}n{nQ``LDlee(ZW;P! zT~Iv7{Y>RKlDk?sAu4NKmXgDG!8m3G8j8lB|Gfvn-pfI7j7|_^K0(TCtL=~d%!>_z zmR0eNd}PQ-;PFD`s;G}hvOkU&mfBu~t??dC#}l@EOwHONen9QuqMw4I z*94_t1N-i72y6cmBY=KS>;)gGr-=Y2+*5xpWV2OCkvA#a{F9}RXL13mzqmF5Ioeejwbzv!a zORP*Y^HI2jBvl-V+}9$ZijdD{y#+AoV6(&7k||=Pp4=hP;y^AC1$ux<9*evk_B~Q=FlRMv_e#D7 zQ<}K@e00JI1o^MHhd^>DnF2kIgzi5YI(W_yD?@=snk9XfnClA)UgMiWcYC;Qz4J;2 zXIPOH4iSAk1S+*^$8UMS$O?h4sLO#U$N*73S6I!w54+S1Ola{jkoG(;mF0c!jaOf{A1MQy$DITaNxFbn z{4nSCNLDgNzV0fLU`3!9sPV=06ApYIiidE)zCRO`5#ji$mdruB$!j0iMG9b8)xi*u z+kh_7nkjw%4v;}x0AJMsyz+r2kPIx7dahDTo>`-xy(ZIznXc_6^LxU*i!o1`v7U9dTl1FppX3(w9qN#^$q>dp1vFv?i9Dq_F;vd+ zYE|FYk0Y#hE$<#;6Ou*0fRs?I)B%3NsLh?)nyCO2u!*rlV2_6F{DBz{}?6T?*{=(?Y6CrE0i-r~1*|~45yD4)g zCy@O|h;h*>_gST`dh~pyPnpZid!_st#?Hlkq>v`HnGB*EHxJrhjt6m}F7T|09@5Zt zycWgsze&h^U18c2{Dfg3)@ZN$oj@#2Cu7@gg<_)U)@Ytjf=qhA*~JdjdA^&Il}DVGscHJNl<<5KRg`pJtkbrrQ`?!w|gZurWiIb%~-%S-a&jnC+e7}4@N{5~8a&XXnA{6N%0lmgbGa;brtR?`OY z7R~Ltc`MBcB~Efe4&fk8kBNhr8H_0*850G26+& zRQq)k6C#EZVn;N-De8adG1r?V?q2XrVZ^f|l7Y|5gZ4OV{`2!AzCwDnI<^1l-h}OoKVSC~A=lXSff{!~TLXcYh`#bNG`ELc+ z>GYU)gHD9d07WLHb0N%`k*OJgd% zHDn;x(M;jXcmUbWK9o2`YNF22x?BM=*;iX@xBuWaEIJpN;5%iZ9O4Wu7JxVH&(~(m>oEj< zPtbGedK-G>TSS$-3@W82u zHc?Ir!!SEyXrBNANiPHv?*O{0a8iyS#W>`D*euRN$S;0_T6006M?Qe`$e=@|9|Eb1 z2C_`At@7}D3>5R04>cj?pUV6ZTvo00s)?hzT+}g0Mvgi-J$+W0nZa6$y|(jg*_GKu%Ccw94X#Z9(Bi0B#JU;TKsF%Db0np~c00 zSoV|TZFuy0ZtwQkK7uTQ`W8dHzZbE@yku8dfe^2s7T(Gy|w;FUialCeF^!i^` zC9Ou^^T=Bq0#hKyf+nctcee+|Aqe$e1J1tN(leQcn#L|1m8^0y;wE#Ug<9Z?ankN1 zYV^nc?b=n$P+_t`uHr;z)M7_}EM1NyuVO&9CXHdXS#x;WtGrX!V0&9WgPdCMJS&;_ zJe>GaMTiMb)Q0axJmcDqGQu!kwW37h)`Y24g>hCF!H;>(jUIUd$!gVJW(`uJ3p3mq zlP+2BF&}!Q^xt_5gHgN0dsPytM-cQ*0CRUcsEg-6JbDR^_3iM+{^TE6C%2&zAjZ6T z_pgdBhoO()Q8o2`BKXb72Nx5n3F>Si^?%0|=ir`t#vxuXjmSri8t`WuS~4ZS)}kG!3I1kAZPs)4rW+fW;+P$TxR5b zglx*#rnTX@BSd(Lt(`Ey1elCa_`LFDSUq-YNE-13)%zi|qta}TE zVCc60`jQ0-ia3L6h6|Ywwp7102R1WkKJ z9gKzhEg^?!*pqjAS!8%R|_l@Cr7_i9vp0`Ld!rNuuZQab$e>A442M< z);b6U+R&$ggTuo;n}^MA$KMuW;>x!G*Z()cv8k;6;0>8Gj<|m-5UL$=eIk-c7~7&P z=Ke_xrO$|z3i{=__BycSbUhEMbJY-S_&s^QYd7$4$IchzR_m4^bcns@m&V=}^MDuG z}*0iT@*tzpJo`VH01tbStO5$b2YdQBmg02w+O$lRvDt@yG zr>O=^Z}E_3sgCze= zM_!>MU?U-fVX@V=Nn<0qijlg`r}N^PHv9hySI5=7ai!V=AaQM)?z$|ba2seQa-PLi zZ2(rae}?9}6y^a~&Qf8t9=ro}o-0quPQU@eWe^BPprMAq?DLy{SBUra{B^yCdGbi! zmpC6}NN#A5^I>>=kBH*gW=F>%u?5?%afU3EC&9J~9|dh>?Z0wekqv|z^U7fplt?^g z4Teyy723!2VilY#(8?;K{P{UuTo#vXLL0|Zy202eh61XP1BI4)IIbm;hGt^~io zu$J6Nx(n}@aEpLfq=7Dp|5NnRBqh}yHBC=|UCntT8MMM#Tc z?gbM;k;NEV@u@+HVUB+HY<9C$r5tJ0p*FU}IWC;2jf$B5QWH_%wYMX8pcJrY>Z5P@ zA?4hfMR?k^X_Hmsh7prHilg>;N&Y%>n!1*8n1l`foGAE95o0a^qtvLp{s4s}+4S3= z%|jLcQ0~4~#!l|kgYB5ri8@`gz?0oP8_IC{hPwTkjDGjMhRpY98ActfEu{WZY|#*1 zEAY`v$Pw$qnq}GRC#?5PuB5O==l4s#pfSQDi@c8Evrk+=u}b-7bk+z9mccz(1}@}x zPh(jHpjV(~p|ef8yDyO1BJ`w#&N;p_upBRtO17PGgbWie^f{VyIlk!a`E@Z2{^nz$ zk^5q0dTqKa&h9()Y&}B}%Lix@S^-ajL^0?G{&TwFvZ6OKmxF2JHcyz*la@e;iV%fN75i$znEaVs$zJcDnZb%vPyiRU616bBVK)*X0A z3Pg*HKr#<=5sGU|mHp%P6Nvs<6n;`ENH!p2mP^n=BO#8+fJC?&X@sN`9`gRUcQMx3 zCHFl5VB~gZ<-?7{Qqjz6x`%d&?pZv)8AIGtsj4ub0SW1d6gT4I(S6*w6I}7O9}uCt z%Wl1618d0B5)$Q|r;e1gib#%W!kf;|JvMxZK3TH?T>&(Dr4nnhv9$xWd>9EPk5$e)E*p)0&2r@57@=53QDeeO?!B0Z@7fV|NVx(r( zyc*SATnqHC{O2&FWVX<&EbKR#{*jG`j0qHI%od833u~Uewbh3Be^O~M7YWj#<2coH z3;3f6HGXhz@qowobR$CcBNza_$13_o$TQjf;EDT_IU(#L^o>vTRY0mghLGl`tzi@A z4^eR*s4$tqb|c2W`PT~fjs1|?#^(7F=AHE1-$N47f1iLE_As~*vq_Dx{-yE_MJVc{ z2xk8)4Tyv3MDKlsBzv4!(ZO=A@yb}R{-4=b!OerBoR_E#L-4_WmYoK^6qYwANUon= zmcJy z4nh|?cPcyrTZcA77<3k?R$6{QW#BTzn}fnQRBHV%r4}prRG9()&kllYBA7;s%$u85 zzrPc0wURJDS^KPSZv7)2Y+U$eG|#2)dm(N$1RRGGGnFk9tYcFz_Sd>vc@i8oZS5Gu zA(kj06!YQU2#cLj%HDkOe_LodENHGUhUqQ&#H80+R4Cs2?=0#BA0ZiZYr?(n6Zl~6 zoE{$tc`RzPn<1V6j_c33THC>CSCtQG|Bs;zaL|x1*uZqRzv5HzB|*m3x=t$RLd9d4 zjoJa=3kdrB(nxvMrSU02=PM%P=Ul@}C%dGebqVQs6S8PQ3oZq6Lr=t~`wM-_s2>lI z!Jd}DAh7Z`?j(wN{j&22L@K;_Vsdd`59LSMs34L&- zBNiczbTOS${1)A{sH(I%2Dvo;?D+Rtn>fU;8IND(r{eDPwJKRP?;V z(5txw-Q(}=!>j?C!!bGiCN)mBG{}--dyHnf?vlI?M8@ZCtDA&WRpN;IZB5<-8WQYf z^7gdS#aP6MbGNcJwg_oGt-H4f=*~$XP zVOPhLpu70IlT&fC(2Np45IqN%k-oq2CSRO;zNkQ7jt+fy8vSqcPc}>bt7+x0p+OtX zaD8)-xI^gsF#PU%&y|V9_xW)Hvey{jI}uS=${sG}s@(+cW2JhT-tq`)fw#CMbIzj` zR{>b&Uuy=a*|i23yP10&1g#9onmR5klksybzxC$9?D(T@d8U`&pe!9BoCVjwfcKRG zTWA=6>3HrDR!q|}y2;yH;W?Dwrz0m{5Gqvtsq)EC;Cf;Oa#%lVi#c=y0|Cj*J*ni) z(6<%MBy09-s=1tU{&tzP|KZMHgRlD>FE!B6(^8R_=KGYP9rL-UvwqY}JpZ8OCX?yj z=$H_GItZX~k z(I=wt>X~c)Hfphw{{IQF#>x9F>4wc1hJg^?$4M)?S9F|k zhI6oW7a7JXN+qiS#;-xC}ooJ8~Jcp8R_oHWF(nE4W0_qW&d{U>9I&BcAYW z|6yHWGPwYgD%YVKO8v<&Xn3JdAYZ3@r2X}2LmiL?$6bUiKmKJB=5%|2(%Gh7LSwoEv6^&%exs3-r3b*piU*zhlV0kaOvRKKzx{ z;^oAkHfU2#@%`^O38@t((0DRYt8&@UJQ`w<`)jna?ehfKfM4zd0*mw==Oy)qX?cOT z$n}nS(orQ^)Bh6@UD?$723WV27{JhkILNo9@DNY(V=8{W^@inN4e7IR#I4 z9?-#v_x+;L>%3?NN&OAJT`+=lL8uuLAMFFl1)}B1$6Vm;5WBrq79EVYDhQZbw6dAk zF*b1>Cu#-F(lb~A1~Nm!7?uZsbYc?Y3j7Wdi628m2h zzs&R^xOd}0?mFns?1bS8LC6FQ$|s3IvKS=3g)!FzpEdh#7nGd1Y5wO0px`q#ber$F z2uWU_bq7e?BLx;uy-&!Pk)57=u=e1^s$U(S^9f+kA{=etkg$eo(krgDRdG z5$zv6AvhH~wC!@BFbYCNsfjlYw#$`^qmA{ z?q6Wcvax#qp$zk0f&v$mlw=MJ#G8|^t)nJAj}RjC7;N)Orq3?hwX1$%RQgbR6@!ww zg|rciHke~HF6fKmWB{*x6ztmv&;fIFq0NVE<0=|=XJvgRt2R>*HEdXmivS8uUWwaA zGvKm$IM6HyExZ?wmy<^U6_C%!o31Uv$Qhi6JYN`NUyLdSShf?PVme|NSn*v+MYXHp zXdvvT8!V=vFTyN%Y~g6Pem~0Ta0fa}KV!BPA>88Zh)N*X1W5y~SR2rMGiZqdCQrGt z#_)MRJ;a1{h$oYE0#8w7Y;u)aB&5h%Hw=PZixDG7zN#K%={!}PJI6-CjRe%e!4jKM zT40H-Q7KateBM z^P;SMk$5=`v2T)-mXSHQoiu1v7|#EHMtLFE1gci>;tr7idgY`aim&PBsjvV;{{&g6 z(C%iD?3KfC#*S2>G%^or4H#LKqT@@9s?SnL-vLexzSs$-GuRpgE zSac4MAd+C&cR@{o`e6>1b?D#qDKW#ZE*2fD0Q1;?1@_wNpGRgR!NU;b-Vt~E86Sd$ z--Q@@5f>Q}0MDJj#Kz>mlhEpqL3~xP|B{xHsLp4C3`gjJt607 zko^V&G6#x7J?*_I*e5AS9|7{d39wJNNQN_*dzKkizR<{!(96fMc|$CLFY&d+NcV1U zdXe|RpJY_c89%sp1y=`a`n@xFI>;W}!Mhq#0hm}G2^4RMSu$h;n-G8nKZOmtWNvf@ z9&al9&ZpV10lL^4wTc5@h`~?j0}1JEfi~f!c(7jFf;__suhOWJg2HgCQ1(Q%?pXq{ z1Qi5igC)VRpx^1aEF>3kZJ`DJyM4?SY}OYjXP^RKLlZgDD!puI zk+)JFE$5^d99$3QnqmrsGAIuW{W%R5V`@tn^~ zJg#kK%236I&^3BNE=TmOH*k(gsVtZNDRW5Mk!f?lEj&J@S$OY3GQ3_y6^ObyxVgTK zRo*06?9)JerLAM#f)AJ8S;&?2-sF{;4ob|+`%Dc#5LWQu&r#V!!;BDe~7>jS%CV8^sHR$ylQpr)kEK3G-f#I3pAit z7Z$MeYywYu<6UqPX=JIyy4>KQRpIugKEKBcfecHc%m+Q451fvQg$pcOTtQZ{zjL-+ zTz*LlUkc&4Q(%!Db`3}3j00ytcjWc07PvS-<(%MYy9L7YBPnq5dkJQEL5<25EZ5UJ za9`+Q5Fe0rbq%hLP(*Bfv&s4dJ0^L|Gu#{Xh1J}D zH<@%9uY-p!gINtIB1`>6!39Fs z_C*@}8qlvfscBZij7VI1oGdG8l{QoPJ9tfDH=Xa+h5eL&m2=@J%#1AhC?~MUFUQ~CgolF`neL8y3jZ^(1R~Q&H zJ>uHw0V6ySwwnu3<-EK|$@8@Rg=~q<{_%F-kd#P)WICgE;8&Uv2GCZ5w(;6a`mOF! z7Oz&yGh86niFj#ok8uWk3`r1RU(FgyMOdX`c4A1Dyzj(y0dJK3kjP*wgM`a;OLiGG zBy;{~y-64ASsbVrCYQ-IlngWC9w2x~f+KZ2T=WHK$6b;nkA*@ik?}kT!fCkR!f(ZZ z*+90~j-n&`@pzZG#(7Gg)%R!2`Qyc&;J^}8$y>t;i>oC!Q+C;cQ#s;$!py}YBEUBB zGI6y<*#AMh?a?sKB>GO?RAHjM^0`kq0(>H9^X)b z9QKOJv@EFB3(0aAEX>)8GJ-Xj;n_ZS|L9FJaDD$5GoUI(2O0fb+ajUmX&06)6|8tB zbRI^S0sg!;YX9b&5NefcD=5O7bh;7ae8vLpTsOu10kruHli zsaisyYN4P=Q|=*E$&k46L1x}K<2(oYeZ*5!_1*R@78E$V{kWGwrewYfzX?Suh>o|< zAy@hPbGR~0O377F-D145&x^qS)ws?Mc#uV+!}q9d@8}C2qk1fvP6rJ!5PXM1Fsc}L z0ULTV>dk14{ZN;)1S1=Q=~a+tNEGRIllser(wl4PBXCIus;oUbZex3L43hiEz?1#I zDiZ#ynEr~}a5Ll+EC2;(1p1{al+M>Y> z9?jRFLAoc6K?_eM!g)E(#(0CEw0(%A9X1d8G$2HW*N)-+KdRu^yaST-X4hR5(ATSQ z-%d@Fssc(5clT?rSuupG%d-uj-f`zRk5`wbOW)V$oB=Q`7Y#*sr{Tk@ z`eC+sc%>9#S~-N*%IFN{samZre12{KXFFJH8oa)vN&`K+zy>N4(Tin2p`L=b1|@*u zQw`if?C_o?q1*3K$z`|O!V}@WTgY2{kg_b_yUuj5IWQ1$Yap&7cs~a}APYSxGbA}c z*NPXNdY}tgn>9{)FO`5=K+c8e{r>=SgRdimYo`li0|R2c2L44g7y~O0df(jEC#5|n z417P5?{3~Lywu;v^pz%)Twnk_GZ_jY&Uy`Jde6yY4s>o36+0|eTTDE$47ozhjGqS! zS>DAQs8V>d);-spiQrU_0X6G(AgirkS%H7mp~C$MRu(r9ri#oO>vxui)b&dYS!7T5 zbEUR>gw-ZM!o7%3$)k;d@A?Zk(Zdoj@y^{}8Rlir1WM~ER5dE4#&45cMC}HzAr%`^ z#Fm&hn`KNv>!d2Y?^jg=RAXz>ku#tIg z>L~|WKLxh(TbVeA)@k$R7ci%UmGcsX%6tiZ(sEYz(dFs;236(`JPVMMDh?hVY->jV zM}Q}Vv2PK}I0tW9(VITMab7?#DB%Q%6tBl{S_$!6gEG=i6zz2!p}Swd^=;Gz@x&qUQc2R&y! zg&7ik?GGNN{4dpgbx>9NyEot_50XlVgtQ0>qJVTtsDN}y3W79%g0}m%;Xd40h(E4rL?|o01jPQJ z9HBRTe7Bo#q1o+6|LJeBPyb-4NOlaVU~$0E({7obO4A)<`oc-~UKfm_Ec60}z7q|E zEF@Nc;NeA9R@r z??quvcY{KgTmzft8jEpcC14E!a$dqnYt10)mPWOCY7~;;2!__k8W5*RE!=CGGzOq7 zukc>$mC2(p5{&-V-F5bnCuL=*f&>HTn~OSwFta^A9BIOkgTC8^qYY-!WB zhIssd>D;?leSu-gXfX7|y&7Dhh(mq~=sH>65;BTHaqMu>B4J+`&~Hl(!JPUq8pKRW zyc>~Q_7xxbY9g--84Q0OzOFJ{ zQ)PD-^bnjeIu4704pR68%C{rhNFPi#-A8`Enc0nW;V%3C%MHj=?xo^gr?< z(24M>vo?-k0+Y!(qT91Ma+wY9Oc6DRvS@7pZ!6>!RLm+5Jm|3+UB~2;7={-MJ%k~5 ze@EnT?Sq_8>`P9A^GyAb01=8(x~HGi`;$4@i9vzQo|O2I6_ATUSWDc>&+BFXIynf7 zwrLv)k+)5mp!F4;NDjYXjLDC>=XKn_bY?#Qa>!n*xiQY(zDqA}3{rRsYU-H^54LRS zgt%a^T3p65jlw4w*Tqym!ZB;o2nAJ?il|5`Z6;A-M}RBE<~i(=53A;amE6ogt1+JL5%45iJoOCL8haJFyvZ2o}3h3rr2M96K!yBw0LD?W9 zC4WU7B%V>BOM|{J;9(;?weVqXEMC9@WCLAPY+M%*5+*h?yWsMwTko*mCR5Z}GBA@C zH4{jv`Tza;2#=U1thHsd0y4CD*IXV8)ou`|vy!3zB46yH3%K-e-B3vGrEP_X`O|Ba zQ>cYRe@TR4zE}+JN_W&{{rxUU8}dyE&A16GP%O9Z`EnHywS9vx7qH}j3m4+Ud85N~ zfotKf7{^X%SG2lL$iewPMUoHC<2@1|D8Fq_MkmF5l?iE#UcBvt-~zYFVPG>^YzQBe z{98?wWC#JWEJC1Ko;Xa_+JC()HX%yJ0(W6}E?2ki(L!fR;3o-M=PdX&f2jZaiq7;O zl=H#Yw#ofq%`U##!mJCj@Lb5qbnXVGD4u zA5RTQ-xr(*L6Hgq=oZN#o6tU>`A+rr*W_2Br&mG80!nKPDfB}d7-@q~bZ>oO~?0666%~7@3SLX=CmL6V5*#s<%58O*QkA0vcLNJWe z){42m16Uq3;Ir8PZHNcSq{2XfQ32*T)QebgZx3Xh0Sk|8=mg-_NZs6 z2W5$cytEGhMsaqDu7*==K;YhU>T=0>rg&s`d5XAOaksS>3 zfRBTNmF^`7A%`U<`ySo8j9BGI#*_po`g!wxLLrNwyAwU~gf`|IP&o zpkIrm0`cBJ2Ff__d2wfet;>gbt^yX>S&!v0|Cr8EK9(L|K~dXlHi-xO8#S6KD7)_1 zPl)Au2c6sGingyeL$wQ9BR>0P*Ka!N;ClM+3&?IP?q5<=Q z`BgK%4JpaE=zN>oza^BHy$a=_bg#?wzg|I-P%XK)`*HM%mi;q@7-O zN0Y4&VpUH`hw`Y;JZN-AqkIbGOZ{1h-Pn9lBi{A3yvAd*q)*>)JaRHbeCS@H1X}ZS z60j~WIuzCXY@)lJEo!g~Sg00bc$VW!;J8+N4>o*bA;j(vm8ywiMtAp?d>^Bv8(_P6 zpy7)K<)IREXj9;biiQq>h$`p!IYR?LJ6Mr-4xY*_(MM$L6(f}D>?0(>ej-@BJpPRV zWP2!Uw{hpWgu!yPwDkJ2`LlxE_q0!mDYwVDYl+;=MhMPu0L*2B>uebq0gnZ!GIhJx zfJP-7rP&-Lv9cZ)xI`eT^)<7^q>-%iZuZkL}jWucKdh0|hlxWp>dhQah} z->8*-?XW(aVu2)un1s|t=n-x{ra*R}-$UITj7Rzf*DT5Z6pecz5f;D6nfUj$P86VY z9=6gC{(LUeO>`WYmhivF@qpI@)|7g(e|X1Jz{Zi%Dp~w}J-|}CGyCcjd+Bd+#4ZJz z{ym@IE7pSU*FLAt7M(_+5Vk1e(>iy|`@wurKi@d_5)SVdNI3S&8WdW@kj{xO^S}yW z@#r41fFlZ6^Cn&SbHqBB5C6aT|4f$&5#9>?COaVS4lJ;GkstS+>7?hgf5$dK0>i2X z;#|X?2F3ZU6Ao2->!W4O{d@Lf7+CoR1QVzLaIAm}_HKL(-tEVMOiGH-L3~Sb9f<)= z07!doiN?7NgVpn2bq#bq@!%v1Yx@@a-(pgSsyqe%HbgH&}2pkwa}SrgwwGaV}p=VKaJcnV2?oP#?-c#Ie{uWE&vm9}2bB~=IqZABq5m<^D1yW#9_#1XuT@z62uT%bME zN2|be3dhX{i;DI9|5ZDPJi;Ow=O%F=krPXnKH5*?YJH5 z7XeFx?U37r;S(6nUjvr-dVuoA36|SFtTz@_Q--PmZ^mOh^R>7Ree}l|7D6~R>3kwMwI`tZQ-~s zkgS?OAkm!L0Q375WNjDKx;4pTIU@dF7~7F_7yb#3PrJJDO4{#;}kdGab4IY8~l)&Z$ zL}GmuoNIG+i~<21=dXG3He{J^?MqI9xa@U3mCJ{^ ztq=#U>ApkiJzU};R9B8U>V;VRO z@I!t9BacZ51PRU$%k_vo@b}X=D!h<^0)mL_+eEe6zcIVz-!rfRlem8Zl?TrXL_LP8 zG+pLPkOAqktSVI|*ypu9fA{5^zx#5@`65-aEjy4sj^zXsxPI@Id($05)rSEV6+zc8 z)cFpgNMr$YFdu&FA}q2VVHI#sm}$Rt_0}_esUc+42bzh6tR&yFBZV)|BqXl z@&~@2w{Vus9ya})u^82xzbH+R-bmFb7cLc}Z+ZUW{kvTJ>T&UjRJSdUab+{}a6%na z(`C-W9h5HCxDa2K|IKN7)w9XHYGd7K$@}2bf$!+(>ejOFW9LrK&W$G<-kt89&Ykq> zB#sih%Yj@g@B{oaJ;HZzw8R6Nmyhj{dDtiQ{Z|bvEOPE18>8z6W*a5%HTh>UdQl)x zE?o6K<$wt4AA-HB%-{Gm^eTV5$yt|uar{sAsJAfM@AFn6*cn)FWCHBG z@GVel-iE-{>{{A@j9*_KRsq-leewjkyL3^m=UOb^~EIZcg zM&+?ennm{z%Ck?$dnaAcuf~KObHVJB%r~RpTookNv0haH5H(a664D+Ii1aIFj2{?q*Il8i^H|V`2T@<^=FiF1g+<4r(rk^Fg089hWw+VD z>FR3K`qRtDj)ZK?hf~6wb=cII>C7Vs~?tr(I|v4 zQ*2(^PSX-?JJf5E5#wmA)#cuLbZF^gO2g#N9?|>BEpUj^@e-)^;Af`lDjoj5eiUgL zq?U~(pHY7S{Th>`9AmhL#p%Nd2}j8;cQ+vln`rR}P>Eb?x=dky5RfwIWL1^8tjBfl>ctfW^KkXw4r%E}7jDzU3Z zAazp=ItI_z4xvIwY5|+u2$C!EcbH*Nl=v%^{-QnC*3-`v0PD$uGUe2FO|S(jS<9I; zjPRY=w1o+%2pbWSxf{YPEHY0^0EEfyvI3h`pO$U%(e<4VEK!zv>0gB2Qv(ar8h@Gv znzh(ZhMqiMovTKxYy`bUTiTZLq6RJ07;tdKW;oW5Dea;Nbg(Arg!4V0?fKveK^afI ze)uY~3cx-i#-JzM@ zHFq6D6^~Nx9vk_b1{v&t@;EGe*+6g>LkrOz<9^WyrSi5G!g+3=1$BDu}9o zmhw96*N^>AAequ!K^UdJebq&MpJCgRj^bNWlx14p%XRo_6%Ho;xLBjFE8{D-Q>V=n z12$h~U0+lEfjr<`vyefd0I?G#ADcl=!vg@2Hvc|=LG=Qgz@^*(T9K1?No_?CTgPR4 zW9b~2Itq{wbNf{LD4WIiA&jB-y5^l8(*f_-#wnBD8LM^SWz0~PIsh%oA z8LhlegHm~}?xeH!Kk0?gg{f4}#Tb|e^WG4%k3l@_4QLBvcnI6;)8m$5rfI$S$slvp z4AFTI&Y@x4TjI30{;BQh!R{@wpmW&MeUKwzZNDlQMF{+G?Uq}{QC&1u?tWMCRdYUj zSymMfNT=@ajC4)=O?{WUeN;!aZ@4_n(S5FQ+6r1JWwzS>Fahib6sa4*61!3m%i9W< z-l&csAFyd*J((n$@x9H-sKJ1yFYG09M74xJ?xMbMXY{~uIWhngaLLkK?;TbL3kk-D z&o(=-fphk@&`%XZZnkZv>W1H65~2wK9jx`rJwbI&{7S^ZMIoE|R}_?GAu$GmW} zy$5t}$q`Kt)wdDLMUdc#=b&`e^^?wX(14Ox`q|YDoqIpIQPj*pd6mQXYz6S-NWgJ) z`*F>#oX6U1db27k@5l5&$xD|o%jwcL_Q61-OkbByq%Ky7Q)V};H%G68-6yHqo$$4c z!k$j*8J2C9WlzQmM8hh=YK%LrSsDW}uU2UPT!@HlkFx7*k{DmGfccFFf#pbjIQ7K2 zGY0&gS742pf*9p!SZ@f$-`j;|Uwd1RKTebB{({K4FrDCV zNN$p*i%BU0dwOBsjIYWsk1b)iC$S{(ULm>kkPhs5Ww7S=k>U|y4wc@ewIDS z7)tmRK$*VbNyBCSx>;2tb~mXd9a4E0o`T?$MCOh&M5k0x*uo`mYHM%rcLQB?&nlR= zzHjlA4`s~2GvEFQHPq`K0QjfOL1i1T1~sKq{kj*OcX;*kT z`IXUD7+VTF(#as3X{NZ4!wV_|&CdE@(kPm0&>WsXU*|+V9E6>Rr^5?okiiMKJc{*i z<~~OW^g@EfwT$8Wddl6lHmKh*(Y1tdO@J_mq%b`vx>eIQhs&B zc_&)cy#2$6?p>xEXE@b8Jl-1GLsm_2^6_%*A0*dR^z|$*EdcLtj$tURK^(ybO#M# zk`#*J{REqs*w8l3GT`)GVtra2pTu2%F=@*9U`PK7(mIssHzNNFwWtId*l! z?#;sMul?r{+wg++i+7amiqKIVvoS}~HsY6DWSiD^U|+AfzQ|uu&C5#!hD(J^y8d#c z6J_r|?-XjhucN8PfZJZYu5aXi{StWoJ}O~d!QMBy7eOwXbBqZ@&1CI~GnWek2uV5$ z{p#-64? zJF8o6YCYF_b(?hkQ}t(6qWCFRByzTK`S`~9me>Ihhf~0`3@D!%_-Yo)j+xd7F|x(1 zHjoKLyv0q?CeXr@#8r-<33g9gifBs&76t(91$78C4|TJKz+la6MRCsJFa<_(K)FH z<6J=2UIbG}y-8r^9SK8_0$4lz7G3+{*`p;cjR<8>$naf-f z`vfTR`A>8(oAZ#2i{`&tBHTSX^j=`g_rz>>6{ID31h}uL29OLxCi?T$?)1f(>7<2j z_rAh~7Q`jj8%d;Y2r?@6Oqy?ksF#IQY%N-Jb1aa&J2F%_Bke$5`SJzFWUTpW_s+ z)1Atzw*>nBq&r;_2VOViuy3&loziWY69^EMt{hnxka*ok_z(3rS)7F1fe%SCRfH~h z;2yyhLeaYHt)$T%D<3Q+kT&%N|=nd$J4bhu>3H1 zS1s4Ap<3r>gUROxvf3f$9L=$gaN+yk>693JXn4Q9#T}pzq4#Gij;MHQ9d)i^49B*H z#*vwH{Hi1*(sVeK8*q1?b_mV54doi(1w4^zn^KQYH zG+(;xgYdW5zj1|v+vxolS8m&S0-mJWN+Nvvmj&yQ`#+`jpi-VKs9aHMr_-)@dh1&0 zxJT1sp{O!3Hm9qXD%umrdEm1+ttowJ_oJZzb1Areo*EXn4O0wW9_o7CJX>pO1gX3A zTdh1`885bT3H!B_GUpon&kw$nCw`8YdNc`t@X$3j!VxksEw$qj+)Sp8hJi-7u7^tc z+RV3KRZS$RNE2Vfq{H}rfpFqx!?Qr0HiACU98u$SKj*aLn`ca(KZuneWbFuHa4X_x zm>%n~4%Q_}RvK$;WEgNr2>gEZovawxSouETdF=D1*R8I@W(~chnD%nZsaf25M-GlE zx2b<{IBI~rn)SFH`Q9}DQN`;IX>a^4F6&=c5fIG~eH z(Misw@eu_qZgd2fVG%J99jO`waxO1aFn;TthVY2>vR>nT&dsq}jgxln5rPa|&X=)9 zKKzREG}Z`C`M!L;$%3DTelpM;myydR{zx0C=;C;ne@&uahthI$%vf~r+^nQD#mCDw zK9x0_g=j~+fNys=@xQS8j6>LN?VFj@xrq19p+ehJ&Fg}}b9=meqmi+{j*m5U z>4nkOE#XkM===0oPAdeQ6(=uuv`pe0=Xf|sLVI3TTW;(enVMRZ-{|^`t4E&vg)OJ> z<6H^*g?+~af_2t0XYje1eRlnslI`q#27R1lmfVK2PV_K#QAHij_7qZBTK{mXG*wpW zkImt{nJ;b|dhGs$lz{c)NpJD77G?kyq9xTRYxD2wWDo~iyj*Jjz~KB#Ck4Z{G{Sc- z@1OVWjaOmrw9p{_9mATZf;H{1BOgDu8GeJV=m#N5+j3>sgKvI$Dtu*1l5$V=)*FWq z=pmU;P>Vl%pU$q^_l;6WjQV}7nOXIm=Ly#jF&B!Er!c+lw$uCt2Gs7u>sF29{D0$Z ze^RDpL_MW7L+6J+uaztE%CkA(IbG)<5~p{$}ke(8BA}>YDAGe;CgO6*z4l zi}1hcJ*Q>hwfXZf+P?w2n}n)8&0XPqe;7|DNQdotc2$!v^KklRC6j=OdNYylZ`yAb zvA@CIb<|QlyDF8~Q_1326KNja@(zDRv6>tu@i#1OBrVjH{~$Dw4z-N(59DOFVh=XD zse#4jh*^Zjpn)y5HXhh1ZpinzGDewjCxh^U?H3K?)oU~R%-~f=Gb_7m6D5V4XeP&~ zVa)y4Gnz#KOzAT8@RSLp7TsU{DZ$tumW!+MsrbXDM`^QC7TiB@X0*Sq3Ak!u819 zWIQa2Bqy!5U_B5N8lzVC(N0yV}`& z2v`K{v_KuEHu9D3xaTR{5pM3t777B%TJUNFHs!8{T+ zI{pOzq)5m`Z_EKSQr}=ne?-BiqyS)WHjJi_b601hSPjBZj{-=!LZN_zVDfZ6fM+z$ zx$}~I+R*Y4NM|l>WMo%abetG2u7JRf+rOGdsS2l;&>jOFqp$&vQ?GM!vm>9{_T4Wg z^Ph{4U~!oQq?n)5GiCW4&dATJ=lP^tkkkcx=-2@I~YXqb9;bZoeAbhb(2<>*t>(m zjSQpWb9i>Zk5Ov3+zy*tY9XsAaE5(eWA2pzbw41vs&88Hi>;d&vLi5zJF zt3)Kld5uR!siHfW$%Mzes)KPR#eOk+<(W9u^W!?d(|nD>P;EA3B;~;1n#7(kF?2pk(8!JTcvZ4^ z6s%0j!q{G)JB22Rok0Vj$)Fkr7|8`V?cPew0>fdH3H4lKmw1N9?d6u=gr6GXMxU^z z&Hr

n2L|QNjuH0gY?``98dz!+rP4sz-~>n0h2UJ|yt@5G3@|T*xn29kD-R9|CCI9twHC4;H|uCd8~Rv$ z1i0gpqA{5ZL|$$I!iAh?9>Ym}j=j0pSuQTv4^>>h*3HW|X$1PVY;dwU0R*Q6?qQ6D zdxA}U_R*+2SIvxDYn4!7UZqVJ%iiTHaQnecp?sd#B-4k9_pvqzT46?A8mgI2vR>8V00Sy@-%Q0`L7Ra6 z((r}bZ1IWwl|DS#t(R%aLo=YMzMEson@yh2VC%I*7y1?M$%`p{$|4Mf<<@lJMiO$xC-czcN^$OG@a?3J(6b$buiqzR`N zdk7_ik1UJ>v>A_pU-wg@ZXTCDi@xnES-|_0k!>|O__lavyp=AG0Z>V+%sG2jyXC%R z@%l%&ts_b=x1`;KCv|V{LgiIBfde;k9AJRC8NqQ>`w;jl3jtVX5vsrP-BpNV+zh`c z3&mvnKg4F71ySRygix%BRf7K3OL#IB_t9Y5Npx}p03HqiG_->usp~%Bdy{*SJ(i`V zd|`5KqFt>J5;vc&)A;6A7sJen%RyQh+4l88JB=Y;09dSm#au*cY#HxanWfdI7uqVT z)v!czU%d}wdKlabCsrkIgUd)hA7Gv-GR zoj8S{4z4PdYf3tc4&3Ut`Xi;L!mjMtZojd6Md>lvr{j7vw~)9lQfNXsRd43;>{xPe zn0UWi{7|Pi_*@-;PnNxXeI0PR?EuAE!5%p{aWOIJEuSxa1fuzQ;4pX|uK`xtA#t+e z$tf%>95+Q-DUE|Im8u$`d{bubv(QiX^NkWeyU@NWe}%3y3@Ud2EtAND4#Cm(>G0qk z2b_6GoZA+uRV3+*xXU1_w=J;b5K?j;0?E|D^e85`olqdJ`*Rnr2Tgw;Y65~fr-k={zlyfOERWx(D8w-jvNrt5Zvf@F-*aRyT&H&wM4sOv8lGzq$i7_aN|&5s zMhmxh^_PglegVeNKCSZ$kn_3blSB-R>#&UVv`A-_l3PNn^<$l6MqKDYUGgZ`m7xQ` zOkqiN>E9w9`Pn7DWAl0^rnlUk^x15Txac;BmD0j0prYX^J83azNASWTaKV`5Srt5` zb74o4UCT3q9}BnQ&Rh{ap^7rAz9z+=u$5>3_f$}T34aRks0DIq;19X9bq`AmyVmsx-HtJ33JiH40FuiB z1<_X4y*Fp@surD_qlyljW##kOZj)w-lW9_cS-^rh0SNkI@t)w2L%m|Bu9IkL&dyXW t{`B9d77A&U7VZb{!qJ#((6j~HnNeK-%)Zb~CNyMLr_wfZ6Ib^eZ5npA9(WRnkv0@}@nx)!0 zf;6vg_@mLt5TeTB#2`4yzqU$=OGYp4&il*s(vl-A8W)XAhMxBQR#^XS*Y~7vrzzd4 z(rM_O@zCBorxj;c-pDVr1Wbgqs26`<2xQjoykxnG9fk7u&zDY|u_rRh~JfX_t#|MQt`Kc<G$S()49>g@OyT0UJI2b91^yU{%mO~_LA@D+atkfKeEk+0*|Ngl3r)sM6y?)go{-yGX8YgKBFP2-_ z2zgq|Qs%AtB|4S&di={1H6IH!_J04!E_5skC-eLKima-1 zjFnr*=Weu9K9y%478= z{WzJCo5a_gWBKico}t?o2MZ}rb96qK$ua2^3I!E#iMefviyqDqy)&pOqm7``EYOJI zG8VP|QI`9Ayh@pjtK#v9mRQ5=oAZ;rm>T6bq8^E6WS762tUR_@`AGPrjxp!Ft!n*z z)%aZP+)B`CLF1ggT6_AuSvaZx*Oxqe!Og~u)tRx}U{+c`@6#i9Ny*d3lP&qC#ax-_ zdsKa~%#jYBFs}5$cj}ZQE5bXD3*E`>H4PrSYKyrF$ph*I8mtv-&;P(q2;1&U6`W;N z$q+B9=dp~S3NdyMi4-F&WV2K4K&CERhyIG?1J ztOi@cei30-PQTR~{#2im?6nq!fZgvZj-O<&`5(WHuZ*2a#uT;mic) z$D3bhC>IYuMyyXYl`M>!_?^KUyxu2nvnMZ!m?>5}j_1C{+E8vw7iyOzNWCIuWgqVC z_+>Ire(O=x$Y$Q(nwI=f_jw_toDj@C*~x5^`K}IxGEcihZ^>{?ulFW9Cz??RaH7YiU^o z)!ny81Jf-5maD_>ZM;d8u~Y9j+%x&QWKryNZ~W*JzLWDmqt6k2D z`e%P$ZyhMSz9sttkCKV2>7;Corl8StcSW=R^e8vcNUfgJpqlpkTSfIJw2^lAJ97Gh zRHE>PMRe#s2fwQomqZ)Vrr9@S$_X?1JG}=AX+oMWG1spbqrZXuR^WBKzn-XVN~N>>#O9-C*BSn z&bFJ|KU{o6c}yehHZ7aTnMT3$srA9pcApqt7yd9W$L%x|mq*FJOLGFEF)bH6qVLD! zb{!7n%IjV4YxFu6E~SfB=1y>K^gIl6DluxXnfv(U2d{Df2A=TKhTQ~H-Q;9EDxtwU z`;!gNF+TEIc3wLsvXRB?YJMWyw9$(D;I6omlaS9@J+u4P+=?5_X-}}Q$n!moW7CH0 zGi>X}C6^T`&D+CxEcD7OUM`1x$-XH+xErf1x+(M`TxEAYTRM`0w?%ET+97)}QtV7+ zetoQ>%W1xogiE*abWeZwL?Qr#{L8OT#AKf}jp@z5%XxNj@Ap-o<*6!o9(jL_VI;wH z+t?6$OEhY&e0^-I+3yne%6$jjftEAnQ5WNHyH49Ne&!Na`Zf-57UaB$9+XkzpFKU} zif7Z5+qmm>RL-GOD*kM3f;C0psTL`5Z|kE$V~?GF>F}SWg9I+&hYa1?H%zHWvDA8A z^P_L83Q1JLeMxD#box@aoe_VA}MGLJBnvje{i<_=DefQb{x@S5^~?|Wb?~VwpLO}Uku|b zQu=9LQH7rE-+n8rB^hmT1ls2>m8ZU(QwmG#Jv)h94y-0?3tDpbaHH7pAr3v3GH@wd zg*tW_+NZ9KE@?k3ab3*-@%4}L62 zyh&ix@FEZR2D@7>Pbn>otjNS9Xqx||`3l!noBpgI($DK~wO)K1+Qw5(rD;jLzgEOH zmybQfFDG+{Y$`5zC2|?>;n02ji2qrWxo!=&ao1_J(#Lj2i{kbmrBlD#G8*x%2UQ`% z?ZP+DtdS8`4l5_eVYW=}Vb`zDc=iuUpHtJ*SUF)oe>EpwTxTS|rivNcy}OmB{Uw|- zL4mgG&Q*D*ngtJ&s2m~;ZNIId#iWv<f~O%-RCQ5eeQM~V&2@q8bUU1+j+v=u<~EE-7+j3klMt zanB4J&yH4Cm`=O-`tqd}c0z=Um8fMHgwwOmRX07PCnQ~jJP%3Go z`thjIVLF<=ewi&P&?9-92mf}$P5p<$S>{)$ahQy~A{sZ%$A#@j8=hCqcn>c!J;PqL zZ}vr9QDvIrH*3Q(mqRJ}Flas79`2!elVJLLp*Gjy?~i?hJ1^2~ZK*pDTioJU+wP-R zER99oHZpJ`B*jVnt5weNC~vc9?XC=|D`e<&d&<IV7TaE1K9|P_pjO0PE>Y?Uw)x zs^Xn=@1Fl%N~0@j+y|*V<}W6RxywJ|laph9FdOl@5t3!#fD>Qd)AJ-<`Llk^j-tav zwL?~Xq;5@nm0LAtv`O;*Qvdy*gBcl{d)$Uvp4$rDho#S=RPrE%cP_s1;S8~e>{49T zf7^>mO1$tOGs-l`EF=57Q=dql_H0Gq=eOU*&NlJ+F>&UfM$`^}A*%CS$_ySX$4H-- z^1n-@MMp?Cv@5)WFLsjgR&ts#Nz|)WZ6Tj8%XKqMIK~hzKPSTrN@9BHi0i7BI;Yr{ z#_fe7GnV%(L>JU}xWX5sTBPtDdEzrMpZd*(aeWs*)cJ$&LJpUGt>Z=u?oJz#GS=I1 z?$S@^-H>jwB1~0cj`2lKTmEF&+Uk`h6S0PH@F6QU^-Z!ukaF&!N>ZK>* zx|+f~*S_69y1p)G{Tu&*IsUr92AZb96Q{f^4YJwHRvVC#Ke?fpeM?arq${t-esrr%Wu!y^47DBD{RMa(^f&T<-W0omiB8r*#G6)mA6XIev&zhOw{Kv z+HN1Ep@Nncy7t= zJ}5leU1etIk~9pcZNagbYHYCRN>HrX-PB^Qo^`&e!@aKEenN}(!o)9u(@?Kr7pK^3 z&>D($qo+NgCC!g8=fdl0aktRLBy}(;g^8zld2;=%;-XCyo6}w)3aRa$xk+q16l}Xm zJB_I&@|L@sVCGo`|5hMJshsL0eWdU&5{VMT_BQjN7kQsKJq0!OH8X-4wuyt2!|m{9p8Ds>FA*}$A_zC*(vtVq zvg2O{;sxL9e7LvK?=LR#*uJ5q0k`lq@(`-Ohoq@rZpRHwmZ9}Sa5uf|P!r~KIz4jP zJ-E6+$}<(}sxuozY#+cEje=brjIxfqSHXYN`dEjT`5(|+8jq4)XZ!hUw~Q|W`PVFp zrZKSh!9wXDkZi(^%4V(az{~gV@sTL;WP%%`fNubfapN@D!Qe1urQY)4Oc#HIb6 zKH36o6_~CCQJ-bPV!n$5qv5f7iw@pGlmN zYN)5H^I~o#dEsaoJCRPMze{m-2xdCF)?HWd;%FJ<(O=(7|B(H=@L8`>;+-`FxY(sH zj{XWq)7R{>+`YIA4di94ELhH8Y!kX(fOWEOL>piNrB(*t(SOfV zPQ=8gcH6WY%#S|eK25vpI(SBA?5S$|M&$YMYQ4%6&-2s$GWYET6^kC>)2r9`ZQ^Xk z;oIb0fLY{UTqe(P+x)dv)pV+etj7*&V(RFUn?Lr67LFa)ET(^aPjPnU3dLk`XN}vY zS?WBn1mjBq3ujApqRvYy@rg~1ubiOpV-$3pi$ZRTh2FGP&EoZjp4E(S%9(nrF_y~5 zWpc|oukWEYou3`^J{je132x5J>38=zKXv_4q+L5Zai9Hw+7Ck+}vL3lzY^u z$-9A~sKl^NODSF0y4>p?>gZ;Z{s%LuuIJy7n96m1GX9qJfZI#!wYobSkTg4?D4Ux) zKdU;T67|%y#W(@< zMhQ%L@|hGWrrcKSO%TLHpS_R5hHc#%Wgc7fat_dcVZ1{ z9HsEq&JJert;Z|hUl(#_SqpP}F^g^T4P9!u>Z$SW`E39fl3h=}oUbvz@ig0!*tx%5 zV%e1-Cy~gZtLCw@G{aa@v;ONf0BtRIpW*lV%dfX)hmvxhk%IqV%2zBOHFZvh3u1x5P&lD2D*T3e!(7 z2C}4ZYh2gUx2_{xq7|7p)2)d*u3FAsQ{0Xqj^inVBtLCsZTKjW`WniT8re-1OA>#{m*Q_Nym>#X+ip`za_ zg*>S3Wsr!SX`z>=3f5^`?1(#2Rwl#e{Hz_1@KiRh;rYH?-LpS&g~X(|b_ei%&F{=d z*Bio=eI$(UjU!s?1^=I^DLj{!ho%G?<4CLlR<$rF&`rnQ{XRTbk#eE zNJoJ!Yf!?g^zkqxZlQei(d&3m7SJT(JUIUxNWD|G58~TZ8>Q3dL?d+Q+fBIgbwEuN z{JgrZQmA$FN2%%kREEB^yUey@<*NH1zQ!`k|0uJZt#9{4TT_-<5;#*Ubr~F?7Ic&x zt9n|pW=+obkl5fHur7Oz&0v0}GSSrYx8q02sI8gou&R34X6YkrH|}8J>}Lj3mkIUU zdEukRqRZksae^dsD#B~#R)z|3&pvcxZ>QX$=^~(ifMu|ewC;I!xMY=1+(hBGy3+;iDDwEfE*VWP0wTs7oP_LsEJ)F0xFoQY2qc)gk?bI) zx;U2GcEjRf*AK6j7D{Bs%iZzP}j`B6;Yoyd96>1D6dV_ zh(KW2GpM$2VZS?d>??Y3yxznfVUnkwacR?Nq%Ld+ws2k)-xWz$OePdI`-w?Y$-aea*(?Dk$ zgP&RFR%tOQr$K(v!)+d&)dhqr8R5jVLN9X$y$yu$w}GDrF^Wn6!9K^vFQmX;dzcfr zN2b%appkhGz2fDmeZ|TSgy#ZHoe>%P$HjUTa=JqHt|{Lkn!C;uAi3JOS0kR?c&9{@ zc#_XPeMjX&C;W9q59+@$S^XamIiJ0!uce?SPn*7Ze{0ufX?6pRZkoht@fGRKP?G-l zeV-g#1F<`Wf`cMxIP`UT?LX0nQ{C0#mQGCy%rm`ef*VOV@lz;MX@dnLW#U_(zh!jX zBI6$?g}1L~btS4pukHj`W&e>$I3c$utBP-5A{24!7A+*gZ5ZFwNKp)6=iF`7=Q zs6|*w$l+IDritm*gUWF22R?W^Jpo?V7=d{v-ch|g$c+~}8kk4*Ew5+0S4bH#x8j|@ zkFIw#%t&#pn^Ak$y2(85mOoQQ4nDOoiyH=yO6wAZmcYWFUvf#tlC7y*m^7YOH=M(S zdstPNuMihKY)n{{RTdZX&V9<8wC}Z;<~q2&d-OrDjrkE{{y2Z;DdV>cUe1!J%AHG6 zD67@D-6bjN<@?H)%K(oQ6ok2(`d|kX{TZ(+bl3LzLiAA?zsz&{+o|Nb^b^#Dt{DQq zJkDY_3IlaHYyICvH7XZ2;u+h<HcHo!>o%*%p zDAG>OPn*t}12FLufQHlM9ikTtYqaW1w{_>le}IWP!ENeJ*GaKvsYAS^Um9cVwW~SL zc~iSMHFQE61rP19Gmfi|Uzkjz>VzJ(h+AOdS4C`fl?~sPmHR4bPg}*QCESu)#qEh> z(zU)B5qO2Kqe!n;nZLBEBGA|yR9Ak7qJDR)ypw)ZXhni1j2y1-6F|$uyKP=q7^bf= zhP%JHasNffQh&ClGlPM6BenpaF!RgaP%E5SIeYz<*M3{U`s4dIEkion^QoK?+$5Pq zWzRpgEmEXYdY~maeJV#}J?@{hC%Z2}kAZ5Z=HwrYE~_t-`I~FOan}QsDNW-SQds1k z$HeJ1QmtKH6LIB*l>2DiKaQB(9$dw4GHF307qCmEh_Wuk$H9tJT%KF!|InDaTeGSA z>wR#NSi2`LhR2K>*ZoqLz~}&>wb2jsTJhY?{nXhym^GiG5!Z?CV7LlQGQ4oVFWgl7 zeBX}C#7!7AvSRwjL*X;TW0qos00Wxh#*^HVp>WD+{ih9#d{(`ekAf~OY?ZU~eS0+I z$vJXg86}ilpa+n4fuLT!5veRDRi<$=5jBtd{!iB-&Qlo;mg847PZ}cpSSF>zYpfB( z$={*W%`_rX7N2`c1ByV3~cFgDbmB`5m!wn>I?3xoz5HESR+n>rQ(N#_f8C z%TB%5WIy!;C8AE#5U#IE*^?RQy7Be3y(9{F8`givKrN&Z*qZF4FTp89X=L>3hzte` z3%r`Bt5KC6yEeOFMdKXl8I&yxM48`qQW-f^-0qv)pk2Bu2XijDL!XJ?QYIdCZDKMc z|8pu;5qCBEW){JA7yZ2rD`z8@~u72eSVh?JQ^S-FNW6v9RkE|H$mzm1iE~6;%L-$T!@!atMJo z9-QAc4}M1~Q}LL5_QL0~^mhn2$CT_|ZHy4V^R|O_`kFjN^>lh5I%;n4Bk2j}OdV5f zbB*x*yYYD~i*=<}iy=^@pS#$5S=KIO~Y#n}dteXV79fSQl z3=iQ?`$Bfi=_py|yO`J}E;HfA)tkShXiMcB)CaHy=9of64Q9^G?KWKnJ1kIA2W5%XXmk^#M-$omte z5x4)|Ck^yCUh2ZO$3dHqDBs?(KmTTDmZl9?zFRMV@w}D>LoZ8gEdH0e^bVy$wlC_L zwEcS97m?Bk;y2Ip4Y&B-1QN)+V6Gx^WQ|it<5HAyD6VDF8@)m!Y9RG%w(y}sv^4GL z9`0U!2mRF=!dYxg1@cEDjm6mM8Gf#)=~#C~wX(JqyJJqjyiU*NuzsxS9(Ms6uc2*_ zPV;DX-%lYjyB)PMQu1`N#|4wfelWE>Kv4A-5*&tHLvz!=My)C3doz9Ng;cnpjqoxW zx~(^nZktADuD_aWUHOczEg`Mn5+e#(*_jG1n!{$oU15m;6g^3|;MwR8OSzPjuT^D( z6Xo^pm;dVp5RgY=UcV?Jaf2@QlKL#~8(d-NfpI8{Irl>olP?f%lz1y(TIN)$5@1V^ zs=i+o@CR2|jUHZrSaCFLW^u+e`)Bnr|L_g>fPWCmaZ48bhmT-L1svP@V^i+$*HH{-NIYg(~pIzBbm3@ zf3;GCUE{gue@bI@x2`l`RAc^Nhc6{GEdNQ2JE0pU`lyU7QV^jLdpek}niIkSB*Uv~ zx|gtP&A(hZ+;2LkTC#6jk8JZMF<#=g8I1DSUC}in{qyIE?jh}!+RQfyzm}~ylcQuy z3{_9=mIP-8R)Vnm#YPPjB%xd}M|5YK8?T1jymy;!QvUgqI(pXS9i!vF)|l=zux95o zoc?$6np@z~sV43ahhMz>2`_*CJS!5pU}gefCGJ)`uuxpQtb>?E_qKX`9RS6+XC1VGsk?&pCwQGy5^1kLWep_wKryJOVkhx`x4Qg^gm@l*H zqjph*vT+Wiw1G-neSUEs-US@wcqMt@eqgYfc=l(E)%BLaz)=+(A0>AwSJ1Q-p-CNA z*o1h@4^_M4TnB-lneAw4X4x+uvdd(rAm_%{oq)2x)r!m20gz`NfYCsWla+3@eP$C! z!=7Q?vzsRADn}icJVZ1x0TPpqO%aqKl0ox$-++gSMhE??A3 z3}9?fYxHzSIwb%#OCiacNa3vzS|0|Te(*S4iOc=q1GWLw?Lg1P-Zb^$qm}?n%ejtd zw9jc8%b+F`vaRG~^*O?R6sKk6VZieXruL8lx_e&J4fv<}%0Hvm#JuYrDLw{(M1eZu$ zh1jESw2Z4zTC+geC}2fWxr-FsVwn^r@i|(xxN+%_5v~dATTH}OvG3u}U!Py$5m>4XjB){C zyfcWJh=?B04=;7yfFpVG3sa>2E~olE>&m4kq!MThS6@MF1_RKKI@c1Rhw+Or*BU5e znfHSkypDD{=dY068IHax9Bl4pBxJA*?9V+ZD$X&EV4#u{;YQ{nu%kp=tq3=%1Sf}l zy0CkW<9w%DiIE7nkU~Pw+C4V`H*1QMEz}fhy)P&ZGE2K<9n(A%v9vW*s9l)<hCI^vOPT}HI76rue!V84U;u|7N8M*W!eAm{F1+B-1D_c3+L5&S-Sf2%?! z{l=(yB)0$8tTaC2UEtrc(`O>~YF`vraa+OinqXBwkcCaE)-c9B0I$*XLo_`J z`qsNrp~Q9%T52I&2KvE@UZedOvP5g5_026$@M3&OE;k>W?>wJY9G!}!r$a7Eyo~?| z+-j!m<{2h<&+ZpTBtk|Ug7z>&H3O;`B0u9)e1;Q-TMEZrp|l|-eu?NVK@FEYWaYz- z61PCozrXjgcWy9zt9N&r75RCC=_Bn+%VQOVVUz-#MllAp z&a6g@%ySk_s@f` z&hIRLe{n4spGGTT6)5j8uW$Sifg~6f23nK74y@~=bgiTfVR$XQp0ixt9*x`mMN>AW()?{AG zm@KJRod7#bJ3c(>r;9fRf<*HSLJrv=eX(%W(OT0NIF!Xs%N0`Z@UReMd;_ltBa+e5s&0G)v{c#S z5za#(!Ym-I^7@>4)_`;8){{|{bhlsF{K0tWLT(!-F4sp48$2{Qjp|t-Q^f)M*$J93 zViCc1X~dw>Q#ajfPuKcqZH3;OyROAMD?{?$N6XB)Dw%Pa2M&|zBF`-#o|ORr>=KTo z5i6d1^8Iai4CW#|z6cgJLtgRS#J?+Phg?Y}>h`US`YY7J`9-G0xQzQhtlqG`;>$F< zOeLgY(twl_b#t1|jtV!micv3N$P{S2%YjUZWC8t#-V=4U*Si5xo(llPap~I)ua5OC zz%``RO+0TRgn9bvK?b!{72ElCe+&4}F7VX6!@#y?g= zW}ia`@|0>&txZ?uJB7CCB#~5j;npm=byt)IdH_pVQ zkc8lB9Gw)7`^L22rp*dl?TS^3{b5cAXb34BdR6${uJ`o>2)pw%NPt z&lBWd)_ESXcbi#fq4Z3J%MAgveHQWWP!e{Ar<3*V@1SfkL3ip~KnV7XypEKb6~d4) zdDZe6=st7@Y_LUX-O`G8q4R?f#t0$oS{hEei)+uxsEsCVCf_%)I1 z4Gv0*pwnANKj1?3d&pNOOjtkN#0z>F|N547RuP|$g~|cY%W6(dkmf$rDp28SV4#g= zY=HKmZuy=*r0D5XqrbAWnGez@diVM;-$IY;@6j8e%T#oK1ev2ibc0)5sXH=~T0~FC zWra8|wcia5ZHt?$3F=Tcv2?Odye$K5_1RDT`Cqa;VHt!9^eYsD zah7-jw+%8v7KYzJR`2XQI+%^z|#6<0$XgI&=tks5CQEjG=UBSl`V57BztY+mu)Yjik{WuKM}|o9KPrYLokK!H3ixlkg&=#Qm|w zC1#~=C?N0UsB3U9zs&sdShg7-^?kO;Ro2Gq-C&dX}@@?+>zr7t7eEpEy*`yrOro|$B;D=RgK_pwNbSmVN? z-$vw{h1?3Xe*al`KZL>mU;ut?{~}J& zO>!Pg!VqrwZGvGFVu3Pji+?dEAu_FtdL8ATLJm#@_2lqW3hMMus7B@hupJSbyB}yw7OR=pgt z%*tAe{Exngmsxf(f$ulY`ukh*MdUpMv55J{N2^2t0`h<&Ea58rJ*Uyd1%+CWpp#|X zIGs9D8tLc(A{VJ4%L0M%SI>J5(7XdmryOtt+xTW}_KoflJ1@lbAcw_;{oky_-mm#$Eg+I1aSfGz%C& zA=Mn=GOE{MT?5~NELZ^>w!+q5XbNg=WnSl_xh&^AR`34NXg&t<1PCVEyJ`<*(1sBv znyqrT&Zk2w?^f6h$(g*I4HmSHyKCNl*^i%^rKRD@D-Xb=F+wgj5v#s}pa|_=ZzwyMNpRJ5kJk>#A6@B-%5ihbNY4 zn+_F|p!viO@cb+z0kIHaoIO&^p)1Ht&CG`xrR-|JBXa{OnbCdg+@%-H>dH04(TNuj z)!{EhbzB|3nOl0-WhG}~7W6!=?THqxHaQIB)z>-9zF;%j-i$}*RaZS$o2jINSXdcA zw@vHELjNsCmWTvh^x1D6zt$ka_UpSzJm!O*JJ41VKlJ?k%uBb{`Q4L=YE^>fW|XyE z&`%4dKfvzo0z>r>PoZ!Xlpb*t|ADL{xBi8!6xN?!;2~?fLYFBqt&7WlN`6*Zk@a?U zoQ7&m{=dS})z1j-#nAs}F!qu72PH7FPuoa4AA%66sd4*?-uz1wAw)*zWfu3i0AHRW zdY9z^sY&SQID}GQ=yp1*G;MN|1!DkmM;@|&nG%II2aRej9z=}$j)kI`qr*YPr(pa< zq&K0|^wV`t*3YjP(0*&5kLZP9e96{43gS3-Ww`Zt%KP~J?}-}qN%zIHZ^Tz44NhyC zXHdU64gO}{^!=)CPLRP!g^TTqEI`vx7Czr~UYge7u~xlXX-%iZ&9)r!m={L@jlq}f zV>90RTn-6;`dur!{}$8fctK zuh&|GWr;vH?Df!|E&4n21L;QW5l1>8Y zqV$!oH+sI|ArB4VH;AbG*qq25LyL;oa94cbz>IR83p*6W_#q)NQ~F;w+ZlG?Jqi5= z+RshI6O=Y+04-x_d`?u=@|37nvg)_;82k%XiL2p`abErl%#yG7vu$TB4x zK)44MOtB3J@SYHqb^I}5$c?%3g0K(PnHDve-~brfIb;$I{^Ii=mi7}v_!9?c%ZbY& zfpe>!aHRfo?te*IcCd#}%PT@4js`}y+vyt;0YtX zsi(n>@(ueCnLS0kHU0tZLV;Y)(9@y}+$b}ca$_Jtb^)CICH!`KNZzLmgNZY0g(c|h;JGatPYm!~PBSN`Y**b<^ZD(-|z!KKpFP)#1IDPT>$q*78{9q?#B04KY$yLA0=7fX*$@Shf*y^ zhu`IVdhr?^x!Zlc5CE|mfzH(cUiZ`MR6xmdJt-qBInt5TompqdHa5s_a))mri?V4I zu>iNIy6AJdJAzht(jzcMd_CYE(tuKy4=MD98~Or}z=I!PmgNETSpuPALw)_}FMms~ zjcEzsZgR>TRqxDUJ9l60wUX)zExQ!|vg*0WRtLR*EqzNU_!cXbl|Bd%=|zqT2KnH} zJ0B!}{L3%N+(NA`oH3dNs`GX53x3?HB0&-k9TnSqrlhQDZJsi=un`RGsU{W{c7XGf z9WK(H|A!NL>0Vhhc5Gwlg0wvQO+C+OW#mTg8+);9=!VT~`KWYYNW6*~ggD zWDfcEHkoD7W8KWaOYy+jjOnb|RyTv;i2ZBqc}b5u@X7Og((OV^U2MvTDf9wNiy=pH z{}=8-3C>A=AMYTe3YLH$1cOdUq#7vXao390!EA;b$F|^GVo*c(#{1|UlBz(DHnkIk zfVIw#e)bcByet?6bLq z_$Y5W|K`oo(vS659tJEKNJ4Qwwto zsw$Ij$1kW&SIQ0dMz03r>@Gtzc7 zU5#=glcvx;(#kw<>}6*A54F?7PjF4#&^AD_orz%!Dr;C;Q!3E1toau`VFH@EgK~kq zA+9r!pgwSACUH-Y{~ME|9-+A*I9?OoTz+I{ID8=k(q;jml6Kx!bwjQ=t=}Ugfa`hR zRr^oUx&>zpu@l9)i0W5+khrqOMOWbB=n&-5{XNn%7l|n=8JX0pI9DJ1{k^OGa5R1G zA&c*CvfA&gOjZ)C!B>{XfW#5>3FvlIfSfAtV?;1J&N^nRUn_=V2U;x zLbeZ$`7HKQ@svDIYr}&Dkc2Byx^?fNI9k8#Gyushpn&8cbX$VEqhD8cI23VR3Fcx3 zPjXX+_8k_Ig-4o`-QjeWP^yDqwVWaOqtUAlv@_{4i?4J@SP1X|w=vQHY->oqvh&h7 zl79kJd(C~gKvNzZv9?c~f5ZNBIUZupj3k8_XYsGguFN2dQ3{G z*R1@$MA9U}7L@~Q?;O+>NamKD$1D)3s{#o}2ev+K_aA)2#GBmIAKo02L3}WXjfsOkq}UyqJ;#D&>G* zkAYN$-K!kW7OzpHqpI6gngM5KqZF{y(AtG@L4!8uUjjFtT^kvdk*?jZ2{%(T_kGVU#UDUlG99bkY49KyQHyv1N#zx4UvS3@Q?`^rw@f#e> za?sg^xP+oJSX#ucUCe=Ol|@R;$d37v)oLhC#a#uCK_XTXXI}!J{Eu|kJG_CE9&lDz z20~!FH8x+pe5tzKrNt}$jz+{|a5WB8WElYPnzs%BlW@UVHTr)+g%A(MYcJ9wHW-y`mlhOVrj*1Q#-_GyeO>m@du7W7~d#cG;<%{?`;4hK9wjZN6 zgm-&(mUMf?`a zBkq<7zKQWhY%NE?jTS%?HwK5<>U1X=KZv_MF{jcA9KV)WYT)YTBQlOhIbUde40=>& zg@Jwa8%3zKPkt7GTWgc?>P;MqU4Uh-%`2a7z9*v2zQ<-%U#(W|Ax69oNo)7*2rt;G z9k&-0&5dE}FsS9BhsoIo!4?EQ5^IL{vFp_kCiFiMq~yi=L zV?czlD!-H)0OfQx2KJpmnDP4*{$`T+sB9}s*7C!Fh!~`pr&fj16)A_Nrz&kZ zufqyc`mankcNeEO-DqDfR2G}RPsaFvg;A@dt#Vn_vL48J z2_pJ^Xi;W>PU31X?+;Y}0)OBNUm&teb&v7cJhX7I^})tvxXo@2{U7jr2e$r0Nk@zW zw0^MrmK1OUh(|u`LEGio`s7Vyh8+6>VGd|y9LOvvH$T|V+_MJT0g^U@(w7MyY!L-f zPafo93+Ts3E&gSfN1*fZVYu-Agp(Xck@=9h6BN*S7 zM?YkLP%f$8Y^UV)*m>0OF2O!|ZLC5bq5$UZ*H);8o>T2t`9(HoUyiGAT{nXEfdCG@ z@{T(sodrO&Ii4Ii=+-@Zul81Duyk$n_aFGe&>@snT9&PflhA_UzTU7uh`BKHHW-su z1-$1mjx#jSTA-Wgw-sa-ppDwO`QOYU(SP8%B5{m3mLV-jY>EgV?Fbi!hni%sV6R`o zV1&*h?GcQECQWy(T>-?=V{`@Bbu7TmsRfX*EC6L$=yLhGk^4N!XR1pX;$J72(b6v9 z=2baJ?{xktJRFi~$j1mk&qE?Sx@6TbL0)G9NpnK4K6}?D_}nXmjcI-l6(*Kdnht3d zYAJ#&mV?hKPaR4*%(L(*S_{wznAj8k4^m<-@l0(H<2aObvY_=*m}o$YXh+|a9B4*y zQh1isEK^7!2rBTn&))wc6q%mGWkKT(q!yP9>4ieP`I4W|yIBK_;*#NFI&fMHEC`A17+sf zg6pn}RZp2py@57+9AcIXE^Ybh>Gx`I`wf{Edd{?`^FL0Y;AjrzgbtbRWWFyQ@aU3q z;Cfv%luD~JN4>hf++N9zZ93AAw_?oeRp+|#SV1AobL%T}==Zzp_1PGFCKy3fPwq`+ zWL-%h?Sm4nG{v_tzFg~@{g2n`@Z5mGlU306y6c9HsvTzIG_e@%;!R%Cn|kXpS0@E1 zmWCl8yy90;NZ-KYiuagm{0P%^7t--y{p|&ho@FR=7J776;kgCs$3IVAa)CBjksph$k0<6bXi>yuM*qSiTw2VTToZ#vm} zWfp|m3X>sR{um&f1GLFT%bK1%g(u_0wYD_k ziynxxD!&iB#7|u0fMD-Q6;$u}(Th|k{V;^4T*W5(u#5uAp2O`qWD2^eS$npm%9%=Q z(teP^P5nw@mKNAzZ1U9G<1Kn&T8C!E6w@vjkB;0V% zsy3T7JNkRSSqFB+-I;Hv&y}|p`Ll;^|AlOTz-vgtKGDN#94h@|_B4#Cx{z0rsUNO75_z!(AG#is< zAG8T|wq#tgyb1jK`_(5`ck$3eq|-7=fql%FYw;AqV77k@s*;As{@Q!*BOxF8i{ay5 z!jN>Mzp;e3y*uVK{oIawTw}0B<(DAT5zmNZ7B4(H z%3_*J+^uh5F(M?&kbEx>$=HAXMJkxIPpJOjg^VE+9f#3>7hHNvx9K}_F zXn85B&Nbpw_s8hrjctGV$V{ebHb%T8jls+{wf+<_66c-Dn~xu$DKSn9F^0d$$a-eu z>RfD~@vYaEQtkm-ze01o90i`76jjg9vB_FhiSe%38psL=W!T3QA^G_M>nwI6u{dMz zZ}xe_`to5_>&a$gmuEeD;G}|+NARr##pSg@9MaZBg)k_|>F-tt9dns!4H|%EIT!jVV4kjnLC5QLDX4mYZv0WS9jd-#fywVd`tvnG zM$%y(dnDy{3wAMNZYJoNA^m-hq$a;Bi@Cf$_&aa&069;ceWB;8v#_L*4f&KP2rcsO z)N*s|XIi($9+zNqd<3Q6&5+-+6PV$g5R2|4Riv;5rkhw`|Jh$1K(AbT%~)9wI)q>? zB*gkpU6RT{2YoOqmja;Gxf77W;El_q;3%R6K_(Uoq)zCS3zN@y(g}nQc<-X1*p{co zr74^5PFAmVUFQT^BmvT5p+rcNr>WuI|Cz(oNY2OX^nkX9T)UsOThQjz37R6_D`zlX zAt`W(x3A(@RPX(->b^Uk%f9cMpFNVj_g>keNcP@QRz}F?M~F~<_Ff@Mg~$$tl#!KP zl$}k=3`N7J=X2;hulu~N`?~Juy6@NPc|Ff_{&$|8bo`FraeTk;&wG74li4bh%tvNR z<*8jwZ{S44m=qf-_29=dgrBH+1^1=^^fw8p=0Z5c0ss(cf~JBXmnDDURr0Mm`2TNxCYbt*J{h9)m0ld}8J0*s`VKxFZpJ=hB0qy7L+ z!ltDC$@*)%rGhw)8`BLJPP&h?!+0p6ANe?p5@|Fmha9fJIeu4uX89LE(D3E=6MU_v z+31@pZyLYN1cf#J1*hyH5y<}nr{LmH@T-to1L)$VuTk`TKLNa}sX+jn7(Zh3dVbRI zu%h=#=?jiQ8zI~0-izwsYt3XVM?jhJGatuVAQ`=W9DEr_)DbIg!zu!Lv{RuxYd>NP z+Y@2n6|>-#`Q;}W6u;&=*JsmjccYvD-8*67J{ z3;q~*tX5Qd)1numK6e98{qDu3m&96kPuG&tiz%9i0uy`-_-MhxdYC{Rd+OZA^o<|t z3ef*|5DO9AXTVM)SSVJ)VTw^#u-T3TZvlEv&^biD_Od;u?AzyUdw`;_+)xU}Sj*ha z$ET;)Y&nOO`5{6lwv)*};uH&Dsn!N!-bt-7#%Y7r1A^~M4 zRkligw_{W9*i+c~@LkX0TYflNbQfh<=nf^=MBCUYJ*k`Rt7lBzUTgJYEPbX7% z<4Nx~P&AAi1H7fp6jNxZZIFr{Y*MS~53Qsh8uAV(#5aVFJAnPbOZZg3TzT)4w4oe= z(Hr2P<)?8gl_r`FzfP`- zeaN;GUo_(6zrk=8S1=dX<-}xn*v6CS zcbDAEACj&UPrdHzf_#C5QQx;p6KaQ-XK{5}DNr|>K1M*;ti1S*L^gcVlw;@U-#sR1 zN2n$|)FlfnTIuT;d?S*~2h*6Nb(c7K=-bF3hF1HmZ%8~}*rwSErm_d9ytzj#U`u{%XlG=Q zBWt8~jw^uV&HGmFvS9J9#2CNya3z9Xi^hOzi?KkiRVHHcb9O}BM;Kb9X@>0m@ReXK_3PqWa!6vd*w1QN??kBB+|;>5-Z86GYt7*kk-Isx$IynPt&?BVL%n97bLC0o9gKU&@JdM_M_us+YS_ich!udyRdQH? z)FoAn?!1^>PkQKdVv#dc0n^-ibiG;-OxP3s+{nOZO6TkOY@O;ijPm3FwlFjE@|oYr zg)<4*nGR_Nyx$rtngnQvr!`V*TEF>jZ-noD)Wd(|d`me(L6$W;u=N&d-Q-1TDtAwH zB1{>S0J>Ot?<^bb78U?&Nxx6o;Pd&tR>ns_IFxrXq+EwJK^e?g4(2=+j#%6Oj!ChA zE}?7)ls!xV|FhMZ4{=D-Zo`hAaHZCfXcLC%3uKUt7!SJ50QVIB=vSYBWa*)c*aM9Z5# zu!3Af>Px`qno7x|-3`3~;2nV(Hd?u2)hm=d6)IEtCxGb5$G3F81Gh&D5x!^Qo;VHk zBCQP~n0$R0{*kqK?C6CkIbvH-M{LWbf62B09Lxmvy9a5xQiw$K@XE!XCxLz}?Nu~K zT1Ub8)D8abgmZc25TFr6sCGbif{w&$$JST}Ht#_-#9gTUv^C|WHh>-OebcuYs`tla z&d6h7fYrE_UiJ-?r{3qJ>7vw3jl_mYhVC$7r$G*iabo7VpN<$gMxtX5&(nd_f?eh_ zVze&hYdlV$j&S!EnTnB3ab%W!xspa~8q%c0pbm(c{eZ^DLa;)*vfvPq`lPVo1Awq? z0U*Ip>E0jGwuU8hG$!f7)31grV{aC7`eHp=DUHuS1SpWv2H{&(^>Eij;Ofq2E>^zy z=^EIqFb*vnjvno$73V8%LkWo{n{lQ*wM_XU7+p&ak!F*B68$lb13t_s(;X?+Fpa@h zhr+YOgM$jh!)`uo_yO}-52_k-!2E2!4uv%7km41LAI`ad?@MIP^mD(Pa51IWxbo!1 zTn^B$laju z1I&!(Ri%oNw;w-;dt-lcHoZ&Hrt;P@lgaRHe8g2h&kM^XEX`JRA55SfL;BZg!0KN- zYZW}FWF2XgV=Z~64pPO=R!~{>xAK~GvW4uVw!9ljoyls50tx&uyn&Go(<0u#dwU2t zjQ%^-qc?eU9)2}n3R>tO5&)*3QP>uZdO22dj?W$o=fczf;9*{-5j=(t2boOf4=l+3 z>GB$94XLL|TfAj+-KbnlG4v&=C;CSFV;R03?E01vs;@^jv6Fz5>j~@6YY`X^VkNWZ zL&-&PD1ZG`iesdBF(GWhTNvXbIKywYh%N%<uqiP-4X~aO2EoK)6ET39WxEpyozPY$Y!n0uhfHDWudl@;+ftQ*Y z&XUrzGd&cmaZFaC$H#HD?2c*<#geaIJ>)s^di?>+N(w5dYocbrk+)k+b1yz>B+|*1 zLNOAHpE+JgDHWt`Ej6ijmS%`>LtT%D)vZ95E=4SDx-W%!(LmZ=q=-|0HS5^{Pm{hj#Tu6z46MR6W`o zu$B@uvT|DRAhO|XM!(h@??4f z?!Upoc)GZZ{*m2UK$JJDn?|-rd=B0(qfK8WMgjQAiJ(RbznBY5#TlwH%q502TFQ){WX5 ze+hsM7m0ryxWDN)HQNakuqgw-8@OH`+qL7HgPqJJd)&B;-WPtZZjWzH+g%;QZyo+I}{tPwfUE^ObRsB z8Kp+g{};?c<{LM5{YWXI0nsslm8WoD^13FwxM$Oy!hYR8ML33t%ovN%!QUQ2R8 zvfOkw;?4nFU6Vgom2MFjmAV1Og92~dfZ5gOce)E9#k}6($tqPlkJ~mj*Vf0y!Piye zlhJ-LiEV1LDjzD`x$uao2XB?}SZ$pz0a|pm%Cs46KkyfL0$|DBf#iY&K0h=Q{ZnxW zT49kZ-VN<)oNY{M{tteL5?z}%O8oBIhmA=r$a@=osr;Fbfqvkka%Fz+GF%;IqAx?I zTVFD}hdCa+(O@GgzsRzZ_{`00ZG7}>ec84VA#=M`e@mY~3H^tE>UoE@dlXW$UB;>|f6a z=6M+!SyC*B1BqowiLOW^JFkSJF!d5iQDYmSH<3Pc?Rnc-s2|ErFFN0bVI&!qMfH#u z^6~ zIN~x;rEu)P@L$xRfMG&J3{sW~6zc)(s4aO^_?{I*>%wI&Vt< zqMW$vRU)$P<6mmB23R21c-tm|XL;b|28x=)<5>MzUJj(}J{8ueSU3|(j(xgug<^|- z*-Q7%e#Q^xM>j*WvG!xL@y8Z*T1+#2m4%nTqn3WW(F>*Z^L;Anrh(Gu0^%Z(e?gJ9 zW{5HJv+SMF^TUL}zhiEOl$s2^{dd!4?u{f0{kY=Q>31x-iTsgyZ?F3x8-}VLis^nsWY(Y^RKGGZd) zz*y>1V%_w7Z_mtG+xAf&ckYWB>I)3+AL|LX>uE5*W@r2qHB5cy=LwW`3ZglibT+Y7 z_+!O=l`{xA)hJM%VVsN^BK)RG*Nl`m^E5Y`v^QC}+3#WzX>}ibY={p0=s2DEN@U&h z(;2?NO}%GcAMONRar)FG>E>}(va9{>qS^Gu>xw=K^-v153$B@FgYOsbc?RTP zZE>d_88F4!NEZX>^^F6U=3vp6F{=9{l4nzYU&wKK&~}|PM7AJ6fh1H?>OY0xy&RD zxCj%NPo=%1-Kh8pCb?g+kVTIHjwL2pVNWv$7HCaux>^`u6DMH^jNP7G5gK*g(c05fQ+!)}VPGd|0WHPWnc`>WG7lpLugtI>;pJ$A_mAWA^{#E7vC8G8!@oS#RL5m*WImI4FSwlk?FM)dr$$b z22^neDB3GHS9qDHn}i`dk0&n}x<(LB3XyMs?+jdEJg|XraAeGs!%@Mj zs+t;+mzUQ~mvsuvMBRMp3~O+9v?DI4=z5H#&f-Xb0otO3SrvjcZ#Do>i%&@*_Xf?Y zFF`hPh$~c!4%ZwukCmW1;`ZuseeTI#SHV$g!KQk4_*bpx^le;UP$oOTc$ikuxYryn z4}>23#sCbMkIH8Q`0=w*3ue4uWKkR_M3@!lY>fskxOPcmaeZf-C3F;Pi zf!$XSA9!6Ra%wxXq^|#1x>fVp=CMO;z+$3IxuC19ZLaf3X+}(PGT$qVY4&=0OqZ@4 z_6qw+eXbr(PEJ*2Wt86*s8mc9o{%5Jb(hQXP-gK=NSL_5dgdB8bojd&fk)Q(tkO}t zt2eN7+`_gu!$Mzxi0eG|h-D%U@wm-g-}k_#$2!L`6j@sHs&~uNI5H zIh#Aux<3>0?INb9nBx$*T$E5bI8olX63bVk8X(l3RxtW?fIHjjJGO^EpssCDp$LPa z+ZDe51Y+@XUoD-@wn8{XyKj5Z32lI{>|8_ZZ0p$A1&F}C;Y2rVFkB5!2d&If}! z?U!XL+hA1QEIpUoTJdM==e}CL%Y&FsDFXuo%mIvJ1wLR~)#0IvvcK%Q=EO*@e{E4p z*@8%EJn$7oPB=RnFuRvXHf?k=wK8oROZY4}Z`B8?c=o@4Ck!^b78XLa;(Z9kpm-)* zRae0ZWWs#PCn60A7UqMj<(rIQD-|WY`fw~63!kfI4NP3MU&C&a>+%eCeBa+c$JWwv zT#`6K$o*bi+N2Hp;2Rr>%l-V<_cvtTK)Vq3$nRR$4uBp#5#iSfc6r^G%uWaZ6?(fE zYB9baew$T$ldq-*Z<-o_pqG%nR0SRo58vX9`Ow+jm5V=E%bW*;Hk&jq5Gs-nKdDQT zo)zIW2S$+`Z5D1ox<`aN1(T$1Gp%4?mU(VzC$5g(g5G5@N^fASh(o@-l1c2~6(u~x zKlA}uSdgLGWQPiCzcZiZlyJp$)v0rJ)5PwrIwdOJeBTHvPOGIdy}iAAE-}KF{R7rV zejAuwR!#{D#vx^|`U5ZqYPZQqNTju?C@a@&!31V#27OXBVpHW7wQ+6m=$AxlsHz%{ z!nE1 z#Nq`@oNk&I5b^2yvol|pMX|B5JD$SSCm}9w6y#)PMjr|1zvz&-y{i$3gyw2}lJ-}i zHVRD5&f1U|=>Hm)D4gqj_w~uii#~B_DJkqgatk#zHWuvFEiNt=K7IOhXKO137F?~i z*Jx(LRInVdGh^;@o|}EtHU^KNx`syCdoTrVcW_BbnUF{}5*S8YHSVT%@f%o0g>&&osLo57T|8k?6LbF6o^1K( zF0LOPp(~pAqlRMOu)_6&EMk%&{PQ-*gKiv9UaDj$6YjntYIbG~RypmR7<91(4ZL1S zp4HFsl`5VAy=JkZI9*W$%SDPh;(jk!80jjE`bo5bFW->25}Jv^eGv}+RAadk(>hkV zpy~DoMn(p;!AuNkEu$c-g`#X@n}0L(nEwj!E%U8UVmo{9{719A#p6Pjx--` z`aS2|x|7`N6;aca{*1oPYT#Todg^P+CXDY5AC>*|>C;*bwa#zC?g3LR3V*Bq%@gZI zotX;cCK>EOyL96QN@)LKD&9QyfZT9fuShSv;e}2@Cmco7C_ zYedQf53zHyu?S9R3_>|(M#PB-glPUHnXQozc2zg%K}NOLX|*jcsoI>K=*mYl7E}l| zm2{S!vG({zs6xe4IiY*#Zqq}<$n58gqc2(ZvrC@KovR-rbdl9l)I_4$w#V}Y+SVD% zJjXYLDc0lJ$J4>?>nw5V^1W*kBe8m?%2vL7K3vmK^mt($PP*OH3c-rLLui^TY5K9U;WNJ3;NZ;?FJmEiQ{-=A_cEGymq_|W!2x)BTBR~ zIgXDQn8*f`*osE0j+;oaPgDutSZ^}N2@^f_$##?4+=&|NGYU|-rQA^pH?Y5S@P7zCu zref8lM<<~Ko`k)PE0&LnwVueTZND6Q zLZXLbx0Rdkc#)qxs_I#*F!rWJjm+>%^1&^o(Ay>kgH@r!#678pYQL=gY@n`wwa<(q zpEN3jILK2;c8X6r)!5HoIP}$MN-hJ2?*JsmmmuV5Q%TgWhGVtW38-}@#Y%UW7wWyH zDPnEAP8uY^d#!T83g2xlMvZK>9<;+>CPY-sh2nb#+yt^bDE&oQd_Ng|%J6CO{R>FU zk~`Ec2vt{W>m^xt)=t_XHa9Bb0nyjpRC7*9#0?dl6lAEMaHxL5V^{iN56LiSpoUgXnw`X$HmzkU$q!APcdZ4YYm zm$Nj3NuugJLQY?8h(5>Ctd}L2-u}>zrTRXz{tYu8Aw9y^KL}pkKWn3tbn@io585kF zYV#S2q; z2Na=mvb(G0w%IhHzdj-6p?jtoMwuy$29-m`kuHvIf4~-@5RrkG(~Et@4`@he?u#q%)v~hl=5INUNCu{ zCj2AtuXuG)VFt+8V%|A7wtZ$DqtuP{*BJT7G)|7(qhrp>1iXVP~B-vrs~X zhnTnRfuZZAmqLZJj~)lvKQ7wKD-qgz(8PbrPxS?c0grx;sdYS-?OV$k{!{kFO}zub z?keoZfV)qlY3u1MuWJ-BUGk=L2Yp-r-uLgOlDuOoEyzZCca3B2IZr1UK^AGctIY_m zoOABQP~JAyv*+`_KYZVN*d>2Wzc%fpjY*Q@?-{cSAKRIvN{`0h`An-5&Ty_0PKem7 zoH$C~@uvT!oOXP^EVu68zho{SxrP7pUvZKX4Ivkd${olx*m6Y=-}HclPCj(RnasnJNa+ct zIIS~Svc(VK_TdUYIeNs{YdKS3=%Zj|6#t4e&8i2)wLFQ1O)M*dAJUMF9;5&&7}USU(__WlvsO^ zdI0K8K3HWrL7&fullJn#T(JPj5G^wi%esUG`7>wKfZgnX`k9*V;Dm_j4Z5G{JsI;k9hIotR0*q zcp2k^1Z;I~K(5^g&KO#V{E1=)vO{GXj^^TI2HOn}BvE*km6iFYm<>$7L6paEa_%nD zt_N}od2@5K30dRu-3tznSWFrHq@yRnoS_QJsVdB!nm5U5X?ZW%+Y6MPSfZ3|xD$Ky zI0vy0LacrQ!ZDXJvaqmd2;S<&)D6+4Zph5^A{G+FwF0xW@jVRTL1Kcv$l=4F&J6~^t#O1&#W9+U<5-L%olx;i` z62{FCo%#${PMs_dxVT7Gr!n<{=wNFuL_TllKH)Anv3&t$hrDJJ8t^bdj!k=@JNX(Y z{Fd=HRkoNM8822Ml`Hk&LOeL@7(Hl8McR}CBw8l8V2Tssy4Eb^Pn`Ofb50u3T25$ zUgk?1Q0r9T2UOu@QiY5NuE~VqmD>x)2Aqn2=3Tz7Xw$ASlRf8w@xPf{L%d%3ujR)@KbCwuKV$pg>qTSl@tSNE`xph;OdV5zu%( zJdNq7kU~UNbv$PRiT-L3BX>2&Ad>7h0QV`P_&#S%?9Ykzb`?oC#Y4|h7Srp(DTla%x@h_oP1tQCucwC+7T{Bf{y z!~^w6K|#R*UU^aI>f{pM#wUx7jg32T5y+9sGxlq@I50(=ItQi`yYi_Q4o{1VNqi+M zsP3@LP`ZJ4)*jbV8dsK=WcfIdkaY0sa5ko}1~4w<_7;CE+B?=JylwKs#InTc+^+Ok z5_AR{Ppr6-$$aObZ&n$>3$sYAT~fa0&wQ?U8~N_n!xRk-Q^p@Vk`TGbQqRLW9dZd~ z_tms~>rbO~NFbdqu z#C>g!u6o?j0A!WPS8%ww1@1bIp(4rAw78jr<-rg-$OlI?w?oEOTO6YW2Ik-sOcC{` z9(N2`S=)Pmc=txE>C{veqsGM@k0>oGm{Lo;7(PE#sNmZ~c2!Ts{^x zB6mdPq|#qQ))dh7em}CiM5sOtIIIW<}7H~s&cTNzPdDF7ZhEo1b34M z4bDD=iA$yvJ119Q(@7Z`1*1`qof{OrNdOCNamuz#{R~uTsUG62P}qP(DOlvgECyyJNo~(Ay0)hN+>j&hZ6W3U#qb7q^u$ zCh3x=A@U3*Uom7yh7?KX6R-mzTw_7ezpb7RWmRccrJ3K%jpJ5&^DL9U0BX~`&fVO{ zB%JOmB-he9?kraJ9^1Kl9t#VbPfJzF#8X={{H%Nz69@syHHsJ%CE3L|_)WI~VQATs z5j+8deTq|qV1u=0I}_t>*aLRvCD@qXLuPXMZtoh~%u+WAskk>LoQ_wA-Cp?}rGdSl z3}3-E>y-`XarpH9^KE!-)b+5g=mgZZuQ563JbTOjz*NUmzvB-uW{6vL{2H_-IDGV9 zj?alXwcdyBBqk&r)E76T%SZYS5qap-Q^7RoWnwZ}Sf&%R zWWDp9;V3n#^iR8Vn5G7s8%$`TBUq(bOW3l;WI2z2oK;v^MMVvqsmsGpp^oOEh3*cG zliyR;W6gg9+c|{T=da2c*`tmAfMoR8XHdTgjE9x7LPN4EvEUyqHGS1b%C=$u3#2zz AiU0rr literal 0 HcmV?d00001 diff --git a/docs/extend/images/authz_connection_hijack.png b/docs/extend/images/authz_connection_hijack.png new file mode 100644 index 0000000000000000000000000000000000000000..f13a2987b28d70f81bda7096a54ec479f20b2690 GIT binary patch literal 38780 zcmdRWcQlrN{5QHQWZa>Wd6P|cLS$x-WJmTWTSjDrtVC8;86`53k(E6|W|FMz>~$kq z;dx*6UFY}5^T%_Z^PKaX<9p8c+}-zeeXh@Vzu&L%z8+mylP4ymBE-SLAy!n7y@7*+ zrw0GA;-7#|9MZp9Nu8EL$=dljUBrC8qOcZqwAp>oGp5>Y6`LFzYZtTam6~jq zl(O->Yv}U0x4S0Q8_JNEaN@t7u9aS2%^r1;MNd*kcE>vaFz z5`!y2a9wzpAnfBm*HrLpe6;=dC}A)=ihhkB)vv3_{WAtU3bpE!|9-z-9X{|4FysIC zNnSWjiBAaQ9qex>ynipe^-RF}iRHnK42757b01?{H@w+Mb#iW8>t~h;CXy?v@!A#| zE;Mf?No$QjeRCr6Kf|fhR%So)ZE^ao@hDl4(_ChP5&vrOXw|)at|5biD%SkSd0{MB3haB+ zu?K4qm?#;BPH3G{z`Q2VdZVK%dT%w4(xM~&;%j~3(skto?zsLpx&}HtpZ9wV4(NS% zOkdSl_2f85QNz5RfcZRj{IUXOfuO{3+z6X~jm2MKO~P^O!D_`Eiie6I%FhvxCU>(d zl$|lO9+v)9us$IL8z$#QX3X+XvGUuSr51<3b{*b+Dq^_vIU~C6=+MB(bLI@YUf~Oq zI`7?$jrCUgs?65z-dFN*bIWjPD!8EerNH~Oyl8BNWO6$H|*flr<}TKpI@tT-lk7%*fg_D^WJ#G!72ZQ zhC|$g_&mRCzG1~wyx1q9*nccoaHfEc7Ig9x8!xA zC@7Ur?a=r2^(cw(Q4WjYpvF~pgM|&Q@z0qiFnHWl1j6Bxb-o9NjOj+j z);(o;w>G|i?BD%X;X*xk+2Px~QXEH|^V@Ejx}Im3Iuu5Vt<~eWuZ2%B@`*f#Vnd303ey;0#-cUPNOQTi5y4&vQlKu2>sck;hC7b3B`MJy9J5J@w@I%jnI~@r;Yob1TCDB)r zc{-f$eU;xBbjsjsmPtcE{ss9bly2+gDG^kc-gT;PzbrqLky8BFayzs&*edw2^5}5? z;!^G18Kr3s$E~$*6~)dg#t#lGGf2M+%+VJLfZ~CI1p<%M^Shc4d z?RzOawF{Dwu@7ar-jJo$_o++Rch>d_tYCd%l|3GfdrT8ocy7Ml`wIKk@X`gFFWDM$ zqMSURS4PTb;3@FbyCSGBTm0Htm)j$~x>G+WHwF`;u^&pVUu+e@rTPhIXBvy>}WvM6J z>3f|sjr~43tQgCp*q^K2Uu5jNdo9)Hr+%sZ;k4uPAD0eahlDInG(229q!hdzWj9u> zFZYCoJ<-{72W#qo@7nXa74PlQdvPa~jkkY}ICfOJEoI0)BHN3a@yZ_5J9~I^@@Qw8 zG)dSw-Fttfe53Ic52a$3T8fR`$;#7h*6qeEscwE*d6pgV8w17)%-X%>A{|!P9bi&cq}6dT_zs3pLogx-*SUu0NOc zUmaGtuiTxaz5)kz`srmyqYEoRr_P0Y$MYDk=E5<31LuUh_Utd7+fq!0%3apN-`wuEdD{_mRDM(phX&uM^$Bh4wZ~^a{#+TcoNkF| z=k(XYTIdbcY>(N}1YbT?Jc{lK^dP1z<1u{yqRjS7Hbdx2Z*b)qZo@$~8G7~3Dwq%- z>z-8YYxVnY2CEHwK zULTSo3w*BCk@5o3z(h(HYNt=tjvw^qGRJ)~j~24hzORl}afs}lU$+{bun%}yH+lRR z>4TA+P5kfTU+k*;i4W3=jV}ApH@$jxeREsjOk2%&{c|27rErK99XC=?G|G^sif%Q9 z`Afdhd7EM0`efatK4neBFl6Eek%mc|oI(3j_TxN6Cz+J3#Q9f54yZ_J6VF=BzOY8A zc~J#Y1cwJ$)-Jm2ZdkrzBTDk5TFeev7wbvdE~RYdE8gMH>K(b6ZA$Mym}+&^ef672 zPv6uV)zou4N|AoP_V`vmiEe+LyY47(!Fc7%!0`<_8=r^ak@z~pRWug^nyCDPXQ zBv-@w4eHN!CPnnk^`u=c+iF?p%i6NKKIYTU3R_lAMCX)X-8PS;u*fSBnlC z`0H`oW9vPiJvnN0=5$_waqjLarSX}|O_Svbl1AHZ1q^USxl<*bC_D}0%$;31{24zs zur7I3^O0$I4=akCX#4A6k-3j{#GE1~4{DIcu(Y6)k8$wQx6oZ3Jau`8yH^i)rrY~o z){xiIwTvysz%e+3da}7gKq7X%1maK+KGi^L%pNT%`+=swxX*UV{lR&Dz94E&<9+kn z2_p2xIEJ;}6;!nk=T1s(plvBP0!-ORQt|Dvvt7v|nrlic!=(``8N=__YWKtQ1`3QF z?aYtic8Poae9Er*I(zb~R|gx;4eQED*#+NlS{*B4x`V!0UP zPB0RT?=V~~6<=>Aw;?w}1v7jWbz8&_R%TFh8ZD?h%gn*}o;-G-a=dZS zFa@fEoXH>e#ysU|TMFsF9)A_>XHFn2em`aFu{hqWzT08`bYPMrsTkIe?@E?JG-FF8 z?|mPZPRS~t{W3h8)QG?&8LPfxEH-~->ceC1PBrQI*xjJ>R`=z!3$6NhHR(Gu`j*BL zmmY3C#x@q^=@&09dim7d-^!)F>|!)XCw{-g`Jxp~ne9OL+k@F3aU9xrO?}wy{rO1* z59lBKnru%J$g=d|eT8kMfAB@y`S@owLu-d~WqcjzS$mzEH;VbFrix6hURz5nGU;p= zmG2pJ<(~Q>a0cIeGfz}p`3w=KR`!d*X@RN-N4}#JwXuG$@IOs|*Hi2WJ1&jW#7Sus za1y`iMCgGOhPRsJf?W7@eTM8k*o;I>1{W@x*$CMWGmTcdX%;UQ-rcznDVDBtIp3f> zKbl*M`u0ftMS~2P5R#ZnwmO%X9%<+Eg}*-bLPOp-81t>5c25awUk8c7X3M^L`GqP3 zkGlrfsAW&*x0#sxILYo3y?`z5d?S#8iBL!TZ_#pL(<~;cpl5f+t8GvYwI2 z7bJ6H^cQXuX4MIIW5gxHs^O%cXvCM%*?B}PHc@KoiE0)xedI5Bw&}~jrua{ML7OiM zSNE3%`klNNc-19C#i{K02nNX~?xG;q#iM8xO@7Sxwm5p0I*i_Y`!Z1P&GA!bDH|qd zjjQijT+quYB(LXKhYBmcN8-q^|G4tK!~{otujBf-WKI~|`^hwe?0IAaJB)=;uiW{X zmo!lCN|aM2=Iv5Cpzsj+@~?`*zB zZKIc^(4*AoL>s)qTeSeYAmjGk`>dibd=nWS318}b(G;%I$(RB4_aOO;){m*AJu&~F z3_mG9y5D8>-@rzpJ{2b@R-8VS`Cnx75I*q_K#K6c{!G*%G=7w9ApRGL6tYTA zTJ(fiEB5p*2*%^|Zmy~LKUYS-aN@u2^zdJ#wG1$6Xme8k-z)RtXYiIu zzt?yrN1UVmMh9Ox{B3$LG4)vkVs{VQb6k2Dm)XwfyEE+~)vxnXFXOo_eu+LoOyzNf z_LK7%Dek11*(tn+YWj=s<{0Qvjf}~)2R{w&4433Y=B~R+cQUJCdN=TbL;kZUvG6n2)2siv|2aUFM)g?Uf7i)_41UJc=<}cZOT!L0MM=l< z?;sH{nkxHV{onf=;a?Z_#BFN&&ma*<8;igFpZlMJr{yv6Nc?w@Vg#}&PJ4jHW_IV& z5}M!Th(41mp;EDz?7$K8q%p=t0KES4-Uy^C9*{hFP zQ#~3DV*DZv4(e>+AacxgCJ9{K^xByWiSW`MFVr>F1T!v-q5W1mQcO{dp`JmPI78C`ifRUv&~k7mC=;-Hzdt)7JD~JRE&`Am`y#!hUPBQ!l=*tKhco;27k;@Ct49EcIw0J? ztYzv9u&QT_j@{TtdxGm-OL}Wqa&PsP#1NqPq#Ab<{KLIp{7x_ zFFo(q1w`{~hF-+usreDJakJ5-;!YpSE>dg$+TC32Xaby+0oncCy|uBy0J7<~K_2t`ajnHaT@T~x02n@SBfK>B$%OO=R6 zRG$lVEuFlm9M2WQs!rEXcrpUT7>!e%gU}|v2YVlZh3J3COg7RW${Jn|@stYyoOUCD zDIstYFE{F0xym!@2m_Ajk9I;fqI@-Tj~TTez^RvMlcb?V-x+@Whdgvb~u9P0`Y+bKGqbN4x6mI(dnA zFPPuXfJ*=F-j6%wT)bnXy<2l>50st@*?$rC2H=z_7eR%mTVD2r_DVaT)VJ=Z9|t+_ zkNfVcrp;a@H?#+n<{mT;xV|K-X3i*>ik# z8aD46F(`-FA|(#rQ;9ZzB3yOzxT`T{9x2YU^KSYM;6E}CO2RW78Px=B-B&Pg zZ5PkFYY;8JaJ;uN%)GVOPyTBSH|y9*5oOA zgQixjt(@?G%uR-&a_4Kk;%jJgrghq!nHYW$~Rzs2a4C4 zvyUfbiI~k3iKp})B>lMW|KSmEb8lV&cT_G+J;?CQ`27O_D+O{~pB#u>E@Y2x9#w01 zSJS`EmR;x5rBp$wrA_DqWj85(ceL75;Drjr6KA(kh&*51E*g|+?YBnK>+U1f-2Phi z<`aWjh&j5gBc-<1G>(uVMSpe*^iZ}I7TNT3xK+zX(zUDuK7V80_gYop$#L5YgLV(K z3-r3J=Rdv7KRnn!N!$>6`ofn3*j|()Vn80Ie}1c1B%S#NjtM6>clTBksl@wR<+pno z@K@OaoyDrD`<3W7LPEA*Rr*iv+Q>YIl#%m90$YD;8Q@849Osa>lkKD8#~VGoh96 z;8flCu;5h)G>y#>WGbMA>e%=qw^9qWP7*b-7MhIihZg&r-VGkYGM@}idcfN}gIPt( z+}8!^-ca=l`{Ui>=fbZ}kg2?oDO^*r+s%yLHIJIjtr%TrQM#XL7W zj5(s`v6D@~^9|=Td#<{6%pcV`J*#t_>TrHSBZAuImlXu za@$18%m_(5hTa}yMCK}IP7xBNm z@Zp@XmW=RBM}ls##OYsQFZAqR)^2OaC(bR4+@e32L8V&W^v1(K?{|-8>@;f7i>mfI zBZj`I1m7=s;icw^<(C1EFijsZ$~8R$LjUQ=t9#kcgvrCjRyMHZ5jP8`l}qEK2Isn- z4=hqdeqck=Ii)7Om`7nao%qeJPkx*OeOUGLw$CP-0=Fc*&wuOLc}*l0%plU!-@->t zGX4X7Ie`7Ef8wF!$-BgTF_IV*`nf*?XQxhM&EuEcp)AdFrt>X!*xbgF5Dfd8k4we< zD(N7?MHhld{Kbjg-TIpnyj%{-kJTkf`zDX*&HTiOQ{_6f3`=fDBh1C4J1eyQZ1rS# z!+E~Bt;G_q!;)j`kBLL&rM<~y@3Vbv-z<;Vc^4t%Fj98WC>A4HdQxaikuFppPvbPr zlb51-_)i9j^AtBXdnBsd*j~RiyD9k9sPP8Q&g+#9-etdfrM!nz3n`5f8&`ey+JFrB zWmMQ@m`YcP{Yl)K96!Q@#>Wk17JDHVPWjTz7b_skOUoPH6FS5jv9~o~tQ+!U14q$w z?Rm%7k)8C1DgT#*TxxfW6nJx1eRxzgjCj2#J$Gjk z`puFPqeFTw`Z^MmmNn;H`~J4`w(t`i+aKc9tL{gSF@}X~%)(|xN}aB<^xG>Vy0jsQ zxVFu)o`lbv59_2uQDO$@wwoDV=EiStUOJ;Tx#Ep!J$C0pt=+@}@v}TF33lENyqX#h zSkTLA7jRWE9Aav>iGnX+S16=W0^C^O4*gs4$D6UwRTEDvUG&pF##aX-g2BNmZM8mH z#pC*v*VRSO@TSN%W z*~q}{6QnryJFSsHJd@5J!bO{RC(CJyb}+suYTPN|Cp=Vz8I{{^K4RnRFZL!w=usV{ zFKBo2CTRt-Fxg7+TnnBA+tv_2k ztrr=%Q*_Oaj2DDC@ZErg@@n;=<~o%T@xG2%i|E7-*QBREJ!Oj!SJa$b;bM<>vNDF` zjc!ooeKe6No6wgoB4tkt>a)vbK_t{dDqXWQqORHYqN%Pd{wCYTg_|xcrER%qtX`PC z*CbV595yc#s&>K-9-lrL>sI^7bM7FP@_s{wkd2sHLqmh%AEDDM0;k$W@AV01RV$f1 zOdiyevrXTgIOA!MPg6`Ew9Wnju1rxlItMK`E+q;FZe>n*N_Uc5Y0C&E=~AehoUY~y z10Z@$!}=ZjA0!HR37c@JaYu!>G52TU+lWU}iTdZlX2|ghE*0RP!zIjeingx!^VKI9 zzrjz|X+AnNG#U&#jlBq3pINx30W3dRrPF!xH|(uf1hAg`g*xxl->}>76)+znm0o%x|G;k6(=VLv-f%4B z{s&P%VF4cC|IUC+_oK(5YP&*3#3>K?$= zjQ8}f(3&wq?A>RAk7nn06p8@QwZoy#gai_O!*T(b@Rj|lDVEfu^f%Zc7O zPf#KNLJc>Rn-k;<#TE{~g{n`3^jfPw|p^VrtPp zOhWRjohI=LdlXFZs&hEe+kSqsM!7TH?}L){crtvp%vsd50$U|11xU z3M@}UN>lDX4glfDusp?k4@(*TrY@X#VR=s8BYE?W&_2Nh%hSC``Zf5UkoS4Z@SO4vv@EKi?58;M{{`bbdg}RZ_UrreEm^y+nSjZ09~83Hzn{AhLNL?#|6X zQCq5d?jq|!#Ys@MxnOIZ3+)Do(gqAbCNRpME8T4MAs}jj&4S}Uy{{93AAjBVz_&-=eC8@ zf9J=3tSW!At`msq%s0a z)@b{1<0KI!MkjCL8c-RzQ~p2DY|k1%K+ZI*xSPx6RO!9@PJ_o$Eb0Xe_jBEY2N&LY zHhnAC*{%lz!38yQ^z*#Xuf0vmj(y+frNf1sjDQ{kq0+;2%%` zMb&b$F-T6$N(U5iP3b#3*hw4VQvr@3PPe~#=#BYxxK;4rBk06WaUO1;v}!#zCm%t@ zoFeMR-%ey6Y8$IAgBdb4U_#d0lTi)5R-@-_r+l4L4x?8+2zg z-d=wh0Q!K;qcC8S43!eN-v)a-kr+Ki(5yjx%Q}z^_q)jPX1;%nU2Gs)>juosq|bj; za%K4E!S;9ua2O^}&$P8XcdX5ckr7O%2g-&O!BBLi09&(N)Wx@+ssNvL(V&Zvt`d|w zg-2w}PbmXF!LSmj$PPfwj$>7BHIiymNfy?aF>gI)R1N#3D(+kxiJ0p|$o(Dj!*84u zSMGdfDqpTY9zeED7=c7RvlKA&kd5N*Zp>)Pu+A>?Sy0$fOZZk(Z8Uy5zfn%EQn?&( z{8Vn&!;_@#Mdq!jCbi+!ZxyeCm$BEo(>3Y`##4A2(~-BO`!MfJ&~gw0<2L7d zsCkGcO?Bu{&A^M!$l*2J<6U8vE-VwG9kfqirEAOP41Ul1D`b$4NOOT1-?hdyb@tvZ zmgZQY&@(+AH29AY60T%I>L!u$0)JuT4s&wr(x;a)qF1(7*{NJpX1h~3HD9ZoCfc5) z3dQfDwwL3I8xrKaLO1(^U`WoJ!t4WY^}-z}3}YcCaF}NH?79^ArCGf#XsSxBux8fk zT6nLDq=8;Fzee_9uff+oSjKt-e)nZPfBeQKIzDytmT--ARmvyQonL^`?Jqe(D(!Dr z9J#^`fD%vHq(1!w)~jEnN{m62SFH5jnvr4xcM27EGa2DvFoPuBTw!W#Rs(s!Nl`KN zVP3&tN(PT2%nLNp0Wd$=49d-miNsP1l+T(vWl9K|Tf~ zpAKTHJTI+9Fg(QhHr=oR6T@SUb-dT3%uF52t*h$Vne3lf}QwUp>ZF#*b} zUQ>@)zjR(j1zdoo|H(&wdc_Y1ru4NX7b)uej)~5=`1ZF~va)MqHF5L)a|A|}U;&ck zx9-j}YesvJB9D##M81OH5|K+fv0ga=9g7N~B+k_*y8@_1eeNA;F@y6TV$YnRgQ79? z5}q?RZ8Dkd#qHvn#IF%aH#~$}E2W4`l5lH6t+PE%SZIRVup0vt{{AKb=af$g`dqBm z#n%a$`1EuBRU`)~+3VfbXANG#Geo>k!!n6W7ABQyNJ%GwZL@0@TNgOBRnP1NF8JmFX}y85bhh5YZ+AP+@e_EIR;e5eEwmFYNqobjSv zOc6s!a9!}4Y1TVMxDYPXfrOOjc`*Ki7vRfYKHXu$)au?iXG}<{4tC@OhNUXzweBP+*y*fD6E0uQ`J4kM~@%Jf}X?F7{aWmBw%v{bxbWZ^8Q+e;l0(nfFv+9lScPzSpYssM+P<`+XuNQr_ zQ_0~03t{!{?DKc73pYgEmlOR>#%q1rn_QrLo7RIe*y4Lz^k=Y$h=6Ud#CAZ4vQm)*K2U0l4rRv^V{Qa#(#jkn#ncxuN_t|rGqe;yLk6s%m8*O67hcgp39hjVnL~AE{H4rE zsVm+y72w{>fw*ANovaV2n|-=9@*K#&?puO{Gry(pW`G+I#eV78>_N)U^x9s%@!rYQ zbGfMXJHnE@*+uJ%xXeC<$>em5tDT2RA|C27joPC_Fa4VPrCfT2l2AvnL10e+yGwQ= zTj(=DT{)ZYSHT|%#pZcLU0nWFp;`NDLs^Q-(Q@LM%Uri2R79Ded)at_)$uc!IT1DP zX`BD`07{ukC{5cyLAU5lzgFf+C+e!uUksr=_o_mqSPAbB9raOnB>YB6a={i3n;DCY zE|a50xbTYo1nQVJ1*Yi)&m0ycG?fXs3#!Sf}Els7@DChpHnMYMC~~P$Ek$ zs}GLZ?>p<$@tzA0(YBWDPc>+wtRVwr0`TE?nN>-VO*xg33Oa=5O5>$ytWq>%5Cz+H zNsQQK$1%H-=hVpQo_H)tXiVUdiegN`saD0G<<`oM>ZKqGY4F+vU6ZP{lbW*Zoj~Y$ zd+-RxkCZ!hG(0@nkH!RlFBt`;lz3>t2cO0MV=QX|Y@Wqi9oyurYS|~NcfUiCR^YB7 z-)!HY`4kl93OFTNSA6;pU~z2{dy`p%X(u0jK6_gnv9+EDI;8g7`r7o#bwWrv|HPRFt}De250CQ@3?J_qdae5W={%y? z!k}6e7B8yfD>U;b5pM|^+g?2vF@k<;a;jk)D0cj*Z^#*pP_=vxC13!6XZAM9q?BTO zNkfyJ#gD9MTBJ&1T7vtreqo=^LWaeapJUq*)Uy=Lb~tQXpa}Z@mvzBApR-?zc_g7j zN`W;%jJEcvh$yw<&q}f-Tip*1;7kApSC`I55TIQng$sa3I8m*2O>n~m8SGy^ks*9m zoJgW6JuzaVbDh2q+Z3M*y;XT8sOb5E7Zox|-I?C^HBA%F*} zEhaGa-2lBO=T=o25uMl|f6eZTa(>?BkdvYTJsRa%X}&i-lQ^_)F!#R!#tRTAh zOpr7eh1Ji7>KTF_vW-B=<|xBh7S-SWZOeR3E_-u#hUzGEERwOv3NN7NHqM|;@3|2r zgC?E$jQEV=IyK*?i+1S`@nt)#QG7;v>9|EUCD_xU@%!xFDE+%Pz^}ueLm=>g4C5b) z@uR#%RPY%=xAjke!=R;2MT&*zz;>5n@WXij{!sQ9#GBjm z*UJ1+G%7ghh$2gp&+v!rID`Yek#b88$OxF>c-^B)9*kg~LQ0r^$#y{bx8h#uP9cz)oEArGIyvX@U}uLjB1C zp-v!t{0Qcq`Lv#uGG39A-xRx!SLzCj{~-9LD5wuQbz&qH2(F6-QCvO+H^*my;h`I? zG?>uJD7I9yobn+ZvQS!NO8N%u*a-rY{m!a0@FX5b%wCdYurrhx3p?T76Lly|s*v5F zBn=W3(Py9*NKdC8!Y6YQ!VLw_84UYBTL#%~NFl-mUy}|<3i^xv`v2}blAqCkmpXU& zt@Gj0*I}+d$TS{<|DD7{F)N?de`ldsolY%y8{@P8Q@i!~C0iC}XXp3=#%p1r1)FV5 zV7GA?$Wnc-1IB*_sDhs8x--#a8`V@U50`S1<+h8)NNRz6~C|b z?6M;_xJsTPF@4LnGM)jDHDG7qt0_CxQk!5x^7ogj(=6SNW>^9-;)@VhN)>4TN}Dfg|L zQ4&OqQ=qu~jL&rTo@tLW+LS#|OBKthz6nsODx8u}8gnpzn=bUNi9^vP!UqcBk+EVO+L=P>my@ z6-_Kw!j|Pfyd~nk)py+X>izLmTA4)r7Wr^0us}rsZmZXDOdjOSBZr7@ zP9W&;O|Pq#`igs=Bua{sVfGH3B#znz@J+Q}aRm#NewkfTo^hQ~>2Wh+nTJ4o-@u(h zJfBeB=eoFiIt-U6J_?8CHYKF4aAFAVFC>=n6YDk=XB|v1_GS0_xvVjg`e1p{1lb;9 z9oT!uk6B4Zc9p{yk`Y@YyLiKWBnYB#o3Ve02872}f9aC15Z~@J@_LBD#1FFvTmYrpb(3srZTVQ6lYrSZNV_!d9U?unK+7Ql~!; zmB(=FGhO_%<@{BmgK_4%5^wJQ5|>;5&cpuNh0I?#fo{V6##3FSBox0>jHf$_aU-aLRh}cQ!D@)9WOc35~Y8 zDQ5bX3tGgIpwfu-3URyOkI%qsKP*^2{-DW;$oR+-hx8L-SKHV*@@ia-5B6xRfx>_l zF-5Db(td^A6j%>CrAN3Pf8mXjZXZXB;s8OBTEopWrMZvy$nb@bVW~dd{iDmER3uM^ zp5xTvny~f61lzXt&IDW$3PPguWW$k{E_)MG~eCG-p)g=*2~zTQ4H z!mRlPG%)<#N^u>$)+rC>LQq2v4c zbJC3sA?5PL4>WPJx>7x#ym1yiO|Sh%m*#lJkV7)E?1^;E-WLiV|fR1s5; z8rc~gWOQQw5~dhKaGLu7_h|>cQWet>zSiy2_Utcrw`4O~(pyt7jFm7ewBoqF#_!35 zS>wX%WlIJ8zeHzY|Mxx8@nxTTOx;DDcH1v{_vd+-ChYJKs~!MBMd*qc<+zzHOMpZ? zc%W+_U(C33$GF2~a?15||GKo3us`I4Q(wQfL*G&LGxvqh*Ty`iBRpC!EWm;?ZJk|G z`aSECcqFU{(b3TH{92`xS$J%D>WuSW*MP~vLcQ}HH?ZojaUjqQB2(;TelfMbe$IqO z`@?Da2uKaDlI1g*rtr0!kwvwCet>&gA(kbAP)Dww-w5nOaZu8=E%v`T)*kZ6haA%N zec7JG%~9#ogsczP_=tbYd6Kf^J3yU%2kgHXl!Ha9LG+9P;4bf4m8`Q1)_u{pN>T-+ zL7JbU`DOkLH0yL5NMZ=ctU*vdID?~?1`0ZWg|-AzBIbfT$->vS&yluE7WGsvARXdh zPL!aX==cJd?0CQod}*m_tyZ&<6DZpod3t>QY< zz|IWqs5ipEIaJ>#j}k#0}m;Q`DY3!YE_JN5_(lG}x?_4h9W z*L$|h;C6i0ttt^yhZIl8;n^%UDj-`v+7)hnIeT1Bd!%QDB)l zSS6JxKuj>MbYHRQ=Fcr-PfpLhGDP`j1vv5E8kEOFRg`_sEP28WkzanJ+p!w2do!MU zV5>rssS-L9;U9GJ*pQ-b0ihcFw{yXF9N>c1Hz>2yNX-HPhS1l@qTUa8(eOXn{futV znbJxBJ;3*t&7r5;sRJ7|=pE<6+db{(E7R>9EzROqL7qJ|O!BaN0m=St?1v80Bc~;@ z=EbBZDN+vFb^gq4BECsBv5YxnYb|G0?4F6jM>{atXjP&45YaE~#(oG1Etz2mgGBKt zSQBHQ5*6{lzM#3{u3~RaUw|Zm=nL{0I&W_x9m*YW!s5yaWW1p$(jFR25lAo}`|4K8 zN#0}yjL~IdmcOci`Iib+V&pe;UC#FwcEvTldU#GiRHzzemIbk&+@RkXC#L-_?T$7?WVLUHI&+>S9qRGom&8izm-eTV(2Bnxt@B60EPduN&c zu0=y&W;(B(AF0eo%Z;@o{W;UbU8Xzm>D?Hvp$7*n;8VLH6W^wH(tTv+5ssJRisUV~ zn(#2W$rIvg8iP4@WPeUzBS8rW1wU7-Nrd11?FATp6VS}SHIWI*T#4j7=Jh<3cKps$ zvK8R-#9XH-Qi2T<3r2rVN2F`+_<&Rf=I}Pu3hzKKJd+&Z9euW8o-)0uY*fVfZ6PQ5 zx@u^zwAi`DO6XOSK}#!`&EJJw%^~Rxj@aB3wjOSEV>eZ>$D4(0C8zfTDk`-e;{H8n z{;1P_)&w#(XmYeLpnzxyB01-R$DJII8sO^!&@=JB+v6^G8p26W$pe?`-MQ|Iu(8hm znplB~EfY2$hcNX%noBs?#KvwUWwRfril0vg?LU{zX|=)d`VGKZ4&~4?#M?R)5IS@d zI)?dN?<8auR8Glz@Bdi10CoC?_ExAk{oLn=&rXj7X1o<{$%0N%3xxSw|AoO4PxO85B1>yKrzVQuF;PP5d7t0fPOU5gs_dL(lZj z&H$Fd>GVWi<-hh9CbSt|Xiqxx6C821N7Jou{>m3nt%gEGCvp>d{&z%YiV_Cs`Ty=a zhByMwzdU|}>?pru_!HYbAR!RK5MI9MPr-`;iv1d8{>>;R z*Pze~BaHlWLXjH554ik4ZB_q#O9!SWFB?nwdxyeTfWrrT_wN6r3;B`aK^+_qZ8E#7 zRcqgFKo77wE%f|XCYFzqIfnqQH$#XByMdx9cXJHNGel*g!{TV(%Qb=~S5?1iiozJpg3yce@)sc1vSEzBIvEu@`?h}BI zM4UEEU}AJ1+63}SG8BM(5We7J27f&!oL&n1R5Fj}+{U$BNZ5rg9R&#dPfvnL!n5p_ z_r`Zc_M0Wy22{&Ub^n2zZV2B|}%6By) zj(SV*OxVO5Ay5%%a$sD9f<4RW?yDABGJGCnRW_^_n9y;kbPd6muQ1O5?=hoAfQ#TY z0xmxadHcX82gk4PER~0IL~DigQm6s!;Xy3E-q1>g z2rKM2GD6GkJdlt3{j0D+NP>-@)=Vk1s}8g=mHU9 zx%4q_#%p3_!g{5rY%iN5uafYUcy3zNEd5LsvcC!K0b$NukkH6fo08?4-~|w;)%@tP z@Yf`D(oo6LnBi-&n!?3&$k|{963*z5D+QGvfMXSG`jbYSNuxK#4h4~e7-+zu`bmT} zJi_0378YrUt#SZU>@^IOZHrlU-kH;$Wd9lq(brJJ<&He?+LPif;f42UY&JsAV^Ao_ zuPnfWDg-1aF%zId01*c?MOQ>gs*u;`@pFAi1h+@xY<&v|F|rb{IP+`fWl<<;=@-yH zO`*=f&?OBI-U$75?8!g$g$QKNlFSeEgW$59V9gJsHlKmie`h0NIv2dhwa9MP+NgUX0(bJX@cA96fgU& zOMeT6|G9YLA7&BV$(3{t373HgqcHfX*aV?k(CWX*;m{Khq20}|kblN#xntS}&CA+h zDj-b3FsNl|^)cpJFeyDZ5F&9fk;*{X&3t`pfY)&BwC7Cw8MmZc&!LqhJ-;XZ;&Y4y z{`IE=|IunOR^po_=96!YDv6OMXCyI5_)|<4NPizNLEe?oH2po^ZoKvu68V2SwrpzQ zEi>!D?Mb3l5_zSFC*ydG$Gny7)2`f8gLY0fggAtk0NnKbwJz@ojYV-gP)3Jr+&w`0 z9FXR7f&$hw?;DUTSdk7kL(n2`xzRL*qV*8&6sV+jP+b|ezqv$;?JpP0i5$L;&{gd7 z2MwO>tO=f}3nVszKy>?8s{xi!X8cT0^L~q!&6HwyvBMW{Rcc|hpnvq$aL7whdx-Pz zEaBPErjsQK@9UaAhFHQuYd#Ac2-(oMM>bHam!m6~4rZ_cOv>>pp3cA6iBr#cD8esizq>b{ESll$AN7h$ypgYhOk12F#g-awz=qTyd!C``BV|Ps3oH&rO(q&enJ(`yE}W4500e*pjU3Qc9K@JjV(7nBDc}|pjk6tt-QU)!-R;8$5Mg!XpndCrtrSN}ca^ zNKnE3g=*=8C;Q&8c2BnRf}fr008J!R9I>+$_LSZR&f5mh1%Jg7-ck~sEaK7*8*=(g zcp{@mKquaD={NA+n;XzuYtS3mi8ipLi)kzZE`cz34C!%1b|)yc*(>KF7}R!vlx~ zNkK$(k#v-Mc3YZUGedy^kbX40I_DO&ZZJGJ*h(N16b_zPMtW?CXP9w9Fjy+h9ad-+ zEO#6~i_)$`oRLp*z+7NMX$P-n;=rLUQUkb&$ zi6v*0g)n|}W2~VXsDTSO^uhJsL2k12rj^*h4i{xo9>V;Pl2 z3109!za-Sq6e#JaQrF6ttekBsGzdV`67Y?Z3I>OkE(z?U?CM0_Qq?Auxd2i=BWYOa zwr6d=jLKIq8h=?952Z#qpQJLeA9!t@>M6&eo1bSz%IHCxda3!Ispm;Oh}vLmy~=O% zg{?f-?7hGju5TRZK-#b@jHJa`NU*0>G2Jugf1U2_BJiEz)21&@fu`x)V0KD;4;D z^p>2<5`dfh)5kCIlRfp9Uo(@2yk9!|V&zj};2RZiApN5xo0uuo2~e#aj4=p7>Q2oG zPQoY@lwV}H+K;njEgF;+foq&k(|r`${w@X?M^qr{*WTMo@VlxYZZLKb$jEd)BLU@c$D>noQ&uk7Vw4s90q%+(^ zqp{nqvy{Gbwn?nw#S3GKYn_(zZIk%c6OF$m0?MA=?c|?}`Ezl|Rg_~(=~n=Ihhx5& zoZuP<9+Y%!AciF|24QsjA1fWI<)yO+x-7IlO8jAC+(|IWV-QN*9RXj<{KgDl;;fIKt>NOqS zGjt`~DxPDF|7kf0TMwsPK>)p=fvD7{+;?kmOWmok+25);&tEr7Aa0N}8?3`b5+`H) z9MwiAM6`n*H3hFHYuj;xjb9vxQ^!#z|_4I0|0bD}h+FH7Kk=ge6 zW?|vWL%Ls}C>X(;G2e+59eg%3xp`(d!p8vb3Gslus!ID@#%Rx=6Ik^XRydps8n^1^ zeSWi9?x`3y*F{tH37w+JK3TUKU|CHMhxWa^X87y-2jVQ?G!O@4zSA#{0bQLFBp`|K zM8#zi$qpw45Az3yw(<5~hR@8wwg*`UE)e-L$%o=)kvdI%+dXUUY}Hu+`M%b2*b4TD zYwi-Ud3yDsSBDnt7NXvxfwe0%SWJzjdg)tmqwde5UG`W$)%vf-1ust*3SQDpmH?fFY!pO|ABVyN%j%oJ}zeScC65P8OOFVZKp&JO%9On?F4Tm@X zm6qY3O$*~0TWL)=mN8f>Ugy0I>JX{@EZemkJ8Z|%rh9RPzA#))8iIIhxo*a?Rte>w zsMkYteiUfFZ-2B8oSYH7O6KMXLhk|w46cmM(-YhOu(EVGT_^Ue@Sp8ElYHXw$-$2U zPR-fzvPj*s0o6Z7+0!Wi8rC=P!4EgLLr)-6C+|@C2;~)`m+Tc;WW(8$W8a>fndn&} zI)Gh~-tbkm!y8p?<%H|uUeyVUU|{WOCly^rZ8_l#=!Rp#QeJyZIYsqSy|87wWOhEveI8W;W>VvZDC~zN-_K*Y-CdH37JJj&sa}s~ zG#h=~0z^^Aw#(prJOO7etyVzUH8BIQu%2K^$(xzUZ*o>X(PQAwXXGP0`c4RC&S=m- zC>)sliY|dnJGlJs=|5J_o|C-ciiGj`U8dEhN*&v?cdA$o;s_`p+r&*SaTYySp211< zqtm8Px_={LnBmedtUc(Uto^vQS2S*cv+P|w!8PE_7f@U#ur#|6Tr4~~XBV*iS~#*C zqF1Z8YKzM#L$eEJ-vH#2p_{zgGwA*0ia@D`a-kRDb~S1oNvq{BgT^Isk2KNZbLsG-11dZj^xd_db)r$_|3(ZlHzTE!HsUzwcZw!26ExZh9qT?jCxsSRijP!h=sjf5>0FyzR_}O_=?u-1=^R%z-|zB7<2Ij2{`t$hO9m^F$ED=-%jE-$+62ISly*D^&*!*i%(C? z)-FcL?s#=?Px16zmu9_}Ymkp-gMF9b0Y1`WN?q$#O{vq zT~GL#G>IH39B55E%Uz_X+1n+!@%iLY$c0ps^USgj{2#`V5 zksRMr68o`>nX)Hvo;Hnr);KwVeXB~n31HSIz&{Pv8qm3dP$9xQ`BVEmfdK#sot=hVV9w71n>8xz`Cr7gg|HbiO^ zEyxMW0>1@|(ru!F+S#5H$~bE}Frp>FVT}$;G-^Z3zPDMj<4?8AZA5GrPKPPW$ZCg0 zTo}xAPO`m5_ciN9_NvK;A@zq{PTFgy5Dy@Sa{sTV1wH(7)?rOVd}gNdLE%L!EsH5G zh~uupnx%q?;l<7_o=fv=JC(})M2Z;i?kQQA;JnJUY}dNWbD7~ek&bqY)(9>fSO=3q zn+VJcXLVP!8$bE|Aj1l!>o>Nz0gL>x=kRHcVis*RVU%oHMNOiKe15MP*xr^B7Z$p@ za-1toO)XV}LmjQada5C+iB4G{*?E*Sha1a&1Hj;zihF@>LeuCE{x$pDqgOwe5S9;w zX&`-V1{lXodQ}@}^7;ovm~uE93Q--Wn|y5T-E7x-|2EQ(O=25|60bQ8cpXPR1Z4TwGAP$W{J4ecD(duP> z91%gqXFx1my{Ssm z<88_61n_hVMo^tnNTof!5EQ=9S6PI+OOH#U(jMc85YIHw(g4K$9=Ak zt}cA|5^~kOcS;7#I2aTw89y>6e2&m84lu9F_md)2-r6NvnX&vqY9Bqntx8(CDvpCE zLr9Y_@7cwZy@^f9J=NZa_&QfdCkc({`BPoS%XGIIYxLfCZK#?sq057xwDjWBAD$^$ zC{I+KOY_$kHtXcMcT=@|H}qo0gwq5j%tgFGn%yo6t%KA8zYo?Lts%nZE5m{lhltWD z>r=p(L++)!O5OC@EQ^Bl%}kO77SohR3fKqE2{t%>1udBqi>HlaZb1|e>Nt=sM%#W8%qGW5*EDL~rg^TyYhz*I&g3QLVTZ*&?nrUC zrmXfQp0n-`D+Le%H-mvPdg&{#ZL@j6>X$h_y@66>e|w+L8Hbk&qRZz+93k#>w2YD& zZm}zF_(m**0%#vgg?*cMV&}oXg-VDD9Sd8;-&{&8}~13Mg&D+lamIKjO!yn3sg(Db~S`2Hzjb zhh{b7|3uDoJF5X<$EO0wRHQo_VJoKsi))k8Q)HQkt^-MEPmLuc{pkOZm|2kh`Gol9 z%h9O4s?l3_L;<6EZn)@3yE*|NPkei8jGmGhN%g;?oh}LTd<>q&8u$}gc|s^MJvkPI zu)hgF=WT@AeAu(QeFrLg2|1F-^jPz4gw$j37_Y_e=$nfl9R45!>@gat2y>qznr?1v z%_U2Tk#-vN!QEg6!mN5FX~KVb8WXJcdU=LtI-Sc*;>)3azjI3NGjPYd+M$r8+*gPr z<06q2Hk^(elk{T{uP^dGy*4_iQ*jy!m|d41EbOu?4P;C&L|wb%vKtJUi4vy2{n>6| z;lAdaoWfnO(lReQ4;_xVw)bwY;j=4k3vC!LlUfJ$U-$iH+chJFFg4{8MZUr1UQP78 zfbnCHk)^4D87qri{vz@N>6;XGfqvATeV+b7p8vQ2<0vd0fhZG^VfwLw+Bp)arvUG! zVm

#p8!y=e%VSEz5A1!{}AOuQ0US)*&9cEQaDFTK4dXv*Ss2JHEZmqF*js$nh!g z7(PsTXuHQ67S_@q_Z*)uCN6R;d{j;IJ4VvHGM16B>XM=jEF?5eHM4mdr{asBpRXTD z-^GxJxM7R1ouXq#q|^xLGIbCUq(55SXt?xM33H$-@wfl^{X<6I_pCysXP#LpuhxhR zo^%;aF?uNv;)&ky(2Ff<{K}6w{cymn$bDnuNKiS@#<&?6elVBqC{bbw(29dI_9F@R zU|=cxcNhVVYnu2gxNRKb52_ym(j7}$7px`TQ^QsHCkM9oxDa?B7J<#xOKcVI+W9hU ze8-_dm?jN-7W^L4IjFt;pNggR^8T%+@utFqo(7y{VaOFsuU<>q{|-IOTka!)rPCoI zkt^(-YD4E3coMQ|@J;GGd{0n*! zxwy=q?<3)U7VsR^;NT)nPdpFb`Wx2=(GRHE83by29O-%2^d?LAeEi;;ncvg=M=d!{ zQ(5koaBcsL5*Z9)d1= z(}}O&GCvN~-p!C4*%;RdGE-*0RmlKfW!zfl%Uq|4>6hEauJY)E+hV^aE;e2EV2xJi zJ{{5w3ps2rj>EQ8i$>dp!De@!{aNJxI{Z@OrL8uoO&``;SD2tcH+@vtZA#ZMWV6vq=&r;om~9#2cM?*N|YfX zDc%r#TYK`?;9&FJ8_QG7Mwy<^0bNwCaWH)7Kdw#@*kEch!2kAnD2~KGvQ=R}sTIDu z8uE?3d*5_1`i;P37kXVu$zN>W^bmIKfTkXP#u(fgYjfsn&%)d@7AueEIz9QYigh^f z^f{PvOBDAo#Jyjixs*|dfp+EhYQh}Nq;BQ5ue~nvHVvo5M-!0CmHn{=F7z(6_9qk% z`|AW#-FWN&_$(au@|r+XR|oMgh!>omy%MMBsa_9KU_{730g!3FWtoprh>XqV0Wjb z+_-do-4VSP;rg9C^1CYL9#N9YjB*%&H$b48wNjVLxzAdRz7IIW_%CbWp$$m^p*USt zKh*t}YiR0@u$aF#zkao%LWmIO@vfFZQPknl?14^%J_3Ei;*MWhrhCgbq&qH&PNs83EiZkbbD&k2@2Mq`!nf$? zJPl=p{Y%9enL`+)m<)Jy{JAJ%Wn8~~iVEINZ74IU>pwhr*tBkI-QD#cc3GvEJhj^3 zUC?J~oZaU15h7N|?|NOD<6ZrNqPVyFss2mC0y%rZQ}2*7b4~Bm5lYcqRr&4j{gbpo z+czkRo#V!zZ(?o%gy|IH=q`4;{Y||{W+0+jRcd& z)BjldMpEhEUV`3sXzDW<*wqrB2z7N^NHRoz{~EkPat0(sB&Sz^m%}@3y2hN{yNMXY zKx0oSMV>{Qw*bUAM|UDuC1xhn+7rHoNT1Tgf0CjP4X|{nZb5~;Av`jc28i;K*lCx+ zv0NDb=Ga(@#x8D)&p6bO+N>nDA%?_v2E_xBUU>BJrOs4eS+n1SU*%Xb=_$`qcfj}n zE8S6|Nk#T08FFB?AcHKOUH{sqX(QRAgwT(Xl8A23VyaoWt zqeTKIZ!VwdV^11FfP)K<^gBTLUDn{{T-ER?!dbuGZUfkV zkvQW>=vf;+k*wiW71WZJIkq1%bP?a2Av|b{1;KU89V7mnM+s*pYm|?F4wH9&yE4fp z&))VZKoctVwq53~CvU3(PIE3@>I@0+n@3PlO2%8oNxp7hR8%1G;03X#XqrH-d1J*# z?_ax;pd1dens!t7>Z?z)ko@#=UHiSvq?jAqFAVO_JvnBa&~kiKC7QSI?hOmKSN9L5 z{h4OuYfPaw1*PSI8ZQ0p4tUa=kzW=jF9GHo|0zWieCV&d!9Rd%F^}x2ty@Nfl54%) zK;KgF98FcNOy!!fcW`K8SbV1p3T+X@<0vG;8PY{)CdkTLAN_pnMb-A^^2?0d_>PuI zU1W>R)|t-iJ7SU%@g~_&l%%p2XZ-pO+)la7y*eQ-o%zb;TQ~kZP3I(N+E*Ce-bSDK zNLvb75G-2!`v!dd=cM<2ZC|`7`59bVaID0^cu7a${C%Z9>1N*6}@Z^bc^$>cIFmHJ}_FfpH0dc+h*```U|`HCJ$eu;mC(9Wn~(-F@dP9la#bewn5O|XFu6qM>@Ky>DS7_F5)u;qCsInqBDpB;5y_OEYH3mVX-0Sr zdZ~-w-fFjlme0t>c+sbq=R|I|@_MtiDd_0y2ajfcv5ej+IMa?1-HMFXj@15r%r#&_bpC;s2G- zhB&ELl*ligFQ2$DLxXY zcuzaMCQUV1k<#?%*2&$g<5ON8fjQFr-E-idE^FYhoHx@io}e61R(TelD)R4^e6?}g z#|*U1{xk0X!kyUJJ*9LjX#R59NN^Kj)mr;E*85W8Oc4`*w1o)F2Sw#T8dk~w`xnF} zHiTVkU}+hBsP$gW<|k;MW_%kS9=2Eixv88RFm$dsmjBT83!(Umk{A2QZq2SnWqcdN z1HxlUzAUg3y>ek*-1R2<-jz_%2p2NWdHiEfdmtMojE7^W3L<6hfkH~?rhx3Vp?;G^ zw~wQYnha=^xJ8IB_(C2V^tVbx@1jgsz)@VM!j2U(kHD5_bf~*zC~VIFguK$qEgsS^ zG7XI|PKbE25Jn|h-%i0CjTmI9jZ}-0=yDar&9G%E=IG~0z`N%PibffJbV9C>cm#w) zbru{@GAykDf{a8*DlO8z5qw$EQ-sf|qe#nVjDUTTH2@*I7BKv6FmlsPh-?uLH?!BZ z%u;Y*Zex^*|0vxU-~iFX7sh9?IzN;v~?`7_Jc z5T*B7vTh>vD}#t#dYHt+@Mybxq>oGVD>c{Gc)c&ULhVXy)F)tnGoX}5CM>%Bn*xXZ%S=;q5C z8+H`I=iRZpxV~ifi4*rmw&tfxv1FkR_7qovUmDL!8?&rZlz8z3amZ?LMyrrCNcp$G zzB;9|TQ^)%EV2Mw|MqI1%O-T$VjX%(jI8uY(t!HuM9I9C8)!^T*5F)UnR+U*9<9iC zAh+3-_n|GCkLDLYl!&8!O`9D{P6%4}lDS6&hXTSK15%#>Np*0lFo<1l#@S&Wi?5$& z;j1o#;sMHgC&il|I-UonskHmPPDZLl@JsI`wJ&_z{GV}ISM3R94{De@kGVuN9;g%> zaBoC55>v>FhHhx(r=yK?PlQSO zHLk$3cE9@WPA*qYKky@-1G8DBA9t@k;(Yqcbg>0~EiE=Gn3SeqfWjg-m?ovKztcck zjN>&WH=Ska+I>K{ZmHys;GFp`i4$hputQshr^{JbwtS=27HnO0LT{EOw+E zP-SQ>=lc~s{^?lJn?H+VO;;R?dMc4X~uHZS6alTo6a#>JCv{y4{Mh)u(!I3GgOTEkS?>DsTIB;n} z)_Vo#4^eX*nJGLaF9>h<&(C{J9IH#W%QL!FLvQ^eL1R{lktosTy6A%_QFL^5C#Gf5 zUZR{2js&UIv#0KFc`^Oqoy*xDbbrrv_g&(ULW+prZat9kwM6H5;oprV-ix5bCxlwg~>ze4X) zs-(+p)r+s>SVZO-IX>=ANC_rg6YmMX9G-`hKL=z9@s`M0P7q!$XcUGZlRPw6{8-xt^0G?LsobyzoIsguZ^Jj75n?Ocx%Vi^b z6c6KQCL=+l(eYQC>`fvzj=VytYSlX4Q(x1Vx;5q&-!E4pQYrKPsgMz3E}TSV+ag)w zMAQYIKl{JNurJ&QaI!G_od;dO!LIUiPE0wVxu4NZfW952g~TGZWs&f)BXhC-=ei<* zzVa1m%eCW*qu=AukzL>dPQWoRjL7^*g+O8!w!_r+Pa}Xq2s`sqi#7Ecwe+Sw^^(+TtNdrv zKii1uQBFRgpX3~0ZvwTP45kxoxdpUKj6^9gjG6Va=;)1D?Yj>GV4TbB(0aFQfS-v0 z&OS18WCXy@bExzh87v9G4M+L0D#4EdX{6a-yGWbG?K)4TC1u?(Sj-zjk3X0lT>qD{#j<5%lo3DcpsIK7gfHg_xF9If?6(ggMnofwW@HW}_-mn#lqW-i7N@Aoui|@=cvq%wlWC5>`yZQM zj?0w7FKbHknWS?R!|z1zzaXugSwtKZkJZoM;fuxwey{8|$fY+!4PQ7b7RI&b$%19y zX!d_c(jryHTx3O*J183RI+Mij(@(i*oQL$)ErY!dd-*C19<^snB5Vs{xjL~1vQ`k03UusA{>r^ z9Zi`jn>QK=sIO(;@&*TfNnd(wEMK0&wG|hQLl`X9@;~79EeUKoK~3iCm$WO=@4sSl z?xLRWv~wK4jX{M^cnTk>?m5w22>oPqg z+zhOA`#XSsZNH%Wx=NZ7Y1Fleu2r%kCdT15dBb87puBv?*H@g;0K_r8{o{8z!5q>b zocnon9j7%%+e19UiZ?cbut_#Hfrm(f&Q+hUc!LX9_P2N_K1()y?v{gU;v9TYf2#%G z^CWxHacFSgL{Z%LPwTJ*aUr@|FL^lH!1cwyrsEzXTrZb^=~7cej*`s3pQK5*M~D1+ zDRZR-%xk!AQ`i4X<29A>E_=0QOWf`MD+n}D5PU!4@D|;wKLMs#0+)J-&QN~-4gZU~ z|8BDd9}#6NEd8JH@iYl;&%(F;)ji`(y^j0HXB4aWvoQGoqXdMTUk~M-=W7o;ZhSaI z0)M5t_(#9E4X#JZ=;`ZAianNXIQ;(678KYr7i~^$RTP%J*pJFjY<*XV3^vBCYi*n{ zx(V9Fch#dg9QlGcS9S`XdM_d(#w-yuJb&q89R_rSiUvD0;nc$-;mYCsYxF>VTZL`S zCR6Xi2x+G%DuV{J@E%%)kBQLkU>I7SM=yGI%Gh`M+%A#Zj2-;XKzs)mz|ufBc(3vX z(ELRhk2|agy9f5a2^c(Gm3?_8Vv&343iU6AMba5jS`v(??!5+dC)iHyy=yk-5;V8o zl3WPx<<>V%<}dGp7y{_UmmBA{*4*;P8DM3(cbrw7-%`pb9wqgam}CAcVOL<;Ob+q( z&3P4)H^W_`hab~l+-X%U(_-q}>o(DFe@TQ(-`1x49v|D6(t`NRhE=y0oa zY)OB28F`ejeWR`}jF>N_4T}A7tIWz_^LHvty9T$qPe5(HOcthP#;vaGpw8c^FXaXH z-qnLc|J!V^m1OVvmP!5h@l@n|AW{6kyP!v}TwC)U&#PeyrFoH;2jPa2nh`xwIWYdB zklJ|MJkXRLgXGQ7%d4>9BOqS4GYDHbCu)uosWLJv<6|LrjIMCIgVbiFq1)c%bL#!k zV31sN5tv11r@m+qJ<{rw;y(Hn_3)`_l0!3vTguQs=lAa-;;|z01sJnd4|pkcZ??K6 zjQvuvFJ};czFSCt5(-5~2|b8WHH1FPa*laFt9!b_Ma{70OJKN@MRYi&p;b!OO1DJH z6ZNmSgoGYTnOP9`;cUoGs?p(eL_<0sGkOT(1I<)HlP%m=hz1kB2AM@P=Df?8*>}*9 zU;<=XYWnpoTpFdGO^uxQG>nCkloZzuH?@OvvxIm}m1zq{vvxicT5beS>9K#%}ZBI^SO|~JwB#zOx9tg5E z#>HzzO%Tj5(dT!&`OS^=j#2}d^-Ct1Fda5{zmv4#h|=eV$LFiQMrcnHscIC$_aY+) zeagprFa2lzk(>E1>UKcEZJl(P@9|Ekx2HhJCGgzXi0fFN6>)LsZ+j@0pQz*RvWHss zh!2F!$qQG}jlXoRW!QTRiI3-`%w)zy4x}Nq2hjeDBelNmv}$7@ugy641jCZ49pRS& ztIrK7Zw>IHlwPFKvq(xxnzJp($lNhI#wt&MC2WVO?pf^k@OS%EoH&7Q3M+wOv7NXHWVD zDql?Sa!-SoW&7cLft@MJ*Z1}&y5l1eK2zH9rAwH9{KQ4PevOQ52Lp?sYU2-T>C>BK zNN$oLz;c>gc%sx1o-fW#Zm_Xkmb? zo_2>#{=R?Fg^N4qv}7gEFB};MS(09q1uJfm#29&wGX#nmPjS{U+aI+&w2}wffUInW zV-Tf%L&u4s4y|WFy23ufVK!as89g{RP85}fSfYty^}Dn#8>r3*D2a>2&%mnO0}9#3 zQ@@~eA$C(*KVrE%*7MU&Ki|!8|AOiu*oedvs_(QKY7GA=;`HE2yc|@oj;l+y2yHm9 z;xoSLC?%tgb$fX`6q!YP0Y=^1^!Z%b6$Ta|zMbP-v(3+DZolfh4%Wb`lJFyJL-Jal zUZ7Q*Q@t4y$e8UK1C*uHW$l0y&_*?c9QXvr53Da_?&m6T+_n8PWR`I!PbO%1% zBpJp~0P zP?5Ko9x7dZ)92>w8K@qdD(S{571zbJdO!OzZMe^8RKKF4In0t_1>b0%9O^`NZG%cY z&|G3*Yh0FT2Rde1M6%-_uro^g0ptGkAINq+YIb2NK*2`{>gvYOVo!G_0`e~cY{Z2m z``5STy5rvHA@#K)C+>Z`ui5Xzp@9b3OFe(vH4jAi;5E^wfg<^CG*rz;V!q>kEWg5u z>@d!6e$t@bTJ-q%m-G{#i=6e_$yBsUZJ3Yn3180*1#sMwvwd)g-*863XwghsEOl#_ z5&e3fCyXK0nz@hVcqoW>7JvVFcgOPdlhDj1!PQF-oL`n{?~^ECMFC3bA$JW&W5Sbj zX!`q`i=e7(DJ-!G)@A#72_ML(tk%4dpx zZ`gRrHFDXsBx9e>UhA!4%AGDt-muxEJ8dmyVmG428t$YH>|t}?QF;A0A=vj`QejKl z{@HhrGsUP=K2mcNSG{aBT4Fh&6+CP7gdnf&yuDB_frDxl6xmV~u|?u|Do9DH6>dhe zy=I^qyM=6#q8QyLZZS{4I;6i^cEhtzdhM|X5bv!W*n8pA)1R}7)a@a>ZhR``sX}y9 zA5hw+w^~H#P5ZF@zL1;FDjKJ1Cni{OD%z~dA&7?AqvJe=2u!tEH+(%Y9*05p0u`kO zi)W~Gft(UXA}hj#G;BMLM@Rd{G}|Z#a&9+j`s%B?=YdFL@eH3#+K}m$f^Q=(UBTWP zsNKx_ZTdg#)%Rtu#71j04wqin?)x;MW4*tM>w8yKGC@=*-E{h_e=z3)#$+*~3Qg@g zA%yxYX%43CCbZH@wV$U;tpyok)wOan2FvOe(w<-Qf>ut2!Db?u=Gn4wLHkX0yNlHi z#qJAakC>QI5E4zu-Y@pixs_TvdPSv}qj*&EXI=pJ$zy>q3ToTDlI0dq&G$de&*?yr zGt9TaU4G0(TTaUd^U8Ls4j+qyPoLKApo`&YpOY76>gl$x`z?R)s?CAq-x)=Vd*3`< zeeu1}0{LUl-L~?XxN-${-h=sj$r%wpx{uXVRr>aGcC_lt8HToaB4jO)sA>yUp%m26 zsU%JI@>;b@ za?Wi3Tzq=KN6}6g_9SNU#dX!YefIL4HFz6H(t_ZoLD!1*{eh?n#y2{;!k4O309oLtUKF zl;C>itVJf9^oL(JMg0f+RI(z@sFYMIlnqci6ntMF4ZBcW@^M|qSuVDT*gIzzDEi+} zZAuDLjmSBgp3^pb?&<9g<&XCcTHJT7WV>puurVu1sb$!FK(07f4uIA(DckdAblKE6 zYKl5Icmz4#e$(&f&URlp$Nq!<*BO8NP?-77R9;tLQ822R_^x!J$<_T$Ks&=_8%eR= zrK%zxv6m@a8)=I8WAjU$#7B1-xs@F7_gQ}D@C(|cbOz5rVU^!Sk9T_S#P~?J-S#>Z z)$xx)E#DT=UT;%)Z=z}Xrt>$ux@HlrXt+(9GO$+YC$5l2q< z-ea67ms2VhVw^FgHdxr_6ql7U`gi_ zzYPb81~6w~MZVR_^OYYrw=mHhX)U3j}izPk*X~ww&N_5|rl+mNp5iE!nnf(RiM{({(?J z7vm%Qa>kg_SDiz9O52tMW#nBID54JSFm~;zj8r^%-FtTWmp4B}t!nAApv!r5djWa% zoo9R_@aXZ7(t_aU<%Qu|aunrwL|)5*(`668`o1gbG z-7u3$w|LrjowKsPLoJ(ZbVr-t76v0LyW^XF==s+){aRqD8}8qEc7J`MmeU%O%<3}l z^X)sz0#-?%=A@T-!`j?w7yh6s^-0qyPL?HyHZfjk$>fq1d|fG5IOJcz=CClc)AX}* zi`dw2rqx`0@BIBT!$&py2Z6@*m~cv|i!^ha>lYsCc(VNZl277Gf3aH2^qr=A^_@j5 z@z3p-oS=L(*%M+{LBD)C^(56kaGm_rKJLpU3y;|~X}(ARd}#LUbnxqyd}L->Rx;^P z_m#EhK2q^XbjbWztmiv^tBhw;qT>_4ksqpzzBJZLzY49dNL_I9d!;tpb$$C$%q$Ze zs)z`elkW=UbsPFoc0|Sght?E>(z5cSf^q^3Sb_WMMG5X^(?ezK{sW85*xx&km)A=3 zSt8Dly(~S>dEb#qv$to$FR@qfL!PvFEB~83YIJTE)0sO=ZCZ8$OWLn`hHieosqa_J z&m{kw*}t6=O-FY;*|@PUWaey|J+=60;1~Kcc6?O~j2?$uZfo=?U(w__nX~EOm>o5F zW1jS`mzL5Ihb-uyINr?5%X3=0-^eJ;QB_Yh%J;*-{)cM&&6(x0a_M;A#CvWxcaCUk zXcJD@Nqb)$Mk>`PsOx}?f) zg z00;hWT~M;|D#sz`Miw!QH~`0l-iM{rP*_#9)w<%H(4h+cqow`dBRCgP&+%SRU@0@W z#j@|eA?q;ME>0^5Ik0cuThXAH4XeK)tGtmer^C(e7%(Uoc%vpJx%aOJ9#)?zSuP1KySf2M+x#s|7q3>>oQ;{ z!=_xn5yUNv?+ltIh2yFwsqV(~m3-$3qQKHxUHvRohG)FkA!OBKq zWeMfWb+5BJA>Ee0YhoBWpF92iD9vNzHyCJh~NyFilk zk-H6vVj7%{zj&b^PPDao>*G^=pRsR@iReb56GJ32qz8&JD+-*j=Kvm_>YRZlMP@ZB zAYu;i7$&`vXVCLChpVz*p6@Y;62G5gCYJvn8gln&lkr;DK9>$M^?l85_nF;gd`eKw zy$B8H~V|x4-*e4kxoS4J|xx(%OS#a ztEu<`dX1WgcS;|bm4FV&IeR!i?DJa=sqIK|JLoHlC@gC>`p}XtM#eaZOR{XllL4>V z1X@v}o9xws?{Isxb_q}r^62IyO)Ww}`|3Ah<|CNdx+Udxg7te?I6AuU~cGUdl@ z{&cTym~~u!jjl5)8No`3Cc{pDe_X|#+Kn~i0YVlml!FHTnk^x(2J=; zRpSi%lxp6Ef6~e{B#qRSR?8U3L(wabw(0!R-T# zHTr56Xd5o2J{pHOK>#@LmSO9GUe2Lke!LG+s|t`R5QL6zH46ptKqh62TgoxqjEGwP z<&z{i%pXN+g6`Oj<;(Z}eG>Ckjx<`nLc5Y6e@>xnZ%k2FUILS{_1dc?j;WqRIb)oJ zio8ygPHqCm3ReiJkZ6pvzkOX3M<&)e$qa(k;8e?Kv1uHhOV{o}JBXTA6q5!yjLPXDP6yn3>>L9CbEg=cnZeS zCh^GL`=S4wVpGL+8MJ*C1>>h(+Z^{tWf6qNkm2zAOWwiAMMc@fZ%eN1GdChL{3sA z!eHRV2lM*Y;Dotx{7^v0Qelf=yOI0f_g$@KF5{pLn~L#!WS1X9li(BiMXvZ4qaH7d z@+b~CRXq4Rc;u27neJxWu76kU!x7h2xLebQG3xA=yE9I%1TOh1TRrPhN!`nbEW4KQ znW_e+FKKwAveV-4E{N6y;YWP+Y7;<+0+sEcA?<~w73rUtW(}Bp;hg%VB{ecw@NIR8 z6yI`pGK0m(^-!g`=Z~@}xM~lF%wmVe3@_3j0ZLPgVlF!17jfnMO7#zXeaS9gzSe(K z$}||{q&{uOmX2;5pEsQO?$?XNdd07nHC#>rDFGJp zQ^!v*=&F0=rCVn?A+EHyz$R-L4O;;af8>d@rTjobG=h?B@F3(%{Me3)wjMpayy&BQ z_DE8y4v&kK>|SKjFcifkvGmoCwN8y@jwSj|FsZP8)fp0O;fV(}`Wau`gU&-a(;@yf z%>`vzJA&ccQJiX%cT4rG*ZBII*-{#qTfYo(|O!GSu@%Cl^ zC&kl05B0=8h3jEY^ae1}M8P0lzM;!BJA;Hys9(sRKlz+ z?&1Irb}PZ5p{lj*cKZvkGt!%mepc9c(FX`>5=w&F1E82iZ11@fe|ju{E#qBBCQBLd z^R>P3is;K@^e_UD4;rG)t>qWYXeWxz z9Cz7??Y}gGxVs%HY(dG6*#r9|&IKlIsx~!x*Wm2MXU8TvLKtkkXSbia+ZkweAa%*& z1;zYDczPbR z!LxJZOWhH>wIbGSB4Tvj{eaTnGzPN) z-PS&R0`H5u`vw~lBP^01sC|Q<&RqCE!(bO954%^?mbAvk)=5*+m~(^y9Z}eSVb&{~79<=wxrS^Z#E_0V5ay literal 0 HcmV?d00001 diff --git a/docs/extend/images/authz_deny.png b/docs/extend/images/authz_deny.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4a48584abb3db280b8226d18888cb0539de89d GIT binary patch literal 27099 zcmdSBbySsY*Dnf)5~8$(2q@hlA|NS9OM`Tygn}SQH&QM-Rir~Y1VN-Fln`m8B_*Xh z_Po{i+k1awpYz`y`w4>|{)(SmnBm_`vP$p%`-!N8Fx9lYaf;>N>#OjT;s1Lx zpD;Aij7t}k<^H~tPiU0qzn?H4W4u7EAvq-JEXGqk>Gi z80oWdry&CguGZU=9&|Q?1@>}#Eo4UJn`31bFJBtT>(^}eDrlWvy=|))!rnq0)XyxV z#^yfhxo7oI=l#R`) z?Q5OqQKswG{N}J(#MdY~ndle|sWyh7U|Z2E$(U+M4Nq8->25k+U*8!r>iF^gk--?F zax(is{sU)wh4z*t!Dr@;e&^*vC^rS(87+K!>m>T|*}`QjuL*%nbHTg1a*WjRn8Wo= zWjY>LLPL9)(!XCwHuYiDHb(!WgPf^pdgtp~3ew?JEU$PiaG%WQCb|V(zJ}?Y z%kfh!ynnvoSW?pGgpE&M@-1tQn&kaqg+nZS>R1}DeTg8;v8qzxgV~tF{&#|c2Qh#Feh32>)UpQAunIX$j7lRR*`Y)mte)jbLcG{N6trxoib-BB*ddA zZpyEYR5%GJ+i<eGv#=TI>R^!uR?-PY7+XV6U;q3cY^EtGN4WB4W4;CBQ9h_{XoH=eh ztFLn1%Jx`q#B%suyN5d{-It@x^#YfaD6`&m>*3y%!@;J7>)yEYd7IT=M#et;E$=1` z?yB0w1c`ZGG>Pf$zE3SMExNbhRo3>?6_-FIR)da!hNf6b>g@hoALX|;p#k}hj zsJlh>lG>gItLLgQ#3d$LzVKctZF3x6`SCvg@sBc{jcUim^v~N%104=GEp)4%rp-O% z3Ob=Oq3ww0P^aKEe~Kq&(N1#h8yS}J+;_q_HQ)ZB^_tZWqZ$XBb50+}Ix3ADF=EPR zHr9WB&VyS}+0UjB&(3N$Q8RLFLHaVa@H<;rmtK>6K5Eh@Ap6-XU;uLvjtx8giyf;%WV|V4p z3=s!GOO^eM^gyk<^YZnZmfvZ2PWC4ApDlb_SjK^*s)5XVXdyn+3}WE z(iIL}?Slv!u?dH6*imk9_XgT%ybJO)^B;a3{rm>&La&TVK+DSpWwDdYzU|D&a4Ny{ zy5miS1hFIk&2M*pmkSIO8R#v%3|fAa;+Z{Ippy}ZPh%U`Qlq^;J(WwvY@E7Nu@#U$ zQf?JfwD7AZqmWlZ?kL*(bSp(`e`z3}tp>X@Swt_6U8mQflC4#%P}j^VQdW>8+n}Lchp?sL2MlR508JOpRC}c z@J065#>wDF24P@VWQ#Mw>x2Ki54K z#z)_hdc1t&dqhX{>b+`}&aK+C_k41;OAsFCS~q>vboYm`W5_AS0hC-)k{knEQr67R z{=O_Xj~BY$eFza^WL*+!%xo(9al#*-E;20(R$dKc-^8SzQQko%gAt~(vC|rUn`EQZvXD#_9ETz zLZ$O>!)x=0JIh+b;>yu_lcA(+x;my|{p-z#uWmPvOuxGM$T3p4!g|q3pP1UlwsO+z z)5rcc*gV*S>$Jnu{uQiS36YVh- zG3~JM*4a8Cj_rXwlp#!;p8}@iKfcYtiT4x39;AE!sM|Jc`&ULpJG=@PoiysZO+;Fe zv)WO7{fY3$lMal}F_DC+n$};w3o&`@ENMP*wZ7ZH-5S%-Z~>n{Saz(%z=TnTaLUAj zj9Dhw^;fchebZ*3Z_uaVak#&WYpa_+^(}q==cuWS9p>6eS1*1}4WjWHW}x477lo6$ zxz#PEx5mBFK!XZNRg7W%T3CE^!Q*pZZP!@Gqua)QJt3bOroJ+J?KggD!#)iCBoV*y zeyFYLKwY}VQoQuZ=!g4PLz>&#^rX2-Sv3gAtz3y~NIKu%d5~({g~hmD_ChqQ9#DXK zwsHz*p`cn|j@o30Y$|~+ zDzAGaKRsWatr#+V77|W&ky)Pk9!lE;9oI&an?t88^YU`O5+_cz0exlN?sEr)k!1_0 zJnY`ujGr!k*c@ii`|xW*L2Z>!Im=#Q zs-gwDx1Wq;7A9;&Com{nxrXPt`|43L;kJ?cIF!A$XuKwqSj$5f=H<6Zb#r!N%C=_? zzMo%45=;g2&}-K+S*J*^_GAR{%Q;8zn13MUH6%^q5x;>ITlXnB_h5JPChuKwg< z*xJhCaGXEI$&Zs05iXTfpIBB+`RBhUI1*V~u2#GX_4iBWvx<(>I62%YeD=(gE6Dzt zkm)FTw(9j^swa;urjMchm3g0ec|uuNrVw&`w^1gox{FmW;_WQ}*FehzL%5Ouf-qmi zwL94|+Agw^8DvL=g=-mJ-tgj zLc@hV&u|f!qHo?(=J81h+oAE$o$qxP#qVoVevFTItLJ-vOzgbNJT?0UOifAH}tjQ$>^Zkpl^1>I*sRclu~zd%V`C)uJ8Iw zbh}p5=+?7ZQUe9o=-DVacZbk(g-!|Knk9k;8j$W~kJIhKGI? z^_O}R+k_5Zd|CSv%eNj6t1S2?@L&&$l|JZA(64b( zjhH9AY>^~jpB~GiF3o+&$Hkx6dV4jbXXeiDnv5gi!R7T{|L4th(sU8Ro52BP6T21n zy$|DA9;CMQFB$p9-+cHvXreAia2N+g&eK%Zzx?BU&UnY1$G0RwErG;UNhpt*dtMX@ zV$T9t#CEx+M^?Ytj45L-*UGl2?I#bdwB;~7H8h`K__XPH_b>}Pcw zMKJZ->L<;WH!kPet_o()u2s!kCbJQ1>lAS@KE#VpD?w{vK7WBIG1Kbhs>wLSjM{y93*9M|b*!-@mvc3Z3Q{hvqwMo5h68iSuK_GVR& zj~|#`!l#o$;cjGIE59l2n&=kLcyTFN-}ibf53QelOr_UyG8x|Ub&)B?`>$nxHob5X z+P~W)i7%3wqr)T5=XXnJ`*-Dpn}YF}KNmw$(P|~9kpr$~?YULG>=j>XI27k~ zziD4exo~(}i>=!&1`TJQ5$)cS!SFY?Y_j8Ge{17OU_>eS*r1|DpR)_%1fb9cZ<$a% zTN@LsEo?I1-tJR=qfRYHYmM`?nY`kDM`)CIFHXbv*1D9-ECcUUB>^7I^=Pv%3i2@G z1kj)t@dO&ZDUqU&T*55j3=>JyUhwy89tv9@P1g3$h!ig;h8i}am$*ashfiV$qZyrH zG_^GRWrICRKB52nqoiiyRpg0(m@DlFjtY;o`^EQOf1ivFL=+F3>>PX`AfQrr&{OtyoG#~qw_H8&yz8w;C*QI@f82?QG!({7#X!Mbj1EX z*$12cVCdF5+r<70CwWV3JPO`so2J>{q{>n*ht_6BamF<3_kvIBu<0xD59P(wPGXJ= zHIBbCrUhpIINDies`FxuIhOn^nx(dr6XqHB!n1+w`k^}=0ZQ~2$BFE&LcHnr&U&~x zcdpKJ;dPJF9VSKVL0?yQCIZy%MQO?j1-VH}#)i|Gv1)xY$A^+Mf7e7#4>KOf zPb)y2YWn}*2MOXsH-?P7;}(+LmD&@yxBx4~QwciAj#oQbOgD!(Y|Yxdl*X?2ft^Gy$L00sz)O8&4ZX)%fY{2+zuvHDkBtJ* zul3={X#Dh?X<)9*)XyNALC>F2GSoP_*M-M#a_D{NKcEux8ha$_wA5dEn6sFZ9PW>W zKWOE;G=!ZZ>gk5iSYasqyk@O<2_EAqES$*_HL_nHX%f7=Ml3geMX4g7_o&tBpbob!CPBl?IRJIVMv7!yhU{3EsY(v- zslB8@xz8uNuWh*fE(W?(WLV2ear2=gOLnc%=b6^9s}9r6I0uV4Dch4p2A^iTZcjRf ze11vJm>SJ|74D=Ke4qsmlV1enzQ*N7+`Ug(cS=k?J9?7~JWUn7Ov(3!<=y0((q5-ogh=+5 ztfJ!f9S&u5nF#8_K9&bXNkY%&QJ1F+jp!Pp85A@E@hCI^ZV#kM202pgJqpdK@%tIC z*3Ftz7Fc#BFh{|%W^yyG+VkkSE1+Zq)|ELfs^w}GzV29-2hKY?YF9tdmp9WEk?=VP z|I_}Pmq2agLAp8L=My_c(D17U`0wUYesO!tOR^S4_47HS-P)s!zkQiRJBURqo1xgg{nM_R4901+BFT2b5E$c zuT0k0?@USPQTzZ>>-g)tgmQ(&mq-aQ+2w)!oSfSG~dF3tTp@^oAbC+Lbt#!nhU4+_Z;DndM7@6X8@(w?mX}BjxNx7k2`HQUagss z|FG*dV`7z9{xB8?U#=Gse`pUgb-}1BF}bh!S5i*>VLk2+{M*bVS4mi@LqS>U9n!v9 zpqddlm0fmmu%CdsZEwO|dBSa(1f3!D!S~G}uS>E3YjFHMVSu0qircnH zW6qPFeprbH$5!s{`<5bYmV}!T-p7(OX^ynSjEdjeGLN?wk{cDe5%H7z(Dw=YAwg_A zkj!iEn{`c&c2{@shzwmiFXo$J;!^|N=qb7vO0qF^HIev`yrP^l;O1?dj zNAFwJ+gJRP-(~vgsV#W;i-^7DG7_y7eY&$W;1fDqNBtcHwYQfCDXtrQdOk3OhzSbS zTk~CgYpbJ`m1AAHZGFmOPd@(qbBIhnIsdl(c&9Ky8$H^78eh-52~!Qz$cBfp5JV!& zE0Z2uVb865GeZpBk3nixB=9_*e#zx1aHqq#{2uUD$LdRzd@8r?CdxNK`^tH4^wA+} zZm`Dn+3Id17LB&8z`_1ZM1?yPbB;ank%`b)RLtMnQQWk%JfsOHRui^ttWISc<+Ib{ zgB{(ZBcarzlSjRu4=LKQilmd)C_dN0wp$we_>8fN^5#R7QU>g~_%}y#pr|+{y8o_y zU{L4rV_ffGX$SN=~)Yvh^P2Eo<^ebEgHo zR4aRU818PT+9C8a^du)t6fHRU?@Vr*Hvd9XH{i~=9N!>xNxd9l_r{dpImr!-Gq>OZ zEcK*~<7cRSGM2~kV;R&YGh21uUC{}{Q12y|8-vAgT5`Ju7_$;b_kU<$?%~wT)96Wf z+D7sr3RHw8b<~aPiC6SWjD5Xq+BEVElD$t|MK(`1+Guu2(#E+4N2%#Nv@=c1Bcg;b zZ8|}f?R#P=9rOHQqfn40^Fs!dG5>{W(X!j8i55*L^ufE2x|2O$GUVX|%_Q=eZ8MY5 zsUDkP1`*!KcDW9BhN$3xLB?1_%=^@1yplW48q=u>6<1HR?D^eDDGe{7+MW9Gt;8@Qsq<<~&o!ReCg2UPVQO{sLClcnNEH=>o7EqvUA zeJiU^#AIr;ZQL{VxkaqVgn#icgw-~4JK(&~c&F0Hpu=3_xY#?sIUOo~wD-F*meSB` ze6))p?X0$c#OUz`Mlz_`5@#(hiL=jQ*sk(F{(drE7jD@bz>~I^(b~26%P>KE*3G;-&a;p@Zsv-B=+T7D7P+^fU1(Ir^m%&t)^rzDa#C`NL9!fd`O=#Yun8;l{5 zR9#rO#tjRciR0_DYt)yAO2@E7He@eVmZ+k%&5_gN0iviODV@+hv=1W+XsvkU+zo6u zx3XVUjzckazoei%iMdYOgne-^EwQ@Ul3+Ek$2fvoWZO|MOFpjr78l+nV;^JstWgY$ zfGWL|*PDq6*E=;-P9xCbNx47!^;|;5kDcc#;)W0Cv58`@tu)5`wf&!w zbzW|$-h0Va7YUossGjy!&n4=^VN;XlzJ+t+qYVLkA+GzB*U{>2GHveMz*nNX)Ta5E(u{SO zeNVY58>rd$dKjotT=mCgim!NEes?wO9(QUa_l>5BJkCs!q?k70bNr=JJ0IA+D}l1V zFw)7%E$F>kF;pJ&LzJ-nL&?IEZyTmB>^w{h2?NQV9{}OndDQT|du)hx^{43~m9#ooS9CdYF|yLV5$e*$uN`3H)IUxQZl?=>T7 z-|p+lD8`xMQf63_pQG^QI2V7FIZBfDu{26NkZaQT5}{pDVtb>s!5C^^i4M=4+rXbo z(__0w#*4Uhlq=i7xHca2Njo>it+bix`vk3+a;`D=KGJe8>3~r&@rdkF20k<4`)>hJ zSET!0Mqj9skX)w@F4=sM>bV||CwWydw`l}_nVnqKSQqEb@6|Wik^@(&xv5W0NM4c^ zfK{~=aj7Al^aOkIv{{l}@Mu%moUBKQ+gQTgY`%5$1g$0D{+@AA*M7-m=})_heKMaU zb$q!7pN^A0aQIEZo?&brnn1lZJ%f647@%U3aiJ@KVrGFf4}bzg#-FEfU|S;Zgm zjTNOr&@kl2g^BV+xQE|-c>42h?OCoyt{SUZD~c5WT%KXA8}u!?N{@2`o)J+;6SV#K z?!|^~iwv5e=+~0v%SPSE1EJCy8YAbx?W5qaJ!=yhvL#TkJrma9&D8`QW>tpI-Gcf_ zRzIu1|9LQl+c&mxW$$kFZhcjifM%VC>kE;jC8WBWuHd6L5fKr|E^T`8Y}cCy zzpu4Yi*aK;_~cUkC~26^5V0mk1bz<|zEPNzqDVSj*Y`>ET3x)_AmkI|z1B^FiIW+Q zs9rm*@6ji(c+E!1@I8pFu%Btw3SaAHWxA}?O~aN(pPVX8(v8{MAjoof)h!J@d*yG`u7_JWsR2g#+igB!%cNnB_pkl<*)ep&j+@MNcWK2E5GLZDv+}jb<#%R zJzT&eL>48AFnaLr1mL1-u(q1NH5(T31`jG5bs5zqP@!g^j^^89O~n?|CMn&I&a<^NR^rWCT-#XsPZr?+ z^@;!2AEeb0yE9O1B(@N{NbGHJsmNJJEm|4%%)XHF>Kyp}|D=Q+EM6*n)UHf3HwXO*Vu2b#|U7EB!jiC1oh za*F6kEjUJg_*dKy*}!Gr-;}ul{=P#94H+3zh4n!6`HNS^qMhjl`U`Z_`RyjCaPC=9 zAYqAy7Z9Ad7@ldMm?WUO`+KtZ3_vI&zVNz_Q|-ep%8fZYhZE=ug)SWfgWHmmXK z3VKFHd4#{xoryd`V$6KX zeyTcv`px&&#xX1gGv$aybX!KKv%NtId6#2~Pc6(`s9O<@7(^gHv%J0I91k71S3R23 z79g*aB5~*yD{*^jK?kWktwL7Mquqgxh0a$QadWUA=fG{Tmm?+v8M?kD?DC(g!-;8o zF~Kk3nIN~D8&E@o(EYJz-5>R_X3~KlMROVmz3qQ-kt|c(7lYTTm%i~`pB%T-%cvPB zwG5Jhc$=+P?S7?#O&7m5{;31}ZiHVuv|V$??hP_7-v^c>z+m;UJ4I}gr)#3ty`v{X zX6Icw$UwXR4dmVo*6$TWh#tzSh$;%I|G7Y8e=g7sc+2?BxsFc(ozV<0JDj*Vr9mml zq35Xx*{)@giZKF}V|x)^a1Ka1hS_yGP;9=d=OqrZt7Qh;54J(}<&*v>7x#VKjrfPq zuFRMEbKNxV7&o993_4G^$_PDQu~crKIT$R|%X(03h{z|bG7$m4WHIO?Ut=D-w^L7qh8nqr|NaGDv(c$dh2SJV?8HUeNQfd?$!SOS__pclUSw+4Jimi<-d{b8xx3 zHg5;soahZGC2Yr?3tar+b#f>Nno2LpQ3{6P3C$qmte8K{_}8TktQyKn4%i0 zTjmvCzIJxzEG-;0+R5vZfnPu2yeG3`m4_7>s_?^$c5u<*+Rz4Yu=LWzgHVQLp^*F*HI& z(R$uM1-J)lem1l1!+9ki`JT7f#ZU;<-oT$)SBm2;C})v>4(rZ~5hn+s8*ipHWH9}e z(P4=<2B+?FyBh!iDQb}Wzu3GF=CX$f(t#d|a5A(2e$C~Z_@j*+^e)$1%V3dC`Ct5# zi^G<|pyCNM%a?L}^^PQ?##cv#DEKK{IKl}ZcF{jcHu0yho(l;~>VJ)iKab{q_W|!V z#;h&;1>b_oEMX|0B(84=(yYXZ;CM2kzYf{#Rp7$$8hHpby!C6bS=Z}Z76286Rsi8T zQiA!j$5vGDyW&bE@Kk)k{&3sMJHs81ER;{=p_I&@ZGR6IAs67i*vs&W|H*6Nt$v_xy$24n zUyx`;92CKeUWV;@f`y8%cM&V*r<8b$4T?(Y1aoRs&5 z`ynsY50NzX%Iy1Z^5BCmEn}R=eFyc&Fa=!KNuiY(Wzk%vB!M)r0J7oQWq_QU2L@*b z?iKcT6JAG8oFE5LVb#Z|nJG)S11Fu8xENaZ63F(fJUpr(ENXWp^322wBaL`Vz-cM= z8{LBaY%6Tg3K^dS@b|Eq98gl zDICe^H8L08eSzyX3waptug3>l|LHQaAc$u{8lxBTRE@uSu{T?V9!=D^W&sf@1LbdK zZexGkc@igEt5h_Uuhh26VNPDefnC3<CpGp*zNbB(4BL+8pFasQY-s$t~g` z zo)>tnlX4l3g@!G*1K#)|c6OlL(dFf5bhDS z>y&Z{oNqx+?$dV@M*1|MmZfQD5H^-=VhNYC6Q{wDCaCV56~|1a(q`qOm$r* z>pbJtQ|F|lj1F`|g1+Kp=b31{IJE~0p#6c7XI4(u=S&y&3&0UlpvIqITKJiCG=V3? z2sf>Q`~^lm5;iN&m*BaZD_)|M$fC~ZX?t70k@*WvWA%0E$W}j6`w~%{IZLDZ?bvvA zYL(CuwTg?7-?$ zCws)-)IBG>J8Z@a$-G6_-{o3SJ2!maF#!5D?lYA-uW;YF@g2@!hKi}Zz5OPrkjsSh zv7I277w*V5FZX7>tbv#augCt=J#+n{()oS(Fdc||eIA!26470khKji$jPgN2K$%R* z)mZm=Px?Jxn?d$Mv=p}`77_UZ-HJS6=ukrVs4F~v#|H~3JG%7jX4jRhOwEJ&HZXix z`oI&@INd4sUKCTdcu86bRjM5h_x3MAt)))4XmLIQ*>j^AmhXZqg&N4G|I&@$9ONfW z!D!h}GSX~Bk5=BhS(6?au&^l5>K>}JtC`u-HW1Psq2mNZiUWc&2a))Cr>`7Tc1)xN zm4xt$K+d^A_cs8#$DBwC8rvBP_0NgB>?txB+}M6;#4iw=+3!B|wPC4OhF@^RS>`(u zlp!WewONyh4jp0z*bJ(cKjIgqB#Y_Qi*=o5XO`kp4?HdNW-Hz zm?<3>of{8t3{tQ_8H|#ImvtCn%~r5}5DM-eiu_86>er}*Uc_=$W(zFaxrqEp+ zNh%5Qr7?Qsd?w|?zC91y*A+Zz))aUER_tRnuoSHZ^5V9C^+=vI$qOXh9_eVc%L21L zsK^T%Z#aj#5~D8`jmP)p;8O71j=4Q}DQ*hkL^c#+T6#QVBd!j>@jcjDSf-J0wY#VG z2LNZm2hAq2nkVK)e>|1rfJc6n4$uXC4BQ`HbY3@092LR9crJCgnpJUVq%(zzzla`U zzN7kFAfZh~6zl*OSaqVIM@@va&C*J4&>yoY1^#lsl2Bn^4CDD6Hj@XM&!3*t$Ot?A zak?T`CML?E`8N->n3r&-D~~-9t?w{>gD0x=#~Pu54RhN$tjk{@fqJ8wnq3%fuL}_b z8H7h)WNk{IwQu-hQLht*PW(Yn0)R{!UhzNyLVyAZ02tJCtHl8Fp?okgkRXD<&DOtJ z{a{mMnPXK2lz*Q*1qJKeqgF8ck#498N&-*l)dbCdS&1b008^dh{(l1wp~y|MpDDBc z`($4PC?!#tA#VyehzAzIY^$#o_V>vM*73b*hWD3RGb10lC9ESaN<08l7e*BX}Y1ax5;18R%C?Phym9rczE4Amp*IkdUL*fU6>TFMcsl#8=pLQx@vS zjuC`<8KAQaI)OLTl2D(UDxwb+)M9p&t_1O+WXiZ!Ai8(P|u?x2vLDQu_Pvvf!uxt5rh>XJX!`5DsaU+aUSnOxy_Ig_jEJOAbHep7|OuRP-1HA z=a3F(dr(Aj{A=^7UCniH84^H-SAf=M0WcCtIDVW7zk|6bnMw~Vb0#)(P83wpHa^ul z@Zy$K7a^Ey{_A@h2E&!d8^|SkoM0t_$c3cLNkfQ>p?`ZTJw3!(3Dk5fp zEU{ch6Im`gW#;xDFSoWpQhO(sKAS(P?)D4IO;AY_MPX2&m`cb|)|lOV7UB9cBozLXq8}dbUvHw`b2L5q^uPo&mUopg-4#+aR?c4S=jTdatsG!v5m;3dBn@_ z(OGds$VCc!BMJiO!K&qJCNB3e&Va98-El6Wr>Fm=n1zPM_TyHIpAy!zb-69f_?l2HZwaYT0=v_TR3J^%F~5-6Pp`aqRI#R4jB&H z5Vi6plFjH$7fp$!T`Lg#Dn zJARpP!X8CJRaweODXE*Kk@S&5nCqo}vP7R8P?-+z3x3}7QP2H3K+WEDhP_`VPtQ!W z9)y-NbCTA~y@n|ex1WFm=%f9o{LH%D};%Mi^b3%nbpNiuFS_w-LRWA9DgTMW;DZb$x zzA!CIA^h(1hdU+4f4duPWN&*^Xw*sg-*&cwlbPv|X^MBW)_?)m0veu=xI9bSXfOy1 zf7)zQ92)zJ@hk}EY<{7O_%d8-mIdMZwTZ8F*`|v8cNzcmS9$_m3}otTwmoh+KJ(`X z_dQ#kIuAk884kx^|DI5R*&0FfTl;oaEVRSc9x*{`NRM6?Y5hAF7c7Ld@1e{Bg1_w> z!Dfs>)H8pVg!#4s0zca_)BedNDL88XxqhZ^#6h>x7v-e>pQ>;(e_6BBVh=a z%kyyC0Vcv^A!O*d|GVx;iTluFF)IPnOC=o|Yd>Av9|&yXH4}Eb+z1l$S?+slytZQk z63Gx|8KC(j&7|9Q$z%3y*A8=12(D$c2stfP zWjQWes4d&u$g}*u+mg81`3lrI@c^O*4d!f4WcXl+l*jsWY>ELyPO`bu8sy{It@e6{ zK&9`?5K;U(G6$KacmxCf6PFLEhW4+5?Sm*;FeAkT$0-gd>0-}~Y-6#bm78x-x5eB= zcb}Kt$kb$$@Ncq|A56D1NvYK>L>(f@f z*WAVqd06e%?G~hbFO&sL6-}l(p|;TSW0za?Nk3m3%ME*)D!|=N#bX+9`hjV1TPa19 z1LiN&^y|G0u1*^lazh*KO}}?hgc51VwA8T#B$J3zT`6I5?B_^$rByWXZi`^u)uq{m zmsOR*rFFr#)CzLa3qZfFAQ3er;jR$=uO4lnJiEYg-^c=Fr;H-H-J98=@5m$f_g%oI zt0#YFwXLCw+3HS0BrD`AeiT`}Ak~VZ7yv=&+Qo9vdpfV@!T6_+2>|dc>!G5;vPa!T zz!{4`tVxI1TkeVX!5o<;=oPC-Nw@{Xn{5K zavq3TtPpR@gGa5wNfx5+b=rJSbUGQ5QzkSQ!i-4mJD^|ZSofsA0ROz25(Yz*oaNKTc6O4#b=Mjhak7qjREIPRf;7w$1Nzr5=vpmp4F>=5A7l6fbUHK4zx>A%;Xhr4 z9o7HR;0Vt$Hb?!d`CWi^GCn%#-2VGyAB4c5P(ZDb-je?+eAXySm~}uF4vF9WWB;;wiu?D=;C}$F!dj zi6-;khoKw)I3iH`Q%%ij{t`u6^s8X+UByfO+giYJraSu6_n`F+L)RHGUXT6P`e42r z>+f1+|1ZsV)BWjS1t}LH$@~_Yrvl6ma{_aFxe{8s4Yz;=PzujI`kE~Vl+0Lvciu8m(^DtHCLyLc=CT(Rgt^INA8;>p6UnJ~uc03inj2r14XacGzp z{)$ALF7^OJ%7pNNo78_)>D|%yk0JmIsv}b~Na&Y@MNLY`d5s-HUf8_vA*1$6(hpFg-&`7 z-1B1CEM(_yg(b6wPW|}J4je@lPQ4ROB#)W&pX|wPeLPA&*>T80kDNfO$}?{CTLNuc z3uvAuoLDs=MXHltM}>zl*-N^)+Lsei4P(>tii#TGFls^HQ~^Gvg2cDMv=~|hm~r3Y zYjjI>9fSHC|4LzSesi}x=HebWdI7U>`gjVj?N|o{yk~B_#KfPo4|qtN`xr3%VFyhu z&k2vM`>WwXsa{C5bms_Kpa#^30Wd{kD|tB~5)ZSrYS+ZP^bMe#rWM?O&DUe)wso!> zMlIffyLau%5b$g@5EoP-;r9S^M{5xBm%weX2HwvKPtWr{J2mW>R+FG1t2>O0__ZBw zf-#XIs)`X9%Ckw?J1Tieo(GBdK$qeqeWr#&#{ZemqLCDhA2jKxC(1oiTAJqf$7`VH76Rls=!hfvcAX6VaTD5#&5~ z#~~^lZ^~zHfRTGvOpavfYa1@<4;AV?I^Pw?mT(9${2B*eF+*IW6o0TC&$At?GHKbH z4?0$%!6x|)cT_WuRnt)jR9p?vT`PMV<&aFB>2_-egI~l&JI^mN8g6X@zN2?VZde@B z6DVT9%_LR)^j5@OOIh$RX1CO=ZM*z>lWE}wfC9I}Z_Ty#Gl9nP1K8R8VGY3xAV42( z=H?_v!(ClssYj%F@TC>Gi)Fkwn;nY{I(NW-L0qNhT%NUdlcF760TonZO2z@0a&LCe zw3Ny$Iv&38xw^Dah=S7?ldGQ7jwDF?Z9sCFd+R(wsQA)tOCd$HHrX2HM$^B20_(@& z^w?G8lE+j7I*VaVmFDH7SZ39`M(%7c6)+7W#e<v=IB?C5RBx!ld$tX+}my+}I4AqcY(!B|tRvFmAC4TM4(_wAb}9Rn128(luO@ia(P z3BsaTl0laTvGLHo_J3mifN!B79rTJ$5(YJ%?vC>s3He|Hwj~U;@tQVc`5;Wt)6saSA&dhRyKVnUbK6@hg!7&=!>L^&4l2BoMb~Rh6OKwS z1_#}W)O8B{j_m!a)nsW|FnejEGX_ya5&vxUZ9eT-4VI;R-$e<>`*w6K@E2JwZ@j=( z+JrfKy-`v{Nn_ooFlyw+XEo;H$mru_SdcRDtXo8jR`I@Bz*vS1eg}sjQ#L*W)1}t1 z`xr^`VO`H7f_2^1Ls<;aYqU)aHo;#TaKAjh)z*fY?6E25{K)VQ0b&$Ry!mMI`NEUq z_n>y@)Vftn7%dUJ_(mUT3LAP2|shA~$n37lRY(jmrU-hqZyZHW;h0y!l$A#oi z46h)WGdV4d^$3HMO)K{2=O6{>sXLTUK{+}fU-x|3cwu<^y6<-)kc2D`cz5WDumiI! zh~7UeXTCvjj_samzwS?UQl+dwWxW!5TTE(?b%`ejzvdqsn1&JJi~i9gjGai5BgK6H z-<-p2onnzO1`E*bkZ2U+kL@3+1`nu*@@?THqVcb*3tm8lA)qH(4!Zd(GzyV&P}e0p z5^}*M8G{bLp~dKka}z@&++>iJ{W6Y}Afhd)60k*fJsv&qyjqy?uFW?|%+y0<1#0N}u5qNxNs)A!?a)q^VG`{yqm zyIuH?(L&d1Ol;xCa`&&=E*n*oh=cqAB3KvhK78``OJ_U)PHdwG{}JNFF-q^j0zQnq zsrU;U*Cjwb!J9WO2ae3^B%ver7#kQcR=;1JVg6 zil1YWLEmTH?+^Y%p`~mZQu6)d*$MSvge{Z*H+J2dqfC>q4CQ&r^Et5GIH(h{h&qkX z?8~RJn*X|kzu{nAMa(}3O7!gZ7GBg9HD&JtisxStv`Dd8!dQl9`rsN5&O3m_6@dIS=V-ZCqsHRzL zI4+OH1as28p*?y!`ZxCNe@;+)NtwW!ufv-C{K?P>f)8%Bf&(M>{$ZE!4gvIm)YL*SfxF@zLjk!YCmzwWO1hW|dJQqsGvBDJj0Br$J8<*sS<$3VYt z>nxhV+{gBx_5M8_O^M=)Y|?mD>4L3n{;%m4CVEI;rbR;;U8WIb2MpGGKm`svn<(lz9HAna&&)F5qF30fz$O#j zn|Fp7&sP`)<45yD?*^<5o$1!$qvT{zrjXuFtvdZErS5Qv4bjydLu%s~d{}vyk&2Va z>5G~uQq_i&Z7WPp}t)KRT@}nQ!04AMn-mWA4^tH}2zM-c`SSHWl(}(tC zkxzzL&AK$GN5U^E7M`H&K$gmRYclJ1TxmCHd%gpvRe3K+a&IGv%cg2Gs3jUOmq$8? z6E(D4TwiqQkxB~qH2HAHmicN9;CqP-L738=140r9p^qJ~YKH6Oi#99P_?wzy8m62@xQkEkty-vLwEWF)5mR(XhK(am6cY_tXT)% zs3~4<)(&-F>St-3=!D>mFzN)I6^zknTi*`f}h;%@*Y|}qi75q#Xme?XJx7reH zVUm*c$$%-6-!@GY?__QTYwimm(AseFkJ+T6&KO2&O*tIeL`1>2FnHd#27AJ6Ap3Vc zQq#gH9iu<00QwnDGs+Y*8jIS+r@iN_t}*hD^bmt-D$kStBA3dnEaiPK@~f%azKQB6 zTFJRz&S%ErfBK6c22U<|PrF7q&(M&L3G%D;m*SnQ(%;h@w(}#n|7gk0B)*ASC`+ph zDzm%+9i6}LDTBdNOfGSuolvYx>Tj>2^`-ZgO1fGiIqK@+`Pk=JvO|nPZEv8puDwBY z>LtO6C!wq@&32qu<{{H^$L)asQQddHQ~AgLm&|0oDcdm$;n<<z ztYh!&y;s>QTU!d*LK(^4gwONteO=$b;QPbp^MjwxIoEYN_v?PWo{xDLURdqz`QJXt zp2?&xJ{*U)b^d)@Ix&7J#r1sFx2rJh{1~rZ?@2SsV=W94gNDuZ_TzeHtdh>%myNm6 z!xbjH(9K19>kCiDJfxaM#j8YpLB9kz`%)PWksp8_6TqOI@6niS{)@_Eej{ zZcQnmwP{G(ZPBNw_4Y7(7V}TQ{|lc7uwsHN6#JxM^n_kJ4Ie;MDL@1xRP~c)ez)*8 zn*ny);j$D^wz!&b9ab^-mlDt>_YrsatJ|K)UVidtOY>N36E6ELh>mDL#5Rv;qYerv zVbJw~Gw-m+6(~Swz;mT$oVCOq4c4oT3oMm;C-7+gguhteACfG_j>Mz@+_G_Lq(vj8 zEvJAfR1pp!Nunjh9Perj_sc-PGv>hqqef>2#i3|wgf z*b)*XU95KC-3p~+;89oZbMh_lc*jfkglDJB`KlfFQIvK@ z%q+__?P5sCBq7J;=0d*!f;531Xl$vV;nh=XgYGry^6Nf-JS4sLtHNJ5BBUt|j5~s4 z$|U4xai5T~h|0FZ5~SGWgQ%{fmi5&cWejNNvAp`|rSba8wgvDLm03G=R+n*q1xN_| zi|GKz1bpTW(7dbq_fo+G2F*x`h}ul`(kv!`CZxXv<$pn5*gRJnzPBq#&r13YkZM>; zU)=cjNym$`EFY2|?QmwyuK-ueaeA`%IvoxAQ&Fp(qkjqu=_gPMUy=++dtUUg`u;I*$=w}!?d!YT5m+bu5?qx_K>ubudLPXe z=o5_$7Mh-^g7b9BMp^0YwJ=Uy{|NM&3Y@z;gXn^eb`}9GgFqj!+Y<=ruR8x85qb)` zPCjt=0WaA;A{-tVJdFbm$9K^&Ioo(EjZo=l3k8T-r-2`VOp>}vUbxc$sCfAZ&x!41 zLd3xG_gHP|6YVm4-~f#fw4E7`3`Lq!8_#@va6t2|HZ7wwoqnH%uv3=iQ)=I3o7vT= zRwEdfi!v_*;->AMhBF+k4`;f%pp&m&HN|}!tz*u|G`aVr4C=S82;%w2@`5v=9+SxW z(T`3nJ-B7>R0cWCTm zz@|tqjje&?>#al>>21Pco_UXGGYA-c+DUxgF4JR6{3Y->#bBuOf}IC3_ChqE8PSCh z6{!&vCwvOQ=KZg`yXynk$N}~rtf%|IG73v_h_)A{afE%tF!Q7k8tV;Rr9r5J& z+GW+~-mx{%KN$!L@`Pd=;9^WZW44Jqbgpm~+xy?k0nW2HM_?wB=P?KD%!7q=w-f~V z>%hr%JRDi9(<}uoZ`dCQf%}U`q1mjgURr6tO1Z~|mBWpAIC&fhn(@!LD=QxY+{jDs zez-%|@%Tcw_XCGNLhql^pDPRclp%d|QB~(3@;)KU-o<;|N;&&o#N-@`Y8whj_m;ty zYGgas2Uv(E2lJ~##J`@=^ZH&MKFWHXra+H&+mjl3^j!LuV3EHQ(Jq?sX4O2b{>$E7 zm^*_eReMx+50g*(XtHCdFW*Vl_7)ZAWm&C8!}@bEM_OH%mcc9a4xCmMW-L|HR7Q5F zrly3%{ zgkR!PJLS>`6*}vv*_(MFkHk{p>+OituLG^<>S3bvhP*t_5pE?uznem<;Qy}Df2*>7 zEqvheaF`d#a1ClCSRA~#ecwI4z6#eSau?pO?u*!UDNB<3@G;!21)llk*8KT7QiJzm zVSR$CkBlT*IS*bK3Ub`%T2_3e6tSb#-0eI*mv6l~(a1nFd>}<)ibd3oZv#>XTzwx~ zwi^n~52Ky>t_ui0}-pv>G!{?qOzlmV;%-cz6rV7hO3hZnQ z!xQsdy6QK`({ljQaLZLC*LCFh5O(}7hn(#CR`cql4$ZI`?=d81w2^$5e@1n&?52=g z=m2VrEVqM28oRhu2NbcbohcndJ8+nH>IvQvJJrjG{S*?onOvL&ED;|s<~czwBOQMu zsp)<5AJ2+i=wLo~txKU7beb@eze8BQKoGD79VP(-~6OPt;WJ zPr~?y%B-~$iy9`{m`$KQN;od(uxh&72XyX)*5wwRWWzWksU=Ex{LbEeLha(@U+wp4 zciVv=aX?pLw8%ufe@l1kk>J$4ND5{!qJGi_tGTLDbdV2u2=iyybgKW#K}xYyVf{_d z5oOt6;qERQ@Z4cPl4Y(0(#>6{Nio4VpN!d6+H$?}W{p4HY-+iCsg23-h z&@6uS`(La0KkVaH#NRUt%&xnvu{4RU2+z5`&{{obsF|bb= z3nc_bG&Rs~q$|8m~-etE+C*k176>Zd!=5li@NKu;qB$Yq<&QJgRTC!G9E$gtMU`~4t^|k47 zarNL5ephp;KV94x1q`G;cL!M+{ciCdQnek21{*l<{(Sldos*7f57_Pf5K(`0HjE^7 zwSzo$!yFu-h*IVr{1VTsY^I5~;>VPTfl|jC8Ug9~p7$g`7Y*&ihR6A$R{aO51fo5r zzMo_Bi0Ny^Q#Es8ZBGuNK8qjQ^psP_6H_H_58Z9pQz!z?*8%-r7w9@&$m7Ae75C(T zu;hq^W3N@dh;`Sr6$&6q6ho=80(vp*w{(C49s*2aQsS^n)wnj)DT5wFIB@g~GIT(W zCcBF05$vC6pSO+c{|(21qiaE~E50C_m3SR&p7)fH_U70Dkb!7n2us&g4vb3{Aq7hr z+PEQW&vxdh1gX&oi=C(wJQ~(3GceB&jRQ~3vh$qHC9l&>Fy!moxOn}u1xrvL`cHFC zGAg8vv+NzBQscM&wzLR7?AyB)107xCxVXMK;2GR9ZyUIrf*XM5v5$v@@JAj$K0(b^WDx*A6(#xvTZ!}PbI zsvzr@!Nb4-pAKb?&Z;19C-d5fB^wd@$LBAEd*X70W;3Ap(n({8<0wkxq{`6J70v!P z&5aT!#!zt7#imRLi{-?8OZlt*w}U(3fAx$04~|(l+CFKhNaOv;#QyHOY`yF6 zXiJjF@d7&ctP68U@Rt9Y@_{;eex^{1jD+PsDneOK5qu3~|Nngr&uIN23q>kpTm=}a z>Z-oPMJq@)YeAK~Nev>mJ%Iw_+Y%SWa^5NS(B1pk(}@@`{H*a{vyFxEP8E_@(nMLM z)A+GFDiW_<%>Pn6DF0|`KMUXx9hJ9261pWVa0!W4(z%K4Fst(ezxeXkH&C3BIX(4r zN#Pl=;Ud2g;3jSTiHXOkt_=T1T0+OE#vgUo4hrZiMgShdF8~nFcbJ9)_#JH$C%`ki zl_W7cJp@qzlAqdSg&Tg>M6(UM{s17n?fL`2 zQ`z?KuL+LZiESx_$iskC!!8WK7|qb(0NSp)7^PRth=7Z>isHy2!r7XCVJD{Ao zHA%3@c#VWD%Oo`U9Aj-qsU*p1IK{gx9p6P9h?rScNaDPFu+(3Stb?O0WX97 z0NXtQ(|aQf(vdIXokMeA@hgh@1I=C1$Kt8>Z3Z^UtMIm8(6O(LSpS~%%bvDi0Zr;w zbv54H68G*dg>JA%Ukf6}ARGV;U_#T;YO^jdrEamIp`mvab%4tr1kHO8$WmRny*glQ zuSHT^y727}=G+P&got|i;oe#$yr}^3Yah4fd&5AA7z&0U_gf3tOU!;uH2vbN9OBp9 zQfg9qPR?BN-maoG-{GAptf};2*jU{r5rH!oVlXDiPaTv1e*~AMj))pR!I=WlON}E> z)$#b_w_KSzfQR&9f$BpWeAPRI88LC+2T4X_FA(OyQUs)z8@^Hk9YIAJ$xvm!PZB7F z);klo-y`>ch*DS2kTUG)=_y7!*^gLdybKD1uvuilV=arQYwrPuxGIPmDe*&O-3oOWl!pL4ZQqngo|(9JU_>ruvq9PBv5}L2A8(1Y`oSQzeUmoK z3C_aAQ?Oi=3tN3CT9?ZN3JW2<4*_-5$j%~E%+bLeMyHiKG$cqsHqm(_pUykqfu$2n z^!4v#AbO@-`$*S2V!vns91Z-ZaOaIbrb%k^q8yCDcjKu#n!SkAf+lxxS`;B%jY%tZ z=$$n@4<&GfA09%kRf*F+3l) z*5)R(pK7!?9YMpH4j{Q92tt(GaNle?{Wi7JqOcdV!SVWCuZ3_Nd)Q~3jYaI;N3muR ze7Kj@nA<03d3rh{Bh(%lQ1V>M;}*v8$c7Q}Dg{0^#AIJst?&POG*MwYabr!KaV@Q| zVIhOH-}}?T#GaH(#)8Pyj|U}3M$K7@^K=Jk=t^pTvoJY(`*IIY&wmyc7A$;yGZpNi zWrLlP_%1Q+Ovm9NHYPT9Gxs=WChS{eW25AGmxm7@7GGUwlco+0Nlj%m7fvb47)@*_ zE-TBsYbU`}5RFps*{>d7>HO&&IyGe)laYa@ymE_p<;EoDF?$(~60NGMOB-~wZ@Ts< zFVnvN{d?^pR9?uAKgug5E{@}a)vK|o(NUF$&uDiZ_l?+$Gm{f7=_DNU81P*jn4T7B zF|Cxiaf8D+GAb(Qqg5`8hklt}sh>UH(9n>Don5%Y(*3)4v!)oAencj-k`60+W+o;U zJpVv7cKn3-sg&7{BO^UMn{-M_%7h69y)RCAK1k8WM`p-waR2dnZD3+TyS24t;q0u%#Kc6*G1)$|wG}t?MNCXgw>4_#)JTCV zJjSQar1T%lnSHi)?qQM7R(Yv3ipK$M1_2WsX;+v;r-JM1t~oh7D|lqfuH$viMrOop?yq{o*Jp5Kep4{aAv%Brru zx9=t6j6*&AzOcBcTvk~bUQlqw%}RDsQ}<6HWz@;+tcAZe-?f^~PKCp>PWWbGpPvlt z>+6>shKG|nucChaURi;CjfDL(E-H$2yNiUfkeOpr;&QfZMj!PB!bastQgKa9%}2}{ z%zR3Rjnn_?r|qwIiT8{b6H46q{d<;; ztu0$$FZnsH+i5;#W@ba?j%iqnJZ*=^W!GBWaI2NUj2h|5;qD*TJ9s1|Q>MyoOq?c5 zc0fm# zGZtGCpOC<_va*u*+(m(mj7+iUsfWj1Ch}lmQBlPee>uNRSJWpISBMwAGWQ#8h9yGD z;+&j-j3B0;o12@LHp#~150@4fv%L6~g-{|+Ed9!|$BNjL^mJWeVPTyc(VpE> z&CShA$8x?kN%8T~>1u5xK?+i2J<8T)jo$_bxh*X%OUUEz5e*pKuCbfum!4pcAs!`D zljrPAi?JqBA=#{VH^*^KQ@U;@DSqGM@QWZ%y+V5J-@#k&HFsUEr+1@=WH?xk>+9>o z-v4ATd?1_>a{1j468QZMLIQgHNLvi%J88@VEcV4USqa6*0U{zIB_!CUfu+^eNP}$D zmLC&d9q)}xHEX|rbL*8Ryph2~X{f7v+kX4nU+23(m(7a%Ha~CWY%D1$d0ttF4?fAo zM9$mJ#L3(|sev=DGg+qVnC)(ntHT>DDlJttG&0Jy7B-?UGr$o%->*6odqE~k&O%a& zBfWaQVu5ah32wSi{kCIsTiX>i|M1brdhNXgMzov0zwdOmH$*1Bj8l|jM^Wt)QMK>U z=EV-7fbai#n_)Jes=qyv$qFivHO`FbB)MrEGI@!-8@;UeK z-^Abla@yPbeBDE;bH$yD@5)%Hs$R)OGQ&hzP@H%qerHBX_QyUfE*32=FaI+-I=cNW z7>mVHV|IJB /var/lib/docker-machine/docker.log 2>&1 + + + From a8a3c47ee5acbd01dbb84fb24648b93af1fa1240 Mon Sep 17 00:00:00 2001 From: Dima Stopel Date: Thu, 10 Dec 2015 12:53:27 +0200 Subject: [PATCH 1047/2538] Fixing documentation comments by @thaJeztah Signed-off-by: Dima Stopel --- docs/extend/authorization.md | 69 ++++++++++++++++------------ docs/reference/commandline/daemon.md | 5 +- man/docker-daemon.8.md | 29 ++++++++++++ 3 files changed, 70 insertions(+), 33 deletions(-) diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md index d16ba350a7..448497e6a8 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/authorization.md @@ -13,7 +13,7 @@ weight = -1 # Create an authorization plugin Docker’s out-of-the-box authorization model is all or nothing. Any user with -permission to access to the Docker daemon can run any Docker client command. The +permission to access the Docker daemon can run any Docker client command. The same is true for callers using Docker's remote API to contact the daemon. If you require greater access control, you can create authorization plugins and add them to your Docker daemon configuration. Using an authorization plugin, a @@ -27,13 +27,13 @@ and methods information available to an authorization plugin developer. ## Basic principles -Docker's [plugin infrastructure](http://docs.docker.com/engine/extend/plugin_api) enables -extending Docker by dynamically loading, removing and communicating with +Docker's [plugin infrastructure](plugin_api.md) enables +extending Docker by loading, removing and communicating with third-party components using a generic API. The access authorization subsystem was built using this mechanism. Using this subsystem, you don't need to rebuild the Docker daemon to add an -authorization plugin. You can add a plugin to a installed Docker daemon. You do +authorization plugin. You can add a plugin to an installed Docker daemon. You do need to restart the Docker daemon to add a new plugin. An authorization plugin approves or denies requests to the Docker daemon based @@ -41,9 +41,9 @@ on both the current authentication context and the command context. The authentication context contains all user details and the authentication method. The command context contains all the relevant request data. -Authorization plugins must follow the rules described in [Docker Plugin API](http://docs.docker.com/engine/extend/plugin_api/). -Each plugin must reside within directories described under the [plugin discovery](http://docs.docker.com/engine/extend/plugin_api/#plugin-discovery) -section. +Authorization plugins must follow the rules described in [Docker Plugin API](plugin_api.md). +Each plugin must reside within directories described under the +[Plugin discovery](plugin_api.md#plugin-discovery) section. ## Basic architecture @@ -58,12 +58,11 @@ authentication plugin(s). The request contains the user (caller) and command context. The plugin is responsible for deciding whether to allow or deny the request. -Below please find tow sequence diagrams describing the *allow* and *deny* -authorization flows: +The sequence diagrams below depict an allow and deny authorization flow: -![Bad Address](images/authz_allow.png) +![Authorization Allow flow](images/authz_allow.png) -![Bad Address](images/authz_deny.png) +![Authorization Deny flow](images/authz_deny.png) Each request sent to the plugin includes the authenticated user, the HTTP headers, and the request/response body. Only the user name and the @@ -72,15 +71,15 @@ credentials or tokens are passed. Finally, not all request/response bodies are sent to the authorization plugin. Only those request/response bodies where the `Content-Type` is either `text/*` or `application/json` are sent. -For commands that can potentially the hijack the HTTP connection (`HTTP -Upgrade`), such as `exec`, the authorization plugin are only called for the +For commands that can potentially hijack the HTTP connection (`HTTP +Upgrade`), such as `exec`, the authorization plugin is only called for the initial HTTP requests. Once the plugin approves the command, authorization is not applied to the rest of the flow. Specifically, the streaming data is not passed to the authorization plugins. For commands that return chunked HTTP -response, such as `logs` and `events`, only the HTTP request are sent to the -authorization plugins as well. +response, such as `logs` and `events`, only the HTTP request is sent to the +authorization plugins. -During request/response processing, some authorization plugins flows might +During request/response processing, some authorization flows might need to do additional queries to the Docker daemon. To complete such flows, plugins can call the daemon API similar to a regular user. To enable these additional queries, the plugin must provide the means for an administrator to @@ -88,7 +87,8 @@ configure proper authentication and security policies. ## Docker client flows -To enable and configure the authorization plugin, the plugin developer must support the Docker client interactions detailed in this section. +To enable and configure the authorization plugin, the plugin developer must +support the Docker client interactions detailed in this section. ### Setting up Docker daemon @@ -96,17 +96,18 @@ Enable the authorization plugin with a dedicated command line flag in the `--authz-plugins=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` value. This value can be the plugin’s socket or a path to a specification file. -``` -$ docker daemon --authz-plugins=plugin1 --auth-plugins=plugin2,... +```bash +$ docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... ``` -Docker's authorization subsystem supports multiple `--authz-plugin` parameters. +Docker's authorization subsystem supports multiple `--authz-plugins` parameters. ### Calling authorized command (allow) -Your plugin must support calling the `allow` command to authorize a command. This call does not impact Docker's command line. +Your plugin must support calling the `allow` command to authorize a command. +This call does not impact Docker's command line. -``` +```bash $ docker pull centos ... f1b10cd84249: Pull complete @@ -115,12 +116,17 @@ f1b10cd84249: Pull complete ### Calling unauthorized command (deny) -Your plugin must support calling the `deny` command to report on the outcome of a plugin interaction. This call returns messages to Docker's command line informing the user of the outcome of each call. +Your plugin must support calling the `deny` command to report on the outcome of +a plugin interaction. This call returns messages to Docker's command line informing +the user of the outcome of each call. -``` +```bash $ docker pull centos … -Authorization failed. Pull command for user 'john_doe' is denied by authorization plugin 'ACME' with message ‘[ACME] User 'john_doe' is not allowed to perform the pull command’ +Authorization failed. Pull command for user 'john_doe' is +denied by authorization plugin 'ACME' with message +‘[ACME] User 'john_doe' is not allowed to perform the pull +command’ ``` Where multiple authorization plugins are installed, multiple messages are expected. @@ -128,7 +134,8 @@ Where multiple authorization plugins are installed, multiple messages are expect ## API schema and implementation -Sample code for a typical plugin can be found here [ADD LINK]. In addition to Docker's standard plugin registration method, each plugin should implement the following two methods: +In addition to Docker's standard plugin registration method, each plugin +should implement the following two methods: * `/AuthzPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request. @@ -138,7 +145,7 @@ Sample code for a typical plugin can be found here [ADD LINK]. In addition to Do **Request**: -``` +```json { "User": "The user identification" "UserAuthNMethod": "The authentication method used" @@ -152,7 +159,7 @@ Sample code for a typical plugin can be found here [ADD LINK]. In addition to Do **Response**: -``` +```json { "Allow" : "Determined whether the user is allowed or not" "Msg": "The authorization message" @@ -162,7 +169,8 @@ Sample code for a typical plugin can be found here [ADD LINK]. In addition to Do #### /AuthzPlugin.AuthZRes **Request**: -``` + +```json { "User": "The user identification" "UserAuthNMethod": "The authentication method used" @@ -178,7 +186,8 @@ Sample code for a typical plugin can be found here [ADD LINK]. In addition to Do ``` **Response**: -``` + +```json { "Allow" : "Determined whether the user is allowed or not" "Msg": "The authorization message" diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index d43a0660c7..d1a606db75 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -610,7 +610,7 @@ authorization plugins when you start the Docker `daemon` using the `--authz-plugins=PLUGIN_ID` option. ```bash -docker daemon --authz-plugins=plugin1 --auth-plugins=plugin2,... +docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... ``` The `PLUGIN_ID` value is either the plugin's name or a path to its specification @@ -624,8 +624,7 @@ multiple plugins installed, at least one must allow the request for it to complete. For information about how to create an authorization plugin, see [authorization -plugin](https://docs.docker.com/engine/extend/authorization/) section in the -Docker extend section of this documentation. +plugin](../../extend/authorization.md) section in the Docker extend section of this documentation. ## Miscellaneous options diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index de16f6849e..b3e3ad65b1 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -7,6 +7,7 @@ docker-daemon - Enable daemon mode # SYNOPSIS **docker daemon** [**--api-cors-header**=[=*API-CORS-HEADER*]] +[**--authz-plugins**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] [**--cluster-store**[=*[]*]] @@ -70,6 +71,9 @@ format. **--api-cors-header**="" Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. +**--authz-plugins**="" + Set authorization plugins to load + **-b**, **--bridge**="" Attach containers to a pre\-existing network bridge; use 'none' to disable container networking @@ -456,6 +460,31 @@ Specifies the path to a local file with a PEM encoded private key. This private key is used as the client key for communication with the Key/Value store. +# Access authorization + +Docker's access authorization can be extended by authorization plugins that your +organization can purchase or build themselves. You can install one or more +authorization plugins when you start the Docker `daemon` using the +`--authz-plugins=PLUGIN_ID` option. + +```bash +docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... +``` + +The `PLUGIN_ID` value is either the plugin's name or a path to its specification +file. The plugin's implementation determines whether you can specify a name or +path. Consult with your Docker administrator to get information about the +plugins available to you. + +Once a plugin is installed, requests made to the `daemon` through the command +line or Docker's remote API are allowed or denied by the plugin. If you have +multiple plugins installed, at least one must allow the request for it to +complete. + +For information about how to create an authorization plugin, see [authorization +plugin](https://docs.docker.com/engine/extend/authorization.md) section in the +Docker extend section of this documentation. + # HISTORY Sept 2015, Originally compiled by Shishir Mahajan From 53c1cb81c0338e881ee305244b11926345eaf980 Mon Sep 17 00:00:00 2001 From: Liron Levin Date: Fri, 11 Dec 2015 20:59:15 +0200 Subject: [PATCH 1048/2538] Change authz plugin argument name Signed-off-by: Liron Levin --- docs/extend/authorization.md | 6 +++--- docs/reference/commandline/daemon.md | 6 +++--- man/docker-daemon.8.md | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md index 448497e6a8..a48a8fbdf7 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/authorization.md @@ -93,14 +93,14 @@ support the Docker client interactions detailed in this section. ### Setting up Docker daemon Enable the authorization plugin with a dedicated command line flag in the -`--authz-plugins=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` value. +`--authz-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` value. This value can be the plugin’s socket or a path to a specification file. ```bash -$ docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... +$ docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... ``` -Docker's authorization subsystem supports multiple `--authz-plugins` parameters. +Docker's authorization subsystem supports multiple `--authz-plugin` parameters. ### Calling authorized command (allow) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index d1a606db75..3c28295188 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -17,7 +17,7 @@ weight = -1 Options: --api-cors-header="" Set CORS headers in the remote API - --authz-plugins=[] Set authorization plugins to load + --authz-plugin=[] Set authorization plugins to load -b, --bridge="" Attach containers to a network bridge --bip="" Specify network bridge IP -D, --debug=false Enable debug mode @@ -607,10 +607,10 @@ The currently supported cluster store options are: Docker's access authorization can be extended by authorization plugins that your organization can purchase or build themselves. You can install one or more authorization plugins when you start the Docker `daemon` using the -`--authz-plugins=PLUGIN_ID` option. +`--authz-plugin=PLUGIN_ID` option. ```bash -docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... +docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... ``` The `PLUGIN_ID` value is either the plugin's name or a path to its specification diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index b3e3ad65b1..f06a05e92b 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -7,7 +7,7 @@ docker-daemon - Enable daemon mode # SYNOPSIS **docker daemon** [**--api-cors-header**=[=*API-CORS-HEADER*]] -[**--authz-plugins**[=*[]*]] +[**--authz-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] [**--cluster-store**[=*[]*]] @@ -71,7 +71,7 @@ format. **--api-cors-header**="" Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. -**--authz-plugins**="" +**--authz-plugin**="" Set authorization plugins to load **-b**, **--bridge**="" @@ -465,10 +465,10 @@ Key/Value store. Docker's access authorization can be extended by authorization plugins that your organization can purchase or build themselves. You can install one or more authorization plugins when you start the Docker `daemon` using the -`--authz-plugins=PLUGIN_ID` option. +`--authz-plugin=PLUGIN_ID` option. ```bash -docker daemon --authz-plugins=plugin1 --authz-plugins=plugin2,... +docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... ``` The `PLUGIN_ID` value is either the plugin's name or a path to its specification From b91f98d9f171121c5399359e2bdd6aba95dcbef3 Mon Sep 17 00:00:00 2001 From: Justas Brazauskas Date: Sun, 13 Dec 2015 18:00:39 +0200 Subject: [PATCH 1049/2538] Fix typos found across repository Signed-off-by: Justas Brazauskas --- docs/reference/commandline/events.md | 4 ++-- experimental/plugins_graphdriver.md | 2 +- experimental/userns.md | 14 +++++++------- man/docker-events.1.md | 6 +++--- man/docker-ps.1.md | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index df88717385..d0e299a69e 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -27,11 +27,11 @@ and Docker images will report: delete, import, pull, push, tag, untag -The `--since` and `--until` parameters can be Unix timestamps, date formated +The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine’s time. If you do not provide the --since option, the command returns only new and/or live events. Supported formats for date -formated time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, +formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be used if you do not provide either a `Z` or a `+-00:00` timezone offset at the end of the timestamp. When providing Unix diff --git a/experimental/plugins_graphdriver.md b/experimental/plugins_graphdriver.md index 700fdde13b..428cdb7750 100644 --- a/experimental/plugins_graphdriver.md +++ b/experimental/plugins_graphdriver.md @@ -204,7 +204,7 @@ Respond with a string error if an error occurred. {} ``` -Perform neccessary tasks to release resources help by the plugin, for example +Perform necessary tasks to release resources help by the plugin, for example unmounting all the layered file systems. **Response**: diff --git a/experimental/userns.md b/experimental/userns.md index 5a204fa7cf..cb713f7d65 100644 --- a/experimental/userns.md +++ b/experimental/userns.md @@ -12,13 +12,13 @@ In this experimental phase, the Docker daemon creates a single daemon-wide mappi for all containers running on the same engine instance. The mappings will utilize the existing subordinate user and group ID feature available on all modern Linux distributions. -The [`/etc/subuid`](http://man7.org/linux/man-pages/man5/subuid.5.html) and +The [`/etc/subuid`](http://man7.org/linux/man-pages/man5/subuid.5.html) and [`/etc/subgid`](http://man7.org/linux/man-pages/man5/subgid.5.html) files will be -read for the user, and optional group, specified to the `--userns-remap` -parameter. If you do not wish to specify your own user and/or group, you can +read for the user, and optional group, specified to the `--userns-remap` +parameter. If you do not wish to specify your own user and/or group, you can provide `default` as the value to this flag, and a user will be created on your behalf and provided subordinate uid and gid ranges. This default user will be named -`dockremap`, and entries will be created for it in `/etc/passwd` and +`dockremap`, and entries will be created for it in `/etc/passwd` and `/etc/group` using your distro's standard user and group creation tools. > **Note**: The single mapping per-daemon restriction exists for this experimental @@ -43,7 +43,7 @@ values in the following formats: If numeric IDs are provided, translation back to valid user or group names will occur so that the subordinate uid and gid information can be read, given these resources are name-based, not id-based. If the numeric ID information -provided does not exist as entries in `/etc/passwd` or `/etc/group`, dameon +provided does not exist as entries in `/etc/passwd` or `/etc/group`, daemon startup will fail with an error message. *An example: starting with default Docker user management:* @@ -67,7 +67,7 @@ create the following range, based on an existing user already having the first > **Note:** On a fresh Fedora install, we found that we had to `touch` the > `/etc/subuid` and `/etc/subgid` files to have ranges assigned when users -> were created. Once these files existed, range assigment on user creation +> were created. Once these files existed, range assignment on user creation > worked properly. If you have a preferred/self-managed user with subordinate ID mappings already @@ -84,7 +84,7 @@ current experimental user namespace support. The simplest case exists where only one contiguous range is defined for the provided user or group. In this case, Docker will use that entire contiguous -range for the mapping of host uids and gids to the container process. This +range for the mapping of host uids and gids to the container process. This means that the first ID in the range will be the remapped root user, and the IDs above that initial ID will map host ID 1 through the end of the range. diff --git a/man/docker-events.1.md b/man/docker-events.1.md index bf0eda92eb..fb8d7b00b8 100644 --- a/man/docker-events.1.md +++ b/man/docker-events.1.md @@ -37,11 +37,11 @@ and Docker images will report: **--until**="" Stream events until this timestamp -The `--since` and `--until` parameters can be Unix timestamps, date formated +The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine’s time. If you do not provide the --since option, the command returns only new and/or live events. Supported formats for date -formated time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, +formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be used if you do not provide either a `Z` or a `+-00:00` timezone offset at the end of the timestamp. When providing Unix @@ -49,7 +49,7 @@ timestamps enter seconds[.nanoseconds], where seconds is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. - + # EXAMPLES ## Listening for Docker events diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index cee553a237..82a4ea20d5 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -48,7 +48,7 @@ the running containers. .Ports - Exposed ports. .Status - Container status. .Size - Container disk size. - .Labels - All labels asigned to the container. + .Labels - All labels assigned to the container. .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` **--help** From 1df420553c38a1f8051b50051757511843a17679 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 14 Dec 2015 21:16:54 +0100 Subject: [PATCH 1050/2538] Add zsh completion for 'docker daemon --authz-plugin' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index b29d7a587b..a3cedec535 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -578,6 +578,7 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)--api-cors-header=[Set CORS headers in the remote API]:CORS headers: " \ + "($help)*--authz-plugin=[Set authorization plugins to load]" \ "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ "($help)--bip=[Specify network bridge IP]" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ From c54cb6f4906626e13e9678e9124207dbe442885f Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 14 Dec 2015 21:20:49 +0100 Subject: [PATCH 1051/2538] Fix small missing equal sign for 'docker daemon --cluster-store-opt' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a3cedec535..142d87036f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -586,7 +586,7 @@ __docker_subcommand() { "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ "($help)--cluster-store=[URL of the distributed storage backend]:Cluster Store:->cluster-store" \ "($help)--cluster-advertise=[Address of the daemon instance to advertise]:Instance to advertise (host\:port): " \ - "($help)*--cluster-store-opt[Set cluster options]:Cluster options:->cluster-store-options" \ + "($help)*--cluster-store-opt=[Set cluster options]:Cluster options:->cluster-store-options" \ "($help)*--dns=[DNS server to use]:DNS: " \ "($help)*--dns-search=[DNS search domains to use]:DNS search: " \ "($help)*--dns-opt=[DNS options to use]:DNS option: " \ From 9339b4abb5cbbec7566f658fd562f9995b50ee63 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 14 Dec 2015 13:25:45 -0800 Subject: [PATCH 1052/2538] bash completion for `docker daemon --authz-plugin` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7210e42cb3..4a1b2f39e4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -656,6 +656,7 @@ _docker_daemon() { local options_with_args=" $global_options_with_args --api-cors-header + --authz-plugin --bip --bridge -b --cluster-advertise From b2cbaa03af8b0939596c9ff1595b93c7ba7da307 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 23 Oct 2015 16:57:57 -0400 Subject: [PATCH 1053/2538] Add capability to specify mount propagation per volume Allow passing mount propagation option shared, slave, or private as volume property. For example. docker run -ti -v /root/mnt-source:/root/mnt-dest:slave fedora bash Signed-off-by: Vivek Goyal --- docs/reference/commandline/create.md | 12 ++--- docs/reference/commandline/run.md | 12 ++--- docs/reference/run.md | 13 +++-- man/docker-create.1.md | 76 +++++++++++++++++++++++++-- man/docker-inspect.1.md | 1 + man/docker-run.1.md | 78 +++++++++++++++++++--------- 6 files changed, 147 insertions(+), 45 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 06e047f4aa..fae59a59cf 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -79,12 +79,12 @@ Creates a new container. -u, --user="" Username or UID --ulimit=[] Ulimit options --uts="" UTS namespace to use - -v, --volume=[] Bind mount a volume with: [host-src:]container-dest[:], where - options are comma delimited and selected from [rw|ro] and [z|Z]. - The 'host-src' can either be an absolute path or a name value. - If 'host-src' is missing, then docker creates a new volume. - If neither 'rw' or 'ro' is specified then the volume is mounted - in read-write mode. + -v, --volume=[host-src:]container-dest[:] + Bind mount a volume. The comma-delimited + `options` are [rw|ro], [z|Z], or + [[r]shared|[r]slave|[r]private]. The + 'host-src' is an absolute path or a name + value. --volume-driver="" Container's volume driver --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 5794b65ba0..57822fbfe6 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -80,12 +80,12 @@ parent = "smn_cli" -u, --user="" Username or UID (format: [:]) --ulimit=[] Ulimit options --uts="" UTS namespace to use - -v, --volume=[] Bind mount a volume with: [host-src:]container-dest[:], where - options are comma delimited and selected from [rw|ro] and [z|Z]. - The 'host-src' can either be an absolute path or a name value. - If 'host-src' is missing, then docker creates a new volume. - If neither 'rw' or 'ro' is specified then the volume is mounted - in read-write mode. + -v, --volume=[host-src:]container-dest[:] + Bind mount a volume. The comma-delimited + `options` are [rw|ro], [z|Z], or + [[r]shared|[r]slave|[r]private]. The + 'host-src' is an absolute path or a name + value. --volume-driver="" Container's volume driver --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/docs/reference/run.md b/docs/reference/run.md index 160ad986c7..8e83d2b328 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1330,11 +1330,14 @@ Similarly the operator can set the **hostname** with `-h`. ### VOLUME (shared filesystems) - -v=[]: Create a bind mount with: [host-src:]container-dest[:], where - options are comma delimited and selected from [rw|ro] and [z|Z]. - If 'host-src' is missing, then docker creates a new volume. - If neither 'rw' or 'ro' is specified then the volume is mounted - in read-write mode. + -v, --volume=[host-src:]container-dest[:]: Bind mount a volume. + The comma-delimited `options` are [rw|ro], [z|Z], or + [[r]shared|[r]slave|[r]private]. The 'host-src' is an absolute path or a + name value. + + If neither 'rw' or 'ro' is specified then the volume is mounted in + read-write mode. + --volumes-from="": Mount all volumes from the given container(s) > **Note**: diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 8212c6bd82..bca40cbacc 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -64,7 +64,7 @@ docker-create - Create a new container [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] -[**-v**|**--volume**[=*[]*]] +[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]] [**--volume-driver**[=*DRIVER*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] @@ -311,8 +311,78 @@ any options, the systems uses the following options: **host**: use the host's UTS namespace inside the container. Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. -**-v**, **--volume**=[] - Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) +**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] + Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker + bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker + container. If 'HOST-DIR' is omitted, Docker automatically creates the new + volume on the host. The `OPTIONS` are a comma delimited list and can be: + + * [rw|ro] + * [z|Z] + * [`[r]shared`|`[r]slave`|`[r]private`] + +The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` +can be an absolute path or a `name` value. A `name` value must start with an +alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or +`-` (hyphen). An absolute path starts with a `/` (forward slash). + +If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the +path you specify. If you supply a `name`, Docker creates a named volume by that +`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR` +value. If you supply the `/foo` value, Docker creates a bind-mount. If you +supply the `foo` specification, Docker creates a named volume. + +You can specify multiple **-v** options to mount one or more mounts to a +container. To use these same mounts in other containers, specify the +**--volumes-from** option also. + +You can add `:ro` or `:rw` suffix to a volume to mount it read-only or +read-write mode, respectively. By default, the volumes are mounted read-write. +See examples. + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a container. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Docker does not change the labels set by the OS. + +To change a label in the container context, you can add either of two suffixes +`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file +objects on the shared volumes. The `z` option tells Docker that two containers +share the volume content. As a result, Docker labels the content with a shared +content label. Shared volume labels allow all containers to read/write content. +The `Z` option tells Docker to label the content with a private unshared label. +Only the current container can use a private volume. + +By default bind mounted volumes are `private`. That means any mounts done +inside container will not be visible on host and vice-a-versa. One can change +this behavior by specifying a volume mount propagation property. Making a +volume `shared` mounts done under that volume inside container will be +visible on host and vice-a-versa. Making a volume `slave` enables only one +way mount propagation and that is mounts done on host under that volume +will be visible inside container but not the other way around. + +To control mount propagation property of volume one can use `:[r]shared`, +`:[r]slave` or `:[r]private` propagation flag. Propagation property can +be specified only for bind mounted volumes and not for internal volumes or +named volumes. For mount propagation to work source mount point (mount point +where source dir is mounted on) has to have right propagation properties. For +shared volumes, source mount point has to be shared. And for slave volumes, +source mount has to be either shared or slave. + +Use `df ` to figure out the source mount and then use +`findmnt -o TARGET,PROPAGATION ` to figure out propagation +properties of source mount. If `findmnt` utility is not available, then one +can look at mount entry for source mount point in `/proc/self/mountinfo`. Look +at `optional fields` and see if any propagaion properties are specified. +`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if +nothing is there that means mount is `private`. + +To change propagation properties of a mount point use `mount` command. For +example, if one wants to bind mount source directory `/foo` one can do +`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This +will convert /foo into a `shared` mount point. Alternatively one can directly +change propagation properties of source mount. Say `/` is source mount for +`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 0975152452..c2e32cfd67 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -104,6 +104,7 @@ To get information on a container use its ID or instance name: "Destination": "/data", "Mode": "ro,Z", "RW": false + "Propagation": "" } ], "AppArmorProfile": "", diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 83c901006c..603db39b7f 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -67,7 +67,7 @@ docker-run - Run a command in a new container [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] [**--uts**[=*[]*]] -[**-v**|**--volume**[=*[]*]] +[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]] [**--volume-driver**[=*DRIVER*]] [**--volumes-from**[=*[]*]] [**-w**|**--workdir**[=*WORKDIR*]] @@ -476,24 +476,34 @@ any options, the systems uses the following options: **--ulimit**=[] Ulimit options -**-v**, **--volume**=[] Create a bind mount - (format: `[host-dir:]container-dir[:]`, where suffix options -are comma delimited and selected from [rw|ro] and [z|Z].) +**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] + Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker + bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker + container. If 'HOST-DIR' is omitted, Docker automatically creates the new + volume on the host. The `OPTIONS` are a comma delimited list and can be: - (e.g., using -v /host-dir:/container-dir, bind mounts /host-dir in the -host to /container-dir in the Docker container) + * [rw|ro] + * [z|Z] + * [`[r]shared`|`[r]slave`|`[r]private`] - If 'host-dir' is missing, then docker automatically creates the new volume -on the host. **This auto-creation of the host path has been deprecated in -Release: v1.9.** +The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` +can be an absolute path or a `name` value. A `name` value must start with an +alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or +`-` (hyphen). An absolute path starts with a `/` (forward slash). - The **-v** option can be used one or -more times to add one or more mounts to a container. These mounts can then be -used in other containers using the **--volumes-from** option. +If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the +path you specify. If you supply a `name`, Docker creates a named volume by that +`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR` +value. If you supply the `/foo` value, Docker creates a bind-mount. If you +supply the `foo` specification, Docker creates a named volume. - The volume may be optionally suffixed with :ro or :rw to mount the volumes in -read-only or read-write mode, respectively. By default, the volumes are mounted -read-write. See examples. +You can specify multiple **-v** options to mount one or more mounts to a +container. To use these same mounts in other containers, specify the +**--volumes-from** option also. + +You can add `:ro` or `:rw` suffix to a volume to mount it read-only or +read-write mode, respectively. By default, the volumes are mounted read-write. +See examples. Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might @@ -508,18 +518,36 @@ content label. Shared volume labels allow all containers to read/write content. The `Z` option tells Docker to label the content with a private unshared label. Only the current container can use a private volume. -The `container-dir` must always be an absolute path such as `/src/docs`. -The `host-dir` can either be an absolute path or a `name` value. If you -supply an absolute path for the `host-dir`, Docker bind-mounts to the path -you specify. If you supply a `name`, Docker creates a named volume by that `name`. +By default bind mounted volumes are `private`. That means any mounts done +inside container will not be visible on host and vice-a-versa. One can change +this behavior by specifying a volume mount propagation property. Making a +volume `shared` mounts done under that volume inside container will be +visible on host and vice-a-versa. Making a volume `slave` enables only one +way mount propagation and that is mounts done on host under that volume +will be visible inside container but not the other way around. -A `name` value must start with start with an alphanumeric character, -followed by `a-z0-9`, `_` (underscore), `.` (period) or `-` (hyphen). -An absolute path starts with a `/` (forward slash). +To control mount propagation property of volume one can use `:[r]shared`, +`:[r]slave` or `:[r]private` propagation flag. Propagation property can +be specified only for bind mounted volumes and not for internal volumes or +named volumes. For mount propagation to work source mount point (mount point +where source dir is mounted on) has to have right propagation properties. For +shared volumes, source mount point has to be shared. And for slave volumes, +source mount has to be either shared or slave. -For example, you can specify either `/foo` or `foo` for a `host-dir` value. -If you supply the `/foo` value, Docker creates a bind-mount. If you supply -the `foo` specification, Docker creates a named volume. +Use `df ` to figure out the source mount and then use +`findmnt -o TARGET,PROPAGATION ` to figure out propagation +properties of source mount. If `findmnt` utility is not available, then one +can look at mount entry for source mount point in `/proc/self/mountinfo`. Look +at `optional fields` and see if any propagaion properties are specified. +`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if +nothing is there that means mount is `private`. + +To change propagation properties of a mount point use `mount` command. For +example, if one wants to bind mount source directory `/foo` one can do +`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This +will convert /foo into a `shared` mount point. Alternatively one can directly +change propagation properties of source mount. Say `/` is source mount for +`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from From 5ea58b57cb8d13589f72d78e632ce640efbd91d1 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Wed, 16 Dec 2015 09:52:26 +0100 Subject: [PATCH 1054/2538] docs: extend: plugins_volume.md: Err default to empty string Signed-off-by: Antonio Murdaca --- docs/extend/plugins_volume.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 98418b735b..a2507f9113 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -65,7 +65,7 @@ Opts is a map of driver specific options passed through from the user request. **Response**: ``` { - "Err": null + "Err": "" } ``` @@ -85,7 +85,7 @@ Delete the specified volume from disk. This request is issued when a user invoke **Response**: ``` { - "Err": null + "Err": "" } ``` @@ -109,7 +109,7 @@ at the first mount request and deprovision at the last corresponding unmount req ``` { "Mountpoint": "/path/to/directory/on/host", - "Err": null + "Err": "" } ``` @@ -131,7 +131,7 @@ Docker needs reminding of the path to the volume on the host. ``` { "Mountpoint": "/path/to/directory/on/host", - "Err": null + "Err": "" } ``` @@ -154,7 +154,7 @@ this point. **Response**: ``` { - "Err": null + "Err": "" } ``` From 5e6c121c374051f68d12430b1cd58de212db1093 Mon Sep 17 00:00:00 2001 From: Ray Tsang Date: Tue, 15 Dec 2015 11:04:53 -0500 Subject: [PATCH 1055/2538] Updated REX-Ray plugin platform support. REX-Ray added Google Compute Engine support: https://github.com/emccode/rexray/issues/113 Signed-off-by: Ray Tsang --- docs/extend/plugins.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 6c17b9072d..f2cf1b7ba4 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -68,7 +68,7 @@ The following plugins exist: * The [REX-Ray plugin](https://github.com/emccode/rexraycli) is a volume plugin which is written in Go and provides advanced storage functionality for many - platforms including EC2, OpenStack, XtremIO, and ScaleIO. + platforms including EC2, Google Compute Engine, OpenStack, XtremIO, and ScaleIO. * The [Contiv Volume Plugin](https://github.com/contiv/volplugin) is an open source volume plugin that provides multi-tenant, persistent, distributed storage From 8b3b2571d706d00eab2c6346540fce025847ea4a Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 31 Aug 2015 14:45:27 -0700 Subject: [PATCH 1056/2538] Add a DOCKER_API_VERSION env var Closes: #11486 Just for @ahmetalpbalkan :-) Fixed some comment formatting too while in there. Signed-off-by: Doug Davis --- docs/reference/commandline/cli.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 4d1a0c7961..6a9a1d85fb 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -38,6 +38,7 @@ the [installation](../../installation/index.md) instructions for your operating For easy reference, the following list of environment variables are supported by the `docker` command line: +* `DOCKER_API_VERSION` The API version to use (e.g. `1.19`) * `DOCKER_CONFIG` The location of your client configuration files. * `DOCKER_CERT_PATH` The location of your authentication keys. * `DOCKER_DRIVER` The graph driver to use. From e79f2fcc212465d373a2580249c09ec97dc05c42 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Tue, 15 Dec 2015 09:49:18 +0100 Subject: [PATCH 1057/2538] pkg: authorization: add Err to tweak response status code Signed-off-by: Antonio Murdaca --- docs/extend/authorization.md | 57 +++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 27 deletions(-) diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md index a48a8fbdf7..5330e9d245 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/authorization.md @@ -146,13 +146,13 @@ should implement the following two methods: **Request**: ```json -{ - "User": "The user identification" - "UserAuthNMethod": "The authentication method used" - "RequestMethod": "The HTTP method" - "RequestUri": "The HTTP request URI" - "RequestBody": "Byte array containing the raw HTTP request body" - "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string " +{ + "User": "The user identification", + "UserAuthNMethod": "The authentication method used", + "RequestMethod": "The HTTP method", + "RequestUri": "The HTTP request URI", + "RequestBody": "Byte array containing the raw HTTP request body", + "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string ", "RequestStatusCode": "Request status code" } ``` @@ -160,27 +160,27 @@ should implement the following two methods: **Response**: ```json -{ - "Allow" : "Determined whether the user is allowed or not" - "Msg": "The authorization message" +{ + "Allow": "Determined whether the user is allowed or not", + "Msg": "The authorization message", + "Err": "The error message if things go wrong" } ``` - #### /AuthzPlugin.AuthZRes **Request**: ```json { - "User": "The user identification" - "UserAuthNMethod": "The authentication method used" - "RequestMethod": "The HTTP method" - "RequestUri": "The HTTP request URI" - "RequestBody": "Byte array containing the raw HTTP request body" - "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string" - "RequestStatusCode": "Request status code" - "ResponseBody": "Byte array containing the raw HTTP response body" - "ResponseHeader": "Byte array containing the raw HTTP response header as a map[string][]string" + "User": "The user identification", + "UserAuthNMethod": "The authentication method used", + "RequestMethod": "The HTTP method", + "RequestUri": "The HTTP request URI", + "RequestBody": "Byte array containing the raw HTTP request body", + "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string", + "RequestStatusCode": "Request status code", + "ResponseBody": "Byte array containing the raw HTTP response body", + "ResponseHeader": "Byte array containing the raw HTTP response header as a map[string][]string", "ResponseStatusCode":"Response status code" } ``` @@ -189,11 +189,12 @@ should implement the following two methods: ```json { - "Allow" : "Determined whether the user is allowed or not" - "Msg": "The authorization message" - "ModifiedBody": "Byte array containing a modified body of the raw HTTP body (or nil if no changes required)" - "ModifiedHeader": "Byte array containing a modified header of the HTTP response (or nil if no changes required)" - "ModifiedStatusCode": "int containing the modified version of the status code (or 0 if not change is required)" + "Allow": "Determined whether the user is allowed or not", + "Msg": "The authorization message", + "Err": "The error message if things go wrong", + "ModifiedBody": "Byte array containing a modified body of the raw HTTP body (or nil if no changes required)", + "ModifiedHeader": "Byte array containing a modified header of the HTTP response (or nil if no changes required)", + "ModifiedStatusCode": "int containing the modified version of the status code (or 0 if not change is required)" } ``` @@ -222,7 +223,8 @@ Request body | []byte | Raw request body Name | Type | Description --------|--------|---------------------------------------------------------------------------------- Allow | bool | Boolean value indicating whether the request is allowed or denied -Message | string | Authorization message (will be returned to the client in case the access is denied) +Msg | string | Authorization message (will be returned to the client in case the access is denied) +Err | string | Error message (will be returned to the client in case the plugin encounter an error) ### Response authorization @@ -249,4 +251,5 @@ Response body | []byte | Raw docker daemon response body Name | Type | Description --------|--------|---------------------------------------------------------------------------------- Allow | bool | Boolean value indicating whether the response is allowed or denied -Message | string | Authorization message (will be returned to the client in case the access is denied) \ No newline at end of file +Msg | string | Authorization message (will be returned to the client in case the access is denied) +Err | string | Error message (will be returned to the client in case the plugin encounter an error) From 752b902123d495d39c83cf9554c1fa3f17377fd8 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Thu, 17 Dec 2015 15:40:10 +0800 Subject: [PATCH 1058/2538] Fix typo error and update index Signed-off-by: Wen Cheng Ma --- docs/extend/index.md | 1 + docs/extend/plugins_network.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index 61afb720ca..b533ea1936 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -18,4 +18,5 @@ Currently, you can extend Docker by adding a plugin. This section contains the f * [Understand Docker plugins](plugins.md) * [Write a volume plugin](plugins_volume.md) * [Write a network plugin](plugins_network.md) +* [Write an authorization plugin](authorization.md) * [Docker plugin API](plugin_api.md) diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index c33a755056..01e8089f7e 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -51,7 +51,7 @@ documented as part of libnetwork: # Related Information -To interact with the Docker maintainers and other interested users, se the IRC channel `#docker-network`. +To interact with the Docker maintainers and other interested users, see the IRC channel `#docker-network`. - [Docker networks feature overview](../userguide/networking/index.md) - The [LibNetwork](https://github.com/docker/libnetwork) project From d00b518979e30aa9fe7f4b804c126cff802ae038 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Fri, 18 Dec 2015 12:34:19 +0100 Subject: [PATCH 1059/2538] authZ: more fixes - fix naming and formatting - provide more context when erroring auth - do not capitalize errors - fix wrong documentation - remove ugly remoteError{} Signed-off-by: Antonio Murdaca --- docs/extend/authorization.md | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md index 5330e9d245..23a1787ca3 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/authorization.md @@ -104,9 +104,6 @@ Docker's authorization subsystem supports multiple `--authz-plugin` parameters. ### Calling authorized command (allow) -Your plugin must support calling the `allow` command to authorize a command. -This call does not impact Docker's command line. - ```bash $ docker pull centos ... @@ -116,22 +113,20 @@ f1b10cd84249: Pull complete ### Calling unauthorized command (deny) -Your plugin must support calling the `deny` command to report on the outcome of -a plugin interaction. This call returns messages to Docker's command line informing -the user of the outcome of each call. +```bash +$ docker pull centos +... +docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed. +``` + +### Error from plugins ```bash $ docker pull centos -… -Authorization failed. Pull command for user 'john_doe' is -denied by authorization plugin 'ACME' with message -‘[ACME] User 'john_doe' is not allowed to perform the pull -command’ +... +docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?. ``` -Where multiple authorization plugins are installed, multiple messages are expected. - - ## API schema and implementation In addition to Docker's standard plugin registration method, each plugin From e5b94ba3efd3654a0e232a4c4989b3702f48bd92 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Fri, 18 Dec 2015 11:28:28 +0100 Subject: [PATCH 1060/2538] docs: extend: authorization.md: add a note about confidential stuff in Err Signed-off-by: Antonio Murdaca --- docs/extend/authorization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md index 23a1787ca3..80fa6c94b1 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/authorization.md @@ -219,7 +219,7 @@ Name | Type | Description --------|--------|---------------------------------------------------------------------------------- Allow | bool | Boolean value indicating whether the request is allowed or denied Msg | string | Authorization message (will be returned to the client in case the access is denied) -Err | string | Error message (will be returned to the client in case the plugin encounter an error) +Err | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information) ### Response authorization @@ -247,4 +247,4 @@ Name | Type | Description --------|--------|---------------------------------------------------------------------------------- Allow | bool | Boolean value indicating whether the response is allowed or denied Msg | string | Authorization message (will be returned to the client in case the access is denied) -Err | string | Error message (will be returned to the client in case the plugin encounter an error) +Err | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information) From 1b77149fd46978512609d3dca0341ab15b52b1b9 Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Tue, 15 Dec 2015 13:35:55 +0000 Subject: [PATCH 1061/2538] Explain 'json' function a bit better Signed-off-by: Bryan Boreham --- docs/reference/commandline/inspect.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 6620163f70..31a34b20be 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -65,11 +65,11 @@ the `HostPort` field to get the public address. $ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID -**Get config:** +**Get a subsection in JSON format:** -The `.Field` syntax doesn't work when the field contains JSON data, but -the template language's custom `json` function does. The `.config` -section contains complex JSON object, so to grab it as JSON, you use -`json` to convert the configuration object into JSON. +If you request a field which is itself a structure containing other +fields, by default you get a Go-style dump of the inner values. +Docker adds a template function, `json`, which can be applied to get +results in JSON format. - $ docker inspect --format='{{json .config}}' $INSTANCE_ID + $ docker inspect --format='{{json .Config}}' $INSTANCE_ID From 8008a57ffb6e7310591b2a206461f0e6829e2eab Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Wed, 16 Dec 2015 13:43:41 +0100 Subject: [PATCH 1062/2538] docs: userguide: labels-custom-metadsata.md: update syntax for emtpy value labels Signed-off-by: Antonio Murdaca --- man/Dockerfile.5.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/man/Dockerfile.5.md b/man/Dockerfile.5.md index c5e5bea518..7d56bda0fa 100644 --- a/man/Dockerfile.5.md +++ b/man/Dockerfile.5.md @@ -156,20 +156,23 @@ A Dockerfile is similar to a Makefile. the image. **LABEL** - -- `LABEL [=] [[=] ...]`or + -- `LABEL = [= ...]`or ``` LABEL [ ] LABEL [ ] ... ``` The **LABEL** instruction adds metadata to an image. A **LABEL** is a - key-value pair. To include spaces within a **LABEL** value, use quotes and + key-value pair. To specify a **LABEL** without a value, simply use an empty + string. To include spaces within a **LABEL** value, use quotes and backslashes as you would in command-line parsing. ``` LABEL com.example.vendor="ACME Incorporated" - or LABEL com.example.vendor "ACME Incorporated" + LABEL com.example.vendor.is-beta "" + LABEL com.example.vendor.is-beta= + LABEL com.example.vendor.is-beta="" ``` An image can have more than one label. To specify multiple labels, separate From 4620840d57023cf2d568118da4d57ccc07e96aa5 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 26 Nov 2015 23:54:24 -0600 Subject: [PATCH 1063/2538] Update restart description add a note around restart policies only working in detached mode Signed-off-by: Aidan Feldman Update restart description with Mary's comments. Signed-off-by: Sebastiaan van Stijn --- docs/reference/run.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 8e83d2b328..e14b1b1b7e 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -504,9 +504,10 @@ Or, to get the last time the container was (re)started; $ docker inspect -f "{{ .State.StartedAt }}" my-container # 2015-03-04T23:47:07.691840179Z -You cannot set any restart policy in combination with -["clean up (--rm)"](#clean-up-rm). Setting both `--restart` and `--rm` -results in an error. + +Combining `--restart` (restart policy) with the `--rm` (clean up) flag results +in an error. On container restart, attached clients are disconnected. See the +examples on using the [`--rm` (clean up)](#clean-up-rm) flag later in this page. ### Examples From fbb25d42f08fdb5ffb948bcb523a035609d1c235 Mon Sep 17 00:00:00 2001 From: Boaz Shuster Date: Wed, 28 Oct 2015 02:29:21 +0200 Subject: [PATCH 1064/2538] Change the quiet flag behavior in the build command Right now, the quiet (-q, --quiet) flag ignores the output generated from within the container. However, it ought to be quiet in a way that all kind of diagnostic output should be ignored, unless the build process fails. This patch makes the quiet flag behave in the following way: 1. If the build process succeeds, stdout contains the image ID and stderr is empty. 2. If the build process fails, stdout is empty and stderr has the error message and the diagnostic output of that process. If the quiet flag is not set, then everything goes to stdout and error messages, if there are any, go to stderr. Signed-off-by: Boaz Shuster --- contrib/completion/fish/docker.fish | 2 +- docs/reference/commandline/build.md | 2 +- man/docker-build.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 33abfd0d37..17af1c0171 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -95,7 +95,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l force-rm -d ' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l no-cache -d 'Do not use cache when building the image' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l pull -d 'Always attempt to pull a newer version of the image' -complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the verbose output generated by the containers' +complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s q -l quiet -d 'Suppress the build output and print image ID on success' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -l rm -d 'Remove intermediate containers after a successful build' complete -c docker -A -f -n '__fish_seen_subcommand_from build' -s t -l tag -d 'Repository name (and optionally a tag) to be applied to the resulting image in case of success' diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 88e57dce54..0219be0fbc 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -30,7 +30,7 @@ parent = "smn_cli" --memory-swap="" Total memory (memory + swap), `-1` to disable swap --no-cache=false Do not use cache when building the image --pull=false Always attempt to pull a newer version of the image - -q, --quiet=false Suppress the verbose output generated by the containers + -q, --quiet=false Suppress the build output and print image ID on success --rm=true Remove intermediate containers after a successful build --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. -t, --tag=[] Name and optionally a tag in the 'name:tag' format diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 4a87c4d515..52451c1d75 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -81,7 +81,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex Always attempt to pull a newer version of the image. The default is *false*. **-q**, **--quiet**=*true*|*false* - Suppress the verbose output generated by the containers. The default is *false*. + Suppress the build output and print image ID on success. The default is *false*. **--rm**=*true*|*false* Remove intermediate containers after a successful build. The default is *true*. From 1e3c5bbe15634eee1f0bb95d56f16bf2fea8edda Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 18 Dec 2015 14:03:41 +0100 Subject: [PATCH 1065/2538] Add --format support to images command - rename `api/client/ps` to `api/client/formatter` - add a a image formatter Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 5 ++- contrib/completion/zsh/_docker | 3 +- docs/reference/commandline/cli.md | 7 ++++ docs/reference/commandline/images.md | 50 ++++++++++++++++++++++++++++ man/docker-images.1.md | 11 ++++++ 5 files changed, 74 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4a1b2f39e4..1cb006e0eb 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -927,6 +927,9 @@ _docker_images() { fi return ;; + --format) + return + ;; esac case "${words[$cword-2]}$prev=" in @@ -941,7 +944,7 @@ _docker_images() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --digests --filter -f --help --no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --digests --filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) ) ;; =) return diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 142d87036f..11f26521c7 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -692,8 +692,9 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Show all images]" \ - "($help)--digest[Show digests]" \ + "($help)--digests[Show digests]" \ "($help)*"{-f=,--filter=}"[Filter values]:filter: " \ + "($help)--format[Pretty-print containers using a Go template]:format: " \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -): :__docker_repositories" && ret=0 diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 6a9a1d85fb..608cb1275a 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -103,6 +103,12 @@ Docker's client uses this property. If this property is not set, the client falls back to the default table format. For a list of supported formatting directives, see the [**Formatting** section in the `docker ps` documentation](ps.md) +The property `imagesFormat` specifies the default format for `docker images` output. +When the `--format` flag is not provided with the `docker images` command, +Docker's client uses this property. If this property is not set, the client +falls back to the default table format. For a list of supported formatting +directives, see the [**Formatting** section in the `docker images` documentation](images.md) + Following is a sample `config.json` file: { @@ -110,6 +116,7 @@ Following is a sample `config.json` file: "MyHeader": "MyValue" }, "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}" + "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}" } ### Notary diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index 651522c841..2385bc97c0 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -177,3 +177,53 @@ In this example, with the `0.1` value, it returns an empty set because no matche $ docker images --filter "label=com.example.version=0.1" REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + +## Formatting + +The formatting option (`--format`) will pretty print container output +using a Go template. + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +---- | ---- +`.ID` | Image ID +`.Repository` | Image repository +`.Tag` | Image tag +`.Digest` | Image digest +`.CreatedSince` | Elapsed time since the image was created. +`.CreatedAt` | Time when the image was created. +`.Size` | Image disk size. + +When using the `--format` option, the `image` command will either +output the data exactly as the template declares or, when using the +`table` directive, will include column headers as well. + +The following example uses a template without headers and outputs the +`ID` and `Repository` entries separated by a colon for all images: + + $ docker images --format "{{.ID}}: {{.Repository}}" + 77af4d6b9913: + b6fa739cedf5: committ + 78a85c484f71: + 30557a29d5ab: docker + 5ed6274db6ce: + 746b819f315e: postgres + 746b819f315e: postgres + 746b819f315e: postgres + 746b819f315e: postgres + +To list all images with their repository and tag in a table format you +can use: + + $ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}" + IMAGE ID REPOSITORY TAG + 77af4d6b9913 + b6fa739cedf5 committ latest + 78a85c484f71 + 30557a29d5ab docker latest + 5ed6274db6ce + 746b819f315e postgres 9 + 746b819f315e postgres 9.3 + 746b819f315e postgres 9.3.5 + 746b819f315e postgres latest diff --git a/man/docker-images.1.md b/man/docker-images.1.md index de4fee05c9..921a141684 100644 --- a/man/docker-images.1.md +++ b/man/docker-images.1.md @@ -40,6 +40,17 @@ versions. **-f**, **--filter**=[] Filters the output. The dangling=true filter finds unused images. While label=com.foo=amd64 filters for images with a com.foo value of amd64. The label=com.foo filter finds images with the label com.foo of any value. +**--format**="*TEMPLATE*" + Pretty-print containers using a Go template. + Valid placeholders: + .ID - Image ID + .Repository - Image repository + .Tag - Image tag + .Digest - Image digest + .CreatedSince - Elapsed time since the image was created. + .CreatedAt - Time when the image was created.. + .Size - Image disk size. + **--help** Print usage statement From 57a8c598204212f522ac669600dc3bd146d6e14e Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 15 Dec 2015 16:07:13 +0100 Subject: [PATCH 1066/2538] Use computed plugin lists in bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 35 +++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1cb006e0eb..6fcc23aa83 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -153,8 +153,11 @@ __docker_networks() { # Set DOCKER_COMPLETION_SHOW_NETWORK_IDS=yes to also complete network IDs. local fields='$2' [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS}" = yes ] && fields='$1,$2' - local networks=$(__docker_q network ls --no-trunc | awk "NR>1 {print $fields}") - COMPREPLY=( $(compgen -W "$networks" -- "$cur") ) + __docker_q network ls --no-trunc | awk "NR>1 {print $fields}" +} + +__docker_complete_networks() { + COMPREPLY=( $(compgen -W "$(__docker_complete_networks)" -- "$cur") ) } __docker_containers_in_network() { @@ -166,6 +169,14 @@ __docker_volumes() { COMPREPLY=( $(compgen -W "$(__docker_q volume ls -q)" -- "$cur") ) } +__docker_plugins() { + __docker_q info | sed -n "/^Plugins/,/^[^ ]/s/ $1: //p" +} + +__docker_complete_plugins() { + COMPREPLY=( $(compgen -W "$(__docker_plugins $1)" -- "$cur") ) +} + # Finds the position of the first word that is neither option nor an option's argument. # If there are options that require arguments, you should pass a glob describing those # options, e.g. "--option1|-o|--option2" @@ -1103,7 +1114,7 @@ _docker_network_connect() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_networks + __docker_complete_networks elif [ $cword -eq $(($counter + 1)) ]; then __docker_containers_running fi @@ -1121,9 +1132,11 @@ _docker_network_create() { return ;; --driver|-d) - # no need to suggest drivers that allow one instance only - # (host, null) - COMPREPLY=( $( compgen -W "bridge overlay" -- "$cur" ) ) + local plugins=" $(__docker_plugins Network) " + # remove drivers that allow one instance only + plugins=${plugins/ host / } + plugins=${plugins/ null / } + COMPREPLY=( $(compgen -W "$plugins" -- "$cur") ) return ;; esac @@ -1143,7 +1156,7 @@ _docker_network_disconnect() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_networks + __docker_complete_networks elif [ $cword -eq $(($counter + 1)) ]; then __docker_containers_in_network "$prev" fi @@ -1163,7 +1176,7 @@ _docker_network_inspect() { COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) ;; *) - __docker_networks + __docker_complete_networks esac } @@ -1535,7 +1548,7 @@ _docker_run() { __docker_containers_all ;; *) - COMPREPLY=( $( compgen -W "bridge none container: host" -- "$cur") ) + COMPREPLY=( $( compgen -W "$(__docker_plugins Network) $(__docker_networks) container:" -- "$cur") ) if [ "${COMPREPLY[*]}" = "container:" ] ; then __docker_nospace fi @@ -1572,7 +1585,7 @@ _docker_run() { return ;; --volume-driver) - COMPREPLY=( $( compgen -W "local" -- "$cur" ) ) + __docker_complete_plugins Volume return ;; --volumes-from) @@ -1731,7 +1744,7 @@ _docker_version() { _docker_volume_create() { case "$prev" in --driver|-d) - COMPREPLY=( $( compgen -W "local" -- "$cur" ) ) + __docker_complete_plugins Volume return ;; --name|--opt|-o) From 499d634f32dbf4b460a94f9931d4ddc55d534875 Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Wed, 8 Jul 2015 19:06:48 +0800 Subject: [PATCH 1067/2538] Add support for blkio read/write iops device Signed-off-by: Ma Shimiao --- contrib/completion/bash/docker | 2 ++ contrib/completion/zsh/_docker | 2 ++ docs/reference/commandline/create.md | 2 ++ docs/reference/commandline/run.md | 2 ++ docs/reference/run.md | 29 ++++++++++++++++++++++------ man/docker-create.1.md | 8 ++++++++ man/docker-run.1.md | 8 ++++++++ 7 files changed, 47 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 6fcc23aa83..11b047e67f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1405,7 +1405,9 @@ _docker_run() { --cpu-shares --device --device-read-bps + --device-read-iops --device-write-bps + --device-write-iops --dns --dns-opt --dns-search diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 11f26521c7..9394829745 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -469,7 +469,9 @@ __docker_subcommand() { "($help)--cidfile=[Write the container ID to the file]:CID file:_files" "($help)*--device=[Add a host device to the container]:device:_files" "($help)*--device-read-bps=[Limit the read rate (bytes per second) from a device]:device:IO rate: " + "($help)*--device-read-iops=[Limit the read rate (IO per second) from a device]:device:IO rate: " "($help)*--device-write-bps=[Limit the write rate (bytes per second) to a device]:device:IO rate: " + "($help)*--device-write-iops=[Limit the write rate (IO per second) to a device]:device:IO rate: " "($help)*--dns=[Set custom DNS servers]:DNS server: " "($help)*--dns-opt=[Set custom DNS options]:DNS option: " "($help)*--dns-search=[Set custom DNS search domains]:DNS domains: " diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index fae59a59cf..9f7752fb88 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -31,7 +31,9 @@ Creates a new container. --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) --device=[] Add a host device to the container --device-read-bps=[] Limit read rate (bytes per second) from a device (e.g., --device-read-bps=/dev/sda:1mb) + --device-read-iops=[] Limit read rate (IO per second) from a device (e.g., --device-read-iops=/dev/sda:1000) --device-write-bps=[] Limit write rate (bytes per second) to a device (e.g., --device-write-bps=/dev/sda:1mb) + --device-write-iops=[] Limit write rate (IO per second) to a device (e.g., --device-write-iops=/dev/sda:1000) --disable-content-trust=true Skip image verification --dns=[] Set custom DNS servers --dns-opt=[] Set custom DNS options diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 57822fbfe6..0aacf894dd 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -30,7 +30,9 @@ parent = "smn_cli" -d, --detach=false Run container in background and print container ID --device=[] Add a host device to the container --device-read-bps=[] Limit read rate (bytes per second) from a device (e.g., --device-read-bps=/dev/sda:1mb) + --device-read-iops=[] Limit read rate (IO per second) from a device (e.g., --device-read-iops=/dev/sda:1000) --device-write-bps=[] Limit write rate (bytes per second) to a device (e.g., --device-write-bps=/dev/sda:1mb) + --device-write-iops=[] Limit write rate (IO per second) to a device (e.g., --device-write-bps=/dev/sda:1000) --disable-content-trust=true Skip image verification --dns=[] Set custom DNS servers --dns-opt=[] Set custom DNS options diff --git a/docs/reference/run.md b/docs/reference/run.md index e14b1b1b7e..2689108fa8 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -633,6 +633,8 @@ container: | `--blkio-weight-device=""` | Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) | | `--device-read-bps=""` | Limit read rate from a device (format: `:[]`). Number is a positive integer. Unit can be one of `kb`, `mb`, or `gb`. | | `--device-write-bps=""` | Limit write rate to a device (format: `:[]`). Number is a positive integer. Unit can be one of `kb`, `mb`, or `gb`. | +| `--device-read-iops="" ` | Limit read rate (IO per second) from a device (format: `:`). Number is a positive integer. | +| `--device-write-iops="" ` | Limit write rate (IO per second) to a device (format: `:`). Number is a positive integer. | | `--oom-kill-disable=false` | Whether to disable OOM Killer for the container or not. | | `--memory-swappiness=""` | Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. | | `--shm-size=""` | Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. | @@ -984,15 +986,15 @@ on `/dev/sda` setting that weight to `200`: --blkio-weight-device "/dev/sda:200" \ ubuntu -The `--device-read-bps` flag limits the read rate from a device. For example, -this command creates a container and limits the read rate to `1mb` per second -from `/dev/sda`: +The `--device-read-bps` flag limits the read rate (bytes per second) from a device. +For example, this command creates a container and limits the read rate to `1mb` +per second from `/dev/sda`: $ docker run -it --device-read-bps /dev/sda:1mb ubuntu -The `--device-write-bps` flag limits the write rate to a device. For example, -this command creates a container and limits the write rate to `1mb` per second -for `/dev/sda`: +The `--device-write-bps` flag limits the write rate (bytes per second)to a device. +For example, this command creates a container and limits the write rate to `1mb` +per second for `/dev/sda`: $ docker run -it --device-write-bps /dev/sda:1mb ubuntu @@ -1000,6 +1002,21 @@ Both flags take limits in the `:[unit]` format. Both read and write rates must be a positive integer. You can specify the rate in `kb` (kilobytes), `mb` (megabytes), or `gb` (gigabytes). +The `--device-read-iops` flag limits read rate (IO per second) from a device. +For example, this command creates a container and limits the read rate to +`1000` IO per second from `/dev/sda`: + + $ docker run -ti --device-read-iops /dev/sda:1000 ubuntu + +The `--device-write-iops` flag limits write rate (IO per second) to a device. +For example, this command creates a container and limits the write rate to +`1000` IO per second to `/dev/sda`: + + $ docker run -ti --device-write-iops /dev/sda:1000 ubuntu + +Both flags take limits in the `:` format. Both read and +write rates must be a positive integer. + ## Additional groups --group-add: Add Linux capabilities diff --git a/man/docker-create.1.md b/man/docker-create.1.md index bca40cbacc..d473a624e9 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -21,7 +21,9 @@ docker-create - Create a new container [**--cpuset-mems**[=*CPUSET-MEMS*]] [**--device**[=*[]*]] [**--device-read-bps**[=*[]*]] +[**--device-read-iops**[=*[]*]] [**--device-write-bps**[=*[]*]] +[**--device-write-iops**[=*[]*]] [**--dns**[=*[]*]] [**--dns-search**[=*[]*]] [**--dns-opt**[=*[]*]] @@ -130,9 +132,15 @@ two memory nodes. **--device-read-bps**=[] Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb) +**--device-read-iops**=[] + Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000) + **--device-write-bps**=[] Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) +**--device-write-iops**=[] + Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000) + **--dns**=[] Set custom DNS servers diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 603db39b7f..17c6e3268b 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -22,7 +22,9 @@ docker-run - Run a command in a new container [**-d**|**--detach**[=*false*]] [**--device**[=*[]*]] [**--device-read-bps**[=*[]*]] +[**--device-read-iops**[=*[]*]] [**--device-write-bps**[=*[]*]] +[**--device-write-iops**[=*[]*]] [**--dns**[=*[]*]] [**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] @@ -197,9 +199,15 @@ stopping the process by pressing the keys CTRL-P CTRL-Q. **--device-read-bps**=[] Limit read rate from a device (e.g. --device-read-bps=/dev/sda:1mb) +**--device-read-iops**=[] + Limit read rate from a device (e.g. --device-read-iops=/dev/sda:1000) + **--device-write-bps**=[] Limit write rate to a device (e.g. --device-write-bps=/dev/sda:1mb) +**--device-write-iops**=[] + Limit write rate a a device (e.g. --device-write-iops=/dev/sda:1000) + **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) From c227b6ac1101d74626a2c6dd12068875906335c5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 22 Dec 2015 12:27:56 +0100 Subject: [PATCH 1068/2538] Better function names in bash completion The new names make it easier to distinguish between helper functions and functions that actually perform completion by modifying the global COMPOPT variable. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 172 ++++++++++++++++----------------- 1 file changed, 86 insertions(+), 86 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 11b047e67f..a39a65fc97 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -56,7 +56,7 @@ __docker_q() { docker ${host:+-H "$host"} ${config:+--config "$config"} 2>/dev/null "$@" } -__docker_containers_all() { +__docker_complete_containers_all() { local IFS=$'\n' local containers=( $(__docker_q ps -aq --no-trunc) ) if [ "$1" ]; then @@ -68,35 +68,35 @@ __docker_containers_all() { COMPREPLY=( $(compgen -W "${names[*]} ${containers[*]}" -- "$cur") ) } -__docker_containers_running() { - __docker_containers_all '.State.Running' +__docker_complete_containers_running() { + __docker_complete_containers_all '.State.Running' } -__docker_containers_stopped() { - __docker_containers_all 'not .State.Running' +__docker_complete_containers_stopped() { + __docker_complete_containers_all 'not .State.Running' } -__docker_containers_pauseable() { - __docker_containers_all 'and .State.Running (not .State.Paused)' +__docker_complete_containers_pauseable() { + __docker_complete_containers_all 'and .State.Running (not .State.Paused)' } -__docker_containers_unpauseable() { - __docker_containers_all '.State.Paused' +__docker_complete_containers_unpauseable() { + __docker_complete_containers_all '.State.Paused' } -__docker_container_names() { +__docker_complete_container_names() { local containers=( $(__docker_q ps -aq --no-trunc) ) local names=( $(__docker_q inspect --format '{{.Name}}' "${containers[@]}") ) names=( "${names[@]#/}" ) # trim off the leading "/" from the container names COMPREPLY=( $(compgen -W "${names[*]}" -- "$cur") ) } -__docker_container_ids() { +__docker_complete_container_ids() { local containers=( $(__docker_q ps -aq) ) COMPREPLY=( $(compgen -W "${containers[*]}" -- "$cur") ) } -__docker_images() { +__docker_complete_images() { local images_args="" case "$DOCKER_COMPLETION_SHOW_IMAGE_IDS" in @@ -130,21 +130,21 @@ __docker_images() { __ltrim_colon_completions "$cur" } -__docker_image_repos() { +__docker_complete_image_repos() { local repos="$(__docker_q images | awk 'NR>1 && $1 != "" { print $1 }')" COMPREPLY=( $(compgen -W "$repos" -- "$cur") ) } -__docker_image_repos_and_tags() { +__docker_complete_image_repos_and_tags() { local reposAndTags="$(__docker_q images | awk 'NR>1 && $1 != "" { print $1; print $1":"$2 }')" COMPREPLY=( $(compgen -W "$reposAndTags" -- "$cur") ) __ltrim_colon_completions "$cur" } -__docker_containers_and_images() { - __docker_containers_all +__docker_complete_containers_and_images() { + __docker_complete_containers_all local containers=( "${COMPREPLY[@]}" ) - __docker_images + __docker_complete_images COMPREPLY+=( "${containers[@]}" ) } @@ -157,15 +157,15 @@ __docker_networks() { } __docker_complete_networks() { - COMPREPLY=( $(compgen -W "$(__docker_complete_networks)" -- "$cur") ) + COMPREPLY=( $(compgen -W "$(__docker_networks)" -- "$cur") ) } -__docker_containers_in_network() { +__docker_complete_containers_in_network() { local containers=$(__docker_q network inspect -f '{{range $i, $c := .Containers}}{{$i}} {{$c.Name}} {{end}}' "$1") COMPREPLY=( $(compgen -W "$containers" -- "$cur") ) } -__docker_volumes() { +__docker_complete_volumes() { COMPREPLY=( $(compgen -W "$(__docker_q volume ls -q)" -- "$cur") ) } @@ -282,12 +282,12 @@ __docker_nospace() { type compopt &>/dev/null && compopt -o nospace } -__docker_resolve_hostname() { +__docker_complete_resolved_hostname() { command -v host >/dev/null 2>&1 || return COMPREPLY=( $(host 2>/dev/null "${cur%:}" | awk '/has address/ {print $4}') ) } -__docker_capabilities() { +__docker_complete_capabilities() { # The list of capabilities is defined in types.go, ALL was added manually. COMPREPLY=( $( compgen -W " ALL @@ -332,7 +332,7 @@ __docker_capabilities() { " -- "$cur" ) ) } -__docker_log_drivers() { +__docker_complete_log_drivers() { COMPREPLY=( $( compgen -W " awslogs fluentd @@ -345,7 +345,7 @@ __docker_log_drivers() { " -- "$cur" ) ) } -__docker_log_driver_options() { +__docker_complete_log_options() { # see docs/reference/logging/index.md local awslogs_options="awslogs-region awslogs-group awslogs-stream" local fluentd_options="env fluentd-address labels tag" @@ -444,13 +444,13 @@ __docker_complete_log_driver_options() { return 1 } -__docker_log_levels() { +__docker_complete_log_levels() { COMPREPLY=( $( compgen -W "debug info warn error fatal" -- "$cur" ) ) } # a selection of the available signals that is most likely of interest in the # context of docker containers. -__docker_signals() { +__docker_complete_signals() { local signals=( SIGCONT SIGHUP @@ -479,7 +479,7 @@ _docker_docker() { return ;; --log-level|-l) - __docker_log_levels + __docker_complete_log_levels return ;; $(__docker_to_extglob "$global_options_with_args") ) @@ -508,7 +508,7 @@ _docker_attach() { *) local counter="$(__docker_pos_first_nonflag)" if [ $cword -eq $counter ]; then - __docker_containers_running + __docker_complete_containers_running fi ;; esac @@ -553,7 +553,7 @@ _docker_build() { return ;; --tag|-t) - __docker_image_repos_and_tags + __docker_complete_image_repos_and_tags return ;; $(__docker_to_extglob "$options_with_args") ) @@ -589,13 +589,13 @@ _docker_commit() { local counter=$(__docker_pos_first_nonflag '--author|-a|--change|-c|--message|-m') if [ $cword -eq $counter ]; then - __docker_containers_all + __docker_complete_containers_all return fi (( counter++ )) if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags + __docker_complete_image_repos_and_tags return fi ;; @@ -619,7 +619,7 @@ _docker_cp() { _filedir local files=( ${COMPREPLY[@]} ) - __docker_containers_all + __docker_complete_containers_all COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) local containers=( ${COMPREPLY[@]} ) @@ -635,7 +635,7 @@ _docker_cp() { if [ $cword -eq $counter ]; then if [ -e "$prev" ]; then - __docker_containers_all + __docker_complete_containers_all COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) __docker_nospace else @@ -713,7 +713,7 @@ _docker_daemon() { return ;; --log-driver) - __docker_log_drivers + __docker_complete_log_drivers return ;; --pidfile|-p|--tlscacert|--tlscert|--tlskey) @@ -759,11 +759,11 @@ _docker_daemon() { return ;; --log-level|-l) - __docker_log_levels + __docker_complete_log_levels return ;; --log-opt) - __docker_log_driver_options + __docker_complete_log_options return ;; $(__docker_to_extglob "$options_with_args") ) @@ -809,7 +809,7 @@ _docker_diff() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_containers_all + __docker_complete_containers_all fi ;; esac @@ -830,7 +830,7 @@ _docker_events() { case "${words[$cword-2]}$prev=" in *container=*) cur="${cur#=}" - __docker_containers_all + __docker_complete_containers_all return ;; *event=*) @@ -865,7 +865,7 @@ _docker_events() { ;; *image=*) cur="${cur#=}" - __docker_images + __docker_complete_images return ;; esac @@ -889,7 +889,7 @@ _docker_exec() { COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) ) ;; *) - __docker_containers_running + __docker_complete_containers_running ;; esac } @@ -902,7 +902,7 @@ _docker_export() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_containers_all + __docker_complete_containers_all fi ;; esac @@ -923,7 +923,7 @@ _docker_history() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_images + __docker_complete_images fi ;; esac @@ -961,7 +961,7 @@ _docker_images() { return ;; *) - __docker_image_repos + __docker_complete_image_repos ;; esac } @@ -985,7 +985,7 @@ _docker_import() { (( counter++ )) if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags + __docker_complete_image_repos_and_tags return fi ;; @@ -1019,13 +1019,13 @@ _docker_inspect() { *) case $(__docker_value_of_option --type) in '') - __docker_containers_and_images + __docker_complete_containers_and_images ;; container) - __docker_containers_all + __docker_complete_containers_all ;; image) - __docker_images + __docker_complete_images ;; esac esac @@ -1034,7 +1034,7 @@ _docker_inspect() { _docker_kill() { case "$prev" in --signal|-s) - __docker_signals + __docker_complete_signals return ;; esac @@ -1044,7 +1044,7 @@ _docker_kill() { COMPREPLY=( $( compgen -W "--help --signal -s" -- "$cur" ) ) ;; *) - __docker_containers_running + __docker_complete_containers_running ;; esac } @@ -1100,7 +1100,7 @@ _docker_logs() { *) local counter=$(__docker_pos_first_nonflag '--tail') if [ $cword -eq $counter ]; then - __docker_containers_all + __docker_complete_containers_all fi ;; esac @@ -1116,7 +1116,7 @@ _docker_network_connect() { if [ $cword -eq $counter ]; then __docker_complete_networks elif [ $cword -eq $(($counter + 1)) ]; then - __docker_containers_running + __docker_complete_containers_running fi ;; esac @@ -1158,7 +1158,7 @@ _docker_network_disconnect() { if [ $cword -eq $counter ]; then __docker_complete_networks elif [ $cword -eq $(($counter + 1)) ]; then - __docker_containers_in_network "$prev" + __docker_complete_containers_in_network "$prev" fi ;; esac @@ -1227,7 +1227,7 @@ _docker_pause() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_containers_pauseable + __docker_complete_containers_pauseable fi ;; esac @@ -1241,7 +1241,7 @@ _docker_port() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_containers_all + __docker_complete_containers_all fi ;; esac @@ -1250,7 +1250,7 @@ _docker_port() { _docker_ps() { case "$prev" in --before|--since) - __docker_containers_all + __docker_complete_containers_all ;; --filter|-f) COMPREPLY=( $( compgen -S = -W "ancestor exited id label name status" -- "$cur" ) ) @@ -1265,17 +1265,17 @@ _docker_ps() { case "${words[$cword-2]}$prev=" in *ancestor=*) cur="${cur#=}" - __docker_images + __docker_complete_images return ;; *id=*) cur="${cur#=}" - __docker_container_ids + __docker_complete_container_ids return ;; *name=*) cur="${cur#=}" - __docker_container_names + __docker_complete_container_names return ;; *status=*) @@ -1302,12 +1302,12 @@ _docker_pull() { for arg in "${COMP_WORDS[@]}"; do case "$arg" in --all-tags|-a) - __docker_image_repos + __docker_complete_image_repos return ;; esac done - __docker_image_repos_and_tags + __docker_complete_image_repos_and_tags fi ;; esac @@ -1321,7 +1321,7 @@ _docker_push() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags + __docker_complete_image_repos_and_tags fi ;; esac @@ -1335,7 +1335,7 @@ _docker_rename() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_containers_all + __docker_complete_containers_all fi ;; esac @@ -1353,7 +1353,7 @@ _docker_restart() { COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) ) ;; *) - __docker_containers_all + __docker_complete_containers_all ;; esac } @@ -1367,12 +1367,12 @@ _docker_rm() { for arg in "${COMP_WORDS[@]}"; do case "$arg" in --force|-f) - __docker_containers_all + __docker_complete_containers_all return ;; esac done - __docker_containers_stopped + __docker_complete_containers_stopped ;; esac } @@ -1383,7 +1383,7 @@ _docker_rmi() { COMPREPLY=( $( compgen -W "--force -f --help --no-prune" -- "$cur" ) ) ;; *) - __docker_images + __docker_complete_images ;; esac } @@ -1470,7 +1470,7 @@ _docker_run() { --add-host) case "$cur" in *:) - __docker_resolve_hostname + __docker_complete_resolved_hostname return ;; esac @@ -1480,7 +1480,7 @@ _docker_run() { return ;; --cap-add|--cap-drop) - __docker_capabilities + __docker_complete_capabilities return ;; --cidfile|--env-file|--label-file) @@ -1512,7 +1512,7 @@ _docker_run() { case "$cur" in *:*) cur="${cur#*:}" - __docker_containers_running + __docker_complete_containers_running ;; *) COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) ) @@ -1528,7 +1528,7 @@ _docker_run() { *:*) ;; *) - __docker_containers_running + __docker_complete_containers_running COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) __docker_nospace ;; @@ -1536,18 +1536,18 @@ _docker_run() { return ;; --log-driver) - __docker_log_drivers + __docker_complete_log_drivers return ;; --log-opt) - __docker_log_driver_options + __docker_complete_log_options return ;; --net) case "$cur" in container:*) local cur=${cur#*:} - __docker_containers_all + __docker_complete_containers_all ;; *) COMPREPLY=( $( compgen -W "$(__docker_plugins Network) $(__docker_networks) container:" -- "$cur") ) @@ -1591,7 +1591,7 @@ _docker_run() { return ;; --volumes-from) - __docker_containers_all + __docker_complete_containers_all return ;; $(__docker_to_extglob "$options_with_args") ) @@ -1608,7 +1608,7 @@ _docker_run() { *) local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) ) if [ $cword -eq $counter ]; then - __docker_images + __docker_complete_images fi ;; esac @@ -1627,7 +1627,7 @@ _docker_save() { COMPREPLY=( $( compgen -W "--help --output -o" -- "$cur" ) ) ;; *) - __docker_images + __docker_complete_images ;; esac } @@ -1652,7 +1652,7 @@ _docker_start() { COMPREPLY=( $( compgen -W "--attach -a --help --interactive -i" -- "$cur" ) ) ;; *) - __docker_containers_stopped + __docker_complete_containers_stopped ;; esac } @@ -1663,7 +1663,7 @@ _docker_stats() { COMPREPLY=( $( compgen -W "--all -a --help --no-stream" -- "$cur" ) ) ;; *) - __docker_containers_running + __docker_complete_containers_running ;; esac } @@ -1680,7 +1680,7 @@ _docker_stop() { COMPREPLY=( $( compgen -W "--help --time -t" -- "$cur" ) ) ;; *) - __docker_containers_running + __docker_complete_containers_running ;; esac } @@ -1694,13 +1694,13 @@ _docker_tag() { local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags + __docker_complete_image_repos_and_tags return fi (( counter++ )) if [ $cword -eq $counter ]; then - __docker_image_repos_and_tags + __docker_complete_image_repos_and_tags return fi ;; @@ -1715,7 +1715,7 @@ _docker_unpause() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_containers_unpauseable + __docker_complete_containers_unpauseable fi ;; esac @@ -1729,7 +1729,7 @@ _docker_top() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_containers_running + __docker_complete_containers_running fi ;; esac @@ -1773,7 +1773,7 @@ _docker_volume_inspect() { COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) ;; *) - __docker_volumes + __docker_complete_volumes ;; esac } @@ -1799,7 +1799,7 @@ _docker_volume_rm() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - __docker_volumes + __docker_complete_volumes ;; esac } @@ -1829,7 +1829,7 @@ _docker_wait() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - __docker_containers_all + __docker_complete_containers_all ;; esac } From c8ba44360ff75cb1d61389b9b1d0807518256767 Mon Sep 17 00:00:00 2001 From: Ilya Dmitrichenko Date: Tue, 22 Dec 2015 16:45:46 +0000 Subject: [PATCH 1069/2538] Update link for Weave Net plugin docs Signed-off-by: Ilya Dmitrichenko --- docs/extend/plugins.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index f2cf1b7ba4..feaecd96a2 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -80,7 +80,7 @@ multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards. -* The [Weave Network Plugin](https://github.com/weaveworks/docker-plugin) creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. +* The [Weave Network Plugin](http://docs.weave.works/weave/latest_release/plugin.html) creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. ## Troubleshooting a plugin From a36ca600a0403e89915167003fbc7e24d1a48dc4 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 22 Dec 2015 11:35:41 -0800 Subject: [PATCH 1070/2538] remove `--format` from bash completion for `docker network rm` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a39a65fc97..60ae2c9bc7 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1195,7 +1195,13 @@ _docker_network_ls() { } _docker_network_rm() { - _docker_network_inspect + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_complete_networks + esac } _docker_network() { From ed4cf608e29f41bed5f104a91396497ba5b2ffdd Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Tue, 10 Nov 2015 16:57:06 +0800 Subject: [PATCH 1071/2538] Add filter for `network ls` to hide predefined net Add filter support for `network ls` to hide predefined network, then user can use "docker network rm `docker network ls -f type=custom`" to delete a bundle of userdefined networks. Signed-off-by: Zhang Wei --- docs/reference/commandline/network_ls.md | 84 ++++++++++++++++++++++ man/docker-network-ls.1.md | 92 +++++++++++++++++++++++- 2 files changed, 174 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 9b4dbddc83..b5ddbf4091 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -13,6 +13,7 @@ parent = "smn_cli" Usage: docker network ls [OPTIONS] Lists all the networks created by the user + -f, --filter=[] Filter output based on conditions provided --help=false Print usage --no-trunc=false Do not truncate the output -q, --quiet=false Only display numeric IDs @@ -38,8 +39,91 @@ NETWORK ID NAME c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host 7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge 95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge +63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 dev bridge ``` +## Filtering + +The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there +is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). +Multiple filter flags are combined as an `OR` filter. For example, +`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks. + +The currently supported filters are: + +* id (network's id) +* name (network's name) +* type (custom|builtin) + +#### Type + +The `type` filter supports two values; `builtin` displays predefined networks +(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. + +The following filter matches all user defined networks: + +```bash +$ docker network ls --filter type=custom +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +63d1ff1f77b0 dev bridge +``` + +By having this flag it allows for batch cleanup. For example, use this filter +to delete all user defined networks: + +```bash +$ docker network rm `docker network ls --filter type=custom -q` +``` + +A warning will be issued when trying to remove a network that has containers +attached. + +#### Name + +The `name` filter matches on all or part of a network's name. + +The following filter matches all networks with a name containing the `foobar` string. + +```bash +$ docker network ls --filter name=foobar +NETWORK ID NAME DRIVER +06e7eef0a170 foobar bridge +``` + +You can also filter for a substring in a name as this shows: + +```bash +$ docker ps --filter name=foo +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +06e7eef0a170 foobar bridge +``` + +#### ID + +The `id` filter matches on all or part of a network's ID. + +The following filter matches all networks with a name containing the +`06e7eef01700` string. + +```bash +$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 +NETWORK ID NAME DRIVER +63d1ff1f77b0 dev bridge +``` + +You can also filter for a substring in a ID as this shows: + +```bash +$ docker ps --filter id=95e74588f40d +NETWORK ID NAME DRIVER +95e74588f40d foo bridge + +$ docker ps --filter id=95e +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +``` ## Related information diff --git a/man/docker-network-ls.1.md b/man/docker-network-ls.1.md index 3d1a1fbe46..ceca40573c 100644 --- a/man/docker-network-ls.1.md +++ b/man/docker-network-ls.1.md @@ -6,6 +6,7 @@ docker-network-ls - list networks # SYNOPSIS **docker network ls** +[**-f**|**--filter**[=*[]*]] [**--no-trunc**[=*true*|*false*]] [**-q**|**--quiet**[=*true*|*false*]] [**--help**] @@ -16,7 +17,7 @@ Lists all the networks the Engine `daemon` knows about. This includes the networks that span across multiple hosts in a cluster, for example: ```bash - $ sudo docker network ls + $ docker network ls NETWORK ID NAME DRIVER 7fca4eb8c647 bridge bridge 9f904ee27bf5 none null @@ -27,16 +28,103 @@ networks that span across multiple hosts in a cluster, for example: Use the `--no-trunc` option to display the full network id: ```bash -docker network ls --no-trunc +$ docker network ls --no-trunc NETWORK ID NAME DRIVER 18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host 7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge 95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge +63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 dev bridge +``` + +## Filtering + +The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there +is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). +Multiple filter flags are combined as an `OR` filter. For example, +`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks. + +The currently supported filters are: + +* id (network's id) +* name (network's name) +* type (custom|builtin) + +#### Type + +The `type` filter supports two values; `builtin` displays predefined networks +(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. + +The following filter matches all user defined networks: + +```bash +$ docker network ls --filter type=custom +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +63d1ff1f77b0 dev bridge +``` + +By having this flag it allows for batch cleanup. For example, use this filter +to delete all user defined networks: + +```bash +$ docker network rm `docker network ls --filter type=custom -q` +``` + +A warning will be issued when trying to remove a network that has containers +attached. + +#### Name + +The `name` filter matches on all or part of a network's name. + +The following filter matches all networks with a name containing the `foobar` string. + +```bash +$ docker network ls --filter name=foobar +NETWORK ID NAME DRIVER +06e7eef0a170 foobar bridge +``` + +You can also filter for a substring in a name as this shows: + +```bash +$ docker ps --filter name=foo +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +06e7eef0a170 foobar bridge +``` + +#### ID + +The `id` filter matches on all or part of a network's ID. + +The following filter matches all networks with a name containing the +`06e7eef01700` string. + +```bash +$ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 +NETWORK ID NAME DRIVER +63d1ff1f77b0 dev bridge +``` + +You can also filter for a substring in a ID as this shows: + +```bash +$ docker ps --filter id=95e74588f40d +NETWORK ID NAME DRIVER +95e74588f40d foo bridge + +$ docker ps --filter id=95e +NETWORK ID NAME DRIVER +95e74588f40d foo bridge ``` # OPTIONS +**-f**, **--filter**=*[]* + filter output based on conditions provided. + **--no-trunc**=*true*|*false* Do not truncate the output From 421578fbd490140e5f9a603ce0b156ea9dc1bdf2 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Wed, 23 Dec 2015 06:37:06 -0800 Subject: [PATCH 1072/2538] remove =false from options that default to false in the docs This re-aligns the docs with what the cmd line now does. Signed-off-by: Doug Davis --- docs/reference/commandline/attach.md | 4 ++-- docs/reference/commandline/build.md | 10 +++++----- docs/reference/commandline/commit.md | 2 +- docs/reference/commandline/cp.md | 4 ++-- docs/reference/commandline/create.md | 14 +++++++------- docs/reference/commandline/daemon.md | 14 +++++++------- docs/reference/commandline/diff.md | 2 +- docs/reference/commandline/events.md | 2 +- docs/reference/commandline/exec.md | 10 +++++----- docs/reference/commandline/export.md | 2 +- docs/reference/commandline/history.md | 6 +++--- docs/reference/commandline/images.md | 10 +++++----- docs/reference/commandline/import.md | 2 +- docs/reference/commandline/info.md | 2 +- docs/reference/commandline/inspect.md | 4 ++-- docs/reference/commandline/kill.md | 2 +- docs/reference/commandline/load.md | 2 +- docs/reference/commandline/login.md | 2 +- docs/reference/commandline/logout.md | 2 +- docs/reference/commandline/logs.md | 6 +++--- docs/reference/commandline/network_connect.md | 2 +- docs/reference/commandline/network_create.md | 2 +- .../commandline/network_disconnect.md | 2 +- docs/reference/commandline/network_inspect.md | 2 +- docs/reference/commandline/network_ls.md | 6 +++--- docs/reference/commandline/network_rm.md | 2 +- docs/reference/commandline/pause.md | 2 +- docs/reference/commandline/port.md | 2 +- docs/reference/commandline/ps.md | 12 ++++++------ docs/reference/commandline/pull.md | 4 ++-- docs/reference/commandline/push.md | 2 +- docs/reference/commandline/rename.md | 2 +- docs/reference/commandline/restart.md | 2 +- docs/reference/commandline/rm.md | 8 ++++---- docs/reference/commandline/rmi.md | 6 +++--- docs/reference/commandline/run.md | 18 +++++++++--------- docs/reference/commandline/save.md | 2 +- docs/reference/commandline/search.md | 6 +++--- docs/reference/commandline/start.md | 6 +++--- docs/reference/commandline/stats.md | 6 +++--- docs/reference/commandline/stop.md | 2 +- docs/reference/commandline/tag.md | 2 +- docs/reference/commandline/top.md | 2 +- docs/reference/commandline/unpause.md | 2 +- docs/reference/commandline/version.md | 2 +- docs/reference/commandline/volume_create.md | 2 +- docs/reference/commandline/volume_inspect.md | 2 +- docs/reference/commandline/volume_ls.md | 4 ++-- docs/reference/commandline/volume_rm.md | 2 +- docs/reference/commandline/wait.md | 2 +- docs/reference/run.md | 6 +++--- man/docker-attach.1.md | 2 +- man/docker-build.1.md | 8 ++++---- man/docker-create.1.md | 12 ++++++------ man/docker-daemon.8.md | 12 ++++++------ man/docker-exec.1.md | 8 ++++---- man/docker-history.1.md | 4 ++-- man/docker-images.1.md | 8 ++++---- man/docker-inspect.1.md | 4 ++-- man/docker-logs.1.md | 4 ++-- man/docker-ps.1.md | 10 +++++----- man/docker-pull.1.md | 2 +- man/docker-rm.1.md | 6 +++--- man/docker-rmi.1.md | 4 ++-- man/docker-run.1.md | 16 ++++++++-------- man/docker-search.1.md | 4 ++-- man/docker-start.1.md | 4 ++-- man/docker-stats.1.md | 4 ++-- 68 files changed, 168 insertions(+), 168 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index d746190d60..5712c92f51 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -14,8 +14,8 @@ parent = "smn_cli" Attach to a running container - --help=false Print usage - --no-stdin=false Do not attach STDIN + --help Print usage + --no-stdin Do not attach STDIN --sig-proxy=true Proxy all received signals to the process The `docker attach` command allows you to attach to a running container using diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 0219be0fbc..eab0cb7e31 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -23,14 +23,14 @@ parent = "smn_cli" --cpuset-mems="" MEMs in which to allow execution, e.g. `0-3`, `0,1` --disable-content-trust=true Skip image verification -f, --file="" Name of the Dockerfile (Default is 'PATH/Dockerfile') - --force-rm=false Always remove intermediate containers - --help=false Print usage + --force-rm Always remove intermediate containers + --help Print usage --isolation="" Container isolation technology -m, --memory="" Memory limit for all build containers --memory-swap="" Total memory (memory + swap), `-1` to disable swap - --no-cache=false Do not use cache when building the image - --pull=false Always attempt to pull a newer version of the image - -q, --quiet=false Suppress the build output and print image ID on success + --no-cache Do not use cache when building the image + --pull Always attempt to pull a newer version of the image + -q, --quiet Suppress the build output and print image ID on success --rm=true Remove intermediate containers after a successful build --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. -t, --tag=[] Name and optionally a tag in the 'name:tag' format diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index 3f9228eefb..49e37e416b 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -16,7 +16,7 @@ parent = "smn_cli" -a, --author="" Author (e.g., "John Hannibal Smith ") -c, --change=[] Apply specified Dockerfile instructions while committing the image - --help=false Print usage + --help Print usage -m, --message="" Commit message -p, --pause=true Pause container during commit diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index 8a1a6264d7..50179fb4cf 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -15,8 +15,8 @@ parent = "smn_cli" Copy files/folders between a container and the local filesystem - -L, --follow-link=false Always follow symbol link in SRC_PATH - --help=false Print usage + -L, --follow-link Always follow symbol link in SRC_PATH + --help Print usage The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. You can copy from the container's file system to the local machine or the diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 9f7752fb88..d6a9cc53d2 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -44,8 +44,8 @@ Creates a new container. --expose=[] Expose a port or a range of ports --group-add=[] Add additional groups to join -h, --hostname="" Container host name - --help=false Print usage - -i, --interactive=false Keep STDIN open even if not attached + --help Print usage + -i, --interactive Keep STDIN open even if not attached --ipc="" IPC namespace to use --isolation="" Container isolation technology --kernel-memory="" Kernel memory limit @@ -66,18 +66,18 @@ Creates a new container. 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network - --oom-kill-disable=false Whether to disable OOM Killer for the container or not + --oom-kill-disable Whether to disable OOM Killer for the container or not --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) - -P, --publish-all=false Publish all exposed ports to random ports + -P, --publish-all Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --pid="" PID namespace to use - --privileged=false Give extended privileges to this container - --read-only=false Mount the container's root filesystem as read only + --privileged Give extended privileges to this container + --read-only Mount the container's root filesystem as read only --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) --security-opt=[] Security options --stop-signal="SIGTERM" Signal to stop a container --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. - -t, --tty=false Allocate a pseudo-TTY + -t, --tty Allocate a pseudo-TTY -u, --user="" Username or UID --ulimit=[] Ulimit options --uts="" UTS namespace to use diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 3c28295188..1484b4e542 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -20,7 +20,7 @@ weight = -1 --authz-plugin=[] Set authorization plugins to load -b, --bridge="" Attach containers to a network bridge --bip="" Specify network bridge IP - -D, --debug=false Enable debug mode + -D, --debug Enable debug mode --default-gateway="" Container default gateway IPv4 address --default-gateway-v6="" Container default gateway IPv6 address --cluster-store="" URL of the distributed storage backend @@ -37,30 +37,30 @@ weight = -1 -G, --group="docker" Group for the unix socket -g, --graph="/var/lib/docker" Root of the Docker runtime -H, --host=[] Daemon socket(s) to connect to - --help=false Print usage + --help Print usage --icc=true Enable inter-container communication --insecure-registry=[] Enable insecure registry communication --ip=0.0.0.0 Default IP when binding container ports --ip-forward=true Enable net.ipv4.ip_forward --ip-masq=true Enable IP masquerading --iptables=true Enable addition of iptables rules - --ipv6=false Enable IPv6 networking + --ipv6 Enable IPv6 networking -l, --log-level="info" Set the logging level --label=[] Set key=value labels to the daemon --log-driver="json-file" Default driver for container logs --log-opt=[] Log driver specific options --mtu=0 Set the containers network MTU - --disable-legacy-registry=false Do not contact legacy registries + --disable-legacy-registry Do not contact legacy registries -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --registry-mirror=[] Preferred Docker registry mirror -s, --storage-driver="" Storage driver to use - --selinux-enabled=false Enable selinux support + --selinux-enabled Enable selinux support --storage-opt=[] Set storage driver options - --tls=false Use TLS; implied by --tlsverify + --tls Use TLS; implied by --tlsverify --tlscacert="~/.docker/ca.pem" Trust certs signed only by this CA --tlscert="~/.docker/cert.pem" Path to TLS certificate file --tlskey="~/.docker/key.pem" Path to TLS key file - --tlsverify=false Use TLS and verify the remote + --tlsverify Use TLS and verify the remote --userland-proxy=true Use userland proxy for loopback traffic Options with [] may be specified multiple times. diff --git a/docs/reference/commandline/diff.md b/docs/reference/commandline/diff.md index 17e870d35f..bda74eadad 100644 --- a/docs/reference/commandline/diff.md +++ b/docs/reference/commandline/diff.md @@ -14,7 +14,7 @@ parent = "smn_cli" Inspect changes on a container's filesystem - --help=false Print usage + --help Print usage List the changed files and directories in a container᾿s filesystem There are 3 events that are listed in the `diff`: diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index d0e299a69e..1af0e2337a 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -15,7 +15,7 @@ parent = "smn_cli" Get real time events from the server -f, --filter=[] Filter output based on conditions provided - --help=false Print usage + --help Print usage --since="" Show all events created since timestamp --until="" Stream events until this timestamp diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index 658292679f..971a2f2d67 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -14,11 +14,11 @@ parent = "smn_cli" Run a command in a running container - -d, --detach=false Detached mode: run command in the background - --help=false Print usage - -i, --interactive=false Keep STDIN open even if not attached - --privileged=false Give extended Linux capabilities to the command - -t, --tty=false Allocate a pseudo-TTY + -d, --detach Detached mode: run command in the background + --help Print usage + -i, --interactive Keep STDIN open even if not attached + --privileged Give extended Linux capabilities to the command + -t, --tty Allocate a pseudo-TTY -u, --user= Username or UID (format: [:]) The `docker exec` command runs a new command in a running container. diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index 96bf544733..87b691cd43 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -14,7 +14,7 @@ parent = "smn_cli" Export the contents of a container's filesystem as a tar archive - --help=false Print usage + --help Print usage -o, --output="" Write to a file, instead of STDOUT The `docker export` command does not export the contents of volumes associated diff --git a/docs/reference/commandline/history.md b/docs/reference/commandline/history.md index 43edf34620..d8750d83c0 100644 --- a/docs/reference/commandline/history.md +++ b/docs/reference/commandline/history.md @@ -15,9 +15,9 @@ parent = "smn_cli" Show the history of an image -H, --human=true Print sizes and dates in human readable format - --help=false Print usage - --no-trunc=false Don't truncate output - -q, --quiet=false Only show numeric IDs + --help Print usage + --no-trunc Don't truncate output + -q, --quiet Only show numeric IDs To see how the `docker:latest` image was built: diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index 2385bc97c0..cfee5a4bbf 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -14,12 +14,12 @@ parent = "smn_cli" List images - -a, --all=false Show all images (default hides intermediate images) - --digests=false Show digests + -a, --all Show all images (default hides intermediate images) + --digests Show digests -f, --filter=[] Filter output based on conditions provided - --help=false Print usage - --no-trunc=false Don't truncate output - -q, --quiet=false Only show numeric IDs + --help Print usage + --no-trunc Don't truncate output + -q, --quiet Only show numeric IDs The default `docker images` will show all top level images, their repository and tags, and their virtual size. diff --git a/docs/reference/commandline/import.md b/docs/reference/commandline/import.md index 4881f016da..3b36a52bad 100644 --- a/docs/reference/commandline/import.md +++ b/docs/reference/commandline/import.md @@ -17,7 +17,7 @@ parent = "smn_cli" optionally tag it. -c, --change=[] Apply specified Dockerfile instructions while importing the image - --help=false Print usage + --help Print usage -m, --message= Set commit message for imported image You can specify a `URL` or `-` (dash) to take data directly from `STDIN`. The diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index f489a9b778..c776ced583 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -15,7 +15,7 @@ parent = "smn_cli" Display system-wide information - --help=false Print usage + --help Print usage For example: diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 31a34b20be..434f98989f 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -15,10 +15,10 @@ parent = "smn_cli" Return low-level information on a container or image -f, --format="" Format the output using the given go template - --help=false Print usage + --help Print usage --type=container|image Return JSON for specified type, permissible values are "image" or "container" - -s, --size=false Display total file sizes if the type is container + -s, --size Display total file sizes if the type is container By default, this will render all results in a JSON array. If a format is specified, the given template will be executed for each result. diff --git a/docs/reference/commandline/kill.md b/docs/reference/commandline/kill.md index dabbabbe77..6f20258707 100644 --- a/docs/reference/commandline/kill.md +++ b/docs/reference/commandline/kill.md @@ -14,7 +14,7 @@ parent = "smn_cli" Kill a running container using SIGKILL or a specified signal - --help=false Print usage + --help Print usage -s, --signal="KILL" Signal to send to the container The main process inside the container will be sent `SIGKILL`, or any diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index 3a183f38e2..c2536fbdbf 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -14,7 +14,7 @@ parent = "smn_cli" Load an image from a tar archive or STDIN - --help=false Print usage + --help Print usage -i, --input="" Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz Loads a tarred repository from a file or the standard input stream. diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index c6e367c478..b79c18b2c6 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -16,7 +16,7 @@ parent = "smn_cli" specified "https://index.docker.io/v1/" is the default. -e, --email="" Email - --help=false Print usage + --help Print usage -p, --password="" Password -u, --username="" Username diff --git a/docs/reference/commandline/logout.md b/docs/reference/commandline/logout.md index 36c85453f2..a3bb40c657 100644 --- a/docs/reference/commandline/logout.md +++ b/docs/reference/commandline/logout.md @@ -15,7 +15,7 @@ parent = "smn_cli" Log out from a Docker registry, if no server is specified "https://index.docker.io/v1/" is the default. - --help=false Print usage + --help Print usage For example: diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index 601c475bd4..91558ffa63 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -14,10 +14,10 @@ parent = "smn_cli" Fetch the logs of a container - -f, --follow=false Follow log output - --help=false Print usage + -f, --follow Follow log output + --help Print usage --since="" Show logs since timestamp - -t, --timestamps=false Show timestamps + -t, --timestamps Show timestamps --tail="all" Number of lines to show from the end of the logs > **Note**: this command is available only for containers with `json-file` and diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index b3b5773457..ab78bf9d5c 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -14,7 +14,7 @@ parent = "smn_cli" Connects a container to a network - --help=false Print usage + --help Print usage Connects a running container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index bdaafb4b5f..0a9ac6f19c 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -17,7 +17,7 @@ parent = "smn_cli" --aux-address=map[] Auxiliary ipv4 or ipv6 addresses used by network driver -d --driver=DRIVER Driver to manage the Network bridge or overlay. The default is bridge. --gateway=[] ipv4 or ipv6 Gateway for the master subnet - --help=false Print usage + --help Print usage --ip-range=[] Allocate container ip from a sub-range --ipam-driver=default IP Address Management Driver -o --opt=map[] Set custom network plugin options diff --git a/docs/reference/commandline/network_disconnect.md b/docs/reference/commandline/network_disconnect.md index bbb351d24f..7fb7a7c42e 100644 --- a/docs/reference/commandline/network_disconnect.md +++ b/docs/reference/commandline/network_disconnect.md @@ -14,7 +14,7 @@ parent = "smn_cli" Disconnects a container from a network - --help=false Print usage + --help Print usage Disconnects a container from a network. The container must be running to disconnect it from the network. diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 0f6342f514..00b886d766 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -15,7 +15,7 @@ parent = "smn_cli" Displays detailed information on a network -f, --format= Format the output using the given go template. - --help=false Print usage + --help Print usage Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to a network: diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index b5ddbf4091..06733cd3ca 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -14,9 +14,9 @@ parent = "smn_cli" Lists all the networks created by the user -f, --filter=[] Filter output based on conditions provided - --help=false Print usage - --no-trunc=false Do not truncate the output - -q, --quiet=false Only display numeric IDs + --help Print usage + --no-trunc Do not truncate the output + -q, --quiet Only display numeric IDs Lists all the networks the Engine `daemon` knows about. This includes the networks that span across multiple hosts in a cluster, for example: diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index 14e74717e0..516eb4ecfc 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -14,7 +14,7 @@ parent = "smn_cli" Deletes one or more networks - --help=false Print usage + --help Print usage Removes one or more networks by name or identifier. To remove a network, you must first disconnect any containers connected to it. diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index 0e109478d9..36d5416f49 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -14,7 +14,7 @@ parent = "smn_cli" Pause all processes within a container - --help=false Print usage + --help Print usage The `docker pause` command uses the cgroups freezer to suspend all processes in a container. Traditionally, when suspending a process the `SIGSTOP` signal is diff --git a/docs/reference/commandline/port.md b/docs/reference/commandline/port.md index 9fd6e8870b..606969a170 100644 --- a/docs/reference/commandline/port.md +++ b/docs/reference/commandline/port.md @@ -15,7 +15,7 @@ parent = "smn_cli" List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT - --help=false Print usage + --help Print usage You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or just a specific mapping: diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 371a4bb091..213648f1db 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -14,15 +14,15 @@ parent = "smn_cli" List containers - -a, --all=false Show all containers (default shows just running) + -a, --all Show all containers (default shows just running) -f, --filter=[] Filter output based on conditions provided --format=[] Pretty-print containers using a Go template - --help=false Print usage - -l, --latest=false Show the latest created container (includes all states) + --help Print usage + -l, --latest Show the latest created container (includes all states) -n=-1 Show n last created containers (includes all states) - --no-trunc=false Don't truncate output - -q, --quiet=false Only display numeric IDs - -s, --size=false Display total file sizes + --no-trunc Don't truncate output + -q, --quiet Only display numeric IDs + -s, --size Display total file sizes Running `docker ps --no-trunc` showing 2 linked containers. diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 460255ccd2..02e0302aa5 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -14,9 +14,9 @@ parent = "smn_cli" Pull an image or a repository from the registry - -a, --all-tags=false Download all tagged images in the repository + -a, --all-tags Download all tagged images in the repository --disable-content-trust=true Skip image verification - --help=false Print usage + --help Print usage Most of your images will be created on top of a base image from the [Docker Hub](https://hub.docker.com) registry. diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index c26169eb92..315d3ce376 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -15,7 +15,7 @@ parent = "smn_cli" Push an image or a repository to the registry --disable-content-trust=true Skip image signing - --help=false Print usage + --help Print usage Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) registry or to a self-hosted one. diff --git a/docs/reference/commandline/rename.md b/docs/reference/commandline/rename.md index 667e0d84d9..3e2b370387 100644 --- a/docs/reference/commandline/rename.md +++ b/docs/reference/commandline/rename.md @@ -14,6 +14,6 @@ parent = "smn_cli" Rename a container - --help=false Print usage + --help Print usage The `docker rename` command allows the container to be renamed to a different name. diff --git a/docs/reference/commandline/restart.md b/docs/reference/commandline/restart.md index 61292d3a59..5e6633c8cf 100644 --- a/docs/reference/commandline/restart.md +++ b/docs/reference/commandline/restart.md @@ -14,5 +14,5 @@ parent = "smn_cli" Restart a container - --help=false Print usage + --help Print usage -t, --time=10 Seconds to wait for stop before killing the container diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index 943343a9a9..3664f98ccd 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -14,10 +14,10 @@ parent = "smn_cli" Remove one or more containers - -f, --force=false Force the removal of a running container (uses SIGKILL) - --help=false Print usage - -l, --link=false Remove the specified link - -v, --volumes=false Remove the volumes associated with the container + -f, --force Force the removal of a running container (uses SIGKILL) + --help Print usage + -l, --link Remove the specified link + -v, --volumes Remove the volumes associated with the container ## Examples diff --git a/docs/reference/commandline/rmi.md b/docs/reference/commandline/rmi.md index 09cffd0d29..69e8ef892f 100644 --- a/docs/reference/commandline/rmi.md +++ b/docs/reference/commandline/rmi.md @@ -14,9 +14,9 @@ parent = "smn_cli" Remove one or more images - -f, --force=false Force removal of the image - --help=false Print usage - --no-prune=false Do not delete untagged parents + -f, --force Force removal of the image + --help Print usage + --no-prune Do not delete untagged parents You can remove an image using its short or long ID, its tag, or its digest. If an image has one or more tag or digest reference, you must remove all of them diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 0aacf894dd..89243c6bf3 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -27,7 +27,7 @@ parent = "smn_cli" --cpu-quota=0 Limit CPU CFS (Completely Fair Scheduler) quota --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) - -d, --detach=false Run container in background and print container ID + -d, --detach Run container in background and print container ID --device=[] Add a host device to the container --device-read-bps=[] Limit read rate (bytes per second) from a device (e.g., --device-read-bps=/dev/sda:1mb) --device-read-iops=[] Limit read rate (IO per second) from a device (e.g., --device-read-iops=/dev/sda:1000) @@ -43,8 +43,8 @@ parent = "smn_cli" --expose=[] Expose a port or a range of ports --group-add=[] Add additional groups to run as -h, --hostname="" Container host name - --help=false Print usage - -i, --interactive=false Keep STDIN open even if not attached + --help Print usage + -i, --interactive Keep STDIN open even if not attached --ipc="" IPC namespace to use --isolation="" Container isolation technology --kernel-memory="" Kernel memory limit @@ -65,20 +65,20 @@ parent = "smn_cli" 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network - --oom-kill-disable=false Whether to disable OOM Killer for the container or not + --oom-kill-disable Whether to disable OOM Killer for the container or not --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) - -P, --publish-all=false Publish all exposed ports to random ports + -P, --publish-all Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --pid="" PID namespace to use - --privileged=false Give extended privileges to this container - --read-only=false Mount the container's root filesystem as read only + --privileged Give extended privileges to this container + --read-only Mount the container's root filesystem as read only --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) - --rm=false Automatically remove the container when it exits + --rm Automatically remove the container when it exits --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. --security-opt=[] Security Options --sig-proxy=true Proxy received signals to the process --stop-signal="SIGTERM" Signal to stop a container - -t, --tty=false Allocate a pseudo-TTY + -t, --tty Allocate a pseudo-TTY -u, --user="" Username or UID (format: [:]) --ulimit=[] Ulimit options --uts="" UTS namespace to use diff --git a/docs/reference/commandline/save.md b/docs/reference/commandline/save.md index d384e81507..864d06cf4f 100644 --- a/docs/reference/commandline/save.md +++ b/docs/reference/commandline/save.md @@ -14,7 +14,7 @@ parent = "smn_cli" Save an image(s) to a tar archive (streamed to STDOUT by default) - --help=false Print usage + --help Print usage -o, --output="" Write to a file, instead of STDOUT Produces a tarred repository to the standard output stream. diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index d9ddb47c50..beb4ef0a49 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -14,9 +14,9 @@ parent = "smn_cli" Search the Docker Hub for images - --automated=false Only show automated builds - --help=false Print usage - --no-trunc=false Don't truncate output + --automated Only show automated builds + --help Print usage + --no-trunc Don't truncate output -s, --stars=0 Only displays with at least x stars Search [Docker Hub](https://hub.docker.com) for images diff --git a/docs/reference/commandline/start.md b/docs/reference/commandline/start.md index 31365a91fc..6e1b1d67ba 100644 --- a/docs/reference/commandline/start.md +++ b/docs/reference/commandline/start.md @@ -14,6 +14,6 @@ parent = "smn_cli" Start one or more containers - -a, --attach=false Attach STDOUT/STDERR and forward signals - --help=false Print usage - -i, --interactive=false Attach container's STDIN + -a, --attach Attach STDOUT/STDERR and forward signals + --help Print usage + -i, --interactive Attach container's STDIN diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index 18683e1157..b3a2ed6224 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -14,9 +14,9 @@ parent = "smn_cli" Display a live stream of one or more containers' resource usage statistics - -a, --all=false Show all containers (default shows just running) - --help=false Print usage - --no-stream=false Disable streaming stats and only pull the first result + -a, --all Show all containers (default shows just running) + --help Print usage + --no-stream Disable streaming stats and only pull the first result The `docker stats` command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data. diff --git a/docs/reference/commandline/stop.md b/docs/reference/commandline/stop.md index 04b498e1d4..1fb376eaf7 100644 --- a/docs/reference/commandline/stop.md +++ b/docs/reference/commandline/stop.md @@ -15,7 +15,7 @@ parent = "smn_cli" Stop a container by sending SIGTERM and then SIGKILL after a grace period - --help=false Print usage + --help Print usage -t, --time=10 Seconds to wait for stop before killing it The main process inside the container will receive `SIGTERM`, and after a grace diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 83d237c77c..c1ca5aa18d 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -14,7 +14,7 @@ parent = "smn_cli" Tag an image into a repository - --help=false Print usage + --help Print usage You can group your images together using names and tags, and then upload them to [*Share Images via Repositories*](../../userguide/dockerrepos.md#contributing-to-docker-hub). diff --git a/docs/reference/commandline/top.md b/docs/reference/commandline/top.md index 3c78f6ae45..2bff2fdb47 100644 --- a/docs/reference/commandline/top.md +++ b/docs/reference/commandline/top.md @@ -14,4 +14,4 @@ parent = "smn_cli" Display the running processes of a container - --help=false Print usage + --help Print usage diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index 73248d4580..641e37718a 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -14,7 +14,7 @@ parent = "smn_cli" Unpause all processes within a container - --help=false Print usage + --help Print usage The `docker unpause` command uses the cgroups freezer to un-suspend all processes in a container. diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index 16b947ed25..14fac17e29 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -15,7 +15,7 @@ parent = "smn_cli" Show the Docker version information. -f, --format="" Format the output using the given go template - --help=false Print usage + --help Print usage By default, this will render all version information in an easy to read layout. If a format is specified, the given template will be executed instead. diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index b484724ffb..744cfd1ffa 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -15,7 +15,7 @@ parent = "smn_cli" Create a volume -d, --driver=local Specify volume driver name - --help=false Print usage + --help Print usage --name= Specify volume name -o, --opt=map[] Set driver specific options diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 3912cce867..519f80c23e 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -15,7 +15,7 @@ parent = "smn_cli" Inspect one or more volumes -f, --format= Format the output using the given go template. - --help=false Print usage + --help Print usage Returns information about a volume. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 3368866e10..3361959439 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -15,8 +15,8 @@ parent = "smn_cli" List volumes -f, --filter=[] Provide filter values (i.e. 'dangling=true') - --help=false Print usage - -q, --quiet=false Only display volume names + --help Print usage + -q, --quiet Only display volume names Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. The filtering format is a `key=value` pair. To specify more than one filter, pass multiple flags (for example, `--filter "foo=bar" --filter "bif=baz"`) diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index 31ecc31fd9..495e746553 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -14,7 +14,7 @@ parent = "smn_cli" Remove a volume - --help=false Print usage + --help Print usage Removes one or more volumes. You cannot remove a volume that is in use by a container. diff --git a/docs/reference/commandline/wait.md b/docs/reference/commandline/wait.md index cd91c0dded..5cd9a7b9f6 100644 --- a/docs/reference/commandline/wait.md +++ b/docs/reference/commandline/wait.md @@ -14,4 +14,4 @@ parent = "smn_cli" Block until a container stops, then print its exit code. - --help=false Print usage + --help Print usage diff --git a/docs/reference/run.md b/docs/reference/run.md index 2689108fa8..53ab5ea350 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -123,9 +123,9 @@ pretend to be a TTY (this is what most command line executables expect) and pass along signals. All of that is configurable: -a=[] : Attach to `STDIN`, `STDOUT` and/or `STDERR` - -t=false : Allocate a pseudo-tty + -t : Allocate a pseudo-tty --sig-proxy=true: Proxy all received signals to the process (non-TTY mode only) - -i=false : Keep STDIN open even if not attached + -i : Keep STDIN open even if not attached If you do not specify `-a` then Docker will [attach all standard streams]( https://github.com/docker/docker/blob/75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). @@ -1239,7 +1239,7 @@ The following `run` command options work with container networking: --expose=[]: Expose a port or a range of ports inside the container. These are additional to those exposed by the `EXPOSE` instruction - -P=false : Publish all exposed ports to the host interfaces + -P : Publish all exposed ports to the host interfaces -p=[] : Publish a container᾿s port or a range of ports to the host format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort Both hostPort and containerPort can be specified as a diff --git a/man/docker-attach.1.md b/man/docker-attach.1.md index 96fb3756a3..260593201f 100644 --- a/man/docker-attach.1.md +++ b/man/docker-attach.1.md @@ -7,7 +7,7 @@ docker-attach - Attach to a running container # SYNOPSIS **docker attach** [**--help**] -[**--no-stdin**[=*false*]] +[**--no-stdin**] [**--sig-proxy**[=*true*]] CONTAINER diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 52451c1d75..3decabe174 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -11,11 +11,11 @@ docker-build - Build a new image from the source code at PATH [**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] -[**--force-rm**[=*false*]] +[**--force-rm**] [**--isolation**[=*default*]] -[**--no-cache**[=*false*]] -[**--pull**[=*false*]] -[**-q**|**--quiet**[=*false*]] +[**--no-cache**] +[**--pull**] +[**-q**|**--quiet**] [**--rm**[=*true*]] [**-t**|**--tag**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] diff --git a/man/docker-create.1.md b/man/docker-create.1.md index d473a624e9..f35571a356 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -34,7 +34,7 @@ docker-create - Create a new container [**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] -[**-i**|**--interactive**[=*false*]] +[**-i**|**--interactive**] [**--ipc**[=*IPC*]] [**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] @@ -50,18 +50,18 @@ docker-create - Create a new container [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] -[**--oom-kill-disable**[=*false*]] +[**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] -[**-P**|**--publish-all**[=*false*]] +[**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] -[**--privileged**[=*false*]] -[**--read-only**[=*false*]] +[**--privileged**] +[**--read-only**] [**--restart**[=*RESTART*]] [**--security-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] -[**-t**|**--tty**[=*false*]] +[**-t**|**--tty**] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index f06a05e92b..904ae428ab 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -13,11 +13,11 @@ docker-daemon - Enable daemon mode [**--cluster-store**[=*[]*]] [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] -[**-D**|**--debug**[=*false*]] +[**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] [**--default-ulimit**[=*[]*]] -[**--disable-legacy-registry**[=*false*]] +[**--disable-legacy-registry**] [**--dns**[=*[]*]] [**--dns-opt**[=*[]*]] [**--dns-search**[=*[]*]] @@ -35,7 +35,7 @@ docker-daemon - Enable daemon mode [**--ip-forward**[=*true*]] [**--ip-masq**[=*true*]] [**--iptables**[=*true*]] -[**--ipv6**[=*false*]] +[**--ipv6**] [**-l**|**--log-level**[=*info*]] [**--label**[=*[]*]] [**--log-driver**[=*json-file*]] @@ -44,13 +44,13 @@ docker-daemon - Enable daemon mode [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] -[**--selinux-enabled**[=*false*]] +[**--selinux-enabled**] [**--storage-opt**[=*[]*]] -[**--tls**[=*false*]] +[**--tls**] [**--tlscacert**[=*~/.docker/ca.pem*]] [**--tlscert**[=*~/.docker/cert.pem*]] [**--tlskey**[=*~/.docker/key.pem*]] -[**--tlsverify**[=*false*]] +[**--tlsverify**] [**--userland-proxy**[=*true*]] # DESCRIPTION diff --git a/man/docker-exec.1.md b/man/docker-exec.1.md index 5cfdb5434b..388fe81b2c 100644 --- a/man/docker-exec.1.md +++ b/man/docker-exec.1.md @@ -6,11 +6,11 @@ docker-exec - Run a command in a running container # SYNOPSIS **docker exec** -[**-d**|**--detach**[=*false*]] +[**-d**|**--detach**] [**--help**] -[**-i**|**--interactive**[=*false*]] -[**--privileged**[=*false*]] -[**-t**|**--tty**[=*false*]] +[**-i**|**--interactive**] +[**--privileged**] +[**-t**|**--tty**] [**-u**|**--user**[=*USER*]] CONTAINER COMMAND [ARG...] diff --git a/man/docker-history.1.md b/man/docker-history.1.md index 247d6503ee..91edefe25f 100644 --- a/man/docker-history.1.md +++ b/man/docker-history.1.md @@ -8,8 +8,8 @@ docker-history - Show the history of an image **docker history** [**--help**] [**-H**|**--human**[=*true*]] -[**--no-trunc**[=*false*]] -[**-q**|**--quiet**[=*false*]] +[**--no-trunc**] +[**-q**|**--quiet**] IMAGE # DESCRIPTION diff --git a/man/docker-images.1.md b/man/docker-images.1.md index 921a141684..75355ac5c0 100644 --- a/man/docker-images.1.md +++ b/man/docker-images.1.md @@ -7,11 +7,11 @@ docker-images - List images # SYNOPSIS **docker images** [**--help**] -[**-a**|**--all**[=*false*]] -[**--digests**[=*false*]] +[**-a**|**--all**] +[**--digests**] [**-f**|**--filter**[=*[]*]] -[**--no-trunc**[=*false*]] -[**-q**|**--quiet**[=*false*]] +[**--no-trunc**] +[**-q**|**--quiet**] [REPOSITORY[:TAG]] # DESCRIPTION diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index c2e32cfd67..81f48ceedf 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -8,7 +8,7 @@ docker-inspect - Return low-level information on a container or image **docker inspect** [**--help**] [**-f**|**--format**[=*FORMAT*]] -[**-s**|**--size**[=*false*]] +[**-s**|**--size**] [**--type**=*container*|*image*] CONTAINER|IMAGE [CONTAINER|IMAGE...] @@ -26,7 +26,7 @@ each result. **-f**, **--format**="" Format the output using the given Go template. -**-s**, **--size**=*false* +**-s**, **--size** Display total file sizes if the type is container. **--type**="*container*|*image*" diff --git a/man/docker-logs.1.md b/man/docker-logs.1.md index 7374e6cd48..21501dc51d 100644 --- a/man/docker-logs.1.md +++ b/man/docker-logs.1.md @@ -6,10 +6,10 @@ docker-logs - Fetch the logs of a container # SYNOPSIS **docker logs** -[**-f**|**--follow**[=*false*]] +[**-f**|**--follow**] [**--help**] [**--since**[=*SINCE*]] -[**-t**|**--timestamps**[=*false*]] +[**-t**|**--timestamps**] [**--tail**[=*"all"*]] CONTAINER diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index 82a4ea20d5..770cd26498 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -6,15 +6,15 @@ docker-ps - List containers # SYNOPSIS **docker ps** -[**-a**|**--all**[=*false*]] +[**-a**|**--all**] [**-f**|**--filter**[=*[]*]] [**--format**=*"TEMPLATE"*] [**--help**] -[**-l**|**--latest**[=*false*]] +[**-l**|**--latest**] [**-n**[=*-1*]] -[**--no-trunc**[=*false*]] -[**-q**|**--quiet**[=*false*]] -[**-s**|**--size**[=*false*]] +[**--no-trunc**] +[**-q**|**--quiet**] +[**-s**|**--size**] # DESCRIPTION diff --git a/man/docker-pull.1.md b/man/docker-pull.1.md index c4359fbdad..9e0e2ca818 100644 --- a/man/docker-pull.1.md +++ b/man/docker-pull.1.md @@ -6,7 +6,7 @@ docker-pull - Pull an image or a repository from a registry # SYNOPSIS **docker pull** -[**-a**|**--all-tags**[=*false*]] +[**-a**|**--all-tags**] [**--help**] NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] diff --git a/man/docker-rm.1.md b/man/docker-rm.1.md index af73b804c9..d99c1d836b 100644 --- a/man/docker-rm.1.md +++ b/man/docker-rm.1.md @@ -6,9 +6,9 @@ docker-rm - Remove one or more containers # SYNOPSIS **docker rm** -[**-f**|**--force**[=*false*]] -[**-l**|**--link**[=*false*]] -[**-v**|**--volumes**[=*false*]] +[**-f**|**--force**] +[**-l**|**--link**] +[**-v**|**--volumes**] CONTAINER [CONTAINER...] # DESCRIPTION diff --git a/man/docker-rmi.1.md b/man/docker-rmi.1.md index 01dc64f52a..35bf8aac6a 100644 --- a/man/docker-rmi.1.md +++ b/man/docker-rmi.1.md @@ -6,9 +6,9 @@ docker-rmi - Remove one or more images # SYNOPSIS **docker rmi** -[**-f**|**--force**[=*false*]] +[**-f**|**--force**] [**--help**] -[**--no-prune**[=*false*]] +[**--no-prune**] IMAGE [IMAGE...] # DESCRIPTION diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 17c6e3268b..e963d5277e 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -19,7 +19,7 @@ docker-run - Run a command in a new container [**--cpu-quota**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] -[**-d**|**--detach**[=*false*]] +[**-d**|**--detach**] [**--device**[=*[]*]] [**--device-read-bps**[=*[]*]] [**--device-read-iops**[=*[]*]] @@ -35,7 +35,7 @@ docker-run - Run a command in a new container [**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] -[**-i**|**--interactive**[=*false*]] +[**-i**|**--interactive**] [**--ipc**[=*IPC*]] [**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] @@ -51,20 +51,20 @@ docker-run - Run a command in a new container [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] -[**--oom-kill-disable**[=*false*]] +[**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] -[**-P**|**--publish-all**[=*false*]] +[**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] -[**--privileged**[=*false*]] -[**--read-only**[=*false*]] +[**--privileged**] +[**--read-only**] [**--restart**[=*RESTART*]] -[**--rm**[=*false*]] +[**--rm**] [**--security-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] -[**-t**|**--tty**[=*false*]] +[**-t**|**--tty**] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] [**--ulimit**[=*[]*]] diff --git a/man/docker-search.1.md b/man/docker-search.1.md index 0b205f4bee..a95c023773 100644 --- a/man/docker-search.1.md +++ b/man/docker-search.1.md @@ -6,9 +6,9 @@ docker-search - Search the Docker Hub for images # SYNOPSIS **docker search** -[**--automated**[=*false*]] +[**--automated**] [**--help**] -[**--no-trunc**[=*false*]] +[**--no-trunc**] [**-s**|**--stars**[=*0*]] TERM diff --git a/man/docker-start.1.md b/man/docker-start.1.md index 2e1191b095..678f687f86 100644 --- a/man/docker-start.1.md +++ b/man/docker-start.1.md @@ -6,9 +6,9 @@ docker-start - Start one or more containers # SYNOPSIS **docker start** -[**-a**|**--attach**[=*false*]] +[**-a**|**--attach**] [**--help**] -[**-i**|**--interactive**[=*false*]] +[**-i**|**--interactive**] CONTAINER [CONTAINER...] # DESCRIPTION diff --git a/man/docker-stats.1.md b/man/docker-stats.1.md index 543a888378..c7fa7d504f 100644 --- a/man/docker-stats.1.md +++ b/man/docker-stats.1.md @@ -6,9 +6,9 @@ docker-stats - Display a live stream of one or more containers' resource usage s # SYNOPSIS **docker stats** -[**-a**|**--all**[=*false*]] +[**-a**|**--all**] [**--help**] -[**--no-stream**[=*false*]] +[**--no-stream**] [CONTAINER...] # DESCRIPTION From 3f4441816819441b96b8608b2a4ba5df9d9ace01 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Mon, 28 Dec 2015 19:19:26 +0800 Subject: [PATCH 1073/2538] Implemet docker update command It's used for updating properties of one or more containers, we only support resource configs for now. It can be extended in the future. Signed-off-by: Qiang Huang --- docs/reference/commandline/index.md | 1 + docs/reference/commandline/update.md | 61 ++++++++++++++++++ man/docker-update.1.md | 93 ++++++++++++++++++++++++++++ 3 files changed, 155 insertions(+) create mode 100644 docs/reference/commandline/update.md create mode 100644 man/docker-update.1.md diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 21d669a73a..775c327700 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -59,6 +59,7 @@ You start the Docker daemon with the command line. How you start the daemon affe * [stop](stop.md) * [top](top.md) * [unpause](unpause.md) +* [update](update.md) * [wait](wait.md) ### Hub and registry commands diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md new file mode 100644 index 0000000000..c1efea57ba --- /dev/null +++ b/docs/reference/commandline/update.md @@ -0,0 +1,61 @@ + + +## update + + Usage: docker update [OPTIONS] CONTAINER [CONTAINER...] + + Updates container resource limits + + --help=false Print usage + --blkio-weight=0 Block IO (relative weight), between 10 and 1000 + --cpu-shares=0 CPU shares (relative weight) + --cpu-period=0 Limit the CPU CFS (Completely Fair Scheduler) period + --cpu-quota=0 Limit the CPU CFS (Completely Fair Scheduler) quota + --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) + -m, --memory="" Memory limit + --memory-reservation="" Memory soft limit + --memory-swap="" Total memory (memory + swap), '-1' to disable swap + --kernel-memory="" Kernel memory limit: container must be stopped + +The `docker update` command dynamically updates container resources. Use this +command to prevent containers from consuming too many resources from their +Docker host. With a single command, you can place limits on a single +container or on many. To specify more than one container, provide +space-separated list of container names or IDs. + +With the exception of the `--kernel-memory` value, you can specify these +options on a running or a stopped container. You can only update +`--kernel-memory` on a stopped container. When you run `docker update` on +stopped container, the next time you restart it, the container uses those +values. + +## EXAMPLES + +The following sections illustrate ways to use this command. + +### Update a container with cpu-shares=512 + +To limit a container's cpu-shares to 512, first identify the container +name or ID. You can use **docker ps** to find these values. You can also +use the ID returned from the **docker run** command. Then, do the following: + +```bash +$ docker update --cpu-shares 512 abebf7571666 +``` + +### Update a container with cpu-shares and memory + +To update multiple resource configurations for multiple containers: + +```bash +$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse +``` diff --git a/man/docker-update.1.md b/man/docker-update.1.md new file mode 100644 index 0000000000..a49fbd83d3 --- /dev/null +++ b/man/docker-update.1.md @@ -0,0 +1,93 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% JUNE 2014 +# NAME +docker-update - Update resource configs of one or more containers + +# SYNOPSIS +**docker update** +[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] +[**--cpu-shares**[=*0*]] +[**--cpu-period**[=*0*]] +[**--cpu-quota**[=*0*]] +[**--cpuset-cpus**[=*CPUSET-CPUS*]] +[**--cpuset-mems**[=*CPUSET-MEMS*]] +[**--help**] +[**--kernel-memory**[=*KERNEL-MEMORY*]] +[**-m**|**--memory**[=*MEMORY*]] +[**--memory-reservation**[=*MEMORY-RESERVATION*]] +[**--memory-swap**[=*MEMORY-SWAP*]] +CONTAINER [CONTAINER...] + +# DESCRIPTION + +The `docker update` command dynamically updates container resources. Use this +command to prevent containers from consuming too many resources from their +Docker host. With a single command, you can place limits on a single +container or on many. To specify more than one container, provide +space-separated list of container names or IDs. + +With the exception of the `--kernel-memory` value, you can specify these +options on a running or a stopped container. You can only update +`--kernel-memory` on a stopped container. When you run `docker update` on +stopped container, the next time you restart it, the container uses those +values. + +# OPTIONS +**--blkio-weight**=0 + Block IO weight (relative weight) accepts a weight value between 10 and 1000. + +**--cpu-shares**=0 + CPU shares (relative weight) + +**--cpu-period**=0 + Limit the CPU CFS (Completely Fair Scheduler) period + +**--cpu-quota**=0 + Limit the CPU CFS (Completely Fair Scheduler) quota + +**--cpuset-cpus**="" + CPUs in which to allow execution (0-3, 0,1) + +**--cpuset-mems**="" + Memory nodes(MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. + +**--help** + Print usage statement + +**--kernel-memory**="" + Kernel memory limit (format: `[]`, where unit = b, k, m or g) + + Note that you can not update kernel memory to a running container, it can only +be updated to a stopped container, and affect after it's started. + +**-m**, **--memory**="" + Memory limit (format: , where unit = b, k, m or g) + +**--memory-reservation**="" + Memory soft limit (format: [], where unit = b, k, m or g) + +**--memory-swap**="" + Total memory limit (memory + swap) + +# EXAMPLES + +The following sections illustrate ways to use this command. + +### Update a container with cpu-shares=512 + +To limit a container's cpu-shares to 512, first identify the container +name or ID. You can use **docker ps** to find these values. You can also +use the ID returned from the **docker run** command. Then, do the following: + +```bash +$ docker update --cpu-shares 512 abebf7571666 +``` + +### Update a container with cpu-shares and memory + +To update multiple resource configurations for multiple containers: + +```bash +$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse +``` From c8195c7cd56e8fc8d0ff217151f675feaa42d326 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 27 Dec 2015 09:28:19 -0800 Subject: [PATCH 1074/2538] bash completion for `docker network ls --filter` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 60ae2c9bc7..b07f1cd341 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -160,6 +160,14 @@ __docker_complete_networks() { COMPREPLY=( $(compgen -W "$(__docker_networks)" -- "$cur") ) } +__docker_complete_network_ids() { + COMPREPLY=( $(compgen -W "$(__docker_q network ls -q --no-trunc)" -- "$cur") ) +} + +__docker_complete_network_names() { + COMPREPLY=( $(compgen -W "$(__docker_q network ls | awk 'NR>1 {print $2}')" -- "$cur") ) +} + __docker_complete_containers_in_network() { local containers=$(__docker_q network inspect -f '{{range $i, $c := .Containers}}{{$i}} {{$c.Name}} {{end}}' "$1") COMPREPLY=( $(compgen -W "$containers" -- "$cur") ) @@ -1182,14 +1190,33 @@ _docker_network_inspect() { _docker_network_ls() { case "$prev" in - -n) + --filter|-f) + COMPREPLY=( $( compgen -S = -W "id name type" -- "$cur" ) ) + __docker_nospace + return + ;; + esac + + case "${words[$cword-2]}$prev=" in + *id=*) + cur="${cur#=}" + __docker_complete_network_ids + return + ;; + *name=*) + cur="${cur#=}" + __docker_complete_network_names + return + ;; + *type=*) + COMPREPLY=( $( compgen -W "builtin custom" -- "${cur#=}" ) ) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --help --no-trunc --quiet -q" -- "$cur" ) ) ;; esac } From 2d406c40580f0868307cd2444109310a9a0e4aea Mon Sep 17 00:00:00 2001 From: Thomas Swift Date: Tue, 29 Dec 2015 17:06:02 -0500 Subject: [PATCH 1075/2538] Fix typo in daemon storage-driver docs Signed-off-by: Thomas Swift --- docs/reference/commandline/daemon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 1484b4e542..fbcf5583c3 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -157,7 +157,7 @@ The `btrfs` driver is very fast for `docker build` - but like `devicemapper` does not share executable memory between devices. Use `docker daemon -s btrfs -g /mnt/btrfs_partition`. -The `zfs` driver is probably not fast as `btrfs` but has a longer track record +The `zfs` driver is probably not as fast as `btrfs` but has a longer track record on stability. Thanks to `Single Copy ARC` shared blocks between clones will be cached only once. Use `docker daemon -s zfs`. To select a different zfs filesystem set `zfs.fsname` option as described in [Storage driver options](#storage-driver-options). From b87dd1342f3aa1be24ee81400a4468c38bf6b63e Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 30 Dec 2015 09:23:35 +0800 Subject: [PATCH 1076/2538] Fix docs for memory-swap Fixes: #18894 Signed-off-by: Qiang Huang --- docs/reference/commandline/build.md | 2 +- docs/reference/commandline/create.md | 2 +- docs/reference/commandline/run.md | 2 +- man/docker-build.1.md | 12 +++++++++--- man/docker-create.1.md | 13 ++++++++----- man/docker-run.1.md | 13 ++++++++----- 6 files changed, 28 insertions(+), 16 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index eab0cb7e31..adc94f53b7 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -27,7 +27,7 @@ parent = "smn_cli" --help Print usage --isolation="" Container isolation technology -m, --memory="" Memory limit for all build containers - --memory-swap="" Total memory (memory + swap), `-1` to disable swap + --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. --no-cache Do not use cache when building the image --pull Always attempt to pull a newer version of the image -q, --quiet Suppress the build output and print image ID on success diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index d6a9cc53d2..0a5e24790b 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -57,7 +57,7 @@ Creates a new container. -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --memory-reservation="" Memory soft limit - --memory-swap="" Total memory (memory + swap), '-1' to disable swap + --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --name="" Assign a name to the container --net="bridge" Connect a container to a network diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 89243c6bf3..c42ca23e58 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -56,7 +56,7 @@ parent = "smn_cli" -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) --memory-reservation="" Memory soft limit - --memory-swap="" Total memory (memory + swap), '-1' to disable swap + --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. --name="" Assign a name to the container --net="bridge" Connect a container to a network diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 3decabe174..91f15fe0d4 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -19,7 +19,7 @@ docker-build - Build a new image from the source code at PATH [**--rm**[=*true*]] [**-t**|**--tag**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] -[**--memory-swap**[=*MEMORY-SWAP*]] +[**--memory-swap**[=*LIMIT*]] [**--shm-size**[=*SHM-SIZE*]] [**--cpu-period**[=*0*]] [**--cpu-quota**[=*0*]] @@ -92,8 +92,14 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **-m**, **--memory**=*MEMORY* Memory limit -**--memory-swap**=*MEMORY-SWAP* - Total memory (memory + swap), '-1' to disable swap. +**--memory-swap**=*LIMIT* + A limit value equal to memory plus swap. Must be used with the **-m** +(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** +(**--memory**) value. + + The format of `LIMIT` is `[]`. Unit can be `b` (bytes), +`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a +unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--shm-size**=*SHM-SIZE* Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. diff --git a/man/docker-create.1.md b/man/docker-create.1.md index f35571a356..f0499e60f9 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -46,7 +46,7 @@ docker-create - Create a new container [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] -[**--memory-swap**[=*MEMORY-SWAP*]] +[**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] @@ -230,11 +230,14 @@ reservation. So you should always set the value below **--memory**, otherwise th hard limit will take precedence. By default, memory reservation will be the same as memory limit. -**--memory-swap**="" - Total memory limit (memory + swap) +**--memory-swap**="LIMIT" + A limit value equal to memory plus swap. Must be used with the **-m** +(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** +(**--memory**) value. - Set `-1` to disable swap (format: [], where unit = b, k, m or g). -This value should always larger than **-m**, so you should always use this with **-m**. + The format of `LIMIT` is `[]`. Unit can be `b` (bytes), +`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a +unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--memory-swappiness**="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index e963d5277e..6d787295ec 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -47,7 +47,7 @@ docker-run - Run a command in a new container [**-m**|**--memory**[=*MEMORY*]] [**--mac-address**[=*MAC-ADDRESS*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] -[**--memory-swap**[=*MEMORY-SWAP*]] +[**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] @@ -327,11 +327,14 @@ reservation. So you should always set the value below **--memory**, otherwise th hard limit will take precedence. By default, memory reservation will be the same as memory limit. -**--memory-swap**="" - Total memory limit (memory + swap) +**--memory-swap**="LIMIT" + A limit value equal to memory plus swap. Must be used with the **-m** +(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** +(**--memory**) value. - Set `-1` to disable swap (format: [], where unit = b, k, m or g). -This value should always larger than **-m**, so you should always use this with **-m**. + The format of `LIMIT` is `[]`. Unit can be `b` (bytes), +`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a +unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--mac-address**="" Container MAC address (e.g. 92:d0:c6:0a:29:33) From 6bfda2dbbcb7d60b672ee727dc219f66803611a8 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Mon, 28 Dec 2015 16:29:39 +0800 Subject: [PATCH 1077/2538] Update integration tests when container and image have same name Signed-off-by: Wen Cheng Ma --- docs/reference/commandline/inspect.md | 5 +++-- man/docker-inspect.1.md | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 434f98989f..995388c8f1 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -20,8 +20,9 @@ parent = "smn_cli" values are "image" or "container" -s, --size Display total file sizes if the type is container -By default, this will render all results in a JSON array. If a format is -specified, the given template will be executed for each result. +By default, this will render all results in a JSON array. If the container and +image have the same name, this will return container JSON for unspecified type. +If a format is specified, the given template will be executed for each result. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 81f48ceedf..9babd569ac 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -16,8 +16,9 @@ CONTAINER|IMAGE [CONTAINER|IMAGE...] This displays all the information available in Docker for a given container or image. By default, this will render all results in a JSON -array. If a format is specified, the given template will be executed for -each result. +array. If the container and image have the same name, this will return +container JSON for unspecified type. If a format is specified, the given +template will be executed for each result. # OPTIONS **--help** From 9a63a5cdd6d2025407e6af102e724e87e243db28 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 2 Jan 2016 14:53:10 -0800 Subject: [PATCH 1078/2538] Compute plugin list in bash completion for `docker daemon --authz-plugin` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b07f1cd341..5db2891630 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -706,6 +706,10 @@ _docker_daemon() { " case "$prev" in + --authz-plugin) + __docker_complete_plugins Authorization + return + ;; --cluster-store) COMPREPLY=( $( compgen -W "consul etcd zk" -S "://" -- "$cur" ) ) __docker_nospace From 636ffcc0281769fe5980e73519477ca4f1236413 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Thu, 3 Dec 2015 15:16:53 +0800 Subject: [PATCH 1079/2538] Improvement for docker subcommand's help messages Signed-off-by: Wen Cheng Ma --- docs/reference/commandline/ps.md | 10 +++++++++- man/docker-ps.1.md | 19 +++++++++---------- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 213648f1db..432a9a31c4 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -15,7 +15,15 @@ parent = "smn_cli" List containers -a, --all Show all containers (default shows just running) - -f, --filter=[] Filter output based on conditions provided + -f, --filter=[] Filter output based on these conditions: + - exited= an exit code of + - label= or label== + - status=(created|restarting|running|paused|exited) + - name= a container's name + - id= a container's ID + - before=(|) + - since=(|) + - ancestor=([:tag]||) - containers created from an image or a descendant. --format=[] Pretty-print containers using a Go template --help Print usage -l, --latest Show the latest created container (includes all states) diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index 770cd26498..0d0cae5792 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -26,16 +26,15 @@ the running containers. Show all containers. Only running containers are shown by default. The default is *false*. **-f**, **--filter**=[] - Provide filter values. Valid filters: - exited= - containers with exit code of - label= or label== - status=(created|restarting|running|paused|exited) - name= - container's name - id= - container's ID - before=(|) - since=(|) - ancestor=([:tag]||) - filters containers that were - created from the given image or a descendant. + Filter output based on these conditions: + - exited= an exit code of + - label= or label== + - status=(created|restarting|running|paused|exited) + - name= a container's name + - id= a container's ID + - before=(|) + - since=(|) + - ancestor=([:tag]||) - containers created from an image or a descendant. **--format**="*TEMPLATE*" Pretty-print containers using a Go template. From 351710a2bb042370a4fe8a30d215455f0d8bf890 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sat, 2 Jan 2016 19:30:31 -0800 Subject: [PATCH 1080/2538] Creating a man page for the configuration file Signed-off-by: Mary Anthony Adding comments. Fixing bit in daemon Signed-off-by: Mary Anthony Arrrgggh Signed-off-by: Mary Anthony --- man/config-json.5.md | 72 ++++++++++++++++++++++++++++++++++++++++++ man/docker-daemon.8.md | 2 +- 2 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 man/config-json.5.md diff --git a/man/config-json.5.md b/man/config-json.5.md new file mode 100644 index 0000000000..af274c90a7 --- /dev/null +++ b/man/config-json.5.md @@ -0,0 +1,72 @@ +% CONFIG.JSON(5) Docker User Manuals +% Docker Community +% JANUARY 2016 +# NAME +HOME/.docker/confg.json - Default Docker configuration file + +# INTRODUCTION + +By default, the Docker command line stores its configuration files in a +directory called `.docker` within your `HOME` directory. Docker manages most of +the files in the configuration directory and you should not modify them. +However, you *can modify* the `config.json` file to control certain aspects of +how the `docker` command behaves. + +Currently, you can modify the `docker` command behavior using environment +variables or command-line options. You can also use options within +`config.json` to modify some of the same behavior. When using these +mechanisms, you must keep in mind the order of precedence among them. Command +line options override environment variables and environment variables override +properties you specify in a `config.json` file. + +The `config.json` file stores a JSON encoding of several properties: + +* The `HttpHeaders` property specifies a set of headers to include in all messages +sent from the Docker client to the daemon. Docker does not try to interpret or +understand these header; it simply puts them into the messages. Docker does not +allow these headers to change any headers it sets for itself. + +* The `psFormat` property specifies the default format for `docker ps` output. +When the `--format` flag is not provided with the `docker ps` command, +Docker's client uses this property. If this property is not set, the client +falls back to the default table format. For a list of supported formatting +directives, see **docker-ps(1)**. + +* The `detachKeys` property specifies the default key sequence which +detaches the container. When the `--detach-keys` flag is not provide +with the `docker attach`, `docker exec`, `docker run` or `docker +start`, Docker's client uses this property. If this property is not +set, the client falls back to the default sequence `ctrl-p,ctrl-q`. + + +* The `imagesFormat` property specifies the default format for `docker images` +output. When the `--format` flag is not provided with the `docker images` +command, Docker's client uses this property. If this property is not set, the +client falls back to the default table format. For a list of supported +formatting directives, see **docker-images(1)**. + +You can specify a different location for the configuration files via the +`DOCKER_CONFIG` environment variable or the `--config` command line option. If +both are specified, then the `--config` option overrides the `DOCKER_CONFIG` +environment variable: + + docker --config ~/testconfigs/ ps + +This command instructs Docker to use the configuration files in the +`~/testconfigs/` directory when running the `ps` command. + +## Examples + +Following is a sample `config.json` file: + + { + "HttpHeaders": { + "MyHeader": "MyValue" + }, + "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}", + "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", + "detachKeys": "ctrl-e,e" + } + +# HISTORY +January 2016, created by Moxiegirl diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 904ae428ab..466b80537c 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -1,4 +1,4 @@ -% DOCKER(1) Docker User Manuals +% DOCKER(8) Docker User Manuals % Shishir Mahajan % SEPTEMBER 2015 # NAME From 18eb9f2e64d7393f318188e09c4a472cb5c97f54 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sun, 3 Jan 2016 23:03:39 +0100 Subject: [PATCH 1081/2538] Implement configurable detach key Implement configurable detach keys (for `attach`, exec`, `run` and `start`) using the client-side configuration - Adds a `--detach-keys` flag to `attach`, `exec`, `run` and `start` commands. - Adds a new configuration field (in `~/.docker/config.json`) to configure the default escape keys for docker client. Signed-off-by: Vincent Demeester --- docs/reference/commandline/attach.md | 41 ++++++++++++++++++++++------ docs/reference/commandline/cli.md | 26 ++++++++++++++++-- docs/reference/commandline/exec.md | 1 + docs/reference/commandline/run.md | 1 + docs/reference/commandline/start.md | 1 + man/docker-attach.1.md | 37 ++++++++++++++++++++++--- man/docker-exec.1.md | 6 +++- man/docker-run.1.md | 10 +++++-- man/docker-start.1.md | 7 ++++- man/docker.1.md | 1 + 10 files changed, 112 insertions(+), 19 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 5712c92f51..124474bef2 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -14,9 +14,10 @@ parent = "smn_cli" Attach to a running container - --help Print usage - --no-stdin Do not attach STDIN - --sig-proxy=true Proxy all received signals to the process + --detach-keys="" Set up escape key sequence + --help Print usage + --no-stdin Do not attach STDIN + --sig-proxy=true Proxy all received signals to the process The `docker attach` command allows you to attach to a running container using the container's ID or name, either to view its ongoing output or to control it @@ -24,11 +25,10 @@ interactively. You can attach to the same contained process multiple times simultaneously, screen sharing style, or quickly view the progress of your detached process. -You can detach from the container and leave it running with `CTRL-p CTRL-q` -(for a quiet exit) or with `CTRL-c` if `--sig-proxy` is false. - -If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to the -container. +To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the +container. If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to +the container. You can detach from a container and leave it running using the +using `CTRL-p CTRL-q` key sequence. > **Note:** > A process running as PID 1 inside a container is treated specially by @@ -39,6 +39,31 @@ container. It is forbidden to redirect the standard input of a `docker attach` command while attaching to a tty-enabled container (i.e.: launched with `-t`). + +## Override the detach sequence + +If you want, you can configure a override the Docker key sequence for detach. +This is is useful if the Docker default sequence conflicts with key squence you +use for other applications. There are two ways to defines a your own detach key +sequence, as a per-container override or as a configuration property on your +entire configuration. + +To override the sequence for an individual container, use the +`--detach-keys=""` flag with the `docker attach` command. The format of +the `` is either a letter [a-Z], or the `ctrl-` combined with any of +the following: + +* `a-z` (a single lowercase alpha character ) +* `@` (ampersand) +* `[` (left bracket) +* `\\` (two backward slashes) +* `_` (underscore) +* `^` (caret) + +These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key +sequences. To configure a different configuration default key sequence for all +containers, see [**Configuration file** section](cli.md#configuration-files). + #### Examples $ docker run -d --name topdemo ubuntu /usr/bin/top -b diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 608cb1275a..e3773f7d63 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -101,7 +101,26 @@ The property `psFormat` specifies the default format for `docker ps` output. When the `--format` flag is not provided with the `docker ps` command, Docker's client uses this property. If this property is not set, the client falls back to the default table format. For a list of supported formatting -directives, see the [**Formatting** section in the `docker ps` documentation](ps.md) +directives, see the +[**Formatting** section in the `docker ps` documentation](ps.md) + +Once attached to a container, users detach from it and leave it running using +the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable +using the `detachKeys` property. Specify a `` value for the +property. The format of the `` is either a letter [a-Z], or the `ctrl-` +combined with any of the following: + +* `a-z` (a single lowercase alpha character ) +* `@` (ampersand) +* `[` (left bracket) +* `\\` (two backward slashes) +* `_` (underscore) +* `^` (caret) + +Your customization applies to all containers started in with your Docker client. +Users can override your custom or the default key sequence on a per-container +basis. To do this, the user specifies the `--detach-keys` flag with the `docker +attach`, `docker exec`, `docker run` or `docker start` command. The property `imagesFormat` specifies the default format for `docker images` output. When the `--format` flag is not provided with the `docker images` command, @@ -115,8 +134,9 @@ Following is a sample `config.json` file: "HttpHeaders": { "MyHeader": "MyValue" }, - "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}" - "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}" + "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}", + "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", + "detachKeys": "ctrl-e,e" } ### Notary diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index 971a2f2d67..80796a59c9 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -15,6 +15,7 @@ parent = "smn_cli" Run a command in a running container -d, --detach Detached mode: run command in the background + --detach-keys Specify the escape key sequence used to detach a container --help Print usage -i, --interactive Keep STDIN open even if not attached --privileged Give extended Linux capabilities to the command diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index c42ca23e58..3ea6ae5415 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -28,6 +28,7 @@ parent = "smn_cli" --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) -d, --detach Run container in background and print container ID + --detach-keys Specify the escape key sequence used to detach a container --device=[] Add a host device to the container --device-read-bps=[] Limit read rate (bytes per second) from a device (e.g., --device-read-bps=/dev/sda:1mb) --device-read-iops=[] Limit read rate (IO per second) from a device (e.g., --device-read-iops=/dev/sda:1000) diff --git a/docs/reference/commandline/start.md b/docs/reference/commandline/start.md index 6e1b1d67ba..156a2aae08 100644 --- a/docs/reference/commandline/start.md +++ b/docs/reference/commandline/start.md @@ -15,5 +15,6 @@ parent = "smn_cli" Start one or more containers -a, --attach Attach STDOUT/STDERR and forward signals + --detach-keys Specify the escape key sequence used to detach a container --help Print usage -i, --interactive Attach container's STDIN diff --git a/man/docker-attach.1.md b/man/docker-attach.1.md index 260593201f..adecceb37f 100644 --- a/man/docker-attach.1.md +++ b/man/docker-attach.1.md @@ -6,6 +6,7 @@ docker-attach - Attach to a running container # SYNOPSIS **docker attach** +[**--detach-keys**[=*[]*]] [**--help**] [**--no-stdin**] [**--sig-proxy**[=*true*]] @@ -18,15 +19,19 @@ interactively. You can attach to the same contained process multiple times simultaneously, screen sharing style, or quickly view the progress of your detached process. -You can detach from the container (and leave it running) with `CTRL-p CTRL-q` -(for a quiet exit) or `CTRL-c` which will send a `SIGKILL` to the container. -When you are attached to a container, and exit its main process, the process's -exit code will be returned to the client. +To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the +container. You can detach from the container (and leave it running) using a +configurable key sequence. The default sequence is `CTRL-p CTRL-q`. You +configure the key sequence using the **--detach-keys** option or a configuration +file. See **config-json(5)** for documentation on using a configuration file. It is forbidden to redirect the standard input of a `docker attach` command while attaching to a tty-enabled container (i.e.: launched with `-t`). # OPTIONS +**--detach-keys**="" + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. + **--help** Print usage statement @@ -36,6 +41,30 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). **--sig-proxy**=*true*|*false* Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*. +# Override the detach sequence + +If you want, you can configure a override the Docker key sequence for detach. +This is is useful if the Docker default sequence conflicts with key squence you +use for other applications. There are two ways to defines a your own detach key +sequence, as a per-container override or as a configuration property on your +entire configuration. + +To override the sequence for an individual container, use the +`--detach-keys=""` flag with the `docker attach` command. The format of +the `` is either a letter [a-Z], or the `ctrl-` combined with any of +the following: + +* `a-z` (a single lowercase alpha character ) +* `@` (ampersand) +* `[` (left bracket) +* `\\` (two backward slashes) +* `_` (underscore) +* `^` (caret) + +These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key +sequences. To configure a different configuration default key sequence for all +containers, see **docker(1)**. + # EXAMPLES ## Attaching to a container diff --git a/man/docker-exec.1.md b/man/docker-exec.1.md index 388fe81b2c..49f6dbc286 100644 --- a/man/docker-exec.1.md +++ b/man/docker-exec.1.md @@ -7,6 +7,7 @@ docker-exec - Run a command in a running container # SYNOPSIS **docker exec** [**-d**|**--detach**] +[**--detach-keys**[=*[]*]] [**--help**] [**-i**|**--interactive**] [**--privileged**] @@ -26,7 +27,10 @@ container is unpaused, and then run # OPTIONS **-d**, **--detach**=*true*|*false* - Detached mode: run command in the background. The default is *false*. + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. + +**--detach-keys**="" + Define the key sequence which detaches the container. **--help** Print usage statement diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 6d787295ec..71790d0aa6 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -20,6 +20,7 @@ docker-run - Run a command in a new container [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] [**-d**|**--detach**] +[**--detach-keys**[=*[]*]] [**--device**[=*[]*]] [**--device-read-bps**[=*[]*]] [**--device-read-iops**[=*[]*]] @@ -190,8 +191,13 @@ the other shell to view a list of the running containers. You can reattach to a detached container with **docker attach**. If you choose to run a container in the detached mode, then you cannot use the **-rm** option. - When attached in the tty mode, you can detach from a running container without -stopping the process by pressing the keys CTRL-P CTRL-Q. + When attached in the tty mode, you can detach from the container (and leave it +running) using a configurable key sequence. The default sequence is `CTRL-p CTRL-q`. +You configure the key sequence using the **--detach-keys** option or a configuration file. +See **config-json(5)** for documentation on using a configuration file. + +**--detach-keys**="" + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) diff --git a/man/docker-start.1.md b/man/docker-start.1.md index 678f687f86..c00b0a1668 100644 --- a/man/docker-start.1.md +++ b/man/docker-start.1.md @@ -7,6 +7,7 @@ docker-start - Start one or more containers # SYNOPSIS **docker start** [**-a**|**--attach**] +[**--detach-keys**[=*[]*]] [**--help**] [**-i**|**--interactive**] CONTAINER [CONTAINER...] @@ -17,7 +18,11 @@ Start one or more containers. # OPTIONS **-a**, **--attach**=*true*|*false* - Attach container's STDOUT and STDERR and forward all signals to the process. The default is *false*. + Attach container's STDOUT and STDERR and forward all signals to the + process. The default is *false*. + +**--detach-keys**="" + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. **--help** Print usage statement diff --git a/man/docker.1.md b/man/docker.1.md index fc7cd58a65..83e57affa2 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -223,6 +223,7 @@ inside it) Block until a container stops, then print its exit code See **docker-wait(1)** for full documentation on the **wait** command. + # EXEC DRIVER OPTIONS Use the **--exec-opt** flags to specify options to the execution driver. The only From 31ad32c879c0347d4e5c209153d5d375b4868b0c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 8 Dec 2015 14:52:58 +0100 Subject: [PATCH 1082/2538] Fix pid=host example in documentation The existing example didn't illustrate how to install strace in the container. In addition, the rhel7 image used is no longer public (and maintained) so not a good image to use in the example. This updates the example to use htop (strace is not working without disabling apparmor for the container) Signed-off-by: Sebastiaan van Stijn --- docs/reference/run.md | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 53ab5ea350..9288dd21d5 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -206,10 +206,27 @@ on the system. For example, you could build a container with debugging tools like `strace` or `gdb`, but want to use these tools when debugging processes within the container. - $ docker run --pid=host rhel7 strace -p 1234 +### Example: run htop inside a container -This command would allow you to use `strace` inside the container on pid 1234 on -the host. +Create this Dockerfile: + +``` +FROM alpine:latest +RUN apk add --update htop && rm -rf /var/cache/apk/* +CMD ["htop"] +``` + +Build the Dockerfile and tag the image as `myhtop`: + +```bash +$ docker build -t myhtop . +``` + +Use the following command to run `htop` inside a container: + +``` +$ docker run -it --rm --pid=host myhtop +``` ## UTS settings (--uts) From 5e85f62dbca334fb531c4de3e0e73b35edf60827 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Mon, 28 Dec 2015 15:15:34 -0500 Subject: [PATCH 1083/2538] Add filter by event type and documentation. Signed-off-by: David Calavera --- docs/reference/commandline/events.md | 105 ++++++++++++++++----------- 1 file changed, 63 insertions(+), 42 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 1af0e2337a..30eae105d9 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -19,14 +19,22 @@ parent = "smn_cli" --since="" Show all events created since timestamp --until="" Stream events until this timestamp -Docker containers will report the following events: +Docker containers report the following events: - attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause + attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update -and Docker images will report: +Docker images report the following events: delete, import, pull, push, tag, untag +Docker volumes report the following events: + + create, mount, unmount, destroy + +Docker networks report the following events: + + create, connect, disconnect, destroy + The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine’s time. If you do not provide the --since option, @@ -57,9 +65,12 @@ container container 588a23dac085 *AND* the event type is *start* The currently supported filters are: * container (`container=`) -* event (`event=`) +* event (`event=`) * image (`image=`) * label (`label=` or `label==`) +* type (`type=`) +* volume (`volume=`) +* network (`network=`) ## Examples @@ -77,68 +88,78 @@ You'll need two shells for this example. **Shell 1: (Again .. now showing events):** - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop - 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die - 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2015-05-12T11:51:30.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) **Show events in the past from a specified time:** $ docker events --since 1378216169 - 2014-03-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop - 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die - 2014-03-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) $ docker events --since '2013-09-03' - 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start - 2014-09-03T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop - 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die - 2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2015-05-12T11:51:30.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) $ docker events --since '2013-09-03T15:49:29' - 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop - 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die - 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) This example outputs all events that were generated in the last 3 minutes, relative to the current time on the client machine: $ docker events --since '3m' - 2015-05-12T11:51:30.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die - 2015-05-12T15:52:12.999999999Z07:00 4 4386fb97867d: (from ubuntu-1:14.04) stop - 2015-05-12T15:53:45.999999999Z07:00 7805c1d35632: (from redis:2.8) die - 2015-05-12T15:54:03.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) **Filter events:** $ docker events --filter 'event=stop' - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop - 2014-09-03T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2014-09-03T17:42:14.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) $ docker events --filter 'image=ubuntu-1:14.04' - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) start - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop + 2014-05-10T17:42:14.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) $ docker events --filter 'container=7805c1d35632' - 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die - 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image= redis:2.8) $ docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d' - 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop - 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die - 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) $ docker events --filter 'container=7805c1d35632' --filter 'event=stop' - 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) $ docker events --filter 'container=container_1' --filter 'container=container_2' - 2014-09-03T15:49:29.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) die - 2014-05-10T17:42:14.999999999Z07:00 4386fb97867d: (from ubuntu-1:14.04) stop - 2014-05-10T17:42:14.999999999Z07:00 7805c1d35632: (from redis:2.8) die - 2014-09-03T15:49:29.999999999Z07:00 7805c1d35632: (from redis:2.8) stop + 2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8) + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + + $ docker events --filter 'type=volume' + 2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) + 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) + 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) + 2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) + + $ docker events --filter 'type=network' + 2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) + 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) From 61295a1ec838edf2f31b3c55e324979300b26e15 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Mon, 7 Dec 2015 09:55:33 -0800 Subject: [PATCH 1084/2538] Add ability to set cgroup parent for all containers Fix #18022 Signed-off-by: Alexander Morozov --- docs/reference/commandline/daemon.md | 17 +++++++++++++++++ man/docker-daemon.8.md | 4 ++++ 2 files changed, 21 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index fbcf5583c3..04d6578371 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -20,6 +20,7 @@ weight = -1 --authz-plugin=[] Set authorization plugins to load -b, --bridge="" Attach containers to a network bridge --bip="" Specify network bridge IP + --cgroup-parent=/docker Set parent cgroup for all containers -D, --debug Enable debug mode --default-gateway="" Container default gateway IPv4 address --default-gateway-v6="" Container default gateway IPv6 address @@ -643,4 +644,20 @@ set like this: /usr/local/bin/docker daemon -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1 +# Default cgroup parent +The `--cgroup-parent` option allows you to set the default cgroup parent +to use for containers. If this option is not set, it defaults to `/docker`. + +If the cgroup has a leading forward slash (`/`), the cgroup is created +under the root cgroup, otherwise the cgroup is created under the daemon +cgroup. + +Assuming the daemon is running in cgroup `daemoncgroup`, +`--cgroup-parent=/foobar` creates a cgroup in +`/sys/fs/cgroup/memory/foobar`, wheras using `--cgroup-parent=foobar` +creates the cgroup in `/sys/fs/cgroup/memory/daemoncgroup/foobar` + +This setting can also be set per container, using the `--cgroup-parent` +option on `docker create` and `docker run`, and takes precedence over +the `--cgroup-parent` option on the daemon. diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 466b80537c..269268a1d1 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -10,6 +10,7 @@ docker-daemon - Enable daemon mode [**--authz-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] +[**--cgroup-parent**[=*/docker*]] [**--cluster-store**[=*[]*]] [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] @@ -80,6 +81,9 @@ format. **--bip**="" Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b +**--cgroup-parent**="" + Set parent cgroup for all containers. Default is "/docker". + **--cluster-store**="" URL of the distributed storage backend From b65475f61a03bf99092364c07378415fb1a8795f Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 17 Dec 2015 08:23:48 +0100 Subject: [PATCH 1085/2538] Add zsh completion for 'docker daemon --cgroup-parent' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 9394829745..fd6790d52e 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -583,6 +583,7 @@ __docker_subcommand() { "($help)*--authz-plugin=[Set authorization plugins to load]" \ "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ "($help)--bip=[Specify network bridge IP]" \ + "($help)--cgroup-parent=[Set parent cgroup for all containers]:cgroup: " \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ From d8f50e5dd1e70fa7dba965999c3176e33853e415 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 4 Jan 2016 15:42:03 +0100 Subject: [PATCH 1086/2538] docs: add note to volume-plugins The /var/lib/docker directory is reserved for docker, and should not be touched by plugins. Signed-off-by: Sebastiaan van Stijn --- docs/extend/plugins_volume.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index a2507f9113..7a1471e596 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -15,7 +15,7 @@ storage systems, such as Amazon EBS, and enable data volumes to persist beyond the lifetime of a single Docker host. See the [plugin documentation](plugins.md) for more information. -# Command-line changes +## Command-line changes A volume plugin makes use of the `-v`and `--volume-driver` flag on the `docker run` command. The `-v` flag accepts a volume name and the `--volume-driver` flag a driver type, for example: @@ -32,13 +32,13 @@ server to another. By specifying a `volumedriver` in conjunction with a `volumename`, users can use plugins such as [Flocker](https://clusterhq.com/docker-plugin/) to manage volumes external to a single host, such as those on EBS. -# Create a VolumeDriver +## Create a VolumeDriver The container creation endpoint (`/containers/create`) accepts a `VolumeDriver` field of type `string` allowing to specify the name of the driver. It's default value of `"local"` (the default driver for local volumes). -# Volume plugin protocol +## Volume plugin protocol If a plugin registers itself as a `VolumeDriver` when activated, then it is expected to provide writeable paths on the host filesystem for the Docker @@ -47,6 +47,10 @@ daemon to provide to containers to consume. The Docker daemon handles bind-mounting the provided paths into user containers. +> **Note**: Volume plugins should *not* write data to the `/var/lib/docker/` +> directory, including `/var/lib/docker/volumes`. The `/var/lib/docker/` +> directory is reserved for Docker. + ### /VolumeDriver.Create **Request**: From 442d408fc7aa1a177a2827d48ab4a8e3380d9edc Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 5 Jan 2016 09:53:16 -0800 Subject: [PATCH 1087/2538] bash completion for `--isolation` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5db2891630..8cbdf419c0 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -340,6 +340,10 @@ __docker_complete_capabilities() { " -- "$cur" ) ) } +__docker_complete_isolation() { + COMPREPLY=( $( compgen -W "default hyperv process" -- "$cur" ) ) +} + __docker_complete_log_drivers() { COMPREPLY=( $( compgen -W " awslogs @@ -532,6 +536,7 @@ _docker_build() { --cpu-period --cpu-quota --file -f + --isolation --memory -m --memory-swap --tag -t @@ -560,6 +565,10 @@ _docker_build() { _filedir return ;; + --isolation) + __docker_complete_isolation + return + ;; --tag|-t) __docker_complete_image_repos_and_tags return @@ -1455,6 +1464,7 @@ _docker_run() { --group-add --hostname -h --ipc + --isolation --kernel-memory --label-file --label -l @@ -1560,6 +1570,10 @@ _docker_run() { esac return ;; + --isolation) + __docker_complete_isolation + return + ;; --link) case "$cur" in *:*) From 3b7695959d79d89ca26102d5a70855834f08bc69 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 5 Jan 2016 09:29:37 -0800 Subject: [PATCH 1088/2538] bash completion for `docker daemon --cgroup-parent` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8cbdf419c0..7be2becf75 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -687,6 +687,7 @@ _docker_daemon() { --authz-plugin --bip --bridge -b + --cgroup-parent --cluster-advertise --cluster-store --cluster-store-opt From 2ea504510c87a5269b7166f06012d1ef92dbf1ba Mon Sep 17 00:00:00 2001 From: Clinton Kitson Date: Mon, 4 Jan 2016 11:28:25 -0800 Subject: [PATCH 1089/2538] Updated docs for consolidated list of REX-Ray providers This commit includes the correct project link and also includes a consolidated list of drivers that are supported. Signed-off-by: Clinton Kitson --- docs/extend/plugins.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index feaecd96a2..ea483241b4 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -66,10 +66,10 @@ The following plugins exist: is a volume plugin written in Go that provides functionality to mount Pachyderm File System (PFS) repositories at specific commits as volumes within Docker containers. -* The [REX-Ray plugin](https://github.com/emccode/rexraycli) is a volume plugin +* The [REX-Ray plugin](https://github.com/emccode/rexray) is a volume plugin which is written in Go and provides advanced storage functionality for many - platforms including EC2, Google Compute Engine, OpenStack, XtremIO, and ScaleIO. - + platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. + * The [Contiv Volume Plugin](https://github.com/contiv/volplugin) is an open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption using ceph underneath. From effe34067fbab203547f74c2a789a7ef81a0d19c Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 6 Jan 2016 10:15:12 -0800 Subject: [PATCH 1090/2538] bash completion for `docker update` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 37 ++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7be2becf75..0e9d4b792d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1773,6 +1773,42 @@ _docker_unpause() { esac } +_docker_update() { + local options_with_args=" + --blkio-weight + --cpu-period + --cpu-quota + --cpuset-cpus + --cpuset-mems + --cpu-shares + --kernel-memory + --memory -m + --memory-reservation + --memory-swap + " + + local boolean_options=" + --help + " + + local all_options="$options_with_args $boolean_options" + + case "$prev" in + $(__docker_to_extglob "$options_with_args") ) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) ) + ;; + *) + __docker_complete_containers_all + ;; + esac +} + _docker_top() { case "$cur" in -*) @@ -1930,6 +1966,7 @@ _docker() { tag top unpause + update version volume wait From f06e5cb69207baa8c4c8e54549e01e392ebbeaa2 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Tue, 5 Jan 2016 21:07:34 -0500 Subject: [PATCH 1091/2538] Add docs for volume plugin ls/get Signed-off-by: Brian Goff --- docs/extend/plugins_volume.md | 71 ++++++++++++++++++++++++++++++----- 1 file changed, 61 insertions(+), 10 deletions(-) diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 7a1471e596..1814708275 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -54,7 +54,7 @@ containers. ### /VolumeDriver.Create **Request**: -``` +```json { "Name": "volume_name", "Opts": {} @@ -67,7 +67,7 @@ volume on the filesystem yet (until Mount is called). Opts is a map of driver specific options passed through from the user request. **Response**: -``` +```json { "Err": "" } @@ -78,7 +78,7 @@ Respond with a string error if an error occurred. ### /VolumeDriver.Remove **Request**: -``` +```json { "Name": "volume_name" } @@ -87,7 +87,7 @@ Respond with a string error if an error occurred. Delete the specified volume from disk. This request is issued when a user invokes `docker rm -v` to remove volumes associated with a container. **Response**: -``` +```json { "Err": "" } @@ -98,7 +98,7 @@ Respond with a string error if an error occurred. ### /VolumeDriver.Mount **Request**: -``` +```json { "Name": "volume_name" } @@ -110,7 +110,7 @@ more than once, the plugin may need to keep track of each new mount request and at the first mount request and deprovision at the last corresponding unmount request. **Response**: -``` +```json { "Mountpoint": "/path/to/directory/on/host", "Err": "" @@ -123,7 +123,7 @@ available, and/or a string error if an error occurred. ### /VolumeDriver.Path **Request**: -``` +```json { "Name": "volume_name" } @@ -132,7 +132,7 @@ available, and/or a string error if an error occurred. Docker needs reminding of the path to the volume on the host. **Response**: -``` +```json { "Mountpoint": "/path/to/directory/on/host", "Err": "" @@ -145,7 +145,7 @@ available, and/or a string error if an error occurred. ### /VolumeDriver.Unmount **Request**: -``` +```json { "Name": "volume_name" } @@ -156,7 +156,7 @@ per container stop. Plugin may deduce that it is safe to deprovision it at this point. **Response**: -``` +```json { "Err": "" } @@ -164,3 +164,54 @@ this point. Respond with a string error if an error occurred. + +### /VolumeDriver.Get + +**Request**: +```json +{ + "Name": "volume_name" +} +``` + +Get the volume info. + + +**Response**: +```json +{ + "Volume": { + "Name": "volume_name", + "Mountpoint": "/path/to/directory/on/host", + }, + "Err": "" +} +``` + +Respond with a string error if an error occurred. + + +### /VolumeDriver.List + +**Request**: +```json +{} +``` + +Get the list of volumes registered with the plugin. + +**Response**: +```json +{ + "Volumes": [ + { + "Name": "volume_name", + "Mountpoint": "/path/to/directory/on/host" + } + ], + "Err": "" +} +``` + +Respond with a string error if an error occurred. + From 6a6c99d7fe5d9158d035158c391dfee9fb8850c1 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Wed, 6 Jan 2016 13:59:01 -0800 Subject: [PATCH 1092/2538] Choose default-cgroup parent by cgroup driver It's "/docker" for cgroupfs and "system.slice" for systemd. Fix #19140 Signed-off-by: Alexander Morozov --- docs/reference/commandline/daemon.md | 7 ++++--- man/docker-daemon.8.md | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 04d6578371..38ed09bc75 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -17,10 +17,10 @@ weight = -1 Options: --api-cors-header="" Set CORS headers in the remote API - --authz-plugin=[] Set authorization plugins to load + --authz-plugin=[] Set authorization plugins to load -b, --bridge="" Attach containers to a network bridge --bip="" Specify network bridge IP - --cgroup-parent=/docker Set parent cgroup for all containers + --cgroup-parent= Set parent cgroup for all containers -D, --debug Enable debug mode --default-gateway="" Container default gateway IPv4 address --default-gateway-v6="" Container default gateway IPv6 address @@ -647,7 +647,8 @@ set like this: # Default cgroup parent The `--cgroup-parent` option allows you to set the default cgroup parent -to use for containers. If this option is not set, it defaults to `/docker`. +to use for containers. If this option is not set, it defaults to `/docker` for +fs cgroup driver and `system.slice` for systemd cgroup driver. If the cgroup has a leading forward slash (`/`), the cgroup is created under the root cgroup, otherwise the cgroup is created under the daemon diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 269268a1d1..8001c72d65 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -10,7 +10,7 @@ docker-daemon - Enable daemon mode [**--authz-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] -[**--cgroup-parent**[=*/docker*]] +[**--cgroup-parent**[=*[]*]] [**--cluster-store**[=*[]*]] [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] @@ -82,7 +82,7 @@ format. Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b **--cgroup-parent**="" - Set parent cgroup for all containers. Default is "/docker". + Set parent cgroup for all containers. Default is "/docker" for fs cgroup driver and "system.slice" for systemd cgroup driver. **--cluster-store**="" URL of the distributed storage backend From fcd2860045a05cecb4efd445ddb10566580cbfdb Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Thu, 7 Jan 2016 11:08:30 -0500 Subject: [PATCH 1093/2538] man page fix: remove -e/--exec-drive=native related description Signed-off-by: Shishir Mahajan --- man/docker.1.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/man/docker.1.md b/man/docker.1.md index 83e57affa2..f2bb68f2ce 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -226,10 +226,8 @@ inside it) # EXEC DRIVER OPTIONS -Use the **--exec-opt** flags to specify options to the execution driver. The only -runtime that accepts any options is Linux. As a -result, you must also specify **-s=**native for this option to have effect. The -following is the only *native* option: +Use the **--exec-opt** flags to specify options to the execution driver. +The following options are available: #### native.cgroupdriver Specifies the management of the container's `cgroups`. You can specify From 0a3c040a07d157c8c4c63549b876de53ca6ab8ec Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Thu, 7 Jan 2016 16:18:34 -0800 Subject: [PATCH 1094/2538] Allow user to choose the IP address for the container Signed-off-by: Alessandro Boch --- docs/reference/commandline/network_connect.md | 9 ++++++++- docs/reference/commandline/run.md | 2 ++ docs/reference/run.md | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index ab78bf9d5c..dbecda6ddb 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -30,11 +30,18 @@ You can also use the `docker run --net=` option to start a contain $ docker run -itd --net=multi-host-network busybox ``` +You can specify the IP address you want to be assigned to the container's interface. + +```bash +$ docker network connect multi-host-network --ip 10.10.36.122 container2 +``` + You can pause, restart, and stop containers that are connected to a network. Paused containers remain connected and a revealed by a `network inspect`. When the container is stopped, it does not appear on the network until you restart it. The container's IP address is not guaranteed to remain the same when a -stopped container rejoins the network. +stopped container rejoins the network, unless you specified one when you run +`docker network connect` command. To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network. diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 3ea6ae5415..78643e56af 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -56,6 +56,8 @@ parent = "smn_cli" --log-opt=[] Log driver specific options -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) + --ip="" Container IPv4 address (e.g. 172.30.100.104) + --ip6="" Container IPv6 address (e.g. 2001:db8::33) --memory-reservation="" Memory soft limit --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. diff --git a/docs/reference/run.md b/docs/reference/run.md index 9288dd21d5..e802f3e177 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -275,6 +275,8 @@ of the containers. '|': connect to a user-defined network --add-host="" : Add a line to /etc/hosts (host:IP) --mac-address="" : Sets the container's Ethernet device's MAC address + --ip="" : Sets the container's Ethernet device's IPv4 address + --ip6="" : Sets the container's Ethernet device's IPv6 address By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking From 06f084a8ec809dd16231134b4489f7c21c288c51 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 5 Jan 2016 18:41:51 -0800 Subject: [PATCH 1095/2538] Before that change, etcd and zookeeper would fail to instantiate the discovery without the key being already there in the store or created beforehand and implicitely by a 'swarm join'. Signed-off-by: Alexandre Beslic Signed-off-by: Victor Vieux This PR allows to configure the discovery path using the --discovery-opt flag (with "kv.path=path/to/nodes"). We can point to "docker/nodes" and use the docker discovery. If docker instances are advertising to the cluster using the `--cluster-advertise` flag, the swarm join command becomes unnecessary. Signed-off-by: Alexandre Beslic Signed-off-by: Victor Vieux --- docs/reference/commandline/daemon.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 38ed09bc75..a4606266c9 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -603,6 +603,10 @@ The currently supported cluster store options are: private key is used as the client key for communication with the Key/Value store. +* `kv.path` + + Specifies the path in the Key/Value store. If not configured, the default value is 'docker/nodes'. + ## Access authorization Docker's access authorization can be extended by authorization plugins that your From caa120d3ca9de6074f5195715afa1ea024fc170a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 9 Jan 2016 09:27:40 -0800 Subject: [PATCH 1096/2538] bash completion for `docker {build,create,run} --shm-size` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0e9d4b792d..7a3543ef6b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -539,6 +539,7 @@ _docker_build() { --isolation --memory -m --memory-swap + --shm-size --tag -t --ulimit " @@ -1484,6 +1485,7 @@ _docker_run() { --publish -p --restart --security-opt + --shm-size --stop-signal --tmpfs --ulimit From a8e9d1e2634bf8250ca65aab547f50b3ad86b9e8 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 9 Jan 2016 14:38:22 +0100 Subject: [PATCH 1097/2538] Add zsh completion for 'docker update' + refactoring of common options between 'build', 'create', 'run', 'update' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 52 +++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 13 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index fd6790d52e..fcd84f2151 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -443,26 +443,27 @@ __docker_commands() { } __docker_subcommand() { - local -a _command_args opts_help opts_cpumemlimit opts_create + local -a _command_args opts_help opts_build_create_run opts_build_create_run_update opts_create_run opts_create_run_update local expl help="--help" integer ret=1 opts_help=("(: -)--help[Print usage]") - opts_cpumemlimit=( - "($help)--cpu-shares=[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" + opts_build_create_run=( "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " + "($help)*--ulimit=[ulimit options]:ulimit: " + ) + opts_build_create_run_update=( + "($help)--cpu-shares=[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " - "($help)*--ulimit=[ulimit options]:ulimit: " ) - opts_create=( + opts_create_run=( "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " - "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" "($help)*--blkio-weight-device=[Block IO (relative device weight)]:device:Block IO weight: " "($help)*--cap-add=[Add Linux capabilities]:capability: " "($help)*--cap-drop=[Drop Linux capabilities]:capability: " @@ -483,7 +484,6 @@ __docker_subcommand() { "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" "($help)--ipc=[IPC namespace to use]:IPC namespace: " - "($help)--kernel-memory[Kernel memory limit in bytes.]:Memory limit: " "($help)*--link=[Add link to another container]:link:->link" "($help)*"{-l=,--label=}"[Set meta data on a container]:label: " "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" @@ -502,12 +502,16 @@ __docker_subcommand() { "($help)*--security-opt=[Security options]:security option: " "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" - "($help)--tmpfs[mount tmpfs] " + "($help)--tmpfs[mount tmpfs]" "($help)*-v[Bind mount a volume]:volume: " "($help)--volume-driver=[Optional volume driver for the container]:volume driver:(local)" "($help)*--volumes-from=[Mount volumes from the specified container]:volume: " "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" ) + opts_create_run_update=( + "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" + "($help)--kernel-memory=[Kernel memory limit in bytes.]:Memory limit: " + ) case "$words[1]" in (attach) @@ -520,7 +524,8 @@ __docker_subcommand() { (build) _arguments $(__docker_arguments) \ $opts_help \ - $opts_cpumemlimit \ + $opts_build_create_run \ + $opts_build_create_run_update \ "($help)*--build-arg[Set build-time variables]:=: " \ "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ "($help)--force-rm[Always remove intermediate containers]" \ @@ -559,8 +564,10 @@ __docker_subcommand() { (create) _arguments $(__docker_arguments) \ $opts_help \ - $opts_cpumemlimit \ - $opts_create \ + $opts_build_create_run \ + $opts_build_create_run_update \ + $opts_create_run \ + $opts_create_run_update \ "($help -): :__docker_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 @@ -851,8 +858,10 @@ __docker_subcommand() { (run) _arguments $(__docker_arguments) \ $opts_help \ - $opts_cpumemlimit \ - $opts_create \ + $opts_build_create_run \ + $opts_build_create_run_update \ + $opts_create_run \ + $opts_create_run_update \ "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ "($help)--rm[Remove intermediate containers when it exits]" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ @@ -918,6 +927,23 @@ __docker_subcommand() { ;; esac + ;; + (update) + _arguments $(__docker_arguments) \ + $opts_help \ + $opts_create_run_update \ + $opts_build_create_run_update \ + "($help -)*: :->values" && ret=0 + + case $state in + (values) + if [[ ${words[(r)--kernel-memory*]} = (--kernel-memory*) ]]; then + __docker_stoppedcontainers && ret=0 + else + __docker_containers && ret=0 + fi + ;; + esac ;; (volume) local curcontext="$curcontext" state From c7b9b776ada35f124b21a4f4ed7e0a91a79e68ed Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 9 Jan 2016 14:40:37 +0100 Subject: [PATCH 1098/2538] Add zsh completion for 'docker {create,run,update} --memory-reservation' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index fcd84f2151..45165b82d7 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -511,6 +511,7 @@ __docker_subcommand() { opts_create_run_update=( "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" "($help)--kernel-memory=[Kernel memory limit in bytes.]:Memory limit: " + "($help)--memory-reservation=[Memory soft limit]:Memory limit: " ) case "$words[1]" in From 323f35256bf023ab240a6320f4f3b5ac09a4aae4 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 9 Jan 2016 14:46:06 +0100 Subject: [PATCH 1099/2538] Add zsh completion for 'docker {build,create,run} --shm-size Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 45165b82d7..cfb09d2cab 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -450,6 +450,7 @@ __docker_subcommand() { opts_help=("(: -)--help[Print usage]") opts_build_create_run=( "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " + "($help)*--shm-size=[Size of '/dev/shm'. The format is ''. Default is '64m'.]:shm size: " "($help)*--ulimit=[ulimit options]:ulimit: " ) opts_build_create_run_update=( From 97d56a6cd8b1f1ee766bebdb18e19b1ac1ef607d Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 9 Jan 2016 14:48:55 +0100 Subject: [PATCH 1100/2538] Add zsh completion for 'docker {build,create,run} --isolation' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index cfb09d2cab..76e9518e4a 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -450,6 +450,7 @@ __docker_subcommand() { opts_help=("(: -)--help[Print usage]") opts_build_create_run=( "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " + "($help)--isolation=[]:isolation:(default hyperv process)" "($help)*--shm-size=[Size of '/dev/shm'. The format is ''. Default is '64m'.]:shm size: " "($help)*--ulimit=[ulimit options]:ulimit: " ) From 5142d3a66966047c27f35983c2e7767e777219a6 Mon Sep 17 00:00:00 2001 From: Aidan Hobson Sayers Date: Fri, 8 Jan 2016 20:52:11 +0000 Subject: [PATCH 1101/2538] Fix ambassador script based on SvenDowideit/dockerfiles#37 Signed-off-by: Aidan Hobson Sayers --- docs/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 5663e837a0..355c5e3767 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -93,7 +93,7 @@ the `Using cache` message in the console output. Step 2 : RUN apk update && apk add socat && rm -r /var/cache/ ---> Using cache ---> 21ed6e7fbb73 - Step 3 : CMD env | grep _TCP= | sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \& wait/' | sh + Step 3 : CMD env | grep _TCP= | (sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' && echo wait) | sh ---> Using cache ---> 7ea8aef582cc Successfully built 7ea8aef582cc From b5843f62f8b8819dcee87ea77c3ab1a3cf590cbe Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 11 Jan 2016 20:13:39 -0500 Subject: [PATCH 1102/2538] Add docker network connect/disconnect to non-running container Signed-off-by: Lei Jitang --- docs/reference/commandline/network_connect.md | 2 +- man/docker-network-connect.1.md | 2 +- man/docker-network-disconnect.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index dbecda6ddb..866526effa 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -16,7 +16,7 @@ parent = "smn_cli" --help Print usage -Connects a running container to a network. You can connect a container by name +Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in the same network. diff --git a/man/docker-network-connect.1.md b/man/docker-network-connect.1.md index 6a77bfef46..e61874c80a 100644 --- a/man/docker-network-connect.1.md +++ b/man/docker-network-connect.1.md @@ -11,7 +11,7 @@ NETWORK CONTAINER # DESCRIPTION -Connects a running container to a network. You can connect a container by name +Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in the same network. diff --git a/man/docker-network-disconnect.1.md b/man/docker-network-disconnect.1.md index 81b0387d85..bfe85ad23a 100644 --- a/man/docker-network-disconnect.1.md +++ b/man/docker-network-disconnect.1.md @@ -11,7 +11,7 @@ NETWORK CONTAINER # DESCRIPTION -Disconnects a container from a network. The container must be running to disconnect it from the network. +Disconnects a container from a network. ```bash $ docker network disconnect multi-host-network container1 From 36960be45f73c6defcb03645b1fb4ddefa5eb735 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Fri, 8 Jan 2016 10:07:46 -0500 Subject: [PATCH 1103/2538] Add daemon documentation on user namespaces feature Remove the experimental docs for user namespaces and add similar content to the `docker daemon` command documentation. Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- docs/reference/commandline/daemon.md | 128 +++++++++++++++++++++++++++ experimental/README.md | 2 +- experimental/userns.md | 119 ------------------------- man/docker-daemon.8.md | 4 + 4 files changed, 133 insertions(+), 120 deletions(-) delete mode 100644 experimental/userns.md diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index a4606266c9..8bc30a8eca 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -62,6 +62,7 @@ weight = -1 --tlscert="~/.docker/cert.pem" Path to TLS certificate file --tlskey="~/.docker/key.pem" Path to TLS key file --tlsverify Use TLS and verify the remote + --userns-remap="default" Enable user namespace remapping --userland-proxy=true Use userland proxy for loopback traffic Options with [] may be specified multiple times. @@ -632,6 +633,133 @@ For information about how to create an authorization plugin, see [authorization plugin](../../extend/authorization.md) section in the Docker extend section of this documentation. +## Daemon user namespace options + +The Linux kernel [user namespace support](http://man7.org/linux/man-pages/man7/user_namespaces.7.html) provides additional security by enabling +a process, and therefore a container, to have a unique range of user and +group IDs which are outside the traditional user and group range utilized by +the host system. Potentially the most important security improvement is that, +by default, container processes running as the `root` user will have expected +administrative privilege (with some restrictions) inside the container but will +effectively be mapped to an unprivileged `uid` on the host. + +When user namespace support is enabled, Docker creates a single daemon-wide mapping +for all containers running on the same engine instance. The mappings will +utilize the existing subordinate user and group ID feature available on all modern +Linux distributions. +The [`/etc/subuid`](http://man7.org/linux/man-pages/man5/subuid.5.html) and +[`/etc/subgid`](http://man7.org/linux/man-pages/man5/subgid.5.html) files will be +read for the user, and optional group, specified to the `--userns-remap` +parameter. If you do not wish to specify your own user and/or group, you can +provide `default` as the value to this flag, and a user will be created on your behalf +and provided subordinate uid and gid ranges. This default user will be named +`dockremap`, and entries will be created for it in `/etc/passwd` and +`/etc/group` using your distro's standard user and group creation tools. + +> **Note**: The single mapping per-daemon restriction is in place for now +> because Docker shares image layers from its local cache across all +> containers running on the engine instance. Since file ownership must be +> the same for all containers sharing the same layer content, the decision +> was made to map the file ownership on `docker pull` to the daemon's user and +> group mappings so that there is no delay for running containers once the +> content is downloaded. This design preserves the same performance for `docker +> pull`, `docker push`, and container startup as users expect with +> user namespaces disabled. + +### Starting the daemon with user namespaces enabled + +To enable user namespace support, start the daemon with the +`--userns-remap` flag, which accepts values in the following formats: + + - uid + - uid:gid + - username + - username:groupname + +If numeric IDs are provided, translation back to valid user or group names +will occur so that the subordinate uid and gid information can be read, given +these resources are name-based, not id-based. If the numeric ID information +provided does not exist as entries in `/etc/passwd` or `/etc/group`, daemon +startup will fail with an error message. + +*Example: starting with default Docker user management:* + +``` + $ docker daemon --userns-remap=default +``` +When `default` is provided, Docker will create - or find the existing - user and group +named `dockremap`. If the user is created, and the Linux distribution has +appropriate support, the `/etc/subuid` and `/etc/subgid` files will be populated +with a contiguous 65536 length range of subordinate user and group IDs, starting +at an offset based on prior entries in those files. For example, Ubuntu will +create the following range, based on an existing user named `user1` already owning +the first 65536 range: + +``` + $ cat /etc/subuid + user1:100000:65536 + dockremap:165536:65536 +``` + +> **Note:** On a fresh Fedora install, we had to `touch` the +> `/etc/subuid` and `/etc/subgid` files to have ranges assigned when users +> were created. Once these files existed, range assignment on user creation +> worked properly. + +If you have a preferred/self-managed user with subordinate ID mappings already +configured, you can provide that username or uid to the `--userns-remap` flag. +If you have a group that doesn't match the username, you may provide the `gid` +or group name as well; otherwise the username will be used as the group name +when querying the system for the subordinate group ID range. + +### Detailed information on `subuid`/`subgid` ranges + +Given potential advanced use of the subordinate ID ranges by power users, the +following paragraphs define how the Docker daemon currently uses the range entries +found within the subordinate range files. + +The simplest case is that only one contiguous range is defined for the +provided user or group. In this case, Docker will use that entire contiguous +range for the mapping of host uids and gids to the container process. This +means that the first ID in the range will be the remapped root user, and the +IDs above that initial ID will map host ID 1 through the end of the range. + +From the example `/etc/subid` content shown above, the remapped root +user would be uid 165536. + +If the system administrator has set up multiple ranges for a single user or +group, the Docker daemon will read all the available ranges and use the +following algorithm to create the mapping ranges: + +1. The range segments found for the particular user will be sorted by *start ID* ascending. +2. Map segments will be created from each range in increasing value with a length matching the length of each segment. Therefore the range segment with the lowest numeric starting value will be equal to the remapped root, and continue up through host uid/gid equal to the range segment length. As an example, if the lowest segment starts at ID 1000 and has a length of 100, then a map of 1000 -> 0 (the remapped root) up through 1100 -> 100 will be created from this segment. If the next segment starts at ID 10000, then the next map will start with mapping 10000 -> 101 up to the length of this second segment. This will continue until no more segments are found in the subordinate files for this user. +3. If more than five range segments exist for a single user, only the first five will be utilized, matching the kernel's limitation of only five entries in `/proc/self/uid_map` and `proc/self/gid_map`. + +### User namespace known restrictions + +The following standard Docker features are currently incompatible when +running a Docker daemon with user namespaces enabled: + + - sharing PID or NET namespaces with the host (`--pid=host` or `--net=host`) + - sharing a network namespace with an existing container (`--net=container:*other*`) + - sharing an IPC namespace with an existing container (`--ipc=container:*other*`) + - A `--readonly` container filesystem (this is a Linux kernel restriction against remounting with modified flags of a currently mounted filesystem when inside a user namespace) + - external (volume or graph) drivers which are unaware/incapable of using daemon user mappings + - Using `--privileged` mode flag on `docker run` + +In general, user namespaces are an advanced feature and will require +coordination with other capabilities. For example, if volumes are mounted from +the host, file ownership will have to be pre-arranged if the user or +administrator wishes the containers to have expected access to the volume +contents. + +Finally, while the `root` user inside a user namespaced container process has +many of the expected admin privileges that go along with being the superuser, the +Linux kernel has restrictions based on internal knowledge that this is a user namespaced +process. The most notable restriction that we are aware of at this time is the +inability to use `mknod`. Permission will be denied for device creation even as +container `root` inside a user namespace. + ## Miscellaneous options IP masquerading uses address translation to allow containers without a public diff --git a/experimental/README.md b/experimental/README.md index d2eff37d8d..659780e3fa 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -72,7 +72,7 @@ to build a Docker binary with the experimental features enabled: ## Current experimental features * [External graphdriver plugins](plugins_graphdriver.md) - * [User namespaces](userns.md) + * The user namespaces feature has graduated from experimental. ## How to comment on an experimental feature diff --git a/experimental/userns.md b/experimental/userns.md deleted file mode 100644 index cb713f7d65..0000000000 --- a/experimental/userns.md +++ /dev/null @@ -1,119 +0,0 @@ -# Experimental: User namespace support - -Linux kernel [user namespace support](http://man7.org/linux/man-pages/man7/user_namespaces.7.html) provides additional security by enabling -a process--and therefore a container--to have a unique range of user and -group IDs which are outside the traditional user and group range utilized by -the host system. Potentially the most important security improvement is that, -by default, container processes running as the `root` user will have expected -administrative privilege (with some restrictions) inside the container but will -effectively be mapped to an unprivileged `uid` on the host. - -In this experimental phase, the Docker daemon creates a single daemon-wide mapping -for all containers running on the same engine instance. The mappings will -utilize the existing subordinate user and group ID feature available on all modern -Linux distributions. -The [`/etc/subuid`](http://man7.org/linux/man-pages/man5/subuid.5.html) and -[`/etc/subgid`](http://man7.org/linux/man-pages/man5/subgid.5.html) files will be -read for the user, and optional group, specified to the `--userns-remap` -parameter. If you do not wish to specify your own user and/or group, you can -provide `default` as the value to this flag, and a user will be created on your behalf -and provided subordinate uid and gid ranges. This default user will be named -`dockremap`, and entries will be created for it in `/etc/passwd` and -`/etc/group` using your distro's standard user and group creation tools. - -> **Note**: The single mapping per-daemon restriction exists for this experimental -> phase because Docker shares image layers from its local cache across all -> containers running on the engine instance. Since file ownership must be -> the same for all containers sharing the same layer content, the decision -> was made to map the file ownership on `docker pull` to the daemon's user and -> group mappings so that there is no delay for running containers once the -> content is downloaded--exactly the same performance characteristics as with -> user namespaces disabled. - -## Starting the daemon with user namespaces enabled -To enable this experimental user namespace support for a Docker daemon instance, -start the daemon with the aforementioned `--userns-remap` flag, which accepts -values in the following formats: - - - uid - - uid:gid - - username - - username:groupname - -If numeric IDs are provided, translation back to valid user or group names -will occur so that the subordinate uid and gid information can be read, given -these resources are name-based, not id-based. If the numeric ID information -provided does not exist as entries in `/etc/passwd` or `/etc/group`, daemon -startup will fail with an error message. - -*An example: starting with default Docker user management:* - -``` - $ docker daemon --userns-remap=default -``` -In this case, Docker will create--or find the existing--user and group -named `dockremap`. If the user is created, and the Linux distribution has -appropriate support, the `/etc/subuid` and `/etc/subgid` files will be populated -with a contiguous 65536 length range of subordinate user and group IDs, starting -at an offset based on prior entries in those files. For example, Ubuntu will -create the following range, based on an existing user already having the first -65536 range: - -``` - $ cat /etc/subuid - user1:100000:65536 - dockremap:165536:65536 -``` - -> **Note:** On a fresh Fedora install, we found that we had to `touch` the -> `/etc/subuid` and `/etc/subgid` files to have ranges assigned when users -> were created. Once these files existed, range assignment on user creation -> worked properly. - -If you have a preferred/self-managed user with subordinate ID mappings already -configured, you can provide that username or uid to the `--userns-remap` flag. -If you have a group that doesn't match the username, you may provide the `gid` -or group name as well; otherwise the username will be used as the group name -when querying the system for the subordinate group ID range. - -## Detailed information on `subuid`/`subgid` ranges - -Given there may be advanced use of the subordinate ID ranges by power users, we will -describe how the Docker daemon uses the range entries within these files under the -current experimental user namespace support. - -The simplest case exists where only one contiguous range is defined for the -provided user or group. In this case, Docker will use that entire contiguous -range for the mapping of host uids and gids to the container process. This -means that the first ID in the range will be the remapped root user, and the -IDs above that initial ID will map host ID 1 through the end of the range. - -From the example `/etc/subid` content shown above, that means the remapped root -user would be uid 165536. - -If the system administrator has set up multiple ranges for a single user or -group, the Docker daemon will read all the available ranges and use the -following algorithm to create the mapping ranges: - -1. The ranges will be sorted by *start ID* ascending -2. Maps will be created from each range with where the host ID will increment starting at 0 for the first range, 0+*range1* length for the second, and so on. This means that the lowest range start ID will be the remapped root, and all further ranges will map IDs from 1 through the uid or gid that equals the sum of all range lengths. -3. Ranges segments above five will be ignored as the kernel ignores any ID maps after five (in `/proc/self/{u,g}id_map`) - -## User namespace known restrictions - -The following standard Docker features are currently incompatible when -running a Docker daemon with experimental user namespaces enabled: - - - sharing namespaces with the host (--pid=host, --net=host, etc.) - - sharing namespaces with other containers (--net=container:*other*) - - A `--readonly` container filesystem (a Linux kernel restriction on remount with new flags of a currently mounted filesystem when inside a user namespace) - - external (volume/graph) drivers which are unaware/incapable of using daemon user mappings - - Using `--privileged` mode containers - - volume use without pre-arranging proper file ownership in mounted volumes - -Additionally, while the `root` user inside a user namespaced container -process has many of the privileges of the administrative root user, the -following operations will fail: - - - Use of `mknod` - permission is denied for device creation by the container root - - others will be listed here when fully tested diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 8001c72d65..8e4a3acc0b 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -53,6 +53,7 @@ docker-daemon - Enable daemon mode [**--tlskey**[=*~/.docker/key.pem*]] [**--tlsverify**] [**--userland-proxy**[=*true*]] +[**--userns-remap**[=*default*]] # DESCRIPTION **docker** has two distinct functions. It is used for starting the Docker @@ -223,6 +224,9 @@ unix://[/path/to/socket] to use. **--userland-proxy**=*true*|*false* Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. +**--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid* + Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. + # STORAGE DRIVER OPTIONS Docker uses storage backends (known as "graphdrivers" in the Docker From 66cb79eb9840109039284fb63ef4f2c846a15cf5 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 12 Jan 2016 22:38:32 +0100 Subject: [PATCH 1104/2538] Add zsh completion for 'docker daemon --userns-remap' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 76e9518e4a..fff050c2df 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -634,6 +634,7 @@ __docker_subcommand() { "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \ "($help)--tlskey=[Path to TLS key file]:Key file:_files -g "*.(pem|key)"" \ "($help)--tlsverify[Use TLS and verify the remote]" \ + "($help)--userns-remap=[User/Group setting for user namespaces]:user\:group:->users-groups" \ "($help)--userland-proxy[Use userland proxy for loopback traffic]" && ret=0 case $state in @@ -653,6 +654,14 @@ __docker_subcommand() { _describe -t cluster-store-opts "Cluster Store Options" opts -qS "=" && ret=0 fi ;; + (users-groups) + if compset -P '*:'; then + _groups && ret=0 + else + _describe -t userns-default "default Docker user management" '(default)' && ret=0 + _users && ret=0 + fi + ;; esac ;; (diff) From 442cbbfac1670faf13d23dd84c8e4ba4e757d770 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 6 Jan 2016 17:57:21 -0800 Subject: [PATCH 1105/2538] Prune digest references when deleting by tag When pulling an image with content trust enabled, two references are created: a digest reference and a tag reference. Deleting by tag wouldn't actually remove the image, because the digest reference keeps it alive. This change modifies the rmi logic so that digest references don't keep an image alive. If the last tag referencing a given image is deleted, any digest references to it will be removed as well, so the image can actually get deleted. This fixes the usability problem with deletions when content trust is in use, so something like "docker pull busybox; docker rmi busybox" will work as expected. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/rmi.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/rmi.md b/docs/reference/commandline/rmi.md index 69e8ef892f..022a415928 100644 --- a/docs/reference/commandline/rmi.md +++ b/docs/reference/commandline/rmi.md @@ -19,8 +19,9 @@ parent = "smn_cli" --no-prune Do not delete untagged parents You can remove an image using its short or long ID, its tag, or its digest. If -an image has one or more tag or digest reference, you must remove all of them -before the image is removed. +an image has one or more tag referencing it, you must remove all of them before +the image is removed. Digest references are removed automatically when an image +is removed by tag. $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE From bf03439e683a4c376c2a971a0d407ae2ede4628a Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Mon, 11 Jan 2016 02:34:17 -0800 Subject: [PATCH 1106/2538] Docs update for link functionality in user-defined networks Signed-off-by: Madhu Venugopal --- docs/reference/commandline/network_connect.md | 12 +++++++++++- docs/reference/run.md | 12 ++++++------ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index 866526effa..223fd48234 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -15,6 +15,9 @@ parent = "smn_cli" Connects a container to a network --help Print usage + --ip IP Address + --ip6 IPv6 Address + --link=[] Add a link to another container Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in @@ -33,7 +36,13 @@ $ docker run -itd --net=multi-host-network busybox You can specify the IP address you want to be assigned to the container's interface. ```bash -$ docker network connect multi-host-network --ip 10.10.36.122 container2 +$ docker network connect --ip 10.10.36.122 multi-host-network container2 +``` + +You can use `--link` option to link another container with a prefered alias + +```bash +$ docker network connect --link container1:c1 multi-host-network container2 ``` You can pause, restart, and stop containers that are connected to a network. @@ -60,3 +69,4 @@ You can connect a container to one or more networks. The networks need not be th * [network ls](network_ls.md) * [network rm](network_rm.md) * [Understand Docker container networks](../../userguide/networking/dockernetworks.md) +* [Work with networks](../../userguide/networking/work-with-networks.md) diff --git a/docs/reference/run.md b/docs/reference/run.md index e802f3e177..8741e3c3c4 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1301,12 +1301,12 @@ specifies `EXPOSE 80` in the Dockerfile). At runtime, the port might be bound to 42800 on the host. To find the mapping between the host ports and the exposed ports, use `docker port`. -If the operator uses `--link` when starting a new client container, then the -client container can access the exposed port via a private networking interface. -Linking is a legacy feature that is only supported on the default bridge -network. You should prefer the Docker networks feature instead. For more -information on this feature, see the [*Docker network -overview*""](../userguide/networking/index.md)). +If the operator uses `--link` when starting a new client container in the +default bridge network, then the client container can access the exposed +port via a private networking interface. +If `--link` is used when starting a container in a user-defined network as +described in [*Docker network overview*""](../userguide/networking/index.md)), +it will provide a named alias for the container being linked to. ### ENV (environment variables) From 22aaf42a841f2219404573360ad2df3094c462dc Mon Sep 17 00:00:00 2001 From: Kim Eik Date: Tue, 27 Oct 2015 21:12:33 +0100 Subject: [PATCH 1107/2538] Added additional container information to "docker info". Instead of just showing the number of containers this patch will show the number of running, paused and stopped containers as well. Signed-off-by: Kim Eik (cherry picked from commit a9804ab1cb117a132cbf460067d55f5146d50956) --- docs/reference/commandline/info.md | 3 +++ man/docker-info.1.md | 3 +++ 2 files changed, 6 insertions(+) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index c776ced583..51ae2699a1 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -21,6 +21,9 @@ For example: $ docker -D info Containers: 14 + Running: 3 + Paused: 1 + Stopped: 10 Images: 52 Server Version: 1.9.0 Storage Driver: aufs diff --git a/man/docker-info.1.md b/man/docker-info.1.md index ae04e49edf..0dc46c14ed 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -32,6 +32,9 @@ Here is a sample output: # docker info Containers: 14 + Running: 3 + Paused: 1 + Stopped: 10 Images: 52 Server Version: 1.9.0 Storage Driver: aufs From 9c8b6e05a466df17d226f07d54e87055aa70f667 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 13 Jan 2016 10:32:23 +0100 Subject: [PATCH 1108/2538] bash completion for connecting non-running containers to networks Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7a3543ef6b..c119b5eb93 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1139,7 +1139,7 @@ _docker_network_connect() { if [ $cword -eq $counter ]; then __docker_complete_networks elif [ $cword -eq $(($counter + 1)) ]; then - __docker_complete_containers_running + __docker_complete_containers_all fi ;; esac From 3f5817fdae5ab5b880ae4fa0cb1b99be88ddbb69 Mon Sep 17 00:00:00 2001 From: Chun Chen Date: Mon, 28 Dec 2015 10:15:50 +0800 Subject: [PATCH 1109/2538] Add network interal mode Signed-off-by: Chun Chen Signed-off-by: David Calavera --- docs/reference/commandline/network_create.md | 6 ++++++ man/docker-network-create.1.md | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 0a9ac6f19c..3a9705b65d 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -18,6 +18,7 @@ parent = "smn_cli" -d --driver=DRIVER Driver to manage the Network bridge or overlay. The default is bridge. --gateway=[] ipv4 or ipv6 Gateway for the master subnet --help Print usage + --internal Restricts external access to the network --ip-range=[] Allocate container ip from a sub-range --ipam-driver=default IP Address Management Driver -o --opt=map[] Set custom network plugin options @@ -120,6 +121,11 @@ docker network create -d overlay ``` Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. +### Network internal mode + +By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. +If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. + ## Related information * [network inspect](network_inspect.md) diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index 4d0782b697..1c876d6b24 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -10,6 +10,7 @@ docker-network-create - create a new network [**-d**|**--driver**=*DRIVER*] [**--gateway**=*[]*] [**--help**] +[**--internal**] [**--ip-range**=*[]*] [**--ipam-driver**=*default*] [**-o**|**--opt**=*map[]*] @@ -120,6 +121,11 @@ docker network create -d overlay ``` Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. +### Network internal mode + +By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. +If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. + # OPTIONS **--aux-address**=map[] Auxiliary ipv4 or ipv6 addresses used by network driver @@ -133,6 +139,9 @@ Be sure that your subnetworks do not overlap. If they do, the network create fai **--help** Print usage +**--internal** + Restricts external access to the network + **--ip-range**=[] Allocate container ip from a sub-range From 7f6a7ed8d1a803ab6b2bc2e3b1fc68799374bdc6 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 12 Jan 2016 19:38:18 -0500 Subject: [PATCH 1110/2538] Rename authz to authorization for greater clarity Signed-off-by: Tibor Vass --- contrib/completion/bash/docker | 4 ++-- contrib/completion/zsh/_docker | 2 +- docs/extend/authorization.md | 13 ++++++++----- docs/reference/commandline/daemon.md | 6 +++--- man/docker-daemon.8.md | 8 ++++---- 5 files changed, 18 insertions(+), 15 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c119b5eb93..53c58a9cf7 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -685,7 +685,7 @@ _docker_daemon() { local options_with_args=" $global_options_with_args --api-cors-header - --authz-plugin + --authorization-plugin --bip --bridge -b --cgroup-parent @@ -717,7 +717,7 @@ _docker_daemon() { " case "$prev" in - --authz-plugin) + --authorization-plugin) __docker_complete_plugins Authorization return ;; diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index fff050c2df..df344a069f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -590,7 +590,7 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)--api-cors-header=[Set CORS headers in the remote API]:CORS headers: " \ - "($help)*--authz-plugin=[Set authorization plugins to load]" \ + "($help)*--authorization-plugin=[Set authorization plugins to load]" \ "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ "($help)--bip=[Specify network bridge IP]" \ "($help)--cgroup-parent=[Set parent cgroup for all containers]:cgroup: " \ diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md index 80fa6c94b1..48790833cf 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/authorization.md @@ -12,7 +12,7 @@ weight = -1 # Create an authorization plugin -Docker’s out-of-the-box authorization model is all or nothing. Any user with +Docker's out-of-the-box authorization model is all or nothing. Any user with permission to access the Docker daemon can run any Docker client command. The same is true for callers using Docker's remote API to contact the daemon. If you require greater access control, you can create authorization plugins and add @@ -45,6 +45,9 @@ Authorization plugins must follow the rules described in [Docker Plugin API](plu Each plugin must reside within directories described under the [Plugin discovery](plugin_api.md#plugin-discovery) section. +**Note**: the abbreviations `AuthZ` and `AuthN` mean authorization and authentication +respectively. + ## Basic architecture You are responsible for registering your plugin as part of the Docker daemon @@ -93,14 +96,14 @@ support the Docker client interactions detailed in this section. ### Setting up Docker daemon Enable the authorization plugin with a dedicated command line flag in the -`--authz-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` value. -This value can be the plugin’s socket or a path to a specification file. +`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` +value. This value can be the plugin’s socket or a path to a specification file. ```bash -$ docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... +$ docker daemon --authorization-plugin=plugin1 --authorization-plugin=plugin2,... ``` -Docker's authorization subsystem supports multiple `--authz-plugin` parameters. +Docker's authorization subsystem supports multiple `--authorization-plugin` parameters. ### Calling authorized command (allow) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 8bc30a8eca..11bc223dc8 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -17,7 +17,7 @@ weight = -1 Options: --api-cors-header="" Set CORS headers in the remote API - --authz-plugin=[] Set authorization plugins to load + --authorization-plugin=[] Set authorization plugins to load -b, --bridge="" Attach containers to a network bridge --bip="" Specify network bridge IP --cgroup-parent= Set parent cgroup for all containers @@ -613,10 +613,10 @@ The currently supported cluster store options are: Docker's access authorization can be extended by authorization plugins that your organization can purchase or build themselves. You can install one or more authorization plugins when you start the Docker `daemon` using the -`--authz-plugin=PLUGIN_ID` option. +`--authorization-plugin=PLUGIN_ID` option. ```bash -docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... +docker daemon --authorization-plugin=plugin1 --authorization-plugin=plugin2,... ``` The `PLUGIN_ID` value is either the plugin's name or a path to its specification diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 8e4a3acc0b..233a6c8433 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -7,7 +7,7 @@ docker-daemon - Enable daemon mode # SYNOPSIS **docker daemon** [**--api-cors-header**=[=*API-CORS-HEADER*]] -[**--authz-plugin**[=*[]*]] +[**--authorization-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] [**--bip**[=*BIP*]] [**--cgroup-parent**[=*[]*]] @@ -73,7 +73,7 @@ format. **--api-cors-header**="" Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. -**--authz-plugin**="" +**--authorization-plugin**="" Set authorization plugins to load **-b**, **--bridge**="" @@ -473,10 +473,10 @@ Key/Value store. Docker's access authorization can be extended by authorization plugins that your organization can purchase or build themselves. You can install one or more authorization plugins when you start the Docker `daemon` using the -`--authz-plugin=PLUGIN_ID` option. +`--authorization-plugin=PLUGIN_ID` option. ```bash -docker daemon --authz-plugin=plugin1 --authz-plugin=plugin2,... +docker daemon --authorization-plugin=plugin1 --authorization-plugin=plugin2,... ``` The `PLUGIN_ID` value is either the plugin's name or a path to its specification From 1e83a27ca1782b158fc48cc6bfa467b0a6baf9ba Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Tue, 12 Jan 2016 13:44:13 -0500 Subject: [PATCH 1111/2538] daemon option (--storage-opt dm.basesize) for increasing the base device size on daemon restart Signed-off-by: Shishir Mahajan --- docs/reference/commandline/daemon.md | 18 +++++++++++++++--- man/docker-daemon.8.md | 16 +++++++++++++--- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 11bc223dc8..a6f39920e4 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -213,11 +213,23 @@ options for `zfs` start with `zfs`. * `dm.basesize` Specifies the size to use when creating the base device, which limits the - size of images and containers. The default value is 100G. Note, thin devices - are inherently "sparse", so a 100G device which is mostly empty doesn't use - 100 GB of space on the pool. However, the filesystem will use more space for + size of images and containers. The default value is 10G. Note, thin devices + are inherently "sparse", so a 10G device which is mostly empty doesn't use + 10 GB of space on the pool. However, the filesystem will use more space for the empty case the larger the device is. + The base device size can be increased at daemon restart which will allow + all future images and containers (based on those new images) to be of the + new base device size. + + Example use: + + $ docker daemon --storage-opt dm.basesize=50G + + This will increase the base device size to 50G. The Docker daemon will throw an + error if existing base device size is larger than 50G. A user can use + this option to expand the base device size however shrinking is not permitted. + This value affects the system-wide "base" empty filesystem that may already be initialized and inherited by pulled images. Typically, a change to this value requires additional steps to take effect: diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 233a6c8433..94a31a3df7 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -271,12 +271,22 @@ Example use: `docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` #### dm.basesize Specifies the size to use when creating the base device, which limits -the size of images and containers. The default value is 100G. Note, -thin devices are inherently "sparse", so a 100G device which is mostly -empty doesn't use 100 GB of space on the pool. However, the filesystem +the size of images and containers. The default value is 10G. Note, +thin devices are inherently "sparse", so a 10G device which is mostly +empty doesn't use 10 GB of space on the pool. However, the filesystem will use more space for base images the larger the device is. +The base device size can be increased at daemon restart which will allow +all future images and containers (based on those new images) to be of the +new base device size. + +Example use: `docker daemon --storage-opt dm.basesize=50G` + +This will increase the base device size to 50G. The Docker daemon will throw an +error if existing base device size is larger than 50G. A user can use +this option to expand the base device size however shrinking is not permitted. + This value affects the system-wide "base" empty filesystem that may already be initialized and inherited by pulled images. Typically, a change to this value requires additional steps to take effect: From d3aa590eec972274129be6c47d9c7745d2a6b8c4 Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Mon, 11 Jan 2016 18:03:40 -0800 Subject: [PATCH 1112/2538] Add missing documentation for static IP options Signed-off-by: Alessandro Boch --- docs/reference/commandline/create.md | 2 ++ docs/reference/commandline/network_connect.md | 23 ++++++++++++++----- docs/reference/commandline/run.md | 11 +++++++-- docs/reference/run.md | 2 +- man/docker-create.1.md | 12 ++++++++++ man/docker-network-connect.1.md | 22 ++++++++++++++---- man/docker-run.1.md | 12 ++++++++++ 7 files changed, 70 insertions(+), 14 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 0a5e24790b..f4dd125acc 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -46,6 +46,8 @@ Creates a new container. -h, --hostname="" Container host name --help Print usage -i, --interactive Keep STDIN open even if not attached + --ip="" Container IPv4 address (e.g. 172.30.100.104) + --ip6="" Container IPv6 address (e.g. 2001:db8::33) --ipc="" IPC namespace to use --isolation="" Container isolation technology --kernel-memory="" Kernel memory limit diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index 223fd48234..eba6a6830c 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -15,7 +15,7 @@ parent = "smn_cli" Connects a container to a network --help Print usage - --ip IP Address + --ip IPv4 Address --ip6 IPv6 Address --link=[] Add a link to another container @@ -46,11 +46,22 @@ $ docker network connect --link container1:c1 multi-host-network container2 ``` You can pause, restart, and stop containers that are connected to a network. -Paused containers remain connected and a revealed by a `network inspect`. When -the container is stopped, it does not appear on the network until you restart -it. The container's IP address is not guaranteed to remain the same when a -stopped container rejoins the network, unless you specified one when you run -`docker network connect` command. +Paused containers remain connected and can be revealed by a `network inspect`. +When the container is stopped, it does not appear on the network until you restart +it. If specified, the container's IP address(es) will be reapplied (if still available) +when a stopped container rejoins the network. One way to guarantee that the container +will be assigned the same IP addresses when it rejoins the network after a stop +or a disconnect, is to specify the `--ip-range` when creating the network, and choose +the static IP address(es) from outside the range. This will ensure that the IP address +will not be given to other dynamic containers while this container is not on the network. + +```bash +$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network +``` + +```bash +$ docker network connect --ip 172.20.128.2 multi-host-network container2 +``` To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network. diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 78643e56af..f6cff75ee2 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -46,6 +46,8 @@ parent = "smn_cli" -h, --hostname="" Container host name --help Print usage -i, --interactive Keep STDIN open even if not attached + --ip="" Container IPv4 address (e.g. 172.30.100.104) + --ip6="" Container IPv6 address (e.g. 2001:db8::33) --ipc="" IPC namespace to use --isolation="" Container isolation technology --kernel-memory="" Kernel memory limit @@ -56,8 +58,6 @@ parent = "smn_cli" --log-opt=[] Log driver specific options -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) - --ip="" Container IPv4 address (e.g. 172.30.100.104) - --ip6="" Container IPv6 address (e.g. 2001:db8::33) --memory-reservation="" Memory soft limit --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. @@ -330,6 +330,13 @@ This adds the `busybox` container to the `mynet` network. $ docker run -itd --net=my-multihost-network busybox ``` +You can also choose the IP addresses for the container with `--ip` and `--ip6` +flags when you start the container on a user-defined network. + +```bash +$ docker run -itd --net=my-multihost-network --ip=10.10.9.75 busybox +``` + If you want to add a running container to a network use the `docker network connect` subcommand. You can connect multiple containers to the same network. Once connected, the diff --git a/docs/reference/run.md b/docs/reference/run.md index 8741e3c3c4..63d4efc9df 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -276,7 +276,7 @@ of the containers. --add-host="" : Add a line to /etc/hosts (host:IP) --mac-address="" : Sets the container's Ethernet device's MAC address --ip="" : Sets the container's Ethernet device's IPv4 address - --ip6="" : Sets the container's Ethernet device's IPv6 address + --ip6="" : Sets the container's Ethernet device's IPv6 address By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking diff --git a/man/docker-create.1.md b/man/docker-create.1.md index f0499e60f9..ca859bd66d 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -35,6 +35,8 @@ docker-create - Create a new container [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] [**-i**|**--interactive**] +[**--ip**[=*IPv4-ADDRESS*]] +[**--ip6**[=*IPv6-ADDRESS*]] [**--ipc**[=*IPC*]] [**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] @@ -174,6 +176,16 @@ two memory nodes. **-i**, **--interactive**=*true*|*false* Keep STDIN open even if not attached. The default is *false*. +**--ip**="" + Sets the container's interface IPv4 address (e.g. 172.23.0.9) + + It can only be used in conjunction with **--net** for user-defined networks + +**--ip6**="" + Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) + + It can only be used in conjunction with **--net** for user-defined networks + **--ipc**="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container 'container:': reuses another container shared memory, semaphores and message queues diff --git a/man/docker-network-connect.1.md b/man/docker-network-connect.1.md index e61874c80a..0fc4d4cf49 100644 --- a/man/docker-network-connect.1.md +++ b/man/docker-network-connect.1.md @@ -22,14 +22,26 @@ $ docker network connect multi-host-network container1 You can also use the `docker run --net=` option to start a container and immediately connect it to a network. ```bash -$ docker run -itd --net=multi-host-network busybox +$ docker run -itd --net=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox ``` You can pause, restart, and stop containers that are connected to a network. -Paused containers remain connected and a revealed by a `network inspect`. When -the container is stopped, it does not appear on the network until you restart -it. The container's IP address is not guaranteed to remain the same when a -stopped container rejoins the network. +Paused containers remain connected and can be revealed by a `network inspect`. +When the container is stopped, it does not appear on the network until you restart +it. If specified, the container's IP address(es) will be reapplied (if still available) +when a stopped container rejoins the network. One way to guarantee that the container +will be assigned the same IP addresses when it rejoins the network after a stop +or a disconnect, is to specify the `--ip-range` when creating the network, and choose +the static IP address(es) from outside the range. This will ensure that the IP address +will not be given to other dynamic containers while this container is not on the network. + +```bash +$ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network +``` + +```bash +$ docker network connect --ip 172.20.128.2 multi-host-network container2 +``` To verify the container is connected, use the `docker network inspect` command. Use `docker network disconnect` to remove a container from the network. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 71790d0aa6..c639b14380 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -37,6 +37,8 @@ docker-run - Run a command in a new container [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] [**-i**|**--interactive**] +[**--ip**[=*IPv4-ADDRESS*]] +[**--ip6**[=*IPv6-ADDRESS*]] [**--ipc**[=*IPC*]] [**--isolation**[=*default*]] [**--kernel-memory**[=*KERNEL-MEMORY*]] @@ -274,6 +276,16 @@ redirection on the host system. When set to true, keep stdin open even if not attached. The default is false. +**--ip**="" + Sets the container's interface IPv4 address (e.g. 172.23.0.9) + + It can only be used in conjunction with **--net** for user-defined networks + +**--ip6**="" + Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) + + It can only be used in conjunction with **--net** for user-defined networks + **--ipc**="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container 'container:': reuses another container shared memory, semaphores and message queues From e686b4d8be7377d8be9e946a589a6cb5bfa5655c Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Tue, 12 Jan 2016 20:56:36 -0800 Subject: [PATCH 1113/2538] Forced endpoint cleanup docker's network disconnect api now supports `Force` option which can be used to force cleanup an endpoint from any host in the cluster. Signed-off-by: Madhu Venugopal --- docs/reference/commandline/network_disconnect.md | 2 ++ man/docker-network-disconnect.1.md | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/docs/reference/commandline/network_disconnect.md b/docs/reference/commandline/network_disconnect.md index 7fb7a7c42e..10c4f16ea2 100644 --- a/docs/reference/commandline/network_disconnect.md +++ b/docs/reference/commandline/network_disconnect.md @@ -12,8 +12,10 @@ parent = "smn_cli" Usage: docker network disconnect [OPTIONS] NETWORK CONTAINER + Disconnects a container from a network + -f, --force Force the container to disconnect from a network --help Print usage Disconnects a container from a network. The container must be running to disconnect it from the network. diff --git a/man/docker-network-disconnect.1.md b/man/docker-network-disconnect.1.md index bfe85ad23a..09bcac51b0 100644 --- a/man/docker-network-disconnect.1.md +++ b/man/docker-network-disconnect.1.md @@ -7,6 +7,7 @@ docker-network-disconnect - disconnect a container from a network # SYNOPSIS **docker network disconnect** [**--help**] +[**--force**] NETWORK CONTAINER # DESCRIPTION @@ -25,6 +26,9 @@ Disconnects a container from a network. **CONTAINER** Specify container name +**--force** + Force the container to disconnect from a network + **--help** Print usage statement From ea995dd3bafa93539aa22af412bac019f94a9986 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Thu, 14 Jan 2016 13:46:59 +0800 Subject: [PATCH 1114/2538] Add network ID to container inspect Fixes issue #19089 Signed-off-by: Wen Cheng Ma --- man/docker-inspect.1.md | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 9babd569ac..05c60787ea 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -72,22 +72,36 @@ To get information on a container use its ID or instance name: "Image": "ded7cd95e059788f2586a51c275a4f151653779d6a7f4dad77c2bd34601d94e4", "NetworkSettings": { "Bridge": "", - "EndpointID": "", - "Gateway": "", - "GlobalIPv6Address": "", - "GlobalIPv6PrefixLen": 0, + "SandboxID": "6b4851d1903e16dd6a567bd526553a86664361f31036eaaa2f8454d6f4611f6f", "HairpinMode": false, - "IPAddress": "", - "IPPrefixLen": 0, - "IPv6Gateway": "", "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, - "MacAddress": "", - "NetworkID": "", - "Ports": null, - "SandboxKey": "", + "Ports": {}, + "SandboxKey": "/var/run/docker/netns/6b4851d1903e", "SecondaryIPAddresses": null, - "SecondaryIPv6Addresses": null + "SecondaryIPv6Addresses": null, + "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d", + "Gateway": "172.17.0.1", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "IPAddress": "172.17.0.2", + "IPPrefixLen": 16, + "IPv6Gateway": "", + "MacAddress": "02:42:ac:12:00:02", + "Networks": { + "bridge": { + "NetworkID": "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812", + "EndpointID": "7587b82f0dada3656fda26588aee72630c6fab1536d36e394b2bfbcf898c971d", + "Gateway": "172.17.0.1", + "IPAddress": "172.17.0.2", + "IPPrefixLen": 16, + "IPv6Gateway": "", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "MacAddress": "02:42:ac:12:00:02" + } + } + }, "ResolvConfPath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/resolv.conf", "HostnamePath": "/var/lib/docker/containers/d2cc496561d6d520cbc0236b4ba88c362c446a7619992123f11c809cded25b47/hostname", From 46db31de0a9267969c6f09b35f27b4e62216f5f4 Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Fri, 8 Jan 2016 05:45:56 -0800 Subject: [PATCH 1115/2538] Network scoped alias support Signed-off-by: Madhu Venugopal --- docs/reference/commandline/create.md | 1 + docs/reference/commandline/network_connect.md | 8 ++++++++ docs/reference/commandline/run.md | 1 + docs/reference/run.md | 1 + man/docker-create.1.md | 4 ++++ man/docker-run.1.md | 4 ++++ 6 files changed, 19 insertions(+) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index f4dd125acc..ad23995ac1 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -68,6 +68,7 @@ Creates a new container. 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network + --net-alias=[] Add network-scoped alias for the container --oom-kill-disable Whether to disable OOM Killer for the container or not --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) -P, --publish-all Publish all exposed ports to random ports diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index eba6a6830c..b08dec3225 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -14,6 +14,7 @@ parent = "smn_cli" Connects a container to a network + --alias=[] Add network-scoped alias for the container --help Print usage --ip IPv4 Address --ip6 IPv6 Address @@ -45,6 +46,13 @@ You can use `--link` option to link another container with a prefered alias $ docker network connect --link container1:c1 multi-host-network container2 ``` +`--alias` option can be used to resolve the container by another name in the network +being connected to. + +```bash +$ docker network connect --alias db --alias mysql multi-host-network container2 +``` + You can pause, restart, and stop containers that are connected to a network. Paused containers remain connected and can be revealed by a `network inspect`. When the container is stopped, it does not appear on the network until you restart diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index f6cff75ee2..a36bbfb96a 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -68,6 +68,7 @@ parent = "smn_cli" 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network + --net-alias=[] Add network-scoped alias for the container --oom-kill-disable Whether to disable OOM Killer for the container or not --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) -P, --publish-all Publish all exposed ports to random ports diff --git a/docs/reference/run.md b/docs/reference/run.md index 63d4efc9df..95e0e0a605 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -273,6 +273,7 @@ of the containers. 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network + --net-alias=[] : Add network-scoped alias for the container --add-host="" : Add a line to /etc/hosts (host:IP) --mac-address="" : Sets the container's Ethernet device's MAC address --ip="" : Sets the container's Ethernet device's IPv4 address diff --git a/man/docker-create.1.md b/man/docker-create.1.md index ca859bd66d..08074ac431 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -52,6 +52,7 @@ docker-create - Create a new container [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] +[**--net-alias**[=*[]*]] [**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] @@ -265,6 +266,9 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. '|': connect to a user-defined network +**--net-alias**=[] + Add network-scoped alias for the container + **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index c639b14380..ea9b0b8168 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -54,6 +54,7 @@ docker-run - Run a command in a new container [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] [**--net**[=*"bridge"*]] +[**--net-alias**[=*[]*]] [**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] @@ -383,6 +384,9 @@ and foreground Docker containers. 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. '|': connect to a user-defined network +**--net-alias**=[] + Add network-scoped alias for the container + **--oom-kill-disable**=*true*|*false* Whether to disable OOM Killer for the container or not. From 82e9cba6d40ddecee82eeb02d7d54bb1c40e118f Mon Sep 17 00:00:00 2001 From: Ryan Belgrave Date: Fri, 23 Oct 2015 15:28:39 -0400 Subject: [PATCH 1116/2538] Add IPAM Config Options to match libnetwork Signed-off-by: Ryan Belgrave --- docs/reference/commandline/network_create.md | 1 + man/docker-network-create.1.md | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 3a9705b65d..a1bfdf51f7 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -22,6 +22,7 @@ parent = "smn_cli" --ip-range=[] Allocate container ip from a sub-range --ipam-driver=default IP Address Management Driver -o --opt=map[] Set custom network plugin options + --ipam-opt=map[] Set custom IPAM plugin options --subnet=[] Subnet in CIDR format that represents a network segment Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index 1c876d6b24..c560f7a5f3 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -13,6 +13,7 @@ docker-network-create - create a new network [**--internal**] [**--ip-range**=*[]*] [**--ipam-driver**=*default*] +[**--ipam-opt**=*map[]*] [**-o**|**--opt**=*map[]*] [**--subnet**=*[]*] NETWORK-NAME @@ -148,6 +149,9 @@ If you want to create an externally isolated `overlay` network, you can specify **--ipam-driver**=*default* IP Address Management Driver +**--ipam-opt**=map[] + Set custom IPAM plugin options + **-o**, **--opt**=map[] Set custom network plugin options From de6da285a3b824934bcc383467a351fe26d8c5ee Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 14 Jan 2016 12:47:48 -0800 Subject: [PATCH 1117/2538] bash completion for `--detach-keys` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 52 +++++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 53c58a9cf7..4b12ce6894 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -340,6 +340,25 @@ __docker_complete_capabilities() { " -- "$cur" ) ) } +__docker_complete_detach-keys() { + case "$prev" in + --detach-keys) + case "$cur" in + *,) + COMPREPLY=( $( compgen -W "${cur}ctrl-" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $( compgen -W "ctrl-" -- "$cur" ) ) + ;; + esac + + __docker_nospace + return + ;; + esac + return 1 +} + __docker_complete_isolation() { COMPREPLY=( $( compgen -W "default hyperv process" -- "$cur" ) ) } @@ -513,12 +532,14 @@ _docker_docker() { } _docker_attach() { - case "$cur" in + __docker_complete_detach-keys && return + + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --no-stdin --sig-proxy" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--detach-keys --help --no-stdin --sig-proxy" -- "$cur" ) ) ;; *) - local counter="$(__docker_pos_first_nonflag)" + local counter=$(__docker_pos_first_nonflag '--detach-keys') if [ $cword -eq $counter ]; then __docker_complete_containers_running fi @@ -901,6 +922,8 @@ _docker_events() { } _docker_exec() { + __docker_complete_detach-keys && return + case "$prev" in --user|-u) return @@ -909,7 +932,7 @@ _docker_exec() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--detach -d --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--detach -d --detach-keys --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) ) ;; *) __docker_complete_containers_running @@ -1508,13 +1531,20 @@ _docker_run() { --tty -t " + if [ "$command" = "run" ] ; then + options_with_args="$options_with_args + --detach-keys + " + boolean_options="$boolean_options + --detach -d + --rm + --sig-proxy=false + " + __docker_complete_detach-keys && return + fi + local all_options="$options_with_args $boolean_options" - [ "$command" = "run" ] && all_options="$all_options - --detach -d - --rm - --sig-proxy=false - " case "$prev" in --add-host) @@ -1701,9 +1731,11 @@ _docker_search() { } _docker_start() { + __docker_complete_detach-keys && return + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--attach -a --help --interactive -i" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--attach -a --detach-keys --help --interactive -i" -- "$cur" ) ) ;; *) __docker_complete_containers_stopped From 775e7a02a3fad24e3039f40efbdee22088c17b47 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 14 Jan 2016 13:58:41 -0800 Subject: [PATCH 1118/2538] Document that detach keys are a list of key bindings Signed-off-by: Harald Albers --- docs/reference/commandline/cli.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index e3773f7d63..26d2469a28 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -107,8 +107,8 @@ directives, see the Once attached to a container, users detach from it and leave it running using the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable using the `detachKeys` property. Specify a `` value for the -property. The format of the `` is either a letter [a-Z], or the `ctrl-` -combined with any of the following: +property. The format of the `` is a comma-separated list of either +a letter [a-Z], or the `ctrl-` combined with any of the following: * `a-z` (a single lowercase alpha character ) * `@` (ampersand) From bb94c5077cacfbda25107a5f165ec3af26ba60cc Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Sat, 14 Nov 2015 18:01:24 -0800 Subject: [PATCH 1119/2538] WIP: Update security docs for seccomp/apparmor Signed-off-by: Mary Anthony Updaing and slight re-arrangement of security information Signed-off-by: Mary Anthony Updating security files Signed-off-by: Mary Anthony Updating links to the security documentation Signed-off-by: Mary Anthony removing some extra spaces Signed-off-by: Mary Anthony Correcting spelling Signed-off-by: Mary Anthony --- docs/reference/commandline/login.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index b79c18b2c6..faf3615a00 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -30,7 +30,7 @@ adding the server name. `docker login` requires user to use `sudo` or be `root`, except when: 1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. -2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details. You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in From ad43730d0fc04106cf421f7fefc0b78587583ac0 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Thu, 10 Dec 2015 18:35:10 -0500 Subject: [PATCH 1120/2538] Allow to set daemon and server configurations in a file. Read configuration after flags making this the priority: 1- Apply configuration from file. 2- Apply configuration from flags. Reload configuration when a signal is received, USR2 in Linux: - Reload router if the debug configuration changes. - Reload daemon labels. - Reload cluster discovery. Signed-off-by: David Calavera --- docs/reference/commandline/daemon.md | 79 +++++++++++++++++++++++++++- man/docker-daemon.8.md | 4 ++ 2 files changed, 82 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index a6f39920e4..856d913782 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -27,6 +27,7 @@ weight = -1 --cluster-store="" URL of the distributed storage backend --cluster-advertise="" Address of the daemon instance on the cluster --cluster-store-opt=map[] Set cluster options + --config-file=/etc/docker/daemon.json Daemon configuration file --dns=[] DNS server to use --dns-opt=[] DNS options to use --dns-search=[] DNS search domains to use @@ -788,7 +789,7 @@ set like this: /usr/local/bin/docker daemon -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1 -# Default cgroup parent +## Default cgroup parent The `--cgroup-parent` option allows you to set the default cgroup parent to use for containers. If this option is not set, it defaults to `/docker` for @@ -806,3 +807,79 @@ creates the cgroup in `/sys/fs/cgroup/memory/daemoncgroup/foobar` This setting can also be set per container, using the `--cgroup-parent` option on `docker create` and `docker run`, and takes precedence over the `--cgroup-parent` option on the daemon. + +## Daemon configuration file + +The `--config-file` option allows you to set any configuration option +for the daemon in a JSON format. This file uses the same flag names as keys, +except for flags that allow several entries, where it uses the plural +of the flag name, e.g., `labels` for the `label` flag. By default, +docker tries to load a configuration file from `/etc/docker/daemon.json` +on Linux and `%programdata%\docker\config\daemon.json` on Windows. + +The options set in the configuration file must not conflict with options set +via flags. The docker daemon fails to start if an option is duplicated between +the file and the flags, regardless their value. We do this to avoid +silently ignore changes introduced in configuration reloads. +For example, the daemon fails to start if you set daemon labels +in the configuration file and also set daemon labels via the `--label` flag. + +Options that are not present in the file are ignored when the daemon starts. +This is a full example of the allowed configuration options in the file: + +```json +{ + "authorization-plugins": [], + "dns": [], + "dns-opts": [], + "dns-search": [], + "exec-opts": [], + "exec-root": "", + "storage-driver": "", + "storage-opts": "", + "labels": [], + "log-config": { + "log-driver": "", + "log-opts": [] + }, + "mtu": 0, + "pidfile": "", + "graph": "", + "cluster-store": "", + "cluster-store-opts": [], + "cluster-advertise": "", + "debug": true, + "hosts": [], + "log-level": "", + "tls": true, + "tls-verify": true, + "tls-opts": { + "tlscacert": "", + "tlscert": "", + "tlskey": "" + }, + "api-cors-headers": "", + "selinux-enabled": false, + "userns-remap": "", + "group": "", + "cgroup-parent": "", + "default-ulimits": {} +} +``` + +### Configuration reloading + +Some options can be reconfigured when the daemon is running without requiring +to restart the process. We use the `SIGHUP` signal in Linux to reload, and a global event +in Windows with the key `Global\docker-daemon-config-$PID`. The options can +be modified in the configuration file but still will check for conflicts with +the provided flags. The daemon fails to reconfigure itself +if there are conflicts, but it won't stop execution. + +The list of currently supported options that can be reconfigured is this: + +- `debug`: it changes the daemon to debug mode when set to true. +- `label`: it replaces the daemon labels with a new set of labels. +- `cluster-store`: it reloads the discovery store with the new address. +- `cluster-store-opts`: it uses the new options to reload the discovery store. +- `cluster-advertise`: it modifies the address advertised after reloading. diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 94a31a3df7..02adaeda91 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -14,6 +14,7 @@ docker-daemon - Enable daemon mode [**--cluster-store**[=*[]*]] [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] +[**--config-file**[=*/etc/docker/daemon.json*]] [**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] @@ -96,6 +97,9 @@ format. **--cluster-store-opt**="" Specifies options for the Key/Value store. +**--config-file**="/etc/docker/daemon.json" + Specifies the JSON file path to load the configuration from. + **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. From 9f64dc98bd68fba0442366027072dbc7c5b45035 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Mon, 28 Dec 2015 12:56:57 +0800 Subject: [PATCH 1121/2538] Add Subnets info for user-defined network * If user doesn't specify the subnets to create a network, it will pick subnets from inside preferred pool. This PR aims to inspect these subnets info * Add integration tests for docker inspect the subnets. * docker-py project is already synchronized. * jenkins checks depend on https://github.com/docker/docker-py/pull/888 Fixes issue #18626 Signed-off-by: Wen Cheng Ma --- docs/reference/commandline/network_inspect.md | 28 +++++++++++++++++- man/docker-network-inspect.1.md | 29 ++++++++++++++++++- 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 00b886d766..9e0d87fa29 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -17,7 +17,7 @@ parent = "smn_cli" -f, --format= Format the output using the given go template. --help Print usage -Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to a network: +Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network: ```bash $ sudo docker run -itd --name=container1 busybox @@ -78,6 +78,32 @@ $ sudo docker network inspect bridge ] ``` +Returns the information about the user-defined network: + +```bash +$ docker network create simple-network +69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a +$ docker network inspect simple-network +[ + { + "Name": "simple-network", + "Id": "69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a", + "Scope": "local", + "Driver": "bridge", + "IPAM": { + "Driver": "default", + "Config": [ + { + "Subnet": "172.22.0.0/16", + "Gateway": "172.22.0.1/16" + } + ] + }, + "Containers": {}, + "Options": {} + } +] +``` ## Related information diff --git a/man/docker-network-inspect.1.md b/man/docker-network-inspect.1.md index 889967ae85..ceba3688fe 100644 --- a/man/docker-network-inspect.1.md +++ b/man/docker-network-inspect.1.md @@ -12,7 +12,7 @@ NETWORK [NETWORK...] # DESCRIPTION -Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to a network: +Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network: ```bash $ sudo docker run -itd --name=container1 busybox @@ -73,6 +73,33 @@ $ sudo docker network inspect bridge ] ``` +Returns the information about the user-defined network: + +```bash +$ docker network create simple-network +69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a +$ docker network inspect simple-network +[ + { + "Name": "simple-network", + "Id": "69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a", + "Scope": "local", + "Driver": "bridge", + "IPAM": { + "Driver": "default", + "Config": [ + { + "Subnet": "172.22.0.0/16", + "Gateway": "172.22.0.1/16" + } + ] + }, + "Containers": {}, + "Options": {} + } +] +``` + # OPTIONS **-f**, **--format**="" Format the output using the given go template. From 07d04dcea6c718da3019a0cb96fc01432b6d28e6 Mon Sep 17 00:00:00 2001 From: Joe Doliner Date: Mon, 11 Jan 2016 05:34:43 -0800 Subject: [PATCH 1122/2538] Remove Pachyderm storage driver. Signed-off-by: Joe Doliner --- docs/extend/plugins.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index ea483241b4..09362145a5 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -62,10 +62,6 @@ The following plugins exist: * The [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) is a cluster aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. -* The [Pachyderm PFS plugin](https://github.com/pachyderm/pachyderm/tree/master/src/cmd/pfs-volume-driver) - is a volume plugin written in Go that provides functionality to mount Pachyderm File System (PFS) - repositories at specific commits as volumes within Docker containers. - * The [REX-Ray plugin](https://github.com/emccode/rexray) is a volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. From 9e760ec4970ad28ddb101f8f7cf73a2d12a38b16 Mon Sep 17 00:00:00 2001 From: Collin Guarino Date: Fri, 15 Jan 2016 21:27:59 -0500 Subject: [PATCH 1123/2538] Fixed typo in experimental/plugins_graphdriver.md Signed-off-by: Collin Guarino --- experimental/plugins_graphdriver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/plugins_graphdriver.md b/experimental/plugins_graphdriver.md index 428cdb7750..6a85548927 100644 --- a/experimental/plugins_graphdriver.md +++ b/experimental/plugins_graphdriver.md @@ -262,7 +262,7 @@ Responds with a list of changes. The structure of a change is: "Kind": 0, ``` -Where teh `Path` is the filesystem path within the layered filesystem that is +Where the `Path` is the filesystem path within the layered filesystem that is changed and `Kind` is an integer specifying the type of change that occurred: - 0 - Modified From 78f33c4c2b54ff637ccfda062117c92d4e363e63 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 16 Jan 2016 12:59:20 +0100 Subject: [PATCH 1124/2538] Modify zsh completion for connecting/disconnecting non-running containers to networks Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index df344a069f..5be3dbe9b1 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -295,7 +295,7 @@ __docker_network_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -)1:network:__docker_networks" \ - "($help -)2:containers:__docker_runningcontainers" && ret=0 + "($help -)2:containers:__docker_containers" && ret=0 ;; (create) _arguments $(__docker_arguments) -A '-*' \ From 6d32fd876383da64346f5725c21536c94cf16348 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 16 Jan 2016 12:53:50 +0100 Subject: [PATCH 1125/2538] Add zsh completion for 'docker network create --internal' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 5be3dbe9b1..70550cd5bc 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -303,6 +303,7 @@ __docker_network_subcommand() { "($help -d --driver)"{-d=,--driver=}"[Driver to manage the Network]:driver:(null host bridge overlay)" \ "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \ "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \ + "($help)--internal[Restricts external access to the network]" \ "($help)*--ip-range=[Allocate container ip from a sub-range]:IP/mask: " \ "($help)*--gateway=[ipv4 or ipv6 Gateway for the master subnet]:IP: " \ "($help)*--aux-address[Auxiliary ipv4 or ipv6 addresses used by network driver]:key=IP: " \ From 09809fe27e68bbd58eaee8fd43ecef1d7089bc6f Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 18 Jan 2016 07:50:26 -0800 Subject: [PATCH 1126/2538] bash completion for `docker network create --internal, --ipam-opt` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4b12ce6894..8fcc1475ea 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1170,7 +1170,7 @@ _docker_network_connect() { _docker_network_create() { case "$prev" in - --aux-address|--gateway|--ip-range|--opt|-o|--subnet) + --aux-address|--gateway|--ip-range|--ipam-opt|--opt|-o|--subnet) return ;; --ipam-driver) @@ -1189,7 +1189,7 @@ _docker_network_create() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--aux-address --driver -d --gateway --help --ip-range --ipam-driver --opt -o --subnet" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --opt -o --subnet" -- "$cur" ) ) ;; esac } From 16c9a7285217b2c2e0c1894281c04c3ed75dd4c4 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 18 Jan 2016 07:11:19 -0800 Subject: [PATCH 1127/2538] bash completion for container linking and aliasing Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 36 ++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8fcc1475ea..ddd91f176f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1153,12 +1153,41 @@ _docker_logs() { } _docker_network_connect() { + local options_with_args=" + --alias + --ip + --ip6 + --link + " + + local boolean_options=" + --help + " + + case "$prev" in + --link) + case "$cur" in + *:*) + ;; + *) + __docker_complete_containers_running + COMPREPLY=( $( compgen -W "${COMPREPLY[*]}" -S ':' ) ) + __docker_nospace + ;; + esac + return + ;; + $(__docker_to_extglob "$options_with_args") ) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag) + local counter=$( __docker_pos_first_nonflag $( __docker_to_alternatives "$options_with_args" ) ) if [ $cword -eq $counter ]; then __docker_complete_networks elif [ $cword -eq $(($counter + 1)) ]; then @@ -1488,6 +1517,8 @@ _docker_run() { --expose --group-add --hostname -h + --ip + --ip6 --ipc --isolation --kernel-memory @@ -1503,6 +1534,7 @@ _docker_run() { --memory-reservation --name --net + --net-alias --oom-score-adj --pid --publish -p From 77ff4c9b7f41e58b041d5f9d46ee186562f10702 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Tue, 19 Jan 2016 03:33:40 +0000 Subject: [PATCH 1128/2538] Fix the privileged example Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index a36bbfb96a..a3a651a375 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -145,7 +145,7 @@ This will *not* work, because by default, most potentially dangerous kernel capabilities are dropped; including `cap_sys_admin` (which is required to mount filesystems). However, the `--privileged` flag will allow it to run: - $ docker run --privileged ubuntu bash + $ docker run -t -i --privileged ubuntu bash root@50e3f57e16e6:/# mount -t tmpfs none /mnt root@50e3f57e16e6:/# df -h Filesystem Size Used Avail Use% Mounted on From 1af502f23dcd0f13ffe015f71333c7bf04054afa Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Tue, 19 Jan 2016 07:00:50 +0000 Subject: [PATCH 1129/2538] Fix add host device example The example is not right in parameter, and also one command is same as first one, it should be typo before, we should use 'rw' as example for that. Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index a3a651a375..9df5c5ec56 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -422,12 +422,12 @@ flag: $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc Command (m for help): q - $ docker run --device=/dev/sda:/dev/xvdc:ro --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc You will not be able to write the partition table. Command (m for help): q - $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc + $ docker run --device=/dev/sda:/dev/xvdc:rw --rm -it ubuntu fdisk /dev/xvdc Command (m for help): q From 135fb7a66597331a1e7da7edefcff08bc3572497 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Tue, 19 Jan 2016 07:44:48 +0000 Subject: [PATCH 1130/2538] Fix ulimit command form The ulimit is builtin, so we need shell form to execute it. Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 9df5c5ec56..0d7afa4a78 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -539,7 +539,7 @@ available in the default container, you can set these using the `--ulimit` flag. `--ulimit` is specified with a soft and hard limit as such: `=[:]`, for example: - $ docker run --ulimit nofile=1024:1024 --rm debian ulimit -n + $ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n" 1024 > **Note:** From 7fe9c72a37dc5ae7d13b7517b6a0f1533c92f82c Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 19 Jan 2016 21:16:16 +0100 Subject: [PATCH 1131/2538] Add zsh completion for 'docker network create --ipam-opt' + Reordering for better maintainability Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 70550cd5bc..80a2e84646 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -300,14 +300,15 @@ __docker_network_subcommand() { (create) _arguments $(__docker_arguments) -A '-*' \ $opts_help \ + "($help)*--aux-address[Auxiliary ipv4 or ipv6 addresses used by network driver]:key=IP: " \ "($help -d --driver)"{-d=,--driver=}"[Driver to manage the Network]:driver:(null host bridge overlay)" \ - "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \ - "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \ + "($help)*--gateway=[ipv4 or ipv6 Gateway for the master subnet]:IP: " \ "($help)--internal[Restricts external access to the network]" \ "($help)*--ip-range=[Allocate container ip from a sub-range]:IP/mask: " \ - "($help)*--gateway=[ipv4 or ipv6 Gateway for the master subnet]:IP: " \ - "($help)*--aux-address[Auxiliary ipv4 or ipv6 addresses used by network driver]:key=IP: " \ - "($help)*"{-o=,--opt=}"[Set driver specific options]:key=value: " \ + "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \ + "($help)*--ipam-opt=[Set custom IPAM plugin options]:opt=value: " \ + "($help)*"{-o=,--opt=}"[Set driver specific options]:opt=value: " \ + "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \ "($help -)1:Network Name: " && ret=0 ;; (inspect) From 19f41be56bd7af7a9f65defa1f99af1def89c89a Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 20 Jan 2016 00:05:02 +0100 Subject: [PATCH 1132/2538] Add zsh completion for 'docker {attach,exec,run,start} --detach-keys' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 80a2e84646..7ff54e4721 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -231,6 +231,17 @@ __docker_log_options() { return ret } +__docker_complete_detach_keys() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + compset -P "*," + keys=(${:-{a-z}}) + ctrl_keys=(${:-ctrl-{{a-z},{@,'[','\\','^',']',_}}}) + _describe -t detach_keys "[a-z]" keys -qS "," && ret=0 + _describe -t detach_keys-ctrl "'ctrl-' + 'a-z @ [ \\\\ ] ^ _'" ctrl_keys -qS "," && ret=0 +} + __docker_networks() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -517,11 +528,15 @@ __docker_subcommand() { "($help)--kernel-memory=[Kernel memory limit in bytes.]:Memory limit: " "($help)--memory-reservation=[Memory soft limit]:Memory limit: " ) + opts_attach_exec_run_start=( + "($help)--detach-keys=[Specify the escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" + ) case "$words[1]" in (attach) _arguments $(__docker_arguments) \ $opts_help \ + $opts_attach_exec_run_start \ "($help)--no-stdin[Do not attach stdin]" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ "($help -):containers:__docker_runningcontainers" && ret=0 @@ -682,6 +697,7 @@ __docker_subcommand() { local state _arguments $(__docker_arguments) \ $opts_help \ + $opts_attach_exec_run_start \ "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \ "($help)--privileged[Give extended Linux capabilities to the command]" \ @@ -876,6 +892,7 @@ __docker_subcommand() { $opts_build_create_run_update \ $opts_create_run \ $opts_create_run_update \ + $opts_attach_exec_run_start \ "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ "($help)--rm[Remove intermediate containers when it exits]" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ @@ -912,6 +929,7 @@ __docker_subcommand() { (start) _arguments $(__docker_arguments) \ $opts_help \ + $opts_attach_exec_run_start \ "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \ "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \ "($help -)*:containers:__docker_stoppedcontainers" && ret=0 From b3b3392c975d1a9027769a1bf33ecf0d62512cec Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 19 Jan 2016 21:25:21 +0100 Subject: [PATCH 1133/2538] Add zsh completion for 'docker network connect --alias' and 'docker {create, run} --net-alias' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 7ff54e4721..73dfbaf261 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -302,9 +302,10 @@ __docker_network_subcommand() { opts_help=("(: -)--help[Print usage]") case "$words[1]" in - (connect|disconnect) + (connect) _arguments $(__docker_arguments) \ $opts_help \ + "($help)*--alias=[Add network-scoped alias for the container]:alias: " \ "($help -)1:network:__docker_networks" \ "($help -)2:containers:__docker_containers" && ret=0 ;; @@ -322,6 +323,12 @@ __docker_network_subcommand() { "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \ "($help -)1:Network Name: " && ret=0 ;; + (disconnect) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)1:network:__docker_networks" \ + "($help -)2:containers:__docker_containers" && ret=0 + ;; (inspect) _arguments $(__docker_arguments) \ $opts_help \ @@ -506,6 +513,7 @@ __docker_subcommand() { "($help)--mac-address=[Container MAC address]:MAC address: " "($help)--name=[Container name]:name: " "($help)--net=[Connect a container to a network]:network mode:(bridge none container host)" + "($help)*--net-alias=[Add network-scoped alias for the container]:alias: " "($help)--oom-kill-disable[Disable OOM Killer]" "($help)--oom-score-adj[Tune the host's OOM preferences for containers (accepts -1000 to 1000)]" "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]" From 0c21ceac7e15f58aaa228324df27280f3478c7ee Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 19 Jan 2016 21:28:49 +0100 Subject: [PATCH 1134/2538] Add zsh completion for 'docker {network connect, create, run} --ip --ip6' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 73dfbaf261..4c234a4c42 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -306,6 +306,8 @@ __docker_network_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*--alias=[Add network-scoped alias for the container]:alias: " \ + "($help)--ip=[Container IPv4 address]:IPv4: " \ + "($help)--ip6=[Container IPv6 address]:IPv6: " \ "($help -)1:network:__docker_networks" \ "($help -)2:containers:__docker_containers" && ret=0 ;; @@ -505,6 +507,8 @@ __docker_subcommand() { "($help)*--group-add=[Add additional groups to run as]:group:_groups" "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" + "($help)--ip=[Container IPv4 address]:IPv4: " + "($help)--ip6=[Container IPv6 address]:IPv6: " "($help)--ipc=[IPC namespace to use]:IPC namespace: " "($help)*--link=[Add link to another container]:link:->link" "($help)*"{-l=,--label=}"[Set meta data on a container]:label: " From cc1695f363c0beeb14e82cbd41a586ce7c49beeb Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 19 Jan 2016 21:32:38 +0100 Subject: [PATCH 1135/2538] Add zsh completion for 'docker network connect --link' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4c234a4c42..2fbbff5da6 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -308,8 +308,19 @@ __docker_network_subcommand() { "($help)*--alias=[Add network-scoped alias for the container]:alias: " \ "($help)--ip=[Container IPv4 address]:IPv4: " \ "($help)--ip6=[Container IPv6 address]:IPv6: " \ + "($help)*--link=[Add a link to another container]:link:->link" \ "($help -)1:network:__docker_networks" \ "($help -)2:containers:__docker_containers" && ret=0 + + case $state in + (link) + if compset -P "*:"; then + _wanted alias expl "Alias" compadd -E "" && ret=0 + else + __docker_runningcontainers -qS ":" && ret=0 + fi + ;; + esac ;; (create) _arguments $(__docker_arguments) -A '-*' \ From 4ed29cad62f3b2fed46d88c1361c14eaac9536a3 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Wed, 20 Jan 2016 10:25:33 +0000 Subject: [PATCH 1136/2538] Fix commit wrong repository example The old name is invalid in new repository name spec. So we need to fix them. Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/commit.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index 49e37e416b..4019c22725 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -43,11 +43,11 @@ created. Supported `Dockerfile` instructions: ID IMAGE COMMAND CREATED STATUS PORTS c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - $ docker commit c3f279d17e0a SvenDowideit/testimage:version3 + $ docker commit c3f279d17e0a svendowideit/testimage:version3 f5283438590d $ docker images REPOSITORY TAG ID CREATED VIRTUAL SIZE - SvenDowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB + svendowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB ## Commit a container with new configurations @@ -57,7 +57,7 @@ created. Supported `Dockerfile` instructions: 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours $ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] - $ docker commit --change "ENV DEBUG true" c3f279d17e0a SvenDowideit/testimage:version3 + $ docker commit --change "ENV DEBUG true" c3f279d17e0a svendowideit/testimage:version3 f5283438590d $ docker inspect -f "{{ .Config.Env }}" f5283438590d [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] @@ -69,10 +69,10 @@ created. Supported `Dockerfile` instructions: c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - $ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a SvenDowideit/testimage:version4 + $ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a svendowideit/testimage:version4 f5283438590d - $ docker run -d SvenDowideit/testimage:version4 + $ docker run -d svendowideit/testimage:version4 89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0 $ docker ps From 931232313cbc67fd8a05d65d0a52cf75b93f6d86 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Wed, 20 Jan 2016 09:18:14 +0000 Subject: [PATCH 1137/2538] Fix the ulimit link The old link not existed, we need fix it the right one. Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/build.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index adc94f53b7..2767497e9d 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -277,7 +277,7 @@ flag](../run.md#specifying-custom-cgroups). Using the `--ulimit` option with `docker build` will cause each build step's container to be started using those [`--ulimit` -flag values](../run.md#setting-ulimits-in-a-container). +flag values](./run.md#set-ulimits-in-container-ulimit). ### Set build-time variables (--build-arg) From 35f4d67cfd5bc5e3d571a30bfd73a3660900a8f4 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Thu, 21 Jan 2016 04:26:40 +0000 Subject: [PATCH 1138/2538] Fix the typo in ps Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/port.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/port.md b/docs/reference/commandline/port.md index 606969a170..dbfae61039 100644 --- a/docs/reference/commandline/port.md +++ b/docs/reference/commandline/port.md @@ -20,7 +20,7 @@ parent = "smn_cli" You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or just a specific mapping: - $ docker ps test + $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test $ docker port test From 6c5013bc3cb71f04af0ea7d19e31a1167a0b524f Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Tue, 19 Jan 2016 05:30:33 +0000 Subject: [PATCH 1139/2538] Refine the volume mount example The path here should be absolute, else it would deem it as volume name. Also link to release page to contain static binary, the old link not work, because it is just used to install docker in os distro, it can not be used as static binary directly. Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/run.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 0d7afa4a78..258290369f 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -195,12 +195,13 @@ a container writes files. The `--read-only` flag mounts the container's root filesystem as read only prohibiting writes to locations other than the specified volumes for the container. - $ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v ./static-docker:/usr/bin/docker busybox sh + $ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/static-docker-binary:/usr/bin/docker busybox sh By bind-mounting the docker unix socket and statically linked docker -binary (such as that provided by [https://get.docker.com]( -https://get.docker.com)), you give the container the full access to create and -manipulate the host's Docker daemon. +binary (refer to [get the linux binary]( +../../installation/binaries.md#get-the-linux-binary)), +you give the container the full access to create and manipulate the host's +Docker daemon. ### Publish or expose port (-p, --expose) From dd7ea45fae9d528d84c303760f1e03a6da64f9c2 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Thu, 21 Jan 2016 13:48:53 +0800 Subject: [PATCH 1140/2538] Fix comment about swap limit of docker update The description "set `-1` to disable swap" is wrong, `build`, `create` and `run` already fixed, we need to fix `update` as well. Signed-off-by: Qiang Huang --- docs/reference/commandline/update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index c1efea57ba..bcbfab6ab9 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -23,7 +23,7 @@ parent = "smn_cli" --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) -m, --memory="" Memory limit --memory-reservation="" Memory soft limit - --memory-swap="" Total memory (memory + swap), '-1' to disable swap + --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap --kernel-memory="" Kernel memory limit: container must be stopped The `docker update` command dynamically updates container resources. Use this From 7e208ef5d06bed68c392e225b5f6b7f6d7eeb6a1 Mon Sep 17 00:00:00 2001 From: Azat Khuyiyakhmetov Date: Thu, 21 Jan 2016 12:46:29 +0100 Subject: [PATCH 1141/2538] Fixed typo in "/etc/subUid" Signed-off-by: Azat Khuziyakhmetov --- docs/reference/commandline/daemon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 856d913782..f94f6b72e9 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -737,7 +737,7 @@ range for the mapping of host uids and gids to the container process. This means that the first ID in the range will be the remapped root user, and the IDs above that initial ID will map host ID 1 through the end of the range. -From the example `/etc/subid` content shown above, the remapped root +From the example `/etc/subuid` content shown above, the remapped root user would be uid 165536. If the system administrator has set up multiple ranges for a single user or From 4e97e95cd8e8882494fd232b7ba047958af58903 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 18 Jan 2016 08:55:23 -0800 Subject: [PATCH 1142/2538] Support new events in bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ddd91f176f..2fb67d2b2d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -862,7 +862,7 @@ _docker_diff() { _docker_events() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "container event image" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "container event image label network type volume" -- "$cur" ) ) __docker_nospace return ;; @@ -881,16 +881,19 @@ _docker_events() { COMPREPLY=( $( compgen -W " attach commit + connect copy create delete destroy die + disconnect exec_create exec_start export import kill + mount oom pause pull @@ -902,8 +905,10 @@ _docker_events() { stop tag top + unmount unpause untag + update " -- "${cur#=}" ) ) return ;; @@ -912,6 +917,21 @@ _docker_events() { __docker_complete_images return ;; + *network=*) + ## BUG: this also triggers after -f type=network + cur="${cur#=}" + __docker_complete_networks + return + ;; + *type=*) + COMPREPLY=( $( compgen -W "container image network volume" -- "${cur#=}" ) ) + return + ;; + *volume=*) + cur="${cur#=}" + __docker_complete_volumes + return + ;; esac case "$cur" in From 869890dfbd503068697c3bc5e6abdee92e9234d5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 18 Jan 2016 09:37:12 -0800 Subject: [PATCH 1143/2538] Refactor handling of key specific subcompletions The currently used idiom for handling key specific subcompletions did not work here: behind `docker event -f type=network `, the completion of networks triggered. The expected behaviour is not to complete anything here. In order to limit the scope of the corresponding PR, the new idiom is currently only used in `docker events --filter`. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 76 +++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 25 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2fb67d2b2d..3cf39ab987 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -220,6 +220,32 @@ __docker_pos_first_nonflag() { echo $counter } +# If we are currently completing the value of a map option (key=value) +# which matches the extglob given as an argument, returns key. +# This function is needed for key-specific completions. +# TODO use this in all "${words[$cword-2]}$prev=" occurrences +__docker_map_key_of_current_option() { + local glob="$1" + + local key glob_pos + if [ "$cur" = "=" ] ; then # key= case + key="$prev" + glob_pos=$((cword - 2)) + elif [[ $cur == *=* ]] ; then # key=value case (OSX) + key=${cur%=*} + glob_pos=$((cword - 1)) + elif [ "$prev" = "=" ] ; then + key=${words[$cword - 2]} # key=value case + glob_pos=$((cword - 3)) + else + return + fi + + [ "${words[$glob_pos]}" = "=" ] && ((glob_pos--)) # --option=key=value syntax + + [[ ${words[$glob_pos]} == @($glob) ]] && echo "$key" +} + # Returns the value of the first option matching option_glob. # Valid values for option_glob are option names like '--log-level' and # globs like '--log-level|-l' @@ -860,24 +886,14 @@ _docker_diff() { } _docker_events() { - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "container event image label network type volume" -- "$cur" ) ) - __docker_nospace - return - ;; - --since|--until) - return - ;; - esac - - case "${words[$cword-2]}$prev=" in - *container=*) - cur="${cur#=}" + local filter=$(__docker_map_key_of_current_option '-f|--filter') + case "$filter" in + container) + cur="${cur##*=}" __docker_complete_containers_all return ;; - *event=*) + event) COMPREPLY=( $( compgen -W " attach commit @@ -909,31 +925,41 @@ _docker_events() { unpause untag update - " -- "${cur#=}" ) ) + " -- "${cur##*=}" ) ) return ;; - *image=*) - cur="${cur#=}" + image) + cur="${cur##*=}" __docker_complete_images return ;; - *network=*) - ## BUG: this also triggers after -f type=network - cur="${cur#=}" + network) + cur="${cur##*=}" __docker_complete_networks return ;; - *type=*) - COMPREPLY=( $( compgen -W "container image network volume" -- "${cur#=}" ) ) + type) + COMPREPLY=( $( compgen -W "container image network volume" -- "${cur##*=}" ) ) return ;; - *volume=*) - cur="${cur#=}" + volume) + cur="${cur##*=}" __docker_complete_volumes return ;; esac + case "$prev" in + --filter|-f) + COMPREPLY=( $( compgen -S = -W "container event image label network type volume" -- "$cur" ) ) + __docker_nospace + return + ;; + --since|--until) + return + ;; + esac + case "$cur" in -*) COMPREPLY=( $( compgen -W "--filter -f --help --since --until" -- "$cur" ) ) From e62e6e8b0710952318cf47042c8f6c1cd1c2db2e Mon Sep 17 00:00:00 2001 From: Kareem Khazem Date: Wed, 13 Jan 2016 16:34:18 +0000 Subject: [PATCH 1144/2538] Added `dead` to docs for docker ps -f status=... It is possible to invoke `docker ps -f status=dead`, but the documentation for docker-ps does not mention `dead` as a valid option. This commit fixes that. Signed-off-by: Kareem Khazem --- docs/reference/commandline/ps.md | 4 ++-- man/docker-ps.1.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 432a9a31c4..328e674264 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -55,7 +55,7 @@ The currently supported filters are: * label (`label=` or `label==`) * name (container's name) * exited (int - the code of exited containers. Only useful with `--all`) -* status (created|restarting|running|paused|exited) +* status (created|restarting|running|paused|exited|dead) * ancestor (`[:]`, `` or ``) - filters containers that were created from the given image or a descendant. * isolation (default|process|hyperv) (Windows daemon only) @@ -109,7 +109,7 @@ that have exited successfully: #### Status -The `status` filter matches containers by status. You can filter using `created`, `restarting`, `running`, `paused` and `exited`. For example, to filter for `running` containers: +The `status` filter matches containers by status. You can filter using `created`, `restarting`, `running`, `paused`, `exited` and `dead`. For example, to filter for `running` containers: $ docker ps --filter status=running CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index 0d0cae5792..91d1b21733 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -29,7 +29,7 @@ the running containers. Filter output based on these conditions: - exited= an exit code of - label= or label== - - status=(created|restarting|running|paused|exited) + - status=(created|restarting|running|paused|exited|dead) - name= a container's name - id= a container's ID - before=(|) From b1fbfa3b046896e126cea4244c6335d383331554 Mon Sep 17 00:00:00 2001 From: Anton Polonskiy Date: Fri, 22 Jan 2016 09:23:22 +0200 Subject: [PATCH 1145/2538] fixed typo Signed-off-by: Anton Polonskiy --- docs/reference/commandline/inspect.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 995388c8f1..38d4098c0c 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -41,7 +41,7 @@ straightforward manner. For the most part, you can pick out any field from the JSON in a fairly straightforward manner. - $ docker inspect '{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID + $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID **Get an instance's log path:** From 9930f31f74b95ae20f78e85df2476faf0cefb7d2 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Wed, 20 Jan 2016 17:16:49 -0500 Subject: [PATCH 1146/2538] Verify that the configuration keys in the file are valid. - Return an error if any of the keys don't match valid flags. - Fix an issue ignoring merged values as named values. - Fix tlsverify configuration key. - Fix bug in mflag to avoid panics when one of the flag set doesn't have any flag. Signed-off-by: David Calavera --- docs/reference/commandline/daemon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index f94f6b72e9..2d9edd8de4 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -852,7 +852,7 @@ This is a full example of the allowed configuration options in the file: "hosts": [], "log-level": "", "tls": true, - "tls-verify": true, + "tlsverify": true, "tls-opts": { "tlscacert": "", "tlscert": "", From 2ac86ababf2609209e24201f2c7a68c00f65813c Mon Sep 17 00:00:00 2001 From: David Calavera Date: Fri, 22 Jan 2016 13:14:48 -0500 Subject: [PATCH 1147/2538] Make TLSOptions and LogConfig embedded structs. That way the configuration file becomes flag, without extra keys. Signed-off-by: David Calavera --- docs/reference/commandline/daemon.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 2d9edd8de4..e59208033f 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -838,10 +838,8 @@ This is a full example of the allowed configuration options in the file: "storage-driver": "", "storage-opts": "", "labels": [], - "log-config": { - "log-driver": "", - "log-opts": [] - }, + "log-driver": "", + "log-opts": [], "mtu": 0, "pidfile": "", "graph": "", @@ -853,11 +851,9 @@ This is a full example of the allowed configuration options in the file: "log-level": "", "tls": true, "tlsverify": true, - "tls-opts": { - "tlscacert": "", - "tlscert": "", - "tlskey": "" - }, + "tlscacert": "", + "tlscert": "", + "tlskey": "", "api-cors-headers": "", "selinux-enabled": false, "userns-remap": "", From 32e9c9434a8e8c652631fa6580c372122ce827c5 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Wed, 20 Jan 2016 12:46:40 -0800 Subject: [PATCH 1148/2538] Fixing missing certs article; consolidating security material Entering comments from reviewers Updating with Derek's comments Fixing bad links reported by build Signed-off-by: Mary Anthony --- docs/reference/commandline/daemon.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index e59208033f..b84b097bbf 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -86,7 +86,7 @@ membership. If you need to access the Docker daemon remotely, you need to enable the `tcp` Socket. Beware that the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon - and should be secured -either using the [built in HTTPS encrypted socket](../../articles/https/), or by +either using the [built in HTTPS encrypted socket](../../security/https/), or by putting a secure web proxy in front of it. You can listen on port `2375` on all network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP address: `-H tcp://192.168.59.103:2375`. It is @@ -220,15 +220,15 @@ options for `zfs` start with `zfs`. the empty case the larger the device is. The base device size can be increased at daemon restart which will allow - all future images and containers (based on those new images) to be of the + all future images and containers (based on those new images) to be of the new base device size. - Example use: + Example use: $ docker daemon --storage-opt dm.basesize=50G - This will increase the base device size to 50G. The Docker daemon will throw an - error if existing base device size is larger than 50G. A user can use + This will increase the base device size to 50G. The Docker daemon will throw an + error if existing base device size is larger than 50G. A user can use this option to expand the base device size however shrinking is not permitted. This value affects the system-wide "base" empty filesystem @@ -727,7 +727,7 @@ when querying the system for the subordinate group ID range. ### Detailed information on `subuid`/`subgid` ranges -Given potential advanced use of the subordinate ID ranges by power users, the +Given potential advanced use of the subordinate ID ranges by power users, the following paragraphs define how the Docker daemon currently uses the range entries found within the subordinate range files. From fc57c3a41947bdbc1f6f836b2bfe63af9227236b Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Fri, 22 Jan 2016 08:52:36 -0800 Subject: [PATCH 1149/2538] Add some helper text for magical ADD Closes: #15777 Signed-off-by: Doug Davis --- docs/reference/builder.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 355c5e3767..8d9aeda17a 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -643,6 +643,14 @@ guide](../articles/dockerfile_best-practices.md#build-cache) for more informatio 2. The contents of the source tree, with conflicts resolved in favor of "2." on a file-by-file basis. + > **Note**: + > Whether a file is identified as a recognized compression format or not + > is done soley based on the contents of the file, not the name of the file. + > For example, if an empty file happens to end with `.tar.gz` this will not + > be recognized as a compressed file and **will not** generate any kind of + > decompression error message, rather the file will simply be copied to the + > destination. + - If `` is any other kind of file, it is copied individually along with its metadata. In this case, if `` ends with a trailing slash `/`, it will be considered a directory and the contents of `` will be written From 6495ac0c5fd8776934532f3e83532809e7b50ab3 Mon Sep 17 00:00:00 2001 From: Jasmine Hegman Date: Sat, 23 Jan 2016 23:43:24 -0700 Subject: [PATCH 1150/2538] Correcting `overlay` -> `bridge` driver in run.md Correcting `overlay` -> `bridge` driver in run.md to match the preceding paragraph. Signed-off-by: Jasmine Hegman --- docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 95e0e0a605..1e79953139 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -409,7 +409,7 @@ The following example creates a network using the built-in `bridge` network driver and running a container in the created network ``` -$ docker network create -d overlay my-net +$ docker network create -d bridge my-net $ docker run --net=my-net -itd --name=container3 busybox ``` From b3bb4d45dddc10093f025dd177e1e4b5973d76f9 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 24 Jan 2016 06:36:04 -0800 Subject: [PATCH 1151/2538] bash completion for `docker images -f dangling=false` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 3cf39ab987..021828575e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1024,10 +1024,8 @@ _docker_history() { _docker_images() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -W "dangling=true label=" -- "$cur" ) ) - if [ "$COMPREPLY" = "label=" ]; then - __docker_nospace - fi + COMPREPLY=( $( compgen -S = -W "dangling label" -- "$cur" ) ) + __docker_nospace return ;; --format) From 4808cc1282c4a440195227ef652f297c898914fb Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 24 Jan 2016 05:39:52 -0800 Subject: [PATCH 1152/2538] bash completion for `docker cp --follow-link` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 021828575e..4223bf16e1 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -670,7 +670,7 @@ _docker_commit() { _docker_cp() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--follow-link -L --help" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) From 58013afb39a2197b74fbbd05ed868c8e54719e49 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 24 Jan 2016 05:50:33 -0800 Subject: [PATCH 1153/2538] bash completion for `docker ps --filter status=dead` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4223bf16e1..598b406bc3 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1423,7 +1423,7 @@ _docker_ps() { return ;; *status=*) - COMPREPLY=( $( compgen -W "exited paused restarting running" -- "${cur#=}" ) ) + COMPREPLY=( $( compgen -W "created dead exited paused restarting running" -- "${cur#=}" ) ) return ;; esac From b50ca03b9ae0c61d9b3570b46ba95995ef4b0785 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 24 Jan 2016 10:07:04 -0800 Subject: [PATCH 1154/2538] remove bash completion for `docker tag -f` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 598b406bc3..bed8d62782 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1850,7 +1850,7 @@ _docker_stop() { _docker_tag() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) From d6d6954d61ad7e7220ce55c6b962c77c77604932 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 24 Jan 2016 10:11:18 -0800 Subject: [PATCH 1155/2538] remove zsh completion for `docker tag -f` Signed-off-by: Harald Albers --- contrib/completion/zsh/_docker | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2fbbff5da6..e5c3d36d7c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -967,7 +967,6 @@ __docker_subcommand() { (tag) _arguments $(__docker_arguments) \ $opts_help \ - "($help -f --force)"{-f,--force}"[force]"\ "($help -):source:__docker_images"\ "($help -):destination:__docker_repositories_with_tags" && ret=0 ;; From d75f2e95a0fcd0d6ec56f19c140563582a6385a4 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 24 Jan 2016 07:11:27 -0800 Subject: [PATCH 1156/2538] bash completion for `--cluster-store-opt kv.path discovery.{heartbeat,ttl}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index bed8d62782..6f4bb02185 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -774,7 +774,7 @@ _docker_daemon() { return ;; --cluster-store-opt) - COMPREPLY=( $( compgen -W "kv.cacertfile kv.certfile kv.keyfile" -S = -- "$cur" ) ) + COMPREPLY=( $( compgen -W "discovery.heartbeat discovery.ttl kv.cacertfile kv.certfile kv.keyfile kv.path" -S = -- "$cur" ) ) __docker_nospace return ;; From bdfbd1d9a622f3bfd439411d9e3f67f008d83efc Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 24 Jan 2016 08:41:22 -0800 Subject: [PATCH 1157/2538] bash completion for syslog over TLS log driver Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 6f4bb02185..5bda7c1086 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -409,7 +409,7 @@ __docker_complete_log_options() { local gelf_options="env gelf-address labels tag" local journald_options="env labels" local json_file_options="env labels max-file max-size" - local syslog_options="syslog-address syslog-facility tag" + local syslog_options="syslog-address syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify syslog-facility tag" local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag" local all_options="$fluentd_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" @@ -457,8 +457,9 @@ __docker_complete_log_driver_options() { return ;; *syslog-address=*) - COMPREPLY=( $( compgen -W "tcp udp unix" -S "://" -- "${cur#=}" ) ) + COMPREPLY=( $( compgen -W "tcp:// tcp+tls:// udp:// unix://" -- "${cur#=}" ) ) __docker_nospace + __ltrim_colon_completions "${cur}" return ;; *syslog-facility=*) @@ -486,6 +487,14 @@ __docker_complete_log_driver_options() { " -- "${cur#=}" ) ) return ;; + *syslog-tls-@(ca-cert|cert|key)=*) + _filedir + return + ;; + *syslog-tls-skip-verify=*) + COMPREPLY=( $( compgen -W "true" -- "${cur#=}" ) ) + return + ;; *splunk-url=*) COMPREPLY=( $( compgen -W "http:// https://" -- "${cur#=}" ) ) compopt -o nospace From f9a1ff07959430b5ba91d842276c5381836c856c Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 24 Jan 2016 10:28:36 -0800 Subject: [PATCH 1158/2538] fix minor bash completion issue on OSX (compopt) Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5bda7c1086..74d925576e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -497,13 +497,13 @@ __docker_complete_log_driver_options() { ;; *splunk-url=*) COMPREPLY=( $( compgen -W "http:// https://" -- "${cur#=}" ) ) - compopt -o nospace + __docker_nospace __ltrim_colon_completions "${cur}" return ;; *splunk-insecureskipverify=*) COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) - compopt -o nospace + __docker_nospace return ;; esac From f73b4335ff5bd72cf530a3c3bf003ef2fb15f2ca Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 25 Jan 2016 08:14:46 +0100 Subject: [PATCH 1159/2538] Add zsh completion for new 'docker daemon --cluster-store-opt discovery.heartbeat discovery.ttl kv.path' options Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index e5c3d36d7c..307a5d4c01 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -690,7 +690,7 @@ __docker_subcommand() { if compset -P '*='; then _files && ret=0 else - opts=('kv.cacertfile' 'kv.certfile' 'kv.keyfile') + opts=('discovery.heartbeat' 'discovery.ttl' 'kv.cacertfile' 'kv.certfile' 'kv.keyfile' 'kv.path') _describe -t cluster-store-opts "Cluster Store Options" opts -qS "=" && ret=0 fi ;; From 922fa196374cd63767509f33f80acd96760c4b7b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 25 Jan 2016 08:21:15 +0100 Subject: [PATCH 1160/2538] Add zsh completion for new 'docker daemon --log-opt syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify' options Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 307a5d4c01..b8d0eea3b6 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -204,7 +204,7 @@ __docker_get_log_options() { gelf_options=("env" "gelf-address" "labels" "tag") journald_options=("env" "labels") json_file_options=("env" "labels" "max-file" "max-size") - syslog_options=("syslog-address" "syslog-facility" "tag") + syslog_options=("syslog-address" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "syslog-facility" "tag") splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "tag") [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0 From 2e6cd43572d54258a170b9564a2a414df04d080b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 25 Jan 2016 08:09:30 +0100 Subject: [PATCH 1161/2538] Add zsh completion for 'docker cp -L --follow-link' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index b8d0eea3b6..25be25e02d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -592,6 +592,7 @@ __docker_subcommand() { (cp) _arguments $(__docker_arguments) \ $opts_help \ + "($help -L --follow-link)"{-L,--follow-link}"[Always follow symbol link in SRC_PATH]" \ "($help -)1:container:->container" \ "($help -)2:hostpath:_files" && ret=0 case $state in From 8de6a3fc71654e08d7a0e65651302dcba5d1b9e1 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 21 Jan 2016 21:57:53 -0500 Subject: [PATCH 1162/2538] On container rm, don't remove named mountpoints This makes it so when calling `docker run --rm`, or `docker rm -v`, only volumes specified without a name, e.g. `docker run -v /foo` instead of `docker run -v awesome:/foo` are removed. Note that all volumes are named, some are named by the user, some get a generated name. This is specifically about how the volume was specified on `run`, assuming that if the user specified it with a name they expect it to persist after the container is cleaned up. Signed-off-by: Brian Goff --- docs/reference/commandline/rm.md | 14 ++++++++++++++ docs/reference/run.md | 6 +++++- man/docker-rm.1.md | 16 ++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index 3664f98ccd..514b92c27e 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -45,3 +45,17 @@ This command will delete all stopped containers. The command `docker ps -a -q` will return all existing container IDs and pass them to the `rm` command which will delete them. Any running containers will not be deleted. + + $ docker rm -v redis + redis + +This command will remove the container and any volumes associated with it. +Note that if a volume was specified with a name, it will not be removed. + + $ docker create -v awesome:/foo -v /bar --name hello redis + hello + $ docker rm -v hello + +In this example, the volume for `/foo` will remain intact, but the volume for +`/bar` will be removed. The same behavior holds for volumes inherited with +`--volumes-from`. diff --git a/docs/reference/run.md b/docs/reference/run.md index 1e79953139..537e3aa085 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -590,7 +590,11 @@ the container exits**, you can add the `--rm` flag: > **Note**: When you set the `--rm` flag, Docker also removes the volumes associated with the container when the container is removed. This is similar -to running `docker rm -v my-container`. +to running `docker rm -v my-container`. Only volumes that are specified without a +name are removed. For example, with +`docker run --rm -v /foo -v awesome:/bar busybox top`, the volume for `/foo` will be removed, +but the volume for `/bar` will not. Volumes inheritted via `--volumes-from` will be removed +with the same logic -- if the original volume was specified with a name it will **not** be removed. ## Security configuration --security-opt="label:user:USER" : Set the label user for the container diff --git a/man/docker-rm.1.md b/man/docker-rm.1.md index d99c1d836b..9ae3142a6c 100644 --- a/man/docker-rm.1.md +++ b/man/docker-rm.1.md @@ -48,6 +48,22 @@ command. The use that name as follows: docker rm hopeful_morse +## Removing a container and all associated volumes + + $ docker rm -v redis + redis + +This command will remove the container and any volumes associated with it. +Note that if a volume was specified with a name, it will not be removed. + + $ docker create -v awesome:/foo -v /bar --name hello redis + hello + $ docker rm -v hello + +In this example, the volume for `/foo` will remain in tact, but the volume for +`/bar` will be removed. The same behavior holds for volumes inherited with +`--volumes-from`. + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From d3f2c73453b60bb2ca3faaf6f8395f8b66b3f9ba Mon Sep 17 00:00:00 2001 From: David Calavera Date: Mon, 25 Jan 2016 16:30:33 -0500 Subject: [PATCH 1163/2538] Allow network configuration via daemon config file. Signed-off-by: David Calavera --- docs/reference/commandline/daemon.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index b84b097bbf..7d950affd4 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -859,7 +859,20 @@ This is a full example of the allowed configuration options in the file: "userns-remap": "", "group": "", "cgroup-parent": "", - "default-ulimits": {} + "default-ulimits": {}, + "ipv6": false, + "iptables": false, + "ip-forward": false, + "ip-mask": false, + "userland-proxy": false, + "ip": "0.0.0.0", + "bridge": "", + "bip": "", + "fixed-cidr": "", + "fixed-cidr-v6": "", + "default-gateway": "", + "default-gateway-v6": "", + "icc": false } ``` From 645055b37d7a0398f58e1758f2278853ecf986bc Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 26 Jan 2016 10:09:25 -0800 Subject: [PATCH 1164/2538] bash completion for `docker daemon --userns-remap` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 74d925576e..20b2af4cf8 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -770,6 +770,7 @@ _docker_daemon() { --registry-mirror --storage-driver -s --storage-opt + --userns-remap " case "$prev" in @@ -845,6 +846,15 @@ _docker_daemon() { __docker_complete_log_options return ;; + --userns-remap) + if [[ $cur == *:* ]] ; then + COMPREPLY=( $(compgen -g -- "${cur#*:}") ) + else + COMPREPLY=( $(compgen -u -S : -- "$cur") ) + __docker_nospace + fi + return + ;; $(__docker_to_extglob "$options_with_args") ) return ;; From 88fa05ccb486dbfd053e51072fc9646a61012b5d Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Tue, 26 Jan 2016 15:53:11 -0500 Subject: [PATCH 1165/2538] Add note about mount propagation on systemd Signed-off-by: Brian Goff --- docs/reference/run.md | 8 ++++++++ man/docker-create.1.md | 8 ++++++++ man/docker-run.1.md | 8 ++++++++ 3 files changed, 24 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index 537e3aa085..4063d588cb 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1385,6 +1385,14 @@ Similarly the operator can set the **hostname** with `-h`. > **Note**: > The auto-creation of the host path has been [*deprecated*](../misc/deprecated.md#auto-creating-missing-host-paths-for-bind-mounts). +> **Note**: +> When using systemd to manage the Docker daemon's start and stop, in the systemd +> unit file there is an option to control mount propagation for the Docker daemon +> itself, called `MountFlags`. The value of this setting may cause Docker to not +> see mount propagation changes made on the mount point. For example, if this value +> is `slave`, you may not be able to use the `shared` or `rshared` propagation on +> a volume. + The volumes commands are complex enough to have their own documentation in section [*Managing data in containers*](../userguide/dockervolumes.md). A developer can define diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 08074ac431..e92e36c24b 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -411,6 +411,14 @@ will convert /foo into a `shared` mount point. Alternatively one can directly change propagation properties of source mount. Say `/` is source mount for `/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. +> **Note**: +> When using systemd to manage the Docker daemon's start and stop, in the systemd +> unit file there is an option to control mount propagation for the Docker daemon +> itself, called `MountFlags`. The value of this setting may cause Docker to not +> see mount propagation changes made on the mount point. For example, if this value +> is `slave`, you may not be able to use the `shared` or `rshared` propagation on +> a volume. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index ea9b0b8168..f1de10e273 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -582,6 +582,14 @@ will convert /foo into a `shared` mount point. Alternatively one can directly change propagation properties of source mount. Say `/` is source mount for `/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. +> **Note**: +> When using systemd to manage the Docker daemon's start and stop, in the systemd +> unit file there is an option to control mount propagation for the Docker daemon +> itself, called `MountFlags`. The value of this setting may cause Docker to not +> see mount propagation changes made on the mount point. For example, if this value +> is `slave`, you may not be able to use the `shared` or `rshared` propagation on +> a volume. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. From 0441148c7dc83ff1900a919527391259ff912e7c Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 26 Jan 2016 14:29:37 -0500 Subject: [PATCH 1166/2538] Fix bash completion for `docker volume ls --dangling=false`. Signed-off-by: David Calavera --- contrib/completion/bash/docker | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 20b2af4cf8..99551dcd83 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1998,7 +1998,14 @@ _docker_volume_inspect() { _docker_volume_ls() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -W "dangling=true" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "dangling" -- "$cur" ) ) + return + ;; + esac + + case "${words[$cword-2]}$prev=" in + *dangling=*) + COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) return ;; esac From 7910f01804734fb58965460870dbed1664e55e05 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Sat, 23 Jan 2016 20:36:40 -0800 Subject: [PATCH 1167/2538] Creating Engine specific menu Fixing the links Updating with Seb's comments Adding weight Fixing the engine aliases Updating after Arun pushed Removing empty file Signed-off-by: Mary Anthony --- docs/deprecated.md | 150 +++++++++++++++++++++++++++ docs/extend/authorization.md | 12 +-- docs/extend/index.md | 12 +-- docs/extend/plugin_api.md | 2 +- docs/extend/plugins.md | 8 +- docs/extend/plugins_network.md | 16 +-- docs/extend/plugins_volume.md | 17 ++- docs/reference/builder.md | 17 +-- docs/reference/commandline/export.md | 2 +- docs/reference/commandline/index.md | 5 +- docs/reference/commandline/search.md | 2 +- docs/reference/commandline/tag.md | 2 +- docs/reference/index.md | 18 ++++ docs/reference/run.md | 23 ++-- 14 files changed, 228 insertions(+), 58 deletions(-) create mode 100644 docs/deprecated.md create mode 100644 docs/reference/index.md diff --git a/docs/deprecated.md b/docs/deprecated.md new file mode 100644 index 0000000000..4ed127f953 --- /dev/null +++ b/docs/deprecated.md @@ -0,0 +1,150 @@ + + +# Deprecated Engine Features + +The following list of features are deprecated in Engine. + +### Ambiguous event fields in API +**Deprecated In Release: v1.10** + +The fields `ID`, `Status` and `From` in the events API have been deprecated in favor of a more rich structure. +See the events API documentation for the new format. + +### `-f` flag on `docker tag` +**Deprecated In Release: v1.10** + +**Target For Removal In Release: v1.12** + +To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use. + +### HostConfig at API container start +**Deprecated In Release: v1.10** + +**Target For Removal In Release: v1.12** + +Passing an `HostConfig` to `POST /containers/{name}/start` is deprecated in favor of +defining it at container creation (`POST /containers/create`). + +### Docker ps 'before' and 'since' options + +**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** + +**Target For Removal In Release: v1.12** + +The `docker ps --before` and `docker ps --since` options are deprecated. +Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. + +### Command line short variant options +**Deprecated In Release: v1.9** + +**Target For Removal In Release: v1.11** + +The following short variant options are deprecated in favor of their long +variants: + + docker run -c (--cpu-shares) + docker build -c (--cpu-shares) + docker create -c (--cpu-shares) + +### Driver Specific Log Tags +**Deprecated In Release: v1.9** + +**Target For Removal In Release: v1.11** + +Log tags are now generated in a standard way across different logging drivers. +Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and +`fluentd-tag` have been deprecated in favor of the generic `tag` option. + + docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" + +### LXC built-in exec driver +**Deprecated In Release: v1.8** + +**Target For Removal In Release: v1.10** + +The built-in LXC execution driver is deprecated for an external implementation. +The lxc-conf flag and API fields will also be removed. + +### Old Command Line Options +**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** + +**Target For Removal In Release: v1.10** + +The flags `-d` and `--daemon` are deprecated in favor of the `daemon` subcommand: + + docker daemon -H ... + +The following single-dash (`-opt`) variant of certain command line options +are deprecated and replaced with double-dash options (`--opt`): + + docker attach -nostdin + docker attach -sig-proxy + docker build -no-cache + docker build -rm + docker commit -author + docker commit -run + docker events -since + docker history -notrunc + docker images -notrunc + docker inspect -format + docker ps -beforeId + docker ps -notrunc + docker ps -sinceId + docker rm -link + docker run -cidfile + docker run -dns + docker run -entrypoint + docker run -expose + docker run -link + docker run -lxc-conf + docker run -n + docker run -privileged + docker run -volumes-from + docker search -notrunc + docker search -stars + docker search -t + docker search -trusted + docker tag -force + +The following double-dash options are deprecated and have no replacement: + + docker run --cpuset + docker run --networking + docker ps --since-id + docker ps --before-id + docker search --trusted + +### Auto-creating missing host paths for bind mounts +**Deprecated in Release: v1.9** + +**Target for Removal in Release: 1.11** + +When creating a container with a bind-mounted volume-- `docker run -v /host/path:/container/path` -- +docker was automatically creating the `/host/path` if it didn't already exist. + +This auto-creation of the host path is deprecated and docker will error out if +the path does not exist. + +### Interacting with V1 registries + +Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 registries. Though disabled by default, this signals the intent to deprecate the v1 protocol. + +### Docker Content Trust ENV passphrase variables name change +**Deprecated In Release: v1.9** + +**Target For Removal In Release: v1.10** + +As of 1.9, Docker Content Trust Offline key will be renamed to Root key and the Tagging key will be renamed to Repository key. Due to this renaming, we're also changing the corresponding environment variables + +- DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE will now be named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE +- DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE will now be named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE diff --git a/docs/extend/authorization.md b/docs/extend/authorization.md index 48790833cf..3512c56ccd 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/authorization.md @@ -4,7 +4,7 @@ title = "Access authorization plugin" description = "How to create authorization plugins to manage access control to your Docker daemon." keywords = ["security, authorization, authentication, docker, documentation, plugin, extend"] [menu.main] -parent = "mn_extend" +parent = "engine_extend" weight = -1 +++ @@ -41,8 +41,8 @@ on both the current authentication context and the command context. The authentication context contains all user details and the authentication method. The command context contains all the relevant request data. -Authorization plugins must follow the rules described in [Docker Plugin API](plugin_api.md). -Each plugin must reside within directories described under the +Authorization plugins must follow the rules described in [Docker Plugin API](plugin_api.md). +Each plugin must reside within directories described under the [Plugin discovery](plugin_api.md#plugin-discovery) section. **Note**: the abbreviations `AuthZ` and `AuthN` mean authorization and authentication @@ -90,7 +90,7 @@ configure proper authentication and security policies. ## Docker client flows -To enable and configure the authorization plugin, the plugin developer must +To enable and configure the authorization plugin, the plugin developer must support the Docker client interactions detailed in this section. ### Setting up Docker daemon @@ -132,7 +132,7 @@ docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZP ## API schema and implementation -In addition to Docker's standard plugin registration method, each plugin +In addition to Docker's standard plugin registration method, each plugin should implement the following two methods: * `/AuthzPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request. @@ -198,7 +198,7 @@ should implement the following two methods: The modified response enables the authorization plugin to manipulate the content of the HTTP response. In case of more than one plugin, each subsequent plugin -receives a response (optionally) modified by a previous plugin. +receives a response (optionally) modified by a previous plugin. ### Request authorization diff --git a/docs/extend/index.md b/docs/extend/index.md index b533ea1936..f491926e9a 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -1,19 +1,19 @@ -## Extending Docker +## Extending Docker Engine -Currently, you can extend Docker by adding a plugin. This section contains the following topics: +Currently, you can extend Docker Engine by adding a plugin. This section contains the following topics: * [Understand Docker plugins](plugins.md) * [Write a volume plugin](plugins_volume.md) diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index 8e2862f6cb..c6793a3dda 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -4,7 +4,7 @@ title = "Plugins API" description = "How to write Docker plugins extensions " keywords = ["API, Usage, plugins, documentation, developer"] [menu.main] -parent = "mn_extend" +parent = "engine_extend" weight=1 +++ diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 09362145a5..5a91010b1c 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -1,15 +1,15 @@ -# Understand Docker plugins +# Understand Engine plugins You can extend the capabilities of the Docker Engine by loading third-party plugins. This page explains the types of plugins and provides links to several @@ -65,7 +65,7 @@ The following plugins exist: * The [REX-Ray plugin](https://github.com/emccode/rexray) is a volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. - + * The [Contiv Volume Plugin](https://github.com/contiv/volplugin) is an open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption using ceph underneath. diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index 01e8089f7e..ac07273219 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -4,19 +4,19 @@ title = "Docker network driver plugins" description = "Network driver plugins." keywords = ["Examples, Usage, plugins, docker, documentation, user guide"] [menu.main] -parent = "mn_extend" +parent = "engine_extend" +++ -# Docker network driver plugins +# Engine network driver plugins -Docker network plugins enable Docker deployments to be extended to support a -wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN or -something completely different. Network driver plugins are supported via the +Docker Engine network plugins enable Engine deployments to be extended to +support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN +or something completely different. Network driver plugins are supported via the LibNetwork project. Each plugin is implemented asa "remote driver" for -LibNetwork, which shares plugin infrastructure with Docker. Effectively, -network driver plugins are activated in the same way as other plugins, and use -the same kind of protocol. +LibNetwork, which shares plugin infrastructure with Engine. Effectively, network +driver plugins are activated in the same way as other plugins, and use the same +kind of protocol. ## Using network driver plugins diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 1814708275..cb1bebf581 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -4,32 +4,32 @@ title = "Volume plugins" description = "How to manage data with external volume plugins" keywords = ["Examples, Usage, volume, docker, data, volumes, plugin, api"] [menu.main] -parent = "mn_extend" +parent = "engine_extend" +++ # Write a volume plugin -Docker volume plugins enable Docker deployments to be integrated with external -storage systems, such as Amazon EBS, and enable data volumes to persist beyond -the lifetime of a single Docker host. See the [plugin documentation](plugins.md) -for more information. +Docker Engine volume plugins enable Engine deployments to be integrated with +external storage systems, such as Amazon EBS, and enable data volumes to persist +beyond the lifetime of a single Engine host. See the [plugin +documentation](plugins.md) for more information. ## Command-line changes -A volume plugin makes use of the `-v`and `--volume-driver` flag on the `docker run` command. The `-v` flag accepts a volume name and the `--volume-driver` flag a driver type, for example: +A volume plugin makes use of the `-v`and `--volume-driver` flag on the `docker run` command. The `-v` flag accepts a volume name and the `--volume-driver` flag a driver type, for example: $ docker run -ti -v volumename:/data --volume-driver=flocker busybox sh This command passes the `volumename` through to the volume plugin as a -user-given name for the volume. The `volumename` must not begin with a `/`. +user-given name for the volume. The `volumename` must not begin with a `/`. By having the user specify a `volumename`, a plugin can associate the volume with an external volume beyond the lifetime of a single container or container host. This can be used, for example, to move a stateful container from one server to another. -By specifying a `volumedriver` in conjunction with a `volumename`, users can use plugins such as [Flocker](https://clusterhq.com/docker-plugin/) to manage volumes external to a single host, such as those on EBS. +By specifying a `volumedriver` in conjunction with a `volumename`, users can use plugins such as [Flocker](https://clusterhq.com/docker-plugin/) to manage volumes external to a single host, such as those on EBS. ## Create a VolumeDriver @@ -214,4 +214,3 @@ Get the list of volumes registered with the plugin. ``` Respond with a string error if an error occurred. - diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 8d9aeda17a..79036e39b7 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -4,7 +4,8 @@ title = "Dockerfile reference" description = "Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image." keywords = ["builder, docker, Dockerfile, automation, image creation"] [menu.main] -parent = "mn_reference" +parent = "engine_ref" +weight=-90 +++ @@ -18,7 +19,7 @@ instructions in succession. This page describes the commands you can use in a `Dockerfile`. When you are done reading this page, refer to the [`Dockerfile` Best -Practices](../articles/dockerfile_best-practices.md) for a tip-oriented guide. +Practices](../userguide/eng-image/dockerfile_best-practices.md) for a tip-oriented guide. ## Usage @@ -80,7 +81,7 @@ instructions. Whenever possible, Docker will re-use the intermediate images (cache), to accelerate the `docker build` process significantly. This is indicated by the `Using cache` message in the console output. -(For more information, see the [Build cache section](../articles/dockerfile_best-practices.md#build-cache)) in the +(For more information, see the [Build cache section](../userguide/eng-image/dockerfile_best-practices.md#build-cache)) in the `Dockerfile` best practices guide: $ docker build -t svendowideit/ambassador . @@ -99,7 +100,7 @@ the `Using cache` message in the console output. Successfully built 7ea8aef582cc When you're done with your build, you're ready to look into [*Pushing a -repository to its registry*](../userguide/dockerrepos.md#contributing-to-docker-hub). +repository to its registry*](../userguide/containers/dockerrepos.md#contributing-to-docker-hub). ## Format @@ -298,7 +299,7 @@ Or The `FROM` instruction sets the [*Base Image*](glossary.md#base-image) for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as its first instruction. The image can be any valid image – it is especially easy -to start by **pulling an image** from the [*Public Repositories*](../userguide/dockerrepos.md). +to start by **pulling an image** from the [*Public Repositories*](../userguide/containers/dockerrepos.md). - `FROM` must be the first non-comment instruction in the `Dockerfile`. @@ -369,7 +370,7 @@ cache for `RUN` instructions can be invalidated by using the `--no-cache` flag, for example `docker build --no-cache`. See the [`Dockerfile` Best Practices -guide](../articles/dockerfile_best-practices.md#build-cache) for more information. +guide](../userguide/eng-image/dockerfile_best-practices.md#build-cache) for more information. The cache for `RUN` instructions can be invalidated by `ADD` instructions. See [below](#add) for details. @@ -608,7 +609,7 @@ of whether or not the file has changed and the cache should be updated. > following instructions from the Dockerfile if the contents of `` have > changed. This includes invalidating the cache for `RUN` instructions. > See the [`Dockerfile` Best Practices -guide](../articles/dockerfile_best-practices.md#build-cache) for more information. +guide](../userguide/eng-image/dockerfile_best-practices.md#build-cache) for more information. `ADD` obeys the following rules: @@ -959,7 +960,7 @@ containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log /var/db`. For more information/examples and mounting instructions via the Docker client, refer to -[*Share Directories via Volumes*](../userguide/dockervolumes.md#mount-a-host-directory-as-a-data-volume) +[*Share Directories via Volumes*](../userguide/containers/dockervolumes.md#mount-a-host-directory-as-a-data-volume) documentation. The `docker run` command initializes the newly created volume with any data diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index 87b691cd43..604ceab189 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -23,7 +23,7 @@ the container, `docker export` will export the contents of the *underlying* directory, not the contents of the volume. Refer to [Backup, restore, or migrate data -volumes](../../userguide/dockervolumes.md#backup-restore-or-migrate-data-volumes) in +volumes](../../userguide/containers/dockervolumes.md#backup-restore-or-migrate-data-volumes) in the user guide for examples on exporting data in a volume. ## Examples diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 775c327700..a5704da03a 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -1,11 +1,12 @@ diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index beb4ef0a49..893895e214 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -21,7 +21,7 @@ parent = "smn_cli" Search [Docker Hub](https://hub.docker.com) for images -See [*Find Public Images on Docker Hub*](../../userguide/dockerrepos.md#searching-for-images) for +See [*Find Public Images on Docker Hub*](../../userguide/containers/dockerrepos.md#searching-for-images) for more details on finding shared images from the command line. > **Note:** diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index c1ca5aa18d..cd104e8c6a 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -17,4 +17,4 @@ parent = "smn_cli" --help Print usage You can group your images together using names and tags, and then upload them -to [*Share Images via Repositories*](../../userguide/dockerrepos.md#contributing-to-docker-hub). +to [*Share Images via Repositories*](../../userguide/containers/dockerrepos.md#contributing-to-docker-hub). diff --git a/docs/reference/index.md b/docs/reference/index.md new file mode 100644 index 0000000000..a207ee7d05 --- /dev/null +++ b/docs/reference/index.md @@ -0,0 +1,18 @@ + + +# Engine reference + +* [Dockerfile reference](builder.md) +* [Docker run reference](run.md) +* [Command line reference](commandline/index.md) +* [API Reference](api/index.md) diff --git a/docs/reference/run.md b/docs/reference/run.md index 4063d588cb..02dbe79289 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -4,7 +4,8 @@ title = "Docker run reference" description = "Configure containers at runtime" keywords = ["docker, run, configure, runtime"] [menu.main] -parent = "mn_reference" +parent = "engine_ref" +weight=-80 +++ @@ -550,7 +551,7 @@ The exit code from `docker run` gives information about why the container failed to run or why it exited. When `docker run` exits with a non-zero code, the exit codes follow the `chroot` standard, see below: -**_125_** if the error is with Docker daemon **_itself_** +**_125_** if the error is with Docker daemon **_itself_** $ docker run --foo busybox; echo $? # flag provided but not defined: --foo @@ -573,7 +574,7 @@ the exit codes follow the `chroot` standard, see below: **_Exit code_** of **_contained command_** otherwise - $ docker run busybox /bin/sh -c 'exit 3' + $ docker run busybox /bin/sh -c 'exit 3' # 3 ## Clean up (--rm) @@ -1000,9 +1001,9 @@ For example, to set `/dev/sda` device weight to `200`: ubuntu If you specify both the `--blkio-weight` and `--blkio-weight-device`, Docker -uses the `--blkio-weight` as the default weight and uses `--blkio-weight-device` -to override this default with a new value on a specific device. -The following example uses a default weight of `300` and overrides this default +uses the `--blkio-weight` as the default weight and uses `--blkio-weight-device` +to override this default with a new value on a specific device. +The following example uses a default weight of `300` and overrides this default on `/dev/sda` setting that weight to `200`: $ docker run -it \ @@ -1018,7 +1019,7 @@ per second from `/dev/sda`: The `--device-write-bps` flag limits the write rate (bytes per second)to a device. For example, this command creates a container and limits the write rate to `1mb` -per second for `/dev/sda`: +per second for `/dev/sda`: $ docker run -it --device-write-bps /dev/sda:1mb ubuntu @@ -1061,7 +1062,7 @@ one can use this flag: By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a -"privileged" container is given access to all devices (see +"privileged" container is given access to all devices (see the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). When the operator executes `docker run --privileged`, Docker will enable @@ -1195,7 +1196,7 @@ container's logging driver. The following options are supported: The `docker logs` command is available only for the `json-file` and `journald` logging drivers. For detailed information on working with logging drivers, see -[Configure a logging driver](logging/overview.md). +[Configure a logging driver](../admin/logging/overview.md). ## Overriding Dockerfile image defaults @@ -1383,7 +1384,7 @@ Similarly the operator can set the **hostname** with `-h`. --volumes-from="": Mount all volumes from the given container(s) > **Note**: -> The auto-creation of the host path has been [*deprecated*](../misc/deprecated.md#auto-creating-missing-host-paths-for-bind-mounts). +> The auto-creation of the host path has been [*deprecated*](../deprecated.md#auto-creating-missing-host-paths-for-bind-mounts). > **Note**: > When using systemd to manage the Docker daemon's start and stop, in the systemd @@ -1395,7 +1396,7 @@ Similarly the operator can set the **hostname** with `-h`. The volumes commands are complex enough to have their own documentation in section [*Managing data in -containers*](../userguide/dockervolumes.md). A developer can define +containers*](../userguide/containers/dockervolumes.md). A developer can define one or more `VOLUME`'s associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). From 9796beeedba2015a73923487227a3de55ccaa261 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 25 Jan 2016 14:48:23 -0800 Subject: [PATCH 1168/2538] Move tar copy-up for tmpfs mounts We cannot rely on the tar command for this type of operation because tar versions, flags, and functionality can very from distro to distro. Since this is in the container execution path it is not safe to have this as a dependency from dockers POV where the user cannot change the fact that docker is adding these pre and post mount commands. Signed-off-by: Michael Crosby --- man/docker-create.1.md | 5 +---- man/docker-run.1.md | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/man/docker-create.1.md b/man/docker-create.1.md index e92e36c24b..a45eef7d63 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -319,10 +319,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image - This command mounts a `tmpfs` at `/tmp` within the container. The mount copies -the underlying content of `my_image` into `/tmp`. For example if there was a -directory `/tmp/content` in the base image, docker will copy this directory and -all of its content on top of the tmpfs mounted on `/tmp`. The supported mount + This command mounts a `tmpfs` at `/tmp` within the container. The supported mount options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: `rw,noexec,nosuid,nodev,size=65536k`. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index f1de10e273..ab668e62ae 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -490,10 +490,7 @@ standard input. $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image - This command mounts a `tmpfs` at `/tmp` within the container. The mount copies -the underlying content of `my_image` into `/tmp`. For example if there was a -directory `/tmp/content` in the base image, docker will copy this directory and -all of its content on top of the tmpfs mounted on `/tmp`. The supported mount + This command mounts a `tmpfs` at `/tmp` within the container. The supported mount options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: `rw,noexec,nosuid,nodev,size=65536k`. From 045907a71ce0e891dcc05cd6d8972ec88ae44e06 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 26 Jan 2016 15:44:51 -0500 Subject: [PATCH 1169/2538] Remove cluster storage advertise from reload. Because libnetwork won't really send container information to the new storage anyways. Signed-off-by: David Calavera --- docs/reference/commandline/daemon.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 7d950affd4..f0b6d1624d 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -888,7 +888,4 @@ if there are conflicts, but it won't stop execution. The list of currently supported options that can be reconfigured is this: - `debug`: it changes the daemon to debug mode when set to true. -- `label`: it replaces the daemon labels with a new set of labels. -- `cluster-store`: it reloads the discovery store with the new address. -- `cluster-store-opts`: it uses the new options to reload the discovery store. -- `cluster-advertise`: it modifies the address advertised after reloading. +- `labels`: it replaces the daemon labels with a new set of labels. From d4fd7fd13b61dd6f5b3a4a36c75b358c173faedf Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 26 Jan 2016 17:39:13 -0800 Subject: [PATCH 1170/2538] Fix docs for tmpfs (pr 19688) Underlying files are no longer copied to the tmpfs. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/run.md | 7 +++---- docs/reference/run.md | 9 +++++++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 258290369f..dce1019f19 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -163,13 +163,12 @@ flag exists to allow special use-cases, like running Docker within Docker. The `-w` lets the command being executed inside directory given, here `/path/to/dir/`. If the path does not exists it is created inside the container. -### mount tmpfs (--tmpfs) +### Mount tmpfs (--tmpfs) $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image - The --tmpfs flag mounts a tmpfs into the container with the rw,noexec,nosuid,size=65536k options. - - Underlying content from the /run in the my_image image is copied into tmpfs. +The `--tmpfs` flag mounts an empty tmpfs into the container with the `rw`, +`noexec`, `nosuid`, `size=65536k` options. ### Mount volume (-v, --read-only) diff --git a/docs/reference/run.md b/docs/reference/run.md index 02dbe79289..e38fd1f18d 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1365,9 +1365,14 @@ Similarly the operator can set the **hostname** with `-h`. ### TMPFS (mount tmpfs filesystems) - --tmpfs=[]: Create a tmpfs mount with: container-dir[:], where the options are identical to the Linux `mount -t tmpfs -o` command. +```bash +--tmpfs=[]: Create a tmpfs mount with: container-dir[:], + where the options are identical to the Linux + 'mount -t tmpfs -o' command. +``` - Underlying content from the "container-dir" is copied into tmpfs. +The example below mounts an empty tmpfs into the container with the `rw`, +`noexec`, `nosuid`, and `size=65536k` options. $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image From 0c473c9e9c16fa3bd75b690eb12f44c44d585750 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 26 Jan 2016 10:57:38 -0800 Subject: [PATCH 1171/2538] Let bash completion for `docker network rm` only complete custom networks Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 99551dcd83..5d968128af 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -148,16 +148,20 @@ __docker_complete_containers_and_images() { COMPREPLY+=( "${containers[@]}" ) } +# Returns the names and optionally IDs of networks. +# The selection can be narrowed by an optional filter parameter, e.g. 'type=custom' __docker_networks() { + local filter="$1" # By default, only network names are completed. # Set DOCKER_COMPLETION_SHOW_NETWORK_IDS=yes to also complete network IDs. local fields='$2' [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS}" = yes ] && fields='$1,$2' - __docker_q network ls --no-trunc | awk "NR>1 {print $fields}" + __docker_q network ls --no-trunc ${filter:+-f "$filter"} | awk "NR>1 {print $fields}" + #__docker_q network ls --no-trunc | awk "NR>1 {print $fields}" } __docker_complete_networks() { - COMPREPLY=( $(compgen -W "$(__docker_networks)" -- "$cur") ) + COMPREPLY=( $(compgen -W "$(__docker_networks $@)" -- "$cur") ) } __docker_complete_network_ids() { @@ -1357,7 +1361,7 @@ _docker_network_rm() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - __docker_complete_networks + __docker_complete_networks type=custom esac } From 5d1e84419ab0ea347cc8cc224ac95ea5367b2f89 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 27 Jan 2016 09:32:14 +0100 Subject: [PATCH 1172/2538] Improve bash completion for `docker volume ls -f dangling` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5d968128af..89c52fb4f3 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2002,7 +2002,8 @@ _docker_volume_inspect() { _docker_volume_ls() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -W "dangling" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "dangling" -- "$cur" ) ) + __docker_nospace return ;; esac From c1c803cbe8912cbc554b3998181f5e37477e3815 Mon Sep 17 00:00:00 2001 From: Bryan Boreham Date: Tue, 26 Jan 2016 14:43:07 +0000 Subject: [PATCH 1173/2538] Improve wording about re-assigning IP addresses Signed-off-by: Bryan Boreham --- docs/reference/commandline/network_connect.md | 14 ++++++++------ man/docker-network-connect.1.md | 14 ++++++++------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index b08dec3225..49f0b3d7f4 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -56,12 +56,14 @@ $ docker network connect --alias db --alias mysql multi-host-network container2 You can pause, restart, and stop containers that are connected to a network. Paused containers remain connected and can be revealed by a `network inspect`. When the container is stopped, it does not appear on the network until you restart -it. If specified, the container's IP address(es) will be reapplied (if still available) -when a stopped container rejoins the network. One way to guarantee that the container -will be assigned the same IP addresses when it rejoins the network after a stop -or a disconnect, is to specify the `--ip-range` when creating the network, and choose -the static IP address(es) from outside the range. This will ensure that the IP address -will not be given to other dynamic containers while this container is not on the network. +it. + +If specified, the container's IP address(es) is reapplied when a stopped +container is restarted. If the IP address is no longer available, the container +fails to start. One way to guarantee that the IP address is available is +to specify an `--ip-range` when creating the network, and choose the static IP +address(es) from outside that range. This ensures that the IP address is not +given to another container while this container is not on the network. ```bash $ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network diff --git a/man/docker-network-connect.1.md b/man/docker-network-connect.1.md index 0fc4d4cf49..d6ee159391 100644 --- a/man/docker-network-connect.1.md +++ b/man/docker-network-connect.1.md @@ -28,12 +28,14 @@ $ docker run -itd --net=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::882 You can pause, restart, and stop containers that are connected to a network. Paused containers remain connected and can be revealed by a `network inspect`. When the container is stopped, it does not appear on the network until you restart -it. If specified, the container's IP address(es) will be reapplied (if still available) -when a stopped container rejoins the network. One way to guarantee that the container -will be assigned the same IP addresses when it rejoins the network after a stop -or a disconnect, is to specify the `--ip-range` when creating the network, and choose -the static IP address(es) from outside the range. This will ensure that the IP address -will not be given to other dynamic containers while this container is not on the network. +it. + +If specified, the container's IP address(es) is reapplied when a stopped +container is restarted. If the IP address is no longer available, the container +fails to start. One way to guarantee that the IP address is available is +to specify an `--ip-range` when creating the network, and choose the static IP +address(es) from outside that range. This ensures that the IP address is not +given to another container while this container is not on the network. ```bash $ docker network create --subnet 172.20.0.0/16 --ip-range 172.20.240.0/20 multi-host-network From 27686523be646dc661dd816adca0c09cf7c41fe2 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Mon, 18 Jan 2016 13:02:10 +0800 Subject: [PATCH 1174/2538] docs: document options for default network driver Fixes issue #18410 Signed-off-by: Wen Cheng Ma --- docs/reference/commandline/network_create.md | 24 ++++++++++++++++++-- man/docker-network-create.1.md | 4 ++-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index a1bfdf51f7..bb85cc0462 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -21,8 +21,8 @@ parent = "smn_cli" --internal Restricts external access to the network --ip-range=[] Allocate container ip from a sub-range --ipam-driver=default IP Address Management Driver - -o --opt=map[] Set custom network plugin options - --ipam-opt=map[] Set custom IPAM plugin options + --ipam-opt=map[] Set custom IPAM driver specific options + -o --opt=map[] Set custom driver specific options --subnet=[] Subnet in CIDR format that represents a network segment Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the @@ -122,6 +122,26 @@ docker network create -d overlay ``` Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. +# Bridge driver options + +When creating a custom network, the default network driver (i.e. `bridge`) has additional options that can be passed. +The following are those options and the equivalent docker daemon flags used for docker0 bridge: + +| Option | Equivalent | Description | +|--------------------------------------------------|-------------|-------------------------------------------------------| +| `com.docker.network.bridge.name` | - | bridge name to be used when creating the Linux bridge | +| `com.docker.network.bridge.enable_ip_masquerade` | `--ip-masq` | Enable IP masquerading | +| `com.docker.network.bridge.enable_icc` | `--icc` | Enable or Disable Inter Container Connectivity | +| `com.docker.network.bridge.host_binding_ipv4` | `--ip` | Default IP when binding container ports | +| `com.docker.network.mtu` | `--mtu` | Set the containers network MTU | +| `com.docker.network.enable_ipv6` | `--ipv6` | Enable IPv6 networking | + +For example, let's use `-o` or `--opt` options to specify an IP address binding when publishing ports: + +```bash +docker network create -o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" simple-network +``` + ### Network internal mode By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index c560f7a5f3..e1fea9f367 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -150,10 +150,10 @@ If you want to create an externally isolated `overlay` network, you can specify IP Address Management Driver **--ipam-opt**=map[] - Set custom IPAM plugin options + Set custom IPAM driver options **-o**, **--opt**=map[] - Set custom network plugin options + Set custom driver options **--subnet**=[] Subnet in CIDR format that represents a network segment From 437b2748c2913c7ca669ae9b23194796907eae31 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 28 Jan 2016 08:41:37 +0100 Subject: [PATCH 1175/2538] bash completion for journald tag support Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 89c52fb4f3..8c04b99fc3 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -411,7 +411,7 @@ __docker_complete_log_options() { local awslogs_options="awslogs-region awslogs-group awslogs-stream" local fluentd_options="env fluentd-address labels tag" local gelf_options="env gelf-address labels tag" - local journald_options="env labels" + local journald_options="env labels tag" local json_file_options="env labels max-file max-size" local syslog_options="syslog-address syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify syslog-facility tag" local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag" From 49347e571cb0d999e686d0f772daca34392dda2c Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 28 Jan 2016 09:48:47 -0800 Subject: [PATCH 1176/2538] Improve bash completion for users and groups Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8c04b99fc3..dcd44758b9 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -535,6 +535,15 @@ __docker_complete_signals() { COMPREPLY=( $( compgen -W "${signals[*]} ${signals[*]#SIG}" -- "$( echo $cur | tr '[:lower:]' '[:upper:]')" ) ) } +__docker_complete_user_group() { + if [[ $cur == *:* ]] ; then + COMPREPLY=( $(compgen -g -- "${cur#*:}") ) + else + COMPREPLY=( $(compgen -u -S : -- "$cur") ) + __docker_nospace + fi +} + # global options that may appear after the docker command _docker_docker() { local boolean_options=" @@ -851,12 +860,7 @@ _docker_daemon() { return ;; --userns-remap) - if [[ $cur == *:* ]] ; then - COMPREPLY=( $(compgen -g -- "${cur#*:}") ) - else - COMPREPLY=( $(compgen -u -S : -- "$cur") ) - __docker_nospace - fi + __docker_complete_user_group return ;; $(__docker_to_extglob "$options_with_args") ) @@ -995,6 +999,7 @@ _docker_exec() { case "$prev" in --user|-u) + __docker_complete_user_group return ;; esac @@ -1769,6 +1774,10 @@ _docker_run() { esac return ;; + --user|-u) + __docker_complete_user_group + return + ;; --volume-driver) __docker_complete_plugins Volume return From 5420ca8cded17334fa8b87f84ee2ccf2f7cc50b5 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Fri, 29 Jan 2016 09:25:14 -0800 Subject: [PATCH 1177/2538] update bash completions for push and pull Signed-off-by: Jessica Frazelle --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index dcd44758b9..8fb31c2288 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1466,7 +1466,7 @@ _docker_ps() { _docker_pull() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all-tags -a --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all-tags -a --disable-content-trust=false --help" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) @@ -1488,7 +1488,7 @@ _docker_pull() { _docker_push() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--disable-content-trust=false --help" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) From 6a0e2f700a631768c53eca72d433b8123dd59a9e Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Fri, 29 Jan 2016 13:54:28 +0800 Subject: [PATCH 1178/2538] Change container name to id as actual results Signed-off-by: Wen Cheng Ma --- docs/reference/commandline/stats.md | 6 +++--- man/docker-stats.1.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index b3a2ed6224..8ef7d6e152 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -28,9 +28,9 @@ Running `docker stats` on all running containers $ docker stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O - redis1 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB - redis2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B - nginx1 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B + 1285939c1fd3 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB + 9c76f7834ae2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B + d1ea048f04e4 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B Running `docker stats` on multiple containers by name and id. diff --git a/man/docker-stats.1.md b/man/docker-stats.1.md index c7fa7d504f..520466b5b8 100644 --- a/man/docker-stats.1.md +++ b/man/docker-stats.1.md @@ -31,9 +31,9 @@ Running `docker stats` on all running containers $ docker stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O - redis1 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB - redis2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B - nginx1 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B + 1285939c1fd3 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB + 9c76f7834ae2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B + d1ea048f04e4 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B Running `docker stats` on multiple containers by name and id. From 6f24713ba0400842ec4f0a36c6f8c64589327f5c Mon Sep 17 00:00:00 2001 From: Prayag Verma Date: Mon, 1 Feb 2016 01:25:59 +0530 Subject: [PATCH 1179/2538] Fix typo Signed-off-by: Prayag Verma --- docs/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 79036e39b7..3b9a6d5ea4 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -276,7 +276,7 @@ All of the README files are included. The middle line has no effect because You can even use the `.dockerignore` file to exclude the `Dockerfile` and `.dockerignore` files. These files are still sent to the daemon because it needs them to do its job. But the `ADD` and `COPY` commands -do not copy them to the the image. +do not copy them to the image. Finally, you may want to specify which files to include in the context, rather than which to exclude. To achieve this, specify `*` as From 235927da80dc18d8ca090c6cdcddf0e40cbe25ce Mon Sep 17 00:00:00 2001 From: qg <1373319223@qq.com> Date: Mon, 1 Feb 2016 15:49:25 +0800 Subject: [PATCH 1180/2538] change 'host:port' to `host:port` Signed-off-by: Gang Qiao --- docs/reference/commandline/daemon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index f0b6d1624d..df823995cd 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -565,7 +565,7 @@ please check the [run](run.md) reference. ## Nodes discovery -The `--cluster-advertise` option specifies the 'host:port' or `interface:port` +The `--cluster-advertise` option specifies the `host:port` or `interface:port` combination that this particular daemon instance should use when advertising itself to the cluster. The daemon is reached by remote hosts through this value. If you specify an interface, make sure it includes the IP address of the actual From 17cba03948e5119095e0ba28f31c0ee011f1269f Mon Sep 17 00:00:00 2001 From: Felix Hupfeld Date: Mon, 1 Feb 2016 11:56:18 +0100 Subject: [PATCH 1181/2538] Added link to Quobyte's volume plugin. Signed-off-by: Felix Hupfeld --- docs/extend/plugins.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 5a91010b1c..1bc2c2e3f7 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -62,6 +62,8 @@ The following plugins exist: * The [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) is a cluster aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. +* The [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. + * The [REX-Ray plugin](https://github.com/emccode/rexray) is a volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. From e8ba17c379195c09de762510b19dc599f17826b6 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Mon, 1 Feb 2016 13:30:15 +0100 Subject: [PATCH 1182/2538] Add docker-volume-ipfs plugin to the list. Signed-off-by: Vincent Demeester --- docs/extend/plugins.md | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 1bc2c2e3f7..8aa0603f78 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -53,6 +53,10 @@ The following plugins exist: another volume plugin that provides multi-host volumes management for Docker using GlusterFS. +* The [IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs) + is an open source volume plugin that allows using an + [ipfs](https://ipfs.io/) filesystem as a volume. + * The [Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) is a plugin that provides credentials and secret management using Keywhiz as a central repository. @@ -69,16 +73,21 @@ The following plugins exist: platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. * The [Contiv Volume Plugin](https://github.com/contiv/volplugin) is an open -source volume plugin that provides multi-tenant, persistent, distributed storage -with intent based consumption using ceph underneath. + source volume plugin that provides multi-tenant, persistent, distributed storage + with intent based consumption using ceph underneath. * The [Contiv Networking](https://github.com/contiv/netplugin) is an open source -libnetwork plugin to provide infrastructure and security policies for a -multi-tenant micro services deployment, while providing an integration to -physical network for non-container workload. Contiv Networking implements the -remote driver and IPAM APIs available in Docker 1.9 onwards. + libnetwork plugin to provide infrastructure and security policies for a + multi-tenant micro services deployment, while providing an integration to + physical network for non-container workload. Contiv Networking implements the + remote driver and IPAM APIs available in Docker 1.9 onwards. -* The [Weave Network Plugin](http://docs.weave.works/weave/latest_release/plugin.html) creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. +* The [Weave Network Plugin](http://docs.weave.works/weave/latest_release/plugin.html) + creates a virtual network that connects your Docker containers - + across multiple hosts or clouds and enables automatic discovery of + applications. Weave networks are resilient, partition tolerant, + secure and work in partially connected networks, and other adverse + environments - all configured with delightful simplicity. ## Troubleshooting a plugin From 1a10df30ce47972b7a9620ee64d2567dcdad5555 Mon Sep 17 00:00:00 2001 From: Vincent Woo Date: Sun, 13 Dec 2015 02:10:41 -0800 Subject: [PATCH 1183/2538] Allow disabling of colored Docker logs via daemon flag. Signed-off-by: Vincent Woo Signed-off-by: David Calavera --- contrib/completion/bash/docker | 1 + contrib/completion/zsh/_docker | 1 + docs/reference/commandline/daemon.md | 28 +++++++++++++++------------- man/docker-daemon.8.md | 6 ++++++ 4 files changed, 23 insertions(+), 13 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8fb31c2288..ba74289a79 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -748,6 +748,7 @@ _docker_daemon() { --ip-masq=false --iptables=false --ipv6 + --raw-logs --selinux-enabled --userland-proxy=false " diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 25be25e02d..b77435a156 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -666,6 +666,7 @@ __docker_subcommand() { "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" \ "($help)--mtu=[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ + "($help)--raw-logs[Full timestamps without ANSI coloring]" \ "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \ "($help -s --storage-driver)"{-s=,--storage-driver=}"[Storage driver to use]:driver:(aufs devicemapper btrfs zfs overlay)" \ "($help)--selinux-enabled[Enable selinux support]" \ diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index df823995cd..1986295414 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -54,6 +54,7 @@ weight = -1 --mtu=0 Set the containers network MTU --disable-legacy-registry Do not contact legacy registries -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file + --raw-logs Full timestamps without ANSI coloring --registry-mirror=[] Preferred Docker registry mirror -s, --storage-driver="" Storage driver to use --selinux-enabled Enable selinux support @@ -860,19 +861,20 @@ This is a full example of the allowed configuration options in the file: "group": "", "cgroup-parent": "", "default-ulimits": {}, - "ipv6": false, - "iptables": false, - "ip-forward": false, - "ip-mask": false, - "userland-proxy": false, - "ip": "0.0.0.0", - "bridge": "", - "bip": "", - "fixed-cidr": "", - "fixed-cidr-v6": "", - "default-gateway": "", - "default-gateway-v6": "", - "icc": false + "ipv6": false, + "iptables": false, + "ip-forward": false, + "ip-mask": false, + "userland-proxy": false, + "ip": "0.0.0.0", + "bridge": "", + "bip": "", + "fixed-cidr": "", + "fixed-cidr-v6": "", + "default-gateway": "", + "default-gateway-v6": "", + "icc": false, + "raw-logs": false } ``` diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 02adaeda91..051c9e0748 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -44,6 +44,7 @@ docker-daemon - Enable daemon mode [**--log-opt**[=*map[]*]] [**--mtu**[=*0*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] +[**--raw-logs**] [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] [**--selinux-enabled**] @@ -197,6 +198,11 @@ unix://[/path/to/socket] to use. **-p**, **--pidfile**="" Path to use for daemon PID file. Default is `/var/run/docker.pid` +**--raw-logs** +Output daemon logs in full timestamp format without ANSI coloring. If this flag is not set, +the daemon outputs condensed, colorized logs if a terminal is detected, or full ("raw") +output otherwise. + **--registry-mirror**=*://* Prepend a registry mirror to be used for image pulls. May be specified multiple times. From 361097ab17a3307466813e1844f069eca4fbb435 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Tue, 2 Feb 2016 05:57:59 +0000 Subject: [PATCH 1184/2538] Correct old virtual size In new content addressable model, image no longer have virtual size column, it is now 'size'. So we need to update related docs about them. Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/commit.md | 2 +- docs/reference/commandline/images.md | 26 +++++++++++++------------- docs/reference/commandline/load.md | 6 +++--- docs/reference/commandline/rmi.md | 2 +- man/docker-images.1.md | 2 +- man/docker-load.1.md | 4 ++-- man/docker-pull.1.md | 6 +++--- 7 files changed, 24 insertions(+), 24 deletions(-) diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index 4019c22725..13dd3340b0 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -46,7 +46,7 @@ created. Supported `Dockerfile` instructions: $ docker commit c3f279d17e0a svendowideit/testimage:version3 f5283438590d $ docker images - REPOSITORY TAG ID CREATED VIRTUAL SIZE + REPOSITORY TAG ID CREATED SIZE svendowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB ## Commit a container with new configurations diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index cfee5a4bbf..8419fd0c52 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -22,25 +22,25 @@ parent = "smn_cli" -q, --quiet Only show numeric IDs The default `docker images` will show all top level -images, their repository and tags, and their virtual size. +images, their repository and tags, and their size. Docker images have intermediate layers that increase reusability, decrease disk usage, and speed up `docker build` by allowing each step to be cached. These intermediate layers are not shown by default. -The `VIRTUAL SIZE` is the cumulative space taken up by the image and all +The `SIZE` is the cumulative space taken up by the image and all its parent images. This is also the disk space used by the contents of the Tar file created when you `docker save` an image. An image will be listed more than once if it has multiple repository names or tags. This single image (identifiable by its matching `IMAGE ID`) -uses up the `VIRTUAL SIZE` listed only once. +uses up the `SIZE` listed only once. ### Listing the most recently created images $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE 77af4d6b9913 19 hours ago 1.089 GB committ latest b6fa739cedf5 19 hours ago 1.089 GB 78a85c484f71 19 hours ago 1.089 GB @@ -61,7 +61,7 @@ given repository. For example, to list all images in the "java" repository, run this command : $ docker images java - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE java 8 308e519aac60 6 days ago 824.5 MB java 7 493d82594c15 3 months ago 656.3 MB java latest 2711b1d6f3aa 5 months ago 603.9 MB @@ -74,18 +74,18 @@ repository and tag are listed. To find all local images in the "java" repository with tag "8" you can use: $ docker images java:8 - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE java 8 308e519aac60 6 days ago 824.5 MB If nothing matches `REPOSITORY[:TAG]`, the list is empty. $ docker images java:0 - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE ## Listing the full length image IDs $ docker images --no-trunc - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB @@ -104,7 +104,7 @@ unchanged, the digest value is predictable. To list image digest values, use the `--digests` flag: $ docker images --digests - REPOSITORY TAG DIGEST IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB When pushing or pulling to a 2.0 registry, the `push` or `pull` command @@ -126,7 +126,7 @@ The currently supported filters are: $ docker images --filter "dangling=true" - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE 8abc22fbb042 4 weeks ago 0 B 48e5f45168b9 4 weeks ago 2.489 MB bf747efa0e2f 4 weeks ago 0 B @@ -163,20 +163,20 @@ The following filter matches images with the `com.example.version` label regardl $ docker images --filter "label=com.example.version" - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE match-me-1 latest eeae25ada2aa About a minute ago 188.3 MB match-me-2 latest eeae25ada2aa About a minute ago 188.3 MB The following filter matches images with the `com.example.version` label with the `1.0` value. $ docker images --filter "label=com.example.version=1.0" - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE match-me latest eeae25ada2aa About a minute ago 188.3 MB In this example, with the `0.1` value, it returns an empty set because no matches were found. $ docker images --filter "label=com.example.version=0.1" - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE ## Formatting diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index c2536fbdbf..888365fcf5 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -21,14 +21,14 @@ Loads a tarred repository from a file or the standard input stream. Restores both images and tags. $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE $ docker load < busybox.tar.gz $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB $ docker load --input fedora.tar $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB fedora rawhide 0d20aec6529d 7 weeks ago 387 MB fedora 20 58394af37342 7 weeks ago 385.5 MB diff --git a/docs/reference/commandline/rmi.md b/docs/reference/commandline/rmi.md index 022a415928..f02734e8b4 100644 --- a/docs/reference/commandline/rmi.md +++ b/docs/reference/commandline/rmi.md @@ -63,7 +63,7 @@ command untags and removes all images that match the specified ID. An image pulled by digest has no tag associated with it: $ docker images --digests - REPOSITORY TAG DIGEST IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB To remove an image using its digest: diff --git a/man/docker-images.1.md b/man/docker-images.1.md index 75355ac5c0..8410280a1d 100644 --- a/man/docker-images.1.md +++ b/man/docker-images.1.md @@ -70,7 +70,7 @@ To list the images in a local repository (not the registry) run: The list will contain the image repository name, a tag for the image, and an image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, -IMAGE ID, CREATED, and VIRTUAL SIZE. +IMAGE ID, CREATED, and SIZE. The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument that restricts the list to images that match the argument. If you specify diff --git a/man/docker-load.1.md b/man/docker-load.1.md index 508ab6bbb9..75ae84e6c5 100644 --- a/man/docker-load.1.md +++ b/man/docker-load.1.md @@ -25,11 +25,11 @@ Restores both images and tags. # EXAMPLES $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB $ docker load --input fedora.tar $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB fedora rawhide 0d20aec6529d 7 weeks ago 387 MB fedora 20 58394af37342 7 weeks ago 385.5 MB diff --git a/man/docker-pull.1.md b/man/docker-pull.1.md index 9e0e2ca818..338ee5d713 100644 --- a/man/docker-pull.1.md +++ b/man/docker-pull.1.md @@ -43,7 +43,7 @@ Note that if the image is previously downloaded then the status would be Status: Downloaded newer image for fedora $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB fedora 20 105182bb5e8b 5 days ago 372.7 MB fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB @@ -60,7 +60,7 @@ Note that if the image is previously downloaded then the status would be Status: Downloaded newer image for debian:latest $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE debian latest 4a5e6db8c069 5 days ago 125.1 MB @@ -77,7 +77,7 @@ Note that if the image is previously downloaded then the status would be Status: Downloaded newer image for registry.hub.docker.com/fedora:20 $ docker images - REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE + REPOSITORY TAG IMAGE ID CREATED SIZE fedora 20 3f2fed40e4b0 4 days ago 372.7 MB From f367aeadf328944df779dc329dc66adcda38a5b7 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 1 Feb 2016 16:07:57 +0100 Subject: [PATCH 1185/2538] Add note about legacy links Signed-off-by: Sebastiaan van Stijn --- man/docker-run.1.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index ab668e62ae..210343e3e4 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -759,6 +759,12 @@ Create a 3rd container using the new --ipc=container:CONTAINERID option, now it ## Linking Containers +> **Note**: This section describes linking between containers on the +> default (bridge) network, also known as "legacy links". Using `--link` +> on user-defined networks uses the DNS-based discovery, which does not add +> entries to `/etc/hosts`, and does not set environment variables for +> discovery. + The link feature allows multiple containers to communicate with each other. For example, a container whose Dockerfile has exposed port 80 can be run and named as follows: From 494ae5e8258a2e8f0a11d7ff0cbcbe7085b5b14c Mon Sep 17 00:00:00 2001 From: Sam Neirinck Date: Mon, 1 Feb 2016 17:12:15 +0100 Subject: [PATCH 1186/2538] Add powershell completion support Initial version of powershell tab completion. It completes commands and container names. Signed-off-by: Sam Neirinck --- .../completion/powershell/posh-docker.psm1 | 179 ++++++++++++++++++ 1 file changed, 179 insertions(+) create mode 100644 contrib/completion/powershell/posh-docker.psm1 diff --git a/contrib/completion/powershell/posh-docker.psm1 b/contrib/completion/powershell/posh-docker.psm1 new file mode 100644 index 0000000000..c0d6cc6b22 --- /dev/null +++ b/contrib/completion/powershell/posh-docker.psm1 @@ -0,0 +1,179 @@ +# Powershell completion for docker + +### Prerequisite +# Docker.exe needs to be in your PATH. +# If the command is not found, you will need to add a docker alias or add the docker installation folder (e.g. `%ProgramFiles%\Docker Toolbox`) to your PATH environment variable. + +### Installation (Latest stable) +# Windows 10 / Windows Server 2016: +# 1. Open a powershell prompt +# 2. Run `Install-Module -Scope CurrentUser posh-docker` +# +# Earlier Windows versions: +# 1. Install [PackageManagement PowerShell Modules Preview](https://www.microsoft.com/en-us/download/details.aspx?id=49186) +# 2. Open a powershell prompt +# 3. Run `Install-Module -Scope CurrentUser posh-docker` + +### Installation (From source) +# Copy this file to the %userprofile%\Documents\WindowsPowerShell\Modules\posh-docker directory (create directories as needed) + +### Usage +# After installation, execute the following line to enable autocompletion for the current powershell session: +# +# Import-Module posh-docker +# +# To make it persistent, add the above line to your profile. For example, run `notepad $PROFILE` and insert the line above. + +$global:DockerCompletion = @{} + +$script:flagRegex = "^ (-[^, =]+),? ?(--[^= ]+)?" + +function script:Get-Containers($filter) +{ + if ($filter -eq $null) + { + docker ps -a --no-trunc --format "{{.Names}}" + } else { + docker ps -a --no-trunc --format "{{.Names}}" --filter $filter + } +} + +function script:Get-AutoCompleteResult +{ + param([Parameter(ValueFromPipeline=$true)] $value) + + Process + { + New-Object System.Management.Automation.CompletionResult $value + } +} + +filter script:MatchingCommand($commandName) +{ + if ($_.StartsWith($commandName)) + { + $_ + } +} + +$completion_Docker = { + param($commandName, $commandAst, $cursorPosition) + + $command = $null + $commandParameters = @{} + $state = "Unknown" + $wordToComplete = $commandAst.CommandElements | Where-Object { $_.ToString() -eq $commandName } | Foreach-Object { $commandAst.CommandElements.IndexOf($_) } + + for ($i=1; $i -lt $commandAst.CommandElements.Count; $i++) + { + $p = $commandAst.CommandElements[$i].ToString() + + if ($p.StartsWith("-")) + { + if ($state -eq "Unknown" -or $state -eq "Options") + { + $commandParameters[$i] = "Option" + $state = "Options" + } + else + { + $commandParameters[$i] = "CommandOption" + $state = "CommandOptions" + } + } + else + { + if ($state -ne "CommandOptions") + { + $commandParameters[$i] = "Command" + $command = $p + $state = "CommandOptions" + } + else + { + $commandParameters[$i] = "CommandOther" + } + } + } + + if ($global:DockerCompletion.Count -eq 0) + { + $global:DockerCompletion["commands"] = @{} + $global:DockerCompletion["options"] = @() + + docker --help | ForEach-Object { + Write-Output $_ + if ($_ -match "^ (\w+)\s+(.+)") + { + $global:DockerCompletion["commands"][$Matches[1]] = @{} + + $currentCommand = $global:DockerCompletion["commands"][$Matches[1]] + $currentCommand["options"] = @() + } + elseif ($_ -match $flagRegex) + { + $global:DockerCompletion["options"] += $Matches[1] + if ($Matches[2] -ne $null) + { + $global:DockerCompletion["options"] += $Matches[2] + } + } + } + + } + + if ($wordToComplete -eq $null) + { + $commandToComplete = "Command" + if ($commandParameters.Count -gt 0) + { + if ($commandParameters[$commandParameters.Count] -eq "Command") + { + $commandToComplete = "CommandOther" + } + } + } else { + $commandToComplete = $commandParameters[$wordToComplete] + } + + switch ($commandToComplete) + { + "Command" { $global:DockerCompletion["commands"].Keys | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult } + "Option" { $global:DockerCompletion["options"] | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult } + "CommandOption" { + $options = $global:DockerCompletion["commands"][$command]["options"] + if ($options.Count -eq 0) + { + docker $command --help | % { + if ($_ -match $flagRegex) + { + $options += $Matches[1] + if ($Matches[2] -ne $null) + { + $options += $Matches[2] + } + } + } + } + + $global:DockerCompletion["commands"][$command]["options"] = $options + $options | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult + } + "CommandOther" { + $filter = $null + switch ($command) + { + "start" { $filter = "status=exited" } + "stop" { $filter = "status=running" } + } + Get-Containers $filter | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult + } + default { $global:DockerCompletion["commands"].Keys | MatchingCommand -Command $commandName } + } +} + +# Register the TabExpension2 function +if (-not $global:options) { $global:options = @{CustomArgumentCompleters = @{};NativeArgumentCompleters = @{}}} +$global:options['NativeArgumentCompleters']['docker'] = $Completion_Docker + +$function:tabexpansion2 = $function:tabexpansion2 -replace 'End\r\n{','End { if ($null -ne $options) { $options += $global:options} else {$options = $global:options}' \ No newline at end of file From bb1e32b5e1dd1055ff4fb3276b3e82b1c3f1024f Mon Sep 17 00:00:00 2001 From: Mohammad Banikazemi Date: Wed, 3 Feb 2016 14:21:54 -0500 Subject: [PATCH 1187/2538] Add Kuryr Network Plugin to the docs Signed-off-by: Mohammad Banikazemi --- docs/extend/plugins.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 8aa0603f78..6fa14baabe 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -89,6 +89,12 @@ The following plugins exist: secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. +* The [Kuryr Network Plugin](https://github.com/openstack/kuryr) is + developed as part of the OpenStack Kuryr project and implements the + Docker networking (libnetwork) remote driver API by utilizing + Neutron, the OpenStack networking service. It includes an IPAM + driver as well. + ## Troubleshooting a plugin If you are having problems with Docker after loading a plugin, ask the authors From 3dd7289df6afe87c5404a0783c4e6f5538e445c5 Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Wed, 3 Feb 2016 13:48:34 -0800 Subject: [PATCH 1188/2538] Add some basic bash completion for seccomp values Signed-off-by: Andrew "Tianon" Page --- contrib/completion/bash/docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ba74289a79..4bb8f75f43 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1768,6 +1768,11 @@ _docker_run() { __docker_nospace fi ;; + seccomp:*) + local cur=${cur##*:} + _filedir + COMPREPLY+=( $( compgen -W "unconfined" -- "$cur" ) ) + ;; *) COMPREPLY=( $( compgen -W "label apparmor seccomp" -S ":" -- "$cur") ) __docker_nospace From 355a190423d0ea1e4ce61388d046a1ea5ef59a09 Mon Sep 17 00:00:00 2001 From: Chun Chen Date: Fri, 15 Jan 2016 15:31:12 +0800 Subject: [PATCH 1189/2538] Display `internal` flag on `network inspect` Also adds internal network tests for bridge network Signed-off-by: Chun Chen --- docs/reference/commandline/network_inspect.md | 1 + man/docker-network-inspect.1.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 9e0d87fa29..84478d9cee 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -50,6 +50,7 @@ $ sudo docker network inspect bridge } ] }, + "Internal": false, "Containers": { "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { "Name": "container2", diff --git a/man/docker-network-inspect.1.md b/man/docker-network-inspect.1.md index ceba3688fe..da4e7c3550 100644 --- a/man/docker-network-inspect.1.md +++ b/man/docker-network-inspect.1.md @@ -45,6 +45,7 @@ $ sudo docker network inspect bridge } ] }, + "Internal": false, "Containers": { "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { "Name": "container2", From c1c6c3fe802540963abcc6833a379803b33136ec Mon Sep 17 00:00:00 2001 From: "Tom X. Tobin" Date: Fri, 5 Feb 2016 09:41:35 -0500 Subject: [PATCH 1190/2538] Fix typo in config-json man page In the NAME section: "confg.json" -> "config.json" Signed-off-by: Tom X. Tobin --- man/config-json.5.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/config-json.5.md b/man/config-json.5.md index af274c90a7..7e0b640948 100644 --- a/man/config-json.5.md +++ b/man/config-json.5.md @@ -2,7 +2,7 @@ % Docker Community % JANUARY 2016 # NAME -HOME/.docker/confg.json - Default Docker configuration file +HOME/.docker/config.json - Default Docker configuration file # INTRODUCTION From 505e1673d608e3ca11cb64fd694bfda111465f0d Mon Sep 17 00:00:00 2001 From: David Calavera Date: Fri, 5 Feb 2016 12:29:54 -0500 Subject: [PATCH 1191/2538] Add missing debug client mode info in docs. Signed-off-by: David Calavera --- docs/reference/commandline/info.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 51ae2699a1..5bb6fb299f 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -44,6 +44,7 @@ For example: Total Memory: 62.86 GiB Name: docker ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S + Debug mode (client): true Debug mode (server): true File Descriptors: 59 Goroutines: 159 From aa4669908156081123a99e4aab40ff49174785ff Mon Sep 17 00:00:00 2001 From: "Tom X. Tobin" Date: Fri, 5 Feb 2016 16:47:57 -0500 Subject: [PATCH 1192/2538] Fix mention of at sign in docs The at sign (`@`) was being referred to in the documentation as an ampersand (`&`). Signed-off-by: Tom X. Tobin --- docs/reference/commandline/attach.md | 2 +- docs/reference/commandline/cli.md | 2 +- man/docker-attach.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 124474bef2..dfe2908c3b 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -54,7 +54,7 @@ the `` is either a letter [a-Z], or the `ctrl-` combined with any of the following: * `a-z` (a single lowercase alpha character ) -* `@` (ampersand) +* `@` (at sign) * `[` (left bracket) * `\\` (two backward slashes) * `_` (underscore) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 26d2469a28..96486d73d9 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -111,7 +111,7 @@ property. The format of the `` is a comma-separated list of either a letter [a-Z], or the `ctrl-` combined with any of the following: * `a-z` (a single lowercase alpha character ) -* `@` (ampersand) +* `@` (at sign) * `[` (left bracket) * `\\` (two backward slashes) * `_` (underscore) diff --git a/man/docker-attach.1.md b/man/docker-attach.1.md index adecceb37f..c78f4fbb1b 100644 --- a/man/docker-attach.1.md +++ b/man/docker-attach.1.md @@ -55,7 +55,7 @@ the `` is either a letter [a-Z], or the `ctrl-` combined with any of the following: * `a-z` (a single lowercase alpha character ) -* `@` (ampersand) +* `@` (at sign) * `[` (left bracket) * `\\` (two backward slashes) * `_` (underscore) From a33942adf2b4a60a57108259d31a748328767591 Mon Sep 17 00:00:00 2001 From: Evan Allrich Date: Sat, 6 Feb 2016 09:39:20 -0600 Subject: [PATCH 1193/2538] Adding --format= flag Signed-off-by: Evan Allrich --- man/docker-inspect.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 05c60787ea..6bb6a5809d 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -209,7 +209,7 @@ To get information on a container use its ID or instance name: To get the IP address of a container use: - $ docker inspect '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d2cc496561d6 + $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d2cc496561d6 172.17.0.2 ## Listing all port bindings From a9dd9070040e26bef66483815b5a5a95566e3d17 Mon Sep 17 00:00:00 2001 From: Muthukumar R Date: Mon, 8 Feb 2016 12:01:11 -0800 Subject: [PATCH 1194/2538] Add Horcrux volume plugin to plugins.md Signed-off-by: Muthukumar R --- docs/extend/plugins.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 6fa14baabe..997c9dfbc5 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -53,6 +53,10 @@ The following plugins exist: another volume plugin that provides multi-host volumes management for Docker using GlusterFS. +* The [Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) allows on-demand, + version controlled access to your data. Horcrux is an open-source plugin, + written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3. + * The [IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs) is an open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume. From 904481becd4f98571a7866d18814fc329bc5c6e2 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 7 Feb 2016 10:02:30 -0800 Subject: [PATCH 1195/2538] Check key specific bash subcompletions first This is a refactoring in preparation of cleaning up the handling of key specific subcompletions. The new `__docker_map_key_of_current_option()` function will be used instead of the `__docker_map_key_of_current_option()` idiom in the following commit. As this function is very specific, checks using it should be executed before those checking for `$prev`. This commit just moves the checks without any modification. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 128 ++++++++++++++++----------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4bb8f75f43..6d1f626da7 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -787,6 +787,29 @@ _docker_daemon() { --userns-remap " + __docker_complete_log_driver_options && return + + case "${words[$cword-2]}$prev=" in + # completions for --storage-opt + *dm.@(blkdiscard|override_udev_sync_check|use_deferred_@(removal|deletion))=*) + COMPREPLY=( $( compgen -W "false true" -- "${cur#=}" ) ) + return + ;; + *dm.fs=*) + COMPREPLY=( $( compgen -W "ext4 xfs" -- "${cur#=}" ) ) + return + ;; + *dm.thinpooldev=*) + _filedir + return + ;; + # completions for --cluster-store-opt + *kv.*file=*) + _filedir + return + ;; + esac + case "$prev" in --authorization-plugin) __docker_complete_plugins Authorization @@ -869,29 +892,6 @@ _docker_daemon() { ;; esac - __docker_complete_log_driver_options && return - - case "${words[$cword-2]}$prev=" in - # completions for --storage-opt - *dm.@(blkdiscard|override_udev_sync_check|use_deferred_@(removal|deletion))=*) - COMPREPLY=( $( compgen -W "false true" -- "${cur#=}" ) ) - return - ;; - *dm.fs=*) - COMPREPLY=( $( compgen -W "ext4 xfs" -- "${cur#=}" ) ) - return - ;; - *dm.thinpooldev=*) - _filedir - return - ;; - # completions for --cluster-store-opt - *kv.*file=*) - _filedir - return - ;; - esac - case "$cur" in -*) COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) @@ -1051,6 +1051,16 @@ _docker_history() { } _docker_images() { + case "${words[$cword-2]}$prev=" in + *dangling=*) + COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) + return + ;; + *label=*) + return + ;; + esac + case "$prev" in --filter|-f) COMPREPLY=( $( compgen -S = -W "dangling label" -- "$cur" ) ) @@ -1062,16 +1072,6 @@ _docker_images() { ;; esac - case "${words[$cword-2]}$prev=" in - *dangling=*) - COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) - return - ;; - *label=*) - return - ;; - esac - case "$cur" in -*) COMPREPLY=( $( compgen -W "--all -a --digests --filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) ) @@ -1329,14 +1329,6 @@ _docker_network_inspect() { } _docker_network_ls() { - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "id name type" -- "$cur" ) ) - __docker_nospace - return - ;; - esac - case "${words[$cword-2]}$prev=" in *id=*) cur="${cur#=}" @@ -1354,6 +1346,14 @@ _docker_network_ls() { ;; esac + case "$prev" in + --filter|-f) + COMPREPLY=( $( compgen -S = -W "id name type" -- "$cur" ) ) + __docker_nospace + return + ;; + esac + case "$cur" in -*) COMPREPLY=( $( compgen -W "--filter -f --help --no-trunc --quiet -q" -- "$cur" ) ) @@ -1421,20 +1421,6 @@ _docker_port() { } _docker_ps() { - case "$prev" in - --before|--since) - __docker_complete_containers_all - ;; - --filter|-f) - COMPREPLY=( $( compgen -S = -W "ancestor exited id label name status" -- "$cur" ) ) - __docker_nospace - return - ;; - --format|-n) - return - ;; - esac - case "${words[$cword-2]}$prev=" in *ancestor=*) cur="${cur#=}" @@ -1457,6 +1443,20 @@ _docker_ps() { ;; esac + case "$prev" in + --before|--since) + __docker_complete_containers_all + ;; + --filter|-f) + COMPREPLY=( $( compgen -S = -W "ancestor exited id label name status" -- "$cur" ) ) + __docker_nospace + return + ;; + --format|-n) + return + ;; + esac + case "$cur" in -*) COMPREPLY=( $( compgen -W "--all -a --before --filter -f --format --help --latest -l -n --no-trunc --quiet -q --size -s --since" -- "$cur" ) ) @@ -1651,6 +1651,8 @@ _docker_run() { local all_options="$options_with_args $boolean_options" + __docker_complete_log_driver_options && return + case "$prev" in --add-host) case "$cur" in @@ -1797,8 +1799,6 @@ _docker_run() { ;; esac - __docker_complete_log_driver_options && return - case "$cur" in -*) COMPREPLY=( $( compgen -W "$all_options" -- "$cur" ) ) @@ -2015,17 +2015,17 @@ _docker_volume_inspect() { } _docker_volume_ls() { - case "$prev" in - --filter|-f) - COMPREPLY=( $( compgen -S = -W "dangling" -- "$cur" ) ) - __docker_nospace + case "${words[$cword-2]}$prev=" in + *dangling=*) + COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) return ;; esac - case "${words[$cword-2]}$prev=" in - *dangling=*) - COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) + case "$prev" in + --filter|-f) + COMPREPLY=( $( compgen -S = -W "dangling" -- "$cur" ) ) + __docker_nospace return ;; esac From fcad8ce206636f984dbb8429ce1a3adb3d7b8b2a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 7 Feb 2016 10:05:43 -0800 Subject: [PATCH 1196/2538] Improve key specific bash subcompletions The obscure `case "${words[$cword-2]}$prev=" in` idiom is no longer used for key specific completions in options with map values. The `__docker_map_key_of_current_option()` function does a much better job. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 132 +++++++++++++++++---------------- 1 file changed, 69 insertions(+), 63 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 6d1f626da7..7588e33355 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -227,7 +227,6 @@ __docker_pos_first_nonflag() { # If we are currently completing the value of a map option (key=value) # which matches the extglob given as an argument, returns key. # This function is needed for key-specific completions. -# TODO use this in all "${words[$cword-2]}$prev=" occurrences __docker_map_key_of_current_option() { local glob="$1" @@ -452,21 +451,20 @@ __docker_complete_log_options() { } __docker_complete_log_driver_options() { - # "=" gets parsed to a word and assigned to either $cur or $prev depending on whether - # it is the last character or not. So we search for "xxx=" in the the last two words. - case "${words[$cword-2]}$prev=" in - *gelf-address=*) - COMPREPLY=( $( compgen -W "udp" -S "://" -- "${cur#=}" ) ) + local key=$(__docker_map_key_of_current_option '--log-opt') + case "$key" in + gelf-address) + COMPREPLY=( $( compgen -W "udp" -S "://" -- "${cur##*=}" ) ) __docker_nospace return ;; - *syslog-address=*) - COMPREPLY=( $( compgen -W "tcp:// tcp+tls:// udp:// unix://" -- "${cur#=}" ) ) + syslog-address) + COMPREPLY=( $( compgen -W "tcp:// tcp+tls:// udp:// unix://" -- "${cur##*=}" ) ) __docker_nospace __ltrim_colon_completions "${cur}" return ;; - *syslog-facility=*) + syslog-facility) COMPREPLY=( $( compgen -W " auth authpriv @@ -488,26 +486,25 @@ __docker_complete_log_driver_options() { syslog user uucp - " -- "${cur#=}" ) ) + " -- "${cur##*=}" ) ) return ;; - *syslog-tls-@(ca-cert|cert|key)=*) + syslog-tls-@(ca-cert|cert|key)) _filedir return ;; - *syslog-tls-skip-verify=*) - COMPREPLY=( $( compgen -W "true" -- "${cur#=}" ) ) + syslog-tls-skip-verify) + COMPREPLY=( $( compgen -W "true" -- "${cur##*=}" ) ) return ;; - *splunk-url=*) - COMPREPLY=( $( compgen -W "http:// https://" -- "${cur#=}" ) ) + splunk-url) + COMPREPLY=( $( compgen -W "http:// https://" -- "${cur##*=}" ) ) __docker_nospace __ltrim_colon_completions "${cur}" return ;; - *splunk-insecureskipverify=*) - COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) - __docker_nospace + splunk-insecureskipverify) + COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) return ;; esac @@ -789,26 +786,31 @@ _docker_daemon() { __docker_complete_log_driver_options && return - case "${words[$cword-2]}$prev=" in - # completions for --storage-opt - *dm.@(blkdiscard|override_udev_sync_check|use_deferred_@(removal|deletion))=*) - COMPREPLY=( $( compgen -W "false true" -- "${cur#=}" ) ) - return - ;; - *dm.fs=*) - COMPREPLY=( $( compgen -W "ext4 xfs" -- "${cur#=}" ) ) - return - ;; - *dm.thinpooldev=*) - _filedir - return - ;; - # completions for --cluster-store-opt - *kv.*file=*) - _filedir - return - ;; - esac + key=$(__docker_map_key_of_current_option '--cluster-store-opt') + case "$key" in + kv.*file) + cur=${cur##*=} + _filedir + return + ;; + esac + + local key=$(__docker_map_key_of_current_option '--storage-opt') + case "$key" in + dm.@(blkdiscard|override_udev_sync_check|use_deferred_@(removal|deletion))) + COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) + return + ;; + dm.fs) + COMPREPLY=( $( compgen -W "ext4 xfs" -- "${cur##*=}" ) ) + return + ;; + dm.thinpooldev) + cur=${cur##*=} + _filedir + return + ;; + esac case "$prev" in --authorization-plugin) @@ -914,8 +916,8 @@ _docker_diff() { } _docker_events() { - local filter=$(__docker_map_key_of_current_option '-f|--filter') - case "$filter" in + local key=$(__docker_map_key_of_current_option '-f|--filter') + case "$key" in container) cur="${cur##*=}" __docker_complete_containers_all @@ -1051,12 +1053,13 @@ _docker_history() { } _docker_images() { - case "${words[$cword-2]}$prev=" in - *dangling=*) - COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + dangling) + COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) return ;; - *label=*) + label) return ;; esac @@ -1329,19 +1332,20 @@ _docker_network_inspect() { } _docker_network_ls() { - case "${words[$cword-2]}$prev=" in - *id=*) - cur="${cur#=}" + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + id) + cur="${cur##*=}" __docker_complete_network_ids return ;; - *name=*) - cur="${cur#=}" + name) + cur="${cur##*=}" __docker_complete_network_names return ;; - *type=*) - COMPREPLY=( $( compgen -W "builtin custom" -- "${cur#=}" ) ) + type) + COMPREPLY=( $( compgen -W "builtin custom" -- "${cur##*=}" ) ) return ;; esac @@ -1421,24 +1425,25 @@ _docker_port() { } _docker_ps() { - case "${words[$cword-2]}$prev=" in - *ancestor=*) - cur="${cur#=}" + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + ancestor) + cur="${cur##*=}" __docker_complete_images return ;; - *id=*) - cur="${cur#=}" + id) + cur="${cur##*=}" __docker_complete_container_ids return ;; - *name=*) - cur="${cur#=}" + name) + cur="${cur##*=}" __docker_complete_container_names return ;; - *status=*) - COMPREPLY=( $( compgen -W "created dead exited paused restarting running" -- "${cur#=}" ) ) + status) + COMPREPLY=( $( compgen -W "created dead exited paused restarting running" -- "${cur##*=}" ) ) return ;; esac @@ -2015,9 +2020,10 @@ _docker_volume_inspect() { } _docker_volume_ls() { - case "${words[$cword-2]}$prev=" in - *dangling=*) - COMPREPLY=( $( compgen -W "true false" -- "${cur#=}" ) ) + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + dangling) + COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) ) return ;; esac From a26c02199d73f3b1f091c3aa1d33e9aa2ef37e87 Mon Sep 17 00:00:00 2001 From: Doug Davis Date: Mon, 8 Feb 2016 17:50:59 -0800 Subject: [PATCH 1197/2538] Make it clear that env vars must be simple Closes #20169 Signed-off-by: Doug Davis --- docs/reference/commandline/run.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index dce1019f19..e9b913dff2 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -220,7 +220,8 @@ system's interfaces. $ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash -This sets environmental variables in the container. For illustration all three +This sets simple (non-array) environmental variables in the container. For +illustration all three flags are shown here. Where `-e`, `--env` take an environment variable and value, or if no `=` is provided, then that variable's current value is passed through (i.e. `$MYVAR1` from the host is set to `$MYVAR1` in the container). From 680de96eb66de4b656809df5325840aac0409508 Mon Sep 17 00:00:00 2001 From: Tomasz Kopczynski Date: Tue, 9 Feb 2016 20:37:33 +0100 Subject: [PATCH 1198/2538] Before and since filters documentation Signed-off-by: Tomasz Kopczynski --- docs/reference/commandline/ps.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 328e674264..0ec16cf2c1 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -57,6 +57,8 @@ The currently supported filters are: * exited (int - the code of exited containers. Only useful with `--all`) * status (created|restarting|running|paused|exited|dead) * ancestor (`[:]`, `` or ``) - filters containers that were created from the given image or a descendant. +* before (container's id or name) - filters containers created before given id or name +* since (container's id or name) - filters containers created since given id or name * isolation (default|process|hyperv) (Windows daemon only) @@ -163,6 +165,34 @@ in it's layer stack. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose +#### Before + +The `before` filter shows only containers created before the container with given id or name. For example, +having these containers created: + + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 9c3527ed70ce busybox "top" 14 seconds ago Up 15 seconds desperate_dubinsky + 4aace5031105 busybox "top" 48 seconds ago Up 49 seconds focused_hamilton + 6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat + +Filtering with `before` would give: + + $ docker ps -f before=9c3527ed70ce + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 4aace5031105 busybox "top" About a minute ago Up About a minute focused_hamilton + 6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat + +#### Since + +The `since` filter shows only containers created since the container with given id or name. For example, +with the same containers as in `before` filter: + + $ docker ps -f since=6e63f6ff38b0 + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 9c3527ed70ce busybox "top" 10 minutes ago Up 10 minutes desperate_dubinsky + 4aace5031105 busybox "top" 10 minutes ago Up 10 minutes focused_hamilton + ## Formatting From a015293ff7dc44ca12d206d81312fd3484b5986e Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 11 Feb 2016 08:00:41 -0800 Subject: [PATCH 1199/2538] Remove "--group-add dbus" from busybox example (no dbus group in busybox anymore) Signed-off-by: Andrew "Tianon" Page --- docs/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index e38fd1f18d..525290cadc 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1049,8 +1049,8 @@ By default, the docker container process runs with the supplementary groups look up for the specified user. If one wants to add more to that list of groups, then one can use this flag: - $ docker run -it --rm --group-add audio --group-add dbus --group-add 777 busybox id - uid=0(root) gid=0(root) groups=10(wheel),29(audio),81(dbus),777 + $ docker run --rm --group-add audio --group-add nogroup --group-add 777 busybox id + uid=0(root) gid=0(root) groups=10(wheel),29(audio),99(nogroup),777 ## Runtime privilege and Linux capabilities From 7c85fb1665386d01930af417b544b08a497ab781 Mon Sep 17 00:00:00 2001 From: Sian Lerk Lau Date: Fri, 12 Feb 2016 00:05:32 +0800 Subject: [PATCH 1200/2538] Improve usage details on overriding USER command in Docker run reference page Signed-off-by: Sian Lerk Lau --- docs/reference/run.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 525290cadc..cab6098ce8 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1429,7 +1429,10 @@ The developer can set a default user to run the first process with the Dockerfile `USER` instruction. When starting a container, the operator can override the `USER` instruction by passing the `-u` option. - -u="": Username or UID + -u="", --user="": Sets the username or UID used and optionally the groupname or GID for the specified command. + + The followings examples are all valid: + --user=[ user | user:group | uid | uid:gid | user:gid | uid:group ] > **Note:** if you pass a numeric uid, it must be in the range of 0-2147483647. From 91d0d25ee4b82af40ad627810357d099983d6135 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Thu, 11 Feb 2016 13:44:00 -0800 Subject: [PATCH 1201/2538] update cap-add docs for seccomp Signed-off-by: Jessica Frazelle --- docs/reference/run.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index cab6098ce8..ba2fc2d918 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1059,6 +1059,14 @@ one can use this flag: --privileged=false: Give extended privileges to this container --device=[]: Allows you to run devices inside the container without the --privileged flag. +> **Note:** +> With Docker 1.10 and greater, the default seccomp profile will also block +> syscalls, regardless of `--cap-add` passed to the container. We recommend in +> these cases to create your own custom seccomp profile based off our +> [default](https://github.com/docker/docker/blob/master/profiles/seccomp/default.json). +> Or if you don't want to run with the default seccomp profile, you can pass +> `--security-opt=seccomp:unconfined` on run. + By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a From c30d9d2fff232cc74ca8aa48a73eaa57a1b3e4d2 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 11 Feb 2016 15:21:52 -0800 Subject: [PATCH 1202/2538] fix common misspell Signed-off-by: Victor Vieux --- docs/reference/builder.md | 4 ++-- docs/reference/commandline/daemon.md | 2 +- docs/reference/commandline/network_connect.md | 2 +- docs/reference/commandline/run.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 3b9a6d5ea4..9b5cfdaf79 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -516,7 +516,7 @@ feature](../userguide/networking/index.md)). ENV = ... The `ENV` instruction sets the environment variable `` to the value -``. This value will be in the environment of all "descendent" +``. This value will be in the environment of all "descendant" `Dockerfile` commands and can be [replaced inline](#environment-replacement) in many as well. @@ -646,7 +646,7 @@ guide](../userguide/eng-image/dockerfile_best-practices.md#build-cache) for more > **Note**: > Whether a file is identified as a recognized compression format or not - > is done soley based on the contents of the file, not the name of the file. + > is done solely based on the contents of the file, not the name of the file. > For example, if an empty file happens to end with `.tar.gz` this will not > be recognized as a compressed file and **will not** generate any kind of > decompression error message, rather the file will simply be copied to the diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 1986295414..34b42850a3 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -802,7 +802,7 @@ cgroup. Assuming the daemon is running in cgroup `daemoncgroup`, `--cgroup-parent=/foobar` creates a cgroup in -`/sys/fs/cgroup/memory/foobar`, wheras using `--cgroup-parent=foobar` +`/sys/fs/cgroup/memory/foobar`, whereas using `--cgroup-parent=foobar` creates the cgroup in `/sys/fs/cgroup/memory/daemoncgroup/foobar` This setting can also be set per container, using the `--cgroup-parent` diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index 49f0b3d7f4..a815ca38ec 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -40,7 +40,7 @@ You can specify the IP address you want to be assigned to the container's interf $ docker network connect --ip 10.10.36.122 multi-host-network container2 ``` -You can use `--link` option to link another container with a prefered alias +You can use `--link` option to link another container with a preferred alias ```bash $ docker network connect --link container1:c1 multi-host-network container2 diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index e9b913dff2..5d3fc733b4 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -110,7 +110,7 @@ For information on connecting a container to a network, see the ["*Docker networ ## Examples -### Assign name and allocate psuedo-TTY (--name, -it) +### Assign name and allocate pseudo-TTY (--name, -it) $ docker run --name test -it debian root@d6c0fe130dba:/# exit 13 From 483c30a698cb9d782bbc8b15a43cb75ec612a651 Mon Sep 17 00:00:00 2001 From: Frederik Nordahl Jul Sabroe Date: Fri, 12 Feb 2016 18:39:12 +0100 Subject: [PATCH 1203/2538] Fish completion lists all containers on "docker rm -f" Signed-off-by: Frederik Nordahl Jul Sabroe --- contrib/completion/fish/docker.fish | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 17af1c0171..4e1c1cf408 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -290,6 +290,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -l help -d 'Print u complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s l -l link -d 'Remove the specified link and not the underlying container' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s v -l volumes -d 'Remove the volumes associated with the container' complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -a '(__fish_print_docker_containers stopped)' -d "Container" +complete -c docker -A -f -n '__fish_seen_subcommand_from rm' -s f -l force -a '(__fish_print_docker_containers all)' -d "Container" # rmi complete -c docker -f -n '__fish_docker_no_subcommand' -a rmi -d 'Remove one or more images' From 3969f77c86abcde86d69d0ec25a8388e287a866f Mon Sep 17 00:00:00 2001 From: Robert Wallis Date: Mon, 15 Feb 2016 13:17:05 -0800 Subject: [PATCH 1204/2538] Fixing mismatched network name. Using `my-net` to be consistent with: https://docs.docker.com/engine/reference/run/ Signed-off-by: Robert Wallis --- docs/reference/commandline/run.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 5d3fc733b4..4da4397193 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -326,17 +326,17 @@ Guide. ### Connect a container to a network (--net) When you start a container use the `--net` flag to connect it to a network. -This adds the `busybox` container to the `mynet` network. +This adds the `busybox` container to the `my-net` network. ```bash -$ docker run -itd --net=my-multihost-network busybox +$ docker run -itd --net=my-net busybox ``` You can also choose the IP addresses for the container with `--ip` and `--ip6` flags when you start the container on a user-defined network. ```bash -$ docker run -itd --net=my-multihost-network --ip=10.10.9.75 busybox +$ docker run -itd --net=my-net --ip=10.10.9.75 busybox ``` If you want to add a running container to a network use the `docker network connect` subcommand. From cb1279e542c376b93f4b8274d7ebbe3373f97caa Mon Sep 17 00:00:00 2001 From: Vishnu kannan Date: Wed, 3 Feb 2016 18:10:48 -0800 Subject: [PATCH 1205/2538] Expose docker's root directory by default as part of `docker info`. Signed-off-by: Vishnu kannan --- docs/reference/commandline/info.md | 1 + man/docker-info.1.md | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 5bb6fb299f..e3cce9bbee 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -44,6 +44,7 @@ For example: Total Memory: 62.86 GiB Name: docker ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S + Docker Root Dir: /var/lib/docker Debug mode (client): true Debug mode (server): true File Descriptors: 59 diff --git a/man/docker-info.1.md b/man/docker-info.1.md index 0dc46c14ed..93004a83c9 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -51,7 +51,14 @@ Here is a sample output: Architecture: x86_64 CPUs: 1 Total Memory: 2 GiB - + Name: docker + ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S + Docker Root Dir: /var/lib/docker + Debug mode (client): false + Debug mode (server): false + Username: xyz + Registry: https://index.docker.io/v1/ + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From e56ee5769caa027f52a37c36d1ab436dc5d48853 Mon Sep 17 00:00:00 2001 From: Bastiaan Bakker Date: Tue, 16 Feb 2016 22:36:51 +0100 Subject: [PATCH 1206/2538] add missing trailing slash in ADD and COPY /absoluteDir examples. According to the specs they are mandatory. Signed-off-by: Bastiaan Bakker --- docs/reference/builder.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 9b5cfdaf79..5dfb7f09f2 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -579,7 +579,7 @@ The `` is an absolute path, or a path relative to `WORKDIR`, into which the source will be copied inside the destination container. ADD test relativeDir/ # adds "test" to `WORKDIR`/relativeDir/ - ADD test /absoluteDir # adds "test" to /absoluteDir + ADD test /absoluteDir/ # adds "test" to /absoluteDir/ All new files and directories are created with a UID and GID of 0. @@ -691,7 +691,7 @@ The `` is an absolute path, or a path relative to `WORKDIR`, into which the source will be copied inside the destination container. COPY test relativeDir/ # adds "test" to `WORKDIR`/relativeDir/ - COPY test /absoluteDir # adds "test" to /absoluteDir + COPY test /absoluteDir/ # adds "test" to /absoluteDir/ All new files and directories are created with a UID and GID of 0. From 56965a4d1d80944866ca0d6682654e13a8cdbc92 Mon Sep 17 00:00:00 2001 From: Cedric Davies Date: Mon, 25 Jan 2016 14:49:52 -0800 Subject: [PATCH 1207/2538] Windows: Add ETW logging driver plug-in Signed-off-by: Cedric Davies --- man/docker-create.1.md | 2 +- man/docker-daemon.8.md | 2 +- man/docker-run.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/docker-create.1.md b/man/docker-create.1.md index a45eef7d63..36f0d94ef3 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -214,7 +214,7 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 051c9e0748..7584c91bd1 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -185,7 +185,7 @@ unix://[/path/to/socket] to use. **--label**="[]" Set key=value labels to the daemon (displayed in `docker info`) -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" Default driver for container logs. Default is `json-file`. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 210343e3e4..90e3ebdf44 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -320,7 +320,7 @@ container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. From c7b4d1c449efb73ed47aa60f308091ff1d531a42 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Wed, 17 Feb 2016 11:55:56 +0800 Subject: [PATCH 1208/2538] Fix docs Fix wrong descriptions in docs Signed-off-by: Zhang Wei --- man/docker-exec.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/docker-exec.1.md b/man/docker-exec.1.md index 49f6dbc286..16a061d069 100644 --- a/man/docker-exec.1.md +++ b/man/docker-exec.1.md @@ -27,10 +27,10 @@ container is unpaused, and then run # OPTIONS **-d**, **--detach**=*true*|*false* - Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. + Detached mode: run command in the background. The default is *false*. **--detach-keys**="" - Define the key sequence which detaches the container. + Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. **--help** Print usage statement From 65c94a34be5e022e46e60c59edb7a6fbe16d4766 Mon Sep 17 00:00:00 2001 From: Aidan Hobson Sayers Date: Fri, 12 Feb 2016 01:42:15 +0000 Subject: [PATCH 1209/2538] Add docs for --ipv6 option, also add --internal as appropriate Signed-off-by: Aidan Hobson Sayers --- contrib/completion/bash/docker | 4 ++-- contrib/completion/zsh/_docker | 1 + docs/reference/commandline/network_create.md | 9 ++++++++- man/docker-network-create.1.md | 4 ++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7588e33355..7757f7d81a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1275,7 +1275,7 @@ _docker_network_connect() { _docker_network_create() { case "$prev" in - --aux-address|--gateway|--ip-range|--ipam-opt|--opt|-o|--subnet) + --aux-address|--gateway|--internal|--ip-range|--ipam-opt|--ipv6|--opt|-o|--subnet) return ;; --ipam-driver) @@ -1294,7 +1294,7 @@ _docker_network_create() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --opt -o --subnet" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --ipv6 --opt -o --subnet" -- "$cur" ) ) ;; esac } diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index b77435a156..4e6a18f11b 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -332,6 +332,7 @@ __docker_network_subcommand() { "($help)*--ip-range=[Allocate container ip from a sub-range]:IP/mask: " \ "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \ "($help)*--ipam-opt=[Set custom IPAM plugin options]:opt=value: " \ + "($help)--ipv6[Enable IPv6 networking]" \ "($help)*"{-o=,--opt=}"[Set driver specific options]:opt=value: " \ "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \ "($help -)1:Network Name: " && ret=0 diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index bb85cc0462..967eeb6378 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -22,6 +22,7 @@ parent = "smn_cli" --ip-range=[] Allocate container ip from a sub-range --ipam-driver=default IP Address Management Driver --ipam-opt=map[] Set custom IPAM driver specific options + --ipv6 Enable IPv6 networking -o --opt=map[] Set custom driver specific options --subnet=[] Subnet in CIDR format that represents a network segment @@ -134,7 +135,13 @@ The following are those options and the equivalent docker daemon flags used for | `com.docker.network.bridge.enable_icc` | `--icc` | Enable or Disable Inter Container Connectivity | | `com.docker.network.bridge.host_binding_ipv4` | `--ip` | Default IP when binding container ports | | `com.docker.network.mtu` | `--mtu` | Set the containers network MTU | -| `com.docker.network.enable_ipv6` | `--ipv6` | Enable IPv6 networking | + +The following arguments can be passed to `docker network create` for any network driver. + +| Argument | Equivalent | Description | +|--------------|------------|------------------------------------------| +| `--internal` | - | Restricts external access to the network | +| `--ipv6` | `--ipv6` | Enable IPv6 networking | For example, let's use `-o` or `--opt` options to specify an IP address binding when publishing ports: diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index e1fea9f367..e2c34bff17 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -14,6 +14,7 @@ docker-network-create - create a new network [**--ip-range**=*[]*] [**--ipam-driver**=*default*] [**--ipam-opt**=*map[]*] +[**--ipv6**] [**-o**|**--opt**=*map[]*] [**--subnet**=*[]*] NETWORK-NAME @@ -152,6 +153,9 @@ If you want to create an externally isolated `overlay` network, you can specify **--ipam-opt**=map[] Set custom IPAM driver options +**--ipv6** + Enable IPv6 networking + **-o**, **--opt**=map[] Set custom driver options From 79a3c42030de33a5633e6966a66a35d237d97cea Mon Sep 17 00:00:00 2001 From: ozlerhakan Date: Thu, 18 Feb 2016 21:52:15 +0200 Subject: [PATCH 1210/2538] add a section to each volume page Signed-off-by: ozlerhakan --- docs/reference/commandline/volume_create.md | 7 +++++++ docs/reference/commandline/volume_inspect.md | 9 ++++++++- docs/reference/commandline/volume_ls.md | 7 +++++++ docs/reference/commandline/volume_rm.md | 7 +++++++ 4 files changed, 29 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 744cfd1ffa..79e794698f 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -48,3 +48,10 @@ These options are passed directly to the volume driver. Options for different volume drivers may do different things (or nothing at all). *Note*: The built-in `local` volume driver does not currently accept any options. + +## Related information + +* [volume inspect](volume_inspect.md) +* [volume ls](volume_ls.md) +* [volume rm](volume_rm.md) +* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) \ No newline at end of file diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 519f80c23e..8fdd34d93b 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -12,7 +12,7 @@ parent = "smn_cli" Usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...] - Inspect one or more volumes + Return low-level information on a volume -f, --format= Format the output using the given go template. --help Print usage @@ -38,3 +38,10 @@ Example output: $ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d /var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data + +## Related information + +* [volume create](volume_create.md) +* [volume ls](volume_ls.md) +* [volume rm](volume_rm.md) +* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) \ No newline at end of file diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 3361959439..0388e8ae2d 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -32,3 +32,10 @@ Example output: DRIVER VOLUME NAME local rose local tyler + +## Related information + +* [volume create](volume_create.md) +* [volume inspect](volume_inspect.md) +* [volume rm](volume_rm.md) +* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) \ No newline at end of file diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index 495e746553..ff5ce24a4b 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -20,3 +20,10 @@ Removes one or more volumes. You cannot remove a volume that is in use by a cont $ docker volume rm hello hello + +## Related information + +* [volume create](volume_create.md) +* [volume inspect](volume_inspect.md) +* [volume ls](volume_ls.md) +* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) \ No newline at end of file From 15eb38dfb1afd6b2a38305740ade81216b35899b Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Wed, 17 Feb 2016 17:08:11 -0800 Subject: [PATCH 1211/2538] Invoke ReloadConfiguration on network controller - It reverts fa163f5619bb01cabca1c21 plus a small change in order to allow passing the global scope datastore to libnetwork after damon boot. Signed-off-by: Alessandro Boch --- docs/reference/commandline/daemon.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 34b42850a3..6565bd7b9b 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -890,4 +890,13 @@ if there are conflicts, but it won't stop execution. The list of currently supported options that can be reconfigured is this: - `debug`: it changes the daemon to debug mode when set to true. +- `cluster-store`: it reloads the discovery store with the new address. +- `cluster-store-opts`: it uses the new options to reload the discovery store. +- `cluster-advertise`: it modifies the address advertised after reloading. - `labels`: it replaces the daemon labels with a new set of labels. + +Updating and reloading the cluster configurations such as `--cluster-store`, +`--cluster-advertise` and `--cluster-store-opts` will take effect only if +these configurations were not previously configured. Configuration reload will +log a warning message if it detects a change in previously configured cluster +configurations. \ No newline at end of file From 7eed2da5168ba78d80437ed60d6d515a1fbd6bd2 Mon Sep 17 00:00:00 2001 From: Andrew Macpherson Date: Fri, 19 Feb 2016 15:13:34 +0000 Subject: [PATCH 1212/2538] Document .Names format placeholder in docker-ps man page, fixes #20503. Signed-off-by: Andrew Macpherson --- man/docker-ps.1.md | 1 + 1 file changed, 1 insertion(+) diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index 91d1b21733..6e1fe9a6c0 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -47,6 +47,7 @@ the running containers. .Ports - Exposed ports. .Status - Container status. .Size - Container disk size. + .Names - Container names. .Labels - All labels assigned to the container. .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` From 776757ac285d13a5b71991ae3b4713fb6e4302a4 Mon Sep 17 00:00:00 2001 From: Jian Zhang Date: Wed, 17 Feb 2016 11:54:45 +0800 Subject: [PATCH 1213/2538] Fix some flaws in docs Signed-off-by: Jian Zhang --- docs/reference/commandline/commit.md | 2 +- docs/reference/commandline/cp.md | 4 ++-- docs/reference/commandline/events.md | 2 +- docs/reference/commandline/import.md | 2 +- docs/reference/commandline/network_ls.md | 12 ++++++------ docs/reference/commandline/network_rm.md | 2 +- docs/reference/commandline/rm.md | 10 +++++----- 7 files changed, 17 insertions(+), 17 deletions(-) diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index 13dd3340b0..df64e957ac 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -31,7 +31,7 @@ volumes mounted inside the container. By default, the container being committed and its processes will be paused while the image is committed. This reduces the likelihood of encountering data corruption during the process of creating the commit. If this behavior is -undesired, set the 'p' option to false. +undesired, set the `--pause` option to false. The `--change` option will apply `Dockerfile` instructions to the image that is created. Supported `Dockerfile` instructions: diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index 50179fb4cf..9359bef365 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -23,7 +23,7 @@ You can copy from the container's file system to the local machine or the reverse, from the local filesystem to the container. If `-` is specified for either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from `STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container. -The `SRC_PATH` or `DEST_PATH` be a file or directory. +The `SRC_PATH` or `DEST_PATH` can be a file or directory. The `docker cp` command assumes container paths are relative to the container's `/` (root) directory. This means supplying the initial forward slash is optional; @@ -85,4 +85,4 @@ It is not possible to copy certain system files such as resources under Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive. The command extracts the content of the tar to the `DEST_PATH` in container's filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as -`DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. +the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 30eae105d9..22e94609d2 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -37,7 +37,7 @@ Docker networks report the following events: The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the client machine’s time. If you do not provide the --since option, +relative to the client machine’s time. If you do not provide the `--since` option, the command returns only new and/or live events. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local diff --git a/docs/reference/commandline/import.md b/docs/reference/commandline/import.md index 3b36a52bad..d4ca8d5775 100644 --- a/docs/reference/commandline/import.md +++ b/docs/reference/commandline/import.md @@ -47,7 +47,7 @@ Import to docker via pipe and `STDIN`. $ cat exampleimage.tgz | docker import - exampleimagelocal:new -Import with a commit message +Import with a commit message. $ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 06733cd3ca..b12957a3a4 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -94,7 +94,7 @@ NETWORK ID NAME DRIVER You can also filter for a substring in a name as this shows: ```bash -$ docker ps --filter name=foo +$ docker network ls --filter name=foo NETWORK ID NAME DRIVER 95e74588f40d foo bridge 06e7eef0a170 foobar bridge @@ -104,8 +104,8 @@ NETWORK ID NAME DRIVER The `id` filter matches on all or part of a network's ID. -The following filter matches all networks with a name containing the -`06e7eef01700` string. +The following filter matches all networks with an ID containing the +`63d1ff1f77b0...` string. ```bash $ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 @@ -113,14 +113,14 @@ NETWORK ID NAME DRIVER 63d1ff1f77b0 dev bridge ``` -You can also filter for a substring in a ID as this shows: +You can also filter for a substring in an ID as this shows: ```bash -$ docker ps --filter id=95e74588f40d +$ docker network ls --filter id=95e74588f40d NETWORK ID NAME DRIVER 95e74588f40d foo bridge -$ docker ps --filter id=95e +$ docker network ls --filter id=95e NETWORK ID NAME DRIVER 95e74588f40d foo bridge ``` diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index 516eb4ecfc..0653458f9d 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -25,7 +25,7 @@ To remove the network named 'my-network': ``` To delete multiple networks in a single `docker network rm` command, provide -multiple network names or id's. The following example deletes a network with id +multiple network names or ids. The following example deletes a network with id `3695c422697f` and a network named `my-network`: ```bash diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index 514b92c27e..bf615b55b8 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -46,15 +46,15 @@ This command will delete all stopped containers. The command the `rm` command which will delete them. Any running containers will not be deleted. - $ docker rm -v redis - redis + $ docker rm -v redis + redis This command will remove the container and any volumes associated with it. Note that if a volume was specified with a name, it will not be removed. - $ docker create -v awesome:/foo -v /bar --name hello redis - hello - $ docker rm -v hello + $ docker create -v awesome:/foo -v /bar --name hello redis + hello + $ docker rm -v hello In this example, the volume for `/foo` will remain intact, but the volume for `/bar` will be removed. The same behavior holds for volumes inherited with From 623082a1eba55df382f38a799623513275e35eb7 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Mon, 4 Jan 2016 23:58:20 +0800 Subject: [PATCH 1214/2538] Update RestartPolicy of container Add `--restart` flag for `update` command, so we can change restart policy for a container no matter it's running or stopped. Signed-off-by: Zhang Wei --- docs/reference/commandline/update.md | 22 +++++++++++++++++----- man/docker-update.1.md | 27 +++++++++++++++++++++------ 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index bcbfab6ab9..24fb1f290d 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -12,7 +12,7 @@ parent = "smn_cli" Usage: docker update [OPTIONS] CONTAINER [CONTAINER...] - Updates container resource limits + Update configuration of one or more containers --help=false Print usage --blkio-weight=0 Block IO (relative weight), between 10 and 1000 @@ -25,11 +25,12 @@ parent = "smn_cli" --memory-reservation="" Memory soft limit --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap --kernel-memory="" Kernel memory limit: container must be stopped + --restart Restart policy to apply when a container exits -The `docker update` command dynamically updates container resources. Use this -command to prevent containers from consuming too many resources from their -Docker host. With a single command, you can place limits on a single -container or on many. To specify more than one container, provide +The `docker update` command dynamically updates container configuration. +You can use this command to prevent containers from consuming too many resources +from their Docker host. With a single command, you can place limits on +a single container or on many. To specify more than one container, provide space-separated list of container names or IDs. With the exception of the `--kernel-memory` value, you can specify these @@ -38,6 +39,10 @@ options on a running or a stopped container. You can only update stopped container, the next time you restart it, the container uses those values. +Another configuration you can change with this command is restart policy, +new restart policy will take effect instantly after you run `docker update` +on a container. + ## EXAMPLES The following sections illustrate ways to use this command. @@ -59,3 +64,10 @@ To update multiple resource configurations for multiple containers: ```bash $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse ``` + +### Update a container's restart policy + +To update restart policy for one or more containers: +```bash +$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse +``` diff --git a/man/docker-update.1.md b/man/docker-update.1.md index a49fbd83d3..87849ef8d5 100644 --- a/man/docker-update.1.md +++ b/man/docker-update.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-update - Update resource configs of one or more containers +docker-update - Update configuration of one or more containers # SYNOPSIS **docker update** @@ -17,15 +17,16 @@ docker-update - Update resource configs of one or more containers [**-m**|**--memory**[=*MEMORY*]] [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*MEMORY-SWAP*]] +[**--restart**[=*""*]] CONTAINER [CONTAINER...] # DESCRIPTION -The `docker update` command dynamically updates container resources. Use this -command to prevent containers from consuming too many resources from their -Docker host. With a single command, you can place limits on a single -container or on many. To specify more than one container, provide -space-separated list of container names or IDs. +The `docker update` command dynamically updates container configuration. +you can Use this command to prevent containers from consuming too many +resources from their Docker host. With a single command, you can place +limits on a single container or on many. To specify more than one container, +provide space-separated list of container names or IDs. With the exception of the `--kernel-memory` value, you can specify these options on a running or a stopped container. You can only update @@ -33,6 +34,10 @@ options on a running or a stopped container. You can only update stopped container, the next time you restart it, the container uses those values. +Another configuration you can change with this command is restart policy, +new restart policy will take effect instantly after you run `docker update` +on a container. + # OPTIONS **--blkio-weight**=0 Block IO weight (relative weight) accepts a weight value between 10 and 1000. @@ -70,6 +75,9 @@ be updated to a stopped container, and affect after it's started. **--memory-swap**="" Total memory limit (memory + swap) +**--restart**="" + Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). + # EXAMPLES The following sections illustrate ways to use this command. @@ -91,3 +99,10 @@ To update multiple resource configurations for multiple containers: ```bash $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse ``` + +### Update a container's restart policy + +To update restart policy for one or more containers: +```bash +$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse +``` From fad60a834ee6d290df33aac15ccf0d3da1d30203 Mon Sep 17 00:00:00 2001 From: Zhu Guihua Date: Fri, 19 Feb 2016 14:13:52 +0800 Subject: [PATCH 1215/2538] fix storage driver options in man page Signed-off-by: Zhu Guihua --- man/docker-daemon.8.md | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 7584c91bd1..9b2fda47fd 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -244,9 +244,10 @@ internals) to create writable containers from images. Many of these backends use operating system level technologies and can be configured. -Specify options to the storage backend with **--storage-opt** flags. The only -backend that currently takes options is *devicemapper*. Therefore use these -flags with **-s=**devicemapper. +Specify options to the storage backend with **--storage-opt** flags. The +backends that currently take options are *devicemapper* and *zfs*. +Options for *devicemapper* are prefixed with *dm* and options for *zfs* +start with *zfs*. Specifically for devicemapper, the default is a "loopback" model which requires no pre-configuration, but is extremely inefficient. Do not @@ -258,7 +259,7 @@ more information see `man lvmthin`. Then, use `--storage-opt dm.thinpooldev` to tell the Docker engine to use that pool for allocating images and container snapshots. -Here is the list of *devicemapper* options: +##Devicemapper options: #### dm.thinpooldev @@ -464,6 +465,16 @@ this topic, see Otherwise, set this flag for migrating existing Docker daemons to a daemon with a supported environment. +##ZFS options + +#### zfs.fsname + +Set zfs filesystem under which docker will create its own datasets. +By default docker will pick up the zfs filesystem where docker graph +(`/var/lib/docker`) is located. + +Example use: `docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker` + # CLUSTER STORE OPTIONS The daemon uses libkv to advertise From 50f87e458ef29a79a0fbbefd15a503dc872ece3f Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 21 Feb 2016 09:58:42 -0800 Subject: [PATCH 1216/2538] bash completion for etwlogs logging driver Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7757f7d81a..793057ba38 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -395,6 +395,7 @@ __docker_complete_isolation() { __docker_complete_log_drivers() { COMPREPLY=( $( compgen -W " awslogs + etwlogs fluentd gelf journald From 0649b4f517e11d4b1abe35305d34972378d3ae40 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 21 Feb 2016 10:21:28 -0800 Subject: [PATCH 1217/2538] bash completion for `docker update --restart` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 793057ba38..0c98b4d801 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -516,6 +516,22 @@ __docker_complete_log_levels() { COMPREPLY=( $( compgen -W "debug info warn error fatal" -- "$cur" ) ) } +__docker_complete_restart() { + case "$prev" in + --restart) + case "$cur" in + on-failure:*) + ;; + *) + COMPREPLY=( $( compgen -W "always no on-failure on-failure: unless-stopped" -- "$cur") ) + ;; + esac + return + ;; + esac + return 1 +} + # a selection of the available signals that is most likely of interest in the # context of docker containers. __docker_complete_signals() { @@ -1658,6 +1674,7 @@ _docker_run() { __docker_complete_log_driver_options && return + __docker_complete_restart && return case "$prev" in --add-host) @@ -1755,16 +1772,6 @@ _docker_run() { esac return ;; - --restart) - case "$cur" in - on-failure:*) - ;; - *) - COMPREPLY=( $( compgen -W "always no on-failure on-failure: unless-stopped" -- "$cur") ) - ;; - esac - return - ;; --security-opt) case "$cur" in label:*:*) @@ -1939,6 +1946,7 @@ _docker_update() { --memory -m --memory-reservation --memory-swap + --restart " local boolean_options=" @@ -1947,6 +1955,8 @@ _docker_update() { local all_options="$options_with_args $boolean_options" + __docker_complete_restart && return + case "$prev" in $(__docker_to_extglob "$options_with_args") ) return From 06e3a6ccd0b798ef4757ea7f82f8301a19429e02 Mon Sep 17 00:00:00 2001 From: Zhu Guihua Date: Tue, 23 Feb 2016 16:09:44 +0800 Subject: [PATCH 1218/2538] Fix markdown style error in man page Signed-off-by: Zhu Guihua --- man/docker-daemon.8.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 9b2fda47fd..c7ab68628b 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -259,7 +259,7 @@ more information see `man lvmthin`. Then, use `--storage-opt dm.thinpooldev` to tell the Docker engine to use that pool for allocating images and container snapshots. -##Devicemapper options: +## Devicemapper options #### dm.thinpooldev @@ -465,7 +465,7 @@ this topic, see Otherwise, set this flag for migrating existing Docker daemons to a daemon with a supported environment. -##ZFS options +## ZFS options #### zfs.fsname From fafe6f2ab2277ddee6ef6832f69711e9d1fa40d0 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Mon, 22 Feb 2016 20:22:20 +0100 Subject: [PATCH 1219/2538] Fix some typos in comments and strings Most of them were found and fixed by codespell. Signed-off-by: Stefan Weil --- man/docker-logs.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/docker-logs.1.md b/man/docker-logs.1.md index 21501dc51d..f910b53574 100644 --- a/man/docker-logs.1.md +++ b/man/docker-logs.1.md @@ -42,9 +42,9 @@ logging drivers. **--tail**="*all*" Output the specified number of lines at the end of logs (defaults to all logs) -The `--since` option can be Unix timestamps, date formated timestamps, or Go +The `--since` option can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine’s -time. Supported formats for date formated time stamps include RFC3339Nano, +time. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be used if you do not provide either a `Z` or a `+-00:00` timezone offset at the From 543ca103945c0d8fdf650758262b8c1272432291 Mon Sep 17 00:00:00 2001 From: Aidan Hobson Sayers Date: Tue, 23 Feb 2016 16:08:09 +0000 Subject: [PATCH 1220/2538] Update docs for enableipv6 Signed-off-by: Aidan Hobson Sayers --- docs/reference/commandline/network_create.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 967eeb6378..6ae18e6e73 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -136,12 +136,16 @@ The following are those options and the equivalent docker daemon flags used for | `com.docker.network.bridge.host_binding_ipv4` | `--ip` | Default IP when binding container ports | | `com.docker.network.mtu` | `--mtu` | Set the containers network MTU | -The following arguments can be passed to `docker network create` for any network driver. +The following arguments can be passed to `docker network create` for any network driver, again with their approximate +equivalents to `docker daemon`. -| Argument | Equivalent | Description | -|--------------|------------|------------------------------------------| -| `--internal` | - | Restricts external access to the network | -| `--ipv6` | `--ipv6` | Enable IPv6 networking | +| Argument | Equivalent | Description | +|--------------|----------------|--------------------------------------------| +| `--gateway` | - | ipv4 or ipv6 Gateway for the master subnet | +| `--ip-range` | `--fixed-cidr` | Allocate IPs from a range | +| `--internal` | - | Restricts external access to the network | +| `--ipv6` | `--ipv6` | Enable IPv6 networking | +| `--subnet` | `--bip` | Subnet for network | For example, let's use `-o` or `--opt` options to specify an IP address binding when publishing ports: From beb7b68810a802bd3171038ccc8b000120d1b705 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Wed, 3 Feb 2016 17:46:01 -0500 Subject: [PATCH 1221/2538] Add mounts to docker ps. - Allow to filter containers by volume with `--filter volume=name` and `filter volume=/dest`. - Show their names in the list with the custom format `{{ .Mounts }}`. Signed-off-by: David Calavera --- docs/reference/commandline/ps.md | 14 ++++++++++++++ man/docker-ps.1.md | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 0ec16cf2c1..af82322e87 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -60,6 +60,7 @@ The currently supported filters are: * before (container's id or name) - filters containers created before given id or name * since (container's id or name) - filters containers created since given id or name * isolation (default|process|hyperv) (Windows daemon only) +* volume (volume name or mount point) - filters containers that mount volumes. #### Label @@ -193,6 +194,18 @@ with the same containers as in `before` filter: 9c3527ed70ce busybox "top" 10 minutes ago Up 10 minutes desperate_dubinsky 4aace5031105 busybox "top" 10 minutes ago Up 10 minutes focused_hamilton +#### Volume + +The `volume` filter shows only containers that mount a specific volume or have a volume mounted in a specific path: + + $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" + CONTAINER ID MOUNTS + 9c3527ed70ce remote-volume + + $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" + CONTAINER ID MOUNTS + 9c3527ed70ce remote-volume + ## Formatting @@ -213,6 +226,7 @@ Placeholder | Description `.Names` | Container names. `.Labels` | All labels assigned to the container. `.Label` | Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` +`.Mounts` | Names of the volumes mounted in this container. When using the `--format` option, the `ps` command will either output the data exactly as the template declares or, when using the `table` directive, will include column headers as well. diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index 6e1fe9a6c0..f567966487 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -35,6 +35,7 @@ the running containers. - before=(|) - since=(|) - ancestor=([:tag]||) - containers created from an image or a descendant. + - volume=(|) **--format**="*TEMPLATE*" Pretty-print containers using a Go template. @@ -50,6 +51,7 @@ the running containers. .Names - Container names. .Labels - All labels assigned to the container. .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` + .Mounts - Names of the volumes mounted in this container. **--help** Print usage statement @@ -118,6 +120,18 @@ the running containers. c1d3b0166030 debian 41d50ecd2f57 fedora +# Display containers with `remote-volume` mounted + + $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" + CONTAINER ID MOUNTS + 9c3527ed70ce remote-volume + +# Display containers with a volume mounted in `/data` + + $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" + CONTAINER ID MOUNTS + 9c3527ed70ce remote-volume + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 6f778ea663ec9459eca9561a1f4a874c7b452539 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Wed, 24 Feb 2016 12:56:31 +0100 Subject: [PATCH 1222/2538] docs: reference: commandline: daemon: fedora 23+ has mapping files Signed-off-by: Antonio Murdaca --- docs/reference/commandline/daemon.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 6565bd7b9b..023e412b4f 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -715,10 +715,9 @@ the first 65536 range: dockremap:165536:65536 ``` -> **Note:** On a fresh Fedora install, we had to `touch` the -> `/etc/subuid` and `/etc/subgid` files to have ranges assigned when users -> were created. Once these files existed, range assignment on user creation -> worked properly. +> **Note:** On Fedora 22, you have to `touch` the `/etc/subuid` and `/etc/subgid` +> files to have ranges assigned when users are created. Once these files +> exist, range assignment on user creation works properly. If you have a preferred/self-managed user with subordinate ID mappings already configured, you can provide that username or uid to the `--userns-remap` flag. @@ -899,4 +898,4 @@ Updating and reloading the cluster configurations such as `--cluster-store`, `--cluster-advertise` and `--cluster-store-opts` will take effect only if these configurations were not previously configured. Configuration reload will log a warning message if it detects a change in previously configured cluster -configurations. \ No newline at end of file +configurations. From a429c0e84f2db5443bdce35c5f62c19d460103bc Mon Sep 17 00:00:00 2001 From: Tomasz Kopczynski Date: Tue, 23 Feb 2016 22:03:45 +0100 Subject: [PATCH 1223/2538] Docs: add note about CMD and ENTRYPOINT commands Signed-off-by: Tomasz Kopczynski --- docs/reference/builder.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 5dfb7f09f2..8a01d41d52 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -950,6 +950,29 @@ If you then run `docker stop test`, the container will not exit cleanly - the user 0m 0.04s sys 0m 0.03s +### Understand how CMD and ENTRYPOINT interact + +Both `CMD` and `ENTRYPOINT` instructions define what command gets executed when running a container. +There are few rules that describe their co-operation. + +1. Dockerfile should specify at least one of `CMD` or `ENTRYPOINT` commands. + +2. `ENTRYPOINT` should be defined when using the container as an executable. + +3. `CMD` should be used as a way of defining default arguments for an `ENTRYPOINT` command +or for executing an ad-hoc command in a container. + +4. `CMD` will be overridden when running the container with alternative arguments. + +The table below shows what command is executed for different `ENTRYPOINT` / `CMD` combinations: + +| | No ENTRYPOINT | ENTRYPOINT exec_entry p1_entry | ENTRYPOINT ["exec_entry", "p1_entry"] | +|--------------------------------|----------------------------|-----------------------------------------------------------|------------------------------------------------| +| **No CMD** | *error, not allowed* | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry | +| **CMD ["exec_cmd", "p1_cmd"]** | exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry exec_cmd p1_cmd | exec_entry p1_entry exec_cmd p1_cmd | +| **CMD ["p1_cmd", "p2_cmd"]** | p1_cmd p2_cmd | /bin/sh -c exec_entry p1_entry p1_cmd p2_cmd | exec_entry p1_entry p1_cmd p2_cmd | +| **CMD exec_cmd p1_cmd** | /bin/sh -c exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd | exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd | + ## VOLUME VOLUME ["/data"] From d83df084d3e0bdacffd132b7fef8a3aa62faa8a9 Mon Sep 17 00:00:00 2001 From: Jian Zhang Date: Thu, 25 Feb 2016 09:48:21 +0800 Subject: [PATCH 1224/2538] Fix some flaws in man. Signed-off-by: Jian Zhang --- man/docker-cp.1.md | 4 ++-- man/docker-events.1.md | 2 +- man/docker-import.1.md | 2 +- man/docker-network-ls.1.md | 12 ++++++------ man/docker-network-rm.1.md | 2 +- man/docker-rm.1.md | 10 +++++----- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/man/docker-cp.1.md b/man/docker-cp.1.md index bd15625e1b..eda3b36031 100644 --- a/man/docker-cp.1.md +++ b/man/docker-cp.1.md @@ -20,7 +20,7 @@ You can copy from the container's file system to the local machine or the reverse, from the local filesystem to the container. If `-` is specified for either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from `STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container. -The `SRC_PATH` or `DEST_PATH` be a file or directory. +The `SRC_PATH` or `DEST_PATH` can be a file or directory. The `docker cp` command assumes container paths are relative to the container's `/` (root) directory. This means supplying the initial forward slash is optional; @@ -82,7 +82,7 @@ It is not possible to copy certain system files such as resources under Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive. The command extracts the content of the tar to the `DEST_PATH` in container's filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as -`DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. +the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. # OPTIONS **-L**, **--follow-link**=*true*|*false* diff --git a/man/docker-events.1.md b/man/docker-events.1.md index fb8d7b00b8..4d0bff25c5 100644 --- a/man/docker-events.1.md +++ b/man/docker-events.1.md @@ -39,7 +39,7 @@ and Docker images will report: The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed -relative to the client machine’s time. If you do not provide the --since option, +relative to the client machine’s time. If you do not provide the `--since` option, the command returns only new and/or live events. Supported formats for date formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local diff --git a/man/docker-import.1.md b/man/docker-import.1.md index 0509dd0d67..43d65efe6a 100644 --- a/man/docker-import.1.md +++ b/man/docker-import.1.md @@ -39,7 +39,7 @@ Import to docker via pipe and stdin: # cat exampleimage.tgz | docker import - example/imagelocal -Import with a commit message +Import with a commit message. # cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new diff --git a/man/docker-network-ls.1.md b/man/docker-network-ls.1.md index ceca40573c..56a8334ae4 100644 --- a/man/docker-network-ls.1.md +++ b/man/docker-network-ls.1.md @@ -89,7 +89,7 @@ NETWORK ID NAME DRIVER You can also filter for a substring in a name as this shows: ```bash -$ docker ps --filter name=foo +$ docker network ls --filter name=foo NETWORK ID NAME DRIVER 95e74588f40d foo bridge 06e7eef0a170 foobar bridge @@ -99,8 +99,8 @@ NETWORK ID NAME DRIVER The `id` filter matches on all or part of a network's ID. -The following filter matches all networks with a name containing the -`06e7eef01700` string. +The following filter matches all networks with an ID containing the +`63d1ff1f77b0...` string. ```bash $ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 @@ -108,14 +108,14 @@ NETWORK ID NAME DRIVER 63d1ff1f77b0 dev bridge ``` -You can also filter for a substring in a ID as this shows: +You can also filter for a substring in an ID as this shows: ```bash -$ docker ps --filter id=95e74588f40d +$ docker network ls --filter id=95e74588f40d NETWORK ID NAME DRIVER 95e74588f40d foo bridge -$ docker ps --filter id=95e +$ docker network ls --filter id=95e NETWORK ID NAME DRIVER 95e74588f40d foo bridge ``` diff --git a/man/docker-network-rm.1.md b/man/docker-network-rm.1.md index 7f8e3dae53..c094a15286 100644 --- a/man/docker-network-rm.1.md +++ b/man/docker-network-rm.1.md @@ -20,7 +20,7 @@ To remove the network named 'my-network': ``` To delete multiple networks in a single `docker network rm` command, provide -multiple network names or id's. The following example deletes a network with id +multiple network names or ids. The following example deletes a network with id `3695c422697f` and a network named `my-network`: ```bash diff --git a/man/docker-rm.1.md b/man/docker-rm.1.md index 9ae3142a6c..2105288d0d 100644 --- a/man/docker-rm.1.md +++ b/man/docker-rm.1.md @@ -50,15 +50,15 @@ command. The use that name as follows: ## Removing a container and all associated volumes - $ docker rm -v redis - redis + $ docker rm -v redis + redis This command will remove the container and any volumes associated with it. Note that if a volume was specified with a name, it will not be removed. - $ docker create -v awesome:/foo -v /bar --name hello redis - hello - $ docker rm -v hello + $ docker create -v awesome:/foo -v /bar --name hello redis + hello + $ docker rm -v hello In this example, the volume for `/foo` will remain in tact, but the volume for `/bar` will be removed. The same behavior holds for volumes inherited with From aa86373f287e6aa3773b3424d8a3d4f3260ea4f6 Mon Sep 17 00:00:00 2001 From: Cameron Spear Date: Wed, 24 Feb 2016 23:03:44 -0800 Subject: [PATCH 1225/2538] Add the Local Persist plugin I wasn't 100% sure if it was appropriate to add plugin here, but @thaJeztah invited me to do so, so here it is! (see https://github.com/CWSpear/local-persist/issues/17#issuecomment-188523784) Signed-off-by: Cameron Spear --- docs/extend/plugins.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 997c9dfbc5..da46a16ed7 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -99,6 +99,11 @@ The following plugins exist: Neutron, the OpenStack networking service. It includes an IPAM driver as well. +* The [Local Persist Plugin](https://github.com/CWSpear/local-persist) + extends the default `local` driver's functionality by allowing you specify + a mountpoint anywhere on the host, which enables the files to *always persist*, + even if the volume is removed via `docker volume rm`. + ## Troubleshooting a plugin If you are having problems with Docker after loading a plugin, ask the authors From b610528a6a40a081024f8a613b5a1be310166a89 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Mon, 22 Feb 2016 14:48:25 +0100 Subject: [PATCH 1226/2538] resolve the config file from the sudo user Signed-off-by: Antonio Murdaca --- docs/reference/commandline/cli.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 96486d73d9..95a3c07bb6 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -78,6 +78,9 @@ For example: Instructs Docker to use the configuration files in your `~/testconfigs/` directory when running the `ps` command. +> **Note**: If you run docker commands with `sudo`, Docker first looks for a configuration +> file in `/root/.docker/`, before looking in `~/.docker/` for the user that did the sudo call. + Docker manages most of the files in the configuration directory and you should not modify them. However, you *can modify* the `config.json` file to control certain aspects of how the `docker` From a0399720ce1cc7740dea69a4715c863b3257272a Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Wed, 24 Feb 2016 03:13:44 -0500 Subject: [PATCH 1227/2538] Fix configuration reloading There are five options 'debug' 'labels' 'cluster-store' 'cluster-store-opts' and 'cluster-advertise' that can be reconfigured, configure any of these options should not affect other options which may have configured in flags. But this is not true, for example, I start a daemon with -D to enable the debugging, and after a while, I want reconfigure the 'label', so I add a file '/etc/docker/daemon.json' with content '"labels":["test"]' and send SIGHUP to daemon to reconfigure the daemon, it work, but the debugging of the daemon is also diabled. I don't think this is a expeted behaviour. This patch also have some minor refactor of reconfiguration of cluster-advertiser. Enable user to reconfigure cluster-advertiser without cluster-store in config file since cluster-store could also be already set in flag, and we only want to reconfigure the cluster-advertiser. Signed-off-by: Lei Jitang --- docs/reference/commandline/daemon.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 023e412b4f..7febded153 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -896,6 +896,8 @@ The list of currently supported options that can be reconfigured is this: Updating and reloading the cluster configurations such as `--cluster-store`, `--cluster-advertise` and `--cluster-store-opts` will take effect only if -these configurations were not previously configured. Configuration reload will -log a warning message if it detects a change in previously configured cluster -configurations. +these configurations were not previously configured. If `--cluster-store` +has been provided in flags and `cluster-advertise` not, `cluster-advertise` +can be added in the configuration file without accompanied by `--cluster-store` +Configuration reload will log a warning message if it detects a change in +previously configured cluster configurations. From 54afb612882e40395102d5cef2722c097411e1af Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Mon, 29 Feb 2016 09:43:44 +0000 Subject: [PATCH 1228/2538] Document interfaces a plugin can implement Signed-off-by: Linus Heckemann --- docs/extend/plugin_api.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index c6793a3dda..360ab5d71b 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -127,6 +127,13 @@ Plugins are activated via the following "handshake" API call. Responds with a list of Docker subsystems which this plugin implements. After activation, the plugin will then be sent events from this subsystem. +Possible values are: + - [`authz`](authorization.md) + - `GraphDriver` + - [`NetworkDriver`](plugins_network.md) + - [`VolumeDriver`](plugins_volume.md) + + ## Plugin retries Attempts to call a method on a plugin are retried with an exponential backoff From acc094305bcfdd3fbba2a27698ee69f7ab7f6f01 Mon Sep 17 00:00:00 2001 From: Linus Heckemann Date: Mon, 29 Feb 2016 15:59:54 +0000 Subject: [PATCH 1229/2538] Remove experimental GraphDriver plugin type Signed-off-by: Linus Heckemann --- docs/extend/plugin_api.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index 360ab5d71b..e0a91411f3 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -129,7 +129,6 @@ After activation, the plugin will then be sent events from this subsystem. Possible values are: - [`authz`](authorization.md) - - `GraphDriver` - [`NetworkDriver`](plugins_network.md) - [`VolumeDriver`](plugins_volume.md) From 4d6a232fc092aa58e049feb35c918ed096f0c080 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Mon, 29 Feb 2016 13:40:45 +0100 Subject: [PATCH 1230/2538] Revert "resolve the config file from the sudo user" This reverts commit afde6450ee7bd4a43765fdc0a9799b411276d9e4. Signed-off-by: Antonio Murdaca --- docs/reference/commandline/cli.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 95a3c07bb6..96486d73d9 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -78,9 +78,6 @@ For example: Instructs Docker to use the configuration files in your `~/testconfigs/` directory when running the `ps` command. -> **Note**: If you run docker commands with `sudo`, Docker first looks for a configuration -> file in `/root/.docker/`, before looking in `~/.docker/` for the user that did the sudo call. - Docker manages most of the files in the configuration directory and you should not modify them. However, you *can modify* the `config.json` file to control certain aspects of how the `docker` From 6ee9d8a187719ce051609da2284720a931f082d3 Mon Sep 17 00:00:00 2001 From: David Calavera Date: Sun, 7 Feb 2016 19:55:17 -0500 Subject: [PATCH 1231/2538] Client credentials store. This change implements communication with an external credentials store, ala git-credential-helper. The client falls back the plain text store, what we're currently using, if there is no remote store configured. It shells out to helper program when a credential store is configured. Those programs can be implemented with any language as long as they follow the convention to pass arguments and information. There is an implementation for the OS X keychain in https://github.com/calavera/docker-credential-helpers. That package also provides basic structure to create other helpers. Signed-off-by: David Calavera --- docs/reference/commandline/login.md | 74 +++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index faf3615a00..b20fb6cd96 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -38,3 +38,77 @@ credentials. When you log in, the command stores encoded credentials in > **Note**: When running `sudo docker login` credentials are saved in `/root/.docker/config.json`. > + +## Credentials store + +The Docker Engine can keep user credentials in an external credentials store, +such as the native keychain of the operating system. Using an external store +is more secure than storing credentials in the Docker configuration file. + +To use a credentials store, you need an external helper program to interact +with a specific keychain or external store. Docker requires the helper +program to be in the client's host `$PATH`. + +This is the list of currently available credentials helpers and where +you can download them from: + +- Apple OS X keychain: https://github.com/docker/docker-credential-helpers/releases +- Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases + +### Usage + +You need to speficy the credentials store in `HOME/.docker/config.json` +to tell the docker engine to use it: + +```json +{ + "credsStore": "osxkeychain" +} +``` + +If you are currently logged in, run `docker logout` to remove +the credentials from the file and run `docker login` again. + +### Protocol + +Credential helpers can be any program or script that follows a very simple protocol. +This protocol is heavily inspired by Git, but it differs in the information shared. + +The helpers always use the first argument in the command to identify the action. +There are only three possible values for that argument: `store`, `get`, and `erase`. + +The `store` command takes a JSON payload from the standard input. That payload carries +the server address, to identify the credential, the user name and the password. +This is an example of that payload: + +```json +{ + "ServerURL": "https://index.docker.io/v1", + "Username": "david", + "Password": "passw0rd1" +} +``` + +The `store` command can write error messages to `STDOUT` that the docker engine +will show if there was an issue. + +The `get` command takes a string payload from the standard input. That payload carries +the server address that the docker engine needs credentials for. This is +an example of that payload: `https://index.docker.io/v1`. + +The `get` command writes a JSON payload to `STDOUT`. Docker reads the user name +and password from this payload: + +```json +{ + "Username": "david", + "Password": "passw0rd1" +} +``` + +The `erase` command takes a string payload from `STDIN`. That payload carries +the server address that the docker engine wants to remove credentials for. This is +an example of that payload: `https://index.docker.io/v1`. + +The `erase` command can write error messages to `STDOUT` that the docker engine +will show if there was an issue. From 119605fc248c2c3884a999d6162946b48d6c0312 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Tue, 1 Mar 2016 05:24:27 -0500 Subject: [PATCH 1232/2538] Add docs for cgroup-parent of systemd cgroup Signed-off-by: Qiang Huang --- docs/reference/commandline/daemon.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 7febded153..99bbce1802 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -804,6 +804,14 @@ Assuming the daemon is running in cgroup `daemoncgroup`, `/sys/fs/cgroup/memory/foobar`, whereas using `--cgroup-parent=foobar` creates the cgroup in `/sys/fs/cgroup/memory/daemoncgroup/foobar` +The systemd cgroup driver has different rules for `--cgroup-parent`. Systemd +represents hierarchy by slice and the name of the slice encodes the location in +the tree. So `--cgroup-parent` for systemd cgroups should be a slice name. A +name can consist of a dash-separated series of names, which describes the path +to the slice from the root slice. For example, `--cgroup-parent=user-a-b.slice` +means the memory cgroup for the container is created in +`/sys/fs/cgroup/memory/user.slice/user-a.slice/user-a-b.slice/docker-.scope`. + This setting can also be set per container, using the `--cgroup-parent` option on `docker create` and `docker run`, and takes precedence over the `--cgroup-parent` option on the daemon. From a3052467938220f7e94099b2916b985edf68a139 Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Tue, 1 Mar 2016 14:21:34 +0100 Subject: [PATCH 1233/2538] zsh: Reword some descriptions Use of "Set ..." and "Specify ..." are removed in favor of directly using nouns. Also: - add description for `run --isolation` - reduce description of `run --shm-size` - fix `daemon --bip` argument handling Signed-off-by: Vincent Bernat --- contrib/completion/zsh/_docker | 62 +++++++++++++++++----------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4e6a18f11b..059aab9e1a 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -325,15 +325,15 @@ __docker_network_subcommand() { (create) _arguments $(__docker_arguments) -A '-*' \ $opts_help \ - "($help)*--aux-address[Auxiliary ipv4 or ipv6 addresses used by network driver]:key=IP: " \ + "($help)*--aux-address[Auxiliary IPv4 or IPv6 addresses used by network driver]:key=IP: " \ "($help -d --driver)"{-d=,--driver=}"[Driver to manage the Network]:driver:(null host bridge overlay)" \ - "($help)*--gateway=[ipv4 or ipv6 Gateway for the master subnet]:IP: " \ + "($help)*--gateway=[IPv4 or IPv6 Gateway for the master subnet]:IP: " \ "($help)--internal[Restricts external access to the network]" \ "($help)*--ip-range=[Allocate container ip from a sub-range]:IP/mask: " \ "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \ - "($help)*--ipam-opt=[Set custom IPAM plugin options]:opt=value: " \ + "($help)*--ipam-opt=[Custom IPAM plugin options]:opt=value: " \ "($help)--ipv6[Enable IPv6 networking]" \ - "($help)*"{-o=,--opt=}"[Set driver specific options]:opt=value: " \ + "($help)*"{-o=,--opt=}"[Driver specific options]:opt=value: " \ "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \ "($help -)1:Network Name: " && ret=0 ;; @@ -422,9 +422,9 @@ __docker_volume_subcommand() { (create) _arguments $(__docker_arguments) \ $opts_help \ - "($help -d --driver)"{-d=,--driver=}"[Specify volume driver name]:Driver name:(local)" \ - "($help)--name=[Specify volume name]" \ - "($help)*"{-o=,--opt=}"[Set driver specific options]:Driver option: " && ret=0 + "($help -d --driver)"{-d=,--driver=}"[Volume driver name]:Driver name:(local)" \ + "($help)--name=[Volume name]" \ + "($help)*"{-o=,--opt=}"[Driver specific options]:Driver option: " && ret=0 ;; (inspect) _arguments $(__docker_arguments) \ @@ -484,8 +484,8 @@ __docker_subcommand() { opts_help=("(: -)--help[Print usage]") opts_build_create_run=( "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " - "($help)--isolation=[]:isolation:(default hyperv process)" - "($help)*--shm-size=[Size of '/dev/shm'. The format is ''. Default is '64m'.]:shm size: " + "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" + "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " "($help)*--ulimit=[ulimit options]:ulimit: " ) opts_build_create_run_update=( @@ -509,10 +509,10 @@ __docker_subcommand() { "($help)*--device-read-iops=[Limit the read rate (IO per second) from a device]:device:IO rate: " "($help)*--device-write-bps=[Limit the write rate (bytes per second) to a device]:device:IO rate: " "($help)*--device-write-iops=[Limit the write rate (IO per second) to a device]:device:IO rate: " - "($help)*--dns=[Set custom DNS servers]:DNS server: " - "($help)*--dns-opt=[Set custom DNS options]:DNS option: " - "($help)*--dns-search=[Set custom DNS search domains]:DNS domains: " - "($help)*"{-e=,--env=}"[Set environment variables]:environment variable: " + "($help)*--dns=[Custom DNS servers]:DNS server: " + "($help)*--dns-opt=[Custom DNS options]:DNS option: " + "($help)*--dns-search=[Custom DNS search domains]:DNS domains: " + "($help)*"{-e=,--env=}"[Environment variables]:environment variable: " "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: " "($help)*--env-file=[Read environment variables from a file]:environment file:_files" "($help)*--expose=[Expose a port from the container without publishing it]: " @@ -523,7 +523,7 @@ __docker_subcommand() { "($help)--ip6=[Container IPv6 address]:IPv6: " "($help)--ipc=[IPC namespace to use]:IPC namespace: " "($help)*--link=[Add link to another container]:link:->link" - "($help)*"{-l=,--label=}"[Set meta data on a container]:label: " + "($help)*"{-l=,--label=}"[Container metadata]:label: " "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" "($help)--mac-address=[Container MAC address]:MAC address: " @@ -549,11 +549,11 @@ __docker_subcommand() { ) opts_create_run_update=( "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" - "($help)--kernel-memory=[Kernel memory limit in bytes.]:Memory limit: " + "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: " "($help)--memory-reservation=[Memory soft limit]:Memory limit: " ) opts_attach_exec_run_start=( - "($help)--detach-keys=[Specify the escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" + "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" ) case "$words[1]" in @@ -570,7 +570,7 @@ __docker_subcommand() { $opts_help \ $opts_build_create_run \ $opts_build_create_run_update \ - "($help)*--build-arg[Set build-time variables]:=: " \ + "($help)*--build-arg[Build-time variables]:=: " \ "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ "($help)--force-rm[Always remove intermediate containers]" \ "($help)--no-cache[Do not use cache when building the image]" \ @@ -593,7 +593,7 @@ __docker_subcommand() { (cp) _arguments $(__docker_arguments) \ $opts_help \ - "($help -L --follow-link)"{-L,--follow-link}"[Always follow symbol link in SRC_PATH]" \ + "($help -L --follow-link)"{-L,--follow-link}"[Always follow symbol link]" \ "($help -)1:container:->container" \ "($help -)2:hostpath:_files" && ret=0 case $state in @@ -631,23 +631,23 @@ __docker_subcommand() { (daemon) _arguments $(__docker_arguments) \ $opts_help \ - "($help)--api-cors-header=[Set CORS headers in the remote API]:CORS headers: " \ - "($help)*--authorization-plugin=[Set authorization plugins to load]" \ + "($help)--api-cors-header=[CORS headers in the remote API]:CORS headers: " \ + "($help)*--authorization-plugin=[Authorization plugins to load]" \ "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ - "($help)--bip=[Specify network bridge IP]" \ - "($help)--cgroup-parent=[Set parent cgroup for all containers]:cgroup: " \ + "($help)--bip=[Network bridge IP]:IP address: " \ + "($help)--cgroup-parent=[Parent cgroup for all containers]:cgroup: " \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ "($help)--cluster-store=[URL of the distributed storage backend]:Cluster Store:->cluster-store" \ "($help)--cluster-advertise=[Address of the daemon instance to advertise]:Instance to advertise (host\:port): " \ - "($help)*--cluster-store-opt=[Set cluster options]:Cluster options:->cluster-store-options" \ + "($help)*--cluster-store-opt=[Cluster options]:Cluster options:->cluster-store-options" \ "($help)*--dns=[DNS server to use]:DNS: " \ "($help)*--dns-search=[DNS search domains to use]:DNS search: " \ "($help)*--dns-opt=[DNS options to use]:DNS option: " \ - "($help)*--default-ulimit=[Set default ulimit settings for containers]:ulimit: " \ + "($help)*--default-ulimit=[Default ulimit settings for containers]:ulimit: " \ "($help)--disable-legacy-registry[Do not contact legacy registries]" \ - "($help)*--exec-opt=[Set exec driver options]:exec driver options: " \ + "($help)*--exec-opt=[Exec driver options]:exec driver options: " \ "($help)--exec-root=[Root of the Docker execdriver]:path:_directories" \ "($help)--fixed-cidr=[IPv4 subnet for fixed IPs]:IPv4 subnet: " \ "($help)--fixed-cidr-v6=[IPv6 subnet for fixed IPs]:IPv6 subnet: " \ @@ -661,17 +661,17 @@ __docker_subcommand() { "($help)--ip-masq[Enable IP masquerading]" \ "($help)--iptables[Enable addition of iptables rules]" \ "($help)--ipv6[Enable IPv6 networking]" \ - "($help -l --log-level)"{-l=,--log-level=}"[Set the logging level]:level:(debug info warn error fatal)" \ - "($help)*--label=[Set key=value labels to the daemon]:label: " \ + "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \ + "($help)*--label=[Key=value labels]:label: " \ "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" \ "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" \ - "($help)--mtu=[Set the containers network MTU]:mtu:(0 576 1420 1500 9000)" \ + "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \ "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ "($help)--raw-logs[Full timestamps without ANSI coloring]" \ "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \ "($help -s --storage-driver)"{-s=,--storage-driver=}"[Storage driver to use]:driver:(aufs devicemapper btrfs zfs overlay)" \ "($help)--selinux-enabled[Enable selinux support]" \ - "($help)*--storage-opt=[Set storage driver options]:storage driver options: " \ + "($help)*--storage-opt=[Storage driver options]:storage driver options: " \ "($help)--tls[Use TLS]" \ "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \ "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \ @@ -769,7 +769,7 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ - "($help -m --message)"{-m=,--message=}"[Set commit message for imported image]:message: " \ + "($help -m --message)"{-m=,--message=}"[Commit message for imported image]:message: " \ "($help -):URL:(- http:// file://)" \ "($help -): :__docker_repositories_with_tags" && ret=0 ;; @@ -1049,7 +1049,7 @@ _docker() { "($help)--config[Location of client config files]:path:_directories" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \ - "($help -l --log-level)"{-l=,--log-level=}"[Set the logging level]:level:(debug info warn error fatal)" \ + "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \ "($help)--tls[Use TLS]" \ "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \ "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \ From 317cfbd7bd833e809f61914b716bac92d678fdc1 Mon Sep 17 00:00:00 2001 From: Ken Cochrane Date: Mon, 29 Feb 2016 17:51:36 -0800 Subject: [PATCH 1234/2538] Remove email address field from login This removes the email prompt when you use docker login, and also removes the ability to register via the docker cli. Docker login, will strictly be used for logging into a registry server. Signed-off-by: Ken Cochrane --- contrib/completion/bash/docker | 6 +++--- contrib/completion/fish/docker.fish | 5 +---- contrib/completion/zsh/_docker | 1 - docs/deprecated.md | 7 +++++++ docs/reference/commandline/login.md | 7 +++---- man/docker-login.1.md | 12 ++++-------- 6 files changed, 18 insertions(+), 20 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0c98b4d801..23e1dfe268 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -811,7 +811,7 @@ _docker_daemon() { return ;; esac - + local key=$(__docker_map_key_of_current_option '--storage-opt') case "$key" in dm.@(blkdiscard|override_udev_sync_check|use_deferred_@(removal|deletion))) @@ -1205,14 +1205,14 @@ _docker_load() { _docker_login() { case "$prev" in - --email|-e|--password|-p|--username|-u) + --password|-p|--username|-u) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--email -e --help --password -p --username -u" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --password -p --username -u" -- "$cur" ) ) ;; esac } diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 4e1c1cf408..1e734c7d3a 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -221,8 +221,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from load' -l help -d 'Print complete -c docker -A -f -n '__fish_seen_subcommand_from load' -s i -l input -d 'Read from a tar archive file, instead of STDIN' # login -complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Register or log in to a Docker registry server' -complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s e -l email -d 'Email' +complete -c docker -f -n '__fish_docker_no_subcommand' -a login -d 'Log in to a Docker registry server' complete -c docker -A -f -n '__fish_seen_subcommand_from login' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s p -l password -d 'Password' complete -c docker -A -f -n '__fish_seen_subcommand_from login' -s u -l username -d 'Username' @@ -399,5 +398,3 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the D complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code' complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from wait' -a '(__fish_print_docker_containers running)' -d "Container" - - diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 059aab9e1a..b17f5fd712 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -812,7 +812,6 @@ __docker_subcommand() { (login) _arguments $(__docker_arguments) \ $opts_help \ - "($help -e --email)"{-e=,--email=}"[Email]:email: " \ "($help -p --password)"{-p=,--password=}"[Password]:password: " \ "($help -u --user)"{-u=,--user=}"[Username]:username: " \ "($help -)1:server: " && ret=0 diff --git a/docs/deprecated.md b/docs/deprecated.md index 4ed127f953..7a351ac176 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -14,6 +14,13 @@ weight=80 The following list of features are deprecated in Engine. +### `-e` and `--email` flags on `docker login` +**Deprecated In Release: v1.11** + +**Target For Removal In Release: v1.13** + +The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. + ### Ambiguous event fields in API **Deprecated In Release: v1.10** diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index b20fb6cd96..832902984c 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -12,10 +12,9 @@ parent = "smn_cli" Usage: docker login [OPTIONS] [SERVER] - Register or log in to a Docker registry server, if no server is + Log in to a Docker registry server, if no server is specified "https://index.docker.io/v1/" is the default. - -e, --email="" Email --help Print usage -p, --password="" Password -u, --username="" Username @@ -27,10 +26,10 @@ adding the server name. $ docker login localhost:8080 -`docker login` requires user to use `sudo` or be `root`, except when: +`docker login` requires user to use `sudo` or be `root`, except when: 1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. -2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/security/security/#docker-daemon-attack-surface) for details. You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in diff --git a/man/docker-login.1.md b/man/docker-login.1.md index c32a49b075..ea89937644 100644 --- a/man/docker-login.1.md +++ b/man/docker-login.1.md @@ -2,26 +2,25 @@ % Docker Community % JUNE 2014 # NAME -docker-login - Register or log in to a Docker registry. +docker-login - Log in to a Docker registry. # SYNOPSIS **docker login** -[**-e**|**--email**[=*EMAIL*]] [**--help**] [**-p**|**--password**[=*PASSWORD*]] [**-u**|**--username**[=*USERNAME*]] [SERVER] # DESCRIPTION -Register or log in to a Docker Registry located on the specified +Log in to a Docker Registry located on the specified `SERVER`. You can specify a URL or a `hostname` for the `SERVER` value. If you do not specify a `SERVER`, the command uses Docker's public registry located at `https://registry-1.docker.io/` by default. To get a username/password for Docker's public registry, create an account on Docker Hub. -`docker login` requires user to use `sudo` or be `root`, except when: +`docker login` requires user to use `sudo` or be `root`, except when: 1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. -2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details. You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in @@ -31,9 +30,6 @@ credentials. When you log in, the command stores encoded credentials in > # OPTIONS -**-e**, **--email**="" - Email - **--help** Print usage statement From 6c61d29231232712188eb0e37b064451a9392a1b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 1 Mar 2016 17:28:42 +0100 Subject: [PATCH 1235/2538] Remove some references to "register" through login These were left-overs from the now deprecated and removed functionality to registrer a new account through "docker login" Signed-off-by: Sebastiaan van Stijn --- man/docker-logout.1.md | 2 +- man/docker.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/docker-logout.1.md b/man/docker-logout.1.md index d116986798..a8a4b7c3c0 100644 --- a/man/docker-logout.1.md +++ b/man/docker-logout.1.md @@ -24,7 +24,7 @@ There are no available options. # docker logout localhost:8080 # See also -**docker-login(1)** to register or log in to a Docker registry server. +**docker-login(1)** to log in to a Docker registry server. # HISTORY June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io) diff --git a/man/docker.1.md b/man/docker.1.md index f2bb68f2ce..f59f98abdf 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -132,7 +132,7 @@ inside it) See **docker-load(1)** for full documentation on the **load** command. **login** - Register or login to a Docker Registry + Log in to a Docker Registry See **docker-login(1)** for full documentation on the **login** command. **logout** From f18d114874ea584fd6ae18ba2c0207d5bf38fb94 Mon Sep 17 00:00:00 2001 From: Mike Danese Date: Fri, 18 Dec 2015 09:43:32 -0800 Subject: [PATCH 1236/2538] daemon/logger: Add logging driver for Google Cloud Logging Signed-off-by: Mike Danese --- contrib/completion/bash/docker | 7 ++++++- contrib/completion/zsh/_docker | 2 ++ man/docker-create.1.md | 2 +- man/docker-daemon.8.md | 2 +- man/docker-run.1.md | 2 +- 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 23e1dfe268..cbb51c5d27 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -397,6 +397,7 @@ __docker_complete_log_drivers() { awslogs etwlogs fluentd + gcplogs gelf journald json-file @@ -410,13 +411,14 @@ __docker_complete_log_options() { # see docs/reference/logging/index.md local awslogs_options="awslogs-region awslogs-group awslogs-stream" local fluentd_options="env fluentd-address labels tag" + local gcplogs_options="env gcp-log-cmd gcp-project labels" local gelf_options="env gelf-address labels tag" local journald_options="env labels tag" local json_file_options="env labels max-file max-size" local syslog_options="syslog-address syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify syslog-facility tag" local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag" - local all_options="$fluentd_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" + local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" case $(__docker_value_of_option --log-driver) in '') @@ -428,6 +430,9 @@ __docker_complete_log_options() { fluentd) COMPREPLY=( $( compgen -W "$fluentd_options" -S = -- "$cur" ) ) ;; + gcplogs) + COMPREPLY=( $( compgen -W "$gcplogs_options" -S = -- "$cur" ) ) + ;; gelf) COMPREPLY=( $( compgen -W "$gelf_options" -S = -- "$cur" ) ) ;; diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index b17f5fd712..3a1f399f51 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -201,6 +201,7 @@ __docker_get_log_options() { awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream") fluentd_options=("env" "fluentd-address" "labels" "tag") + gcplogs_options=("env" "gcp-log-cmd" "gcp-project" "labels") gelf_options=("env" "gelf-address" "labels" "tag") journald_options=("env" "labels") json_file_options=("env" "labels" "max-file" "max-size") @@ -209,6 +210,7 @@ __docker_get_log_options() { [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0 [[ $log_driver = (fluentd|all) ]] && _describe -t fluentd-options "fluentd options" fluentd_options "$@" && ret=0 + [[ $log_driver = (gcplogs|all) ]] && _describe -t gcplogs-options "gcplogs options" gcplogs_options "$@" && ret=0 [[ $log_driver = (gelf|all) ]] && _describe -t gelf-options "gelf options" gelf_options "$@" && ret=0 [[ $log_driver = (journald|all) ]] && _describe -t journald-options "journald options" journald_options "$@" && ret=0 [[ $log_driver = (json-file|all) ]] && _describe -t json-file-options "json-file options" json_file_options "$@" && ret=0 diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 36f0d94ef3..6a2640d205 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -214,7 +214,7 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index c7ab68628b..9f699c7124 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -185,7 +185,7 @@ unix://[/path/to/socket] to use. **--label**="[]" Set key=value labels to the daemon (displayed in `docker info`) -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Default driver for container logs. Default is `json-file`. **Warning**: `docker logs` command works only for `json-file` logging driver. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 90e3ebdf44..bf75fb68ef 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -320,7 +320,7 @@ container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*none*" +**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. From ecd12ef1455e247dc58e55d83bfcae5172c2f397 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 2 Mar 2016 14:46:18 +0100 Subject: [PATCH 1237/2538] docs: improve note for Fedora 22 Move the note more up, to prevent people from starting the daemon with --userns-remap before touching the files. Also clarify that these steps must be done *before* enabling userns-remap and starting the daemon. Also fixed some minor Markup formatting issues. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/daemon.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 99bbce1802..ccd72c1034 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -696,11 +696,17 @@ these resources are name-based, not id-based. If the numeric ID information provided does not exist as entries in `/etc/passwd` or `/etc/group`, daemon startup will fail with an error message. +> **Note:** On Fedora 22, you have to `touch` the `/etc/subuid` and `/etc/subgid` +> files to have ranges assigned when users are created. This must be done +> *before* the `--userns-remap` option is enabled. Once these files exist, the +> daemon can be (re)started and range assignment on user creation works properly. + *Example: starting with default Docker user management:* +```bash +$ docker daemon --userns-remap=default ``` - $ docker daemon --userns-remap=default -``` + When `default` is provided, Docker will create - or find the existing - user and group named `dockremap`. If the user is created, and the Linux distribution has appropriate support, the `/etc/subuid` and `/etc/subgid` files will be populated @@ -709,15 +715,11 @@ at an offset based on prior entries in those files. For example, Ubuntu will create the following range, based on an existing user named `user1` already owning the first 65536 range: +```bash +$ cat /etc/subuid +user1:100000:65536 +dockremap:165536:65536 ``` - $ cat /etc/subuid - user1:100000:65536 - dockremap:165536:65536 -``` - -> **Note:** On Fedora 22, you have to `touch` the `/etc/subuid` and `/etc/subgid` -> files to have ranges assigned when users are created. Once these files -> exist, range assignment on user creation works properly. If you have a preferred/self-managed user with subordinate ID mappings already configured, you can provide that username or uid to the `--userns-remap` flag. From 09f4e2e654776f6ffddb9ac4bcf3f1e1c6acb429 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Thu, 18 Feb 2016 18:10:31 +0800 Subject: [PATCH 1238/2538] Add CgroupDriver to docker info Fixes: #19539 Signed-off-by: Qiang Huang --- docs/reference/commandline/info.md | 1 + man/docker-info.1.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index e3cce9bbee..06f7848d5a 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -33,6 +33,7 @@ For example: Dirperm1 Supported: true Execution Driver: native-0.2 Logging Driver: json-file + Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge null host diff --git a/man/docker-info.1.md b/man/docker-info.1.md index 93004a83c9..1ebcd1a419 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -42,6 +42,7 @@ Here is a sample output: Dirs: 80 Execution Driver: native-0.2 Logging Driver: json-file + Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge null host From b1bac487a6500b6bf6aabfc2c4e846c12ad1986a Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 11 Feb 2016 21:48:16 -0500 Subject: [PATCH 1239/2538] Support mount opts for `local` volume driver Allows users to submit options similar to the `mount` command when creating a volume with the `local` volume driver. For example: ```go $ docker volume create -d local --opt type=nfs --opt device=myNfsServer:/data --opt o=noatime,nosuid ``` Signed-off-by: Brian Goff --- docs/reference/commandline/volume_create.md | 30 ++++++++++++++++----- man/docker-volume-create.1.md | 24 ++++++++++------- 2 files changed, 39 insertions(+), 15 deletions(-) diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 79e794698f..da2c66de80 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -21,10 +21,12 @@ parent = "smn_cli" Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: - $ docker volume create --name hello - hello +```bash +$ docker volume create --name hello +hello - $ docker run -d -v hello:/world busybox ls /world +$ docker run -d -v hello:/world busybox ls /world +``` The mount is created inside the container's `/world` directory. Docker does not support relative paths for mount points inside the container. @@ -42,16 +44,32 @@ If you specify a volume name already in use on the current driver, Docker assume Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options: - $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey +```bash +$ docker volume create --driver fake --opt tardis=blue --opt timey=wimey +``` These options are passed directly to the volume driver. Options for different volume drivers may do different things (or nothing at all). -*Note*: The built-in `local` volume driver does not currently accept any options. +The built-in `local` driver on Windows does not support any options. + +The built-in `local` driver on Linux accepts options similar to the linux `mount` +command: + +```bash +$ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 +``` + +Another example: + +```bash +$ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 +``` + ## Related information * [volume inspect](volume_inspect.md) * [volume ls](volume_ls.md) * [volume rm](volume_rm.md) -* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) \ No newline at end of file +* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) diff --git a/man/docker-volume-create.1.md b/man/docker-volume-create.1.md index 24b39bc5a2..43338095c7 100644 --- a/man/docker-volume-create.1.md +++ b/man/docker-volume-create.1.md @@ -15,11 +15,9 @@ docker-volume-create - Create a new volume Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: - ``` - $ docker volume create --name hello - hello - $ docker run -d -v hello:/world busybox ls /world - ``` + $ docker volume create --name hello + hello + $ docker run -d -v hello:/world busybox ls /world The mount is created inside the container's `/src` directory. Docker doesn't not support relative paths for mount points inside the container. @@ -29,14 +27,22 @@ Multiple containers can use the same volume in the same time period. This is use Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options: - ``` - $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey - ``` + $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey These options are passed directly to the volume driver. Options for different volume drivers may do different things (or nothing at all). -*Note*: The built-in `local` volume driver does not currently accept any options. +The built-in `local` driver on Windows does not support any options. + +The built-in `local` driver on Linux accepts options similar to the linux `mount` +command: + + $ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 + +Another example: + + $ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 + # OPTIONS **-d**, **--driver**="*local*" From 31e78dd369b81cd6d5c81687384c1ab65cfb8fa7 Mon Sep 17 00:00:00 2001 From: Micah Zoltu Date: Thu, 3 Mar 2016 23:40:28 +0000 Subject: [PATCH 1240/2538] Adds clarification to behavior of missing directories. Closes #20920 Signed-off-by: Micah Zoltu --- docs/reference/commandline/cp.md | 3 ++- man/docker-cp.1.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index 9359bef365..841aeb36e0 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -39,7 +39,8 @@ the user and primary group at the destination. For example, files copied to a container are created with `UID:GID` of the root user. Files copied to the local machine are created with the `UID:GID` of the user which invoked the `docker cp` command. If you specify the `-L` option, `docker cp` follows any symbolic link -in the `SRC_PATH`. +in the `SRC_PATH`. `docker cp` does *not* create parent directories for +`DEST_PATH` if they do not exist. Assuming a path separator of `/`, a first argument of `SRC_PATH` and second argument of `DEST_PATH`, the behavior is as follows: diff --git a/man/docker-cp.1.md b/man/docker-cp.1.md index eda3b36031..84d64c2688 100644 --- a/man/docker-cp.1.md +++ b/man/docker-cp.1.md @@ -36,7 +36,8 @@ the user and primary group at the destination. For example, files copied to a container are created with `UID:GID` of the root user. Files copied to the local machine are created with the `UID:GID` of the user which invoked the `docker cp` command. If you specify the `-L` option, `docker cp` follows any symbolic link -in the `SRC_PATH`. +in the `SRC_PATH`. `docker cp` does *not* create parent directories for +`DEST_PATH` if they do not exist. Assuming a path separator of `/`, a first argument of `SRC_PATH` and second argument of `DEST_PATH`, the behavior is as follows: From 82fe889a6d0cd8eb65c5d42f4c51db9cfa34c25e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 4 Mar 2016 15:48:52 +0100 Subject: [PATCH 1241/2538] Update links to Docker Hub Updates links to Docker Hub with their new URLs to prevent redirects. Signed-off-by: Sebastiaan van Stijn --- docs/reference/glossary.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index ff4398c249..22c2d36d40 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -178,8 +178,8 @@ A repository is a set of Docker images. A repository can be shared by pushing it to a [registry](#registry) server. The different images in the repository can be labeled using [tags](#tag). -Here is an example of the shared [nginx repository](https://registry.hub.docker.com/_/nginx/) -and its [tags](https://registry.hub.docker.com/_/nginx/tags/manage/) +Here is an example of the shared [nginx repository](https://hub.docker.com/_/nginx/) +and its [tags](https://hub.docker.com/r/library/nginx/tags/) ## Swarm From 8f095a76abded9c8d7ad10e14d4bb95f1a381ffa Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 5 Mar 2016 15:38:50 +0100 Subject: [PATCH 1242/2538] cliconfig: credentials: set default for unix Signed-off-by: Antonio Murdaca --- docs/reference/commandline/login.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index 832902984c..34a7228427 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -51,6 +51,7 @@ program to be in the client's host `$PATH`. This is the list of currently available credentials helpers and where you can download them from: +- D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases - Apple OS X keychain: https://github.com/docker/docker-credential-helpers/releases - Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases From d3f632156e0f4321df03a6b5caaa56b146aef6d5 Mon Sep 17 00:00:00 2001 From: Mrunal Patel Date: Sun, 21 Feb 2016 21:31:21 -0800 Subject: [PATCH 1243/2538] Add support for NoNewPrivileges in docker Signed-off-by: Mrunal Patel Add tests for no-new-privileges Signed-off-by: Mrunal Patel Update documentation for no-new-privileges Signed-off-by: Mrunal Patel --- docs/reference/run.md | 9 +++++++++ man/docker-run.1.md | 2 ++ 2 files changed, 11 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index ba2fc2d918..4be50a2d02 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -605,6 +605,8 @@ with the same logic -- if the original volume was specified with a name it will --security-opt="label:disable" : Turn off label confinement for the container --security-opt="apparmor:PROFILE" : Set the apparmor profile to be applied to the container + --security-opt="no-new-privileges" : Disable container processes from gaining + new privileges You can override the default labeling scheme for each container by specifying the `--security-opt` flag. For example, you can specify the MCS/MLS level, a @@ -631,6 +633,13 @@ command: > **Note**: You would have to write policy defining a `svirt_apache_t` type. +If you want to prevent your container processes from gaining additional +privileges, you can execute the following command: + + $ docker run --security-opt no-new-privileges -it centos bash + +For more details, see [kernel documentation](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt). + ## Specifying custom cgroups Using the `--cgroup-parent` flag, you can pass a specific cgroup to run a diff --git a/man/docker-run.1.md b/man/docker-run.1.md index bf75fb68ef..7f5c21046f 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -459,6 +459,8 @@ its root filesystem mounted as read only prohibiting any writes. "label:type:TYPE" : Set the label type for the container "label:level:LEVEL" : Set the label level for the container "label:disable" : Turn off label confinement for the container + "no-new-privileges" : Disable container processes from gaining additional privileges + **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From fd1c2150adfed26e2126e39c772e5e96ea996d8e Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Tue, 15 Dec 2015 11:15:43 -0800 Subject: [PATCH 1244/2538] pids limit support update bash commpletion for pids limit update check config for kernel add docs for pids limit add pids stats add stats to docker client Signed-off-by: Jessica Frazelle --- contrib/completion/bash/docker | 1 + contrib/completion/zsh/_docker | 1 + docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 1 + man/docker-create.1.md | 4 ++++ man/docker-run.1.md | 4 ++++ 6 files changed, 12 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index cbb51c5d27..343e1dc717 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1637,6 +1637,7 @@ _docker_run() { --net-alias --oom-score-adj --pid + --pids-limit --publish -p --restart --security-opt diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3a1f399f51..0f2a361a6b 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -534,6 +534,7 @@ __docker_subcommand() { "($help)*--net-alias=[Add network-scoped alias for the container]:alias: " "($help)--oom-kill-disable[Disable OOM Killer]" "($help)--oom-score-adj[Tune the host's OOM preferences for containers (accepts -1000 to 1000)]" + "($help)--pids-limit[Tune container pids limit (set -1 for unlimited)]" "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]" "($help)*"{-p=,--publish=}"[Expose a container's port to the host]:port:_ports" "($help)--pid=[PID namespace to use]:PID: " diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index ad23995ac1..fa68b0feb1 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -74,6 +74,7 @@ Creates a new container. -P, --publish-all Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --pid="" PID namespace to use + --pids-limit=-1 Tune container pids limit (set -1 for unlimited), kernel >= 4.3 --privileged Give extended privileges to this container --read-only Mount the container's root filesystem as read only --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 4da4397193..496ff4865d 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -74,6 +74,7 @@ parent = "smn_cli" -P, --publish-all Publish all exposed ports to random ports -p, --publish=[] Publish a container's port(s) to the host --pid="" PID namespace to use + --pids-limit=-1 Tune container pids limit (set -1 for unlimited), kernel >= 4.3 --privileged Give extended privileges to this container --read-only Mount the container's root filesystem as read only --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 6a2640d205..16f70a958d 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -58,6 +58,7 @@ docker-create - Create a new container [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] +[**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] [**--read-only**] [**--restart**[=*RESTART*]] @@ -290,6 +291,9 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +**--pids-limit**="" + Tune the container's pids limit. Set `-1` to have unlimited pids for the container. + **--privileged**=*true*|*false* Give extended privileges to this container. The default is *false*. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 7f5c21046f..a22d43762d 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -60,6 +60,7 @@ docker-run - Run a command in a new container [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] +[**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] [**--read-only**] [**--restart**[=*RESTART*]] @@ -420,6 +421,9 @@ Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPO **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +**--pids-limit**="" + Tune the container's pids limit. Set `-1` to have unlimited pids for the container. + **--uts**=*host* Set the UTS mode for the container **host**: use the host's UTS namespace inside the container. From b20a425cd9d666463aaf163cdd8a471eb42ee5ed Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Tue, 8 Mar 2016 22:34:35 +0100 Subject: [PATCH 1245/2538] docs: extend: plugins: mention the sdk + systemd socket activation Signed-off-by: Antonio Murdaca --- docs/extend/index.md | 2 +- docs/extend/plugin_api.md | 44 ++++++++++++++++++- ...horization.md => plugins_authorization.md} | 1 + docs/reference/commandline/daemon.md | 2 +- man/docker-daemon.8.md | 2 +- 5 files changed, 47 insertions(+), 4 deletions(-) rename docs/extend/{authorization.md => plugins_authorization.md} (99%) diff --git a/docs/extend/index.md b/docs/extend/index.md index f491926e9a..8a061e4e29 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -18,5 +18,5 @@ Currently, you can extend Docker Engine by adding a plugin. This section contain * [Understand Docker plugins](plugins.md) * [Write a volume plugin](plugins_volume.md) * [Write a network plugin](plugins_network.md) -* [Write an authorization plugin](authorization.md) +* [Write an authorization plugin](plugins_authorization.md) * [Docker plugin API](plugin_api.md) diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index e0a91411f3..1a4237e2c7 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -96,6 +96,43 @@ directory and activates it with a handshake. See Handshake API below. Plugins are *not* activated automatically at Docker daemon startup. Rather, they are activated only lazily, or on-demand, when they are needed. +## Systemd socket activation + +Plugins may also be socket activated by `systemd`. The official [Plugins helpers](https://github.com/docker/go-plugins-helpers) +natively supports socket activation. In order for a plugin to be socket activated it needs +a `service` file and a `socket` file. + +The `service` file (for example `/lib/systemd/system/your-plugin.service`): + +``` +[Unit] +Description=Your plugin +Before=docker.service +After=network.target your-plugin.socket +Requires=your-plugin.socket docker.service + +[Service] +ExecStart=/usr/lib/docker/your-plugin + +[Install] +WantedBy=multi-user.target +``` +The `socket` file (for example `/lib/systemd/system/your-plugin.socket`): +``` +[Unit] +Description=Your plugin + +[Socket] +ListenStream=/run/docker/plugins/your-plugin.sock + +[Install] +WantedBy=sockets.target +``` + +This will allow plugins to be actually started when the Docker daemon connects to +the sockets they're listening on (for instance the first time the daemon uses them +or if one of the plugin goes down accidentally). + ## API design The Plugin API is RPC-style JSON over HTTP, much like webhooks. @@ -128,7 +165,7 @@ Responds with a list of Docker subsystems which this plugin implements. After activation, the plugin will then be sent events from this subsystem. Possible values are: - - [`authz`](authorization.md) + - [`authz`](plugins_authorization.md) - [`NetworkDriver`](plugins_network.md) - [`VolumeDriver`](plugins_volume.md) @@ -139,3 +176,8 @@ Attempts to call a method on a plugin are retried with an exponential backoff for up to 30 seconds. This may help when packaging plugins as containers, since it gives plugin containers a chance to start up before failing any user containers which depend on them. + +## Plugins helpers + +To ease plugins development, we're providing an `sdk` for each kind of plugins +currently supported by Docker at [docker/go-plugins-helpers](https://github.com/docker/go-plugins-helpers). diff --git a/docs/extend/authorization.md b/docs/extend/plugins_authorization.md similarity index 99% rename from docs/extend/authorization.md rename to docs/extend/plugins_authorization.md index 3512c56ccd..7db31b85c4 100644 --- a/docs/extend/authorization.md +++ b/docs/extend/plugins_authorization.md @@ -3,6 +3,7 @@ title = "Access authorization plugin" description = "How to create authorization plugins to manage access control to your Docker daemon." keywords = ["security, authorization, authentication, docker, documentation, plugin, extend"] +aliases = ["/engine/extend/authorization/"] [menu.main] parent = "engine_extend" weight = -1 diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index ccd72c1034..aef28d576b 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -644,7 +644,7 @@ multiple plugins installed, at least one must allow the request for it to complete. For information about how to create an authorization plugin, see [authorization -plugin](../../extend/authorization.md) section in the Docker extend section of this documentation. +plugin](../../extend/plugins_authorization.md) section in the Docker extend section of this documentation. ## Daemon user namespace options diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 9f699c7124..b3fc64dcc5 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -521,7 +521,7 @@ multiple plugins installed, at least one must allow the request for it to complete. For information about how to create an authorization plugin, see [authorization -plugin](https://docs.docker.com/engine/extend/authorization.md) section in the +plugin](https://docs.docker.com/engine/extend/plugins_authorization.md) section in the Docker extend section of this documentation. From b5c9713ee03b4e306c8f28a44e04473da92ea112 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 10 Feb 2016 09:03:20 -0500 Subject: [PATCH 1246/2538] Add a parent man page for docker volumes command It is difficult to gather information about docker volumes command without a parent man page. This man page attempts to explain docker volumes and then references the command man pages. Signed-off-by: Dan Walsh --- man/docker-volume.1.md | 62 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 man/docker-volume.1.md diff --git a/man/docker-volume.1.md b/man/docker-volume.1.md new file mode 100644 index 0000000000..c4569bf01a --- /dev/null +++ b/man/docker-volume.1.md @@ -0,0 +1,62 @@ +% DOCKER(1) Docker User Manuals +% Docker Community +% Feb 2016 +# NAME +docker-volume - Create a new volume + +# SYNOPSIS +**docker volume** [OPTIONS] COMMAND +[**--help**] + +# DESCRIPTION + +docker volume command manages content volumes for docker containers. + +## Data volumes + +A *data volume* is a specially-designated directory within one or more +containers. + +Data volumes provide several useful features for persistent or shared data: + +Volumes are initialized when a container is created. If the container's +base image contains data at the specified mount point, that existing data is +copied into the new volume upon volume initialization. (Note that this does +not apply when [mounting a host directory](#mount-a-host-directory-as-a-data-volume).) + +Data volumes can be shared and reused among containers. + +Changes to a data volume are made directly. + +Changes to a data volume will not be included when you update an image. + +Data volumes persist even if the container itself is deleted. + +Data volumes are designed to persist data, independent of the container's life +cycle. Docker therefore *never* automatically deletes volumes when you remove +a container, nor will it "garbage collect" volumes that are no longer +referenced by a container. + +# OPTIONS +**--help** + Print usage statement + +# COMMANDS +**create** + Create a volume + See **docker-volume-create(1)** for full documentation on the **create** command. + +**inspect** + Return low-level information on a volume + See **docker-volume-inspect(1)** for full documentation on the **inspect** command. + +**ls** + List volumes + See **docker-volume-ls(1)** for full documentation on the **ls** command. + +**rm** + Remove a volume + See **docker-volume-rm(1)** for full documentation on the **rm** command. + +# HISTORY +Feb 2016, created by Dan Walsh From 02a1c138d0143e8b43fd1e322b817e1a66990d7e Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 8 Mar 2016 16:03:37 -0500 Subject: [PATCH 1247/2538] Move registry service options to the daemon configuration. Allowing to set their values in the daemon configuration file. Signed-off-by: David Calavera --- docs/reference/commandline/daemon.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index aef28d576b..e8071e92ec 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -883,7 +883,10 @@ This is a full example of the allowed configuration options in the file: "default-gateway": "", "default-gateway-v6": "", "icc": false, - "raw-logs": false + "raw-logs": false, + "registry-mirrors": [], + "insecure-registries": [], + "disable-legacy-registry": false } ``` From d437e3254142474290d0378777219a2aec69e0f3 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 12 Mar 2016 14:11:01 +0100 Subject: [PATCH 1248/2538] docs: add $ before HOME Signed-off-by: Antonio Murdaca --- docs/reference/commandline/cli.md | 2 +- docs/reference/commandline/login.md | 2 +- man/config-json.5.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 96486d73d9..ac5f62d4bb 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -67,7 +67,7 @@ variables. ## Configuration files By default, the Docker command line stores its configuration files in a -directory called `.docker` within your `HOME` directory. However, you can +directory called `.docker` within your `$HOME` directory. However, you can specify a different location via the `DOCKER_CONFIG` environment variable or the `--config` command line option. If both are specified, then the `--config` option overrides the `DOCKER_CONFIG` environment variable. diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index 34a7228427..410a8ae781 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -57,7 +57,7 @@ you can download them from: ### Usage -You need to speficy the credentials store in `HOME/.docker/config.json` +You need to speficy the credentials store in `$HOME/.docker/config.json` to tell the docker engine to use it: ```json diff --git a/man/config-json.5.md b/man/config-json.5.md index 7e0b640948..49987f08b8 100644 --- a/man/config-json.5.md +++ b/man/config-json.5.md @@ -7,7 +7,7 @@ HOME/.docker/config.json - Default Docker configuration file # INTRODUCTION By default, the Docker command line stores its configuration files in a -directory called `.docker` within your `HOME` directory. Docker manages most of +directory called `.docker` within your `$HOME` directory. Docker manages most of the files in the configuration directory and you should not modify them. However, you *can modify* the `config.json` file to control certain aspects of how the `docker` command behaves. From 498294725013515a9250093cf3573ace08be0c67 Mon Sep 17 00:00:00 2001 From: Shijiang Wei Date: Sat, 12 Mar 2016 21:24:55 +0800 Subject: [PATCH 1249/2538] docs: fix broken links Signed-off-by: Shijiang Wei --- man/docker-daemon.8.md | 2 +- man/docker-network-create.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index b3fc64dcc5..3333efc1ec 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -521,7 +521,7 @@ multiple plugins installed, at least one must allow the request for it to complete. For information about how to create an authorization plugin, see [authorization -plugin](https://docs.docker.com/engine/extend/plugins_authorization.md) section in the +plugin](https://docs.docker.com/engine/extend/authorization/) section in the Docker extend section of this documentation. diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index e2c34bff17..4d4cee3911 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -53,7 +53,7 @@ The `docker daemon` options that support the `overlay` network are: To read more about these options and how to configure them, see ["*Get started with multi-host -network*"](https://www.docker.com/engine/userguide/networking/get-started-overlay.md). +network*"](https://docs.docker.com/engine/userguide/networking/get-started-overlay/). It is also a good idea, though not required, that you install Docker Swarm on to manage the cluster that makes up your network. Swarm provides sophisticated From 3362f6c8fdae533a81a3984f4ae025f701d59763 Mon Sep 17 00:00:00 2001 From: Brent Salisbury Date: Thu, 10 Mar 2016 03:36:17 -0500 Subject: [PATCH 1250/2538] docs for experimental vlan net drivers Signed-off-by: Brent Salisbury --- experimental/vlan-networks.md | 685 ++++++++++++++++++++++++++++++++++ 1 file changed, 685 insertions(+) create mode 100644 experimental/vlan-networks.md diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md new file mode 100644 index 0000000000..3496b288f2 --- /dev/null +++ b/experimental/vlan-networks.md @@ -0,0 +1,685 @@ + + +# Macvlan and Ipvlan Network Drivers + +### Getting Started + +The Macvlan and Ipvlan drivers are currently in experimental mode in order to incubate Docker users use cases and vet the implementation to ensure a hardened, production ready driver in a future release. Libnetwork now gives users total control over both IPv4 and IPv6 adressing. The VLAN drivers build on top of that in giving operators complete control of layer 2 VLAN tagging and even Ipvlan L3 routing for users interested in underlay network integration. For overlay deployments that abstract away physical constraints see the [multi-host overlay ](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) driver. + +Macvlan and Ipvlan are a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather then using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce seperation between networks and connectivty to the physical network. + +Macvlan and Ipvlan offer a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having less moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a very simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no port mappings in these scenarios. + + +### Pre-Requisites + +- The examples on this page are all single host and setup using Docker experimental builds that can be installed with the following instructions: [Install Docker experimental](https://github.com/docker/docker/tree/master/experimental) + +- All of the examples can be performed on a single host running Docker. Any examples using a sub-interface like `eth0.10` can be replaced with `eth0` or any other valid parent interface on the Docker host. Sub-interfaces with a `.` are created on the fly. `-o parent` interfaces can also be left out of the `docker network create` all together and the driver will create a `dummy` interface that will enable local host connectivity to perform the examples. + +- Kernel requirements: + + - To check your current kernel version, use `uname -r` to display your kernel version + - Macvlan Linux kernel v3.9–3.19 and 4.0+ + - Ipvlan Linux kernel v4.2+ (support for earlier kernels exists but is buggy) + + +### MacVlan Bridge Mode Example Usage + +Macvlan Bridge mode has a unique MAC address per container used to track MAC to port mappings by the Docker host. This is the largest difference from Ipvlan L2 mode which uses the same MAC address as the parent interface for each container `eth0` interface. + +- Macvlan and Ipvlan driver networks are attached to a parent Docker host interface. Examples are a physical interface such as `eth0`, a sub-interface for 802.1q VLAN tagging like `eth0.10` (`.10` representing VLAN `10`) or even bonded host adaptors which bundle two Ethernet interfaces into a single logical interface. + +- The specified gateway is external to the host provided by the network infrastructure. + +- Each Macvlan Bridge mode Docker network is isolated from one another and there can be only one network attached to a parent interface at a time. There is a theoretical limit of 4,094 sub-interfaces per host adaptor that a Docker network could be attached to. + +- It is not recommended to mix ipvlan and macvlan networks on the same `-o parent=` interface. Older kernel versions will throw uninformative netlink errors such as `device is busy`. + +- Any container inside the same subnet can talk any other container in the same network without a gateway in both `macvlan bridge` mode and `ipvlan L2` modes. + +- The same `docker network` commands apply to the vlan drivers. Some are irrelevant such as `-icc` or `--set-macaddress` for the Ipvlan driver. + +- In Macvlan and Ipvlan L2 mode, containers on separate networks cannot reach one another without an external process routing between the two networks/subnets. This also applies to multiple subnets within the same `docker network`. See Ipvlan L3 mode for inter-subnet communications without a router. + +In the following example, `eth0` on the docker host has an IP on the `192.168.1.0/24` network and a default gateway of `192.168.1.1`. The gateway is an external router with an address of `192.168.1.1`. An IP address is not required on the Docker host interface `eth0` in `bridge` mode, it merely needs to be on the proper upstream network to get forwarded by a network switch or network router. + +![Simple Macvlan Bridge Mode Example](../docs/userguide/networking/../docs/userguide/networking/images/macvlan_bridge_simple.png) + + +**Note** For Macvlan bridge mode and Ipvlan L2 mode the subnet values need to match the NIC's interface of the Docker host. For example, Use the same subnet and gateway of the Docker host ethernet interface that is specified by the `-o parent=` option. + +- The parent interface used in this example is `eth0` and it is on the subnet `172.16.86.0/24`. The containers in the `docker network` will also need to be on this same subnet as the parent `-o parent=`. The gateway is an external router on the network, not any ip masquerading or any other local proxy. + +- The driver is specified with `-d driver_name` option. In this case `-d macvlan` + +- The parent interface `-o parent=eth0` is configured as followed: + +``` +ip addr show eth0 +3: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + inet 172.16.86.250/24 brd 172.16.86.255 scope global eth0 +``` + +Create the macvlan network and run a couple of containers attached to it: + +``` +# Macvlan (-o macvlan_mode= Defaults to Bridge mode if not specified) +docker network create -d macvlan \ + --subnet=172.16.86.0/24 \ + --gateway=172.16.86.1 \ + -o parent=eth0 pub_net + +# Run a container on the new network specifying the --ip address. +docker run --net=pub_net --ip=172.16.86.10 -itd alpine /bin/sh + +# Start a second container and ping the first +docker run --net=pub_net -it --rm alpine /bin/sh +ping -c 4 172.16.86.10 + +# Take a look at the containers ip and routing table + +ip a show eth0 + eth0@if3: mtu 1500 qdisc noqueue state UNKNOWN + link/ether 46:b2:6b:26:2f:69 brd ff:ff:ff:ff:ff:ff + inet 172.16.86.1/24 scope global eth0 + +ip route + default via 172.16.86.2 dev eth0 + 172.16.86.0/24 dev eth0 src 172.16.86.1 + +# NOTE: the containers can NOT ping the underlying host interfaces as +# they are intentionally filtered by Linux for additional isolation. +# In this case the containers cannot ping the -o parent=172.16.86.250 +``` + + +You can explicitly specify the `bridge` mode option `-o macvlan_mode=bridge`. It is the default so will be in `bridge` mode either way. + +While the `eth0` interface does not need to have an IP address in Macvlan Bridge mode or Ipvlan L2 mode it is not uncommon to have an IP address on the interface. Addresses can be excluded from getting an address from the default built in IPAM by using the `--aux-address=x.x.x.x` flag. This will blacklist the specified address from being handed out to containers. The same network example above blocking the `-o parent=eth0` address from being handed out to a container. + +``` +docker network create -d macvlan \ + --subnet=172.16.86.0/24 \ + --gateway=172.16.86.1 \ + --aux-address="exclude_host=172.16.86.250" \ + -o parent=eth0 pub_net +``` + +The network can then be deleted with: + +``` +docker network rm pub_net +``` + +- **Note:** In both Macvlan and Ipvlan you are not able to ping or communicate with the default namespace IP address. For example, if you create a container and try to ping the Docker host's `eth0` it will **not** work. That traffic is explicitly filtered by the kernel modules themselves to offer additional provider isolation and security. + +For more on Docker networking commands see [Working with Docker network commands](https://docs.docker.com/engine/userguide/networking/work-with-networks/) + +### Ipvlan L2 Mode Example Usage + +The ipvlan `L2` mode example is virtually identical to the macvlan `bridge` mode example. The driver is specified with `-d driver_name` option. In this case `-d ipvlan` + +![Simple Ipvlan L2 Mode Example](../docs/userguide/networking/images/macvlan_bridge_simple.png) + +The parent interface in the next example `-o parent=eth0` is configured as followed: + +``` +ip addr show eth0 +3: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0 +``` + +Use the network from the host's interface as the `--subnet` in the `docker network create`. The container will be attached to the same network as the host interface as set via the `-o parent=` option. + +Create the ipvlan network and run a container attaching to it: + +``` +# Ipvlan (-o ipvlan_mode= Defaults to L2 mode if not specified) +docker network create -d ipvlan \ + --subnet=192.168.1.0/24 \ + --gateway=192.168.1.1 \ + -o ipvlan_mode=l2 \ + -o parent=eth0 db_net + +# Start a container on the db_net network +docker run --net=db_net -it --rm alpine /bin/sh + +# NOTE: the containers can NOT ping the underlying host interfaces as +# they are intentionally filtered by Linux for additional isolation. +``` + +The default mode for Ipvlan is `l2`. The default mode for Macvlan is `bridge`. If `-o ipvlan_mode=` or `-o macvlan_mode=` are left unspecified, the default modes will be used. Similarly, if the `--gateway` is left empty, the first usable address on the network will be set as the gateway. For example, if the subnet provided in the network create is `--subnet=192.168.1.0/24` then the gateway the container receives is `192.168.1.1`. + +The following will create the exact same network as the network `db_net` created prior, with the driver defaults for `--gateway=192.168.1.1` and `-o ipvlan_mode=l2`. + +``` +# Ipvlan (-o ipvlan_mode= Defaults to L2 mode if not specified) +docker network create -d ipvlan \ + --subnet=192.168.1.0/24 \ + -o parent=eth0 db_net_ipv + +# Start a container with an explicit name in daemon mode +docker run --net=db_net_ipv --name=ipv1 -itd alpine /bin/sh + +# Start a second container and ping using the container name +# to see the docker included name resolution functionality +docker run --net=db_net_ipv --name=ipv2 -it --rm alpine /bin/sh +ping -c 4 ipv1 + +# NOTE: the containers can NOT ping the underlying host interfaces as +# they are intentionally filtered by Linux for additional isolation. +``` + +The drivers also support the `--internal` flag that will completely isolate containers on a network from any communications external to that network. Since network isolation is tightly coupled to the network's parent interface the result of leaving the `-o parent=` option off of a network create is the exact same as the `--internal` option. If the parent interface is not specified or the `--internal` flag is used, a netlink type `dummy` parent interface is created for the user and used as the parent interface effectively isolating the network completely. + +The following two `docker network create` examples result in identical networks that you can attach container to: + +``` +# Empty '-o parent=' creates an isolated network +docker network create -d ipvlan \ + --subnet=192.168.10.0/24 isolated1 + +# Explicit '--internal' flag is the same: +docker network create -d ipvlan \ + --subnet=192.168.11.0/24 --internal isolated2 + +# Even the '--subnet=' can be left empty and the default +# IPAM subnet of 172.18.0.0/16 will be assigned +docker network create -d ipvlan isolated3 + +docker run --net=isolated1 --name=cid1 -it --rm alpine /bin/sh +docker run --net=isolated2 --name=cid2 -it --rm alpine /bin/sh +docker run --net=isolated3 --name=cid3 -it --rm alpine /bin/sh + +# To attach to any use `docker exec` and start a shell +docker exec -it cid1 /bin/sh +docker exec -it cid2 /bin/sh +docker exec -it cid3 /bin/sh +``` + +### Macvlan 802.1q Trunk Bridge Mode Example Usage + +VLANs (Virtual Local Area Networks) have long been a primary means of virtualizing data center networks and are still in virtually all existing networks today. VLANs work by tagging a Layer-2 isolation domain with a 12-bit identifier ranging from 1-4094 that is inserted into a packet header that enables a logical grouping of a single or multiple subnets of both IPv4 and IPv6. It is very common for network operators to separate traffic using VLANs based on a subnet(s) function or security profile such as `web`, `db` or any other isolation needs. + +It is very common to have a compute host requirement of running multiple virtual networks concurrently on a host. Linux networking has long supported VLAN tagging, also known by it's standard 802.1q, for maintaining datapath isolation between networks. The Ethernet link connected to a Docker host can be configured to support the 802.1q VLAN IDs, by creating Linux sub-interfaces, each one dedicated to a unique VLAN ID. + +![Simple Ipvlan L2 Mode Example](../docs/userguide/networking/images/multi_tenant_8021q_vlans.png) + +Trunking 802.1q to a host is notoriously painful. It requires configuration file changes in order to be persistent through a reboot and if a bridge is involved a physical NIC needs to be moved into the bridge and the bridge then gets the IP address or risk being cut off from the network. + +Like all of the Docker network drivers, the overarching goal is to alleviate the operational pains of managing network resources. To that end, when a network receives a sub-interface as the parent that does not exist, the drivers create the VLAN tagged interfaces while creating the network. + +In the case of a host reboot, instead of needing to modify often complex network configuration files the driver will recreate all network links when the Docker daemon restarts. The driver tracks if it created the VLAN tagged sub-interface originally with the network create and will **only** recreate the sub-interface after a restart or delete `docker network rm` the link if it created it in the first place with `docker network create`. + +If the user doesn't want Docker to modify the `-o parent` sub-interface, the user simply needs to pass an existing link that already exists as the parent interface. Parent interfaces such as `eth0` are not deleted, only sub-interfaces that are not master links. + +For the driver to add/delete the vlan sub-interfaces the format needs to be `interface_name.vlan_tag`. + +For example: `eth0.50` denotes a parent interface of `eth0` with a slave of `eth0.50` tagged with vlan id `50`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.50 type vlan id 50`. + +Replace the `macvlan` with `ipvlan` in the `-d` driver argument to create macvlan 802.1q trunks. + +**Vlan ID 50** + +In the first network tagged and isolated by the Docker host, `eth0.50` is the parent interface tagged with vlan id `50` specified with `-o parent=eth0.50`. Other naming formats can be used, but the links need to be added and deleted manually using `ip link` or Linux configuration files. As long as the `-o parent` exists anything can be used if compliant with Linux netlink. + +``` +# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged +docker network create -d macvlan \ + --subnet=192.168.50.0/24 \ + --gateway=192.168.50.1 \ + -o parent=eth0.50 macvlan50 + +# In two separate terminals, start a Docker container and the containers can now ping one another. +docker run --net=macvlan50 -it --name macvlan_test5 --rm alpine /bin/sh +docker run --net=macvlan50 -it --name macvlan_test6 --rm alpine /bin/sh +``` + +**Vlan ID 60** + +In the second network, tagged and isolated by the Docker host, `eth0.60` is the parent interface tagged with vlan id `60` specified with `-o parent=eth0.60`. The `macvlan_mode=` defaults to `macvlan_mode=bridge`. It can also be explicitly set with the same result as shown in the next example. + +``` +# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged. +docker network create -d macvlan \ + --subnet=192.168.60.0/24 \ + --gateway=192.168.60.1 \ + -o parent=eth0.60 -o \ + -o macvlan_mode=bridge macvlan60 + +# In two separate terminals, start a Docker container and the containers can now ping one another. +docker run --net=macvlan60 -it --name macvlan_test7 --rm alpine /bin/sh +docker run --net=macvlan60 -it --name macvlan_test8 --rm alpine /bin/sh +``` + +**Example:** Multi-Subnet Macvlan 802.1q Trunking + +The same as the example before except there is an additional subnet bound to the network that the user can choose to provision containers on. In MacVlan/Bridge mode, containers can only ping one another if they are on the same subnet/broadcast domain unless there is an external router that routes the traffic (answers ARP etc) between the two subnets. + +``` +### Create multiple L2 subnets +docker network create -d ipvlan \ + --subnet=192.168.210.0/24 \ + --subnet=192.168.212.0/24 \ + --gateway=192.168.210.254 \ + --gateway=192.168.212.254 \ + -o ipvlan_mode=l2 ipvlan210 + +# Test 192.168.210.0/24 connectivity between containers +docker run --net=ipvlan210 --ip=192.168.210.10 -itd alpine /bin/sh +docker run --net=ipvlan210 --ip=192.168.210.9 -it --rm alpine ping -c 2 192.168.210.10 + +# Test 192.168.212.0/24 connectivity between containers +docker run --net=ipvlan210 --ip=192.168.212.10 -itd alpine /bin/sh +docker run --net=ipvlan210 --ip=192.168.212.9 -it --rm alpine ping -c 2 192.168.212.10 + +``` + +### Ipvlan 802.1q Trunk L2 Mode Example Usage + +Architecturally, Ipvlan L2 mode trunking is the same as Macvlan with regard to gateways and L2 path isolation. There are nuances that can be advantageous for CAM table pressure in ToR switches, one MAC per port and MAC exhaustion on a host's parent NIC to name a few. The 802.1q trunk scenario looks the same. Both modes adhere to tagging standards and have seamless integration with the physical network for underlay integration and hardware vendor plugin integrations. + +![Simple Ipvlan L2 Mode Example](../docs/userguide/networking/images/multi_tenant_8021q_vlans.png) + +The Linux sub-interface tagged with a vlan can either already exist or will be created when you call a `docker network create`. `docker network rm` will delete the sub-interface. Parent interfaces such as `eth0` are not deleted, only sub-interfaces with a netlink parent index > 0. + +For the driver to add/delete the vlan sub-interfaces the format needs to be `interface_name.vlan_tag`. Other sub-interface naming can be used as the specified parent, but the link will not be deleted automatically when `docker network rm` is invoked. + +The option to use either existing parent vlan sub-interfaces or let Docker manage them enables the user to either completely manage the Linux interfaces and networking or let Docker create and delete the Vlan parent sub-interfaces (netlink `ip link`) with no effort from the user. + +For example: `eth0.10` to denote a sub-interface of `eth0` tagged with vlan id `10`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.10 type vlan id 10`. + +The example creates the vlan tagged networks and then start two containers to test connectivity between containers. Different Vlans cannot ping one another without a router routing between the two networks. The default namespace is not reachable per ipvlan design in order to isolate container namespaces from the underlying host. + +**Vlan ID 20** + +In the first network tagged and isolated by the Docker host, `eth0.20` is the parent interface tagged with vlan id `20` specified with `-o parent=eth0.20`. Other naming formats can be used, but the links need to be added and deleted manually using `ip link` or Linux configuration files. As long as the `-o parent` exists anything can be used if compliant with Linux netlink. + +``` +# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged +docker network create -d ipvlan \ + --subnet=192.168.20.0/24 \ + --gateway=192.168.20.1 \ + -o parent=eth0.20 ipvlan20 + +# in two separate terminals, start a Docker container and the containers can now ping one another. +docker run --net=ipvlan20 -it --name ivlan_test1 --rm alpine /bin/sh +docker run --net=ipvlan20 -it --name ivlan_test2 --rm alpine /bin/sh +``` + +**Vlan ID 30** + +In the second network, tagged and isolated by the Docker host, `eth0.30` is the parent interface tagged with vlan id `30` specified with `-o parent=eth0.30`. The `ipvlan_mode=` defaults to l2 mode `ipvlan_mode=l2`. It can also be explicitly set with the same result as shown in the next example. + +``` +# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged. +docker network create -d ipvlan \ + --subnet=192.168.30.0/24 \ + --gateway=192.168.30.1 \ + -o parent=eth0.30 \ + -o ipvlan_mode=l2 ipvlan30 + +# in two separate terminals, start a Docker container and the containers can now ping one another. +docker run --net=ipvlan30 -it --name ivlan_test3 --rm alpine /bin/sh +docker run --net=ipvlan30 -it --name ivlan_test4 --rm alpine /bin/sh +``` + +The gateway is set inside of the container as the default gateway. That gateway would typically be an external router on the network. + +``` +$ ip route + default via 192.168.30.1 dev eth0 + 192.168.30.0/24 dev eth0 src 192.168.30.2 +``` + +Example: Multi-Subnet Ipvlan L2 Mode starting two containers on the same subnet and pinging one another. In order for the `192.168.114.0/24` to reach `192.168.116.0/24` it requires an external router in L2 mode. L3 mode can route between subnets that share a common `-o parent=`. This same multi-subnet example is also valid for Macvlan `bridge` mode. + +Secondary addresses on network routers are common as an address space becomes exhausted to add another secondary to a L3 vlan interface or commonly referred to as a "switched virtual interface" (SVI). + +``` +docker network create -d ipvlan \ + --subnet=192.168.114.0/24 --subnet=192.168.116.0/24 \ + --gateway=192.168.114.254 --gateway=192.168.116.254 \ + -o parent=eth0.114 \ + -o ipvlan_mode=l2 ipvlan114 + +docker run --net=ipvlan114 --ip=192.168.114.10 -it --rm alpine /bin/sh +docker run --net=ipvlan114 --ip=192.168.114.11 -it --rm alpine /bin/sh +``` + +A key takeaway is, operators have the ability to map their physical network into their virtual network for integrating containers into their environment with no operational overhauls required. NetOps simply drops an 802.1q trunk into the Docker host. That virtual link would be the `-o parent=` passed in the network creation. For untagged (non-VLAN) links, it is as simple as `-o parent=eth0` or for 802.1q trunks with VLAN IDs each network gets mapped to the corresponding VLAN/Subnet from the network. + +An example being, NetOps provides VLAN ID and the associated subnets for VLANs being passed on the Ethernet link to the Docker host server. Those values are simply plugged into the `docker network create` commands when provisioning the Docker networks. These are persistent configurations that are applied every time the Docker engine starts which alleviates having to manage often complex configuration files. The network interfaces can also be managed manually by being pre-created and docker networking will never modify them, simply use them as parent interfaces. Example mappings from NetOps to Docker network commands are as follows: + +- VLAN: 10, Subnet: 172.16.80.0/24, Gateway: 172.16.80.1 + + - `--subnet=172.16.80.0/24 --gateway=172.16.80.1 -o parent=eth0.10` + +- VLAN: 20, IP subnet: 172.16.50.0/22, Gateway: 172.16.50.1 + + - `--subnet=172.16.50.0/22 --gateway=172.16.50.1 -o parent=eth0.20 ` + +- VLAN: 30, Subnet: 10.1.100.0/16, Gateway: 10.1.100.1 + + - `--subnet=10.1.100.0/16 --gateway=10.1.100.1 -o parent=eth0.30` + +### IPVlan L3 Mode Example + +IPVlan will require routes to be distributed to each endpoint. The driver only builds the Ipvlan L3 mode port and attaches the container to the interface. Route distribution throughout a cluster is beyond the initial implementation of this single host scoped driver. In L3 mode the Docker host is very similar to a router starting new networks in the container. They are on networks that the upstream network will not know about without route distribution. For those curious how Ipvlan L3 will fit into container networking see the following examples. + +- Ipvlan L3 mode drops all broadcast and multicast traffic. + +- L3 mode needs to be on a separate subnet as the default namespace since it requires a netlink route in the default namespace pointing to the Ipvlan parent interface. + +- The parent interface used in this example is `eth0` and it is on the subnet `192.168.1.0/24`. Notice the `docker network` is **not** on the same subnet as `eth0`. + +- Unlike macvlan bridge mode and ipvlan l2 modes, different subnets/networks can ping one another as long as they share the same parent interface `-o parent=`. + +``` +ip a show eth0 +3: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 00:50:56:39:45:2e brd ff:ff:ff:ff:ff:ff + inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0 +``` + +-A traditional gateway doesn't mean much to an L3 mode Ipvlan interface since there is no broadcast traffic allowed. Because of that, the container default gateway simply point the the containers `eth0` device. See below for CLI output of `ip route` or `ip -6 route` from inside an L3 container for details. + +The mode ` -o ipvlan_mode=l3` must be explicitly specified since the default ipvlan mode is `l2`. + +``` +# Create the Ipvlan L3 network +docker network create -d ipvlan \ + --subnet=192.168.214.0/24 \ + --subnet=10.1.214.0/24 \ + -o ipvlan_mode=l3 ipnet210 + +# Test 192.168.214.0/24 connectivity +docker run --net=ipnet210 --ip=192.168.214.10 -itd alpine /bin/sh +docker run --net=ipnet210 --ip=10.1.214.10 -itd alpine /bin/sh + +# Test L3 connectivity from 10.1.214.0/24 to 192.168.212.0/24 +docker run --net=ipnet210 --ip=192.168.214.9 -it --rm alpine ping -c 2 10.1.214.10 + +# Test L3 connectivity from 192.168.212.0/24 to 10.1.214.0/24 +docker run --net=ipnet210 --ip=10.1.214.9 -it --rm alpine ping -c 2 192.168.214.10 + +``` + +Notice there is no `--gateway=` option in the network create. The field is ignored if one is specified `l3` mode. Take a look at the container routing table from inside of the container: + +``` +# Inside an L3 mode container +$ ip route + default dev eth0 + 192.168.120.0/24 dev eth0 src 192.168.120.2 +``` + +In order to ping the containers from a remote Docker host or the container be able to ping a remote host, the remote host or the physical network in between need to have a route pointing to the host IP address of the container's Docker host eth interface. More on this as we evolve the Ipvlan `L3` story. + +### Dual Stack IPv4 IPv6 Macvlan Bridge Mode + +**Example:** Macvlan Bridge mode, 802.1q trunk, VLAN ID: 218, Multi-Subnet, Dual Stack + +``` +# Create multiple bridge subnets with a gateway of x.x.x.1: +docker network create -d macvlan \ + --subnet=192.168.216.0/24 --subnet=192.168.218.0/24 \ + --gateway=192.168.216.1 --gateway=192.168.218.1 \ + --subnet=2001:db8:abc8::/64 --gateway=2001:db8:abc8::10 \ + -o parent=eth0.218 \ + -o macvlan_mode=bridge macvlan216 + +docker run --net=macvlan216 --name=macnet216_test --ip=192.168.216.10 -itd alpine /bin/sh +docker run --net=macvlan216 --name=macnet216_test --ip=192.168.218.10 -itd alpine /bin/sh +docker run --net=macvlan216 --ip=192.168.216.11 -it --rm alpine /bin/sh +docker run --net=macvlan216 --ip=192.168.218.11 -it --rm alpine /bin/sh +``` + +View the details of one of the containers: + +``` +docker run --net=macvlan216 --ip=192.168.216.11 -it --rm alpine /bin/sh + +root@526f3060d759:/# ip a show eth0 + eth0@if92: mtu 1500 qdisc noqueue state UNKNOWN group default + link/ether 8e:9a:99:25:b6:16 brd ff:ff:ff:ff:ff:ff + inet 192.168.216.11/24 scope global eth0 + valid_lft forever preferred_lft forever + inet6 2001:db8:abc4::8c9a:99ff:fe25:b616/64 scope link tentative + valid_lft forever preferred_lft forever + inet6 2001:db8:abc8::2/64 scope link nodad + valid_lft forever preferred_lft forever + +# Specified v4 gateway of 192.168.216.1 +root@526f3060d759:/# ip route + default via 192.168.216.1 dev eth0 + 192.168.216.0/24 dev eth0 proto kernel scope link src 192.168.216.11 + +# Specified v6 gateway of 2001:db8:abc8::10 +root@526f3060d759:/# ip -6 route + 2001:db8:abc4::/64 dev eth0 proto kernel metric 256 + 2001:db8:abc8::/64 dev eth0 proto kernel metric 256 + default via 2001:db8:abc8::10 dev eth0 metric 1024 +``` + +### Dual Stack IPv4 IPv6 Ipvlan L2 Mode + +- Not only does Libnetwork give you complete control over IPv4 addressing, but it also gives you total control over IPv6 addressing as well as feature parity between the two address families. + +- The next example will start with IPv6 only. Start two containers on the same VLAN `139` and ping one another. Since the IPv4 subnet is not specified, the default IPAM will provision a default IPv4 subnet. That subnet is isolated unless the upstream network is explicitly routing it on VLAN `139`. + +``` +# Create a v6 network +docker network create -d ipvlan \ + --subnet=2001:db8:abc2::/64 --gateway=2001:db8:abc2::22 \ + -o parent=eth0.139 v6ipvlan139 + +# Start a container on the network +docker run --net=v6ipvlan139 -it --rm alpine /bin/sh + +``` + +View the container eth0 interface and v6 routing table: + +``` + eth0@if55: mtu 1500 qdisc noqueue state UNKNOWN group default + link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff + inet 172.18.0.2/16 scope global eth0 + valid_lft forever preferred_lft forever + inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link + valid_lft forever preferred_lft forever + inet6 2001:db8:abc2::1/64 scope link nodad + valid_lft forever preferred_lft forever + +root@5c1dc74b1daa:/# ip -6 route +2001:db8:abc4::/64 dev eth0 proto kernel metric 256 +2001:db8:abc2::/64 dev eth0 proto kernel metric 256 +default via 2001:db8:abc2::22 dev eth0 metric 1024 +``` + +Start a second container and ping the first container's v6 address. + +``` +$ docker run --net=v6ipvlan139 -it --rm alpine /bin/sh + +root@b817e42fcc54:/# ip a show eth0 +75: eth0@if55: mtu 1500 qdisc noqueue state UNKNOWN group default + link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff + inet 172.18.0.3/16 scope global eth0 + valid_lft forever preferred_lft forever + inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link tentative dadfailed + valid_lft forever preferred_lft forever + inet6 2001:db8:abc2::2/64 scope link nodad + valid_lft forever preferred_lft forever + +root@b817e42fcc54:/# ping6 2001:db8:abc2::1 +PING 2001:db8:abc2::1 (2001:db8:abc2::1): 56 data bytes +64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=0 ttl=64 time=0.044 ms +64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=1 ttl=64 time=0.058 ms + +2 packets transmitted, 2 packets received, 0% packet loss +round-trip min/avg/max/stddev = 0.044/0.051/0.058/0.000 ms +``` + +The next example with setup a dual stack IPv4/IPv6 network with an example VLAN ID of `140`. + +Next create a network with two IPv4 subnets and one IPv6 subnets, all of which have explicit gateways: + +``` +docker network create -d ipvlan \ + --subnet=192.168.140.0/24 --subnet=192.168.142.0/24 \ + --gateway=192.168.140.1 --gateway=192.168.142.1 \ + --subnet=2001:db8:abc9::/64 --gateway=2001:db8:abc9::22 \ + -o parent=eth0.140 \ + -o ipvlan_mode=l2 ipvlan140 +``` + +Start a container and view eth0 and both v4 & v6 routing tables: + +``` +docker run --net=v6ipvlan139 --ip6=2001:db8:abc2::51 -it --rm alpine /bin/sh + +root@3cce0d3575f3:/# ip a show eth0 +78: eth0@if77: mtu 1500 qdisc noqueue state UNKNOWN group default + link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff + inet 192.168.140.2/24 scope global eth0 + valid_lft forever preferred_lft forever + inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link + valid_lft forever preferred_lft forever + inet6 2001:db8:abc9::1/64 scope link nodad + valid_lft forever preferred_lft forever + +root@3cce0d3575f3:/# ip route +default via 192.168.140.1 dev eth0 +192.168.140.0/24 dev eth0 proto kernel scope link src 192.168.140.2 + +root@3cce0d3575f3:/# ip -6 route +2001:db8:abc4::/64 dev eth0 proto kernel metric 256 +2001:db8:abc9::/64 dev eth0 proto kernel metric 256 +default via 2001:db8:abc9::22 dev eth0 metric 1024 +``` + +Start a second container with a specific `--ip4` address and ping the first host using ipv4 packets: + +``` +docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh +``` + +**Note**: Different subnets on the same parent interface in both Ipvlan `L2` mode and Macvlan `bridge` mode cannot ping one another. That requires a router to proxy-arp the requests with a secondary subnet. However, Ipvlan `L3` will route the unicast traffic between disparate subnets as long as they share the same `-o parent` parent link. + + + +### Dual Stack IPv4 IPv6 Ipvlan L3 Mode + + +**Example:** IpVlan L3 Mode Dual Stack IPv4/IPv6, Multi-Subnet w/ 802.1q Vlan Tag:118 + +As in all of the examples, a tagged VLAN interface does not have to be used. The sub-interfaces can be swapped with `eth0`, `eth1` or any other valid interface on the host other then the `lo` loopback. + +The primary difference you will see is that L3 mode does not create a default route with a next-hop but rather sets a default route pointing to `dev eth` only since ARP/Broadcasts/Multicast are all filtered by Linux as per the design. + +``` +# Create an IPv6+IPv4 Dual Stack Ipvlan L3 network +# Gateways for both v4 and v6 are set to a dev e.g. 'default dev eth0' +docker network create -d ipvlan \ + --subnet=192.168.110.0/24 \ + --subnet=192.168.112.0/24 \ + --subnet=2001:db8:abc6::/64 \ + -o parent=eth0.118 \ + -o ipvlan_mode=l3 ipnet110 + + +# Start a few of containers on the network (ipnet110) +# in seperate terminals and check connectivity +docker run --net=ipnet110 -it --rm alpine /bin/sh +# Start a second container specifying the v6 address +docker run --net=ipnet110 --ip6=2001:db8:abc6::10 -it --rm alpine /bin/sh +# Start a third specifying the IPv4 address +docker run --net=ipnet110 --ip=192.168.112.50 -it --rm alpine /bin/sh +# Start a 4th specifying both the IPv4 and IPv6 addresses +docker run --net=ipnet110 --ip6=2001:db8:abc6::50 --ip=192.168.112.50 -it --rm alpine /bin/sh +``` + +Interface and routing table outputs are as follows: + +``` +root@3a368b2a982e:/# ip a show eth0 +63: eth0@if59: mtu 1500 qdisc noqueue state UNKNOWN group default + link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff + inet 192.168.112.2/24 scope global eth0 + valid_lft forever preferred_lft forever + inet6 2001:db8:abc4::250:56ff:fe2b:2940/64 scope link + valid_lft forever preferred_lft forever + inet6 2001:db8:abc6::10/64 scope link nodad + valid_lft forever preferred_lft forever + +# Note the default route is simply the eth device because ARPs are filtered. +root@3a368b2a982e:/# ip route + default dev eth0 scope link + 192.168.112.0/24 dev eth0 proto kernel scope link src 192.168.112.2 + +root@3a368b2a982e:/# ip -6 route +2001:db8:abc4::/64 dev eth0 proto kernel metric 256 +2001:db8:abc6::/64 dev eth0 proto kernel metric 256 +default dev eth0 metric 1024 +``` + +*Note:* There may be a bug when specifying `--ip6=` addresses when you delete a container with a specified v6 address and then start a new container with the same v6 address it throws the following like the address isn't properly being released to the v6 pool. It will fail to unmount the container and be left dead. + +``` +docker: Error response from daemon: Address already in use. +``` + +### Manually Creating 802.1q Links + +**Vlan ID 40** + +If a user does not want the driver to create the vlan sub-interface it simply needs to exist prior to the `docker network create`. If you have sub-interface naming that is not `interface.vlan_id` it is honored in the `-o parent=` option again as long as the interface exists and us up. + +Links if manually created can be named anything you want. As long as the exist when the network is created that is all that matters. Manually created links do not get deleted regardless of the name when the network is deleted with `docker network rm`. + +``` +# create a new sub-interface tied to dot1q vlan 40 +ip link add link eth0 name eth0.40 type vlan id 40 + +# enable the new sub-interface +ip link set eth0.40 up + +# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged +docker network create -d ipvlan \ + --subnet=192.168.40.0/24 \ + --gateway=192.168.40.1 \ + -o parent=eth0.40 ipvlan40 + +# in two separate terminals, start a Docker container and the containers can now ping one another. +docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh +docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh +``` + +**Example:** Vlan sub-interface manually created with any name: + +``` +# create a new sub interface tied to dot1q vlan 40 +ip link add link eth0 name foo type vlan id 40 + +# enable the new sub-interface +ip link set foo up + +# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged +docker network create -d ipvlan \ + --subnet=192.168.40.0/24 --gateway=192.168.40.1 \ + -o parent=foo ipvlan40 + +# in two separate terminals, start a Docker container and the containers can now ping one another. +docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh +docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh +``` + +Manually created links can be cleaned up with: + +``` +ip link del foo +``` + +As with all of the Libnetwork drivers, they can be mixed and matched, even as far as running 3rd party ecosystem drivers in parallel for maximum flexibility to the Docker user. From 6aae59673e2a2b739b43d76d3ad17055df97eb79 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Mon, 14 Mar 2016 06:16:43 +0000 Subject: [PATCH 1251/2538] Fix the typo url and info Some info is not consistent between context and word. Signed-off-by: Kai Qiang Wu(Kennan) --- experimental/vlan-networks.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index 3496b288f2..b931b248a4 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -42,9 +42,9 @@ Macvlan Bridge mode has a unique MAC address per container used to track MAC to - In Macvlan and Ipvlan L2 mode, containers on separate networks cannot reach one another without an external process routing between the two networks/subnets. This also applies to multiple subnets within the same `docker network`. See Ipvlan L3 mode for inter-subnet communications without a router. -In the following example, `eth0` on the docker host has an IP on the `192.168.1.0/24` network and a default gateway of `192.168.1.1`. The gateway is an external router with an address of `192.168.1.1`. An IP address is not required on the Docker host interface `eth0` in `bridge` mode, it merely needs to be on the proper upstream network to get forwarded by a network switch or network router. +In the following example, `eth0` on the docker host has an IP on the `172.16.86.0/24` network and a default gateway of `172.16.86.1`. The gateway is an external router with an address of `172.16.86.1`. An IP address is not required on the Docker host interface `eth0` in `bridge` mode, it merely needs to be on the proper upstream network to get forwarded by a network switch or network router. -![Simple Macvlan Bridge Mode Example](../docs/userguide/networking/../docs/userguide/networking/images/macvlan_bridge_simple.png) +![Simple Macvlan Bridge Mode Example](../docs/userguide/networking/images/macvlan_bridge_simple.png) **Note** For Macvlan bridge mode and Ipvlan L2 mode the subnet values need to match the NIC's interface of the Docker host. For example, Use the same subnet and gateway of the Docker host ethernet interface that is specified by the `-o parent=` option. @@ -120,7 +120,7 @@ For more on Docker networking commands see [Working with Docker network commands The ipvlan `L2` mode example is virtually identical to the macvlan `bridge` mode example. The driver is specified with `-d driver_name` option. In this case `-d ipvlan` -![Simple Ipvlan L2 Mode Example](../docs/userguide/networking/images/macvlan_bridge_simple.png) +![Simple Ipvlan L2 Mode Example](../docs/userguide/networking/images/ipvlan_l2_simple.png) The parent interface in the next example `-o parent=eth0` is configured as followed: From 2168c53ee9704625f3501d0bb82b857dfa3d0017 Mon Sep 17 00:00:00 2001 From: Madhu Venugopal Date: Sat, 12 Mar 2016 13:29:25 -0800 Subject: [PATCH 1252/2538] Include all endpoints in network inspect object Prior to this change, the "docker network inspect" contains only the endpoints that have active local container. This excludes all the remote and stale endpoints. By including all the endpoints, it makes debugging much simpler and also allows the user to cleanup any stale endpoints using "docker network disconnect -f {network} {endpoint-name}". Signed-off-by: Madhu Venugopal --- docs/reference/commandline/network_inspect.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 84478d9cee..251407e596 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -28,7 +28,10 @@ bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727 ``` The `network inspect` command shows the containers, by id, in its -results. You can specify an alternate format to execute a given +results. For networks backed by multi-host network driver, such as Overlay, +this command also shows the container endpoints in other hosts in the +cluster. These endpoints are represented as "ep-{endpoint-id}" in the output. +You can specify an alternate format to execute a given template for each result. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. From b2b5bc99377774ed9b450eac9263de5670a3ce39 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Fri, 4 Mar 2016 12:00:18 -0800 Subject: [PATCH 1253/2538] Add support for identity tokens in client credentials store Update unit test and documentation to handle the new case where Username is set to to indicate an identity token is involved. Change the "Password" field in communications with the credential helper to "Secret" to make clear it has a more generic purpose. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/login.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index 410a8ae781..baff45f8c7 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -78,17 +78,20 @@ The helpers always use the first argument in the command to identify the action. There are only three possible values for that argument: `store`, `get`, and `erase`. The `store` command takes a JSON payload from the standard input. That payload carries -the server address, to identify the credential, the user name and the password. -This is an example of that payload: +the server address, to identify the credential, the user name, and either a password +or an identity token. ```json { "ServerURL": "https://index.docker.io/v1", "Username": "david", - "Password": "passw0rd1" + "Secret": "passw0rd1" } ``` +If the secret being stored is an identity token, the Username should be set to +``. + The `store` command can write error messages to `STDOUT` that the docker engine will show if there was an issue. @@ -102,7 +105,7 @@ and password from this payload: ```json { "Username": "david", - "Password": "passw0rd1" + "Secret": "passw0rd1" } ``` From ce28fa45b09dffa9bd31628715220f3b1582e0cb Mon Sep 17 00:00:00 2001 From: Liron Levin Date: Mon, 8 Feb 2016 16:23:24 +0200 Subject: [PATCH 1254/2538] Run privileged containers when userns are specified Following #19995 and #17409 this PR enables skipping userns re-mapping when creating a container (or when executing a command). Thus, enabling privileged containers running side by side with userns remapped containers. The feature is enabled by specifying ```--userns:host```, which will not remapped the user if userns are applied. If this flag is not specified, the existing behavior (which blocks specific privileged operation) remains. Signed-off-by: Liron Levin --- docs/reference/commandline/create.md | 3 +++ docs/reference/commandline/daemon.md | 10 ++++++++++ docs/reference/commandline/run.md | 3 +++ man/docker-create.1.md | 5 +++++ man/docker-run.1.md | 5 +++++ 5 files changed, 26 insertions(+) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index fa68b0feb1..6128411c5f 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -83,6 +83,9 @@ Creates a new container. --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. -t, --tty Allocate a pseudo-TTY -u, --user="" Username or UID + --userns="" Container user namespace + 'host': Use the Docker host user namespace + '': Use the Docker daemon user namespace specified by `--userns-remap` option. --ulimit=[] Ulimit options --uts="" UTS namespace to use -v, --volume=[host-src:]container-dest[:] diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index e8071e92ec..f94163aefb 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -750,6 +750,16 @@ following algorithm to create the mapping ranges: 2. Map segments will be created from each range in increasing value with a length matching the length of each segment. Therefore the range segment with the lowest numeric starting value will be equal to the remapped root, and continue up through host uid/gid equal to the range segment length. As an example, if the lowest segment starts at ID 1000 and has a length of 100, then a map of 1000 -> 0 (the remapped root) up through 1100 -> 100 will be created from this segment. If the next segment starts at ID 10000, then the next map will start with mapping 10000 -> 101 up to the length of this second segment. This will continue until no more segments are found in the subordinate files for this user. 3. If more than five range segments exist for a single user, only the first five will be utilized, matching the kernel's limitation of only five entries in `/proc/self/uid_map` and `proc/self/gid_map`. +### Disable user namespace for a container + +If you enable user namespaces on the daemon, all containers are started +with user namespaces enabled. In some situations you might want to disable +this feature for a container, for example, to start a privileged container (see +[user namespace known restrictions](#user-namespace-known-restrictions)). +To enable those advanced features for a specific container use `--userns=host` +in the `run/exec/create` command. +This option will completely disable user namespace mapping for the container's user. + ### User namespace known restrictions The following standard Docker features are currently incompatible when diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 496ff4865d..a3ef21f79b 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -85,6 +85,9 @@ parent = "smn_cli" --stop-signal="SIGTERM" Signal to stop a container -t, --tty Allocate a pseudo-TTY -u, --user="" Username or UID (format: [:]) + --userns="" Container user namespace + 'host': Use the Docker host user namespace + '': Use the Docker daemon user namespace specified by `--userns-remap` option. --ulimit=[] Ulimit options --uts="" UTS namespace to use -v, --volume=[host-src:]container-dest[:] diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 16f70a958d..95d171fec3 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -58,6 +58,7 @@ docker-create - Create a new container [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] +[**--userns**[=*[]*]] [**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] [**--read-only**] @@ -291,6 +292,10 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +**--userns**="" + Set the usernamespace mode for the container when `userns-remap` option is enabled. + **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`). + **--pids-limit**="" Tune the container's pids limit. Set `-1` to have unlimited pids for the container. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index a22d43762d..c44dd603d0 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -60,6 +60,7 @@ docker-run - Run a command in a new container [**-P**|**--publish-all**] [**-p**|**--publish**[=*[]*]] [**--pid**[=*[]*]] +[**--userns**[=*[]*]] [**--pids-limit**[=*PIDS_LIMIT*]] [**--privileged**] [**--read-only**] @@ -421,6 +422,10 @@ Use `docker port` to see the actual mapping: `docker port CONTAINER $CONTAINERPO **host**: use the host's PID namespace inside the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +**--userns**="" + Set the usernamespace mode for the container when `userns-remap` option is enabled. + **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`). + **--pids-limit**="" Tune the container's pids limit. Set `-1` to have unlimited pids for the container. From 8db4ee005a02de4579fd88d4f926c3a3c9296b4b Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Mon, 7 Mar 2016 20:27:39 +0000 Subject: [PATCH 1255/2538] devmapper: Add a new option dm.min_free_space Once thin pool gets full, bad things can happen. Especially in case of xfs it is possible that xfs keeps on retrying IO infinitely (for certain kind of IO) and container hangs. One way to mitigate the problem is that once thin pool is about to get full, start failing some of the docker operations like pulling new images or creation of new containers. That way user will get warning ahead of time and can try to rectify it by creating more free space in thin pool. This can be done either by deleting existing images/containers or by adding more free space to thin pool. This patch adds a new option dm.min_free_space to devicemapper graph driver. Say one specifies dm.min_free_space=10%. This means atleast 10% of data and metadata blocks should be free in pool before new device creation is allowed, otherwise operation will fail. By default min_free_space is 10%. User can change it by specifying dm.min_free_space=X% on command line. A value of 0% will disable the check. Signed-off-by: Vivek Goyal --- docs/reference/commandline/daemon.md | 26 ++++++++++++++++++++++++++ man/docker-daemon.8.md | 24 ++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index f94163aefb..20ea3cb20e 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -438,6 +438,32 @@ options for `zfs` start with `zfs`. when unintentional leaking of mount point happens across multiple mount namespaces. +* `dm.min_free_space` + + Specifies the min free space percent in thin pool require for new device + creation to succeed. This check applies to both free data space as well + as free metadata space. Valid values are from 0% - 99%. Value 0% disables + free space checking logic. If user does not specify a value for this optoin, + then default value for this option is 10%. + + Whenever a new thin pool device is created (during docker pull or + during container creation), docker will check minimum free space is + available as specified by this parameter. If that is not the case, then + device creation will fail and docker operation will fail. + + One will have to create more free space in thin pool to recover from the + error. Either delete some of the images and containers from thin pool and + create free space or add more storage to thin pool. + + For lvm thin pool, one can add more storage to volume group container thin + pool and that should automatically resolve it. If loop devices are being + used, then stop docker, grow the size of loop files and restart docker and + that should resolve the issue. + + Example use: + + $ docker daemon --storage-opt dm.min_free_space_percent=10% + Currently supported options of `zfs`: * `zfs.fsname` diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 3333efc1ec..06bcf6438a 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -475,6 +475,30 @@ By default docker will pick up the zfs filesystem where docker graph Example use: `docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker` +#### dm.min_free_space + +Specifies the min free space percent in thin pool require for new device +creation to succeed. This check applies to both free data space as well +as free metadata space. Valid values are from 0% - 99%. Value 0% disables +free space checking logic. If user does not specify a value for this optoin, +then default value for this option is 10%. + +Whenever a new thin pool device is created (during docker pull or +during container creation), docker will check minimum free space is +available as specified by this parameter. If that is not the case, then +device creation will fail and docker operation will fail. + +One will have to create more free space in thin pool to recover from the +error. Either delete some of the images and containers from thin pool and +create free space or add more storage to thin pool. + +For lvm thin pool, one can add more storage to volume group container thin +pool and that should automatically resolve it. If loop devices are being +used, then stop docker, grow the size of loop files and restart docker and +that should resolve the issue. + +Example use: `docker daemon --storage-opt dm.min_free_space_percent=10%` + # CLUSTER STORE OPTIONS The daemon uses libkv to advertise From 2422bc30f54ad8deab39cc9000d93889887b079a Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Tue, 15 Mar 2016 09:26:41 +0000 Subject: [PATCH 1256/2538] Add the missed volume filter Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/ps.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index af82322e87..1dda728a7f 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -24,6 +24,7 @@ parent = "smn_cli" - before=(|) - since=(|) - ancestor=([:tag]||) - containers created from an image or a descendant. + - volume=(|) --format=[] Pretty-print containers using a Go template --help Print usage -l, --latest Show the latest created container (includes all states) From 6bcb137d2f2e9bf65e3f3c1bb2f7667f5308f2cd Mon Sep 17 00:00:00 2001 From: Jason Heiss Date: Wed, 9 Mar 2016 20:40:12 -0500 Subject: [PATCH 1257/2538] Allow --hostname with --net=host Docker creates a UTS namespace by default, even with --net=host, so it is reasonable to let the user set the hostname. Note that --hostname is forbidden if the user specifies --uts=host. Closes #12076 Signed-off-by: Jason Heiss --- docs/reference/run.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 4be50a2d02..37ac49fb1b 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -237,15 +237,13 @@ $ docker run -it --rm --pid=host myhtop The UTS namespace is for setting the hostname and the domain that is visible to running processes in that namespace. By default, all containers, including those with `--net=host`, have their own UTS namespace. The `host` setting will -result in the container using the same UTS namespace as the host. +result in the container using the same UTS namespace as the host. Note that +`--hostname` is invalid in `host` UTS mode. You may wish to share the UTS namespace with the host if you would like the hostname of the container to change as the hostname of the host changes. A more advanced use case would be changing the host's hostname from a container. -> **Note**: `--uts="host"` gives the container full access to change the -> hostname of the host and is therefore considered insecure. - ## IPC settings (--ipc) --ipc="" : Set the IPC mode for the container, @@ -365,8 +363,11 @@ name, they must be linked. With the network set to `host` a container will share the host's network stack and all interfaces from the host will be available to the container. The container's hostname will match the hostname on the host -system. Note that `--add-host` `--hostname` `--dns` `--dns-search` -`--dns-opt` and `--mac-address` are invalid in `host` netmode. +system. Note that `--add-host` `--dns` `--dns-search` +`--dns-opt` and `--mac-address` are invalid in `host` netmode. Even in `host` +network mode a container has its own UTS namespace by default. As such +`--hostname` is allowed in `host` network mode and will only change the +hostname inside the container. Compared to the default `bridge` mode, the `host` mode gives *significantly* better networking performance since it uses the host's native networking stack From 75bcb4f94a394cac5eb51834a55a7774b843112d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 4 Mar 2016 15:58:07 +0100 Subject: [PATCH 1258/2538] Update Docker pull examples The old examples no longer worked due to changes in the client and Docker Hub. This updates the "docker pull" documentation and adds more examples and explanation of the features. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/pull.md | 218 ++++++++++++++++++++++++++--- man/docker-pull.1.md | 193 ++++++++++++++++++++----- 2 files changed, 355 insertions(+), 56 deletions(-) diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 02e0302aa5..8e7d777356 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -24,31 +24,203 @@ Most of your images will be created on top of a base image from the [Docker Hub](https://hub.docker.com) contains many pre-built images that you can `pull` and try without needing to define and configure your own. -It is also possible to manually specify the path of a registry to pull from. -For example, if you have set up a local registry, you can specify its path to -pull from it. A repository path is similar to a URL, but does not contain -a protocol specifier (`https://`, for example). - To download a particular image, or set of images (i.e., a repository), -use `docker pull`: +use `docker pull`. - $ docker pull debian - # will pull the debian:latest image and its intermediate layers - $ docker pull debian:testing - # will pull the image named debian:testing and any intermediate - # layers it is based on. - $ docker pull debian@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf - # will pull the image from the debian repository with the digest - # sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf - # and any intermediate layers it is based on. - # (Typically the empty `scratch` image, a MAINTAINER layer, - # and the un-tarred base). - $ docker pull --all-tags centos - # will pull all the images from the centos repository - $ docker pull registry.hub.docker.com/debian - # manually specifies the path to the default Docker registry. This could - # be replaced with the path to a local registry to pull from another source. - # sudo docker pull myhub.com:8080/test-image +## Examples + +### Pull an image from Docker Hub + +To download a particular image, or set of images (i.e., a repository), use +`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a +default. This command pulls the `debian:latest` image: + +```bash +$ docker pull debian + +Using default tag: latest +latest: Pulling from library/debian +fdd5d7827f33: Pull complete +a3ed95caeb02: Pull complete +Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa +Status: Downloaded newer image for debian:latest +``` + +Docker images can consist of multiple layers. In the example above, the image +consists of two layers; `fdd5d7827f33` and `a3ed95caeb02`. + +Layers can be reused by images. For example, the `debian:jessie` image shares +both layers with `debian:latest`. Pulling the `debian:jessie` image therefore +only pulls its metadata, but not its layers, because all layers are already +present locally: + +```bash +$ docker pull debian:jessie + +jessie: Pulling from library/debian +fdd5d7827f33: Already exists +a3ed95caeb02: Already exists +Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e +Status: Downloaded newer image for debian:jessie +``` + +To see which images are present locally, use the [`docker images`](images.md) +command: + +```bash +$ docker images + +REPOSITORY TAG IMAGE ID CREATED SIZE +debian jessie f50f9524513f 5 days ago 125.1 MB +debian latest f50f9524513f 5 days ago 125.1 MB +``` + +Docker uses a content-addressable image store, and the image ID is a SHA256 +digest covering the image's configuration and layers. In the example above, +`debian:jessie` and `debian:latest` have the same image ID because they are +actually the *same* image tagged with different names. Because they are the +same image, their layers are stored only once and do not consume extra disk +space. + +For more information about images, layers, and the content-addressable store, +refer to [understand images, containers, and storage drivers](../../userguide/storagedriver/imagesandcontainers.md). + + +## Pull an image by digest (immutable identifier) + +So far, you've pulled images by their name (and "tag"). Using names and tags is +a convenient way to work with images. When using tags, you can `docker pull` an +image again to make sure you have the most up-to-date version of that image. +For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu +14.04 image. + +In some cases you don't want images to be updated to newer versions, but prefer +to use a fixed version of an image. Docker enables you to pull an image by its +*digest*. When pulling an image by digest, you specify *exactly* which version +of an image to pull. Doing so, allows you to "pin" an image to that version, +and guarantee that the image you're using is always the same. + +To know the digest of an image, pull the image first. Let's pull the latest +`ubuntu:14.04` image from Docker Hub: + +```bash +$ docker pull ubuntu:14.04 + +14.04: Pulling from library/ubuntu +5a132a7e7af1: Pull complete +fd2731e4c50c: Pull complete +28a2f68d1120: Pull complete +a3ed95caeb02: Pull complete +Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 +Status: Downloaded newer image for ubuntu:14.04 +``` + +Docker prints the digest of the image after the pull has finished. In the example +above, the digest of the image is: + + sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + +Docker also prints the digest of an image when *pushing* to a registry. This +may be useful if you want to pin to a version of the image you just pushed. + +A digest takes the place of the tag when pulling an image, for example, to +pull the above image by digest, run the following command: + +```bash +$ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + +sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu +5a132a7e7af1: Already exists +fd2731e4c50c: Already exists +28a2f68d1120: Already exists +a3ed95caeb02: Already exists +Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 +Status: Downloaded newer image for ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 +``` + +Digest can also be used in the `FROM` of a Dockerfile, for example: + +```Dockerfile +FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 +MAINTAINER some maintainer +``` + +> **Note**: Using this feature "pins" an image to a specific version in time. +> Docker will therefore not pull updated versions of an image, which may include +> security updates. If you want to pull an updated image, you need to change the +> digest accordingly. + + +## Pulling from a different registry + +By default, `docker pull` pulls images from Docker Hub. It is also possible to +manually specify the path of a registry to pull from. For example, if you have +set up a local registry, you can specify its path to pull from it. A registry +path is similar to a URL, but does not contain a protocol specifier (`https://`). + +The following command pulls the `testing/test-image` image from a local registry +listening on port 5000 (`myregistry.local:5000`): + +```bash +$ docker pull myregistry.local:5000/testing/test-image +``` + +Docker uses the `https://` protocol to communicate with a registry, unless the +registry is allowed to be accessed over an insecure connection. Refer to the +[insecure registries](daemon.md#insecure-registries) section for more information. + + +## Pull a repository with multiple images + +By default, `docker pull` pulls a *single* image from the registry. A repository +can contain multiple images. To pull all images from a repository, provide the +`-a` (or `--all-tags`) option when using `docker pull`. + +This command pulls all images from the `fedora` repository: + +```bash +$ docker pull --all-tags fedora + +Pulling repository fedora +ad57ef8d78d7: Download complete +105182bb5e8b: Download complete +511136ea3c5a: Download complete +73bd853d2ea5: Download complete +.... + +Status: Downloaded newer image for fedora +``` + +After the pull has completed use the `docker images` command to see the +images that were pulled. The example below shows all the `fedora` images +that are present locally: + +```bash +$ docker images fedora + +REPOSITORY TAG IMAGE ID CREATED SIZE +fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB +fedora 20 105182bb5e8b 5 days ago 372.7 MB +fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB +fedora latest 105182bb5e8b 5 days ago 372.7 MB +``` + +## Canceling a pull Killing the `docker pull` process, for example by pressing `CTRL-c` while it is running in a terminal, will terminate the pull operation. + +```bash +$ docker pull fedora + +Using default tag: latest +latest: Pulling from library/fedora +a3ed95caeb02: Pulling fs layer +236608c7b546: Pulling fs layer +^C +``` + +> **Note**: Technically, the Engine terminates a pull operation when the +> connection between the Docker Engine daemon and the Docker Engine client +> initiating the pull is lost. If the connection with the Engine daemon is +> lost for other reasons than a manual interaction, the pull is also aborted. diff --git a/man/docker-pull.1.md b/man/docker-pull.1.md index 338ee5d713..e4a7550d5b 100644 --- a/man/docker-pull.1.md +++ b/man/docker-pull.1.md @@ -16,7 +16,7 @@ This command pulls down an image or a repository from a registry. If there is more than one image for a repository (e.g., fedora) then all images for that repository name can be pulled down including any tags (see the option **-a** or **--all-tags**). - + If you do not specify a `REGISTRY_HOST`, the command uses Docker's public registry located at `registry-1.docker.io` by default. @@ -27,58 +27,185 @@ registry located at `registry-1.docker.io` by default. **--help** Print usage statement -# EXAMPLE +# EXAMPLES -## Pull a repository with multiple images with the -a|--all-tags option set to true. -Note that if the image is previously downloaded then the status would be -`Status: Image is up to date for fedora`. +### Pull an image from Docker Hub + +To download a particular image, or set of images (i.e., a repository), use +`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a +default. This command pulls the `debian:latest` image: + + $ docker pull debian + + Using default tag: latest + latest: Pulling from library/debian + fdd5d7827f33: Pull complete + a3ed95caeb02: Pull complete + Digest: sha256:e7d38b3517548a1c71e41bffe9c8ae6d6d29546ce46bf62159837aad072c90aa + Status: Downloaded newer image for debian:latest + +Docker images can consist of multiple layers. In the example above, the image +consists of two layers; `fdd5d7827f33` and `a3ed95caeb02`. + +Layers can be reused by images. For example, the `debian:jessie` image shares +both layers with `debian:latest`. Pulling the `debian:jessie` image therefore +only pulls its metadata, but not its layers, because all layers are already +present locally: + + $ docker pull debian:jessie + + jessie: Pulling from library/debian + fdd5d7827f33: Already exists + a3ed95caeb02: Already exists + Digest: sha256:a9c958be96d7d40df920e7041608f2f017af81800ca5ad23e327bc402626b58e + Status: Downloaded newer image for debian:jessie + +To see which images are present locally, use the **docker-images(1)** +command: + + $ docker images + + REPOSITORY TAG IMAGE ID CREATED SIZE + debian jessie f50f9524513f 5 days ago 125.1 MB + debian latest f50f9524513f 5 days ago 125.1 MB + +Docker uses a content-addressable image store, and the image ID is a SHA256 +digest covering the image's configuration and layers. In the example above, +`debian:jessie` and `debian:latest` have the same image ID because they are +actually the *same* image tagged with different names. Because they are the +same image, their layers are stored only once and do not consume extra disk +space. + +For more information about images, layers, and the content-addressable store, +refer to [understand images, containers, and storage drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/) +in the online documentation. + + +## Pull an image by digest (immutable identifier) + +So far, you've pulled images by their name (and "tag"). Using names and tags is +a convenient way to work with images. When using tags, you can `docker pull` an +image again to make sure you have the most up-to-date version of that image. +For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu +14.04 image. + +In some cases you don't want images to be updated to newer versions, but prefer +to use a fixed version of an image. Docker enables you to pull an image by its +*digest*. When pulling an image by digest, you specify *exactly* which version +of an image to pull. Doing so, allows you to "pin" an image to that version, +and guarantee that the image you're using is always the same. + +To know the digest of an image, pull the image first. Let's pull the latest +`ubuntu:14.04` image from Docker Hub: + + $ docker pull ubuntu:14.04 + + 14.04: Pulling from library/ubuntu + 5a132a7e7af1: Pull complete + fd2731e4c50c: Pull complete + 28a2f68d1120: Pull complete + a3ed95caeb02: Pull complete + Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + Status: Downloaded newer image for ubuntu:14.04 + +Docker prints the digest of the image after the pull has finished. In the example +above, the digest of the image is: + + sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + +Docker also prints the digest of an image when *pushing* to a registry. This +may be useful if you want to pin to a version of the image you just pushed. + +A digest takes the place of the tag when pulling an image, for example, to +pull the above image by digest, run the following command: + + $ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + + sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu + 5a132a7e7af1: Already exists + fd2731e4c50c: Already exists + 28a2f68d1120: Already exists + a3ed95caeb02: Already exists + Digest: sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + Status: Downloaded newer image for ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + +Digest can also be used in the `FROM` of a Dockerfile, for example: + + FROM ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + MAINTAINER some maintainer + +> **Note**: Using this feature "pins" an image to a specific version in time. +> Docker will therefore not pull updated versions of an image, which may include +> security updates. If you want to pull an updated image, you need to change the +> digest accordingly. + +## Pulling from a different registry + +By default, `docker pull` pulls images from Docker Hub. It is also possible to +manually specify the path of a registry to pull from. For example, if you have +set up a local registry, you can specify its path to pull from it. A registry +path is similar to a URL, but does not contain a protocol specifier (`https://`). + +The following command pulls the `testing/test-image` image from a local registry +listening on port 5000 (`myregistry.local:5000`): + + $ docker pull myregistry.local:5000/testing/test-image + +Docker uses the `https://` protocol to communicate with a registry, unless the +registry is allowed to be accessed over an insecure connection. Refer to the +[insecure registries](https://docs.docker.com/engine/reference/commandline/daemon/#insecure-registries) +section in the online documentation for more information. + + +## Pull a repository with multiple images + +By default, `docker pull` pulls a *single* image from the registry. A repository +can contain multiple images. To pull all images from a repository, provide the +`-a` (or `--all-tags`) option when using `docker pull`. + +This command pulls all images from the `fedora` repository: $ docker pull --all-tags fedora + Pulling repository fedora ad57ef8d78d7: Download complete 105182bb5e8b: Download complete 511136ea3c5a: Download complete 73bd853d2ea5: Download complete + .... Status: Downloaded newer image for fedora - $ docker images +After the pull has completed use the `docker images` command to see the +images that were pulled. The example below shows all the `fedora` images +that are present locally: + + $ docker images fedora + REPOSITORY TAG IMAGE ID CREATED SIZE fedora rawhide ad57ef8d78d7 5 days ago 359.3 MB fedora 20 105182bb5e8b 5 days ago 372.7 MB fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB fedora latest 105182bb5e8b 5 days ago 372.7 MB -## Pull a repository with the -a|--all-tags option set to false (this is the default). - $ docker pull debian +## Canceling a pull + +Killing the `docker pull` process, for example by pressing `CTRL-c` while it is +running in a terminal, will terminate the pull operation. + + $ docker pull fedora + Using default tag: latest - latest: Pulling from library/debian - 2c49f83e0b13: Pull complete - 4a5e6db8c069: Pull complete + latest: Pulling from library/fedora + a3ed95caeb02: Pulling fs layer + 236608c7b546: Pulling fs layer + ^C - Status: Downloaded newer image for debian:latest - - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - debian latest 4a5e6db8c069 5 days ago 125.1 MB - - -## Pull an image, manually specifying path to Docker's public registry and tag -Note that if the image is previously downloaded then the status would be -`Status: Image is up to date for registry.hub.docker.com/fedora:20` - - $ docker pull registry.hub.docker.com/fedora:20 - Pulling repository fedora - 3f2fed40e4b0: Download complete - 511136ea3c5a: Download complete - fd241224e9cf: Download complete - - Status: Downloaded newer image for registry.hub.docker.com/fedora:20 - - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - fedora 20 3f2fed40e4b0 4 days ago 372.7 MB +> **Note**: Technically, the Engine terminates a pull operation when the +> connection between the Docker Engine daemon and the Docker Engine client +> initiating the pull is lost. If the connection with the Engine daemon is +> lost for other reasons than a manual interaction, the pull is also aborted. # HISTORY From 84b7025d281eb7467a898dcaa5103a5518c0de4f Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 16 Mar 2016 15:58:58 +0100 Subject: [PATCH 1259/2538] bash completion for gelf-compression log driver settings Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 343e1dc717..c39163bc86 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -412,7 +412,7 @@ __docker_complete_log_options() { local awslogs_options="awslogs-region awslogs-group awslogs-stream" local fluentd_options="env fluentd-address labels tag" local gcplogs_options="env gcp-log-cmd gcp-project labels" - local gelf_options="env gelf-address labels tag" + local gelf_options="env gelf-address gelf-compression-level gelf-compression-type labels tag" local journald_options="env labels tag" local json_file_options="env labels max-file max-size" local syslog_options="syslog-address syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify syslog-facility tag" @@ -464,6 +464,14 @@ __docker_complete_log_driver_options() { __docker_nospace return ;; + gelf-compression-level) + COMPREPLY=( $( compgen -W "1 2 3 4 5 6 7 8 9" -- "${cur##*=}" ) ) + return + ;; + gelf-compression-type) + COMPREPLY=( $( compgen -W "gzip none zlib" -- "${cur##*=}" ) ) + return + ;; syslog-address) COMPREPLY=( $( compgen -W "tcp:// tcp+tls:// udp:// unix://" -- "${cur##*=}" ) ) __docker_nospace From d2191118552f1c2277907b6ce262990472d42b82 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Thu, 17 Mar 2016 16:13:51 +0800 Subject: [PATCH 1260/2538] Fix typo Signed-off-by: Zhang Wei --- docs/reference/commandline/network_create.md | 2 +- docs/reference/run.md | 2 +- man/docker-network-create.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 6ae18e6e73..07df761efb 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -97,7 +97,7 @@ disconnect` command. ## Specifying advanced options -When you create a network, Engine creates a non-overlapping subnetwork for the network by default. This subnetwork is not a subdivision of an existing network. It is purely for ip-addressing purposes. You can override this default and specify subnetwork values directly using the the `--subnet` option. On a `bridge` network you can only create a single subnet: +When you create a network, Engine creates a non-overlapping subnetwork for the network by default. This subnetwork is not a subdivision of an existing network. It is purely for ip-addressing purposes. You can override this default and specify subnetwork values directly using the `--subnet` option. On a `bridge` network you can only create a single subnet: ```bash docker network create -d --subnet=192.168.0.0/16 diff --git a/docs/reference/run.md b/docs/reference/run.md index 37ac49fb1b..d004300de5 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -284,7 +284,7 @@ with `docker run --net none` which disables all incoming and outgoing networking. In cases like this, you would perform I/O through files or `STDIN` and `STDOUT` only. -Publishing ports and linking to other containers only works with the the default (bridge). The linking feature is a legacy feature. You should always prefer using Docker network drivers over linking. +Publishing ports and linking to other containers only works with the default (bridge). The linking feature is a legacy feature. You should always prefer using Docker network drivers over linking. Your container will use the same DNS servers as the host by default, but you can override this with `--dns`. diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index 4d4cee3911..97505baf3b 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -96,7 +96,7 @@ disconnect` command. When you create a network, Engine creates a non-overlapping subnetwork for the network by default. This subnetwork is not a subdivision of an existing network. It is purely for ip-addressing purposes. You can override this default and -specify subnetwork values directly using the the `--subnet` option. On a +specify subnetwork values directly using the `--subnet` option. On a `bridge` network you can only create a single subnet: ```bash From 2d0316cb43d6cd85ed2f6d67bb0fff601e98ec12 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 17 Mar 2016 08:03:50 -0400 Subject: [PATCH 1261/2538] Fix documentation on --security-opt seccomp Missing documentation and man pages on seccomp options. Signed-off-by: Dan Walsh --- docs/reference/run.md | 3 +++ man/docker-create.1.md | 9 +++++++++ man/docker-run.1.md | 3 +++ 3 files changed, 15 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index d004300de5..d0b33510f1 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -608,6 +608,9 @@ with the same logic -- if the original volume was specified with a name it will to the container --security-opt="no-new-privileges" : Disable container processes from gaining new privileges + --security-opt="seccomp:unconfined": Turn off seccomp confinement for the container + --security-opt="seccomp:profile.json: White listed syscalls seccomp Json file to be used as a seccomp filter + You can override the default labeling scheme for each container by specifying the `--security-opt` flag. For example, you can specify the MCS/MLS level, a diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 95d171fec3..376f8308a5 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -316,6 +316,15 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--security-opt**=[] Security Options + "label:user:USER" : Set the label user for the container + "label:role:ROLE" : Set the label role for the container + "label:type:TYPE" : Set the label type for the container + "label:level:LEVEL" : Set the label level for the container + "label:disable" : Turn off label confinement for the container + "no-new-privileges" : Disable container processes from gaining additional privileges + "seccomp:unconfined" : Turn off seccomp confinement for the container + "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter + **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index c44dd603d0..c92dd6a2c9 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -468,8 +468,11 @@ its root filesystem mounted as read only prohibiting any writes. "label:type:TYPE" : Set the label type for the container "label:level:LEVEL" : Set the label level for the container "label:disable" : Turn off label confinement for the container + "no-new-privileges" : Disable container processes from gaining additional privileges + "seccomp:unconfined" : Turn off seccomp confinement for the container + "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From 7160fa70e3922d8fd1027603f5a2aff229ab1156 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Fri, 18 Mar 2016 15:23:27 +0800 Subject: [PATCH 1262/2538] Update the document error Signed-off-by: Wen Cheng Ma --- experimental/vlan-networks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index b931b248a4..0dcadf0e46 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -6,7 +6,7 @@ The Macvlan and Ipvlan drivers are currently in experimental mode in order to incubate Docker users use cases and vet the implementation to ensure a hardened, production ready driver in a future release. Libnetwork now gives users total control over both IPv4 and IPv6 adressing. The VLAN drivers build on top of that in giving operators complete control of layer 2 VLAN tagging and even Ipvlan L3 routing for users interested in underlay network integration. For overlay deployments that abstract away physical constraints see the [multi-host overlay ](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) driver. -Macvlan and Ipvlan are a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather then using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce seperation between networks and connectivty to the physical network. +Macvlan and Ipvlan are a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce seperation between networks and connectivity to the physical network. Macvlan and Ipvlan offer a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having less moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a very simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no port mappings in these scenarios. From a7364b3743ec5c13a3dd7c280c9842962530a61b Mon Sep 17 00:00:00 2001 From: David Calavera Date: Tue, 15 Mar 2016 18:34:29 -0400 Subject: [PATCH 1263/2538] Consolidate security options to use `=` as separator. All other options we have use `=` as separator, labels, log configurations, graph configurations and so on. We should be consistent and use `=` for the security options too. Signed-off-by: David Calavera --- contrib/completion/bash/docker | 10 +++++----- docs/deprecated.md | 2 ++ docs/reference/run.md | 22 +++++++++++----------- man/docker-run.1.md | 26 ++++++++++++++------------ 4 files changed, 32 insertions(+), 28 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c39163bc86..bf3c1494b7 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1788,17 +1788,17 @@ _docker_run() { ;; --security-opt) case "$cur" in - label:*:*) + label=*:*) ;; - label:*) - local cur=${cur##*:} + label=*) + local cur=${cur##*=} COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "$cur") ) if [ "${COMPREPLY[*]}" != "disable" ] ; then __docker_nospace fi ;; - seccomp:*) - local cur=${cur##*:} + seccomp=*) + local cur=${cur##*=} _filedir COMPREPLY+=( $( compgen -W "unconfined" -- "$cur" ) ) ;; diff --git a/docs/deprecated.md b/docs/deprecated.md index 7a351ac176..d2acf31f67 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -21,6 +21,8 @@ The following list of features are deprecated in Engine. The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. +The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consinstency with other similar flags, like `--storage-opt`. + ### Ambiguous event fields in API **Deprecated In Release: v1.10** diff --git a/docs/reference/run.md b/docs/reference/run.md index d0b33510f1..65271a285f 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -599,12 +599,12 @@ but the volume for `/bar` will not. Volumes inheritted via `--volumes-from` will with the same logic -- if the original volume was specified with a name it will **not** be removed. ## Security configuration - --security-opt="label:user:USER" : Set the label user for the container - --security-opt="label:role:ROLE" : Set the label role for the container - --security-opt="label:type:TYPE" : Set the label type for the container - --security-opt="label:level:LEVEL" : Set the label level for the container - --security-opt="label:disable" : Turn off label confinement for the container - --security-opt="apparmor:PROFILE" : Set the apparmor profile to be applied + --security-opt="label=user:USER" : Set the label user for the container + --security-opt="label=role:ROLE" : Set the label role for the container + --security-opt="label=type:TYPE" : Set the label type for the container + --security-opt="label=level:LEVEL" : Set the label level for the container + --security-opt="label=disable" : Turn off label confinement for the container + --security-opt="apparmor=PROFILE" : Set the apparmor profile to be applied to the container --security-opt="no-new-privileges" : Disable container processes from gaining new privileges @@ -617,23 +617,23 @@ the `--security-opt` flag. For example, you can specify the MCS/MLS level, a requirement for MLS systems. Specifying the level in the following command allows you to share the same content between containers. - $ docker run --security-opt label:level:s0:c100,c200 -it fedora bash + $ docker run --security-opt label=level:s0:c100,c200 -it fedora bash An MLS example might be: - $ docker run --security-opt label:level:TopSecret -it rhel7 bash + $ docker run --security-opt label=level:TopSecret -it rhel7 bash To disable the security labeling for this container versus running with the `--permissive` flag, use the following command: - $ docker run --security-opt label:disable -it fedora bash + $ docker run --security-opt label=disable -it fedora bash If you want a tighter security policy on the processes within a container, you can specify an alternate type for the container. You could run a container that is only allowed to listen on Apache ports by executing the following command: - $ docker run --security-opt label:type:svirt_apache_t -it centos bash + $ docker run --security-opt label=type:svirt_apache_t -it centos bash > **Note**: You would have to write policy defining a `svirt_apache_t` type. @@ -1078,7 +1078,7 @@ one can use this flag: > these cases to create your own custom seccomp profile based off our > [default](https://github.com/docker/docker/blob/master/profiles/seccomp/default.json). > Or if you don't want to run with the default seccomp profile, you can pass -> `--security-opt=seccomp:unconfined` on run. +> `--security-opt=seccomp=unconfined` on run. By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because diff --git a/man/docker-run.1.md b/man/docker-run.1.md index c92dd6a2c9..d63a0b6452 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -463,16 +463,18 @@ its root filesystem mounted as read only prohibiting any writes. **--security-opt**=[] Security Options - "label:user:USER" : Set the label user for the container - "label:role:ROLE" : Set the label role for the container - "label:type:TYPE" : Set the label type for the container - "label:level:LEVEL" : Set the label level for the container - "label:disable" : Turn off label confinement for the container - + "label=user:USER" : Set the label user for the container + "label=role:ROLE" : Set the label role for the container + "label=type:TYPE" : Set the label type for the container + "label=level:LEVEL" : Set the label level for the container + "label=disable" : Turn off label confinement for the container "no-new-privileges" : Disable container processes from gaining additional privileges - "seccomp:unconfined" : Turn off seccomp confinement for the container - "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter + "seccomp=unconfined" : Turn off seccomp confinement for the container + "seccomp=profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter + + "apparmor=unconfined" : Turn off apparmor confinement for the container + "apparmor=your-profile" : Set the apparmor confinement profile for the container **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. @@ -880,23 +882,23 @@ the `--security-opt` flag. For example, you can specify the MCS/MLS level, a requirement for MLS systems. Specifying the level in the following command allows you to share the same content between containers. - # docker run --security-opt label:level:s0:c100,c200 -i -t fedora bash + # docker run --security-opt label=level:s0:c100,c200 -i -t fedora bash An MLS example might be: - # docker run --security-opt label:level:TopSecret -i -t rhel7 bash + # docker run --security-opt label=level:TopSecret -i -t rhel7 bash To disable the security labeling for this container versus running with the `--permissive` flag, use the following command: - # docker run --security-opt label:disable -i -t fedora bash + # docker run --security-opt label=disable -i -t fedora bash If you want a tighter security policy on the processes within a container, you can specify an alternate type for the container. You could run a container that is only allowed to listen on Apache ports by executing the following command: - # docker run --security-opt label:type:svirt_apache_t -i -t centos bash + # docker run --security-opt label=type:svirt_apache_t -i -t centos bash Note: From 1f7e8ae84c48b2610cf1b9d3e666c8890474b873 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 21 Mar 2016 02:42:10 +0000 Subject: [PATCH 1264/2538] Update plugin docs for the covering of remote plugins (#20188). This fix updates the Plugin API docs to cover the case of remote plugins which could be deployed on a host different from the docker host, through spec or json files. This fix closes #20188. Signed-off-by: Yong Tang --- docs/extend/plugin_api.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index 1a4237e2c7..1e7ee24361 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -20,8 +20,9 @@ If you just want to learn about or use Docker plugins, look ## What plugins are -A plugin is a process running on the same docker host as the docker daemon, -which registers itself by placing a file in one of the plugin directories described in [Plugin discovery](#plugin-discovery). +A plugin is a process running on the same or a different host as the docker daemon, +which registers itself by placing a file on the same docker host in one of the plugin +directories described in [Plugin discovery](#plugin-discovery). Plugins have human-readable names, which are short, lowercase strings. For example, `flocker` or `weave`. @@ -37,9 +38,12 @@ user or container tries to use one by name. There are three types of files which can be put in the plugin directory. * `.sock` files are UNIX domain sockets. -* `.spec` files are text files containing a URL, such as `unix:///other.sock`. +* `.spec` files are text files containing a URL, such as `unix:///other.sock` or `tcp://localhost:8080`. * `.json` files are text files containing a full json specification for the plugin. +Plugins with UNIX domain socket files must run on the same docker host, whereas +plugins with spec or json files can run on a different host if a remote URL is specified. + UNIX domain socket files must be located under `/run/docker/plugins`, whereas spec files can be located either under `/etc/docker/plugins` or `/usr/lib/docker/plugins`. From 980e403319e988fb067413f7ea65f12c8c1cfe63 Mon Sep 17 00:00:00 2001 From: Brent Salisbury Date: Wed, 16 Mar 2016 06:39:47 -0400 Subject: [PATCH 1265/2538] Updates to macvlan/ipvlan experimental docs - Added a few more diagrams. - Fixed typos and a few additional details. - Moved experimental images to a new directory in /experimental/images per @cpuguy83 suggestion. Signed-off-by: Brent Salisbury --- experimental/images/ipvlan-l3.gliffy | 1 + experimental/images/ipvlan-l3.png | Bin 0 -> 18260 bytes experimental/images/ipvlan-l3.svg | 1 + experimental/images/ipvlan_l2_simple.gliffy | 1 + experimental/images/ipvlan_l2_simple.png | Bin 0 -> 20145 bytes experimental/images/ipvlan_l2_simple.svg | 1 + .../images/macvlan-bridge-ipvlan-l2.gliffy | 1 + .../images/macvlan-bridge-ipvlan-l2.png | Bin 0 -> 14527 bytes .../images/macvlan-bridge-ipvlan-l2.svg | 1 + .../images/macvlan_bridge_simple.gliffy | 1 + experimental/images/macvlan_bridge_simple.png | Bin 0 -> 22392 bytes experimental/images/macvlan_bridge_simple.svg | 1 + .../images/multi_tenant_8021q_vlans.gliffy | 1 + .../images/multi_tenant_8021q_vlans.png | Bin 0 -> 17879 bytes .../images/multi_tenant_8021q_vlans.svg | 1 + experimental/images/vlans-deeper-look.gliffy | 1 + experimental/images/vlans-deeper-look.png | Bin 0 -> 38837 bytes experimental/images/vlans-deeper-look.svg | 1 + experimental/vlan-networks.md | 70 +++++++++++++----- 19 files changed, 65 insertions(+), 17 deletions(-) create mode 100644 experimental/images/ipvlan-l3.gliffy create mode 100644 experimental/images/ipvlan-l3.png create mode 100644 experimental/images/ipvlan-l3.svg create mode 100644 experimental/images/ipvlan_l2_simple.gliffy create mode 100644 experimental/images/ipvlan_l2_simple.png create mode 100644 experimental/images/ipvlan_l2_simple.svg create mode 100644 experimental/images/macvlan-bridge-ipvlan-l2.gliffy create mode 100644 experimental/images/macvlan-bridge-ipvlan-l2.png create mode 100644 experimental/images/macvlan-bridge-ipvlan-l2.svg create mode 100644 experimental/images/macvlan_bridge_simple.gliffy create mode 100644 experimental/images/macvlan_bridge_simple.png create mode 100644 experimental/images/macvlan_bridge_simple.svg create mode 100644 experimental/images/multi_tenant_8021q_vlans.gliffy create mode 100644 experimental/images/multi_tenant_8021q_vlans.png create mode 100644 experimental/images/multi_tenant_8021q_vlans.svg create mode 100644 experimental/images/vlans-deeper-look.gliffy create mode 100644 experimental/images/vlans-deeper-look.png create mode 100644 experimental/images/vlans-deeper-look.svg diff --git a/experimental/images/ipvlan-l3.gliffy b/experimental/images/ipvlan-l3.gliffy new file mode 100644 index 0000000000..bf0512af76 --- /dev/null +++ b/experimental/images/ipvlan-l3.gliffy @@ -0,0 +1 @@ +{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":447,"height":422,"nodeIndex":326,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":9,"y":10.461511948529278},"max":{"x":447,"y":421.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":12.0,"y":200.0,"rotation":0.0,"id":276,"width":434.00000000000006,"height":197.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":275.0,"y":8.93295288085936,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":14,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":272,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":290,"py":1.0,"px":0.7071067811865476}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[82.0,295.5670471191406],[-4.628896294384617,211.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":285.0,"y":18.93295288085936,"rotation":0.0,"id":268,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":15,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":316,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":290,"py":0.9999999999999996,"px":0.29289321881345254}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-204.0,285.5670471191406],[-100.37110370561533,201.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.0,"y":203.5,"rotation":0.0,"id":267,"width":116.0,"height":16.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":16,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Docker Host

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":10.0,"y":28.93295288085936,"rotation":0.0,"id":278,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":17,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":290,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":0.5,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[217.5,167.06704711914062],[219.11774189711457,53.02855906766992]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":57.51435447730654,"y":10.461511948529278,"rotation":0.0,"id":246,"width":343.20677483961606,"height":143.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":18,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#434343","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":106.0,"y":55.19999694824217,"rotation":0.0,"id":262,"width":262.0,"height":75.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":22,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Unless notified about the container networks, the physical network does not have a route to their subnets

Who has 10.16.20.0/24?

Who has 10.1.20.0/24?

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.0,"y":403.5,"rotation":0.0,"id":282,"width":442.0,"height":18.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Containers can be on different subnets and reach each other

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":106.0,"y":252.5,"rotation":0.0,"id":288,"width":238.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

 Ipvlan L3 Mode

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":124.0,"y":172.0,"rotation":0.0,"id":290,"width":207.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":25,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":3.568965517241383,"y":0.0,"rotation":0.0,"id":291,"width":199.86206896551747,"height":42.0,"uid":null,"order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Eth0

192.168.50.10/24

Parent interface acts as a Router

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":29.0,"y":358.1999969482422,"rotation":0.0,"id":304,"width":390.99999999999994,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":29,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

All containers can ping each other without a router if

they share the same parent interface (example eth0)

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":24.0,"y":276.0,"rotation":0.0,"id":320,"width":134.0,"height":77.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":48,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":316,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[{"x":2.279999999999999,"y":0.0,"rotation":0.0,"id":317,"width":109.44000000000001,"height":43.0,"uid":null,"order":47,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Container(s)

Eth0 

172.16.20.x/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":10.0,"y":10.0,"rotation":0.0,"id":318,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":20.0,"rotation":0.0,"id":319,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":300.0,"y":276.0,"rotation":0.0,"id":321,"width":134.0,"height":77.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":49,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":272,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":35,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[{"x":2.279999999999999,"y":0.0,"rotation":0.0,"id":273,"width":109.44000000000001,"height":44.0,"uid":null,"order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Container(s)

Eth0 10.1.20.x/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":10.0,"y":10.0,"rotation":0.0,"id":310,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":20.0,"rotation":0.0,"id":312,"width":114.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.97,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":368.0,"y":85.93295288085938,"rotation":0.0,"id":322,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":50,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#434343","fillColor":"none","dashStyle":"4.0,4.0","startArrow":2,"endArrow":2,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-191.0,222.06704711914062],[-80.9272967534639,222.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":167.0,"y":25.499999999999986,"rotation":0.0,"id":323,"width":135.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":51,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Physical Network

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":53}],"shapeStyles":{},"lineStyles":{"global":{"fill":"none","stroke":"#434343","strokeWidth":2,"dashStyle":"4.0,4.0","startArrow":2,"endArrow":2,"orthoMode":2}},"textStyles":{"global":{"face":"Arial","size":"13px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458117032939,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}} \ No newline at end of file diff --git a/experimental/images/ipvlan-l3.png b/experimental/images/ipvlan-l3.png new file mode 100644 index 0000000000000000000000000000000000000000..3227a83ca1541ec68e06b0aa105e22fdf5ae9e6f GIT binary patch literal 18260 zcmaI6Wl$YmumyT>5AG1$-Q67ydXV7m8r+1pok>`#RfTA-*)bij0K-0C)TQ9yW|^N>XfP5?S3O{d6!$!B8y2koK&0EoKg z14FAa8wP53UX5(L=%bDVL&q0#^aP6T-8%nWjl|N@0|HYEm_x>-zYG8X+2Wz0n@ zzI=J7-uZdIPqutrz|x1Ai?3;VhTlje(*-0XDKBVe#9*5bMa}EV0b?Ns0MG@0Ui2`_ zyA_7pwKNt+WmVFd);j7*KV7ZMKpvgIJVpRB zk%B`-b-EM-07kw-z$Bs2hOsF>sATd?h@Xx{3=r`1M{l@jXOaH_z4MhL$3kWlz_!oll8RWh!Q%ROqdsGnb z(TIUiKA{RJOZ(q_NwQH7TH06B6ls}!%=IAY1^)X7pr@=O1Q$j*e|F|%#TA_w-Y;kC z)_`zJ#`9NCCW{OdMugwWB?QLTkvyi0WxiQ_#T0~ZQXY15j6v3s1PYv2ei$9RP7duU zqHT!9#~0bi?!lGe=?X6%oIH~_-Z`^`G@SyH#Q}0r7>^JBu!Keq-(wCBenOz|2O&fP z%g(=xOm2N&(JGPhAZ&+bB(oa!l?)rZAHYn!%X6=Q?12*Z=-5I<(n;+L6OzT~%aEvO zgv8_ogMJaz{p`T;w{DzN-7~1pVqIlvWlRHg>_wsK z+@e+a#w-GRB!9D%P4X!uI$n1QEJo%7!P9sat=Yi+8?`ar93aXXi7MWN=hA*yn@Ikk z4&`q8r987}hlINhTR;^mdxMx-+>@>TP$>)3LgwW~Dq;mQ#%#p8{3(LFu9AB9%YwlX zX^Jt4C~j&qDj?O8cx?i0hwDmDi>9@%F0a|XWrlKxLu-fY0YY#dF;{(Xz#B^()XVp~ zA+#qOWF3Pblb9U2Xb05_fp~})4vZ# zE$5YiKsXBY*+b>07f3O)+SciM@ArFu`gqLyfO499UTM3S_#0RA)ci8kaC()t{CdH{ zUsheO{k`w`&G72YZ?(N1(zlZBufdwTu4o5M#we0nv6WmAo=8Wu(MTcf4Y?&QG)0oU znn9uhM0uu(8;#a5mXez3LPqk*Z#>J&vJ<;CvtdznTbY7$yAnJkFbEtY;(+bo<^Jk( zA>&D(D;*-QXyd%8x~=Fqj7_gcZx1elO`pe&sgB2$F=5#aF7~q%`{`%x&~7&!Hn|YE;!;Q?f*HvOpP-Tm=35u|Ah?>^rxk9yuVL1k zkP^ZRJesL>xg0b!OlMvo;5~)DutD19qHL%dXWPo&|3$Fk!83qR$Kc!-p}nmF?BkD*xxZZfVH1jrnX&-rzd4 zB9>wgQ1hSXV;Ch*6{l5Ws3&5^Z!QG)EfD;%2R=$vYzyZBIc4%=<%&9Uj*)QAJ~z^( zFcF@R^!oic!@aLO^ zn?UzwRe>!I+wm%NXK&$s=!@y=yA~n?K4GTE9nLwYxBrB5XVLJwnD6h{Z+ixERd5+Q0=_af_Z{pPmwPMNNVo= z^rA8x<0ts<5;8ZH)PoX%ne?R%?CbFx1>|Ft)?W5U-c9Y~dz5En8}m-QISYB@`4mY4 zW9t(O60{?YD}w}=snv7$F%1kM6P(L@8S?sxGEPWj|6uQpuv}y$PXwxizk|Yb$fH2j)Be<57<|=?) z7=toefVrv94SujOJ#Sg}yqaIWaY&Y??*6k$VyYbK8$AKc3jb%HTNw$Jb39d2mjxM@ z=d=|(v4Gd_E2cLLyx|}PT6r4s!8}pN-omkWg$xi>=)Dcr#<%ZPVn6f(SlFy~AHLY}=vShNZvs(>Pq`tkJX`n-95d-;rIln`$j| z`F``ctP$Lp%wj`vVKkAJffxJ%mR%E**F(o4QG1_%i2C!cB_M0?~vd%-A{K#TYrfuY6jxF_V7z1G^W^5 zTkPJ+SUdJ+k0#}#=jb4>-k?DVlkLplLG^rRCC{vgKNjI2DZP{(l3auvN}-9e*HX3E zY|ZkKA5d6X?|Deh9z~GQ@vQf=zMECF6tFx~Cf96uRL2Dyr0O3vRLGz;L)IUN?B zsq%We9EPv;iZn;9Zw!hiW zLd0HaeQ06T&$dp7q5FmKY2{BO06lC!TZ_Ri!ge{a&lmz7vGuv+$C zbi2UsYwN#=!F=TImu$daixwP`59?9biqDER2Aw-gPW8$CFsdmt!!B>PT5w#|C)r}_ z2;_M;_b&-|Y=^zpH(i*;wxxzVY?Or(o&kELz~rcAsz}r4i~dI~HKcqu_#{jl=wi@s6Il?Ufv3kf$F~w?T zXS0y$z?7NWvchoB$7{tI#Ro0uTOhEjvHzIfn}xQ_e1hz7neMVY0$xKoF~@7A9Z6Uv zjoS!uqN>pUm?DoL+82J7uGh=@Y{gT@)8l)~nTHM}BDEce8f#*F&?`G>1XN}0*gkzG zYab%K;%OL+gr5|jq|5GB`|;AA>;DplY!-@Wne1udl)5|VjAOAF3mu&HBp4$r3eWWu zGbk%;Co*CYpfqG1SCJ$%SuWA1I_p-mXg+p95oO_zl%Vn>hFagYp4ls4X0;sVKXL|A z{9GC$LuGOv_`^xGS2dPKM`&)S#B4DZIYEPdjfYgGbCPpwzemhxK>YV6e{jy>o1q zL2V0HFsggj|2)H%xFm=oCa1Iz;*$uC=POKh$r;s;^A6XJ@FF^4mVHxM=l$BmB7biWn!)HR#8Sen(!Q7)C~Ladc&k82OJh>_J?`mN<))eYFWR$j6;7-lu|#i}e*ftl`m>F$2P~R$ zHbl2-&`;>f%_-Duu(o5oF#7o8cgir@y3)Tbnrqf)bYz%&RCY36ECGEAl%NaqW=Z(< znTQ{!!A7)0jX3!%h`PeC$J1#=EG>{YX zf7soO!SffH(yI~zflPj>oQCo@t-lf&W_Z92tQ&ZvF0L$8@B-K(#Ts_P^WjPyv0c~- z^`vN@8u~lK9P`oGLASHezt;*GG*p)HXp+nMY@%4K|HK%qF7io#l|7}S_i&*S7nhUsDyo3PDMlyrL`O?WgU7i!5kUL%_&l&#LbkI zec7`)NhjISeE>!LAyZl@GiVcMQl9)C{q3fOo4?KQB5WK?^6s`oooI@N)o8jP^LKL3hoE+ zf2>c?7s=!J#GA#Bh7D}hhj=I)B!AA^aDSP$wKz9iHAqj~_0J=vviS8#3ET+ThUMYT zu+U#iGfvpVV2rZ+^kxq3EvtV|=*j&3jf|iG5|z7@YE1rCg~eLD;>eYV0^CU4A3-FcXaU4u!CqR>5Hl zd6qua$)>X~Mo4r8?m$#l&>lrw+J|9rK_+EaV|k5i+CJw&@{6QIb9UcoXT-@`LqPX= z@2LgNU;N_jmXq4$R9!QMHq>S?1x%Y5foxeE*GN+gB0nym~A+YzVc9 zU;Eua>iH+B215L3o(BG*_|J$>^?I<$Ih^ZSZyAk`Z(hG^$j>pG>YAN9X-AWrU2TtR zy?oms@-**ya<3-)vVM0v^AHg&4w5HV!?=1k$Qyxe-u6<-NFj9hq`v|6kt#j{|E{9_ z5mekudG@#+N6?+Y0vt8yEfdyhoD&9CN=ba8bfU>rH|CGFbFw$K|t&85e9*)7!M`NgD<&I4y=aaT$oI`wC|^b5mEAEkDqraetCI@ z-+g*2Xo<5lR;PBwMnSn1%pzOnWL-(ZL&Iw(wL0CAAk_YhgLL`<(V!oE+=6=Cq$Q8} zEmZ3n?!2)Zfrt;EIlv{tLhb<7ooMUl(oJEccYX#@?z4vb9Fl(L`x=o-4NV0TQlv)f z_fz9`q{Lo`NhyWhg{gMIl)3%f&fl6e49qG)NS)IJFh~T3otpcK(}T#uIuQPS51t-! z3wF8b-KGC1rEQC79hVisWmDd*0kueu3I~dvL7>}j>@O;qcE^#3$%N4j3VJzuZ$n;s z%ZjphD|29+=ZGDyJL3a?L$ek3D}8+cDS|6VooLE%{DIgSYfX3A?K=ZFltvHJTz~oD zG`L-6cY|6tTYckE3K)(x;F%tbyne&%i3pus>yR1YWX^;>1bc-AB_ESPd00(M2c#!h zQ?E1L?8xmUSjDM5IPe2HM<726F*gMwG8Cpx(*808RW#Hdz0fRYWP<)+7;AL_d=b@d zR>CkiFt3y5YSHER+rM5oUi+zEBt$$EFf_3^V&p5e{{1kZ^1)paM(iYxRPCknIPGuq zMVh#Ym|YQu<8SVpX-77=!cuiq7Q&L(v~EhF{tGM%Au_474&ZX`qAZqOO%j#sI#6crI0s6gy-PogU(m^H|vAak_JK;TY^q>7aM_&(BRmQCRV)If8U`d z(#A2~)7(WLxgH8sWhf&*$6UF%8e1J?M4emU)3>jx+4)9mDI(yRdj8!bzoeR^@}&&W z8{XG7N90j6?hg{g$l=u2#ZJW6C8)4)hT4P<7vM62l55*lO4Xwf+gJql&_Zow2(yrW zWXZ@x%QKs>ISd}n{-$$%X!Jktd{Zh)2hlLlbZgOH?E zBTgBxF*YAQ6uK;4Z)c8hb-)H%|2@s$Bde$U`^#=GHBGz zCI0QztR>93kKu{T-Xq#iY*_%N3aL7i5p0W`x3?zBe7W@e>AZ0m@{ftO<%^T3<3sxZ zH}`TDzmjQywsB6-R0+MQf~477*(IqvA@DkQ4)|zsR|RG4lCU62or*MyO^jX->0X$1T2hUkIC#y*XSfYWY%=xE zjuW;-ifb}QEQVGzFmGhmF`TVaiKE%G)T&KHVj%ohxT-9Bt0&u^O3Ej*luP(^yms7S zOlW>GUo&d)6`7&g(NG7lSN;LQ>-1?J9heLiODulF<0$vH2Ko!`w9$nZ4=$#O|eAS^G53K{9f1SzpXVlAG{i-8;oMhzcstd1R;i$4q{(g5JYjl;B-E>j5?8o_3$B@{1 z9Ghdc!YH9HjFl@-p35w5K-!5-2onQ;j8y_zS@m$uJA?m??<0ZPQkp~gBl^A5TDG?j z>`m11Dl_rq8sJN^*ik~>_F590nK<58GJl8t6r#GxLD3Kdbgo!5<6A>rU08s!-5mi+rT-1Lfs+3qYIZz-) zcm|_FsVog%T{Z9rP?%EyZ;qYAx9mh~XwX8t`)^^#NczBLsoWkv+A@FW)r~QmOz4k0 zqM-`k>IFKf*~FtfJ;Ql0!<3hRd7HzRMp?qd)03tDRo<+@63DwPP$yWrD}@S$~xxJ1zN+vzE@*%OxZUWp`mZKMoZiq^yniF^$sROaAF ztYBOQ5|TB~pOHCO$@^%13XwMcMp>b&PRk%T_JK;tLaJX7o0i>|ywKDkMc*;ZM<*H1 zmVBrLEaRm?0N;gc37I}}%kW6f;#;<{_DAj0I_bHHJ0#=&$2mVEPn#^?q!Q9ckfgX9 zP%3_Ur~@ifD|Mi#To~j{kJSLz*YfnV$c}jA#Ds2TB?CfxduQiO?diuVsJbd6F_5O{ zDVbIEmL2cxqCxdAp_T89V^8_gWXgj6X;(j%%sQVdXDd?&rdbwHK!s?wP{P+3vB=1w zo)2c)9&56^${ZZAUh?YU;Mm5&lAI)zv+MfCz%>VL5WGl><^OgrzsQX45!U>7m4B^U zr;mCfa+_~EI%T@<@@IN{`6B!zT%%-mJ{<6qlSt|Q=U-kmpvrVjv-N5ZKy8YhoSH4$ zZZo+v&13fqqkV06z#%gZXRMnIWcgy^!92-1k!~z2Zm6HOT1^AhO~CP;WQ~^xiB94Ur#J9jM?w@ilch`WKCRsASC>?DCfOaa`ep&u zN&XkzuJDr#I~N-Qe77>Ob?0Qx9avkA#8@Jsw4X~&kr3Jd2+civvp;#?43FNl zS9uG$1$mH#!-K`EWU{f&`wc*dDzcrjB=ktkE^|dimZ$K`6UB50%H80{eo0tsqLmEN zVAhq+mblRz+x520I3^1vI(e)c40TY9{Y!ODmq}-~m+~^{C@~j3`yP`XT}Lv*LrGMR z=FOzdYrIH;P^(>kh7>Ks>3+XGUreeR?9=*R1cn=Kg5t(3cqwX4F0mG998NYSJYNK~ zn!zPCoRaecBNzCtRzy8K-^sZR}uw}W|XmlCUlpf=V}11|M3J|&SfE` z*&G!j*JH{+vfw2?oAdT9(|YaOUYERd`gXohy>oi}$?I4Twz9=K@=OENOvUu+jtfs7rmT}Pfc`gbFw0>?M_G$M0*YhDffOcykB zSUeyro(Z$65FVG3E@<;H@a!vt7qH2B6hVoJ__2H<=3lf?<;0P2Q*ExWQ=C%dZ$FmO z@~j^uP4GIH>?F~Uz0p1|7v5S)rSqIg4&-itkqf`#ZdGNsZ~rk*p$MfSgoo{Mejn_19oQuxL+X}`WXEcb*=12X`_`VjL9XMyel0D{7 zU2&clVO>RzUkHoSrL;#GAnAdNu~H*ZU%~H^n&XFZpJLmpos&nv5$Ir?`ak;-z@v=W z11=VBE>@YanO6!+`;2-t;7omez=@^Rx&iLv8u(W4zd;>=rqZ)O;q}7tY#RowJqfzsqj+eb#%PvYZE* z@vCHaR4TT%LW)K${^f^GA{f6|vdnLIFD6Q@{;SIb{2JW{?nTNM_9~O^jW8ezEo~v- zq$ORU$H?>Gswm;)uhT*wJFL0U5brTnl4;poes2RxUQ*};>2o+swK-xXFGWH7|Yvj5j+X2zTGhw!g@4>Jt#ouOz@UE zZA;qQ2x6`(ZJ{R_=RhB9!5SE2|TG=Nssc!4(zW++6latl&==sNAlf znZp)cO|xFX&E++jiwoWu$E-B!@v_Pc^!dLSr_a3mvSzs0>t+_cDuXP^349L&*oG+_ zJx1Onro!7kZz7MdE4pcFqtjs+?VtDvB}*y<;Wxstw>x%}K7Y(yR5rRB&@;SN1eOy` z+o8s4q6>d&4ocSLT$QtVXjXrSBYQyT*C}5g-k&x{R}g)m0u)?-)POVAN?Pj*F-w;N zAGttpdZni+MLW(hq>_C4CvWRXTQ{B4IQZ};t zfCj7(Xt~%y8XVYU)JZDS?#t7JK=@^t_oIjpOq7f@w z;`p`C26J;3jE#E&7UUdR$$7tB83jcabI@LoQb~`h2GVOxeloh*Uh70KJZOXIt#Lsd zI}m>ETK!y7A{nYF)bd7VjkTqz=nlPo${!xY;d%~37Vem@V5w|a(c-lkrfA7IudAY( zo*8q*XzqbdOG67Z-QdmrO+FgYE+6(~5IRj9&IpNF;%Vo8f@JzD^SxT`%g-Fs`gkTh zutYedybNXt1dEgw01vV(#leHm=fo;8&#vHoz$YtPHo;Uf%p_*V5Z9dyg$JREiCNB5 zA zEO^oEVHdHWj%rt9em85-_mr>9sYRDkP5+LAM=L>>TlOCy!8dviR3$H@IkA%SqrL#4 z8vDx+B?7`b^L4S?8>SCWA6Gx3&(Fw~*VjrS@w?Z_*P354tSs&07D(zM z8aU4Z5@MaWMHDC_iNzTO4t#|f zl=2Iiop^~f*_>Buw0WVxpstXzI*OxmW(1Z436J9twion_%fJg(1_d5q*Yc#3d{nld z-I9UUN0XOkID$A?sM%`HC3X@!Sw`y8w&nA;ak)zInSarJ&Vje8IBPZYs>AHd2f`B= zzgX`{Yd@gzyU-?Nau}u8%*BLSlm}EDH)0J!7l1p4dcINO*vb@s`eqsBqg?7DNEt7> z-|kGbxW~A6t1fU%xyD^5y;|cHmcJ%ip?&$)kYP}u0JYJ{KV(A`DJ{pE3yt4 zM4ilIClq;rW6|wQE#coE#<94s;WMDS2+A^Ie~|u6gfpy#8Q{Vui5|Gf;a5yW;(sb@ zwJ`7nYOpMf6&8Hp5E6euxzALT1kdd?LTJ7IWO2o1ehJ{q>;*00~! z3yo>y5#01Qe-M!v&xyCJZ9(CfyG=xyPtJ`|YShOw){!epHxtNc$4`?y@Urm_H>1`z z^z2KF;odTo(a=dPUlNK}8CKQ*#viT#BTUVyDD4ETA%}MNa(NY9qcCRg2CW;%FzU9b z`Qf}OTbjCfLZN+%u^tu{=G3;{sQ86gE@*LW9yz1n91stI+B7??%F7(KXjah_0%M70w0uw~z4S2K#R-)Ts+r|rV(f=UjY4RAu;`m}7^e3b&LuKoUR{77?`+abD z(a%KcmnY=K_NEL{o^^kw&M~4H--%=mLBL8$yGMPB^4VqzN2Z|$y*ll<(b=jN;Ru9M zmT1ZMGzg!^QcR_#J85JW}m%S{w4tpau3Bh+2cu1 zyLR~C>qvZd-@Jw`!eB+Z!73nlPyb?=J~3Y&1TDbY=@ndKmcoIgmLr?LjVeuJGP>qp zs`eGyyeE0mw<*W*jMK4zfQ(S3AU1)>G>D&MB!ZN&-1BGhLmA~6uRkr)AdrRPXLs1- zb8xym-7@HLbi!xlaHq6#B~DfhD$Cax~r!r@4H&H%%O0YP-No3YXxj;+naW{ zJmtSD9W(Q7GuA6dspe?Pn*J#0wR0Jh7Fj=v_sW1%MOypm+r?<;jdLDqFs({EGc!~! z9N5)K>F)8ez&r)?JrSA#@&a2l^f(pyK$rGuny#z%6zK9)ewBy_?DBrd(?)hZNt%J= zz^^4WD)MkHtAoc~V;BT2i7sg9zOCD6Ez+gvUZTPklb56&U6qU*L(2-}ulpIZ!XS^rYQ83bmQzLzP!)w)4f*^(&}n7_KG z03c8?QdQc;z!FqMf2)MxO_M4in9ZT-L(0j;QeeL})>bzB38xLHt%at5)dlaG7e+s( z>AXiz&-FY7f0c19!qsLZwaC(>iL)VU#OtIAJNmRAO#SSwpM>!E5l>=t6>ezI*ML}s zZGOF;(bK&!1R%=ZOpd@P7(jOLI{NDtx`ENh<`35g$@+)bZq_-uOAoyhN`5}WikFcT zhnc0;p#I2~1wrr913&d&GE}WVc8(Sw>wqUSu4gG0|C(Yn;@*TI;9F*{pW!DvA%#|E z8Cz9z+zhlfA_}_0@7SnCg6xF!+qB3n$ypPypaL;e|{zyvFx*a$Kb>1g5n-WDa`yB;gL<7 z6StQ}cPUw*DSsrE=m*qW(7p)iGRJU+(GMRLN!Nwj_g)Zh?JV$VJ}p03ACgN*oj7J5 zBYojC@=|y}3_cvQoErfwactWc6*g^*giL3!&b)#Q!XhyCVA4^qeSq$t4I)^sKJ1;1 zC4N@1Xd?e*ME_1d`*#l+b`wtCo&gJ(q8M^^E|P=MH4n84Fb*u5ed}b6=0U(;EDbp) z^P`+cR+Zf{k*0uiHnPgHni7>G$q=^^rXT+~H#JT{Q~qC{TlwCzWuQgW-8S4M*NTTEr zaT`Y=a!jhHTVn1OGkuXyR_IUWRF(nnuiNskz$zj!Bs7!M(?6Q0`a}>Y!4N}@9hg@Q zWPxXd#T}1_x1s4b?k*Y`mTD=H)T3V;MdCg1a;MACU;odjaHt{IfJK<$H}$H|D8k}3 zA-`O%5$BH+y@R*kl1ZLwvdS17mdTd)IfZ0;dIg{m7p*hu4bPiL?@a;_>aSnxDn?pr z5|IVfBMZz(Pn_o!Z10Wgm_8SLU6S~ww0m>ET0TG}Di|*Es|LI)lR^JPh%+88%5lX? zCL3k%mf}<#N1R!bUGCpgo}M;Vi@yjb6qH%dLW712_cHCbSK19Cu>eI+erErHh-O-H zG^XT_)Pj|m=zE=gEsZy>Kp6#==aSJ3aFyH%jm-~nl@tkt*#ljYXjmw=k@SR04BgTU zy&ZggKYC^cIr-hxZ$_A|^OyBi>GAd2ThZXS$6yAwshKJEcH~NWWYl$}*RZEF%p!4O z6k|tsWrOX#mFZn4DbHooDZkrb00sQ%{f~wox^)j(PRYv0yB&kX3Fk0)l2z=?#x*m~FXEGfqXoN?@|qa^2Ng$%=Rhy1@K2>B#_6Sf~uG zv?Wpzy38r~U4*S;-jD#v$nbg~)Ds z-V1jS38MSa$3U!PWOv>AG!KB-3!SVD2~@J&Hm$GJ606ezHEt5R!^dP*Sue2R5LlI2 z1-LyCs3tiKBP~1~b7XB;$r2_FqN=cl0N%;V9|aaY?B|!eYOM0-ZbpIf8n<-@TIxp9 z^7c-33NeU<43x4ZFdk1!;pIA|A}N-~J>BmGIIg$RP_gtk#`@VJN5h?>C0I{^b3N~1 zL}T7Y_*AY`dvMB{*^gQSaJ{(MhhL$y<$292A*UFozBZM3~(;sZPVTPX` z;ztmP1_t8Lp6k=iJq^y+;yra(H3?$I`wt!P&D$Rqaw9m~zrI7yN>tnfofCm)94zL< z{8-Whkl46_vzx--yXbF#KUFaL+AsF%slVT0W>T-qm6{TrH%TU1R#Dz#&sIqI^kc9q zw;ri=0GpQBmuLj!F)rno96#NBMH7K1mIV&TBdM=`PwA8(&&;y*v!;cQ2^g}>|7IK& z57obBP%K%COCx4G=d{oLt^#C||MTFtmskAJG=zLftXu-gq5R2!)-dyNzsq;AhpJ*K ztAu{Ph1kAg!;d3$9)mK%N>LoaJ6GW~tMF$LmgWBjvKBQoRUp>PGL|Yg#ahkBU^EbI zCN=B-|3LY1ADW^>m0j6H>nhiv@Dh%uM4VmO^uIyUY7_l5?Qaz;Qx~5a&@|NyX?l; zPWS{aMqby)>DCcpg25VM8%gPd{ z`i70!YNM^ddIOqTtT0OkHEjp@<;h0ZO4uM;keT|rp-APLsivz)9fl6|zTY{|<3`r2 zp2t(8iifGA!(nH(*QDE|&z9Gt;4Rep%U|4mZ@RU#qedH3g)#NR|G8wRR*hT!yYb=O zXDa#S{z1Os6_P4%Hl<$e#142Zt zoR|#2%+LVsMg}7bni>hQ{pP8=FrVA45RMiq8$yvnSL*tL1$I(QfS%M(yfP@iS1AWP z2lIKKPNAM=3+>*#(-?K6gtfuQnxk1THy7?{9n%Sd!kIXmuYZMOhTWt37B?yU#B7r? z=G^ACYZRx!PSFSS6NzhE# z@p9cd3|MUYhbKhOR>}1xDRPICg~677VMF>KM{yOwwG8jd7oE(Rq;LFL?168HD!j6u z)d2J5o;$D6xnA0_@ZFBP_J%DqW3f8XN|uy@{jn%Mm#`VpCJ@E4D1=!QIe1d?Yy(Xc z^!Zww#2ur07i<<=5|fSP_Bw?qoU{lGBg;fMyhdql2A=R4Z6;84N?>%8R+{`C(sL!izbn-3vm$vn0B+f&fsN`3e9f{dyAlRtYQ)7R&;f zo*r*1v&TM6$SXV;|8_Its9kt?6T)TK)NxUS7*1tdO>{+`#NYijV*`DvbsCLSv@;ES zH;(!Dz+Rc`LkCBnZ4O6IIJ}Ij(-iK0oG7sxy3yt99q~GzzL(svlWZs2^>>VrPdQPH zpw8bvR!qC&;aIhf*u`*>;K?rINRW6-(G<<#iDN{W6j1z+D--bGVOxfI!Jd?*GG@HGRC=q%kZm^;YZa#SvWfyxZylM?9sygkg0xe-)JN$i~3j4=>q5^3lW_ zeKCy?#k?>FCGd`ycvAk$(@B1A?dg~tl1$5R1!P?();c;9SYAsr{G;+cQTl-icPs#uf4>R)!KaO&u-5@<9+Qyv2 zgSmcVgp&RhF-Lx9Fr;BoSG%pcxS#E*M)5{$Z{6oiIA)0^`2@ahw9T$?)zep6<8@sN znFvBk8>g@0XERfv;dVO*95Bl7SXK=9|5Ku%R?vlcUbP+!ABR6X`x9tPsM28o9NPb&|y<*Vh|BxTP&W`MwosXwnC$;YCxBRwUUIQMF@s0~s zhMr9cE`1N-j~Lsn*x)W&h%1}OK~Y+-(!IdT4LCYMTgSTKNuLwG#SnV9B^0$o^I-&d zEB_4%Tdej+$XUsazv3nMegSFWg}`zr!-Z`38hLMM_dx=fr$EHXl+Cl~p&_DwluAB{H~tZkx<-hN;&4CCl5*aJQc2qi7WNiE_EbCV{|Mw%gm zU7(B4SKd`!FkvTDi?}!5)_zC(qda#I8p9I+@`^e~n(dK-F%=;)_Ij+JIAnVYBo#AE zNAEvV=szD{AkJY6Lx)#1qa`-2sL7jZM=%W?9RDQ>&TH~rjkqF_X4+h>?2S;6q0mfD z^sL&_!jNx%GMnaAQ=w%3-sXl8aH5+3HF9b5pfq z`C~s?RAg5YSprv)0CvY*>~1o@y6xaU!E9r=hAU!;bt7L&#uJloz7o;bTLQ@hOT*7iQmj=<}S* z8JH^4bM=LI55#zrwlHaIVwK?_g})Rp;Gqjc}(SeJz3?Xs4&({VfvzRl&J?ISrJ82m~9yD z>~4NbSo$qEyF5}p|!AiOZ%uKV{J9q|X2bSTwfkBzp zq@9pkm!7bCcfIRk{sSE0^%U1zxsv*Ssptc7=_tObJsm;QyfBLU=(xs`m9BukN|8_5 zDia)iupL;TlV(JjUiPiS7yqG^P9VU>Z)u3~nGf zJfmNSh;oc(4-Dc>)wXKuuyG=r%n$~OT>B|)nB1$>&&LFm%^LaVf6XBk55vOp;n-8V z>~ICg?cJg8EbAoN-fZZs=`1NYH3}ehhPQ!Ln*2A@%HG&rjQc`)(xNoq7iQoiaZ+Si zGzvHwmCjc<&A1_3Yk-f;*XT~KcR)C3pG75LYWD6m0WWRX51~AhcsY-c zMZP`DQqzpvRmFOpWF~^ljzWxa*@(`&NY$)-{hv)RI(nzPk-Mo451`P@ZA#P|fP&@t z)DqqQR_11mtPm=ESM~X`jTKE3+#*^Gp#Y^+09xTH7FK_C;2m19OdMvPe^Yl;wp5*t!ch-YkD&-ho1 zoI$$7#aIZ&^zJ6!%H*Mli>CcaOPqULQHg^k@gW?ykRae@*v7Pgex5B&-!puyro;E5 zY&Jon-MYCOT?u`(BMS?~j|v=NWq~uFdkSaO%D=@dMP3g^v}IxWy7g)Ic^Y6xu13EJ zQe!HY>%j;7gWQ(FocLV?%oPxptEmq0?EvU$c^&wU+C?xIm$A~h7kXzIycIepNR_u_ zgWyon(Q5ODq@muYEd-&I^w)hdKjn+uAzpj8DyF@x(J~4M9iIpkp0n6rl&Y8Yx*8SSX#4b&t6MtY-+vi9=BG05!BwEc7Z~- zwyE}!zIs(w>9rhNTYsThyfMG|@#yNaw|o)$E^=ru~97`Wc|aHmuv!iaz7SWsgge3Egn&R07)Tuf1jRb-a#<{^6)!Iko7oP}F* z5qbk6nqWmGVs}aGMvZ0X*-MRl*X$|8@IltFJ|Pi=u_WzBTutdTTz@j6Px<> zRukMQ8@8y;1k?ixEt2%P0fzVT^6{HB+G;v)8DLlftHq^IZ5iWC8_#_|>+)Xd>fMlc z;(Cqf=lgW3+Cz`tctK_Z>NE{H>Jp|pMqk|xi@gdByYsc&=n}0Z+(%R2(W`~Lt3#2* zdO)S$L#m*I&Vt&*3g+r9qUoeTgFTe{V@Mw!^`IMhn)SsvQR~5k?4`*B+$kH@C`@oT z^?*W)WPNUc;oVkIw{?*Th9yufNTJ#;w8;{Et#hP)hb|j48~$`KLQ{uLKA1PNdX#k< z(+KCy2%UF{`eT9G$Q8o_{c?l4O<%FsCHO0FZD;3$pxX@V^{hd(@nW=ppxbSrX-xTP zf;x2L;6X(&575D<-fqX{Yio&&E(^7;I6r*q*2vQ=0a1JgYZq|GDH~b@6C7|2D6~lU z+yKKnr(q)l%wK&q;8Lj836t@i+I{)(hYKStSUg|)ZJ|`qi&y<|X*}8{jd!DS15KBh zB^$@01$&gwg+zmiwP3$wtvXkvvkQ}nV$easpaxc=p}#dNmRc{}{P3w;qjt?w3{is9 z47hpG_4^#1EeuBTuswLsYekDWh|x0=UyQqzEP?oci}16k0UxbHl3h z?pe+V!|JPnl*A{(m@!7^EVqp0py&{)@-kH#;Zb?Z(@DN2vu}y6{$!TAk(gyT^Og#B z`wr8ag5jhwiW#8?s6&y>o^3Kmu@@a=7StDkwX+j?01LIg5PA627^7Ep5=@%tiBpZNqnCfvqrQ)xzWwjG|=Qqn)&cF$z9^S{JzWk zygtOc>)O{ulgSEIT!PtXW3x-|6&0188+vC6-}sqN!(1=wP-M3dZT;KB^3g#8)WF)= zE*kxj=p)0_dYh7mPmPhMIW}#g^0gBeSEUQMQ#P~+CM2BtIR}Ln4WAoUop;YhMi^FK z4WuLrW2V5#Q9LPo<;s`*X(l$q#a?lxckao*-sZ`F`1gxXUL*vn|I-_`hu2&{L?`X- z;)?wF-w_kJIuuFtP2CKb;{Y8rKn<*o&lvkFyJPAOG06{~8Y5q`n1QJ19_!f*I$PXn z8(P$60_wLN6k0TVZdi5RErEhF!?60Q#idZKjM*dF-HnZnJ^Kk!-{DockerHostUnlessnotifiedaboutthecontainernetworks,thephysicalnetworkdoesnothavearoutetotheirsubnetsWhohas10.16.20.0/24?Whohas10.1.20.0/24?ContainerscanbeondifferentsubnetsandreacheachotherIpvlanL3ModeEth0192.168.50.10/24ParentinterfaceactsasaRouterAllcontainerscanpingeachotherarouterifwithouttheysharetheparentinterface (sameexampleeth0)Container(s)Eth010.1.20.x/24Container(s)Eth0172.16.20.x/24PhysicalNetwork \ No newline at end of file diff --git a/experimental/images/ipvlan_l2_simple.gliffy b/experimental/images/ipvlan_l2_simple.gliffy new file mode 100644 index 0000000000..41b0475dfa --- /dev/null +++ b/experimental/images/ipvlan_l2_simple.gliffy @@ -0,0 +1 @@ +{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":323,"height":292,"nodeIndex":211,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":16,"y":21.51999694824218},"max":{"x":323,"y":291.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":241.0,"y":36.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":41,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":85.0,"y":50.0,"rotation":0.0,"id":150,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[3.1159999999999997,6.359996948242184],[85.55799999999999,6.359996948242184],[85.55799999999999,62.0],[84.0,62.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":22.803646598905374,"y":21.51999694824218,"rotation":0.0,"id":134,"width":64.31235340109463,"height":90.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":43,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":87.0,"y":24.199996948242188,"rotation":0.0,"id":187,"width":105.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":39,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

eth0 192.168.1.0/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":147.0,"y":50.0,"rotation":0.0,"id":196,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":40,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":199,"py":0.5,"px":0.0}}},"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-82.00001598011289,6.075000000000003],[94.0,6.075000000000003]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":220.0,"y":79.19999694824219,"rotation":0.0,"id":207,"width":105.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Network Router

192.168.1.1/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":27.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":129,"width":262.0,"height":124.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#929292","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":33.0,"y":157.96785409109907,"rotation":0.0,"id":114,"width":150.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":16,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.9951060358893704,"rotation":0.0,"id":95,"width":62.0,"height":36.17618270799329,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":4,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.2300163132136848,"rotation":0.0,"id":96,"width":3.719999999999998,"height":29.7161500815659,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":13,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":99,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":99,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8599999999999994,-1.2920065252854727],[1.8599999999999994,31.0081566068514]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.2300163132136848,"rotation":0.0,"id":97,"width":1.2156862745098034,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.292006525285804],[-1.4193795664340882,31.008156606851536]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.5073409461663854,"rotation":0.0,"id":98,"width":1.239999999999999,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.4306688417619762],[2.0393795664339223,32.73083197389853]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9380097879282103,"rotation":0.0,"id":99,"width":62.0,"height":32.300163132136866,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":2,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":38.326264274062034,"rotation":0.0,"id":112,"width":150.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

container1

192.168.1.2/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":124.0,"y":157.96785409109907,"rotation":0.0,"id":115,"width":150.0,"height":58.99999999999999,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":33,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.94518760195788,"rotation":0.0,"id":116,"width":62.0,"height":35.573246329526725,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":21,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.1761827079934557,"rotation":0.0,"id":117,"width":3.719999999999998,"height":29.220880913539798,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":30,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8600000000000136,-1.2704730831974018],[1.8600000000000136,30.49135399673719]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.1761827079934557,"rotation":0.0,"id":118,"width":1.2156862745098034,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.2704730831977067],[-1.4193795664340882,30.491353996737335]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.482218597063612,"rotation":0.0,"id":119,"width":1.239999999999999,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.42349102773260977],[2.0393795664339223,32.185318107666895]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9057096247960732,"rotation":0.0,"id":120,"width":62.0,"height":31.76182707993458,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":19,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":36.36247960848299,"rotation":0.0,"id":121,"width":150.0,"height":30.183360522022674,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":32,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

container2

192.168.1.3/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":102.0,"y":130.1999969482422,"rotation":0.0,"id":130,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

pub_net (eth0)

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":93.0,"y":92.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":35,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"


","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":14.0,"y":114.19999694824219,"rotation":0.0,"id":142,"width":78.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Docker Host

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":235.5,"rotation":0.0,"id":184,"width":196.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

docker network create -d ipvlan \\

    --subnet=192.168.1.0/24 \\

    --gateway=192.168.1.1 \\

    -o parent=eth0 pub_net

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":45}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#999999","strokeWidth":6,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457584497063,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}} \ No newline at end of file diff --git a/experimental/images/ipvlan_l2_simple.png b/experimental/images/ipvlan_l2_simple.png new file mode 100644 index 0000000000000000000000000000000000000000..e489a446ddd255ce9360445f0f895acad31ae214 GIT binary patch literal 20145 zcmcF}Wm_BX)-MEt1b26e7k77e*Wy;ZSn&jRC|X>LyHhNz@S ze8i0cV6p4QB~YT4VUhO25)Fd;Y4*1#ZpvVXQxpL@g=es)ECJoB_ zyXF_<{ZZ+Qd~qMX23VTO0}Ci$EJ^VH|K+bA>SiF`)Q`u6!a+qr=091`>~XaCToMYq z%#PZ)GO53SJ}8O9N}r9aMcoYQQM|NynYTCxUG1+$oqx-fFj)QU^!q?7qhN(_vcsMC~IKT z)i*HpeMViZn9ole+tgKap0V#v_U+Fc?`5d5fT!ue0mC!l_V&Quf=75Qy*au+MC7l- zeCh8?un+IInI*_z|7wZv5M{;bNI>`**5&%Eq!%q41!ycdM7^OH0GJf z#?QYSMbkM*`&<<-gdC^9X2vA8C(zKOe-NE(1VgZ#JZJHk3m!Y(6RbSS8hww*G5t`t zSz6qUA{66ryN~oW1Yk&=qIz5u1wRcy@S@AmY|BSPjXc*BJL9{2X~VRI07TaD;6-ut zO0EEWC8%$xX;5lmLA}upP)&ZthyU*FAaF+2&rpG)o9xT_1osxTGeRG+9>^thtqc?{ zB|`lf3d;R$sPp%6>)a0*^ngtwg*NIi3KA{J4B||mL4-1puMng1JxKL(fVHc34DX*n z$GN^|;Y&9sgHA+;==1OdA9bj879%e!v#`T}*Y}NN%|r=!#L|g;Fs26;L82C|Cajit zRyHwNo;V|V;drzYKZ6;1f-QgFA_$;vTvnDT1l_U}#f@x47rwW^oEo)$P5ogQUi1B(|g0`n?TBSX{|gNu|)%Tz)QCSI{btITmE5X zNJYEcoVGIdrxZV+3Q!)X3`=`{dEO=?rBf>?%E4V>a6Ko+8Q(Ehs-3|UsW2|LwY z+ud(#h@OLgnDwq)Eh9VIH_-+@=cg?)vhTqZfZ&O$WOrJU|rz+4cMZ+(EHf1j|RUrYkwMbbK@;q_D?O0qC2uIm({e-I z8Prm-->~Qq|HP9=?zdH`wQB(L%j2k&?KJRsCxEXwunnL_6PvKP~^+s z<&JOFVhBJhSqz^b7&WD#NSrR&MVv3O8~oHrJbjrXzJwAg*4_ET`TVUoJ^ikQjL{Xe z-=sBrf4LS2v3wi0yuHo6hj_#qMRXfTAOI ze{9uYtqWbo{thk+^c)|}@Po(6y8YSRB+y{)=V7TaS&R&4*F8cy_%1@N^=(e*U(-$? z3?!%Y1~uN?g)IV5b{jGs9sc|2dHu1YQm9%BCMlWo<$WExAKkf?I+RS&iUIm{3O#EK zEu`=PP8HK%HGMLXD;bI+(KWnv)qXt%-ta;fv$DFD+$YNxdAN<|(kIJaV_WS+13kS|OHuZHDuqsV&rZti zUC4?bAHu=keS>z6VY;2p2m&XfvjA*E`;9KVeQxFmagN6l(U{T^Yo%hId!GuUa<5a( zKPX0X@MV%47lw9uad*W|r@m-`{|G#P9W26`izdRAr`AHA*v3j1r5OCgxr`LJ4MT|k zj4m`@Dz8*9m+owX19@VE>8dLS5daXSA%mqb#i2xcg3%&X(;4rn(=4juVbn(M`Ac!4 zW)IBabKS1NDvIV>*k8^Mm%!{8AWDL|=?UO6&BN0l?&sKhk3f!D>DvWlFBf*=xOF)* z2@cX7J^$vdnUS?XYe$2n7AXREUHE*A?#iK>f((Gr7@K)8Sa#|VW-K}qpd=1~C)knR z`5gjXOlRNJ|z{xF1@TC!z z3@>;Tnqyqf8cqhVntIkzbKfy$56 zU2=7{wMW01Y&g5H*3ZL$kUfu!2AeS&)CguhTh@1&?Bh!oabyfQL*4o2(_MPuQ{LV= zJPhY!>4H5oQ8E(!#5FgBH^4ubK>RqsF8^#&HvQwhRnft(#0Mv?9n|xKCgI1SFH602 z5uNdVl_7?Ly6rHeSt40E+YcE$OtSthv8%?maN&iQ9@Jo=T&gN!Tuh)STa6r4xSm(v zZwEiOaD42XeYh*Evi6&DpJfo4A7BL@0T{k;5#&_y&{jrgt$F@PXUQait4|7=NGqWr zZZb|OWde0>UmILF8dqDNsuvVWNPRXVCc0TaU;NbAh~}GnIeY5Pm@JOyWbvbu6|C7u z?lbg9IfZbu@3RA+h8ZhJ9mrw-S1aGe3|9e!it+SxhjfY>U-eqB(J*|H>+GfIU@R@oDe;$GFfr7B9f*qPUV;w0wJ!K2l4 zL+-mP_AThKY}3b--xlc+*k)zhw$WQgEU5uUKjyQ1Kd}8;K^)zRv3)kIxS;OP3b?tx zmQV6<2m^^#S5{VbbdZQOdVj0z=?Rka5sm=h@i_5k-)(<~3m55nG1GA}LcpxobsQ|> za=8E0Q%HQQ|2TNJTadKBAU#bP&g8J1SeO;zrDx*YJ)4dJgkt$qL?98@-V`fywjh{w zBwX&kEHmfuE3U7qa~8&n!Qh%Dw9+K)S+A)6o+yBMp@6rW_$A!C8>W#jL;TU+zPzjq zDNOQFuPizy=Hf_ENojn1{6dMDnK_}xcwu3|>HUU{)_VC3;;j8w%gGO1z?Y{$0l~&_ z#K1HFOsEf1jJpA7`&imyiA@azrS|;gHabV5SV#S}5guvgs~@}DeY>p~I%QtZvP@~z zi)m?8s8Ptx&5e*evkY{V;IT4Y0BDvKB3O|dP>Na#r>>iw`EKA9f-_l0%=^;e(eRZ) zyg?Ci*ApjlmrH&U^!c&w?r6>iQBg?awNMRPA-k6>6!2H^gFr}v6~yYXSp(yqS&SKLpp4OR~pXGlE_ zU`GQP#!S18EqK(-@A5PADxELAUL}%+Ly0!))v7)6QHks2X5SMl8<)Bszh0%V2Z z;BC0huqcb&C-Py48><`jO2tEQn5Ua}^p!TfrkKnOs_;ngt!<5jejKx-+QQapMFJ&1 zbNSZ2gRsD?gvy>Ql>J8@#)FoJed*f4y>@Q!s?b`DvIz*}Dkqsuv^8*I@9ZB2T= zAb$NWBEB-#D-oLX-%JMi{+Ddbu9&1GbyJlxx1 z$YD4LfWX=M*$k>D`@s>q};wwm3lwVnpv|ublV+h!=f&V0w?V~cLakqc_$8RwGp;IL=-RF=K z!NAqiqcbuLEf^&a{i{2vkeOq*Tsd*rP{OB)7@odm@@}%w+9)9I;;hmAplO7ENj{QW z;6DvW0!WT7QknJoaG~6=x;TPafUk#sm3y(?mwQpmWd+_C{^5nDJy*yzUjU%>2h)(~ z*Kh1S4EZoM90XwM3vL0|ou>rmGG?ET zgX|!bKwsE4S&$YCY^UATu&W*qP#s6+)a0KT9yMSfnmV}r-lwEFoDCP!Z$M-IYo~=U z8fGZ+!k>F{4*iN;KK`^LfH#Yw>cd~Zy$f7X`qwhvij1sXj7}3@wyyA|S`|&7K`b(& zxAVXZb;x}yc&3k7FG;=SFKn+b;GX#iHlR!Mb<(d(w-ltOf#99%8z26EXvGBb8t~te zygyMBv7J)+z54NBrDqA_kBxI6*606e^AGNCRoDNjuX_hk9FXNMe?+Fo!ue-Ph)X2E zh!^W$FZWnU@53-4&O08qkbfO{`_TCI@d20869L$?f+|MATFsrI{`cXjhzaymVS8D> zr9WQze(CSI$CrOrIYph}=KjS0&F}hc)Wd&F|4b;%_`M>l6DPhEn6E|+L zN@t|Jz;X@%ErOVseoV8I`e*Dn*5Q!p8 zJ}36X%CP>2Xpcsc(?w4UtS4ze{6Lp&_jA$X=p*BYb6AMOQU|(lEMwJj5W}%TiQWHT z)w6&M6iN6=UEIVDJhoVNQr4`|*Ono`Q|R9bo+#k=cDuuv<;9zyrvI#+tR3E0BVWvH z%dT_lGJg}S_qDA=@k76|Vxh1AlPrJ6k}s)%M!ohCM)Xxh$@ekabu{OR)!KRk!?|jt z8aRxF$41X5TPih=n1_GaY=6yYtgV{Uf&V+{4P*ZI+TU$9oO4#;nUeP3?Sxtmf3{{@ z&>^7e$7gI)CsI1ZXAGjWKuKk!@!D4h^kH{|9$q&HBt8hm4n3u<4s?ohe_=H6bc_aB zevAb4dM@=pylfrh(sNV)BeXtThE|Z)=32VDF7_BMbkHy=`fqU{W6ZM8`*BNW4!i_u zEk(LhK5d=t_F`;eH!$EVUjqLG4Cvm>)cKRw8CBuM!RG6)k>ks|p=<(zC;xdvu^_DW zFL{cSf!ffrn0taGV9##G73eaHR%qiSS!=UeO#fv0am}Et7aB{;bJ6UrA(8LLd(&{9 zK)aP7WLT`L#vLA7F>>d8D^XAW4`{)^YEOA+A;(%7$$dS zZQJwMI!iaVB6Xy>zC)JB<6`?HsA2Y~38QJ)3&WmTE#+anjCS2E;_+ImC^n_=1)h4ZpPV`CxkusY!ON})B=qUH=k+r!BXxp}C> zrkyKz1oukDrpyGd6%NBCxAI18pR-9}K5?$_P!6q`wGhf%0;7$cS2eK&6d-4e!Eu-A zk>n(XBmw7KLK$m~@|0Z5EVN^Hzv0Jhdcl2WQZ#HAuhuF)t(RQgpL}N_&+fb^^ceT??2-7<1H*5jSQ~#&KD4C5{$G= zOvfmmYmL*=Y>G$@dW&XRe%X(Tr?V(4`Qg12wS$S+vr-bXx7c*%JW?U`Jy=W)9*;w{7$2 zT;rd3&aqgp?X-P$=Hu2h=prcY9F27Z$kbDFP6{8=3Xgw6ZPwDYv?Wdp|3$FmOU|hc z7KdHdy7#w0^v-MFpaCDpf-4#S>Aq*ki#VP0-GQ74fxD-O6(_kQ?&m;UXrn(o zCUE&Xn;CJ*ik(a@iUuW8UHwf83FWmFLGDS{;@0r8HB$82C8)HuIFb3Hp*5;5Ik96T10b` zb2&BzJo;l%NOnCeh|qw5RW-jZLfMOLE5n~P)zv2@(LMaF94+WNVeJ-69Cu$Ev{;fh zsYjfCnowV@Ob`*1GM33*IJSTbjW6Pf04`SaNSqrmuIG4Qj%znm3R{))PhSWRQ_ZF4 zvll{b)YoSQg+jscrQn^()>581-UU_{sp&XlK+s=l*}3^(=7nqC6B}u)tmng`;*<+n z_-N~_&oYlR!J0pt>G7gloP0Z;;p4($=a=hAQkK7dh_zJ;EYX;jGTn#dOV`^;*Ad|o zlG4L_umIG2wCu;izsB%VF~;yLXM=qEBV%Pz`S z=g59bi!L;7w<5z}mclTkS%e4q@14v}eCr4WJK+i0akU^DT{@0)XP9(IxN<3T>7UNm zCav!keM_a&3b_KN>5;cu*@}Q*VCCpemqNjby1Ke0B_(~h`v(UCK`)(Bg#qv+rBIh! zmFEqphtk2#bDo~Y`r}zVRnNlpSdCIME|f!hm<~-+Jk@a}H#-|u%k1uSjWAY_wop9c zgbn}*FWp6kZ8kJC{O)m}`4!N>k`Nas@b)IX#`?{(7QI+rs~!@pry&1wNq15zuVllrgDT(P*7rGViL$jB*pruuz<_K z0PmisOiXnin)?MkQ=)JVKE8+zao#MM@pRgQ=es|zrKP7O&F*`utB)7M6bZ4hvGMU1 z(FOV}oI|8PyxwjBwPL@nqLr-N_2{~YF1F?To;5-*FMPZ^Q&Uz(MMceT_7<}(aCf^u zH+Plz<$29W`s20$=60K<*0H*2@)2gg)wILwWP3E(@Amj0(5)|a>tbtoRtqMI^oMRK zOgT;H#Zwpx0Xn(xV%JTR_u218+v(rk0V{8l%V*Vec%M+FG{cQB(|!JOOuvYTUU9eM%@NtStWi59a9L*_U#y(wTk= zVq(S8xvs7*LTCA;>xpSHQqoYj0k$`+Vaj#P4^BtE&{R(yp8e^eK*LA|nhn3*wK}hT zx6Y)q!Q@>;rx5k$=i-8s1*5O`aVaxwelRq(vjxou)@8&f3Us}LQ%+q?Hs^iGs4$aa zVB>L$+tF$m%J#zgFhvn?t>HZfU}U$iJrYbq&T)~}j~&>${OcbSB<4#r`52X|B>j%R znD-k@g32sVE93hq_#;OIMGZd{5$Q@5O>&HQ zXQFmLg(XiaKLu8j&pb1pW^Y^>oPnX>7>XNYI3T02dH0|NM?Sd-7WgsOxfo|BUP*a^ zBjOuV5ALp`!Ny5+`21R^*U7Ty@gfJe@JdUoAr#w};~Whx`IIiy8a>vR^vCOx(Bq$y z8m{=gS_9L$yY!RRCs9T*CoOt|PAw_iIks}Q+})fbPp%f`ZgY>^pZH7ng!fK- zx=Ycjz*gKXS8iBjCOwU*c#>3bDk1qFgH@_;KP9EZ35O;9(Pj%JXVL?GA(r9tVM0;R za5aZTmlt$vV!%hIB#j$3``A&QGfgwAPj;bS90*qxaa$h6{_rDg(4R>)v+QheLY_E+Ka_ z-6snacjq5DjabrSK6mQE+iU+BGsdcuSEa>H!iGIf&| zVpmg-+ohv(!SUjtG4T-JPa>kb;aXDTE?=FK*M56aZV48ALB@%Uex+TWH0*Niu~4oW zE9M!ll(ArCUrzjT4aU+Ke@$hKOVS9xSyollOVI&!)3Kp}@#rpo+={8+wHGCPvT7{f ziWU+YzG;?Z(hFv^GF$VL`>1wgMP}+kl^z$5IwQ9gd6lq4ElVh!3!=YW?uqWIR1P-e( zb)gatU4<;f>yivtJ8oxX$nXPGIl-Fnt)@fk_Qh*&>x?BCZmc6*e&L zvn(^Zw1BqSet$}g zt*LS4?z@3gcXqX;1IOalflV2z{VA@zV0q$huVbnVb3w-5V-+>SX7 zoSflMeMmetKwEl!)5L+0Uw9fFH*gq}`JeJlSUgB{;#lZV8^|0&-ME)EW5O55YC`yU zrT54aHU)3xU|Sx-BO>tpAk~+R|ZI!X-W= z^ms^J!H)EUq!h%=GYApE@S_IU>r7JN_&V#k?>iffLNkL3Qld5wx)zHgw}(@Hbm6M* zDt_}n**q&ANsPL^mDbEmOCf^9>OfZTN#QJkhD2pcVHQT{6y&#iQJ)~87{ozoMaFAV zDE$e*T#Vpt^WCi6TpJLG0->Nb(My1MopnZt3l@|4`X&sK`dK8OEm+Cp#2Uah`AMW- z{ltLZAOZo=dE5A!7b)fBj3N>(JhYbHH-_xEj zN6TjP7-^jmqS7?CGg%HVtNL^4P#VCnlWzn-^Lk=l$A6z=4j^45p4T~3+I`9+`Lv6&q~9~b_$*mQ(C}9|#gX4wiJwgPo*+dTayt5UI(TBJ$+Cs~|9X15|%tnViju(nQj?B<662bBTB=}y08IzTJz>OZ{ zC2({rJG8g2!VH6@1lRRL{kJaJyEa|%z5}q}ps~2gz`_rCF&+8P`=vpnj02dRf{-f* zAWVPv@u#MWFrGI$auVGqhsaj*Afsk&;mFCk6Nfp7bhmxgU7k?f&5-h(shpAJRBUPF z!n{VBk#T)rNc%mQ(xBrD7wNRNJNos{Prguh@{Q4h_1+$J<#t_hlkH{WBK+BnqYm&F ztEmeGwHO?Y~_7q$H%TR(T>v#Z!!=cDEr~*dAhej`#KPXbG+U7ce)1F0Wpk% z#MJL%Q--q<1%?f5iW6es)zSf}Wc1!wrul=8Lt7kgc+y$wF+9F*%lM?_pYL=&$l<@(Jjj(eKT3F9X?J*6ewX-py#=Jj=R zRoB3|4!1=*$7g3!bfmToCHH8EU|zR)vuYp-O^6A?sSp9)7cDfN(vaXFh(TAr=K>pG z{un#VO8zO%8-Y%j)7#Pg!%UYhIL=%3F)QhJ(Cw1#wz1)+86ED&F7?L0*Fa)iBbY#Q z0=mBEg7f!CVF*dp#GQ&%1IA*lR-(}sfmkjlC<2sCoiK8hmNQ|x;8Ee;{vbmNR!LF()|Q{2H#_Z2_Yr%IC!-mQeT5^&)h1kVxk$D14MjjG%5 zD|JkP)&V1EJ|Mu^csd)~N*cUel8v1quPe6$HF_Lg*%Sbm4(!10x@%zbM>?LKuxOPG za)`l>#Paa$?h;7oZOWg&(fO>i2tUhm)o;R&{!sb07Hc?m$@ikH|kfCWHU*tE$) z(Z1gw@{OZ>Ru@9Zu?3nHT*uP7qkbm|#ULDl)YJh&Q3;b>){z&-;?C6d^kMJm(ON?x zFB=^7+wl;15wcx2{hf36edl#1i#3G!WKuX}-{n&T*uGCz9@o%;WD+yrgmFGxHO$@O z+}}Z++mB!OP2kERCjPqZ>BABZxB;jrr<26pWzK7ZUR$fJ52_FOUhN&+QqGGrz)U|m z?AVyaV=+Ts$=HLWM0Zxh(JX<@Rf3-nGFnT6UZy4vrF@be8V=Q8GQ4dPbwp7Lkvth> zJm)5+G>giI&LJ^k^;6HsYFbHo^lYEcf2dV6(jGTbMyp3?YPafBW#b#Q!nW9*7Msi1 zd&Mt9L74E0uLO`yL8xZkwvhWSsulJVhA#Jm(^(Kzvgz@t=*8vzTrFvk^B+=$03WZj zRV^d>MBBTm2c}5s`2yU9Xh(=4T7frJ6VfLy$Ci+BtQdTU3 zd5l&taN}ZRG2w%1x92AITl1^?!BSp|fRA%u_!5E+EB|Lp%ni+E!0%0xi;}t+RGiD7 zzM`~SCP}>2?eKYF%NCiZ#2`R}{&q)wSIp{Asy>C$kZO}yMLs^^;#GzKbS7(k36!uf06Z#|e zx*tAU%1811d|yg?vlD08PR~m&Vb{?O`WG9`)JFNb>-`xHoJ$#1dh#AmT5pVvS0`e8 z>ITWWXd_kNEvsRCPku)X1vCz>><^yk41wTBFa|~A9uTMi zGU*kw3ArXIqqp_#5x){d+Yk1qFh0@VSj$}sC+k}c&tCnz(%Zyl+>H!4t&;l-v^QbC zuFL~^61eSn)YEj;n4T$AMMx<)t19B@yDtn=DE z%d$cD$+cFO%Ok5&N3t2i|DZg6WO(;4Z1R8zUarsw+Gl|DCZ^F!6Ku917=nRUrDaQC;((|5bk3#EuDg(C8dM8zi#N?!^DD*J zl8^t#L-=KQk)_=!qeF097**xENI4nB-Hrk&-+2EcV;|mD$>718qhD&d!sVi^%Z;`e zG->sKZb)9jCZ&4z41z82_sbDph9hBScaTc3ZkzSzw6`LH{Bs@7xCLDQO%m)8o1RsJ zb5OG+`3JFuX&5Ys8_5YA#4=lqhulntMDjTMpJWudYSN1Q&zLa5VGdCzO(VnNW zSaxrcLSi)I@azIDV_5_V5eU<Vxka##r?>5(^|}#>ROKt{QnCU z#DwD6gpTc4zz+kj!7D{9vADZx**ku@&1Dh^vau4`aBsh2fM1-u+iJnet#27HXt0=yjrZf_2bdD{3u0wb1 ztk`VS+>C=nKm@mGQN$~|q%BT9IpW2_ma-laOSD1cW5eAtMxF~NX`&b=y?39O5!V)yk*YUvpXP;-ot zp3XYt^|@o@^!JC(;w8$X7uU!_Z=qk~1gPZ_p6SY63< z-Z5cBjpCHm^%bGrd+%^>m%+Ey)TNbp+o(t3zs8x?f#xPncu37YNd~SIgFY{F$8W22 zn^@u9pNUw1c~;Dzdg*pQQ$76{{X5R@-U$9#HuGkriW#`A~*vshU#7Z zbX?V($VC4>nR04uLJ&LfcFwx^-=S1yC`I^&Pp_{2#NRj@w>_V9;u9fSNUga6heP+mrf=TB-R7JO=w;_ zzhdVV@Tl{l`|E@v3Cb6ExgFu)!Jyi|OIFapuhNF#6S5o(-b!p*-wyr3Tyio({~$l} zCz;NR(U(s$EppiT?MsvYrl-}?CGz-ZDaMC3b5zLNM5r=nx8v2iA;wK^*>I+KRKe() zWhSc+azN zyPPrUXx~AJsk34(T885e&2hgYseccc`*+-?2Fs#S0gLlUqdpWCf|boccW!7GQ1_U z1hr32NThsRGG|^}I9g3ZV`!FqLnZ&=MGDWXc*bqPGU>~RG@&tG{`9m5j5X}-$;xnR zmnNj+^|Q9sFA?5$3zKMy`n*BVzZ5X97##Ra_#bP$Y3}qPuP6F=Sq?)Vt-(CIC#KN5 z(x3Za=uloqyq%ZFXC%?{ssH{aK~3Y@`6R#R zc2?ovyuPvGP5Yu|rRO4gj#eo#R1@Hs^j3a%b`{^LD8YSpL5a1YQWfnB1zrI5^1aRgrX1`-0#0 z@?^eE6Xy1xNP27H6A|AoYiVf-R{@9*dAE)G7C(U(6IfqN9@gP6?&3Tx)8$M{_t#kc z_+1c1>W}{0E_+58F~{^6s>XFT*GEU1VgdYWvmGYU{#7ak&gr7u8~kCQpQaqsE#~pGnDU-zx%p2coe&^WxpC^{J8yg>iUcB z%7KQjsT?Bqdlr`&9xqW?QAb=F-~Fo>p?tUcAn#FZ%zHfHa75l%zM}?u=B`eQLBl``W8T#~K}l2*i);+X6tjk1od`E<Y=KV3#P-k7eqGT4vqwhBlo65 ztTaME%Y#Jh8FkdQJSCx#Hr{%JIXeBPR7JPYBK2Jl#-%6PY5G~ph}q1Wt?czkwS`X{ zyc6%}J&qC-5yAmc{s#k1o`37J4Xe|z&0j{^Wbsn}T(zBQ-+Ay@YOPaH42kKAZQ&~o zB;#$xe&4N1i)V@I25-gNut0?(nZyyoHsN*cK3%6vsLeQdDv^v`n3=ihh{qwe2X-y+ z|FzN;nV|12mLS?6gb7Nm;H%};AHZnUJYw6~Ak#~YsV!^wU)p9i(c;2-41MTa>HF@U zb|^cRS!3_pl~O{)sndA!Gs>b5d+xKweeuF;Mp*FzY9WX{^~bLnFzN&Eyo??MJ1CIW z)+_Lb4_dgOBTwXzsqGPs-Rn1hlBQSq#x(L?H}XiEh<^&NuH^7bVU_2$c%Lf=rdmp3Ika3ZNCpvIcWJ>I;p2pp4KJ*Y$bb5iMrlIp-YpUQ-XPY< zVsD;u#DWo`$DmhnSi+;|o5sRgY-d$gVu&8I6~imjCdd2~-T-1k59YaGA&iaHIi)8SWJp6&U?3zxQ1yobk<|N-nQ1@dcLG>1g#7Lk$$dV7a4riS zs>4Lzu_K-6tmmAPPXBEKlk0x^yd4W-isCyB$!GCO@vaYg+0aDT@fI)NvHW!XA7(0O zL!G1qYjm@LGk1*sHw$`UO3h00EEth@TUG(p5`PLNevikg7>4$TVq+^&&`#BYx^9O}}Dq{44aJB916HfW>L&MNk!s)l$m9J4V|-Yjd2Usct1c*rDSyF z8J#b$#-xF7lKcFs$@;E6d{7&ZWkLp|c*1^iFZew;q;1E8r39VGtvpq1!O;q59g-EM_5M5wJ&jy95n3e11Bjc+k%xM~pQm4C;D9XpYL z^zkQhvUO1=+S^a~@*MMXU(6^8QQ_}bWszEHHs2mlU?DB$hnTbZNvl_Y^{5tmf_kW7 z7>PD>P|{RpgiOT=f`4xi$L>O{N~$sp?L&)Phg>H%Xj+-b>4(QIgl*oh9FvxZmlx=I z?Uki9PNg&Gs%X*JS7fAzIUEVc6U@EnG7n{XI+SSSojGM>U>dA9yO$6a4*Qq)&8XB> z$9LT%ZlUkovhbG!Uf2Z$$|El>$JtN>f#bCMWUTop5^VCCKN_#;98u-Qzf(q>r4UR1 z)mHJyRTTa0HPtjfHZt6Qf|2~O>#xC)uqyq*lkW7O&$F*$B8HKnQsSnoiO(MJPDNmW zXXV$3TkYN3qkZ^lu&f#%#gN|Is@cV|tbrAx*TBWamFItnJT*?UKUf#?q0kh{_H=*W zMvb5p%Y}uYRt_-5e|rc5DAlW+XY=FgYW5nV z>+tU`KO&)l9xAHYuw(I(rp4zVZ}y6}XE1c$hJEF$M<2&Q_O+Oso6}t`2_5js+?WD; z2r)vtP-X%_iA*!^>!RCJD-O_vypBKbr0Nk$?P00TaXSz~|=(@*#;%gqky z)Kv8hX8FEZk=v#vYx1k_F;t1kd@(keVNT3UEMf2P#U zF6jI`E?gig`BmUU)wh~r5DN}_3Up*M3WuI>+1#B_7woHJL1}Jnk*es@^USNzTNT6h z=N*c+xTK_H1voS`R2vo<8Mz#Qjg74dq@_*6QQmr8>aZ{|@;n*4lisAb2Xuq!(0CZ_ z8L6>kG~}feh>PX5aj|@XUnFyL^RNvxjD?G7i1(r%X=}EP+FUn+7js!$&YIhfY64CL z+x_xRsL06Jpg37^hzPr8pZ)Bn0j;c*=7V>`l&+-kJR5&>hr>I(3VUj_csveGTCSez z+>Hf?&@i54Kzz=u6QP4Ri(O_@9zL!|>6zhQ!8OaJDk%W&G^rh0qe!RwFTGZb6|Z){|6HO0lno z_-RWgnH#>kQU5)Ji7Uw7c6qY3>+@5cQRFwJ2K0Dw!cyeL>YX(Nr5|aggseJoPnQuW zDDtcLf^<)D=Pg+$MNK0Xi^&eIAH{5QF@yBZM-9N{0YuD#P3x*TOs;~3nh6m6$*cK& z&9K`5=9>)tP3wb6L&t9E<%yNzpm3W|7i+tg0*{Z^^801*SFx1uj}8YFwj1h(xR|yq zON-+tRS6c7#x|2wb)VLnsd>Q@*h%W$Bn^|rEM_dJI@MY?Rurq&YY3?@QR>cztxq`qR!X0xEi4w z1ZH~?=0G?)ieKqxuZV*f+I}y}$6xV0Je30Pr)gnefX97=q&%OuV%=mp1MKOt=g&RO z2u>v>)?;mT%BC)(P;@fXhB)GgTsF(7&G@ieJ^uJETKAkNks!L=(bSMeNNPk>kb7-q zeae=F{aU2IYSGMu2pM6I_Z&kq&C!k?3|$J<*npK@v>=4TXEw4 zKNc2K^j-Zy!zaxrc~Aw{e9_h3<#nD-;w&7&qRXGLZTf3mxkdLSoNw1N`tL1@3c8#oY zg3t3_PY>%}g;8+#FC)t02H^-fe#REeOti3|FnBq;+rDZ{R?qhT1-F_jwfOlv2xTZ+-Q5bkc}5Rj=YJ(kfT^WMiLmwaxlXw1X~SQaIquj6l%# z$*_!JtuSpLwk-+y{UxD^G+S|wX#FH@m=|OA?iNC_?F#$Skc56=*8ShUUFGT6h_%h3 zDuW+X(^+hcD`-^2oBB zED1w>$or-H8^9bPN(hqe@J4%M4Nws{27yY|*jxlrE)++tg3=2+JbzZ2Ht-15TzK2( zEq@uGva_@>V@*r=f#R=^#tFA#S;+~JCLezy#kdhPvTm=@ZAard>^n4z6qqcAIr~g_ z#zlSVwb9|mvC)lKK8gH<45w_q2$fRdOU>ZG%?fwY1k)=DIMr@iid2LJV%i*cvHJxC zeK-iiNwsjoCc9#5IWhHip{oDWoEzKd$WoG{m^-&B@+J*vHuEXhEED z?|T86vw&w*or*ZAt83}swy@B_|5L@4heN@2@iB+lyphifqZgWQiDiWG7T8 z`#xoC*(Qx8WNT!X$Yh%g4GmdJV;}n(2H8S=qxX;R`|h9TxxahQIrp63xzBT+=WO=Q zvv&xkTVy$y2nDO7>hr(8kj?NYZD5}*E(}&iqqr>BZQ{l-<4a|ZLzRzN`e|QDzCgw6 zfaMiSn!lqWoAY!Rog+XkrjUS?%ah~rWqZN{^AZWtEs-h$=E$*ep^NvYb}u!eHgLjl z{IRL(gGx$XK1gG!i_vv3rw?jw(0%yz+=9LHr{&*^N*uX82v}xIFilM3EqE#Ex_W4P z42NiqPMkynkB`8mg*LM~Cd9L8X8-v#;clUNVMJsUFLrmG$>g@t-Q(RLtt>j0 zz!E`aE|&d;%2fEwG`Y7S27mk{%Ej!}8I$ADwDz)&CvepPARixJ0j*klw1HqLiaLz* zu$|mTqo7W7AJ})o+B`9L53V0O$*IzmZ68%Dbp~8kk>pQmK-R>Fo7=$|wW=)mcnNEX z>TF#uy8Y$~Vt(ohZd9CJ)b6o**~|?SuF4B4ul}C80!~_3Ujr2*?{(!fjSjobZm&5~ zJC1vPed|ZaULhXuN^`*yK0CYn=B#1w6>oKqS+kdSOOWb9dlLjuw&-)R@h#9y)D{gU zW0NLSpF6K|)Xljy0ay}!EaWCFnNqC{*3O+N1Jeq-gekxBj6F!KmdH&0^>9H?hFgTG z!;ODkzV#q=_^Q11$Kr{;nJ>lfyp7DnmQWJ=N#oqo2t;QslVI5Ji2?o}na>QCp@T#V zE69-}5-}tT9hPod_#wgw& zDk*mX;;kBl4Sl)0bO;`w!1Fxbnt752v~PYN%)Z7$>I2P~==T<39(;w5N9(v3WIkmW zd59mlO}#Lz&mZF5o_1Saa?i;A;~6E|(~rvlZV)Bw-t^v_H)E4eu@!t>dDZS+`FE+t z_OhJ-jR9Z>_-<A32giG6D81%G&( zRCAgWi$9i+g-%x_`00^VV7b7zsW-YV`Mf#*1REgaT+!4Ryu^By*bsYkwdcq|pf!iV z7am3P(0ku(1#X-A4OHIQ%8M^b*rV=_67D2WU1vD4y8B3Z;o;8#LIj7kG+5-x&K+O3 zH8!NdfWP}KlT;&Xo@HjyAn=hiLrmu_sm$A_6N5@p#^a@7n11aWHs$hT3#-@?FCB(x zj8Fn3swk#Zk7YotnXl<$P~Is{!cRoT1jX-4l}(eC$BWIS?URCyWfF|LZ0+a#fAJ;i6MTs z2Q&}r{8_BXkVcz<19BRgENIV zybHBb4)gL)Qb>;N-i`i#D{k_u!9|eNiNu5H{mf|@1K-jqn0m z_1xEkjfz@j{&L|h$U?(v-m&(p9$rsHu892_Yc2@g($tEoe`6EoQ80uiFcnrRsHFuy z`1ekO+)nk8FdibDWB0x45%^w@{$!WtkT?5q2BTnh$-mH!+%}X~bkijH$PS0M#oC{z z==v~Ms~TwhA(`apZZqTa^2DIJDLIAx$V$KB_v~)yQX5);1Eyok`VkvmFiBqhFRpy% zQ+4Z)?GGtpYFvk_8>Ug;x0HbJex+umjl!_4SRf0HzQDKBpa9(RJ*FuoYoE3(inCc# z+%Knz9vYVG|FBj$8gf7a-ZB?oA0gaoJD9=T1sXeV`z^%Z8i9Q9pKNqgU9p`Ja$QY+ z2kj`#6k|MRtzno5!Xe0|Y8Wd}EsBX|!aA1; zo+O^W9QW8a#8Il?W+-QS8wfADdFkCioB-boKcPGHGDjrlkY(!|=G#L47oLntB&ad8 zdJfh%-H!`F)_%Rya`|T9Acr2w}sk15+(1H z=E^P#LrFjL-*YYN|3Fhy>)7EA|UOxZ=LwLZUJ;8NyHp6N@5M+40)g1xpq)1b#0CaR41Yb znbX*_ismgYzu4FFOfY%r63M%p>N!iTh`6uuiW@4^gZJk#F1v$8X!JDx;5x(B1aw^B ziv!@%#~}@6r?BJH8Am7P9M|}3rsl54YzxNO@cn5>3Ln`d!;SwRHE21Tk^1x~Pgs*EnrW>_iT99xEcEPiiYM8oqJ9GBrt| zbUs@Lx-}L7tKmRYcontainer1192.168.1.2/24container2192.168.1.3/24pub_net (eth0)DockerHostdockernetworkcreate -dipvlan \--subnet=192.168.1.0/24 \--gateway=192.168.1.1 \-oparent=eth0pub_neteth0192.168.1.0/24NetworkRouter192.168.1.1/24 \ No newline at end of file diff --git a/experimental/images/macvlan-bridge-ipvlan-l2.gliffy b/experimental/images/macvlan-bridge-ipvlan-l2.gliffy new file mode 100644 index 0000000000..eceec778b7 --- /dev/null +++ b/experimental/images/macvlan-bridge-ipvlan-l2.gliffy @@ -0,0 +1 @@ +{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":541,"height":352,"nodeIndex":290,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":2,"y":6.5},"max":{"x":541,"y":334.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":2.0,"y":6.5,"rotation":0.0,"id":288,"width":541.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Macvlan Bridge Mode & Ipvlan L2 Mode

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.0,"y":177.0,"rotation":0.0,"id":234,"width":252.0,"height":129.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":16.0,"y":240.0,"rotation":0.0,"id":225,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":235,"width":106.56,"height":45.0,"uid":null,"order":"auto","lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Container #1

eth0

172.16.1.10/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":138.0,"y":240.0,"rotation":0.0,"id":237,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":238,"width":106.56,"height":44.0,"uid":null,"order":6,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Container #2

eth0 172.16.1.11/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":40.0,"y":-26.067047119140625,"rotation":0.0,"id":258,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":7,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":237,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":241,"py":1.0,"px":0.7071067811865476}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[153.5,266.0670471191406],[117.36753236814712,224.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":50.0,"y":-16.067047119140625,"rotation":0.0,"id":259,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":8,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":225,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":241,"py":0.9999999999999996,"px":0.29289321881345254}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[21.5,256.0670471191406],[62.632467631852876,214.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":60.0,"y":-6.067047119140625,"rotation":0.0,"id":260,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":9,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":241,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":0.5,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[75.0,180.06704711914062],[215.32345076546227,90.06897143333742]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":3.0,"y":184.5,"rotation":0.0,"id":261,"width":79.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Docker

Host #1

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":283.0,"y":177.0,"rotation":0.0,"id":276,"width":252.0,"height":129.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":291.0,"y":240.0,"rotation":0.0,"id":274,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":275,"width":106.56,"height":45.0,"uid":null,"order":14,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Container #3

eth0

172.16.1.12/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":413.0,"y":240.0,"rotation":0.0,"id":272,"width":111.0,"height":57.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.73,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.2199999999999993,"y":0.0,"rotation":0.0,"id":273,"width":106.56,"height":44.0,"uid":null,"order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Container #4

eth0 172.16.1.13/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":315.0,"y":-26.067047119140625,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":18,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":272,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":270,"py":1.0,"px":0.7071067811865476}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[153.5,266.0670471191406],[117.36753236814712,224.06704711914062]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":325.0,"y":-16.067047119140625,"rotation":0.0,"id":268,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":19,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":274,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":270,"py":0.9999999999999996,"px":0.29289321881345254}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[21.5,256.0670471191406],[62.632467631852876,214.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":278.0,"y":184.5,"rotation":0.0,"id":267,"width":79.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Docker

Host #2

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.0,"y":3.932952880859375,"rotation":0.0,"id":278,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":21,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":270,"py":0.5,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":0.5,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[340.0,170.06704711914062],[205.32345076546227,80.06897143333742]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":167.32131882292583,"y":39.0019243141968,"rotation":0.0,"id":246,"width":216.0042638850729,"height":90.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":22,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#434343","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":356.0,"y":150.0,"rotation":0.0,"id":270,"width":108.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":1.8620689655172418,"y":0.0,"rotation":0.0,"id":271,"width":104.27586206896557,"height":42.0,"uid":null,"order":25,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

(Host) eth0

172.16.1.253/24

(IP Optional)

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":81.0,"y":150.0,"rotation":0.0,"id":241,"width":108.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":26,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":1.8620689655172415,"y":0.0,"rotation":0.0,"id":242,"width":104.27586206896555,"height":42.0,"uid":null,"order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

(Host) eth0

172.16.1.254/24

(IP Optional)

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":224.0,"y":64.19999694824219,"rotation":0.0,"id":262,"width":120.00000000000001,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":29,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Network Gateway

172.16.1.1/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":307.5,"rotation":0.0,"id":282,"width":541.0,"height":36.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Containers Attached Directly to Parent Interface. No Bridge Used (Docker0)

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":32}],"shapeStyles":{},"lineStyles":{"global":{"fill":"none","stroke":"#000000","strokeWidth":1,"orthoMode":2}},"textStyles":{"global":{"italic":true,"face":"Arial","size":"20px","color":"#000000","bold":false}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458124258706,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}} \ No newline at end of file diff --git a/experimental/images/macvlan-bridge-ipvlan-l2.png b/experimental/images/macvlan-bridge-ipvlan-l2.png new file mode 100644 index 0000000000000000000000000000000000000000..13aa4f212d9db346f307dfbe111fd657406bb943 GIT binary patch literal 14527 zcmZ8|1yEek(&pf9gS!px9wfL7?(XjHfe_r?o!}4%?(Xgc5AMNT154iS`)haSR-Kye z`MUe-K7G$Qb?Z)ql7bWpA^{=*06>uji>m+tkZb?|gb6&FFcuiA2}u9| zCuqei$M4-5nwr`%i3Np4vgR^5xmi?p#UH=*mV3XyA4*G0x3#x92gWff1cLwoYwwVe zXz=#-mVViE$?s==*J21!?}^c7DO)2a0KlX5gh}1OzpT$YG814}Y}0%tmN+Aryb)z3 zsT@@gAoG`$lpO2IFpREFRt13lD?iI9=-GG+2moqFC%hy9I;nj{27uocPT1D10075u zO@yRFl7errMnFEDh#5#PPuh?-x?z&dII=d^&poRym>Ga5A8o_}h!g_|nSE(VHt%mQ zPqw6czuO|90az5wa0^O8kUNShYVM8{SpWbzzUn>s&g!NPQdUl24Wmw9x|Dc7tCD5i z`~h`8htZ7%KLEg;77+f;xPQ6_tOjVPO#d7)KeD-x!mCj40sbB># zBGK_J+`o&7iG6fe=KSsDW0j8+4tQ zhH*-^spHNug`oyE=L)?pv{pax=*n0-F0Ov#MtGq;M)d`C_0|)mHCU--2WMp&h)U&P zcQv?6T)kMcBJ6c$fMY%x)hr|An5WbgL#Op*Pvno^B*6%cGQulpIp?=Ppr)&ez$$6D z*}MDmX)#sm4Bby&%JvaxP;wzHM8DFF^FHjHwaXuDtd)8S?sxf2d3U>RT&%lJ$$CKm zXh*C8HSbv=U%Mg`XBgyBD%Rl}U!)etqPnI`2p{fA6T+dIgA+kT$S=YKz6gfU{%qvb z7e`jpjWyGn%7K-x9`5=yt$bko+n7@#7IU)OAp}+uF5#D0@BlvI_$(!08p3V=l>$Z3 zlwFz4CPzXyYS1KhRVa3_pd_SxNF|)OT`e>lX_!!Pr15$;eD}>yYE?otTcpveS87|& ztkT$vjWL34w}3#Tgw7O^gpwUU2|(|iPy<+_ncLzhsmGAV&thM_)Q|PylCK^T0QjcK zo)J4y05vSxJZF_EhzlM^A^oT4R?8Dmr zwcQDogw_q@WZCF0mOTbPNpjBRXO@O@nrbl2Vm8jTFDVV77`yjlsDjtincO zM(x$`)?EVqN$)d!m{}ZTC)2AeEw+vI>c6fF??;Ax1Z*Js`7TrxV1fJvHlbX1Hp{=wWxaUkp%r;hrW+LO`2E=(bg%#N+RzoYBK2xv zWVjjX{L3{G28PiMMhX<0`Xnn1r`@t})K`Pv)@qv4v=R5^9oiqikp-o-UU|L*Ja?lK z^~t|nwjE>6J~DcyXdjyY;MzpznqdRM$Q^AYD;i&eSwO;!ow^Zq%U0@9iokAYuN1=0 zgjyk@V*PUkjr8X{l@-*_=Ov5&jCwY{A}H~ahq|QDLtcg)p;~3h3no~JY%&`*vC&7^ z>eEyEgAHMBKM!|f zS^386lj~YFezTObA2o}(5mchyM-Ly|toT6%F z7)_9n2@5gyTM>li#2#N+?(o9x8uvAM9D;G%>ym)K>fPrXn@mRJ#**k+lXkp*hum|c zq-1Zrm(C;xkw(JwzZP&ka;|2lw+qcoTme=rp;XgC*aTN#3s+cEC11-J3o1v9za4Xx~HF`t_^?MsU8C-VhCW<=qT-s%dTMDFKtR?Shvc)nrj6n%d3#Y_z&7J zrn*Ns22|<_(Wc?fCoX+yTbklb3JVSk{~bMgl-KmFC;*#;@%qQDYeOJCLe=MOv&Hw+ zO<(DH8U2Dk^4Basq;cIAD+E;=;f42~rYU3FLb!|ErqsXR$WU_m&VGuc)+^xQrq)=I)A(> z3eq>1S5EZYnb3qc&FEHe!-=MDnrX#aNvg?bf)@Gl85B?bP<6YHD_N=&cfdll0*f672)(R19dd$J@@N{w_z&pMbh5kL5@`Ex& zq&SW}KA<5D|7<)1kw7ZCF3_b&b?Vo#7D!g(=aw2`run#=*WBbN>sO)(Bc-=a0u}hBb$_t3wwW`DS%BKn1z*%{>8}Z zL^-J*dwD-znMzHcwswYp;Xpdcs)spLD?%v%r%!Wm!3~J%y9`ry3lbe=yhWi&noL(O{~pRZ zhF-BaAUy|z^c;yWqTyz(=2#Mc0q>nyb_n^oYH%fyF}#B$-F>b^teXvT)0d6kkIl7z zQ=IXU)dXF)oEt1lrWK3f;E~veRry0233TD7pUIQMkKk268myK!minxp;_1w?wPwNBgq62c=52H1bC>GzD#Q>{GypZ?aN*$R=IJf2|D>8XPCX4HG|$i585Vy$kj zUPg%fSbO5#DUq8|zNayBaW7VF15SxZv&K*w+A#k{w8(fy)U>_#_1o@Auj^W&Une}; z!^!7CPCY#K0Ror^@yBz@1Feq3mD}7}P^iKOFdu5vpq6F2Z#Bit=d8$Z`euV38G8rO zB&WfNKOFBuhr`6eZ{NF{ZqA;<;Qf)La@{W*9qQfT7^7`OhJW}>P`~cZ z@Aq?>q)ssj-FYN)y!}~!-kvXw;uyXs3MKs5u$hG1m-zLw?*(o`Qm(S*-J+QMkN4Jg z6;Hd1JBg|2SF7D)zDmEt{alPVl1Q!U=7!5sAuK9pu3&{O8%QegU0`;e=}Zw*tcuQK zl*FhPZvLrri8@W>1H{>pXNY6T@o_2e=8Q~!I2tu175a>nKu5raW~Tk-FR|1mS`}&asn<@r2JsIP(WHGM-CCu+3#EB7cL+5tY`ZAC|;K@PjgQ^CrJS zoSZig&6L68RPw{CZ-?UHBgAtxF`Dskz;p21CwWf^(x7qD@U#L(@t4Nxgj>hvbDw9k zt3Q+;dfN^3`G1g+vFLwE2QT@C-=ed<i+abt)eg^w7Ps@X*{}DCI9dEmxnBdP?5w=jgEL$wSKvEO?o+=B zAu-?zTrBEeJhd2}5X_u+Z^)DiK6uoSR3ioj=sln8YafL*F2>HC{uYyJ79u`EIP<&e z6`zxVV?9zZ_D562P*iO}qr8B)=!DgeJn`m3Mvj%H!uzVap&K>BWMMSDnb5@_=F9ig zXe8{!h78pn3x>z|{vI#MP{epUyBej~V@|07?X~qOiZGKRjrdTPIE=(W@XENha4pF4 z;5*zkK$WHn@-RQ|+-rFI2QL4H9+Yc!J%Z6{l-`Lz!__pVRA15BgkdZe+(Vbr^E)of zX0dK&SY)66l>%;Q$HT#tZ<{Bhb-`WMe7z+ziQeg_WX|EWqwZuk-F6Ip^JEv~#OK$n z&Of6syLejdEuP3#uXY$)Q@OQMCH&*2te)CT)M0!+LukO&^`p@=1stEB_#-plM$TQg zcY1eJTr<{l?u{B)rf8(+UpF2ee5yT3R+n#*g6dD!6;9um24)Q?LJ8Fn(6FBcZ}jow zhEs)_aHuQS@2l*sGA}zWHt!U0lEesoHXiTw+Sf8X6>tuHBJr}iexg64;e+~ag-l91 zY|rjCS*AZ@vBB+dsp^VPWSn$cc}9_%Jz%l<`5EOwNkTB`eE^SyJj{+e9{&6uDnZ~A z%D9hp#9&k1*!F1tdf`3>as2E$d3<3Yn<$uFObQLoyccw((!rC9 zYeaSDtk!>Zm_wn!lsf#f$`*oV?BsMVi}*D-9)_AODWr@>A&1j1%`d`A( zs0rEAdW(%IiXg0?EGB5N*?tcR*z;&JvOLELo7%Tf}W@Ybq7Kz%Rq z6nkUtzzR)UX1h`NaO7jeGrov$#v-IAnB0bRQIUX2`0{Gwog!&=c7_y;QuU!-7!Ma+P9i0)hk)ZK+qvNG=QPW?#5)*a1&e&L2}m$S6=*ltishAM!VI?EpdD zywb>>t45Z2STvPvvBq^@y>_qPLM>lG$1Q)z=~BH$?j={S3{dmK_k9>;)L%{{TUDPa zE45wz^Ur#>q$P>ggIiADPbU12Kd8c;L%!=RG6bg{4s+Kn^8Q?HEtswg1) zcd|>y>)-E_XP#=c8J%U6Mz3hgppg$K7FNBVL*7C3ZLPGG(L78oB3e=SoW~I)9C!J} z=->~^wYhKN1m7HTUJPfDs5-T|sAGBiV0lU==$dyfsppC(Yt4*mlB{^~$I2bqo?c2h z7Uy^>Ozjw)MUGvGG3>2KX)$l~kH`2CgG>>@pDPPgK_P+&UkAC=s8#6Mer(h0wH!Cr zXIs=*Xl|3i;LCGp)sL?*BhihRWcFsRo2k?jVq|mAS;N|TNUNI_&B=Ymnn&JH;jx-z z4rVsW6wwp8XtM~jh7F0H(XJ<4;N+m^U@ZC-cy04xxXx)x7%#ZTVPZMykUT$O^K1=U z`!h2KO}~dT=oL{PR?OA|zsK65?L!@!%(97#Pg)mX9?Ut9yhG&INaWTnLpqPl9JHc6 zi8_z$=O(}O=?J0(|Mf@*mvz!;a%!6_D>=UuUk}!`TVO^1AI3zVf64vdmz|x=oRnXu z9;%rlRn+Q1u=vrEN-3PU+yUK*(JI03^_FnCF=oz0J%ih_OeWAje;9v(zR1jM``$Ba z^JzWMh09%K_V*oG%mQuOdeLX#u-sW9^`r#mcpU;!xQ^1&e4cJZeLghq{aecTN%ZM2 zul|C=+zHK{r@seq7ySZB(zH!28AGO2ovnCCOz;LYBwS~;V8c;x%i0CI* zAIx_N?q-;{IEV-{?MRVi?C?G}Uk?*mh=?@tE?;65a`46D4_8Doa~rRC+Q_+WYG^dy2hDRGv7A*swCIzA1X;dlV0jQk+;#o~)8RkzCo)X2~5 zT9#uaH)daTwGqG_phR;`H%P-NoLRzGtf)bX(n^vzjgcOfm*bN1?o58bbj^z3>%oj4>6w27DAOwo z02PHPSmM5cwh+L3+s1800uZBzH=G>8aRz8_t)s>*Ql841o0)|z?FY^lIyX1f54?!) zSEJ0x?T$+%xe*ljKw>O&8jKsxwqyu`Q8O0@4_=9d+u5X@mOQk)pPc$!aUA`8mYX!) zfOz=0Pe7i``NPIA%L4GKntifOVp6#Ga{b?`&a?aP(PQ{VC=Jft50aYd65m)4CqNYH zFQO5WL}#Y!$2Y6}9Lk`W&49O5W}b+2IEJH(ORn}*XNA?3otDk+EOL&+T*7HBP8kTw z-pKN+-If1XXoE%!lgRl$@Ka4JIr5DokH0Qv$K4*JXSsNCYj>0v*|}_$nkG!{?Wc~{ zK3FA!{bjjS>H%h}{LbUu45)Q~FcN0!6nHgm4Iw#L(FB;$W#-{%?d5cv=Rz6?8jU=fJ2Qjy8M>%cca~=!gFPIR3H1L z_^kb54*k6U;_t?~&xMb3BF{Vy^(UC_Hu+A07ek~*CfaMEeSsqsf%?c{zi*}SM#iYX zuZ>ZStoiJKIJUXr!fGdZyCwhHAaTQ>)Xb!gZ(iZ`7WiuO%OV98e>)4(I^w*-HBT4t znmyx>Mp>FLg03DLCGD4RQf*>-#a6}N@5wOq93=F7qkT2#B7kI>yt>8# zB!@iOF+roqrTO2_M4HX;ay4qd>c+!+N;+#$9|8QI2dF6)F2~T*Q>qQ+6G+Wi5e$0g~XyMHq)YIIKnBwI!+uG~KC!al$ zks=8q28*I7c?28|K?bGtEl0&8EPigeE~7#&S`nNQ0NI>1hYu(TEN7K*g-vpg-lS>I z8Fzw^YL5vOjr0mMOtY8Oeh<%kvWP778^aj(!bsne5r&3^r~X~@7Z?1NVTvI}_q`rP zJs9~!`s?6@pNL_A6Wl%O@06BA6o=rbO~b%EjxmP}hCoqqR-|_ zr>cCM`X2a5baf8vb8~Gz+QCN>E2);k_?SB;s~qb@$rpC%z$rxBnRK(1_y9n#A zCz*VzEuc_Pbo|-eFjz5ZOh{_9V2=KMCPCnapii}m8g-Y^jJ7x}GxVx=?3b1o4E3I< znrH>vhCjpkE(~-a-Iu}K>D8Je3s{jxJwyDN{0Y%Sbtz;XB+MXesZtt|rJAd~C*6Ho z-NxKAMv0X0hy%-#Q}2DgA#u>N7wQZJ(s6j9-wDL+6ONCSH(B4sSRaB$I~?x1wts~) zkGDi;{s#ee3-nW3LK_f-LvX8}d*pL?6#8Gvu5-Z>gI*$sWRITZq+c%QL?tw5aP0X0 z!&BqKR}Q|Obd1fdhZ;duMAoFsV#^N!ekgs-vcabBzi##5iK zL}9GCcTG!`Slc4pn{RVmw`r_p@kTEcU}j&x@??KYs$Je!sot|G#jD!Qfbg0S?KA#k z$9Go1HR*HKnb_xU6BQ|!jRH2zv!;kcbtwYw$ ze$+TSB-*0A3vR_+zu4=qkTM6`5Cgc?Vu4jsKI-$#d0fxCO^MXy@cG1fxjuF4>m z6!S<({3=7jvd@pfmrfbgf@r*_Vwqke#ardA%Vy0VjD~J6DDnd{S1ULdnZ$*wLO+JZ>1-Ix#p1Jr2he#-T!q!N3^$ zUJe2fRJsZJR%AeN9$%uSZZbx`7^72XtZY(SWFi%XQyIEIKN%Qsx)xwbs7wUsL^Q1v zpi=nbP&y8NOudX>ROIJ!0ah(!D0s!ZSeMMS$qlLOCx=LL06gZbb0uRF1WW25G(}^> zp5Y2t`;BSP(%bntPe-X95^n^4`m!1}hsigEO&hgmK6 z&`Ro8_ubx4-3;UYhrLOaB`QTAP{ay-2@C1p*-g?;RoR#ByCwE8gs|GS7V_$ODB`DL z+|;!3FLDB2iIJC!Qjoy5fu2D>A&ko&wOPyem{;z}XHV_JB=i>-zEv)FJRZ-R-56uW z545gHmb)K_2oktDAcsALslbZZr-(B!J9t@+PBoSO@>7S13s?L&iWaLF*x!h7q_;4f zJIbR{d$}b|Lc$xpp5+b?w!*wwz0_dZhAt!v+sW`?JeV4MkczII8dJQwj`eE3>2p4O zpn{rLFnDQ6x3#Qj)$+Oo&EqZwOw?2A(0@ zcAhkIXw+!OGU$IZk1gW1{6=SmEzf|TPGB;b|D zF41;e6fMG{rgD#DzG@F!8KK=N(bAOvGdX;FN>2>FH9!az41IQb-um`tM077kN8F(Z zL^MAVhzx$C2D*U`d}xuVE@^?!1A9MKLNRuHM?q`s2*5%xx&SAilY5#F$Nv_@`IKmp zG(aC_f^4l8ULVp&BB3LNU|LKlzHLn*2a-J+0vd2Mg~+ASk#PR$K4I&OHx`1oN#faz z`*$VoB;y;}k0$bu9nuB~mcwGn1P*+M6cfLGr=ea+f=B+E4^1K=nuXV%Mr;cl_Wbiv z&d6YDw(po{zw6X55sMY#@iKd6lEf!Wn`;7kab*PJD0*o^4d8t3s+9=Hum8DTX3AhA z_06{v%|{N9N{FW#${m&MQoIVOvkV(51eXC#0~LM=5@7u^C6|fz2Jj`kAb(dX_#i27 zGEv_#;O3JaQdc>gh$j(vn7?HF`{f&^J)W!y7D6suwU{C8hfj3S(C<4pMw~-}gYQZ^ zURcu65fH=!M|V~;sq2(F2!jgGl?^q5$N z7RC!Nm?U>bV1RRqKu&_$8-rrXrZm|_MKv;~G$XEkc4xNA^ttN|8m?xZu!mjyVxc!} zeEZo2C;h>CP4_3hH>32dNgKl`5N)ha8C6OTv|X=mWKjUgajgaXYZ3~Q6Y2@f^Wgd? zo|&AZAJdrhG?%A-m_@j-8L$d?81^xCLAXzhm`b}v9Ruf)+QT|IyzF_=5?y z=N&=@r0yCij?ilEV0y>W(28Vxp_K_!2fGHC84)1GYU7z*pkc+#Wbs({D6E*B^RMaB zexKss0$w^QwC2&O)%_t`WD3vA^Z(eIPFu(1Q6;bEh-g1RPhxnF(2%5k#Q-qljI=o>a_qYk z<+tmM$tR|f`10+gfIs{}jaq$k*|Il21CKzP=t4;Ug1OtfC`aWe2brsB_3TbweLorr ztC)1^ju>mN!AVKCR33|V`0*$Cf#=e&n1;ik&?eY{Iib4IR*48kTaZU(rD;c4C5ZZZ zTZacIC&w&1!I3h+DER3s?c8J>|1zm)LEsn<9N=p+l9EWL{x$GL2vjN&Jtmfpg^_WC zznrtLo9+vK9RiSWAjF}fAOzhsdyo&*1-zlqvjD$l2mL_54}2p43AD%9T0<@W) z#UGCezvUT+2p;$x+Au|{RMutiUZ^LR*TQ|M2YOo;G1)^t(#LWOG0^E#41e8Q+dG>KHf{j z(&ex6wRRV1VDqAchNU>gyAzRq;Ye{F)Gx+?^uT9PZ~EyKpFABJVY?1~m7Y`FONk%Z zl~znQs~}Jk5XpLW=Abgc3Ayk`w#meW`fdtUx|CiqyMjK|F{!8{MlrSG0paNqRKi`_CEB$gv3l})i{pa#+EtuMxyrJoV?qH2gx z#Fd_6mkmxV8s*S_MZZD@s%PIo3qaXatLN-fb_CzRW_PQ}Bfs}J!A$m2zZhxTn)->L zsHp1|;{Iv~hBL$T_+mfdw%Pmi$=!fhu_{5$@dp_LS=MV9vSib zdk0r2#aFq9@9e|%yU2B;v;OK{vtfc6D(Q!X*&}JkT=|)Jx5g^YUpA<_0!==F_YvSC zhZ%NyH3ZW}@8L-_3ecQ+0ChqO>wO{tMrX}@Oc_WrLO{O~2hb@^f>c~K-oqS}7Uk$U z#EWGQ0p)gVzS0KVCqjoLM3#cwVLwe_&*K)I;XSmQjIjz3wE*OOr~?$4bIkI>JZk$b z6je`e(bCX7P|~cg2yDo@F8}K%dYBogh?({;m>I$d&Q?;i>DP!Ubtu}faaLPUh{@lo zO~FNJiQi&XH7p@CJ1F{6jB|fsew*aSCe+XbNO1tqd6+?Hd3f?cS<%`nO>aNJawh-x z6`ORk;Roh>l!i&FrC&=GDPUpi7&OdcwROM+!wFRzu`8Ibv4d}^hZxA;2rt>O640n% zlAQm8q+_d$nbvu=Hj4SWs)51*^Itv9hhE6`%CcgQ>a3(q|G$oD*g9eqNpmV|yLAv2 z*)E1Ec4w>YbYUZM2QIkwIRDLS$}*9b$_IQoNjK6{Bo&DWQ>0Ab)aUQY7r{{mM1LH$Oj%c$f3R z|39dgc~fFAC-6?OORoi4qN*Vxgc4=h zH5DTuM7ktaxzc)R>$M8qXJV?G1a+ zB0sjDRYae&;f{b-tR)B$3{U+^S`a#x424s2LzRp>Y+x*nj3w*qM=mb>`u}X+kJLyx z)QW~mNo)*JUdX@{$MIRqy0^FYUwdh6^eq1jx)NmbM&~ayj>5J79RX;+p5!qn4bQ6y z#r#Ju`&w_MKdygy`?s2L;XOu?mmp50&ezvidk6PGkk_7=KhAoF*CD6tJtsIb_IFm=?WH7%Ma=0B*ym!dx2?0>78N{O28Bpwzl(6Glg@L?$@6e1h{vf2(&> zfLS^tEIwlVOG7tY<8a%n{Z3KZF>@TXv7NlIMbljec{@?&Bo-$^DNWqOxjhpUS^H@@ z4~%>te!18=rad+@AYT96it|I^Ex+efi{^ZPFS7B~RG6aW)Ji7rr?f&oG=fO{n3qPZ zJv3x%eRMgpR*zLYI&>SK<=mr69(iSvYK8s$FUc& z6hi1M83a5IC^#T^TAP^6h=5HP4u0wx%(?|A6cNP(kA&fQ=a>_bZ&ju#hYMJ2MZ+Ta z=kQrrME4>eT(IOvyw(;>pJN)zo|}mYD5da8dZsG9 zhsxe`z)PX3Dk)wERe&Df1#Dvq>_(Qe9on_(!M%gOwL&UXyt$D<_+0*s zR0pSzf!inHI`x6m`Um5rWqYpFJ`m-s2()EC7#vw-NwO%%S zqfilAIDIR9t^nG%P|jIDc5=#|-76N`S`|er9~;XV5WDkWLq#b@8BEg1x9W!Sqs_5K zX=`iM*e0y_ic(O_&Eee(Dm;qKW)Q?Qixu)48y9AIwbq4^a70RI@f5HpOXRsEZzH~q zP4Qmj`1q(;u?U!6@IUY$zMOj>=02=i{E(8H&GJKWGG?H5adxAHJ(QUrgcta-;lTtM zRR~k6@>)#hIl~zkk}LO8-6Qg_uG^zszJi&r%8?N$HjaCN5lo3!SHyfQ70=+b# zOxL=>nj&y8X|N(~L?;`##Rn^iN-ptZJQS?c!>8lTGs_+X=dT^5P?n}n+2L#a zUs*jURphV4i|TREJ~Ms1k++gtIk9ajG5$^+t|HIsv>u^5gLUT|p9R>y*ryP_WYu`q zsp}F9+Tpr3HKN1g!RJMZ@nudS7n?38t-ZXAV)`Ri>Pt(nY$Y(+1mgc;$+fvjetR+W zMP_IqI=4Lavlg&LAiN2pvudu*{US2{=Bi6HmI46##PG(ApBA{FhNvPuzzr+Ye(5Bp z_L0@k`;Yg{el>`=KIhtMLE;{o1~K56jI1OovZXti9jb(_;x^TuT@~5;G*9l$MryM11#KG35vk zS8d*DH9pjk%@Q=rEmkhnIX!58nvVm>iBqK#W-5xaN}dn!AJJiCf~9axN;nYqhG=gP zc%}Fgm!~%_zRmj|_PVORyi;Ff7R6!haSbw9Q^TIq73@~(Y=O+?2yufyU?8Il$*X^P z%{^)ywABSH4}GUzm5wTcegzBYo^7LUWglP(O6Mz=DG+FkrqjN6t>xZ*H8HJ;Mbd>l z_-q&4!O&wW=v&8d0^`{Q{SDM<+^xkd{x~@yDC{3F@6tvTq#VWJ2$%LmG6ylERpe^D zxisET>(V3OLq)Qq!iv{wX`|bOLs~iEWOo8xGIWz#$AwT~IUmWw z)peI#IXY*+DdppYxvBrhG!re;d5F?{J^%nW60d_0Bh^mdN)&F7JSW31pqcCsH&8!& zhOZ=6#S6o7;VsAF(zRMX(268A_qxfBd|kM;ZXd1^_X{!Y%^Ms>Ih(>S=7in-eAb@# z^ELrCZ{4$hnY!yL34+;iqoXxkT4DUy1vzvxg?Phb`KE$j_QKC`c#~; zKCpMB@o`1e%Vvw^sZTg56izHBnX~4j{|6UAmAOm|U7#y=nIW@Legy1i7_SJatl08a zk$?1K_l5n*Hy%$Gl81IhM}+Drny|$ilDH)itON+p4vlUR_poRp$>~_kyk@FjDPF@j zICF)Ej7P?xD~sn>@;4fB6bq(qKpxFmLu)QHDAIrE2xXqYr8C=Y(n6K|jhZdlEK$8D zOuxtb+)##;ij4SwWJvpQF5c#X6X^EvXwn1#}Ki0-R-0D zC;$_4aqjQqjG$>p&mOzWK`xa1m|+sJSf4K|<(f3PWta)P%=9SbQwF;u2rq7 zAbx+Q{KKP}X*IO99wIEIE0cnMwgpk`cCS)A#t&-5n9^mOSK{^5kEPU+pwUorG+n8i zEDr*KIbiMJ*C4d5hy53%nNhC^W#}H)y#ZVR)M9ai2J8JDlfO1)6Pwa%Na=l>jPR~D zWN{*vLsbbD4dTsfEGmV3M#B#Le1IOYXL(x2!24ah0wi4l$dMH)e}51&`xQ%(_tfh& z=hfPOrYt*i3XBZ6$8E7dd2HSIomjl@)@s~qgc~P_p1m6jVG|?bj=5*%X#IL67V*O9 zVZsCxlu+AjnRg8nO%no#Y7K9lPK%Xmaq_I2LwBS-nZ{XNYIb$~7-}Zi$F3v0Xk&Za z8?p}5XBw;Fe@wwB7%CY=6C~Kzv%|p9#5S{9OQ9irqHWy`h{?pnMC{x_6Dn8lKCU)o z2^89UU)i2LnMV3tE_qNa)4O&Gf1c}K`=M)9HK?SCq!?=iR%cUcsuf2ijz`^(uDkDNi?s-lBIv@iG01iz zm7=VyiKc`~djzZ<)D!kSKu&JVd23;0IaEf88fYH$&<6rML5|+!-z4p>1w&UPVQ;|k zs@J0zQ=a9#Mg7q;>{{txEtygSrzContainer #1eth0172.16.1.10/24Container #2eth0172.16.1.11/24DockerHost #1Container #3eth0172.16.1.12/24Container #4eth0172.16.1.13/24DockerHost #2(Host)eth0172.16.1.253/24(IPOptional)(Host)eth0172.16.1.254/24(IPOptional)NetworkGateway172.16.1.1/24ContainersAttachedDirectlytoParentInterface.NoBridgeUsed (Docker0)MacvlanBridgeMode &IpvlanL2Mode \ No newline at end of file diff --git a/experimental/images/macvlan_bridge_simple.gliffy b/experimental/images/macvlan_bridge_simple.gliffy new file mode 100644 index 0000000000..9d77e1f6fc --- /dev/null +++ b/experimental/images/macvlan_bridge_simple.gliffy @@ -0,0 +1 @@ +{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":328,"height":292,"nodeIndex":215,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":16,"y":21.51999694824218},"max":{"x":328,"y":291.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":241.0,"y":36.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":42,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":85.0,"y":50.0,"rotation":0.0,"id":150,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[3.1159999999999997,6.359996948242184],[85.55799999999999,6.359996948242184],[85.55799999999999,62.0],[84.0,62.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":22.803646598905374,"y":21.51999694824218,"rotation":0.0,"id":134,"width":64.31235340109463,"height":90.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":44,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":89.0,"y":22.199996948242188,"rotation":0.0,"id":187,"width":105.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

eth1 172.16.86.0/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":147.0,"y":50.0,"rotation":0.0,"id":196,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":41,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":199,"py":0.5,"px":0.0}}},"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-82.00001598011289,6.075000000000003],[94.0,6.075000000000003]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":210.0,"y":80.19999694824219,"rotation":0.0,"id":207,"width":120.00000000000001,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":43,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Network Router

172.16.86.1/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":27.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":129,"width":262.0,"height":124.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#929292","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":33.0,"y":157.96785409109907,"rotation":0.0,"id":114,"width":150.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":1,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.9951060358893704,"rotation":0.0,"id":95,"width":62.0,"height":36.17618270799329,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":6,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.2300163132136848,"rotation":0.0,"id":96,"width":3.719999999999998,"height":29.7161500815659,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":15,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":99,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":99,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8599999999999994,-1.2920065252854727],[1.8599999999999994,31.0081566068514]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.2300163132136848,"rotation":0.0,"id":97,"width":1.2156862745098034,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.292006525285804],[-1.4193795664340882,31.008156606851536]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.5073409461663854,"rotation":0.0,"id":98,"width":1.239999999999999,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.4306688417619762],[2.0393795664339223,32.73083197389853]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9380097879282103,"rotation":0.0,"id":99,"width":62.0,"height":32.300163132136866,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":38.326264274062034,"rotation":0.0,"id":112,"width":150.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

container1

172.16.86.2/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":124.0,"y":157.96785409109907,"rotation":0.0,"id":115,"width":150.0,"height":58.99999999999999,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":34,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.94518760195788,"rotation":0.0,"id":116,"width":62.0,"height":35.573246329526725,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":22,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.1761827079934557,"rotation":0.0,"id":117,"width":3.719999999999998,"height":29.220880913539798,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":31,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8600000000000136,-1.2704730831974018],[1.8600000000000136,30.49135399673719]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.1761827079934557,"rotation":0.0,"id":118,"width":1.2156862745098034,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.2704730831977067],[-1.4193795664340882,30.491353996737335]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.482218597063612,"rotation":0.0,"id":119,"width":1.239999999999999,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":25,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.42349102773260977],[2.0393795664339223,32.185318107666895]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9057096247960732,"rotation":0.0,"id":120,"width":62.0,"height":31.76182707993458,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.45415986949433,"rotation":0.0,"id":121,"width":150.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

container2

172.16.86.3/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":102.0,"y":130.1999969482422,"rotation":0.0,"id":130,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":35,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

pub_net (eth0)

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":93.0,"y":92.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"


","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":14.0,"y":114.19999694824219,"rotation":0.0,"id":142,"width":78.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Docker Host

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":235.5,"rotation":0.0,"id":184,"width":196.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":39,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

docker network create -d macvlan \\

    --subnet=172.16.86.0/24 \\

    --gateway=172.16.86.1  \\

    -o parent=eth1 pub_net

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":45}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#999999","strokeWidth":6,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457586216662,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}} \ No newline at end of file diff --git a/experimental/images/macvlan_bridge_simple.png b/experimental/images/macvlan_bridge_simple.png new file mode 100644 index 0000000000000000000000000000000000000000..51fa66e263793573edbad30350a6e59cfbdd0256 GIT binary patch literal 22392 zcmY&;WmFtm(k<@p?(XgqAh=7=MgqaDae})`aF;-E*EH@DG`K_KA-EItb!O&$bLR)F zUU2$U)vjH;jzw#z$)lr?pg=)Ep(`r9*MfqA20(rUkq{t%IiUa30tKZfsrX(>$9wf8 z@68$ao_OR1bAz(pgPkCU&o)KOcCK6Dn!#}njeYe1{T4Mx*EWAxsO8DE`DC>=2N|3; z{F4I@*kW!o0LJ-+?}~*s^d);RTnHEpNJed2KHoTWQ%o@X-Z+O^eDy>xo-|!>?KZ|) zCnokPMrlqJhIRF>5Qt12)=wXXg_40KjTEkoM2*Km9p*0n_qPTp3`=?&M;htte+GT2 zjr{*ZnE=xN9{P9C?Ct*z{X4_|&DWkEX$V5cMhBm?hzfal@H7(Ds`VM!fQxgQc0^`D zp7sO~7e3?E;_Xaqz>Brr!%(~o{21NIcq19EF8F>PN~-^TA&T!_S)Mi1)CRn(NceX+ zR&A>8XFr6kfSEX*sGg_$NFJ}dhjLH?pNTNR=v~$(jzlLnx-`<~U*Sg1e8Ap1i6v*! zD4nR)K)HGiXRvxWYtr}~<+<^-rO|!WWirSl515DJ-h$ccZEG9FOhV>|;)HypkCwe3 z1c}`<nXwj4_cCbFFm~6)r(yGX6Jc${2;3~*2=!^lh&DPsl-{N)lf(u zrt)DP+&fzG(n5!#i=UEC5hYMEz?Sthc}IdgL1m}V$`?vW0g_4$(CMw6EZ;@HC~eaC z#c`lSxLdI{QIoNs*9cp~OtLLsz z%5g`_98bj+PbR<$jSUL5s(dRppHT14FY?;BLvVSlgavU~k-- zE8vhr&9sZ$BUXC2dv0lH6MTUw8`;m_0;)E5gvw_Om^Z_F(roR*7sc&gVhy*~`Wqa% zN__OD^*k&hkHDE&q-YaG%z$7+fKl@w%IjU#>xhRdRWU}uu?DF1>yH>+_EfMBMvS4f z$^BZ8MNA7`TqUV)M>P=nD^PT(N{~ymhbjUl>_MqBM{VH^xyG}B#9$BJZPq6y4P1L|+YW1eaK=q{n0lj{tWzQ7kMNGw&^B%*t$ z$K!TF`~;UP@UBKHt)ct;NvGRivu(89+iT*AyTZO8G6J@mV7Mo!hE0~}5b9KvR=V8+ z%-OGE9WAw5B_BId*&${7SwEcg#_{y%PYaT;((x3hncbpM%5w_uH5OX}u{J17?EQqV z2Y@K6_tlHje5(NmA+oAmO{jc{bYo5H;Z@lh23nT#YJDaDEkU48RtV>W){{;Hq`BJ$ zTq$KB=W&__$KP|9U!%&`JIy)yQMWWPcej4#^hq?qk}d@@uczVhqU>ZxLm{qw5<>dQ z^lAtQPM+w8Hp@U!VBYp&aPGHf^@>WHW($6aODcxL7SM~ zmUQ9Zd6>%9c-J0|CHHY#UO^3Zr=;`!36|XK=w>Xy@H<@3K&l%F)K+6D0s3z_p=$;h z%roqtlZx?j36mxUj5kHeP8dDe*dN3n$Lmj7Q0)49)WUbiud;%{xFX?eHDn?N1UR?h z?WEJcQ;oPoKK?N(qn9i7hB>aow#Pehr2?_W3{!^#zRgLiSS&_yfS8Y|k-LIUd zTewSRuv#EPL)jlgG#Gr6@;s(ayx(EPDP-C;(%Q&J!nLc4wCt%*v;>F-^#PT8Lrje* z9ie0;C$rWtovs)S^gptHUr~#t6(uwqBC*~oafnIMV12Jn-c^djcgk?Ry8@*iW(eGw zm5XiCEvruV#FxE!Hdln3z|D#3*fhl1`l%`|Tc?7;K!0^Q^n~gNF}M%vFa|I02h z2+=MDd=aKPJLlN$w$d58tC_|zkEu=r4%wQSzwnMUIRktO#Q{wvK;u1akaE1^_oWB9b#VLKrTvt6FVLGvMhkBEEA zazIrk^`UZ|tf$6G#>ejlHB~?T;Y0n_v79f-9{#85RNnAJOTV{ugYgo?xl!hc*U)kp zwtT%c|Fls^kuH2k*|BWgPu^tg!cp_(pmJw8Pq@LjDh;>~mkF-n-L0D9T>k8L^TxJ* zF)F)Iz8z5cVo0^-PN62>R;3XxbgN;Q)>&@Czsz1acahpyKcrFZktt)Vxt)L)LcxAE zBt?yzF|84shHs6)YUIj9fI2!#Q6JM?1pm5}yAk9-IO^F;OX>@Be8!N7-s*g=eV#o@ zVe)s^M!7fY*<^%U7w>$$ttfG{gPAzYC;x7N=~Vvx$zU4k@}}WU$6z@{dSM3+@Z6H0)PvB7us1%Er7a^Q zyFQ|3U~a^Qgqqh*(g-v-PK)PmCygQu3_04{8@#p01adQC3n~JI4>TYd zO}dmzcR^mn{^(AN%sT4LJ_{j#7My6CcBPM;cfwkj8$8*{dQ{7-&q$FU+8H-kb`-T^ zq+LN?Upc#fQ#dN*cngv*Gb#sM7c$yi_~OK`SS|C4(Z ze1;|Q19kR~5(@scq6V#KLLyNN(>C$@U_G4bb#5GyPvbl;X!?mf-)D)^m#~nDZrj&g zU0s7LM0U8WzN_W@=@wdI?PZrcw&cG2gl<O4AY<7$?=u;z3FW12}1E3rP5Y23!f=L=_tz5aBzb z&KiQ{j(Fv9A=!DFGITofw(~a3UUIlQ;NPy0y}7;pIFdkaercHf=H^q@>dOn0(X~Ok z<3jPGPJ8Jf242>$$qd>!k}W&~(c; z#Putl3^U?c_X0`G9@KqJdpDbV;DZXeV7x6#!U5F%i%eOCZn_1cfBeR`kI(y)P-S>N(?dY%yg|rzZee2$E+v+AQRB1c*{I~yAnPIO^U z4`rX3M(#*nUY?D!^WpEX_I8o^`T4^3_Entr+uK_rBBI_B<%~gQH{0ce;n#Qsz*yG- zREBOwN#e{zHbt^!@Y93+q&^;`ZY{S5e%smFMjyK-l8efL`Juh;&o$QKbaeo#GgwrGhlUE75N5q)esB=3gh-{g zL>8yH{QW1Gv(@=+9^m!jHVzPVVf(LDm~{`1v0&|hB{+Z*f3Ac-3C&+k3}Wpy9`ZW_ zg9|^jz?6}`_d;0j>3SpP_xZt*0wy+s&O}8DMKd22iJOSw0ocq3=BZNZjw<+`aV3!p3TquYdhq`hx*H>uLaFUqxYo4iHH+_a^&S zh#kQ}%CYin!E1AKurm>M?>HbH{tFSnzY)LzZ-xU9)k`S6#f>7H2oD5=9oj;P7BH^G z0}m@+VE#SI_l-}0cqDPoxS8Ss_wzJ^SL;cf)&2kfr|A%{`H!1-1+1rPk7#D>3*ahQX!n|$UFQ<~{`%lC< zohU>&|Kl9QS0`bxlW!UM)7q4i``nuEzrJ4!=|v2}{bK7wte);q$m@)rRa9wDaxoO9%5<7@;>-|_V&0Qdf^Z*C+z1ne z<3dS=Q|dC{=NWiaIeq1*$_F;drVpO|k8^-W0b>Hm{qdniDTYGmq0I0znSLG6q( zhId#VHYP>ViLomGN>A~Yj!y9bmbupZ<}z2oS=vPu46LG(6`>81ShtFHK*|MZ-hfVh-(#kMD#CrN38toJ4 zK1D!^6d9=6m`^|atcIXqh7onaHWP2+Rna{i4Ft#l?sI?d6Pczed@G$&h0+Wpo@T*~ zDo(ZhDNdT4$hz0%01|y;^WixEz_2ublufP;|D}0}G(y$$Yu)W&w@x ziHq##eOlk4$M0S5uMc?!;0lpvhqM^xJSmG3vqLx+vf;Rl$$I6zo;$N#H6_@Fn7^XGtEP_0n++n2ZSMb0!9*(;fXM{uM>TjkY` zgzQ>mdE>n98Rri=FjKfnVdgs(DuiH}5PTvST%>_S>W^^5D6pB7u;c*%v!Im=_CxRA zefBxTzNf~EzTLAQE;cW-da#NoP!v4zOv%#5lAt5<6~5rhFyPv(*wF{o3wy<|}KDZtqc8DbY+z`LA4&&AF~ zRLb=7u>MH;ztv-`NH3#oVdG-B%wN3ApPnNSqVe^^k4x)~!;x!@PD6nakx4si4pXYtg(i0Gg1^z&%*Dz zh=yEoml7Ui4K|1a)YB6Uxp5EAt!TjQJQ$k z?6OP+rL$YS8YoKPicc|th{=)vB0FR;{;ziTFHwYiRtV~#1LwD2L1BhsZ4OxPqP?DB zI`Sido~6%Tcd@({n&?+d124wD1&!MRA;WEGf=%GQLV3+Mb8&EZdo6`G3@4$!sVbos z12!5?B~2e}wQN7Gk3N?Xa#G=d)f93KzSLw!J>lSqyugBdPWAx;@>$TD`SwUvCJEP` zyzqREfpkw}wluW_S6B-5=8p(Vyqy32P&umrWtbL;Bav28Y6%UoM zNL!B&R@0CegZpBRzv_pu(iq)0!73k)=0aF&-WJUfyG}Aq%97{bk$!&AfS^Q;eaX>2mit;3*#9cVfrj8Yr(yo=B)A`!tg^;_)aSA{{iz7JpV2c#cIh4BYuc zUKtsj3st6&?He?|K~RCo|C{CeKj1|B4CJq%EAxLBX;{o}iJvqYZI>=LXSO<&-RUM=uQ;B>Q2z4_zUy!QCiDp&SH9b26a4r z>(veFXzWGbkYmgRW1{d*P#f9xwz5xs;zC1}@Yt`^DeUO8KaD(e1MIy?*NY}zDYxWWj= z2>PsX>^H2F-(yGx!RPNTWi{Sdndk1arDLT9He0qIe7cRk>wF4mh=;0Ca$e$`yqR4k z>W=8$u{R9p&(|?s4Ew~~xr%xJqbb})t}*~LO=!Y46o3OHZuM2)l4GhjCV;Hm!Ru{q z{=FL@7up00ag>=G)=oc3TU(N}!R@6j4MZC5vX{6VFmpR->y53% zeecl9)bf7A)|T1|1w0GAhiuQ|pzlxF4}lj?qDX{rt>ZORNWiN-#e|iBhwVsXu+wH| zR>0J|fQJj}v-P%6&yM)<49?yDa8!`{5l*d1S4@te^Um2uhxY{-I$!K_KSh%QU9W#= zu1ssZrl*=c0)VFzaSP(cxG<#Ts^ zd*nk4E}`VAX{R?fA|}P4Jf(jsLI~WB1b7&j|5%vezGs`lI1xzozNiFRk1ji3XxL|G z5ZUkXsO(3OG6Kg-PNzw>QPSn*2<7f*5-rGO7Xboet<8|f@gh5m8kG<|44XJ`r6Yd# zJF6rUg$gn5v$+}_4mc)V8Sk7j!r ziwzdSC=2VNE}G{vNvSWM=NsNMZCcs$GfT3m?48si1-SxFPayaOt`@B92!#-5i zb<>=C$;0G*B_5sUNaputs9qbBfK1=&CnW+5A~9_t6|=1bszT;vamBT z&0jrd-P^KEd|AGx{S}8on$UB$)l={lKVsXCbBby@|BhFUgUiwmh$KhX3txI7jNsX_ zrlo3Nh^VtbKsNG@S#;@?j8f>aXmu$o&NiYaCLZ7us!i^dO4 zq+&Eq6d5ikR7)LJlH5Y;JhWN!wh$$Hk_D7tF%)Jr)5B=F;HQA!YNVdA=Y6LKs}T_s z0EC5fc>F09c%oarLbPDbE|HjlJo_K`Z|@ zIrrz48yH!0ohR8j zLUyi7xx0@RQ>I=ZP1lv@eBL6bzNopy5@Vvt6Ixg*0wa0o&I{ehm0UeU#i zVCs*Lr;o&|bW!;DOGI72oS^aY#g(4uw9xvzO8+E{Ld4xB)f`G`((oGHJXI?-P;6`t z>NXl2Aqoi+&H@DeJ6!k<&^7AzjZ5m`x0jFDy4_M0+6KeHAwNJ&^&dr@3EXQQbjG}L8?E@evi70)(oG-HRwOnumy_IWOHQ~_g{9^QG0 znzZhx=p7dh_VPnpUTm_mld=H(8QFfd=eIt_x~jrsG56XN$^E8@RhRhlp5y=t$oM5P zXHw?)#{hbvp6|4DrN^`o%10a7K{xp3b+e@JB!wn%=578<)*7~LRPl!pVt{0pj&d@m zyW4xTQi*5egqQvptXwoG4GzJtwK^)J!k_W7k}wa1u1b}na|3_pDFlhSTpB3YjjqTB zlWdE9dw4V>ULt0KF9~@qfuq)q2GOO9*Y9PB?bRqgnEAQvlVwOSmd(06W+?=*W@C4G zU($FWNzL&cCGfX3tumS9FgOg@di+&H1oK!O-5i)!9b$$Gi_g00e9pB#MuV_?* zo+R&TU(0Ha(GI6q2#x2Of83D<1_!Q|s!3;;+NsT_g8ec)vuJ2a%&T;hTBL)qZF>8_ z>C$oscBqGk>e@YEl@dH7y8YcQbSN>thw@en&^;{&+fBCofZM7+ z6Nqr9G)dEoPc~edgu_D!!Q}I~v@6CYHdiA^Gp{m#p@3w=W zJzqXLh4=s<$KLwit8|KFrN!d9wp(HhjicYgBqnmzMx+%OSPgR=93Fb9I&8DAZ&G|a z(9qpp?%S=_zTYPXz^RH}ChywdRl?Yh;=M1kBQW$K za5SJN%oB3dP+K8K;hMyf=j84B{)2F;3wxThZqoEpwS?7ZyHiN{aahtvU%e361Hzjh6-K2Xq~ks~fEV&s#8 zb?(c(gCAEhG~|U&y*K=AY!q4!I2hmF1Me*jfD=k>aLUD@tjvX44)H$(2lbO)!&jQ~ z_>Jy(Idpwt<(q~`Qm9_D?AGviu(+d4#pfT02-_rC-*!a;1|87t3SnO)#>7@L<=eL$ zGFCW@yzbcaz1+8wlQ0OV?#}3WC%t&>lUg>Q!07D3XTk>N6s|p@%xhuGn=t4b)BP5|9ADBu6=&yddTs zF`i@o)g~rp$U#_{dV+Uzwkp64U9gGO7k0)*r|l0jR-YrWQP(QJW(y(om8rG0brO3} z9BlQiIkWWf9(KTCv3%lB0{fPWDi8KMEH7)b2IS@jK_H*;N^%(xN!qZsdEJB+beiS~ zon6s9m%n{A?eUVx{v7pvu2kL)6YawB#>MueIGdQ`p)BST4eoKpm7~c!S?he=oc@i( ztWIC>O~LO9B^H=iuz(~mg50FuPRfE3#-Xr}t`z%SME}G@T#7-9g&LcWCAMY3j$t6U zy@aE+Ef1#kC2=8OP#*>yQi$~_bFJw zjj!I10Y3&z>e>@S3xgyOeru$IwU#8494rGk-aO@o>_xZ$yzPa0u(biiJ0Sbev! zskg<8i;D_W7rbZ#^_`KBy?_+NSY2>&L%JYKItg3|g93DOXQInG0OBFP8JET9;+?(p zcR%4GJ=o4I$g&8cz&_}BM@{a=I7r!W7wT9A0BnHi6a8rQyPquY3_OIPs3DOR3Kb9u zqZ*2}Bst2!(}21q3=oQ)f(sRc0GI9eJUlKCpM6h@!VOsC06HzN*gK3YHUfQV#I;DZ z_oMr+rK1>VXv@s4lm5oNf2|(d+;-%{n*38htN$i zQC0cP9>sGshCkV%54Z1<7viPzP-;X{r#OG+WKfm&t&Lmy) zy5Fp_n7U#0{BcX(6cLT@wHNdcMimMs75d%0-O!pBS%s0hI`Wcmjuu8V?j$5ejn&rz zry{JYr`M+26aVg%6Ujj!X9yvS7CWlsYV22Dz`ICk?8l=OCV!r%%sSzyL}!VjfilLU zi;C#k<4C7R7(yV7AaLHc$tZ-?qN~Fq9{uCSkBG)W5xWv`|3@7^cUhqQm5uO<5%0z8 z{=TJ-^fEs7gYs1y4~KfmuXv5H09Pv^zO(O5?4^KsQ7FBFp@0@@nd{=Vg>v z{D_w`Ix(AK!oj_SORE1#gNUOT{(4<{0rRd_>PWlSBQ*r53{&!BPVL&q-}?;+^6>&< zi)ZX|8zW#a6+I4e1M`M+h!GPWpLL4^S^o4PDFe(*$$6@ai))&RB)5}9zDd4M@6w69 zB9XTHuRS;lRqEvbB2r8X!?Q>c$B%Jo7JZTiwrt%%)sYR}PI2gLX$HG8W3$~IuM;g} z1z8#o$eKOp=l|a%Ug`ix2wh{!N$imr zOq(c)wkjJuX9z($@h$D>i7iHi+$uugqg)jR)rQ=>JlVw%QYks)00&U?MQbH^YI^#3 z9cj5D{QfXMx_9~c``E*UT(ZeA*+?;SH^^^N>Y1Za39*C53J_J@{!fyLioDhENR(69 zLlVWIlh|_IT{%KRw%~YYQ{9jejNa%imY^83;jYw4+44#^@bv>6;c-iYzRKZ%e6*Y2 zg)a*X?fq*--2DLS{Nm>UKd~+@mjXz5m?J4SK6-<3n8PXmg>AP2Y!dq>Lwq=lcD;2i zXA=@YYOrsQQS=lcyqKAm{y*#|v_MA`KS?y3T)ZRU6j*|rWCdXvRrlHXFO!mz=128{ zH>!E2;yC6KH#?*dWpE#GuK5vNBsyWBxptqIV{*EC;d6V@$vjrQSwOH}O=CjF;)@Uv za#<5^?Ms9NTX#C^enUv%K}umi-R-O2A1hbvQ#3B{rE%hCSV-)%A(_06f3MKgC}lk& z&Cft-K0HxjGYM& z*xk5Zd%gb@YUSF6zHj{DbirJW(f8)25Xga%omvpwBrQnjOJU0Ip+CVC$Y*7NTN-jp zz>ol-SR5xnkxuUcV($aaaO;!{-22)8Av|l~nugpVzgx93?;KKIcX$61*?XHovg6rm zcd|O;{|H&R(}2Y(F1TDYOwYG9*3U}{7wK$wBr%PWLBcz?7P=E}UA@~xZ}{>n{o`xL z_Ur_o^jGXqNDgra#<8HTXKn^t!u|)(z-J$0>;;Pre)9`{#2Et$dok#DbQ?DdAH)}b zLy9bbO}`>9J32b0w%GH+|cJ>l8946;$g={>#?C;3zvbwA-#x|dY-f;&988oVCL^WYD zGM7@9N?{WARSx^wOMy6qI(CJAEA$dSc=WULj%VQ%hR** zP>_7F0ihXzu=1i3`6y>@Zz9x#jV-(G{H`yf40|Y!371&7a(jP#(S$s)|E>Hp35k;c zU&)@1fES;yzsy&%_zIAnI5L`^XD`wtnyjaBCOAW$R1QE`%8PjV@}%a)C8~cd%6Xqk z+%>t=!k&Yi%>UgLRxcrfQf!on+90G^Se1SaXv!IdTP3rw6<;Ds<1pquV<7+q;evvT zmq#XAwp8c%P8@J!&LEEl6t5$}MQUX>*0Bbteexksd+8R^Y=B8wsA76|^Jd}Uok1Zu zsA4U$j_Ch%%8?Q6KL4G9kud$<+TAgq+KlRzNP!XkdBFrR3!NAXy@r2Ru5{61QwwB53U+LnGi6@EC6?XWJ`o)FtjdyCJht)vY<2;XV=Cp4&EOg2`VVz znBhOZl2fX~-#6T7QcHJPxWl_n%9Wx%4bL19^%zXLsp@fqm;XQB4T+3xkkeVBj)gGM zIWA!P&q?jR4|uZrG#Cf+eJ|rV^wbpI9-Ja1q*+d3W<`_SRB?JzaOq`Cg9*li|L%Ov zyAZ*8J))Ek1HCPXpZFjgK{^s~)nLM!$Ou72BgZj6tJG{qqp24QPly#5d1oCC1$Aw*x%)pr&h*JhPkfHv_gSHG zQaWL1B!m!BIo)*ck1N9eSz@~5cH2nse7v#Mw3JLuO$`wpaQm(+%X4Aq78m5t4(cHl zVjAq?+&|JD7@6Yj)Dr5~W?+Cz2d|nC9TTtt!b%wtkyObiLg)YB zyocyo0=X#L)5BDrXbE^K)slyJyv@jX$)6LXy!r4Q%WF{XS4VZR@vsQsVo0-D7+!=G z4yw1|fATbREP=CgcNpm+4q}#~gYeL+o2&oY4|yQ30sFt9yN7^xsIwQ=!ZfiE`ANQk zr+No?s%sn{WgWJ<^UMMW*Wv2|=>}^8DNAEB(9D_#!`KrAB7+L!-a#!Z*kX+cBsS1aq3`y3m#(nI|LFCy1W>4=Y{=p{bqBmoCZk?b9jKSs`*Z$<{;2N&bn* zY^3AAV9zm!pbltpk846MPqctWHp@niEmdf@IIGgY!#drt%ocM(<7QAn?B3)wM)4%K zlTSpf;6L4j5aQZIJ1i65aW5NrjSHeop5jYbKUP>hJ7PRivh0D)yK|Z$zL2|yap=Wv z|EF)@)}QrReU0Tp)#PwqYUha3>sXUB-woskY-|aR2W{M9NVB-4p`ge*qW+;vU4pN{ zSWA*au3hB?$oo_qL>ut}BcN^DsC%e?I^&)UE^5!TOv>r&lVS$3^HoK=<2Bfl_H{j_ zy+{M@_nv;)sL&y1)t^e|SODJKYpG#=fjIstwC6sbrK1WOjvoj*@?)3Lj}F=NARZl4 zZN?%JJ+53n{Wpn6bbaC5mMOZ$00&@l$Xe0ucSjTEO}t=HJyj%^Q(P4|f;+dQ=RexQ z5X#{Wwy2BK5`Ow9 zPN-qrAX_It_4_2&n?t2)w>5j53sQCwBdk%(?2f@MfR^E73|^S7)+$tlG@S- z1@Bu2)qeaVm81Pkw6#_gkX{h*f4X2ZQnm|6$cg^z_}G5+-0O6e9{#)RdH;7DfJ2lG zXk{io~czlMGp zVJonfIauLeJGPQ)fFQ^n#1l&qBCDOhnGYBb1YwGF6={&Yi z6q<|3Z5SKR!@EZ^8{xb^U&rRyG+=`Nj&DU2QIAl|SNFcR8PJ>q;}R~ii59+JpMz%% z%r-0nbiW^7x>I>4I$euBCEn%Cm=qvQpN3YToY&qPtsxs z9oc0iCpmE-NEM(s31<|Vc@Z8GAq|z6<9tV1J*FLYTCAN%3ppymgAWzQON@B1HV(!r zX-ko-z?wqr|7L^0T)~u8JcU(~O44`Znk}8gXG?Htwje#W_Y;gzzz4tbIY}ePpPvP^Ez63d|ZNrOGABT+&$6-&poGN&4x`36V0 z6nBio*r>xnSdQo?V=JPqvbg5fDNfRRD_1clpMtz2jLfLOjL$^yJ^<(2nx+M`E#ef?pLJ}g=nrTaz=b^yf}s3Zw7;++KPfgy^<7RfpK;ze&(rBj1|@D`6i=s zE-A6@H%RvzUR#cf=a)1F5P9IitE$h{?PV2VQ;B(pD*LXc0*-YEcK%eR?*kDhpl5N^ zKOvbooZ%;hf|krkGfa=-5PnTSUhwcQP0sAkw8aY0cUd9!oUEynX`{Wu*-AO}dciZVvUH9h!?s{Ut;F9XAq>`t3lIeR36-_2om2#XvVq_g`dmGaLI7Wp=9@^Z%D z5#A~^sWZwN?Nly84P2HUiwtFzmR{Z>Y7E zxxVeD)G~EiJcG{f+<7P+n~#0sc{K9{S&pnYrgH3S-aU){NVB=Ie0X1BPNj-+>+Z#W z@L}>O=ipL;dGL5nl71FF-u05|O|D)an6 zf>ogG%e`D2kgs39aHaC&qyA7%KYF)|3ckv1->=qgoKHL#Ri(UTxQn&MYt40KTFeHR zUI=K)y==0C=Q1LRir6;cNJynJe%2xf-&{OWCf{{L+}TFV#kLh-vz=WX*AS#nQqYfgx~x}0IYT2wS=2}2fFs6S z`KEZR&+D#2?2-Jn9Aw!utVD061^n2(a%SJXk}`QXHXD>j3$qgL5Kl~(;jA17YrT%D!~hOJ!J_ui@`m;9Tr_<(sS zY>5;pV*mu+7qdtV^8O6-Xa@n&$(kN5xCw|=UXH&o%Vp6lr=?}yWXZO$yF8nVjmjT? zJ*%ru;;5V?(xU0DODvk*~j)|XKG66f45>yH(3x8%M9CBisVKq5HO~n zg9ptU5mkjqW0q#$r9eG6xilf*0>QO5Jd2zyB&7@pTauD*V^az>^^j)Q0xJG_>LA=Y@|Kq+WDJdAji2T_z*? zGe5LNA4U+KQxTDo;YFyO*HfYd#m3AqpN4Iw7GSaKSu%^M&%Q;v zKvG+VAFvzET*(z6Ojxj&!(n%Op>6StttTZGi#~0Y&)g<8KFcH8MLa7x;@hR0>+fck zsO_b=vMRiK3KKD`9a*r<6hjXF#hX9ku&;=L!9Bf`4gk^dCJ$~fkoaI?cpsTM znc9l>BNyS$yIi;d)!ZK-P`@lpsRc)-hJlWPl-(uT?T&Rzz~M5Zsn@TRv-{wpwdu-6 zla~DJN8JT&LF}^^^>3R-915)Zsao}BIQmPMFKR}n%*gAK&4$Prr&31Hg^cqb$JhKw zT+7zU16*d=Xh@}(Pb10X9tLn~U&6j3+ESjpx`L-A-^hBNuTY^Ff{i{Z2KDK`%m3|r z-t~R!{3QL5uPpy^gaOe1_r(va8CO6`GmWEv6U{0qVgs==-1aKr zb}VOi{pMNx(Ez3-U#PwF%b-2NE)AyST-^AIqv`)o2S_xXa+%<5|b~Y;~BrgltQCVHR(Q_N6?X|X6lY(1*GB`1kZ_m8yTju?iTtsLL z0EEy!Gp=nOA~XbCj=vu>fe`HTOB-Pzvn5ck;W}b+T*8$j*5Ae1Y=CCHImdcIPPYE(%n#8;WsKYDm=tUJc=kqeTt(^}r@w&bs{|1m2YeOBTdpk-Pl6#0NY){+z0$ zINIbn#@0OzyS?0ZXcRW76A9nXU!bHcMcjDgJNYXu+9NCk1HKN=-k z6#Z&ij_3FU2Q65dhHRIv$i@C_^D`x?HDoSIK@W!6+Q%Zrq1;}*u|ql`IIR7}3M=!HS?!@QdEys$J6)EI z=#$(S({pI{68Y|)fq7onFh9(dA2|wWAI`z3*101 zX^njC8_$;k4M`qG_tXs0WbY2rs7}euI#%(PdIU~@J#v#HIazH9O6(px%XM5ku7tv; zcnBA&^0*|%MOim~RV}H`k7JZP{S2Dh$bRcIYGh=CPvELyGT-EanIA)5(AHvUm)hXo zMNF{JU%kWFekN#``&%nWVzVLHc`0@uH2Wgbg=yPJr_+;M%^VfWJOFN!jj5{x_YeonD&3KeTO$FVj{(~#`^K(#hdK?BGS1Y*^?4MO* z@?-4IkNxQbj*^)p|8Y=3UR)oCb)d#9!4KI)Yq_ytWKJXg2nBT!3`E2AF@AZGECx(W z9IsndS+L6}!!kmz@umvLuBwZMCST_I$rBC{0L9S@t1@nJl_;ZEzOg@{{+TLdS?D!v zS?a(fu_WRF)&hr#0hlK)VscBBv_LLfM!6hK6GFtri#{81A2ue$1FI?c_L6B^%dut$ zz>uLDPhUvKp0=w|k|&>vO+NiiXn^Gc_-Z?F0L$vK5eCEP7e8?@ z%zQ84KA;t3ny2pF6xk_5H-Smsc)z#}(O*d-I=ds9qQ+5rZ&c+0TDg$UMU4rrJcRV# zy{?;{gI-2EabioQorhi<%geM3Z5g{(D$X}r^F**-a=TBB z*cn1UwKF0k2b4**vR~0+)b`(&xeDVduAZI)-3(LYT3Ll1Bn^O{ZA-J(Y^~y`UY{?u z=InSrEqWSs;`KX;rN2X*T5$_{AMi8J>yHP$@ z21xRxc4NMRBrM>dX|_}8kNU*b)(QS}M+noO>=|NxC075awCbDoPaS_|zW%!jc%=-n*?h!C-ZS*rN`=)QXS#C=D`s8F z*~-;yr+7Hn1TucJ0JIZU(bUeG_5q{3Lk&WC756iN^7+ERS~>zwDfDYt5$OQ=NH=K{U%HH6JvM!0f-AhrKs%*b;KtWA#VhIXnYixUH&?skO@P;_ zrKRi`^U%o@ zolj*F@438ppwC%$<;-1PiV7nVZ(KgGBoe&NRBE03KuV?7JzVf<;6FY2SAgfSy!D|vPNGc9ukd9?YZp~`6k+E1zIU!u=`B%;rW)t;txlf{L z^+T^rfAxEPw@M+O7E;)|`_#&QO-?E9_Ti7W))=HMc6T>DX+vdf9`8GziB;6Hw@7FcaKX-oH-ePM%ZelL`$KSV_S1Gtf-f$1_cwb+)L? zQoMHnGLxD9H0n*po^hx-)jC93)7x;DWRD=FKk_jh>4mS?&skBDy^!hOvce8`04>(? zlj;&ms#rAY{M);`kY_PWAjg>!6YoBe^KDD7C12W4F|;Q2QCKsO#*x*D{d;>a6Cag@ zeissnGUik$#}9!uK$#gv9qxx*HKhicz=lo>ZN~U^1zrBQB&2#*GFTb3=(LeyT6>ZD z2al;9ww6*hH@D5$VYBPo_;4)ozR8k6_%js`U2jgGyrP?*g`_lPlcs44xt<>*G-V_6 zOk56NoRiQ4xe3%&EhddN;8wWUPW9nv@hig_jXdY#4vPvVRCu!M=Kuw*T+PHr`;J7F-CE8LS7)r7THe!q-Vlb6rYA=-<+@OudX z#9Jt6677b*+$u|YqKqhJ%5TU7oqzw5gX(T&EG(Apt%!cpC;R$Y^b)tTrYL4a+Vt*F z{pY820+3E}aVsAH4#g3pf~aKc1fQ<56LyXQoe9ZTpC(99^;c~nCs)eh1COZ@f-*B= ztx-p?R=;bk&h+=7P|OgWbv}9irks+-W6NUzKW39Txet ze>4^e7QPRB$`k)39hGKt>2_FG6DPaI_g{A+uC99CSjEs#Zq-mVa#5N#r(?1a>d`ip z(I{@g_keZroJf5L-u-vV{@o=0T`Gju?&X6VD>nF3l-EL^Ek|&z;>E_P=cJI4lS#9B zZVr>-nZ&&}U}sljBgd#GXA@S$rqTl&bn?D+5oM`rQ@vi1%Cr0Oa}Zk(?A^0e^%y-T z1jhS4aA@PY#zDAbnNib{Uy8%fbE;Bv1+qD&AGn0u((hPWQ3zVE-lsTiUg-?eF?2`# zd%7YKf5<#UTxkl6drjLsw9#J1lp?D{`;o<0-~|gD)6gTDM;hB(`QX4NgE$=cq3vNH zz}c{Zh|EC@>*upe+0Bc3eRd z0K5wFi2QT@QFp@+BzT(0&nDj#!WtFV)y251=`z^1J9`iZb`K`wPJo(VLjjA3ml#3m zqldJ8J^v%1oJw#DS9M&*aFW z-Y%>%1V3w8!rnw5xx_ghRpKy~E0lcEfG@*bL3FV11Q$U>^uhkhwk#3f!Q7mLUNgqg zHiCX4nP0z(3tXiz(_i$4Z_f!BCAYXT>d`~js7;p*~i|=r!2wLI3yz8cN6P_1lBV1C_ zMd%r+RS^w#zC3S+-lz(OsVXPPD828~Zx%rXISpdt*z4qOS_qaYDo*5JU9jnSTmC51 z2U5ZsAkoS@7`uFAzhNz=_3eU9o)L96>bTmZNzdau94Rn6T_}TQ-!;bUXOiI@aZRmE z4XjedFtMYdi=sp$g92HIJGMN#zOn@y`vJV+{I|!Z7{dKv4z*8&^5usDW3I-&J4t&L zJY$`O?CBduxmuF~K>EofrN`-7=s&?!shLMO+>E_HsIsQ$Utz*IQaqo>(lr6fBRn`~ zOGPZd$T#UdMOgc47*!PwKt2%}#J1{UG=Dt#Rk5>*RH?~(yh}8I|JXe^5JR(U3inM< z{B3LBsT1Wti1T%NrAShoqlYJf2jDhJZh)caU81(NlN&dHiu1F;Gs4G2NbA+dv`FjK z6dD~y)Oq}G=peWp<2YZ&nQ+)7npsH#)x6N6f4#3;8ZRP^{|*;3<5qCjAl(jnUm#rk zp>I@TD0`6}IFGn2ir7!^(by0i61^&sx*n#nUJa#F`XG4NY>^oc_kkS&PVR6^paNs? z!>B7HweT)=4Kv_Pdh>30i!xoHFA{AhuzrIEHsyzO+s!5nP$ zm(K9TnX|oZdvE{aXQ%7}4VJ!Al9=Wy2Baap{vB#f)A`h`-BQpd>di0fUDLbCqLS=(po1DqK z(9ft?M@7sQSCU`RyT?1w>MYn#2}XIyLAX_?XVs#hN{R&l8|0A;@G!Gy3>@$=A#<=+ zVN){G!1ngEzDgxaG~G?4NN5~Kq3OpkBx6Tu%(3#fRe7^$ji0& zGY)Lvs~x2(q|0HD1oN-;f}EUuhbO;c65QR|^)Q0{?B~fgrKrM)yZXAwt8Tzn1YF!sS?jrMpmvRoBqQDYlc-{pv?l&md>aG1qXqD)S z)PKX+#`Q!T!%z+>5hcKy_0-p2qyWHoURPsVF=%R7eiL!C9$dj^2J@=Uf*Z)od6|rY z8hN*W{)V_2t&!s#l?dzO^&99DO$PRgozj@T?~ArK6P9nbt!NDWO$WYTm>l(naiYT;+C7n_ zVA)X7Q6Z5z02@@LSh8l8G=D z>N|}eZmH`qv4^2t4_eC@`&qWz8?tFL+?f&c&j literal 0 HcmV?d00001 diff --git a/experimental/images/macvlan_bridge_simple.svg b/experimental/images/macvlan_bridge_simple.svg new file mode 100644 index 0000000000..bce931f000 --- /dev/null +++ b/experimental/images/macvlan_bridge_simple.svg @@ -0,0 +1 @@ +container1172.16.86.2/24container2172.16.86.3/24pub_net (eth0)DockerHostdockernetworkcreate -dmacvlan \--subnet=172.16.86.0/24 \--gateway=172.16.86.1  \-oparent=eth1pub_neteth1172.16.86.0/24NetworkRouter172.16.86.1/24 \ No newline at end of file diff --git a/experimental/images/multi_tenant_8021q_vlans.gliffy b/experimental/images/multi_tenant_8021q_vlans.gliffy new file mode 100644 index 0000000000..40eed17270 --- /dev/null +++ b/experimental/images/multi_tenant_8021q_vlans.gliffy @@ -0,0 +1 @@ +{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":389,"height":213,"nodeIndex":276,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":5,"y":6.6999969482421875},"max":{"x":389,"y":212.14285409109937}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":64.0,"y":36.0,"rotation":0.0,"id":216,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#e69138","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-12.0,33.0],[84.0,33.0],[84.0,86.0],[120.0,86.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":190.0,"y":32.0,"rotation":0.0,"id":254,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#f1c232","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-142.0,16.0],[54.0,16.0],[54.0,115.0],[87.0,115.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":133.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":226,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":15.147567221510933,"y":139.96785409109907,"rotation":0.0,"id":115,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":29,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":116,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":17,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":117,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":26,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887324033,-1.055138662316466],[1.3318647887324033,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":118,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":119,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":120,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":121,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

container1 - vlan10

192.168.1.2/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":68.0,"y":82.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"


","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":4.1999969482421875,"rotation":0.0,"id":187,"width":108.99999999999999,"height":19.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":31,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

eth0 - 802.1q trunk

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":282.0,"y":8.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":32,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.0,"y":55.0,"rotation":0.0,"id":210,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":5.0,"strokeColor":"#e06666","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-8.0,11.0],[-8.0,34.0],[26.0,34.0],[26.0,57.0]],"lockSegments":{},"ortho":true}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":12.805718530101615,"y":11.940280333547719,"rotation":0.0,"id":134,"width":59.31028146989837,"height":83.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":35,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":64.0,"y":73.19999694824219,"rotation":0.0,"id":211,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

eth0.10

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":65.0,"y":52.19999694824219,"rotation":0.0,"id":212,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

eth0.20

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.386363636363733,"y":108.14285409109937,"rotation":0.0,"id":219,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":139.1475672215109,"y":139.96785409109907,"rotation":0.0,"id":227,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":55,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":228,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":43,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":229,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":52,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":232,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":232,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887323891,-1.055138662316466],[1.3318647887323891,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":230,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":49,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":231,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":46,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":232,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":41,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":233,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":54,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

container2 - vlan20

172.16.1.2/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":259.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":248,"width":123.00000000000001,"height":104.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":56,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":265.14756722151094,"y":139.96785409109907,"rotation":0.0,"id":241,"width":107.40845070422536,"height":49.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":73,"lockAspectRatio":false,"lockShape":false,"children":[{"x":31.506478873239438,"y":2.4460032626429853,"rotation":0.0,"id":242,"width":44.395492957746484,"height":29.54388254486117,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":61,"lockAspectRatio":false,"lockShape":false,"children":[{"x":20.86588169014084,"y":2.637846655791175,"rotation":0.0,"id":243,"width":2.663729577464789,"height":24.268189233278818,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":70,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":246,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":246,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.3318647887323891,-1.055138662316466],[1.3318647887323891,25.3233278955953]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.84825915492961,"y":2.637846655791175,"rotation":0.0,"id":244,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":67,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-0.8875219090985048,-1.0551386623167391],[-0.8875219090985048,25.323327895595412]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":7.103278873239435,"y":1.230995106035881,"rotation":0.0,"id":245,"width":1.0000000000000002,"height":25.323327895595277,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":64,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.2752008616871728,0.3517128874389471],[1.2752008616871728,26.73017944535047]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.5827079934747048,"rotation":0.0,"id":246,"width":44.395492957746484,"height":26.378466557911768,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":59,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.199347471451986,"rotation":0.0,"id":247,"width":107.40845070422536,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":72,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

container3 - vlan30

10.1.1.2/16

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":65.0,"y":31.199996948242188,"rotation":0.0,"id":253,"width":60.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":74,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

eth0.30

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":44.49612211422149,"y":17.874999999999943,"rotation":0.0,"id":266,"width":275.00609168449375,"height":15.70000000000006,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":75,"lockAspectRatio":false,"lockShape":false,"children":[{"x":68.50387788577851,"y":43.12500000000006,"rotation":0.0,"id":258,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-31.924999999999997],[197.00221379871527,-31.925000000000153]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":68.50387788577851,"y":38.55333333333314,"rotation":0.0,"id":262,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.50387788577851,"y":40.7533333333331,"rotation":0.0,"id":261,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":5,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#e06666","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":70.50387788577851,"y":42.88666666666643,"rotation":0.0,"id":260,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":3,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#e69138","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":73.50387788577851,"y":43.95333333333309,"rotation":0.0,"id":259,"width":211.0,"height":33.06666666666631,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#ffe599","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-64.00387788577851,-34.053333333332965],[197.00221379871527,-34.05333333333314]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":248.0,"y":51.19999694824219,"rotation":0.0,"id":207,"width":143.0,"height":70.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Network Router (gateway)

vlan10 - 192.168.1.1/24

vlan20 - 172.16.1.1/24

vlan30 - 10.1.1.1/16

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":3.0,"y":88.19999694824219,"rotation":0.0,"id":272,"width":77.99999999999999,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":76,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Docker Host

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":80}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#e06666","strokeWidth":2,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457586821719,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}} \ No newline at end of file diff --git a/experimental/images/multi_tenant_8021q_vlans.png b/experimental/images/multi_tenant_8021q_vlans.png new file mode 100644 index 0000000000000000000000000000000000000000..a38633cdbc23014364bfc611d650b2a17dc72ae0 GIT binary patch literal 17879 zcmYhg1yEbx7cE?9f#O>wA2N=k^5TU; zo{GGTp7-KW?!7UgA^9LY@*H}Cd+%K1(B{(ASh93{t=X3Dy466wQ~@&Pj=v%}BW_Tv zbkUAB&>_O7chr-9U4T!T_5s~WI_wo`Hxeo-?Y#yLmK@UoPhtsg``T`mL=N9B!-bsW zgx|Q&gpY0y13~m9EY?WzZE_R{@hs0lpRCMaMHVgp79Xn2Ku{Ma|No98>dQ?kYv>Nv zsWm8Z-;KC6HhR6Lr!VeNd|tr%VOY^m zkwVRr&<8Req~^;ok(4~qc8%?}ztG$_^;BLz`tzB2Oc({;nbWga)0iI=_!KOa4M-C_ ztTazF`Hr*|1=0#(;FjKu?@{<00=iad-;Dj0b?Kb28_=j{!D5U#_8Zd^0xL57Wr;kV zW7Yogi>A0O_xXi?B{b%JsyPNb<9T4@0^Ua9m{`f@Ovrp&86MOYtf-^It+zxU^_2T1@9mNroUAc=~sP<&MwscFUeQ~U<|7u8-^w-37_ z?-JEMYVoHK&{lO$cTS!yzsMU2rqz<^>|956zA~~i8KsrX0scsyr~V=kQBHaJzO|cU zTzmPi`1-h;toXlFvEO)Dhttdt&?@q>Kd)2Vquk7t1{Yd_oSwgUmj1whTCDfD33ck9 z8RJU_(H9rX_0l_CkUw=EALt!#nWmXQAB_t;pO30$=Q^sZZaP`|Lj;nj;8ja2!7oV8 z60r=%w|IV$d3b~n<=QD^cSzQ7Vpm-Q+IaizNe1w?1stu&`ijkMd>wcd20ZSXmE!1I zI8Z;Z4{&eE;orfX6?=uD-Zc^jXFe|_NhE{gSt~z1m@cv{#2Ot7Dt%%N{W=MM*IAB6 zO*h~mm)cFI9OyBP>x`Y6Vxo^NBYlu5a$oT%!`QXsCSLEni?ZE5>9IAgThC|y@b=K) zup@H_BIEF_%5Ob&C2gXbHMgR~wd38|>Y>X)pg^&S(#@Qp{`5}_L)TAjPNKc3{R_Im zSTx*!+wnGYZWnBY3_>`pJ=Dj!#FUC~K^{-G#oe3eQeR|JSmIRTf|KTmOp)u~kKwNy ztr$AvQVd!r-YN-dJzN1!UqQ7M4I_mGlQj}eH&TSJxxDcg!oN~+fq?KYq*czb)8De< z@bw6WQp{wZ*NveGzgX|D9yD6qy=^=-BQVoy8O4?}f=3qpAOvaoMw*+Mnf-ufYlTmy zHG6OWpo!J2Z1iIa~O*@BFdJ2=tR+=&$w0&?W~!n&Tou+fz?XbS5x z?)E3!mMk5G5K4sx%>E`#WAZ0sl3d^Q$J@mmV$t>0g4BG4_>bM64d8oB1YJ65SI|}XnodMBgWbaKzxJQI_?a(SC6hSaSC6PjS3Sys<~Kr(di<~axaTe) za%Hw;r*#TBwCP%3Uo~;Q*)Af+HL~`&f5kcw9!*fzA8$9hki&vnbf2gx1HBGmr|LM$ z`@(Q`VlT9|BD@v0Osq%F*-}u*{5BzxKyc2M9V4oaBegp$`47kKyy)DwQ~J0LHDgA< zWb{EidaHNwHT|vMa~t-2Gd1GWO{fiz5JM=PAwnfkh0g9Ip9Y|WhQKM@UhRN&zPk@N8r}r7J%{fLmcR1XAlPz_PNfc zN|&SLZ2SxtKn_ed>cZM?j3(z@Qm?d4)VR4vJw<`8@OM1x#Ov9;B4#0E z4CVXs=_V=k1>gaGm2iPJZer)vq&w7Rk~oroQIV1gDlmHf{dclgvQ{qtxXoV)uLOSo zX z`CSXah0|4bZk|}UxVTK^cZ*IjP{%t|mFVyBDa8>G@=YnA?} zgD-#oF`fg9bI3JQN;mGX!GD)EonafCDf15VB z)D+V|i~tOxT6z3HYWbn_=c%>V)#cXDDJOGk&}$O{_XS^I7lH zZEVp1(PsD0r`Rw_kove#YX1(JL{n_7*`@jA$u>0>>W$>ND>KqKq}Ht`T13M%;lh2>dyc6VNPYTEIH1cr}Y|Ey8a zfu>QWO3t&dD+t;#Tx*{x3V3SpLH znu1t~d;FK-b@fQC*lQb(x=k21XO9pwH19Lwo9W8IV#p? z)@G&1;m!p8%7LJ(odTd%R+6>fYmz}chCuq(_Lj@nv-j4-x4~*4?9!r|4BSn}f|#r} z757FHa_Ywi5}df-E^S<|xZt8dV3W^5h}cR~{!AaF(d@Kv{RC)ZGv(ZLcp z>sU1pq%7n3Sj+l@fW>QXStG|drHMNll$Zv(q8sCI+I7Mt_aIJ2_zUE0RA#$Sksm8* zLS{KD)hPk)JS<899bTtfq+w`e_-!V{Oi_1@LNp>r$i|;qZ}Bt(@>wcUfsK!QZ^9x9 z_e;2Q>_Fo&8N^H-8 zA7?b&6>{I6&U#vRSdcO|)ETV+wGWAZjIbLuHj?RRL+P;Y)3ybw&ihi0u9rr6AKMkd zba9PkWo4O&L+UclrXF?+$x&-~LB=;Ky?qNcSMUjAX|ZzJY{J+s)~5OZUeu}bcM`9>7?7d0=Zy6~Y5~94 zHqIZ;oY`_Syah{NYlV+)xxLbXQR{atN zIkMpwHgL#z4=J50!Dc?&wXv>)7$HMBt7CZu2jv^_Kczn7(1g|>M9{YLw$Z^$q18?$l*f4Wg2Z`&Fwa|Jt$vzDtSl(R}P5tzI;DyAEYm=!kN>vXVM zxLuUebn3b{#i>s;%+;=b+%mbjhkDqg&Ov{*dEWQmfOm%?U3FWGbGg9R6i{sE`9>gklS7l4J#-RNg@sMFv zFyxqk_j_}|yMn6^V6`9&O%fuBY+4vDglCVl03$43_eIrxG5UqsL_NYGr@W}du2sAA zJIPSItk%GGA%bI~tWpaAC_?AG>x01TfDfNEe%T!jTL)_W>F}(oo@^*Zr>gIt#{R1VDuD*$^ zS|^}(ASNZ!>3VV@mM#QKDN4F}YVQpcARb++%x$%xZut*r`?qmc*7{NQu*dPp?ZHdC zGK#U56sz=K8-&)azkSK-oU`JM1VP{p1EX(}lUClsuKt+=C$BH(#vn=zgRmJ9#-%GE7dn}3|Q3kb|bt{!lG9d=icF zdhScP!jO%;3j8_&aZ$v*7%YL#;q=;{czRtFkMoHc2TCv-1?mGp})8NX4wIBz#d+Vuzl-*M#%(@81e)fgR>XUs^{(gVPM6UW*HV=EHlZO`8neF-+F z(hW;?u>OfdAFfaBd=)8hlv6)C$zs8c*(;jvPyJ+{nks%9>~hZ{=w=++HL-^rG8)8P>9tK$gml8CJrcltW;q!$snXiI{NYh0I8LFyWkilaW; z@n(xXY**z11v*RJ#^7q5{uOjWhH>_QU#F&-eDbtO;{!f6^+>2y56M>*gcftib0;aqY@-M!r#9+Q~ykQjU9PcrZfBmixm0dA| zhBYEv-$N4$8B4%5A5C%1tN>`RDQ5z++>P}43Hn@7$|t>C^=!&3$le`FvShp=u8k#7 zN{MeDNG_)7ywzuBI{@ej5#4bW-sm=1J7#Xb2>~6(o2GPgJ9sxse2D6Aj52kP@q9j* z@+i(ceOU6>SH_J~3H_eldKBhBK9+Tm{KgRYTmH-MquX>Ta8?Xf#F{aE;)lhj z5!JBC9m4*o$!R`{J7JY@D{}dsTJ`%eJTtIh&n1BGbQ*d@tGTHdjH%$z>l+@Sj*-d` zymFLDSD)iZNZ@Bf+=#r`t+hilrAJDneHKuurwiYSXq=pOt$0OS#H6qBhAhQK{u_xbl*gJZZGdYFlkn>Ys&Qn( zYVG5UZw}feXdn&wr!XSdi8}R6Tw|RQ&9Ym6-uHE*0$l}4C*OkIBu??oL7hwdL)IoSBB*R8Npahnzhc4b!tgvLS2o2 zTBl>?8SUah1Zwob3#$ik~fqlk!&e$)ydh zHnA*+)`U5eU8uTZPe!Brw&=-=HbvV(@BX#&|0+KYgLt&BlwC_xy0skCzX znZLO9skp03F}sKHN+&)nN#%<2>#Mvd_*H#E+^iZv0DQ~xx=X$91zn~-pRjz7ygbO< z@;e~+QgB-%6w|9zCs>}dzzLO@ROrm{h(z|W}+I28RQh#bHKL>C$FP( zysKRD(zYLRc|*-ixJb>w_BK*rh{@oK(-X?@sUctdRn{kr-XU2h2^J)?hId$t!WyO> zkMc9?-*Rb*8+%?u0eP$@UB)8jSZ2YU-3L|$(|n7;y!wvKFW0i--cL^O>lgj7YbrWb z42H0h71M5^Gv$0#*&=2<>CG;7au&oY_jAvE{5hMchsalPrjTvNNmS+#DMY^ataq+u z3rh$K|HZ)8_jZGcj5@$k@_U8PMk%!8B&=#ZhPQySrAbD#o`r@v!d!yVh6f+hE*Q^d zI*5Hfp8Q*dpT~zCS+a+aeg}pQuvOqft9ANcf;zSFSI{u;Kd4vJZkfm_%vo&75ekrq z8C{%Xw`uX^w@f-Jh6Ney?6W-R=wQxrwrmlkqBft+F-p4~MF(Jw0uUxr|3$#GLfkXd z^SCZBT{q~*+D1`bAPO`LvG0K0Lh;%i+&qAj9I~?fSOA5Dwo+$2xa9|i+5vB8uRlCP zI-J}J#@zBkU2d*+PdctPS7)>Do0@R0rM`#1f@+2vJud)l$+T@PD*v9}e{SPgYKcW- zdM;)b+%>wc?Cyk|eY!m0Gu}DPsXxA(d$QOq;oitTot7=Gi^IO=6@UhT@?39)uPx-1J`Os4e9@z2rmQrg zpVTmE^QR4wVm04w=`l`?oI})yow?Z+nMs(KTZDBIVxrWM(TB-70AfEliWk0edWuNq z_uDOmr36-nH!}F9_7QLpa)<@`J!fhipPE#LgRRNjnI@;9douW>DUQ!fr5uM@a(H4G zK2~B?@qIt5Skh2=qiPEWWOmA@M9yMzDaXgasOsE%6N50@Iz>@nbiA%E{RMOnWo)$e z5~j|PX&ZuHp`C1p5(1^&=o=e`OTUHQB1m@wMWfeb9}O`1bzVGtEy32|Cgd=#b&f{Oy+ z6*O<2DB!v2`F=S2`Res_Pl3Zi|3a=|UUfKXeVj(wImSB)Iui?yL*B?2;5va-VS|iq z939WEAZONQ1po}Iz<7-Jdp0f$4-8xRD7?_AwqIY5<>L@CGj4tkx~4$NWc)%sPt&N~qvk=b27kYF#3R=f3R6 zjhe(b)T6Z)GfZq-;9;tOnuk{Lp&c%8)(+7g^HwInMm-Q+&W52CNV53x6^5E`lg_B7PDr0APkyIFh-025+IhOK zYF&SH_mRT$qg zLSFMAkW+789n3H3{Ef@PhS>F}E5GQ@`t6lu(_iaVfcU`p(Nentf zA)7yK1krNUjpj0rN!h4!U z-re*S;|zDfG~im$Vcird>%{i*a2RwKRao_B z>B|cbi7kId^Ck5$qXpDyd~)snpTS>Wb||4{PrjTCM%T%6?i}}#Zk;XD*SlI~FyJ-w zGo-~ChiAPO89IyC9CnpbE%gC?RBQ`~8rguj5h$5edOsCl;4b(M@?wze*wp(B21On@kQuRuP$T zcaphyj@XJnKaL+G6ptvpT1FCA@qE~5g&_1)^5Knek^z zK+{*rErU0tCTxq|A?-;pFu;j5Ftg^x<7WW`G0L{>LLYFBcqMn;;eh z1^`+c@er_h3gHM<(|+o-T9#*bNSnd+L zQcN&90+Bz!+c@fD0ARjHi=Jb#m)9RKg4+w&iQ!!)kgIhDg1em?gld-MPfY@D{wURG zGO4*N*h%?q^@QU#HX`bu*1$VSGAiRJ-T;6!$o>U^F!hhUR9QqYnry0u2Gv-`SHK|j5pYZb;ubgZ3QGOtNlN&%6+S$qx&Zl25mP znzw_lw_}Ifntm^_qAaj1&60F^f2p$oa{2>i*Hi0=dGq5wn(+25p4ZKS`M@&0gkY9q zeZL!S^N0lhz41uR$Ka(gx1jru8vpG@>qMC;NNm0F+I=2kgMUp$ew;w<(L#Dn$?4kT z-zn~Ex0OZs2JQv7|HhF0i#Rt7Fgh4L*BmS%d^;MRFLUu>`l*)nwkyn|PxnDuY zGpO}ul99p=s+#_DQ*_U0xa_;JpA|~y!=yR5YJeW#L7)!K#S$Ke*a{m*tlh$Kx*4J} zOOjz$Gn?T@4R~cVH&YKYTU$!5FjVGmcU(u@x#WPr`pK=`D(^U?Oi#*VInO7J6-;$| z=M8R^$6tnW=Ke5VdzPGloQtjD|J#ZA)~0~NvxAfmcih(CQCX5K_F|t2_{ibWB^~-G zI4%f_nIrD>g?+q$~yTO{oSoY&%qqirY5sjACfNXvo8zz

b*{Hq>az{aEwl^vuL-ETW!AsvC0U0rmZ$_<6OOxU4rH z6u*cCCrj%CbZzu?LCU+fGt1_K0=ic0aiH8Tv(d}mzpAB)%@%6-6`Lyn zd;=aEyurlO2oEI|CPfQU*p&b-f0^7f+aySv?;0IYmhE8@&azM@s(W+tZ9c5e4!{sX zfiaPRB-x>31b(-@*OX3SfPO={;5>XR!!5^M3})_?`eW3RYLFL4dn&gCRlddq!UZp3 zAO=>+?ALa2%k{;xrD-8Kl++6_#b$F=O!pn7J1$t#B@!$C5)BfdlU5HN(yJrQ%j!dq}rfM(a$o8fv zTp~yzd4j8p6OX6R;`GAwKclI1Fc=V2d+jG|XGUoRj0-i(!+O4aQ6eJQWJVRWoER@>i z1n>F0IMxw9Tw>{kK1i)xicm&1#D5gu{o>fIFIqAt;KD8L+_HrIBbg;wPdL84HblQ)C+~sF>=()-`U*es#QL*>k3l!ZIIv@K;?LQ#Ty`{4Un&{&BHwE!4CHY8s zb9=V6y1JT|m)G4blMWT&;|nz-WC)pfM6;rDh2LXBA-h@)ttSbpP#BK2EA@3v!))k_I4*8zu-(cSeUL5Bkr5o$S)*>_9hh!9tbP63Ei-@-I*%W`U5q{cz|E*9v&Qg5%&dt z8!AqBkj06l=i^H)WY~-BjUhDa&H65JxDC=MS2hEuZ%EK2A?7il=<>wG#%6A#1e`7} zo5c3NGd9MIpFdt|q97+9fkL^>J9E;~(sFV}If_$KQp(F&<9&f+WOeBp)6DcfK(mM& ze>?Fg>6w+b&jHPHL|?21Nq6=$)R_j15nrFPD&Eh{H+?w}3v;%(RKEj$S!Mmq@NT8ky{N_Eq*cDRbAP`cP^8&pSqLb}@=d)^ojf1TGW= zuDwy*%gkJ?v!NjzhLx@$bKNNM;+5*d$YJ{zRg=C4TI5VM%m4OPr0(G0(9qICd@hXL z6;g5pN&P^^55gwB`9sbgRWKHhJBqdJyXfNrVPqfmezre`PZKHj!qWT@RALZRSPem- z5^p>^3k%wi;p4v4Z=Si@6@b5-guorPcC*_oI4o%WW^tQ)ge-JewU zoM=ex0>Ge^j5r+xnPav+yv)pKieCIzX%!U}w>)7m)}-_ukaFHzgi{wn7|G+5d1`x{ zr0MDDe;+en1TZl%d6)d(P0|sYq|2Usd$A8zE|HZaJf;mTq1MY{WzY(4=jWC?_Z)ui z@>{sQ6=vuSQ-CWdD5!~KaGABg4jtowUSD0oe{hF#+VlZ6_-BZIr3cSO`wR8M!;{5P z&L`WkhATD9p3M{ij5184NkCuY_wR=axPKtim(fa;f|ateva@{@{tu8YWZ2ay=;maF z@I8Y{2+_`OGnrC+00CB2FlwY`K?fuLs|<{990C|AWwK^5>2yB&!-s3o^|_v60eW*D zIjtPRgt>3DR2cA-q_psKZU(LJb|M7&gXFocbeWR(9K=jXv^Lt>+AmBjhJYXLEZjwN z+nG?T)i-~9YWJt}VS|-;lcg9Ywm)@XEfNnH|K<+Qy|wV4V^-iM73T;2p2BISVy&?R z+1aH=A{%|~ffA*ZDM)@p;7A)n;Gi}8<&9~TNoV)C((aRbW?*bgQDa%hL7|zz%%BzP zuZ%##mOR&z{*e+*!tvud{eI$Xe0+SIGM?-7tqIz>evMhj2x3da=m*aUR&H)TZ=~T$ zd9w*K#Vqo7GbmxG5D`KfMypV%*cRFuFp1Th#7&c_utafC6s0V@hnSEh6l=z zyt|W)LV62R*F7WzlgwF660sK-1E$zj*x_n>RjMHUIn zT8DC98iDbqIji4HQ0M-xXPE&3r(Lq+XgHPm=VWNyYhSJuNN)-bXyYYA4KX}?A-WZN zb>rEFp@zUGz?aO1V9cg zUQ<9y0QWk|6g3&X#u-3#Q6+3YbxzWQ4Ypf`Hc&YieLT8y*|r}!5T0qtpq1Oc+OD4C ziyrZ5{q-B}`y>Zb62pg))goLh&hEpb72S9zFOnb6KRi8D{r<8C1+?27}e0s3aI$1Q*m6Z`| z$9mVvQ^)P17IbJq=TXIentF%@*UeafK^jUZM zY%xzfxFw$W;#g%ScC@RLJViv{{DLp_=ziV&AZ?_bDw%!_85R^+K&$c+cC`b7;gf^! zdkf+K++yzA!7U(VlTN^zS(Dh!w$apvnxHq?H_9PLvkrmBv6taxYGR@0E&bY$Jxn`^ z=%9sJCCM_P>1ycq+bfLYH{4p6!&4Tkb*@^gP_cSk(^iEz7E+LhakO54^8zbDujJO_*>BO_v$z zj4LH+Ds`DR|4;;TMfm!oSDjZ-&`LOgx+g|WEv+_0b z`B9yb=ef5Ik~F%XVxI9y;y5N!Nll=ggAuL{8xrbj76_0td5R|R>l;2Cfzn=3!d;Tg zH0#m>fYa6$rzGjzU3HJ%hU1Bn!%yO6*k-7#&+0A@tKgsc{ck9_A!uFh7yJE-kH^XH zthZn0>y9|4+em&Hl=vTnhm_+q(-x^$JEaDWqgv>riK>>G`411%0U!7QNTNZop)^vXVh`0e*yCO;tD%bx59ow#0oplpi`6f zY~gW~ldgiAr6oZJSpww3S40G^TrRSUENHG~msvj@=;JJ-b1j`ZSji?Ee zLTl2nAyhWMHZ3iUzksZ{!}?{2zVfqu5>Y~5@~9WF(^_a;b~E&z=QvCjw|5WNejE?; z{%reMvCHi`dto8d?R}82^=I3&WL#s(LB292YEg%0BERP|DVnt?s>gftiWB$s=Nbvd z=SUbyI<#ttj~x{S{u2T!Q2RFLG*^wk1i9**7zqh7h@5Gl>9xo#|6N~n$3bb;6VgFN zUzJ8^$nWgB*Ikyg?flq8)>h{1cvk?-rpolPY!0(GM!SOzXP)Y2)R$YiF3cd026Zgt zC$-2(vYvx-rJwev4#xy9N*bz{jirO3CfZV~CgeytlXU)Ef;V1Vt6J?s=q7 z=djU<1Y;vHrhH(A>JE~{)8;^F*eLe7O7b%gL#p|Ep;tpwO&~;P>{6;M#4_XfS--bT zEYZIdr}5mCRMMM&O}DlQ6Ni^>a7I$R%&KRyH7)Pr_G{OY?5)>8+e3}RjDg&&Hhxi12ACsFKf`f z7oYv-$yT{+T$4%p1=MQOd3No39a3SnDEYVOLS7{rc{wd@iSWE>-p@m$%r#o02ziO% zxSH&+4z!y~N?Q zoNX(k9_6Cxns2M!L>{r^m_I8Tcf zb}|n5Q3iXZAGJYRPf|ojKYn^}?zDp~9{^7qdg++dm&hou72(25PwkVg{v+vvH1|(V zZTY~N<{za>gyBEcYJXDDYhUqd5=9N`TIFpYkmjC}Wv0L1QF^n3MhFlZVwMZM8>jvG zc8j=_#^DgaDeevn1;A16ClmhZUAZw+BJO|7GvJ0_=j9@hPU0u26PbDX zQwosiGyh(|WsVhbh7B7VSM#^2+bq^7=g9m=hABYDPgecGAu$(OENNcD;k)pY6W93} z{o=)u5!DB6WD$7xgnuu7CS28A_MgzhT{@DDctf8{@&8fwUBv4B?w2@UQwv)(U58s+ z>L-e-FMaZbnb5scP*iU^!5_+F|`*or!y+O+GPRrl6W9d9hq!*i@F(^6WPi+`|1oe#XHM#V8H?3VEHJp-9MA2BWM&*oupsHc!G$ zIl7T+C&KU#W><18`npZ12wP^0?we&E%f*<#SDY9E*M>ei&)MOq5yfCnX@Y`f~9Nw$HcbW(91%)zevdoylqjmA@%P2At{~42)X&EiW?+*+-4v4Ycp!@dWvw zDgBqLm`+2=~Fdb&CFawyt!AknMLEA8XK%Aupv%7KBaJv3dUU~F zDnhkLRK0fs$mi3UOTj*Aqy7ON6&X^UKXq(73j#;3Um*(6a7w=Eb&`O@KbAb|FG5l5 z@1^u!`!0@ondd;Z;zY&k>0abQ{OZ~A%;vBnGk7d#l4-^k?+a$ESC=ES;2A|LIw+sG zov|H??43x6y?*(tHMoJ0&o49co4MN#Rz_Y6vX6e z-(5!8HguEgP@N24RWa6d`e#;0fe(FSLq%Bx^b6%W3e2L;B^-)861&F4|)pMSa)fA5d%70C71M6))P z@6i^+GmhDfM`)-_;NQtQtm#tp>BTTUxJM5ND88t#K~=eB4*1M?e{-tjjU*7!-i@fI z1OK@F9K%`!K$E_XgkzH6ncXhYx+T$6AO;}gM<%e&Bg)$WXxf1q8@o*ynQp zYOfb;D0%56T7))UhDk!_V{bZDXuC|Hatfm5`Sk|heaUkQ4+GhwK!Ady$P(q>(9pkb zXk=u>^>o|eHA?VUb+Q?^S-X9b&=9V~`K1fl4;eWigu`zNPn6y5&tIe;*}Ov(ut@TM zQG6T}*(ppat0YdXMG1(TCjEyY5rKi}HS#1o;&8mf4~Y}wxFj4D1pp`?RzP^Q*`u1^ z+7CH=y)dE^(W%v>rJTa3etdjF^$1sc`vS!2@rb?P}6)hsEi*@mn$*rsZ z*JfPQrK6anuKW4(vrA?lGMd2=a|$k6h-LJAAtTMlC75cSiZj&6P7!sI%c0aCFCn&_ zaw0M}v%sR}WI`hFLD>DRdboJN4l-IZz@+>2#LXSmU)?JFXaW!aQqmm<)w~WAnW$&8 zO06QprL)YG)PHgvYRjT^Cx2nrbs!rfMl1Wtp(E@8wGf-nc%bO#NzDYpej0D?x4Vl5 z>m)%{(S?aP5eP~xF_48ah}6gc{lcH2I-?jlkMGVt+md@3Yx}V)kSbG6R&v++l4&6SN}?GZ zRdZTx5P5hf?(j7jkpe_LZf8E*#8~F#!JL+s`~$ggf;}>kXtlZ;G5`Fg%3Njq=b<&l zU>uvr=7(hE?<{hSeL-8xBbhI9>Yytcel^R1t$?rf&cX~r`L^i=o=O^IOom_Dd{qUJ zail2X-MQHDJkJBL`vp2MOTG)`p?pgp>l(&y%MI_{_LSQNCk`w3YSyDK0DjbJ@_kjH z;~sf4NKJJ26B_xmzpX--4KG(+W{l;!bSMkmne469Ugk|SEIl8^SpJSU@$a*kq(bN30OYWo%wjL35S$m2|v-vCEV z9;fQiEDv%U61L=z%FBOS5sN7^W_wf@xm}`e6~Qx(V3xYgj5KlI_KNU67`+1Y1GMbU zJCM?69K(%tleG#o%!G9113xSRR8o@6+FDyr)PDtYxdf^ND7r|>3+m2t;eOlHAbwrs zbw8)tp{`?#N>Hy>Vw#I7(z02B0x^N^}%SwYLlWp@+i|) zatj!bQnjjCdTV?pg>rnxS44WT0OEQfm>^wgO2=?0i6_}Y_~e$TTEI%|SPD1@R>bq< zg2`!ar%7_C%Kl<)qLZQSw{jsf^Jc+~V#S-%V{$ng&!1vV3q-tD?feCew$g(`diU5! zW=HzyUb}&!#!sNpq;x+tBf*c`0eX-_G$KL-Wq=;r!YaE6?I+d zJP4v zYwZ20rc)i-xvV)D@&Z76bEK3vf9%rU&<65}(H%_@)zH<-)#%-2Dn595eqv$TAnBkM z^?WTC_!ofY$wQ{V_+6uP$VBR2BBM`Sg;4ED@K2Etf1mSu{D-HS(;C?LO{??a92!_V z^fEQ&{q6@vX}el^h4NG4kf=6kDcv)sPjqb5d5K=xaT0#lv=c#($wC>ad^E@~Mm@Gg z*#Dobs?9oLE`6UK;Mo!1-gn+^VhULP-@Na-+)QVz4a;9j(o@sY!kuLImJ|A44rgn` zIu*tSH};M!Wk)1otS&LGhX;^ipQFMHRsVIpn(Nv(l(f-B@=!QB7Ef`Ftz2%qq+RF( z?YerZIHz%hxh0M{&AUy=+ar(f#0%E`)axho@(%&|?>IU;FY$xcE`Odt=|Q8V#;qCF^rc~|!; z$03QC1fa!sN2;rnk3x_e@|#I(4czUYba3DZ(ZWR-w~yzV%!jnS zI=|~Z2r@9^K6cOV9SQpw{wF37N%lAT=kQO~$#=au6eB#p?KtpWTcCmd!iM34ElUM` zT%NWTfA6=o639Q!#xt%X%4G|l@4IemhMEa^QItX%L_qY$Ma<64;qt#U2v=WU9$EjA z9y*uPxeXDO#I3#AAZpSPWa_)nnPJ12t%$=BrW6EHBz%c#iB`PC#H;UpUmx|IqEa}R z7rrqO^$_=QQo2H5f_61(&4qg)TW+IrnFGPhZ{~x4OK4gEcN(vBVXo1T=ck8fCUp6g%z?@m#P*^>KMXZd7=E>JyreSU^X zm&dee)0)ofFnxNm&F9I#?R$;Wa-}&AZ>SGmSY7Xaa?bw=^DkUntS0V%@Z1ESqs_;8 zB%Kt!IXVxTp73@|usNa7{M#zezDcJxbX|GuADdvInV)}7{OoD<@}Bi=_79OW>$m?g z`@eA2+2Y#lhUZV79p>-|Dl~EXVb}it@|S0quN(C$Xw0z|zW3|pzC7=e*S+%Ht15O} z@PGbzli_EFo6LXr8F5J6UioSE_0JD~Z_+CHU^$2X`F*{(@yrtv}nS5&!vBR_42NAzV-A%y8Q(dUenH`-^_q-7HNxz5MeY)8FOa zr*FOXrR@Ixx_i}SR>BV~r~Y)K1J1J{=R9QKWpYm{_9*M9=UPf z#iNJjFFzo6UDuJ@{{7O=r)w`>J9m0ZzP{XlyB||7|J(VuaDhQ-V3hUo-W%6agW2V_ zWJdk46ezQe-oO8ud;g7vb(?Rxn7;qL{e#Wx+}mI`=qZ5}=ncW#H{L8@?Uj_5D>q|nKA5%jk{U=wX7;6)2FF{BBqTqj@vwYd~H*~w%fp*k;|sH>+@1|w*I$?a-V1P zd+48%X}y>+<)EMxODP*S$b{vqQy*sV>MiBYSk->?!91O=^h+_kcTZn8ykpo_c_!IT zX|G7RN!Ox^y1HxWv*+ip+-container1 -vlan10192.168.1.2/24eth0 -802.1qtrunkNetworkRouter (gateway)vlan10 -192.168.1.1/24vlan20172.16.1.1/24vlan3010.1.1.1/16eth0.10eth0.20container2 -vlan20172.16.1.2/24container3 -vlan3010.1.1.2/16eth0.30DockerHost \ No newline at end of file diff --git a/experimental/images/vlans-deeper-look.gliffy b/experimental/images/vlans-deeper-look.gliffy new file mode 100644 index 0000000000..4d9f2761c4 --- /dev/null +++ b/experimental/images/vlans-deeper-look.gliffy @@ -0,0 +1 @@ +{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#FFFFFF","width":566,"height":581,"nodeIndex":500,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":{"uid":"com.gliffy.theme.beach_day","name":"Beach Day","shape":{"primary":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#AEE4F4","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#004257"}},"secondary":{"strokeWidth":2,"strokeColor":"#CDB25E","fillColor":"#EACF81","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#332D1A"}},"tertiary":{"strokeWidth":2,"strokeColor":"#FFBE00","fillColor":"#FFF1CB","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#000000"}},"highlight":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"#00A4DA","gradient":false,"dropShadow":false,"opacity":1,"text":{"color":"#ffffff"}}},"line":{"strokeWidth":2,"strokeColor":"#00A4DA","fillColor":"none","arrowType":2,"interpolationType":"quadratic","cornerRadius":0,"text":{"color":"#002248"}},"text":{"color":"#002248"},"stage":{"color":"#FFFFFF"}},"viewportType":"default","fitBB":{"min":{"x":-3,"y":-1.0100878848684474},"max":{"x":566,"y":581}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":-5.0,"y":-1.0100878848684474,"rotation":0.0,"id":499,"width":569.0,"height":582.0100878848684,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":103,"lockAspectRatio":false,"lockShape":false,"children":[{"x":374.0,"y":44.510087884868476,"rotation":0.0,"id":497,"width":145.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":101,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Network & other

Docker Hosts

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":157.40277777777783,"y":108.18042331083174,"rotation":0.0,"id":492,"width":121.19444444444446,"height":256.03113588084784,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":99,"lockAspectRatio":false,"lockShape":false,"children":[{"x":-126.13675213675185,"y":31.971494223140525,"rotation":180.0,"id":453,"width":11.1452323717951,"height":61.19357171974171,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":57,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#38761d","fillColor":"#38761d","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-121.4915197649562,-156.36606993796556],[-121.49151976495622,-99.52846483047983],[-229.68596420939843,-99.52846483047591],[-229.68596420939843,-34.22088765589871]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":289.82598824786317,"y":137.23816896148608,"rotation":180.0,"id":454,"width":11.1452323717951,"height":61.19357171974171,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":55,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#38761d","fillColor":"#38761d","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[291.05455395299924,191.93174068122784],[291.05455395299924,106.06051735724502],[186.27677617521402,106.06051735724502],[186.27677617521402,69.78655839914467]],"lockSegments":{},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":372.0,"y":332.0100878848684,"rotation":0.0,"id":490,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":97,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":9.5,"rotation":0.0,"id":365,"width":141.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":98,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

 Parent: eth0.30

VLAN: 30

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":342,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":96,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#eb6c6c","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":52.0,"y":332.0100878848684,"rotation":0.0,"id":489,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":92,"lockAspectRatio":false,"lockShape":false,"children":[{"x":1.0,"y":10.5,"rotation":0.0,"id":367,"width":138.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":93,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Parent: eth0.10

VLAN ID: 10

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":340,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":91,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#5fcc5a","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":289.40277777777794,"y":126.43727235088903,"rotation":0.0,"id":486,"width":121.19444444444446,"height":250.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":88,"lockAspectRatio":false,"lockShape":false,"children":[{"x":236.18596420940128,"y":158.89044937932732,"rotation":0.0,"id":449,"width":11.1452323717951,"height":59.50782702798556,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":53,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#cc0000","fillColor":"#cc0000","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[-121.49151976495682,-152.05853787273531],[-121.49151976495682,-81.64750068755309],[-229.68596420940125,-81.64750068755139],[-229.68596420940125,-33.27817949077674]],"lockSegments":{},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":-179.77677617521388,"y":56.523633779319084,"rotation":0.0,"id":450,"width":11.1452323717951,"height":59.50782702798556,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":51,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#cc0000","fillColor":"#cc0000","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[291.0545539529992,186.6444547140887],[291.0545539529992,117.79470574474337],[186.276776175214,117.79470574474337],[186.276776175214,67.8640963321146]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":447.0,"y":150.01008788486848,"rotation":0.0,"id":472,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":87,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":473,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":86,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":474,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":84,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":475,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":82,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":368.0,"y":101.71008483311067,"rotation":0.0,"id":477,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":80,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Gateway 10.1.30.1

  and other containers on the same VLAN/subnet

 

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":350.51767083236393,"y":87.47159983339776,"rotation":0.0,"id":478,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":79,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#cc0000","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":94.0,"y":155.01008788486848,"rotation":0.0,"id":463,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":78,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":464,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":77,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":465,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":75,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":466,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":73,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":80.0,"y":109.71008483311067,"rotation":0.0,"id":468,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":71,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Gateway 10.1.10.1

  and other containers on the same VLAN/subnet

 

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.51767083236396,"y":95.47159983339776,"rotation":0.0,"id":469,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":70,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#38761d","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":341.0,"y":40.010087884868476,"rotation":0.0,"id":460,"width":46.99999999999994,"height":27.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":69,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":417,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":68,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":5.485490196078445,"y":5.153846153846132,"rotation":0.0,"id":418,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":66,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.901960784313701,"y":9.0,"rotation":0.0,"id":419,"width":37.09803921568625,"height":18.000000000000004,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":64,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#666666","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":198.51767083236396,"y":41.471599833397754,"rotation":0.0,"id":459,"width":175.20345848455912,"height":79.73848499971291,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":62,"lockAspectRatio":false,"lockShape":false,"children":[{"x":17.482329167636067,"y":14.23848499971291,"rotation":0.0,"id":458,"width":140.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":61,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Gateway 10.1.20.1

  and other containers on the same VLAN/subnet

 

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":0.0,"rotation":0.0,"id":330,"width":175.20345848455912,"height":73.0,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":59,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#ff9900","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":279.0,"y":129.01008788486848,"rotation":0.0,"id":440,"width":5.0,"height":227.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":49,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#ff9900","fillColor":"#ff9900","dashStyle":"1.0,1.0","startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[4.000000000000057,-25.08952732449731],[4.000000000000114,176.01117206537933]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":56.0,"y":503.0913886978766,"rotation":0.0,"id":386,"width":135.0,"height":20.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":48,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Frontend

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":62.0,"y":420.0100878848684,"rotation":0.0,"id":381,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":41,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":382,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":44,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":383,"width":98.00597014925374,"height":44.0,"uid":null,"order":47,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Container(s)

Eth0 10.1.10.0/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":384,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":42,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":385,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":382.0,"y":420.0100878848684,"rotation":0.0,"id":376,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":31,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":377,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":34,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":378,"width":98.00597014925374,"height":44.0,"uid":null,"order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Container(s)

Eth0 10.1.30.0/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":379,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":32,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":380,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":30,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":214.0,"y":503.0100878848685,"rotation":0.0,"id":374,"width":135.0,"height":20.162601626016258,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":27,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Backend

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":376.0,"y":502.0100878848684,"rotation":0.0,"id":373,"width":135.0,"height":20.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":26,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Credit Cards

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":627.0,"y":99.94304076572786,"rotation":0.0,"id":364,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":25,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":363,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":342,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-183.0,310.0670471191406],[-183.0,292.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":372.0,"y":410.0100878848684,"rotation":0.0,"id":363,"width":144.0,"height":117.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":24,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#eb6c6c","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":218.0,"y":341.5100878848684,"rotation":0.0,"id":366,"width":132.0,"height":40.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":23,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Parent: eth0.20

VLAN ID: 20

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":297.0,"y":89.94304076572786,"rotation":0.0,"id":356,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":22,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":353,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":343,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-13.0,320.0670471191406],[-13.0,302.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":222.0,"y":420.0100878848684,"rotation":0.0,"id":348,"width":120.0,"height":74.18803418803415,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":21,"lockAspectRatio":false,"lockShape":false,"children":[{"x":0.0,"y":0.0,"rotation":0.0,"id":349,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[{"x":2.0417910447761187,"y":0.0,"rotation":0.0,"id":350,"width":98.00597014925374,"height":44.0,"uid":null,"order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":8,"paddingRight":8,"paddingBottom":8,"paddingLeft":8,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Container(s)

Eth0 10.1.20.0/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":8.955223880597016,"y":9.634809634809635,"rotation":0.0,"id":351,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":15,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":17.910447761194032,"y":19.26961926961927,"rotation":0.0,"id":352,"width":102.08955223880598,"height":54.91841491841488,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":13,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#4cacf5","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.97,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":212.0,"y":410.0100878848684,"rotation":0.0,"id":353,"width":144.0,"height":119.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":11,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#fca13f","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":212.0,"y":332.0100878848684,"rotation":0.0,"id":343,"width":144.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":10,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#fca13f","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":203.0,"y":307.5100878848684,"rotation":0.0,"id":333,"width":160.0,"height":22.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

eth0 Interface

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":303.0,"y":240.51008788486845,"rotation":0.0,"id":323,"width":261.0,"height":48.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":8,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

802.1Q Trunk - can be a single Ethernet link or Multiple Bonded Ethernet links

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":36.0,"y":291.0100878848684,"rotation":0.0,"id":290,"width":497.0,"height":80.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":7,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#cccccc","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":1.0,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":543.5100878848684,"rotation":0.0,"id":282,"width":569.0,"height":32.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":6,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Docker Host: Frontend, Backend & Credit Card App Tiers are Isolated but can still communicate inside parent interface or any other Docker hosts using the VLAN ID

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":-33.0,"y":79.94304076572786,"rotation":0.0,"id":269,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":5,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":345,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":340,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":1.0,"strokeColor":"#000000","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[157.0,330.0670471191406],[157.0,312.0670471191406]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":52.0,"y":410.0100878848684,"rotation":0.0,"id":345,"width":144.0,"height":119.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":1.0,"strokeColor":"#434343","fillColor":"#5fcc5a","gradient":false,"dashStyle":null,"dropShadow":true,"state":0,"opacity":0.99,"shadowX":4.0,"shadowY":4.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":20.0,"y":323.0100878848684,"rotation":0.0,"id":276,"width":531.0,"height":259.0,"uid":"com.gliffy.shape.basic.basic_v1.default.round_rectangle","order":3,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.round_rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#434343","fillColor":"#c5e4fc","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":0.93,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":19.609892022503004,"y":20.27621073737908,"rotation":355.62347411485274,"id":246,"width":540.0106597126834,"height":225.00000000000003,"uid":"com.gliffy.shape.cisco.cisco_v1.storage.cloud","order":2,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.storage.cloud","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#999999","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":1.0,"y":99.94304076572786,"rotation":0.0,"id":394,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":1,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":3.0,"strokeColor":"#666666","fillColor":"#999999","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[261.0,233.5670471191406],[261.0,108.05111187584177]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":44.0,"y":90.94304076572786,"rotation":0.0,"id":481,"width":100.0,"height":100.0,"uid":"com.gliffy.shape.uml.uml_v2.sequence.anchor_line","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":3.0,"strokeColor":"#666666","fillColor":"#999999","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[261.0,233.56704711914062],[261.0,108.05111187584174]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":104}],"shapeStyles":{},"lineStyles":{"global":{"fill":"#999999","stroke":"#38761d","strokeWidth":3,"dashStyle":"1.0,1.0","orthoMode":2}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"14px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.basic.basic_v1.default","com.gliffy.libraries.flowchart.flowchart_v1.default","com.gliffy.libraries.swimlanes.swimlanes_v1.default","com.gliffy.libraries.images","com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1458117295143,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}} \ No newline at end of file diff --git a/experimental/images/vlans-deeper-look.png b/experimental/images/vlans-deeper-look.png new file mode 100644 index 0000000000000000000000000000000000000000..32d95f600e1d0f028e5a354584d7b3eac1639e35 GIT binary patch literal 38837 zcmV(?K-a&CP)`~Uy{|NsBV<^9ae%>V!XU&~tip+HNj^66}A$mRQ)nVITrYtHNc(eD3Esqa*> z`kbAd%gf76to6~-(lK|cWX@pB=>GHa@o3Xzg_^4Ws!jc*N5S0jld8K^uJzT`)$ek1 zjEs!W&(7fC;Fgw^`k+76^8b5_oPvUbLqS5dw6u?pkKFqIl9H1A{QJh>@4UUdh>3~o zZf_bI8wCUeRju;(_xAs-RR8+*@o{lbulell>t$t)3OtT%C;^muqGbEMhb*uuoa zthc;2H8U@1m?bADOrYYNL_*Bw_Ge{V*N8X=7YhCG-9?x^NsPS9$HfQ|DjO?231S5M zlL5N}0aL3>H+?Qtsp(QsPhQMaGY|=~Zwi2)wv~;4X@!Z;naVZ8!1Fgf;UAc;zXuVure|>tOWE~Z8pARn$o3h1ObAbNj!%u^* z_5J^CTT#Z>-^Nl<{-!W<+HSAO-u~F8IZIryPE6BPOvND_pf4@y_4@7P*??SStj416 zXk>tnp?7p^5>${_Fg7T04AS7|-0SlB;o#|%K{jY`-gbA9fN4Oe^_8!W{kmp&I5V+7}GvKNhH!eJfrZ;)8=# zpwqakn3Tfhgs;~cM<7#nn}SJ8E;MGj>e#%;Zg8JfSz4 zvp_CT_#;99000DZQchF9>dx@GGiCe$0F;4AL_t(|USeQi8bn|eFfcF!*t2>a$5|-4 zqi+-{DqATiEeu5j0zpGVL+6shegeP$D|}pn2ahA~{O#-}nH(wBHO4^h(YZg#^A+KN z|9(9^qXjyfdTZ6k`BKNgy1XfuI#}PWcKuvVT6W&stlrk;s=3{#zPlN!uhga2huH31 zr`8S1DKDn%eDlluV%M`h{dz*^`D*Y05VF|C*xY@XF0?m}R`!QiLc3?IW1l)P+Mkbp zJBq5g|83EGj)%%QDk1j+RInXOmzz<@tvi4Bp-w>P4brX&x2%xY?$pi^;{7l%Hg?BD zJ55Fi5fg+k(=;FYt{WK}yeAHAS9uWfbzKxoYd3T=I6sC4b7@Z&KojH&aBl%8i9-}- z?#F>Rt(WBXR7!D<-vZ}KCSI)MO^Bvvo}kYOP2n|+wT0-Tfup(p2GARf>`j9s%Aww&IJlPEu;7F=CZlaivP(gV@h;xvwx6ru^ zBi^&_U_fL%zq?{Zo@g+g&zw9$)^C)i6B$@iaQqn!=86J%h^FnBcY0rpJJ~^##7rU? z7Lv=t9CnGVe@zLhxET65jbUYDjyRLi6sJMZk+@VyPOp6Q@%}}Vp)&zXOA9BNYAhHk zPJdsifqsfY+%N|TiD4C?WD`w0`Wlr`!dH43t^GJfZmHyz6Tx(urgNIZIt%KOUYC`PTk=3+Npo2+fSsJMp3%#W~E`ov*Wx}10c*&ublvv zD(EoR5fj}jA^9-=5MTTQ=@$bRPJd^w>3lD^m1R$=xB^95O1JfLE$*m=hd7#awnFfI zD#V+HQuQK@#*E(m9aYYO(j{^!UfN2$gQhf?l2RVc(U;ow-jcc=gjz}}MQNDWSs4iZ z4QaYAlx(tTHvtlGHaP&VI~l3qsOa7lf(Ee)RZ5I*lP$iT6L-Wka{_sTCNl%-ybxkS z{t@#Gc&aLK(%N8{yDNnZLN0Vz8e5P4MVCgHiRyGxA)0AEbR!!|!|8N_D?jwJu5Tw3 zv9+~D;>yZq8tz6Ry2T}RC@Mi5{|t`x9rOAf6MZ*DzETR8mK$;(g!pI|I=C40hySKR ze=5<`MRq%#)fm!_O{IO!P!_lD_6gA)x8?gNGkhtFBlKPW4et}=M9$5q~;`woA^t;vy%i+#cf9f8d^Z zV~m=iGPKnzl@IPxpFdq)BZwWkg2s*;a^6+|hOh!Q3PzYLXneSv>ksi2fn>g0Y58;cav6&vtV5QuTJq=C zm1`|!Ie<(`5OwqQ=`#o6@>%<_hB!pK!*EQz0`XHN1fd_*ht{k7BmmmSpz(ib^o7go zvDk1~Mz#4W4|l7#>`DgLB;>vop=0fFoTu5Qd+vVz2o=M3%K1b(Ft6j^Pl02_e zl{{XD%7=@n;Xj!N;e0IiK{D(!jjy)Rf4VBDuw4Ei7W+k#G9GTKLCEPlP#(xND$UOIFwfcCXm6$eA6lTk6? zgGW%3QCeQ%P;l6+V8SQoKg7*AoY$P$a9HtgvB@6pmUVF)iW8rrDph5@wFx{db^Oj>2+;FE)9P6>}*CMg!%4=uCb!zbdotnVpiV-AAKL4T%m(quY4lYl}fqj z2MGl5-=OqBRY*~y>1&w@%HY6K^{g9{oQ;E)2eSb|VAO+d9(K znF`IM3iN7;?&#}(NjHAfHg&sFm`Ne$)6im&zB&c~;R)vU7ZJP{zPm)O(CJ(%G|@`_ zYbg-lD8(BKw=a@_!JTqz%I8m>5Tr`O>har@O6%@vI;zdK2%d;FL}KuoSH)^6Q{Cwz zL-j6;_Y`3)_Q3L3mo>wUjwvgG(9OdT(niiOZK0W{lV05nlJh~)DN5H%*s^Si;B15< zb9*}hfEJ^Zx!~<505ZJ{Z|IME+o*|tSZNK!C6T^fkj{e&tM03~0G+r(C@$o(xb?gN z9;Wc97`{T7&#BxS%6_vYVn(y4fATDF0B?+~=n+AAl-Crqe~{ z%h1errt?WDcztsr+A$OTr_5A5ajcMwusFR&?*O2!=%Ym@`UoH#U-HaG6TPjIaZHGa z6;kMYSdgCRjpDMY0pcm{q!q$N1cx$CSu|xRGV#0YBu`L>?AU16ZaLOnhAI#o7)=aj z*ny!Q*IH?{Ckx#8?cCfif43i(22Da1Q|Z9$bb3Bcw|wt+R8#?q{fS=7nJA%xwpdbZ}wzdF4J{#GU!eEC=lwfh8mJTOLdHt~K- zHWP0m{A=mbCxP~KAzShbll6&=hXSgXxtf`{H@Xc->AY(IzQ1oT#&b)((IJ3&iN;%? zd_HdHHy8Hd(uFeyA;%AoI%c{3ETEH72v_g-x*g{95SNuZ(jpk72qal`BHVKY+3UFC zr=8n{(Y2Av$e)UC@rkYcOL?J z*((j{Z@c{L^uaI)LAwnP0#sFp($DS>gN=~hjOmRhtX|cKIJgraL`@Jl%=Ew8A0gSJ zJI``ViTrjG(m&)|9KBg^^eu5Nd%Q8%*3er_`9Dg}J4VL69b2yeW96zs$Wj6Te3%db zR1_cn;f{QF5&$w9AqcqfTZ0GT&S1q<2m*p6Nw%u3d0sbLhVFSDfFmjMRE=Ip+6>1R zz3XMs2vEqFFoR8q#X}P6=_4#hK$;2JLx`_uhawioSFZnOgZI~uPEM^6v(71TRqp91 z-rE$frUB#MUv4hET3Mnv76RfL#iJ>@LjC^NCHhK$gH1yrl+|t@|I4+5aA_AI^O7Wq zkH7@#9Y{bGIx+WKVj4^YyiX4JTHfI>2zlqr5eSz-hubDJ7%MA|1fNoMidEZm1SRJ{ zPF$Pa`J=?;#``XQbuY2iPdKk6#Wn2vi(hCB^qlRbrC)8vCn4bMcr%@yprvU+qASE~ z8*GYZTlwzIJv$I{XH7!rN1g>7OV|ZZ8c;#-P`QDGryUAHM;aA8E==z?&jD6~X(}R2 zCLrJvCfS$FI5#Eio!x*5IU$8mR*P3xhg;C+P90&vj#+gY9?r{q?#g&vS;z?W)iMR!cGlMMK%z#b1VvDG{q_PqdDP0Ka#v|GIS{o}hO^0wJtA*LL?QxW_ssJ;I+wf z`Air1{-P!F#py`Xm=^(ZM(w!#Z^5U_#LgA==@nyFINs3sqCuwj7k+88Xw)l+k89MS zyhb6ahh8S9z_G}kt6x3f=>ve+ck>4!AX!ox2KU7d9;mP=vT~9uJS1sI@{4NgG6;Uz z>S{vAoM+B#B0voGfpBC14_dhrCSH6Od)fk0SHimvtF0&bZKx`|K`eq%SA1l* zm(nS;S@qBn;CQ4T;X%K{3h}DF(zGD+4gyA)A5}-JEG?d~>li9VJ`{5Nt!d;KdirW4FckZTRs>=Hm0@mtB#lrUBEul8{DW9ntGP zDs{q|a@M0l4vtBy0HC@D{ zf$-UEBUHqIbs(hnf{5Civf7${gufuC%paVxAtKV+2qejwkeYh=$D~fo2nZ}%tRBZD z559WEmwai?b<<&b;c)bE5xcb-fS|+S9(!R;s6)+xq}$L!yO49rMH~)!+U_{LHEMUK zFZLuIo=r{Tmcu@9Dd-4Q#I1Ix-ti;enAp{=X}9`$KI8J>s|OI22!-ir{3swvqW@C_ zI!My^H9-hN2=R|#@k<8Z69gl?k_6_+#dxrUv|f?+k;Ky3**J^e6tYYoCtP=)=hi$x&zZ z?mcCw=lh#6tNmuuI-)rX(4F3s8vU#~wVJ=kKl$oYc<9>hqYo3g#R{#3B!yA%_yK{H zqWP#%$W-9C1me}azw|ig^tcu2Pj)wSn_%|>06TpkQFW>>q2tm$lTl~%MCA7XCjJ4) zL=^DnQYP38;7vh)>tZB<~al}qRiJy>Jv z>X@LX&d+81F;87JQ4v4~Gj(-r$`cJIHDvshvoYzBd1O6XI$GoBJ$16wG>zT_O@=9t z#}W_oHD0)PyK}!mE9J)%ov0vEnS$1+B#spjwkC^*js(Xl@YjNqRa)Fel0sWaAXd7P z40=W3BM=ZwZV6$$_&gp)0*V3zA#|n0V<od@6h(0fX;{e?9Ujm;lYfGUv#SqC z01wv$6H?sx+}zqClDWC@agKtAz9kq{rA3Hv=OEd)PT|O076j&84h02{U-(-^%n1ZR zm2#xatavm4#trFC3{TMK2fW=6;`QE`Cuh00E)<5-q|ZZe+~E&#S8>6$rMq|kbzxy} zup=jfgM$kT|9W>~ZJZSEry=et6L*1f;lN)z>f|rA&c8`PJ21clz&0 zi~7!h(V&_3(s3h>l?P3&1f?;K1vMtQuGLFxHW&cqFjn zRAro|D=9|4aalIn;mCn^MG=fpf*JRCg+C^E~a7 z`LTNlOK*_Hg^rGerSVd{^7;R@2@J~JHS%!XmsQ3rO|Cdaejp$!MU5D)f3L(^2uV_? z@`mqpQt)lNH+i=@SqHvv^+c7%vw)Vzr@nqs8}}p{`Ay2wGP%)a3Re{%MMuJhQGBZ$%XcR;LO^~XMUw}0$QDtU2-j%mR-pT=zEm)+{O+UA`wuVhM zO@q0Gj=`ll@w^1WKAoB2_~KoJ+}hlnFqfjqcXiby_A2)*9|(v>FB6Dlc$8dUl2DmZ zN1fsO^E3ba@83N8=Gq_U=kE{e+A7Tq-0#k$k!h!;(5+_^{8Qg+x6E+~X-JnZ>e`Gn zgj)Jnsl-Uat+*M$mIEcFZCj(!4eMFJjmm1noG+UBxqr$y+UL7D>gKI=qkX%}aLDPq z;FykI`K{z=OLQh2pIiLfpdi>Th;qK;?p*mYYw$q zml=a*B8H;hgf6@X{ioSj2syquaXxz~?@p{Qu1_q8(43z;!a^{XY`gy1|D7M6RhpSxR|-OH(F~>)#l>-M0$sj^yG!FVO_SmhM3U$^wYUThFQO{tCXcV*9hA&ZiBKk~ zOyPY2fuK!*Rnc}pANArFvop5thcmP9V1(J(`}Swu4G-s4d2_`|gsV^Zy?2sU4Jii= z7Vib|8S$~;^5hQX{*z{6+%b#AJsRv-Sf8UmtT|o5rd1Sf4FNs4c))6tWjqvS0N+ct>0r z*A_a?uaAQqZb*)&M~7(ZA9Zv*BKKcCv{Fgsdjdik1wfD?g2knklzDd8D66jveKr%S z)5?sd+2QNm*JsNF$#NH3b^lrKGmmHHvl&ml%s4!YqXs;N~z zM-}1GA&_bpvbdf^8b|`Lj_=^I?T_IHXy@W!$NIh}7%@_!(2?&Ah^z<@{K(wDZtL!T z=oucKHJe$6q8QeU)Mfbo%rH2L5DbAEf2#0Y&%^Fs>mO$U?7#ErRk2aVEhMkR=lw_j z@to3RysV8{?C4m61?M7e_w8(f#X;F#b*k5r zKk|(3&__>C9qAUC0D_u;}crW0v1pNWW21LB?uw@ zLOah~h}}@za6L}Yhf5uJ^}ndK=>}^TF2J?fiU5J!V8_zFcTlC6K&NGnno26UYGQ(s zTrx~Ez1{O>2+G!FmZ#r~=TfsX-QD-eoUg#~JV!$)+G4~%!hQT9c+iI-Hs-3JVPd`e zE7So+9KMJ*8ZeKn-@11R5OOx6zR`-3usmvqdFoQ4iy1oMQxEvGWMmnDCW0$1wDWA5l*{xgACOWJO=7HbH((6Jx|5lVA@u}yxzR8lfqd9t_Y4L|Jt=h*`z z|L{O({h*<+z}S=XKOsa)=HtsNn)@Ok@j1y+-h-CpQSSED-(fk4`qZEvLEN78UhlZe z6&S?rh&LFDR%*m>O}GQ-WNJS^?gIFZ6-No+k(Vr(uVdLo56+`onEC)$r>x9AlMpEkES*F*`bpeM zpv>xptk5mNUhLZkz7&wHflFN6XWZF{w3sVW?o-Cb*yyHH-Ln^ z(9B3PivD2sO-Mjw2T>xJ1kOLpJ}riKxV?K8>?f$<#;3SphG1Aw3ly=@11AYD^fY^L z5)C;i+KbZg?fBZ=Vs3<7S)JY<(2tJ!mSa=KfiY(b^&iXI4WFc&Rin?hF5bq|QQ_y- z4Qqoxb1ndOFUr#f-fDds3fXL3LG_OyQ3wbG;|s{B)1XwKNDazxF#M<*0tuDHSf7nQ z%EYu`^RogxAYfLkcI#~b(a98gkUoXni>MLK?@sT2`9&ub3}O@?On&)iZn9xD0I)&q zD~^ZFch3}qBvG^dPY^2DFzm_ItVjn?8#8)8b)@Ik7XSeyeDJuszi0m+d72-Y&0=OFGggn7F=%-7upZOcV~tO>N%;`n}m zCN7WEYr8DaFQe)wox)VUSRt3ZuOg9HW>O#<|Z>64|W9s#{lRZS{S6jD}`npzG zfU5`qm^iZqbgpLTJ`T#*`t}!R5bbJ59#X6MtanDd-q?wfQ+RF#{Tld z8(SCvP7{jan7QTYkN^8?=4mH@!ML>qkXZqca+x4Jf}>yLXhB}6M76ii763v= z`asGNjnza3#!~)KgLBmHtZ-;OOi~fr)K%>W7yI=p2ILEY0FOig5_ti0^c{BvMvYz z-ni@LM!yw6$b2{U_zy3>3ny7Xx}vlt47e|!zxmd5qc3Oyysa1z^EIS~Sjq$PYaSd{ z#s>xG>R_%aovRORQ@x{SOl(>hoWc*~g}RGBv_RMjX&-VZKq#fuTvJh_QL<$2g!w*V zH;}z8T(ewm=VQalF#|HOAD6);>Z;kAx~c$|LAos@dHcDi(V>vO2gE!h z0bZ*J13KergegxoP%7$rBCCOzUSHWZmaIo)O3ifGOLNTt%I=QEr2X%+$8Cu77!9tsdbSD&jt*Xmd@ zf47F{5{v3cOchLwc)@!KsnT8VF1Kz$8VNisAdBabf|N*5W?XeDKw6jR1Q9>rCQpNb z#*}}^-yb<)+ZejpW&lX3-vY+j2{NB2T0vSfO~z#r0|KOnPn&OyIH%CAa;kYF3}9jt zZ1sNa-7Ns*Z$+#xqZL!CP8^DUR~hv=I5bTDnc4R4d8Rn^62gL<&!QL)6gMUL@w>tY z@o(=)p`(f&?Diuu$K?UxN;M?W#0)uW!HzDmOu77ko^0f-t(iu{*p}H@#CCLK=e7yxhF5qCH}(2M{H`)Y?aFd!iA&^t0d#Q>YefHY69)JCjz z7?8-=PSoQJUD|R~7=8v|%U3&zEXejUcD1CHvS7(#D+K$jw;Wif4kS5|D*=%e*a--T zYx`}TX_W3ksN?}an-jI@G^bR7U3W%nW-&qm$e2}lkP5)q7$8}>D(Jfnn6_}Rm1Kn+ zky8w8@ilflaA!c z{^0|d&;A#-xEo)?#M$3yX+FY3FwvODDytz(O}&UmWl4?;HG_78C4#HW>e82jMx`6< zR#4#02uRkNTarfacJ+$E81e5QHQrhUWZdB8&S{+9U85Tr7$em z=LNxOFHp*XYHwp0WAle+$!sy~(sBOoA}KjKsw^Ig((o;wAZbW`!ccv&G93s=e?w1V z3e|{v%uhRgH@#rj+WJ_JmL%k}e7@6c8Ddv((BNsOJ>+^G+H70#Zfheg+usF8U4P!H z3uKnJ2ikT*BUE}Lg;+=WadUbq)W=)L3RcSN@6wQd^wS|vIB;m8UUm#3E{n_S1{vB& zwBV9BmKEt#3Xm!m;HI1`fu7=}d&l4f>ClTtJbdR2N?vWa4PCV$^OjI~Ndi*d^ag`N z39J_oDw2+Lf~;T$enPrKD7h)yg8W@=`b9vb5~&)A@+w-gO0Nr@(i%;sFs}2CvkeudabsMCH#XP%yghe~sF-GH!RmL}1)Vf#G6SPpV9x|ghDo??fLMwC{ zbLyv)e$Eug%WIiA*r;Qnd7kGWIJ7`&QOv>Jv$CAk?X;=?51COnRRh3B9OuT;YPAvB zJ-gK%NUJf25M2E&AG-bjdN3vGaaMukja6@?icFh4Q_D#imHBzs=0Ibu>e`svQOo?t zfH#jDcu518`!Ug6M=QONIYiN?`QXJ3;#>9FexQ=D@JU`i7TkMI7Vc0WnKwUgsB~g) zqTotEaEyZUa8be(l)97Y(wn?G=Bvusevj;3%PCf)jCdkHZm$OGTW?H9ngakj8snpZ zKVd*Jj@W7-ZrXX9HWJZG+nmpM=0&gcBl6qPDjoTY3{xL2ep8O4HwpkUa(!HVMa1u%gcl%hzO;S%?Ao*L>%-K$eM%gPI%*9O zSj$T}0j{XCnzQ;{ElGO-Y#EqU!(UE^)SgRk{=n5%kNPv1`r)2hFVTPB)J>BnLJuhzaL$2kZdo0~7VZYSzk`sCe$Z}k*@f352DqIK% zu~WICG$&i)F`mt`WPYtHGacK6(!xXHlcewx!tB$S<22wR5pFqx`Hz90x1 zwSEL^Yfx5iG}WD^jrI6n=;{PX6hXvaF@ED_fOcIOo16T7f7C3~vTf*}z}xkT-}1(q zk-(OABe30YTH2(xKQkXQ{Vq8_dG0TS`SE{JvWL=9QD9+2Qo02t>nA>uMlE#+?t@en zVm@5269`CC83n;I``N>vdV7bZ&Qb%KhMP|}l2((o2f!E2&W)rY<48AoE*c!4<7&;{ z0+2Cy)5~`dAb{REJJd)e9LurEPhM+XBcW+$53lCbH+}!;w?)%=q_B{UUE(Rp{<;@#kGqUiI!4(Mk(`bjDILi<5 zbzwdf?*j1^hs+mcy9$C-^JV)k-+G@V3qT<^eee8sA$7YR4p4Os6_LL zRMQFB>HdrAV3bWNeSb*z^t*Y3Kj}!0(D4k=NA1<7W-A5uevd~8`=*)}Hdes@kqu$2yNf}N3=qr!0(N7@u!>8}&k zP$vQ;xw-4s4}@__pt=X_S`DEMM-Ko#?fugr;ZAi1AJ?w*C7M^%oX_BUz7?f1T34;T zg;O`?*^qWQ_=p09dbaaRi*xjzaUkLNOH9#!_^;d0YpBY7iI&15S(_j`q)``H6MY*5 zoCOR6f*QQ?(``D6Y{OJG$x;*xVw$iR`J(`3K5@dV5?Up)6rj-%Kwwv; z?Gy`DZ6~}O3keES-B3QZx2>G-zJ`h3k0~gF5pjPVFCR@zEUmAtElo^Jpw|=d9Un`X zW5InT#z+-ksFd^(E;G#Um3l$|qz3naFAqqrL`o|M@V}Y69?wRyI1b@~MW@@A0eX^z zlE_G%%#De)Bgx)e2wgX+UO9J{BhF^AdLfn^t~R%VJDlFpVJW2=iUu-V=(!vrAt_qe zN}zRE!2JXJUS=kn?R#&2bjI3GTZHK}olm~s&wJnZ{b8q8a;r8}IbRDiNq5rsJpjK7 z;Gq+GaM2$8cyP2g*T-bBV$W4TwZ59KsUS|@bjfVNTrPm0$|^K zW>%5oAWi}JW)0P>d1;;m%%Azo-XE%?l~82BUetd>qV5eqIMiGHpvr%NAH#ahiCJlm z6Oub7LhSC3U=x(S-UX#U>IkT=F3OpGQP=~c1=OHi4 zi+LVGZAl-E-|;+OeHhA#OAsRZMwq=?_&1$S{{e9|nsf-Q@If?Y*0BLQLf%z%E;}Lw z@M@)AKkKO}z^*+b9!XEE$q8uFn8#vLqnpT<**u42UzeNZRvHbP^{{9=( zriMr~FjE_%4hR7OAjK9jd$IzjL@KZx@JVm0OGbN5a40jkSB^k|A%O!`e_ZL%y!yK`Y3vk=>T2=$?flmB-c~?nPq5%tTM%yjfVwV5>g_FYY6>-s^Dm+jyJxNA5#cf z`0sJ`x#S=$A@^$a;c$3StJP4s`_rbvdwtU03Bl`1QL#K)jJ-LbT8JnXi(>mHT1MJN z%-HHVA|z}a7lvKF|1gb^a$|ux*#zW}!(8jm-bKBFh8V}1O;uB5mUG1h8UP{yUkN$t z_xl4tZZn5z2u4UIcS?Etd?b$TL#Tv+0B>Z|MFYSuLdwj8ott|Fjw4wK>S)Gl%_rYL zyHu}`6X-j)kToF;g^<~l$++xfrw+`*=SVz79eL!Qkn?J{{YC55 z?s~JSs!$`8DMA|R(Ddr_%31Bx;de+c=I3`3HNtZm5FK`HV)11!LmuHePYB+m1Fd?^ zSQZG_k35?BtYCt0{hbLZX39@d7n2%>Ivl!j)>6Zsl-VTYLu$WsZw`0i9ZzZFqwB`#1K`F&wqRV1As{&;1RxOC%s#-lxBvSP z3vf5Dp=OYfrCNw$oXCFSVt$AmF*2NfsY>eKEw*#qZjZW%x1I2 z>@8f<2w|n5;eK2YVmhsOJnW|MObJWXa{{)PL;@kQs;V0A-vbml!DkD(LN3etp7OGC zZ{<8oK$${F!aPxTH9v$)=*4WYh#YW(#7TxBKqOg+Rw|YLl6`xA-=bzGg8!m!d)Y7T zrDG!6q-Cn9&k4@m$Rl1dvWFre-bFO&=EZ|;63WE}PRPMQ2}=_G=$5_qMz`^Mb%ltB zI3cqHheg)y$fML^a5hmD38u5eq{7QbJH)}*m%4?#W$*e~BS*4$B3zM@tEK~mLQ(~d zgoKpT8I%;efjBTIkn$TEe4Mkva~o~6-{6>;J8*Cad<@KGPR<7t3|wFsv*Qo2c(M)e z7?=-m@2RR(wB_ryT4n6r^)GO>)uo2+pI*H`Rqwr<64E^YA-0k2-*IEk+-IlTu} z2{NKHqNl_e+uwcto3BTJYyZAMNON&^cHvnj#Cqt&s%PWX%6wgr>4YF7Otn;C^x^NiTkA^)(eL$ddv)Gr--;B{frJf;(Z9*jO1+?W3m zg0f(>`mWtdNVy1a$0EA_m4n=aA7YaaS6RF}_A$(S5hSiD%9Nyxxr{}R+n=z%A7Y6Q z)t@53Dgjd^#H7LrnR{iB((UrL87|Ou(8+j`2SMMEn;T|?P7LgYPKc9fLbms2F;S7N zC~L)sC`b2CX$rl-QnS}H7iRM4zPU4;qvm-l6*uo(0t787VR~Q zymqlKq9i1@M2LMq1W%njPVl`XQ8}KTjrQH7um7#i2-_p%k@_L_QPn|ea&G4nqAo5A zt4mgRbaeK%v`NUHEE9s;^qDgoWt^zcV3B*yTtdcM!Is(=5-!g%5GyeZ+*ALpz>;}T9YJ@u?y3tb^GV6Ep^Cd7%-RC}6sK%hqQ z#}miN-X0wvVe0z{jF@q9etdj{ajxj>`1p^N<9HWG$Ilu$@mNhfKIxsA=HAXRp28L` z7GKygaVl%-B+zsuZRt4H2_dbDjm6v=AKf7ma&dTwqw^L<%sn`P@fi>jq9qoAUOa{i zKmN;jvP&Z$uZdF~;eZ!$gl|}v5Jbfi zV^7ZqiB8U5M7I!f-f2R*?g$BacGz{HB&0(^`iTU)Wpqf$rXNDyy?>3>0HCc6Xl3~S zJ&f;xkWZkcKL7#OFk+4AcV7Xn`zi~4t+z~1yn^d6k{yCBS?Skq5DabXX=`-3eL|c@ zn{dKX?AGf`bTlXD{Yg0-8v+Etk;X7X6(RTC`8m8%!nX}!tkew+jCuDh=#))D$feT8 z2kIOTc_V*c=Mu(OJs|)fK3onVZ2vW^P zkk*Yi>&xAR5GPcX(9%Lg#EN-o2m8MVsD5}?C>dCz;mws&4Odb%z<8;22t1^i)AsoRH# zjeL7sjB^e=G+~>^f`VM&W|2#^;z(#7ndZLMC1f1gPn7|Y=B4w%$WER;J31d--B?o0 zh!~H~?c)dyV|5(od0f|mGRD$02?AWCOrIOvTotiz(%I}w$QXQ`228D6Zd=+Z9Z>Nd z34vl--=6eKmh7cNGICG)Y6)r~NkC^KQUC+E8VuM$y|IoA8}~0ECZ3#VN*I>upAA1) z>_~`mO|()+J%HKa*1;D+>fQvU6sZ6%ii8OugJ%{M7PNSNsu%!hCCFwWQn@(Nugyr zxIk%Auy|Q ziB{l(2E)S2ih_yUFFj2Pxs!j(%Vua(vflkWnF3~)m^*9F=q0iX7gN4hm60t4Ip$${ zbK>z;-o#7>Zj?MHDXm+-%(j+Y8{RAZyk@2!Uy$>;$ABEGNuNYEMN%++-7SM^0#s}JwMYxa3B|<=g+|1!Ux7gX-y1ovmbpM53PTM8BQc-uhg`gc2)uom zMPPPl!oGxTy-Il0*26DrO!6S1b-ebQCW@-6EIrRF%c_c^rdhVJ0Kp1|TUeUPu@Fr* zNkWVtasVLKBm_r%*qAQT9*l!`_9X-{M?wsEwX9u~4dxDzW+B=meOQ4C(F+jTD4X6b zkV$Ev<1u-;iyvaTBjEA2nSO{;Zeg7cEd!HShlw7)gcwr7TqH%$3UxK`6$7NkwZ&^@ zfh&@_jWWJY^mb<|qjF@DglzgD#>yhQC64l@6{%8=6ok31wD3HB3E7ZwuL@&|@f?tJ z=57T`gCbxQjphDU-z|oCjHG0O4zc2gXf`}QmvMBeqywvh+k<__aQlOh@v>RxwQvKZ zB~g;0kphw=!S`sL51xw*S^|rTsx*$WDOKQ9531RINaj_3jK(4xmeaJx!0peD5W|W7 zW@Y5><#A0}Dv@Y%sEG4+ZyA-wqZ*|@up+3#lIvf5!eMKIe#q7S9f>3Z6P%Y38XF0S zEi+a;U01p)(ZlEv%bOc=`>KM$ga5U2I|lbfp`CxwMIv8D-c)|TC}UaMtALM9^|ES~ zYmi_;85$yqOh=+xG%$`{ah&-JB4oTikULPwLlKx&gQWoyB;xh0j;67)2nxoweMQc_ z5?NTZ$bvM=b?S?DYt_|M#LH4Ex1S#&)`f~MYwgk)hbF*KS>1*h)r)#Rlk*I~&km0c zPh_{~Kkvf@4=N#_%2hIoqQ>`^;U1Du3peefhMJ--*N8Lppe+IMnn|}#Gzr23^)fc9Gp9Gi;3Uik`2F^>0RguzK z#(PFwJP{%}Y1-Hg05?1uhLE;1APHV{U3ZoS|M|m@KYsHZ{{IV@y!DWpQ1ja zNNAle{HWwxmb@oIluP61XgHfRN9t~ZvYrs?eun*!zkd(!zeGY9-PmLW3~msTQ1s>$ z6#|%OP&W-!kS9WZ+NG(QMIH+bl_8`*V;=pp;}g0eI;plsbNiYn>7!4Sba_ zD(X7U+jZzim6uH@xAjEGW;i3`=xMffEdcn`vmQaQ(twJAs}<_(=g*%f3@3;lbrW|%b z_T^Yav{?cuN07Zj;f!9HpQ}%%oNu zp*r?Iuy?X$$1?3Ux``z7p&j3V=Gu|BCkU~>XSi)JrNr-GK zTsg{wE-L^;T#_kfw?nZmX5m{?Ve6Ypp7tvTd2K7VpX2h3D0!wz+0^_uXx2vQmoKPy z=G!joqqpAr4RkKXj{!Ns)T!EgDcikP*?tLtT_0yWr%pL3lnvt2!0_C7~IVu^iTmYbJjK9*;jK#N91VXKn_87t<<)>29b2Tb0 zCUh~Dk@KTEHBHR{Kt1U4^|{OTaEWn5t6V%5cPI@hIY`BpZj4Zl%#?opP7Y94xGZ#h z*Ura}AAioZ04ZDx2A!qgTwQX4u*x_A0YTJ~oOA^MtztkBaMF)KknZ%b(grPVl&-mo z!TWWFk+J|FSbB1RnjW=eDxKi-+X2QEsLTNbq9!7KS4tRaLCDXf7#9Gynk0q`@x)q~ z@Qg;b*{H&eEG`LU_$qt`qe;ghjG^LNCRwhdp5od0Nn{l z`y&Soh_LWAOKq&TEJRq9Tzjon4GV!@Z7q2ShzTF7Kvhd2bvF2*&e%g331~#IP+0vN z(EK_TlQwrMuyf}sfL2jqAt=eR7oVi&JrskFY$_6R7GzRXXYVYpK7z)?giR7DISc^J zZI$~G2wQ2X-d<6FP+}}M=yLL;G>{Y;tliq=VvLwL~!>IRg-BFuI`t2)(^I49KRC zE-yX0opCnbg`xw?8!M_V%DYfLi%)75D6imS=^}hQdHQDKiqeRYtESYw{Iupd6Nn`M zIJrvjJdqBk#Lt9GHa`Ky#X#u$^imi#^O4WE`NVos=^`HT2@dMVzdA8o)=tzOahZwVFpbbC^j>GaYhps6 z=?F43;VV&EGXBWp7w8&5j$iO?W5ZhdIY1ETGP#&*Wyen*b1#`HfDk#W?3F*!s^A}O z70AwZ`;SFge6wR5RDAa!8wq3jh-11Ws`?@sjPSb6$`-^|kZm|? zbd)i%b>c4;c=Wl;_WEO5GAY8_hHodn9@v8nOYEc15 zMNLqC?ek0m0R5!@;`y)SH_p6Qg<7?c;YFo*uHaE;KZq>`m`kKs1=wL0$A_vyyb5En zg|jezt2n9rxuUI|BmEl@FEl340KG)@Psb9oOQ&?{(d=E1hb&hDq6_jjmEv||C{dW4 zo>vgm7ZMp?d>2jsXh)>Z!n07qn*DZ{1uq{U9SaA*doHV;p0|)+-YPkEVv1hLMji;V3qV+i$ySTBvw496q093R9c)8 zBK}Mj@*>Ux?1)KOoXj;m%W)^?A6=K@F?Re3lwzuuysA@aYI!xL0+&Dc<>hq;l)OSb z`$u_B_NF(~ZUcli_QQ7{S-`B5hY&1FumrG#K`jVF%K1p3dDpMF#XiV5RaIn0p22wBvtw5@=Zp(Zx%5sRIL5rA@7=XMper@B(;`mRU0<^S{ z;lY7{F!U*nt4(5Lb})biD1n@XjO2q|FAFD3S*3tkf)xXp17jn==7@EGAaECK5(9@3 zM`CNqfdLBw2!XK)2HKy3N*lKbrNK1+K;Nu3bridm?6BC7uYvE(?3>lFAC2D33aydx zP{aab>{#dQPXidlVgRb-D3Qan8>9v@k{{B|x$j2~gd~Q-xKbE;FCe1efI3wOLLmT9 z72wbT|JWHoM+Y36d|1)c*na)x%YXgiFb=JI1f+?+{74MoAgP-lHiV%7xF{qB-UG-$ z;+kOL2%WJ+xvU}bG0Mzi)SxNnh_N!sK{S<{6p$c~Au<)HF>*f;%t>1Gep5!qUedDn zOAi@h^Tv&|2Tn7cZhDBmx5%HR)9DuVY@}bL8yvCq;zhdYAbLTdcNo}gwpe)Lpt-Su z(*qg0q=f>6GYZo{1M=y12lP8QfED^* zJkznafH3g3iylDh2C0SMDQ_S++vH6Gk|r-Y2u<>P9zsKT3)(ZQ0o0v*8&Qog93d-Q zGd@1`k3NS!jX?-QLm(jL*YsSBG9s&x*BOCOPXTZc66BL60hy$NMnI;?%K)rGu7K33 zLxocZ0;mBaAV0N%kUX+OAon_fpaPQa075zh5(FZu5r!lfyrd1EOMnAoiju^p=>!A7LZRhaUvk3kY@3teIu)8Xr$b%e`E;bxQ70{&KzPAI5exPy>u(f@!1z`cXpz)LDkZ^%OjNa<%N+V#fXhKzJ z*E_tU0Xq&b60$##LweWwTh2QI-gSJ|{@~&v0U2}77Z6c?NJ=1kZyh_dqpRAWaI}8B zqf=C=-Gk78nCA)zqDmHDJIERDys(`7*akn62Q|Oc5pWbwu;)B}Q}}Kn=o~odO=@8u z1Q1d?2jIylG7u1yg>hKKw_;d_Kv2|a#KB7!)%N5=0fI^=>mf`I+Le937eM0Lr48Y? z$F9WScN}I%AEi%bc;9ck?Y!;Tk3>@6Xo3Jej*Ia~H30ASDeyXeo`%3UAH%f(ey-MgKO zKah{q6cM}fwLxtl5S*=p2>9WMWRY6tTdEtXDL4%S6$w2K5RiQ^IYcWb%CVk!VBWIl z$6;N{+)92l5%1+FIDCL<7+a$ zx+$N`0{4N`q;zfhvoVv&_2*?WYwOo*8L8iTAal!m(#~4)ATlG9>zOC)e|pKyls3A( zFb{6MgaU-0$7Qd7PpStX;N8|o@veMLpHj;rFLO6*JMv~;#v>g-ejcfAS*z8ZgMZK6 zS{kXzzj^vUP}Fi$Bb)B*aCN6t)k{l}@1qy=JCTuBnTvvT1#<3|y&nhVp$lOE>2Zc| zu_vV!)#akIm79&^Woq^DT{*h;4iJ68sIDg?ltZd|&ay0-tm#w2*vmaPa4&1wnS-j` zXCR2pjBQ!Ae17IYv{UWW2h@XIhQk2D>eJJcW%8~-Hl=jkYzOAw~H+d>*nH^IYdvV zJrR(h*kIhXEGue52uYorj@ipup_bA2am8IAAbsKukWHD~pOGm*)&a!ZI(R%+S{kn2 z?GJ$b`1l8XW5gpMdTKTDO3&+eMus<|3(&(p#PdAP!VniL6S^L?-1wk5&@+(Xl?kh~ z*iUj90XeIkA>vbMyHbvNTT=Gpp)^)!SsE+St$7|UI3VS4A*InGmyHR)9sAVq# z)Us2CmyJf_EAb6nAs;t9GFn8R^*&_z;_TI{mp}jP`mN|tZyUoEefIKafBEQ>Pd@s4 ze;7baP1DTYMlU!Afhafw68b2GO6U0I$|0aKMvfG!!c|q(sk_630BUDkfPXe2df?%- z8jY~Nq56$hGgd(u2Ey=S&ZSU?<3PuQ3?fA^&|Pp)+#IYvfC$dco%LxP+kbn3&NFX#hFE6nW!+5$#H}w;u2V{R6iwZvw>;Qm5UwaXJ*{71_t4d>T zGzTpJcw1F#7q*8_&|uyn*bU)8qDYLd`%#lX4#&kH5+(kGAWCWvv;HDo5Id>_1Q%__ zOvD;uixESR*OIBWgv`L6N!u!rt#j7>0~0t%hD`1Lg35@%h2@)>dYnogU71P#5=cBxRg(!xp0t%cYui8=$2Ujfh!%@O zAasK+hYv!G!M()@GHCKvgh5?Q10hokp_G_XC>Sb@#Z#f1HbV!00%xeb^%HpM6#7AW zzB|3)sG*JSC%-)YqX)$E^CJl%$G0pP_p(?ObkOfG6h z2#k{b^jpF7D~JDXgXunrAZZqI((q7!UI>iGv)hH?yckzfO`OHzVIEbCz&J~;!= zU2Pu2iV;H2*UK$nK>_9jt-!!`x$Z;K{)P~e-Sa6Ldf=9B=XNxtNYWp|x)3Tb zo1sr6MF*`_)qrv#{fk`4Yb=KYgQuL~dmnu*~2Hg&+31JvdCOD8YR*0gQJ}Z2vC18wq1tMd-oyizukzo!{ zLI%AXV(Sp%3jU(TagGxw?{Gw~+z?U8pcK-p2|?)Uz^YjZq7>D(hsU^#{lg3Hsv`hEs+^Z_M zzdHBabE@cs;w2VMQy3M`G)Ici7R|P)B+%ew6Cem#7lCN8WU*LG4pa>jJ{!7)4r16e zMc>Drs@Bq4$pMVu(n=OvI1y<@Xk!Dw5ReZaViaJv?f3n6Q0i<$R_3z65Z$GL#VLc>9_UBNyeRtQh(Rvj;^EA z3mEGF0LXM0XC-~H1B0nt2L!XMzT~(X=S3A;)n!dM3~qbc5JQDU?FFZ}_XQ127-F@Q zQRYX6==2$@x0bP~Dnlz2jh=%Bh;9YsU*8r;$lNfra(P*D3nLvjyQe2S&m8Hv%>l=Q_ata|h4b@&t6RTTq&{B^&KttO8_~^T5gW5$(YwQ z+jVo+MkQytmX*y~?7+5c@))ShN@p2kc7|CNbMsl2se~2*`McYNQpvK7N*A8;10K?D zZ#o^cXQp#JVuiNJJ7;Zn=%Fcb7!URR^#q2RY^fdaHVC1Q^-IhFkh6s2o+*oW6kXqB z1sy;XpTlsYhZKu7R_{5OQC@t>>cz5i1a*k{J#Fw-)fuYQl!l>YULO`%vB8{S*=gO5_ zSP9oEb7@2jDW9`W(pD25kj2W>gqNJy0J3dmY5wzINkE#F49ori5L(qcrfzN?mjHyf z5g_)CkDY?&w0Aw{Y|%N^6BI<0byhg;v%L}T?0WEm5nqacSTz3$eVy^m36QCW(8ZpL zpgxWvoChs6Ssga`=}TTT&RJua;zw0}YE(IH_)|lrjny)+4Ffi$_yI5YzURPwra+df z0m4b}RzM&>5r`YQ-4j{LHoI0%?lvoPuG{UpZXPfyYhlG*L$JU|1PKd6LaA%zD>V5T zb`gkt6OdnBi6JJcT79Qb-~z}#D?koS=S;`p2_Sa_5R2@H9{}P2*3w8US%^P~_WOM4 zcvlCE5kkpzF(f{YA%lTx^cr-v(=w+2TwHBfUD}C&6qmsxMnINe9|I9k20oT7UQi7~ z>kSN}z>)y+3oThPq-!-dLIEW2h8r6jSqVVoSs?DlMl*W>h;3v3U8ph~NFo~zk(IO@J(thXB-WyN?yEa0Vy>NQbpId0*czDQ(UU+nb|4J8pAF zPu%DsLj(0$_5a!F_dNnKFusFoG>TOx0s=&_R^%Z^MzwKTMo=$DKw3U8QYb%9#eF^; zIP4T2lwu7v{&VfJ-n$-1ZVuBYed&g@WDyW7TN0M6xm-5_5=wcoWPO>l?6ljIb52yj33LMzv2D}sS(sQtRPCyXUJ6?j=G0u70 zb6A14z33S2!@!P}fSG+poyR6;Fz9z?fXoDSQq=EwP;+QKDjMH9yy0^IX#q&0%jD{8w6zMoGwv}JI+oG8fzHm_~gYO+x9}b=%%tlu=;4LJZG$o2Z++ z%(XJI1rLFjbXhnK>bAuY<*`OFd)qoeD|9P^AqO&mV3d?00|sBeWF;0$ZIK`<`$14D zZF+qV$z3T3*7fIoPw{Y^`|bTcxd^@mL0ebWgT7Zo%2Df&bo^=)mcF;%C-Hd9Jz)+{v{1hB_zeySH#jb1Iaqn(o_ zR%`62&{8`pHA7WQEsHjesGtBH*?Tu@O8izuyVHhGUjH}R94Qiae8q^czA4Mr0!^sc5CKbz&C=SR`@0(Pl~~*8_Q%G6gbQTpSmwv`Kk4(&Lv3y=2nJ zFc}%?kqS*48=(J;K;HX>ii6IyO=!O?+~O$@wk= zdH557pdNlL5a~@bF-p?ZE=?>F$<^v3+20-r6=|bJC_>ehv3=T$ghVHq)*{DiR6-bk z6bL@1-VmczhnBCXdKE2G%hX`0!Y4kWv6@)lq6W4pkOi?!LPJ@LC|! zc($h#D?uiog2=^p8fJJ%<8|%rf$WzMw^2Am+8)iTVjg-5?D&LvpWt|TOgE&=y(o}%1CGI4L%hK6{;O7i9%ne+KF?BG``U9`^d>7 zr%~29ci7(UK4*-#m76@|S|H1)BpPw!J3egGMWE1@eWV$2RCUpzQW}qljd5j%JLu?f z#`zIU)APhG1Hnu_{N$U3`P=WZ9^8BVm|m8pSC=jVk>=bSO}VvgTVo*G%)&&c8M86n zmH^`BWZ4aE8+9*Cz8EH@yG-OCZjObr^tK+d=Yw|-sKjDYVn(86TA;0 zm1X9>y2QIahoFTW~dAmZiY|K6Hkoxkmp1-bkF%18f!ckdoPeLAybA(z1P zgT~*0AtKatDJQWo`4w9L0So|XR;U=6$>s+-87CkV8v31)vxfqEp<|ut7lFL-q`t^sJa3nZC!E7~IwL|k1@ije?mrY4`}fCJ zJOqMloaP;Acmza4+j8m#JfwjJnS5$#K=xQ`km7ZaD;oaN>2mD)CF}mDzj=zcBkylL zT75GA0`q&jS{8`>?$yfIAARt_C!aKDUlBoqC%bNC>>;x4<~K0YSr^IqED+Li;f5Ol z3A3&MVpG}oGLSExZGHNIkUx1dE52g#XmOS(*jX{`lF}2cOWjKKxU1nY=>CR1uYwb6zAMumQx;_b5*pJs&wds_n&CG79P# z#2NrHTm}?6)9k4PkdL2z@%Yn^zFt{*wYvJ`$@>p(?I9rY+ZT@>eFbSsGqcxqrN3F( z36L<9;0J`lW_Fr@%#DGNhDxwBi6LVk-K#+UvbBXvk$gd~Wlbfa6gqm)(E&uc10egT z?K!A#^$RFA9s(9y4ItufqLy5ZiTuU)YUPN z(Tu@3R;0KLC$gZF{G3_wIwccQ3stC)>FH|V zm{^%Seh455eV>hENC`l=!&%|%j^9y4^&X>{_mSl2v?gYl|oB*=6h6DY%X1=nGj`7cORAkJ# zYgnl z7zo2trAW0DkBO3|8Bqo{Z;`q%gr!qf!~>Ltr7K-Jbm)SF#D>HR@Bl2(g-75WcnZ$G z94F$afs$kBFU7XbiK^yHe2(>d%wom}BpktyAqprC0>V;p8wh`tTR}}9;Z2QQaF8vl zxf-uYf)yNHK-?1$5)f8Kt0(N8gDRsQtTO7PkQF(Hx`5dKi9pCv%?3udK4SfDHK>Fv z;wHnTX&T0q_&S){^%+=WF=V#>Rw9sT>!u!-)O{en{BR50o~RGRK0^q^^Q^lPMG=fO zCr~$s=ww^;0%7-idwq}*F)gmR$wprg#d?5rs(;8*aV%`M_JPQVa|i-a2&7wVw&sY} zAb=F}#6Z+QZ^+RAVf|#t`jz_~i~k(5HgCfFLxN>WK=i5f{*cM8_yUq%*c`BTqeojv z0fkMLf2R3(8VU$Y=Z~^LlErMEB9M_jTf-bljt9($FRKcHz4jrv3cF5^FIRd zc&KoCzDOcL9>KE62}m42JUh3Jgxu_F2hS|#5H-@peQjS63Ax3tyIEchnA9;9DSh(- zeuP9uQM9_+rdM3UL}GU2;g|Nm4Vm>1~y>j+F5KREP)hbv4j0_ z=wV@Dt9Bxs2uWdc+<_q6D-6DYwJ%_6ZR-n|!($h(n!xU_U;f4BgCq?R*uPy?Y4!S& zj)6H&4&?Tx=SWD$W~e1gb+1+N{q}ksmv^U3gy6cjN_X`3^l>qY`>*E)31MNjqfM9V z&*|!H43DetO^m>AV*~t<&b~qBMu?YnBgR~zC4^9z{<_A-7+aY*pUq<{6uE*;%&Iw%mqS_!0M{XjQO3Iab6mO`UW9Gin(82%viNy zAO^#e=<{w4u28|_BPyRw#_D5x81+L#^ME{l*fhU=XhS_k=*uUSA<6ncp{cP=xwOUS{XID0*xVWbv{e#=4MrLehV~Ljs9U zUV*4wf$+Yc7KrfhM}e08m_eR>WXr<%Kp;sHX0$-?r#d6?MO+0!17^#5yE%~Y{AVC? zUm*MpY3(-5kKr>!0)&m9AwS9kurg(5h{(kZ0XsvkBX+-O%MuV;LdWgsvm0s?`lsVPh?G3rC6t(_!5^`R3Ufk_8|vwE}x64Ip}nv(EgWzYsG z+5tJMLKA*Tcy5gE4>9G&v6=)%AukWYu>=JNFb(Oq=i#S%r7oaVO6xgw&kooOg@9iz zd}W&kMF7_#2aS!uDLiOW>xeZqg`E;d>3l7=J%*;-*R?>F;VQByUzbJEOs)jZ1$AX5 zEPdwNMUb8Dd?QsWSJ$ zJJZMocMfvHHhsc3w!_zDdDH_fqs_`ii3R{IXUy6*5XJGasWRQcA%U^zqo2X>C) zsEb_+#fx~*42BHm3LRV!QK59umeFIuWUw|vhd72V!6anPs2+baB~CKo_nKhyj1KOR}u+uP`0v`Hba8K7vA+E+5KFrEc)eQlhrTxZ6 zR#N}zyd3~yZ85|^gr8pce*;qS_GZf0Pf!JwW>~S3uNszq{ib2je#35_J@by z9GDG9m<-M;fjk$%Cl@>3CP12p>Ao!x1_3XZ3rz-GElQq?0Qr90d=yA=Wa%sKj}F7q zJihYFqAF&;mc-Ec^5*&K9;xYmf3hJEZzq+I@h}a@?Y6UGBXe{T#6W;h69ym*1Kohy z3;-s#kWbPX(^E^N3Z!&o`Fexc)vKuMGStCLR%G&o03Jqk1Jx!#ylF!T(c3#qqynUT zWbNJexSfTO>k^uhBN(ylVOFhVYX9SGpOn7wK_q??`#P?4w&03XisE*H*qa{a4pcJtn z8Uy1#0VKhTx z2w7K=>YXv&Q^zw466DoTzpB@Iez(0t8rSiDQPn03bg8z1_l*E3q$^f zuJtl72p9oTAs_@)nUER=2`CC2kkILpnpKWvGIBL+&kH8_BzL{)-vm#Mn8SuH)BgOsx9J8FSKnpb*HVkvZ>aS$m`Zx zUs}Bqy36cst+nCNiulf@`-iT-_zrIPFe3ymVf*MdJREx^=0jTDSlh&{wrpJl8kiZt zS`lkwDqXD17+YbA`t~26gOQmFcJ2wGam#oWh}^dQ(CThsQ5QzL z-zHBQ{{R!e|I0US^t-Pi7hkY5FNC;#x^=?!ihGFHRz%ZU$C}l_b#mPeMw{3+FO2G> z?yoH`txUL@h_`DXM7ELs^s}GLq%4S#gAkNj9#Vd7S#4CyY;tX6Aln9PGu^DUEXFpM z8rOwPkhHfiX(-lF`wX(y84-dK0}@T0Kkt=D9WqGvXb#v3Mbfejz@lacXV|`Z$z!IqJ zCkt_ZV+Ftx%PR{o)epg-P1h)$!GpEUbW)GpvMRS$RMTA{0F%Ff>#QHIhQI-PBm^SF z(c>bE+bOk7n`jm4u{LckJEnDCP04%twSgTITV4mMxK$IqD_%z5J3;_fC4Yt~`o{tno_9=|xPZQH?g-IACfLXBf|KJKa^}0eKR8(kv@M=U zZHyo0@IxhGAYz@FRm6g93^Orkor%n=>_(YY&vlQygAfh-D0G)MoRqTmsmJIIuZ>}G z&$DLGxyhqOWeLj0!I-?tSZKhB=}9^vd{;;&c=QA&h_ey0r%@Ie-EisZL`G#_MLG1W zk$F#&K8%bJ!3bR%qE(KR!T6pK#?x=ylzrD8cVg&->;nWEB0eIR_>@qL2{h!!?+DgW zSi;lrWIplG=dl&!6(J~qvDWEA9E>82e2fV3C?OR2jzAoYhOi+NBV}MMs_cloSA<9y zYyE7ls2^YyReKo4*ufluAO|DFcU&Z`#{p(~fZZ3uKK_rp?c#BSJX#IeZ@})@z`Ngf z4VL?d+l5FxirqZKdsT@1?vu~nIVEM?haG6gFgFjum?aqB7s5FE_6dBw!n}|J48IPx z-;glbfFI}|enklJKmO`{xG3x7QP%l)ayS-p+z8?bxuXg14lzXT@5W;xFP=Y#%jD*Z z`s-i>VB~+n2rTXkLE@L+K7-r*&DRj`xM75LFuH$)@6agrj)dHN{q>h{f4~b;*5yKo zD$BCn2&NJQkK)#DkayG$Mcs#=nOQ>}d4Ld-v_MO$M)lNX{ML@-bucGHAfW;FTgY0o z5pvY%;9z~&G_G3EN|!wtKWYadsH*ck`Uqx-kC?LNh1539b6>6Mj1yFq(T%})Mu<|P z{`EUYHRLE|9W}JFd7d*l)hk43sBL6@G9yF%37Gi3@<4s%0On`_s~iji3={7}A&|38q}?Vd-wb!0}!%sgZV z+r0|jGtnNlTVP6n=AI!lLS||Rz6T?BVPp?;Yj#V7PZjd0H3W0nV^Rf~o04&s`54v_ zHButd0Amluc|zcMrgBDb7>wkS2;p(ykxFF(UIkT|fcPVF2MAyTh{yv>!laRTLotyF zeuI$NQ5F(`AVlU29MCXe7+~Apgxd|+F^Ov8ydfCL9^)AyXO6O#c(svBx7`GX>7u6|jY|hei>38Q=$I%hfeGuXtIo&g*N_WO z13DH$kELQxwNY?h2*F{rKTopQqi*YCyhCe()F#LUqs~3}6 zjwl3}6QXVPo*4?W2H)4q^UGeRE!tP=+(ymUfF5W)#pAOs_bBTtn&tSIemaA;j$wgb|m^7D4p=tz$bO{@O+4zae4Wbc{Z{sAHbK z6oPmKLR`<}2M~S1LCD&0SsGDx>#m`1H9}rn)IrE_W$JEZ8=is?Hj=6^aEt~wRBDP? zvp?=qmSAWAAr(`aJ@1D1v?@j>9aG%o!&S+KvRp2vHwZbJ7|suS9~dDXDlO*qqF7Z$ z&$H!*uR0Heph_=_BrY14>H`~>izRf=9c}pBl=ablAzT#;TeXI(#mH6XYN|nQ1BR}T zfH`#RgKeP?BTMlmLQ+@Mp+@?xMQqvgxJ%)P>fHvIs$8YZA|LFi0k$H%?)+0z*5ghL zNz5<_rSw86h-f^*8XPtPlS(zTl9;ImF;+E=l(&>HLC&oqKe{6Xvj*cZmOfCaXnX)d zlMFzOA2!vN*@Q8`1i%=%WMYT`fJv+bj~n7Q0{(|WH3WLAU;_j&-5Im2X&g+91kVV0 z+*3&p6GOV2BjMdNcKeu;m+Poo5WJs0kq6AwH;0KK-odD&Y=Ou%x`!Q@TNpimV)(~{ zkS)NYcVN5TY+Y>+S(YS@f2L{P0tT+*V)Ga9HQ_LfqN!?qusrX(X*r5dtS$ zD|9goskbZyzBVK$mu@zSBX!Cs3ob`^io;7`45Be(^FrWq1VJu^RZ;qug}|km2_nS9 z4~-5=(GcY-n~xBev;H0s5>fw;k1R0td%A}*5!9TEjHxNzhG#gHk4F7+NdB$EZ13&ja^DP#;8x|Kqq z(Em`s%Tbk(_}V+{XCnkgJX=rC_wIC`E@px&4?zNMP@#nCjVNTpJkiL!<~T*A+aXZo zTDQ4383P$7Aae->nKA}R zGRJ5y&`bMQJD<)1$w-qVYjp@bvU@vJ#1q2>NE;;^vC>XK;F0s~vmi3)0rejf62LN+#(>R&cVij^XA*hZv8HL|%HM%_YMOKwh~8fk!^_ybUBvsMb!0K$ZU1B!sM$ zQDVZc>I7MB6)s?kqZ^bEQ$Hk$xxK~7KL~;j`)NL4-eeSHG02vtEL-rDrg!Cl29Y6Y z3$>=f#cmZtp3^u4?1T%1U#B4Gj=cX$2O)H{HjTTaOB!|iO0V`yHi$z|m>8K`K~`Jz z*?DAlUa7k9MXfX!Cj8Qef^2rNw^QU=2a#3xWDRo(g3I~)9akp-WWwk{8s-)x{GNJ; z7jO4I+;V?ZNQgt3P`5*{EaAboo5KLI`=rerg4hRPq|?tKWLhXihAoSz-!ve1?0w83 zSfgn4S`c3-gc9?uizOYyPLW?R%vnhGE%bam8jqg29fD^y={AZpZ?Ys83q78iY;EfS?M|BRfGh@G_UC1g zb??mX*$>Uef=cyUd9hOwi>+zg%0lFk>Mu#GP<7-%*>V85yq+h!)3?l=)M zUnEu4drySu%X^c*jvXBTIP!X7I)kV8>bcx*y|Ul$=j9or{J6B^l3}BoBh?N1 zt9^qm(qrJcEB#KFEHc=9ulg(xWDiAsoK|E$eo}pH_IQTB>@C?yk ze9&ac!W?gALf5vD^?Dgt@O%Ew=Kj>_ zO>74y+j#Hz!c+H`KF#cV5Td?V%ZixE7NgmS^KdhwG~BWUQijH6nvbY8W>vycdX1ph zqq9^x{>eEVpNXKHjnHqIUz#Dnqi0Ber3HcRSysQ>agi-SfShq(23J;p)s+TM7~J6K zr7IfkU=0Bwm%GV(+OyX*40&evc*y6wFxzpybGR_oI80V%uicPZg@hE()JY=_&xzFR z)QY1K-IDa=JU)qrxbDeVW(b19u_=Q_JUUOU^9DZ|BB?e*nlETh(lNBZ;3b&lm#nr6 zyj%rVNB7+BAn0EN?u95#fxFV&7lQ!|RtE;J?TWMs^uq~x5>iSn>tk*0Pi=lVv3gS{ z$-;Fq-__>trqg)7LFgNA?*mgcNlk%Wj~ zHj9R%go2QqE$Ei9Fkd7maWsSX7bB$G?_$EO1(r8JJsJ$IK7fe25Bp;fvYgt}HQj|LYoFf|;(X-udAOS-bH4{g;eWM_`x8=CbO^mhZDNg> zUW1TE68^w8`37Bn=U-00Pr8H#cB%uRhc6>QOVRGm)%qH}mElQSux#K+$qDs~Q8X{_z zHI7qgcNm)NhL3a3&s#K3>6ma3LboDC2!`?4ibph$sdX&~X`~3Updn!%^6SPIY6wsc zA)05k2ikX1wN*j{uG^NPz7i!1e*J^nx2)CSgcx;BIj3P}gcQ;}-`!Aj4BngeEZ-3> ze`kRZKDXBvME$^n2j`JaDZQ1L%ML?ZdZNY)G5TW^X zqjd(6Z;j(TV&aSl8dB0s9Z*Xi6+i8j%~3nhG_BojN_gRdrG7`F!ljv6*KP=*?s&k!OrWbXkZ`r@c2-+M7| z0HTow*;ft~rx-T3Z%cWWr5}|EP5YD~PygoF1y@o6Ewua29N5a8**Mogqg8ITpQ_4ax5aWzDqeeq4nORplYL5Ny2IGsriREA`R@A?7bn)*U!R^HfBQT2&7NOQ zga(uVsXNZA+Cu z*T<*LW3?V8zFG6qcP6EzNZoOkul{h_#5Gd?j)c|QzkT~vIrtxKcWA>f5JLeJnVsZP zOP20v3$s9FDd3lQh3*iAhX&sQ9U;SYfmTtXD1mMK;E_+hb?zm0wD|oPu>RF>-_(tOV={cR5ofFR&WGK(>9ql*aQ&^`|7krmK=~9 zzE}Jwn4&B+(lrB(`22bx$yqI=jt&87kcSmd$Y@N~mjiHg$=)uz!j18PPf7EDL4FL7 z?;xH-^6|!i#LM30#2`6+Bk}KmKteEw_@^w|CFKYJI6)D9UYZlwJYy%K&XXIijOzhz zuDcdc;6^~GvPZ7S(JpCprWz~1X=$!4u+*?BR&Lk@+3pI8i2Ceg9#Je(dpyIo6x7dyNFsWU2^M(!qFa4!F$RI8R4F81K5n#3W(33H$Gc0l@`T)6@VFgfUA5jFD05 zBa8^65s)0M^&&c_MTlb*!Hl=+Qw|Y8T~bxO8{)A%C}L+;h>ek?#p3(tA)v#H>5k<^ zn2fC8W>uk>AfPxDx0rtMb%c1-PFr0B6UPghW%U`8nPU9AUq?SFsel4+o$*Kvki>As zT$dwkJ|A#wJ^>F}cPvX)hjulh7{{KNF?Nk~F{VroHOt>IB3=Z77u64xO^Yf6jFPnw zYhH*8)ldWiKH_YEApi+9XvoN6?AYjr#X;^_ZYv}=3kY3&x<4FH4kOmKv@W#; zgVBQP%0xUg!xx*`2pg^~QvwYxJnizt6$rk2Isn>`T^ZSmfMr<`=u#)bjL68Y&11us zPr8WbIeOo7+vP4bfJea({^G6Qbg`_+*kF1X+3uVbB98u4orgP*i~5$E)BTKVa~Z|O zxb4npVcjlwF~mymyED2Ej%08I5Nx>wH>{&csFatY;%teBubvcMj z42_vIO7LE$RBu-RtNZ?Y+}r$-g7d_0!-y6dW@Mqf&xM{>GqUQ)t|^Qw1138Cr7nBt<`c&eqU zs^vqzn3rGdZ)JBw)Y2YP;JGzR>xCcJ^dWOIpd6j+-Rog`l+{k%lBBzwsaHRa(;nOpJM5>qO^kx&{z@%+d3;;QbF;HfWwmQjb5f!b4r^WwdO^Z|G9D zotCuhcN7=0roL;Gy5c=+&5AH`(%=}N>p@cod7hx=Ys)$~$__6obGP5`-#j3aPn**1 zZL@yg402|$>2>b;8c?4ZQZZ+ga?{ZYxvn8B04_rMdS%zYZ_75CN}Fc_cQM zgSO=VuE{f2^ilUIYUzWb#!NrphOrgy||^s6Hazo4yjHXFQO zQ`J*{Q>B!H3<=~$Hu`7=KQ4I}nq;M({4fv^B^)j7Lz2_EB_YH#Ow+1sJtocQJbOplT{AlSKTSMw!3Ob=ev4#e|xi0NF` zvmoeJ^y8hkJ^Z5l7YGPGJB?_wb5VYCygYmxiOrgIKnQX`*8*LDa9r(ULQ6Y*PSYP7 zr4{k}A0F!u3tC$0aKH7$bk@_Al;Pi-5Lrtiy%JUL*}y4 z*;?N@^zPrgkXG71bd8KmNYfjLn0}=P;$fG5Om_z2$yUJ%f8TZPblYXWwFe8>YV7j@ z;qkf^wF-N|-@49W^}jx}(zE%&F9+vUx40~vd=S(9brrAcAtH`CcyVF|6v1A`8|7CI zcJN(2XfN0D{DPiISC(#5LKv@^e%0tXOTDHSyeM_WhDz}lTHjswf-^n3tG#*4gG!*TFn)sLmbB==mQtw^)rZX{Ni%R{ij)U-IOdc~AEnor^t> zO0Q7*w0?XnJ$AIy5TQlWf1(AAZfkkyK^XCG8+g5^?K-8$PgbJu%MnKHmu*P4I77aB zf8#v_FY1ycJw^+fBn`th5IrN^Z%g}SNm>bODu+06S&GDl6tzl{WCh!LN2)a6Nmq?7 zMFrKTJX+Kun$z~Rt+X$e2awYR?O3Z6)$pzwZd&{1Rp}Y#(TwDIQWbsbE$Q7EwcLA@ z4nL}LIbY5<(|#*mY3oC+#}N+Cck;T<9=>&L1)h_mJZ+Y|@?|@n*HkC1YtBrXONm4EyG^)X(dz2moFPz*g471s}aJt z)R($f=ta$PK7Gj%yzoP1QPTAupOYlB`$?DYz{2FIW`0`@6$d;j<#QVlhH1J-nu`$zj4#AERtcrQE(WyQ*|C=Cshxz z;$qu%QYitu3SssX_7~!el5(k0Tva%bmhFg;jLqJ(9h)P>o>hn~7>Zz|d}Lqw*s)PY z;XvGW(g6mkdcCgjG_$&@$i_uQ$k@bCcxN`n!wvLs`;p?Zw|3*=%56gryv(i&)Rqy- ztX2dH{K&BR_G$<|6CT*HUBTrMLlqIjju1y&q4c;|&y@QY_4qhLzygt7>^!RQvW#%% zQANfa8S7#Ofh|NGT(C)FdsQKhLNX}@R-(NcQ5Zl?Kpznfrd+QG*eF(P*-6QWL+#l* zm|V5pjLQQ&!bU*CuFJCQI_}L+>X=dtxZ%cL*;tF=gX12;$$K>cF#>mrp~J*6MIaTA zvKAT`W>j(@VFba9&CELigpFxa3Wg|+1yI6AFvj#^n>cpIw3+b{CNzcx4URR)gqMgS zjwcEH*Z^+nfk@kCB;r^yu@LK{v9XC89Mj1x(8MSuD1nY)hz(;H7^~rtV+2U}M4dqc z5jG8;Ppp9L__}#S6BFg*zaF}|+DW|f2~IK$>KHr#8H2~d8j$>@>2sinm8hz60QGx_7jT8T@< zWKd#xN+ul+k+>uUIycOa>13x@GBQFt;>bK1OT`b|2$Ud@u>#4+EEvLcehKG~hU2sX zaUiGGSQppbM0wi$p+ChofsPOnfW8(rcG8p)y{2q1pi`15OlhV;t_3)8FakJ<0K(VZ zu;~&c$RxwZ=>-l5EC(VP0Z2oD4=fG^-pvC-SPmv%9V~}&l9d=}Rv?IT)tL41ND5)Q zf?^ep#}@%*=?vo-+kFm;h2s$6Nor5NY?$F#4hC`aWrTUu?(YKV)BM>2|AXElX-UBI%fzz(P&?7DWH+{zAk0^+=^q=csanP&hp zwqk25VJ4N55wcg~mj{7`#R1cXttgNQFl1u}PO!nIOE?60!dB_6{Pnj*7h!oUN*`FV z(=dGshA_^g>h!@bwqugQrtFf|a<^y`%qC5pi#oq3^%;{8&aegK3gDDDDdMon8O6FS z6JnGsp*&!27?YsF4?VHHcG;3%5eUy+DSL@qrRLgmYFZQ^spgy z%)yt|8@*D57t@ZE$9F&`LU>Vyk$gB`L4zdY_(1x^z&^N@a6l^#GBk7KrKj@`^SndMF2GD|415J;%g(X9f+ca~j=ESFPuWv`SV8N9C5Z0b!(@ z9Wc#~x&f5q2tNBE#SV~*PoL2n2LvzZQFB#E^y5zb-3LU7aj#xX56)m6^7EH19fG=Uh0S!ZG^EQ9U%U=#p3<<|dO$cjrxMiK z>b@R`KW*H%`1WvJg|*X$c6qmGMF=vaFE*b4zCzAA6%F2zoqX`gN<9M36Fm^iCF|>F;I~fLlr}g*nkU_M_PN-w%3f(45Iuqn z+MqZ6cj`ROSyX&c>x(bub_U|T1M%qD*`LYGkj`A5?L=Sg_&Dd)f0-4}m+gedN-{rcU8mvc7XRC+xSh?HccMd8{Jpo% zYFiMHLN{D|jZZ$DOJ247^>-Wuqgd8n-yQI1Vv5lLqH(g-uMVT(ft>%S96*g6yKnqzZG-kLnxIz2b*^wAi%5C z%)D2P5c+aYl@4%I`i@d@ea$Lod$iOmtYs$|5{U)#8NKNq!s^LzSUr3b7S#O%dJjqv z&(2n-=$*MYm05X~>_b;-^mT>3}DA@$=$t9FT9%J->Os^yg4a4`$40 z5i+DtYbD)pl`5FN-o?2cMe{L_&(;Rb@}Te;fBbATo(^zajcIDZ(ux7KG02cSS}3)3 z5T$dLklD1Ny@z56G9+BA&JJ#MWUWsh+=Hw_Tx%HuvhjP5oOdce2_H?RI>-%L+ACHh z`_R&sw~V8=7kTdI@5IgJ^24SUXGn*Z15vBgRJ`bgh|osXWOdoMwqlpeAO*H&-h2ZUgz$7-dKKcP z4z6_RQWOh&TMZR`DX9>Ug|$@iDGU#8^b_tn1SEciwr!sMVni|m64=KOpv$O?Eepx0 zz++hvsI15WZ@2;@P<#%F6|e)^29tLMf?URfO+AnWjAU1kc|j%^cpR2NMkcb$6Ov(W z44GtH0RRBOtYPLLwvLV1499FDLynL7g6)pLH5)^YjWFmS3GfIw%P20#MA;!h23H6% zn8;ujfGacW&|`B>U}wfZM`1w7n4oH~IRGQZ25_ARDQ6D?0yMZmBR8rBoO!;>>&k9p~*R9^rlY`hu8=1$p;28iH8sYDPUmM!e{(rC5pL;cFYDn z*1#TNMU)XE6R}7l8vEnO*iB-MFcHGV;$&imv;dDI<-lNT@UeyG1X$%)cCYFo!pe9``VxW|5_GAWXZHCAqhIxjC$9KOUX4J zOgdv?8k7+^k{byTOh$uap^4ei-*{;1o12J_`BOc(rXmPW&?L&&VNVzAI?Sm-)=p?{ z!u&tAvx!PvmAGytZl;!!YvOa-Pe_8OBIW*9EbMrTEGUr5^Hzux(A1|L7zLUFaV};$ zmMr*l2n?v@nKjw3*P-+n5Cc@D^DJU}z~t zJ1`0?4FT-iAr1f_2td)o#{F+>V$PyTF}xS4e~d(w-H&0(j3&$tSqIkk0iiCo-SqvCT7M#14aQe6999SUnert*{%Qp N002ovPDHLkV1f$s#LfT! literal 0 HcmV?d00001 diff --git a/experimental/images/vlans-deeper-look.svg b/experimental/images/vlans-deeper-look.svg new file mode 100644 index 0000000000..96cd21d52f --- /dev/null +++ b/experimental/images/vlans-deeper-look.svg @@ -0,0 +1 @@ +DockerHost:Frontend,Backend &CreditCardAppTiersareIsolatedbutcanstillcommunicateinsideinterfaceoranyotherDockerhostsusingtheparentVLANID802.1QTrunk -canbeasingleEthernetlinkorMultipleBondedEthernetlinksInterfaceeth0Container(s)Eth010.1.20.0/24Parent:eth0.20VLANID:20CreditCardsBackendContainer(s)Eth010.1.30.0/24Container(s)Eth010.1.10.0/24FrontendGateway10.1.20.1andothercontainersonthesameVLAN/subnetGateway10.1.10.1andothercontainersonthesameVLAN/subnetGateway10.1.30.1andothercontainersonthesameVLAN/subnet:Parenteth0.10VLANID:10Parent:eth0.30VLAN:30NetworkotherDockerHosts \ No newline at end of file diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index 0dcadf0e46..66723b9bde 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -4,9 +4,9 @@ ### Getting Started -The Macvlan and Ipvlan drivers are currently in experimental mode in order to incubate Docker users use cases and vet the implementation to ensure a hardened, production ready driver in a future release. Libnetwork now gives users total control over both IPv4 and IPv6 adressing. The VLAN drivers build on top of that in giving operators complete control of layer 2 VLAN tagging and even Ipvlan L3 routing for users interested in underlay network integration. For overlay deployments that abstract away physical constraints see the [multi-host overlay ](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) driver. +The Macvlan and Ipvlan drivers are currently in experimental mode in order to incubate Docker users use cases and vet the implementation to ensure a hardened, production ready driver in a future release. Libnetwork now gives users total control over both IPv4 and IPv6 addressing. The VLAN drivers build on top of that in giving operators complete control of layer 2 VLAN tagging and even Ipvlan L3 routing for users interested in underlay network integration. For overlay deployments that abstract away physical constraints see the [multi-host overlay ](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) driver. -Macvlan and Ipvlan are a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce seperation between networks and connectivity to the physical network. +Macvlan and Ipvlan are a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network. Macvlan and Ipvlan offer a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having less moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a very simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no port mappings in these scenarios. @@ -44,7 +44,7 @@ Macvlan Bridge mode has a unique MAC address per container used to track MAC to In the following example, `eth0` on the docker host has an IP on the `172.16.86.0/24` network and a default gateway of `172.16.86.1`. The gateway is an external router with an address of `172.16.86.1`. An IP address is not required on the Docker host interface `eth0` in `bridge` mode, it merely needs to be on the proper upstream network to get forwarded by a network switch or network router. -![Simple Macvlan Bridge Mode Example](../docs/userguide/networking/images/macvlan_bridge_simple.png) +![Simple Macvlan Bridge Mode Example](images/macvlan_bridge_simple.png) **Note** For Macvlan bridge mode and Ipvlan L2 mode the subnet values need to match the NIC's interface of the Docker host. For example, Use the same subnet and gateway of the Docker host ethernet interface that is specified by the `-o parent=` option. @@ -77,16 +77,20 @@ docker run --net=pub_net --ip=172.16.86.10 -itd alpine /bin/sh docker run --net=pub_net -it --rm alpine /bin/sh ping -c 4 172.16.86.10 -# Take a look at the containers ip and routing table +``` + + Take a look at the containers ip and routing table: + +``` ip a show eth0 eth0@if3: mtu 1500 qdisc noqueue state UNKNOWN link/ether 46:b2:6b:26:2f:69 brd ff:ff:ff:ff:ff:ff - inet 172.16.86.1/24 scope global eth0 + inet 172.16.86.2/24 scope global eth0 ip route - default via 172.16.86.2 dev eth0 - 172.16.86.0/24 dev eth0 src 172.16.86.1 + default via 172.16.86.1 dev eth0 + 172.16.86.0/24 dev eth0 src 172.16.86.2 # NOTE: the containers can NOT ping the underlying host interfaces as # they are intentionally filtered by Linux for additional isolation. @@ -106,10 +110,23 @@ docker network create -d macvlan \ -o parent=eth0 pub_net ``` +Another option for subpool IP address selection in a network provided by the default Docker IPAM driver is to use `--ip-range=`. This specifies the driver to allocate container addresses from this pool rather then the broader range from the `--subnet=` argument from a network create as seen in the following example that will allocate addresses beginning at `192.168.32.128` and increment upwards from there. + +``` +docker network create -d macvlan \ + --subnet=192.168.32.0/24 \ + --ip-range=192.168.32.128/25 \ + --gateway=192.168.32.254 \ + -o parent=eth0 macnet32 + +# Start a container and verify the address is 192.168.32.128 +docker run --net=macnet32 -it --rm alpine /bin/sh +``` + The network can then be deleted with: ``` -docker network rm pub_net +docker network rm ``` - **Note:** In both Macvlan and Ipvlan you are not able to ping or communicate with the default namespace IP address. For example, if you create a container and try to ping the Docker host's `eth0` it will **not** work. That traffic is explicitly filtered by the kernel modules themselves to offer additional provider isolation and security. @@ -120,7 +137,7 @@ For more on Docker networking commands see [Working with Docker network commands The ipvlan `L2` mode example is virtually identical to the macvlan `bridge` mode example. The driver is specified with `-d driver_name` option. In this case `-d ipvlan` -![Simple Ipvlan L2 Mode Example](../docs/userguide/networking/images/ipvlan_l2_simple.png) +![Simple Ipvlan L2 Mode Example](images/ipvlan_l2_simple.png) The parent interface in the next example `-o parent=eth0` is configured as followed: @@ -151,6 +168,10 @@ docker run --net=db_net -it --rm alpine /bin/sh The default mode for Ipvlan is `l2`. The default mode for Macvlan is `bridge`. If `-o ipvlan_mode=` or `-o macvlan_mode=` are left unspecified, the default modes will be used. Similarly, if the `--gateway` is left empty, the first usable address on the network will be set as the gateway. For example, if the subnet provided in the network create is `--subnet=192.168.1.0/24` then the gateway the container receives is `192.168.1.1`. +To help understand how this mode interacts with other hosts, the following figure shows the same layer 2 segment between two Docker hosts that applies to both Macvlan Bride mode and Ipvlan L2 mode. + +![Multiple Ipvlan and Macvlan Hosts](images/macvlan-bridge-ipvlan-l2.png) + The following will create the exact same network as the network `db_net` created prior, with the driver defaults for `--gateway=192.168.1.1` and `-o ipvlan_mode=l2`. ``` @@ -204,9 +225,9 @@ VLANs (Virtual Local Area Networks) have long been a primary means of virtualizi It is very common to have a compute host requirement of running multiple virtual networks concurrently on a host. Linux networking has long supported VLAN tagging, also known by it's standard 802.1q, for maintaining datapath isolation between networks. The Ethernet link connected to a Docker host can be configured to support the 802.1q VLAN IDs, by creating Linux sub-interfaces, each one dedicated to a unique VLAN ID. -![Simple Ipvlan L2 Mode Example](../docs/userguide/networking/images/multi_tenant_8021q_vlans.png) +![Simple Ipvlan L2 Mode Example](images/multi_tenant_8021q_vlans.png) -Trunking 802.1q to a host is notoriously painful. It requires configuration file changes in order to be persistent through a reboot and if a bridge is involved a physical NIC needs to be moved into the bridge and the bridge then gets the IP address or risk being cut off from the network. +Trunking 802.1q to a Linux host is notoriously painful for many in operations. It requires configuration file changes in order to be persistent through a reboot. If a bridge is involved, a physical NIC needs to be moved into the bridge and the bridge then gets the IP address. This has lead to many a stranded servers since the risk of cutting off access during that convoluted process is high. Like all of the Docker network drivers, the overarching goal is to alleviate the operational pains of managing network resources. To that end, when a network receives a sub-interface as the parent that does not exist, the drivers create the VLAN tagged interfaces while creating the network. @@ -280,7 +301,9 @@ docker run --net=ipvlan210 --ip=192.168.212.9 -it --rm alpine ping -c 2 192.168. Architecturally, Ipvlan L2 mode trunking is the same as Macvlan with regard to gateways and L2 path isolation. There are nuances that can be advantageous for CAM table pressure in ToR switches, one MAC per port and MAC exhaustion on a host's parent NIC to name a few. The 802.1q trunk scenario looks the same. Both modes adhere to tagging standards and have seamless integration with the physical network for underlay integration and hardware vendor plugin integrations. -![Simple Ipvlan L2 Mode Example](../docs/userguide/networking/images/multi_tenant_8021q_vlans.png) +Hosts on the same VLAN are typically on the same subnet and almost always are grouped together based on their security policy. In most scenarios, a multi-tier application is tiered into different subnets because the security profile of each process requires some form of isolation. For example, hosting your credit card processing on the same virtual network as the frontend webserver would be a regulatory compliance issue, along with circumventing the long standing best practice of layered defense in depth architectures. VLANs or the equivocal VNI (Virtual Network Identifier) when using the Overlay driver, are the first step in isolating tenant traffic. + +![Docker VLANs in Depth](images/vlans-deeper-look.png) The Linux sub-interface tagged with a vlan can either already exist or will be created when you call a `docker network create`. `docker network rm` will delete the sub-interface. Parent interfaces such as `eth0` are not deleted, only sub-interfaces with a netlink parent index > 0. @@ -366,9 +389,11 @@ An example being, NetOps provides VLAN ID and the associated subnets for VLANs b ### IPVlan L3 Mode Example -IPVlan will require routes to be distributed to each endpoint. The driver only builds the Ipvlan L3 mode port and attaches the container to the interface. Route distribution throughout a cluster is beyond the initial implementation of this single host scoped driver. In L3 mode the Docker host is very similar to a router starting new networks in the container. They are on networks that the upstream network will not know about without route distribution. For those curious how Ipvlan L3 will fit into container networking see the following examples. +IPVlan will require routes to be distributed to each endpoint. The driver only builds the Ipvlan L3 mode port and attaches the container to the interface. Route distribution throughout a cluster is beyond the initial implementation of this single host scoped driver. In L3 mode, the Docker host is very similar to a router starting new networks in the container. They are on networks that the upstream network will not know about without route distribution. For those curious how Ipvlan L3 will fit into container networking see the following examples. -- Ipvlan L3 mode drops all broadcast and multicast traffic. +![Docker Ipvlan L2 Mode](images/ipvlan-l3.png) + +Ipvlan L3 mode drops all broadcast and multicast traffic. This reason alone makes Ipvlan L3 mode a prime candidate for those looking for massive scale and predictable network integrations. It is predictable and in turn will lead to greater uptimes because there is no bridging involved. Bridging loops have been responsible for high profile outages that can be hard to pinpoint depending on the size of the failure domain. This is due to the cascading nature of BPDUs (Bridge Port Data Units) that are flooded throughout a broadcast domain (VLAN) to find and block topology loops. Eliminating bridging domains, or at the least, keeping them isolated to a pair of ToRs (top of rack switches) will reduce hard to troubleshoot bridging instabilities. Macvlan Bridge and Ipvlan L2 modes are well suited for isolated VLANs only trunked into a pair of ToRs that can provide a loop-free non-blocking fabric. The next step further is to route at the edge via Ipvlan L3 mode that reduces a failure domain to a local host only. - L3 mode needs to be on a separate subnet as the default namespace since it requires a netlink route in the default namespace pointing to the Ipvlan parent interface. @@ -387,6 +412,8 @@ ip a show eth0 The mode ` -o ipvlan_mode=l3` must be explicitly specified since the default ipvlan mode is `l2`. +The following example does not specify a parent interface. The network drivers will create a dummy type link for the user rather then rejecting the network creation and isolating containers from only communicating with one another. + ``` # Create the Ipvlan L3 network docker network create -d ipvlan \ @@ -430,10 +457,19 @@ docker network create -d macvlan \ -o parent=eth0.218 \ -o macvlan_mode=bridge macvlan216 +# Start a container on the first subnet 192.168.216.0/24 docker run --net=macvlan216 --name=macnet216_test --ip=192.168.216.10 -itd alpine /bin/sh + +# Start a container on the second subnet 192.168.218.0/24 docker run --net=macvlan216 --name=macnet216_test --ip=192.168.218.10 -itd alpine /bin/sh + +# Ping the first container started on the 192.168.216.0/24 subnet docker run --net=macvlan216 --ip=192.168.216.11 -it --rm alpine /bin/sh +ping 192.168.216.10 + +# Ping the first container started on the 192.168.218.0/24 subnet docker run --net=macvlan216 --ip=192.168.218.11 -it --rm alpine /bin/sh +ping 192.168.218.10 ``` View the details of one of the containers: @@ -575,9 +611,9 @@ docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh **Example:** IpVlan L3 Mode Dual Stack IPv4/IPv6, Multi-Subnet w/ 802.1q Vlan Tag:118 -As in all of the examples, a tagged VLAN interface does not have to be used. The sub-interfaces can be swapped with `eth0`, `eth1` or any other valid interface on the host other then the `lo` loopback. +As in all of the examples, a tagged VLAN interface does not have to be used. The sub-interfaces can be swapped with `eth0`, `eth1`, `bond0` or any other valid interface on the host other then the `lo` loopback. -The primary difference you will see is that L3 mode does not create a default route with a next-hop but rather sets a default route pointing to `dev eth` only since ARP/Broadcasts/Multicast are all filtered by Linux as per the design. +The primary difference you will see is that L3 mode does not create a default route with a next-hop but rather sets a default route pointing to `dev eth` only since ARP/Broadcasts/Multicast are all filtered by Linux as per the design. Since the parent interface is essentially acting as a router, the parent interface IP and subnet needs to be different from the container networks. That is the opposite of bridge and L2 modes, which need to be on the same subnet (broadcast domain) in order to forward broadcast and multicast packets. ``` # Create an IPv6+IPv4 Dual Stack Ipvlan L3 network @@ -586,7 +622,7 @@ docker network create -d ipvlan \ --subnet=192.168.110.0/24 \ --subnet=192.168.112.0/24 \ --subnet=2001:db8:abc6::/64 \ - -o parent=eth0.118 \ + -o parent=eth0 \ -o ipvlan_mode=l3 ipnet110 From ffcfd1b39c54701f5e90e03dbfbd2e6bb404d3c1 Mon Sep 17 00:00:00 2001 From: Zhu Guihua Date: Tue, 22 Mar 2016 14:50:49 +0800 Subject: [PATCH 1266/2538] Move ZFS options to correct place in man page Signed-off-by: Zhu Guihua --- man/docker-daemon.8.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 06bcf6438a..4356872a00 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -465,16 +465,6 @@ this topic, see Otherwise, set this flag for migrating existing Docker daemons to a daemon with a supported environment. -## ZFS options - -#### zfs.fsname - -Set zfs filesystem under which docker will create its own datasets. -By default docker will pick up the zfs filesystem where docker graph -(`/var/lib/docker`) is located. - -Example use: `docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker` - #### dm.min_free_space Specifies the min free space percent in thin pool require for new device @@ -499,6 +489,16 @@ that should resolve the issue. Example use: `docker daemon --storage-opt dm.min_free_space_percent=10%` +## ZFS options + +#### zfs.fsname + +Set zfs filesystem under which docker will create its own datasets. +By default docker will pick up the zfs filesystem where docker graph +(`/var/lib/docker`) is located. + +Example use: `docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker` + # CLUSTER STORE OPTIONS The daemon uses libkv to advertise From 315c34a25ae25b5b8e23374c24a3da5e832893d5 Mon Sep 17 00:00:00 2001 From: Martin Mosegaard Amdisen Date: Mon, 21 Mar 2016 15:15:40 +0100 Subject: [PATCH 1267/2538] Fix plural typo in 'save' command help The form "Save an images" is not correct. Either "Save an image" or "Save images" work, but since the save commands accepts multiple images, I chose the latter. Fixed in all places where I could grep "Save an image(s)". Signed-off-by: Martin Mosegaard Amdisen --- docs/reference/commandline/save.md | 2 +- man/docker-load.1.md | 2 +- man/docker-save.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/save.md b/docs/reference/commandline/save.md index 864d06cf4f..1ecdf16bf5 100644 --- a/docs/reference/commandline/save.md +++ b/docs/reference/commandline/save.md @@ -12,7 +12,7 @@ parent = "smn_cli" Usage: docker save [OPTIONS] IMAGE [IMAGE...] - Save an image(s) to a tar archive (streamed to STDOUT by default) + Save images to a tar archive (streamed to STDOUT by default) --help Print usage -o, --output="" Write to a file, instead of STDOUT diff --git a/man/docker-load.1.md b/man/docker-load.1.md index 75ae84e6c5..feeeaa4c3e 100644 --- a/man/docker-load.1.md +++ b/man/docker-load.1.md @@ -37,7 +37,7 @@ Restores both images and tags. fedora latest 58394af37342 7 weeks ago 385.5 MB # See also -**docker-save(1)** to save an image(s) to a tar archive (streamed to STDOUT by default). +**docker-save(1)** to save images to a tar archive (streamed to STDOUT by default). # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) diff --git a/man/docker-save.1.md b/man/docker-save.1.md index 5f336ffd34..f1a07c24e6 100644 --- a/man/docker-save.1.md +++ b/man/docker-save.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-save - Save an image(s) to a tar archive (streamed to STDOUT by default) +docker-save - Save images to a tar archive (streamed to STDOUT by default) # SYNOPSIS **docker save** From c0271978f9bf79f883cb9b5b5d2fa8e198a85509 Mon Sep 17 00:00:00 2001 From: Martin Mosegaard Amdisen Date: Tue, 22 Mar 2016 08:16:52 +0100 Subject: [PATCH 1268/2538] Update 'save' command help Based on review feedback. Signed-off-by: Martin Mosegaard Amdisen --- docs/reference/commandline/save.md | 2 +- man/docker-load.1.md | 2 +- man/docker-save.1.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/save.md b/docs/reference/commandline/save.md index 1ecdf16bf5..23fc671210 100644 --- a/docs/reference/commandline/save.md +++ b/docs/reference/commandline/save.md @@ -12,7 +12,7 @@ parent = "smn_cli" Usage: docker save [OPTIONS] IMAGE [IMAGE...] - Save images to a tar archive (streamed to STDOUT by default) + Save one or more images to a tar archive (streamed to STDOUT by default) --help Print usage -o, --output="" Write to a file, instead of STDOUT diff --git a/man/docker-load.1.md b/man/docker-load.1.md index feeeaa4c3e..6ad45587cf 100644 --- a/man/docker-load.1.md +++ b/man/docker-load.1.md @@ -37,7 +37,7 @@ Restores both images and tags. fedora latest 58394af37342 7 weeks ago 385.5 MB # See also -**docker-save(1)** to save images to a tar archive (streamed to STDOUT by default). +**docker-save(1)** to save one or more images to a tar archive (streamed to STDOUT by default). # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) diff --git a/man/docker-save.1.md b/man/docker-save.1.md index f1a07c24e6..1d1de8a1df 100644 --- a/man/docker-save.1.md +++ b/man/docker-save.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-save - Save images to a tar archive (streamed to STDOUT by default) +docker-save - Save one or more images to a tar archive (streamed to STDOUT by default) # SYNOPSIS **docker save** From eba678647bc67e2d27da0d99a0e697835b1d7c94 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 14 Mar 2016 23:31:42 -0400 Subject: [PATCH 1269/2538] Add explicit flags for volume cp/no-cp This allows a user to specify explicitly to enable automatic copying of data from the container path to the volume path. This does not change the default behavior of automatically copying, but does allow a user to disable it at runtime. Signed-off-by: Brian Goff --- docs/reference/commandline/create.md | 8 ++++---- docs/reference/commandline/run.md | 8 ++++---- docs/reference/run.md | 11 ++++++++--- man/docker-create.1.md | 4 ++++ man/docker-run.1.md | 4 ++++ 5 files changed, 24 insertions(+), 11 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 6128411c5f..70c0e4c35a 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -90,10 +90,10 @@ Creates a new container. --uts="" UTS namespace to use -v, --volume=[host-src:]container-dest[:] Bind mount a volume. The comma-delimited - `options` are [rw|ro], [z|Z], or - [[r]shared|[r]slave|[r]private]. The - 'host-src' is an absolute path or a name - value. + `options` are [rw|ro], [z|Z], + [[r]shared|[r]slave|[r]private], and + [nocopy]. The 'host-src' is an absolute path + or a name value. --volume-driver="" Container's volume driver --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index a3ef21f79b..97553a67dc 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -92,10 +92,10 @@ parent = "smn_cli" --uts="" UTS namespace to use -v, --volume=[host-src:]container-dest[:] Bind mount a volume. The comma-delimited - `options` are [rw|ro], [z|Z], or - [[r]shared|[r]slave|[r]private]. The - 'host-src' is an absolute path or a name - value. + `options` are [rw|ro], [z|Z], + [[r]shared|[r]slave|[r]private], and + [nocopy]. The 'host-src' is an absolute path + or a name value. --volume-driver="" Container's volume driver --volumes-from=[] Mount volumes from the specified container(s) -w, --workdir="" Working directory inside the container diff --git a/docs/reference/run.md b/docs/reference/run.md index 65271a285f..7edcd7e16a 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1400,13 +1400,18 @@ The example below mounts an empty tmpfs into the container with the `rw`, ### VOLUME (shared filesystems) -v, --volume=[host-src:]container-dest[:]: Bind mount a volume. - The comma-delimited `options` are [rw|ro], [z|Z], or - [[r]shared|[r]slave|[r]private]. The 'host-src' is an absolute path or a - name value. + The comma-delimited `options` are [rw|ro], [z|Z], + [[r]shared|[r]slave|[r]private], and [nocopy]. + The 'host-src' is an absolute path or a name value. If neither 'rw' or 'ro' is specified then the volume is mounted in read-write mode. + The `nocopy` modes is used to disable automatic copying requested volume + path in the container to the volume storage location. + For named volumes, `copy` is the default mode. Copy modes are not supported + for bind-mounted volumes. + --volumes-from="": Mount all volumes from the given container(s) > **Note**: diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 376f8308a5..f12edb5483 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -434,6 +434,10 @@ change propagation properties of source mount. Say `/` is source mount for > is `slave`, you may not be able to use the `shared` or `rshared` propagation on > a volume. + +To disable automatic copying of data from the container path to the volume, use +the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index d63a0b6452..57808f33a0 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -531,6 +531,7 @@ any options, the systems uses the following options: * [rw|ro] * [z|Z] * [`[r]shared`|`[r]slave`|`[r]private`] + * [nocopy] The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` can be an absolute path or a `name` value. A `name` value must start with an @@ -603,6 +604,9 @@ change propagation properties of source mount. Say `/` is source mount for > is `slave`, you may not be able to use the `shared` or `rshared` propagation on > a volume. +To disable automatic copying of data from the container path to the volume, use +the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. From 0926303632c53f6ef26d30c8ab8d90f479587b25 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Mon, 21 Mar 2016 21:30:21 -0400 Subject: [PATCH 1270/2538] Allow net and IPC namespaces to be shared when userns=on Now that the namespace sharing code via runc is vendored with the containerd changes, we can disable the restrictions on container to container net and IPC namespace sharing when the daemon has user namespaces enabled. Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- docs/reference/commandline/daemon.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 20ea3cb20e..61ba1c763d 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -792,11 +792,9 @@ The following standard Docker features are currently incompatible when running a Docker daemon with user namespaces enabled: - sharing PID or NET namespaces with the host (`--pid=host` or `--net=host`) - - sharing a network namespace with an existing container (`--net=container:*other*`) - - sharing an IPC namespace with an existing container (`--ipc=container:*other*`) - A `--readonly` container filesystem (this is a Linux kernel restriction against remounting with modified flags of a currently mounted filesystem when inside a user namespace) - external (volume or graph) drivers which are unaware/incapable of using daemon user mappings - - Using `--privileged` mode flag on `docker run` + - Using `--privileged` mode flag on `docker run` (unless also specifying `--userns=host`) In general, user namespaces are an advanced feature and will require coordination with other capabilities. For example, if volumes are mounted from From 4ffd1a943368d8c58de82cf04649367476d7ebad Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Fri, 18 Mar 2016 12:43:17 -0700 Subject: [PATCH 1271/2538] Remove unneeded references to execDriver This includes: - updating the docs - removing dangling variables Signed-off-by: Kenfe-Mickael Laventure --- contrib/completion/fish/docker.fish | 2 +- contrib/completion/zsh/_docker | 4 ++-- docs/reference/commandline/daemon.md | 24 +++++++++++++----------- man/docker-daemon.8.md | 12 ++++++------ man/docker-inspect.1.md | 3 +-- man/docker.1.md | 7 +++---- 6 files changed, 26 insertions(+), 26 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 1e734c7d3a..72ccd05533 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -51,7 +51,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -s d -l daemon -d 'Enable complete -c docker -f -n '__fish_docker_no_subcommand' -l dns -d 'Force Docker to use specific DNS servers' complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-opt -d 'Force Docker to use specific DNS options' complete -c docker -f -n '__fish_docker_no_subcommand' -l dns-search -d 'Force Docker to use specific DNS search domains' -complete -c docker -f -n '__fish_docker_no_subcommand' -l exec-opt -d 'Set exec driver options' +complete -c docker -f -n '__fish_docker_no_subcommand' -l exec-opt -d 'Set runtime execution options' complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr -d 'IPv4 subnet for fixed IPs (e.g. 10.20.0.0/16)' complete -c docker -f -n '__fish_docker_no_subcommand' -l fixed-cidr-v6 -d 'IPv6 subnet for fixed IPs (e.g.: 2001:a02b/48)' complete -c docker -f -n '__fish_docker_no_subcommand' -s G -l group -d 'Group to assign the unix socket specified by -H when running in daemon mode' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 0f2a361a6b..8811261f22 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -650,8 +650,8 @@ __docker_subcommand() { "($help)*--dns-opt=[DNS options to use]:DNS option: " \ "($help)*--default-ulimit=[Default ulimit settings for containers]:ulimit: " \ "($help)--disable-legacy-registry[Do not contact legacy registries]" \ - "($help)*--exec-opt=[Exec driver options]:exec driver options: " \ - "($help)--exec-root=[Root of the Docker execdriver]:path:_directories" \ + "($help)*--exec-opt=[Runtime execution options]:runtime execution options: " \ + "($help)--exec-root=[Root directory for execution state files]:path:_directories" \ "($help)--fixed-cidr=[IPv4 subnet for fixed IPs]:IPv4 subnet: " \ "($help)--fixed-cidr-v6=[IPv6 subnet for fixed IPs]:IPv6 subnet: " \ "($help -G --group)"{-G=,--group=}"[Group for the unix socket]:group:_groups" \ diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 61ba1c763d..7788eefde4 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -32,8 +32,8 @@ weight = -1 --dns-opt=[] DNS options to use --dns-search=[] DNS search domains to use --default-ulimit=[] Set default ulimit settings for containers - --exec-opt=[] Set exec driver options - --exec-root="/var/run/docker" Root of the Docker execdriver + --exec-opt=[] Set runtime execution options + --exec-root="/var/run/docker" Root directory for execution state files --fixed-cidr="" IPv4 subnet for fixed IPs --fixed-cidr-v6="" IPv6 subnet for fixed IPs -G, --group="docker" Group for the unix socket @@ -476,24 +476,26 @@ Currently supported options of `zfs`: $ docker daemon -s zfs --storage-opt zfs.fsname=zroot/docker -## Docker execdriver option +## Docker runtime execution options -The Docker daemon uses a specifically built `libcontainer` execution driver as -its interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. +The Docker daemon relies on a +[OCI](https://github.com/opencontainers/specs) compliant runtime +(invoked via the `containerd` daemon) as its interface to the Linux +kernel `namespaces`, `cgroups`, and `SELinux`. -## Options for the native execdriver +## Options for the runtime -You can configure the `native` (libcontainer) execdriver using options specified +You can configure the runtime using options specified with the `--exec-opt` flag. All the flag's options have the `native` prefix. A single `native.cgroupdriver` option is available. The `native.cgroupdriver` option specifies the management of the container's -cgroups. You can specify `cgroupfs` or `systemd`. If you specify `systemd` and -it is not available, the system uses `cgroupfs`. If you omit the +cgroups. You can specify only specify `cgroupfs` at the moment. If you omit the `native.cgroupdriver` option,` cgroupfs` is used. -This example sets the `cgroupdriver` to `systemd`: - $ sudo docker daemon --exec-opt native.cgroupdriver=systemd +This example explicitely sets the `cgroupdriver` to `cgroupfs`: + + $ sudo docker daemon --exec-opt native.cgroupdriver=cgroupfs Setting this option applies to all containers the daemon launches. diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 4356872a00..370f0b25e7 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -126,10 +126,10 @@ format. DNS search domains to use. **--exec-opt**=[] - Set exec driver options. See EXEC DRIVER OPTIONS. + Set runtime execution options. See RUNTIME EXECUTION OPTIONS. **--exec-root**="" - Path to use as the root of the Docker exec driver. Default is `/var/run/docker`. + Path to use as the root of the Docker execution state files. Default is `/var/run/docker`. **--fixed-cidr**="" IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) @@ -289,13 +289,13 @@ will use more space for base images the larger the device is. The base device size can be increased at daemon restart which will allow -all future images and containers (based on those new images) to be of the +all future images and containers (based on those new images) to be of the new base device size. -Example use: `docker daemon --storage-opt dm.basesize=50G` +Example use: `docker daemon --storage-opt dm.basesize=50G` -This will increase the base device size to 50G. The Docker daemon will throw an -error if existing base device size is larger than 50G. A user can use +This will increase the base device size to 50G. The Docker daemon will throw an +error if existing base device size is larger than 50G. A user can use this option to expand the base device size however shrinking is not permitted. This value affects the system-wide "base" empty filesystem that may already diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 6bb6a5809d..1bc2cf0b9c 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -16,7 +16,7 @@ CONTAINER|IMAGE [CONTAINER|IMAGE...] This displays all the information available in Docker for a given container or image. By default, this will render all results in a JSON -array. If the container and image have the same name, this will return +array. If the container and image have the same name, this will return container JSON for unspecified type. If a format is specified, the given template will be executed for each result. @@ -110,7 +110,6 @@ To get information on a container use its ID or instance name: "Name": "/adoring_wozniak", "RestartCount": 0, "Driver": "devicemapper", - "ExecDriver": "native-0.2", "MountLabel": "", "ProcessLabel": "", "Mounts": [ diff --git a/man/docker.1.md b/man/docker.1.md index f59f98abdf..c34d9c8d9a 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -224,15 +224,14 @@ inside it) See **docker-wait(1)** for full documentation on the **wait** command. -# EXEC DRIVER OPTIONS +# RUNTIME EXECUTION OPTIONS Use the **--exec-opt** flags to specify options to the execution driver. The following options are available: #### native.cgroupdriver -Specifies the management of the container's `cgroups`. You can specify -`cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the -system uses `cgroupfs`. +Specifies the management of the container's `cgroups`. Only `cgroupfs` can be specified +`cgroupfs` at the moment. #### Client For specific client examples please see the man page for the specific Docker From 80f5ed58a5611764c3457efbe327acdb97fa3067 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Sat, 19 Mar 2016 22:20:40 +1000 Subject: [PATCH 1272/2538] WORKDIR is like calling mkdir - but we've not told people Signed-off-by: Sven Dowideit --- docs/reference/builder.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 8a01d41d52..5819ea36fd 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1021,6 +1021,8 @@ and for any `RUN`, `CMD` and `ENTRYPOINT` instructions that follow it in the The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD`, `ENTRYPOINT`, `COPY` and `ADD` instructions that follow it in the `Dockerfile`. +If the `WORKDIR` doesn't exist, it will be created even if its not used in any +subsequent `Dockerfile` instruction. It can be used multiple times in the one `Dockerfile`. If a relative path is provided, it will be relative to the path of the previous `WORKDIR` From 4c125babf242a306294ce553589661d46c45eb42 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 24 Mar 2016 18:18:39 +0100 Subject: [PATCH 1273/2538] bash completion for `docker ps -f volume` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index bf3c1494b7..2351820ed1 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1476,6 +1476,11 @@ _docker_ps() { COMPREPLY=( $( compgen -W "created dead exited paused restarting running" -- "${cur##*=}" ) ) return ;; + volume) + cur="${cur##*=}" + __docker_complete_volumes + return + ;; esac case "$prev" in @@ -1483,7 +1488,7 @@ _docker_ps() { __docker_complete_containers_all ;; --filter|-f) - COMPREPLY=( $( compgen -S = -W "ancestor exited id label name status" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "ancestor exited id label name status volume" -- "$cur" ) ) __docker_nospace return ;; From beac16919aa8c3fffbadf1198ad23c0cf676bbf1 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 24 Mar 2016 18:39:57 +0100 Subject: [PATCH 1274/2538] bash completion for `docker load --quiet` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2351820ed1..a84068bda6 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1211,7 +1211,7 @@ _docker_load() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --input -i" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --input -i --quiet -q" -- "$cur" ) ) ;; esac } From 386acc792b5a4070e1e6213ac6f05681cc97d2e8 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 24 Mar 2016 18:57:44 +0100 Subject: [PATCH 1275/2538] add docs for `docker load --quiet` Signed-off-by: Harald Albers --- docs/reference/commandline/load.md | 1 + man/docker-load.1.md | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index 888365fcf5..0b40fde2f3 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -16,6 +16,7 @@ parent = "smn_cli" --help Print usage -i, --input="" Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz + -q, --quiet Suppress the load output. Without this option, a progress bar is displayed. Loads a tarred repository from a file or the standard input stream. Restores both images and tags. diff --git a/man/docker-load.1.md b/man/docker-load.1.md index 6ad45587cf..c54fe607b9 100644 --- a/man/docker-load.1.md +++ b/man/docker-load.1.md @@ -8,7 +8,7 @@ docker-load - Load an image from a tar archive or STDIN **docker load** [**--help**] [**-i**|**--input**[=*INPUT*]] - +[**-q**|**--quiet**] # DESCRIPTION @@ -22,6 +22,9 @@ Restores both images and tags. **-i**, **--input**="" Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz. +**-q**, **--quiet** + Suppress the load output. Without this option, a progress bar is displayed. + # EXAMPLES $ docker images From d69044537cea9134e9a07347e99ae8632658431d Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Mon, 21 Mar 2016 07:39:48 +0000 Subject: [PATCH 1276/2538] Add name/driver filter support for volume This change include filter `name` and `driver`, and also update related docs to reflect that filters usage. Closes: #21243 Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/volume_ls.md | 59 +++++++++++++++++++++---- 1 file changed, 51 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 0388e8ae2d..9774c7b834 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -14,28 +14,71 @@ parent = "smn_cli" List volumes - -f, --filter=[] Provide filter values (i.e. 'dangling=true') + -f, --filter=[] Filter output based on these conditions: + - dangling= a volume if referenced or not + - driver= a volume's driver name + - name= a volume's name --help Print usage -q, --quiet Only display volume names -Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. The filtering format is a `key=value` pair. To specify more than one filter, pass multiple flags (for example, `--filter "foo=bar" --filter "bif=baz"`) - -There is a single supported filter `dangling=value` which takes a boolean of `true` or `false`. +Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. Example output: - $ docker volume create --name rose - rose + $ docker volume create --name rosemary + rosemary $docker volume create --name tyler tyler $ docker volume ls DRIVER VOLUME NAME - local rose + local rosemary local tyler +## Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* dangling (boolean - true or false, 0 or 1) +* driver (a volume driver's name) +* name (a volume's name) + +### dangling + +The `dangling` filter matches on all volumes not referenced by any containers + + $ docker run -d -v tyler:/tmpwork busybox + f86a7dd02898067079c99ceacd810149060a70528eff3754d0b0f1a93bd0af18 + $ docker volume ls -f dangling=true + DRIVER VOLUME NAME + local rosemary + +### driver + +The `driver` filter matches on all or part of a volume's driver name. + +The following filter matches all volumes with a driver name containing the `local` string. + + $ docker volume ls -f driver=local + DRIVER VOLUME NAME + local rosemary + local tyler + +### name + +The `name` filter matches on all or part of a volume's name. + +The following filter matches all volumes with a name containing the `rose` string. + + $ docker volume ls -f name=rose + DRIVER VOLUME NAME + local rosemary + ## Related information * [volume create](volume_create.md) * [volume inspect](volume_inspect.md) * [volume rm](volume_rm.md) -* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) \ No newline at end of file +* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) From a11a3505193a58c75a417ae6a52fef06f4ee1ce7 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 25 Mar 2016 03:31:48 -0700 Subject: [PATCH 1277/2538] bash completion for new fluentd log driver options Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a84068bda6..76da887521 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -410,7 +410,7 @@ __docker_complete_log_drivers() { __docker_complete_log_options() { # see docs/reference/logging/index.md local awslogs_options="awslogs-region awslogs-group awslogs-stream" - local fluentd_options="env fluentd-address labels tag" + local fluentd_options="env fluentd-address fluentd-async-connect fluentd-buffer-limit fluentd-retry-wait fluentd-max-retries labels tag" local gcplogs_options="env gcp-log-cmd gcp-project labels" local gelf_options="env gelf-address gelf-compression-level gelf-compression-type labels tag" local journald_options="env labels tag" @@ -459,6 +459,10 @@ __docker_complete_log_options() { __docker_complete_log_driver_options() { local key=$(__docker_map_key_of_current_option '--log-opt') case "$key" in + fluentd-async-connect) + COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) + return + ;; gelf-address) COMPREPLY=( $( compgen -W "udp" -S "://" -- "${cur##*=}" ) ) __docker_nospace From a28d38cf69c3ba7cf3e0f43b8593b1d925ca630a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 25 Mar 2016 10:56:04 -0700 Subject: [PATCH 1278/2538] bash completion for labels on build, networks and volumes Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 76da887521..ad311dd1ec 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -637,6 +637,7 @@ _docker_build() { --cpu-quota --file -f --isolation + --label --memory -m --memory-swap --shm-size @@ -1324,11 +1325,14 @@ _docker_network_create() { COMPREPLY=( $(compgen -W "$plugins" -- "$cur") ) return ;; + --label) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --ipv6 --opt -o --subnet" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--aux-address --driver -d --gateway --help --internal --ip-range --ipam-driver --ipam-opt --ipv6 --label --opt -o --subnet" -- "$cur" ) ) ;; esac } @@ -2024,14 +2028,14 @@ _docker_volume_create() { __docker_complete_plugins Volume return ;; - --name|--opt|-o) + --label|--name|--opt|-o) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--driver -d --help --name --opt -o" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--driver -d --help --label --name --opt -o" -- "$cur" ) ) ;; esac } From 8672ba42c0e225f4c7ee6856695963fa140dc30e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 25 Mar 2016 18:36:45 +0100 Subject: [PATCH 1279/2538] Add zsh completion for 'docker load -q --quiet' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8811261f22..a9ba18b0e1 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -810,7 +810,8 @@ __docker_subcommand() { (load) _arguments $(__docker_arguments) \ $opts_help \ - "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g "*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)"" && ret=0 + "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g \"*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)\"" \ + "($help -q --quiet)"{-q,--quiet}"[Suppress the load output]" && ret=0 ;; (login) _arguments $(__docker_arguments) \ From ae33b5b00c476d682a54133bf95ea8d2a9f729dc Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 25 Mar 2016 18:26:32 +0100 Subject: [PATCH 1280/2538] Add zsh completion for new fluentd log driver options Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a9ba18b0e1..688fb491d0 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -200,7 +200,7 @@ __docker_get_log_options() { local -a awslogs_options fluentd_options gelf_options journald_options json_file_options syslog_options splunk_options awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream") - fluentd_options=("env" "fluentd-address" "labels" "tag") + fluentd_options=("env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag") gcplogs_options=("env" "gcp-log-cmd" "gcp-project" "labels") gelf_options=("env" "gelf-address" "labels" "tag") journald_options=("env" "labels") From f3f9b34d2a1b32b32e958a329797156709b32891 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 25 Mar 2016 11:16:19 -0700 Subject: [PATCH 1281/2538] docs for labels on build, networks and volumes Signed-off-by: Harald Albers --- docs/reference/commandline/build.md | 1 + docs/reference/commandline/network_create.md | 1 + docs/reference/commandline/volume_create.md | 1 + man/docker-build.1.md | 4 ++++ man/docker-network-create.1.md | 4 ++++ man/docker-volume-create.1.md | 4 ++++ 6 files changed, 15 insertions(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 2767497e9d..4530f77bb1 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -26,6 +26,7 @@ parent = "smn_cli" --force-rm Always remove intermediate containers --help Print usage --isolation="" Container isolation technology + --label=[] Set metadata for an image -m, --memory="" Memory limit for all build containers --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. --no-cache Do not use cache when building the image diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 07df761efb..f44c5eff29 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -23,6 +23,7 @@ parent = "smn_cli" --ipam-driver=default IP Address Management Driver --ipam-opt=map[] Set custom IPAM driver specific options --ipv6 Enable IPv6 networking + --label=[] Set metadata on a network -o --opt=map[] Set custom driver specific options --subnet=[] Subnet in CIDR format that represents a network segment diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index da2c66de80..112c260a8b 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -16,6 +16,7 @@ parent = "smn_cli" -d, --driver=local Specify volume driver name --help Print usage + --label=[] Set metadata for a volume --name= Specify volume name -o, --opt=map[] Set driver specific options diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 91f15fe0d4..c854bc1148 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -13,6 +13,7 @@ docker-build - Build a new image from the source code at PATH [**-f**|**--file**[=*PATH/Dockerfile*]] [**--force-rm**] [**--isolation**[=*default*]] +[**--label**[=*[]*]] [**--no-cache**] [**--pull**] [**-q**|**--quiet**] @@ -71,6 +72,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **--isolation**="*default*" Isolation specifies the type of isolation technology used by containers. +**--label**=*label* + Set metadata for an image + **--no-cache**=*true*|*false* Do not use cache when building the image. The default is *false*. diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index 97505baf3b..885a109efd 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -15,6 +15,7 @@ docker-network-create - create a new network [**--ipam-driver**=*default*] [**--ipam-opt**=*map[]*] [**--ipv6**] +[**--label**[=*[]*]] [**-o**|**--opt**=*map[]*] [**--subnet**=*[]*] NETWORK-NAME @@ -156,6 +157,9 @@ If you want to create an externally isolated `overlay` network, you can specify **--ipv6** Enable IPv6 networking +**--label**=*label* + Set metadata for a network + **-o**, **--opt**=map[] Set custom driver options diff --git a/man/docker-volume-create.1.md b/man/docker-volume-create.1.md index 43338095c7..e71a2f1df1 100644 --- a/man/docker-volume-create.1.md +++ b/man/docker-volume-create.1.md @@ -8,6 +8,7 @@ docker-volume-create - Create a new volume **docker volume create** [**-d**|**--driver**[=*DRIVER*]] [**--help**] +[**--label**[=*[]*]] [**--name**[=*NAME*]] [**-o**|**--opt**[=*[]*]] @@ -51,6 +52,9 @@ Another example: **--help** Print usage statement +**--label**=*label* + Set metadata for a volume + **--name**="" Specify volume name From d020f4c6fd49155360461257e0a8cfb6148873d1 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 25 Mar 2016 20:43:43 +0100 Subject: [PATCH 1282/2538] Add zsh completion for 'docker {build, volume create, network create} --label' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 688fb491d0..01dd427165 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -335,6 +335,7 @@ __docker_network_subcommand() { "($help)--ipam-driver=[IP Address Management Driver]:driver:(default)" \ "($help)*--ipam-opt=[Custom IPAM plugin options]:opt=value: " \ "($help)--ipv6[Enable IPv6 networking]" \ + "($help)*--label=[Set metadata on a network]:label=value: " \ "($help)*"{-o=,--opt=}"[Driver specific options]:opt=value: " \ "($help)*--subnet=[Subnet in CIDR format that represents a network segment]:IP/mask: " \ "($help -)1:Network Name: " && ret=0 @@ -425,6 +426,7 @@ __docker_volume_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -d --driver)"{-d=,--driver=}"[Volume driver name]:Driver name:(local)" \ + "($help)*--label=[Set metadata for a volume]:label=value: " \ "($help)--name=[Volume name]" \ "($help)*"{-o=,--opt=}"[Driver specific options]:Driver option: " && ret=0 ;; @@ -576,6 +578,7 @@ __docker_subcommand() { "($help)*--build-arg[Build-time variables]:=: " \ "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ "($help)--force-rm[Always remove intermediate containers]" \ + "($help)*--label=[Set metadata for an image]:label=value: " \ "($help)--no-cache[Do not use cache when building the image]" \ "($help)--pull[Attempt to pull a newer version of the image]" \ "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ From 722207f7224bef0b15247602be4b82b31e9b5789 Mon Sep 17 00:00:00 2001 From: Robin Naundorf Date: Sat, 26 Mar 2016 07:20:09 +0100 Subject: [PATCH 1283/2538] Added 2nd experimental feature currently active Signed-off-by: Robin Naundorf --- experimental/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/experimental/README.md b/experimental/README.md index 659780e3fa..540769dbf3 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -72,6 +72,7 @@ to build a Docker binary with the experimental features enabled: ## Current experimental features * [External graphdriver plugins](plugins_graphdriver.md) + * [Macvlan and Ipvlan Network Drivers](vlan-networks.md) * The user namespaces feature has graduated from experimental. ## How to comment on an experimental feature From dc9d859c158d896071f39845ffa0f281f4541286 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 26 Mar 2016 22:49:53 +0100 Subject: [PATCH 1284/2538] Add zsh completion for 'docker {pull,push} --disable-content-trust' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 01dd427165..c5b780fe0b 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -883,11 +883,13 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all-tags)"{-a,--all-tags}"[Download all tagged images]" \ + "($help)--disable-content-trust[Skip image verification]" \ "($help -):name:__docker_search" && ret=0 ;; (push) _arguments $(__docker_arguments) \ $opts_help \ + "($help)--disable-content-trust[Skip image signing]" \ "($help -): :__docker_images" && ret=0 ;; (rename) From 68b1453a6803331c075d114bb535938b86e32f94 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 26 Mar 2016 15:07:02 +0100 Subject: [PATCH 1285/2538] Add zsh completion for 'docker update --restart' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index c5b780fe0b..46d11620d7 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -542,7 +542,6 @@ __docker_subcommand() { "($help)--pid=[PID namespace to use]:PID: " "($help)--privileged[Give extended privileges to this container]" "($help)--read-only[Mount the container's root filesystem as read only]" - "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)" "($help)*--security-opt=[Security options]:security option: " "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" @@ -556,6 +555,7 @@ __docker_subcommand() { "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: " "($help)--memory-reservation=[Memory soft limit]:Memory limit: " + "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)" ) opts_attach_exec_run_start=( "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" From 4972d8b64d629fc9ba3fc02542a24eae682f2a30 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 26 Mar 2016 14:54:11 +0100 Subject: [PATCH 1286/2538] Add zsh completion for journald tag opt Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 46d11620d7..9013c27074 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -203,7 +203,7 @@ __docker_get_log_options() { fluentd_options=("env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag") gcplogs_options=("env" "gcp-log-cmd" "gcp-project" "labels") gelf_options=("env" "gelf-address" "labels" "tag") - journald_options=("env" "labels") + journald_options=("env" "labels" "tag") json_file_options=("env" "labels" "max-file" "max-size") syslog_options=("syslog-address" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "syslog-facility" "tag") splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "tag") From f52489ec851e6569be020e735ba388934bb6d22b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 26 Mar 2016 22:36:06 +0100 Subject: [PATCH 1287/2538] Add zsh completion for etwlogs and gcplogs log drivers Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 9013c27074..7898344bf3 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -528,7 +528,7 @@ __docker_subcommand() { "($help)--ipc=[IPC namespace to use]:IPC namespace: " "($help)*--link=[Add link to another container]:link:->link" "($help)*"{-l=,--label=}"[Container metadata]:label: " - "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" + "($help)--log-driver=[Default driver for container logs]:Logging driver:(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)" "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" "($help)--mac-address=[Container MAC address]:MAC address: " "($help)--name=[Container name]:name: " @@ -669,7 +669,7 @@ __docker_subcommand() { "($help)--ipv6[Enable IPv6 networking]" \ "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \ "($help)*--label=[Key=value labels]:label: " \ - "($help)--log-driver=[Default driver for container logs]:Logging driver:(json-file syslog journald gelf fluentd awslogs splunk none)" \ + "($help)--log-driver=[Default driver for container logs]:Logging driver:(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)" \ "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" \ "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \ "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ From bcdfbb81562267df62219f5dba310ce07b86ca94 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 26 Mar 2016 21:53:27 +0100 Subject: [PATCH 1288/2538] Add zsh completion for 'docker ps --filter' values Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 128 +++++++++++++++++++++++---------- 1 file changed, 91 insertions(+), 37 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 7898344bf3..3831e12743 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -50,11 +50,11 @@ __docker_arguments() { __docker_get_containers() { [[ $PREFIX = -* ]] && return 1 integer ret=1 - local kind - declare -a running stopped lines args + local kind type line s + declare -a running stopped lines args names - kind=$1 - shift + kind=$1; shift + type=$1; shift [[ $kind = (stopped|all) ]] && args=($args -a) lines=(${(f)"$(_call_program commands docker $docker_options ps --no-trunc $args)"}) @@ -73,39 +73,40 @@ __docker_get_containers() { lines=(${lines[2,-1]}) # Container ID - local line - local s - for line in $lines; do - s="${${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}[0,12]}" - s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" - s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" - if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then - stopped=($stopped $s) - else - running=($running $s) - fi - done + if [[ $type = (ids|all) ]]; then + for line in $lines; do + s="${${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}[0,12]}" + s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" + s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" + if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then + stopped=($stopped $s) + else + running=($running $s) + fi + done + fi # Names: we only display the one without slash. All other names # are generated and may clutter the completion. However, with # Swarm, all names may be prefixed by the swarm node name. - local -a names - for line in $lines; do - names=(${(ps:,:)${${line[${begin[NAMES]},${end[NAMES]}]}%% *}}) - # First step: find a common prefix and strip it (swarm node case) - (( ${#${(u)names%%/*}} == 1 )) && names=${names#${names[1]%%/*}/} - # Second step: only keep the first name without a / - s=${${names:#*/*}[1]} - # If no name, well give up. - (( $#s != 0 )) || continue - s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" - s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" - if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then - stopped=($stopped $s) - else - running=($running $s) - fi - done + if [[ $type = (names|all) ]]; then + for line in $lines; do + names=(${(ps:,:)${${line[${begin[NAMES]},${end[NAMES]}]}%% *}}) + # First step: find a common prefix and strip it (swarm node case) + (( ${#${(u)names%%/*}} == 1 )) && names=${names#${names[1]%%/*}/} + # Second step: only keep the first name without a / + s=${${names:#*/*}[1]} + # If no name, well give up. + (( $#s != 0 )) || continue + s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" + s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" + if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then + stopped=($stopped $s) + else + running=($running $s) + fi + done + fi [[ $kind = (running|all) ]] && _describe -t containers-running "running containers" running "$@" && ret=0 [[ $kind = (stopped|all) ]] && _describe -t containers-stopped "stopped containers" stopped "$@" && ret=0 @@ -114,17 +115,27 @@ __docker_get_containers() { __docker_stoppedcontainers() { [[ $PREFIX = -* ]] && return 1 - __docker_get_containers stopped "$@" + __docker_get_containers stopped all "$@" } __docker_runningcontainers() { [[ $PREFIX = -* ]] && return 1 - __docker_get_containers running "$@" + __docker_get_containers running all "$@" } __docker_containers() { [[ $PREFIX = -* ]] && return 1 - __docker_get_containers all "$@" + __docker_get_containers all all "$@" +} + +__docker_containers_ids() { + [[ $PREFIX = -* ]] && return 1 + __docker_get_containers all ids "$@" +} + +__docker_containers_names() { + [[ $PREFIX = -* ]] && return 1 + __docker_get_containers all names "$@" } __docker_images() { @@ -244,6 +255,43 @@ __docker_complete_detach_keys() { _describe -t detach_keys-ctrl "'ctrl-' + 'a-z @ [ \\\\ ] ^ _'" ctrl_keys -qS "," && ret=0 } +__docker_complete_ps_filters() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (ancestor) + __docker_images && ret=0 + ;; + (before|since) + __docker_containers && ret=0 + ;; + (id) + __docker_containers_ids && ret=0 + ;; + (name) + __docker_containers_names && ret=0 + ;; + (status) + status_opts=('created' 'dead' 'exited' 'paused' 'restarting' 'running') + _describe -t status-filter-opts "Status Filter Options" status_opts && ret=0 + ;; + (volume) + __docker_volumes && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + opts=('ancestor' 'before' 'exited' 'id' 'label' 'name' 'since' 'status' 'volume') + _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 + fi + + return ret +} + __docker_networks() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -870,7 +918,7 @@ __docker_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Show all containers]" \ "($help)--before=[Show only container created before...]:containers:__docker_containers" \ - "($help)*"{-f=,--filter=}"[Filter values]:filter: " \ + "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ "($help)--format[Pretty-print containers using a Go template]:format: " \ "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ "($help)-n[Show n last created containers, include non-running one]:n:(1 5 10 25 50)" \ @@ -878,6 +926,12 @@ __docker_subcommand() { "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -s --size)"{-s,--size}"[Display total file sizes]" \ "($help)--since=[Show only containers created since...]:containers:__docker_containers" && ret=0 + + case $state in + (filter-options) + __docker_complete_ps_filters && ret=0 + ;; + esac ;; (pull) _arguments $(__docker_arguments) \ From cfaba16a9b5bfdb98a3661ae84bf856f6bb7ab71 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 26 Mar 2016 22:31:17 +0100 Subject: [PATCH 1289/2538] Add zsh completion for gelf-compression log driver options Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3831e12743..392f373bbb 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -213,7 +213,7 @@ __docker_get_log_options() { awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream") fluentd_options=("env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag") gcplogs_options=("env" "gcp-log-cmd" "gcp-project" "labels") - gelf_options=("env" "gelf-address" "labels" "tag") + gelf_options=("env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag") journald_options=("env" "labels" "tag") json_file_options=("env" "labels" "max-file" "max-size") syslog_options=("syslog-address" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "syslog-facility" "tag") From f56848dc6bad4b2b22554b50beff3622db2ddf27 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 28 Mar 2016 04:29:53 -0700 Subject: [PATCH 1290/2538] bash completion for `docker daemon --containerd` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ad311dd1ec..48a51c6b0d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -794,6 +794,7 @@ _docker_daemon() { --cluster-advertise --cluster-store --cluster-store-opt + --containerd --default-gateway --default-gateway-v6 --default-ulimit @@ -870,7 +871,7 @@ _docker_daemon() { __docker_complete_log_drivers return ;; - --pidfile|-p|--tlscacert|--tlscert|--tlskey) + --containerd|--pidfile|-p|--tlscacert|--tlscert|--tlskey) _filedir return ;; From 043b5f05edbd1a093f7ebde6d38acf1a7f8b7bcf Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 28 Mar 2016 13:56:08 +0200 Subject: [PATCH 1291/2538] Add zsh completion for 'docker daemon --containerd' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 392f373bbb..4d6c83ddd0 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -690,6 +690,7 @@ __docker_subcommand() { "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ "($help)--bip=[Network bridge IP]:IP address: " \ "($help)--cgroup-parent=[Parent cgroup for all containers]:cgroup: " \ + "($help)--containerd=[Path to containerd socket]:socket:_files -g \"*.sock\"" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ @@ -727,9 +728,9 @@ __docker_subcommand() { "($help)--selinux-enabled[Enable selinux support]" \ "($help)*--storage-opt=[Storage driver options]:storage driver options: " \ "($help)--tls[Use TLS]" \ - "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g "*.(pem|crt)"" \ - "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g "*.(pem|crt)"" \ - "($help)--tlskey=[Path to TLS key file]:Key file:_files -g "*.(pem|key)"" \ + "($help)--tlscacert=[Trust certs signed only by this CA]:PEM file:_files -g \"*.(pem|crt)\"" \ + "($help)--tlscert=[Path to TLS certificate file]:PEM file:_files -g \"*.(pem|crt)\"" \ + "($help)--tlskey=[Path to TLS key file]:Key file:_files -g \"*.(pem|key)\"" \ "($help)--tlsverify[Use TLS and verify the remote]" \ "($help)--userns-remap=[User/Group setting for user namespaces]:user\:group:->users-groups" \ "($help)--userland-proxy[Use userland proxy for loopback traffic]" && ret=0 From 062454975a22c5e0ddfe262863fee3dfb231bcea Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 28 Mar 2016 08:07:28 -0700 Subject: [PATCH 1292/2538] fix bash completion for `docker run --security-opt` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 40 +++++++++++++++++----------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 48a51c6b0d..310f3984dd 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1704,6 +1704,24 @@ _docker_run() { __docker_complete_log_driver_options && return __docker_complete_restart && return + local key=$(__docker_map_key_of_current_option '--security-opt') + case "$key" in + label) + [[ $cur == *: ]] && return + COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "${cur##*=}") ) + if [ "${COMPREPLY[*]}" != "disable" ] ; then + __docker_nospace + fi + return + ;; + seccomp) + local cur=${cur##*=} + _filedir + COMPREPLY+=( $( compgen -W "unconfined" -- "$cur" ) ) + return + ;; + esac + case "$prev" in --add-host) case "$cur" in @@ -1801,26 +1819,8 @@ _docker_run() { return ;; --security-opt) - case "$cur" in - label=*:*) - ;; - label=*) - local cur=${cur##*=} - COMPREPLY=( $( compgen -W "user: role: type: level: disable" -- "$cur") ) - if [ "${COMPREPLY[*]}" != "disable" ] ; then - __docker_nospace - fi - ;; - seccomp=*) - local cur=${cur##*=} - _filedir - COMPREPLY+=( $( compgen -W "unconfined" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $( compgen -W "label apparmor seccomp" -S ":" -- "$cur") ) - __docker_nospace - ;; - esac + COMPREPLY=( $( compgen -W "apparmor label seccomp" -S "=" -- "$cur") ) + __docker_nospace return ;; --user|-u) From 2a3935e24a2e90d02b15c462ab53783c9a136868 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 28 Mar 2016 15:39:27 +0200 Subject: [PATCH 1293/2538] Add zsh completion for 'docker {create,run} --userns' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4d6c83ddd0..1351ae9579 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -539,6 +539,7 @@ __docker_subcommand() { "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " "($help)*--ulimit=[ulimit options]:ulimit: " + "($help)--userns=[Container user namespace]:user namespace:(host)" ) opts_build_create_run_update=( "($help)--cpu-shares=[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" From e338af7123bd6053fd0c91d5ce15466f1e965ef0 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 28 Mar 2016 06:11:52 -0700 Subject: [PATCH 1294/2538] bash completion for `docker {run,create} --userns` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 310f3984dd..a5586d97df 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1668,6 +1668,7 @@ _docker_run() { --tmpfs --ulimit --user -u + --userns --uts --volume-driver --volumes-from @@ -1827,6 +1828,10 @@ _docker_run() { __docker_complete_user_group return ;; + --userns) + COMPREPLY=( $( compgen -W "host" -- "$cur" ) ) + return + ;; --volume-driver) __docker_complete_plugins Volume return From 7eb597c63d1fc53a46ef35f1c10154421f7c68fd Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 28 Mar 2016 05:15:56 -0700 Subject: [PATCH 1295/2538] bash completion for storage option `dm.min_free_space` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a5586d97df..f2be79872d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -887,6 +887,7 @@ _docker_daemon() { dm.fs dm.loopdatasize dm.loopmetadatasize + dm.min_free_space dm.mkfsarg dm.mountopt dm.override_udev_sync_check From 52ccec4cbcc25d62a5f293ac621195176a692915 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 28 Mar 2016 05:20:06 -0700 Subject: [PATCH 1296/2538] fix wrong option name in `dm.min_free_space` examples Signed-off-by: Harald Albers --- docs/reference/commandline/daemon.md | 2 +- man/docker-daemon.8.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 7788eefde4..36e1348c85 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -462,7 +462,7 @@ options for `zfs` start with `zfs`. Example use: - $ docker daemon --storage-opt dm.min_free_space_percent=10% + $ docker daemon --storage-opt dm.min_free_space=10% Currently supported options of `zfs`: diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 370f0b25e7..27a0eaa0ff 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -487,7 +487,7 @@ pool and that should automatically resolve it. If loop devices are being used, then stop docker, grow the size of loop files and restart docker and that should resolve the issue. -Example use: `docker daemon --storage-opt dm.min_free_space_percent=10%` +Example use: `docker daemon --storage-opt dm.min_free_space=10%` ## ZFS options From 791a5fc5c1f107a2ee61b52562bc66631649c477 Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Sun, 20 Mar 2016 00:42:58 -0400 Subject: [PATCH 1297/2538] CLI flag for docker create(run) to change block device size. Signed-off-by: Shishir Mahajan --- docs/reference/commandline/create.md | 8 ++++++++ docs/reference/commandline/run.md | 8 ++++++++ man/docker-create.1.md | 8 ++++++++ man/docker-run.1.md | 8 ++++++++ 4 files changed, 32 insertions(+) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 70c0e4c35a..0540b3f34a 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -81,6 +81,7 @@ Creates a new container. --security-opt=[] Security options --stop-signal="SIGTERM" Signal to stop a container --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. + --storage-opt=[] Set storage driver options per container -t, --tty Allocate a pseudo-TTY -u, --user="" Username or UID --userns="" Container user namespace @@ -145,6 +146,13 @@ then be used from the subsequent container: drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker +Set storage driver options per container. + + $ docker create -it --storage-opt size=120G fedora /bin/bash + +This (size) will allow to set the container rootfs size to 120G at creation time. +User cannot pass a size less than the Default BaseFS Size. + ### Specify isolation technology for container (--isolation) This option is useful in situations where you are running Docker containers on diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 97553a67dc..00438bebad 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -83,6 +83,7 @@ parent = "smn_cli" --security-opt=[] Security Options --sig-proxy=true Proxy received signals to the process --stop-signal="SIGTERM" Signal to stop a container + --storage-opt=[] Set storage driver options per container -t, --tty Allocate a pseudo-TTY -u, --user="" Username or UID (format: [:]) --userns="" Container user namespace @@ -167,6 +168,13 @@ flag exists to allow special use-cases, like running Docker within Docker. The `-w` lets the command being executed inside directory given, here `/path/to/dir/`. If the path does not exists it is created inside the container. +### Set storage driver options per container + + $ docker create -it --storage-opt size=120G fedora /bin/bash + +This (size) will allow to set the container rootfs size to 120G at creation time. +User cannot pass a size less than the Default BaseFS Size. + ### Mount tmpfs (--tmpfs) $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image diff --git a/man/docker-create.1.md b/man/docker-create.1.md index f12edb5483..d3cb85c78c 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -64,6 +64,7 @@ docker-create - Create a new container [**--read-only**] [**--restart**[=*RESTART*]] [**--security-opt**[=*[]*]] +[**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**-t**|**--tty**] @@ -325,6 +326,13 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. "seccomp:unconfined" : Turn off seccomp confinement for the container "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter +**--storage-opt**=[] + Storage driver options per container + + $ docker create -it --storage-opt size=120G fedora /bin/bash + + This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. + **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 57808f33a0..e6757fc512 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -67,6 +67,7 @@ docker-run - Run a command in a new container [**--restart**[=*RESTART*]] [**--rm**] [**--security-opt**[=*[]*]] +[**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] @@ -476,6 +477,13 @@ its root filesystem mounted as read only prohibiting any writes. "apparmor=unconfined" : Turn off apparmor confinement for the container "apparmor=your-profile" : Set the apparmor confinement profile for the container +**--storage-opt**=[] + Storage driver options per container + + $ docker run -it --storage-opt size=120G fedora /bin/bash + + This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. + **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From 3f15ba3bdfaac673fce87f8cd1c2c6c1e918aece Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Mon, 28 Mar 2016 03:11:06 +0000 Subject: [PATCH 1298/2538] Add man change for volume filter It was forgetton to add change in man for new-added volume filters. This change adds that. Signed-off-by: Kai Qiang Wu(Kennan) --- man/docker-volume-ls.1.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/man/docker-volume-ls.1.md b/man/docker-volume-ls.1.md index b115a039d5..c045e43bd5 100644 --- a/man/docker-volume-ls.1.md +++ b/man/docker-volume-ls.1.md @@ -18,7 +18,10 @@ There is a single supported filter `dangling=value` which takes a boolean of `tr # OPTIONS **-f**, **--filter**="" - Provide filter values (i.e. 'dangling=true') + Filter output based on these conditions: + - dangling= a volume if referenced or not + - driver= a volume's driver name + - name= a volume's name **--help** Print usage statement From 85f983178bba109af546dac41a9bd1e7df18dfde Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 28 Mar 2016 04:47:24 -0700 Subject: [PATCH 1299/2538] docs for `docker daemon --containerd` Signed-off-by: Harald Albers --- docs/reference/commandline/daemon.md | 7 ++++--- man/docker-daemon.8.md | 4 ++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 36e1348c85..5ca4df782f 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -21,13 +21,14 @@ weight = -1 -b, --bridge="" Attach containers to a network bridge --bip="" Specify network bridge IP --cgroup-parent= Set parent cgroup for all containers - -D, --debug Enable debug mode - --default-gateway="" Container default gateway IPv4 address - --default-gateway-v6="" Container default gateway IPv6 address --cluster-store="" URL of the distributed storage backend --cluster-advertise="" Address of the daemon instance on the cluster --cluster-store-opt=map[] Set cluster options --config-file=/etc/docker/daemon.json Daemon configuration file + --containerd Path to containerd socket + -D, --debug Enable debug mode + --default-gateway="" Container default gateway IPv4 address + --default-gateway-v6="" Container default gateway IPv6 address --dns=[] DNS server to use --dns-opt=[] DNS options to use --dns-search=[] DNS search domains to use diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index 27a0eaa0ff..cdc7781782 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -15,6 +15,7 @@ docker-daemon - Enable daemon mode [**--cluster-advertise**[=*[]*]] [**--cluster-store-opt**[=*map[]*]] [**--config-file**[=*/etc/docker/daemon.json*]] +[**--containerd**[=*SOCKET-PATH*]] [**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] @@ -101,6 +102,9 @@ format. **--config-file**="/etc/docker/daemon.json" Specifies the JSON file path to load the configuration from. +**--containerd**="" + Path to containerd socket. + **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. From 5161f2dc157e25429fafb0b4ae45753ba0ca01f1 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Mon, 28 Mar 2016 17:10:11 -0700 Subject: [PATCH 1300/2538] Mention "docker login" in push/pull documentation It was suggested to me that documentation for "docker pull" and "docker push" should reference "docker login", to make clearer how to specify credentials for a push or pull operation. Add a note to the manual pages and reference documentation explaining how registry credentials are managed. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/pull.md | 2 ++ docs/reference/commandline/push.md | 2 ++ man/docker-pull.1.md | 2 ++ man/docker-push.1.md | 2 ++ 4 files changed, 8 insertions(+) diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 8e7d777356..01ec88e8a6 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -165,6 +165,8 @@ listening on port 5000 (`myregistry.local:5000`): $ docker pull myregistry.local:5000/testing/test-image ``` +Registry credentials are managed by [docker login](login.md). + Docker uses the `https://` protocol to communicate with a registry, unless the registry is allowed to be accessed over an insecure connection. Refer to the [insecure registries](daemon.md#insecure-registries) section for more information. diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 315d3ce376..81091b1430 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -22,3 +22,5 @@ registry or to a self-hosted one. Killing the `docker push` process, for example by pressing `CTRL-c` while it is running in a terminal, will terminate the push operation. + +Registry credentials are managed by [docker login](login.md). diff --git a/man/docker-pull.1.md b/man/docker-pull.1.md index e4a7550d5b..c61d005308 100644 --- a/man/docker-pull.1.md +++ b/man/docker-pull.1.md @@ -151,6 +151,8 @@ listening on port 5000 (`myregistry.local:5000`): $ docker pull myregistry.local:5000/testing/test-image +Registry credentials are managed by **docker-login(1)**. + Docker uses the `https://` protocol to communicate with a registry, unless the registry is allowed to be accessed over an insecure connection. Refer to the [insecure registries](https://docs.docker.com/engine/reference/commandline/daemon/#insecure-registries) diff --git a/man/docker-push.1.md b/man/docker-push.1.md index cf4bc255f1..1b487a0d55 100644 --- a/man/docker-push.1.md +++ b/man/docker-push.1.md @@ -44,6 +44,8 @@ Check that this worked by running: You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` listed. +Registry credentials are managed by **docker-login(1)**. + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 77c0ed63444d9ed97361b9ad61475c4a2eb57720 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 29 Mar 2016 09:57:10 -0700 Subject: [PATCH 1301/2538] bash completions: Improve consistency for options with default=true Completion of these options was not handled consistently. Now all such options immediatly complete with =false appended. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f2be79872d..299f43bd9f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -615,7 +615,7 @@ _docker_attach() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--detach-keys --help --no-stdin --sig-proxy" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--detach-keys --help --no-stdin --sig-proxy=false" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--detach-keys') @@ -702,7 +702,7 @@ _docker_commit() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--author -a --change -c --help --message -m --pause -p" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--author -a --change -c --help --message -m --pause=false -p=false" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--author|-a|--change|-c|--message|-m') From 327d937bf060551a9509539a9ee8ac7baa98de13 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 29 Mar 2016 09:59:04 +0200 Subject: [PATCH 1302/2538] bash completion for `docker {run,create} --security-opt no-new-privileges` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 299f43bd9f..38565868c2 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1821,8 +1821,10 @@ _docker_run() { return ;; --security-opt) - COMPREPLY=( $( compgen -W "apparmor label seccomp" -S "=" -- "$cur") ) - __docker_nospace + COMPREPLY=( $( compgen -W "apparmor= label= no-new-privileges seccomp=" -- "$cur") ) + if [ "${COMPREPLY[*]}" != "no-new-privileges" ] ; then + __docker_nospace + fi return ;; --user|-u) From 31c32956ca76999c280b7e00bd4956ac1884f538 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Thu, 24 Mar 2016 09:18:03 -0700 Subject: [PATCH 1303/2538] When using systemd, pass expected cgroupsPath and cli options to runc. runc expects a systemd cgroupsPath to be in slice:scopePrefix:containerName format and the "--systemd-cgroup" option to be set. Update docker accordingly. Fixes 21475 Signed-off-by: Anusha Ragunathan --- docs/reference/commandline/daemon.md | 7 ++++--- man/docker.1.md | 5 +++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 5ca4df782f..5ca00242c7 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -491,12 +491,13 @@ with the `--exec-opt` flag. All the flag's options have the `native` prefix. A single `native.cgroupdriver` option is available. The `native.cgroupdriver` option specifies the management of the container's -cgroups. You can specify only specify `cgroupfs` at the moment. If you omit the +cgroups. You can specify only specify `cgroupfs` or `systemd`. If you specify +`systemd` and it is not available, the system errors out. If you omit the `native.cgroupdriver` option,` cgroupfs` is used. -This example explicitely sets the `cgroupdriver` to `cgroupfs`: +This example sets the `cgroupdriver` to `systemd`: - $ sudo docker daemon --exec-opt native.cgroupdriver=cgroupfs + $ sudo docker daemon --exec-opt native.cgroupdriver=systemd Setting this option applies to all containers the daemon launches. diff --git a/man/docker.1.md b/man/docker.1.md index c34d9c8d9a..6f4f6ab836 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -230,8 +230,9 @@ Use the **--exec-opt** flags to specify options to the execution driver. The following options are available: #### native.cgroupdriver -Specifies the management of the container's `cgroups`. Only `cgroupfs` can be specified -`cgroupfs` at the moment. +Specifies the management of the container's `cgroups`. You can specify `cgroupfs` +or `systemd`. If you specify `systemd` and it is not available, the system errors +out. #### Client For specific client examples please see the man page for the specific Docker From e2491d2a7e638ce1dcbe891d6885340931a3a1e9 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 29 Mar 2016 21:56:24 -0700 Subject: [PATCH 1304/2538] bash completion for `docker history --human` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 38565868c2..66d04249c8 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1078,7 +1078,7 @@ _docker_help() { _docker_history() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --human=false -H=false --no-trunc --quiet -q" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) From 0a13b2a1ce34fc7207a72490ee8fde51097f4f6f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 30 Mar 2016 15:00:09 -0700 Subject: [PATCH 1305/2538] Un-deprecate auto-creation of host directories for mounts Auto-creation of host-directories was marked deprecated in Docker 1.9, but was decided to be too much of an backward-incompatible change, so it was decided to keep the feature. Signed-off-by: Sebastiaan van Stijn --- docs/deprecated.md | 11 ----------- docs/reference/run.md | 3 --- 2 files changed, 14 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index d2acf31f67..f1c1fb0a77 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -133,17 +133,6 @@ The following double-dash options are deprecated and have no replacement: docker ps --before-id docker search --trusted -### Auto-creating missing host paths for bind mounts -**Deprecated in Release: v1.9** - -**Target for Removal in Release: 1.11** - -When creating a container with a bind-mounted volume-- `docker run -v /host/path:/container/path` -- -docker was automatically creating the `/host/path` if it didn't already exist. - -This auto-creation of the host path is deprecated and docker will error out if -the path does not exist. - ### Interacting with V1 registries Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 registries. Though disabled by default, this signals the intent to deprecate the v1 protocol. diff --git a/docs/reference/run.md b/docs/reference/run.md index 7edcd7e16a..62cd5c888a 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1414,9 +1414,6 @@ The example below mounts an empty tmpfs into the container with the `rw`, --volumes-from="": Mount all volumes from the given container(s) -> **Note**: -> The auto-creation of the host path has been [*deprecated*](../deprecated.md#auto-creating-missing-host-paths-for-bind-mounts). - > **Note**: > When using systemd to manage the Docker daemon's start and stop, in the systemd > unit file there is an option to control mount propagation for the Docker daemon From 1db38dfe2173fe2b8d4e4ede2ccf921af032a5d0 Mon Sep 17 00:00:00 2001 From: Liron Levin Date: Wed, 30 Mar 2016 21:14:33 +0300 Subject: [PATCH 1306/2538] Add short description about default authentication method in authorization docs Following the discussion in #21556, adding a short description of the default user authentication mechanism (without requiring authentication plugins) Signed-off-by: Liron Levin --- docs/extend/plugins_authorization.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 7db31b85c4..6ebed3542f 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -49,6 +49,11 @@ Each plugin must reside within directories described under the **Note**: the abbreviations `AuthZ` and `AuthN` mean authorization and authentication respectively. +## Default user authorization mechanism + +If TLS is enabled in the [Docker daemon](https://docs.docker.com/engine/security/https/), the default user authorization flow extracts the user details from the certificate subject name. +That is, the `User` field is set to the client certificate subject common name, and the `AuthenticationMethod` field is set to `TLS`. + ## Basic architecture You are responsible for registering your plugin as part of the Docker daemon From b45ed4a79d8f8fe33d63b3a94c6b33ce02cc4465 Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 29 Mar 2016 14:36:38 +0800 Subject: [PATCH 1307/2538] 1.change validateNoSchema into validateNoScheme 2.change schema into scheme in docs and some annotations. Signed-off-by: allencloud --- docs/reference/commandline/build.md | 2 +- man/docker-build.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 4530f77bb1..eb1bb426b7 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -177,7 +177,7 @@ you must use `--rm=false`. This does not affect the build cache. This will clone the GitHub repository and use the cloned repository as context. The Dockerfile at the root of the repository is used as Dockerfile. Note that you can specify an arbitrary Git repository by using the `git://` or `git@` -schema. +scheme. ### Build with - diff --git a/man/docker-build.1.md b/man/docker-build.1.md index c854bc1148..69d78cd9a3 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -277,7 +277,7 @@ repository. docker build github.com/scollier/purpletest -Note: You can set an arbitrary Git repository via the `git://` schema. +Note: You can set an arbitrary Git repository via the `git://` scheme. ## Building an image using a URL to a tarball'ed context From 643715ee74079ca8cadc5c97971462379c1cd6d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1ximo=20Cuadros?= Date: Thu, 31 Mar 2016 15:14:42 +0200 Subject: [PATCH 1308/2538] documentation: adding gce-docker plugin to plugins.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Máximo Cuadros --- docs/extend/plugins.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index da46a16ed7..01d68eaced 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -68,6 +68,8 @@ The following plugins exist: * The [Netshare plugin](https://github.com/gondor/docker-volume-netshare) is a volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. +* The [gce-docker plugin](https://github.com/mcuadros/gce-docker) is a volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks). + * The [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) is a cluster aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. * The [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. From 5f02c0a5aba758e2dd775b05f92c06d245851e6e Mon Sep 17 00:00:00 2001 From: Tomasz Kopczynski Date: Tue, 16 Feb 2016 23:45:48 +0100 Subject: [PATCH 1309/2538] Add insecure registries to docker info Signed-off-by: Tomasz Kopczynski --- docs/reference/commandline/info.md | 3 +++ man/docker-info.1.md | 3 +++ 2 files changed, 6 insertions(+) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 06f7848d5a..25a5dd20de 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -62,6 +62,9 @@ For example: Registry: [https://index.docker.io/v1/] Labels: storage=ssd + Insecure registries: + myinsecurehost:5000 + 127.0.0.0/8 The global `-D` option tells all `docker` commands to output debug information. diff --git a/man/docker-info.1.md b/man/docker-info.1.md index 1ebcd1a419..d0103df2b1 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -59,6 +59,9 @@ Here is a sample output: Debug mode (server): false Username: xyz Registry: https://index.docker.io/v1/ + Insecure registries: + myinsecurehost:5000 + 127.0.0.0/8 # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) From b394f05feea1f78359c7a734a1f548faf0cf88ec Mon Sep 17 00:00:00 2001 From: Yi EungJun Date: Wed, 6 Apr 2016 16:10:30 +0900 Subject: [PATCH 1310/2538] Use 'null' instead of 'nil' for json When describe json response, 'null' is better than 'nil' which is not in json specification. Signed-off-by: Yi EungJun --- docs/extend/plugins_authorization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 6ebed3542f..a47cd2a55b 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -196,8 +196,8 @@ should implement the following two methods: "Allow": "Determined whether the user is allowed or not", "Msg": "The authorization message", "Err": "The error message if things go wrong", - "ModifiedBody": "Byte array containing a modified body of the raw HTTP body (or nil if no changes required)", - "ModifiedHeader": "Byte array containing a modified header of the HTTP response (or nil if no changes required)", + "ModifiedBody": "Byte array containing a modified body of the raw HTTP body (or null if no changes required)", + "ModifiedHeader": "Byte array containing a modified header of the HTTP response (or null if no changes required)", "ModifiedStatusCode": "int containing the modified version of the status code (or 0 if not change is required)" } ``` From bc060f1f196ebd02ea6324f8f408c933d0ad64b3 Mon Sep 17 00:00:00 2001 From: mikelinjie <294893458@qq.com> Date: Wed, 16 Mar 2016 15:26:57 +0800 Subject: [PATCH 1311/2538] make the cache miss clear Signed-off-by: mikelinjie <294893458@qq.com> Signed-off-by: Sebastiaan van Stijn --- docs/reference/builder.md | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 5819ea36fd..a932276b75 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1174,8 +1174,10 @@ To use these, simply pass them on the command line using the `--build-arg `ARG` variables are not persisted into the built image as `ENV` variables are. However, `ARG` variables do impact the build cache in similar ways. If a Dockerfile defines an `ARG` variable whose value is different from a previous -build, then a "cache miss" occurs upon its first usage, not its declaration. -For example, consider this Dockerfile: +build, then a "cache miss" occurs upon first use of the `ARG` variable. The +declaration of the `ARG` variable does not count as a use. + +For example, consider these two Dockerfile: ``` 1 FROM ubuntu @@ -1183,12 +1185,17 @@ For example, consider this Dockerfile: 3 RUN echo $CONT_IMG_VER ``` -If you specify `--build-arg CONT_IMG_VER=` on the command line the -specification on line 2 does not cause a cache miss; line 3 does cause a cache -miss. The definition on line 2 has no impact on the resulting image. The `RUN` -on line 3 executes a command and in doing so defines a set of environment -variables, including `CONT_IMG_VER`. At that point, the `ARG` variable may -impact the resulting image, so a cache miss occurs. +``` +1 FROM ubuntu +2 ARG CONT_IMG_VER +3 RUN echo hello +``` + +If you specify `--build-arg CONT_IMG_VER=` on the command line, in both +cases, the specification on line 2 does not cause a cache miss; line 3 does +cause a cache miss.`ARG CONT_IMG_VER` causes the RUN line to be identified +as the same as running `CONT_IMG_VER=` echo hello, so if the `` +changes, we get a cache miss. Consider another example under the same command line: @@ -1203,6 +1210,20 @@ the variable's value in the `ENV` references the `ARG` variable and that variable is changed through the command line. In this example, the `ENV` command causes the image to include the value. +If an `ENV` instruction overrides an `ARG` instruction of the same name, like +this Dockerfile: + +``` +1 FROM ubuntu +2 ARG CONT_IMG_VER +3 ENV CONT_IMG_VER hello +4 RUN echo $CONT_IMG_VER +``` + +Line 3 does not cause a cache miss because the value of `CONT_IMG_VER` is a +constant (`hello`). As a result, the environment variables and values used on +the `RUN` (line 4) doesn't change between builds. + ## ONBUILD ONBUILD [INSTRUCTION] From 42dfcc1d2a18a207a04a1cdc78ff745df9efca69 Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Wed, 6 Apr 2016 21:52:10 +0800 Subject: [PATCH 1312/2538] Correct the description of --group-add in run.md Signed-off-by: Lei Jitang --- docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 62cd5c888a..170dd35079 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1056,7 +1056,7 @@ Both flags take limits in the `:` format. Both read and write rates must be a positive integer. ## Additional groups - --group-add: Add Linux capabilities + --group-add: Add additional groups to run as By default, the docker container process runs with the supplementary groups looked up for the specified user. If one wants to add more to that list of groups, then From 70f932f2687122dd0fb1483eb213ef9bc4523eba Mon Sep 17 00:00:00 2001 From: Yi EungJun Date: Wed, 6 Apr 2016 15:37:49 +0900 Subject: [PATCH 1313/2538] Fix incorrect markdown rendering The docker document site [1] rendered the list of plugin implements incorrectly. [1]: https://docs.docker.com/engine/extend/plugin_api Signed-off-by: Yi EungJun --- docs/extend/plugin_api.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index 1e7ee24361..a799a13520 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -169,9 +169,10 @@ Responds with a list of Docker subsystems which this plugin implements. After activation, the plugin will then be sent events from this subsystem. Possible values are: - - [`authz`](plugins_authorization.md) - - [`NetworkDriver`](plugins_network.md) - - [`VolumeDriver`](plugins_volume.md) + +* [`authz`](plugins_authorization.md) +* [`NetworkDriver`](plugins_network.md) +* [`VolumeDriver`](plugins_volume.md) ## Plugin retries From a8a29fe7f512a3cb1660e9d92c1e5286a3df493d Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Thu, 7 Apr 2016 02:09:13 +0000 Subject: [PATCH 1314/2538] Fix deprecated format for security-opt Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 170dd35079..b37dd5ae80 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -608,8 +608,8 @@ with the same logic -- if the original volume was specified with a name it will to the container --security-opt="no-new-privileges" : Disable container processes from gaining new privileges - --security-opt="seccomp:unconfined": Turn off seccomp confinement for the container - --security-opt="seccomp:profile.json: White listed syscalls seccomp Json file to be used as a seccomp filter + --security-opt="seccomp=unconfined": Turn off seccomp confinement for the container + --security-opt="seccomp=profile.json: White listed syscalls seccomp Json file to be used as a seccomp filter You can override the default labeling scheme for each container by specifying From d4aad8509226590a23a046164bd8ce445490a240 Mon Sep 17 00:00:00 2001 From: Hyzhou <1187766782@qq.com> Date: Fri, 8 Apr 2016 08:52:10 +0800 Subject: [PATCH 1315/2538] Fix the docker image --no-trunk output format docker 1.10 change the output format of image id. Signed-off-by: hyzhou.zhy --- docs/reference/commandline/images.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index 8419fd0c52..9ab97684c4 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -85,16 +85,16 @@ If nothing matches `REPOSITORY[:TAG]`, the list is empty. ## Listing the full length image IDs $ docker images --no-trunc - REPOSITORY TAG IMAGE ID CREATED SIZE - 77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB - committest latest b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB - 78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - docker latest 30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB - 0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB - 18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB - f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB - tryout latest 2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB - 5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB + REPOSITORY TAG IMAGE ID CREATED SIZE + sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB + committest latest sha256:b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB + sha256:78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB + docker latest sha256:30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB + sha256:0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB + sha256:18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB + sha256:f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB + tryout latest sha256:2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB + sha256:5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB ## Listing image digests From 35bad4a91413e0e0b9217201f358c870472cd5da Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 8 Apr 2016 13:19:25 +0200 Subject: [PATCH 1316/2538] bash completion for `--log-opt syslog-format` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 66d04249c8..240f73369b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -415,7 +415,7 @@ __docker_complete_log_options() { local gelf_options="env gelf-address gelf-compression-level gelf-compression-type labels tag" local journald_options="env labels tag" local json_file_options="env labels max-file max-size" - local syslog_options="syslog-address syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify syslog-facility tag" + local syslog_options="syslog-address syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify syslog-facility tag" local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag" local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" @@ -507,6 +507,10 @@ __docker_complete_log_driver_options() { " -- "${cur##*=}" ) ) return ;; + syslog-format) + COMPREPLY=( $( compgen -W "rfc3164 rfc5424 rfc5424micro" -- "${cur##*=}" ) ) + return + ;; syslog-tls-@(ca-cert|cert|key)) _filedir return From 3b1ae8bbd646baa6f205c853e7ca7c2d5f3cefae Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 8 Apr 2016 13:43:45 +0200 Subject: [PATCH 1317/2538] bash completion for `docker volume ls -f {driver,name}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 240f73369b..b0f3ccd7ba 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2077,11 +2077,21 @@ _docker_volume_ls() { COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) ) return ;; + driver) + cur=${cur##*=} + __docker_complete_plugins Volume + return + ;; + name) + cur=${cur##*=} + __docker_complete_volumes + return + ;; esac case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "dangling" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "dangling driver name" -- "$cur" ) ) __docker_nospace return ;; From e450a54119c45ce6b13def89f4d7c6935bfb9e37 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 5 Apr 2016 19:30:35 +0000 Subject: [PATCH 1318/2538] Change HumanSize to BytesSize for memory output in `docker stats`. This fix tries to fix the discrepancy between `docker stats` and `docker run` where `docker run` uses RAMInBytes for all memory related inputs but `docker stats` uses HumanSize for all memory related outputs. To be consistent, `docker stats` needs to use BytesSize for all memory related outputs to conform to RAMInBytes in `docker run`. This fix addresses this issue. As BytesSize is used, the test cases needs to be adjusted to match `KiB/MiB/GiB` instead of `KB/MB/GB`. The documentation has also been updated. This fix fixes #21765. Signed-off-by: Yong Tang --- docs/reference/commandline/stats.md | 10 +++++----- man/docker-stats.1.md | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index 8ef7d6e152..d46a94e3a2 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -28,13 +28,13 @@ Running `docker stats` on all running containers $ docker stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O - 1285939c1fd3 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB - 9c76f7834ae2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B - d1ea048f04e4 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B + 1285939c1fd3 0.07% 796 KiB / 64 MiB 1.21% 788 B / 648 B 3.568 MB / 512 KB + 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B + d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B Running `docker stats` on multiple containers by name and id. $ docker stats fervent_panini 5acfcb1b4fd1 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O - 5acfcb1b4fd1 0.00% 115.2 MB/1.045 GB 11.03% 1.422 kB/648 B - fervent_panini 0.02% 11.08 MB/1.045 GB 1.06% 648 B/648 B + 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B + fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B diff --git a/man/docker-stats.1.md b/man/docker-stats.1.md index 520466b5b8..41c4b722a5 100644 --- a/man/docker-stats.1.md +++ b/man/docker-stats.1.md @@ -31,13 +31,13 @@ Running `docker stats` on all running containers $ docker stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O - 1285939c1fd3 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB - 9c76f7834ae2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B - d1ea048f04e4 0.03% 4.583 MB / 64 MB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B + 1285939c1fd3 0.07% 796 KiB / 64 MiB 1.21% 788 B / 648 B 3.568 MB / 512 KB + 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B + d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B Running `docker stats` on multiple containers by name and id. $ docker stats fervent_panini 5acfcb1b4fd1 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O - 5acfcb1b4fd1 0.00% 115.2 MB/1.045 GB 11.03% 1.422 kB/648 B - fervent_panini 0.02% 11.08 MB/1.045 GB 1.06% 648 B/648 B + 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B + fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B From cf2670b8baa0b5551b0a0f3870e22e1a0cd61419 Mon Sep 17 00:00:00 2001 From: Yi EungJun Date: Sat, 9 Apr 2016 19:15:55 +0900 Subject: [PATCH 1319/2538] Fix errata; s/RequestUri/ReqestURI/ Signed-off-by: Yi EungJun --- docs/extend/plugins_authorization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index a47cd2a55b..887fd9330e 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -154,7 +154,7 @@ should implement the following two methods: "User": "The user identification", "UserAuthNMethod": "The authentication method used", "RequestMethod": "The HTTP method", - "RequestUri": "The HTTP request URI", + "RequestURI": "The HTTP request URI", "RequestBody": "Byte array containing the raw HTTP request body", "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string ", "RequestStatusCode": "Request status code" @@ -179,7 +179,7 @@ should implement the following two methods: "User": "The user identification", "UserAuthNMethod": "The authentication method used", "RequestMethod": "The HTTP method", - "RequestUri": "The HTTP request URI", + "RequestURI": "The HTTP request URI", "RequestBody": "Byte array containing the raw HTTP request body", "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string", "RequestStatusCode": "Request status code", From b7f5138adb806705d5801dff0d156c633dd09f81 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 9 Apr 2016 17:34:46 +0200 Subject: [PATCH 1320/2538] Add zsh completion for '--log-opt syslog-format' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1351ae9579..cb007b90d4 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -216,7 +216,7 @@ __docker_get_log_options() { gelf_options=("env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag") journald_options=("env" "labels" "tag") json_file_options=("env" "labels" "max-file" "max-size") - syslog_options=("syslog-address" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "syslog-facility" "tag") + syslog_options=("syslog-address" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "syslog-facility" "tag") splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "tag") [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0 @@ -236,7 +236,15 @@ __docker_log_options() { integer ret=1 if compset -P '*='; then - _message 'value' && ret=0 + case "${${words[-1]%=*}#*=}" in + (syslog-format) + syslog_format_opts=('rfc3164' 'rfc5424') + _describe -t syslog-format-opts "Syslog format Options" syslog_format_opts && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac else __docker_get_log_options -qS "=" && ret=0 fi From 6d7b352715a3aeda5e9327a266b63e4d644ad167 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 9 Apr 2016 17:36:36 +0200 Subject: [PATCH 1321/2538] Add zsh completion for '--log-opt syslog-format=rfc5424micro' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index cb007b90d4..2eb673fe1f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -238,7 +238,7 @@ __docker_log_options() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in (syslog-format) - syslog_format_opts=('rfc3164' 'rfc5424') + syslog_format_opts=('rfc3164' 'rfc5424' 'rfc5424micro') _describe -t syslog-format-opts "Syslog format Options" syslog_format_opts && ret=0 ;; *) From 8feaef57405a0c576809dd0cfd3d77595c20070a Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 9 Apr 2016 18:19:31 +0200 Subject: [PATCH 1322/2538] Add zsh completion for 'docker volume ls -f {dangling,driver,name}' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 46 +++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2eb673fe1f..25f53c53e1 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -138,6 +138,17 @@ __docker_containers_names() { __docker_get_containers all names "$@" } +__docker_plugins() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + emulate -L zsh + setopt extendedglob + local -a plugins + plugins=(${(ps: :)${(M)${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Plugins:}%%$'\n'^ *}}:# $1: *}## $1: }) + _describe -t plugins "$1 plugins" plugins && ret=0 + return ret +} + __docker_images() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -427,6 +438,34 @@ __docker_network_subcommand() { return ret } +__docker_volume_complete_ls_filters() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (dangling) + dangling_opts=('true' 'false') + _describe -t dangling-filter-opts "Dangling Filter Options" dangling_opts && ret=0 + ;; + (driver) + __docker_plugins Volume && ret=0 + ;; + (name) + __docker_volumes && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + opts=('dangling' 'driver' 'name') + _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 + fi + + return ret +} + __docker_volumes() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -495,8 +534,13 @@ __docker_volume_subcommand() { (ls) _arguments $(__docker_arguments) \ $opts_help \ - "($help)*"{-f=,--filter=}"[Provide filter values (i.e. 'dangling=true')]:filter: " \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0 + case $state in + (filter-options) + __docker_volume_complete_ls_filters && ret=0 + ;; + esac ;; (rm) _arguments $(__docker_arguments) \ From 6ded7e827924c2a34bc1ff36c6c97638abde80bb Mon Sep 17 00:00:00 2001 From: Thomas Riccardi Date: Fri, 8 Apr 2016 11:23:48 +0200 Subject: [PATCH 1323/2538] Improve build cache miss doc for `ARG` and `RUN` The documentation already says the cache miss happens only at `ARG` variable usage, not declaration, but there is a very common implicit usage: `RUN`, which this commit documents even more, improving on #21790. Also, use `definition` instead of `declaration`: it's the same thing, and `definition` is already used in this documentation, contrary to `declaration`. Also, distinguish between "instructions" and "variables defined by `ARG` instructions". Signed-off-by: Thomas Riccardi --- docs/reference/builder.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index a932276b75..f1838ee0ea 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1174,8 +1174,9 @@ To use these, simply pass them on the command line using the `--build-arg `ARG` variables are not persisted into the built image as `ENV` variables are. However, `ARG` variables do impact the build cache in similar ways. If a Dockerfile defines an `ARG` variable whose value is different from a previous -build, then a "cache miss" occurs upon first use of the `ARG` variable. The -declaration of the `ARG` variable does not count as a use. +build, then a "cache miss" occurs upon its first usage, not its definition. In +particular, all `RUN` instructions following an `ARG` instruction use the `ARG` +variable implicitly (as an environment variable), thus can cause a cache miss. For example, consider these two Dockerfile: From 8850c4ab6e9dbc1fb3acb7a321fa449784274478 Mon Sep 17 00:00:00 2001 From: Mary Anthony Date: Tue, 12 Apr 2016 12:20:03 -0700 Subject: [PATCH 1324/2538] Fixes #21701 devicemapper docs Copy edit the content Updates to existing material Adding mbentley's comments Updating with last minute comments Update with Seb's comments Signed-off-by: Mary Anthony --- docs/reference/commandline/daemon.md | 42 ++++++++++--------- man/docker-daemon.8.md | 62 ++++++++++++++++------------ 2 files changed, 59 insertions(+), 45 deletions(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 5ca00242c7..796a04c3fd 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -195,17 +195,17 @@ options for `zfs` start with `zfs`. to create and manage the thin-pool volume. This volume is then handed to Docker to exclusively create snapshot volumes needed for images and containers. - Managing the thin-pool outside of Docker makes for the most feature-rich + Managing the thin-pool outside of Engine makes for the most feature-rich method of having Docker utilize device mapper thin provisioning as the - backing storage for Docker's containers. The highlights of the lvm-based + backing storage for Docker containers. The highlights of the lvm-based thin-pool management feature include: automatic or interactive thin-pool resize support, dynamically changing thin-pool features, automatic thinp metadata checking when lvm activates the thin-pool, etc. - As a fallback if no thin pool is provided, loopback files will be + As a fallback if no thin pool is provided, loopback files are created. Loopback is very slow, but can be used without any pre-configuration of storage. It is strongly recommended that you do - not use loopback in production. Ensure your Docker daemon has a + not use loopback in production. Ensure your Engine daemon has a `--storage-opt dm.thinpooldev` argument provided. Example use: @@ -441,29 +441,33 @@ options for `zfs` start with `zfs`. * `dm.min_free_space` - Specifies the min free space percent in thin pool require for new device + Specifies the min free space percent in a thin pool require for new device creation to succeed. This check applies to both free data space as well as free metadata space. Valid values are from 0% - 99%. Value 0% disables - free space checking logic. If user does not specify a value for this optoin, - then default value for this option is 10%. + free space checking logic. If user does not specify a value for this option, + the Engine uses a default value of 10%. - Whenever a new thin pool device is created (during docker pull or - during container creation), docker will check minimum free space is - available as specified by this parameter. If that is not the case, then - device creation will fail and docker operation will fail. + Whenever a new a thin pool device is created (during `docker pull` or during + container creation), the Engine checks if the minimum free space is + available. If sufficient space is unavailable, then device creation fails + and any relevant `docker` operation fails. - One will have to create more free space in thin pool to recover from the - error. Either delete some of the images and containers from thin pool and - create free space or add more storage to thin pool. + To recover from this error, you must create more free space in the thin pool + to recover from the error. You can create free space by deleting some images + and containers from the thin pool. You can also add more storage to the thin + pool. - For lvm thin pool, one can add more storage to volume group container thin - pool and that should automatically resolve it. If loop devices are being - used, then stop docker, grow the size of loop files and restart docker and - that should resolve the issue. + To add more space to a LVM (logical volume management) thin pool, just add + more storage to the volume group container thin pool; this should automatically + resolve any errors. If your configuration uses loop devices, then stop the + Engine daemon, grow the size of loop files and restart the daemon to resolve + the issue. Example use: - $ docker daemon --storage-opt dm.min_free_space=10% + ```bash + $ docker daemon --storage-opt dm.min_free_space=10% + ``` Currently supported options of `zfs`: diff --git a/man/docker-daemon.8.md b/man/docker-daemon.8.md index cdc7781782..2b95133bdb 100644 --- a/man/docker-daemon.8.md +++ b/man/docker-daemon.8.md @@ -269,19 +269,27 @@ allocating images and container snapshots. Specifies a custom block storage device to use for the thin pool. -If using a block device for device mapper storage, it is best to use -`lvm` to create and manage the thin-pool volume. This volume is then -handed to Docker to create snapshot volumes needed for images and -containers. +If using a block device for device mapper storage, it is best to use `lvm` +to create and manage the thin-pool volume. This volume is then handed to Docker +to exclusively create snapshot volumes needed for images and containers. -Managing the thin-pool outside of Docker makes for the most feature-rich method -of having Docker utilize device mapper thin provisioning as the backing storage -for Docker's containers. The highlights of the LVM-based thin-pool management -feature include: automatic or interactive thin-pool resize support, dynamically -changing thin-pool features, automatic thinp metadata checking when lvm activates -the thin-pool, etc. +Managing the thin-pool outside of Engine makes for the most feature-rich +method of having Docker utilize device mapper thin provisioning as the +backing storage for Docker containers. The highlights of the lvm-based +thin-pool management feature include: automatic or interactive thin-pool +resize support, dynamically changing thin-pool features, automatic thinp +metadata checking when lvm activates the thin-pool, etc. -Example use: `docker daemon --storage-opt dm.thinpooldev=/dev/mapper/thin-pool` +As a fallback if no thin pool is provided, loopback files are +created. Loopback is very slow, but can be used without any +pre-configuration of storage. It is strongly recommended that you do +not use loopback in production. Ensure your Engine daemon has a +`--storage-opt dm.thinpooldev` argument provided. + +Example use: + + $ docker daemon \ + --storage-opt dm.thinpooldev=/dev/mapper/thin-pool #### dm.basesize @@ -471,27 +479,29 @@ daemon with a supported environment. #### dm.min_free_space -Specifies the min free space percent in thin pool require for new device +Specifies the min free space percent in a thin pool require for new device creation to succeed. This check applies to both free data space as well as free metadata space. Valid values are from 0% - 99%. Value 0% disables -free space checking logic. If user does not specify a value for this optoin, -then default value for this option is 10%. +free space checking logic. If user does not specify a value for this option, +the Engine uses a default value of 10%. -Whenever a new thin pool device is created (during docker pull or -during container creation), docker will check minimum free space is -available as specified by this parameter. If that is not the case, then -device creation will fail and docker operation will fail. +Whenever a new a thin pool device is created (during `docker pull` or during +container creation), the Engine checks if the minimum free space is +available. If the space is unavailable, then device creation fails and any +relevant `docker` operation fails. -One will have to create more free space in thin pool to recover from the -error. Either delete some of the images and containers from thin pool and -create free space or add more storage to thin pool. +To recover from this error, you must create more free space in the thin pool to +recover from the error. You can create free space by deleting some images +and containers from tge thin pool. You can also add +more storage to the thin pool. -For lvm thin pool, one can add more storage to volume group container thin -pool and that should automatically resolve it. If loop devices are being -used, then stop docker, grow the size of loop files and restart docker and -that should resolve the issue. +To add more space to an LVM (logical volume management) thin pool, just add +more storage to the group container thin pool; this should automatically +resolve any errors. If your configuration uses loop devices, then stop the +Engine daemon, grow the size of loop files and restart the daemon to resolve +the issue. -Example use: `docker daemon --storage-opt dm.min_free_space=10%` +Example use:: `docker daemon --storage-opt dm.min_free_space=10%` ## ZFS options From a60c612a0456c551bb45bdb9d3197bf532e1fd42 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Tue, 29 Mar 2016 08:24:28 -0400 Subject: [PATCH 1325/2538] Add support for setting sysctls This patch will allow users to specify namespace specific "kernel parameters" for running inside of a container. Signed-off-by: Dan Walsh --- contrib/completion/bash/docker | 1 + contrib/completion/zsh/_docker | 1 + docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 28 +++++++++++++++++++++++ man/docker-create.1.md | 16 ++++++++++++++ man/docker-run.1.md | 33 ++++++++++++++++++++++++++++ 6 files changed, 80 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b0f3ccd7ba..51c6a0207f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1671,6 +1671,7 @@ _docker_run() { --shm-size --stop-signal --tmpfs + --sysctl --ulimit --user -u --userns diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 25f53c53e1..a66b3457ca 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -644,6 +644,7 @@ __docker_subcommand() { "($help)--privileged[Give extended privileges to this container]" "($help)--read-only[Mount the container's root filesystem as read only]" "($help)*--security-opt=[Security options]:security option: " + "($help)*--sysctl=-[sysctl options]:sysctl: " "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" "($help)--tmpfs[mount tmpfs]" diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 0540b3f34a..3e4024374c 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -82,6 +82,7 @@ Creates a new container. --stop-signal="SIGTERM" Signal to stop a container --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. --storage-opt=[] Set storage driver options per container + --sysctl[=*[]*]] Configure namespaced kernel parameters at runtime -t, --tty Allocate a pseudo-TTY -u, --user="" Username or UID --userns="" Container user namespace diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 00438bebad..67e0010232 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -84,6 +84,7 @@ parent = "smn_cli" --sig-proxy=true Proxy received signals to the process --stop-signal="SIGTERM" Signal to stop a container --storage-opt=[] Set storage driver options per container + --sysctl[=*[]*]] Configure namespaced kernel parameters at runtime -t, --tty Allocate a pseudo-TTY -u, --user="" Username or UID (format: [:]) --userns="" Container user namespace @@ -620,3 +621,30 @@ If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, $ docker run -d --isolation default busybox top $ docker run -d --isolation hyperv busybox top ``` + +### Configure namespaced kernel parameters (sysctls) at runtime + +The `--sysctl` sets namespaced kernel parameters (sysctls) in the +container. For example, to turn on IP forwarding in the containers +network namespace, run this command: + + $ docker run --sysctl net.ipv4.ip_forward=1 someimage + + +> **Note**: Not all sysctls are namespaced. docker does not support changing sysctls +> inside of a container that also modify the host system. As the kernel +> evolves we expect to see more sysctls become namespaced. + +#### Currently supported sysctls + + `IPC Namespace`: + + kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced + Sysctls beginning with fs.mqueue.* + + If you use the `--ipc=host` option these sysctls will not be allowed. + + `Network Namespace`: + Sysctls beginning with net.* + + If you use the `--net=host` option using these sysctls will not be allowed. diff --git a/man/docker-create.1.md b/man/docker-create.1.md index d3cb85c78c..3f90a3a1d8 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -67,6 +67,7 @@ docker-create - Create a new container [**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] +[**--sysctl**[=*[]*]] [**-t**|**--tty**] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] @@ -336,6 +337,21 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. +**--sysctl**=SYSCTL + Configure namespaced kernel parameters at runtime + + IPC Namespace - current sysctls allowed: + + kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced + Sysctls beginning with fs.mqueue.* + + Note: if you use --ipc=host using these sysctls will not be allowed. + + Network Namespace - current sysctls allowed: + Sysctls beginning with net.* + + Note: if you use --net=host using these sysctls will not be allowed. + **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index e6757fc512..921ff9a07b 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -71,6 +71,7 @@ docker-run - Run a command in a new container [**--stop-signal**[=*SIGNAL*]] [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] +[**--sysctl**[=*[]*]] [**-t**|**--tty**] [**--tmpfs**[=*[CONTAINER-DIR[:]*]] [**-u**|**--user**[=*USER*]] @@ -492,6 +493,21 @@ its root filesystem mounted as read only prohibiting any writes. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. +**--sysctl**=SYSCTL + Configure namespaced kernel parameters at runtime + + IPC Namespace - current sysctls allowed: + + kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced + Sysctls beginning with fs.mqueue.* + + If you use the `--ipc=host` option these sysctls will not be allowed. + + Network Namespace - current sysctls allowed: + Sysctls beginning with net.* + + If you use the `--net=host` option these sysctls will not be allowed. + **--sig-proxy**=*true*|*false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. @@ -955,6 +971,23 @@ $ docker run -d --isolation default busybox top $ docker run -d --isolation hyperv busybox top ``` +## Setting Namespaced Kernel Parameters (Sysctls) + +The `--sysctl` sets namespaced kernel parameters (sysctls) in the +container. For example, to turn on IP forwarding in the containers +network namespace, run this command: + + $ docker run --sysctl net.ipv4.ip_forward=1 someimage + +Note: + +Not all sysctls are namespaced. docker does not support changing sysctls +inside of a container that also modify the host system. As the kernel +evolves we expect to see more sysctls become namespaced. + +See the definition of the `--sysctl` option above for the current list of +supported sysctls. + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 9064b8e12177a90c93e379cc3285616d4e796b49 Mon Sep 17 00:00:00 2001 From: Thomas Gazagnaire Date: Wed, 13 Apr 2016 18:11:39 +0100 Subject: [PATCH 1326/2538] Graphdriver docs (#22003) * Fix closing strings in graphdriver plugin documentation Signed-off-by: Thomas Gazagnaire * Fix documenation for Err type in graphdriver plugins Fix https://github.com/docker/go-plugins-helpers/issues/24 Signed-off-by: Thomas Gazagnaire * Add missing MountLabel argument in graphdriver plugin documentation The real `Create` seems also to take more arguments (the `storageOpt`) which are not exposed to the plugin API (yet?). Signed-off-by: Thomas Gazagnaire * Add missing CreateReadWrite in graphdriver plugin documentation Signed-off-by: Thomas Gazagnaire --- experimental/plugins_graphdriver.md | 57 ++++++++++++++++++----------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/experimental/plugins_graphdriver.md b/experimental/plugins_graphdriver.md index 6a85548927..1a291e0d52 100644 --- a/experimental/plugins_graphdriver.md +++ b/experimental/plugins_graphdriver.md @@ -37,11 +37,11 @@ through from the user. **Response**: ``` { - "Err": null + "Err": "" } ``` -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. ### /GraphDriver.Create @@ -51,22 +51,35 @@ Respond with a string error if an error occurred. { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" + "MountLabel": "" } ``` -Create a new, empty, filesystem layer with the specified `ID` and `Parent`. -`Parent` may be an empty string, which would indicate that there is no parent -layer. +Create a new, empty, read-only filesystem layer with the specified +`ID`, `Parent` and `MountLabel`. `Parent` may be an empty string, +which would indicate that there is no parent layer. **Response**: ``` { - "Err: null + "Err": "" } ``` -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. +### /GraphDriver.CreateReadWrite + +**Request**: +``` +{ + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", + "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" + "MountLabel": "" +} +``` + +Similar to `/GraphDriver.Create` but creates a read-write filesystem layer. ### /GraphDriver.Remove @@ -82,11 +95,11 @@ Remove the filesystem layer with this given `ID`. **Response**: ``` { - "Err: null + "Err": "" } ``` -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. ### /GraphDriver.Get @@ -109,7 +122,7 @@ Get the mountpoint for the layered filesystem referred to by the given `ID`. ``` Respond with the absolute path to the mounted layered filesystem. -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. ### /GraphDriver.Put @@ -126,11 +139,11 @@ filesystem layer. **Response**: ``` { - "Err: null + "Err": "" } ``` -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. ### /GraphDriver.Exists @@ -189,13 +202,13 @@ with the specified `ID` ``` { "Metadata": {}, - "Err": null + "Err": "" } ``` Respond with a set of key/value pairs containing the low-level diagnostic information about the layered filesystem. -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. ### /GraphDriver.Cleanup @@ -210,11 +223,11 @@ unmounting all the layered file systems. **Response**: ``` { - "Err: null + "Err": "" } ``` -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. ### /GraphDriver.Diff @@ -252,7 +265,7 @@ Get a list of changes between the filesystem layers specified by the `ID` and ``` { "Changes": [{}], - "Err": null + "Err": "" } ``` @@ -269,7 +282,7 @@ changed and `Kind` is an integer specifying the type of change that occurred: - 1 - Added - 2 - Deleted -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. ### /GraphDriver.ApplyDiff @@ -290,12 +303,12 @@ and `Parent` ``` { "Size": 512366, - "Err": null + "Err": "" } ``` Respond with the size of the new layer in bytes. -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. ### /GraphDriver.DiffSize @@ -313,9 +326,9 @@ Calculate the changes between the specified `ID` ``` { "Size": 512366, - "Err": null + "Err": "" } ``` Respond with the size changes between the specified `ID` and `Parent` -Respond with a string error if an error occurred. +Respond with a non-empty string error if an error occurred. From 31e123d31446eb2a68c47a7ac0b3d88f89fd3920 Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Fri, 4 Mar 2016 17:24:09 -0800 Subject: [PATCH 1327/2538] Add CPU count and maximum resource controls for Windows Signed-off-by: Darren Stahl --- docs/reference/commandline/run.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 67e0010232..c4392d0f05 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -23,6 +23,7 @@ parent = "smn_cli" --cap-drop=[] Drop Linux capabilities --cgroup-parent="" Optional parent cgroup for the container --cidfile="" Write the container ID to the file + --cpu-percent=0 Limit percentage of CPU available for execution by the container. Windows daemon only. --cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period --cpu-quota=0 Limit CPU CFS (Completely Fair Scheduler) quota --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) From a84e11aaf8bc9c3873393db2da6b1edb7d526acb Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 7 Mar 2016 15:44:43 -0500 Subject: [PATCH 1328/2538] Allow volume drivers to provide a `Status` field The `Status` field is a `map[string]interface{}` which allows the driver to pass back low-level details about the underlying volume. Signed-off-by: Brian Goff --- docs/extend/plugins_volume.md | 16 ++++++++++++++++ docs/reference/commandline/volume_inspect.md | 5 +++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index cb1bebf581..88798497c3 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -15,6 +15,21 @@ external storage systems, such as Amazon EBS, and enable data volumes to persist beyond the lifetime of a single Engine host. See the [plugin documentation](plugins.md) for more information. +## Changelog + +### 1.12.0 + +- Add `Status` field to `VolumeDriver.Get` response ([#21006](https://github.com/docker/docker/pull/21006#)) + +### 1.10.0 + +- Add `VolumeDriver.Get` which gets the details about the volume ([#16534](https://github.com/docker/docker/pull/16534)) +- Add `VolumeDriver.List` which lists all volumes owned by the driver ([#16534](https://github.com/docker/docker/pull/16534)) + +### 1.8.0 + +- Initial support for volume driver plugins ([#14659](https://github.com/docker/docker/pull/14659)) + ## Command-line changes A volume plugin makes use of the `-v`and `--volume-driver` flag on the `docker run` command. The `-v` flag accepts a volume name and the `--volume-driver` flag a driver type, for example: @@ -183,6 +198,7 @@ Get the volume info. "Volume": { "Name": "volume_name", "Mountpoint": "/path/to/directory/on/host", + "Status": {} }, "Err": "" } diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 8fdd34d93b..7359c2b5a4 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -32,7 +32,8 @@ Example output: { "Name": "85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d", "Driver": "local", - "Mountpoint": "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data" + "Mountpoint": "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data", + "Status": null } ] @@ -44,4 +45,4 @@ Example output: * [volume create](volume_create.md) * [volume ls](volume_ls.md) * [volume rm](volume_rm.md) -* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) \ No newline at end of file +* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) From f10add47fa303e70fb3d72fe66608d04d6c4a690 Mon Sep 17 00:00:00 2001 From: Jared Hocutt Date: Tue, 19 Apr 2016 11:05:05 -0400 Subject: [PATCH 1329/2538] Add the NetApp Docker Volume Plugin to the documentation Signed-off-by: Jared Hocutt --- docs/extend/plugins.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 01d68eaced..9c6854ef84 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -106,6 +106,12 @@ The following plugins exist: a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. +* The [NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) provides + direct integration with the Docker ecosystem for the NetApp storage portfolio. + The nDVP package supports the provisioning and management of + storage resources from the storage platform to Docker hosts, with a robust + framework for adding additional platforms in the future. + ## Troubleshooting a plugin If you are having problems with Docker after loading a plugin, ask the authors From 0a8f5574b4e7495c67b3a13f35e231504470bc1b Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Thu, 24 Mar 2016 14:31:19 +0000 Subject: [PATCH 1330/2538] Add network label filter support This patch did following: 1) Make filter check logic same as `docker ps ` filters Right now docker container logic work as following: when same filter used like below: -f name=jack -f name=tom it would get all containers name is jack or tom(it is or logic) when different filter used like below: -f name=jack -f id=7d1 it would get all containers name is jack and id contains 7d1(it is and logic) It would make sense in many user cases, but it did lack of compliate filter cases, like "I want to get containers name is jack or id=7d1", it could work around use (get id=7d1 containers' name and get name=jack containers, and then construct the final containers, they could be done in user side use shell or rest API) 2) Fix one network filter bug which could include duplicate result when use -f name= -f id=, it would get duplicate results 3) Make id filter same as container id filter, which means match any string. not use prefix match. It is for consistent match logic Closes: #21417 Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/network_ls.md | 113 ++++++++++++++--------- man/docker-network-ls.1.md | 113 ++++++++++++++--------- 2 files changed, 136 insertions(+), 90 deletions(-) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index b12957a3a4..564c8be9d2 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -52,54 +52,10 @@ Multiple filter flags are combined as an `OR` filter. For example, The currently supported filters are: * id (network's id) +* label (`label=` or `label==`) * name (network's name) * type (custom|builtin) -#### Type - -The `type` filter supports two values; `builtin` displays predefined networks -(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. - -The following filter matches all user defined networks: - -```bash -$ docker network ls --filter type=custom -NETWORK ID NAME DRIVER -95e74588f40d foo bridge -63d1ff1f77b0 dev bridge -``` - -By having this flag it allows for batch cleanup. For example, use this filter -to delete all user defined networks: - -```bash -$ docker network rm `docker network ls --filter type=custom -q` -``` - -A warning will be issued when trying to remove a network that has containers -attached. - -#### Name - -The `name` filter matches on all or part of a network's name. - -The following filter matches all networks with a name containing the `foobar` string. - -```bash -$ docker network ls --filter name=foobar -NETWORK ID NAME DRIVER -06e7eef0a170 foobar bridge -``` - -You can also filter for a substring in a name as this shows: - -```bash -$ docker network ls --filter name=foo -NETWORK ID NAME DRIVER -95e74588f40d foo bridge -06e7eef0a170 foobar bridge -``` - #### ID The `id` filter matches on all or part of a network's ID. @@ -125,6 +81,73 @@ NETWORK ID NAME DRIVER 95e74588f40d foo bridge ``` +#### Label + +The `label` filter matches containers based on the presence of a `label` alone or a `label` and a +value. + +The following filter matches networks with the `usage` label regardless of its value. + +```bash +$ docker network ls -f "label=usage" +NETWORK ID NAME DRIVER +db9db329f835 test1 bridge +f6e212da9dfd test2 bridge +``` + +The following filter matches containers with the `usage` label with the `prod` value. + +```bash +$ docker network ls -f "label=usage=prod" +NETWORK ID NAME DRIVER +f6e212da9dfd test2 bridge +``` + +#### Name + +The `name` filter matches on all or part of a network's name. + +The following filter matches all networks with a name containing the `foobar` string. + +```bash +$ docker network ls --filter name=foobar +NETWORK ID NAME DRIVER +06e7eef0a170 foobar bridge +``` + +You can also filter for a substring in a name as this shows: + +```bash +$ docker network ls --filter name=foo +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +06e7eef0a170 foobar bridge +``` + +#### Type + +The `type` filter supports two values; `builtin` displays predefined networks +(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. + +The following filter matches all user defined networks: + +```bash +$ docker network ls --filter type=custom +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +63d1ff1f77b0 dev bridge +``` + +By having this flag it allows for batch cleanup. For example, use this filter +to delete all user defined networks: + +```bash +$ docker network rm `docker network ls --filter type=custom -q` +``` + +A warning will be issued when trying to remove a network that has containers +attached. + ## Related information * [network disconnect ](network_disconnect.md) diff --git a/man/docker-network-ls.1.md b/man/docker-network-ls.1.md index 56a8334ae4..ff459059e7 100644 --- a/man/docker-network-ls.1.md +++ b/man/docker-network-ls.1.md @@ -47,54 +47,10 @@ Multiple filter flags are combined as an `OR` filter. For example, The currently supported filters are: * id (network's id) +* label (`label=` or `label==`) * name (network's name) * type (custom|builtin) -#### Type - -The `type` filter supports two values; `builtin` displays predefined networks -(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. - -The following filter matches all user defined networks: - -```bash -$ docker network ls --filter type=custom -NETWORK ID NAME DRIVER -95e74588f40d foo bridge -63d1ff1f77b0 dev bridge -``` - -By having this flag it allows for batch cleanup. For example, use this filter -to delete all user defined networks: - -```bash -$ docker network rm `docker network ls --filter type=custom -q` -``` - -A warning will be issued when trying to remove a network that has containers -attached. - -#### Name - -The `name` filter matches on all or part of a network's name. - -The following filter matches all networks with a name containing the `foobar` string. - -```bash -$ docker network ls --filter name=foobar -NETWORK ID NAME DRIVER -06e7eef0a170 foobar bridge -``` - -You can also filter for a substring in a name as this shows: - -```bash -$ docker network ls --filter name=foo -NETWORK ID NAME DRIVER -95e74588f40d foo bridge -06e7eef0a170 foobar bridge -``` - #### ID The `id` filter matches on all or part of a network's ID. @@ -120,6 +76,73 @@ NETWORK ID NAME DRIVER 95e74588f40d foo bridge ``` +#### Label + +The `label` filter matches containers based on the presence of a `label` alone or a `label` and a +value. + +The following filter matches networks with the `usage` label regardless of its value. + +```bash +$ docker network ls -f "label=usage" +NETWORK ID NAME DRIVER +db9db329f835 test1 bridge +f6e212da9dfd test2 bridge +``` + +The following filter matches containers with the `usage` label with the `prod` value. + +```bash +$ docker network ls -f "label=usage=prod" +NETWORK ID NAME DRIVER +f6e212da9dfd test2 bridge +``` + +#### Name + +The `name` filter matches on all or part of a network's name. + +The following filter matches all networks with a name containing the `foobar` string. + +```bash +$ docker network ls --filter name=foobar +NETWORK ID NAME DRIVER +06e7eef0a170 foobar bridge +``` + +You can also filter for a substring in a name as this shows: + +```bash +$ docker network ls --filter name=foo +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +06e7eef0a170 foobar bridge +``` + +#### Type + +The `type` filter supports two values; `builtin` displays predefined networks +(`bridge`, `none`, `host`), whereas `custom` displays user defined networks. + +The following filter matches all user defined networks: + +```bash +$ docker network ls --filter type=custom +NETWORK ID NAME DRIVER +95e74588f40d foo bridge +63d1ff1f77b0 dev bridge +``` + +By having this flag it allows for batch cleanup. For example, use this filter +to delete all user defined networks: + +```bash +$ docker network rm `docker network ls --filter type=custom -q` +``` + +A warning will be issued when trying to remove a network that has containers +attached. + # OPTIONS **-f**, **--filter**=*[]* From ddf0b9e8731b8e8ba10df8bcfd131063339945fb Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Wed, 20 Apr 2016 11:14:47 +0800 Subject: [PATCH 1331/2538] Fix asa Signed-off-by: Wen Cheng Ma --- docs/extend/plugins_network.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index ac07273219..aad01ba29a 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -13,7 +13,7 @@ parent = "engine_extend" Docker Engine network plugins enable Engine deployments to be extended to support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN or something completely different. Network driver plugins are supported via the -LibNetwork project. Each plugin is implemented asa "remote driver" for +LibNetwork project. Each plugin is implemented as a "remote driver" for LibNetwork, which shares plugin infrastructure with Engine. Effectively, network driver plugins are activated in the same way as other plugins, and use the same kind of protocol. From a24fe070bb79a2251c949b47ea1f73251806cb80 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Apr 2016 13:43:33 +0200 Subject: [PATCH 1332/2538] docs: use tables for available plugins Signed-off-by: Sebastiaan van Stijn --- docs/extend/plugins.md | 102 +++++++++++------------------------------ 1 file changed, 28 insertions(+), 74 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 9c6854ef84..7eec419c97 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -31,86 +31,40 @@ Follow the instructions in the plugin's documentation. ## Finding a plugin -The following plugins exist: +The sections below provide an inexhaustive overview of available plugins. -* The [Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) - is a volume plugin that provides access to an extensible set of - container-based persistent storage options. It supports single and multi-host Docker - environments with features that include tenant isolation, automated - provisioning, encryption, secure deletion, snapshots and QoS. + -* The [Convoy plugin](https://github.com/rancher/convoy) is a volume plugin for a - variety of storage back-ends including device mapper and NFS. It's a simple standalone - executable written in Go and provides the framework to support vendor-specific extensions - such as snapshots, backups and restore. +### Network plugins -* The [Flocker plugin](https://clusterhq.com/docker-plugin/) is a volume plugin - which provides multi-host portable volumes for Docker, enabling you to run - databases and other stateful containers and move them around across a cluster - of machines. +Plugin | Description +----------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +[Contiv Networking](https://github.com/contiv/netplugin) | An open source network plugin to provide infrastructure and security policies for a multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards. +[Kuryr Network Plugin](https://github.com/openstack/kuryr) | A network plugin is developed as part of the OpenStack Kuryr project and implements the Docker networking (libnetwork) remote driver API by utilizing Neutron, the OpenStack networking service. It includes an IPAM driver as well. +[Weave Network Plugin](http://docs.weave.works/weave/latest_release/plugin.html) | A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. -* The [GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs) is - another volume plugin that provides multi-host volumes management for Docker - using GlusterFS. +### Volume plugins -* The [Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) allows on-demand, - version controlled access to your data. Horcrux is an open-source plugin, - written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3. +Plugin | Description +----------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +[Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. +[Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption using ceph underneath. +[Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. +[Flocker plugin](https://clusterhq.com/docker-plugin/) | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines. +[gce-docker plugin](https://github.com/mcuadros/gce-docker) | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks). +[GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs) | A volume plugin that provides multi-host volumes management for Docker using GlusterFS. +[Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3. +[IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs) | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume. +[Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) | A plugin that provides credentials and secret management using Keywhiz as a central repository. +[Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. +[NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future. +[Netshare plugin](https://github.com/gondor/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. +[OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. +[Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. +[REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. -* The [IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs) - is an open source volume plugin that allows using an - [ipfs](https://ipfs.io/) filesystem as a volume. - -* The [Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) is - a plugin that provides credentials and secret management using Keywhiz as - a central repository. - -* The [Netshare plugin](https://github.com/gondor/docker-volume-netshare) is a volume plugin - that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. - -* The [gce-docker plugin](https://github.com/mcuadros/gce-docker) is a volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks). - -* The [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) is a cluster aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. - -* The [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. - -* The [REX-Ray plugin](https://github.com/emccode/rexray) is a volume plugin - which is written in Go and provides advanced storage functionality for many - platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. - -* The [Contiv Volume Plugin](https://github.com/contiv/volplugin) is an open - source volume plugin that provides multi-tenant, persistent, distributed storage - with intent based consumption using ceph underneath. - -* The [Contiv Networking](https://github.com/contiv/netplugin) is an open source - libnetwork plugin to provide infrastructure and security policies for a - multi-tenant micro services deployment, while providing an integration to - physical network for non-container workload. Contiv Networking implements the - remote driver and IPAM APIs available in Docker 1.9 onwards. - -* The [Weave Network Plugin](http://docs.weave.works/weave/latest_release/plugin.html) - creates a virtual network that connects your Docker containers - - across multiple hosts or clouds and enables automatic discovery of - applications. Weave networks are resilient, partition tolerant, - secure and work in partially connected networks, and other adverse - environments - all configured with delightful simplicity. - -* The [Kuryr Network Plugin](https://github.com/openstack/kuryr) is - developed as part of the OpenStack Kuryr project and implements the - Docker networking (libnetwork) remote driver API by utilizing - Neutron, the OpenStack networking service. It includes an IPAM - driver as well. - -* The [Local Persist Plugin](https://github.com/CWSpear/local-persist) - extends the default `local` driver's functionality by allowing you specify - a mountpoint anywhere on the host, which enables the files to *always persist*, - even if the volume is removed via `docker volume rm`. - -* The [NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) provides - direct integration with the Docker ecosystem for the NetApp storage portfolio. - The nDVP package supports the provisioning and management of - storage resources from the storage platform to Docker hosts, with a robust - framework for adding additional platforms in the future. ## Troubleshooting a plugin From 6a5870dcfab33f671ebbdffb3c2172bddf88a876 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Thu, 21 Apr 2016 03:24:10 +0000 Subject: [PATCH 1333/2538] Fix the old exit status example Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/run.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index b37dd5ae80..3b9b16c8f5 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -562,20 +562,18 @@ the exit codes follow the `chroot` standard, see below: **_126_** if the **_contained command_** cannot be invoked $ docker run busybox /etc; echo $? - # exec: "/etc": permission denied - docker: Error response from daemon: Contained command could not be invoked + # docker: Error response from daemon: Container command '/etc' could not be invoked. 126 **_127_** if the **_contained command_** cannot be found $ docker run busybox foo; echo $? - # exec: "foo": executable file not found in $PATH - docker: Error response from daemon: Contained command not found or does not exist + # docker: Error response from daemon: Container command 'foo' not found or does not exist. 127 **_Exit code_** of **_contained command_** otherwise - $ docker run busybox /bin/sh -c 'exit 3' + $ docker run busybox /bin/sh -c 'exit 3'; echo $? # 3 ## Clean up (--rm) From 4b30db603b10d354ee97551ebdd73c095b5320d0 Mon Sep 17 00:00:00 2001 From: Dimitry Andric Date: Wed, 20 Apr 2016 17:30:44 +0200 Subject: [PATCH 1334/2538] The daemon.json storage-opts settings is actually a list. Signed-off-by: Dimitry Andric --- docs/reference/commandline/daemon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/daemon.md index 796a04c3fd..36df746501 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/daemon.md @@ -888,7 +888,7 @@ This is a full example of the allowed configuration options in the file: "exec-opts": [], "exec-root": "", "storage-driver": "", - "storage-opts": "", + "storage-opts": [], "labels": [], "log-driver": "", "log-opts": [], From 610c6531726379465fe798f5a06fb6af7a5876d0 Mon Sep 17 00:00:00 2001 From: Ke Xu Date: Thu, 21 Apr 2016 16:06:09 +0900 Subject: [PATCH 1335/2538] add zsh completion for 'docker {build,create,run} --disable-content-trust' Signed-off-by: Ke Xu --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a66b3457ca..d90a9d65d7 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -589,6 +589,7 @@ __docker_subcommand() { opts_build_create_run=( "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" + "($help)--disable-content-trust[Skip image verification]" "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " "($help)*--ulimit=[ulimit options]:ulimit: " "($help)--userns=[Container user namespace]:user namespace:(host)" From d192f97accd9499d36be2a5c6092e9b9ecea80ac Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Apr 2016 16:45:43 +0200 Subject: [PATCH 1336/2538] docs: add note about MAC addresses not being unique Signed-off-by: Sebastiaan van Stijn --- docs/reference/run.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 3b9b16c8f5..11503b2a8e 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -291,7 +291,8 @@ you can override this with `--dns`. By default, the MAC address is generated using the IP address allocated to the container. You can set the container's MAC address explicitly by providing a -MAC address via the `--mac-address` parameter (format:`12:34:56:78:9a:bc`). +MAC address via the `--mac-address` parameter (format:`12:34:56:78:9a:bc`).Be +aware that Docker does not check if manually specified MAC addresses are unique. Supported networks : From 0da8f977cbdede32b251258cbf74db9c93520d7a Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Tue, 19 Apr 2016 13:50:09 +0800 Subject: [PATCH 1337/2538] Deprecated of docker ps since and before options for v1.12 Deprecated note https://github.com/docker/docker/blob/master/docs/deprecated.md#docker-ps-before-and-since-options Signed-off-by: Wen Cheng Ma --- docs/deprecated.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index f1c1fb0a77..e9b3d73071 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -48,7 +48,7 @@ defining it at container creation (`POST /containers/create`). **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Target For Removal In Release: v1.12** +**Removed In Release: v1.12** The `docker ps --before` and `docker ps --since` options are deprecated. Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. From bd299d2555ebbbaca19598df74bff972ad7e2723 Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Wed, 24 Feb 2016 17:51:46 -0800 Subject: [PATCH 1338/2538] Add IO Resource Controls for Windows Signed-off-by: Darren Stahl --- docs/reference/commandline/run.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index c4392d0f05..530b1bfb14 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -59,6 +59,15 @@ parent = "smn_cli" --log-opt=[] Log driver specific options -m, --memory="" Memory limit --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) + --io-maxbandwidth="" Maximum IO bandwidth limit for the system drive + (Windows only). The format is ``. + Unit is optional and can be `b` (bytes per second), + `k` (kilobytes per second), `m` (megabytes per second), + or `g` (gigabytes per second). If you omit the unit, + the system uses bytes per second. + --io-maxbandwidth and --io-maxiops are mutually exclusive options. + --io-maxiops=0 Maximum IO per second limit for the system drive (Windows only). + --io-maxbandwidth and --io-maxiops are mutually exclusive options. --memory-reservation="" Memory soft limit --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. From c6d6752550df5546bb550e3a761eb00b53721187 Mon Sep 17 00:00:00 2001 From: "Kai Qiang Wu(Kennan)" Date: Tue, 19 Apr 2016 04:45:59 +0000 Subject: [PATCH 1339/2538] Add load/save image event support For every docker load and save operations, it would log related image events. Signed-off-by: Kai Qiang Wu(Kennan) --- docs/reference/commandline/events.md | 2 +- man/docker-events.1.md | 14 +++++++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 22e94609d2..0abfdf4377 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -25,7 +25,7 @@ Docker containers report the following events: Docker images report the following events: - delete, import, pull, push, tag, untag + delete, import, load, pull, push, save, tag, untag Docker volumes report the following events: diff --git a/man/docker-events.1.md b/man/docker-events.1.md index 4d0bff25c5..6a1a3649ff 100644 --- a/man/docker-events.1.md +++ b/man/docker-events.1.md @@ -18,11 +18,19 @@ information and real-time information. Docker containers will report the following events: - attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause + attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update -and Docker images will report: +Docker images report the following events: - delete, import, pull, push, tag, untag + delete, import, load, pull, push, save, tag, untag + +Docker volumes report the following events: + + create, mount, unmount, destroy + +Docker networks report the following events: + + create, connect, disconnect, destroy # OPTIONS **--help** From 64ba15e3a334a7f0a797aa0cb22cd69642214b0b Mon Sep 17 00:00:00 2001 From: Hao Zhang <21521210@zju.edu.cn> Date: Wed, 27 Apr 2016 08:50:46 -0400 Subject: [PATCH 1340/2538] update cgroup link in doc of run Signed-off-by: Hao Zhang <21521210@zju.edu.cn> --- docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 11503b2a8e..d135aa9965 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1083,7 +1083,7 @@ By default, Docker containers are "unprivileged" and cannot, for example, run a Docker daemon inside a Docker container. This is because by default a container is not allowed to access any devices, but a "privileged" container is given access to all devices (see -the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroups/devices.txt)). +the documentation on [cgroups devices](https://www.kernel.org/doc/Documentation/cgroup-v1/devices.txt)). When the operator executes `docker run --privileged`, Docker will enable to access to all devices on the host as well as set some configuration From 586ec24a48202ea23b82349b9c241e367313818e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 29 Apr 2016 22:04:50 +0200 Subject: [PATCH 1341/2538] Add zsh completion for 'docker network ls -f {id,name,type}' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 81 ++++++++++++++++++++++++++++------ 1 file changed, 68 insertions(+), 13 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d90a9d65d7..5d128293cc 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -311,11 +311,42 @@ __docker_complete_ps_filters() { return ret } -__docker_networks() { +__docker_network_complete_ls_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (id) + __docker_networks_ids && ret=0 + ;; + (name) + __docker_networks_names && ret=0 + ;; + (type) + type_opts=('builtin' 'custom') + _describe -t type-filter-opts "Type Filter Options" type_opts && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + opts=('id' 'name' 'type') + _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 + fi + + return ret +} + +__docker_get_networks() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + local line s declare -a lines networks + type=$1; shift + lines=(${(f)"$(_call_program commands docker $docker_options network ls)"}) # Parse header line to find columns @@ -332,24 +363,42 @@ __docker_networks() { lines=(${lines[2,-1]}) # Network ID - local line s - for line in $lines; do - s="${line[${begin[NETWORK ID]},${end[NETWORK ID]}]%% ##}" - s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}" - networks=($networks $s) - done + if [[ $type = (ids|all) ]]; then + for line in $lines; do + s="${line[${begin[NETWORK ID]},${end[NETWORK ID]}]%% ##}" + s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}" + networks=($networks $s) + done + fi # Names - for line in $lines; do - s="${line[${begin[NAME]},${end[NAME]}]%% ##}" - s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}" - networks=($networks $s) - done + if [[ $type = (names|all) ]]; then + for line in $lines; do + s="${line[${begin[NAME]},${end[NAME]}]%% ##}" + s="$s:${(l:7:: :::)${${line[${begin[DRIVER]},${end[DRIVER]}]}%% ##}}" + networks=($networks $s) + done + fi - _describe -t networks-list "networks" networks && ret=0 + _describe -t networks-list "networks" networks "$@" && ret=0 return ret } +__docker_networks() { + [[ $PREFIX = -* ]] && return 1 + __docker_get_networks all "$@" +} + +__docker_networks_ids() { + [[ $PREFIX = -* ]] && return 1 + __docker_get_networks ids "$@" +} + +__docker_networks_names() { + [[ $PREFIX = -* ]] && return 1 + __docker_get_networks names "$@" +} + __docker_network_commands() { local -a _docker_network_subcommands _docker_network_subcommands=( @@ -423,7 +472,13 @@ __docker_network_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)--no-trunc[Do not truncate the output]" \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ "($help -q --quiet)"{-q,--quiet}"[Only display numeric IDs]" && ret=0 + case $state in + (filter-options) + __docker_network_complete_ls_filters && ret=0 + ;; + esac ;; (rm) _arguments $(__docker_arguments) \ From efff6c2b244305277c950aacc1eaa7d42b8236f9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 25 Apr 2016 22:21:11 +0200 Subject: [PATCH 1342/2538] Add "driver" filter for network ls This add a new filter to 'docker network ls' to allow filtering by driver-name. Contrary to "ID" and "name" filters, this filter only supports an *exact* match. Signed-off-by: Sebastiaan van Stijn --- contrib/completion/bash/docker | 7 ++++++- docs/reference/commandline/network_ls.md | 18 ++++++++++++++++-- man/docker-network-ls.1.md | 18 ++++++++++++++++-- 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 51c6a0207f..3a0f936321 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1378,6 +1378,11 @@ _docker_network_inspect() { _docker_network_ls() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in + driver) + local plugins=" $(__docker_plugins Network) " + COMPREPLY=( $(compgen -W "$plugins" -- "${cur##*=}") ) + return + ;; id) cur="${cur##*=}" __docker_complete_network_ids @@ -1396,7 +1401,7 @@ _docker_network_ls() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "id name type" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "driver id label name type" -- "$cur" ) ) __docker_nospace return ;; diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 564c8be9d2..6542b12ca7 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -51,11 +51,25 @@ Multiple filter flags are combined as an `OR` filter. For example, The currently supported filters are: +* driver * id (network's id) * label (`label=` or `label==`) * name (network's name) * type (custom|builtin) +#### Driver + +The `driver` filter matches networks based on their driver. + +The following example matches networks with the `bridge` driver: + +```bash +$ docker network ls --filter driver=bridge +NETWORK ID NAME DRIVER +db9db329f835 test1 bridge +f6e212da9dfd test2 bridge +``` + #### ID The `id` filter matches on all or part of a network's ID. @@ -83,7 +97,7 @@ NETWORK ID NAME DRIVER #### Label -The `label` filter matches containers based on the presence of a `label` alone or a `label` and a +The `label` filter matches networks based on the presence of a `label` alone or a `label` and a value. The following filter matches networks with the `usage` label regardless of its value. @@ -95,7 +109,7 @@ db9db329f835 test1 bridge f6e212da9dfd test2 bridge ``` -The following filter matches containers with the `usage` label with the `prod` value. +The following filter matches networks with the `usage` label with the `prod` value. ```bash $ docker network ls -f "label=usage=prod" diff --git a/man/docker-network-ls.1.md b/man/docker-network-ls.1.md index ff459059e7..3eeff05993 100644 --- a/man/docker-network-ls.1.md +++ b/man/docker-network-ls.1.md @@ -46,11 +46,25 @@ Multiple filter flags are combined as an `OR` filter. For example, The currently supported filters are: +* driver * id (network's id) * label (`label=` or `label==`) * name (network's name) * type (custom|builtin) +#### Driver + +The `driver` filter matches networks based on their driver. + +The following example matches networks with the `bridge` driver: + +```bash +$ docker network ls --filter driver=bridge +NETWORK ID NAME DRIVER +db9db329f835 test1 bridge +f6e212da9dfd test2 bridge +``` + #### ID The `id` filter matches on all or part of a network's ID. @@ -78,7 +92,7 @@ NETWORK ID NAME DRIVER #### Label -The `label` filter matches containers based on the presence of a `label` alone or a `label` and a +The `label` filter matches networks based on the presence of a `label` alone or a `label` and a value. The following filter matches networks with the `usage` label regardless of its value. @@ -90,7 +104,7 @@ db9db329f835 test1 bridge f6e212da9dfd test2 bridge ``` -The following filter matches containers with the `usage` label with the `prod` value. +The following filter matches networks with the `usage` label with the `prod` value. ```bash $ docker network ls -f "label=usage=prod" From 51e43d3bdaf56a1f783e5635ae69cf537c41eed7 Mon Sep 17 00:00:00 2001 From: Lorenzo Fontana Date: Mon, 25 Apr 2016 15:31:23 +0200 Subject: [PATCH 1343/2538] Mention the fact that authz plugins are available today Signed-off-by: Lorenzo Fontana --- docs/extend/plugins.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 7eec419c97..e40c611282 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -22,7 +22,7 @@ example, a [volume plugin](plugins_volume.md) might enable Docker volumes to persist across multiple Docker hosts and a [network plugin](plugins_network.md) might provide network plumbing. -Currently Docker supports volume and network driver plugins. In the future it +Currently Docker supports authorization, volume and network driver plugins. In the future it will support additional plugin types. ## Installing a plugin @@ -65,6 +65,11 @@ Plugin [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. [REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. +### Authorization plugins + + Plugin | Description +------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ + [Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name). ## Troubleshooting a plugin From d3274f9217371848f1aa37baaf80e203eed8a7c6 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 29 Apr 2016 22:39:38 +0200 Subject: [PATCH 1344/2538] Add zsh completion for 'docker network ls -f driver' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 5d128293cc..53aa4371cf 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -317,6 +317,9 @@ __docker_network_complete_ls_filters() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in + (driver) + __docker_plugins Network && ret=0 + ;; (id) __docker_networks_ids && ret=0 ;; @@ -332,7 +335,7 @@ __docker_network_complete_ls_filters() { ;; esac else - opts=('id' 'name' 'type') + opts=('driver' 'id' 'name' 'type') _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 fi From 7d3bb7a6d0b9dbef82c72d59064aeb77c34f481c Mon Sep 17 00:00:00 2001 From: Yuan Sun Date: Sun, 1 May 2016 15:37:11 +0800 Subject: [PATCH 1345/2538] remove "the" in docs. Signed-off-by: Yuan Sun --- docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index d135aa9965..e0b7a2bbe3 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -848,7 +848,7 @@ limit and "K" the kernel limit. There are three possible ways to set limits: deployments where the total amount of memory per-cgroup is overcommitted. Overcommitting kernel memory limits is definitely not recommended, since the box can still run out of non-reclaimable memory. - In this case, the you can configure K so that the sum of all groups is + In this case, you can configure K so that the sum of all groups is never greater than the total memory. Then, freely set U at the expense of the system's service quality. From 8b38343e46e46b589bf556651c10dc3dbee3f88b Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 2 May 2016 09:45:01 -0400 Subject: [PATCH 1346/2538] Make zsh completion work when ps output is custom When `psFormat` is used in the docker client config json, if the output is non-standard it breaks some of the completion handling for containers. This fixes that by ensuring that calls to `ps` use the default/standard formatting by calling `docker ps --format 'table'` Signed-off-by: Brian Goff --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 53aa4371cf..1afdbaee75 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -57,7 +57,7 @@ __docker_get_containers() { type=$1; shift [[ $kind = (stopped|all) ]] && args=($args -a) - lines=(${(f)"$(_call_program commands docker $docker_options ps --no-trunc $args)"}) + lines=(${(f)"$(_call_program commands docker $docker_options ps --format 'table' --no-trunc $args)"}) # Parse header line to find columns local i=1 j=1 k header=${lines[1]} From 3e48f4b4ab24e593971538a4d330ad2ac96b5375 Mon Sep 17 00:00:00 2001 From: Liron Levin Date: Mon, 2 May 2016 22:19:23 +0300 Subject: [PATCH 1347/2538] Remove response modification sections from authorization design doc Signed-off-by: Liron Levin --- docs/extend/plugins_authorization.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 887fd9330e..140db71c35 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -195,17 +195,10 @@ should implement the following two methods: { "Allow": "Determined whether the user is allowed or not", "Msg": "The authorization message", - "Err": "The error message if things go wrong", - "ModifiedBody": "Byte array containing a modified body of the raw HTTP body (or null if no changes required)", - "ModifiedHeader": "Byte array containing a modified header of the HTTP response (or null if no changes required)", - "ModifiedStatusCode": "int containing the modified version of the status code (or 0 if not change is required)" + "Err": "The error message if things go wrong" } ``` -The modified response enables the authorization plugin to manipulate the content -of the HTTP response. In case of more than one plugin, each subsequent plugin -receives a response (optionally) modified by a previous plugin. - ### Request authorization Each plugin must support two request authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message. From bdfe7963f2a55522bc87481ede3df743915e00c2 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Thu, 28 Apr 2016 14:55:22 +0800 Subject: [PATCH 1348/2538] Update the `docker daemon` to `dockerd` for document Signed-off-by: Wen Cheng Ma --- .../commandline/{daemon.md => dockerd.md} | 79 ++++++++++--------- docs/reference/commandline/index.md | 4 +- docs/reference/commandline/pull.md | 2 +- man/docker-network-create.1.md | 2 +- man/docker.1.md | 9 +-- man/{docker-daemon.8.md => dockerd.8.md} | 50 ++++++------ 6 files changed, 69 insertions(+), 77 deletions(-) rename docs/reference/commandline/{daemon.md => dockerd.md} (94%) rename man/{docker-daemon.8.md => dockerd.8.md} (92%) diff --git a/docs/reference/commandline/daemon.md b/docs/reference/commandline/dockerd.md similarity index 94% rename from docs/reference/commandline/daemon.md rename to docs/reference/commandline/dockerd.md index 36df746501..842e051664 100644 --- a/docs/reference/commandline/daemon.md +++ b/docs/reference/commandline/dockerd.md @@ -1,6 +1,7 @@ dbfee88ee9fd + Step 2 : COPY testfile.txt c:RUN dir c: + GetFileAttributesEx c:RUN: The system cannot find the file specified. + PS C:\John> + +One solution to the above would be to use `/` as the target of both the `COPY` +instruction, and `dir`. However, this syntax is, at best, confusing as it is not +natural for paths on `Windows`, and at worst, error prone as not all commands on +`Windows` support `/` as the path separator. + +By adding the `escape` parser directive, the following `Dockerfile` succeeds as +expected with the use of natural platform semantics for file paths on `Windows`: + + # escape=` + + FROM windowsservercore + COPY testfile.txt c:\ + RUN dir c:\ + +Results in: + + PS C:\John> docker build -t succeeds --no-cache=true . + Sending build context to Docker daemon 3.072 kB + Step 1 : FROM windowsservercore + ---> dbfee88ee9fd + Step 2 : COPY testfile.txt c:\ + ---> 99ceb62e90df + Removing intermediate container 62afbe726221 + Step 3 : RUN dir c:\ + ---> Running in a5ff53ad6323 + Volume in drive C has no label. + Volume Serial Number is 1440-27FA + + Directory of c:\ + + 03/25/2016 05:28 AM inetpub + 03/25/2016 04:22 AM PerfLogs + 04/22/2016 10:59 PM Program Files + 03/25/2016 04:22 AM Program Files (x86) + 04/18/2016 09:26 AM 4 testfile.txt + 04/22/2016 10:59 PM Users + 04/22/2016 10:59 PM Windows + 1 File(s) 4 bytes + 6 Dir(s) 21,252,689,920 bytes free + ---> 2569aa19abef + Removing intermediate container a5ff53ad6323 + Successfully built 2569aa19abef + PS C:\John> + +## Environment replacement Environment variables (declared with [the `ENV` statement](#env)) can also be used in certain instructions as variables to be interpreted by the @@ -192,7 +362,7 @@ will result in `def` having a value of `hello`, not `bye`. However, `ghi` will have a value of `bye` because it is not part of the same command that set `abc` to `bye`. -### .dockerignore file +## .dockerignore file Before the docker CLI sends the context to the docker daemon, it looks for a file named `.dockerignore` in the root directory of the context. From 8f2364701702905d024ef4738cc3a2697a69b719 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Sat, 21 May 2016 20:40:15 -0700 Subject: [PATCH 1400/2538] Remove DOCKER_HTTP_HOST_COMPAT env var Signed-off-by: Darren Shepherd --- docs/reference/commandline/dockerd.md | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 2b90df9277..c425f92c63 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -850,20 +850,6 @@ set like this: export DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1 -Docker clients <= 1.9.2 used an invalid Host header when making request to the -daemon. Docker 1.12 is built using golang 1.6 which is now checking the validity -of the Host header and as such clients <= 1.9.2 can't talk anymore to the daemon. -Docker supports overcoming this issue via a Docker daemon -environment variable. In case you are seeing this error when contacting the -daemon: - - Error response from daemon: 400 Bad Request: malformed Host header - -The `DOCKER_HTTP_HOST_COMPAT` can be set like this: - - DOCKER_HTTP_HOST_COMPAT=1 /usr/local/bin/dockerd ... - - ## Default cgroup parent The `--cgroup-parent` option allows you to set the default cgroup parent From f9d80051da3e112a6375ce6dda919e8dcdb405d9 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 27 May 2016 00:28:46 +0000 Subject: [PATCH 1401/2538] Fix up stale links Signed-off-by: Sven Dowideit --- docs/extend/plugins.md | 2 +- docs/reference/commandline/pause.md | 2 +- docs/reference/commandline/unpause.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 7a3687fced..7881c73c29 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -43,7 +43,7 @@ Plugin ----------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Contiv Networking](https://github.com/contiv/netplugin) | An open source network plugin to provide infrastructure and security policies for a multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards. [Kuryr Network Plugin](https://github.com/openstack/kuryr) | A network plugin is developed as part of the OpenStack Kuryr project and implements the Docker networking (libnetwork) remote driver API by utilizing Neutron, the OpenStack networking service. It includes an IPAM driver as well. -[Weave Network Plugin](http://docs.weave.works/weave/latest_release/plugin.html) | A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. +[Weave Network Plugin](https://www.weave.works/docs/net/latest/introducing-weave/) | A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. ### Volume plugins diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index 36d5416f49..73d3c94935 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -23,5 +23,5 @@ the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed. See the -[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) +[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index 641e37718a..c5920f435c 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -20,5 +20,5 @@ The `docker unpause` command uses the cgroups freezer to un-suspend all processes in a container. See the -[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) +[cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. From 8aa59a76fe96741e72a0784f57c41920cfced229 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 26 May 2016 20:04:48 -0700 Subject: [PATCH 1402/2538] Fix error in dockerd.md for incorrect cluster-store-opts example. This fix fixes an error in documentation (dockerd.md). In the example given by dockerd.md, the option `cluster-store-opts` is assigned with an array but this option can only be assigned as a map. Signed-off-by: Yong Tang --- docs/reference/commandline/dockerd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index c425f92c63..1655b132be 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -913,7 +913,7 @@ This is a full example of the allowed configuration options in the file: "pidfile": "", "graph": "", "cluster-store": "", - "cluster-store-opts": [], + "cluster-store-opts": {}, "cluster-advertise": "", "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, From b66fb42ff1cad2363e36b34aa906094371e2e715 Mon Sep 17 00:00:00 2001 From: Michael Friis Date: Fri, 27 May 2016 09:01:05 -0700 Subject: [PATCH 1403/2538] Add powershell example and make linux build example consistent with other examples Signed-off-by: Michael Friis --- docs/reference/commandline/build.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index ea820b5d96..72426d659e 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -79,7 +79,11 @@ Build Syntax Suffix | Commit Used | Build Context Used Instead of specifying a context, you can pass a single Dockerfile in the `URL` or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: - docker build - < Dockerfile + $ docker build - < Dockerfile + +With Powershell on Windows, you can run: + + Get-Content Dockerfile | docker build - If you use STDIN or specify a `URL`, the system places the contents into a file called `Dockerfile`, and any `-f`, `--file` option is ignored. In this From d5a8d411bacb349ed9657f82257eb5ef408ca5e4 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 9 May 2016 19:07:04 -0700 Subject: [PATCH 1404/2538] Un-deprecated command line short variant options of `-c`. Since 1.9, the following short variant options have been deprecated in favor of their long variants: `docker run -c (--cpu-shares)` `docker build -c (--cpu-shares)` `docker create -c (--cpu-shares)` `docker update -c (--cpu-shares)` However, `-c` is still widely used and is considered as a convenient option for swarm (see #16271). This fix undeprecated the command line short variant options of `-c` and updated the deprecated.md. Signed-off-by: Yong Tang --- docs/deprecated.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index d80f24e729..a919a5d54f 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -67,18 +67,6 @@ Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. The `docker search --automated` and `docker search --stars` options are deprecated. Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead. -### Command line short variant options -**Deprecated In Release: v1.9** - -**Target For Removal In Release: v1.11** - -The following short variant options are deprecated in favor of their long -variants: - - docker run -c (--cpu-shares) - docker build -c (--cpu-shares) - docker create -c (--cpu-shares) - ### Driver Specific Log Tags **Deprecated In Release: v1.9** From 3417ef2b0c441cfbbe34fef5d14126d4d6b91fc5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 29 May 2016 07:09:05 -0700 Subject: [PATCH 1405/2538] bash completion for dockerd Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4f60da7a49..5dccb7596c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2308,6 +2308,14 @@ _docker() { (( counter++ )) done + local binary="${words[0]}" + if [[ $binary == dockerd ]] ; then + # for the dockerd binary, we reuse completion of `docker daemon`. + # dockerd does not have subcommands and global options. + command=daemon + command_pos=0 + fi + local completions_func=_docker_${command} declare -F $completions_func >/dev/null && $completions_func @@ -2318,4 +2326,4 @@ _docker() { eval "$__docker_previous_extglob_setting" unset __docker_previous_extglob_setting -complete -F _docker docker +complete -F _docker docker dockerd From 263f9666cf8276ba94948f1d6b14d65300a9153a Mon Sep 17 00:00:00 2001 From: Roland Kammerer Date: Mon, 30 May 2016 17:45:05 +0200 Subject: [PATCH 1406/2538] Add the DRBD Docker Volume Plugin to the documentation Signed-off-by: Roland Kammerer --- docs/extend/plugins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 7881c73c29..fe80ac6d98 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -52,6 +52,7 @@ Plugin [Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. [Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption using ceph underneath. [Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. +[DRBD plugin](https://www.drbd.org/en/supported-projects/docker) | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes. [Flocker plugin](https://clusterhq.com/docker-plugin/) | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines. [gce-docker plugin](https://github.com/mcuadros/gce-docker) | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks). [GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs) | A volume plugin that provides multi-host volumes management for Docker using GlusterFS. From 4a87769a803c2eb61330e457686ede6508daf0df Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 29 May 2016 08:16:39 -0700 Subject: [PATCH 1407/2538] Remove deprecated -f flag on docker tag The -f flag on docker tag has been deprecated in docker 1.10 and is expected to be removed in docker 1.12. This fix removed the -f flag on docker tag and also updated deprecated.md. NOTE: A separate pull request for engine-api has been opened to cover the related changes. Signed-off-by: Yong Tang --- docs/deprecated.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index a919a5d54f..9de65b28c2 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -35,9 +35,9 @@ The fields `ID`, `Status` and `From` in the events API have been deprecated in f See the events API documentation for the new format. ### `-f` flag on `docker tag` -**Deprecated In Release: v1.10** +**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Target For Removal In Release: v1.12** +**Removed In Release: v1.12.0** To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use. From cceb74311baf1dfc16b02410b82e223dd715eb2c Mon Sep 17 00:00:00 2001 From: Ritesh H Shukla Date: Wed, 1 Jun 2016 15:29:15 -0700 Subject: [PATCH 1408/2538] Add VMware Docker Volume Plugin. Add reference to https://github.com/vmware/docker-volume-vsphere to Docker's list of plugins. This is an officially supported plugin from VMware. Signed-off-by: Ritesh H Shukla --- docs/extend/plugins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index fe80ac6d98..222a2dbf65 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -65,6 +65,7 @@ Plugin [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. [REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. +[VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere) | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments. ### Authorization plugins From 51ddea93a23942a1c639cab29062300067cd6145 Mon Sep 17 00:00:00 2001 From: Thomas Leonard Date: Mon, 18 Apr 2016 10:48:13 +0100 Subject: [PATCH 1409/2538] Add support for user-defined healthchecks This PR adds support for user-defined health-check probes for Docker containers. It adds a `HEALTHCHECK` instruction to the Dockerfile syntax plus some corresponding "docker run" options. It can be used with a restart policy to automatically restart a container if the check fails. The `HEALTHCHECK` instruction has two forms: * `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container) * `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image) The `HEALTHCHECK` instruction tells Docker how to test a container to check that it is still working. This can detect cases such as a web server that is stuck in an infinite loop and unable to handle new connections, even though the server process is still running. When a container has a healthcheck specified, it has a _health status_ in addition to its normal status. This status is initially `starting`. Whenever a health check passes, it becomes `healthy` (whatever state it was previously in). After a certain number of consecutive failures, it becomes `unhealthy`. The options that can appear before `CMD` are: * `--interval=DURATION` (default: `30s`) * `--timeout=DURATION` (default: `30s`) * `--retries=N` (default: `1`) The health check will first run **interval** seconds after the container is started, and then again **interval** seconds after each previous check completes. If a single run of the check takes longer than **timeout** seconds then the check is considered to have failed. It takes **retries** consecutive failures of the health check for the container to be considered `unhealthy`. There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list more than one then only the last `HEALTHCHECK` will take effect. The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands; see e.g. `ENTRYPOINT` for details). The command's exit status indicates the health status of the container. The possible values are: - 0: success - the container is healthy and ready for use - 1: unhealthy - the container is not working correctly - 2: starting - the container is not ready for use yet, but is working correctly If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. For example, to check every five minutes or so that a web-server is able to serve the site's main page within three seconds: HEALTHCHECK --interval=5m --timeout=3s \ CMD curl -f http://localhost/ || exit 1 To help debug failing probes, any output text (UTF-8 encoded) that the command writes on stdout or stderr will be stored in the health status and can be queried with `docker inspect`. Such output should be kept short (only the first 4096 bytes are stored currently). When the health status of a container changes, a `health_status` event is generated with the new status. The health status is also displayed in the `docker ps` output. Signed-off-by: Thomas Leonard Signed-off-by: Sebastiaan van Stijn --- docs/reference/builder.md | 67 +++++++++++++++++++++++++++++++++++++++ docs/reference/run.md | 60 +++++++++++++++++++++++++++++++++++ 2 files changed, 127 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 863dcd36c7..f460338b22 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1470,6 +1470,73 @@ The `STOPSIGNAL` instruction sets the system call signal that will be sent to th This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9, or a signal name in the format SIGNAME, for instance SIGKILL. +## HEALTHCHECK + +The `HEALTHCHECK` instruction has two forms: + +* `HEALTHCHECK [OPTIONS] CMD command` (check container health by running a command inside the container) +* `HEALTHCHECK NONE` (disable any healthcheck inherited from the base image) + +The `HEALTHCHECK` instruction tells Docker how to test a container to check that +it is still working. This can detect cases such as a web server that is stuck in +an infinite loop and unable to handle new connections, even though the server +process is still running. + +When a container has a healthcheck specified, it has a _health status_ in +addition to its normal status. This status is initially `starting`. Whenever a +health check passes, it becomes `healthy` (whatever state it was previously in). +After a certain number of consecutive failures, it becomes `unhealthy`. + +The options that can appear before `CMD` are: + +* `--interval=DURATION` (default: `30s`) +* `--timeout=DURATION` (default: `30s`) +* `--retries=N` (default: `1`) + +The health check will first run **interval** seconds after the container is +started, and then again **interval** seconds after each previous check completes. + +If a single run of the check takes longer than **timeout** seconds then the check +is considered to have failed. + +It takes **retries** consecutive failures of the health check for the container +to be considered `unhealthy`. + +There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list +more than one then only the last `HEALTHCHECK` will take effect. + +The command after the `CMD` keyword can be either a shell command (e.g. `HEALTHCHECK +CMD /bin/check-running`) or an _exec_ array (as with other Dockerfile commands; +see e.g. `ENTRYPOINT` for details). + +The command's exit status indicates the health status of the container. +The possible values are: + +- 0: success - the container is healthy and ready for use +- 1: unhealthy - the container is not working correctly +- 2: starting - the container is not ready for use yet, but is working correctly + +If the probe returns 2 ("starting") when the container has already moved out of the +"starting" state then it is treated as "unhealthy" instead. + +For example, to check every five minutes or so that a web-server is able to +serve the site's main page within three seconds: + + HEALTHCHECK --interval=5m --timeout=3s \ + CMD curl -f http://localhost/ || exit 1 + +To help debug failing probes, any output text (UTF-8 encoded) that the command writes +on stdout or stderr will be stored in the health status and can be queried with +`docker inspect`. Such output should be kept short (only the first 4096 bytes +are stored currently). + +When the health status of a container changes, a `health_status` event is +generated with the new status. + +The `HEALTHCHECK` feature was added in Docker 1.12. + + + ## Dockerfile examples Below you can see some examples of Dockerfile syntax. If you're interested in diff --git a/docs/reference/run.md b/docs/reference/run.md index 567d42b207..a7c5267f45 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1250,6 +1250,7 @@ Dockerfile instruction and how the operator can override that setting. #entrypoint-default-command-to-execute-at-runtime) - [EXPOSE (Incoming Ports)](#expose-incoming-ports) - [ENV (Environment Variables)](#env-environment-variables) + - [HEALTHCHECK](#healthcheck) - [VOLUME (Shared Filesystems)](#volume-shared-filesystems) - [USER](#user) - [WORKDIR](#workdir) @@ -1398,6 +1399,65 @@ above, or already defined by the developer with a Dockerfile `ENV`: Similarly the operator can set the **hostname** with `-h`. +### HEALTHCHECK + +``` + --health-cmd Command to run to check health + --health-interval Time between running the check + --health-retries Consecutive failures needed to report unhealthy + --health-timeout Maximum time to allow one check to run + --no-healthcheck Disable any container-specified HEALTHCHECK +``` + +Example: + + $ docker run --name=test -d \ + --health-cmd='stat /etc/passwd || exit 1' \ + --health-interval=2s \ + busybox sleep 1d + $ sleep 2; docker inspect --format='{{.State.Health.Status}}' test + healthy + $ docker exec test rm /etc/passwd + $ sleep 2; docker inspect --format='{{json .State.Health}}' test + { + "Status": "unhealthy", + "FailingStreak": 3, + "Log": [ + { + "Start": "2016-05-25T17:22:04.635478668Z", + "End": "2016-05-25T17:22:04.7272552Z", + "ExitCode": 0, + "Output": " File: /etc/passwd\n Size: 334 \tBlocks: 8 IO Block: 4096 regular file\nDevice: 32h/50d\tInode: 12 Links: 1\nAccess: (0664/-rw-rw-r--) Uid: ( 0/ root) Gid: ( 0/ root)\nAccess: 2015-12-05 22:05:32.000000000\nModify: 2015..." + }, + { + "Start": "2016-05-25T17:22:06.732900633Z", + "End": "2016-05-25T17:22:06.822168935Z", + "ExitCode": 0, + "Output": " File: /etc/passwd\n Size: 334 \tBlocks: 8 IO Block: 4096 regular file\nDevice: 32h/50d\tInode: 12 Links: 1\nAccess: (0664/-rw-rw-r--) Uid: ( 0/ root) Gid: ( 0/ root)\nAccess: 2015-12-05 22:05:32.000000000\nModify: 2015..." + }, + { + "Start": "2016-05-25T17:22:08.823956535Z", + "End": "2016-05-25T17:22:08.897359124Z", + "ExitCode": 1, + "Output": "stat: can't stat '/etc/passwd': No such file or directory\n" + }, + { + "Start": "2016-05-25T17:22:10.898802931Z", + "End": "2016-05-25T17:22:10.969631866Z", + "ExitCode": 1, + "Output": "stat: can't stat '/etc/passwd': No such file or directory\n" + }, + { + "Start": "2016-05-25T17:22:12.971033523Z", + "End": "2016-05-25T17:22:13.082015516Z", + "ExitCode": 1, + "Output": "stat: can't stat '/etc/passwd': No such file or directory\n" + } + ] + } + +The health status is also displayed in the `docker ps` output. + ### TMPFS (mount tmpfs filesystems) ```bash From 25a960984509b4735cf6d1b6f7976bea5190e644 Mon Sep 17 00:00:00 2001 From: Lukasz Zajaczkowski Date: Mon, 16 May 2016 12:41:07 +0200 Subject: [PATCH 1410/2538] Add documentation for running multiple daemons Signed-off-by: Lukasz Zajaczkowski --- docs/reference/commandline/dockerd.md | 56 +++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 1655b132be..2dfbb68002 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -977,3 +977,59 @@ has been provided in flags and `cluster-advertise` not, `cluster-advertise` can be added in the configuration file without accompanied by `--cluster-store` Configuration reload will log a warning message if it detects a change in previously configured cluster configurations. + + +## Running multiple daemons + +> **Note:** Running multiple daemons on a single host is considered as "experimental". The user should be aware of +> unsolved problems. This solution may not work properly in some cases. Solutions are currently under development +> and will be delivered in the near future. + +This section describes how to run multiple Docker daemons on a single host. To +run multiple daemons, you must configure each daemon so that it does not +conflict with other daemons on the same host. You can set these options either +by providing them as flags, or by using a [daemon configuration file](#daemon-configuration-file). + +The following daemon options must be configured for each daemon: + +```bash +-b, --bridge= Attach containers to a network bridge +--exec-root=/var/run/docker Root of the Docker execdriver +-g, --graph=/var/lib/docker Root of the Docker runtime +-p, --pidfile=/var/run/docker.pid Path to use for daemon PID file +-H, --host=[] Daemon socket(s) to connect to +--config-file=/etc/docker/daemon.json Daemon configuration file +--tlscacert="~/.docker/ca.pem" Trust certs signed only by this CA +--tlscert="~/.docker/cert.pem" Path to TLS certificate file +--tlskey="~/.docker/key.pem" Path to TLS key file +``` + +When your daemons use different values for these flags, you can run them on the same host without any problems. +It is very important to properly understand the meaning of those options and to use them correctly. + +- The `-b, --bridge=` flag is set to `docker0` as default bridge network. It is created automatically when you install Docker. +If you are not using the default, you must create and configure the bridge manually or just set it to 'none': `--bridge=none` +- `--exec-root` is the path where the container state is stored. The default value is `/var/run/docker`. Specify the path for +your running daemon here. +- `--graph` is the path where images are stored. The default value is `/var/lib/docker`. To avoid any conflict with other daemons +set this parameter separately for each daemon. +- `-p, --pidfile=/var/run/docker.pid` is the path where the process ID of the daemon is stored. Specify the path for your +pid file here. +- `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`. +- `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of +daemon flags. Specify the path for each daemon. +- `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections. +The `--tls*` options enable use of specific certificates for individual daemons. + +Example script for a separate “bootstrap” instance of the Docker daemon without network: + +```bash +$ docker daemon \ + -H unix:///var/run/docker-bootstrap.sock \ + -p /var/run/docker-bootstrap.pid \ + --iptables=false \ + --ip-masq=false \ + --bridge=none \ + --graph=/var/lib/docker-bootstrap \ + --exec-root=/var/run/docker-bootstrap +``` From 54df0949b0ef6f88acf3a68479f3dd7a2cef534f Mon Sep 17 00:00:00 2001 From: allencloud Date: Sun, 8 May 2016 09:36:10 +0800 Subject: [PATCH 1411/2538] fix typos Signed-off-by: allencloud --- docs/reference/commandline/attach.md | 2 +- docs/reference/commandline/dockerd.md | 4 ++-- docs/reference/commandline/pull.md | 2 +- man/docker-attach.1.md | 2 +- man/docker-inspect.1.md | 2 +- man/docker-run.1.md | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 799fe1d176..7158e40974 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -51,7 +51,7 @@ foreground over a slow client connection. Instead, users should use the ## Override the detach sequence -If you want, you can configure a override the Docker key sequence for detach. +If you want, you can configure an override the Docker key sequence for detach. This is is useful if the Docker default sequence conflicts with key squence you use for other applications. There are two ways to defines a your own detach key sequence, as a per-container override or as a configuration property on your diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 2dfbb68002..8eab487773 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -587,9 +587,9 @@ system's list of trusted CAs instead of enabling `--insecure-registry`. Enabling `--disable-legacy-registry` forces a docker daemon to only interact with registries which support the V2 protocol. Specifically, the daemon will not attempt `push`, `pull` and `login` to v1 registries. The exception to this is `search` which can still be performed on v1 registries. -## Running a Docker daemon behind a HTTPS_PROXY +## Running a Docker daemon behind an HTTPS_PROXY -When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub +When running inside a LAN that uses an `HTTPS` proxy, the Docker Hub certificates will be replaced by the proxy's certificates. These certificates need to be added to your Docker host's configuration: diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 101204e095..0ed3839f4a 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -29,7 +29,7 @@ use `docker pull`. ## Proxy configuration -If you are behind a HTTP proxy server, for example in corporate settings, +If you are behind an HTTP proxy server, for example in corporate settings, before open a connect to registry, you may need to configure the Docker daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables. To set these environment variables on a host using diff --git a/man/docker-attach.1.md b/man/docker-attach.1.md index c78f4fbb1b..5ddf96f68b 100644 --- a/man/docker-attach.1.md +++ b/man/docker-attach.1.md @@ -43,7 +43,7 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). # Override the detach sequence -If you want, you can configure a override the Docker key sequence for detach. +If you want, you can configure an override the Docker key sequence for detach. This is is useful if the Docker default sequence conflicts with key squence you use for other applications. There are two ways to defines a your own detach key sequence, as a per-container override or as a configuration property on your diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 1bc2cf0b9c..6d7a54ad3b 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -223,7 +223,7 @@ output: You can get more information about how to write a Go template from: https://golang.org/pkg/text/template/. -## Getting size information on an container +## Getting size information on a container $ docker inspect -s d2cc496561d6 [ diff --git a/man/docker-run.1.md b/man/docker-run.1.md index fb810d32f9..2d02b7cbfb 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -219,7 +219,7 @@ See **config-json(5)** for documentation on using a configuration file. Limit write rate to a device (e.g. --device-write-bps=/dev/sda:1mb) **--device-write-iops**=[] - Limit write rate a a device (e.g. --device-write-iops=/dev/sda:1000) + Limit write rate to a device (e.g. --device-write-iops=/dev/sda:1000) **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) From 1a22098ae22cd2e7dbb262a2ecd4dfea010af38e Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 1 Jun 2016 15:20:54 -0700 Subject: [PATCH 1412/2538] Add support for comment in .dockerignore This fix tries to address the issue raised in #20083 where comment is not supported in `.dockerignore`. This fix updated the processing of `.dockerignore` so that any lines starting with `#` are ignored, which is similiar to the behavior of `.gitignore`. Related documentation has been updated. Additional tests have been added to cover the changes. This fix fixes #20083. Signed-off-by: Yong Tang --- docs/reference/builder.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index f460338b22..35d5dfd495 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -379,9 +379,13 @@ the working and the root directory. For example, the patterns in the `foo` subdirectory of `PATH` or in the root of the git repository located at `URL`. Neither excludes anything else. +If a line in `.dockerignore` file starts with `#` in column 1, then this line is +considered as a comment and is ignored before interpreted by the CLI. + Here is an example `.dockerignore` file: ``` +# comment */temp* */*/temp* temp? @@ -391,6 +395,7 @@ This file causes the following build behavior: | Rule | Behavior | |----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `# comment` | Ignored. | | `*/temp*` | Exclude files and directories whose names start with `temp` in any immediate subdirectory of the root. For example, the plain file `/somedir/temporary.txt` is excluded, as is the directory `/somedir/temp`. | | `*/*/temp*` | Exclude files and directories starting with `temp` from any subdirectory that is two levels below the root. For example, `/somedir/subdir/temporary.txt` is excluded. | | `temp?` | Exclude files and directories in the root directory whose names are a one-character extension of `temp`. For example, `/tempa` and `/tempb` are excluded. From 794db50fdf3e0cdc15fc6d4ce9af3fac0d0b9fe4 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 1 Jun 2016 13:38:14 -0700 Subject: [PATCH 1413/2538] Add `--limit` option to `docker search` This fix tries to address the issue raised in #23055. Currently `docker search` result caps at 25 and there is no way to allow getting more results (if exist). This fix adds the flag `--limit` so that it is possible to return more results from the `docker search`. Related documentation has been updated. Additional tests have been added to cover the changes. This fix fixes #23055. Signed-off-by: Yong Tang --- docs/reference/commandline/search.md | 7 +++++++ man/docker-search.1.md | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 8bca98f0c9..6d3984de13 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -19,6 +19,7 @@ parent = "smn_cli" - is-official=(true|false) - stars= - image has at least 'number' stars --help Print usage + --limit=25 Maximum returned search results --no-trunc Don't truncate output Search [Docker Hub](https://hub.docker.com) for images @@ -74,6 +75,12 @@ at least 3 stars and the description isn't truncated in the output: progrium/busybox 50 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK] +## Limit search results (--limit) + +The flag `--limit` is the maximium number of results returned by a search. This value could +be in the range between 1 and 100. The default value of `--limit` is 25. + + ## Filtering The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more diff --git a/man/docker-search.1.md b/man/docker-search.1.md index c1728f548c..ad8bbc78b2 100644 --- a/man/docker-search.1.md +++ b/man/docker-search.1.md @@ -8,6 +8,7 @@ docker-search - Search the Docker Hub for images **docker search** [**-f**|**--filter**[=*[]*]] [**--help**] +[**--limit**[=*LIMIT*]] [**--no-trunc**] TERM @@ -30,6 +31,9 @@ of stars awarded, whether the image is official, and whether it is automated. **--help** Print usage statement +**--limit**=*LIMIT* + Maximum returned search results. The default is 25. + **--no-trunc**=*true*|*false* Don't truncate output. The default is *false*. From 57b18d547483b522b38610f3febbd805fde2a7c9 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 2 Jun 2016 19:54:35 -0700 Subject: [PATCH 1414/2538] Add missing links in deprecated.md doc. This fix tries to address several issues in deprecated.md: 1. For deprecated and removal versions, some include link reference to the release tag but some does not point to the release tag. This fix adds the missing links as long as the version is <= 1.12. 2. Technically, 1.12 is not released yet so the link to 1.12 does not exist yet. However, at the time 1.12 is released this deprecated.md doc should have been part of the release as well. There is a circular dependency. This fix adds 1.12 for now. 3. `HostConfig at API container start` has already been removed by #22570 so this fix changes `Target For Removal In Release: v1.12` to `Removed In Release: v1.12`. 4. `Docker search 'automated' and 'stars' options` has not been removed yet so this fix changes `Removed In Release: v1.14` to `Target For Removal In Release: v1.14` Signed-off-by: Yong Tang --- docs/deprecated.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 9de65b28c2..2710a52b48 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -15,21 +15,21 @@ weight=80 The following list of features are deprecated in Engine. ### `-e` and `--email` flags on `docker login` -**Deprecated In Release: v1.11** +**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** **Target For Removal In Release: v1.13** The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. ### Separator (`:`) of `--security-opt` flag on `docker run` -**Deprecated In Release: v1.11** +**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** **Target For Removal In Release: v1.13** The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consinstency with other similar flags, like `--storage-opt`. ### Ambiguous event fields in API -**Deprecated In Release: v1.10** +**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** The fields `ID`, `Status` and `From` in the events API have been deprecated in favor of a more rich structure. See the events API documentation for the new format. @@ -37,14 +37,14 @@ See the events API documentation for the new format. ### `-f` flag on `docker tag` **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Removed In Release: v1.12.0** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use. ### HostConfig at API container start -**Deprecated In Release: v1.10** +**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Target For Removal In Release: v1.12** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** Passing an `HostConfig` to `POST /containers/{name}/start` is deprecated in favor of defining it at container creation (`POST /containers/create`). @@ -53,7 +53,7 @@ defining it at container creation (`POST /containers/create`). **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Removed In Release: v1.12** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** The `docker ps --before` and `docker ps --since` options are deprecated. Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. @@ -62,15 +62,15 @@ Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. **Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** -**Removed In Release: v1.14** +**Target For Removal In Release: v1.14** The `docker search --automated` and `docker search --stars` options are deprecated. Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead. ### Driver Specific Log Tags -**Deprecated In Release: v1.9** +**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** -**Removed In Release: v1.12** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** Log tags are now generated in a standard way across different logging drivers. Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and @@ -79,9 +79,9 @@ Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` a docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" ### LXC built-in exec driver -**Deprecated In Release: v1.8** +**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** -**Removed In Release: v1.10** +**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** The built-in LXC execution driver, the lxc-conf flag, and API fields have been removed. @@ -139,9 +139,9 @@ The following double-dash options are deprecated and have no replacement: Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 registries. Though disabled by default, this signals the intent to deprecate the v1 protocol. ### Docker Content Trust ENV passphrase variables name change -**Deprecated In Release: v1.9** +**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** -**Removed In Release: v1.12** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the Tagging key has been renamed to Repository key. Due to this renaming, we're also changing the corresponding environment variables From ae11c80580802197278a000260d11f9b72c97f91 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 3 Jun 2016 16:32:37 +0200 Subject: [PATCH 1415/2538] bash completion for `docker search --limit` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5dccb7596c..89b2c5134b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1948,11 +1948,14 @@ _docker_search() { __docker_nospace return ;; + --limit) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter --help --no-trunc" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter --help --limit --no-trunc" -- "$cur" ) ) ;; esac } From e116088cb2ad1f40a70131bc18f7dd581b0eba7f Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 3 Jun 2016 17:04:04 +0200 Subject: [PATCH 1416/2538] bash completion for `docker run` healthcheck options Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 89b2c5134b..99d554cba2 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1726,9 +1726,14 @@ _docker_run() { if [ "$command" = "run" ] ; then options_with_args="$options_with_args --detach-keys + --health-cmd + --health-interval + --health-retries + --health-timeout " boolean_options="$boolean_options --detach -d + --no-healthcheck --rm --sig-proxy=false " From de82bb1c55a2882a1c9d981f3418e8d288297754 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Fri, 3 Jun 2016 21:43:45 +0000 Subject: [PATCH 1417/2538] docs validation fixes Signed-off-by: Sven Dowideit --- docs/reference/commandline/dockerd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 8eab487773..a170e1c726 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -91,7 +91,7 @@ membership. If you need to access the Docker daemon remotely, you need to enable the `tcp` Socket. Beware that the default setup provides un-encrypted and un-authenticated direct access to the Docker daemon - and should be secured -either using the [built in HTTPS encrypted socket](../../security/https/), or by +either using the [built in HTTPS encrypted socket](../../security/https.md), or by putting a secure web proxy in front of it. You can listen on port `2375` on all network interfaces with `-H tcp://0.0.0.0:2375`, or on a particular network interface using its IP address: `-H tcp://192.168.59.103:2375`. It is From 9c351e61c00e8460b6d57d7148b672fb31a5aec6 Mon Sep 17 00:00:00 2001 From: Alexander Morozov Date: Fri, 3 Jun 2016 10:11:52 -0700 Subject: [PATCH 1418/2538] attach: replace interface with simple type Also add docs to detach events Signed-off-by: Alexander Morozov --- docs/reference/commandline/events.md | 2 +- man/docker-events.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index a958a3a1ed..688c05a907 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -21,7 +21,7 @@ parent = "smn_cli" Docker containers report the following events: - attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update + attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update Docker images report the following events: diff --git a/man/docker-events.1.md b/man/docker-events.1.md index 15a5d516a5..4e38b53687 100644 --- a/man/docker-events.1.md +++ b/man/docker-events.1.md @@ -18,7 +18,7 @@ information and real-time information. Docker containers will report the following events: - attach, commit, copy, create, destroy, die, exec_create, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update + attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update Docker images report the following events: From 7e00f19c4fbc341912800a4a1f9f0d4b0f81599f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 3 Jun 2016 13:28:08 +0200 Subject: [PATCH 1419/2538] Healthcheck: set default retries to 3 Signed-off-by: Sebastiaan van Stijn --- docs/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 35d5dfd495..b9a894444b 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1496,7 +1496,7 @@ The options that can appear before `CMD` are: * `--interval=DURATION` (default: `30s`) * `--timeout=DURATION` (default: `30s`) -* `--retries=N` (default: `1`) +* `--retries=N` (default: `3`) The health check will first run **interval** seconds after the container is started, and then again **interval** seconds after each previous check completes. From 0cb3440a21bee3d7bf0c523efdaab959dc6f631d Mon Sep 17 00:00:00 2001 From: John Howard Date: Tue, 3 May 2016 13:56:59 -0700 Subject: [PATCH 1420/2538] Builder default shell Signed-off-by: John Howard --- docs/reference/builder.md | 124 +++++++++++++++++++++++++++++++++++++- 1 file changed, 121 insertions(+), 3 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index b9a894444b..6217d0d341 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -497,7 +497,8 @@ generated images. RUN has 2 forms: -- `RUN ` (*shell* form, the command is run in a shell - `/bin/sh -c`) +- `RUN ` (*shell* form, the command is run in a shell, which by +default is `/bin/sh -c` on Linux or `cmd /S /C` on Windows) - `RUN ["executable", "param1", "param2"]` (*exec* form) The `RUN` instruction will execute any commands in a new layer on top of the @@ -509,7 +510,10 @@ concepts of Docker where commits are cheap and containers can be created from any point in an image's history, much like source control. The *exec* form makes it possible to avoid shell string munging, and to `RUN` -commands using a base image that does not contain `/bin/sh`. +commands using a base image that does not contain the specified shell executable. + +The default shell for the *shell* form can be changed using the `SHELL` +command. In the *shell* form you can use a `\` (backslash) to continue a single RUN instruction onto the next line. For example, consider these two lines: @@ -1469,7 +1473,7 @@ For example you might add something like this: ## STOPSIGNAL - STOPSIGNAL signal + STOPSIGNAL signal The `STOPSIGNAL` instruction sets the system call signal that will be sent to the container to exit. This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9, @@ -1541,6 +1545,120 @@ generated with the new status. The `HEALTHCHECK` feature was added in Docker 1.12. +## SHELL + + SHELL ["executable", "parameters"] + +The `SHELL` instruction allows the default shell used for the *shell* form of +commands to be overridden. The default shell on Linux is `["/bin/sh", "-c"]`, and on +Windows is `["cmd", "/S", "/C"]`. The `SHELL` instruction *must* be written in JSON +form in a Dockerfile. + +The `SHELL` instruction is particularly useful on Windows where there are +two commonly used and quite different native shells: `cmd` and `powershell`, as +well as alternate shells available including `sh`. + +The `SHELL` instruction can appear multiple times. Each `SHELL` instruction overrides +all previous `SHELL` instructions, and affects all subsequent instructions. For example: + + FROM windowsservercore + + # Executed as cmd /S /C echo default + RUN echo default + + # Executed as cmd /S /C powershell -command Write-Host default + RUN powershell -command Write-Host default + + # Executed as powershell -command Write-Host hello + SHELL ["powershell", "-command"] + RUN Write-Host hello + + # Executed as cmd /S /C echo hello + SHELL ["cmd", "/S"", "/C"] + RUN echo hello + +The following instructions can be affected by the `SHELL` instruction when the +*shell* form of them is used in a Dockerfile: `RUN`, `CMD` and `ENTRYPOINT`. + +The following example is a common pattern found on Windows which can be +streamlined by using the `SHELL` instruction: + + ... + RUN powershell -command Execute-MyCmdlet -param1 "c:\foo.txt" + ... + +The command invoked by docker will be: + + cmd /S /C powershell -command Execute-MyCmdlet -param1 "c:\foo.txt" + + This is inefficient for two reasons. First, there is an un-necessary cmd.exe command + processor (aka shell) being invoked. Second, each `RUN` instruction in the *shell* + form requires an extra `powershell -command` prefixing the command. + +To make this more efficient, one of two mechanisms can be employed. One is to +use the JSON form of the RUN command such as: + + ... + RUN ["powershell", "-command", "Execute-MyCmdlet", "-param1 \"c:\\foo.txt\""] + ... + +While the JSON form is unambiguous and does not use the un-necessary cmd.exe, +it does require more verbosity through double-quoting and escaping. The alternate +mechanism is to use the `SHELL` instruction and the *shell* form, +making a more natural syntax for Windows users, especially when combined with +the `escape` parser directive: + + # escape=` + + FROM windowsservercore + SHELL ["powershell","-command"] + RUN New-Item -ItemType Directory C:\Example + ADD Execute-MyCmdlet.ps1 c:\example\ + RUN c:\example\Execute-MyCmdlet -sample 'hello world' + +Resulting in: + + PS E:\docker\build\shell> docker build -t shell . + Sending build context to Docker daemon 3.584 kB + Step 1 : FROM windowsservercore + ---> 5bc36a335344 + Step 2 : SHELL powershell -command + ---> Running in 87d7a64c9751 + ---> 4327358436c1 + Removing intermediate container 87d7a64c9751 + Step 3 : RUN New-Item -ItemType Directory C:\Example + ---> Running in 3e6ba16b8df9 + + + Directory: C:\ + + + Mode LastWriteTime Length Name + ---- ------------- ------ ---- + d----- 6/2/2016 2:59 PM Example + + + ---> 1f1dfdcec085 + Removing intermediate container 3e6ba16b8df9 + Step 4 : ADD Execute-MyCmdlet.ps1 c:\example\ + ---> 6770b4c17f29 + Removing intermediate container b139e34291dc + Step 5 : RUN c:\example\Execute-MyCmdlet -sample 'hello world' + ---> Running in abdcf50dfd1f + Hello from Execute-MyCmdlet.ps1 - passed hello world + ---> ba0e25255fda + Removing intermediate container abdcf50dfd1f + Successfully built ba0e25255fda + PS E:\docker\build\shell> + +The `SHELL` instruction could also be used to modify the way in which +a shell operates. For example, using `SHELL cmd /S /C /V:ON|OFF` on Windows, delayed +environment variable expansion semantics could be modified. + +The `SHELL` instruction can also be used on Linux should an alternate shell be +required such `zsh`, `csh`, `tcsh` and others. + +The `SHELL` feature was added in Docker 1.12. ## Dockerfile examples From 2657fae67d20dda2241e04fb9c6fe7afb4b85e66 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 5 Jun 2016 08:41:58 -0700 Subject: [PATCH 1421/2538] bash completion for detach events Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 99d554cba2..3e2d4cc83b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -980,9 +980,11 @@ _docker_events() { create delete destroy + detach die disconnect exec_create + exec_detach exec_start export import From a9c02ef9399119529b9fb042b8096b306d226e03 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sun, 5 Jun 2016 18:07:34 +0200 Subject: [PATCH 1422/2538] Deprecated the old 3-args form of `docker import` It's been deprecated since November 2013 and v0.6.7. Removing the cli side of it. Signed-off-by: Vincent Demeester --- docs/deprecated.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index 2710a52b48..c054af68ee 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -14,6 +14,13 @@ weight=80 The following list of features are deprecated in Engine. +### Three argument form in `docker import` +**Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +The `docker import` command format 'file|URL|- [REPOSITORY [TAG]]' is deprecated since November 2013. It's no more supported. + ### `-e` and `--email` flags on `docker login` **Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** From e7ec7bbd3330ab1f4da3795850ddc988fecb19a3 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 5 Jun 2016 14:03:23 -0700 Subject: [PATCH 1423/2538] Fix a couple of typos in docker attach docs. This fix fixes a couple of typos in docker attach docs: docs/reference/commandline/attach.md man/docker-attach.1.md Signed-off-by: Yong Tang --- docs/reference/commandline/attach.md | 2 +- man/docker-attach.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 7158e40974..d910872764 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -52,7 +52,7 @@ foreground over a slow client connection. Instead, users should use the ## Override the detach sequence If you want, you can configure an override the Docker key sequence for detach. -This is is useful if the Docker default sequence conflicts with key squence you +This is useful if the Docker default sequence conflicts with key sequence you use for other applications. There are two ways to defines a your own detach key sequence, as a per-container override or as a configuration property on your entire configuration. diff --git a/man/docker-attach.1.md b/man/docker-attach.1.md index 5ddf96f68b..c02522eb52 100644 --- a/man/docker-attach.1.md +++ b/man/docker-attach.1.md @@ -44,7 +44,7 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). # Override the detach sequence If you want, you can configure an override the Docker key sequence for detach. -This is is useful if the Docker default sequence conflicts with key squence you +This is useful if the Docker default sequence conflicts with key sequence you use for other applications. There are two ways to defines a your own detach key sequence, as a per-container override or as a configuration property on your entire configuration. From 6a41b34f89242b6fe1e673b03708a7b72943dabd Mon Sep 17 00:00:00 2001 From: Tianyi Wang Date: Mon, 30 May 2016 18:07:15 +0900 Subject: [PATCH 1424/2538] Fix zsh completion - List all containers on `docker rm -f` Signed-off-by: Tianyi Wang --- contrib/completion/zsh/_docker | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8ac3e7fe49..8cd11199a4 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1138,7 +1138,16 @@ __docker_subcommand() { "($help -f --force)"{-f,--force}"[Force removal]" \ "($help -l --link)"{-l,--link}"[Remove the specified link and not the underlying container]" \ "($help -v --volumes)"{-v,--volumes}"[Remove the volumes associated to the container]" \ - "($help -)*:containers:__docker_stoppedcontainers" && ret=0 + "($help -)*:containers:->values" && ret=0 + case $state in + (values) + if [[ ${words[(r)-f]} == -f || ${words[(r)--force]} == --force ]]; then + __docker_containers && ret=0 + else + __docker_stoppedcontainers && ret=0 + fi + ;; + esac ;; (rmi) _arguments $(__docker_arguments) \ From 13ef210b8b81fecdf5a781320c2a07fb74a5b3e1 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 11 Apr 2016 11:17:52 -0400 Subject: [PATCH 1425/2538] Add support for volume scopes This is similar to network scopes where a volume can either be `local` or `global`. A `global` volume is one that exists across the entire cluster where as a `local` volume exists on a single engine. Signed-off-by: Brian Goff --- docs/extend/plugins_volume.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 5c2ebb49bc..a70a2c3ee2 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -20,6 +20,7 @@ documentation](plugins.md) for more information. ### 1.12.0 - Add `Status` field to `VolumeDriver.Get` response ([#21006](https://github.com/docker/docker/pull/21006#)) +- Add `VolumeDriver.Capabilities` to get capabilities of the volume driver([#22077](https://github.com/docker/docker/pull/22077)) ### 1.10.0 @@ -236,3 +237,29 @@ Get the list of volumes registered with the plugin. ``` Respond with a string error if an error occurred. + +### /VolumeDriver.Capabilities + +**Request**: +```json +{} +``` + +Get the list of capabilities the driver supports. +The driver is not required to implement this endpoint, however in such cases +the default values will be taken. + +**Response**: +```json +{ + "Capabilities": { + "Scope": "global" + } +} +``` + +Supported scopes are `global` and `local`. Any other value in `Scope` will be +ignored and assumed to be `local`. Scope allows cluster managers to handle the +volume differently, for instance with a scope of `global`, the cluster manager +knows it only needs to create the volume once instead of on every engine. More +capabilities may be added in the future. From 6842d97361f7cdae162de699692208113e4f02a9 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 6 Jun 2016 09:03:31 +0200 Subject: [PATCH 1426/2538] Add zsh completion for 'docker search --limit' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8cd11199a4..9ebe2cc4d2 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1193,6 +1193,7 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ + "($help)--limit=[Maximum returned search results]:limit:(1 5 10 25 50)" \ "($help)--no-trunc[Do not truncate output]" \ "($help -):term: " && ret=0 From d04810fa1448e042645675d675b0a19ca98861ff Mon Sep 17 00:00:00 2001 From: Shijiang Wei Date: Mon, 6 Jun 2016 13:50:29 +0800 Subject: [PATCH 1427/2538] docs: correct network create command Signed-off-by: Shijiang Wei --- docs/reference/commandline/network_create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index f44c5eff29..bb0060e3d0 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -101,7 +101,7 @@ disconnect` command. When you create a network, Engine creates a non-overlapping subnetwork for the network by default. This subnetwork is not a subdivision of an existing network. It is purely for ip-addressing purposes. You can override this default and specify subnetwork values directly using the `--subnet` option. On a `bridge` network you can only create a single subnet: ```bash -docker network create -d --subnet=192.168.0.0/16 +docker network create --driver=bridge --subnet=192.168.0.0/16 br0 ``` Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` options. From 83e27e1f93e748adf06f3b68a8a830abb5021dc1 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 6 Jun 2016 10:01:15 +0200 Subject: [PATCH 1428/2538] fix bash completion for dockerd with path Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 3e2d4cc83b..20368382eb 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2319,7 +2319,7 @@ _docker() { done local binary="${words[0]}" - if [[ $binary == dockerd ]] ; then + if [[ $binary == ?(*/)dockerd ]] ; then # for the dockerd binary, we reuse completion of `docker daemon`. # dockerd does not have subcommands and global options. command=daemon From 7a63e88e36a70a8e4c9a85c4dcf9a7cfd9fe9d5e Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 6 Jun 2016 19:06:50 -0700 Subject: [PATCH 1429/2538] Fix a couple of typos in the docs of `docker attach` This fix fixed a couple of typos in the docs of `docker attach`: docs/reference/commandline/attach.md man/docker-attach.1.md Signed-off-by: Yong Tang --- docs/reference/commandline/attach.md | 2 +- man/docker-attach.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index d910872764..b70c26f452 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -53,7 +53,7 @@ foreground over a slow client connection. Instead, users should use the If you want, you can configure an override the Docker key sequence for detach. This is useful if the Docker default sequence conflicts with key sequence you -use for other applications. There are two ways to defines a your own detach key +use for other applications. There are two ways to define your own detach key sequence, as a per-container override or as a configuration property on your entire configuration. diff --git a/man/docker-attach.1.md b/man/docker-attach.1.md index c02522eb52..c39d1c9290 100644 --- a/man/docker-attach.1.md +++ b/man/docker-attach.1.md @@ -45,7 +45,7 @@ attaching to a tty-enabled container (i.e.: launched with `-t`). If you want, you can configure an override the Docker key sequence for detach. This is useful if the Docker default sequence conflicts with key sequence you -use for other applications. There are two ways to defines a your own detach key +use for other applications. There are two ways to define your own detach key sequence, as a per-container override or as a configuration property on your entire configuration. From 2c4b446f799f1644806a1bf08905a5bbd26518ea Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 3 Jun 2016 19:38:03 +0200 Subject: [PATCH 1430/2538] Deprecate /containers/(id or name)/copy endpoint This endpoint has been deprecated since 1.8. Return an error starting from this API version (1.24) in order to make sure it's not used for the next API version and so that we can remove it some times later. Signed-off-by: Vincent Demeester --- docs/deprecated.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index c054af68ee..79e10c0bbc 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -35,6 +35,14 @@ The docker login command is removing the ability to automatically register for a The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consinstency with other similar flags, like `--storage-opt`. +### `/containers/(id or name)/copy` endpoint + +**Deprecated In Release: v1.8** + +**Removed In Release: v1.12.0** + +The endpoint `/containers/(id or name)/copy` is deprecated in favor of `/containers/(id or name)/archive`. + ### Ambiguous event fields in API **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** From aa8edfdb77ba671e19807d7649ca1d047e0c2d58 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Fri, 3 Jun 2016 15:28:19 +0200 Subject: [PATCH 1431/2538] man: mv config-json.5 to docker-config-json.5 Signed-off-by: Antonio Murdaca --- man/{config-json.5.md => docker-config-json.5.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename man/{config-json.5.md => docker-config-json.5.md} (100%) diff --git a/man/config-json.5.md b/man/docker-config-json.5.md similarity index 100% rename from man/config-json.5.md rename to man/docker-config-json.5.md From eef6bd0b233dcc6b16fb694fe5b9ac3595b4833f Mon Sep 17 00:00:00 2001 From: Sainath Grandhi Date: Fri, 27 May 2016 12:20:31 -0700 Subject: [PATCH 1432/2538] Adding network filter to docker ps command Signed-off-by: Sainath Grandhi --- docs/reference/commandline/ps.md | 13 ++++++++++++- man/docker-ps.1.md | 1 + 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 1dda728a7f..71c4fe5dc7 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -62,7 +62,7 @@ The currently supported filters are: * since (container's id or name) - filters containers created since given id or name * isolation (default|process|hyperv) (Windows daemon only) * volume (volume name or mount point) - filters containers that mount volumes. - +* network (network name) - filters containers connected to the provided network name #### Label @@ -207,6 +207,17 @@ The `volume` filter shows only containers that mount a specific volume or have a CONTAINER ID MOUNTS 9c3527ed70ce remote-volume +#### Network + +The `network` filter shows only containers that has endpoints on the provided network name. + + $docker run -d --net=net1 --name=test1 ubuntu top + $docker run -d --net=net2 --name=test2 ubuntu top + + $docker ps --filter network=net1 + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 + ## Formatting diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index f567966487..0c2404b573 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -36,6 +36,7 @@ the running containers. - since=(|) - ancestor=([:tag]||) - containers created from an image or a descendant. - volume=(|) + - network=() - containers connected to the provided network name **--format**="*TEMPLATE*" Pretty-print containers using a Go template. From 44cc95141e7f2e16e5684f4471165019721cd646 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 6 Jun 2016 02:04:33 +0200 Subject: [PATCH 1433/2538] add support for filtering by network ID This adds support for filtering by network ID, to be consistent with other filter options. Note that only *full* matches are returned; this is consistent with other filters (e.g. volume), that also return full matches only. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/ps.md | 32 +++++++++++++++++++++++++------- man/docker-ps.1.md | 2 +- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 71c4fe5dc7..c661c653dc 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -62,7 +62,7 @@ The currently supported filters are: * since (container's id or name) - filters containers created since given id or name * isolation (default|process|hyperv) (Windows daemon only) * volume (volume name or mount point) - filters containers that mount volumes. -* network (network name) - filters containers connected to the provided network name +* network (network id or name) - filters containers connected to the provided network #### Label @@ -209,15 +209,33 @@ The `volume` filter shows only containers that mount a specific volume or have a #### Network -The `network` filter shows only containers that has endpoints on the provided network name. +The `network` filter shows only containers that are connected to a network with +a given name or id. - $docker run -d --net=net1 --name=test1 ubuntu top - $docker run -d --net=net2 --name=test2 ubuntu top +The following filter matches all containers that are connected to a network +with a name containing `net1`. - $docker ps --filter network=net1 - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 +```bash +$ docker run -d --net=net1 --name=test1 ubuntu top +$ docker run -d --net=net2 --name=test2 ubuntu top +$ docker ps --filter network=net1 +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 +``` + +The network filter matches on both the network's name and id. The following +example shows all containers that are attached to the `net1` network, using +the network id as a filter; + +```bash +$ docker network inspect --format "{{.ID}}" net1 +8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 + +$ docker ps --filter network=8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 +``` ## Formatting diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index 0c2404b573..14c770121f 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -36,7 +36,7 @@ the running containers. - since=(|) - ancestor=([:tag]||) - containers created from an image or a descendant. - volume=(|) - - network=() - containers connected to the provided network name + - network=(|) - containers connected to the provided network **--format**="*TEMPLATE*" Pretty-print containers using a Go template. From a15b94e1bcbf40325a0604af84864b9c95d800d4 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 7 Jun 2016 12:44:17 -0700 Subject: [PATCH 1434/2538] bash completion for `docker ps --filter network` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 20368382eb..6d48f0b2fa 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1516,6 +1516,11 @@ _docker_ps() { __docker_complete_container_names return ;; + network) + cur="${cur##*=}" + __docker_complete_networks + return + ;; since) cur="${cur##*=}" __docker_complete_containers_all @@ -1534,7 +1539,7 @@ _docker_ps() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "ancestor before exited id label name since status volume" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "ancestor before exited id label name network since status volume" -- "$cur" ) ) __docker_nospace return ;; From bb0afa7381abbe7433686cbc5bf2f255a0d2a1bc Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 6 Jun 2016 14:20:41 +0200 Subject: [PATCH 1435/2538] network docs cleanup This fixes some Markup and formatting issues in the network documentation; - wrap text to 80 chars - add missing language hints for code examples - add missing line continuations (\) - update USAGE output for Cobra Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/network_create.md | 94 +++++++++++++------- man/docker-network-create.1.md | 37 +++++--- 2 files changed, 85 insertions(+), 46 deletions(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index bb0060e3d0..4d5e17bda6 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -10,22 +10,27 @@ parent = "smn_cli" # network create - Usage: docker network create [OPTIONS] NETWORK-NAME +```markdown +Usage: docker network create [OPTIONS] - Creates a new network with a name specified by the user +Create a network - --aux-address=map[] Auxiliary ipv4 or ipv6 addresses used by network driver - -d --driver=DRIVER Driver to manage the Network bridge or overlay. The default is bridge. - --gateway=[] ipv4 or ipv6 Gateway for the master subnet - --help Print usage - --internal Restricts external access to the network - --ip-range=[] Allocate container ip from a sub-range - --ipam-driver=default IP Address Management Driver - --ipam-opt=map[] Set custom IPAM driver specific options - --ipv6 Enable IPv6 networking - --label=[] Set metadata on a network - -o --opt=map[] Set custom driver specific options - --subnet=[] Subnet in CIDR format that represents a network segment +Options: + --aux-address value auxiliary ipv4 or ipv6 addresses used by Network + driver (default map[]) + -d, --driver string Driver to manage the Network (default "bridge") + --gateway value ipv4 or ipv6 Gateway for the master subnet (default []) + --help Print usage + --internal restricts external access to the network + --ip-range value allocate container ip from a sub-range (default []) + --ipam-driver string IP Address Management Driver (default "default") + --ipam-opt value set IPAM driver specific options (default map[]) + --ipv6 enable IPv6 networking + --label value Set metadata on a network (default []) + -o, --opt value Set driver specific options (default map[]) + --subnet value subnet in CIDR format that represents a + network segment (default []) +``` Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the built-in network drivers. If you have installed a third party or your own custom @@ -51,7 +56,7 @@ conditions are: * A cluster of hosts with connectivity to the key-value store. * A properly configured Engine `daemon` on each host in the cluster. -The `docker daemon` options that support the `overlay` network are: +The `dockerd` options that support the `overlay` network are: * `--cluster-store` * `--cluster-store-opt` @@ -98,15 +103,26 @@ disconnect` command. ## Specifying advanced options -When you create a network, Engine creates a non-overlapping subnetwork for the network by default. This subnetwork is not a subdivision of an existing network. It is purely for ip-addressing purposes. You can override this default and specify subnetwork values directly using the `--subnet` option. On a `bridge` network you can only create a single subnet: +When you create a network, Engine creates a non-overlapping subnetwork for the +network by default. This subnetwork is not a subdivision of an existing +network. It is purely for ip-addressing purposes. You can override this default +and specify subnetwork values directly using the `--subnet` option. On a +`bridge` network you can only create a single subnet: ```bash -docker network create --driver=bridge --subnet=192.168.0.0/16 br0 +$ docker network create --driver=bridge --subnet=192.168.0.0/16 br0 ``` -Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` options. + +Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` +options. ```bash -network create --driver=bridge --subnet=172.28.0.0/16 --ip-range=172.28.5.0/24 --gateway=172.28.5.254 br0 +$ docker network create \ + --driver=bridge \ + --subnet=172.28.0.0/16 \ + --ip-range=172.28.5.0/24 \ + --gateway=172.28.5.254 \ + br0 ``` If you omit the `--gateway` flag the Engine selects one for you from inside a @@ -114,20 +130,25 @@ preferred pool. For `overlay` networks and for network driver plugins that support it you can create multiple subnetworks. ```bash -docker network create -d overlay - --subnet=192.168.0.0/16 --subnet=192.170.0.0/16 - --gateway=192.168.0.100 --gateway=192.170.0.100 - --ip-range=192.168.1.0/24 - --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 - --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 +$ docker network create -d overlay \ + --subnet=192.168.0.0/16 \ + --subnet=192.170.0.0/16 \ + --gateway=192.168.0.100 \ + --gateway=192.170.0.100 \ + --ip-range=192.168.1.0/24 \ + --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 \ + --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 \ my-multihost-network ``` -Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. + +Be sure that your subnetworks do not overlap. If they do, the network create +fails and Engine returns an error. # Bridge driver options -When creating a custom network, the default network driver (i.e. `bridge`) has additional options that can be passed. -The following are those options and the equivalent docker daemon flags used for docker0 bridge: +When creating a custom network, the default network driver (i.e. `bridge`) has +additional options that can be passed. The following are those options and the +equivalent docker daemon flags used for docker0 bridge: | Option | Equivalent | Description | |--------------------------------------------------|-------------|-------------------------------------------------------| @@ -137,8 +158,8 @@ The following are those options and the equivalent docker daemon flags used for | `com.docker.network.bridge.host_binding_ipv4` | `--ip` | Default IP when binding container ports | | `com.docker.network.mtu` | `--mtu` | Set the containers network MTU | -The following arguments can be passed to `docker network create` for any network driver, again with their approximate -equivalents to `docker daemon`. +The following arguments can be passed to `docker network create` for any +network driver, again with their approximate equivalents to `docker daemon`. | Argument | Equivalent | Description | |--------------|----------------|--------------------------------------------| @@ -148,16 +169,21 @@ equivalents to `docker daemon`. | `--ipv6` | `--ipv6` | Enable IPv6 networking | | `--subnet` | `--bip` | Subnet for network | -For example, let's use `-o` or `--opt` options to specify an IP address binding when publishing ports: +For example, let's use `-o` or `--opt` options to specify an IP address binding +when publishing ports: ```bash -docker network create -o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" simple-network +$ docker network create \ + -o "com.docker.network.bridge.host_binding_ipv4"="172.19.0.1" \ + simple-network ``` ### Network internal mode -By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. -If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. +By default, when you connect a container to an `overlay` network, Docker also +connects a bridge network to it to provide external connectivity. If you want +to create an externally isolated `overlay` network, you can specify the +`--internal` option. ## Related information diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index 47178aed57..0ca1c4cc79 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -101,12 +101,19 @@ specify subnetwork values directly using the `--subnet` option. On a `bridge` network you can only create a single subnet: ```bash -docker network create -d bridge --subnet=192.168.0.0/16 br0 +$ docker network create -d bridge --subnet=192.168.0.0/16 br0 ``` -Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` options. + +Additionally, you also specify the `--gateway` `--ip-range` and `--aux-address` +options. ```bash -network create --driver=bridge --subnet=172.28.0.0/16 --ip-range=172.28.5.0/24 --gateway=172.28.5.254 br0 +$ docker network create \ + --driver=bridge \ + --subnet=172.28.0.0/16 \ + --ip-range=172.28.5.0/24 \ + --gateway=172.28.5.254 \ + br0 ``` If you omit the `--gateway` flag the Engine selects one for you from inside a @@ -114,20 +121,26 @@ preferred pool. For `overlay` networks and for network driver plugins that support it you can create multiple subnetworks. ```bash -docker network create -d overlay - --subnet=192.168.0.0/16 --subnet=192.170.0.0/16 - --gateway=192.168.0.100 --gateway=192.170.0.100 - --ip-range=192.168.1.0/24 - --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 - --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 +$ docker network create -d overlay \ + --subnet=192.168.0.0/16 \ + --subnet=192.170.0.0/16 \ + --gateway=192.168.0.100 \ + --gateway=192.170.0.100 \ + --ip-range=192.168.1.0/24 \ + --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 \ + --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 \ my-multihost-network ``` -Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. + +Be sure that your subnetworks do not overlap. If they do, the network create +fails and Engine returns an error. ### Network internal mode -By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. -If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. +By default, when you connect a container to an `overlay` network, Docker also +connects a bridge network to it to provide external connectivity. If you want +to create an externally isolated `overlay` network, you can specify the +`--internal` option. # OPTIONS **--aux-address**=map[] From 478055c89c7e790ecb001e9c84467ddab818c968 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 8 Jun 2016 17:40:37 +0200 Subject: [PATCH 1436/2538] Update docker-load documentation Signed-off-by: Vincent Demeester --- docs/reference/commandline/load.md | 12 ++++++++++-- man/docker-load.1.md | 11 +++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index 0b40fde2f3..60f4076c77 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -12,11 +12,12 @@ parent = "smn_cli" Usage: docker load [OPTIONS] - Load an image from a tar archive or STDIN + Load an image from a tar archive or STDIN and shows image names or + IDs imported. --help Print usage -i, --input="" Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz - -q, --quiet Suppress the load output. Without this option, a progress bar is displayed. + -q, --quiet Suppress the load progress bar but still outputs the imported images Loads a tarred repository from a file or the standard input stream. Restores both images and tags. @@ -24,10 +25,17 @@ Restores both images and tags. $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE $ docker load < busybox.tar.gz + # […] + Loaded image: busybox:latest $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB $ docker load --input fedora.tar + # […] + Loaded image: fedora:rawhide + # […] + Loaded image: fedora:20 + # […] $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB diff --git a/man/docker-load.1.md b/man/docker-load.1.md index c54fe607b9..b165173047 100644 --- a/man/docker-load.1.md +++ b/man/docker-load.1.md @@ -13,7 +13,8 @@ docker-load - Load an image from a tar archive or STDIN # DESCRIPTION Loads a tarred repository from a file or the standard input stream. -Restores both images and tags. +Restores both images and tags. Write image names or IDs imported it +standard output stream. # OPTIONS **--help** @@ -23,7 +24,7 @@ Restores both images and tags. Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz. **-q**, **--quiet** - Suppress the load output. Without this option, a progress bar is displayed. + Suppress the load progress bar but still outputs the imported images. # EXAMPLES @@ -31,6 +32,11 @@ Restores both images and tags. REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB $ docker load --input fedora.tar + # […] + Loaded image: fedora:rawhide + # […] + Loaded image: fedora:20 + # […] $ docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 769b9341d937 7 weeks ago 2.489 MB @@ -47,3 +53,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. June 2014, updated by Sven Dowideit July 2015 update by Mary Anthony +June 2016 update by Vincent Demeester From 427f525b79d5107d5d7791acb0e49d9f9edc8237 Mon Sep 17 00:00:00 2001 From: Kirill Kolyshkin Date: Wed, 8 Jun 2016 11:24:56 -0700 Subject: [PATCH 1437/2538] docs/extend/plugins.md: add docker-volume-ploop Added docker-volume-ploop driver to the list of available volume plugins. Signed-off-by: Kir Kolyshkin --- docs/extend/plugins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 222a2dbf65..5bc29ef23c 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -65,6 +65,7 @@ Plugin [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. [REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. +[Virtuozzo Storage and Ploop plugin](https://github.com/virtuozzo/docker-volume-ploop) | A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices. [VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere) | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments. ### Authorization plugins From 2d10f52d010303335804b8a3d20f7af76d51a490 Mon Sep 17 00:00:00 2001 From: Andrew Po Date: Thu, 9 Jun 2016 16:39:50 +0300 Subject: [PATCH 1438/2538] Fixing man page link Signed-off-by: Andrew Po --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index f57f4526bb..7a5db6e833 100644 --- a/docs/README.md +++ b/docs/README.md @@ -284,5 +284,5 @@ aws cloudfront create-invalidation --profile docs.docker.com --distribution-id ### Generate the man pages For information on generating man pages (short for manual page), see the README.md -document in [the man page directory](https://github.com/docker/docker/tree/master/docker) +document in [the man page directory](https://github.com/docker/docker/tree/master/man) in this project. From 26e3227441c431f4f3989c247ca33d90d4b94056 Mon Sep 17 00:00:00 2001 From: Victoria Bialas Date: Tue, 7 Jun 2016 17:42:00 -0700 Subject: [PATCH 1439/2538] re-doing Docker Engine overview topics for v.1.12 fixed broken links created from Engine Overview update by adding missing topic to daemon reference page and updating the hrefs in the api pages Signed-off-by: Victoria Bialas --- docs/reference/commandline/dockerd.md | 64 ++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index a170e1c726..6888c14ef4 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -139,6 +139,68 @@ The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes precedence over `HTTP_PROXY`. +### Bind Docker to another host/port or a Unix socket + +> **Warning**: +> Changing the default `docker` daemon binding to a +> TCP port or Unix *docker* user group will increase your security risks +> by allowing non-root users to gain *root* access on the host. Make sure +> you control access to `docker`. If you are binding +> to a TCP port, anyone with access to that port has full Docker access; +> so it is not advisable on an open network. + +With `-H` it is possible to make the Docker daemon to listen on a +specific IP and port. By default, it will listen on +`unix:///var/run/docker.sock` to allow only local connections by the +*root* user. You *could* set it to `0.0.0.0:2375` or a specific host IP +to give access to everybody, but that is **not recommended** because +then it is trivial for someone to gain root access to the host where the +daemon is running. + +Similarly, the Docker client can use `-H` to connect to a custom port. +The Docker client will default to connecting to `unix:///var/run/docker.sock` +on Linux, and `tcp://127.0.0.1:2376` on Windows. + +`-H` accepts host and port assignment in the following format: + + tcp://[host]:[port][path] or unix://path + +For example: + +- `tcp://` -> TCP connection to `127.0.0.1` on either port `2376` when TLS encryption + is on, or port `2375` when communication is in plain text. +- `tcp://host:2375` -> TCP connection on + host:2375 +- `tcp://host:2375/path` -> TCP connection on + host:2375 and prepend path to all requests +- `unix://path/to/socket` -> Unix socket located + at `path/to/socket` + +`-H`, when empty, will default to the same value as +when no `-H` was passed in. + +`-H` also accepts short form for TCP bindings: + + `host:` or `host:port` or `:port` + +Run Docker in daemon mode: + + $ sudo /dockerd -H 0.0.0.0:5555 & + +Download an `ubuntu` image: + + $ docker -H :5555 pull ubuntu + +You can use multiple `-H`, for example, if you want to listen on both +TCP and a Unix socket + + # Run docker in daemon mode + $ sudo /dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock & + # Download an ubuntu image, use default Unix socket + $ docker pull ubuntu + # OR use the TCP port + $ docker -H tcp://127.0.0.1:2375 pull ubuntu + ### Daemon storage-driver option The Docker daemon has support for several different image layer storage @@ -529,7 +591,7 @@ can specify default container isolation technology with this, for example: Will make `hyperv` the default isolation technology on Windows. If no isolation value is specified on daemon start, on Windows client, the default is -`hyperv`, and on Windows server, the default is `process`. +`hyperv`, and on Windows server, the default is `process`. ## Daemon DNS options From 02eead1a96fa3595a3b79c79f159b1ef3ab72f56 Mon Sep 17 00:00:00 2001 From: Ahmet Alp Balkan Date: Thu, 9 Jun 2016 13:47:15 -0700 Subject: [PATCH 1440/2538] docs: Add Azure File Storage Volume Driver plugin Signed-off-by: Ahmet Alp Balkan --- docs/extend/plugins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 5bc29ef23c..477163fa51 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -49,6 +49,7 @@ Plugin Plugin | Description ----------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +[Azure File Storage plugin](https://github.com/Azure/azurefile-dockervolumedriver) | Lets you mount Microsoft [Azure File Storage](https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/) shares to Docker containers as volumes using the SMB 3.0 protocol. [Learn more](https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/). [Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. [Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption using ceph underneath. [Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. From 27f2b96b70b0a231ec56c45e9680381f1f14add2 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 11 Jun 2016 14:14:02 +0200 Subject: [PATCH 1441/2538] Add zsh completion for 'docker {create,run} --pid' values Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 9ebe2cc4d2..e317777825 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -274,6 +274,31 @@ __docker_complete_detach_keys() { _describe -t detach_keys-ctrl "'ctrl-' + 'a-z @ [ \\\\ ] ^ _'" ctrl_keys -qS "," && ret=0 } +__docker_complete_pid() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + local -a opts vopts + + opts=('host') + vopts=('container') + + if compset -P '*:'; then + case "${${words[-1]%:*}#*=}" in + (container) + __docker_runningcontainers && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + _describe -t pid-value-opts "PID Options with value" vopts -qS ":" && ret=0 + _describe -t pid-opts "PID Options" opts && ret=0 + fi + + return ret +} + __docker_complete_ps_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -750,7 +775,7 @@ __docker_subcommand() { "($help)--pids-limit[Tune container pids limit (set -1 for unlimited)]" "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]" "($help)*"{-p=,--publish=}"[Expose a container's port to the host]:port:_ports" - "($help)--pid=[PID namespace to use]:PID namespace: " + "($help)--pid=[PID namespace to use]:PID namespace:__docker_complete_pid" "($help)--privileged[Give extended privileges to this container]" "($help)--read-only[Mount the container's root filesystem as read only]" "($help)*--security-opt=[Security options]:security option: " From a2fbaa24cb7e97579614f8386dfab76915da0607 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 11 Jun 2016 15:22:41 +0200 Subject: [PATCH 1442/2538] Add zsh completion for 'docker events --filter' values Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 56 +++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index e317777825..3c6e17ade5 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -387,6 +387,60 @@ __docker_complete_images_filters() { return ret } +__docker_complete_events_filter() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + declare -a opts + + opts=('container' 'daemon' 'event' 'image' 'label' 'network' 'type' 'volume') + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (container) + __docker_containers && ret=0 + ;; + (daemon) + emulate -L zsh + setopt extendedglob + local -a daemon_opts + daemon_opts=( + ${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Name: }%%$'\n'^ *}} + ${${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'ID: }%%$'\n'^ *}}//:/\\:} + ) + _describe -t daemon-filter-opts "daemon filter options" daemon_opts && ret=0 + ;; + (event) + local -a event_opts + event_opts=('attach' 'commit' 'connect' 'copy' 'create' 'delete' 'destroy' 'detach' 'die' 'disconnect' 'exec_create' 'exec_detach' + 'exec_start' 'export' 'import' 'kill' 'mount' 'oom' 'pause' 'pull' 'push' 'reload' 'rename' 'resize' 'restart' 'start' 'stop' 'tag' + 'top' 'unmount' 'unpause' 'untag' 'update') + _describe -t event-filter-opts "event filter options" event_opts && ret=0 + ;; + (image) + __docker_images && ret=0 + ;; + (network) + __docker_networks && ret=0 + ;; + (type) + local -a type_opts + type_opts=('container' 'daemon' 'image' 'network' 'volume') + _describe -t type-filter-opts "type filter options" type_opts && ret=0 + ;; + (volume) + __docker_volumes && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + _describe -t filter-opts "filter options" opts -qS "=" && ret=0 + fi + + return ret +} + __docker_network_complete_ls_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -961,7 +1015,7 @@ __docker_subcommand() { (events) _arguments $(__docker_arguments) \ $opts_help \ - "($help)*"{-f=,--filter=}"[Filter values]:filter: " \ + "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_events_filter" \ "($help)--since=[Events created since this timestamp]:timestamp: " \ "($help)--until=[Events created until this timestamp]:timestamp: " && ret=0 ;; From f348cdda97ac1d8a62d36822f42a15d5d8a3a62f Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 11 Jun 2016 16:53:26 +0200 Subject: [PATCH 1443/2538] Add zsh completion for 'docker ps --filter=network' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3c6e17ade5..435d7baf5e 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -317,6 +317,9 @@ __docker_complete_ps_filters() { (name) __docker_containers_names && ret=0 ;; + (network) + __docker_networks && ret=0 + ;; (status) status_opts=('created' 'dead' 'exited' 'paused' 'restarting' 'running') _describe -t status-filter-opts "Status Filter Options" status_opts && ret=0 @@ -329,7 +332,7 @@ __docker_complete_ps_filters() { ;; esac else - opts=('ancestor' 'before' 'exited' 'id' 'label' 'name' 'since' 'status' 'volume') + opts=('ancestor' 'before' 'exited' 'id' 'label' 'name' 'network' 'since' 'status' 'volume') _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 fi @@ -1171,7 +1174,7 @@ __docker_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Show all containers]" \ "($help)--before=[Show only container created before...]:containers:__docker_containers" \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ + "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \ "($help)--format[Pretty-print containers using a Go template]:format: " \ "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ "($help)-n[Show n last created containers, include non-running one]:n:(1 5 10 25 50)" \ @@ -1179,12 +1182,6 @@ __docker_subcommand() { "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -s --size)"{-s,--size}"[Display total file sizes]" \ "($help)--since=[Show only containers created since...]:containers:__docker_containers" && ret=0 - - case $state in - (filter-options) - __docker_complete_ps_filters && ret=0 - ;; - esac ;; (pull) _arguments $(__docker_arguments) \ From 26fdf31cf82db8a93e3fba10acbad884260618c5 Mon Sep 17 00:00:00 2001 From: Kevin Burke Date: Sat, 11 Jun 2016 12:33:09 -0700 Subject: [PATCH 1444/2538] typo in builder.md: its => it's Signed-off-by: Kevin Burke --- docs/reference/builder.md | 102 +++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 6217d0d341..9635bddfa9 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -115,11 +115,11 @@ The instruction is not case-sensitive. However, convention is for them to be UPPERCASE to distinguish them from arguments more easily. -Docker runs instructions in a `Dockerfile` in order. **The first +Docker runs instructions in a `Dockerfile` in order. **The first instruction must be \`FROM\`** in order to specify the [*Base -Image*](glossary.md#base-image) from which you are building. +Image*](glossary.md#base-image) from which you are building. -Docker treats lines that *begin* with `#` as a comment, unless the line is +Docker treats lines that *begin* with `#` as a comment, unless the line is a valid [parser directive](builder.md#parser directives). A `#` marker anywhere else in a line is treated as an argument. This allows statements like: @@ -132,20 +132,20 @@ Line continuation characters are not supported in comments. ## Parser directives -Parser directives are optional, and affect the way in which subsequent lines +Parser directives are optional, and affect the way in which subsequent lines in a `Dockerfile` are handled. Parser directives do not add layers to the build, and will not be shown as a build step. Parser directives are written as a special type of comment in the form `# directive=value`. A single directive may only be used once. -Once a comment, empty line or builder instruction has been processed, Docker +Once a comment, empty line or builder instruction has been processed, Docker no longer looks for parser directives. Instead it treats anything formatted as a parser directive as a comment and does not attempt to validate if it might be a parser directive. Therefore, all parser directives must be at the very -top of a `Dockerfile`. +top of a `Dockerfile`. Parser directives are not case-sensitive. However, convention is for them to -be lowercase. Convention is also to include a blank line following any +be lowercase. Convention is also to include a blank line following any parser directives. Line continuation characters are not supported in parser directives. @@ -166,7 +166,7 @@ Invalid due to appearing twice: FROM ImageName ``` - + Treated as a comment due to appearing after a builder instruction: ```Dockerfile @@ -190,10 +190,10 @@ a comment which is not a parser directive. ```Dockerfile # unknowndirective=value # knowndirective=value -``` - +``` + Non line-breaking whitespace is permitted in a parser directive. Hence, the -following lines are all treated identically: +following lines are all treated identically: ```Dockerfile #directive=value @@ -215,26 +215,26 @@ Or # escape=` (backtick) -The `escape` directive sets the character used to escape characters in a -`Dockerfile`. If not specified, the default escape character is `\`. +The `escape` directive sets the character used to escape characters in a +`Dockerfile`. If not specified, the default escape character is `\`. The escape character is used both to escape characters in a line, and to escape a newline. This allows a `Dockerfile` instruction to span multiple lines. Note that regardless of whether the `escape` parser -directive is included in a `Dockerfile`, *escaping is not performed in -a `RUN` command, except at the end of a line.* +directive is included in a `Dockerfile`, *escaping is not performed in +a `RUN` command, except at the end of a line.* -Setting the escape character to `` ` `` is especially useful on -`Windows`, where `\` is the directory path separator. `` ` `` is consistent +Setting the escape character to `` ` `` is especially useful on +`Windows`, where `\` is the directory path separator. `` ` `` is consistent with [Windows PowerShell](https://technet.microsoft.com/en-us/library/hh847755.aspx). -Consider the following example which would fail in a non-obvious way on +Consider the following example which would fail in a non-obvious way on `Windows`. The second `\` at the end of the second line would be interpreted as an -escape for the newline, instead of a target of the escape from the first `\`. +escape for the newline, instead of a target of the escape from the first `\`. Similarly, the `\` at the end of the third line would, assuming it was actually handled as an instruction, cause it be treated as a line continuation. The result of this dockerfile is that second and third lines are considered a single -instruction: +instruction: ```Dockerfile FROM windowsservercore @@ -250,18 +250,18 @@ Results in: ---> dbfee88ee9fd Step 2 : COPY testfile.txt c:RUN dir c: GetFileAttributesEx c:RUN: The system cannot find the file specified. - PS C:\John> + PS C:\John> One solution to the above would be to use `/` as the target of both the `COPY` instruction, and `dir`. However, this syntax is, at best, confusing as it is not natural for paths on `Windows`, and at worst, error prone as not all commands on `Windows` support `/` as the path separator. -By adding the `escape` parser directive, the following `Dockerfile` succeeds as +By adding the `escape` parser directive, the following `Dockerfile` succeeds as expected with the use of natural platform semantics for file paths on `Windows`: # escape=` - + FROM windowsservercore COPY testfile.txt c:\ RUN dir c:\ @@ -279,9 +279,9 @@ Results in: ---> Running in a5ff53ad6323 Volume in drive C has no label. Volume Serial Number is 1440-27FA - + Directory of c:\ - + 03/25/2016 05:28 AM inetpub 03/25/2016 04:22 AM PerfLogs 04/22/2016 10:59 PM Program Files @@ -497,7 +497,7 @@ generated images. RUN has 2 forms: -- `RUN ` (*shell* form, the command is run in a shell, which by +- `RUN ` (*shell* form, the command is run in a shell, which by default is `/bin/sh -c` on Linux or `cmd /S /C` on Windows) - `RUN ["executable", "param1", "param2"]` (*exec* form) @@ -1209,7 +1209,7 @@ and for any `RUN`, `CMD` and `ENTRYPOINT` instructions that follow it in the The `WORKDIR` instruction sets the working directory for any `RUN`, `CMD`, `ENTRYPOINT`, `COPY` and `ADD` instructions that follow it in the `Dockerfile`. -If the `WORKDIR` doesn't exist, it will be created even if its not used in any +If the `WORKDIR` doesn't exist, it will be created even if it's not used in any subsequent `Dockerfile` instruction. It can be used multiple times in the one `Dockerfile`. If a relative path @@ -1548,7 +1548,7 @@ The `HEALTHCHECK` feature was added in Docker 1.12. ## SHELL SHELL ["executable", "parameters"] - + The `SHELL` instruction allows the default shell used for the *shell* form of commands to be overridden. The default shell on Linux is `["/bin/sh", "-c"]`, and on Windows is `["cmd", "/S", "/C"]`. The `SHELL` instruction *must* be written in JSON @@ -1558,21 +1558,21 @@ The `SHELL` instruction is particularly useful on Windows where there are two commonly used and quite different native shells: `cmd` and `powershell`, as well as alternate shells available including `sh`. -The `SHELL` instruction can appear multiple times. Each `SHELL` instruction overrides +The `SHELL` instruction can appear multiple times. Each `SHELL` instruction overrides all previous `SHELL` instructions, and affects all subsequent instructions. For example: FROM windowsservercore - - # Executed as cmd /S /C echo default + + # Executed as cmd /S /C echo default RUN echo default - - # Executed as cmd /S /C powershell -command Write-Host default + + # Executed as cmd /S /C powershell -command Write-Host default RUN powershell -command Write-Host default - + # Executed as powershell -command Write-Host hello SHELL ["powershell", "-command"] RUN Write-Host hello - + # Executed as cmd /S /C echo hello SHELL ["cmd", "/S"", "/C"] RUN echo hello @@ -1580,21 +1580,21 @@ all previous `SHELL` instructions, and affects all subsequent instructions. For The following instructions can be affected by the `SHELL` instruction when the *shell* form of them is used in a Dockerfile: `RUN`, `CMD` and `ENTRYPOINT`. -The following example is a common pattern found on Windows which can be -streamlined by using the `SHELL` instruction: +The following example is a common pattern found on Windows which can be +streamlined by using the `SHELL` instruction: ... RUN powershell -command Execute-MyCmdlet -param1 "c:\foo.txt" - ... + ... The command invoked by docker will be: cmd /S /C powershell -command Execute-MyCmdlet -param1 "c:\foo.txt" - + This is inefficient for two reasons. First, there is an un-necessary cmd.exe command processor (aka shell) being invoked. Second, each `RUN` instruction in the *shell* form requires an extra `powershell -command` prefixing the command. - + To make this more efficient, one of two mechanisms can be employed. One is to use the JSON form of the RUN command such as: @@ -1602,14 +1602,14 @@ use the JSON form of the RUN command such as: RUN ["powershell", "-command", "Execute-MyCmdlet", "-param1 \"c:\\foo.txt\""] ... -While the JSON form is unambiguous and does not use the un-necessary cmd.exe, +While the JSON form is unambiguous and does not use the un-necessary cmd.exe, it does require more verbosity through double-quoting and escaping. The alternate mechanism is to use the `SHELL` instruction and the *shell* form, -making a more natural syntax for Windows users, especially when combined with +making a more natural syntax for Windows users, especially when combined with the `escape` parser directive: - + # escape=` - + FROM windowsservercore SHELL ["powershell","-command"] RUN New-Item -ItemType Directory C:\Example @@ -1628,16 +1628,16 @@ Resulting in: Removing intermediate container 87d7a64c9751 Step 3 : RUN New-Item -ItemType Directory C:\Example ---> Running in 3e6ba16b8df9 - - + + Directory: C:\ - - + + Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 6/2/2016 2:59 PM Example - - + + ---> 1f1dfdcec085 Removing intermediate container 3e6ba16b8df9 Step 4 : ADD Execute-MyCmdlet.ps1 c:\example\ @@ -1654,7 +1654,7 @@ Resulting in: The `SHELL` instruction could also be used to modify the way in which a shell operates. For example, using `SHELL cmd /S /C /V:ON|OFF` on Windows, delayed environment variable expansion semantics could be modified. - + The `SHELL` instruction can also be used on Linux should an alternate shell be required such `zsh`, `csh`, `tcsh` and others. From a443697846d80d312ca596e7f34caed5c5e62ef2 Mon Sep 17 00:00:00 2001 From: Charles Chan Date: Sat, 11 Jun 2016 14:31:53 -0700 Subject: [PATCH 1445/2538] Add link to Docker Hub. * To make it consistent with similar references in other parts of document. Signed-off-by: Charles Chan --- docs/reference/commandline/pull.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 0ed3839f4a..01abc9590c 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -162,7 +162,7 @@ MAINTAINER some maintainer ## Pulling from a different registry -By default, `docker pull` pulls images from Docker Hub. It is also possible to +By default, `docker pull` pulls images from [Docker Hub](https://hub.docker.com). It is also possible to manually specify the path of a registry to pull from. For example, if you have set up a local registry, you can specify its path to pull from it. A registry path is similar to a URL, but does not contain a protocol specifier (`https://`). From 716caef299531eed331d48917f1eecd53769d6f9 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Jun 2016 13:00:05 +0200 Subject: [PATCH 1446/2538] Add zsh completion for 'docker run' healthcheck options Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 435d7baf5e..fc57b8a6bc 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1241,6 +1241,11 @@ __docker_subcommand() { $opts_create_run_update \ $opts_attach_exec_run_start \ "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ + "($help)--health-cmd=[Command to run to check health]:command: " \ + "($help)--health-interval=[Time between running the check]:time: " \ + "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" \ + "($help)--health-timeout=[Maximum time to allow one check to run]:time: " \ + "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" \ "($help)--rm[Remove intermediate containers when it exits]" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \ From a68bdf00733ffe889be61e33329e07fd34a0b50e Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Sun, 12 Jun 2016 16:33:03 -0400 Subject: [PATCH 1447/2538] Note about mountpoint being optional Signed-off-by: Brian Goff --- docs/extend/plugins_volume.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index a70a2c3ee2..3b84d92f7a 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -159,7 +159,8 @@ Docker needs reminding of the path to the volume on the host. ``` Respond with the path on the host filesystem where the volume has been made -available, and/or a string error if an error occurred. +available, and/or a string error if an error occurred. `Mountpoint` is optional, +however the plugin may be queried again later if one is not provided. ### /VolumeDriver.Unmount @@ -211,7 +212,8 @@ Get the volume info. } ``` -Respond with a string error if an error occurred. +Respond with a string error if an error occurred. `Mountpoint` and `Status` are +optional. ### /VolumeDriver.List @@ -236,7 +238,7 @@ Get the list of volumes registered with the plugin. } ``` -Respond with a string error if an error occurred. +Respond with a string error if an error occurred. `Mountpoint` is optional. ### /VolumeDriver.Capabilities From 0a0bb19a3367e3bfc698c194613d08e08a4244b9 Mon Sep 17 00:00:00 2001 From: Shoubhik Bose Date: Mon, 13 Jun 2016 09:36:44 +0000 Subject: [PATCH 1448/2538] Added example for using image digest in the docker run command Signed-off-by: Shoubhik Bose Added explanation for the example with image's digest ( as per @thaJeztah 's comment Signed-off-by: Shoubhik Bose Wrapped to ~80 chars Signed-off-by: Shoubhik Bose --- docs/reference/run.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index a7c5267f45..82e098eeb1 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -190,6 +190,11 @@ Images using the v2 or later image format have a content-addressable identifier called a digest. As long as the input used to generate the image is unchanged, the digest value is predictable and referenceable. +The following example runs a container from the `alpine` image with the +`sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0` digest: + + $ docker run alpine@sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0 date + ## PID settings (--pid) --pid="" : Set the PID (Process) Namespace mode for the container, From e7fa3c62790fb7ad8696b5f77e2b02e42d2e469e Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Mon, 13 Jun 2016 11:06:47 -0700 Subject: [PATCH 1449/2538] Add documentation for using overlay2 Add mention in dockerd command line and storage driver selection documentation. Signed-off-by: Derek McGowan (github: dmcgowan) --- docs/reference/commandline/dockerd.md | 11 ++++++++--- man/dockerd.8.md | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 6888c14ef4..1d500433d4 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -204,7 +204,7 @@ TCP and a Unix socket ### Daemon storage-driver option The Docker daemon has support for several different image layer storage -drivers: `aufs`, `devicemapper`, `btrfs`, `zfs` and `overlay`. +drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay` and `overlay2`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that is unlikely to be merged into the main kernel. These are also known to cause @@ -242,9 +242,14 @@ Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). Call > inode consumption (especially as the number of images grows), as well as > being incompatible with the use of RPMs. +The `overlay2` uses the same fast union filesystem but takes advantage of +[additional features](https://lkml.org/lkml/2015/2/11/106) added in Linux +kernel 4.0 to avoid excessive inode consumption. Call `dockerd -s overlay2` +to use it. + > **Note:** -> It is currently unsupported on `btrfs` or any Copy on Write filesystem -> and should only be used over `ext4` partitions. +> Both `overlay` and `overlay2` are currently unsupported on `btrfs` or any +> Copy on Write filesystem and should only be used over `ext4` partitions. ### Storage driver options diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 9f980310e4..6fa985913c 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -226,7 +226,7 @@ output otherwise. Force the Docker runtime to use a specific storage driver. **--selinux-enabled**=*true*|*false* - Enable selinux support. Default is false. SELinux does not presently support the overlay storage driver. + Enable selinux support. Default is false. SELinux does not presently support either of the overlay storage drivers. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. From bfe4e46682fb40dd865dbcd51e79562efbf4dd39 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Thu, 2 Jun 2016 11:10:55 -0700 Subject: [PATCH 1450/2538] Add --live-restore flag This flags enables full support of daemonless containers in docker. It ensures that docker does not stop containers on shutdown or restore and properly reconnects to the container when restarted. This is not the default because of backwards compat but should be the desired outcome for people running containers in prod. Signed-off-by: Michael Crosby --- man/dockerd.8.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 6fa985913c..267592ebbe 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -42,6 +42,7 @@ dockerd - Enable daemon mode [**--isolation**[=*default*]] [**-l**|**--log-level**[=*info*]] [**--label**[=*[]*]] +[**--live-restore**[=*false*]] [**--log-driver**[=*json-file*]] [**--log-opt**[=*map[]*]] [**--mtu**[=*0*]] @@ -195,6 +196,9 @@ is `hyperv`. Linux only supports `default`. **--label**="[]" Set key=value labels to the daemon (displayed in `docker info`) +**--live-restore**=*false* + Enable live restore of running containers when the daemon starts so that they are not restarted. + **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Default driver for container logs. Default is `json-file`. **Warning**: `docker logs` command works only for `json-file` logging driver. From 593ee1e29de6da55ab2f69cc1e694e2fdd3fa04c Mon Sep 17 00:00:00 2001 From: Amit Shukla Date: Mon, 13 Jun 2016 19:57:19 -0700 Subject: [PATCH 1451/2538] CLI docs Signed-off-by: Amit Shukla Signed-off-by: Tonis Tiigi --- docs/reference/commandline/index.md | 20 ++++ docs/reference/commandline/info.md | 7 +- docs/reference/commandline/inspect.md | 18 ++-- docs/reference/commandline/node_accept.md | 28 ++++++ docs/reference/commandline/node_demote.md | 28 ++++++ docs/reference/commandline/node_inspect.md | 108 +++++++++++++++++++++ docs/reference/commandline/node_ls.md | 89 +++++++++++++++++ docs/reference/commandline/node_promote.md | 28 ++++++ docs/reference/commandline/node_reject.md | 28 ++++++ docs/reference/commandline/node_rm.md | 38 ++++++++ docs/reference/commandline/node_tasks.md | 94 ++++++++++++++++++ docs/reference/commandline/node_update.md | 26 +++++ docs/reference/commandline/swarm_init.md | 69 +++++++++++++ docs/reference/commandline/swarm_join.md | 68 +++++++++++++ docs/reference/commandline/swarm_leave.md | 52 ++++++++++ docs/reference/commandline/swarm_update.md | 37 +++++++ 16 files changed, 730 insertions(+), 8 deletions(-) create mode 100644 docs/reference/commandline/node_accept.md create mode 100644 docs/reference/commandline/node_demote.md create mode 100644 docs/reference/commandline/node_inspect.md create mode 100644 docs/reference/commandline/node_ls.md create mode 100644 docs/reference/commandline/node_promote.md create mode 100644 docs/reference/commandline/node_reject.md create mode 100644 docs/reference/commandline/node_rm.md create mode 100644 docs/reference/commandline/node_tasks.md create mode 100644 docs/reference/commandline/node_update.md create mode 100644 docs/reference/commandline/swarm_init.md create mode 100644 docs/reference/commandline/swarm_join.md create mode 100644 docs/reference/commandline/swarm_leave.md create mode 100644 docs/reference/commandline/swarm_update.md diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index db71e48c0c..fff0dd9d44 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -86,3 +86,23 @@ You start the Docker daemon with the command line. How you start the daemon affe * [volume_inspect](volume_inspect.md) * [volume_ls](volume_ls.md) * [volume_rm](volume_rm.md) + +### Swarm node commands + +* [node_accept](node_accept.md) +* [node_reject](node_reject.md) +* [node_promote](node_promote.md) +* [node_demote](node_demote.md) +* [node_inspect](node_inspect.md) +* [node_update](node_update.md) +* [node_tasks](node_tasks.md) +* [node_ls](node_ls.md) +* [node_rm](node_rm.md) + +### Swarm swarm commands + +* [swarm init](swarm_init.md) +* [swarm join](swarm_join.md) +* [swarm leave](swarm_leave.md) +* [swarm update](swarm_update.md) + diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 8e171fecdd..1303aa0435 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -37,7 +37,7 @@ available on the volume where `/var/lib/docker` is mounted. ## Display Docker system information Here is a sample output for a daemon running on Ubuntu, using the overlay -storage driver: +storage driver and a node that is part of a 2 node Swarm cluster: $ docker -D info Containers: 14 @@ -53,6 +53,11 @@ storage driver: Plugins: Volume: local Network: bridge null host + Swarm: + NodeID: 0gac67oclbxq7 + IsManager: YES + Managers: 2 + Nodes: 2 Kernel Version: 4.4.0-21-generic Operating System: Ubuntu 16.04 LTS OSType: linux diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 38d4098c0c..7220d69f5c 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -10,15 +10,15 @@ parent = "smn_cli" # inspect - Usage: docker inspect [OPTIONS] CONTAINER|IMAGE [CONTAINER|IMAGE...] + Usage: docker inspect [OPTIONS] CONTAINER|IMAGE|TASK [CONTAINER|IMAGE|TASK...] - Return low-level information on a container or image + Return low-level information on a container or image or task - -f, --format="" Format the output using the given go template - --help Print usage - --type=container|image Return JSON for specified type, permissible - values are "image" or "container" - -s, --size Display total file sizes if the type is container + -f, --format="" Format the output using the given go template + --help Print usage + --type=container|image|task Return JSON for specified type, permissible + values are "image" or "container" or "task" + -s, --size Display total file sizes if the type is container By default, this will render all results in a JSON array. If the container and image have the same name, this will return container JSON for unspecified type. @@ -47,6 +47,10 @@ straightforward manner. $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID +**Get a Task's image name:** + + $ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID + **List All Port Bindings:** One can loop over arrays and maps in the results to produce simple text diff --git a/docs/reference/commandline/node_accept.md b/docs/reference/commandline/node_accept.md new file mode 100644 index 0000000000..cc1100e84d --- /dev/null +++ b/docs/reference/commandline/node_accept.md @@ -0,0 +1,28 @@ + + +# node accept + + Usage: docker node accept NODE [NODE...] + + Accept a node in the swarm + +Accept a node into the swarm. This command targets a docker engine that is a manager in the swarm cluster. + + +```bash +$ docker node accept +``` + +## Related information + +* [node reject](node_reject.md) +* [node promote](node_promote.md) +* [node demote](node_demote.md) diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md new file mode 100644 index 0000000000..9393e80da1 --- /dev/null +++ b/docs/reference/commandline/node_demote.md @@ -0,0 +1,28 @@ + + +# node demote + + Usage: docker node demote NODE [NODE...] + + Demote a node as manager in the swarm + +Demotes an existing Manager so that it is no longer a manager. This command targets a docker engine that is a manager in the swarm cluster. + + +```bash +$ docker node demote +``` + +## Related information + +* [node accept](node_accept.md) +* [node reject](node_reject.md) +* [node promote](node_promote.md) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md new file mode 100644 index 0000000000..48119c1693 --- /dev/null +++ b/docs/reference/commandline/node_inspect.md @@ -0,0 +1,108 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# node inspect + + Usage: docker node inspect [OPTIONS] self|NODE [NODE...] + + Return low-level information on a volume + + -f, --format= Format the output using the given go template. + --help Print usage + -p, --pretty Print the information in a human friendly format. + +Returns information about a node. By default, this command renders all results +in a JSON array. You can specify an alternate format to execute a +given template for each result. Go's +[text/template](http://golang.org/pkg/text/template/) package describes all the +details of the format. + +Example output: + + $ docker node inspect swarm-manager + [ + { + "ID": "0gac67oclbxq7", + "Version": { + "Index": 2028 + }, + "CreatedAt": "2016-06-06T20:49:32.720047494Z", + "UpdatedAt": "2016-06-07T00:23:31.207632893Z", + "Spec": { + "Role": "MANAGER", + "Membership": "ACCEPTED", + "Availability": "ACTIVE" + }, + "Description": { + "Hostname": "swarm-manager", + "Platform": { + "Architecture": "x86_64", + "OS": "linux" + }, + "Resources": { + "NanoCPUs": 1000000000, + "MemoryBytes": 1044250624 + }, + "Engine": { + "EngineVersion": "1.12.0", + "Labels": { + "provider": "virtualbox" + } + } + }, + "Status": { + "State": "READY" + }, + "Manager": { + "Raft": { + "RaftID": 2143745093569717375, + "Addr": "192.168.99.118:4500", + "Status": { + "Leader": true, + "Reachability": "REACHABLE" + } + } + }, + "Attachment": {}, + } + ] + + $ docker node inspect --format '{{ .Manager.Raft.Status.Leader }}' self + false + + $ docker node inspect --pretty self + ID: 2otfhz83efcc7 + Hostname: ad960a848573 + Status: + State: Ready + Availability: Active + Manager Status: + Address: 172.17.0.2:2377 + Raft status: Reachable + Leader: Yes + Platform: + Operating System: linux + Architecture: x86_64 + Resources: + CPUs: 4 + Memory: 7.704 GiB + Plugins: + Network: overlay, bridge, null, host, overlay + Volume: local + Engine Version: 1.12.0 + +## Related information + +* [node update](node_update.md) +* [node tasks](node_tasks.md) +* [node ls](node_ls.md) +* [node rm](node_rm.md) diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md new file mode 100644 index 0000000000..ce82f6b4b8 --- /dev/null +++ b/docs/reference/commandline/node_ls.md @@ -0,0 +1,89 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# node ls + + Usage: docker node ls [OPTIONS] + + List nodes in the swarm + + Aliases: + ls, list + + Options: + -f, --filter value Filter output based on conditions provided + --help Print usage + -q, --quiet Only display IDs + +Lists all the nodes that the Docker Swarm manager knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. + +Example output: + + $ docker node ls + ID NAME STATUS AVAILABILITY MANAGER STATUS LEADER + 0gac67oclbxq swarm-master Ready Active Reachable Yes + 0pwvm3ve66q7 swarm-node-02 Ready Active + 15xwihgw71aw * swarm-node-01 Ready Active Reachable + + +## Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* name +* id +* label +* desired_state + +### name + +The `name` filter matches on all or part of a tasks's name. + +The following filter matches the node with a name equal to `swarm-master` string. + + $ docker node ls -f name=swarm-master + ID NAME STATUS AVAILABILITY MANAGER STATUS LEADER + 0gac67oclbxq * swarm-master Ready Active Reachable Yes + +### id + +The `id` filter matches all or part of a node's id. + + $ docker node ls -f id=0 + ID NAME STATUS AVAILABILITY MANAGER STATUS LEADER + 0gac67oclbxq * swarm-master Ready Active Reachable Yes + 0pwvm3ve66q7 swarm-node-02 Ready Active + + +#### label + +The `label` filter matches tasks based on the presence of a `label` alone or a `label` and a +value. + +The following filter matches nodes with the `usage` label regardless of its value. + +```bash +$ docker node ls -f "label=foo" +ID NAME STATUS AVAILABILITY MANAGER STATUS LEADER +15xwihgw71aw * swarm-node-01 Ready Active Reachable +``` + + +## Related information + +* [node inspect](node_inspect.md) +* [node update](node_update.md) +* [node tasks](node_tasks.md) +* [node rm](node_rm.md) diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md new file mode 100644 index 0000000000..933f362081 --- /dev/null +++ b/docs/reference/commandline/node_promote.md @@ -0,0 +1,28 @@ + + +# node promote + + Usage: docker node promote NODE [NODE...] + + Promote a node as manager in the swarm + +Promotes a node that is pending a promotion to manager. This command targets a docker engine that is a manager in the swarm cluster. + + +```bash +$ docker node promote +``` + +## Related information + +* [node accept](node_accept.md) +* [node reject](node_reject.md) +* [node demote](node_demote.md) diff --git a/docs/reference/commandline/node_reject.md b/docs/reference/commandline/node_reject.md new file mode 100644 index 0000000000..56dbe8bf45 --- /dev/null +++ b/docs/reference/commandline/node_reject.md @@ -0,0 +1,28 @@ + + +# node reject + + Usage: docker node reject NODE [NODE...] + + Reject a node from the swarm + +Reject a node from joining the swarm. This command targets a docker engine that is a manager in the swarm cluster. + + +```bash +$ docker node reject +``` + +## Related information + +* [node accept](node_accept.md) +* [node promote](node_promote.md) +* [node demote](node_demote.md) diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md new file mode 100644 index 0000000000..6eb9a873cf --- /dev/null +++ b/docs/reference/commandline/node_rm.md @@ -0,0 +1,38 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# node rm + + Usage: docker node rm NODE [NODE...] + + Remove a node from the swarm + + Aliases: + rm, remove + + Options: + --help Print usage + +Removes nodes that are specified. + +Example output: + + $ docker node rm swarm-node-02 + Node swarm-node-02 removed from Swarm + + +## Related information + +* [node inspect](node_inspect.md) +* [node update](node_update.md) +* [node tasks](node_tasks.md) +* [node ls](node_ls.md) diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_tasks.md new file mode 100644 index 0000000000..5bd6832a8a --- /dev/null +++ b/docs/reference/commandline/node_tasks.md @@ -0,0 +1,94 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# node tasks + + Usage: docker node tasks [OPTIONS] NODE + + List tasks running on a node + + Options: + -a, --all Display all instances + -f, --filter value Filter output based on conditions provided + --help Print usage + -n, --no-resolve Do not map IDs to Names + +Lists all the tasks on a Node that Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. + +Example output: + + $ docker node tasks swarm-master + ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE + dx2g0fe3zsdb6y6q453f8dqw2 redis.1 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + f33pcf8lwhs4c1t4kq8szwzta redis.4 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + 5v26yzixl3one3ptjyqqbd0ro redis.5 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + adcaphlhsfr30d47lby6walg6 redis.8 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + chancjvk9tex6768uzzacslq2 redis.9 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + + +## Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* name +* id +* label +* desired_state + +### name + +The `name` filter matches on all or part of a task's name. + +The following filter matches all tasks with a name containing the `redis` string. + + $ docker node tasks -f name=redis swarm-master + ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE + dx2g0fe3zsdb6y6q453f8dqw2 redis.1 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + f33pcf8lwhs4c1t4kq8szwzta redis.4 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + 5v26yzixl3one3ptjyqqbd0ro redis.5 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + adcaphlhsfr30d47lby6walg6 redis.8 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + chancjvk9tex6768uzzacslq2 redis.9 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + + +### id + +The `id` filter matches a task's id. + + $ docker node tasks -f id=f33pcf8lwhs4c1t4kq8szwzta swarm-master + ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE + f33pcf8lwhs4c1t4kq8szwzta redis.4 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + + +#### label + +The `label` filter matches tasks based on the presence of a `label` alone or a `label` and a +value. + +The following filter matches tasks with the `usage` label regardless of its value. + +```bash +$ docker node tasks -f "label=usage" +ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE +dx2g0fe3zsdb6y6q453f8dqw2 redis.1 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master +f33pcf8lwhs4c1t4kq8szwzta redis.4 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master +``` + + +## Related information + +* [node inspect](node_inspect.md) +* [node update](node_update.md) +* [node ls](node_ls.md) +* [node rm](node_rm.md) diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md new file mode 100644 index 0000000000..a48712d6c9 --- /dev/null +++ b/docs/reference/commandline/node_update.md @@ -0,0 +1,26 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +## update + + Usage: docker node update [OPTIONS] Node + + Update a node + + + +## Related information + +* [node inspect](node_inspect.md) +* [node tasks](node_tasks.md) +* [node ls](node_ls.md) +* [node rm](node_rm.md) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md new file mode 100644 index 0000000000..d1e20b6175 --- /dev/null +++ b/docs/reference/commandline/swarm_init.md @@ -0,0 +1,69 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# swarm init + + Usage: docker swarm init [OPTIONS] + + Initialize a Swarm. + + Options: + --auto-accept value Acceptance policy (default [worker,manager]) + --force-new-cluster Force create a new cluster from current state. + --help Print usage + --listen-addr value Listen address (default 0.0.0.0:2377) + --secret string Set secret value needed to accept nodes into cluster + +Initialize a Swarm cluster. The docker engine targeted by this command becomes a manager +in the newly created one node Swarm cluster. + + +```bash +$ docker swarm init --listen-addr 192.168.99.121:2377 +Initializing a new swarm +$ docker node ls +ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER +3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +``` + +### --auto-accept value + +This flag controls node acceptance into the cluster. By default, both `worker` and `manager` +nodes are auto accepted by the cluster. This can be changed by specifing what kinds of nodes +can be auto-accepted into the cluster. If auto-accept is not turned on, then +[node accept](node_accept.md) can be used to explicitly accept a node into the cluster. + +For example, the following initializes a cluster with auto-acceptance of workers, but not managers + + +```bash +$ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker +Initializing a new swarm +``` + +### `--force-new-cluster` + +This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data + +### `--listen-addr value` + +The node listens for inbound Swarm manager traffic on this IP:PORT + +### `--secret string` + +Secret value needed to accept nodes into the Swarm + +## Related information + +* [swarm join](swarm_join.md) +* [swarm leave](swarm_leave.md) +* [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md new file mode 100644 index 0000000000..a08c50abca --- /dev/null +++ b/docs/reference/commandline/swarm_join.md @@ -0,0 +1,68 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# swarm join + + Usage: docker swarm join [OPTIONS] HOST:PORT + + Join a Swarm as a node and/or manager. + + Options: + --help Print usage + --listen-addr value Listen address (default 0.0.0.0:2377) + --manager Try joining as a manager. + --secret string Secret for node acceptance + +Join a node to a Swarm cluster. If the `--manager` flag is specified, the docker engine +targeted by this command becomes a `manager`. If it is not specified, it becomes a `worker`. + +### Join a node to swarm as a manager + +```bash +$ docker swarm join --manager --listen-addr 192.168.99.122:2377 192.168.99.121:2377 +This node is attempting to join a Swarm as a manager. +$ docker node ls +ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER +2fg70txcrde2 swarm-node-01 READY ACTIVE REACHABLE +3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +``` + +### Join a node to swarm as a worker + +```bash +$ docker swarm join --listen-addr 192.168.99.123:2377 192.168.99.121:2377 +This node is attempting to join a Swarm. +$ docker node ls +ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER +04zm7ue1fd1q swarm-node-02 READY ACTIVE +2fg70txcrde2 swarm-node-01 READY ACTIVE REACHABLE +3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +``` + +### `--manager` + +Joins the node as a manager + +### `--listen-addr value` + +The node listens for inbound Swarm manager traffic on this IP:PORT + +### `--secret string` + +Secret value required for nodes to join the swarm + + +## Related information + +* [swarm init](swarm_init.md) +* [swarm leave](swarm_leave.md) +* [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md new file mode 100644 index 0000000000..d6ce6de6f5 --- /dev/null +++ b/docs/reference/commandline/swarm_leave.md @@ -0,0 +1,52 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# swarm leave + + Usage: docker swarm leave + + Leave a Swarm swarm. + + Options: + --help Print usage + +This command causes the node to leave the swarm. + +On a manager node: +```bash +$ docker node ls +ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER +04zm7ue1fd1q swarm-node-02 READY ACTIVE +2fg70txcrde2 swarm-node-01 READY ACTIVE REACHABLE +3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +``` + +On a worker node: +```bash +$ docker swarm leave +Node left the default swarm. +``` + +On a manager node: +```bash +$ docker node ls +ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER +04zm7ue1fd1q swarm-node-02 DOWN ACTIVE +2fg70txcrde2 swarm-node-01 READY ACTIVE REACHABLE +3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +``` + +## Related information + +* [swarm init](swarm_init.md) +* [swarm join](swarm_join.md) +* [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md new file mode 100644 index 0000000000..26a06a734c --- /dev/null +++ b/docs/reference/commandline/swarm_update.md @@ -0,0 +1,37 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# swarm update + + Usage: docker swarm update [OPTIONS] + + update the Swarm. + + Options: + --auto-accept value Acceptance policy (default [worker,manager]) + --help Print usage + --secret string Set secret value needed to accept nodes into cluster + + +Updates a Swarm cluster with new parameter values. This command must target a manager node. + + +```bash +$ docker swarm update --auto-accept manager +``` + +## Related information + +* [swarm init](swarm_init.md) +* [swarm join](swarm_join.md) +* [swarm leave](swarm_leave.md) + From d965f30a15ce4598edaa85be0ec4dc3c07cbcdf2 Mon Sep 17 00:00:00 2001 From: Dmitry Smirnov Date: Mon, 13 Jun 2016 19:12:31 +1000 Subject: [PATCH 1452/2538] Fix syntax errors in bash-completion (Closes: #23483) Signed-off-by: Dmitry Smirnov --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 6d48f0b2fa..bce98edb0a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -511,7 +511,7 @@ __docker_complete_log_driver_options() { COMPREPLY=( $( compgen -W "rfc3164 rfc5424 rfc5424micro" -- "${cur##*=}" ) ) return ;; - syslog-tls-@(ca-cert|cert|key)) + syslog-tls-ca-cert|syslog-tls-cert|syslog-tls-key) _filedir return ;; @@ -839,7 +839,7 @@ _docker_daemon() { local key=$(__docker_map_key_of_current_option '--storage-opt') case "$key" in - dm.@(blkdiscard|override_udev_sync_check|use_deferred_@(removal|deletion))) + dm.blkdiscard|dm.override_udev_sync_check|dm.use_deferred_removal|dm.use_deferred_deletion) COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) return ;; From b9997ebdee509c6f2939e376b195dbe8cd507d0d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 14 Jun 2016 09:14:25 +0200 Subject: [PATCH 1453/2538] bash completion for `docker daemon --live-restore` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index bce98edb0a..ba85cd22ac 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -784,6 +784,7 @@ _docker_daemon() { --ip-masq=false --iptables=false --ipv6 + --live-restore --raw-logs --selinux-enabled --userland-proxy=false From d3b7a2779e3a683035830dc878ce136733387d14 Mon Sep 17 00:00:00 2001 From: Victoria Bialas Date: Mon, 13 Jun 2016 11:08:11 -0700 Subject: [PATCH 1454/2538] surfacing Learn by example topics to top level of Docker Engine docs fixing links after moving surfacing tutorials fixing more links for the newly located tutorials Signed-off-by: Victoria Bialas --- docs/reference/builder.md | 6 +++--- docs/reference/commandline/export.md | 2 +- docs/reference/commandline/search.md | 4 +--- docs/reference/commandline/tag.md | 14 +++++++------- docs/reference/commandline/volume_create.md | 2 +- docs/reference/commandline/volume_inspect.md | 2 +- docs/reference/commandline/volume_ls.md | 2 +- docs/reference/commandline/volume_rm.md | 2 +- docs/reference/run.md | 8 ++++---- 9 files changed, 20 insertions(+), 22 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 9635bddfa9..f26143e777 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -100,7 +100,7 @@ the `Using cache` message in the console output. Successfully built 7ea8aef582cc When you're done with your build, you're ready to look into [*Pushing a -repository to its registry*](../userguide/containers/dockerrepos.md#contributing-to-docker-hub). +repository to its registry*](../tutorials/dockerrepos.md#contributing-to-docker-hub). ## Format @@ -474,7 +474,7 @@ Or The `FROM` instruction sets the [*Base Image*](glossary.md#base-image) for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as its first instruction. The image can be any valid image – it is especially easy -to start by **pulling an image** from the [*Public Repositories*](../userguide/containers/dockerrepos.md). +to start by **pulling an image** from the [*Public Repositories*](../tutorials/dockerrepos.md). - `FROM` must be the first non-comment instruction in the `Dockerfile`. @@ -1171,7 +1171,7 @@ containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log /var/db`. For more information/examples and mounting instructions via the Docker client, refer to -[*Share Directories via Volumes*](../userguide/containers/dockervolumes.md#mount-a-host-directory-as-a-data-volume) +[*Share Directories via Volumes*](../tutorials/dockervolumes.md#mount-a-host-directory-as-a-data-volume) documentation. The `docker run` command initializes the newly created volume with any data diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index 604ceab189..90ffec62be 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -23,7 +23,7 @@ the container, `docker export` will export the contents of the *underlying* directory, not the contents of the volume. Refer to [Backup, restore, or migrate data -volumes](../../userguide/containers/dockervolumes.md#backup-restore-or-migrate-data-volumes) in +volumes](../../tutorials/dockervolumes.md#backup-restore-or-migrate-data-volumes) in the user guide for examples on exporting data in a volume. ## Examples diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 6d3984de13..fff426d38d 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -24,7 +24,7 @@ parent = "smn_cli" Search [Docker Hub](https://hub.docker.com) for images -See [*Find Public Images on Docker Hub*](../../userguide/containers/dockerrepos.md#searching-for-images) for +See [*Find Public Images on Docker Hub*](../../tutorials/dockerrepos.md#searching-for-images) for more details on finding shared images from the command line. > **Note:** @@ -124,5 +124,3 @@ This example displays images with a name containing 'busybox', at least NAME DESCRIPTION STARS OFFICIAL AUTOMATED progrium/busybox 50 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] - - diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index e8d802a834..47cc58c4e5 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -19,10 +19,10 @@ parent = "smn_cli" An image name is made up of slash-separated name components, optionally prefixed by a registry hostname. The hostname must comply with standard DNS rules, but may not contain underscores. If a hostname is present, it may optionally be -followed by a port number in the format `:8080`. If not present, the command -uses Docker's public registry located at `registry-1.docker.io` by default. Name -components may contain lowercase characters, digits and separators. A separator -is defined as a period, one or two underscores, or one or more dashes. A name +followed by a port number in the format `:8080`. If not present, the command +uses Docker's public registry located at `registry-1.docker.io` by default. Name +components may contain lowercase characters, digits and separators. A separator +is defined as a period, one or two underscores, or one or more dashes. A name component may not start or end with a separator. A tag name may contain lowercase and uppercase characters, digits, underscores, @@ -30,20 +30,20 @@ periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. You can group your images together using names and tags, and then upload them -to [*Share Images via Repositories*](../../userguide/containers/dockerrepos.md#contributing-to-docker-hub). +to [*Share Images via Repositories*](../../tutorials/dockerrepos.md#contributing-to-docker-hub). # Examples ## Tagging an image referenced by ID -To tag a local image with ID "0e5574283393" into the "fedora" repository with +To tag a local image with ID "0e5574283393" into the "fedora" repository with "version1.0": docker tag 0e5574283393 fedora/httpd:version1.0 ## Tagging an image referenced by Name -To tag a local image with name "httpd" into the "fedora" repository with +To tag a local image with name "httpd" into the "fedora" repository with "version1.0": docker tag httpd fedora/httpd:version1.0 diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 112c260a8b..3e69b79864 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -73,4 +73,4 @@ $ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 * [volume inspect](volume_inspect.md) * [volume ls](volume_ls.md) * [volume rm](volume_rm.md) -* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) +* [Understand Data Volumes](../../tutorials/dockervolumes.md) diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 7359c2b5a4..c19d60fe48 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -45,4 +45,4 @@ Example output: * [volume create](volume_create.md) * [volume ls](volume_ls.md) * [volume rm](volume_rm.md) -* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) +* [Understand Data Volumes](../../tutorials/dockervolumes.md) diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 9774c7b834..12ed40c401 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -81,4 +81,4 @@ The following filter matches all volumes with a name containing the `rose` strin * [volume create](volume_create.md) * [volume inspect](volume_inspect.md) * [volume rm](volume_rm.md) -* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) +* [Understand Data Volumes](../../tutorials/dockervolumes.md) diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index ff5ce24a4b..c163ddf680 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -26,4 +26,4 @@ Removes one or more volumes. You cannot remove a volume that is in use by a cont * [volume create](volume_create.md) * [volume inspect](volume_inspect.md) * [volume ls](volume_ls.md) -* [Understand Data Volumes](../../userguide/containers/dockervolumes.md) \ No newline at end of file +* [Understand Data Volumes](../../tutorials/dockervolumes.md) diff --git a/docs/reference/run.md b/docs/reference/run.md index 82e098eeb1..f76336e67d 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1078,7 +1078,7 @@ Both flags take limits in the `:` format. Both read and write rates must be a positive integer. ## Additional groups - --group-add: Add additional groups to run as + --group-add: Add additional groups to run as By default, the docker container process runs with the supplementary groups looked up for the specified user. If one wants to add more to that list of groups, then @@ -1502,8 +1502,8 @@ The example below mounts an empty tmpfs into the container with the `rw`, > a volume. The volumes commands are complex enough to have their own documentation -in section [*Managing data in -containers*](../userguide/containers/dockervolumes.md). A developer can define +in section [*Manage data in +containers*](../tutorials/dockervolumes.md). A developer can define one or more `VOLUME`'s associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). @@ -1532,7 +1532,7 @@ Dockerfile `USER` instruction. When starting a container, the operator can overr the `USER` instruction by passing the `-u` option. -u="", --user="": Sets the username or UID used and optionally the groupname or GID for the specified command. - + The followings examples are all valid: --user=[ user | user:group | uid | uid:gid | user:gid | uid:group ] From 090cf185cde7cfed4503f5aa0ad2995e31f6678a Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Mon, 23 May 2016 14:49:50 -0700 Subject: [PATCH 1455/2538] Add support for multiples runtimes Signed-off-by: Kenfe-Mickael Laventure --- docs/reference/commandline/create.md | 1 + docs/reference/commandline/dockerd.md | 45 ++++++++++++++++++++++++++- docs/reference/commandline/run.md | 1 + 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 03d3779237..37769a02e7 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -78,6 +78,7 @@ Creates a new container. --privileged Give extended privileges to this container --read-only Mount the container's root filesystem as read only --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) + --runtime="" Name of the runtime to be used for that container --security-opt=[] Security options --stop-signal="SIGTERM" Signal to stop a container --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 1d500433d4..ec44c0ab90 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -60,6 +60,7 @@ weight = -1 -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --raw-logs Full timestamps without ANSI coloring --registry-mirror=[] Preferred Docker registry mirror + --add-runtime=[] Register an additional OCI compatible runtime -s, --storage-driver="" Storage driver to use --selinux-enabled Enable selinux support --storage-opt=[] Set storage driver options @@ -572,6 +573,31 @@ The Docker daemon relies on a (invoked via the `containerd` daemon) as its interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. +Runtimes can be registered with the daemon either via the +configuration file or using the `--add-runtime` command line argument. + +The following is an example adding 2 runtimes via the configuration: +```json + "default-runtime": "runc", + "runtimes": { + "runc": { + "path": "runc" + }, + "custom": { + "path": "/usr/local/bin/my-runc-replacement", + "runtimeArgs": [ + "--debug" + ] + } + } +``` + +This is the same example via the command line: + + $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement + +**Note**: defining runtime arguments via the command line is not supported. + ## Options for the runtime You can configure the runtime using options specified @@ -1014,7 +1040,19 @@ This is a full example of the allowed configuration options in the file: "raw-logs": false, "registry-mirrors": [], "insecure-registries": [], - "disable-legacy-registry": false + "disable-legacy-registry": false, + "default-runtime": "runc", + "runtimes": { + "runc": { + "path": "runc" + }, + "custom": { + "path": "/usr/local/bin/my-runc-replacement", + "runtimeArgs": [ + "--debug" + ] + } + } } ``` @@ -1036,6 +1074,11 @@ The list of currently supported options that can be reconfigured is this: - `labels`: it replaces the daemon labels with a new set of labels. - `max-concurrent-downloads`: it updates the max concurrent downloads for each pull. - `max-concurrent-uploads`: it updates the max concurrent uploads for each push. +- `default-runtime`: it updates the runtime to be used if not is + specified at container creation. It defaults to "default" which is + the runtime shipped with the official docker packages. +- `runtimes`: it updates the list of available OCI runtimes that can + be used to run containers Updating and reloading the cluster configurations such as `--cluster-store`, `--cluster-advertise` and `--cluster-store-opts` will take effect only if diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 6b66c394a8..e1e98a02a9 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -89,6 +89,7 @@ parent = "smn_cli" --read-only Mount the container's root filesystem as read only --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) --rm Automatically remove the container when it exits + --runtime="" Name of the runtime to be used for that container --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. --security-opt=[] Security Options --sig-proxy=true Proxy received signals to the process From 48ae78b9b778cdb4d2019a0a9246db7bd3beb7f0 Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Tue, 24 May 2016 17:07:23 -0700 Subject: [PATCH 1456/2538] Add missing completion for --config-file Signed-off-by: Kenfe-Mickael Laventure --- contrib/completion/bash/docker | 3 ++- contrib/completion/zsh/_docker | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ba85cd22ac..79475f861c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -799,6 +799,7 @@ _docker_daemon() { --cluster-advertise --cluster-store --cluster-store-opt + --config-file --containerd --default-gateway --default-gateway-v6 @@ -878,7 +879,7 @@ _docker_daemon() { __docker_complete_log_drivers return ;; - --containerd|--pidfile|-p|--tlscacert|--tlscert|--tlskey) + --config-file|--containerd|--pidfile|-p|--tlscacert|--tlscert|--tlskey) _filedir return ;; diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index fc57b8a6bc..69e7dbd3fa 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -936,6 +936,7 @@ __docker_subcommand() { "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ "($help)--bip=[Network bridge IP]:IP address: " \ "($help)--cgroup-parent=[Parent cgroup for all containers]:cgroup: " \ + "($help)--config-file=[Path to daemon configuration file]:Config File:_files" \ "($help)--containerd=[Path to containerd socket]:socket:_files -g \"*.sock\"" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ From 5a9cc4cea872655dbc6a0769698bf0582b1ffe77 Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Fri, 3 Jun 2016 09:12:20 -0700 Subject: [PATCH 1457/2538] Add bash completion support for --runtime and --add-runtime Signed-off-by: Kenfe-Mickael Laventure --- contrib/completion/bash/docker | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 79475f861c..6928ebcb00 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -189,6 +189,14 @@ __docker_complete_plugins() { COMPREPLY=( $(compgen -W "$(__docker_plugins $1)" -- "$cur") ) } +__docker_runtimes() { + __docker_q info | sed -n 's/^Runtimes: \(.*\)/\1/p' +} + +__docker_complete_runtimes() { + COMPREPLY=( $(compgen -W "$(__docker_runtimes)" -- "$cur") ) +} + # Finds the position of the first word that is neither option nor an option's argument. # If there are options that require arguments, you should pass a glob describing those # options, e.g. "--option1|-o|--option2" @@ -791,6 +799,7 @@ _docker_daemon() { " local options_with_args=" $global_options_with_args + --add-runtime --api-cors-header --authorization-plugin --bip @@ -1706,6 +1715,7 @@ _docker_run() { --pids-limit --publish -p --restart + --runtime --security-opt --shm-size --stop-signal @@ -1884,6 +1894,10 @@ _docker_run() { esac return ;; + --runtime) + __docker_complete_runtimes + return + ;; --security-opt) COMPREPLY=( $( compgen -W "apparmor= label= no-new-privileges seccomp=" -- "$cur") ) if [ "${COMPREPLY[*]}" != "no-new-privileges" ] ; then From 987e5e6d8a2627a91397e19d4313e4f9752dc2da Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Thu, 9 Jun 2016 15:10:59 -0700 Subject: [PATCH 1458/2538] Allow user to specify container's link-local addresses Signed-off-by: Alessandro Boch --- docs/reference/commandline/create.md | 1 + docs/reference/commandline/network_connect.md | 1 + docs/reference/commandline/run.md | 1 + docs/reference/run.md | 25 ++++++++++--------- man/docker-create.1.md | 4 +++ man/docker-run.1.md | 4 +++ 6 files changed, 24 insertions(+), 12 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 37769a02e7..0c62866fc3 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -54,6 +54,7 @@ Creates a new container. -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) --label-file=[] Read in a line delimited file of labels --link=[] Add link to another container + --link-local-ip=[] Container IPv4/IPv6 link-local addresses (e.g. 169.254.0.77, fe80::77) --log-driver="" Logging driver for container --log-opt=[] Log driver specific options -m, --memory="" Memory limit diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index a815ca38ec..ae29c44bb3 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -19,6 +19,7 @@ parent = "smn_cli" --ip IPv4 Address --ip6 IPv6 Address --link=[] Add a link to another container + --link-local-ip=[] IPv4/IPv6 link-local addresses Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index e1e98a02a9..1c38e27bc4 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -55,6 +55,7 @@ parent = "smn_cli" -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) --label-file=[] Read in a file of labels (EOL delimited) --link=[] Add link to another container + --link-local-ip=[] Container IPv4/IPv6 link-local addresses (e.g. 169.254.0.77, fe80::77) --log-driver="" Logging driver for container --log-opt=[] Log driver specific options -m, --memory="" Memory limit diff --git a/docs/reference/run.md b/docs/reference/run.md index f76336e67d..db0e86b6e9 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -288,18 +288,19 @@ of the containers. ## Network settings - --dns=[] : Set custom dns servers for the container - --net="bridge" : Connect a container to a network - 'bridge': create a network stack on the default Docker bridge - 'none': no networking - 'container:': reuse another container's network stack - 'host': use the Docker host network stack - '|': connect to a user-defined network - --net-alias=[] : Add network-scoped alias for the container - --add-host="" : Add a line to /etc/hosts (host:IP) - --mac-address="" : Sets the container's Ethernet device's MAC address - --ip="" : Sets the container's Ethernet device's IPv4 address - --ip6="" : Sets the container's Ethernet device's IPv6 address + --dns=[] : Set custom dns servers for the container + --net="bridge" : Connect a container to a network + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack + '|': connect to a user-defined network + --net-alias=[] : Add network-scoped alias for the container + --add-host="" : Add a line to /etc/hosts (host:IP) + --mac-address="" : Sets the container's Ethernet device's MAC address + --ip="" : Sets the container's Ethernet device's IPv4 address + --ip6="" : Sets the container's Ethernet device's IPv6 address + --link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking diff --git a/man/docker-create.1.md b/man/docker-create.1.md index e630d5fdcd..4dc90d89d8 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -43,6 +43,7 @@ docker-create - Create a new container [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] +[**--link-local-ip**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] @@ -220,6 +221,9 @@ millions of trillions. Add link to another container in the form of :alias or just in which case the alias will match the name. +**--link-local-ip**=[] + Add one or more link-local IPv4/IPv6 addresses to the container's interface + **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 2d02b7cbfb..055c8e6d67 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -45,6 +45,7 @@ docker-run - Run a command in a new container [**-l**|**--label**[=*[]*]] [**--label-file**[=*[]*]] [**--link**[=*[]*]] +[**--link-local-ip**[=*[]*]] [**--log-driver**[=*[]*]] [**--log-opt**[=*[]*]] [**-m**|**--memory**[=*MEMORY*]] @@ -326,6 +327,9 @@ container can access the exposed port via a private networking interface. Docker will set some environment variables in the client container to help indicate which interface and port to use. +**--link-local-ip**=[] + Add one or more link-local IPv4/IPv6 addresses to the container's interface + **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Logging driver for container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and From ec66559999c8ec15d8c09729c8ea511718daf781 Mon Sep 17 00:00:00 2001 From: Mike Goelzer Date: Sun, 12 Jun 2016 10:05:22 -0700 Subject: [PATCH 1459/2538] Update bash completion for Docker 1.12 CLI commands Signed-off-by: Mike Goelzer --- contrib/completion/bash/docker | 290 +++++++++++++++++++++++++++++++++ 1 file changed, 290 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 6928ebcb00..180e95ab7b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -197,6 +197,55 @@ __docker_complete_runtimes() { COMPREPLY=( $(compgen -W "$(__docker_runtimes)" -- "$cur") ) } +__docker_nodes() { + local fields='$1,$2' # node names & IDs + __docker_q node ls | sed -e 's/\*//g' | awk "NR>1 {print $fields}" +} + +__docker_complete_nodes() { + COMPREPLY=( $(compgen -W "$(__docker_nodes $1)" -- "$cur") ) +} + +__docker_complete_nodes_plus_self() { + COMPREPLY=( $(compgen -W "$(__docker_nodes $1) self" -- "$cur") ) +} + +__docker_pending_nodes() { + local fields='$1' # node ID + __docker_q node ls --filter membership=pending | awk "NR>1 {print $fields}" +} + +__docker_complete_pending_nodes() { + COMPREPLY=( $(compgen -W "$(__docker_pending_nodes $1)" -- "$cur") ) +} + +__docker_manager_nodes() { + local fields='$1,$2' # node names & IDs + __docker_q node ls --filter role=manager | awk "NR>1 {print $fields}" +} + +__docker_complete_manager_nodes() { + COMPREPLY=( $(compgen -W "$(__docker_manager_nodes $1)" -- "$cur") ) +} + +__docker_worker_nodes() { + local fields='$1,$2' # node names & IDs + __docker_q node ls --filter role=worker | awk "NR>1 {print $fields}" +} + +__docker_complete_worker_nodes() { + COMPREPLY=( $(compgen -W "$(__docker_worker_nodes $1)" -- "$cur") ) +} + +__docker_services() { + local fields='$1,$2' # service names & IDs + __docker_q service ls | awk "NR>1 {print $fields}" +} + +__docker_complete_services() { + COMPREPLY=( $(compgen -W "$(__docker_services $1)" -- "$cur") ) +} + # Finds the position of the first word that is neither option nor an option's argument. # If there are options that require arguments, you should pass a glob describing those # options, e.g. "--option1|-o|--option2" @@ -1476,6 +1525,244 @@ _docker_network() { esac } +_docker_service() { + local subcommands=" + create + tasks + inspect + update + ls + rm + " + __docker_subcommands "$subcommands" && return + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) + ;; + esac +} + +_docker_service_create() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --constraint --endpoint-ingress --endpoint-mode --env --label --limit-cpu --limit-memory --mode --name --network --publish --reserve-cpu --reserve-memory --restart-condition --restart-delay --restart-max-attempts --restart-window --replicas --stop-grace-period --update-delay --update-parallelism --user --volume --workdir" -- "$cur" ) ) + ;; + esac +} + +_docker_service_update() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--arg --command --constraint --endpoint-ingress --endpoint-mode --env --help --image --label --limit-cpu --limit-memory --mode --name --network --publish --reserve-cpu --reserve-memory --restart-condition--restart-delay --restart-max-attempts --restart-window --replicas --stop-grace-period --update-delay --update-parallelism --user --volume --workdir" -- "$cur" ) ) + ;; + *) + __docker_complete_services + esac +} + +_docker_service_inspect() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --format --pretty" -- "$cur" ) ) + ;; + *) + __docker_complete_services + esac +} + +_docker_service_tasks() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --all --filter --no-resolve" -- "$cur" ) ) + ;; + *) + __docker_complete_services + esac +} + +_docker_service_rm() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_complete_services + esac +} + +_docker_service_ls() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + esac +} + +_docker_swarm() { + local subcommands=" + init + join + update + leave + inspect + " + __docker_subcommands "$subcommands" && return + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) + ;; + esac +} + +_docker_swarm_init() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --auto-accept --force-new-cluster --secret" -- "$cur" ) ) + ;; + esac +} + +_docker_swarm_join() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--ca-hash --help --listen-addr --manager --secret" -- "$cur" ) ) + ;; + esac +} + +_docker_swarm_update() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--auto-accept --dispatcher-heartbeat-period --help --secret --task-history-limit" -- "$cur" ) ) + ;; + esac +} + +_docker_swarm_leave() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--force --help" -- "$cur" ) ) + ;; + esac +} + +_docker_swarm_inspect() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--format --help" -- "$cur" ) ) + ;; + esac +} + +_docker_node() { + local subcommands=" + accept + demote + inspect + ls + promote + rm + tasks + update + " + __docker_subcommands "$subcommands" && return + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) + ;; + esac +} + +_docker_node_accept() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_complete_pending_nodes + esac +} + +_docker_node_inspect() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --format --pretty" -- "$cur" ) ) + ;; + *) + __docker_complete_nodes + esac +} + +_docker_node_ls() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --filter --quiet" -- "$cur" ) ) + ;; + esac +} + +_docker_node_promote() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_complete_worker_nodes + esac +} + +_docker_node_demote() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_complete_manager_nodes + esac +} + +_docker_node_rm() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_complete_nodes + esac +} + +_docker_node_tasks() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --no-resolve --filter --all" -- "$cur" ) ) + ;; + *) + __docker_complete_nodes_plus_self + esac +} + +_docker_node_update() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --availability --membership --role" -- "$cur" ) ) + ;; + *) + __docker_complete_nodes + esac +} + _docker_pause() { case "$cur" in -*) @@ -2262,6 +2549,7 @@ _docker() { logout logs network + node pause port ps @@ -2274,9 +2562,11 @@ _docker() { run save search + service start stats stop + swarm tag top unpause From 6c1739b80da477b916c90009fc1cd42c78d1911b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 9 Jun 2016 23:57:15 +0200 Subject: [PATCH 1460/2538] docker plugin commandline reference Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/plugin_disable.md | 52 +++++++ docs/reference/commandline/plugin_enable.md | 52 +++++++ docs/reference/commandline/plugin_inspect.md | 135 +++++++++++++++++++ docs/reference/commandline/plugin_install.md | 51 +++++++ docs/reference/commandline/plugin_ls.md | 40 ++++++ docs/reference/commandline/plugin_rm.md | 41 ++++++ 6 files changed, 371 insertions(+) create mode 100644 docs/reference/commandline/plugin_disable.md create mode 100644 docs/reference/commandline/plugin_enable.md create mode 100644 docs/reference/commandline/plugin_inspect.md create mode 100644 docs/reference/commandline/plugin_install.md create mode 100644 docs/reference/commandline/plugin_ls.md create mode 100644 docs/reference/commandline/plugin_rm.md diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md new file mode 100644 index 0000000000..44f78af8c4 --- /dev/null +++ b/docs/reference/commandline/plugin_disable.md @@ -0,0 +1,52 @@ + + +# plugin disable (experimental) + + Usage: docker plugin disable PLUGIN + + Disable a plugin + + --help Print usage + +Disables a plugin. The plugin must be installed before it can be disabled, +see [`docker plugin install`](plugin_install.md). + + +The following example shows that the `no-remove` plugin is currently installed +and active: + +```bash +$ docker plugin ls +NAME TAG ACTIVE +tiborvass/no-remove latest true +``` +To disable the plugin, use the following command: + +```bash +$ docker plugin disable tiborvass/no-remove:latest +``` + +After the plugin is disabled, it appears as "inactive" in the list of plugins: + +```bash +$ docker plugin ls +NAME VERSION ACTIVE +tiborvass/no-remove latest false +``` + +## Related information + +* [plugin ls](plugin_ls.md) +* [plugin enable](plugin_enable.md) +* [plugin inspect](plugin_inspect.md) +* [plugin install](plugin_install.md) +* [plugin rm](plugin_rm.md) diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md new file mode 100644 index 0000000000..2bd577fd04 --- /dev/null +++ b/docs/reference/commandline/plugin_enable.md @@ -0,0 +1,52 @@ + + +# plugin enable (experimental) + + Usage: docker plugin enable PLUGIN + + Enable a plugin + + --help Print usage + +Enables a plugin. The plugin must be installed before it can be enabled, +see [`docker plugin install`](plugin_install.md). + + +The following example shows that the `no-remove` plugin is currently installed, +but disabled ("inactive"): + +```bash +$ docker plugin ls +NAME VERSION ACTIVE +tiborvass/no-remove latest false +``` +To enable the plugin, use the following command: + +```bash +$ docker plugin enable tiborvass/no-remove:latest +``` + +After the plugin is enabled, it appears as "active" in the list of plugins: + +```bash +$ docker plugin ls +NAME VERSION ACTIVE +tiborvass/no-remove latest true +``` + +## Related information + +* [plugin ls](plugin_ls.md) +* [plugin disable](plugin_disable.md) +* [plugin inspect](plugin_inspect.md) +* [plugin install](plugin_install.md) +* [plugin rm](plugin_rm.md) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md new file mode 100644 index 0000000000..e0282ea294 --- /dev/null +++ b/docs/reference/commandline/plugin_inspect.md @@ -0,0 +1,135 @@ + + +# plugin inspect (experimental) + + Usage: docker plugin inspect PLUGIN + + Return low-level information about a plugin + + --help Print usage + + +Returns information about a plugin. By default, this command renders all results +in a JSON array. + +Example output: + +```bash +$ docker plugin inspect tiborvass/no-remove:latest +``` +```JSON +{ + "Manifest": { + "ManifestVersion": "", + "Description": "A test plugin for Docker", + "Documentation": "https://docs.docker.com/engine/extend/plugins/", + "Entrypoint": [ + "plugin-no-remove", + "/data" + ], + "Interface": { + "Types": [ + "docker.volumedriver/1.0" + ], + "Socket": "plugins.sock" + }, + "Network": { + "Type": "host" + }, + "Capabilities": null, + "Mounts": [ + { + "Name": "", + "Description": "", + "Settable": false, + "Source": "/data", + "Destination": "/data", + "Type": "bind", + "Options": [ + "shared", + "rbind" + ] + }, + { + "Name": "", + "Description": "", + "Settable": false, + "Source": null, + "Destination": "/foobar", + "Type": "tmpfs", + "Options": null + } + ], + "Devices": [ + { + "Name": "device", + "Description": "a host device to mount", + "Settable": false, + "Path": null + } + ], + "Env": [ + { + "Name": "DEBUG", + "Description": "If set, prints debug messages", + "Settable": false, + "Value": null + } + ], + "Args": [ + { + "Name": "arg1", + "Description": "a command line argument", + "Settable": false, + "Value": null + } + ] + }, + "Config": { + "Mounts": [ + { + "Source": "/data", + "Destination": "/data", + "Type": "bind", + "Options": [ + "shared", + "rbind" + ] + }, + { + "Source": null, + "Destination": "/foobar", + "Type": "tmpfs", + "Options": null + } + ], + "Env": [], + "Args": [], + "Devices": null + }, + "Active": true, + "Name": "tiborvass/no-remove", + "Tag": "latest", + "ID": "ac9d36b664921d61813254f7e9946f10e3cadbb676346539f1705fcaf039c01f" +} +``` +(output formatted for readability) + + + +## Related information + +* [plugin ls](plugin_ls.md) +* [plugin enable](plugin_enable.md) +* [plugin disable](plugin_disable.md) +* [plugin install](plugin_install.md) +* [plugin rm](plugin_rm.md) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md new file mode 100644 index 0000000000..276af5a09f --- /dev/null +++ b/docs/reference/commandline/plugin_install.md @@ -0,0 +1,51 @@ + + +# plugin install (experimental) + + Usage: docker plugin install PLUGIN + + Install a plugin + + --help Print usage + +Installs and enables a plugin. Docker looks first for the plugin on your Docker +host. If the plugin does not exist locally, then the plugin is pulled from +Docker Hub. + + +The following example installs `no-remove` plugin. Install consists of pulling the +plugin from Docker Hub, prompting the user to accept the list of privileges that +the plugin needs and enabling the plugin. + +```bash +$ docker plugin install tiborvass/no-remove +Plugin "tiborvass/no-remove:latest" requested the following privileges: + - Networking: host + - Mounting host path: /data +Do you grant the above permissions? [y/N] y +``` + +After the plugin is installed, it appears in the list of plugins: + +```bash +$ docker plugin ls +NAME VERSION ACTIVE +tiborvass/no-remove latest true +``` + +## Related information + +* [plugin ls](plugin_ls.md) +* [plugin enable](plugin_enable.md) +* [plugin disable](plugin_disable.md) +* [plugin inspect](plugin_inspect.md) +* [plugin rm](plugin_rm.md) diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md new file mode 100644 index 0000000000..ea36368ed9 --- /dev/null +++ b/docs/reference/commandline/plugin_ls.md @@ -0,0 +1,40 @@ + + +# plugin ls (experimental) + + Usage: docker plugin ls + + List plugins + + --help Print usage + + Aliases: + ls, list + +Lists all the plugins that are currently installed. You can install plugins +using the [`docker plugin install`](plugin_install.md) command. + +Example output: + +```bash +$ docker plugin ls +NAME VERSION ACTIVE +tiborvass/no-remove latest true +``` + +## Related information + +* [plugin enable](plugin_enable.md) +* [plugin disable](plugin_disable.md) +* [plugin inspect](plugin_inspect.md) +* [plugin install](plugin_install.md) +* [plugin rm](plugin_rm.md) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md new file mode 100644 index 0000000000..a5dcf9e7cc --- /dev/null +++ b/docs/reference/commandline/plugin_rm.md @@ -0,0 +1,41 @@ + + +# plugin rm (experimental) + + Usage: docker plugin rm PLUGIN + + Remove a plugin + + --help Print usage + + Aliases: + rm, remove + +Removes a plugin. You cannot remove a plugin if it is active, you must disable +a plugin using the [`docker plugin disable`](plugin_disable.md) before removing +it. + +The following example disables and removes the `no-remove:latest` plugin; + +```bash +$ docker plugin disable tiborvass/no-remove:latest +$ docker plugin rm tiborvass/no-remove:latest +no-remove:latest +``` + +## Related information + +* [plugin ls](plugin_ls.md) +* [plugin enable](plugin_enable.md) +* [plugin disable](plugin_disable.md) +* [plugin inspect](plugin_inspect.md) +* [plugin install](plugin_install.md) From d8fee0b06e2b5bb9895be82722ace393cede5d59 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 14 Jun 2016 14:55:25 -0700 Subject: [PATCH 1461/2538] no more 'docker node reject' in docs Signed-off-by: Victor Vieux --- docs/reference/commandline/index.md | 1 - docs/reference/commandline/node_accept.md | 1 - docs/reference/commandline/node_demote.md | 1 - docs/reference/commandline/node_promote.md | 1 - docs/reference/commandline/node_reject.md | 28 ---------------------- 5 files changed, 32 deletions(-) delete mode 100644 docs/reference/commandline/node_reject.md diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index fff0dd9d44..f6ac1a8e05 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -90,7 +90,6 @@ You start the Docker daemon with the command line. How you start the daemon affe ### Swarm node commands * [node_accept](node_accept.md) -* [node_reject](node_reject.md) * [node_promote](node_promote.md) * [node_demote](node_demote.md) * [node_inspect](node_inspect.md) diff --git a/docs/reference/commandline/node_accept.md b/docs/reference/commandline/node_accept.md index cc1100e84d..21cb15fc36 100644 --- a/docs/reference/commandline/node_accept.md +++ b/docs/reference/commandline/node_accept.md @@ -23,6 +23,5 @@ $ docker node accept ## Related information -* [node reject](node_reject.md) * [node promote](node_promote.md) * [node demote](node_demote.md) diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index 9393e80da1..97c779c71e 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -24,5 +24,4 @@ $ docker node demote ## Related information * [node accept](node_accept.md) -* [node reject](node_reject.md) * [node promote](node_promote.md) diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md index 933f362081..06c76c2a90 100644 --- a/docs/reference/commandline/node_promote.md +++ b/docs/reference/commandline/node_promote.md @@ -24,5 +24,4 @@ $ docker node promote ## Related information * [node accept](node_accept.md) -* [node reject](node_reject.md) * [node demote](node_demote.md) diff --git a/docs/reference/commandline/node_reject.md b/docs/reference/commandline/node_reject.md deleted file mode 100644 index 56dbe8bf45..0000000000 --- a/docs/reference/commandline/node_reject.md +++ /dev/null @@ -1,28 +0,0 @@ - - -# node reject - - Usage: docker node reject NODE [NODE...] - - Reject a node from the swarm - -Reject a node from joining the swarm. This command targets a docker engine that is a manager in the swarm cluster. - - -```bash -$ docker node reject -``` - -## Related information - -* [node accept](node_accept.md) -* [node promote](node_promote.md) -* [node demote](node_demote.md) From 49023a1c5f02e9f7aeaf810cf54f6cb20aa41320 Mon Sep 17 00:00:00 2001 From: "Arnaud Porterie (icecrime)" Date: Tue, 14 Jun 2016 15:31:45 -0700 Subject: [PATCH 1462/2538] Add experimental documentation for stacks Signed-off-by: Arnaud Porterie (icecrime) --- experimental/README.md | 2 +- experimental/docker-stacks.md | 98 +++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 experimental/docker-stacks.md diff --git a/experimental/README.md b/experimental/README.md index 540769dbf3..67abbe1cdf 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -73,7 +73,7 @@ to build a Docker binary with the experimental features enabled: * [External graphdriver plugins](plugins_graphdriver.md) * [Macvlan and Ipvlan Network Drivers](vlan-networks.md) - * The user namespaces feature has graduated from experimental. + * [Docker stacks](docker-stacks.md) ## How to comment on an experimental feature diff --git a/experimental/docker-stacks.md b/experimental/docker-stacks.md new file mode 100644 index 0000000000..31a02b6f54 --- /dev/null +++ b/experimental/docker-stacks.md @@ -0,0 +1,98 @@ +# Docker Stacks + +## Overview + +Docker Stacks are an experimental feature introduced in Docker 1.12, alongside +the new concepts of Swarms and Services inside the Engine. + +A Dockerfile can be built into an image, and containers can be created from that +image. Similarly, a docker-compose.yml can be built into a **bundle**, and +**stacks** can be created from that bundle. In that sense, the bundle is a +multi-services distributable image format. + +As of 1.12, the feature is introduced as experimental, and Docker Engine doesn't +support distribution of bundles. + +## Producing a bundle + +The easiest way to produce a bundle is to generate it using `docker-compose` +from an existing `docker-compose.yml`. Of course, that's just *one* possible way +to proceed, in the same way that `docker build` isn't the only way to produce a +Docker image. + +From `docker-compose`: + + ```bash + $ docker-compose bundle + WARNING: Unsupported key 'network_mode' in services.nsqd - ignoring + WARNING: Unsupported key 'links' in services.nsqd - ignoring + WARNING: Unsupported key 'volumes' in services.nsqd - ignoring + [...] + Wrote bundle to vossibility-stack.dsb + ``` + +## Creating a stack from a bundle + +A stack is created using the `docker deploy` command: + + ```bash + # docker deploy --help + + Usage: docker deploy [OPTIONS] STACK + + Create and update a stack + + Options: + -f, --bundle string Path to a bundle (Default: STACK.dsb) + --help Print usage + ``` + +Let's deploy the stack created before: + + ```bash + # docker deploy vossibility-stack + Loading bundle from vossibility-stack.dsb + Creating service vossibility-stack_elasticsearch + Creating service vossibility-stack_kibana + Creating service vossibility-stack_logstash + Creating service vossibility-stack_lookupd + Creating service vossibility-stack_nsqd + Creating service vossibility-stack_vossibility-collector + ``` + +We can verify that services were correctly created: + + ```bash + # docker service ls + ID NAME SCALE IMAGE + COMMAND + 29bv0vnlm903 vossibility-stack_lookupd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqlookupd + 4awt47624qwh vossibility-stack_nsqd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqd --data-path=/data --lookupd-tcp-address=lookupd:4160 + 4tjx9biia6fs vossibility-stack_elasticsearch 1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa + 7563uuzr9eys vossibility-stack_kibana 1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 + 9gc5m4met4he vossibility-stack_logstash 1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe logstash -f /etc/logstash/conf.d/logstash.conf + axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba --config /config/config.toml --debug + ``` + +## Managing stacks + +Tasks are managed using the `docker stack` command: + + ```bash + # docker stack --help + + Usage: docker stack COMMAND + + Manage Docker stacks + + Options: + --help Print usage + + Commands: + config Print the stack configuration + deploy Create and update a stack + rm Remove the stack + tasks List the tasks in the stack + + Run 'docker stack COMMAND --help' for more information on a command. + ``` From 96150d3faa7c772cd336109679eea3a44c1ec7a9 Mon Sep 17 00:00:00 2001 From: "Arnaud Porterie (icecrime)" Date: Tue, 14 Jun 2016 17:36:37 -0700 Subject: [PATCH 1463/2538] Make `--dispatcher-heartbeat-period` a duration Make `--dispatcher-heartbeat-period` a duration in `docker swarm update`, allowing to express the value as "5s", "1h", etc. Signed-off-by: Arnaud Porterie (icecrime) --- contrib/completion/bash/docker | 2 +- docs/reference/commandline/swarm_update.md | 19 ++++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 180e95ab7b..abde5ce14c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1641,7 +1641,7 @@ _docker_swarm_join() { _docker_swarm_update() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--auto-accept --dispatcher-heartbeat-period --help --secret --task-history-limit" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--auto-accept --dispatcher-heartbeat --help --secret --task-history-limit" -- "$cur" ) ) ;; esac } diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 26a06a734c..942a330ea1 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -12,15 +12,16 @@ parent = "smn_cli" # swarm update - Usage: docker swarm update [OPTIONS] - - update the Swarm. - - Options: - --auto-accept value Acceptance policy (default [worker,manager]) - --help Print usage - --secret string Set secret value needed to accept nodes into cluster - + Usage: docker swarm update [OPTIONS] + + update the Swarm. + + Options: + --auto-accept value Auto acceptance policy (worker, manager or none) + --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) + --help Print usage + --secret string Set secret value needed to accept nodes into cluster + --task-history-limit int Task history retention limit (default 10) Updates a Swarm cluster with new parameter values. This command must target a manager node. From 4d7ce3559f95ed63cc5b9af8aef10d62a50667ac Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 15 Jun 2016 11:19:03 +0900 Subject: [PATCH 1464/2538] Update experimental/README.md Signed-off-by: Akihiro Suda --- experimental/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/experimental/README.md b/experimental/README.md index 67abbe1cdf..1098dd0793 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -49,9 +49,9 @@ refined or entirely removed. To download the latest experimental `docker` binary for Linux, use the following URLs: - https://experimental.docker.com/builds/Linux/i386/docker-latest + https://experimental.docker.com/builds/Linux/i386/docker-latest.tgz - https://experimental.docker.com/builds/Linux/x86_64/docker-latest + https://experimental.docker.com/builds/Linux/x86_64/docker-latest.tgz After downloading the appropriate binary, you can follow the instructions [here](https://docs.docker.com/installation/binaries/#get-the-docker-binary) to run the `docker` daemon. From 7766083eb84461e013daade9ed635376e595685d Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 15 Jun 2016 17:57:59 -0400 Subject: [PATCH 1465/2538] Change SCALE to REPLICAS. Signed-off-by: Daniel Nephin --- experimental/docker-stacks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/docker-stacks.md b/experimental/docker-stacks.md index 31a02b6f54..83ee31654a 100644 --- a/experimental/docker-stacks.md +++ b/experimental/docker-stacks.md @@ -64,7 +64,7 @@ We can verify that services were correctly created: ```bash # docker service ls - ID NAME SCALE IMAGE + ID NAME REPLICAS IMAGE COMMAND 29bv0vnlm903 vossibility-stack_lookupd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqlookupd 4awt47624qwh vossibility-stack_nsqd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqd --data-path=/data --lookupd-tcp-address=lookupd:4160 From bfbf538f68514beb5e6bfb8a87fdec0a481504ef Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 16 Jun 2016 11:52:34 -0700 Subject: [PATCH 1466/2538] docs: move "advisory" to general metadata the advisory option should not be below "menu" Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/plugin_disable.md | 2 +- docs/reference/commandline/plugin_enable.md | 2 +- docs/reference/commandline/plugin_inspect.md | 2 +- docs/reference/commandline/plugin_install.md | 2 +- docs/reference/commandline/plugin_ls.md | 2 +- docs/reference/commandline/plugin_rm.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index 44f78af8c4..dd5998e89f 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -3,9 +3,9 @@ title = "plugin disable" description = "the plugin disable command description and usage" keywords = ["plugin, disable"] +advisory = "experimental" [menu.main] parent = "smn_cli" -advisory = "experimental" +++ diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index 2bd577fd04..323882325a 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -3,9 +3,9 @@ title = "plugin enable" description = "the plugin enable command description and usage" keywords = ["plugin, enable"] +advisory = "experimental" [menu.main] parent = "smn_cli" -advisory = "experimental" +++ diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index e0282ea294..67d63c236b 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -3,9 +3,9 @@ title = "plugin inspect" description = "The plugin inspect command description and usage" keywords = ["plugin, inspect"] +advisory = "experimental" [menu.main] parent = "smn_cli" -advisory = "experimental" +++ diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 276af5a09f..03d089584f 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -3,9 +3,9 @@ title = "plugin install" description = "the plugin install command description and usage" keywords = ["plugin, install"] +advisory = "experimental" [menu.main] parent = "smn_cli" -advisory = "experimental" +++ diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index ea36368ed9..624807aaad 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -3,9 +3,9 @@ title = "plugin ls" description = "The plugin ls command description and usage" keywords = ["plugin, list"] +advisory = "experimental" [menu.main] parent = "smn_cli" -advisory = "experimental" +++ diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index a5dcf9e7cc..5f73b00fee 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -3,9 +3,9 @@ title = "plugin rm" description = "the plugin rm command description and usage" keywords = ["plugin, rm"] +advisory = "experimental" [menu.main] parent = "smn_cli" -advisory = "experimental" +++ From 541dcf39adddc64fa169a616f5575488f6c8507c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 16 Jun 2016 16:29:23 -0700 Subject: [PATCH 1467/2538] Update docker info output example Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/info.md | 7 +++++-- man/docker-info.1.md | 12 ++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 1303aa0435..21f483c282 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -45,19 +45,22 @@ storage driver and a node that is part of a 2 node Swarm cluster: Paused: 1 Stopped: 10 Images: 52 - Server Version: 1.11.1 + Server Version: 1.12.0-dev Storage Driver: overlay Backing Filesystem: extfs Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local - Network: bridge null host + Network: bridge null host overlay Swarm: NodeID: 0gac67oclbxq7 IsManager: YES Managers: 2 Nodes: 2 + Runtimes: default + Default Runtime: default + Security Options: apparmor seccomp Kernel Version: 4.4.0-21-generic Operating System: Ubuntu 16.04 LTS OSType: linux diff --git a/man/docker-info.1.md b/man/docker-info.1.md index d777f259f9..1d96b562eb 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -41,14 +41,22 @@ storage driver: Paused: 1 Stopped: 10 Images: 52 - Server Version: 1.11.1 + Server Version: 1.12.0-dev Storage Driver: overlay Backing Filesystem: extfs Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local - Network: bridge null host + Network: bridge null host overlay + Swarm: + NodeID: 0gac67oclbxq7 + IsManager: YES + Managers: 2 + Nodes: 2 + Runtimes: default + Default Runtime: default + Security Options: apparmor seccomp Kernel Version: 4.4.0-21-generic Operating System: Ubuntu 16.04 LTS OSType: linux From 308888a8c6224286c712e905ceb6abc79031d0a7 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Thu, 16 Jun 2016 17:04:33 -0700 Subject: [PATCH 1468/2538] Add cert-expiry to swarm update Signed-off-by: Tonis Tiigi --- docs/reference/commandline/swarm_update.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 942a330ea1..afbcf6455e 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -22,6 +22,7 @@ parent = "smn_cli" --help Print usage --secret string Set secret value needed to accept nodes into cluster --task-history-limit int Task history retention limit (default 10) + --cert-expiry duration Validity period for node certificates (default 2160h0m0s) Updates a Swarm cluster with new parameter values. This command must target a manager node. From a816f63e572ad67728a3c09b786fad67364219ea Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Thu, 16 Jun 2016 21:28:07 -0700 Subject: [PATCH 1469/2538] update output for node commands, minor edits Signed-off-by: Charles Smith --- docs/reference/commandline/node_inspect.md | 73 +++++++++++++--------- docs/reference/commandline/node_ls.md | 27 ++++---- docs/reference/commandline/node_tasks.md | 40 ++++++------ docs/reference/commandline/node_update.md | 6 ++ 4 files changed, 84 insertions(+), 62 deletions(-) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 48119c1693..7bb19214c0 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -30,17 +30,17 @@ Example output: $ docker node inspect swarm-manager [ - { - "ID": "0gac67oclbxq7", + { + "ID": "e216jshn25ckzbvmwlnh5jr3g", "Version": { - "Index": 2028 + "Index": 10 }, - "CreatedAt": "2016-06-06T20:49:32.720047494Z", - "UpdatedAt": "2016-06-07T00:23:31.207632893Z", + "CreatedAt": "2016-06-16T22:52:44.9910662Z", + "UpdatedAt": "2016-06-16T22:52:45.230878043Z", "Spec": { - "Role": "MANAGER", - "Membership": "ACCEPTED", - "Availability": "ACTIVE" + "Role": "manager", + "Membership": "accepted", + "Availability": "active" }, "Description": { "Hostname": "swarm-manager", @@ -50,38 +50,55 @@ Example output: }, "Resources": { "NanoCPUs": 1000000000, - "MemoryBytes": 1044250624 + "MemoryBytes": 1039843328 }, "Engine": { "EngineVersion": "1.12.0", - "Labels": { - "provider": "virtualbox" - } + "Plugins": [ + { + "Type": "Volume", + "Name": "local" + }, + { + "Type": "Network", + "Name": "overlay" + }, + { + "Type": "Network", + "Name": "null" + }, + { + "Type": "Network", + "Name": "host" + }, + { + "Type": "Network", + "Name": "bridge" + }, + { + "Type": "Network", + "Name": "overlay" + } + ] } }, "Status": { - "State": "READY" + "State": "ready" }, - "Manager": { - "Raft": { - "RaftID": 2143745093569717375, - "Addr": "192.168.99.118:4500", - "Status": { - "Leader": true, - "Reachability": "REACHABLE" - } - } - }, - "Attachment": {}, - } + "ManagerStatus": { + "Leader": true, + "Reachability": "reachable", + "Addr": "168.0.32.137:2377" + } + } ] - $ docker node inspect --format '{{ .Manager.Raft.Status.Leader }}' self + $ docker node inspect --format '{{ .ManagerStatus.Leader }}' self false $ docker node inspect --pretty self - ID: 2otfhz83efcc7 - Hostname: ad960a848573 + ID: e216jshn25ckzbvmwlnh5jr3g + Hostname: swarm-manager Status: State: Ready Availability: Active diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index ce82f6b4b8..56e157a38e 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -29,10 +29,10 @@ Lists all the nodes that the Docker Swarm manager knows about. You can filter us Example output: $ docker node ls - ID NAME STATUS AVAILABILITY MANAGER STATUS LEADER - 0gac67oclbxq swarm-master Ready Active Reachable Yes - 0pwvm3ve66q7 swarm-node-02 Ready Active - 15xwihgw71aw * swarm-node-01 Ready Active Reachable + ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER + 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Accepted Ready Active + 38ciaotwjuritcdtn9npbnkuz swarm-worker1 Accepted Ready Active + e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Accepted Ready Active Reachable Yes ## Filtering @@ -49,22 +49,21 @@ The currently supported filters are: ### name -The `name` filter matches on all or part of a tasks's name. +The `name` filter matches on all or part of a node name. The following filter matches the node with a name equal to `swarm-master` string. - $ docker node ls -f name=swarm-master - ID NAME STATUS AVAILABILITY MANAGER STATUS LEADER - 0gac67oclbxq * swarm-master Ready Active Reachable Yes + $ docker node ls -f name=swarm-manager1 + ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER + e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Accepted Ready Active Reachable Yes ### id The `id` filter matches all or part of a node's id. - $ docker node ls -f id=0 - ID NAME STATUS AVAILABILITY MANAGER STATUS LEADER - 0gac67oclbxq * swarm-master Ready Active Reachable Yes - 0pwvm3ve66q7 swarm-node-02 Ready Active + $ docker node ls -f id=1 + ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER + 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Accepted Ready Active #### label @@ -76,8 +75,8 @@ The following filter matches nodes with the `usage` label regardless of its valu ```bash $ docker node ls -f "label=foo" -ID NAME STATUS AVAILABILITY MANAGER STATUS LEADER -15xwihgw71aw * swarm-node-01 Ready Active Reachable +ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Accepted Ready Active ``` diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_tasks.md index 5bd6832a8a..d4c258c1aa 100644 --- a/docs/reference/commandline/node_tasks.md +++ b/docs/reference/commandline/node_tasks.md @@ -26,13 +26,13 @@ Lists all the tasks on a Node that Docker knows about. You can filter using the Example output: - $ docker node tasks swarm-master - ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE - dx2g0fe3zsdb6y6q453f8dqw2 redis.1 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master - f33pcf8lwhs4c1t4kq8szwzta redis.4 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master - 5v26yzixl3one3ptjyqqbd0ro redis.5 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master - adcaphlhsfr30d47lby6walg6 redis.8 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master - chancjvk9tex6768uzzacslq2 redis.9 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + $ docker node tasks swarm-manager1 + ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE + 7q92v0nr1hcgts2amcjyqg3pq redis.1 redis redis:3.0.6 Running 5 hours Running swarm-manager1 + b465edgho06e318egmgjbqo4o redis.6 redis redis:3.0.6 Running 29 seconds Running swarm-manager1 + bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 + dkkual96p4bb3s6b10r7coxxt redis.9 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 + 0tgctg8h8cech4w0k0gwrmr23 redis.10 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 ## Filtering @@ -53,22 +53,22 @@ The `name` filter matches on all or part of a task's name. The following filter matches all tasks with a name containing the `redis` string. - $ docker node tasks -f name=redis swarm-master - ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE - dx2g0fe3zsdb6y6q453f8dqw2 redis.1 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master - f33pcf8lwhs4c1t4kq8szwzta redis.4 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master - 5v26yzixl3one3ptjyqqbd0ro redis.5 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master - adcaphlhsfr30d47lby6walg6 redis.8 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master - chancjvk9tex6768uzzacslq2 redis.9 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + $ docker node tasks -f name=redis swarm-manager1 + ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE + 7q92v0nr1hcgts2amcjyqg3pq redis.1 redis redis:3.0.6 Running 5 hours Running swarm-manager1 + b465edgho06e318egmgjbqo4o redis.6 redis redis:3.0.6 Running 29 seconds Running swarm-manager1 + bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 + dkkual96p4bb3s6b10r7coxxt redis.9 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 + 0tgctg8h8cech4w0k0gwrmr23 redis.10 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 ### id The `id` filter matches a task's id. - $ docker node tasks -f id=f33pcf8lwhs4c1t4kq8szwzta swarm-master - ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE - f33pcf8lwhs4c1t4kq8szwzta redis.4 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master + $ docker node tasks -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1 + ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE + bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 #### label @@ -80,9 +80,9 @@ The following filter matches tasks with the `usage` label regardless of its valu ```bash $ docker node tasks -f "label=usage" -ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE -dx2g0fe3zsdb6y6q453f8dqw2 redis.1 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master -f33pcf8lwhs4c1t4kq8szwzta redis.4 redis redis:3.0.6 RUNNING RUNNING 2 hours swarm-master +ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE +b465edgho06e318egmgjbqo4o redis.6 redis redis:3.0.6 Running 10 minutes Running swarm-manager1 +bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 9 minutes Running swarm-manager1 ``` diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index a48712d6c9..8f005430a3 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -16,6 +16,12 @@ parent = "smn_cli" Update a node + Options: + --availability string Availability of the node (active/pause/drain) + --help Print usage + --membership string Membership of the node (accepted/rejected) + --role string Role of the node (worker/manager) + ## Related information From 6cc83d80e04ec78030ca6a7444bfd696c9f82055 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 17 Jun 2016 08:49:06 +0200 Subject: [PATCH 1470/2538] bash completion for `docker swarm update --cert-expiry` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index abde5ce14c..1d9ee41816 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1639,9 +1639,15 @@ _docker_swarm_join() { } _docker_swarm_update() { + case "$prev" in + --auto-accept|--cert-expiry|--dispatcher-heartbeat|--secret|--task-history-limit) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--auto-accept --dispatcher-heartbeat --help --secret --task-history-limit" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--auto-accept --cert-expiry --dispatcher-heartbeat --help --secret --task-history-limit" -- "$cur" ) ) ;; esac } From 903d9013a30acbea6561debd1b746f94ae0a3788 Mon Sep 17 00:00:00 2001 From: Ke Xu Date: Fri, 17 Jun 2016 16:16:13 +0900 Subject: [PATCH 1471/2538] fix #23017, add zsh completion for dockerd Signed-off-by: Ke Xu --- contrib/completion/zsh/_docker | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 69e7dbd3fa..81c628ee79 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1,4 +1,4 @@ -#compdef docker +#compdef docker dockerd # # zsh completion for docker (http://docker.com) # @@ -1410,6 +1410,13 @@ _docker() { return ret } +_dockerd() { + integer ret=1 + words[1]='daemon' + __docker_subcommand && ret=0 + return ret +} + _docker "$@" # Local Variables: From 03c9762fbae442d9b275b9b946fc7b17b74b9fc3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 17 Jun 2016 16:51:17 -0700 Subject: [PATCH 1472/2538] Add initial "service" docs Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/index.md | 9 + docs/reference/commandline/service_create.md | 157 +++++++++++++++++ docs/reference/commandline/service_inspect.md | 158 ++++++++++++++++++ docs/reference/commandline/service_ls.md | 112 +++++++++++++ docs/reference/commandline/service_rm.md | 51 ++++++ docs/reference/commandline/service_scale.md | 79 +++++++++ docs/reference/commandline/service_tasks.md | 95 +++++++++++ docs/reference/commandline/service_update.md | 68 ++++++++ 8 files changed, 729 insertions(+) create mode 100644 docs/reference/commandline/service_create.md create mode 100644 docs/reference/commandline/service_inspect.md create mode 100644 docs/reference/commandline/service_ls.md create mode 100644 docs/reference/commandline/service_rm.md create mode 100644 docs/reference/commandline/service_scale.md create mode 100644 docs/reference/commandline/service_tasks.md create mode 100644 docs/reference/commandline/service_update.md diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index f6ac1a8e05..3643cdb810 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -105,3 +105,12 @@ You start the Docker daemon with the command line. How you start the daemon affe * [swarm leave](swarm_leave.md) * [swarm update](swarm_update.md) +### Swarm service commands + +* [service create](service_create.md) +* [service inspect](service_inspect.md) +* [service ls](service_ls.md) +* [service rm](service_rm.md) +* [service scale](service_scale.md) +* [service tasks](service_tasks.md) +* [service update](service_update.md) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md new file mode 100644 index 0000000000..b3cbb7d604 --- /dev/null +++ b/docs/reference/commandline/service_create.md @@ -0,0 +1,157 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# service create + +```Markdown +Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] + +Create a new service + +Options: + --constraint value Placement constraints (default []) + --endpoint-mode string Endpoint mode(Valid values: VIP, DNSRR) + -e, --env value Set environment variables (default []) + --help Print usage + -l, --label value Service labels (default []) + --limit-cpu value Limit CPUs (default 0.000) + --limit-memory value Limit Memory (default 0 B) + --mode string Service mode (replicated or global) (default "replicated") + -m, --mount value Attach a mount to the service + --name string Service name + --network value Network attachments (default []) + -p, --publish value Publish a port as a node port (default []) + --replicas value Number of tasks (default none) + --reserve-cpu value Reserve CPUs (default 0.000) + --reserve-memory value Reserve Memory (default 0 B) + --restart-condition string Restart when condition is met (none, on_failure, or any) + --restart-delay value Delay between restart attempts (default none) + --restart-max-attempts value Maximum number of restarts before giving up (default none) + --restart-window value Window used to evalulate the restart policy (default none) + --stop-grace-period value Time to wait before force killing a container (default none) + --update-delay duration Delay between updates + --update-parallelism uint Maximum number of tasks updated simultaneously + -u, --user string Username or UID + -w, --workdir string Working directory inside the container +``` + +Creates a service as described by the specified parameters. This command has to +be run targeting a manager node. + +## Examples + +### Create a service + +```bash +$ docker service create --name redis redis:3.0.6 +dmu1ept4cxcfe8k8lhtux3ro3 + +$ docker service ls +ID NAME REPLICAS IMAGE COMMAND +dmu1ept4cxcf redis 1/1 redis:3.0.6 +``` + +### Create a service with 5 tasks + +You can set the number of tasks for a service using the `--replicas` option. The +following command creates a `redis` service with `5` tasks: + +```bash +$ docker service create --name redis --replicas=5 redis:3.0.6 +4cdgfyky7ozwh3htjfw0d12qv +``` + +The above command sets the *desired* number of tasks for the service. Even +though the command returns directly, actual scaling of the service may take +some time. The `REPLICAS` column shows both the *actual* and *desired* number +of tasks for the service. + +In the following example, the desired number of tasks is set to `5`, but the +*actual* number is `3` + +```bash +$ docker service ls +ID NAME REPLICAS IMAGE COMMAND +4cdgfyky7ozw redis 3/5 redis:3.0.7 +``` + +Once all the tasks are created, the actual number of tasks is equal to the +desired number: + +```bash +$ docker service ls +ID NAME REPLICAS IMAGE COMMAND +4cdgfyky7ozw redis 5/5 redis:3.0.7 +``` + + +### Create a service with a rolling update constraints + + +```bash +$ docker service create \ + --replicas 10 \ + --name redis \ + --update-delay 10s \ + --update-parallelism 2 \ + redis:3.0.6 +``` + +When this service is [updated](service_update.md), a rolling update will update +tasks in batches of `2`, with `10s` between batches. + +### Setting environment variables (-e --env) + +This sets environmental variables for all tasks in a service. For example: + +```bash +$ docker service create --name redis_2 --replicas 5 --env MYVAR=foo redis:3.0.6 +``` + +### Set metadata on a service (-l --label) + +A label is a `key=value` pair that applies metadata to a service. To label a +service with two labels: + +```bash +$ docker service create \ + --name redis_2 \ + --label com.example.foo="bar" + --label bar=baz \ + redis:3.0.6 +``` + +For more information about labels, refer to [apply custom +metadata](../../userguide/labels-custom-metadata.md) + +### Service mode + +Is this a replicated service or a global service. A replicated service runs as +many tasks as specified, while a global service runs on each active node in the +swarm. + +The following command creates a "global" service: + +```bash +$ docker service create --name redis_2 --mode global redis:3.0.6 +``` + + +## Related information + +* [service inspect](service_inspect.md) +* [service ls](service_ls.md) +* [service rm](service_rm.md) +* [service scale](service_scale.md) +* [service tasks](service_tasks.md) +* [service update](service_update.md) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md new file mode 100644 index 0000000000..e59baf0203 --- /dev/null +++ b/docs/reference/commandline/service_inspect.md @@ -0,0 +1,158 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# service inspect + +```Markdown +Usage: docker service inspect [OPTIONS] SERVICE [SERVICE...] + +Inspect a service + +Options: + -f, --format string Format the output using the given go template + --help Print usage + -p, --pretty Print the information in a human friendly format. +``` + + +Inspects the specified service. This command has to be run targeting a manager +node. + +By default, this renders all results in a JSON array. If a format is specified, +the given template will be executed for each result. + +Go's [text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. + +## Examples + +### Inspecting a service by name or ID + +You can inspect a service, either by its *name*, or *ID* + +For example, given the following service; + +```bash +$ docker service ls +ID NAME REPLICAS IMAGE COMMAND +dmu1ept4cxcf redis 3/3 redis:3.0.6 +``` + +Both `docker service inspect redis`, and `docker service inspect dmu1ept4cxcf` +produce the same result: + +```bash +$ docker service inspect redis +[ + { + "ID": "dmu1ept4cxcfe8k8lhtux3ro3", + "Version": { + "Index": 12 + }, + "CreatedAt": "2016-06-17T18:44:02.558012087Z", + "UpdatedAt": "2016-06-17T18:44:02.558012087Z", + "Spec": { + "Name": "redis", + "TaskTemplate": { + "ContainerSpec": { + "Image": "redis:3.0.6" + }, + "Resources": { + "Limits": {}, + "Reservations": {} + }, + "RestartPolicy": { + "Condition": "any", + "MaxAttempts": 0 + }, + "Placement": {} + }, + "Mode": { + "Replicated": { + "Replicas": 1 + } + }, + "UpdateConfig": {}, + "EndpointSpec": { + "Mode": "vip" + } + }, + "Endpoint": { + "Spec": {} + } + } +] +``` + +```bash +$ docker service inspect dmu1ept4cxcf +[ + { + "ID": "dmu1ept4cxcfe8k8lhtux3ro3", + "Version": { + "Index": 12 + }, + ... + } +] +``` + +### Inspect a service using pretty-print + +You can print the inspect output in a human-readable format instead of the default +JSON output, by using the `--pretty` option: + +```bash +$ docker service inspect --pretty frontend +ID: c8wgl7q4ndfd52ni6qftkvnnp +Name: frontend +Labels: + - org.example.projectname=demo-app +Mode: REPLICATED + Replicas: 5 +Placement: + Strategy: Spread +UpdateConfig: + Parallelism: 0 +ContainerSpec: + Image: nginx:alpine +Resources: +Reservations: +Limits: +Ports: + Name = + Protocol = tcp + TargetPort = 443 + PublishedPort = 4443 +``` + + +### Finding the number of tasks running as part of a service + +The `--format` option can be used to obtain specific information about a +service. For example, the following command outputs the number of replicas +of the "redis" service. + +```bash +$ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis +10 +``` + + +## Related information + +* [service create](service_create.md) +* [service ls](service_ls.md) +* [service rm](service_rm.md) +* [service scale](service_scale.md) +* [service tasks](service_tasks.md) +* [service update](service_update.md) diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md new file mode 100644 index 0000000000..543c1d6e71 --- /dev/null +++ b/docs/reference/commandline/service_ls.md @@ -0,0 +1,112 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# service ls + +```Markdown +docker service ls --help + +Usage: docker service ls [OPTIONS] + +List services + +Aliases: + ls, list + +Options: + -f, --filter value Filter output based on conditions provided + --help Print usage + -q, --quiet Only display IDs +``` + +This command when run targeting a manager, lists services are running in the +swarm. + +On a manager node: +```bash +ID NAME REPLICAS IMAGE COMMAND +c8wgl7q4ndfd frontend 5/5 nginx:alpine +dmu1ept4cxcf redis 3/3 redis:3.0.6 +``` + +The `REPLICAS` column shows both the *actual* and *desired* number of tasks for +the service. + + +## Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* [id](#id) +* [label](#label) +* [name](#name) + +#### ID + +The `id` filter matches all or part of a service's id. + +```bash +$ docker service ls -f "id=0bcjw" +ID NAME REPLICAS IMAGE COMMAND +0bcjwfh8ychr redis 1/1 redis:3.0.6 +``` + +#### Label + +The `label` filter matches services based on the presence of a `label` alone or +a `label` and a value. + +The following filter matches all services with a `project` label regardless of +its value: + +```bash +$ docker service ls --filter label=project +ID NAME REPLICAS IMAGE COMMAND +01sl1rp6nj5u frontend2 1/1 nginx:alpine +36xvvwwauej0 frontend 5/5 nginx:alpine +74nzcxxjv6fq backend 3/3 redis:3.0.6 +``` + +The following filter matches only services with the `project` label with the +`project-a` value. + +```bash +$ docker service ls --filter label=project=project-a +ID NAME REPLICAS IMAGE COMMAND +36xvvwwauej0 frontend 5/5 nginx:alpine +74nzcxxjv6fq backend 3/3 redis:3.0.6 +``` + + +#### Name + +The `name` filter matches on all or part of a tasks's name. + +The following filter matches services with a name containing `redis`. + +```bash +$ docker service ls --filter name=redis +ID NAME REPLICAS IMAGE COMMAND +0bcjwfh8ychr redis 1/1 redis:3.0.6 +``` + +## Related information + +* [service create](service_create.md) +* [service inspect](service_inspect.md) +* [service rm](service_rm.md) +* [service scale](service_scale.md) +* [service tasks](service_tasks.md) +* [service update](service_update.md) diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md new file mode 100644 index 0000000000..6d0b3bbd9a --- /dev/null +++ b/docs/reference/commandline/service_rm.md @@ -0,0 +1,51 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# service rm + +```Markdown +Usage: docker service rm [OPTIONS] SERVICE + +Remove a service + +Aliases: + rm, remove + +Options: + --help Print usage +``` + +Removes the specified services from the swarm. This command has to be run +targeting a manager node. + +For example, to remove the redis service: + +```bash +$ docker service rm redis +redis +$ docker service ls +ID NAME SCALE IMAGE COMMAND +``` + +> **Warning**: Unlike `docker rm`, this command does not ask for confirmation +> before removing a running service. + + + +## Related information + +* [service create](service_create.md) +* [service inspect](service_inspect.md) +* [service ls](service_ls.md) +* [service scale](service_scale.md) +* [service tasks](service_tasks.md) +* [service update](service_update.md) diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md new file mode 100644 index 0000000000..272dcc849a --- /dev/null +++ b/docs/reference/commandline/service_scale.md @@ -0,0 +1,79 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# service scale + + Usage: docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...] + + Scale one or multiple services + + Options: + --help Print usage + + +## Examples + +### Scale a service + +If you scale a service, you set the *desired* number of replicas. Even though +the command returns directly, actual scaling of the service may take some time. + +For example, the following command scales the "frontend" service to 50 tasks. + +```bash +$ docker service scale frontend=50 +frontend scaled to 50 +``` + +Directly afterwards, run `docker service ls`, to see the actual number of +replicas + +```bash +$ docker service ls --filter name=frontend + +ID NAME REPLICAS IMAGE COMMAND +3pr5mlvu3fh9 frontend 15/50 nginx:alpine +``` + +You can also scale a service using the [`docker service update`](service_update.md) +command. The following commands are therefore equivalent: + +```bash +$ docker service scale frontend=50 +$ docker service update --replicas=50 frontend +``` + +### Scale multiple services + +The `docker service scale` command allows you to set the desired number of +tasks for multiple services at once. The following example scales both the +backend and frontend services: + +```bash +$ docker service scale backend=3 frontend=5 +backend scaled to 3 +frontend scaled to 5 + +$ docker service ls +ID NAME REPLICAS IMAGE COMMAND +3pr5mlvu3fh9 frontend 5/5 nginx:alpine +74nzcxxjv6fq backend 3/3 redis:3.0.6 +``` + +## Related information + +* [service create](service_create.md) +* [service inspect](service_inspect.md) +* [service ls](service_ls.md) +* [service rm](service_rm.md) +* [service tasks](service_tasks.md) +* [service update](service_update.md) diff --git a/docs/reference/commandline/service_tasks.md b/docs/reference/commandline/service_tasks.md new file mode 100644 index 0000000000..e3a4907541 --- /dev/null +++ b/docs/reference/commandline/service_tasks.md @@ -0,0 +1,95 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# service tasks + +```Markdown +Usage: docker service tasks [OPTIONS] SERVICE + +List the tasks of a service + +Options: + -a, --all Display all tasks + -f, --filter value Filter output based on conditions provided + --help Print usage + -n, --no-resolve Do not map IDs to Names +``` + +Lists the tasks that are running as part of the specified service. This command +has to be run targeting a manager node. + + +## Examples + +### Listing the tasks that are part of a service + +The following command shows all the tasks that are part of the `redis` service: + +```bash +$ docker service tasks redis +ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE +0qihejybwf1x5vqi8lgzlgnpq redis.1 redis redis:3.0.6 Running 8 seconds Running manager1 +bk658fpbex0d57cqcwoe3jthu redis.2 redis redis:3.0.6 Running 9 seconds Running worker2 +5ls5s5fldaqg37s9pwayjecrf redis.3 redis redis:3.0.6 Running 9 seconds Running worker1 +8ryt076polmclyihzx67zsssj redis.4 redis redis:3.0.6 Running 9 seconds Running worker1 +1x0v8yomsncd6sbvfn0ph6ogc redis.5 redis redis:3.0.6 Running 8 seconds Running manager1 +71v7je3el7rrw0osfywzs0lko redis.6 redis redis:3.0.6 Running 9 seconds Running worker2 +4l3zm9b7tfr7cedaik8roxq6r redis.7 redis redis:3.0.6 Running 9 seconds Running worker2 +9tfpyixiy2i74ad9uqmzp1q6o redis.8 redis redis:3.0.6 Running 9 seconds Running worker1 +3w1wu13yuplna8ri3fx47iwad redis.9 redis redis:3.0.6 Running 8 seconds Running manager1 +8eaxrb2fqpbnv9x30vr06i6vt redis.10 redis redis:3.0.6 Running 8 seconds Running manager1 +``` + + +## Filtering + +The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there +is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). +Multiple filter flags are combined as an `OR` filter. For example, +`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks. + +The currently supported filters are: + +* [id](#id) +* [name](#name) + + +#### ID + +The `id` filter matches on all or a prefix of a task's ID. + +```bash +$ docker service tasks -f "id=8" redis +ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE +8ryt076polmclyihzx67zsssj redis.4 redis redis:3.0.6 Running 4 minutes Running worker1 +8eaxrb2fqpbnv9x30vr06i6vt redis.10 redis redis:3.0.6 Running 4 minutes Running manager1 +``` + +#### Name + +The `name` filter matches on task names. + +```bash +$ docker service tasks -f "name=redis.1" redis +ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE +0qihejybwf1x5vqi8lgzlgnpq redis.1 redis redis:3.0.6 Running Running 8 seconds manager1 +``` + + +## Related information + +* [service create](service_create.md) +* [service inspect](service_inspect.md) +* [service ls](service_ls.md) +* [service rm](service_rm.md) +* [service scale](service_scale.md) +* [service update](service_update.md) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md new file mode 100644 index 0000000000..716b975d7c --- /dev/null +++ b/docs/reference/commandline/service_update.md @@ -0,0 +1,68 @@ + + +**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. + +# service update + +```Markdown +Usage: docker service update [OPTIONS] SERVICE + +Update a service + +Options: + --arg value Service command args (default []) + --command value Service command (default []) + --constraint value Placement constraints (default []) + --endpoint-mode string Endpoint mode(Valid values: VIP, DNSRR) + -e, --env value Set environment variables (default []) + --help Print usage + --image string Service image tag + -l, --label value Service labels (default []) + --limit-cpu value Limit CPUs (default 0.000) + --limit-memory value Limit Memory (default 0 B) + --mode string Service mode (replicated or global) (default "replicated") + -m, --mount value Attach a mount to the service + --name string Service name + --network value Network attachments (default []) + -p, --publish value Publish a port as a node port (default []) + --replicas value Number of tasks (default none) + --reserve-cpu value Reserve CPUs (default 0.000) + --reserve-memory value Reserve Memory (default 0 B) + --restart-condition string Restart when condition is met (none, on_failure, or any) + --restart-delay value Delay between restart attempts (default none) + --restart-max-attempts value Maximum number of restarts before giving up (default none) + --restart-window value Window used to evalulate the restart policy (default none) + --stop-grace-period value Time to wait before force killing a container (default none) + --update-delay duration Delay between updates + --update-parallelism uint Maximum number of tasks updated simultaneously + -u, --user string Username or UID + -w, --workdir string Working directory inside the container +``` + +Updates a service as described by the specified parameters. This command has to be run targeting a manager node. +The parameters are the same as [`docker service create`](service_create.md). Please look at the description there +for further information. + +## Examples + +### Update a service + +```bash +$ docker service update --limit-cpu 2 redis +``` + +## Related information + +* [service create](service_create.md) +* [service inspect](service_inspect.md) +* [service tasks](service_tasks.md) +* [service ls](service_ls.md) +* [service rm](service_rm.md) From 603002a3ecfbd672add980247ee86c922c5f7e82 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 17 Jun 2016 09:49:46 +0200 Subject: [PATCH 1473/2538] fix bash completion for `docker service` subcommands Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 117 ++++++++++++++++++++++++++++++--- 1 file changed, 109 insertions(+), 8 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1d9ee41816..888d929074 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1528,11 +1528,11 @@ _docker_network() { _docker_service() { local subcommands=" create - tasks inspect + ls list + rm remove + tasks update - ls - rm " __docker_subcommands "$subcommands" && return @@ -1547,17 +1547,92 @@ _docker_service() { } _docker_service_create() { + local options_with_args=" + --constraint + --endpoint-mode + --env -e + --label -l + --limit-cpu + --limit-memory + --mode + --mount -m + --name + --network + --publish -p + --replicas + --reserve-cpu + --reserve-memory + --restart-condition + --restart-delay + --restart-max-attempts + --restart-window + --stop-grace-period + --update-delay + --update-parallelism + --user -u + --workdir -w + " + + local boolean_options=" + --help + " + + case "$prev" in + $(__docker_to_extglob "$options_with_args") ) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --constraint --endpoint-ingress --endpoint-mode --env --label --limit-cpu --limit-memory --mode --name --network --publish --reserve-cpu --reserve-memory --restart-condition --restart-delay --restart-max-attempts --restart-window --replicas --stop-grace-period --update-delay --update-parallelism --user --volume --workdir" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) ;; esac } _docker_service_update() { + local options_with_args=" + --arg + --command + --constraint + --endpoint-mode + --env -e + --image + --label -l + --limit-cpu + --limit-memory + --mode + --mount -m + --name + --network + --publish -p + --replicas + --reserve-cpu + --reserve-memory + --restart-condition + --restart-delay + --restart-max-attempts + --restart-window + --stop-grace-period + --update-delay + --update-parallelism + --user -u + --workdir -w + " + + local boolean_options=" + --help + " + + case "$prev" in + $(__docker_to_extglob "$options_with_args") ) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--arg --command --constraint --endpoint-ingress --endpoint-mode --env --help --image --label --limit-cpu --limit-memory --mode --name --network --publish --reserve-cpu --reserve-memory --restart-condition--restart-delay --restart-max-attempts --restart-window --replicas --stop-grace-period --update-delay --update-parallelism --user --volume --workdir" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) ;; *) __docker_complete_services @@ -1565,9 +1640,15 @@ _docker_service_update() { } _docker_service_inspect() { + case "$prev" in + --format|-f) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --format --pretty" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f --help --pretty -p" -- "$cur" ) ) ;; *) __docker_complete_services @@ -1575,15 +1656,25 @@ _docker_service_inspect() { } _docker_service_tasks() { + case "$prev" in + --format|-f) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --all --filter --no-resolve" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve -n" -- "$cur" ) ) ;; *) __docker_complete_services esac } +_docker_service_remove() { + _docker_service_rm +} + _docker_service_rm() { case "$cur" in -*) @@ -1594,10 +1685,20 @@ _docker_service_rm() { esac } +_docker_service_list() { + _docker_service_ls +} + _docker_service_ls() { + case "$prev" in + --format|-f) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "-f --filter --help --quiet -q" -- "$cur" ) ) ;; esac } From def6847e116a80d931aea16a57a1710e6f29dba2 Mon Sep 17 00:00:00 2001 From: Charles Chan Date: Sun, 12 Jun 2016 21:30:14 -0700 Subject: [PATCH 1474/2538] Update help output to match Docker 1.11. * Also touch up headings. Signed-off-by: Charles Chan --- docs/reference/commandline/inspect.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 7220d69f5c..34b60fbd46 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -36,7 +36,7 @@ straightforward manner. $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID -**Get an instance's MAC Address:** +**Get an instance's MAC address:** For the most part, you can pick out any field from the JSON in a fairly straightforward manner. @@ -51,14 +51,14 @@ straightforward manner. $ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID -**List All Port Bindings:** +**List all port bindings:** One can loop over arrays and maps in the results to produce simple text output: $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID -**Find a Specific Port Mapping:** +**Find a specific port mapping:** The `.Field` syntax doesn't work when the field name begins with a number, but the template language's `index` function does. The From 55f5fd69023fef93992eda52c489b9b407f0b0bd Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 19 Jun 2016 06:13:57 -0700 Subject: [PATCH 1475/2538] Add release tag reference links in deprecated.md This fix adds a couple of missed release tag reference links in deprecated.md Signed-off-by: Yong Tang --- docs/deprecated.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 79e10c0bbc..6f575639be 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -37,9 +37,9 @@ The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide ### `/containers/(id or name)/copy` endpoint -**Deprecated In Release: v1.8** +**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** -**Removed In Release: v1.12.0** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** The endpoint `/containers/(id or name)/copy` is deprecated in favor of `/containers/(id or name)/archive`. From 635ab02ea63dc036d5d190586cd1118f4cb5e7f8 Mon Sep 17 00:00:00 2001 From: Michael Friis Date: Sun, 19 Jun 2016 16:14:34 -0700 Subject: [PATCH 1476/2538] expand stack doc Signed-off-by: Michael Friis --- experimental/docker-stacks.md | 85 ++++++++++++++++++++++++++++++++--- 1 file changed, 79 insertions(+), 6 deletions(-) diff --git a/experimental/docker-stacks.md b/experimental/docker-stacks.md index 83ee31654a..bce9955ede 100644 --- a/experimental/docker-stacks.md +++ b/experimental/docker-stacks.md @@ -3,15 +3,12 @@ ## Overview Docker Stacks are an experimental feature introduced in Docker 1.12, alongside -the new concepts of Swarms and Services inside the Engine. +the concept of swarm mode, and Nodes and Services in the Engine API. A Dockerfile can be built into an image, and containers can be created from that -image. Similarly, a docker-compose.yml can be built into a **bundle**, and -**stacks** can be created from that bundle. In that sense, the bundle is a -multi-services distributable image format. +image. Similarly, a docker-compose.yml can be built into a **distributed application bundle**, and **stacks** can be created from that bundle. In that sense, the bundle is a multi-services distributable image format. -As of 1.12, the feature is introduced as experimental, and Docker Engine doesn't -support distribution of bundles. +As of Docker 1.12, the feature is experimental. Neither Docker Engine nor the Docker Registry support distribution of bundles. ## Producing a bundle @@ -96,3 +93,79 @@ Tasks are managed using the `docker stack` command: Run 'docker stack COMMAND --help' for more information on a command. ``` + +## Bundle file format + +Distributed application bundles are described in a JSON format. When bundles are persisted as files, the file extension is `.dab` (Docker 1.12RC2 tools use `.dsb` for the file extension—this will be updated in the next release client). + +A bundle has two top-level fields: `version` and `services`. The version used by Docker 1.12 tools is `0.1`. + +`services` in the bundle are the services that comprise the app. They correspond to the new `Service` object introduced in the 1.12 Docker Engine API. + +A service has the following fields: + +
+
+ Image (required) string +
+
+The image that the service will run. Docker images should be referenced with full content hash to fully specify the deployment artifact for the service. Example: postgres@sha256:f76245b04ddbcebab5bb6c28e76947f49222c99fec4aadb0bb1c24821a9e83ef +
+ +
+ Command []string +
+
+ Command to run in service containers. +
+ +
+ Args []string +
+
+ Arguments passed to the service containers. +
+ +
+ Env []string +
+
+ Environment variables. +
+ +
+ Labels map[string]string +
+
+ Labels used for setting meta data on services. +
+ +
+ Ports []Port +
+
+ Service ports (composed of `Port` (`int`) and `Protocol` (`string`). A service description can only specify the container port to be exposed. These ports can be mapped on runtime hosts at the operator's discretion. +
+ +
+ WorkingDir string +
+
+ Working directory inside the service containers. +
+ +
+ User string +
+
+ Username or UID (format: [:]). +
+ +
+ Networks []string +
+
+ Networks that the service containers should be connected to. An entity deploying a bundle should create networks as needed. +
+
+ From 2f835a732d39835f188224bdcd19fc5be5fc8825 Mon Sep 17 00:00:00 2001 From: Michael Friis Date: Sun, 19 Jun 2016 21:27:55 -0700 Subject: [PATCH 1477/2538] bring dab into title and intro Signed-off-by: Michael Friis --- .../{docker-stacks.md => docker-stacks-and-bundles.md} | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) rename experimental/{docker-stacks.md => docker-stacks-and-bundles.md} (93%) diff --git a/experimental/docker-stacks.md b/experimental/docker-stacks-and-bundles.md similarity index 93% rename from experimental/docker-stacks.md rename to experimental/docker-stacks-and-bundles.md index bce9955ede..732ed0e1e1 100644 --- a/experimental/docker-stacks.md +++ b/experimental/docker-stacks-and-bundles.md @@ -1,14 +1,13 @@ -# Docker Stacks +# Docker Stacks and Distributed Application Bundles ## Overview -Docker Stacks are an experimental feature introduced in Docker 1.12, alongside -the concept of swarm mode, and Nodes and Services in the Engine API. +Docker Stacks and Distributed Application Bundles are experimental features introduced in Docker 1.12 and Docker Compose 1.8, alongside the concept of swarm mode, and Nodes and Services in the Engine API. A Dockerfile can be built into an image, and containers can be created from that image. Similarly, a docker-compose.yml can be built into a **distributed application bundle**, and **stacks** can be created from that bundle. In that sense, the bundle is a multi-services distributable image format. -As of Docker 1.12, the feature is experimental. Neither Docker Engine nor the Docker Registry support distribution of bundles. +As of Docker 1.12 and Compose 1.8, the features are experimental. Neither Docker Engine nor the Docker Registry support distribution of bundles. ## Producing a bundle From e80065ae37ecf42965ac52d01bdfd00f18999c98 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 20 Jun 2016 00:12:48 -0700 Subject: [PATCH 1478/2538] Fix markdown formatting for experimental - don't indent code-blocks that use fences - fixed some formatting - wrapped long lines to 80-chars - removed stray empty lines Signed-off-by: Sebastiaan van Stijn --- experimental/docker-stacks-and-bundles.md | 152 ++++++++++++---------- 1 file changed, 82 insertions(+), 70 deletions(-) diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 732ed0e1e1..8c507cdecb 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -2,12 +2,17 @@ ## Overview -Docker Stacks and Distributed Application Bundles are experimental features introduced in Docker 1.12 and Docker Compose 1.8, alongside the concept of swarm mode, and Nodes and Services in the Engine API. +Docker Stacks and Distributed Application Bundles are experimental features +introduced in Docker 1.12 and Docker Compose 1.8, alongside the concept of +swarm mode, and Nodes and Services in the Engine API. -A Dockerfile can be built into an image, and containers can be created from that -image. Similarly, a docker-compose.yml can be built into a **distributed application bundle**, and **stacks** can be created from that bundle. In that sense, the bundle is a multi-services distributable image format. +A Dockerfile can be built into an image, and containers can be created from +that image. Similarly, a docker-compose.yml can be built into a **distributed +application bundle**, and **stacks** can be created from that bundle. In that +sense, the bundle is a multi-services distributable image format. -As of Docker 1.12 and Compose 1.8, the features are experimental. Neither Docker Engine nor the Docker Registry support distribution of bundles. +As of Docker 1.12 and Compose 1.8, the features are experimental. Neither +Docker Engine nor the Docker Registry support distribution of bundles. ## Producing a bundle @@ -18,88 +23,92 @@ Docker image. From `docker-compose`: - ```bash - $ docker-compose bundle - WARNING: Unsupported key 'network_mode' in services.nsqd - ignoring - WARNING: Unsupported key 'links' in services.nsqd - ignoring - WARNING: Unsupported key 'volumes' in services.nsqd - ignoring - [...] - Wrote bundle to vossibility-stack.dsb - ``` +```bash +$ docker-compose bundle +WARNING: Unsupported key 'network_mode' in services.nsqd - ignoring +WARNING: Unsupported key 'links' in services.nsqd - ignoring +WARNING: Unsupported key 'volumes' in services.nsqd - ignoring +[...] +Wrote bundle to vossibility-stack.dsb +``` ## Creating a stack from a bundle A stack is created using the `docker deploy` command: - ```bash - # docker deploy --help +```bash +# docker deploy --help - Usage: docker deploy [OPTIONS] STACK +Usage: docker deploy [OPTIONS] STACK - Create and update a stack +Create and update a stack - Options: - -f, --bundle string Path to a bundle (Default: STACK.dsb) - --help Print usage - ``` +Options: + -f, --bundle string Path to a bundle (Default: STACK.dsb) + --help Print usage +``` Let's deploy the stack created before: - ```bash - # docker deploy vossibility-stack - Loading bundle from vossibility-stack.dsb - Creating service vossibility-stack_elasticsearch - Creating service vossibility-stack_kibana - Creating service vossibility-stack_logstash - Creating service vossibility-stack_lookupd - Creating service vossibility-stack_nsqd - Creating service vossibility-stack_vossibility-collector - ``` +```bash +# docker deploy vossibility-stack +Loading bundle from vossibility-stack.dsb +Creating service vossibility-stack_elasticsearch +Creating service vossibility-stack_kibana +Creating service vossibility-stack_logstash +Creating service vossibility-stack_lookupd +Creating service vossibility-stack_nsqd +Creating service vossibility-stack_vossibility-collector +``` We can verify that services were correctly created: - ```bash - # docker service ls - ID NAME REPLICAS IMAGE - COMMAND - 29bv0vnlm903 vossibility-stack_lookupd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqlookupd - 4awt47624qwh vossibility-stack_nsqd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqd --data-path=/data --lookupd-tcp-address=lookupd:4160 - 4tjx9biia6fs vossibility-stack_elasticsearch 1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa - 7563uuzr9eys vossibility-stack_kibana 1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 - 9gc5m4met4he vossibility-stack_logstash 1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe logstash -f /etc/logstash/conf.d/logstash.conf - axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba --config /config/config.toml --debug - ``` +```bash +# docker service ls +ID NAME REPLICAS IMAGE +COMMAND +29bv0vnlm903 vossibility-stack_lookupd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqlookupd +4awt47624qwh vossibility-stack_nsqd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqd --data-path=/data --lookupd-tcp-address=lookupd:4160 +4tjx9biia6fs vossibility-stack_elasticsearch 1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility-stack_kibana 1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility-stack_logstash 1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe logstash -f /etc/logstash/conf.d/logstash.conf +axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba --config /config/config.toml --debug +``` ## Managing stacks Tasks are managed using the `docker stack` command: - ```bash - # docker stack --help +```bash +# docker stack --help - Usage: docker stack COMMAND - - Manage Docker stacks - - Options: - --help Print usage - - Commands: - config Print the stack configuration - deploy Create and update a stack - rm Remove the stack - tasks List the tasks in the stack - - Run 'docker stack COMMAND --help' for more information on a command. - ``` +Usage: docker stack COMMAND + +Manage Docker stacks + +Options: + --help Print usage + +Commands: + config Print the stack configuration + deploy Create and update a stack + rm Remove the stack + tasks List the tasks in the stack + +Run 'docker stack COMMAND --help' for more information on a command. +``` ## Bundle file format -Distributed application bundles are described in a JSON format. When bundles are persisted as files, the file extension is `.dab` (Docker 1.12RC2 tools use `.dsb` for the file extension—this will be updated in the next release client). +Distributed application bundles are described in a JSON format. When bundles +are persisted as files, the file extension is `.dab` (Docker 1.12RC2 tools use +`.dsb` for the file extension—this will be updated in the next release client). -A bundle has two top-level fields: `version` and `services`. The version used by Docker 1.12 tools is `0.1`. +A bundle has two top-level fields: `version` and `services`. The version used +by Docker 1.12 tools is `0.1`. -`services` in the bundle are the services that comprise the app. They correspond to the new `Service` object introduced in the 1.12 Docker Engine API. +`services` in the bundle are the services that comprise the app. They +correspond to the new `Service` object introduced in the 1.12 Docker Engine API. A service has the following fields: @@ -108,42 +117,44 @@ A service has the following fields: Image (required) string
-The image that the service will run. Docker images should be referenced with full content hash to fully specify the deployment artifact for the service. Example: postgres@sha256:f76245b04ddbcebab5bb6c28e76947f49222c99fec4aadb0bb1c24821a9e83ef + The image that the service will run. Docker images should be referenced + with full content hash to fully specify the deployment artifact for the + service. Example: + postgres@sha256:f76245b04ddbcebab5bb6c28e76947f49222c99fec4aadb0bb + 1c24821a 9e83ef
-
Command []string
Command to run in service containers.
-
Args []string
Arguments passed to the service containers.
-
Env []string
Environment variables.
-
Labels map[string]string
Labels used for setting meta data on services.
-
Ports []Port
- Service ports (composed of `Port` (`int`) and `Protocol` (`string`). A service description can only specify the container port to be exposed. These ports can be mapped on runtime hosts at the operator's discretion. + Service ports (composed of Port (int) and + Protocol (string). A service description can + only specify the container port to be exposed. These ports can be + mapped on runtime hosts at the operator's discretion.
@@ -157,14 +168,15 @@ The image that the service will run. Docker images should be referenced with ful User string
- Username or UID (format: [:]). + Username or UID (format: <name|uid>[:<group|gid>]).
Networks []string
- Networks that the service containers should be connected to. An entity deploying a bundle should create networks as needed. + Networks that the service containers should be connected to. An entity + deploying a bundle should create networks as needed.
From 7b22dbd02a8bf9f8d4ed7ed6402527d71743aee8 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 20 Jun 2016 00:24:37 -0700 Subject: [PATCH 1479/2538] remove "RC" warning from Markdown files A site-wide banner is going to be used, so we don't need this warning Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/node_inspect.md | 2 -- docs/reference/commandline/node_ls.md | 2 -- docs/reference/commandline/node_rm.md | 2 -- docs/reference/commandline/node_tasks.md | 2 -- docs/reference/commandline/node_update.md | 2 -- docs/reference/commandline/service_create.md | 2 -- docs/reference/commandline/service_inspect.md | 2 -- docs/reference/commandline/service_ls.md | 2 -- docs/reference/commandline/service_rm.md | 2 -- docs/reference/commandline/service_scale.md | 2 -- docs/reference/commandline/service_tasks.md | 2 -- docs/reference/commandline/service_update.md | 2 -- docs/reference/commandline/swarm_init.md | 2 -- docs/reference/commandline/swarm_join.md | 2 -- docs/reference/commandline/swarm_leave.md | 2 -- docs/reference/commandline/swarm_update.md | 2 -- 16 files changed, 32 deletions(-) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 7bb19214c0..1f4f9b139b 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # node inspect Usage: docker node inspect [OPTIONS] self|NODE [NODE...] diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 56e157a38e..aac74a800e 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # node ls Usage: docker node ls [OPTIONS] diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index 6eb9a873cf..46c0aa565a 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # node rm Usage: docker node rm NODE [NODE...] diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_tasks.md index d4c258c1aa..77a09d30bd 100644 --- a/docs/reference/commandline/node_tasks.md +++ b/docs/reference/commandline/node_tasks.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # node tasks Usage: docker node tasks [OPTIONS] NODE diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index 8f005430a3..3de0ba8200 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - ## update Usage: docker node update [OPTIONS] Node diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index b3cbb7d604..f12b9362cf 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -9,8 +9,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # service create ```Markdown diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index e59baf0203..0803a0f554 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # service inspect ```Markdown diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 543c1d6e71..20d121d70c 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # service ls ```Markdown diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index 6d0b3bbd9a..149f97b354 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # service rm ```Markdown diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index 272dcc849a..eb6036c458 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # service scale Usage: docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...] diff --git a/docs/reference/commandline/service_tasks.md b/docs/reference/commandline/service_tasks.md index e3a4907541..6af040d6f4 100644 --- a/docs/reference/commandline/service_tasks.md +++ b/docs/reference/commandline/service_tasks.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # service tasks ```Markdown diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 716b975d7c..d25cf176ed 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # service update ```Markdown diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index d1e20b6175..b11bea3d7c 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # swarm init Usage: docker swarm init [OPTIONS] diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index a08c50abca..c9dc417606 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # swarm join Usage: docker swarm join [OPTIONS] HOST:PORT diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index d6ce6de6f5..896273fd19 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # swarm leave Usage: docker swarm leave diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index afbcf6455e..36375a5eac 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -8,8 +8,6 @@ parent = "smn_cli" +++ -**Warning:** this command is part of the Swarm management feature introduced in Docker 1.12, and might be subject to non backward-compatible changes. - # swarm update Usage: docker swarm update [OPTIONS] From b6bfe363f8d8acb1d31500ba682cb2dfab91c39e Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Mon, 20 Jun 2016 11:54:53 +0000 Subject: [PATCH 1480/2538] Add the advisory=rc metadata Signed-off-by: Sven Dowideit --- docs/reference/commandline/node_inspect.md | 1 + docs/reference/commandline/node_ls.md | 1 + docs/reference/commandline/node_rm.md | 1 + docs/reference/commandline/node_tasks.md | 1 + docs/reference/commandline/node_update.md | 1 + docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_inspect.md | 1 + docs/reference/commandline/service_ls.md | 1 + docs/reference/commandline/service_rm.md | 1 + docs/reference/commandline/service_scale.md | 1 + docs/reference/commandline/service_tasks.md | 1 + docs/reference/commandline/service_update.md | 1 + docs/reference/commandline/swarm_init.md | 1 + docs/reference/commandline/swarm_join.md | 1 + docs/reference/commandline/swarm_leave.md | 1 + docs/reference/commandline/swarm_update.md | 1 + 16 files changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 1f4f9b139b..c48479d80f 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -3,6 +3,7 @@ title = "node inspect" description = "The node inspect command description and usage" keywords = ["node, inspect"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index aac74a800e..6e1c972004 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -3,6 +3,7 @@ title = "node ls" description = "The node ls command description and usage" keywords = ["node, list"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index 46c0aa565a..2a0be57052 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -3,6 +3,7 @@ title = "node rm" description = "The node rm command description and usage" keywords = ["node, remove"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_tasks.md index 77a09d30bd..c9f40d9e21 100644 --- a/docs/reference/commandline/node_tasks.md +++ b/docs/reference/commandline/node_tasks.md @@ -3,6 +3,7 @@ title = "node tasks" description = "The node tasks command description and usage" keywords = ["node, tasks"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index 3de0ba8200..b599240da5 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -3,6 +3,7 @@ title = "node update" description = "The node update command description and usage" keywords = ["resources, update, dynamically"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index f12b9362cf..1196a4dc88 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -3,7 +3,7 @@ title = "service create" description = "The service create command description and usage" keywords = ["service, create"] - +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 0803a0f554..02b399f950 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -3,6 +3,7 @@ title = "service inspect" description = "The service inspect command description and usage" keywords = ["service, inspect"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 20d121d70c..9f2cc2ce12 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -3,6 +3,7 @@ title = "service ls" description = "The service ls command description and usage" keywords = ["service, ls"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index 149f97b354..197a233113 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -3,6 +3,7 @@ title = "service rm" description = "The service rm command description and usage" keywords = ["service, rm"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index eb6036c458..0180f08a77 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -3,6 +3,7 @@ title = "service scale" description = "The service scale command description and usage" keywords = ["service, scale"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_tasks.md b/docs/reference/commandline/service_tasks.md index 6af040d6f4..5bcb101bcf 100644 --- a/docs/reference/commandline/service_tasks.md +++ b/docs/reference/commandline/service_tasks.md @@ -3,6 +3,7 @@ title = "service tasks" description = "The service tasks command description and usage" keywords = ["service, tasks"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index d25cf176ed..aa46e2ff8e 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -3,6 +3,7 @@ title = "service update" description = "The service update command description and usage" keywords = ["service, update"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index b11bea3d7c..fded19b978 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -3,6 +3,7 @@ title = "swarm init" description = "The swarm init command description and usage" keywords = ["swarm, init"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index c9dc417606..c019de1e42 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -3,6 +3,7 @@ title = "swarm join" description = "The swarm join command description and usage" keywords = ["swarm, join"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 896273fd19..7ef0d343f5 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -3,6 +3,7 @@ title = "swarm leave" description = "The swarm leave command description and usage" keywords = ["swarm, leave"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 36375a5eac..c87486fb09 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -3,6 +3,7 @@ title = "swarm update" description = "The swarm update command description and usage" keywords = ["swarm, update"] +advisory = "rc" [menu.main] parent = "smn_cli" +++ From ec3864b0289c77031a7a425f24d5640c5b5984cb Mon Sep 17 00:00:00 2001 From: Mike Goelzer Date: Wed, 15 Jun 2016 12:28:33 -0700 Subject: [PATCH 1481/2538] Add bash completion for `docker service scale` Signed-off-by: Mike Goelzer Conflicts: contrib/completion/bash/docker --- contrib/completion/bash/docker | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 888d929074..97d509c474 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1531,6 +1531,7 @@ _docker_service() { inspect ls list rm remove + scale tasks update " @@ -1703,6 +1704,18 @@ _docker_service_ls() { esac } +_docker_service_scale() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $(compgen -S "=" -W "$(__docker_services $1)" -- "$cur") ) + __docker_nospace + ;; + esac +} + _docker_swarm() { local subcommands=" init @@ -1726,7 +1739,7 @@ _docker_swarm() { _docker_swarm_init() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --auto-accept --force-new-cluster --secret" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--auto-accept --force-new-cluster --help --secret" -- "$cur" ) ) ;; esac } @@ -1805,7 +1818,7 @@ _docker_node_accept() { _docker_node_inspect() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --format --pretty" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format --help --pretty" -- "$cur" ) ) ;; *) __docker_complete_nodes @@ -1815,7 +1828,7 @@ _docker_node_inspect() { _docker_node_ls() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --filter --quiet" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter --help --quiet" -- "$cur" ) ) ;; esac } @@ -1853,7 +1866,7 @@ _docker_node_rm() { _docker_node_tasks() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --no-resolve --filter --all" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all --filter --help --no-resolve" -- "$cur" ) ) ;; *) __docker_complete_nodes_plus_self @@ -1863,7 +1876,7 @@ _docker_node_tasks() { _docker_node_update() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --availability --membership --role" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--availability --help --membership --role" -- "$cur" ) ) ;; *) __docker_complete_nodes From 53e1898a90c6d7d4cef8793f25869f8dd24f6713 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 18 Jun 2016 09:52:02 -0700 Subject: [PATCH 1482/2538] correct sort order in new bash completions The completion for the new `docker service`, `docker swarm` and `docker node` command families were partly added in non-alphabetical order. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 210 ++++++++++++++++----------------- 1 file changed, 105 insertions(+), 105 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 97d509c474..554341a99b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1591,6 +1591,82 @@ _docker_service_create() { esac } +_docker_service_inspect() { + case "$prev" in + --format|-f) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--format -f --help --pretty -p" -- "$cur" ) ) + ;; + *) + __docker_complete_services + esac +} + +_docker_service_list() { + _docker_service_ls +} + +_docker_service_ls() { + case "$prev" in + --format|-f) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "-f --filter --help --quiet -q" -- "$cur" ) ) + ;; + esac +} + +_docker_service_remove() { + _docker_service_rm +} + +_docker_service_rm() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_complete_services + esac +} + +_docker_service_scale() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $(compgen -S "=" -W "$(__docker_services $1)" -- "$cur") ) + __docker_nospace + ;; + esac +} + +_docker_service_tasks() { + case "$prev" in + --format|-f) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve -n" -- "$cur" ) ) + ;; + *) + __docker_complete_services + esac +} + _docker_service_update() { local options_with_args=" --arg @@ -1640,89 +1716,13 @@ _docker_service_update() { esac } -_docker_service_inspect() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help --pretty -p" -- "$cur" ) ) - ;; - *) - __docker_complete_services - esac -} - -_docker_service_tasks() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve -n" -- "$cur" ) ) - ;; - *) - __docker_complete_services - esac -} - -_docker_service_remove() { - _docker_service_rm -} - -_docker_service_rm() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_services - esac -} - -_docker_service_list() { - _docker_service_ls -} - -_docker_service_ls() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "-f --filter --help --quiet -q" -- "$cur" ) ) - ;; - esac -} - -_docker_service_scale() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - COMPREPLY=( $(compgen -S "=" -W "$(__docker_services $1)" -- "$cur") ) - __docker_nospace - ;; - esac -} - _docker_swarm() { local subcommands=" init - join - update - leave inspect + join + leave + update " __docker_subcommands "$subcommands" && return @@ -1744,6 +1744,14 @@ _docker_swarm_init() { esac } +_docker_swarm_inspect() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--format --help" -- "$cur" ) ) + ;; + esac +} + _docker_swarm_join() { case "$cur" in -*) @@ -1752,6 +1760,14 @@ _docker_swarm_join() { esac } +_docker_swarm_leave() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--force --help" -- "$cur" ) ) + ;; + esac +} + _docker_swarm_update() { case "$prev" in --auto-accept|--cert-expiry|--dispatcher-heartbeat|--secret|--task-history-limit) @@ -1766,22 +1782,6 @@ _docker_swarm_update() { esac } -_docker_swarm_leave() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--force --help" -- "$cur" ) ) - ;; - esac -} - -_docker_swarm_inspect() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format --help" -- "$cur" ) ) - ;; - esac -} - _docker_node() { local subcommands=" accept @@ -1815,6 +1815,16 @@ _docker_node_accept() { esac } +_docker_node_demote() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_complete_manager_nodes + esac +} + _docker_node_inspect() { case "$cur" in -*) @@ -1843,16 +1853,6 @@ _docker_node_promote() { esac } -_docker_node_demote() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_manager_nodes - esac -} - _docker_node_rm() { case "$cur" in -*) From ab24ffa0005cd99c836d6716faac872d6b73bf7d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 18 Jun 2016 10:11:46 -0700 Subject: [PATCH 1483/2538] fix bash completion for `docker {swarm,node}` subcommands Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 64 ++++++++++++++++++++++++++++++---- 1 file changed, 57 insertions(+), 7 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 554341a99b..81e53b17a4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1737,22 +1737,40 @@ _docker_swarm() { } _docker_swarm_init() { + case "$prev" in + --auto-accept|--listen-addr|--secret) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--auto-accept --force-new-cluster --help --secret" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--auto-accept --force-new-cluster --help --listen-addr --secret" -- "$cur" ) ) ;; esac } _docker_swarm_inspect() { + case "$prev" in + --format|-f) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--format --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) ;; esac } _docker_swarm_join() { + case "$prev" in + --ca-hash|--listen-addr|--secret) + return + ;; + esac + case "$cur" in -*) COMPREPLY=( $( compgen -W "--ca-hash --help --listen-addr --manager --secret" -- "$cur" ) ) @@ -1787,9 +1805,9 @@ _docker_node() { accept demote inspect - ls + ls list promote - rm + rm remove tasks update " @@ -1826,19 +1844,35 @@ _docker_node_demote() { } _docker_node_inspect() { + case "$prev" in + --format|-f) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--format --help --pretty" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f --help --pretty -p" -- "$cur" ) ) ;; *) __docker_complete_nodes esac } +_docker_node_list() { + _docker_node_ls +} + _docker_node_ls() { + case "$prev" in + --filter|-f) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter --help --quiet" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) ) ;; esac } @@ -1853,6 +1887,10 @@ _docker_node_promote() { esac } +_docker_node_remove() { + _docker_node_rm +} + _docker_node_rm() { case "$cur" in -*) @@ -1864,9 +1902,15 @@ _docker_node_rm() { } _docker_node_tasks() { + case "$prev" in + --filter|-f) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all --filter --help --no-resolve" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve -n" -- "$cur" ) ) ;; *) __docker_complete_nodes_plus_self @@ -1874,6 +1918,12 @@ _docker_node_tasks() { } _docker_node_update() { + case "$prev" in + --availability|--membership|--role) + return + ;; + esac + case "$cur" in -*) COMPREPLY=( $( compgen -W "--availability --help --membership --role" -- "$cur" ) ) From 87591ae9b75211137ad198dcf8256def64748b6a Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Fri, 17 Jun 2016 13:30:17 -0700 Subject: [PATCH 1484/2538] update docker swarm cli Signed-off-by: Charles Smith --- docs/reference/commandline/swarm_init.md | 10 +++++----- docs/reference/commandline/swarm_join.md | 18 +++++++++--------- docs/reference/commandline/swarm_leave.md | 16 ++++++++-------- docs/reference/commandline/swarm_update.md | 6 ++---- 4 files changed, 24 insertions(+), 26 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index fded19b978..35b77e4e2b 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -28,17 +28,17 @@ in the newly created one node Swarm cluster. ```bash $ docker swarm init --listen-addr 192.168.99.121:2377 -Initializing a new swarm +Swarm initialized: current node (1ujecd0j9n3ro9i6628smdmth) is now a manager. $ docker node ls -ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER -3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +1ujecd0j9n3ro9i6628smdmth * manager1 Accepted Ready Active Reachable Yes ``` ### --auto-accept value This flag controls node acceptance into the cluster. By default, both `worker` and `manager` nodes are auto accepted by the cluster. This can be changed by specifing what kinds of nodes -can be auto-accepted into the cluster. If auto-accept is not turned on, then +can be auto-accepted into the cluster. If auto-accept is not turned on, then [node accept](node_accept.md) can be used to explicitly accept a node into the cluster. For example, the following initializes a cluster with auto-acceptance of workers, but not managers @@ -46,7 +46,7 @@ For example, the following initializes a cluster with auto-acceptance of workers ```bash $ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker -Initializing a new swarm +Swarm initialized: current node (1m8cdsylxbf3lk8qriqt07hx1) is now a manager. ``` ### `--force-new-cluster` diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index c019de1e42..4ac6940dc2 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -28,23 +28,23 @@ targeted by this command becomes a `manager`. If it is not specified, it becomes ```bash $ docker swarm join --manager --listen-addr 192.168.99.122:2377 192.168.99.121:2377 -This node is attempting to join a Swarm as a manager. +This node joined a Swarm as a manager. $ docker node ls -ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER -2fg70txcrde2 swarm-node-01 READY ACTIVE REACHABLE -3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +dkp8vy1dq1kxleu9g4u78tlag * manager2 Accepted Ready Active Reachable +dvfxp4zseq4s0rih1selh0d20 manager1 Accepted Ready Active Reachable Yes ``` ### Join a node to swarm as a worker ```bash $ docker swarm join --listen-addr 192.168.99.123:2377 192.168.99.121:2377 -This node is attempting to join a Swarm. +This node joined a Swarm as a worker. $ docker node ls -ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER -04zm7ue1fd1q swarm-node-02 READY ACTIVE -2fg70txcrde2 swarm-node-01 READY ACTIVE REACHABLE -3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +7ln70fl22uw2dvjn2ft53m3q5 worker2 Accepted Ready Active +dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachable +dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes ``` ### `--manager` diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 7ef0d343f5..c3fc56be47 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -23,10 +23,10 @@ This command causes the node to leave the swarm. On a manager node: ```bash $ docker node ls -ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER -04zm7ue1fd1q swarm-node-02 READY ACTIVE -2fg70txcrde2 swarm-node-01 READY ACTIVE REACHABLE -3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +7ln70fl22uw2dvjn2ft53m3q5 worker2 Accepted Ready Active +dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachable +dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes ``` On a worker node: @@ -38,10 +38,10 @@ Node left the default swarm. On a manager node: ```bash $ docker node ls -ID NAME STATUS AVAILABILITY/MEMBERSHIP MANAGER STATUS LEADER -04zm7ue1fd1q swarm-node-02 DOWN ACTIVE -2fg70txcrde2 swarm-node-01 READY ACTIVE REACHABLE -3l1f6uzcuoa3 * swarm-master READY ACTIVE REACHABLE Yes +ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +7ln70fl22uw2dvjn2ft53m3q5 worker2 Accepted Down Active +dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachable +dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes ``` ## Related information diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index c87486fb09..6d77bd7234 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -12,16 +12,15 @@ parent = "smn_cli" # swarm update Usage: docker swarm update [OPTIONS] - + update the Swarm. - + Options: --auto-accept value Auto acceptance policy (worker, manager or none) --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --help Print usage --secret string Set secret value needed to accept nodes into cluster --task-history-limit int Task history retention limit (default 10) - --cert-expiry duration Validity period for node certificates (default 2160h0m0s) Updates a Swarm cluster with new parameter values. This command must target a manager node. @@ -35,4 +34,3 @@ $ docker swarm update --auto-accept manager * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) * [swarm leave](swarm_leave.md) - From 94b45e398f54f6df6295007110b55ea907b5c0b9 Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Mon, 20 Jun 2016 17:52:34 -0400 Subject: [PATCH 1485/2538] PR 19367 doc change: Mention supported drivers for --storage-opt size option in docker create/run. Signed-off-by: Shishir Mahajan --- docs/reference/commandline/create.md | 5 +++-- docs/reference/commandline/run.md | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 0c62866fc3..fb84d38794 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -149,12 +149,13 @@ then be used from the subsequent container: drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker -Set storage driver options per container. +Set storage driver options per container. $ docker create -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. -User cannot pass a size less than the Default BaseFS Size. +User cannot pass a size less than the Default BaseFS Size. This option is only +available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. ### Specify isolation technology for container (--isolation) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 1c38e27bc4..ad009aa872 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -186,7 +186,8 @@ The `-w` lets the command being executed inside directory given, here $ docker create -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. -User cannot pass a size less than the Default BaseFS Size. +User cannot pass a size less than the Default BaseFS Size. This option is only +available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. ### Mount tmpfs (--tmpfs) From 32054251c7c1f80d9d7ec2958628aff40fcd0d3c Mon Sep 17 00:00:00 2001 From: Neil Peterson Date: Thu, 16 Jun 2016 21:41:58 -0700 Subject: [PATCH 1486/2538] Added daemon.json Windows example Signed-off-by: Neil Peterson --- docs/reference/commandline/dockerd.md | 58 ++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index ec44c0ab90..7109e0ee28 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -975,19 +975,23 @@ the `--cgroup-parent` option on the daemon. The `--config-file` option allows you to set any configuration option for the daemon in a JSON format. This file uses the same flag names as keys, except for flags that allow several entries, where it uses the plural -of the flag name, e.g., `labels` for the `label` flag. By default, -docker tries to load a configuration file from `/etc/docker/daemon.json` -on Linux and `%programdata%\docker\config\daemon.json` on Windows. +of the flag name, e.g., `labels` for the `label` flag. The options set in the configuration file must not conflict with options set via flags. The docker daemon fails to start if an option is duplicated between the file and the flags, regardless their value. We do this to avoid silently ignore changes introduced in configuration reloads. For example, the daemon fails to start if you set daemon labels -in the configuration file and also set daemon labels via the `--label` flag. - +in the configuration file and also set daemon labels via the `--label` flag. Options that are not present in the file are ignored when the daemon starts. -This is a full example of the allowed configuration options in the file: + +### Linux configuration file + +The default location of the configuration file on Linux is +`/etc/docker/daemon.json`. The `--config-file` flag can be used to specify a + non-default location. + +This is a full example of the allowed configuration options on Linux: ```json { @@ -1056,6 +1060,48 @@ This is a full example of the allowed configuration options in the file: } ``` +### Windows configuration file + +The default location of the configuration file on Windows is + `%programdata%\docker\config\daemon.json`. The `--config-file` flag can be + used to specify a non-default location. + +This is a full example of the allowed configuration options on Windows: + +```json +{ + "authorization-plugins": [], + "dns": [], + "dns-opts": [], + "dns-search": [], + "exec-opts": [], + "storage-driver": "", + "storage-opts": [], + "labels": [], + "log-driver": "", + "mtu": 0, + "pidfile": "", + "graph": "", + "cluster-store": "", + "cluster-advertise": "", + "debug": true, + "hosts": [], + "log-level": "", + "tlsverify": true, + "tlscacert": "", + "tlscert": "", + "tlskey": "", + "group": "", + "default-ulimits": {}, + "bridge": "", + "fixed-cidr": "", + "raw-logs": false, + "registry-mirrors": [], + "insecure-registries": [], + "disable-legacy-registry": false +} +``` + ### Configuration reloading Some options can be reconfigured when the daemon is running without requiring From 5846f66bf2d88361fd9e844ea2464388ea6c2f19 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 21 Jun 2016 08:31:28 +0200 Subject: [PATCH 1487/2538] Add zsh completion for 'docker daemon --live-restore' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 81c628ee79..5e0d61fca9 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -965,6 +965,7 @@ __docker_subcommand() { "($help)--ipv6[Enable IPv6 networking]" \ "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \ "($help)*--label=[Key=value labels]:label: " \ + "($help)--live-restore[Enable live restore of docker when containers are still running]" \ "($help)--log-driver=[Default driver for container logs]:Logging driver:(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)" \ "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" \ "($help)--max-concurrent-downloads[Set the max concurrent downloads for each pull]" \ From ef5f8ec5032c5be427be52473bab4ee6adc27e39 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 21 Jun 2016 09:43:34 +0200 Subject: [PATCH 1488/2538] bash completion for `docker {run,create,network connect} --link-local-ip` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 81e53b17a4..08b932259a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1355,6 +1355,7 @@ _docker_network_connect() { --ip --ip6 --link + --link-local-ip " local boolean_options=" @@ -2157,6 +2158,7 @@ _docker_run() { --label-file --label -l --link + --link-local-ip --log-driver --log-opt --mac-address From 884c0bab2706f9124619e026a34277d071126a70 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 21 Jun 2016 10:19:07 +0200 Subject: [PATCH 1489/2538] bash completion for `docker daemon --storage-driver olverlay2` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 08b932259a..def599f6ac 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -942,7 +942,7 @@ _docker_daemon() { return ;; --storage-driver|-s) - COMPREPLY=( $( compgen -W "aufs btrfs devicemapper overlay vfs zfs" -- "$(echo $cur | tr '[:upper:]' '[:lower:]')" ) ) + COMPREPLY=( $( compgen -W "aufs btrfs devicemapper overlay overlay2 vfs zfs" -- "$(echo $cur | tr '[:upper:]' '[:lower:]')" ) ) return ;; --storage-opt) From 1ffefe059ff9e1f955d0ef8ae6f72a82b4cde80b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 21 Jun 2016 10:24:14 +0200 Subject: [PATCH 1490/2538] bash completion for `load` and `save` image events Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index def599f6ac..0b3abb6bb4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1049,6 +1049,7 @@ _docker_events() { export import kill + load mount oom pause @@ -1058,6 +1059,7 @@ _docker_events() { rename resize restart + save start stop tag From 789cd4c65f9eac2d068e0c2453c06643215b03f1 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 21 Jun 2016 11:04:09 +0200 Subject: [PATCH 1491/2538] bash completion for `docker {run,create} --storage-opt` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0b3abb6bb4..2ce7c4484d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2180,6 +2180,7 @@ _docker_run() { --security-opt --shm-size --stop-signal + --storage-opt --tmpfs --sysctl --ulimit @@ -2366,6 +2367,11 @@ _docker_run() { fi return ;; + --storage-opt) + COMPREPLY=( $( compgen -W "size" -S = -- "$cur") ) + __docker_nospace + return + ;; --user|-u) __docker_complete_user_group return From 6f3d82893802c2789975fcad700508e70240fe5a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 21 Jun 2016 11:06:08 +0200 Subject: [PATCH 1492/2538] bash completion for `docker daemon --storage-opt btrfs.min_space` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2ce7c4484d..d395125b49 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -946,6 +946,7 @@ _docker_daemon() { return ;; --storage-opt) + local btrfs_options="btrfs.min_space" local devicemapper_options=" dm.basesize dm.blkdiscard @@ -965,7 +966,10 @@ _docker_daemon() { case $(__docker_value_of_option '--storage-driver|-s') in '') - COMPREPLY=( $( compgen -W "$devicemapper_options $zfs_options" -S = -- "$cur" ) ) + COMPREPLY=( $( compgen -W "$btrfs_options $devicemapper_options $zfs_options" -S = -- "$cur" ) ) + ;; + btrfs) + COMPREPLY=( $( compgen -W "$btrfs_options" -S = -- "$cur" ) ) ;; devicemapper) COMPREPLY=( $( compgen -W "$devicemapper_options" -S = -- "$cur" ) ) From 6440bac13411ba406ca7c35a417ce30b7cf1b1b3 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 21 Jun 2016 11:30:26 +0200 Subject: [PATCH 1493/2538] bash completion for `-c` alias to `--cpu-shares` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d395125b49..71bcee8f33 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -693,7 +693,7 @@ _docker_build() { --cgroup-parent --cpuset-cpus --cpuset-mems - --cpu-shares + --cpu-shares -c --cpu-period --cpu-quota --file -f @@ -2141,7 +2141,7 @@ _docker_run() { --cpu-quota --cpuset-cpus --cpuset-mems - --cpu-shares + --cpu-shares -c --device --device-read-bps --device-read-iops @@ -2543,7 +2543,7 @@ _docker_update() { --cpu-quota --cpuset-cpus --cpuset-mems - --cpu-shares + --cpu-shares -c --kernel-memory --memory -m --memory-reservation From 43e6c9864b6d4a20b02f2454ac320a52ad410254 Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Tue, 21 Jun 2016 10:49:28 -0400 Subject: [PATCH 1494/2538] Man page fix: Mention supported drivers for --storage-opt size option in docker create/run Signed-off-by: Shishir Mahajan --- man/docker-create.1.md | 2 +- man/docker-run.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 4dc90d89d8..be0e5e9d29 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -340,7 +340,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. $ docker create -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. - This option is only available for the `devicemapper`, `btrfs` and `zfs` graphrivers. + This option is only available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 055c8e6d67..6fdc93cd60 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -492,7 +492,7 @@ its root filesystem mounted as read only prohibiting any writes. $ docker run -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. - This option is only available for the `devicemapper`, `btrfs` and `zfs` graphrivers. + This option is only available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From 95342189ab4651233c2d206e3b27360014ae6d37 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 23 Jun 2016 08:35:36 +0200 Subject: [PATCH 1495/2538] Add zsh completion for 'docker daemon --storage-driver (overlay2|vfs)' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 5e0d61fca9..fe19b79a36 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -974,7 +974,7 @@ __docker_subcommand() { "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ "($help)--raw-logs[Full timestamps without ANSI coloring]" \ "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \ - "($help -s --storage-driver)"{-s=,--storage-driver=}"[Storage driver to use]:driver:(aufs devicemapper btrfs zfs overlay)" \ + "($help -s --storage-driver)"{-s=,--storage-driver=}"[Storage driver to use]:driver:(aufs btrfs devicemapper overlay overlay2 vfs zfs)" \ "($help)--selinux-enabled[Enable selinux support]" \ "($help)*--storage-opt=[Storage driver options]:storage driver options: " \ "($help)--tls[Use TLS]" \ From 993d8f6dd435a87d85f222c188bfef52f2c70a20 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 23 Jun 2016 08:57:39 +0200 Subject: [PATCH 1496/2538] Re-Add zsh completion for '-c' alias to '--cpu-shares' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index fe19b79a36..bf9b26548a 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -786,7 +786,7 @@ __docker_subcommand() { "($help)--userns=[Container user namespace]:user namespace:(host)" ) opts_build_create_run_update=( - "($help)--cpu-shares=[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" + "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " From 1216831bc62392b741eb325b078126f15c84588b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 23 Jun 2016 08:52:42 +0200 Subject: [PATCH 1497/2538] Add zsh completion for 'docker run --storage-opt size=' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index bf9b26548a..78bf797b18 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1251,6 +1251,7 @@ __docker_subcommand() { "($help)--rm[Remove intermediate containers when it exits]" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \ + "($help)--storage-opt=[Set storage driver options per container]:storage options:->storage-opt" \ "($help -): :__docker_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 @@ -1263,6 +1264,14 @@ __docker_subcommand() { __docker_runningcontainers -qS ":" && ret=0 fi ;; + (storage-opt) + if compset -P "*="; then + _message "value" && ret=0 + else + opts=('size') + _describe -t filter-opts "storage options" opts -qS "=" && ret=0 + fi + ;; esac ;; From 6e1e11e0e34f80d65996139d2d26f03315b87f3f Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 23 Jun 2016 08:44:08 +0200 Subject: [PATCH 1498/2538] Add zsh completion for 'docker {create,run,network connect} --link-local-ip' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 78bf797b18..e098ceee18 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -563,6 +563,7 @@ __docker_network_subcommand() { "($help)--ip=[Container IPv4 address]:IPv4: " \ "($help)--ip6=[Container IPv6 address]:IPv6: " \ "($help)*--link=[Add a link to another container]:link:->link" \ + "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " \ "($help -)1:network:__docker_networks" \ "($help -)2:containers:__docker_containers" && ret=0 @@ -820,6 +821,7 @@ __docker_subcommand() { "($help)--ip6=[Container IPv6 address]:IPv6: " "($help)--ipc=[IPC namespace to use]:IPC namespace: " "($help)*--link=[Add link to another container]:link:->link" + "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " "($help)*"{-l=,--label=}"[Container metadata]:label: " "($help)--log-driver=[Default driver for container logs]:Logging driver:(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)" "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" From 154a1c12062483f8263ad1a4c28ceb13ca92faba Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 23 Jun 2016 08:29:24 +0200 Subject: [PATCH 1499/2538] Add zsh completion for 'load' and 'save' image events Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index e098ceee18..a198fe296e 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -415,8 +415,8 @@ __docker_complete_events_filter() { (event) local -a event_opts event_opts=('attach' 'commit' 'connect' 'copy' 'create' 'delete' 'destroy' 'detach' 'die' 'disconnect' 'exec_create' 'exec_detach' - 'exec_start' 'export' 'import' 'kill' 'mount' 'oom' 'pause' 'pull' 'push' 'reload' 'rename' 'resize' 'restart' 'start' 'stop' 'tag' - 'top' 'unmount' 'unpause' 'untag' 'update') + 'exec_start' 'export' 'import' 'kill' 'load' 'mount' 'oom' 'pause' 'pull' 'push' 'reload' 'rename' 'resize' 'restart' 'save' 'start' + 'stop' 'tag' 'top' 'unmount' 'unpause' 'untag' 'update') _describe -t event-filter-opts "event filter options" event_opts && ret=0 ;; (image) From d2f61188f195b44de9986273305191c26d3fcfd1 Mon Sep 17 00:00:00 2001 From: orkaa Date: Thu, 23 Jun 2016 16:26:43 +0200 Subject: [PATCH 1500/2538] For the lulz! (evalulate -> evaluate) Signed-off-by: orkaa --- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 1196a4dc88..f385d8cb05 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -35,7 +35,7 @@ Options: --restart-condition string Restart when condition is met (none, on_failure, or any) --restart-delay value Delay between restart attempts (default none) --restart-max-attempts value Maximum number of restarts before giving up (default none) - --restart-window value Window used to evalulate the restart policy (default none) + --restart-window value Window used to evaluate the restart policy (default none) --stop-grace-period value Time to wait before force killing a container (default none) --update-delay duration Delay between updates --update-parallelism uint Maximum number of tasks updated simultaneously diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index aa46e2ff8e..03c3ab33e7 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -38,7 +38,7 @@ Options: --restart-condition string Restart when condition is met (none, on_failure, or any) --restart-delay value Delay between restart attempts (default none) --restart-max-attempts value Maximum number of restarts before giving up (default none) - --restart-window value Window used to evalulate the restart policy (default none) + --restart-window value Window used to evaluate the restart policy (default none) --stop-grace-period value Time to wait before force killing a container (default none) --update-delay duration Delay between updates --update-parallelism uint Maximum number of tasks updated simultaneously From be6f353670c7a5b813d1202028b06ccf2ae8b378 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Wed, 22 Jun 2016 12:50:51 +0000 Subject: [PATCH 1501/2538] Removing some url links that can be resolved using src markdown links Signed-off-by: Sven Dowideit --- docs/extend/plugins_authorization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 07840b144d..16e453f86e 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -51,7 +51,7 @@ respectively. ## Default user authorization mechanism -If TLS is enabled in the [Docker daemon](https://docs.docker.com/engine/security/https/), the default user authorization flow extracts the user details from the certificate subject name. +If TLS is enabled in the [Docker daemon](../security/https.md), the default user authorization flow extracts the user details from the certificate subject name. That is, the `User` field is set to the client certificate subject common name, and the `AuthenticationMethod` field is set to `TLS`. ## Basic architecture From beb09f42d6bfe92614a5d8074b44f25e713bec35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Serhat=20G=C3=BCl=C3=A7i=C3=A7ek?= Date: Mon, 20 Jun 2016 12:35:26 +0200 Subject: [PATCH 1502/2538] Fix error for env variables example in docker reference - 2 The reason why the issue occurs is because sh parses the first argument after -c as the whole script to execute. Everything after isn't executed as one might expect. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When working on the 'fix' I found out the same fix is also done in commit 2af7c5cfe24b4c8e931f751979b5e69e20ba77e2, except only for one occurrence. Signed-off-by: Serhat Gülçiçek --- docs/reference/builder.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index f26143e777..4c7e059c83 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -606,7 +606,7 @@ instruction as well. > This means that normal shell processing does not happen. For example, > `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. > If you want shell processing then either use the *shell* form or execute -> a shell directly, for example: `CMD [ "sh", "-c", "echo", "$HOME" ]`. +> a shell directly, for example: `CMD [ "sh", "-c", "echo $HOME" ]`. When used in the shell or exec formats, the `CMD` instruction sets the command to be executed when running the image. @@ -1074,7 +1074,7 @@ sys 0m 0.03s > This means that normal shell processing does not happen. For example, > `ENTRYPOINT [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. > If you want shell processing then either use the *shell* form or execute -> a shell directly, for example: `ENTRYPOINT [ "sh", "-c", "echo", "$HOME" ]`. +> a shell directly, for example: `ENTRYPOINT [ "sh", "-c", "echo $HOME" ]`. > Variables that are defined in the `Dockerfile`using `ENV`, will be substituted by > the `Dockerfile` parser. From e483efc219b1fabba8b20feeeb2320ccc64f2ab4 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 23 Jun 2016 01:57:00 +0000 Subject: [PATCH 1503/2538] update go-md2man to v1.0.5 Due to the issue of go-md2man, a numbered list in `man docker login` was not rendered correctly. https://github.com/cpuguy83/go-md2man/commit/a8f937e11314ca0b085aa7a7a5526695e3ca5b49 Signed-off-by: Akihiro Suda --- man/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/Dockerfile b/man/Dockerfile index af2319524b..f04cd56ad2 100644 --- a/man/Dockerfile +++ b/man/Dockerfile @@ -1,7 +1,7 @@ -FROM golang:1.4 +FROM golang:1.6.2 RUN mkdir -p /go/src/github.com/cpuguy83 RUN mkdir -p /go/src/github.com/cpuguy83 \ - && git clone -b v1.0.3 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ + && git clone -b v1.0.5 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ && cd /go/src/github.com/cpuguy83/go-md2man \ && go get -v ./... CMD ["/go/bin/go-md2man", "--help"] From e5d2d7c31089660ebedc780de817bcbb6b356ade Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sat, 25 Jun 2016 19:08:03 +0200 Subject: [PATCH 1504/2538] Update experimental docs dsb -> dab Fixing bundle extension in experimental documentation. Signed-off-by: Vincent Demeester --- experimental/docker-stacks-and-bundles.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 8c507cdecb..095cea449e 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -29,7 +29,7 @@ WARNING: Unsupported key 'network_mode' in services.nsqd - ignoring WARNING: Unsupported key 'links' in services.nsqd - ignoring WARNING: Unsupported key 'volumes' in services.nsqd - ignoring [...] -Wrote bundle to vossibility-stack.dsb +Wrote bundle to vossibility-stack.dab ``` ## Creating a stack from a bundle @@ -44,7 +44,7 @@ Usage: docker deploy [OPTIONS] STACK Create and update a stack Options: - -f, --bundle string Path to a bundle (Default: STACK.dsb) + -f, --bundle string Path to a bundle (Default: STACK.dab) --help Print usage ``` @@ -52,7 +52,7 @@ Let's deploy the stack created before: ```bash # docker deploy vossibility-stack -Loading bundle from vossibility-stack.dsb +Loading bundle from vossibility-stack.dab Creating service vossibility-stack_elasticsearch Creating service vossibility-stack_kibana Creating service vossibility-stack_logstash From a9fcf23fb9e7d344142ed6ac31b77d33dcd31c19 Mon Sep 17 00:00:00 2001 From: allencloud Date: Mon, 27 Jun 2016 18:26:58 +0800 Subject: [PATCH 1505/2538] uppercase output in node inspect to keep consistency Signed-off-by: allencloud --- docs/reference/commandline/node_inspect.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index c48479d80f..6340dbabb9 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -103,7 +103,7 @@ Example output: Availability: Active Manager Status: Address: 172.17.0.2:2377 - Raft status: Reachable + Raft Status: Reachable Leader: Yes Platform: Operating System: linux From 29be1f50a8af20f8a8935b4c84e9550da9f826cd Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 22 Jun 2016 19:37:05 +0200 Subject: [PATCH 1506/2538] bash completion enhancements for `docker {swarm,node,service}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 114 +++++++++++++++++++-------------- 1 file changed, 66 insertions(+), 48 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 71bcee8f33..272ee41701 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1555,47 +1555,7 @@ _docker_service() { } _docker_service_create() { - local options_with_args=" - --constraint - --endpoint-mode - --env -e - --label -l - --limit-cpu - --limit-memory - --mode - --mount -m - --name - --network - --publish -p - --replicas - --reserve-cpu - --reserve-memory - --restart-condition - --restart-delay - --restart-max-attempts - --restart-window - --stop-grace-period - --update-delay - --update-parallelism - --user -u - --workdir -w - " - - local boolean_options=" - --help - " - - case "$prev" in - $(__docker_to_extglob "$options_with_args") ) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) - ;; - esac + _docker_service_update } _docker_service_inspect() { @@ -1675,13 +1635,12 @@ _docker_service_tasks() { } _docker_service_update() { + local $subcommand="${words[$subcommand_pos]}" + local options_with_args=" - --arg - --command --constraint --endpoint-mode --env -e - --image --label -l --limit-cpu --limit-memory @@ -1708,7 +1667,47 @@ _docker_service_update() { --help " + if [ "$subcommand" = "update" ] ; then + options_with_args="$options_with_args + --arg + --command + --image + " + + case "$prev" in + --image) + __docker_complete_image_repos_and_tags + return + ;; + esac + fi + case "$prev" in + --endpoint-mode) + COMPREPLY=( $( compgen -W "DNSRR VIP" -- "$cur" ) ) + return + ;; + --env|-e) + COMPREPLY=( $( compgen -e -S = -- "$cur" ) ) + __docker_nospace + return + ;; + --mode) + COMPREPLY=( $( compgen -W "global replicated" -- "$cur" ) ) + return + ;; + --network) + __docker_complete_networks + return + ;; + --restart-condition) + COMPREPLY=( $( compgen -W "any none on_failure" -- "$cur" ) ) + return + ;; + --user|-u) + __docker_complete_user_group + return + ;; $(__docker_to_extglob "$options_with_args") ) return ;; @@ -1719,7 +1718,9 @@ _docker_service_update() { COMPREPLY=( $( compgen -W "$boolean_options $options_with_args" -- "$cur" ) ) ;; *) - __docker_complete_services + if [ "$subcommand" = "update" ] ; then + __docker_complete_services + fi esac } @@ -1745,7 +1746,11 @@ _docker_swarm() { _docker_swarm_init() { case "$prev" in - --auto-accept|--listen-addr|--secret) + --auto-accept) + COMPREPLY=( $( compgen -W "manager none worker" -- "$cur" ) ) + return + ;; + --listen-addr|--secret) return ;; esac @@ -1795,7 +1800,11 @@ _docker_swarm_leave() { _docker_swarm_update() { case "$prev" in - --auto-accept|--cert-expiry|--dispatcher-heartbeat|--secret|--task-history-limit) + --auto-accept) + COMPREPLY=( $( compgen -W "manager none worker" -- "$cur" ) ) + return + ;; + --cert-expiry|--dispatcher-heartbeat|--secret|--task-history-limit) return ;; esac @@ -1926,7 +1935,16 @@ _docker_node_tasks() { _docker_node_update() { case "$prev" in - --availability|--membership|--role) + --availability) + COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) ) + return + ;; + --membership) + COMPREPLY=( $( compgen -W "accepted rejected" -- "$cur" ) ) + return + ;; + --role) + COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) ) return ;; esac From 5f58bbfff384a62ade850e4b282c5f65b914cabf Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 25 May 2016 16:44:58 +0200 Subject: [PATCH 1507/2538] deprecate '-h' shorthand and remove '-help' This deprecates the shorthand '-h', because we don't mention it as an option, and it conflicts with the 'docker create -h/--hostname' option, so cannot be used for all commands consistently. This also removes the (single-dash) '-help' option. The single-dash variant was marked "deprecated" in version 1.5.0 (basically, since it was added in a2b529ead21e6ab9eafcb1b1d2437c725c43a06a), but still kept around to prevent '-help' being treated as '-h -e -l -p', causing confusing warnings. Signed-off-by: Sebastiaan van Stijn --- docs/deprecated.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index 6f575639be..fdfb4e86c0 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -21,6 +21,17 @@ The following list of features are deprecated in Engine. The `docker import` command format 'file|URL|- [REPOSITORY [TAG]]' is deprecated since November 2013. It's no more supported. +### `-h` shorthand for `--help` + +**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +**Target For Removal In Release: [v1.14.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +The shorthand (`-h`) is less common than `--help` on Linux and cannot be used +on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on +`docker create`). For this reason, the `-h` shorthand was not printed in the +"usage" output of subcommands, nor docummented, and is now marked "deprecated". + ### `-e` and `--email` flags on `docker login` **Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** @@ -149,6 +160,16 @@ The following double-dash options are deprecated and have no replacement: docker ps --before-id docker search --trusted +**Deprecated In Release: [v1.5.0](https://github.com/docker/docker/releases/tag/v1.5.0)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +The single-dash (`-help`) was removed, in favor of the double-dash `--help` + + docker -help + docker [COMMAND] -help + + ### Interacting with V1 registries Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 registries. Though disabled by default, this signals the intent to deprecate the v1 protocol. From 77d6b3721eef6f500850049fd9bfff4cee52d401 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 29 Jun 2016 07:16:31 -0700 Subject: [PATCH 1508/2538] add documentation for desired_state filter Signed-off-by: Harald Albers --- docs/reference/commandline/node_ls.md | 1 - docs/reference/commandline/node_tasks.md | 17 +++++++++++------ docs/reference/commandline/service_tasks.md | 6 ++++++ 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 6e1c972004..5b70bed6ec 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -44,7 +44,6 @@ The currently supported filters are: * name * id * label -* desired_state ### name diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_tasks.md index c9f40d9e21..3664db3e1f 100644 --- a/docs/reference/commandline/node_tasks.md +++ b/docs/reference/commandline/node_tasks.md @@ -41,12 +41,12 @@ than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "b The currently supported filters are: -* name -* id -* label -* desired_state +* [name](#name) +* [id](#id) +* [label](#label) +* [desired_state](#desired_state) -### name +#### name The `name` filter matches on all or part of a task's name. @@ -61,7 +61,7 @@ The following filter matches all tasks with a name containing the `redis` string 0tgctg8h8cech4w0k0gwrmr23 redis.10 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 -### id +#### id The `id` filter matches a task's id. @@ -85,6 +85,11 @@ bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 9 minutes Ru ``` +#### desired_state + +The `desired_state` filter can take the values `running` and `accepted`. + + ## Related information * [node inspect](node_inspect.md) diff --git a/docs/reference/commandline/service_tasks.md b/docs/reference/commandline/service_tasks.md index 5bcb101bcf..aa1d11a1ca 100644 --- a/docs/reference/commandline/service_tasks.md +++ b/docs/reference/commandline/service_tasks.md @@ -60,6 +60,7 @@ The currently supported filters are: * [id](#id) * [name](#name) +* [desired_state](#desired_state) #### ID @@ -84,6 +85,11 @@ ID NAME SERVICE IMAGE DESIRED STATE LAST S ``` +#### desired_state + +The `desired_state` filter can take the values `running` and `accepted`. + + ## Related information * [service create](service_create.md) From a03b5522fea29e0b486b378d23d10eb9d9a0f4f9 Mon Sep 17 00:00:00 2001 From: allencloud Date: Thu, 30 Jun 2016 20:13:28 +0800 Subject: [PATCH 1509/2538] make cmd short short consistency and change docs Signed-off-by: allencloud --- contrib/completion/zsh/_docker | 4 ++-- docs/reference/commandline/network_connect.md | 2 +- docs/reference/commandline/node_inspect.md | 2 +- docs/reference/commandline/service_inspect.md | 2 +- docs/reference/commandline/volume_inspect.md | 2 +- man/docker-volume.1.md | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a198fe296e..beec0594fc 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -538,7 +538,7 @@ __docker_networks_names() { __docker_network_commands() { local -a _docker_network_subcommands _docker_network_subcommands=( - "connect:Connects a container to a network" + "connect:Connect a container to a network" "create:Creates a new network with a name specified by the user" "disconnect:Disconnects a container from a network" "inspect:Displays detailed information on a network" @@ -694,7 +694,7 @@ __docker_volume_commands() { local -a _docker_volume_subcommands _docker_volume_subcommands=( "create:Create a volume" - "inspect:Return low-level information on a volume" + "inspect:Display detailed information on one or more volumes" "ls:List volumes" "rm:Remove a volume" ) diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index ae29c44bb3..c6a33ed15e 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -12,7 +12,7 @@ parent = "smn_cli" Usage: docker network connect [OPTIONS] NETWORK CONTAINER - Connects a container to a network + Connect a container to a network --alias=[] Add network-scoped alias for the container --help Print usage diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 6340dbabb9..b33a32139c 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -13,7 +13,7 @@ parent = "smn_cli" Usage: docker node inspect [OPTIONS] self|NODE [NODE...] - Return low-level information on a volume + Display detailed information on one or more nodes -f, --format= Format the output using the given go template. --help Print usage diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 02b399f950..73fe6b83fb 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -14,7 +14,7 @@ parent = "smn_cli" ```Markdown Usage: docker service inspect [OPTIONS] SERVICE [SERVICE...] -Inspect a service +Display detailed information on one or more services Options: -f, --format string Format the output using the given go template diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index c19d60fe48..d8b7702360 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -12,7 +12,7 @@ parent = "smn_cli" Usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...] - Return low-level information on a volume + Display detailed information on one or more volumes -f, --format= Format the output using the given go template. --help Print usage diff --git a/man/docker-volume.1.md b/man/docker-volume.1.md index c4569bf01a..1e7044484a 100644 --- a/man/docker-volume.1.md +++ b/man/docker-volume.1.md @@ -47,7 +47,7 @@ referenced by a container. See **docker-volume-create(1)** for full documentation on the **create** command. **inspect** - Return low-level information on a volume + Display detailed information on one or more volumes See **docker-volume-inspect(1)** for full documentation on the **inspect** command. **ls** From 2b0ee276cac0600188633cca81d797b868b6c105 Mon Sep 17 00:00:00 2001 From: Keith Hudgins Date: Thu, 30 Jun 2016 14:07:03 -0400 Subject: [PATCH 1510/2538] Added HPE volume plugin listing Signed-off-by: Keith Hudgins --- docs/extend/plugins.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 477163fa51..8d5616f2cb 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -58,6 +58,7 @@ Plugin [gce-docker plugin](https://github.com/mcuadros/gce-docker) | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks). [GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs) | A volume plugin that provides multi-host volumes management for Docker using GlusterFS. [Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3. +[HPE 3Par Volume Plugin](https://github.com/hpe-storage/python-hpedockerplugin/) | A volume plugin that supports HPE 3Par and StoreVirtual iSCSI storage arrays. [IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs) | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume. [Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) | A plugin that provides credentials and secret management using Keywhiz as a central repository. [Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. @@ -67,7 +68,7 @@ Plugin [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. [REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. [Virtuozzo Storage and Ploop plugin](https://github.com/virtuozzo/docker-volume-ploop) | A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices. -[VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere) | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments. +[VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere) | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments. ### Authorization plugins From a450d9a4748e659cec8ff19a2308cd30f5d64c83 Mon Sep 17 00:00:00 2001 From: Wen Cheng Ma Date: Thu, 30 Jun 2016 17:22:42 +0800 Subject: [PATCH 1511/2538] Fix docker stack link Signed-off-by: Wen Cheng Ma --- experimental/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/README.md b/experimental/README.md index 1098dd0793..3253cb5c41 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -73,7 +73,7 @@ to build a Docker binary with the experimental features enabled: * [External graphdriver plugins](plugins_graphdriver.md) * [Macvlan and Ipvlan Network Drivers](vlan-networks.md) - * [Docker stacks](docker-stacks.md) + * [Docker Stacks and Distributed Application Bundles](docker-stacks-and-bundles.md) ## How to comment on an experimental feature From 4721039d71e786c55a686860c5ccce9865379ef4 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 30 Jun 2016 16:07:25 -0700 Subject: [PATCH 1512/2538] Add documentation for external CA features in API/CLI Signed-off-by: Aaron Lehmann --- docs/reference/commandline/swarm_init.md | 10 +++++++++- docs/reference/commandline/swarm_update.md | 1 + 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 35b77e4e2b..e8b752bd64 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -17,6 +17,7 @@ parent = "smn_cli" Options: --auto-accept value Acceptance policy (default [worker,manager]) + --external-ca value Specifications of one or more certificate signing endpoints --force-new-cluster Force create a new cluster from current state. --help Print usage --listen-addr value Listen address (default 0.0.0.0:2377) @@ -34,7 +35,7 @@ ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER 1ujecd0j9n3ro9i6628smdmth * manager1 Accepted Ready Active Reachable Yes ``` -### --auto-accept value +### `--auto-accept value` This flag controls node acceptance into the cluster. By default, both `worker` and `manager` nodes are auto accepted by the cluster. This can be changed by specifing what kinds of nodes @@ -49,6 +50,13 @@ $ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker Swarm initialized: current node (1m8cdsylxbf3lk8qriqt07hx1) is now a manager. ``` +### `--external-ca value` + +This flag sets up the swarm to use an external CA to issue node certificates. The value takes +the form `protocol=X,url=Y`. The value for `protocol` specifies what protocol should be used +to send signing requests to the external CA. Currently, the only supported value is `cfssl`. +The URL specifies the endpoint where signing requests should be submitted. + ### `--force-new-cluster` This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 6d77bd7234..7bbd270364 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -17,6 +17,7 @@ parent = "smn_cli" Options: --auto-accept value Auto acceptance policy (worker, manager or none) + --external-ca value Specifications of one or more certificate signing endpoints --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --help Print usage --secret string Set secret value needed to accept nodes into cluster From f68b707d60262f4f8e8d44d1cc73f72169401d4c Mon Sep 17 00:00:00 2001 From: Nicola Kabar Date: Wed, 29 Jun 2016 18:11:41 -0700 Subject: [PATCH 1513/2538] [Docs] clarified local volume driver docs Signed-off-by: Nico --- docs/reference/commandline/volume_create.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 3e69b79864..e1f642fbf7 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -54,17 +54,24 @@ different volume drivers may do different things (or nothing at all). The built-in `local` driver on Windows does not support any options. -The built-in `local` driver on Linux accepts options similar to the linux `mount` -command: +The built-in `local` driver on Linux accepts options similar to the linux `mount` command. You can provide multiple options by passing the `--opt` flag multiple times. Some `mount` options (such as the `o` option) can take a comma-separated list of options. Complete list of available mount options can be found [here](http://man7.org/linux/man-pages/man8/mount.8.html). + +For example, the following creates a `tmpfs` volume called `foo` with a size of 100 megabyte and `uid` of 1000. ```bash -$ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 +$ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 --name foo ``` -Another example: +Another example that uses `btrfs`: ```bash -$ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 +$ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 --name foo +``` + +Another example that uses `nfs` to mount the `/path/to/dir` in `rw` mode from `192.168.1.1`: + +```bash +$ docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.1,rw --opt device=:/path/to/dir --name foo ``` From b9505045d979b51297f42954061d5b7046cb2cf5 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 29 Jun 2016 09:20:32 -0700 Subject: [PATCH 1514/2538] rename desired_state filter to desired-state For consistency with other filters (such as "is-official"), this renames the desired_state filter to "desired-state". Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/node_tasks.md | 6 +++--- docs/reference/commandline/service_tasks.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_tasks.md index 3664db3e1f..bbfaeca6ea 100644 --- a/docs/reference/commandline/node_tasks.md +++ b/docs/reference/commandline/node_tasks.md @@ -44,7 +44,7 @@ The currently supported filters are: * [name](#name) * [id](#id) * [label](#label) -* [desired_state](#desired_state) +* [desired-state](#desired-state) #### name @@ -85,9 +85,9 @@ bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 9 minutes Ru ``` -#### desired_state +#### desired-state -The `desired_state` filter can take the values `running` and `accepted`. +The `desired-state` filter can take the values `running` and `accepted`. ## Related information diff --git a/docs/reference/commandline/service_tasks.md b/docs/reference/commandline/service_tasks.md index aa1d11a1ca..454a0edf63 100644 --- a/docs/reference/commandline/service_tasks.md +++ b/docs/reference/commandline/service_tasks.md @@ -60,7 +60,7 @@ The currently supported filters are: * [id](#id) * [name](#name) -* [desired_state](#desired_state) +* [desired-state](#desired-state) #### ID @@ -85,9 +85,9 @@ ID NAME SERVICE IMAGE DESIRED STATE LAST S ``` -#### desired_state +#### desired-state -The `desired_state` filter can take the values `running` and `accepted`. +The `desired-state` filter can take the values `running` and `accepted`. ## Related information From a3b4cd7d998d442690556b1c532b931eee065641 Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Tue, 28 Jun 2016 11:53:39 -0700 Subject: [PATCH 1515/2538] add menu.md, make index.md command line reference, update typos/minor errors in cli docs Signed-off-by: Charles Smith --- docs/reference/commandline/index.md | 176 ++++++++++++--------- docs/reference/commandline/menu.md | 26 +++ docs/reference/commandline/network_ls.md | 14 +- docs/reference/commandline/node_demote.md | 2 +- docs/reference/commandline/node_inspect.md | 1 + docs/reference/commandline/swarm_update.md | 2 +- 6 files changed, 137 insertions(+), 84 deletions(-) create mode 100644 docs/reference/commandline/menu.md diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 3643cdb810..75acb1c7fa 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -1,11 +1,11 @@ @@ -14,103 +14,129 @@ weight=-70 # The Docker commands -This section contains reference information on using Docker's command line client. Each command has a reference page along with samples. If you are unfamiliar with the command line, you should start by reading about how to [Use the Docker command line](cli.md). +This section contains reference information on using Docker's command line +client. Each command has a reference page along with samples. If you are +unfamiliar with the command line, you should start by reading about how to [Use +the Docker command line](cli.md). -You start the Docker daemon with the command line. How you start the daemon affects your Docker containers. For that reason you should also make sure to read the [`dockerd`](dockerd.md) reference page. +You start the Docker daemon with the command line. How you start the daemon +affects your Docker containers. For that reason you should also make sure to +read the [`dockerd`](dockerd.md) reference page. ### Docker management commands -* [dockerd](dockerd.md) -* [info](info.md) -* [inspect](inspect.md) -* [version](version.md) +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [dockerd](dockerd.md) | Launch the Docker daemon | +| [info](info.md) | Display system-wide information | +| [inspect](inspect.md)| Return low-level information on a container or image | +| [version](version.md) | Show the Docker version information | + ### Image commands -* [build](build.md) -* [commit](commit.md) -* [export](export.md) -* [history](history.md) -* [images](images.md) -* [import](import.md) -* [load](load.md) -* [rmi](rmi.md) -* [save](save.md) -* [tag](tag.md) +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [build](build.md) | Build an image from a Dockerfile | +| [commit](commit.md) | Create a new image from a container's changes | +| [export](export.md) | Export a container's filesystem as a tar archive | +| [history](history.md) | Show the history of an image | +| [images](images.md) | List images | +| [import](import.md) | Import the contents from a tarball to create a filesystem image | +| [load](load.md) | Load an image from a tar archive or STDIN | +| [rmi](rmi.md) | Remove one or more images | +| [save](save.md) | Save images to a tar archive | +| [tag](tag.md) | Tag an image into a repository | ### Container commands -* [attach](attach.md) -* [cp](cp.md) -* [create](create.md) -* [diff](diff.md) -* [events](events.md) -* [exec](exec.md) -* [kill](kill.md) -* [logs](logs.md) -* [pause](pause.md) -* [port](port.md) -* [ps](ps.md) -* [rename](rename.md) -* [restart](restart.md) -* [rm](rm.md) -* [run](run.md) -* [start](start.md) -* [stats](stats.md) -* [stop](stop.md) -* [top](top.md) -* [unpause](unpause.md) -* [update](update.md) -* [wait](wait.md) +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [attach](attach.md) | Attach to a running container | +| [cp](cp.md) | Copy files/folders from a container to a HOSTDIR or to STDOUT | +| [create](create.md) | Create a new container | +| [diff](diff.md) | Inspect changes on a container's filesystem | +| [events](events.md) | Get real time events from the server | +| [exec](exec.md) | Run a command in a running container | +| [kill](kill.md) | Kill a running container | +| [logs](logs.md) | Fetch the logs of a container | +| [pause](pause.md) | Pause all processes within a container | +| [port](port.md) | List port mappings or a specific mapping for the container | +| [ps](ps.md) | List containers | +| [rename](rename.md) | Rename a container | +| [restart](restart.md) | Restart a running container | +| [rm](rm.md) | Remove one or more containers | +| [run](run.md) | Run a command in a new container | +| [start](start.md) | Start one or more stopped containers | +| [stats](stats.md) | Display a live stream of container(s) resource usage statistics | +| [stop](stop.md) | Stop a running container | +| [top](top.md) | Display the running processes of a container | +| [unpause](unpause.md) | Unpause all processes within a container | +| [update](update.md) | Update configuration of one or more containers | +| [wait](wait.md) | Block until a container stops, then print its exit code | ### Hub and registry commands -* [login](login.md) -* [logout](logout.md) -* [pull](pull.md) -* [push](push.md) -* [search](search.md) +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [login](login.md) | Register or log in to a Docker registry | +| [logout](logout.md) | Log out from a Docker registry | +| [pull](pull.md) | Pull an image or a repository from a Docker registry | +| [push](push.md) | Push an image or a repository to a Docker registry | +| [search](search.md) | Search the Docker Hub for images | ### Network and connectivity commands -* [network_connect](network_connect.md) -* [network_create](network_create.md) -* [network_disconnect](network_disconnect.md) -* [network_inspect](network_inspect.md) -* [network_ls](network_ls.md) -* [network_rm](network_rm.md) +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [network connect](network_connect.md) | Connect a container to a network | +| [network create](network_create.md) | Create a new network | +| [network disconnect](network_disconnect.md) | Disconnect a container from a network | +| [network inspect](network_inspect.md) | Display information about a network | +| [network ls](network_ls.md) | Lists all the networks the Engine `daemon` knows about | +| [network rm](network_rm.md) | Removes one or more networks | + ### Shared data volume commands -* [volume_create](volume_create.md) -* [volume_inspect](volume_inspect.md) -* [volume_ls](volume_ls.md) -* [volume_rm](volume_rm.md) +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [volume create](volume_create.md) | Creates a new volume where containers can consume and store data | +| [volume inspect](volume_inspect.md) | Display information about a volume | +| [volume ls](volume_ls.md) | Lists all the volumes Docker knows about | +| [volume rm](volume_rm.md) | Remove one or more volumes | + ### Swarm node commands -* [node_accept](node_accept.md) -* [node_promote](node_promote.md) -* [node_demote](node_demote.md) -* [node_inspect](node_inspect.md) -* [node_update](node_update.md) -* [node_tasks](node_tasks.md) -* [node_ls](node_ls.md) -* [node_rm](node_rm.md) +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [node accept](node_accept.md) | Accept a node into the swarm | +| [node promote](node_promote.md) | Promote a node that is pending a promotion to manager | +| [node demote](node_demote.md) | Demotes an existing manager so that it is no longer a manager | +| [node inspect](node_inspect.md) | Inspect a node in the swarm | +| [node update](node_update.md) | Update attributes for a node | +| [node tasks](node_tasks.md) | List tasks running on a node | +| [node ls](node_ls.md) | List nodes in the swarm | +| [node rm](node_rm.md) | Remove a node from the swarm | ### Swarm swarm commands -* [swarm init](swarm_init.md) -* [swarm join](swarm_join.md) -* [swarm leave](swarm_leave.md) -* [swarm update](swarm_update.md) +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [swarm init](swarm_init.md) | Initialize a Swarm | +| [swarm join](swarm_join.md) | Join a Swarm as a manager node or worker node | +| [swarm leave](swarm_leave.md) | Remove the current node from the swarm | +| [swarm update](swarm_update.md) | Update attributes of a swarm | ### Swarm service commands -* [service create](service_create.md) -* [service inspect](service_inspect.md) -* [service ls](service_ls.md) -* [service rm](service_rm.md) -* [service scale](service_scale.md) -* [service tasks](service_tasks.md) -* [service update](service_update.md) +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [service create](service_create.md) | Create a new service | +| [service inspect](service_inspect.md) | Inspect a service | +| [service ls](service_ls.md) | List services in the swarm | +| [service rm](service_rm.md) | Reemove a swervice from the swarm | +| [service scale](service_scale.md) | Set the number of replicas for the desired state of the service | +| [service tasks](service_tasks.md) | List the tasks of a service | +| [service update](service_update.md) | Update the attributes of a service | diff --git a/docs/reference/commandline/menu.md b/docs/reference/commandline/menu.md new file mode 100644 index 0000000000..9ade86d26a --- /dev/null +++ b/docs/reference/commandline/menu.md @@ -0,0 +1,26 @@ + + + + +# The Docker commands + +This section contains reference information on using Docker's command line +client. Each command has a reference page along with samples. If you are +unfamiliar with the command line, you should start by reading about how to +[Use the Docker command line](cli.md). + +You start the Docker daemon with the command line. How you start the daemon +affects your Docker containers. For that reason you should also make sure to +read the [`dockerd`](dockerd.md) reference page. + +For a list of Docker commands see [Command line reference guide](index.md). diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 6542b12ca7..181db08c44 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -12,7 +12,7 @@ parent = "smn_cli" Usage: docker network ls [OPTIONS] - Lists all the networks created by the user + List networks -f, --filter=[] Filter output based on conditions provided --help Print usage --no-trunc Do not truncate the output @@ -35,10 +35,10 @@ Use the `--no-trunc` option to display the full network id: ```bash docker network ls --no-trunc NETWORK ID NAME DRIVER -18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null -c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host -7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge -95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge +18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null +c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host +7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge +95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge 63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 dev bridge ``` @@ -46,7 +46,7 @@ c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). -Multiple filter flags are combined as an `OR` filter. For example, +Multiple filter flags are combined as an `OR` filter. For example, `-f type=custom -f type=builtin` returns both `custom` and `builtin` networks. The currently supported filters are: @@ -105,7 +105,7 @@ The following filter matches networks with the `usage` label regardless of its v ```bash $ docker network ls -f "label=usage" NETWORK ID NAME DRIVER -db9db329f835 test1 bridge +db9db329f835 test1 bridge f6e212da9dfd test2 bridge ``` diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index 97c779c71e..bf16b9c63b 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -14,7 +14,7 @@ parent = "smn_cli" Demote a node as manager in the swarm -Demotes an existing Manager so that it is no longer a manager. This command targets a docker engine that is a manager in the swarm cluster. +Demotes an existing manager so that it is no longer a manager. This command targets a docker engine that is a manager in the swarm cluster. ```bash diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index b33a32139c..cb9b864ee6 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -15,6 +15,7 @@ parent = "smn_cli" Display detailed information on one or more nodes + -f, --format= Format the output using the given go template. --help Print usage -p, --pretty Print the information in a human friendly format. diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 7bbd270364..4a48e00b67 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -13,7 +13,7 @@ parent = "smn_cli" Usage: docker swarm update [OPTIONS] - update the Swarm. + Update the Swarm. Options: --auto-accept value Auto acceptance policy (worker, manager or none) From ca0240f9c213d1b0f001b5563de97a6b478fc332 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Fri, 1 Jul 2016 16:52:33 -0700 Subject: [PATCH 1516/2538] Fix --auto-accept documentation The --auto-accept documentation currently says that both worker and manager nodes are automatically accepted by default. Correct it. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/swarm_init.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index e8b752bd64..76456a7936 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -37,8 +37,8 @@ ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER ### `--auto-accept value` -This flag controls node acceptance into the cluster. By default, both `worker` and `manager` -nodes are auto accepted by the cluster. This can be changed by specifing what kinds of nodes +This flag controls node acceptance into the cluster. By default, `worker` nodes are +automatically accepted by the cluster. This can be changed by specifing what kinds of nodes can be auto-accepted into the cluster. If auto-accept is not turned on, then [node accept](node_accept.md) can be used to explicitly accept a node into the cluster. From bd67dfdd33790cc81986d2a764d0e88d1ec3eca3 Mon Sep 17 00:00:00 2001 From: Alan Thompson Date: Fri, 1 Jul 2016 16:11:01 -0700 Subject: [PATCH 1517/2538] Update network_create.md minor typos and punctuation. Signed-off-by: Alan Thompson --- docs/reference/commandline/network_create.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 4d5e17bda6..5737496745 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -38,8 +38,8 @@ network driver you can specify that `DRIVER` here also. If you don't specify the `--driver` option, the command automatically creates a `bridge` network for you. When you install Docker Engine it creates a `bridge` network automatically. This network corresponds to the `docker0` bridge that Engine has traditionally relied -on. When launch a new container with `docker run` it automatically connects to -this bridge network. You cannot remove this default bridge network but you can +on. When you launch a new container with `docker run` it automatically connects to +this bridge network. You cannot remove this default bridge network, but you can create new ones using the `network create` command. ```bash @@ -48,7 +48,7 @@ $ docker network create -d bridge my-bridge-network Bridge networks are isolated networks on a single Engine installation. If you want to create a network that spans multiple Docker hosts each running an -Engine, you must create an `overlay` network. Unlike `bridge` networks overlay +Engine, you must create an `overlay` network. Unlike `bridge` networks, overlay networks require some pre-existing conditions before you can create one. These conditions are: @@ -65,9 +65,9 @@ The `dockerd` options that support the `overlay` network are: To read more about these options and how to configure them, see ["*Get started with multi-host network*"](../../userguide/networking/get-started-overlay.md). -It is also a good idea, though not required, that you install Docker Swarm on to +While not required, it is a good idea to install Docker Swarm to manage the cluster that makes up your network. Swarm provides sophisticated -discovery and server management that can assist your implementation. +discovery and server management tools that can assist your implementation. Once you have prepared the `overlay` network prerequisites you simply choose a Docker host in the cluster and issue the following to create the network: @@ -82,15 +82,15 @@ name conflicts. ## Connect containers -When you start a container use the `--net` flag to connect it to a network. -This adds the `busybox` container to the `mynet` network. +When you start a container, use the `--net` flag to connect it to a network. +This example adds the `busybox` container to the `mynet` network: ```bash $ docker run -itd --net=mynet busybox ``` If you want to add a container to a network after the container is already -running use the `docker network connect` subcommand. +running, use the `docker network connect` subcommand. You can connect multiple containers to the same network. Once connected, the containers can communicate using only another container's IP address or name. From b4a798e9836d306eeb171d931466b07cfce0633c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 1 Jul 2016 17:08:59 -0700 Subject: [PATCH 1518/2538] fix typo in "readonly" flag in documentation the flag is named '--read-only', not '--readonly' Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 7109e0ee28..9deb06cfec 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -911,7 +911,7 @@ The following standard Docker features are currently incompatible when running a Docker daemon with user namespaces enabled: - sharing PID or NET namespaces with the host (`--pid=host` or `--net=host`) - - A `--readonly` container filesystem (this is a Linux kernel restriction against remounting with modified flags of a currently mounted filesystem when inside a user namespace) + - A `--read-only` container filesystem (this is a Linux kernel restriction against remounting with modified flags of a currently mounted filesystem when inside a user namespace) - external (volume or graph) drivers which are unaware/incapable of using daemon user mappings - Using `--privileged` mode flag on `docker run` (unless also specifying `--userns=host`) From cbfebbb25a41fd520d200ab657f0bb2a7f4685fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adolfo=20Ochagav=C3=ADa?= Date: Sun, 3 Jul 2016 14:59:52 +0200 Subject: [PATCH 1519/2538] Fix typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Adolfo Ochagavía --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index ad009aa872..84ab8890c6 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -179,7 +179,7 @@ flag exists to allow special use-cases, like running Docker within Docker. $ docker run -w /path/to/dir/ -i -t ubuntu pwd The `-w` lets the command being executed inside directory given, here -`/path/to/dir/`. If the path does not exists it is created inside the container. +`/path/to/dir/`. If the path does not exist it is created inside the container. ### Set storage driver options per container From fac7c6734911301f7d3f10d78759880ee6bbaf82 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 2 Jul 2016 16:22:23 +0200 Subject: [PATCH 1520/2538] man: add missing --add-runtime Signed-off-by: Antonio Murdaca --- docs/reference/commandline/dockerd.md | 2 +- man/dockerd.8.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 9deb06cfec..5eb79c4c0b 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -17,6 +17,7 @@ weight = -1 A self-sufficient runtime for linux containers. Options: + --add-runtime=[] Register an additional OCI compatible runtime --api-cors-header="" Set CORS headers in the remote API --authorization-plugin=[] Set authorization plugins to load -b, --bridge="" Attach containers to a network bridge @@ -60,7 +61,6 @@ weight = -1 -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --raw-logs Full timestamps without ANSI coloring --registry-mirror=[] Preferred Docker registry mirror - --add-runtime=[] Register an additional OCI compatible runtime -s, --storage-driver="" Storage driver to use --selinux-enabled Enable selinux support --storage-opt=[] Set storage driver options diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 267592ebbe..fc9226d387 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -6,6 +6,7 @@ dockerd - Enable daemon mode # SYNOPSIS **dockerd** +[**--add-runtime**[=*[]*]] [**--api-cors-header**=[=*API-CORS-HEADER*]] [**--authorization-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] @@ -75,6 +76,9 @@ format. # OPTIONS +**--add-runtime**=[] + Set additional OCI compatible runtime. + **--api-cors-header**="" Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. From ec37a0b19255a293881b33b264b66e59897fc8b6 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 3 Jul 2016 10:36:34 -0700 Subject: [PATCH 1521/2538] Add bash completion for `docker ps --last` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 272ee41701..7c8f6db1b3 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2036,14 +2036,14 @@ _docker_ps() { __docker_nospace return ;; - --format|-n) + --format|--last|-n) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --format --help --latest -l -n --no-trunc --quiet -q --size -s" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --format --help --last -n --latest -l --no-trunc --quiet -q --size -s" -- "$cur" ) ) ;; esac } From 0f61955bdbf164362679f2fd068ab7ed83ac49c3 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 3 Jul 2016 20:38:54 +0200 Subject: [PATCH 1522/2538] Add zsh completion for 'docker ps --last' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index beec0594fc..322002bb7f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1181,7 +1181,7 @@ __docker_subcommand() { "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \ "($help)--format[Pretty-print containers using a Go template]:format: " \ "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ - "($help)-n[Show n last created containers, include non-running one]:n:(1 5 10 25 50)" \ + "($help -n --last)"{-n=,--last=}"[Show n last created containers (includes all states)]:n:(1 5 10 25 50)" \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -s --size)"{-s,--size}"[Display total file sizes]" \ From 8e2c3efc58f9d949328d3d7f4cc0d9a7b8e9b2d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Otto=20Kek=C3=A4l=C3=A4inen?= Date: Sun, 3 Jul 2016 20:58:11 +0300 Subject: [PATCH 1523/2538] Fix spelling in comments, strings and documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Otto Kekäläinen --- docs/reference/builder.md | 4 ++-- docs/reference/commandline/search.md | 2 +- docs/reference/commandline/swarm_init.md | 2 +- experimental/vlan-networks.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 4c7e059c83..8090aa94de 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -502,7 +502,7 @@ default is `/bin/sh -c` on Linux or `cmd /S /C` on Windows) - `RUN ["executable", "param1", "param2"]` (*exec* form) The `RUN` instruction will execute any commands in a new layer on top of the -current image and commit the results. The resulting committed image will be +current image and commit the results. The resulting comitted image will be used for the next step in the `Dockerfile`. Layering `RUN` instructions and generating commits conforms to the core @@ -544,7 +544,7 @@ RUN /bin/bash -c 'source $HOME/.bashrc ; echo $HOME' > > **Note**: > In the *JSON* form, it is necessary to escape backslashes. This is -> particularly relevant on Windows where the backslash is the path seperator. +> particularly relevant on Windows where the backslash is the path separator. > The following line would otherwise be treated as *shell* form due to not > being valid JSON, and fail in an unexpected way: > `RUN ["c:\windows\system32\tasklist.exe"]` diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index fff426d38d..672ff7554a 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -49,7 +49,7 @@ This example displays images with a name containing 'busybox': ofayau/busybox-libc32 Busybox with 32 bits (and 64 bits) libs 1 [OK] peelsky/zulu-openjdk-busybox 1 [OK] skomma/busybox-data Docker image suitable for data volume cont... 1 [OK] - elektritter/busybox-teamspeak Leightweight teamspeak3 container based on... 1 [OK] + elektritter/busybox-teamspeak Lightweight teamspeak3 container based on... 1 [OK] socketplane/busybox 1 [OK] oveits/docker-nginx-busybox This is a tiny NginX docker image based on... 0 [OK] ggtools/busybox-ubuntu Busybox ubuntu version with extra goodies 0 [OK] diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 76456a7936..21378962c2 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -38,7 +38,7 @@ ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER ### `--auto-accept value` This flag controls node acceptance into the cluster. By default, `worker` nodes are -automatically accepted by the cluster. This can be changed by specifing what kinds of nodes +automatically accepted by the cluster. This can be changed by specifying what kinds of nodes can be auto-accepted into the cluster. If auto-accept is not turned on, then [node accept](node_accept.md) can be used to explicitly accept a node into the cluster. diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index 66723b9bde..7704c5758f 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -627,7 +627,7 @@ docker network create -d ipvlan \ # Start a few of containers on the network (ipnet110) -# in seperate terminals and check connectivity +# in separate terminals and check connectivity docker run --net=ipnet110 -it --rm alpine /bin/sh # Start a second container specifying the v6 address docker run --net=ipnet110 --ip6=2001:db8:abc6::10 -it --rm alpine /bin/sh From 825b9a3b338f475226889a41d51d153943d4a0ee Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 2 Jul 2016 21:17:01 +0200 Subject: [PATCH 1524/2538] Add zsh completion for 'docker node' commands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 235 +++++++++++++++++++++++++++++++++ 1 file changed, 235 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 322002bb7f..29525a1147 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -630,6 +630,224 @@ __docker_network_subcommand() { return ret } +# BO node + +__docker_node_complete_ls_filters() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (id) + __docker_complete_nodes_ids && ret=0 + ;; + (membership) + membership_opts=('accepted' 'pending' 'rejected') + _describe -t membership-opts "membership options" membership_opts && ret=0 + ;; + (name) + __docker_complete_nodes_names && ret=0 + ;; + (role) + role_opts=('manager' 'worker') + _describe -t role-opts "role options" role_opts && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + opts=('id' 'label' 'membership' 'name' 'role') + _describe -t filter-opts "filter options" opts -qS "=" && ret=0 + fi + + return ret +} + +__docker_node_complete_tasks_filters() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (desired-state) + state_opts=('accepted' 'running') + _describe -t state-opts "desired state options" state_opts && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + opts=('desired-state' 'id' 'label' 'name') + _describe -t filter-opts "filter options" opts -qS "=" && ret=0 + fi + + return ret +} + +__docker_nodes() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + local line s + declare -a lines nodes args + + type=$1; shift + filter=$1; shift + [[ $filter != "none") ]] && args=("-f $filter") + + lines=(${(f)"$(_call_program commands docker $docker_options node ls $args)"}) + + # Parse header line to find columns + local i=1 j=1 k header=${lines[1]} + declare -A begin end + while (( j < ${#header} - 1 )); do + i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) + j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) + k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) + begin[${header[$i,$((j-1))]}]=$i + end[${header[$i,$((j-1))]}]=$k + done + end[${header[$i,$((j-1))]}]=-1 + lines=(${lines[2,-1]}) + + # Node ID + if [[ $type = (ids|all) ]]; then + for line in $lines; do + s="${line[${begin[ID]},${end[ID]}]%% ##}" + nodes=($nodes $s) + done + fi + + # Names + if [[ $type = (names|all) ]]; then + for line in $lines; do + s="${line[${begin[NAME]},${end[NAME]}]%% ##}" + nodes=($nodes $s) + done + fi + + _describe -t nodes-list "nodes" nodes "$@" && ret=0 + return ret +} + +__docker_complete_nodes() { + [[ $PREFIX = -* ]] && return 1 + __docker_nodes all none "$@" +} + +__docker_complete_nodes_ids() { + [[ $PREFIX = -* ]] && return 1 + __docker_nodes ids none "$@" +} + +__docker_complete_nodes_names() { + [[ $PREFIX = -* ]] && return 1 + __docker_nodes names none "$@" +} + +__docker_complete_pending_nodes() { + [[ $PREFIX = -* ]] && return 1 + __docker_nodes all "membership=pending" "$@" +} + +__docker_complete_manager_nodes() { + [[ $PREFIX = -* ]] && return 1 + __docker_nodes all "role=manager" "$@" +} + +__docker_complete_worker_nodes() { + [[ $PREFIX = -* ]] && return 1 + __docker_nodes all "role=worker" "$@" +} + +__docker_node_commands() { + local -a _docker_node_subcommands + _docker_node_subcommands=( + "accept:Accept a node in the swarm" + "demote:Demote a node as manager in the swarm" + "inspect:Display detailed information on one or more nodes" + "ls:List nodes in the swarm" + "promote:Promote a node as manager in the swarm" + "rm:Remove a node from the swarm" + "tasks:List tasks running on a node" + "update:Update a node" + ) + _describe -t docker-node-commands "docker node command" _docker_node_subcommands +} + +__docker_node_subcommand() { + local -a _command_args opts_help + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + + case "$words[1]" in + (accept|rm|remove) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:node:__docker_complete_pending_nodes" && ret=0 + ;; + (demote) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:node:__docker_complete_manager_nodes" && ret=0 + ;; + (inspect) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ + "($help -p --pretty)"{-p,--pretty}"[Print the information in a human friendly format]" \ + "($help -)*:node:__docker_complete_nodes" && ret=0 + ;; + (ls|list) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 + case $state in + (filter-options) + __docker_node_complete_ls_filters && ret=0 + ;; + esac + ;; + (promote) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:node:__docker_complete_worker_nodes" && ret=0 + ;; + (tasks) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -a --all)"{-a,--all}"[Display all instances]" \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help -n --no-resolve)"{-n,--no-resolve}"[Do not map IDs to Names]" \ + "($help -)1:node:__docker_complete_nodes" && ret=0 + case $state in + (filter-options) + __docker_node_complete_tasks_filters && ret=0 + ;; + esac + ;; + (update) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--availability=[Availability of the node]:availability:(active pause drain)" \ + "($help)--membership=[Membership of the node]:membership:(accepted rejected)" \ + "($help)--role=[Role of the node]:role:(manager worker)" \ + "($help -)1:node:__docker_complete_nodes" && ret=0 + ;; + (help) + _arguments $(__docker_arguments) ":subcommand:__docker_node_commands" && ret=0 + ;; + esac + + return ret +} + +# EO node + __docker_volume_complete_ls_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -1162,6 +1380,23 @@ __docker_subcommand() { ;; esac ;; + (node) + local curcontext="$curcontext" state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_node_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-${words[-1]}: + __docker_node_subcommand && ret=0 + ;; + esac + ;; (pause|unpause) _arguments $(__docker_arguments) \ $opts_help \ From e31b0e691a585df4232549a81f4d88e7f1cbcf61 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 3 Jul 2016 01:09:16 +0200 Subject: [PATCH 1525/2538] Add zsh completion for 'docker swarm' commands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 85 ++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 29525a1147..af3880f302 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -848,6 +848,74 @@ __docker_node_subcommand() { # EO node +# BO swarm + +__docker_swarm_commands() { + local -a _docker_swarm_subcommands + _docker_swarm_subcommands=( + "init:Initialize a Swarm" + "inspect:Inspect the Swarm" + "join:Join a Swarm as a node and/or manager" + "leave:Leave a Swarm" + "update:Update the Swarm" + ) + _describe -t docker-swarm-commands "docker swarm command" _docker_swarm_subcommands +} + +__docker_swarm_subcommand() { + local -a _command_args opts_help + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + + case "$words[1]" in + (init) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--auto-accept=[Acceptance policy]:policy:(manager none worker)" \ + "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ + "($help)--force-new-cluster[Force create a new cluster from current state]" \ + "($help)--listen-addr[Listen address]:ip\:port: " \ + "($help)--secret[Set secret value needed to accept nodes into cluster]:secret: " && ret=0 + ;; + (inspect) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 + ;; + (join) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--ca-hash=[Hash of the Root Certificate Authority certificate used for trusted join]:hash: " \ + "($help)--listen-addr[Listen address]:ip\:port: " \ + "($help)--manager[Try joining as a manager]" \ + "($help)--secret[Secret for node acceptance]:secret: " \ + "($help -):host\:port: " && ret=0 + ;; + (leave) + _arguments $(__docker_arguments) \ + $opts_help && ret=0 + ;; + (update) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--auto-accept=[Acceptance policy]:policy:(manager none worker)" \ + "($help)--cert-expiry=[Validity period for node certificates]:duration: " \ + "($help)--dispatcher-heartbeat=[Dispatcher heartbeat period]:duration: " \ + "($help)--secret[Set secret value needed to accept nodes into cluster]:secret: " \ + "($help)--task-history-limit[Task history retention limit]:limit: " && ret=0 + ;; + (help) + _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0 + ;; + esac + + return ret +} + +# EO swarm + __docker_volume_complete_ls_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -1547,6 +1615,23 @@ __docker_subcommand() { "($help)--no-stream[Disable streaming stats and only pull the first result]" \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; + (swarm) + local curcontext="$curcontext" state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_swarm_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-${words[-1]}: + __docker_swarm_subcommand && ret=0 + ;; + esac + ;; (tag) _arguments $(__docker_arguments) \ $opts_help \ From b1ea724ae60055e09ada6f1beacafb414455945f Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 2 Jul 2016 22:54:20 +0200 Subject: [PATCH 1526/2538] Add zsh completion for 'docker plugin' commands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 102 +++++++++++++++++++++++++++++++-- 1 file changed, 98 insertions(+), 4 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index af3880f302..bdabb2eacb 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -138,7 +138,7 @@ __docker_containers_names() { __docker_get_containers all names "$@" } -__docker_plugins() { +__docker_complete_info_plugins() { [[ $PREFIX = -* ]] && return 1 integer ret=1 emulate -L zsh @@ -451,7 +451,7 @@ __docker_network_complete_ls_filters() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in (driver) - __docker_plugins Network && ret=0 + __docker_complete_info_plugins Network && ret=0 ;; (id) __docker_networks_ids && ret=0 @@ -697,7 +697,6 @@ __docker_nodes() { [[ $filter != "none") ]] && args=("-f $filter") lines=(${(f)"$(_call_program commands docker $docker_options node ls $args)"}) - # Parse header line to find columns local i=1 j=1 k header=${lines[1]} declare -A begin end @@ -848,6 +847,84 @@ __docker_node_subcommand() { # EO node +# BO plugin + +__docker_complete_plugins() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + local line s + declare -a lines plugins + + lines=(${(f)"$(_call_program commands docker $docker_options plugin ls)"}) + + # Parse header line to find columns + local i=1 j=1 k header=${lines[1]} + declare -A begin end + while (( j < ${#header} - 1 )); do + i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) + j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) + k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) + begin[${header[$i,$((j-1))]}]=$i + end[${header[$i,$((j-1))]}]=$k + done + end[${header[$i,$((j-1))]}]=-1 + lines=(${lines[2,-1]}) + + # Name + for line in $lines; do + s="${line[${begin[NAME]},${end[NAME]}]%% ##}" + s="$s:${(l:7:: :::)${${line[${begin[TAG]},${end[TAG]}]}%% ##}}" + plugins=($plugins $s) + done + + _describe -t plugins-list "plugins" plugins "$@" && ret=0 + return ret +} + +__docker_plugin_commands() { + local -a _docker_plugin_subcommands + _docker_plugin_subcommands=( + "disable:Disable a plugin" + "enable:Enable a plugin" + "inspect:Return low-level information about a plugin" + "install:Install a plugin" + "ls:List plugins" + "push:Push a plugin" + "rm:Remove a plugin" + "set:Change settings for a plugin" + ) + _describe -t docker-plugin-commands "docker plugin command" _docker_plugin_subcommands +} + +__docker_plugin_subcommand() { + local -a _command_args opts_help + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + + case "$words[1]" in + (disable|enable|inspect|install|ls|push|rm) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)1:plugin:__docker_complete_plugins" && ret=0 + ;; + (set) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)1:plugin:__docker_complete_plugins" \ + "($help-)*:key=value: " && ret=0 + ;; + (help) + _arguments $(__docker_arguments) ":subcommand:__docker_plugin_commands" && ret=0 + ;; + esac + + return ret +} + +# EO plugin + # BO swarm __docker_swarm_commands() { @@ -927,7 +1004,7 @@ __docker_volume_complete_ls_filters() { _describe -t dangling-filter-opts "Dangling Filter Options" dangling_opts && ret=0 ;; (driver) - __docker_plugins Volume && ret=0 + __docker_complete_info_plugins Volume && ret=0 ;; (name) __docker_volumes && ret=0 @@ -1470,6 +1547,23 @@ __docker_subcommand() { $opts_help \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; + (plugin) + local curcontext="$curcontext" state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_plugin_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-${words[-1]}: + __docker_plugin_subcommand && ret=0 + ;; + esac + ;; (port) _arguments $(__docker_arguments) \ $opts_help \ From 649b3e132d6ed78adcfa322c288f51ce12ecebc6 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 21 Jun 2016 08:53:10 +0200 Subject: [PATCH 1527/2538] Add zsh completion for 'docker daemon --runtimes' and 'docker run --runtime' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index bdabb2eacb..53c516dfe9 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -299,6 +299,17 @@ __docker_complete_pid() { return ret } +__docker_complete_runtimes() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + emulate -L zsh + setopt extendedglob + local -a runtimes_opts + runtimes_opts=(${(ps: :)${(f)${${"$(_call_program commands docker $docker_options info)"##*$'\n'Runtimes: }%%$'\n'^ *}}}) + _describe -t runtimes-opts "runtimes options" runtimes_opts && ret=0 +} + __docker_complete_ps_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -1296,6 +1307,7 @@ __docker_subcommand() { (daemon) _arguments $(__docker_arguments) \ $opts_help \ + "($help)*--add-runtime=[Register an additional OCI compatible runtime]:runtime:__docker_complete_runtimes" \ "($help)--api-cors-header=[CORS headers in the remote API]:CORS headers: " \ "($help)*--authorization-plugin=[Authorization plugins to load]" \ "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ @@ -1648,6 +1660,7 @@ __docker_subcommand() { "($help)--health-timeout=[Maximum time to allow one check to run]:time: " \ "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" \ "($help)--rm[Remove intermediate containers when it exits]" \ + "($help)--runtime=[Name of the runtime to be used for that container]:runtime:__docker_complete_runtimes" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \ "($help)--storage-opt=[Set storage driver options per container]:storage options:->storage-opt" \ From c51671ccb95784dc7bb2be253c7f7cec218fd124 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 3 Jul 2016 00:09:34 +0200 Subject: [PATCH 1528/2538] Add zsh completion for 'docker service' commands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 249 +++++++++++++++++++++++++++++++++ 1 file changed, 249 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 53c516dfe9..45d00bb7d3 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -936,6 +936,238 @@ __docker_plugin_subcommand() { # EO plugin +# BO service + +__docker_service_complete_ls_filters() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (id) + __docker_complete_services_ids && ret=0 + ;; + (name) + __docker_complete_services_names && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + opts=('id' 'label' 'name') + _describe -t filter-opts "filter options" opts -qS "=" && ret=0 + fi + + return ret +} + +__docker_service_complete_tasks_filters() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (desired-state) + state_opts=('accepted' 'running') + _describe -t state-opts "desired state options" state_opts && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + opts=('desired-state' 'id' 'label' 'name') + _describe -t filter-opts "filter options" opts -qS "=" && ret=0 + fi + + return ret +} + +__docker_services() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + local line s + declare -a lines services + + type=$1; shift + + lines=(${(f)"$(_call_program commands docker $docker_options service ls)"}) + + # Parse header line to find columns + local i=1 j=1 k header=${lines[1]} + declare -A begin end + while (( j < ${#header} - 1 )); do + i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) + j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) + k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) + begin[${header[$i,$((j-1))]}]=$i + end[${header[$i,$((j-1))]}]=$k + done + end[${header[$i,$((j-1))]}]=-1 + lines=(${lines[2,-1]}) + + # Service ID + if [[ $type = (ids|all) ]]; then + for line in $lines; do + s="${line[${begin[ID]},${end[ID]}]%% ##}" + s="$s:${(l:7:: :::)${${line[${begin[IMAGE]},${end[IMAGE]}]}%% ##}}" + services=($services $s) + done + fi + + # Names + if [[ $type = (names|all) ]]; then + for line in $lines; do + s="${line[${begin[NAME]},${end[NAME]}]%% ##}" + s="$s:${(l:7:: :::)${${line[${begin[IMAGE]},${end[IMAGE]}]}%% ##}}" + services=($services $s) + done + fi + + _describe -t services-list "services" services "$@" && ret=0 + return ret +} + +__docker_complete_services() { + [[ $PREFIX = -* ]] && return 1 + __docker_services all "$@" +} + +__docker_complete_services_ids() { + [[ $PREFIX = -* ]] && return 1 + __docker_services ids "$@" +} + +__docker_complete_services_names() { + [[ $PREFIX = -* ]] && return 1 + __docker_services names "$@" +} + +__docker_service_commands() { + local -a _docker_service_subcommands + _docker_service_subcommands=( + "create:Create a new service" + "inspect:Display detailed information on one or more services" + "ls:List services" + "rm:Remove a service" + "scale:Scale one or multiple services" + "tasks:List the tasks of a service" + "update:Update a service" + ) + _describe -t docker-service-commands "docker service command" _docker_service_subcommands +} + +__docker_service_subcommand() { + local -a _command_args opts_help opts_create_update + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + opts_create_update=( + "($help)*--constraint=[Placement constraints]:constraint: " + "($help)--endpoint-mode=[Placement constraints]:mode:(VIP DNSRR)" + "($help)*"{-e=,--env=}"[Set environment variables]:env: " + "($help)*--label=[Service labels]:label: " + "($help)--limit-cpu=[Limit CPUs]:value: " + "($help)--limit-memory=[Limit Memory]:value: " + "($help)--mode=[Limit Memory]:mode:(global replicated)" + "($help)*"{-m=,--mount=}"[Attach a mount to the service]:mount: " + "($help)--name=[Service name]:name: " + "($help)*--network=[Network attachments]:network: " + "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: " + "($help)--replicas=[Number of tasks]:replicas: " + "($help)--reserve-cpu=[Reserve CPUs]:value: " + "($help)--reserve-memory=[Reserve Memory]:value: " + "($help)--restart-condition=[Restart when condition is met]:mode:(any none on_failure)" + "($help)--restart-delay=[Delay between restart attempts]:delay: " + "($help)--restart-max-attempts=[Maximum number of restarts before giving up]:max-attempts: " + "($help)--restart-window=[Window used to evaluate the restart policy]:window: " + "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: " + "($help)--update-delay=[Delay between updates]:delay: " + "($help)--update-parallelism=[Maximum number of tasks updated simultaneously]:number: " + "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" + "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" + ) + + case "$words[1]" in + (create) + _arguments $(__docker_arguments) \ + $opts_help \ + $opts_create_update \ + "($help -): :__docker_images" \ + "($help -):command: _command_names -e" \ + "($help -)*::arguments: _normal" && ret=0 + ;; + (inspect) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ + "($help -p --pretty)"{-p,--pretty}"[Print the information in a human friendly format]" \ + "($help -)*:service:__docker_complete_services" && ret=0 + ;; + (ls|list) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:->filter-options" \ + "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 + case $state in + (filter-options) + __docker_service_complete_ls_filters && ret=0 + ;; + esac + ;; + (rm|remove) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:service:__docker_complete_services" && ret=0 + ;; + (scale) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:service:->values" && ret=0 + case $state in + (values) + if compset -P '*='; then + _message 'replicas' && ret=0 + else + __docker_complete_services -qS "=" + fi + ;; + esac + ;; + (tasks) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -a --all)"{-a,--all}"[Display all tasks]" \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help -n --no-resolve)"{-n,--no-resolve}"[Do not map IDs to Names]" \ + "($help -)1:service:__docker_complete_services" && ret=0 + case $state in + (filter-options) + __docker_service_complete_tasks_filters && ret=0 + ;; + esac + ;; + (update) + _arguments $(__docker_arguments) \ + $opts_help \ + $opts_create_update \ + "($help)--arg=[Service command args]:arguments: _normal" \ + "($help)--command=[Service command]:command: _command_names -e" \ + "($help)--image=[Service image tag]:image:__docker_repositories" \ + "($help -)1:service:__docker_complete_services" && ret=0 + ;; + (help) + _arguments $(__docker_arguments) ":subcommand:__docker_service_commands" && ret=0 + ;; + esac + + return ret +} + +# EO service + # BO swarm __docker_swarm_commands() { @@ -1707,6 +1939,23 @@ __docker_subcommand() { ;; esac ;; + (service) + local curcontext="$curcontext" state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_service_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-${words[-1]}: + __docker_service_subcommand && ret=0 + ;; + esac + ;; (start) _arguments $(__docker_arguments) \ $opts_help \ From 1ba0a354fe158065bb64b9cb42bdebb107b1d60a Mon Sep 17 00:00:00 2001 From: skaasten Date: Mon, 4 Jul 2016 11:13:57 -0400 Subject: [PATCH 1529/2538] Fix typo - stacks being managed, not tasks? --- experimental/docker-stacks-and-bundles.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 095cea449e..1da2b8f587 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -77,7 +77,7 @@ axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-co ## Managing stacks -Tasks are managed using the `docker stack` command: +Stacks are managed using the `docker stack` command: ```bash # docker stack --help From 6abf9242530da4a227c018bdfd3578ab14d54b80 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Tue, 5 Jul 2016 11:27:42 +0200 Subject: [PATCH 1530/2538] Merge pull request #24325 from Anvil/plugins_volume.md-unqiue Fixed typo: s/unqiue/unique/g (cherry picked from commit 84aa074d18d2f75f54564f21c2b5c0d1bcddd23f) Signed-off-by: Sebastiaan van Stijn --- docs/extend/plugins_volume.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 3b84d92f7a..66afa7d439 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -126,7 +126,7 @@ name. This is called once per container start. If the same volume_name is reques more than once, the plugin may need to keep track of each new mount request and provision at the first mount request and deprovision at the last corresponding unmount request. -`ID` is a unqiue ID for the caller that is requesting the mount. +`ID` is a unique ID for the caller that is requesting the mount. **Response**: ```json @@ -176,7 +176,7 @@ Indication that Docker no longer is using the named volume. This is called once per container stop. Plugin may deduce that it is safe to deprovision it at this point. -`ID` is a unqiue ID for the caller that is requesting the mount. +`ID` is a unique ID for the caller that is requesting the mount. **Response**: ```json From 06683c5ea37580739ce78b4d1d47bf07ffb49ee7 Mon Sep 17 00:00:00 2001 From: Jonathan Lomas Date: Wed, 6 Jul 2016 08:47:24 -0700 Subject: [PATCH 1531/2538] Remove unmatched bracket from _docker for zsh Signed-off-by: Jonathan Lomas --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 45d00bb7d3..8c7db42080 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -705,7 +705,7 @@ __docker_nodes() { type=$1; shift filter=$1; shift - [[ $filter != "none") ]] && args=("-f $filter") + [[ $filter != "none" ]] && args=("-f $filter") lines=(${(f)"$(_call_program commands docker $docker_options node ls $args)"}) # Parse header line to find columns From cab7139a4b53e0b11b976eda3be7b1afce6e05f6 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 6 Jul 2016 20:23:53 -0700 Subject: [PATCH 1532/2538] Change NAME to HOSTNAME in docs for `docker node ls` In #24159, the title field of `docker node ls` has been changed from NAME to HOSTNAME. However, in the docs the NAMEs are still used for the output of `docker node ls`. This fix updates docs so that NAME field is changed to HOSTNAME for all `docker node ls`. This fix is related to #24159 and #24090. Signed-off-by: Yong Tang --- docs/reference/commandline/node_ls.md | 8 ++++---- docs/reference/commandline/swarm_init.md | 2 +- docs/reference/commandline/swarm_join.md | 4 ++-- docs/reference/commandline/swarm_leave.md | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 5b70bed6ec..07e16cbe87 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -28,7 +28,7 @@ Lists all the nodes that the Docker Swarm manager knows about. You can filter us Example output: $ docker node ls - ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER + ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Accepted Ready Active 38ciaotwjuritcdtn9npbnkuz swarm-worker1 Accepted Ready Active e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Accepted Ready Active Reachable Yes @@ -52,7 +52,7 @@ The `name` filter matches on all or part of a node name. The following filter matches the node with a name equal to `swarm-master` string. $ docker node ls -f name=swarm-manager1 - ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER + ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Accepted Ready Active Reachable Yes ### id @@ -60,7 +60,7 @@ The following filter matches the node with a name equal to `swarm-master` string The `id` filter matches all or part of a node's id. $ docker node ls -f id=1 - ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER + ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Accepted Ready Active @@ -73,7 +73,7 @@ The following filter matches nodes with the `usage` label regardless of its valu ```bash $ docker node ls -f "label=foo" -ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Accepted Ready Active ``` diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 21378962c2..e6f497d312 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -31,7 +31,7 @@ in the newly created one node Swarm cluster. $ docker swarm init --listen-addr 192.168.99.121:2377 Swarm initialized: current node (1ujecd0j9n3ro9i6628smdmth) is now a manager. $ docker node ls -ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER 1ujecd0j9n3ro9i6628smdmth * manager1 Accepted Ready Active Reachable Yes ``` diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 4ac6940dc2..541fe67567 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -30,7 +30,7 @@ targeted by this command becomes a `manager`. If it is not specified, it becomes $ docker swarm join --manager --listen-addr 192.168.99.122:2377 192.168.99.121:2377 This node joined a Swarm as a manager. $ docker node ls -ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER dkp8vy1dq1kxleu9g4u78tlag * manager2 Accepted Ready Active Reachable dvfxp4zseq4s0rih1selh0d20 manager1 Accepted Ready Active Reachable Yes ``` @@ -41,7 +41,7 @@ dvfxp4zseq4s0rih1selh0d20 manager1 Accepted Ready Active Reachab $ docker swarm join --listen-addr 192.168.99.123:2377 192.168.99.121:2377 This node joined a Swarm as a worker. $ docker node ls -ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER 7ln70fl22uw2dvjn2ft53m3q5 worker2 Accepted Ready Active dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachable dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index c3fc56be47..6f307cfeab 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -23,7 +23,7 @@ This command causes the node to leave the swarm. On a manager node: ```bash $ docker node ls -ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER 7ln70fl22uw2dvjn2ft53m3q5 worker2 Accepted Ready Active dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachable dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes @@ -38,7 +38,7 @@ Node left the default swarm. On a manager node: ```bash $ docker node ls -ID NAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER +ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER 7ln70fl22uw2dvjn2ft53m3q5 worker2 Accepted Down Active dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachable dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes From 20859b146b94c8f249374f0719ff672d50049227 Mon Sep 17 00:00:00 2001 From: Anil Madhavapeddy Date: Tue, 5 Jul 2016 13:18:49 +0100 Subject: [PATCH 1533/2538] make `docker service --help` text for `--endpoint-mode` more consistent Previously: ``` --constraint value Placement constraints (default []) --endpoint-mode string Endpoint mode(Valid values: vip, dnsrr) --restart-condition string Restart when condition is met (none, on_failure, or any) ``` Now: ``` --constraint value Placement constraints (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) --restart-condition string Restart when condition is met (none, on_failure, or any) ``` Signed-off-by: Anil Madhavapeddy --- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index f385d8cb05..7d3b136689 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -18,7 +18,7 @@ Create a new service Options: --constraint value Placement constraints (default []) - --endpoint-mode string Endpoint mode(Valid values: VIP, DNSRR) + --endpoint-mode string Endpoint mode (vip or dnsrr) -e, --env value Set environment variables (default []) --help Print usage -l, --label value Service labels (default []) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 03c3ab33e7..f16f7f3efe 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -20,7 +20,7 @@ Options: --arg value Service command args (default []) --command value Service command (default []) --constraint value Placement constraints (default []) - --endpoint-mode string Endpoint mode(Valid values: VIP, DNSRR) + --endpoint-mode string Endpoint mode (vip or dnsrr) -e, --env value Set environment variables (default []) --help Print usage --image string Service image tag From de7c6a835561c9f41c79bae9604476a967bce227 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 7 Jul 2016 11:32:19 +0200 Subject: [PATCH 1534/2538] Use "on-failure" for both containers and services Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 2 +- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7c8f6db1b3..6d58ddd9ce 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1701,7 +1701,7 @@ _docker_service_update() { return ;; --restart-condition) - COMPREPLY=( $( compgen -W "any none on_failure" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "any none on-failure" -- "$cur" ) ) return ;; --user|-u) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8c7db42080..f833206c80 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1079,7 +1079,7 @@ __docker_service_subcommand() { "($help)--replicas=[Number of tasks]:replicas: " "($help)--reserve-cpu=[Reserve CPUs]:value: " "($help)--reserve-memory=[Reserve Memory]:value: " - "($help)--restart-condition=[Restart when condition is met]:mode:(any none on_failure)" + "($help)--restart-condition=[Restart when condition is met]:mode:(any none on-failure)" "($help)--restart-delay=[Delay between restart attempts]:delay: " "($help)--restart-max-attempts=[Maximum number of restarts before giving up]:max-attempts: " "($help)--restart-window=[Window used to evaluate the restart policy]:window: " diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 7d3b136689..10f4aefd7c 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -32,7 +32,7 @@ Options: --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) --reserve-memory value Reserve Memory (default 0 B) - --restart-condition string Restart when condition is met (none, on_failure, or any) + --restart-condition string Restart when condition is met (none, on-failure, or any) --restart-delay value Delay between restart attempts (default none) --restart-max-attempts value Maximum number of restarts before giving up (default none) --restart-window value Window used to evaluate the restart policy (default none) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index f16f7f3efe..c0da447c1e 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -35,7 +35,7 @@ Options: --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) --reserve-memory value Reserve Memory (default 0 B) - --restart-condition string Restart when condition is met (none, on_failure, or any) + --restart-condition string Restart when condition is met (none, on-failure, or any) --restart-delay value Delay between restart attempts (default none) --restart-max-attempts value Maximum number of restarts before giving up (default none) --restart-window value Window used to evaluate the restart policy (default none) From e632408a3717aa9ae8340fc2a2401daff1f3a2e9 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Tue, 5 Jul 2016 15:39:26 -0700 Subject: [PATCH 1535/2538] Generate a swarm joining secret if none is specified The current behavior of `docker swarm init` is to set up a swarm that has no secret for joining, and does not require manual acceptance for workers. Since workers may sometimes receive sensitive data such as pull credentials, it makes sense to harden the defaults. This change makes `docker swarm init` generate a random secret if none is provided, and print it to the terminal. This secret will be needed to join workers or managers to the swarm. In addition to improving access control to the cluster, this setup removes an avenue for denial-of-service attacks, since the secret is necessary to even create an entry in the node list. `docker swarm init --secret ""` will set up a swarm without a secret, matching the old behavior. `docker swarm update --secret ""` removes the automatically generated secret after `docker swarm init`. Closes #23785 Signed-off-by: Aaron Lehmann --- docs/reference/commandline/swarm_init.md | 13 ++++++++++++- docs/reference/commandline/swarm_join.md | 4 ++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index e6f497d312..e0f195bbd3 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -29,12 +29,24 @@ in the newly created one node Swarm cluster. ```bash $ docker swarm init --listen-addr 192.168.99.121:2377 +No --secret provided. Generated random secret: + 4ao565v9jsuogtq5t8s379ulb + Swarm initialized: current node (1ujecd0j9n3ro9i6628smdmth) is now a manager. + +To add a worker to this swarm, run the following command: + docker swarm join --secret 4ao565v9jsuogtq5t8s379ulb \ + --ca-hash sha256:07ce22bd1a7619f2adc0d63bd110479a170e7c4e69df05b67a1aa2705c88ef09 \ + 192.168.99.121:2377 $ docker node ls ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER 1ujecd0j9n3ro9i6628smdmth * manager1 Accepted Ready Active Reachable Yes ``` +If a secret for joining new nodes is not provided with `--secret`, `docker swarm init` will +generate a random one and print it to the terminal (as seen in the example above). To initialize +a swarm with no secret, use `--secret ""`. + ### `--auto-accept value` This flag controls node acceptance into the cluster. By default, `worker` nodes are @@ -47,7 +59,6 @@ For example, the following initializes a cluster with auto-acceptance of workers ```bash $ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker -Swarm initialized: current node (1m8cdsylxbf3lk8qriqt07hx1) is now a manager. ``` ### `--external-ca value` diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 541fe67567..b9276e1e6a 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -27,7 +27,7 @@ targeted by this command becomes a `manager`. If it is not specified, it becomes ### Join a node to swarm as a manager ```bash -$ docker swarm join --manager --listen-addr 192.168.99.122:2377 192.168.99.121:2377 +$ docker swarm join --secret 4ao565v9jsuogtq5t8s379ulb --manager --listen-addr 192.168.99.122:2377 192.168.99.121:2377 This node joined a Swarm as a manager. $ docker node ls ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER @@ -38,7 +38,7 @@ dvfxp4zseq4s0rih1selh0d20 manager1 Accepted Ready Active Reachab ### Join a node to swarm as a worker ```bash -$ docker swarm join --listen-addr 192.168.99.123:2377 192.168.99.121:2377 +$ docker swarm join --secret 4ao565v9jsuogtq5t8s379ulb --listen-addr 192.168.99.123:2377 192.168.99.121:2377 This node joined a Swarm as a worker. $ docker node ls ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER From 3ebe3fe752906d8ef37b9fefa09e2d752cead461 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 7 Jul 2016 20:43:18 +0200 Subject: [PATCH 1536/2538] Updates on cli reference documentation - Update ps with `--last` flag - Update commands with current output - Make sure hugo does not detect the wrong language - Update usage for `tag` command to be more coherent with the other ones Signed-off-by: Vincent Demeester --- docs/reference/commandline/attach.md | 15 +- docs/reference/commandline/build.md | 54 +++--- docs/reference/commandline/cli.md | 29 ++- docs/reference/commandline/commit.md | 17 +- docs/reference/commandline/cp.md | 18 +- docs/reference/commandline/create.md | 161 +++++++++-------- docs/reference/commandline/diff.md | 9 +- docs/reference/commandline/events.md | 15 +- docs/reference/commandline/exec.md | 20 +- docs/reference/commandline/export.md | 11 +- docs/reference/commandline/history.md | 15 +- docs/reference/commandline/images.md | 28 +-- docs/reference/commandline/import.md | 15 +- docs/reference/commandline/info.md | 11 +- docs/reference/commandline/inspect.md | 16 +- docs/reference/commandline/kill.md | 11 +- docs/reference/commandline/load.md | 15 +- docs/reference/commandline/login.md | 15 +- docs/reference/commandline/logout.md | 11 +- docs/reference/commandline/logs.md | 19 +- docs/reference/commandline/network_connect.md | 19 +- .../commandline/network_disconnect.md | 12 +- docs/reference/commandline/network_inspect.md | 11 +- docs/reference/commandline/network_ls.md | 19 +- docs/reference/commandline/network_rm.md | 12 +- docs/reference/commandline/node_accept.md | 9 +- docs/reference/commandline/node_demote.md | 10 +- docs/reference/commandline/node_inspect.md | 14 +- docs/reference/commandline/node_ls.md | 18 +- docs/reference/commandline/node_promote.md | 9 +- docs/reference/commandline/node_rm.md | 18 +- docs/reference/commandline/node_tasks.md | 14 +- docs/reference/commandline/node_update.md | 9 +- docs/reference/commandline/pause.md | 9 +- docs/reference/commandline/plugin_disable.md | 9 +- docs/reference/commandline/plugin_enable.md | 9 +- docs/reference/commandline/plugin_inspect.md | 10 +- docs/reference/commandline/plugin_install.md | 11 +- docs/reference/commandline/plugin_ls.md | 13 +- docs/reference/commandline/plugin_rm.md | 13 +- docs/reference/commandline/port.md | 10 +- docs/reference/commandline/ps.md | 43 +++-- docs/reference/commandline/pull.md | 13 +- docs/reference/commandline/push.md | 11 +- docs/reference/commandline/rename.md | 9 +- docs/reference/commandline/restart.md | 11 +- docs/reference/commandline/rm.md | 15 +- docs/reference/commandline/rmi.md | 13 +- docs/reference/commandline/run.md | 171 ++++++++++-------- docs/reference/commandline/save.md | 11 +- docs/reference/commandline/search.md | 21 ++- docs/reference/commandline/service_create.md | 3 +- docs/reference/commandline/service_inspect.md | 2 +- docs/reference/commandline/service_ls.md | 2 - docs/reference/commandline/service_scale.md | 11 +- docs/reference/commandline/service_tasks.md | 4 +- docs/reference/commandline/service_update.md | 4 +- docs/reference/commandline/start.md | 15 +- docs/reference/commandline/stats.md | 13 +- docs/reference/commandline/stop.md | 12 +- docs/reference/commandline/swarm_init.md | 36 +++- docs/reference/commandline/swarm_join.md | 25 ++- docs/reference/commandline/swarm_leave.md | 11 +- docs/reference/commandline/swarm_update.md | 21 ++- docs/reference/commandline/tag.md | 9 +- docs/reference/commandline/top.md | 9 +- docs/reference/commandline/unpause.md | 9 +- docs/reference/commandline/update.md | 31 ++-- docs/reference/commandline/version.md | 11 +- docs/reference/commandline/volume_create.md | 17 +- docs/reference/commandline/volume_inspect.md | 11 +- docs/reference/commandline/volume_ls.md | 22 ++- docs/reference/commandline/volume_rm.md | 12 +- docs/reference/commandline/wait.md | 9 +- 74 files changed, 826 insertions(+), 554 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index b70c26f452..dd581ace9a 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -10,14 +10,17 @@ parent = "smn_cli" # attach - Usage: docker attach [OPTIONS] CONTAINER +```markdown +Usage: docker attach [OPTIONS] CONTAINER - Attach to a running container +Attach to a running container - --detach-keys="" Set up escape key sequence - --help Print usage - --no-stdin Do not attach STDIN - --sig-proxy=true Proxy all received signals to the process +Options: + --detach-keys string Override the key sequence for detaching a container + --help Print usage + --no-stdin Do not attach STDIN + --sig-proxy Proxy all received signals to the process (default true) +``` The `docker attach` command allows you to attach to a running container using the container's ID or name, either to view its ongoing output or to control it diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 72426d659e..00fd85d61f 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -10,32 +10,38 @@ parent = "smn_cli" # build - Usage: docker build [OPTIONS] PATH | URL | - +```markdown +Usage: docker build [OPTIONS] PATH | URL | - - Build a new image from the source code at PATH +Build an image from a Dockerfile - --build-arg=[] Set build-time variables - --cpu-shares CPU Shares (relative weight) - --cgroup-parent="" Optional parent cgroup for the container - --cpu-period=0 Limit the CPU CFS (Completely Fair Scheduler) period - --cpu-quota=0 Limit the CPU CFS (Completely Fair Scheduler) quota - --cpuset-cpus="" CPUs in which to allow execution, e.g. `0-3`, `0,1` - --cpuset-mems="" MEMs in which to allow execution, e.g. `0-3`, `0,1` - --disable-content-trust=true Skip image verification - -f, --file="" Name of the Dockerfile (Default is 'PATH/Dockerfile') - --force-rm Always remove intermediate containers - --help Print usage - --isolation="" Container isolation technology - --label=[] Set metadata for an image - -m, --memory="" Memory limit for all build containers - --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. - --no-cache Do not use cache when building the image - --pull Always attempt to pull a newer version of the image - -q, --quiet Suppress the build output and print image ID on success - --rm=true Remove intermediate containers after a successful build - --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. - -t, --tag=[] Name and optionally a tag in the 'name:tag' format - --ulimit=[] Ulimit options +Options: + --build-arg value Set build-time variables (default []) + --cgroup-parent string Optional parent cgroup for the container + --cpu-period int Limit the CPU CFS (Completely Fair Scheduler) period + --cpu-quota int Limit the CPU CFS (Completely Fair Scheduler) quota + -c, --cpu-shares int CPU shares (relative weight) + --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) + --disable-content-trust Skip image verification (default true) + -f, --file string Name of the Dockerfile (Default is 'PATH/Dockerfile') + --force-rm Always remove intermediate containers + --help Print usage + --isolation string Container isolation technology + --label value Set metadata for an image (default []) + -m, --memory string Memory limit + --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap + --no-cache Do not use cache when building the image + --pull Always attempt to pull a newer version of the image + -q, --quiet Suppress the build output and print image ID on success + --rm Remove intermediate containers after a successful build (default true) + --shm-size string Size of /dev/shm, default value is 64MB. + The format is ``. `number` must be greater than `0`. + Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), + or `g` (gigabytes). If you omit the unit, the system uses bytes. + -t, --tag value Name and optionally a tag in the 'name:tag' format (default []) + --ulimit value Ulimit options (default []) +``` Builds Docker images from a Dockerfile and a "context". A build's context is the files located in the specified `PATH` or `URL`. The build process can refer diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index ac5f62d4bb..746b84b03a 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -14,16 +14,31 @@ weight = -2 To list available commands, either run `docker` with no parameters or execute `docker help`: - $ docker - Usage: docker [OPTIONS] COMMAND [arg...] - docker daemon [ --help | ... ] - docker [ --help | -v | --version ] +```bash +$ docker +Usage: docker [OPTIONS] COMMAND [arg...] + docker [ --help | -v | --version ] - -H, --host=[]: The socket(s) to talk to the Docker daemon in the format of tcp://host:port/path, unix:///path/to/socket, fd://* or fd://socketfd. +A self-sufficient runtime for containers. - A self-sufficient runtime for Linux containers. +Options: - ... + --config=~/.docker Location of client config files + -D, --debug Enable debug mode + -H, --host=[] Daemon socket(s) to connect to + -h, --help Print usage + -l, --log-level=info Set the logging level + --tls Use TLS; implied by --tlsverify + --tlscacert=~/.docker/ca.pem Trust certs signed only by this CA + --tlscert=~/.docker/cert.pem Path to TLS certificate file + --tlskey=~/.docker/key.pem Path to TLS key file + --tlsverify Use TLS and verify the remote + -v, --version Print version information and quit + +Commands: + attach Attach to a running container + # […] +``` Depending on your Docker system configuration, you may be required to preface each `docker` command with `sudo`. To avoid having to use `sudo` with the diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index ad25f64c84..acfb7c95be 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -10,15 +10,18 @@ parent = "smn_cli" # commit - Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] +```markdown +Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]] - Create a new image from a container's changes +Create a new image from a container's changes - -a, --author="" Author (e.g., "John Hannibal Smith ") - -c, --change=[] Apply specified Dockerfile instructions while committing the image - --help Print usage - -m, --message="" Commit message - -p, --pause=true Pause container during commit +Options: + -a, --author string Author (e.g., "John Hannibal Smith ") + -c, --change value Apply Dockerfile instruction to the created image (default []) + --help Print usage + -m, --message string Commit message + -p, --pause Pause container during commit (default true) +``` It can be useful to commit a container's file changes or settings into a new image. This allows you debug a container by running an interactive shell, or to diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index 8afabc95bc..b3a0b78916 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -10,13 +10,21 @@ parent = "smn_cli" # cp - Usage: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH | - - docker cp [OPTIONS] SRC_PATH | - CONTAINER:DEST_PATH +```markdown +Usage: docker cp [OPTIONS] CONTAINER:SRC_PATH DEST_PATH|- + docker cp [OPTIONS] SRC_PATH|- CONTAINER:DEST_PATH - Copy files/folders between a container and the local filesystem +Copy files/folders between a container and the local filesystem - -L, --follow-link Always follow symbol link in SRC_PATH - --help Print usage +Use '-' as the source to read a tar archive from stdin +and extract it to a directory destination in a container. +Use '-' as the destination to stream a tar archive of a +container source to stdout. + +Options: + -L, --follow-link Always follow symbol link in SRC_PATH + --help Print usage +``` The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. You can copy from the container's file system to the local machine or the diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index fb84d38794..49f0c96c3b 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -12,95 +12,110 @@ parent = "smn_cli" Creates a new container. - Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...] +```markdown +Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...] - Create a new container +Create a new container - -a, --attach=[] Attach to STDIN, STDOUT or STDERR - --add-host=[] Add a custom host-to-IP mapping (host:ip) - --blkio-weight=0 Block IO weight (relative weight) - --blkio-weight-device=[] Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) - --cpu-shares=0 CPU shares (relative weight) - --cap-add=[] Add Linux capabilities - --cap-drop=[] Drop Linux capabilities - --cgroup-parent="" Optional parent cgroup for the container - --cidfile="" Write the container ID to the file - --cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period - --cpu-quota=0 Limit CPU CFS (Completely Fair Scheduler) quota - --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) - --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) - --device=[] Add a host device to the container - --device-read-bps=[] Limit read rate (bytes per second) from a device (e.g., --device-read-bps=/dev/sda:1mb) - --device-read-iops=[] Limit read rate (IO per second) from a device (e.g., --device-read-iops=/dev/sda:1000) - --device-write-bps=[] Limit write rate (bytes per second) to a device (e.g., --device-write-bps=/dev/sda:1mb) - --device-write-iops=[] Limit write rate (IO per second) to a device (e.g., --device-write-iops=/dev/sda:1000) - --disable-content-trust=true Skip image verification - --dns=[] Set custom DNS servers - --dns-opt=[] Set custom DNS options - --dns-search=[] Set custom DNS search domains - -e, --env=[] Set environment variables - --entrypoint="" Overwrite the default ENTRYPOINT of the image - --env-file=[] Read in a file of environment variables - --expose=[] Expose a port or a range of ports - --group-add=[] Add additional groups to join - -h, --hostname="" Container host name +Options: + --add-host value Add a custom host-to-IP mapping (host:ip) (default []) + -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) + --blkio-weight value Block IO (relative weight), between 10 and 1000 + --blkio-weight-device value Block IO weight (relative device weight) (default []) + --cap-add value Add Linux capabilities (default []) + --cap-drop value Drop Linux capabilities (default []) + --cgroup-parent string Optional parent cgroup for the container + --cidfile string Write the container ID to the file + --cpu-percent int CPU percent (Windows only) + --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period + --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota + -c, --cpu-shares int CPU shares (relative weight) + --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) + --device value Add a host device to the container (default []) + --device-read-bps value Limit read rate (bytes per second) from a device (default []) + --device-read-iops value Limit read rate (IO per second) from a device (default []) + --device-write-bps value Limit write rate (bytes per second) to a device (default []) + --device-write-iops value Limit write rate (IO per second) to a device (default []) + --disable-content-trust Skip image verification (default true) + --dns value Set custom DNS servers (default []) + --dns-opt value Set DNS options (default []) + --dns-search value Set custom DNS search domains (default []) + --entrypoint string Overwrite the default ENTRYPOINT of the image + -e, --env value Set environment variables (default []) + --env-file value Read in a file of environment variables (default []) + --expose value Expose a port or a range of ports (default []) + --group-add value Add additional groups to join (default []) + --health-cmd string Command to run to check health + --health-interval duration Time between running the check + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration Maximum time to allow one check to run --help Print usage - -i, --interactive Keep STDIN open even if not attached - --ip="" Container IPv4 address (e.g. 172.30.100.104) - --ip6="" Container IPv6 address (e.g. 2001:db8::33) - --ipc="" IPC namespace to use - --isolation="" Container isolation technology - --kernel-memory="" Kernel memory limit - -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) - --label-file=[] Read in a line delimited file of labels - --link=[] Add link to another container - --link-local-ip=[] Container IPv4/IPv6 link-local addresses (e.g. 169.254.0.77, fe80::77) - --log-driver="" Logging driver for container - --log-opt=[] Log driver specific options - -m, --memory="" Memory limit - --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) - --memory-reservation="" Memory soft limit - --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. - --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. - --name="" Assign a name to the container - --net="bridge" Connect a container to a network + -h, --hostname string Container host name + -i, --interactive Keep STDIN open even if not attached + --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) + --io-maxiops uint Maximum IOps limit for the system drive (Windows only) + --ip string Container IPv4 address (e.g. 172.30.100.104) + --ip6 string Container IPv6 address (e.g. 2001:db8::33) + --ipc string IPC namespace to use + --isolation string Container isolation technology + --kernel-memory string Kernel memory limit + -l, --label value Set meta data on a container (default []) + --label-file value Read in a line delimited file of labels (default []) + --link value Add link to another container (default []) + --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) + --log-driver string Logging driver for container + --log-opt value Log driver options (default []) + --mac-address string Container MAC address (e.g. 92:d0:c6:0a:29:33) + -m, --memory string Memory limit + --memory-reservation string Memory soft limit + --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap + --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) + --name string Assign a name to the container + --net string Connect a container to a network (default "default") 'bridge': create a network stack on the default Docker bridge 'none': no networking 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network - --net-alias=[] Add network-scoped alias for the container - --oom-kill-disable Whether to disable OOM Killer for the container or not - --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) - -P, --publish-all Publish all exposed ports to random ports - -p, --publish=[] Publish a container's port(s) to the host - --pid="" PID namespace to use - --pids-limit=-1 Tune container pids limit (set -1 for unlimited), kernel >= 4.3 + --net-alias value Add network-scoped alias for the container (default []) + --no-healthcheck Disable any container-specified HEALTHCHECK + --oom-kill-disable Disable OOM Killer + --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) + --pid string PID namespace to use + --pids-limit int Tune container pids limit (set -1 for unlimited), kernel >= 4.3 --privileged Give extended privileges to this container + -p, --publish value Publish a container's port(s) to the host (default []) + -P, --publish-all Publish all exposed ports to random ports --read-only Mount the container's root filesystem as read only - --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) - --runtime="" Name of the runtime to be used for that container - --security-opt=[] Security options - --stop-signal="SIGTERM" Signal to stop a container - --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. - --storage-opt=[] Set storage driver options per container - --sysctl[=*[]*]] Configure namespaced kernel parameters at runtime - -t, --tty Allocate a pseudo-TTY - -u, --user="" Username or UID - --userns="" Container user namespace + --restart string Restart policy to apply when a container exits (default "no") + Possible values are: no, on-failure[:max-retry], always, unless-stopped + --runtime string Runtime to use for this container + --security-opt value Security Options (default []) + --shm-size string Size of /dev/shm, default value is 64MB. + The format is ``. `number` must be greater than `0`. + Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), + or `g` (gigabytes). If you omit the unit, the system uses bytes. + --stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM") + --storage-opt value Set storage driver options per container (default []) + --sysctl value Sysctl options (default map[]) + --tmpfs value Mount a tmpfs directory (default []) + -t, --tty Allocate a pseudo-TTY + --ulimit value Ulimit options (default []) + -u, --user string Username or UID (format: [:]) + --userns string User namespace to use 'host': Use the Docker host user namespace '': Use the Docker daemon user namespace specified by `--userns-remap` option. - --ulimit=[] Ulimit options - --uts="" UTS namespace to use - -v, --volume=[host-src:]container-dest[:] - Bind mount a volume. The comma-delimited + --uts string UTS namespace to use + -v, --volume value Bind mount a volume (default []). The comma-delimited `options` are [rw|ro], [z|Z], [[r]shared|[r]slave|[r]private], and [nocopy]. The 'host-src' is an absolute path or a name value. - --volume-driver="" Container's volume driver - --volumes-from=[] Mount volumes from the specified container(s) - -w, --workdir="" Working directory inside the container + --volume-driver string Optional volume driver for the container + --volumes-from value Mount volumes from the specified container(s) (default []) + -w, --workdir string Working directory inside the container +``` The `docker create` command creates a writeable container layer over the specified image and prepares it for running the specified command. The diff --git a/docs/reference/commandline/diff.md b/docs/reference/commandline/diff.md index bda74eadad..8c01b8cdf2 100644 --- a/docs/reference/commandline/diff.md +++ b/docs/reference/commandline/diff.md @@ -10,11 +10,14 @@ parent = "smn_cli" # diff - Usage: docker diff [OPTIONS] CONTAINER +```markdown +Usage: docker diff CONTAINER - Inspect changes on a container's filesystem +Inspect changes on a container's filesystem - --help Print usage +Options: + --help Print usage +``` List the changed files and directories in a container᾿s filesystem There are 3 events that are listed in the `diff`: diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 688c05a907..c966289d59 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -10,14 +10,17 @@ parent = "smn_cli" # events - Usage: docker events [OPTIONS] +```markdown +Usage: docker events [OPTIONS] - Get real time events from the server +Get real time events from the server - -f, --filter=[] Filter output based on conditions provided - --help Print usage - --since="" Show all events created since timestamp - --until="" Stream events until this timestamp +Options: + -f, --filter value Filter output based on conditions provided (default []) + --help Print usage + --since string Show all events created since timestamp + --until string Stream events until this timestamp +``` Docker containers report the following events: diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index 80796a59c9..a5e1d3c9c5 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -10,17 +10,19 @@ parent = "smn_cli" # exec - Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] +```markdown +Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] - Run a command in a running container +Run a command in a running container - -d, --detach Detached mode: run command in the background - --detach-keys Specify the escape key sequence used to detach a container - --help Print usage - -i, --interactive Keep STDIN open even if not attached - --privileged Give extended Linux capabilities to the command - -t, --tty Allocate a pseudo-TTY - -u, --user= Username or UID (format: [:]) + -d, --detach Detached mode: run command in the background + --detach-keys Override the key sequence for detaching a container + --help Print usage + -i, --interactive Keep STDIN open even if not attached + --privileged Give extended privileges to the command + -t, --tty Allocate a pseudo-TTY + -u, --user Username or UID (format: [:]) +``` The `docker exec` command runs a new command in a running container. diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index 90ffec62be..54e6e01a6e 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -10,12 +10,15 @@ parent = "smn_cli" # export - Usage: docker export [OPTIONS] CONTAINER +```markdown +Usage: docker export [OPTIONS] CONTAINER - Export the contents of a container's filesystem as a tar archive +Export a container's filesystem as a tar archive - --help Print usage - -o, --output="" Write to a file, instead of STDOUT +Options: + --help Print usage + -o, --output string Write to a file, instead of STDOUT +``` The `docker export` command does not export the contents of volumes associated with the container. If a volume is mounted on top of an existing directory in diff --git a/docs/reference/commandline/history.md b/docs/reference/commandline/history.md index d8750d83c0..895fd55ea9 100644 --- a/docs/reference/commandline/history.md +++ b/docs/reference/commandline/history.md @@ -10,14 +10,17 @@ parent = "smn_cli" # history - Usage: docker history [OPTIONS] IMAGE +```markdown +Usage: docker history [OPTIONS] IMAGE - Show the history of an image +Show the history of an image - -H, --human=true Print sizes and dates in human readable format - --help Print usage - --no-trunc Don't truncate output - -q, --quiet Only show numeric IDs +Options: + --help Print usage + -H, --human Print sizes and dates in human readable format (default true) + --no-trunc Don't truncate output + -q, --quiet Only show numeric IDs +``` To see how the `docker:latest` image was built: diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index b9f80980b0..af21a8197d 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -10,20 +10,24 @@ parent = "smn_cli" # images - Usage: docker images [OPTIONS] [REPOSITORY[:TAG]] +```markdown +Usage: docker images [OPTIONS] [REPOSITORY[:TAG]] - List images +List images - -a, --all Show all images (default hides intermediate images) - --digests Show digests - -f, --filter=[] Filter output based on these conditions: - - dangling=(true|false) - - label= or label== - - before=([:tag]||) - - since=([:tag]||) - --help Print usage - --no-trunc Don't truncate output - -q, --quiet Only show numeric IDs +Options: + -a, --all Show all images (default hides intermediate images) + --digests Show digests + -f, --filter value Filter output based on conditions provided (default []) + - dangling=(true|false) + - label= or label== + - before=([:tag]||) + - since=([:tag]||) + --format string Pretty-print images using a Go template + --help Print usage + --no-trunc Don't truncate output + -q, --quiet Only show numeric IDs +``` The default `docker images` will show all top level images, their repository and tags, and their size. diff --git a/docs/reference/commandline/import.md b/docs/reference/commandline/import.md index d4ca8d5775..2d2c88b4e8 100644 --- a/docs/reference/commandline/import.md +++ b/docs/reference/commandline/import.md @@ -10,15 +10,16 @@ parent = "smn_cli" # import - Usage: docker import file|URL|- [REPOSITORY[:TAG]] +```markdown +Usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]] - Create an empty filesystem image and import the contents of the - tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then - optionally tag it. +Import the contents from a tarball to create a filesystem image - -c, --change=[] Apply specified Dockerfile instructions while importing the image - --help Print usage - -m, --message= Set commit message for imported image +Options: + -c, --change value Apply Dockerfile instruction to the created image (default []) + --help Print usage + -m, --message string Set commit message for imported image +``` You can specify a `URL` or `-` (dash) to take data directly from `STDIN`. The `URL` can point to an archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 21f483c282..88514d1606 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -10,13 +10,14 @@ parent = "smn_cli" # info +```markdown +Usage: docker info - Usage: docker info [OPTIONS] - - Display system-wide information - - --help Print usage +Display system-wide information +Options: + --help Print usage +``` This command displays system wide information regarding the Docker installation. Information displayed includes the kernel version, number of containers and images. diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 34b60fbd46..7ccc7f7392 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -10,15 +10,17 @@ parent = "smn_cli" # inspect - Usage: docker inspect [OPTIONS] CONTAINER|IMAGE|TASK [CONTAINER|IMAGE|TASK...] +```markdown +Usage: docker inspect [OPTIONS] CONTAINER|IMAGE|TASK [CONTAINER|IMAGE|TASK...] - Return low-level information on a container or image or task +Return low-level information on a container, image or task - -f, --format="" Format the output using the given go template - --help Print usage - --type=container|image|task Return JSON for specified type, permissible - values are "image" or "container" or "task" - -s, --size Display total file sizes if the type is container + -f, --format Format the output using the given go template + --help Print usage + -s, --size Display total file sizes if the type is container + values are "image" or "container" or "task + --type Return JSON for specified type, (e.g image, container or task) +``` By default, this will render all results in a JSON array. If the container and image have the same name, this will return container JSON for unspecified type. diff --git a/docs/reference/commandline/kill.md b/docs/reference/commandline/kill.md index 6f20258707..e85ba61657 100644 --- a/docs/reference/commandline/kill.md +++ b/docs/reference/commandline/kill.md @@ -10,12 +10,15 @@ parent = "smn_cli" # kill - Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] +```markdown +Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] - Kill a running container using SIGKILL or a specified signal +Kill one or more running container - --help Print usage - -s, --signal="KILL" Signal to send to the container +Options: + --help Print usage + -s, --signal string Signal to send to the container (default "KILL") +``` The main process inside the container will be sent `SIGKILL`, or any signal specified with option `--signal`. diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index 60f4076c77..be8ed05cf2 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -10,14 +10,17 @@ parent = "smn_cli" # load - Usage: docker load [OPTIONS] +```markdown +Usage: docker load [OPTIONS] - Load an image from a tar archive or STDIN and shows image names or - IDs imported. +Load an image from a tar archive or STDIN - --help Print usage - -i, --input="" Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz - -q, --quiet Suppress the load progress bar but still outputs the imported images +Options: + --help Print usage + -i, --input string Read from tar archive file, instead of STDIN. + The tarball may be compressed with gzip, bzip, or xz + -q, --quiet Suppress the load output but still outputs the imported images +``` Loads a tarred repository from a file or the standard input stream. Restores both images and tags. diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index baff45f8c7..4c5670ea53 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -10,14 +10,17 @@ parent = "smn_cli" # login - Usage: docker login [OPTIONS] [SERVER] +```markdown +Usage: docker login [OPTIONS] [SERVER] - Log in to a Docker registry server, if no server is - specified "https://index.docker.io/v1/" is the default. +Log in to a Docker registry. +If no server is specified, the default is defined by the daemon. - --help Print usage - -p, --password="" Password - -u, --username="" Username +Options: + --help Print usage + -p, --password string Password + -u, --username string Username +``` If you want to login to a self-hosted registry you can specify this by adding the server name. diff --git a/docs/reference/commandline/logout.md b/docs/reference/commandline/logout.md index a3bb40c657..a073b34f88 100644 --- a/docs/reference/commandline/logout.md +++ b/docs/reference/commandline/logout.md @@ -10,12 +10,15 @@ parent = "smn_cli" # logout - Usage: docker logout [SERVER] +```markdown +Usage: docker logout [SERVER] - Log out from a Docker registry, if no server is - specified "https://index.docker.io/v1/" is the default. +Log out from a Docker registry. +If no server is specified, the default is defined by the daemon. - --help Print usage +Options: + --help Print usage +``` For example: diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index dd90c4dcc0..9074311405 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -10,16 +10,19 @@ parent = "smn_cli" # logs - Usage: docker logs [OPTIONS] CONTAINER +```markdown +Usage: docker logs [OPTIONS] CONTAINER - Fetch the logs of a container +Fetch the logs of a container - --details Show extra details provided to logs - -f, --follow Follow log output - --help Print usage - --since="" Show logs since timestamp - -t, --timestamps Show timestamps - --tail="all" Number of lines to show from the end of the logs +Options: + --details Show extra details provided to logs + -f, --follow Follow log output + --help Print usage + --since string Show logs since timestamp + --tail string Number of lines to show from the end of the logs (default "all") + -t, --timestamps Show timestamps +``` > **Note**: this command is available only for containers with `json-file` and > `journald` logging drivers. diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index c6a33ed15e..f60abe574a 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -10,16 +10,19 @@ parent = "smn_cli" # network connect - Usage: docker network connect [OPTIONS] NETWORK CONTAINER +```markdown +Usage: docker network connect [OPTIONS] NETWORK CONTAINER - Connect a container to a network +Connect a container to a network - --alias=[] Add network-scoped alias for the container - --help Print usage - --ip IPv4 Address - --ip6 IPv6 Address - --link=[] Add a link to another container - --link-local-ip=[] IPv4/IPv6 link-local addresses +Options: + --alias value Add network-scoped alias for the container (default []) + --help Print usage + --ip string IP Address + --ip6 string IPv6 Address + --link value Add link to another container (default []) + --link-local-ip value Add a link-local address for the container (default []) +``` Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in diff --git a/docs/reference/commandline/network_disconnect.md b/docs/reference/commandline/network_disconnect.md index 10c4f16ea2..9d0c31580d 100644 --- a/docs/reference/commandline/network_disconnect.md +++ b/docs/reference/commandline/network_disconnect.md @@ -10,13 +10,15 @@ parent = "smn_cli" # network disconnect - Usage: docker network disconnect [OPTIONS] NETWORK CONTAINER +```markdown +Usage: docker network disconnect [OPTIONS] NETWORK CONTAINER +Disconnect a container from a network - Disconnects a container from a network - - -f, --force Force the container to disconnect from a network - --help Print usage +Options: + -f, --force Force the container to disconnect from a network + --help Print usage +``` Disconnects a container from a network. The container must be running to disconnect it from the network. diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 251407e596..e72a5c793f 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -10,12 +10,15 @@ parent = "smn_cli" # network inspect - Usage: docker network inspect [OPTIONS] NETWORK [NETWORK..] +```markdown +Usage: docker network inspect [OPTIONS] NETWORK [NETWORK...] - Displays detailed information on a network +Display detailed information on one or more networks - -f, --format= Format the output using the given go template. - --help Print usage +Options: + -f, --format string Format the output using the given go template + --help Print usage +``` Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network: diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 181db08c44..49614bdaf4 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -10,13 +10,20 @@ parent = "smn_cli" # docker network ls - Usage: docker network ls [OPTIONS] +```markdown +Usage: docker network ls [OPTIONS] - List networks - -f, --filter=[] Filter output based on conditions provided - --help Print usage - --no-trunc Do not truncate the output - -q, --quiet Only display numeric IDs +List networks + +Aliases: + ls, list + +Options: + -f, --filter value Provide filter values (i.e. 'dangling=true') (default []) + --help Print usage + --no-trunc Do not truncate the output + -q, --quiet Only display volume names +``` Lists all the networks the Engine `daemon` knows about. This includes the networks that span across multiple hosts in a cluster, for example: diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index 0653458f9d..ce213b47fe 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -10,11 +10,17 @@ parent = "smn_cli" # network rm - Usage: docker network rm [OPTIONS] NETWORK [NETWORK...] +```markdown +Usage: docker network rm NETWORK [NETWORK]... - Deletes one or more networks +Remove a network - --help Print usage +Aliases: + rm, remove + +Options: + --help Print usage +``` Removes one or more networks by name or identifier. To remove a network, you must first disconnect any containers connected to it. diff --git a/docs/reference/commandline/node_accept.md b/docs/reference/commandline/node_accept.md index 21cb15fc36..73676c086c 100644 --- a/docs/reference/commandline/node_accept.md +++ b/docs/reference/commandline/node_accept.md @@ -10,9 +10,14 @@ parent = "smn_cli" # node accept - Usage: docker node accept NODE [NODE...] +```markdown +Usage: docker node accept NODE [NODE...] - Accept a node in the swarm +Accept a node in the swarm + +Options: + --help Print usage +``` Accept a node into the swarm. This command targets a docker engine that is a manager in the swarm cluster. diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index bf16b9c63b..5d765adfaf 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -10,9 +10,15 @@ parent = "smn_cli" # node demote - Usage: docker node demote NODE [NODE...] +```markdown +Usage: docker node demote NODE [NODE...] - Demote a node as manager in the swarm +Demote a node from manager in the swarm + +Options: + --help Print usage + +``` Demotes an existing manager so that it is no longer a manager. This command targets a docker engine that is a manager in the swarm cluster. diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index cb9b864ee6..982fbec6b6 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -11,14 +11,16 @@ parent = "smn_cli" # node inspect - Usage: docker node inspect [OPTIONS] self|NODE [NODE...] +```markdown +Usage: docker node inspect [OPTIONS] self|NODE [NODE...] - Display detailed information on one or more nodes +Display detailed information on one or more nodes - - -f, --format= Format the output using the given go template. - --help Print usage - -p, --pretty Print the information in a human friendly format. +Options: + -f, --format string Format the output using the given go template + --help Print usage + -p, --pretty Print the information in a human friendly format. +``` Returns information about a node. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 07e16cbe87..fee03cc588 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -11,17 +11,19 @@ parent = "smn_cli" # node ls - Usage: docker node ls [OPTIONS] +```markdown +Usage: docker node ls [OPTIONS] - List nodes in the swarm +List nodes in the swarm - Aliases: - ls, list +Aliases: + ls, list - Options: - -f, --filter value Filter output based on conditions provided - --help Print usage - -q, --quiet Only display IDs +Options: + -f, --filter value Filter output based on conditions provided + --help Print usage + -q, --quiet Only display IDs +``` Lists all the nodes that the Docker Swarm manager knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md index 06c76c2a90..884fee8fc9 100644 --- a/docs/reference/commandline/node_promote.md +++ b/docs/reference/commandline/node_promote.md @@ -10,9 +10,14 @@ parent = "smn_cli" # node promote - Usage: docker node promote NODE [NODE...] +```markdown +Usage: docker node promote NODE [NODE...] - Promote a node as manager in the swarm +Promote a node to a manager in the swarm + +Options: + --help Print usage +``` Promotes a node that is pending a promotion to manager. This command targets a docker engine that is a manager in the swarm cluster. diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index 2a0be57052..f03f8a19ad 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -11,17 +11,21 @@ parent = "smn_cli" # node rm - Usage: docker node rm NODE [NODE...] +```markdown +Usage: docker node rm NODE [NODE...] - Remove a node from the swarm +Remove a node from the swarm - Aliases: - rm, remove +Aliases: + rm, remove - Options: - --help Print usage +Options: + --help Print usage +``` + +Removes specified nodes from a swarm. Rejects nodes with `Pending` +membership from the swarm. -Removes nodes that are specified. Example output: diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_tasks.md index bbfaeca6ea..a5bd175269 100644 --- a/docs/reference/commandline/node_tasks.md +++ b/docs/reference/commandline/node_tasks.md @@ -11,15 +11,17 @@ parent = "smn_cli" # node tasks - Usage: docker node tasks [OPTIONS] NODE +```markdown +Usage: docker node tasks [OPTIONS] self|NODE - List tasks running on a node +List tasks running on a node - Options: - -a, --all Display all instances - -f, --filter value Filter output based on conditions provided +Options: + -a, --all Display all instances + -f, --filter value Filter output based on conditions provided --help Print usage - -n, --no-resolve Do not map IDs to Names + -n, --no-resolve Do not map IDs to Names +``` Lists all the tasks on a Node that Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index b599240da5..32e8582d2c 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -11,16 +11,17 @@ parent = "smn_cli" ## update - Usage: docker node update [OPTIONS] Node +```markdown +Usage: docker node update [OPTIONS] NODE - Update a node +Update a node - Options: +Options: --availability string Availability of the node (active/pause/drain) --help Print usage --membership string Membership of the node (accepted/rejected) --role string Role of the node (worker/manager) - +``` ## Related information diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index 73d3c94935..629c6ed091 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -10,11 +10,14 @@ parent = "smn_cli" # pause - Usage: docker pause [OPTIONS] CONTAINER [CONTAINER...] +```markdown +Usage: docker pause CONTAINER [CONTAINER...] - Pause all processes within a container +Pause all processes within one or more containers - --help Print usage +Options: + --help Print usage +``` The `docker pause` command uses the cgroups freezer to suspend all processes in a container. Traditionally, when suspending a process the `SIGSTOP` signal is diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index dd5998e89f..2ddba071b4 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -11,11 +11,14 @@ parent = "smn_cli" # plugin disable (experimental) - Usage: docker plugin disable PLUGIN +```markdown +Usage: docker plugin disable PLUGIN - Disable a plugin +Disable a plugin - --help Print usage +Options: + --help Print usage +``` Disables a plugin. The plugin must be installed before it can be disabled, see [`docker plugin install`](plugin_install.md). diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index 323882325a..c7370e1818 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -11,11 +11,14 @@ parent = "smn_cli" # plugin enable (experimental) - Usage: docker plugin enable PLUGIN +```markdown +Usage: docker plugin enable PLUGIN - Enable a plugin +Enable a plugin - --help Print usage +Options: + --help Print usage +``` Enables a plugin. The plugin must be installed before it can be enabled, see [`docker plugin install`](plugin_install.md). diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 67d63c236b..8131441a12 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -11,12 +11,14 @@ parent = "smn_cli" # plugin inspect (experimental) - Usage: docker plugin inspect PLUGIN +```markdown +Usage: docker plugin inspect PLUGIN - Return low-level information about a plugin - - --help Print usage +Inspect a plugin +Options: + --help Print usage +``` Returns information about a plugin. By default, this command renders all results in a JSON array. diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 03d089584f..52f222c44c 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -11,11 +11,16 @@ parent = "smn_cli" # plugin install (experimental) - Usage: docker plugin install PLUGIN +```markdown +Usage: docker plugin install PLUGIN [OPTIONS] - Install a plugin +Install a plugin - --help Print usage +Options: + --disable do not enable the plugin on install + --grant-all-permissions grant all permissions necessary to run the plugin + --help Print usage +``` Installs and enables a plugin. Docker looks first for the plugin on your Docker host. If the plugin does not exist locally, then the plugin is pulled from diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index 624807aaad..31ccdb96c0 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -11,14 +11,17 @@ parent = "smn_cli" # plugin ls (experimental) - Usage: docker plugin ls +```markdown +Usage: docker plugin ls - List plugins +List plugins +Aliases: + ls, list + +Options: --help Print usage - - Aliases: - ls, list +``` Lists all the plugins that are currently installed. You can install plugins using the [`docker plugin install`](plugin_install.md) command. diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 5f73b00fee..04dbc674cc 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -11,14 +11,17 @@ parent = "smn_cli" # plugin rm (experimental) - Usage: docker plugin rm PLUGIN +```markdown +Usage: docker plugin rm PLUGIN - Remove a plugin +Remove a plugin - --help Print usage +Aliases: + rm, remove - Aliases: - rm, remove +Options: + --help Print usage +``` Removes a plugin. You cannot remove a plugin if it is active, you must disable a plugin using the [`docker plugin disable`](plugin_disable.md) before removing diff --git a/docs/reference/commandline/port.md b/docs/reference/commandline/port.md index dbfae61039..e8da943c36 100644 --- a/docs/reference/commandline/port.md +++ b/docs/reference/commandline/port.md @@ -10,12 +10,14 @@ parent = "smn_cli" # port - Usage: docker port [OPTIONS] CONTAINER [PRIVATE_PORT[/PROTO]] +```markdown +Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]] - List port mappings for the CONTAINER, or lookup the public-facing port that is - NAT-ed to the PRIVATE_PORT +List port mappings or a specific mapping for the container - --help Print usage +Options: + --help Print usage +``` You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or just a specific mapping: diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index c661c653dc..63aaa56985 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -10,28 +10,31 @@ parent = "smn_cli" # ps - Usage: docker ps [OPTIONS] +```markdown +Usage: docker ps [OPTIONS] - List containers +List containers - -a, --all Show all containers (default shows just running) - -f, --filter=[] Filter output based on these conditions: - - exited= an exit code of - - label= or label== - - status=(created|restarting|running|paused|exited) - - name= a container's name - - id= a container's ID - - before=(|) - - since=(|) - - ancestor=([:tag]||) - containers created from an image or a descendant. - - volume=(|) - --format=[] Pretty-print containers using a Go template - --help Print usage - -l, --latest Show the latest created container (includes all states) - -n=-1 Show n last created containers (includes all states) - --no-trunc Don't truncate output - -q, --quiet Only display numeric IDs - -s, --size Display total file sizes +Options: + -a, --all Show all containers (default shows just running) + -f, --filter value Filter output based on conditions provided (default []) + - exited= an exit code of + - label= or label== + - status=(created|restarting|running|paused|exited) + - name= a container's name + - id= a container's ID + - before=(|) + - since=(|) + - ancestor=([:tag]||) + containers created from an image or a descendant. + --format string Pretty-print containers using a Go template + --help Print usage + -n, --last int Show n last created containers (includes all states) (default -1) + -l, --latest Show the latest created container (includes all states) + --no-trunc Don't truncate output + -q, --quiet Only display numeric IDs + -s, --size Display total file sizes +``` Running `docker ps --no-trunc` showing 2 linked containers. diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 01abc9590c..f10c134863 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -10,13 +10,16 @@ parent = "smn_cli" # pull - Usage: docker pull [OPTIONS] NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] +```markdown +Usage: docker pull [OPTIONS] NAME[:TAG|@DIGEST] - Pull an image or a repository from the registry +Pull an image or a repository from a registry - -a, --all-tags Download all tagged images in the repository - --disable-content-trust=true Skip image verification - --help Print usage +Options: + -a, --all-tags Download all tagged images in the repository + --disable-content-trust Skip image verification (default true) + --help Print usage +``` Most of your images will be created on top of a base image from the [Docker Hub](https://hub.docker.com) registry. diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 1e617865df..42601ed1bb 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -10,12 +10,15 @@ parent = "smn_cli" # push - Usage: docker push [OPTIONS] NAME[:TAG] +```markdown +Usage: docker push [OPTIONS] NAME[:TAG] - Push an image or a repository to the registry +Push an image or a repository to a registry - --disable-content-trust=true Skip image signing - --help Print usage +Options: + --disable-content-trust Skip image verification (default true) + --help Print usage +``` Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) registry or to a self-hosted one. diff --git a/docs/reference/commandline/rename.md b/docs/reference/commandline/rename.md index 3e2b370387..11bf5d0a14 100644 --- a/docs/reference/commandline/rename.md +++ b/docs/reference/commandline/rename.md @@ -10,10 +10,13 @@ parent = "smn_cli" # rename - Usage: docker rename [OPTIONS] OLD_NAME NEW_NAME +```markdown +Usage: docker rename OLD_NAME NEW_NAME - Rename a container +Rename a container - --help Print usage +Options: + --help Print usage +``` The `docker rename` command allows the container to be renamed to a different name. diff --git a/docs/reference/commandline/restart.md b/docs/reference/commandline/restart.md index 5e6633c8cf..661e16d4de 100644 --- a/docs/reference/commandline/restart.md +++ b/docs/reference/commandline/restart.md @@ -10,9 +10,12 @@ parent = "smn_cli" # restart - Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...] +```markdown +Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...] - Restart a container +Restart a container - --help Print usage - -t, --time=10 Seconds to wait for stop before killing the container +Options: + --help Print usage + -t, --time int Seconds to wait for stop before killing the container (default 10) +``` diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index bf615b55b8..319ef4dbbc 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -10,14 +10,17 @@ parent = "smn_cli" # rm - Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...] +```markdown +Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...] - Remove one or more containers +Remove one or more containers - -f, --force Force the removal of a running container (uses SIGKILL) - --help Print usage - -l, --link Remove the specified link - -v, --volumes Remove the volumes associated with the container +Options: + -f, --force Force the removal of a running container (uses SIGKILL) + --help Print usage + -l, --link Remove the specified link + -v, --volumes Remove the volumes associated with the container +``` ## Examples diff --git a/docs/reference/commandline/rmi.md b/docs/reference/commandline/rmi.md index f02734e8b4..328d9fe140 100644 --- a/docs/reference/commandline/rmi.md +++ b/docs/reference/commandline/rmi.md @@ -10,13 +10,16 @@ parent = "smn_cli" # rmi - Usage: docker rmi [OPTIONS] IMAGE [IMAGE...] +```markdown +Usage: docker rmi [OPTIONS] IMAGE [IMAGE...] - Remove one or more images +Remove one or more images - -f, --force Force removal of the image - --help Print usage - --no-prune Do not delete untagged parents +Options: + -f, --force Force removal of the image + --help Print usage + --no-prune Do not delete untagged parents +``` You can remove an image using its short or long ID, its tag, or its digest. If an image has one or more tag referencing it, you must remove all of them before diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 84ab8890c6..d454a6183a 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -10,109 +10,120 @@ parent = "smn_cli" # run - Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] +```markdown +Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] - Run a command in a new container +Run a command in a new container - -a, --attach=[] Attach to STDIN, STDOUT or STDERR - --add-host=[] Add a custom host-to-IP mapping (host:ip) - --blkio-weight=0 Block IO weight (relative weight) - --blkio-weight-device=[] Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`) - --cpu-shares=0 CPU shares (relative weight) - --cap-add=[] Add Linux capabilities - --cap-drop=[] Drop Linux capabilities - --cgroup-parent="" Optional parent cgroup for the container - --cidfile="" Write the container ID to the file - --cpu-percent=0 Limit percentage of CPU available for execution by the container. Windows daemon only. - --cpu-period=0 Limit CPU CFS (Completely Fair Scheduler) period - --cpu-quota=0 Limit CPU CFS (Completely Fair Scheduler) quota - --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) - --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) - -d, --detach Run container in background and print container ID - --detach-keys Specify the escape key sequence used to detach a container - --device=[] Add a host device to the container - --device-read-bps=[] Limit read rate (bytes per second) from a device (e.g., --device-read-bps=/dev/sda:1mb) - --device-read-iops=[] Limit read rate (IO per second) from a device (e.g., --device-read-iops=/dev/sda:1000) - --device-write-bps=[] Limit write rate (bytes per second) to a device (e.g., --device-write-bps=/dev/sda:1mb) - --device-write-iops=[] Limit write rate (IO per second) to a device (e.g., --device-write-bps=/dev/sda:1000) - --disable-content-trust=true Skip image verification - --dns=[] Set custom DNS servers - --dns-opt=[] Set custom DNS options - --dns-search=[] Set custom DNS search domains - -e, --env=[] Set environment variables - --entrypoint="" Overwrite the default ENTRYPOINT of the image - --env-file=[] Read in a file of environment variables - --expose=[] Expose a port or a range of ports - --group-add=[] Add additional groups to run as - -h, --hostname="" Container host name +Options: + --add-host value Add a custom host-to-IP mapping (host:ip) (default []) + -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) + --blkio-weight value Block IO (relative weight), between 10 and 1000 + --blkio-weight-device value Block IO weight (relative device weight) (default []) + --cap-add value Add Linux capabilities (default []) + --cap-drop value Drop Linux capabilities (default []) + --cgroup-parent string Optional parent cgroup for the container + --cidfile string Write the container ID to the file + --cpu-percent int CPU percent (Windows only) + --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period + --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota + -c, --cpu-shares int CPU shares (relative weight) + --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) + -d, --detach Run container in background and print container ID + --detach-keys string Override the key sequence for detaching a container + --device value Add a host device to the container (default []) + --device-read-bps value Limit read rate (bytes per second) from a device (default []) + --device-read-iops value Limit read rate (IO per second) from a device (default []) + --device-write-bps value Limit write rate (bytes per second) to a device (default []) + --device-write-iops value Limit write rate (IO per second) to a device (default []) + --disable-content-trust Skip image verification (default true) + --dns value Set custom DNS servers (default []) + --dns-opt value Set DNS options (default []) + --dns-search value Set custom DNS search domains (default []) + --entrypoint string Overwrite the default ENTRYPOINT of the image + -e, --env value Set environment variables (default []) + --env-file value Read in a file of environment variables (default []) + --expose value Expose a port or a range of ports (default []) + --group-add value Add additional groups to join (default []) + --health-cmd string Command to run to check health + --health-interval duration Time between running the check + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration Maximum time to allow one check to run --help Print usage - -i, --interactive Keep STDIN open even if not attached - --ip="" Container IPv4 address (e.g. 172.30.100.104) - --ip6="" Container IPv6 address (e.g. 2001:db8::33) - --ipc="" IPC namespace to use - --isolation="" Container isolation technology - --kernel-memory="" Kernel memory limit - -l, --label=[] Set metadata on the container (e.g., --label=com.example.key=value) - --label-file=[] Read in a file of labels (EOL delimited) - --link=[] Add link to another container - --link-local-ip=[] Container IPv4/IPv6 link-local addresses (e.g. 169.254.0.77, fe80::77) - --log-driver="" Logging driver for container - --log-opt=[] Log driver specific options - -m, --memory="" Memory limit - --mac-address="" Container MAC address (e.g. 92:d0:c6:0a:29:33) - --io-maxbandwidth="" Maximum IO bandwidth limit for the system drive + -h, --hostname string Container host name + -i, --interactive Keep STDIN open even if not attached + --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) (Windows only). The format is ``. Unit is optional and can be `b` (bytes per second), `k` (kilobytes per second), `m` (megabytes per second), or `g` (gigabytes per second). If you omit the unit, the system uses bytes per second. --io-maxbandwidth and --io-maxiops are mutually exclusive options. - --io-maxiops=0 Maximum IO per second limit for the system drive (Windows only). - --io-maxbandwidth and --io-maxiops are mutually exclusive options. - --memory-reservation="" Memory soft limit - --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap. - --memory-swappiness="" Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. - --name="" Assign a name to the container - --net="bridge" Connect a container to a network + --io-maxiops uint Maximum IOps limit for the system drive (Windows only) + --ip string Container IPv4 address (e.g. 172.30.100.104) + --ip6 string Container IPv6 address (e.g. 2001:db8::33) + --ipc string IPC namespace to use + --isolation string Container isolation technology + --kernel-memory string Kernel memory limit + -l, --label value Set meta data on a container (default []) + --label-file value Read in a line delimited file of labels (default []) + --link value Add link to another container (default []) + --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) + --log-driver string Logging driver for container + --log-opt value Log driver options (default []) + --mac-address string Container MAC address (e.g. 92:d0:c6:0a:29:33) + -m, --memory string Memory limit + --memory-reservation string Memory soft limit + --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap + --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1). + --name string Assign a name to the container + --net string Connect a container to a network (default "default") 'bridge': create a network stack on the default Docker bridge 'none': no networking 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network - --net-alias=[] Add network-scoped alias for the container - --oom-kill-disable Whether to disable OOM Killer for the container or not - --oom-score-adj=0 Tune the host's OOM preferences for containers (accepts -1000 to 1000) - -P, --publish-all Publish all exposed ports to random ports - -p, --publish=[] Publish a container's port(s) to the host - --pid="" PID namespace to use - --pids-limit=-1 Tune container pids limit (set -1 for unlimited), kernel >= 4.3 + --net-alias value Add network-scoped alias for the container (default []) + --no-healthcheck Disable any container-specified HEALTHCHECK + --oom-kill-disable Disable OOM Killer + --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) + --pid string PID namespace to use + --pids-limit int Tune container pids limit (set -1 for unlimited) --privileged Give extended privileges to this container + -p, --publish value Publish a container's port(s) to the host (default []) + -P, --publish-all Publish all exposed ports to random ports --read-only Mount the container's root filesystem as read only - --restart="no" Restart policy (no, on-failure[:max-retry], always, unless-stopped) + --restart string Restart policy to apply when a container exits (default "no") + Possible values are : no, on-failuer[:max-retry], always, unless-stopped --rm Automatically remove the container when it exits - --runtime="" Name of the runtime to be used for that container - --shm-size=[] Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. - --security-opt=[] Security Options - --sig-proxy=true Proxy received signals to the process - --stop-signal="SIGTERM" Signal to stop a container - --storage-opt=[] Set storage driver options per container - --sysctl[=*[]*]] Configure namespaced kernel parameters at runtime - -t, --tty Allocate a pseudo-TTY - -u, --user="" Username or UID (format: [:]) - --userns="" Container user namespace + --runtime string Runtime to use for this container + --security-opt value Security Options (default []) + --shm-size string Size of /dev/shm, default value is 64MB. + The format is ``. `number` must be greater than `0`. + Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), + or `g` (gigabytes). If you omit the unit, the system uses bytes. + --sig-proxy Proxy received signals to the process (default true) + --stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM") + --storage-opt value Set storage driver options per container (default []) + --sysctl value Sysctl options (default map[]) + --tmpfs value Mount a tmpfs directory (default []) + -t, --tty Allocate a pseudo-TTY + --ulimit value Ulimit options (default []) + -u, --user string Username or UID (format: [:]) + --userns string User namespace to use 'host': Use the Docker host user namespace '': Use the Docker daemon user namespace specified by `--userns-remap` option. - --ulimit=[] Ulimit options - --uts="" UTS namespace to use - -v, --volume=[host-src:]container-dest[:] - Bind mount a volume. The comma-delimited + --uts string UTS namespace to use + -v, --volume value Bind mount a volume (default []). The comma-delimited `options` are [rw|ro], [z|Z], [[r]shared|[r]slave|[r]private], and [nocopy]. The 'host-src' is an absolute path or a name value. - --volume-driver="" Container's volume driver - --volumes-from=[] Mount volumes from the specified container(s) - -w, --workdir="" Working directory inside the container + --volume-driver string Optional volume driver for the container + --volumes-from value Mount volumes from the specified container(s) (default []) + -w, --workdir string Working directory inside the container +``` The `docker run` command first `creates` a writeable container layer over the specified image, and then `starts` it using the specified command. That is, diff --git a/docs/reference/commandline/save.md b/docs/reference/commandline/save.md index 23fc671210..f7d1fdedcb 100644 --- a/docs/reference/commandline/save.md +++ b/docs/reference/commandline/save.md @@ -10,12 +10,15 @@ parent = "smn_cli" # save - Usage: docker save [OPTIONS] IMAGE [IMAGE...] +```markdown +Usage: docker save [OPTIONS] IMAGE [IMAGE...] - Save one or more images to a tar archive (streamed to STDOUT by default) +Save one or more images to a tar archive (streamed to STDOUT by default) - --help Print usage - -o, --output="" Write to a file, instead of STDOUT +Options: + --help Print usage + -o, --output string Write to a file, instead of STDOUT +``` Produces a tarred repository to the standard output stream. Contains all parent layers, and all tags + versions, or specified `repo:tag`, for diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 672ff7554a..988db8bf1f 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -10,17 +10,20 @@ parent = "smn_cli" # search - Usage: docker search [OPTIONS] TERM +```markdown +Usage: docker search [OPTIONS] TERM - Search the Docker Hub for images +Search the Docker Hub for images - --filter=[] Filter output based on these conditions: - - is-automated=(true|false) - - is-official=(true|false) - - stars= - image has at least 'number' stars - --help Print usage - --limit=25 Maximum returned search results - --no-trunc Don't truncate output +Options: + -f, --filter value Filter output based on conditions provided (default []) + - is-automated=(true|false) + - is-official=(true|false) + - stars= - image has at least 'number' stars + --help Print usage + --limit int Max number of search results (default 25) + --no-trunc Don't truncate output +``` Search [Docker Hub](https://hub.docker.com) for images diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 10f4aefd7c..c4abf42644 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -12,7 +12,7 @@ parent = "smn_cli" # service create ```Markdown -Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] +Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] Create a new service @@ -29,6 +29,7 @@ Options: --name string Service name --network value Network attachments (default []) -p, --publish value Publish a port as a node port (default []) + --registry-auth Send registry authentication details to Swarm agents --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) --reserve-memory value Reserve Memory (default 0 B) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 73fe6b83fb..a010a4c088 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -12,7 +12,7 @@ parent = "smn_cli" # service inspect ```Markdown -Usage: docker service inspect [OPTIONS] SERVICE [SERVICE...] +Usage: docker service inspect [OPTIONS] SERVICE [SERVICE...] Display detailed information on one or more services diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 9f2cc2ce12..491a7928fd 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -12,8 +12,6 @@ parent = "smn_cli" # service ls ```Markdown -docker service ls --help - Usage: docker service ls [OPTIONS] List services diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index 0180f08a77..64317a106b 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -11,13 +11,14 @@ parent = "smn_cli" # service scale - Usage: docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...] +```markdown +Usage: docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...] - Scale one or multiple services - - Options: - --help Print usage +Scale one or multiple services +Options: + --help Print usage +``` ## Examples diff --git a/docs/reference/commandline/service_tasks.md b/docs/reference/commandline/service_tasks.md index 454a0edf63..5e3154c4d0 100644 --- a/docs/reference/commandline/service_tasks.md +++ b/docs/reference/commandline/service_tasks.md @@ -53,8 +53,8 @@ bk658fpbex0d57cqcwoe3jthu redis.2 redis redis:3.0.6 Running 9 seconds Ru The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). -Multiple filter flags are combined as an `OR` filter. For example, -`-f type=custom -f type=builtin` returns both `custom` and `builtin` networks. +Multiple filter flags are combined as an `OR` filter. For example, +`-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks. The currently supported filters are: diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index c0da447c1e..4aa003e640 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -12,7 +12,7 @@ parent = "smn_cli" # service update ```Markdown -Usage: docker service update [OPTIONS] SERVICE +Usage: docker service update [OPTIONS] SERVICE Update a service @@ -27,11 +27,11 @@ Options: -l, --label value Service labels (default []) --limit-cpu value Limit CPUs (default 0.000) --limit-memory value Limit Memory (default 0 B) - --mode string Service mode (replicated or global) (default "replicated") -m, --mount value Attach a mount to the service --name string Service name --network value Network attachments (default []) -p, --publish value Publish a port as a node port (default []) + --registry-auth Send registry authentication details to Swarm agents --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) --reserve-memory value Reserve Memory (default 0 B) diff --git a/docs/reference/commandline/start.md b/docs/reference/commandline/start.md index 156a2aae08..72ff7e1002 100644 --- a/docs/reference/commandline/start.md +++ b/docs/reference/commandline/start.md @@ -10,11 +10,14 @@ parent = "smn_cli" # start - Usage: docker start [OPTIONS] CONTAINER [CONTAINER...] +```markdown +Usage: docker start [OPTIONS] CONTAINER [CONTAINER...] - Start one or more containers +Start one or more stopped containers - -a, --attach Attach STDOUT/STDERR and forward signals - --detach-keys Specify the escape key sequence used to detach a container - --help Print usage - -i, --interactive Attach container's STDIN +Options: + -a, --attach Attach STDOUT/STDERR and forward signals + --detach-keys string Override the key sequence for detaching a container + --help Print usage + -i, --interactive Attach container's STDIN +``` diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index d46a94e3a2..3e1a5c4ccc 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -10,13 +10,16 @@ parent = "smn_cli" # stats - Usage: docker stats [OPTIONS] [CONTAINER...] +```markdown +Usage: docker stats [OPTIONS] [CONTAINER...] - Display a live stream of one or more containers' resource usage statistics +Display a live stream of container(s) resource usage statistics - -a, --all Show all containers (default shows just running) - --help Print usage - --no-stream Disable streaming stats and only pull the first result +Options: + -a, --all Show all containers (default shows just running) + --help Print usage + --no-stream Disable streaming stats and only pull the first result +``` The `docker stats` command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data. diff --git a/docs/reference/commandline/stop.md b/docs/reference/commandline/stop.md index 1fb376eaf7..662255846f 100644 --- a/docs/reference/commandline/stop.md +++ b/docs/reference/commandline/stop.md @@ -10,13 +10,15 @@ parent = "smn_cli" # stop - Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] +```markdown +Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...] - Stop a container by sending SIGTERM and then SIGKILL after a - grace period +Stop one or more running containers - --help Print usage - -t, --time=10 Seconds to wait for stop before killing it +Options: + --help Print usage + -t, --time int Seconds to wait for stop before killing it (default 10) +``` The main process inside the container will receive `SIGTERM`, and after a grace period, `SIGKILL`. diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index e0f195bbd3..71eaab87bc 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -11,17 +11,22 @@ parent = "smn_cli" # swarm init - Usage: docker swarm init [OPTIONS] +```markdown +Usage: docker swarm init [OPTIONS] - Initialize a Swarm. +Initialize a Swarm - Options: - --auto-accept value Acceptance policy (default [worker,manager]) - --external-ca value Specifications of one or more certificate signing endpoints - --force-new-cluster Force create a new cluster from current state. - --help Print usage - --listen-addr value Listen address (default 0.0.0.0:2377) - --secret string Set secret value needed to accept nodes into cluster +Options: + --auto-accept value Auto acceptance policy (worker, manager or none) + --cert-expiry duration Validity period for node certificates (default 2160h0m0s) + --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) + --external-ca value Specifications of one or more certificate signing endpoints + --force-new-cluster Force create a new cluster from current state. + --help Print usage + --listen-addr value Listen address (default 0.0.0.0:2377) + --secret string Set secret value needed to accept nodes into cluster + --task-history-limit int Task history retention limit (default 10) +``` Initialize a Swarm cluster. The docker engine targeted by this command becomes a manager in the newly created one node Swarm cluster. @@ -61,6 +66,15 @@ For example, the following initializes a cluster with auto-acceptance of workers $ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker ``` +### `--cert-expiry` + +This flag sets the validity period for node certificates. + +### `--dispatcher-heartbeat` + +This flags sets the frequency with which nodes are told to use as a +period to report their health. + ### `--external-ca value` This flag sets up the swarm to use an external CA to issue node certificates. The value takes @@ -80,6 +94,10 @@ The node listens for inbound Swarm manager traffic on this IP:PORT Secret value needed to accept nodes into the Swarm +### `--task-history-limit` + +This flag sets up task history retention limit. + ## Related information * [swarm join](swarm_join.md) diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index b9276e1e6a..0499b10894 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -11,15 +11,18 @@ parent = "smn_cli" # swarm join - Usage: docker swarm join [OPTIONS] HOST:PORT +```markdown +Usage: docker swarm join [OPTIONS] HOST:PORT - Join a Swarm as a node and/or manager. +Join a Swarm as a node and/or manager - Options: - --help Print usage - --listen-addr value Listen address (default 0.0.0.0:2377) - --manager Try joining as a manager. - --secret string Secret for node acceptance +Options: + --ca-hash string Hash of the Root Certificate Authority certificate used for trusted join + --help Print usage + --listen-addr value Listen address (default 0.0.0.0:2377) + --manager Try joining as a manager. + --secret string Secret for node acceptance +``` Join a node to a Swarm cluster. If the `--manager` flag is specified, the docker engine targeted by this command becomes a `manager`. If it is not specified, it becomes a `worker`. @@ -47,14 +50,18 @@ dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachab dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes ``` -### `--manager` +### `--ca-hash` -Joins the node as a manager +Hash of the Root Certificate Authority certificate used for trusted join. ### `--listen-addr value` The node listens for inbound Swarm manager traffic on this IP:PORT +### `--manager` + +Joins the node as a manager + ### `--secret string` Secret value required for nodes to join the swarm diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 6f307cfeab..ffae0d6ab1 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -11,12 +11,15 @@ parent = "smn_cli" # swarm leave - Usage: docker swarm leave +```markdown +Usage: docker swarm leave [OPTIONS] - Leave a Swarm swarm. +Leave a Swarm - Options: - --help Print usage +Options: + --force Force leave ignoring warnings. + --help Print usage +``` This command causes the node to leave the swarm. diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 4a48e00b67..8ab715e278 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -11,17 +11,20 @@ parent = "smn_cli" # swarm update - Usage: docker swarm update [OPTIONS] +```markdown +Usage: docker swarm update [OPTIONS] - Update the Swarm. +Update the Swarm - Options: - --auto-accept value Auto acceptance policy (worker, manager or none) - --external-ca value Specifications of one or more certificate signing endpoints - --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) - --help Print usage - --secret string Set secret value needed to accept nodes into cluster - --task-history-limit int Task history retention limit (default 10) +Options: + --auto-accept value Auto acceptance policy (worker, manager or none) + --cert-expiry duration Validity period for node certificates (default 2160h0m0s) + --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) + --external-ca value Specifications of one or more certificate signing endpoints + --help Print usage + --secret string Set secret value needed to accept nodes into cluster + --task-history-limit int Task history retention limit (default 10) +``` Updates a Swarm cluster with new parameter values. This command must target a manager node. diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 47cc58c4e5..60692958f1 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -10,11 +10,14 @@ parent = "smn_cli" # tag - Usage: docker tag [OPTIONS] NAME[:TAG] NAME[:TAG] +```markdown +Usage: docker tag IMAGE[:TAG] IMAGE[:TAG] - Tag an image into a repository +Tag an image into a repository - --help Print usage +Options: + --help Print usage +``` An image name is made up of slash-separated name components, optionally prefixed by a registry hostname. The hostname must comply with standard DNS rules, but diff --git a/docs/reference/commandline/top.md b/docs/reference/commandline/top.md index 2bff2fdb47..291f96ce09 100644 --- a/docs/reference/commandline/top.md +++ b/docs/reference/commandline/top.md @@ -10,8 +10,11 @@ parent = "smn_cli" # top - Usage: docker top [OPTIONS] CONTAINER [ps OPTIONS] +```markdown +Usage: docker top CONTAINER [ps OPTIONS] - Display the running processes of a container +Display the running processes of a container - --help Print usage +Options: + --help Print usage +``` diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index c5920f435c..e5c9d506e0 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -10,11 +10,14 @@ parent = "smn_cli" # unpause - Usage: docker unpause [OPTIONS] CONTAINER [CONTAINER...] +```markdown +Usage: docker unpause CONTAINER [CONTAINER...] - Unpause all processes within a container +Unpause all processes within one or more containers - --help Print usage +Options: + --help Print usage +``` The `docker unpause` command uses the cgroups freezer to un-suspend all processes in a container. diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index 24fb1f290d..4ad4dc9e62 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -10,22 +10,25 @@ parent = "smn_cli" ## update - Usage: docker update [OPTIONS] CONTAINER [CONTAINER...] +```markdown +Usage: docker update [OPTIONS] CONTAINER [CONTAINER...] - Update configuration of one or more containers +Update configuration of one or more containers - --help=false Print usage - --blkio-weight=0 Block IO (relative weight), between 10 and 1000 - --cpu-shares=0 CPU shares (relative weight) - --cpu-period=0 Limit the CPU CFS (Completely Fair Scheduler) period - --cpu-quota=0 Limit the CPU CFS (Completely Fair Scheduler) quota - --cpuset-cpus="" CPUs in which to allow execution (0-3, 0,1) - --cpuset-mems="" Memory nodes (MEMs) in which to allow execution (0-3, 0,1) - -m, --memory="" Memory limit - --memory-reservation="" Memory soft limit - --memory-swap="" A positive integer equal to memory plus swap. Specify -1 to enable unlimited swap - --kernel-memory="" Kernel memory limit: container must be stopped - --restart Restart policy to apply when a container exits +Options: + --blkio-weight value Block IO (relative weight), between 10 and 1000 + --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period + --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota + -c, --cpu-shares int CPU shares (relative weight) + --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) + --help Print usage + --kernel-memory string Kernel memory limit + -m, --memory string Memory limit + --memory-reservation string Memory soft limit + --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap + --restart string Restart policy to apply when a container exits +``` The `docker update` command dynamically updates container configuration. You can use this command to prevent containers from consuming too many resources diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index 14fac17e29..e650e41a2d 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -10,12 +10,15 @@ parent = "smn_cli" # version - Usage: docker version [OPTIONS] +```markdown +Usage: docker version [OPTIONS] - Show the Docker version information. +Show the Docker version information - -f, --format="" Format the output using the given go template - --help Print usage +Options: + -f, --format string Format the output using the given go template + --help Print usage +``` By default, this will render all version information in an easy to read layout. If a format is specified, the given template will be executed instead. diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index e1f642fbf7..56c8a5fcc0 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -10,15 +10,18 @@ parent = "smn_cli" # volume create - Usage: docker volume create [OPTIONS] +```markdown +Usage: docker volume create [OPTIONS] - Create a volume +Create a volume - -d, --driver=local Specify volume driver name - --help Print usage - --label=[] Set metadata for a volume - --name= Specify volume name - -o, --opt=map[] Set driver specific options +Options: + -d, --driver string Specify volume driver name (default "local") + --help Print usage + --label value Set metadata for a volume (default []) + --name string Specify volume name + -o, --opt value Set driver specific options (default map[]) +``` Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index d8b7702360..fac9438e3d 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -10,12 +10,15 @@ parent = "smn_cli" # volume inspect - Usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...] +```markdown +Usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...] - Display detailed information on one or more volumes +Display detailed information on one or more volumes - -f, --format= Format the output using the given go template. - --help Print usage +Options: + -f, --format string Format the output using the given go template + --help Print usage +``` Returns information about a volume. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 12ed40c401..cdeea42e8c 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -10,16 +10,22 @@ parent = "smn_cli" # volume ls - Usage: docker volume ls [OPTIONS] +```markdown +Usage: docker volume ls [OPTIONS] - List volumes +List volumes - -f, --filter=[] Filter output based on these conditions: - - dangling= a volume if referenced or not - - driver= a volume's driver name - - name= a volume's name - --help Print usage - -q, --quiet Only display volume names +Aliases: + ls, list + +Options: + -f, --filter value Provide filter values (i.e. 'dangling=true') (default []) + - dangling= a volume if referenced or not + - driver= a volume's driver name + - name= a volume's name + --help Print usage + -q, --quiet Only display volume names +``` Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index c163ddf680..1760a5d905 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -10,11 +10,17 @@ parent = "smn_cli" # volume rm - Usage: docker volume rm [OPTIONS] VOLUME [VOLUME...] +```markdown +Usage: docker volume rm VOLUME [VOLUME]... - Remove a volume +Remove a volume - --help Print usage +Aliases: + rm, remove + +Options: + --help Print usage +``` Removes one or more volumes. You cannot remove a volume that is in use by a container. diff --git a/docs/reference/commandline/wait.md b/docs/reference/commandline/wait.md index 5cd9a7b9f6..b10f6a1a21 100644 --- a/docs/reference/commandline/wait.md +++ b/docs/reference/commandline/wait.md @@ -10,8 +10,11 @@ parent = "smn_cli" # wait - Usage: docker wait [OPTIONS] CONTAINER [CONTAINER...] +```markdown +Usage: docker wait CONTAINER [CONTAINER...] - Block until a container stops, then print its exit code. +Block until a container stops, then print its exit code - --help Print usage +Options: + --help Print usage +``` From 59e2c5754026ec93e422833dfa4d8f065537b66b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 7 Jul 2016 14:22:12 -0700 Subject: [PATCH 1537/2538] add iptables=false to docs for multiple daemons Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 5eb79c4c0b..a881b62ac6 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1154,6 +1154,7 @@ The following daemon options must be configured for each daemon: -g, --graph=/var/lib/docker Root of the Docker runtime -p, --pidfile=/var/run/docker.pid Path to use for daemon PID file -H, --host=[] Daemon socket(s) to connect to +--iptables=true Enable addition of iptables rules --config-file=/etc/docker/daemon.json Daemon configuration file --tlscacert="~/.docker/ca.pem" Trust certs signed only by this CA --tlscert="~/.docker/cert.pem" Path to TLS certificate file @@ -1172,6 +1173,10 @@ set this parameter separately for each daemon. - `-p, --pidfile=/var/run/docker.pid` is the path where the process ID of the daemon is stored. Specify the path for your pid file here. - `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`. +- `--iptables=false` prevents the Docker daemon from adding iptables rules. If + multiple daemons manage iptables rules, they may overwrite rules set by + another daemon. Be aware that disabling this option requires you to manually + add iptables rules to expose container ports. - `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of daemon flags. Specify the path for each daemon. - `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections. From bf31e188d9313a56e232d708cbe5b78ea6a0523c Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Thu, 7 Jul 2016 16:57:46 -0700 Subject: [PATCH 1538/2538] add constraint to service create ref Signed-off-by: Charles Smith --- docs/reference/commandline/service_create.md | 31 ++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index c4abf42644..99d4e7ddc2 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -94,7 +94,7 @@ ID NAME REPLICAS IMAGE COMMAND ``` -### Create a service with a rolling update constraints +### Create a service with a rolling update policy ```bash @@ -133,7 +133,7 @@ $ docker service create \ For more information about labels, refer to [apply custom metadata](../../userguide/labels-custom-metadata.md) -### Service mode +### Set service mode Is this a replicated service or a global service. A replicated service runs as many tasks as specified, while a global service runs on each active node in the @@ -145,6 +145,33 @@ The following command creates a "global" service: $ docker service create --name redis_2 --mode global redis:3.0.6 ``` +### Specify service constraints + +You can limit the set of nodes where a task can be scheduled by defining +constraint expressions. Multiple constraints find nodes that satisfy every +expression (AND match). Constraints can match node or Docker Engine labels as +follows: + +| node attribute | matches | example | +|:------------- |:-------------| :---------------------------------------------| +| node.id | node ID | `node.id == 2ivku8v2gvtg4` | +| node.hostname | node hostname | `node.hostname != node-2` | +| node.role | node role: manager | `node.role == manager` | +| node.labels | user defined node labels | `node.labels.security == high` | +| engine.labels | Docker Engine's labels | `engine.labels.operatingsystem == ubuntu 14.04`| + +`engine.labels` apply to Docker Engine labels like operating system, +drivers, etc. Swarm administrators add `node.labels` for operational purposes by +using the `docker node update` command. + +For example, the following limits tasks for the redis service to nodes where the +node type label equals queue: + +```bash +$ docker service create \ + --name redis_2 \ + --constraint node.labels.type == queue +``` ## Related information From e417618387fd69f1761a146b593edea6da24ff03 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 29 Jun 2016 04:05:29 -0700 Subject: [PATCH 1539/2538] bash completion for `docker {service,node}` filters Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 172 ++++++++++++++++++++++++--------- 1 file changed, 129 insertions(+), 43 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 6d58ddd9ce..fac0e77af3 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -197,53 +197,74 @@ __docker_complete_runtimes() { COMPREPLY=( $(compgen -W "$(__docker_runtimes)" -- "$cur") ) } +# Returns a list of all nodes. Additional arguments to `docker node` +# may be specified in order to filter the node list, e.g. +# `__docker_nodes --filter role=manager` +# An optional first argument `--id|--name` may be used to limit +# the output to the IDs or names of matching nodes. __docker_nodes() { - local fields='$1,$2' # node names & IDs - __docker_q node ls | sed -e 's/\*//g' | awk "NR>1 {print $fields}" + local fields='$1,$2' # default: node IDs & names + if [ "$1" = "--id" ] ; then + fields='$1' # IDs only + shift + elif [ "$1" = "--name" ] ; then + fields='$2' # names only + shift + fi + __docker_q node ls "$@" | tr -d '*' | awk "NR>1 {print $fields}" } +# Applies completion of nodes based on the current value of `$cur` or +# the value of the optional first argument `--cur`, if given. +# Additional filters may be appended, see `__docker_nodes`. __docker_complete_nodes() { - COMPREPLY=( $(compgen -W "$(__docker_nodes $1)" -- "$cur") ) + local current=$cur + if [ "$1" = "--cur" ] ; then + current="$2" + shift 2 + fi + COMPREPLY=( $(compgen -W "$(__docker_nodes "$@")" -- "$current") ) } __docker_complete_nodes_plus_self() { - COMPREPLY=( $(compgen -W "$(__docker_nodes $1) self" -- "$cur") ) -} - -__docker_pending_nodes() { - local fields='$1' # node ID - __docker_q node ls --filter membership=pending | awk "NR>1 {print $fields}" -} - -__docker_complete_pending_nodes() { - COMPREPLY=( $(compgen -W "$(__docker_pending_nodes $1)" -- "$cur") ) -} - -__docker_manager_nodes() { - local fields='$1,$2' # node names & IDs - __docker_q node ls --filter role=manager | awk "NR>1 {print $fields}" -} - -__docker_complete_manager_nodes() { - COMPREPLY=( $(compgen -W "$(__docker_manager_nodes $1)" -- "$cur") ) -} - -__docker_worker_nodes() { - local fields='$1,$2' # node names & IDs - __docker_q node ls --filter role=worker | awk "NR>1 {print $fields}" -} - -__docker_complete_worker_nodes() { - COMPREPLY=( $(compgen -W "$(__docker_worker_nodes $1)" -- "$cur") ) + __docker_complete_nodes "$@" + COMPREPLY+=( self ) } +# Returns a list of all services. Additional arguments to `docker service ls` +# may be specified in order to filter the service list, e.g. +# `__docker_services --filter name=xxx` +# An optional first argument `--id|--name` may be used to limit +# the output to the IDs or names of matching services. __docker_services() { - local fields='$1,$2' # service names & IDs - __docker_q service ls | awk "NR>1 {print $fields}" + local fields='$1,$2' # default: service IDs & names + if [ "$1" = "--id" ] ; then + fields='$1' # IDs only + shift + elif [ "$1" = "--name" ] ; then + fields='$2' # names only + shift + fi + __docker_q service ls "$@" | awk "NR>1 {print $fields}" } +# Applies completion of services based on the current value of `$cur` or +# the value of the optional first argument `--cur`, if given. +# Additional filters may be appended, see `__docker_services`. __docker_complete_services() { - COMPREPLY=( $(compgen -W "$(__docker_services $1)" -- "$cur") ) + local current=$cur + if [ "$1" = "--cur" ] ; then + current="$2" + shift 2 + fi + COMPREPLY=( $(compgen -W "$(__docker_services "$@")" -- "$current") ) +} + +# Appends the word passed as an argument to every word in `$COMPREPLY`. +# Normally you do this with `compgen -S`. This function exists so that you can use +# the __docker_complete_XXX functions in cases where you need a suffix. +__docker_append_to_completions() { + COMPREPLY=( ${COMPREPLY[@]/%/"$1"} ) } # Finds the position of the first word that is neither option nor an option's argument. @@ -1579,15 +1600,29 @@ _docker_service_list() { } _docker_service_ls() { + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + id) + __docker_complete_services --cur "${cur##*=}" --id + return + ;; + name) + __docker_complete_services --cur "${cur##*=}" --name + return + ;; + esac + case "$prev" in - --format|-f) + --filter|-f) + COMPREPLY=( $( compgen -W "id label name" -S = -- "$cur" ) ) + __docker_nospace return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "-f --filter --help --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) ) ;; esac } @@ -1612,15 +1647,30 @@ _docker_service_scale() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - COMPREPLY=( $(compgen -S "=" -W "$(__docker_services $1)" -- "$cur") ) + __docker_complete_services + __docker_append_to_completions "=" __docker_nospace ;; esac } _docker_service_tasks() { + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + desired-state) + COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) ) + return + ;; + name) + __docker_complete_services --cur "${cur##*=}" --name + return + ;; + esac + case "$prev" in - --format|-f) + --filter|-f) + COMPREPLY=( $( compgen -W "desired-state id name" -S = -- "$cur" ) ) + __docker_nospace return ;; esac @@ -1630,7 +1680,11 @@ _docker_service_tasks() { COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve -n" -- "$cur" ) ) ;; *) - __docker_complete_services + local counter=$(__docker_pos_first_nonflag '--filter|-f') + if [ $cword -eq $counter ]; then + __docker_complete_services + fi + ;; esac } @@ -1845,7 +1899,7 @@ _docker_node_accept() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - __docker_complete_pending_nodes + __docker_complete_nodes --id --filter membership=pending esac } @@ -1855,7 +1909,7 @@ _docker_node_demote() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - __docker_complete_manager_nodes + __docker_complete_nodes --filter role=manager esac } @@ -1880,8 +1934,22 @@ _docker_node_list() { } _docker_node_ls() { + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + id) + __docker_complete_nodes --cur "${cur##*=}" --id + return + ;; + name) + __docker_complete_nodes --cur "${cur##*=}" --name + return + ;; + esac + case "$prev" in --filter|-f) + COMPREPLY=( $( compgen -W "id label name" -S = -- "$cur" ) ) + __docker_nospace return ;; esac @@ -1899,7 +1967,7 @@ _docker_node_promote() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - __docker_complete_worker_nodes + __docker_complete_nodes --filter role=worker esac } @@ -1918,8 +1986,22 @@ _docker_node_rm() { } _docker_node_tasks() { + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + desired-state) + COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) ) + return + ;; + name) + __docker_complete_services --cur "${cur##*=}" --name + return + ;; + esac + case "$prev" in --filter|-f) + COMPREPLY=( $( compgen -W "desired-state id label name" -S = -- "$cur" ) ) + __docker_nospace return ;; esac @@ -1929,7 +2011,11 @@ _docker_node_tasks() { COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve -n" -- "$cur" ) ) ;; *) - __docker_complete_nodes_plus_self + local counter=$(__docker_pos_first_nonflag '--filter|-f') + if [ $cword -eq $counter ]; then + __docker_complete_nodes_plus_self + fi + ;; esac } From 14f578eb92d98d6f928d5dfae29498a87c9cb0c5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 29 Jun 2016 05:17:26 -0700 Subject: [PATCH 1540/2538] bash completion can be configured to show node and service IDs Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index fac0e77af3..855b866d58 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -21,6 +21,8 @@ # setting environment variables. # # DOCKER_COMPLETION_SHOW_NETWORK_IDS +# DOCKER_COMPLETION_SHOW_NODE_IDS +# DOCKER_COMPLETION_SHOW_SERVICE_IDS # "no" - Show names only (default) # "yes" - Show names and ids # @@ -200,10 +202,15 @@ __docker_complete_runtimes() { # Returns a list of all nodes. Additional arguments to `docker node` # may be specified in order to filter the node list, e.g. # `__docker_nodes --filter role=manager` +# By default, only node names are completed. +# Set DOCKER_COMPLETION_SHOW_NODE_IDS=yes to also complete node IDs. # An optional first argument `--id|--name` may be used to limit -# the output to the IDs or names of matching nodes. +# the output to the IDs or names of matching nodes. This setting takes +# precedence over the environment setting. __docker_nodes() { - local fields='$1,$2' # default: node IDs & names + local fields='$2' # default: node name only + [ "${DOCKER_COMPLETION_SHOW_NODE_IDS}" = yes ] && fields='$1,$2' # ID and name + if [ "$1" = "--id" ] ; then fields='$1' # IDs only shift @@ -234,10 +241,15 @@ __docker_complete_nodes_plus_self() { # Returns a list of all services. Additional arguments to `docker service ls` # may be specified in order to filter the service list, e.g. # `__docker_services --filter name=xxx` +# By default, only node names are completed. +# Set DOCKER_COMPLETION_SHOW_SERVICE_IDS=yes to also complete service IDs. # An optional first argument `--id|--name` may be used to limit -# the output to the IDs or names of matching services. +# the output to the IDs or names of matching services. This setting takes +# precedence over the environment setting. __docker_services() { - local fields='$1,$2' # default: service IDs & names + local fields='$2' # default: service name only + [ "${DOCKER_COMPLETION_SHOW_SERVICE_IDS}" = yes ] && fields='$1,$2' # ID & name + if [ "$1" = "--id" ] ; then fields='$1' # IDs only shift From 2082c976e8edba586899062977971d131d883dbc Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 29 Jun 2016 05:26:55 -0700 Subject: [PATCH 1541/2538] bash completion for default port on `docker swarm {init,join}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 855b866d58..1495b8541c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1816,7 +1816,13 @@ _docker_swarm_init() { COMPREPLY=( $( compgen -W "manager none worker" -- "$cur" ) ) return ;; - --listen-addr|--secret) + --listen-addr) + if [[ $cur == *: ]] ; then + COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) + fi + return + ;; + --secret) return ;; esac @@ -1844,7 +1850,13 @@ _docker_swarm_inspect() { _docker_swarm_join() { case "$prev" in - --ca-hash|--listen-addr|--secret) + --ca-hash|--secret) + return + ;; + --listen-addr) + if [[ $cur == *: ]] ; then + COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) + fi return ;; esac @@ -1853,6 +1865,9 @@ _docker_swarm_join() { -*) COMPREPLY=( $( compgen -W "--ca-hash --help --listen-addr --manager --secret" -- "$cur" ) ) ;; + *:) + COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) + ;; esac } From 46b571999d6206e45118dd02c64e80eb4f5f778c Mon Sep 17 00:00:00 2001 From: Joao Fernandes Date: Fri, 8 Jul 2016 16:04:03 -0700 Subject: [PATCH 1542/2538] Fixes broken link in docs. Fixes #24428 Signed-off-by: Joao Fernandes --- docs/deprecated.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index fdfb4e86c0..554272ff49 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -17,15 +17,15 @@ The following list of features are deprecated in Engine. ### Three argument form in `docker import` **Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** The `docker import` command format 'file|URL|- [REPOSITORY [TAG]]' is deprecated since November 2013. It's no more supported. ### `-h` shorthand for `--help` -**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/)** -**Target For Removal In Release: [v1.14.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Target For Removal In Release: [v1.14.0](https://github.com/docker/docker/releases/)** The shorthand (`-h`) is less common than `--help` on Linux and cannot be used on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on @@ -50,7 +50,7 @@ The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide **Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** The endpoint `/containers/(id or name)/copy` is deprecated in favor of `/containers/(id or name)/archive`. @@ -63,14 +63,14 @@ See the events API documentation for the new format. ### `-f` flag on `docker tag` **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use. ### HostConfig at API container start **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** Passing an `HostConfig` to `POST /containers/{name}/start` is deprecated in favor of defining it at container creation (`POST /containers/create`). @@ -79,14 +79,14 @@ defining it at container creation (`POST /containers/create`). **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** The `docker ps --before` and `docker ps --since` options are deprecated. Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. ### Docker search 'automated' and 'stars' options -**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/)** **Target For Removal In Release: v1.14** @@ -96,7 +96,7 @@ Use `docker search --filter=is-automated=...` and `docker search --filter=stars= ### Driver Specific Log Tags **Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** Log tags are now generated in a standard way across different logging drivers. Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and @@ -162,7 +162,7 @@ The following double-dash options are deprecated and have no replacement: **Deprecated In Release: [v1.5.0](https://github.com/docker/docker/releases/tag/v1.5.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** The single-dash (`-help`) was removed, in favor of the double-dash `--help` @@ -177,7 +177,7 @@ Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the d ### Docker Content Trust ENV passphrase variables name change **Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the Tagging key has been renamed to Repository key. Due to this renaming, we're also changing the corresponding environment variables From e8b87f53ec74057e1595350ce70b6de16f87f66d Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Mon, 11 Jul 2016 21:18:03 -0400 Subject: [PATCH 1543/2538] Clarify warning against using build-time variables for secrets Signed-off-by: Dave Henderson --- docs/reference/builder.md | 5 +++-- man/Dockerfile.5.md | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 8090aa94de..9180e6b78e 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1292,8 +1292,9 @@ subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is defined and the `what_user` value was passed on the command line. Prior to its definition by an `ARG` instruction, any use of a variable results in an empty string. -> **Note:** It is not recommended to use build-time variables for -> passing secrets like github keys, user credentials etc. +> **Warning:** It is not recommended to use build-time variables for +> passing secrets like github keys, user credentials etc. Build-time variable +> values are visible to any user of the image with the `docker history` command. You can use an `ARG` or an `ENV` instruction to specify variables that are available to the `RUN` instruction. Environment variables defined using the diff --git a/man/Dockerfile.5.md b/man/Dockerfile.5.md index 7d56bda0fa..df69935397 100644 --- a/man/Dockerfile.5.md +++ b/man/Dockerfile.5.md @@ -376,8 +376,9 @@ A Dockerfile is similar to a Makefile. defined and the `what_user` value was passed on the command line. Prior to its definition by an `ARG` instruction, any use of a variable results in an empty string. - > **Note:** It is not recommended to use build-time variables for - > passing secrets like github keys, user credentials etc. + > **Warning:** It is not recommended to use build-time variables for + > passing secrets like github keys, user credentials etc. Build-time variable + > values are visible to any user of the image with the `docker history` command. You can use an `ARG` or an `ENV` instruction to specify variables that are available to the `RUN` instruction. Environment variables defined using the From 670a0b80770b713c0674d26e08a971acd7a5d679 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Tue, 12 Jul 2016 08:07:24 +0800 Subject: [PATCH 1544/2538] Soften limitation of update kernel memory Kernel memory is not allowed to be updated if container is running, it's not actually a precise kernel limitation. Before kernel version 4.6, kernel memory will not be accounted until kernel memory limit is set, if a container created with kernel memory initialized, kernel memory is accounted as soon as process created in container, so kernel memory limit update is allowed afterward. If kernel memory is not initialized, kernel memory consumed by processes in container will not be accounted, so we can't update the limit because the account will be wrong. So update kernel memory of a running container with kernel memory initialized is allowed, we should soften the limitation by docker. Signed-off-by: Qiang Huang --- docs/reference/commandline/update.md | 20 +++++++++++++++++--- man/docker-update.1.md | 25 ++++++++++++++++++++----- 2 files changed, 37 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index 4ad4dc9e62..7cd624c9d5 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -38,9 +38,23 @@ space-separated list of container names or IDs. With the exception of the `--kernel-memory` value, you can specify these options on a running or a stopped container. You can only update -`--kernel-memory` on a stopped container. When you run `docker update` on -stopped container, the next time you restart it, the container uses those -values. +`--kernel-memory` on a stopped container or on a running container with +kernel memory initialized. For example, if you started a container with +command: + + # docker run -ti --name test --kernel-memory 50M ubuntu bash + +You can update kernel memory of this running container: + + # docker update --kernel-memory 80M test + +If you started a container without kernel memory initialized: + + # docker run -ti --name test2 --memory 300M ubuntu bash + +Update kernel memory of running container `test2` will fail, you can only +stop the container and update kernel memory then. The next time you +restart it, the container uses the new value. Another configuration you can change with this command is restart policy, new restart policy will take effect instantly after you run `docker update` diff --git a/man/docker-update.1.md b/man/docker-update.1.md index 87849ef8d5..9d39d78b13 100644 --- a/man/docker-update.1.md +++ b/man/docker-update.1.md @@ -30,9 +30,23 @@ provide space-separated list of container names or IDs. With the exception of the `--kernel-memory` value, you can specify these options on a running or a stopped container. You can only update -`--kernel-memory` on a stopped container. When you run `docker update` on -stopped container, the next time you restart it, the container uses those -values. +`--kernel-memory` on a stopped container or on a running container with +kernel memory initialized. For example, if you started a container with +command: + + # docker run -ti --name test --kernel-memory 50M ubuntu bash + +You can update kernel memory of this running container: + + # docker update --kernel-memory 80M test + +If you started a container without kernel memory initialized: + + # docker run -ti --name test2 --memory 300M ubuntu bash + +Update kernel memory of running container `test2` will fail, you can only +stop the container and update kernel memory then. The next time you +restart it, the container uses the new value. Another configuration you can change with this command is restart policy, new restart policy will take effect instantly after you run `docker update` @@ -63,8 +77,9 @@ on a container. **--kernel-memory**="" Kernel memory limit (format: `[]`, where unit = b, k, m or g) - Note that you can not update kernel memory to a running container, it can only -be updated to a stopped container, and affect after it's started. + Note that you can not update kernel memory to a running container if the container +is started without kernel memory initialized, in this case, it can only be updated +after it's stopped, and affect after it's started. **-m**, **--memory**="" Memory limit (format: , where unit = b, k, m or g) From 2f3e095768efb80ceced60ab8b2e530e51f6e2b8 Mon Sep 17 00:00:00 2001 From: johnharris85 Date: Wed, 29 Jun 2016 14:01:25 -0700 Subject: [PATCH 1545/2538] Add support for comma-separated --auto-accept syntax. Signed-off-by: John Harris --- docs/reference/commandline/swarm_init.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 71eaab87bc..cddccd58fd 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -17,7 +17,7 @@ Usage: docker swarm init [OPTIONS] Initialize a Swarm Options: - --auto-accept value Auto acceptance policy (worker, manager or none) + --auto-accept value Auto acceptance policy (default worker) --cert-expiry duration Validity period for node certificates (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --external-ca value Specifications of one or more certificate signing endpoints @@ -66,6 +66,13 @@ For example, the following initializes a cluster with auto-acceptance of workers $ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker ``` +It is possible to pass a comma-separated list of node types. The following initializes a cluster +with auto-acceptance of both `worker` and `manager` nodes + +```bash +$ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker,manager +``` + ### `--cert-expiry` This flag sets the validity period for node certificates. From 48e659e30c9d9704a9aad2bbbe6a7de50f656b91 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Mon, 11 Jul 2016 16:48:08 -0700 Subject: [PATCH 1546/2538] Allow option to override kernel check in overlay2 Add option to skip kernel check for older kernels which have been patched to support multiple lower directories in overlayfs. Fixes #24023 Signed-off-by: Derek McGowan (github: dmcgowan) --- docs/reference/commandline/dockerd.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index a881b62ac6..8c53fd02c3 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -566,6 +566,17 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: $ docker daemon -s btrfs --storage-opt btrfs.min_space=10G +#### Overlay2 options + +* `overlay2.override_kernel_check` + + Overrides the Linux kernel version check allowing overlay2. Support for + specifying multiple lower directories needed by overlay2 was added to the + Linux kernel in 4.0.0. However some older kernel versions may be patched + to add multiple lower directory support for OverlayFS. This option should + only be used after verifying this support exists in the kernel. Applying + this option on a kernel without this support will cause failures on mount. + ## Docker runtime execution options The Docker daemon relies on a From aa3344679abbd735c7c2d6caf29cbc540ad9903a Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Tue, 12 Jul 2016 10:29:50 -0700 Subject: [PATCH 1547/2538] add caveat for network plugins in swarm mode Signed-off-by: Charles Smith --- docs/extend/plugins_network.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index aad01ba29a..9199f784ce 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -18,6 +18,17 @@ LibNetwork, which shares plugin infrastructure with Engine. Effectively, network driver plugins are activated in the same way as other plugins, and use the same kind of protocol. +## Network driver plugins and swarm mode + +Docker 1.12 adds support for cluster management and orchestration called +[swarm mode](../swarm/index.md). Docker Engine running in swarm mode currently +only supports the built-in overlay driver for networking. Therefore existing +networking plugins will not work in swarm mode. + +When you run Docker Engine outside of swarm mode, all networking plugins that +worked in Docker 1.11 will continue to function normally. They do not require +any modification. + ## Using network driver plugins The means of installing and running a network driver plugin depend on the From 9958abc17d8bf36f48643a41849fe56bcd8a8b8e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 12 Jul 2016 22:06:01 +0200 Subject: [PATCH 1548/2538] Add "auto-accept=none" to documentation The "none" option was not added to the documentation. This adds an example, and adds additional information on manually accepting or rejecting a node. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/swarm_init.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index cddccd58fd..8c5f0a2f7c 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -73,6 +73,16 @@ with auto-acceptance of both `worker` and `manager` nodes $ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker,manager ``` +To disable auto acceptance, use the `none` option. Note that this option cannot +be combined with other values. When disabling auto acceptance, nodes must be +manually accepted or rejected using `docker node accept` or `docker node rm`. + +The following example enables swarm mode with auto acceptance disabled: + +```bash +$ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept none +``` + ### `--cert-expiry` This flag sets the validity period for node certificates. @@ -110,3 +120,5 @@ This flag sets up task history retention limit. * [swarm join](swarm_join.md) * [swarm leave](swarm_leave.md) * [swarm update](swarm_update.md) +* [node accept](node_accept.md) +* [node rm](node_rm.md) From b41c0c86968e5ff94ca46ac10ab1f77a3d393b4b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 12 Jul 2016 21:51:14 +0200 Subject: [PATCH 1549/2538] Fix some broken sourceforge.net links Looks like there's issues with sourceforge project pages. Given that sourceforge isn't really what it used to be, trying to find alternative URLs where possible. Signed-off-by: Sebastiaan van Stijn --- docs/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 9180e6b78e..d677d63b8b 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -572,7 +572,7 @@ The cache for `RUN` instructions can be invalidated by `ADD` instructions. See For systems that have recent aufs version (i.e., `dirperm1` mount option can be set), docker will attempt to fix the issue automatically by mounting the layers with `dirperm1` option. More details on `dirperm1` option can be - found at [`aufs` man page](http://aufs.sourceforge.net/aufs3/man.html) + found at [`aufs` man page](https://github.com/sfjro/aufs3-linux/tree/aufs3.18/Documentation/filesystems/aufs) If your system doesn't have support for `dirperm1`, the issue describes a workaround. From 253a5f4ea2aa5c14530cd01530004029b71fc28e Mon Sep 17 00:00:00 2001 From: "Arnaud Porterie (icecrime)" Date: Mon, 6 Jun 2016 16:33:00 -0700 Subject: [PATCH 1550/2538] Rename `--net` to `--network` Add a `--network` flag which replaces `--net` without deprecating it yet. The `--net` flag remains hidden and supported. Add a `--network-alias` flag which replaces `--net-alias` without deprecating it yet. The `--net-alias` flag remains hidden and supported. Signed-off-by: Arnaud Porterie (icecrime) --- docs/extend/plugins_network.md | 2 +- docs/reference/commandline/create.md | 4 ++-- docs/reference/commandline/dockerd.md | 2 +- docs/reference/commandline/network_connect.md | 4 ++-- docs/reference/commandline/network_create.md | 4 ++-- docs/reference/commandline/run.md | 14 +++++++------- docs/reference/run.md | 16 ++++++++-------- man/docker-create.1.md | 6 +++--- man/docker-run.1.md | 6 +++--- 9 files changed, 29 insertions(+), 29 deletions(-) diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index 9199f784ce..ec1ccddfea 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -46,7 +46,7 @@ Some network driver plugins are listed in [plugins](plugins.md) The `mynet` network is now owned by `weave`, so subsequent commands referring to that network will be sent to the plugin, - $ docker run --net=mynet busybox top + $ docker run --network=mynet busybox top ## Write a network plugin diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 49f0c96c3b..1d41c68665 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -72,13 +72,13 @@ Options: --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) --name string Assign a name to the container - --net string Connect a container to a network (default "default") + --network-alias value Add network-scoped alias for the container (default []) + --network string Connect a container to a network (default "default") 'bridge': create a network stack on the default Docker bridge 'none': no networking 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network - --net-alias value Add network-scoped alias for the container (default []) --no-healthcheck Disable any container-specified HEALTHCHECK --oom-kill-disable Disable OOM Killer --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 8c53fd02c3..02acdc9468 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -921,7 +921,7 @@ This option will completely disable user namespace mapping for the container's u The following standard Docker features are currently incompatible when running a Docker daemon with user namespaces enabled: - - sharing PID or NET namespaces with the host (`--pid=host` or `--net=host`) + - sharing PID or NET namespaces with the host (`--pid=host` or `--network=host`) - A `--read-only` container filesystem (this is a Linux kernel restriction against remounting with modified flags of a currently mounted filesystem when inside a user namespace) - external (volume or graph) drivers which are unaware/incapable of using daemon user mappings - Using `--privileged` mode flag on `docker run` (unless also specifying `--userns=host`) diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index f60abe574a..60accc763c 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -32,10 +32,10 @@ the same network. $ docker network connect multi-host-network container1 ``` -You can also use the `docker run --net=` option to start a container and immediately connect it to a network. +You can also use the `docker run --network=` option to start a container and immediately connect it to a network. ```bash -$ docker run -itd --net=multi-host-network busybox +$ docker run -itd --network=multi-host-network busybox ``` You can specify the IP address you want to be assigned to the container's interface. diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 5737496745..bb08c07652 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -82,11 +82,11 @@ name conflicts. ## Connect containers -When you start a container, use the `--net` flag to connect it to a network. +When you start a container, use the `--network` flag to connect it to a network. This example adds the `busybox` container to the `mynet` network: ```bash -$ docker run -itd --net=mynet busybox +$ docker run -itd --network=mynet busybox ``` If you want to add a container to a network after the container is already diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index d454a6183a..841b63572e 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -78,13 +78,13 @@ Options: --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1). --name string Assign a name to the container - --net string Connect a container to a network (default "default") + --network-alias value Add network-scoped alias for the container (default []) + --network string Connect a container to a network 'bridge': create a network stack on the default Docker bridge 'none': no networking 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network - --net-alias value Add network-scoped alias for the container (default []) --no-healthcheck Disable any container-specified HEALTHCHECK --oom-kill-disable Disable OOM Killer --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) @@ -360,20 +360,20 @@ For additional information on working with labels, see [*Labels - custom metadata in Docker*](../../userguide/labels-custom-metadata.md) in the Docker User Guide. -### Connect a container to a network (--net) +### Connect a container to a network (--network) -When you start a container use the `--net` flag to connect it to a network. +When you start a container use the `--network` flag to connect it to a network. This adds the `busybox` container to the `my-net` network. ```bash -$ docker run -itd --net=my-net busybox +$ docker run -itd --network=my-net busybox ``` You can also choose the IP addresses for the container with `--ip` and `--ip6` flags when you start the container on a user-defined network. ```bash -$ docker run -itd --net=my-net --ip=10.10.9.75 busybox +$ docker run -itd --network=my-net --ip=10.10.9.75 busybox ``` If you want to add a running container to a network use the `docker network connect` subcommand. @@ -673,4 +673,4 @@ network namespace, run this command: `Network Namespace`: Sysctls beginning with net.* - If you use the `--net=host` option using these sysctls will not be allowed. + If you use the `--network=host` option using these sysctls will not be allowed. diff --git a/docs/reference/run.md b/docs/reference/run.md index db0e86b6e9..ab5ed29f84 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -259,7 +259,7 @@ $ strace -p 1 The UTS namespace is for setting the hostname and the domain that is visible to running processes in that namespace. By default, all containers, including -those with `--net=host`, have their own UTS namespace. The `host` setting will +those with `--network=host`, have their own UTS namespace. The `host` setting will result in the container using the same UTS namespace as the host. Note that `--hostname` is invalid in `host` UTS mode. @@ -289,13 +289,13 @@ of the containers. ## Network settings --dns=[] : Set custom dns servers for the container - --net="bridge" : Connect a container to a network + --network="bridge" : Connect a container to a network 'bridge': create a network stack on the default Docker bridge 'none': no networking 'container:': reuse another container's network stack 'host': use the Docker host network stack '|': connect to a user-defined network - --net-alias=[] : Add network-scoped alias for the container + --network-alias=[] : Add network-scoped alias for the container --add-host="" : Add a line to /etc/hosts (host:IP) --mac-address="" : Sets the container's Ethernet device's MAC address --ip="" : Sets the container's Ethernet device's IPv4 address @@ -304,7 +304,7 @@ of the containers. By default, all containers have networking enabled and they can make any outgoing connections. The operator can completely disable networking -with `docker run --net none` which disables all incoming and outgoing +with `docker run --network none` which disables all incoming and outgoing networking. In cases like this, you would perform I/O through files or `STDIN` and `STDOUT` only. @@ -404,14 +404,14 @@ docker daemon. It is recommended to run containers in this mode when their networking performance is critical, for example, a production Load Balancer or a High Performance Web Server. -> **Note**: `--net="host"` gives the container full access to local system +> **Note**: `--network="host"` gives the container full access to local system > services such as D-bus and is therefore considered insecure. #### Network: container With the network set to `container` a container will share the network stack of another container. The other container's name must be -provided in the format of `--net container:`. Note that `--add-host` +provided in the format of `--network container:`. Note that `--add-host` `--hostname` `--dns` `--dns-search` `--dns-opt` and `--mac-address` are invalid in `container` netmode, and `--publish` `--publish-all` `--expose` are also invalid in `container` netmode. @@ -422,7 +422,7 @@ running the `redis-cli` command and connecting to the Redis server over the $ docker run -d --name redis example/redis --bind 127.0.0.1 $ # use the redis container's network stack to access localhost - $ docker run --rm -it --net container:redis example/redis-cli -h 127.0.0.1 + $ docker run --rm -it --network container:redis example/redis-cli -h 127.0.0.1 #### User-defined network @@ -440,7 +440,7 @@ driver and running a container in the created network ``` $ docker network create -d bridge my-net -$ docker run --net=my-net -itd --name=container3 busybox +$ docker run --network=my-net -itd --name=container3 busybox ``` ### Managing /etc/hosts diff --git a/man/docker-create.1.md b/man/docker-create.1.md index be0e5e9d29..e9b1ebe31a 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -52,8 +52,8 @@ docker-create - Create a new container [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] -[**--net**[=*"bridge"*]] -[**--net-alias**[=*[]*]] +[**--network-alias**[=*[]*]] +[**--network**[=*"bridge"*]] [**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] @@ -276,7 +276,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. '|': connect to a user-defined network -**--net-alias**=[] +**--network-alias**=[] Add network-scoped alias for the container **--oom-kill-disable**=*true*|*false* diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 6fdc93cd60..d4a2953161 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -54,8 +54,8 @@ docker-run - Run a command in a new container [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] [**--name**[=*NAME*]] -[**--net**[=*"bridge"*]] -[**--net-alias**[=*[]*]] +[**--network-alias**[=*[]*]] +[**--network**[=*"bridge"*]] [**--oom-kill-disable**] [**--oom-score-adj**[=*0*]] [**-P**|**--publish-all**] @@ -395,7 +395,7 @@ and foreground Docker containers. 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. '|': connect to a user-defined network -**--net-alias**=[] +**--network-alias**=[] Add network-scoped alias for the container **--oom-kill-disable**=*true*|*false* From 17d3e6264ad4e7cd51d10788d5f00e1c74945790 Mon Sep 17 00:00:00 2001 From: Mei ChunTao Date: Wed, 13 Jul 2016 08:21:26 +0800 Subject: [PATCH 1551/2538] fix the docker run --readonly example. rename '/icanwrite here' to '/icanwrite/here' Signed-off-by: Mei ChunTao --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 841b63572e..a5057a6250 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -224,7 +224,7 @@ will automatically create this directory on the host for you. In the example above, Docker will create the `/doesnt/exist` folder before starting your container. - $ docker run --read-only -v /icanwrite busybox touch /icanwrite here + $ docker run --read-only -v /icanwrite busybox touch /icanwrite/here Volumes can be used in combination with `--read-only` to control where a container writes files. The `--read-only` flag mounts the container's root From 2364392ded14b96d6ff07650d9549330f3773d5a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 13 Jul 2016 11:20:02 +0200 Subject: [PATCH 1552/2538] bash completion for `docker service {create,update} --registry-auth` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1495b8541c..9687003a1a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1731,6 +1731,7 @@ _docker_service_update() { local boolean_options=" --help + --registry-auth " if [ "$subcommand" = "update" ] ; then From a94dee25fcb39fc3130dd89a0f5314e8f17b264c Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 13 Jul 2016 11:37:31 +0200 Subject: [PATCH 1553/2538] Update bash completion for `docker service {create,update} {--mode,--endpoint-mode}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9687003a1a..d01840efb8 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1710,7 +1710,6 @@ _docker_service_update() { --label -l --limit-cpu --limit-memory - --mode --mount -m --name --network @@ -1734,6 +1733,18 @@ _docker_service_update() { --registry-auth " + if [ "$subcommand" = "create" ] ; then + options_with_args="$options_with_args + --mode + " + + case "$prev" in + --mode) + COMPREPLY=( $( compgen -W "global replicated" -- "$cur" ) ) + return + ;; + esac + fi if [ "$subcommand" = "update" ] ; then options_with_args="$options_with_args --arg @@ -1751,7 +1762,7 @@ _docker_service_update() { case "$prev" in --endpoint-mode) - COMPREPLY=( $( compgen -W "DNSRR VIP" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "dnsrr vip" -- "$cur" ) ) return ;; --env|-e) @@ -1759,10 +1770,6 @@ _docker_service_update() { __docker_nospace return ;; - --mode) - COMPREPLY=( $( compgen -W "global replicated" -- "$cur" ) ) - return - ;; --network) __docker_complete_networks return From 5ad5dc4baf12fb4b9a43c8f6761ce624191c1dbd Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 13 Jul 2016 12:42:27 +0200 Subject: [PATCH 1554/2538] Change bash completion for `docker run --net*` to `--network*` Ref: https://github.com/docker/docker/pull/23324 Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d01840efb8..f124b28885 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2312,8 +2312,8 @@ _docker_run() { --memory-swappiness --memory-reservation --name - --net - --net-alias + --network + --network-alias --oom-score-adj --pid --pids-limit @@ -2469,7 +2469,7 @@ _docker_run() { __docker_complete_log_options return ;; - --net) + --network) case "$cur" in container:*) local cur=${cur#*:} From dd1708d9430d0aff36c34899978ad2e284846193 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 13 Jul 2016 00:57:15 +0200 Subject: [PATCH 1555/2538] Make labels human readable Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/info.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 88514d1606..7d0743554f 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -56,7 +56,7 @@ storage driver and a node that is part of a 2 node Swarm cluster: Network: bridge null host overlay Swarm: NodeID: 0gac67oclbxq7 - IsManager: YES + Is Manager: true Managers: 2 Nodes: 2 Runtimes: default From 2e844f5e8db7edc0950ea107350327ade7b98bfc Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 13 Jul 2016 16:19:21 +0200 Subject: [PATCH 1556/2538] Remove --command flag for service update Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 1 - contrib/completion/zsh/_docker | 1 - docs/reference/commandline/service_update.md | 1 - 3 files changed, 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f124b28885..602a9ab2ce 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1748,7 +1748,6 @@ _docker_service_update() { if [ "$subcommand" = "update" ] ; then options_with_args="$options_with_args --arg - --command --image " diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index f833206c80..1f687d8805 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1154,7 +1154,6 @@ __docker_service_subcommand() { $opts_help \ $opts_create_update \ "($help)--arg=[Service command args]:arguments: _normal" \ - "($help)--command=[Service command]:command: _command_names -e" \ "($help)--image=[Service image tag]:image:__docker_repositories" \ "($help -)1:service:__docker_complete_services" && ret=0 ;; diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 4aa003e640..1db62063fc 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -18,7 +18,6 @@ Update a service Options: --arg value Service command args (default []) - --command value Service command (default []) --constraint value Placement constraints (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) -e, --env value Set environment variables (default []) From e3f04f5d205c7f984d6431fa54120eebe0be7c31 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 11 Jul 2016 15:26:23 -0700 Subject: [PATCH 1557/2538] Add --oom-score-adjust to daemon This adds an `--oom-score-adjust` flag to the daemon so that the value provided can be set for the docker daemon's process. The default value for the flag is -500. This will allow the docker daemon to have a less chance of being killed before containers do. The default value for processes is 0 with a min/max of -1000/1000. -500 is a good middle ground because it is less than the default for most processes and still not -1000 which basically means never kill this process in an OOM condition on the host machine. The only processes on my machine that have a score less than -500 are dbus at -900 and sshd and xfce( my window manager ) at -1000. I don't think docker should be set lower, by default, than dbus or sshd so that is why I chose -500. Signed-off-by: Michael Crosby --- docs/reference/commandline/dockerd.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 02acdc9468..65a2f5406b 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -54,9 +54,10 @@ weight = -1 --label=[] Set key=value labels to the daemon --log-driver="json-file" Default driver for container logs --log-opt=[] Log driver specific options - --mtu=0 Set the containers network MTU --max-concurrent-downloads=3 Set the max concurrent downloads for each pull --max-concurrent-uploads=5 Set the max concurrent uploads for each push + --mtu=0 Set the containers network MTU + --oom-score-adjust=-500 Set the oom_score_adj for the daemon --disable-legacy-registry Do not contact legacy registries -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file --raw-logs Full timestamps without ANSI coloring @@ -1057,6 +1058,7 @@ This is a full example of the allowed configuration options on Linux: "insecure-registries": [], "disable-legacy-registry": false, "default-runtime": "runc", + "oom-score-adjust": -500, "runtimes": { "runc": { "path": "runc" From c33bc7d99eedc223c057b28f8642e569b6901f3c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 13 Jul 2016 18:46:17 +0200 Subject: [PATCH 1558/2538] Remove shorthand flags for "mount", "pretty", and "no-resolve" Signed-off-by: Sebastiaan van Stijn --- contrib/completion/bash/docker | 10 +++++----- contrib/completion/zsh/_docker | 10 +++++----- docs/reference/commandline/node_inspect.md | 2 +- docs/reference/commandline/node_tasks.md | 2 +- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_inspect.md | 2 +- docs/reference/commandline/service_tasks.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 8 files changed, 16 insertions(+), 16 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 602a9ab2ce..5a97bb6844 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1600,7 +1600,7 @@ _docker_service_inspect() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--format -f --help --pretty -p" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) ) ;; *) __docker_complete_services @@ -1689,7 +1689,7 @@ _docker_service_tasks() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve -n" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--filter|-f') @@ -1710,7 +1710,7 @@ _docker_service_update() { --label -l --limit-cpu --limit-memory - --mount -m + --mount --name --network --publish -p @@ -1956,7 +1956,7 @@ _docker_node_inspect() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--format -f --help --pretty -p" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) ) ;; *) __docker_complete_nodes @@ -2042,7 +2042,7 @@ _docker_node_tasks() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve -n" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--filter|-f') diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1f687d8805..a328401171 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -808,7 +808,7 @@ __docker_node_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help -p --pretty)"{-p,--pretty}"[Print the information in a human friendly format]" \ + "($help --pretty)--pretty[Print the information in a human friendly format]" \ "($help -)*:node:__docker_complete_nodes" && ret=0 ;; (ls|list) @@ -832,7 +832,7 @@ __docker_node_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Display all instances]" \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ - "($help -n --no-resolve)"{-n,--no-resolve}"[Do not map IDs to Names]" \ + "($help --no-resolve)--no-resolve[Do not map IDs to Names]" \ "($help -)1:node:__docker_complete_nodes" && ret=0 case $state in (filter-options) @@ -1072,7 +1072,7 @@ __docker_service_subcommand() { "($help)--limit-cpu=[Limit CPUs]:value: " "($help)--limit-memory=[Limit Memory]:value: " "($help)--mode=[Limit Memory]:mode:(global replicated)" - "($help)*"{-m=,--mount=}"[Attach a mount to the service]:mount: " + "($help)*--mount=[Attach a mount to the service]:mount: " "($help)--name=[Service name]:name: " "($help)*--network=[Network attachments]:network: " "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: " @@ -1103,7 +1103,7 @@ __docker_service_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help -p --pretty)"{-p,--pretty}"[Print the information in a human friendly format]" \ + "($help --pretty)--pretty[Print the information in a human friendly format]" \ "($help -)*:service:__docker_complete_services" && ret=0 ;; (ls|list) @@ -1141,7 +1141,7 @@ __docker_service_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Display all tasks]" \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ - "($help -n --no-resolve)"{-n,--no-resolve}"[Do not map IDs to Names]" \ + "($help --no-resolve)--no-resolve[Do not map IDs to Names]" \ "($help -)1:service:__docker_complete_services" && ret=0 case $state in (filter-options) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 982fbec6b6..a565bb3af0 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -19,7 +19,7 @@ Display detailed information on one or more nodes Options: -f, --format string Format the output using the given go template --help Print usage - -p, --pretty Print the information in a human friendly format. + --pretty Print the information in a human friendly format. ``` Returns information about a node. By default, this command renders all results diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_tasks.md index a5bd175269..6da8002ff4 100644 --- a/docs/reference/commandline/node_tasks.md +++ b/docs/reference/commandline/node_tasks.md @@ -20,7 +20,7 @@ Options: -a, --all Display all instances -f, --filter value Filter output based on conditions provided --help Print usage - -n, --no-resolve Do not map IDs to Names + --no-resolve Do not map IDs to Names ``` Lists all the tasks on a Node that Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 99d4e7ddc2..e69cc2e660 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -25,7 +25,7 @@ Options: --limit-cpu value Limit CPUs (default 0.000) --limit-memory value Limit Memory (default 0 B) --mode string Service mode (replicated or global) (default "replicated") - -m, --mount value Attach a mount to the service + --mount value Attach a mount to the service --name string Service name --network value Network attachments (default []) -p, --publish value Publish a port as a node port (default []) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index a010a4c088..dbd083018b 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -19,7 +19,7 @@ Display detailed information on one or more services Options: -f, --format string Format the output using the given go template --help Print usage - -p, --pretty Print the information in a human friendly format. + --pretty Print the information in a human friendly format. ``` diff --git a/docs/reference/commandline/service_tasks.md b/docs/reference/commandline/service_tasks.md index 5e3154c4d0..51524bc69d 100644 --- a/docs/reference/commandline/service_tasks.md +++ b/docs/reference/commandline/service_tasks.md @@ -20,7 +20,7 @@ Options: -a, --all Display all tasks -f, --filter value Filter output based on conditions provided --help Print usage - -n, --no-resolve Do not map IDs to Names + --no-resolve Do not map IDs to Names ``` Lists the tasks that are running as part of the specified service. This command diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 1db62063fc..5e76fd0d7a 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -26,7 +26,7 @@ Options: -l, --label value Service labels (default []) --limit-cpu value Limit CPUs (default 0.000) --limit-memory value Limit Memory (default 0 B) - -m, --mount value Attach a mount to the service + --mount value Attach a mount to the service --name string Service name --network value Network attachments (default []) -p, --publish value Publish a port as a node port (default []) From 94092e24a79d6ddfb0799bf6c466e737982fd607 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 13 Jul 2016 12:31:55 -0700 Subject: [PATCH 1559/2538] bash completion for `docker daemon --oom-score-adjust` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5a97bb6844..928c4d0b9b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -912,6 +912,7 @@ _docker_daemon() { --max-concurrent-downloads --max-concurrent-uploads --mtu + --oom-score-adjust --pidfile -p --registry-mirror --storage-driver -s From 1210363e0f759e512b6830b4b961cce5acf89ba2 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 13 Jul 2016 19:26:54 -0600 Subject: [PATCH 1560/2538] Use spaces, not tabs, to format sample "swarm join" command Using tabs here seems to cause copy/paste problems in some terminals. Using spaces is safer. Fixes #24609 Signed-off-by: Aaron Lehmann --- docs/reference/commandline/swarm_init.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 8c5f0a2f7c..e7f8f3f166 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -35,14 +35,14 @@ in the newly created one node Swarm cluster. ```bash $ docker swarm init --listen-addr 192.168.99.121:2377 No --secret provided. Generated random secret: - 4ao565v9jsuogtq5t8s379ulb + 4ao565v9jsuogtq5t8s379ulb Swarm initialized: current node (1ujecd0j9n3ro9i6628smdmth) is now a manager. To add a worker to this swarm, run the following command: - docker swarm join --secret 4ao565v9jsuogtq5t8s379ulb \ - --ca-hash sha256:07ce22bd1a7619f2adc0d63bd110479a170e7c4e69df05b67a1aa2705c88ef09 \ - 192.168.99.121:2377 + docker swarm join --secret 4ao565v9jsuogtq5t8s379ulb \ + --ca-hash sha256:07ce22bd1a7619f2adc0d63bd110479a170e7c4e69df05b67a1aa2705c88ef09 \ + 192.168.99.121:2377 $ docker node ls ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER 1ujecd0j9n3ro9i6628smdmth * manager1 Accepted Ready Active Reachable Yes From 8bc84934fbb2974f9bf79afc503b5e07eb2b07d2 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Wed, 13 Jul 2016 14:41:58 +0100 Subject: [PATCH 1561/2538] Expand the documentation of "no-new-privileges" The change to runc in https://github.com/opencontainers/runc/pull/789 was not documented previously. Also say what this affects and clean up layout of initial table as there was some miscolouration of the continuation lines. Signed-off-by: Justin Cormack --- docs/reference/run.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index ab5ed29f84..15d75a0155 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -630,10 +630,8 @@ with the same logic -- if the original volume was specified with a name it will --security-opt="label=type:TYPE" : Set the label type for the container --security-opt="label=level:LEVEL" : Set the label level for the container --security-opt="label=disable" : Turn off label confinement for the container - --security-opt="apparmor=PROFILE" : Set the apparmor profile to be applied - to the container - --security-opt="no-new-privileges" : Disable container processes from gaining - new privileges + --security-opt="apparmor=PROFILE" : Set the apparmor profile to be applied to the container + --security-opt="no-new-privileges" : Disable container processes from gaining new privileges --security-opt="seccomp=unconfined": Turn off seccomp confinement for the container --security-opt="seccomp=profile.json: White listed syscalls seccomp Json file to be used as a seccomp filter @@ -665,7 +663,10 @@ privileges, you can execute the following command: $ docker run --security-opt no-new-privileges -it centos bash -For more details, see [kernel documentation](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt). +This means that commands that raise privileges such as `su` or `sudo` will no longer work. +It also causes any seccomp filters to be applied later, after privileges have been dropped +which may mean you can have a more restrictive set of filters. +For more details, see the [kernel documentation](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt). ## Specifying custom cgroups From fa29084b3150d105bf9506f5ad6f9b7b9d6c2e9c Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 14 Jul 2016 11:22:18 +0200 Subject: [PATCH 1562/2538] Update service update commandline reference docs Update with the new remove flags Signed-off-by: Vincent Demeester --- docs/reference/commandline/service_update.md | 22 +++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 5e76fd0d7a..290946c846 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -17,19 +17,25 @@ Usage: docker service update [OPTIONS] SERVICE Update a service Options: - --arg value Service command args (default []) - --constraint value Placement constraints (default []) + --args string Service command args + --constraint-add value Add or update placement constraints (default []) + --constraint-rm value Remove a constraint (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) - -e, --env value Set environment variables (default []) + --env-add value Add or update environment variables (default []) + --env-rm value Remove an environment variable (default []) --help Print usage --image string Service image tag - -l, --label value Service labels (default []) + --label-add value Add or update service labels (default []) + --label-rm value Remove a label by its key (default []) --limit-cpu value Limit CPUs (default 0.000) --limit-memory value Limit Memory (default 0 B) - --mount value Attach a mount to the service + --mount-add value Add or update a mount on a service + --mount-rm value Remove a mount by its target path (default []) --name string Service name - --network value Network attachments (default []) - -p, --publish value Publish a port as a node port (default []) + --network-add value Add or update network attachments (default []) + --network-rm value Remove a network by name (default []) + --publish-add value Add or update a published port (default []) + --publish-rm value Remove a published port by its target port (default []) --registry-auth Send registry authentication details to Swarm agents --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) @@ -54,7 +60,7 @@ for further information. ### Update a service ```bash -$ docker service update --limit-cpu 2 redis +$ docker service update --limit-cpu 2 redis ``` ## Related information From ee88be28017396ef969b2001d9f3e88fd8152083 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 14 Jul 2016 11:23:03 +0200 Subject: [PATCH 1563/2538] Update service inspect --pretty reference docs Update the output and fix wrong usage in a tutorial page. Signed-off-by: Vincent Demeester --- docs/reference/commandline/service_inspect.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index dbd083018b..8e1a80db3f 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -119,14 +119,11 @@ Labels: Mode: REPLICATED Replicas: 5 Placement: - Strategy: Spread UpdateConfig: Parallelism: 0 ContainerSpec: Image: nginx:alpine Resources: -Reservations: -Limits: Ports: Name = Protocol = tcp From d41a63b2c08467d13206ead44e84e92567630d42 Mon Sep 17 00:00:00 2001 From: Anil Madhavapeddy Date: Thu, 14 Jul 2016 17:38:37 +0100 Subject: [PATCH 1564/2538] docs: correct the placement constraints `docker service` example - the constraint expression needs to be quoted - add an actual redis container to run so the command line works Signed-off-by: Anil Madhavapeddy --- docs/reference/commandline/service_create.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index e69cc2e660..1bb1ea62fe 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -170,7 +170,8 @@ node type label equals queue: ```bash $ docker service create \ --name redis_2 \ - --constraint node.labels.type == queue + --constraint 'node.labels.type == queue' \ + redis:3.0.6 ``` ## Related information From dc7c008c0814fff769ca9d98f60ad8988b59c324 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 15 Jul 2016 08:09:20 +0200 Subject: [PATCH 1565/2538] Rename zsh completion for 'docker {create,run} --net --net-alias' to '--network --network-alias' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a328401171..72da40866c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1432,8 +1432,8 @@ __docker_subcommand() { "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" "($help)--mac-address=[Container MAC address]:MAC address: " "($help)--name=[Container name]:name: " - "($help)--net=[Connect a container to a network]:network mode:(bridge none container host)" - "($help)*--net-alias=[Add network-scoped alias for the container]:alias: " + "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" + "($help)*--network-alias=[Add network-scoped alias for the container]:alias: " "($help)--oom-kill-disable[Disable OOM Killer]" "($help)--oom-score-adj[Tune the host's OOM preferences for containers (accepts -1000 to 1000)]" "($help)--pids-limit[Tune container pids limit (set -1 for unlimited)]" From 0a6f1be9ce48ddae5bebb7805b4345f2f69934c7 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 15 Jul 2016 08:23:57 +0200 Subject: [PATCH 1566/2538] Add zsh completion for 'docker service {create,update} --registry-auth' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 72da40866c..60b3f2175f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1076,6 +1076,7 @@ __docker_service_subcommand() { "($help)--name=[Service name]:name: " "($help)*--network=[Network attachments]:network: " "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: " + "($help)--registry-auth[Send registry authentication details to Swarm agents]" "($help)--replicas=[Number of tasks]:replicas: " "($help)--reserve-cpu=[Reserve CPUs]:value: " "($help)--reserve-memory=[Reserve Memory]:value: " From 28a1369b30b49866fae0ac2e7f5e35e57bca239a Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Fri, 15 Jul 2016 13:57:38 +0800 Subject: [PATCH 1567/2538] Fix aufs docs Signed-off-by: Qiang Huang --- docs/reference/commandline/dockerd.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 65a2f5406b..939f3c189c 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -210,10 +210,9 @@ drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay` and `overlay2`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that is unlikely to be merged into the main kernel. These are also known to cause -some serious kernel crashes. However, `aufs` is also the only storage driver -that allows containers to share executable and shared library memory, so is a -useful choice when running thousands of containers with the same program or -libraries. +some serious kernel crashes. However, `aufs` allows containers to share +executable and shared library memory, so is a useful choice when running +thousands of containers with the same program or libraries. The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) snapshots. For each devicemapper graph location – typically @@ -235,7 +234,10 @@ cached only once. Use `dockerd -s zfs`. To select a different zfs filesystem set `zfs.fsname` option as described in [Storage driver options](#storage-driver-options). The `overlay` is a very fast union filesystem. It is now merged in the main -Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). Call +Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). `overlay` +also supports page cache sharing, this means multiple containers accessing +the same file can share a single page cache entry (or entries), it makes +`overlay` as efficient with memory as `aufs` driver. Call `dockerd -s overlay` to use it. > **Note:** From 3ce44d633a23149c43ec92710ceb3016f692e00e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 15 Jul 2016 08:16:15 +0200 Subject: [PATCH 1568/2538] Add zsh completion for 'dockerd --oom-score-adjust' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 60b3f2175f..bb07c21795 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1580,6 +1580,7 @@ __docker_subcommand() { "($help)--max-concurrent-downloads[Set the max concurrent downloads for each pull]" \ "($help)--max-concurrent-uploads[Set the max concurrent uploads for each push]" \ "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \ + "($help)--oom-score-adjust=[Set the oom_score_adj for the daemon]:oom-score:(-500)" \ "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ "($help)--raw-logs[Full timestamps without ANSI coloring]" \ "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \ From fdfa9befedae5122d53ed286c13af75284b44b5b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 15 Jul 2016 08:29:10 +0200 Subject: [PATCH 1569/2538] Update zsh completion for 'docker service {create,update} {--endpoint-mode,--mode}' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index bb07c21795..170a47f5c4 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1066,12 +1066,11 @@ __docker_service_subcommand() { opts_help=("(: -)--help[Print usage]") opts_create_update=( "($help)*--constraint=[Placement constraints]:constraint: " - "($help)--endpoint-mode=[Placement constraints]:mode:(VIP DNSRR)" + "($help)--endpoint-mode=[Placement constraints]:mode:(dnsrr vip)" "($help)*"{-e=,--env=}"[Set environment variables]:env: " "($help)*--label=[Service labels]:label: " "($help)--limit-cpu=[Limit CPUs]:value: " "($help)--limit-memory=[Limit Memory]:value: " - "($help)--mode=[Limit Memory]:mode:(global replicated)" "($help)*--mount=[Attach a mount to the service]:mount: " "($help)--name=[Service name]:name: " "($help)*--network=[Network attachments]:network: " @@ -1096,6 +1095,7 @@ __docker_service_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ $opts_create_update \ + "($help)--mode=[Service Mode]:mode:(global replicated)" \ "($help -): :__docker_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 From c1a192293ec7fb29f2e23c19b9473651b824822d Mon Sep 17 00:00:00 2001 From: Yanqiang Miao Date: Thu, 14 Jul 2016 22:49:56 +0800 Subject: [PATCH 1570/2538] Delete redundant content of 'docs/extend/plugins.md' Signed-off-by: Yanqiang Miao Update plugins.md Update plugins.md --- docs/extend/plugins.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index 8d5616f2cb..72d50bd150 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -34,7 +34,7 @@ Follow the instructions in the plugin's documentation. The sections below provide an inexhaustive overview of available plugins. ### Network plugins From 1ca03e4fd960821f67dfbee2624a278a8e11674a Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 13 Jul 2016 22:03:11 +0200 Subject: [PATCH 1571/2538] Small zsh completion fix on --pretty & --no-resolve Signed-off-by: Vincent Demeester --- contrib/completion/zsh/_docker | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 170a47f5c4..3705b92788 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -808,7 +808,7 @@ __docker_node_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help --pretty)--pretty[Print the information in a human friendly format]" \ + "($help)--pretty[Print the information in a human friendly format]" \ "($help -)*:node:__docker_complete_nodes" && ret=0 ;; (ls|list) @@ -832,7 +832,7 @@ __docker_node_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Display all instances]" \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ - "($help --no-resolve)--no-resolve[Do not map IDs to Names]" \ + "($help)--no-resolve[Do not map IDs to Names]" \ "($help -)1:node:__docker_complete_nodes" && ret=0 case $state in (filter-options) @@ -1104,7 +1104,7 @@ __docker_service_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ - "($help --pretty)--pretty[Print the information in a human friendly format]" \ + "($help)--pretty[Print the information in a human friendly format]" \ "($help -)*:service:__docker_complete_services" && ret=0 ;; (ls|list) @@ -1142,7 +1142,7 @@ __docker_service_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Display all tasks]" \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ - "($help --no-resolve)--no-resolve[Do not map IDs to Names]" \ + "($help)--no-resolve[Do not map IDs to Names]" \ "($help -)1:service:__docker_complete_services" && ret=0 case $state in (filter-options) From 6a983cc502faf1dd129a8104a3895c3258ecd46c Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 15 Jul 2016 14:11:54 +0100 Subject: [PATCH 1572/2538] Document --oom-score-adj flag in docker run This was only mentioned in docker create documentation. Signed-off-by: Justin Cormack --- docs/reference/run.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 15d75a0155..ae40cf4bc7 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -698,6 +698,7 @@ container: | `--device-read-iops="" ` | Limit read rate (IO per second) from a device (format: `:`). Number is a positive integer. | | `--device-write-iops="" ` | Limit write rate (IO per second) to a device (format: `:`). Number is a positive integer. | | `--oom-kill-disable=false` | Whether to disable OOM Killer for the container or not. | +| `--oom-score-adj=0` | Tune container's OOM preferences (-1000 to 1000) | | `--memory-swappiness=""` | Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. | | `--shm-size=""` | Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses `64m`. | @@ -830,7 +831,10 @@ The following example, illustrates a dangerous way to use the flag: $ docker run -it --oom-kill-disable ubuntu:14.04 /bin/bash The container has unlimited memory which can cause the host to run out memory -and require killing system processes to free memory. +and require killing system processes to free memory. The `--oom-score-adj` +parameter can be changed to select the priority of which containers will +be killed when the system is out of memory, with negative scores making them +less likely to be killed an positive more likely. ### Kernel memory constraints From eb0a4426e210c322abe9635a27e36091d55b62fa Mon Sep 17 00:00:00 2001 From: allencloud Date: Sat, 16 Jul 2016 15:32:17 +0800 Subject: [PATCH 1573/2538] better command `docker network create -h` output Signed-off-by: allencloud --- docs/reference/commandline/network_create.md | 18 +++++++++--------- experimental/vlan-networks.md | 2 +- man/docker-network-create.1.md | 6 +++--- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index bb08c07652..b6039734fe 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -16,19 +16,19 @@ Usage: docker network create [OPTIONS] Create a network Options: - --aux-address value auxiliary ipv4 or ipv6 addresses used by Network + --aux-address value Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[]) -d, --driver string Driver to manage the Network (default "bridge") - --gateway value ipv4 or ipv6 Gateway for the master subnet (default []) + --gateway value IPv4 or IPv6 Gateway for the master subnet (default []) --help Print usage - --internal restricts external access to the network - --ip-range value allocate container ip from a sub-range (default []) + --internal Restrict external access to the network + --ip-range value Allocate container ip from a sub-range (default []) --ipam-driver string IP Address Management Driver (default "default") - --ipam-opt value set IPAM driver specific options (default map[]) - --ipv6 enable IPv6 networking + --ipam-opt value Set IPAM driver specific options (default map[]) + --ipv6 Enable IPv6 networking --label value Set metadata on a network (default []) -o, --opt value Set driver specific options (default map[]) - --subnet value subnet in CIDR format that represents a + --subnet value Subnet in CIDR format that represents a network segment (default []) ``` @@ -163,9 +163,9 @@ network driver, again with their approximate equivalents to `docker daemon`. | Argument | Equivalent | Description | |--------------|----------------|--------------------------------------------| -| `--gateway` | - | ipv4 or ipv6 Gateway for the master subnet | +| `--gateway` | - | IPv4 or IPv6 Gateway for the master subnet | | `--ip-range` | `--fixed-cidr` | Allocate IPs from a range | -| `--internal` | - | Restricts external access to the network | +| `--internal` | - | Restrict external access to the network | | `--ipv6` | `--ipv6` | Enable IPv6 networking | | `--subnet` | `--bip` | Subnet for network | diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index 7704c5758f..6018ea8a60 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -596,7 +596,7 @@ root@3cce0d3575f3:/# ip -6 route default via 2001:db8:abc9::22 dev eth0 metric 1024 ``` -Start a second container with a specific `--ip4` address and ping the first host using ipv4 packets: +Start a second container with a specific `--ip4` address and ping the first host using IPv4 packets: ``` docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index 0ca1c4cc79..1505339df8 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -144,19 +144,19 @@ to create an externally isolated `overlay` network, you can specify the # OPTIONS **--aux-address**=map[] - Auxiliary ipv4 or ipv6 addresses used by network driver + Auxiliary IPv4 or IPv6 addresses used by network driver **-d**, **--driver**=*DRIVER* Driver to manage the Network bridge or overlay. The default is bridge. **--gateway**=[] - ipv4 or ipv6 Gateway for the master subnet + IPv4 or IPv6 Gateway for the master subnet **--help** Print usage **--internal** - Restricts external access to the network + Restrict external access to the network **--ip-range**=[] Allocate container ip from a sub-range From 77e4100d0026864b75a68e7e0d2283dded25a0ac Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 16 Jul 2016 01:52:59 +0200 Subject: [PATCH 1574/2538] Improve flag help consistency, and update docs This adds the `--live-restore` option to the documentation. Also synched usage description in the documentation with the actual description, and re-phrased some flag descriptions to be a bit more consistent. Signed-off-by: Sebastiaan van Stijn --- contrib/completion/zsh/_docker | 12 ++--- docs/reference/commandline/create.md | 4 +- docs/reference/commandline/dockerd.md | 72 ++++++++++++++++----------- docs/reference/commandline/run.md | 4 +- man/docker-create.1.md | 2 +- man/docker-run.1.md | 2 +- man/dockerd.8.md | 4 +- 7 files changed, 56 insertions(+), 44 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3705b92788..d6e5cd2e81 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1551,13 +1551,13 @@ __docker_subcommand() { "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ "($help)--cluster-store=[URL of the distributed storage backend]:Cluster Store:->cluster-store" \ - "($help)--cluster-advertise=[Address of the daemon instance to advertise]:Instance to advertise (host\:port): " \ - "($help)*--cluster-store-opt=[Cluster options]:Cluster options:->cluster-store-options" \ + "($help)--cluster-advertise=[Address or interface name to advertise]:Instance to advertise (host\:port): " \ + "($help)*--cluster-store-opt=[Cluster store options]:Cluster options:->cluster-store-options" \ "($help)*--dns=[DNS server to use]:DNS: " \ "($help)*--dns-search=[DNS search domains to use]:DNS search: " \ "($help)*--dns-opt=[DNS options to use]:DNS option: " \ - "($help)*--default-ulimit=[Default ulimit settings for containers]:ulimit: " \ - "($help)--disable-legacy-registry[Do not contact legacy registries]" \ + "($help)*--default-ulimit=[Default ulimits for containers]:ulimit: " \ + "($help)--disable-legacy-registry[Disable contacting legacy registries]" \ "($help)*--exec-opt=[Runtime execution options]:runtime execution options: " \ "($help)--exec-root=[Root directory for execution state files]:path:_directories" \ "($help)--fixed-cidr=[IPv4 subnet for fixed IPs]:IPv4 subnet: " \ @@ -1576,7 +1576,7 @@ __docker_subcommand() { "($help)*--label=[Key=value labels]:label: " \ "($help)--live-restore[Enable live restore of docker when containers are still running]" \ "($help)--log-driver=[Default driver for container logs]:Logging driver:(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)" \ - "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" \ + "($help)*--log-opt=[Default log driver options for containers]:log driver options:__docker_log_options" \ "($help)--max-concurrent-downloads[Set the max concurrent downloads for each pull]" \ "($help)--max-concurrent-uploads[Set the max concurrent uploads for each push]" \ "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \ @@ -1896,7 +1896,7 @@ __docker_subcommand() { "($help)--runtime=[Name of the runtime to be used for that container]:runtime:__docker_complete_runtimes" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \ - "($help)--storage-opt=[Set storage driver options per container]:storage options:->storage-opt" \ + "($help)--storage-opt=[Storage driver options for the container]:storage options:->storage-opt" \ "($help -): :__docker_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 1d41c68665..3b550c0464 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -64,7 +64,7 @@ Options: --label-file value Read in a line delimited file of labels (default []) --link value Add link to another container (default []) --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) - --log-driver string Logging driver for container + --log-driver string Logging driver for the container --log-opt value Log driver options (default []) --mac-address string Container MAC address (e.g. 92:d0:c6:0a:29:33) -m, --memory string Memory limit @@ -97,7 +97,7 @@ Options: Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. --stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM") - --storage-opt value Set storage driver options per container (default []) + --storage-opt value Storage driver options for the container (default []) --sysctl value Sysctl options (default map[]) --tmpfs value Mount a tmpfs directory (default []) -t, --tty Allocate a pseudo-TTY diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 939f3c189c..04e16534c2 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -12,35 +12,45 @@ weight = -1 # daemon +```markdown Usage: dockerd [OPTIONS] - A self-sufficient runtime for linux containers. + A self-sufficient runtime for containers. Options: + +Usage: dockerd [OPTIONS] + +A self-sufficient runtime for containers. + +Options: + --add-runtime=[] Register an additional OCI compatible runtime - --api-cors-header="" Set CORS headers in the remote API - --authorization-plugin=[] Set authorization plugins to load - -b, --bridge="" Attach containers to a network bridge - --bip="" Specify network bridge IP - --cgroup-parent= Set parent cgroup for all containers - --cluster-store="" URL of the distributed storage backend - --cluster-advertise="" Address of the daemon instance on the cluster - --cluster-store-opt=map[] Set cluster options + --api-cors-header Set CORS headers in the remote API + --authorization-plugin=[] Authorization plugins to load + -b, --bridge Attach containers to a network bridge + --bip Specify network bridge IP + --cgroup-parent Set parent cgroup for all containers + --cluster-advertise Address or interface name to advertise + --cluster-store URL of the distributed storage backend + --cluster-store-opt=map[] Set cluster store options --config-file=/etc/docker/daemon.json Daemon configuration file --containerd Path to containerd socket -D, --debug Enable debug mode - --default-gateway="" Container default gateway IPv4 address - --default-gateway-v6="" Container default gateway IPv6 address + --default-gateway Container default gateway IPv4 address + --default-gateway-v6 Container default gateway IPv6 address + --default-runtime=runc Default OCI runtime for containers + --default-ulimit=[] Default ulimits for containers + --disable-legacy-registry Disable contacting legacy registries --dns=[] DNS server to use --dns-opt=[] DNS options to use --dns-search=[] DNS search domains to use - --default-ulimit=[] Set default ulimit settings for containers - --exec-opt=[] Set runtime execution options - --exec-root="/var/run/docker" Root directory for execution state files - --fixed-cidr="" IPv4 subnet for fixed IPs - --fixed-cidr-v6="" IPv6 subnet for fixed IPs - -G, --group="docker" Group for the unix socket - -g, --graph="/var/lib/docker" Root of the Docker runtime + --exec-opt=[] Runtime execution options + --exec-root=/var/run/docker Root directory for execution state files + --fixed-cidr IPv4 subnet for fixed IPs + --fixed-cidr-v6 IPv6 subnet for fixed IPs + -G, --group=docker Group for the unix socket + -g, --graph=/var/lib/docker Root of the Docker runtime -H, --host=[] Daemon socket(s) to connect to --help Print usage --icc=true Enable inter-container communication @@ -50,28 +60,30 @@ weight = -1 --ip-masq=true Enable IP masquerading --iptables=true Enable addition of iptables rules --ipv6 Enable IPv6 networking - -l, --log-level="info" Set the logging level + -l, --log-level=info Set the logging level --label=[] Set key=value labels to the daemon - --log-driver="json-file" Default driver for container logs - --log-opt=[] Log driver specific options + --live-restore Enable live restore of docker when containers are still running + --log-driver=json-file Default driver for container logs + --log-opt=map[] Default log driver options for containers --max-concurrent-downloads=3 Set the max concurrent downloads for each pull --max-concurrent-uploads=5 Set the max concurrent uploads for each push - --mtu=0 Set the containers network MTU + --mtu Set the containers network MTU --oom-score-adjust=-500 Set the oom_score_adj for the daemon - --disable-legacy-registry Do not contact legacy registries - -p, --pidfile="/var/run/docker.pid" Path to use for daemon PID file + -p, --pidfile=/var/run/docker.pid Path to use for daemon PID file --raw-logs Full timestamps without ANSI coloring --registry-mirror=[] Preferred Docker registry mirror - -s, --storage-driver="" Storage driver to use + -s, --storage-driver Storage driver to use --selinux-enabled Enable selinux support - --storage-opt=[] Set storage driver options + --storage-opt=[] Storage driver options --tls Use TLS; implied by --tlsverify - --tlscacert="~/.docker/ca.pem" Trust certs signed only by this CA - --tlscert="~/.docker/cert.pem" Path to TLS certificate file - --tlskey="~/.docker/key.pem" Path to TLS key file + --tlscacert=~/.docker/ca.pem Trust certs signed only by this CA + --tlscert=~/.docker/cert.pem Path to TLS certificate file + --tlskey=~/.docker/key.pem Path to TLS key file --tlsverify Use TLS and verify the remote - --userns-remap="default" Enable user namespace remapping --userland-proxy=true Use userland proxy for loopback traffic + --userns-remap User/Group setting for user namespaces + -v, --version Print version information and quit +``` Options with [] may be specified multiple times. diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index a5057a6250..fb8d75de25 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -70,7 +70,7 @@ Options: --label-file value Read in a line delimited file of labels (default []) --link value Add link to another container (default []) --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) - --log-driver string Logging driver for container + --log-driver string Logging driver for the container --log-opt value Log driver options (default []) --mac-address string Container MAC address (e.g. 92:d0:c6:0a:29:33) -m, --memory string Memory limit @@ -105,7 +105,7 @@ Options: or `g` (gigabytes). If you omit the unit, the system uses bytes. --sig-proxy Proxy received signals to the process (default true) --stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM") - --storage-opt value Set storage driver options per container (default []) + --storage-opt value Storage driver options for the container (default []) --sysctl value Sysctl options (default map[]) --tmpfs value Mount a tmpfs directory (default []) -t, --tty Allocate a pseudo-TTY diff --git a/man/docker-create.1.md b/man/docker-create.1.md index e9b1ebe31a..980e09c101 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -225,7 +225,7 @@ millions of trillions. Add one or more link-local IPv4/IPv6 addresses to the container's interface **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" - Logging driver for container. Default is defined by daemon `--log-driver` flag. + Logging driver for the container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index d4a2953161..65cdc7ae9f 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -331,7 +331,7 @@ which interface and port to use. Add one or more link-local IPv4/IPv6 addresses to the container's interface **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" - Logging driver for container. Default is defined by daemon `--log-driver` flag. + Logging driver for the container. Default is defined by daemon `--log-driver` flag. **Warning**: the `docker logs` command works only for the `json-file` and `journald` logging drivers. diff --git a/man/dockerd.8.md b/man/dockerd.8.md index fc9226d387..333cf5a5aa 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -121,10 +121,10 @@ format. IPv6 address of the container default gateway **--default-ulimit**=[] - Set default ulimits for containers. + Default ulimits for containers. **--disable-legacy-registry**=*true*|*false* - Do not contact legacy registries + Disable contacting legacy registries **--dns**="" Force Docker to use specific DNS servers From ab696a54ef949f77eded01eb64a911f403c5fc7f Mon Sep 17 00:00:00 2001 From: Dong Chen Date: Thu, 30 Jun 2016 17:33:43 -0700 Subject: [PATCH 1575/2538] Support node label update. Signed-off-by: Dong Chen --- docs/reference/commandline/node_update.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index 32e8582d2c..ed3dc60d02 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -19,6 +19,8 @@ Update a node Options: --availability string Availability of the node (active/pause/drain) --help Print usage + --label-add value Add or update a node label (key=value) (default []) + --label-rm value Remove a node label if exists (default []) --membership string Membership of the node (accepted/rejected) --role string Role of the node (worker/manager) ``` From bc83ebe597243a3fdf7ce8059bd07d2cefe96eac Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 18 Jul 2016 11:52:27 +0200 Subject: [PATCH 1576/2538] bump Go to 1.6.3 following the announcement; https://groups.google.com/forum/m/#!topic/golang-announce/7JTsd70ZAT0 > [security] Go 1.6.3 and Go 1.7rc2 pre-announcement > > Hello gophers, > We plan to issue Go 1.6.3 and Go 1.7rc2 on Monday July 18 at approximately 2am UTC. > These are minor release to fix a security issue. > > Following our policy at https://golang.org/security, this is the pre-announcement of those releases. > > Because we are so late in the release cycle for Go 1.7, we will not issue a minor release of Go 1.5. > Additionally, we plan to issue Go 1.7rc3 later next week, which will include any changes between 1.7rc1 and tip. > > Cheers, > Chris on behalf of the Go team **Note:** the man/Dockerfile is not yet updated, because the official image for Go 1.6.2 has not yet been updated. Signed-off-by: Sebastiaan van Stijn --- man/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/Dockerfile b/man/Dockerfile index f04cd56ad2..e513ed1a12 100644 --- a/man/Dockerfile +++ b/man/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.6.2 +FROM golang:1.6.3 RUN mkdir -p /go/src/github.com/cpuguy83 RUN mkdir -p /go/src/github.com/cpuguy83 \ && git clone -b v1.0.5 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ From cbaa1437374f7b76b09be2e1254c8eaa05d06811 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 19 Jul 2016 13:20:40 +0200 Subject: [PATCH 1577/2538] bash completion for `docker service {create,update} --log-{driver,opt}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 928c4d0b9b..b46ec61c6a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1711,6 +1711,8 @@ _docker_service_update() { --label -l --limit-cpu --limit-memory + --log-driver + --log-opt --mount --name --network @@ -1734,6 +1736,8 @@ _docker_service_update() { --registry-auth " + __docker_complete_log_driver_options && return + if [ "$subcommand" = "create" ] ; then options_with_args="$options_with_args --mode @@ -1770,6 +1774,14 @@ _docker_service_update() { __docker_nospace return ;; + --log-driver) + __docker_complete_log_drivers + return + ;; + --log-opt) + __docker_complete_log_options + return + ;; --network) __docker_complete_networks return From 56491f1caabd280a2e3c4f77efdbe81f8b4ba41a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 19 Jul 2016 13:09:28 +0200 Subject: [PATCH 1578/2538] bash completion for `docker node update --label-{add,rm}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b46ec61c6a..c5a305a006 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2080,11 +2080,14 @@ _docker_node_update() { COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) ) return ;; + --label-add|--label-rm) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--availability --help --membership --role" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--availability --help --label-add --label-rm --membership --role" -- "$cur" ) ) ;; *) __docker_complete_nodes From 106418dbd9392c0395574a84e0530f5ffc19dfbf Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 9 Jun 2016 11:33:28 -0400 Subject: [PATCH 1579/2538] Add a script to generate man pages from cobra commands. Use the generate.sh script instead of md2man directly. Update Dockerfile for generating man pages. Signed-off-by: Daniel Nephin --- man/Dockerfile | 27 ++++++++++++++++++------- man/README.md | 34 ++++++++------------------------ man/generate.go | 39 +++++++++++++++++++++++++++++++++++++ man/generate.sh | 15 ++++++++++++++ man/glide.lock | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ man/glide.yaml | 12 ++++++++++++ 6 files changed, 146 insertions(+), 33 deletions(-) create mode 100644 man/generate.go create mode 100755 man/generate.sh create mode 100644 man/glide.lock create mode 100644 man/glide.yaml diff --git a/man/Dockerfile b/man/Dockerfile index e513ed1a12..d4eb76ad6b 100644 --- a/man/Dockerfile +++ b/man/Dockerfile @@ -1,7 +1,20 @@ -FROM golang:1.6.3 -RUN mkdir -p /go/src/github.com/cpuguy83 -RUN mkdir -p /go/src/github.com/cpuguy83 \ - && git clone -b v1.0.5 https://github.com/cpuguy83/go-md2man.git /go/src/github.com/cpuguy83/go-md2man \ - && cd /go/src/github.com/cpuguy83/go-md2man \ - && go get -v ./... -CMD ["/go/bin/go-md2man", "--help"] +FROM golang:1.6.3-alpine + +RUN apk add -U git bash curl gcc musl-dev + +RUN export GLIDE=0.10.2; \ + export SRC=https://github.com/Masterminds/glide/releases/download/; \ + curl -sL ${SRC}/${GLIDE}/glide-${GLIDE}-linux-amd64.tar.gz | \ + tar -xz linux-amd64/glide && \ + mv linux-amd64/glide /usr/bin/glide && \ + chmod +x /usr/bin/glide + +COPY man/glide.yaml /manvendor/ +COPY man/glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] diff --git a/man/README.md b/man/README.md index 922bc3cc74..4b6f90b2a0 100644 --- a/man/README.md +++ b/man/README.md @@ -1,33 +1,15 @@ Docker Documentation ==================== -This directory contains the Docker user manual in the Markdown format. -Do *not* edit the man pages in the man1 directory. Instead, amend the -Markdown (*.md) files. +This directory contains scripts for generating the man pages. Many of the man +pages are generated directly from the `spf13/cobra` `Command` definition. Some +legacy pages are still generated from the markdown files in this directory. +Do *not* edit the man pages in the man1 directory. Instead, update the +Cobra command or amend the Markdown files for legacy pages. -# Generating man pages from the Markdown files -The recommended approach for generating the man pages is via a Docker -container using the supplied `Dockerfile` to create an image with the correct -environment. This uses `go-md2man`, a pure Go Markdown to man page generator. +## Generate the mange pages -## Building the md2man image +From within the project root directory run: -There is a `Dockerfile` provided in the `/man` directory of your -'docker/docker' fork. - -Using this `Dockerfile`, create a Docker image tagged `docker/md2man`: - - docker build -t docker/md2man . - -## Utilizing the image - -From within the `/man` directory run the following command: - - docker run -v $(pwd):/man -w /man -i docker/md2man ./md2man-all.sh - -The `md2man` Docker container will process the Markdown files and generate -the man pages inside the `/man/man1` directory of your fork using -Docker volumes. For more information on Docker volumes see the man page for -`docker run` and also look at the article [Sharing Directories via Volumes] -(https://docs.docker.com/use/working_with_volumes/). + make manpages diff --git a/man/generate.go b/man/generate.go new file mode 100644 index 0000000000..7bcc57009e --- /dev/null +++ b/man/generate.go @@ -0,0 +1,39 @@ +package main + +import ( + "fmt" + "os" + + "github.com/docker/docker/cli/cobraadaptor" + cliflags "github.com/docker/docker/cli/flags" + "github.com/spf13/cobra/doc" +) + +func generateManPages(path string) error { + header := &doc.GenManHeader{ + Title: "DOCKER", + Section: "1", + Source: "Docker Community", + } + flags := &cliflags.ClientFlags{ + Common: cliflags.InitCommonFlags(), + } + cmd := cobraadaptor.NewCobraAdaptor(flags).GetRootCommand() + cmd.DisableAutoGenTag = true + return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{ + Header: header, + Path: path, + CommandSeparator: "-", + }) +} + +func main() { + path := "/tmp" + if len(os.Args) > 1 { + path = os.Args[1] + } + fmt.Printf("Generating man pages into %s\n", path) + if err := generateManPages(path); err != nil { + fmt.Fprintf(os.Stderr, "Failed to generate man pages: %s\n", err.Error()) + } +} diff --git a/man/generate.sh b/man/generate.sh new file mode 100755 index 0000000000..e4126ba4ac --- /dev/null +++ b/man/generate.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# +# Generate man pages for docker/docker +# + +set -eu + +mkdir -p ./man/man1 + +# Generate man pages from cobra commands +go build -o /tmp/gen-manpages ./man +/tmp/gen-manpages ./man/man1 + +# Generate legacy pages from markdown +./man/md2man-all.sh -q diff --git a/man/glide.lock b/man/glide.lock new file mode 100644 index 0000000000..0d34c2c5a9 --- /dev/null +++ b/man/glide.lock @@ -0,0 +1,52 @@ +hash: ead3ea293a6143fe41069ebec814bf197d8c43a92cc7666b1f7e21a419b46feb +updated: 2016-06-20T21:53:35.420817456Z +imports: +- name: github.com/BurntSushi/toml + version: f0aeabca5a127c4078abb8c8d64298b147264b55 +- name: github.com/cpuguy83/go-md2man + version: 2724a9c9051aa62e9cca11304e7dd518e9e41599 + subpackages: + - md2man +- name: github.com/fsnotify/fsnotify + version: 30411dbcefb7a1da7e84f75530ad3abe4011b4f8 +- name: github.com/hashicorp/hcl + version: da486364306ed66c218be9b7953e19173447c18b + subpackages: + - hcl/ast + - hcl/parser + - hcl/token + - json/parser + - hcl/scanner + - hcl/strconv + - json/scanner + - json/token +- name: github.com/inconshreveable/mousetrap + version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 +- name: github.com/magiconair/properties + version: c265cfa48dda6474e208715ca93e987829f572f8 +- name: github.com/mitchellh/mapstructure + version: d2dd0262208475919e1a362f675cfc0e7c10e905 +- name: github.com/russross/blackfriday + version: 1d6b8e9301e720b08a8938b8c25c018285885438 +- name: github.com/shurcooL/sanitized_anchor_name + version: 10ef21a441db47d8b13ebcc5fd2310f636973c77 +- name: github.com/spf13/cast + version: 27b586b42e29bec072fe7379259cc719e1289da6 +- name: github.com/spf13/jwalterweatherman + version: 33c24e77fb80341fe7130ee7c594256ff08ccc46 +- name: github.com/spf13/pflag + version: 367864438f1b1a3c7db4da06a2f55b144e6784e0 +- name: github.com/spf13/viper + version: c1ccc378a054ea8d4e38d8c67f6938d4760b53dd +- name: golang.org/x/sys + version: 62bee037599929a6e9146f29d10dd5208c43507d + subpackages: + - unix +- name: gopkg.in/yaml.v2 + version: a83829b6f1293c91addabc89d0571c246397bbf4 +- name: github.com/spf13/cobra + repo: https://github.com/dnephin/cobra + subpackages: + - doc + version: dc45219961f875acff5ee07ed263e5dc19e0c5f1 +devImports: [] diff --git a/man/glide.yaml b/man/glide.yaml new file mode 100644 index 0000000000..e99b2670d8 --- /dev/null +++ b/man/glide.yaml @@ -0,0 +1,12 @@ +package: github.com/docker/docker/man +import: +- package: github.com/cpuguy83/go-md2man + subpackages: + - md2man +- package: github.com/inconshreveable/mousetrap +- package: github.com/spf13/pflag +- package: github.com/spf13/viper +- package: github.com/spf13/cobra + repo: https://github.com/dnephin/cobra + subpackages: + - doc From e08631bb285e45c48b0d420e60e8eab666c9b9da Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Mon, 20 Jun 2016 16:33:53 -0400 Subject: [PATCH 1580/2538] Set Long text for volume commands so they can be used to generate man pages. Signed-off-by: Daniel Nephin --- man/docker-volume-create.1.md | 65 ---------------------------------- man/docker-volume-inspect.1.md | 29 --------------- man/docker-volume-ls.1.md | 33 ----------------- man/docker-volume-rm.1.md | 26 -------------- man/docker-volume.1.md | 62 -------------------------------- 5 files changed, 215 deletions(-) delete mode 100644 man/docker-volume-create.1.md delete mode 100644 man/docker-volume-inspect.1.md delete mode 100644 man/docker-volume-ls.1.md delete mode 100644 man/docker-volume-rm.1.md delete mode 100644 man/docker-volume.1.md diff --git a/man/docker-volume-create.1.md b/man/docker-volume-create.1.md deleted file mode 100644 index e71a2f1df1..0000000000 --- a/man/docker-volume-create.1.md +++ /dev/null @@ -1,65 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JULY 2015 -# NAME -docker-volume-create - Create a new volume - -# SYNOPSIS -**docker volume create** -[**-d**|**--driver**[=*DRIVER*]] -[**--help**] -[**--label**[=*[]*]] -[**--name**[=*NAME*]] -[**-o**|**--opt**[=*[]*]] - -# DESCRIPTION - -Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: - - $ docker volume create --name hello - hello - $ docker run -d -v hello:/world busybox ls /world - -The mount is created inside the container's `/src` directory. Docker doesn't not support relative paths for mount points inside the container. - -Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data. - -## Driver specific options - -Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options: - - $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey - -These options are passed directly to the volume driver. Options for -different volume drivers may do different things (or nothing at all). - -The built-in `local` driver on Windows does not support any options. - -The built-in `local` driver on Linux accepts options similar to the linux `mount` -command: - - $ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 - -Another example: - - $ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 - - -# OPTIONS -**-d**, **--driver**="*local*" - Specify volume driver name - -**--help** - Print usage statement - -**--label**=*label* - Set metadata for a volume - -**--name**="" - Specify volume name - -**-o**, **--opt**=[] - Set driver specific options - -# HISTORY -July 2015, created by Brian Goff diff --git a/man/docker-volume-inspect.1.md b/man/docker-volume-inspect.1.md deleted file mode 100644 index 6097e96e13..0000000000 --- a/man/docker-volume-inspect.1.md +++ /dev/null @@ -1,29 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JULY 2015 -# NAME -docker-volume-inspect - Get low-level information about a volume - -# SYNOPSIS -**docker volume inspect** -[**-f**|**--format**[=*FORMAT*]] -[**--help**] -VOLUME [VOLUME...] - -# DESCRIPTION - -Returns information about one or more volumes. By default, this command renders all results -in a JSON array. You can specify an alternate format to execute a given template -is executed for each result. Go's -http://golang.org/pkg/text/template/ package describes all the details of the -format. - -# OPTIONS -**-f**, **--format**="" - Format the output using the given go template. - -**--help** - Print usage statement - -# HISTORY -July 2015, created by Brian Goff diff --git a/man/docker-volume-ls.1.md b/man/docker-volume-ls.1.md deleted file mode 100644 index c045e43bd5..0000000000 --- a/man/docker-volume-ls.1.md +++ /dev/null @@ -1,33 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JULY 2015 -# NAME -docker-volume-ls - List all volumes - -# SYNOPSIS -**docker volume ls** -[**-f**|**--filter**[=*FILTER*]] -[**--help**] -[**-q**|**--quiet**[=*true*|*false*]] - -# DESCRIPTION - -Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. The filtering format is a `key=value` pair. To specify more than one filter, pass multiple flags (for example, `--filter "foo=bar" --filter "bif=baz"`) - -There is a single supported filter `dangling=value` which takes a boolean of `true` or `false`. - -# OPTIONS -**-f**, **--filter**="" - Filter output based on these conditions: - - dangling= a volume if referenced or not - - driver= a volume's driver name - - name= a volume's name - -**--help** - Print usage statement - -**-q**, **--quiet**=*true*|*false* - Only display volume names - -# HISTORY -July 2015, created by Brian Goff diff --git a/man/docker-volume-rm.1.md b/man/docker-volume-rm.1.md deleted file mode 100644 index 876700d4d4..0000000000 --- a/man/docker-volume-rm.1.md +++ /dev/null @@ -1,26 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JULY 2015 -# NAME -docker-volume-rm - Remove a volume - -# SYNOPSIS -**docker volume rm** -[**--help**] -VOLUME [VOLUME...] - -# DESCRIPTION - -Removes one or more volumes. You cannot remove a volume that is in use by a container. - - ``` - $ docker volume rm hello - hello - ``` - -# OPTIONS -**--help** - Print usage statement - -# HISTORY -July 2015, created by Brian Goff diff --git a/man/docker-volume.1.md b/man/docker-volume.1.md deleted file mode 100644 index 1e7044484a..0000000000 --- a/man/docker-volume.1.md +++ /dev/null @@ -1,62 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% Feb 2016 -# NAME -docker-volume - Create a new volume - -# SYNOPSIS -**docker volume** [OPTIONS] COMMAND -[**--help**] - -# DESCRIPTION - -docker volume command manages content volumes for docker containers. - -## Data volumes - -A *data volume* is a specially-designated directory within one or more -containers. - -Data volumes provide several useful features for persistent or shared data: - -Volumes are initialized when a container is created. If the container's -base image contains data at the specified mount point, that existing data is -copied into the new volume upon volume initialization. (Note that this does -not apply when [mounting a host directory](#mount-a-host-directory-as-a-data-volume).) - -Data volumes can be shared and reused among containers. - -Changes to a data volume are made directly. - -Changes to a data volume will not be included when you update an image. - -Data volumes persist even if the container itself is deleted. - -Data volumes are designed to persist data, independent of the container's life -cycle. Docker therefore *never* automatically deletes volumes when you remove -a container, nor will it "garbage collect" volumes that are no longer -referenced by a container. - -# OPTIONS -**--help** - Print usage statement - -# COMMANDS -**create** - Create a volume - See **docker-volume-create(1)** for full documentation on the **create** command. - -**inspect** - Display detailed information on one or more volumes - See **docker-volume-inspect(1)** for full documentation on the **inspect** command. - -**ls** - List volumes - See **docker-volume-ls(1)** for full documentation on the **ls** command. - -**rm** - Remove a volume - See **docker-volume-rm(1)** for full documentation on the **rm** command. - -# HISTORY -Feb 2016, created by Dan Walsh From 04844c2c3d578fd5903fed3c5ad6d65ec9adb7bf Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 22 Jun 2016 10:12:18 -0400 Subject: [PATCH 1581/2538] Dont run man generation as part of test-unit. Signed-off-by: Daniel Nephin --- man/glide.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/glide.lock b/man/glide.lock index 0d34c2c5a9..40c5f5a64a 100644 --- a/man/glide.lock +++ b/man/glide.lock @@ -48,5 +48,5 @@ imports: repo: https://github.com/dnephin/cobra subpackages: - doc - version: dc45219961f875acff5ee07ed263e5dc19e0c5f1 + version: v1.3 devImports: [] From ad98aba1b6a1eda44465758925f7a5e5e13e6616 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Tue, 19 Jul 2016 18:32:44 +0200 Subject: [PATCH 1582/2538] Add documentation for stack commands Also removes the `-f` flags of bundle to follow the single-letter flags evaluation. Signed-off-by: Vincent Demeester --- docs/reference/commandline/deploy.md | 57 +++++++++++++++++++++ docs/reference/commandline/stack_config.md | 30 +++++++++++ docs/reference/commandline/stack_deploy.md | 59 ++++++++++++++++++++++ docs/reference/commandline/stack_rm.md | 33 ++++++++++++ docs/reference/commandline/stack_tasks.md | 46 +++++++++++++++++ 5 files changed, 225 insertions(+) create mode 100644 docs/reference/commandline/deploy.md create mode 100644 docs/reference/commandline/stack_config.md create mode 100644 docs/reference/commandline/stack_deploy.md create mode 100644 docs/reference/commandline/stack_rm.md create mode 100644 docs/reference/commandline/stack_tasks.md diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md new file mode 100644 index 0000000000..34d39c5061 --- /dev/null +++ b/docs/reference/commandline/deploy.md @@ -0,0 +1,57 @@ + + +# stack deploy (experimental) + +```markdown +Usage: docker deploy [OPTIONS] STACK + +Create and update a stack from a Distributed Application Bundle (DAB) + +Options: + --bundle string Path to a Distributed Application Bundle file (Default: STACK.dab) + --help Print usage +``` + +Create and update a stack from a `dab` file. This command has to be +run targeting a manager node. + +```bash +$ docker deploy vossibility-stack +Loading bundle from vossibility-stack.dab +Creating service vossibility-stack_elasticsearch +Creating service vossibility-stack_kibana +Creating service vossibility-stack_logstash +Creating service vossibility-stack_lookupd +Creating service vossibility-stack_nsqd +Creating service vossibility-stack_vossibility-collector +``` + +You can verify that the services were correctly created: + +```bash +$ docker service ls +ID NAME REPLICAS IMAGE +COMMAND +29bv0vnlm903 vossibility-stack_lookupd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqlookupd +4awt47624qwh vossibility-stack_nsqd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqd --data-path=/data --lookupd-tcp-address=lookupd:4160 +4tjx9biia6fs vossibility-stack_elasticsearch 1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility-stack_kibana 1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility-stack_logstash 1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe logstash -f /etc/logstash/conf.d/logstash.conf +axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba --config /config/config.toml --debug +``` + +## Related information + +* [stack config](stack_config.md) +* [stack deploy](stack_deploy.md) +* [stack rm](stack_rm.md) +* [stack tasks](stack_tasks.md) diff --git a/docs/reference/commandline/stack_config.md b/docs/reference/commandline/stack_config.md new file mode 100644 index 0000000000..c9292bd686 --- /dev/null +++ b/docs/reference/commandline/stack_config.md @@ -0,0 +1,30 @@ + + +# stack config (experimental) + +```markdown +Usage: docker stack config [OPTIONS] STACK + +Print the stack configuration + +Options: + --bundle string Path to a Distributed Application Bundle file (Default: STACK.dab) + --help Print usage +``` + +Displays the configuration of a stack. + +## Related information + +* [stack deploy](stack_deploy.md) +* [stack rm](stack_rm.md) +* [stack tasks](stack_tasks.md) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md new file mode 100644 index 0000000000..a519b5b67e --- /dev/null +++ b/docs/reference/commandline/stack_deploy.md @@ -0,0 +1,59 @@ + + +# stack deploy (experimental) + +```markdown +Usage: docker stack deploy [OPTIONS] STACK + +Create and update a stack from a Distributed Application Bundle (DAB) + +Aliases: + deploy, up + +Options: + --bundle string Path to a Distributed Application Bundle file (Default: STACK.dab) + --help Print usage +``` + +Create and update a stack from a `dab` file on the swarm. This command +has to be run targeting a manager node. + +```bash +$ docker stack deploy vossibility-stack +Loading bundle from vossibility-stack.dab +Creating service vossibility-stack_elasticsearch +Creating service vossibility-stack_kibana +Creating service vossibility-stack_logstash +Creating service vossibility-stack_lookupd +Creating service vossibility-stack_nsqd +Creating service vossibility-stack_vossibility-collector +``` + +You can verify that the services were correctly created: + +```bash +$ docker service ls +ID NAME REPLICAS IMAGE +COMMAND +29bv0vnlm903 vossibility-stack_lookupd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqlookupd +4awt47624qwh vossibility-stack_nsqd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqd --data-path=/data --lookupd-tcp-address=lookupd:4160 +4tjx9biia6fs vossibility-stack_elasticsearch 1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility-stack_kibana 1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility-stack_logstash 1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe logstash -f /etc/logstash/conf.d/logstash.conf +axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba --config /config/config.toml --debug +``` + +## Related information + +* [stack config](stack_config.md) +* [stack rm](stack_rm.md) +* [stack tasks](stack_tasks.md) diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md new file mode 100644 index 0000000000..45d4f81e3b --- /dev/null +++ b/docs/reference/commandline/stack_rm.md @@ -0,0 +1,33 @@ + + +# stack rm (experimental) + +```markdown +Usage: docker stack rm STACK + +Remove the stack + +Aliases: + rm, remove, down + +Options: + --help Print usage +``` + +Remove the stack from the swarm. This command has to be run targeting +a manager node. + +## Related information + +* [stack config](stack_config.md) +* [stack deploy](stack_deploy.md) +* [stack tasks](stack_tasks.md) diff --git a/docs/reference/commandline/stack_tasks.md b/docs/reference/commandline/stack_tasks.md new file mode 100644 index 0000000000..0b48c05858 --- /dev/null +++ b/docs/reference/commandline/stack_tasks.md @@ -0,0 +1,46 @@ + + +# stack tasks (experimental) + +```markdown +Usage: docker stack tasks [OPTIONS] STACK + +List the tasks in the stack + +Options: + -a, --all Display all tasks + -f, --filter value Filter output based on conditions provided + --help Print usage + --no-resolve Do not map IDs to Names +``` + +Lists the tasks that are running as part of the specified stack. This +command has to be run targeting a manager node. + +## Filtering + +The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there +is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). +Multiple filter flags are combined as an `OR` filter. For example, +`-f name=redis.1 -f name=redis.7` returns both `redis.1` and `redis.7` tasks. + +The currently supported filters are: + +* [id](#id) +* [name](#name) +* [desired-state](#desired-state) + +## Related information + +* [stack config](stack_config.md) +* [stack deploy](stack_deploy.md) +* [stack rm](stack_rm.md) From 59b234a1196112b12e9d6e2a96662e1ec88ebeaa Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Mon, 11 Jul 2016 09:11:18 -0700 Subject: [PATCH 1583/2538] add ref docs for node label Signed-off-by: Charles Smith --- docs/reference/commandline/node_update.md | 32 ++++++++++++++++++++ docs/reference/commandline/service_create.md | 4 +-- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index ed3dc60d02..f90b40cc97 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -25,6 +25,38 @@ Options: --role string Role of the node (worker/manager) ``` +### Add label metadata to a node + +Add metadata to a swarm node using node labels. You can specify a node label as +a key with an empty value: + +``` bash +$ docker node update --label-add foo worker1 +``` + +To add multiple labels to a node, pass the `--label-add` flag for each label: + +``` bash +$ docker node update --label-add foo --label-add bar worker1 +``` + +When you [create a service](service_create.md), +you can use node labels as a constraint. A constraint limits the nodes where the +scheduler deploys tasks for a service. + +For example, to add a `type` label to identify nodes where the scheduler should +deploy message queue service tasks: + +``` bash +$ docker node update --label-add type=queue worker1 +``` + +The labels you set for nodes using `docker node update` apply only to the node +entity within the swarm. Do not confuse them with the docker daemon labels for +[dockerd]( ../../userguide/labels-custom-metadata.md#daemon-labels). + +For more information about labels, refer to [apply custom +metadata](../../userguide/labels-custom-metadata.md). ## Related information diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 1bb1ea62fe..561a5a4d6d 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -131,7 +131,7 @@ $ docker service create \ ``` For more information about labels, refer to [apply custom -metadata](../../userguide/labels-custom-metadata.md) +metadata](../../userguide/labels-custom-metadata.md). ### Set service mode @@ -162,7 +162,7 @@ follows: `engine.labels` apply to Docker Engine labels like operating system, drivers, etc. Swarm administrators add `node.labels` for operational purposes by -using the `docker node update` command. +using the [`docker node update`](node_update.md) command. For example, the following limits tasks for the redis service to nodes where the node type label equals queue: From ddd049d51a680032e36ebff5d5c92f6d78108eff Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 20 Jul 2016 09:18:59 +0200 Subject: [PATCH 1584/2538] Add zsh completion for 'docker service {create,update} --log-{driver,opt}' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d6e5cd2e81..7f6081ff2d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -242,6 +242,14 @@ __docker_get_log_options() { return ret } +__docker_log_drivers() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + drivers=(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog) + _describe -t log-drivers "log drivers" drivers && ret=0 + return ret +} + __docker_log_options() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -1071,6 +1079,8 @@ __docker_service_subcommand() { "($help)*--label=[Service labels]:label: " "($help)--limit-cpu=[Limit CPUs]:value: " "($help)--limit-memory=[Limit Memory]:value: " + "($help)--log-driver=[Logging driver for service]:logging driver:__docker_log_drivers" + "($help)*--log-opt=[Logging driver options]:log driver options:__docker_log_options" "($help)*--mount=[Attach a mount to the service]:mount: " "($help)--name=[Service name]:name: " "($help)*--network=[Network attachments]:network: " @@ -1429,7 +1439,7 @@ __docker_subcommand() { "($help)*--link=[Add link to another container]:link:->link" "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " "($help)*"{-l=,--label=}"[Container metadata]:label: " - "($help)--log-driver=[Default driver for container logs]:Logging driver:(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)" + "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_log_drivers" "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" "($help)--mac-address=[Container MAC address]:MAC address: " "($help)--name=[Container name]:name: " @@ -1575,7 +1585,7 @@ __docker_subcommand() { "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \ "($help)*--label=[Key=value labels]:label: " \ "($help)--live-restore[Enable live restore of docker when containers are still running]" \ - "($help)--log-driver=[Default driver for container logs]:Logging driver:(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog)" \ + "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_log_drivers" \ "($help)*--log-opt=[Default log driver options for containers]:log driver options:__docker_log_options" \ "($help)--max-concurrent-downloads[Set the max concurrent downloads for each pull]" \ "($help)--max-concurrent-uploads[Set the max concurrent uploads for each push]" \ From f2e01edf5798b41c9a92422f6b2d87d15390bcd6 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 20 Jul 2016 09:11:16 +0200 Subject: [PATCH 1585/2538] Add zsh completion for 'docker node update --label-{add,rm}' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 7f6081ff2d..5cc16bd528 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -852,6 +852,8 @@ __docker_node_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)--availability=[Availability of the node]:availability:(active pause drain)" \ + "($help)*--label-add=[Add or update a node label]:key=value: " \ + "($help)*--label-rm=[Remove a node label if exists]:label: " \ "($help)--membership=[Membership of the node]:membership:(accepted rejected)" \ "($help)--role=[Role of the node]:role:(manager worker)" \ "($help -)1:node:__docker_complete_nodes" && ret=0 From 27584ec78a3acafee06963e0c66227271bd8fd41 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Jul 2016 15:36:02 +0200 Subject: [PATCH 1586/2538] fix duplicated usage in docs this removes a copy/pasta whoopsie on my side, introduced in de64324109d2694b1525e62b5c0072267282a36c Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 04e16534c2..8581ec095f 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -13,12 +13,6 @@ weight = -1 # daemon ```markdown - Usage: dockerd [OPTIONS] - - A self-sufficient runtime for containers. - - Options: - Usage: dockerd [OPTIONS] A self-sufficient runtime for containers. From 2a56732a87b6a450e54d8875116f7eb4b092eca7 Mon Sep 17 00:00:00 2001 From: Harry Zhang Date: Tue, 19 Jul 2016 22:42:23 +0800 Subject: [PATCH 1587/2538] Fix nits in deprecated Signed-off-by: Harry Zhang --- docs/deprecated.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 554272ff49..0a728d97b8 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -30,7 +30,7 @@ The `docker import` command format 'file|URL|- [REPOSITORY [TAG]]' is deprecated The shorthand (`-h`) is less common than `--help` on Linux and cannot be used on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on `docker create`). For this reason, the `-h` shorthand was not printed in the -"usage" output of subcommands, nor docummented, and is now marked "deprecated". +"usage" output of subcommands, nor documented, and is now marked "deprecated". ### `-e` and `--email` flags on `docker login` **Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** @@ -44,7 +44,7 @@ The docker login command is removing the ability to automatically register for a **Target For Removal In Release: v1.13** -The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consinstency with other similar flags, like `--storage-opt`. +The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consistency with other similar flags, like `--storage-opt`. ### `/containers/(id or name)/copy` endpoint From b2d71bfbe18707dccb7c1bd2acdafa64644418e0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Jul 2016 15:52:43 +0200 Subject: [PATCH 1588/2538] Rename --bundle to --file This renames the '--bundle' flag for docker (stack) deploy to be consistent with 'docker build'. Note that there's no shorthand '-f' added for now, because this may be confusing on 'docker stack config', which also takes a file, and for which we may want to have a '--format' flag in future. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/deploy.md | 2 +- docs/reference/commandline/stack_config.md | 2 +- docs/reference/commandline/stack_deploy.md | 2 +- experimental/docker-stacks-and-bundles.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index 34d39c5061..59314e4a8d 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -17,7 +17,7 @@ Usage: docker deploy [OPTIONS] STACK Create and update a stack from a Distributed Application Bundle (DAB) Options: - --bundle string Path to a Distributed Application Bundle file (Default: STACK.dab) + --file string Path to a Distributed Application Bundle file (Default: STACK.dab) --help Print usage ``` diff --git a/docs/reference/commandline/stack_config.md b/docs/reference/commandline/stack_config.md index c9292bd686..ba990aea98 100644 --- a/docs/reference/commandline/stack_config.md +++ b/docs/reference/commandline/stack_config.md @@ -17,7 +17,7 @@ Usage: docker stack config [OPTIONS] STACK Print the stack configuration Options: - --bundle string Path to a Distributed Application Bundle file (Default: STACK.dab) + --file string Path to a Distributed Application Bundle file (Default: STACK.dab) --help Print usage ``` diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index a519b5b67e..541882e2ac 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -20,7 +20,7 @@ Aliases: deploy, up Options: - --bundle string Path to a Distributed Application Bundle file (Default: STACK.dab) + --file string Path to a Distributed Application Bundle file (Default: STACK.dab) --help Print usage ``` diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 1da2b8f587..93e92fe2f1 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -44,7 +44,7 @@ Usage: docker deploy [OPTIONS] STACK Create and update a stack Options: - -f, --bundle string Path to a bundle (Default: STACK.dab) + --file string Path to a Distributed Application Bundle file (Default: STACK.dab) --help Print usage ``` From 07abf9a8fc43786a472db2b7b4c4b4a6c5e8f20a Mon Sep 17 00:00:00 2001 From: allencloud Date: Sat, 2 Jul 2016 10:12:16 +0800 Subject: [PATCH 1589/2538] add command `docker stack services STACKNAME` Signed-off-by: allencloud --- experimental/docker-stacks-and-bundles.md | 1 + 1 file changed, 1 insertion(+) diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 93e92fe2f1..0b931f06db 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -93,6 +93,7 @@ Commands: config Print the stack configuration deploy Create and update a stack rm Remove the stack + services List the services in the stack tasks List the tasks in the stack Run 'docker stack COMMAND --help' for more information on a command. From 77f90b24c912c1e1cc2db4609ca30e19702c9af3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Jul 2016 18:54:48 +0200 Subject: [PATCH 1590/2538] docs: add initial reference for "stack services" Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/stack_config.md | 1 + docs/reference/commandline/stack_deploy.md | 1 + docs/reference/commandline/stack_rm.md | 1 + docs/reference/commandline/stack_services.md | 65 ++++++++++++++++++++ docs/reference/commandline/stack_tasks.md | 1 + 5 files changed, 69 insertions(+) create mode 100644 docs/reference/commandline/stack_services.md diff --git a/docs/reference/commandline/stack_config.md b/docs/reference/commandline/stack_config.md index ba990aea98..4c6cfa1089 100644 --- a/docs/reference/commandline/stack_config.md +++ b/docs/reference/commandline/stack_config.md @@ -27,4 +27,5 @@ Displays the configuration of a stack. * [stack deploy](stack_deploy.md) * [stack rm](stack_rm.md) +* [stack services](stack_services.md) * [stack tasks](stack_tasks.md) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 541882e2ac..a1a9366c7f 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -56,4 +56,5 @@ axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-co * [stack config](stack_config.md) * [stack rm](stack_rm.md) +* [stack services](stack_services.md) * [stack tasks](stack_tasks.md) diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md index 45d4f81e3b..8e3f2259a7 100644 --- a/docs/reference/commandline/stack_rm.md +++ b/docs/reference/commandline/stack_rm.md @@ -30,4 +30,5 @@ a manager node. * [stack config](stack_config.md) * [stack deploy](stack_deploy.md) +* [stack services](stack_services.md) * [stack tasks](stack_tasks.md) diff --git a/docs/reference/commandline/stack_services.md b/docs/reference/commandline/stack_services.md new file mode 100644 index 0000000000..dedb22f8c8 --- /dev/null +++ b/docs/reference/commandline/stack_services.md @@ -0,0 +1,65 @@ + + +# stack services (experimental) + +```markdown +Usage: docker stack services [OPTIONS] STACK + +List the services in the stack + +Options: + -f, --filter value Filter output based on conditions provided + --help Print usage + -q, --quiet Only display IDs +``` + +Lists the services that are running as part of the specified stack. This +command has to be run targeting a manager node. + +For example, the following command shows all services in the `myapp` stack: + +```bash +$ docker stack services myapp + +ID NAME REPLICAS IMAGE COMMAND +7be5ei6sqeye myapp_web 1/1 nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f +dn7m7nhhfb9y myapp_db 1/1 mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539 +``` + +## Filtering + +The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there +is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). +Multiple filter flags are combined as an `OR` filter. + +The following command shows both the `web` and `db` services: + +```bash +$ docker stack services --filter name=myapp_web --filter name=myapp_db myapp + +ID NAME REPLICAS IMAGE COMMAND +7be5ei6sqeye myapp_web 1/1 nginx@sha256:23f809e7fd5952e7d5be065b4d3643fbbceccd349d537b62a123ef2201bc886f +dn7m7nhhfb9y myapp_db 1/1 mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539 +``` + +The currently supported filters are: + +* id / ID (`--filter id=7be5ei6sqeye`, or `--filter ID=7be5ei6sqeye`) +* name (`--filter name=myapp_web`) +* label (`--filter label=key=value`) + +## Related information + +* [stack config](stack_config.md) +* [stack deploy](stack_deploy.md) +* [stack rm](stack_rm.md) +* [stack tasks](stack_tasks.md) diff --git a/docs/reference/commandline/stack_tasks.md b/docs/reference/commandline/stack_tasks.md index 0b48c05858..b8bc91aa9d 100644 --- a/docs/reference/commandline/stack_tasks.md +++ b/docs/reference/commandline/stack_tasks.md @@ -44,3 +44,4 @@ The currently supported filters are: * [stack config](stack_config.md) * [stack deploy](stack_deploy.md) * [stack rm](stack_rm.md) +* [stack services](stack_services.md) From 1f0b0b007c3b4ef532ba25ad65cb40f944c788b7 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 20 Jul 2016 12:27:06 -0700 Subject: [PATCH 1591/2538] Update completions for syslog log driver options Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- contrib/completion/zsh/_docker | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c5a305a006..578fa139f1 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -505,7 +505,7 @@ __docker_complete_log_options() { local gelf_options="env gelf-address gelf-compression-level gelf-compression-type labels tag" local journald_options="env labels tag" local json_file_options="env labels max-file max-size" - local syslog_options="syslog-address syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify syslog-facility tag" + local syslog_options="env labels syslog-address syslog-facility syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify tag" local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag" local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 5cc16bd528..1d71374a32 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -227,7 +227,7 @@ __docker_get_log_options() { gelf_options=("env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag") journald_options=("env" "labels" "tag") json_file_options=("env" "labels" "max-file" "max-size") - syslog_options=("syslog-address" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "syslog-facility" "tag") + syslog_options=("env" "labels" "syslog-address" "syslog-facility" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "tag") splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "tag") [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0 From 338cf2edd807ef682b11debbdf7fddf33e555747 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Jul 2016 23:37:55 +0200 Subject: [PATCH 1592/2538] docs: update reference docs for plugins the output/response slightly changed in 340964db1c8f161a2ad156023eb47dcc93bf804b, and `:latest` is no longer required for various actions. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/plugin_disable.md | 17 +- docs/reference/commandline/plugin_enable.md | 17 +- docs/reference/commandline/plugin_inspect.md | 189 ++++++++++--------- docs/reference/commandline/plugin_install.md | 14 +- docs/reference/commandline/plugin_ls.md | 5 +- docs/reference/commandline/plugin_rm.md | 4 +- 6 files changed, 137 insertions(+), 109 deletions(-) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index 2ddba071b4..ba64889545 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -24,26 +24,31 @@ Disables a plugin. The plugin must be installed before it can be disabled, see [`docker plugin install`](plugin_install.md). -The following example shows that the `no-remove` plugin is currently installed +The following example shows that the `no-remove` plugin is installed and active: ```bash $ docker plugin ls -NAME TAG ACTIVE -tiborvass/no-remove latest true + +NAME TAG ACTIVE +tiborvass/no-remove latest true ``` + To disable the plugin, use the following command: ```bash -$ docker plugin disable tiborvass/no-remove:latest +$ docker plugin disable tiborvass/no-remove + +tiborvass/no-remove ``` After the plugin is disabled, it appears as "inactive" in the list of plugins: ```bash $ docker plugin ls -NAME VERSION ACTIVE -tiborvass/no-remove latest false + +NAME VERSION ACTIVE +tiborvass/no-remove latest false ``` ## Related information diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index c7370e1818..d8b69d46f0 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -24,26 +24,31 @@ Enables a plugin. The plugin must be installed before it can be enabled, see [`docker plugin install`](plugin_install.md). -The following example shows that the `no-remove` plugin is currently installed, +The following example shows that the `no-remove` plugin is installed, but disabled ("inactive"): ```bash $ docker plugin ls -NAME VERSION ACTIVE -tiborvass/no-remove latest false + +NAME VERSION ACTIVE +tiborvass/no-remove latest false ``` + To enable the plugin, use the following command: ```bash -$ docker plugin enable tiborvass/no-remove:latest +$ docker plugin enable tiborvass/no-remove + +tiborvass/no-remove ``` After the plugin is enabled, it appears as "active" in the list of plugins: ```bash $ docker plugin ls -NAME VERSION ACTIVE -tiborvass/no-remove latest true + +NAME VERSION ACTIVE +tiborvass/no-remove latest true ``` ## Related information diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 8131441a12..80da2dcd0e 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -30,98 +30,109 @@ $ docker plugin inspect tiborvass/no-remove:latest ``` ```JSON { - "Manifest": { - "ManifestVersion": "", - "Description": "A test plugin for Docker", - "Documentation": "https://docs.docker.com/engine/extend/plugins/", - "Entrypoint": [ - "plugin-no-remove", - "/data" - ], - "Interface": { - "Types": [ - "docker.volumedriver/1.0" - ], - "Socket": "plugins.sock" - }, - "Network": { - "Type": "host" - }, - "Capabilities": null, - "Mounts": [ - { - "Name": "", - "Description": "", - "Settable": false, - "Source": "/data", - "Destination": "/data", - "Type": "bind", - "Options": [ - "shared", - "rbind" - ] - }, - { - "Name": "", - "Description": "", - "Settable": false, - "Source": null, - "Destination": "/foobar", - "Type": "tmpfs", - "Options": null - } - ], - "Devices": [ - { - "Name": "device", - "Description": "a host device to mount", - "Settable": false, - "Path": null - } - ], - "Env": [ - { - "Name": "DEBUG", - "Description": "If set, prints debug messages", - "Settable": false, - "Value": null - } - ], - "Args": [ - { - "Name": "arg1", - "Description": "a command line argument", - "Settable": false, - "Value": null - } + "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21", + "Name": "tiborvass/no-remove", + "Tag": "latest", + "Active": true, + "Config": { + "Mounts": [ + { + "Name": "", + "Description": "", + "Settable": null, + "Source": "/data", + "Destination": "/data", + "Type": "bind", + "Options": [ + "shared", + "rbind" ] + }, + { + "Name": "", + "Description": "", + "Settable": null, + "Source": null, + "Destination": "/foobar", + "Type": "tmpfs", + "Options": null + } + ], + "Env": [ + "DEBUG=1" + ], + "Args": null, + "Devices": null + }, + "Manifest": { + "ManifestVersion": "v0", + "Description": "A test plugin for Docker", + "Documentation": "https://docs.docker.com/engine/extend/plugins/", + "Interface": { + "Types": [ + "docker.volumedriver/1.0" + ], + "Socket": "plugins.sock" }, - "Config": { - "Mounts": [ - { - "Source": "/data", - "Destination": "/data", - "Type": "bind", - "Options": [ - "shared", - "rbind" - ] - }, - { - "Source": null, - "Destination": "/foobar", - "Type": "tmpfs", - "Options": null - } - ], - "Env": [], - "Args": [], - "Devices": null + "Entrypoint": [ + "plugin-no-remove", + "/data" + ], + "Workdir": "", + "User": { }, - "Active": true, - "Name": "tiborvass/no-remove", - "Tag": "latest", - "ID": "ac9d36b664921d61813254f7e9946f10e3cadbb676346539f1705fcaf039c01f" + "Network": { + "Type": "host" + }, + "Capabilities": null, + "Mounts": [ + { + "Name": "", + "Description": "", + "Settable": null, + "Source": "/data", + "Destination": "/data", + "Type": "bind", + "Options": [ + "shared", + "rbind" + ] + }, + { + "Name": "", + "Description": "", + "Settable": null, + "Source": null, + "Destination": "/foobar", + "Type": "tmpfs", + "Options": null + } + ], + "Devices": [ + { + "Name": "device", + "Description": "a host device to mount", + "Settable": null, + "Path": "/dev/cpu_dma_latency" + } + ], + "Env": [ + { + "Name": "DEBUG", + "Description": "If set, prints debug messages", + "Settable": null, + "Value": "1" + } + ], + "Args": { + "Name": "args", + "Description": "command line arguments", + "Settable": null, + "Value": [ + + ] + } + } } ``` (output formatted for readability) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 52f222c44c..9084d84555 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -12,7 +12,7 @@ parent = "smn_cli" # plugin install (experimental) ```markdown -Usage: docker plugin install PLUGIN [OPTIONS] +Usage: docker plugin install [OPTIONS] PLUGIN Install a plugin @@ -33,17 +33,21 @@ the plugin needs and enabling the plugin. ```bash $ docker plugin install tiborvass/no-remove -Plugin "tiborvass/no-remove:latest" requested the following privileges: - - Networking: host - - Mounting host path: /data + +Plugin "tiborvass/no-remove" is requesting the following privileges: + - network: [host] + - mount: [/data] + - device: [/dev/cpu_dma_latency] Do you grant the above permissions? [y/N] y +tiborvass/no-remove ``` After the plugin is installed, it appears in the list of plugins: ```bash $ docker plugin ls -NAME VERSION ACTIVE + +NAME VERSION ACTIVE tiborvass/no-remove latest true ``` diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index 31ccdb96c0..91ac98ae1d 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -30,8 +30,9 @@ Example output: ```bash $ docker plugin ls -NAME VERSION ACTIVE -tiborvass/no-remove latest true + +NAME VERSION ACTIVE +tiborvass/no-remove latest true ``` ## Related information diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 04dbc674cc..95b78ad1af 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -30,7 +30,9 @@ it. The following example disables and removes the `no-remove:latest` plugin; ```bash -$ docker plugin disable tiborvass/no-remove:latest +$ docker plugin disable tiborvass/no-remove +no-remove:latest + $ docker plugin rm tiborvass/no-remove:latest no-remove:latest ``` From c8dd8fe5236091d855bb5b3dd1c480486c01074e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Jul 2016 14:55:26 +0200 Subject: [PATCH 1593/2538] Add missing --log-driver and --log-opt docs Adds documentation for "--log-driver" and "--log-opt" for services. Also updated the API docs to include the new options, and generated a more complete JSON example. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/service_create.md | 2 ++ docs/reference/commandline/service_update.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 561a5a4d6d..3d81286c4d 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -24,6 +24,8 @@ Options: -l, --label value Service labels (default []) --limit-cpu value Limit CPUs (default 0.000) --limit-memory value Limit Memory (default 0 B) + --log-driver string Logging driver for service + --log-opt value Logging driver options (default []) --mode string Service mode (replicated or global) (default "replicated") --mount value Attach a mount to the service --name string Service name diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 290946c846..7796d8d0b5 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -29,6 +29,8 @@ Options: --label-rm value Remove a label by its key (default []) --limit-cpu value Limit CPUs (default 0.000) --limit-memory value Limit Memory (default 0 B) + --log-driver string Logging driver for service + --log-opt value Logging driver options (default []) --mount-add value Add or update a mount on a service --mount-rm value Remove a mount by its target path (default []) --name string Service name From 7a206d86670693a28f7f8a3884fad036c513d621 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Jul 2016 16:18:44 +0200 Subject: [PATCH 1594/2538] docs: add code-hints to builder page Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/build.md | 196 ++++++++++++++++------------ 1 file changed, 114 insertions(+), 82 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 00fd85d61f..e1e007dcf1 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -65,31 +65,37 @@ a subdirectory inside the repository that will be used as a build context. For example, run this command to use a directory called `docker` in the branch `container`: - $ docker build https://github.com/docker/rootfs.git#container:docker +```bash +$ docker build https://github.com/docker/rootfs.git#container:docker +``` The following table represents all the valid suffixes with their build contexts: -Build Syntax Suffix | Commit Used | Build Context Used ---------------------|-------------|------------------- -`myrepo.git` | `refs/heads/master` | `/` -`myrepo.git#mytag` | `refs/tags/mytag` | `/` -`myrepo.git#mybranch` | `refs/heads/mybranch` | `/` -`myrepo.git#abcdef` | `sha1 = abcdef` | `/` -`myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder` -`myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder` -`myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder` -`myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` -`myrepo.git#abcdef:myfolder` | `sha1 = abcdef` | `/myfolder` +Build Syntax Suffix | Commit Used | Build Context Used +--------------------------------|-----------------------|------------------- +`myrepo.git` | `refs/heads/master` | `/` +`myrepo.git#mytag` | `refs/tags/mytag` | `/` +`myrepo.git#mybranch` | `refs/heads/mybranch` | `/` +`myrepo.git#abcdef` | `sha1 = abcdef` | `/` +`myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder` +`myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder` +`myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder` +`myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` +`myrepo.git#abcdef:myfolder` | `sha1 = abcdef` | `/myfolder` Instead of specifying a context, you can pass a single Dockerfile in the `URL` or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: - $ docker build - < Dockerfile +```bash +$ docker build - < Dockerfile +``` With Powershell on Windows, you can run: - Get-Content Dockerfile | docker build - +```powershell +Get-Content Dockerfile | docker build - +``` If you use STDIN or specify a `URL`, the system places the contents into a file called `Dockerfile`, and any `-f`, `--file` option is ignored. In this @@ -121,16 +127,19 @@ build fails, a non-zero failure code will be returned. There should be informational output of the reason for failure output to `STDERR`: - $ docker build -t fail . - Sending build context to Docker daemon 2.048 kB - Sending build context to Docker daemon - Step 1 : FROM busybox - ---> 4986bf8c1536 - Step 2 : RUN exit 13 - ---> Running in e26670ec7a0a - INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13 - $ echo $? - 1 +```bash +$ docker build -t fail . + +Sending build context to Docker daemon 2.048 kB +Sending build context to Docker daemon +Step 1 : FROM busybox + ---> 4986bf8c1536 +Step 2 : RUN exit 13 + ---> Running in e26670ec7a0a +INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13 +$ echo $? +1 +``` See also: @@ -140,31 +149,34 @@ See also: ### Build with PATH - $ docker build . - Uploading context 10240 bytes - Step 1 : FROM busybox - Pulling repository busybox - ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ - Step 2 : RUN ls -lh / - ---> Running in 9c9e81692ae9 - total 24 - drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin - drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev - drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib - lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib - dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc - lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin - dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys - drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp - drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr - ---> b35f4035db3f - Step 3 : CMD echo Hello world - ---> Running in 02071fceb21b - ---> f52f38b7823e - Successfully built f52f38b7823e - Removing intermediate container 9c9e81692ae9 - Removing intermediate container 02071fceb21b +```bash +$ docker build . + +Uploading context 10240 bytes +Step 1 : FROM busybox +Pulling repository busybox + ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ +Step 2 : RUN ls -lh / + ---> Running in 9c9e81692ae9 +total 24 +drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin +drwxr-xr-x 5 root root 4.0K Oct 19 00:19 dev +drwxr-xr-x 2 root root 4.0K Oct 19 00:19 etc +drwxr-xr-x 2 root root 4.0K Nov 15 23:34 lib +lrwxrwxrwx 1 root root 3 Mar 12 2013 lib64 -> lib +dr-xr-xr-x 116 root root 0 Nov 15 23:34 proc +lrwxrwxrwx 1 root root 3 Mar 12 2013 sbin -> bin +dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys +drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp +drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr + ---> b35f4035db3f +Step 3 : CMD echo Hello world + ---> Running in 02071fceb21b + ---> f52f38b7823e +Successfully built f52f38b7823e +Removing intermediate container 9c9e81692ae9 +Removing intermediate container 02071fceb21b +``` This example specifies that the `PATH` is `.`, and so all the files in the local directory get `tar`d and sent to the Docker daemon. The `PATH` specifies @@ -182,7 +194,9 @@ you must use `--rm=false`. This does not affect the build cache. ### Build with URL - $ docker build github.com/creack/docker-firefox +```bash +$ docker build github.com/creack/docker-firefox +``` This will clone the GitHub repository and use the cloned repository as context. The Dockerfile at the root of the repository is used as Dockerfile. Note that @@ -191,39 +205,46 @@ scheme. ### Build with - - $ docker build - < Dockerfile +```bash +$ docker build - < Dockerfile +``` This will read a Dockerfile from `STDIN` without context. Due to the lack of a context, no contents of any local directory will be sent to the Docker daemon. Since there is no context, a Dockerfile `ADD` only works if it refers to a remote URL. - $ docker build - < context.tar.gz +```bash +$ docker build - < context.tar.gz +``` This will build an image for a compressed context read from `STDIN`. Supported formats are: bzip2, gzip and xz. ### Usage of .dockerignore - $ docker build . - Uploading context 18.829 MB - Uploading context - Step 1 : FROM busybox - ---> 769b9341d937 - Step 2 : CMD echo Hello world - ---> Using cache - ---> 99cc1ad10469 - Successfully built 99cc1ad10469 - $ echo ".git" > .dockerignore - $ docker build . - Uploading context 6.76 MB - Uploading context - Step 1 : FROM busybox - ---> 769b9341d937 - Step 2 : CMD echo Hello world - ---> Using cache - ---> 99cc1ad10469 - Successfully built 99cc1ad10469 +```bash +$ docker build . + +Uploading context 18.829 MB +Uploading context +Step 1 : FROM busybox + ---> 769b9341d937 +Step 2 : CMD echo Hello world + ---> Using cache + ---> 99cc1ad10469 +Successfully built 99cc1ad10469 +$ echo ".git" > .dockerignore +$ docker build . +Uploading context 6.76 MB +Uploading context +Step 1 : FROM busybox + ---> 769b9341d937 +Step 2 : CMD echo Hello world + ---> Using cache + ---> 99cc1ad10469 +Successfully built 99cc1ad10469 +``` This example shows the use of the `.dockerignore` file to exclude the `.git` directory from the context. Its effect can be seen in the changed size of the @@ -232,7 +253,9 @@ uploaded context. The builder reference contains detailed information on ### Tag image (-t) - $ docker build -t vieux/apache:2.0 . +```bash +$ docker build -t vieux/apache:2.0 . +``` This will build like the previous example, but it will then tag the resulting image. The repository name will be `vieux/apache` and the tag will be `2.0`. @@ -244,25 +267,32 @@ version. For example, to tag an image both as `whenry/fedora-jboss:latest` and `whenry/fedora-jboss:v2.1`, use the following: - $ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 . - +```bash +$ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 . +``` ### Specify Dockerfile (-f) - $ docker build -f Dockerfile.debug . +```bash +$ docker build -f Dockerfile.debug . +``` This will use a file called `Dockerfile.debug` for the build instructions instead of `Dockerfile`. - $ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . - $ docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . +```bash +$ docker build -f dockerfiles/Dockerfile.debug -t myapp_debug . +$ docker build -f dockerfiles/Dockerfile.prod -t myapp_prod . +``` The above commands will build the current build context (as specified by the `.`) twice, once using a debug version of a `Dockerfile` and once using a production version. - $ cd /home/me/myapp/some/dir/really/deep - $ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp - $ docker build -f ../../../../dockerfiles/debug /home/me/myapp +```bash +$ cd /home/me/myapp/some/dir/really/deep +$ docker build -f /home/me/myapp/dockerfiles/debug /home/me/myapp +$ docker build -f ../../../../dockerfiles/debug /home/me/myapp +``` These two `docker build` commands do the exact same thing. They both use the contents of the `debug` file instead of looking for a `Dockerfile` and will use @@ -302,7 +332,9 @@ A good example is `http_proxy` or source versions for pulling intermediate files. The `ARG` instruction lets Dockerfile authors define values that users can set at build-time using the `--build-arg` flag: - $ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 . +```bash +$ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 . +``` This flag allows you to pass the build-time variables that are accessed like regular environment variables in the `RUN` instruction of the @@ -327,6 +359,6 @@ Linux namespaces. On Microsoft Windows, you can specify these values: |-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| | `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. | | `process` | Namespace isolation only. | -| `hyperv` | Hyper-V hypervisor partition-based isolation. | +| `hyperv` | Hyper-V hypervisor partition-based isolation. | Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. From 99bf996fdfaad9e5dfac5e5b0a9c95a949949746 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 20 Jul 2016 23:59:38 +0200 Subject: [PATCH 1595/2538] docs: fix copy/pasta error Looks like I copied from the line below, not from the output :) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/plugin_rm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 95b78ad1af..4225b5fad2 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -31,10 +31,10 @@ The following example disables and removes the `no-remove:latest` plugin; ```bash $ docker plugin disable tiborvass/no-remove -no-remove:latest +tiborvass/no-remove $ docker plugin rm tiborvass/no-remove:latest -no-remove:latest +tiborvass/no-remove ``` ## Related information From 6218da47b10a8264f7936b0ebfddc5c3d2ca03f5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 20 Jul 2016 13:13:14 -0700 Subject: [PATCH 1596/2538] Add manual support for macvlan networks to bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 578fa139f1..a387e4137d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1445,7 +1445,7 @@ _docker_network_create() { return ;; --driver|-d) - local plugins=" $(__docker_plugins Network) " + local plugins="$(__docker_plugins Network) macvlan" # remove drivers that allow one instance only plugins=${plugins/ host / } plugins=${plugins/ null / } From 49f4d8c083bd49bf952c200d24b85d3b0535b42a Mon Sep 17 00:00:00 2001 From: Nishant Totla Date: Fri, 15 Jul 2016 13:17:03 -0700 Subject: [PATCH 1597/2538] Send registry auth token for service deploy Signed-off-by: Nishant Totla --- docs/reference/commandline/deploy.md | 1 + experimental/docker-stacks-and-bundles.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index 59314e4a8d..9c9a1929e9 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -19,6 +19,7 @@ Create and update a stack from a Distributed Application Bundle (DAB) Options: --file string Path to a Distributed Application Bundle file (Default: STACK.dab) --help Print usage + --registry-auth Send registry authentication details to Swarm agents ``` Create and update a stack from a `dab` file. This command has to be diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 0b931f06db..5145362b09 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -46,6 +46,7 @@ Create and update a stack Options: --file string Path to a Distributed Application Bundle file (Default: STACK.dab) --help Print usage + --registry-auth Send registry authentication details to Swarm agents ``` Let's deploy the stack created before: From 458ff79b0d9a69f140ee0a4f7bc1c043ae5e8eaa Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 21 Jul 2016 12:27:39 +0200 Subject: [PATCH 1598/2538] docs: improve formatting and highlighting of docker ps reference this improves the formatting, and code-highlighting of the `docker ps` reference page, and wraps sentences to 80 chars also adds single quotes around the formatting example for labels. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/ps.md | 294 +++++++++++++++++++------------ 1 file changed, 181 insertions(+), 113 deletions(-) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 63aaa56985..48ef2ce13e 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -38,15 +38,24 @@ Options: Running `docker ps --no-trunc` showing 2 linked containers. - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds 3300-3310/tcp webapp - d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db +```bash +$ docker ps -`docker ps` will show only running containers by default. To see all containers: -`docker ps -a` +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +4c01db0b339c ubuntu:12.04 bash 17 seconds ago Up 16 seconds 3300-3310/tcp webapp +d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db +``` -`docker ps` will group exposed ports into a single range if possible. E.g., a container that exposes TCP ports `100, 101, 102` will display `100-102/tcp` in the `PORTS` column. +The `docker ps` command only shows running containers by default. To see all +containers, use the `-a` (or `--all`) flag: + +```bash +$ docker ps -a +``` + +`docker ps` groups exposed ports into a single range if possible. E.g., a +container that exposes TCP ports `100, 101, 102` displays `100-102/tcp` in +the `PORTS` column. ## Filtering @@ -74,16 +83,22 @@ value. The following filter matches containers with the `color` label regardless of its value. - $ docker ps --filter "label=color" - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 673394ef1d4c busybox "top" 47 seconds ago Up 45 seconds nostalgic_shockley - d85756f57265 busybox "top" 52 seconds ago Up 51 seconds high_albattani +```bash +$ docker ps --filter "label=color" + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +673394ef1d4c busybox "top" 47 seconds ago Up 45 seconds nostalgic_shockley +d85756f57265 busybox "top" 52 seconds ago Up 51 seconds high_albattani +``` The following filter matches containers with the `color` label with the `blue` value. - $ docker ps --filter "label=color=blue" - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - d85756f57265 busybox "top" About a minute ago Up About a minute high_albattani +```bash +$ docker ps --filter "label=color=blue" + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +d85756f57265 busybox "top" About a minute ago Up About a minute high_albattani +``` #### Name @@ -91,49 +106,66 @@ The `name` filter matches on all or part of a container's name. The following filter matches all containers with a name containing the `nostalgic_stallman` string. - $ docker ps --filter "name=nostalgic_stallman" - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9b6247364a03 busybox "top" 2 minutes ago Up 2 minutes nostalgic_stallman +```bash +$ docker ps --filter "name=nostalgic_stallman" + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +9b6247364a03 busybox "top" 2 minutes ago Up 2 minutes nostalgic_stallman +``` You can also filter for a substring in a name as this shows: - $ docker ps --filter "name=nostalgic" - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 715ebfcee040 busybox "top" 3 seconds ago Up 1 seconds i_am_nostalgic - 9b6247364a03 busybox "top" 7 minutes ago Up 7 minutes nostalgic_stallman - 673394ef1d4c busybox "top" 38 minutes ago Up 38 minutes nostalgic_shockley +```bash +$ docker ps --filter "name=nostalgic" + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +715ebfcee040 busybox "top" 3 seconds ago Up 1 seconds i_am_nostalgic +9b6247364a03 busybox "top" 7 minutes ago Up 7 minutes nostalgic_stallman +673394ef1d4c busybox "top" 38 minutes ago Up 38 minutes nostalgic_shockley +``` #### Exited -The `exited` filter matches containers by exist status code. For example, to filter for containers -that have exited successfully: +The `exited` filter matches containers by exist status code. For example, to +filter for containers that have exited successfully: - $ docker ps -a --filter 'exited=0' - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago Exited (0) 2 weeks ago 127.0.0.1:5000->5000/tcp desperate_leakey - 106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani - 48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds +```bash +$ docker ps -a --filter 'exited=0' + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago Exited (0) 2 weeks ago 127.0.0.1:5000->5000/tcp desperate_leakey +106ea823fe4e fedora:latest /bin/sh -c 'bash -l' 2 weeks ago Exited (0) 2 weeks ago determined_albattani +48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds +``` #### Status -The `status` filter matches containers by status. You can filter using `created`, `restarting`, `running`, `paused`, `exited` and `dead`. For example, to filter for `running` containers: +The `status` filter matches containers by status. You can filter using +`created`, `restarting`, `running`, `paused`, `exited` and `dead`. For example, +to filter for `running` containers: - $ docker ps --filter status=running - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 715ebfcee040 busybox "top" 16 minutes ago Up 16 minutes i_am_nostalgic - d5c976d3c462 busybox "top" 23 minutes ago Up 23 minutes top - 9b6247364a03 busybox "top" 24 minutes ago Up 24 minutes nostalgic_stallman +```bash +$ docker ps --filter status=running + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +715ebfcee040 busybox "top" 16 minutes ago Up 16 minutes i_am_nostalgic +d5c976d3c462 busybox "top" 23 minutes ago Up 23 minutes top +9b6247364a03 busybox "top" 24 minutes ago Up 24 minutes nostalgic_stallman +``` To filter for `paused` containers: - $ docker ps --filter status=paused - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 673394ef1d4c busybox "top" About an hour ago Up About an hour (Paused) nostalgic_shockley +```bash +$ docker ps --filter status=paused + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +673394ef1d4c busybox "top" About an hour ago Up About an hour (Paused) nostalgic_shockley +``` #### Ancestor -The `ancestor` filter matches containers based on its image or a descendant of it. The filter supports the -following image representation: +The `ancestor` filter matches containers based on its image or a descendant of +it. The filter supports the following image representation: - image - image:tag @@ -141,74 +173,99 @@ following image representation: - short-id - full-id -If you don't specify a `tag`, the `latest` tag is used. For example, to filter for containers that use the -latest `ubuntu` image: +If you don't specify a `tag`, the `latest` tag is used. For example, to filter +for containers that use the latest `ubuntu` image: - $ docker ps --filter ancestor=ubuntu - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace - 5d1e4a540723 ubuntu-c2 "top" About a minute ago Up About a minute admiring_sammet - 82a598284012 ubuntu "top" 3 minutes ago Up 3 minutes sleepy_bose - bab2a34ba363 ubuntu "top" 3 minutes ago Up 3 minutes focused_yonath +```bash +$ docker ps --filter ancestor=ubuntu -Match containers based on the `ubuntu-c1` image which, in this case, is a child of `ubuntu`: +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace +5d1e4a540723 ubuntu-c2 "top" About a minute ago Up About a minute admiring_sammet +82a598284012 ubuntu "top" 3 minutes ago Up 3 minutes sleepy_bose +bab2a34ba363 ubuntu "top" 3 minutes ago Up 3 minutes focused_yonath +``` - $ docker ps --filter ancestor=ubuntu-c1 - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace +Match containers based on the `ubuntu-c1` image which, in this case, is a child +of `ubuntu`: + +```bash +$ docker ps --filter ancestor=ubuntu-c1 + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +919e1179bdb8 ubuntu-c1 "top" About a minute ago Up About a minute admiring_lovelace +``` Match containers based on the `ubuntu` version `12.04.5` image: - $ docker ps --filter ancestor=ubuntu:12.04.5 - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose +```bash +$ docker ps --filter ancestor=ubuntu:12.04.5 -The following matches containers based on the layer `d0e008c6cf02` or an image that have this layer -in it's layer stack. +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose +``` - $ docker ps --filter ancestor=d0e008c6cf02 - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose +The following matches containers based on the layer `d0e008c6cf02` or an image +that have this layer in it's layer stack. + +```bash +$ docker ps --filter ancestor=d0e008c6cf02 + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose +``` #### Before -The `before` filter shows only containers created before the container with given id or name. For example, -having these containers created: +The `before` filter shows only containers created before the container with +given id or name. For example, having these containers created: - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9c3527ed70ce busybox "top" 14 seconds ago Up 15 seconds desperate_dubinsky - 4aace5031105 busybox "top" 48 seconds ago Up 49 seconds focused_hamilton - 6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat +```bash +$ docker ps + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +9c3527ed70ce busybox "top" 14 seconds ago Up 15 seconds desperate_dubinsky +4aace5031105 busybox "top" 48 seconds ago Up 49 seconds focused_hamilton +6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat +``` Filtering with `before` would give: - $ docker ps -f before=9c3527ed70ce - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 4aace5031105 busybox "top" About a minute ago Up About a minute focused_hamilton - 6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat +```bash +$ docker ps -f before=9c3527ed70ce + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +4aace5031105 busybox "top" About a minute ago Up About a minute focused_hamilton +6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat +``` #### Since -The `since` filter shows only containers created since the container with given id or name. For example, -with the same containers as in `before` filter: +The `since` filter shows only containers created since the container with given +id or name. For example, with the same containers as in `before` filter: - $ docker ps -f since=6e63f6ff38b0 - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 9c3527ed70ce busybox "top" 10 minutes ago Up 10 minutes desperate_dubinsky - 4aace5031105 busybox "top" 10 minutes ago Up 10 minutes focused_hamilton +```bash +$ docker ps -f since=6e63f6ff38b0 + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +9c3527ed70ce busybox "top" 10 minutes ago Up 10 minutes desperate_dubinsky +4aace5031105 busybox "top" 10 minutes ago Up 10 minutes focused_hamilton +``` #### Volume -The `volume` filter shows only containers that mount a specific volume or have a volume mounted in a specific path: +The `volume` filter shows only containers that mount a specific volume or have +a volume mounted in a specific path: - $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" - CONTAINER ID MOUNTS - 9c3527ed70ce remote-volume +```bash +$ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" +CONTAINER ID MOUNTS +9c3527ed70ce remote-volume - $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" - CONTAINER ID MOUNTS - 9c3527ed70ce remote-volume +$ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" +CONTAINER ID MOUNTS +9c3527ed70ce remote-volume +``` #### Network @@ -223,6 +280,7 @@ $ docker run -d --net=net1 --name=test1 ubuntu top $ docker run -d --net=net2 --name=test2 ubuntu top $ docker ps --filter network=net1 + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 ``` @@ -233,51 +291,61 @@ the network id as a filter; ```bash $ docker network inspect --format "{{.ID}}" net1 + 8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 $ docker ps --filter network=8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 ``` ## Formatting -The formatting option (`--format`) will pretty-print container output using a Go template. +The formatting option (`--format`) pretty-prints container output using a Go +template. Valid placeholders for the Go template are listed below: -Placeholder | Description ----- | ---- -`.ID` | Container ID -`.Image` | Image ID -`.Command` | Quoted command -`.CreatedAt` | Time when the container was created. +Placeholder | Description +--------------|---------------------------------------------------------------------------------------------------- +`.ID` | Container ID +`.Image` | Image ID +`.Command` | Quoted command +`.CreatedAt` | Time when the container was created. `.RunningFor` | Elapsed time since the container was started. -`.Ports` | Exposed ports. -`.Status` | Container status. -`.Size` | Container disk size. -`.Names` | Container names. -`.Labels` | All labels assigned to the container. -`.Label` | Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` -`.Mounts` | Names of the volumes mounted in this container. +`.Ports` | Exposed ports. +`.Status` | Container status. +`.Size` | Container disk size. +`.Names` | Container names. +`.Labels` | All labels assigned to the container. +`.Label` | Value of a specific label for this container. For example `'{{.Label "com.docker.swarm.cpu"}}'` +`.Mounts` | Names of the volumes mounted in this container. -When using the `--format` option, the `ps` command will either output the data exactly as the template -declares or, when using the `table` directive, will include column headers as well. +When using the `--format` option, the `ps` command will either output the data +exactly as the template declares or, when using the `table` directive, includes +column headers as well. -The following example uses a template without headers and outputs the `ID` and `Command` -entries separated by a colon for all running containers: +The following example uses a template without headers and outputs the `ID` and +`Command` entries separated by a colon for all running containers: - $ docker ps --format "{{.ID}}: {{.Command}}" - a87ecb4f327c: /bin/sh -c #(nop) MA - 01946d9d34d8: /bin/sh -c #(nop) MA - c1d3b0166030: /bin/sh -c yum -y up - 41d50ecd2f57: /bin/sh -c #(nop) MA +```bash +$ docker ps --format "{{.ID}}: {{.Command}}" + +a87ecb4f327c: /bin/sh -c #(nop) MA +01946d9d34d8: /bin/sh -c #(nop) MA +c1d3b0166030: /bin/sh -c yum -y up +41d50ecd2f57: /bin/sh -c #(nop) MA +``` To list all running containers with their labels in a table format you can use: - $ docker ps --format "table {{.ID}}\t{{.Labels}}" - CONTAINER ID LABELS - a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd - 01946d9d34d8 - c1d3b0166030 com.docker.swarm.node=debian,com.docker.swarm.cpu=6 - 41d50ecd2f57 com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd +```bash +$ docker ps --format "table {{.ID}}\t{{.Labels}}" + +CONTAINER ID LABELS +a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd +01946d9d34d8 +c1d3b0166030 com.docker.swarm.node=debian,com.docker.swarm.cpu=6 +41d50ecd2f57 com.docker.swarm.node=fedora,com.docker.swarm.cpu=3,com.docker.swarm.storage=ssd +``` From d1228a75e1027e3e37a2d96dca1d921a19e060f9 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 12 Jul 2016 20:14:11 -0700 Subject: [PATCH 1599/2538] Extend deprecation cycle to 3 releases by default At the moment docker's deprecation policy is 2 release cycles by default, which is around 5 months. This may not be enough for production environment and there is a need to extend the deprecation cycle to 3 releases (see #24494). This fix updates the docs/deprecated.md and extend the deprecation cycle to 3 releases. This fix is related to #24494 and #24534. This fix fixes #24534. Signed-off-by: Yong Tang --- docs/deprecated.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 0a728d97b8..7fc59ad443 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -13,6 +13,9 @@ weight=80 # Deprecated Engine Features The following list of features are deprecated in Engine. +To learn more about Docker Engine's deprecation policy, +see [Feature Deprecation Policy](index.md#feature-deprecation-policy). + ### Three argument form in `docker import` **Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** @@ -25,7 +28,7 @@ The `docker import` command format 'file|URL|- [REPOSITORY [TAG]]' is deprecated **Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/)** -**Target For Removal In Release: [v1.14.0](https://github.com/docker/docker/releases/)** +**Target For Removal In Release: v1.15** The shorthand (`-h`) is less common than `--help` on Linux and cannot be used on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on @@ -35,14 +38,14 @@ on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on ### `-e` and `--email` flags on `docker login` **Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** -**Target For Removal In Release: v1.13** +**Target For Removal In Release: v1.14** The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. ### Separator (`:`) of `--security-opt` flag on `docker run` **Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** -**Target For Removal In Release: v1.13** +**Target For Removal In Release: v1.14** The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consistency with other similar flags, like `--storage-opt`. @@ -88,7 +91,7 @@ Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. **Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/)** -**Target For Removal In Release: v1.14** +**Target For Removal In Release: v1.15** The `docker search --automated` and `docker search --stars` options are deprecated. Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead. From acf0bc4b9a37af5447544e41292451b4584eb622 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 20 Jul 2016 11:15:08 -0700 Subject: [PATCH 1600/2538] Replace secrets with join tokens Implement the proposal from https://github.com/docker/docker/issues/24430#issuecomment-233100121 Removes acceptance policy and secret in favor of an automatically generated join token that combines the secret, CA hash, and manager/worker role into a single opaque string. Adds a docker swarm join-token subcommand to inspect and rotate the tokens. Signed-off-by: Aaron Lehmann --- contrib/completion/zsh/_docker | 12 +-- docs/reference/commandline/deploy.md | 2 +- docs/reference/commandline/index.md | 6 +- docs/reference/commandline/info.md | 2 +- docs/reference/commandline/node_accept.md | 32 -------- docs/reference/commandline/node_demote.md | 1 - docs/reference/commandline/node_inspect.md | 1 - docs/reference/commandline/node_ls.md | 20 ++--- docs/reference/commandline/node_promote.md | 1 - docs/reference/commandline/node_rm.md | 5 +- docs/reference/commandline/node_update.md | 1 - docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- docs/reference/commandline/swarm_init.md | 73 +++++------------- docs/reference/commandline/swarm_join.md | 53 +++++++------ .../reference/commandline/swarm_join_token.md | 76 +++++++++++++++++++ docs/reference/commandline/swarm_leave.md | 18 ++--- docs/reference/commandline/swarm_update.md | 8 +- 18 files changed, 158 insertions(+), 157 deletions(-) delete mode 100644 docs/reference/commandline/node_accept.md create mode 100644 docs/reference/commandline/swarm_join_token.md diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1d71374a32..724d869837 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1087,7 +1087,7 @@ __docker_service_subcommand() { "($help)--name=[Service name]:name: " "($help)*--network=[Network attachments]:network: " "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: " - "($help)--registry-auth[Send registry authentication details to Swarm agents]" + "($help)--registry-auth[Send registry authentication details to swarm agents]" "($help)--replicas=[Number of tasks]:replicas: " "($help)--reserve-cpu=[Reserve CPUs]:value: " "($help)--reserve-memory=[Reserve Memory]:value: " @@ -1185,11 +1185,11 @@ __docker_service_subcommand() { __docker_swarm_commands() { local -a _docker_swarm_subcommands _docker_swarm_subcommands=( - "init:Initialize a Swarm" - "inspect:Inspect the Swarm" - "join:Join a Swarm as a node and/or manager" - "leave:Leave a Swarm" - "update:Update the Swarm" + "init:Initialize a swarm" + "inspect:Inspect the swarm" + "join:Join a swarm as a node and/or manager" + "leave:Leave a swarm" + "update:Update the swarm" ) _describe -t docker-swarm-commands "docker swarm command" _docker_swarm_subcommands } diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index 9c9a1929e9..c18a8f58bb 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -19,7 +19,7 @@ Create and update a stack from a Distributed Application Bundle (DAB) Options: --file string Path to a Distributed Application Bundle file (Default: STACK.dab) --help Print usage - --registry-auth Send registry authentication details to Swarm agents + --registry-auth Send registry authentication details to swarm agents ``` Create and update a stack from a `dab` file. This command has to be diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 75acb1c7fa..583ddf9f95 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -111,7 +111,6 @@ read the [`dockerd`](dockerd.md) reference page. | Command | Description | |:--------|:-------------------------------------------------------------------| -| [node accept](node_accept.md) | Accept a node into the swarm | | [node promote](node_promote.md) | Promote a node that is pending a promotion to manager | | [node demote](node_demote.md) | Demotes an existing manager so that it is no longer a manager | | [node inspect](node_inspect.md) | Inspect a node in the swarm | @@ -124,10 +123,11 @@ read the [`dockerd`](dockerd.md) reference page. | Command | Description | |:--------|:-------------------------------------------------------------------| -| [swarm init](swarm_init.md) | Initialize a Swarm | -| [swarm join](swarm_join.md) | Join a Swarm as a manager node or worker node | +| [swarm init](swarm_init.md) | Initialize a swarm | +| [swarm join](swarm_join.md) | Join a swarm as a manager node or worker node | | [swarm leave](swarm_leave.md) | Remove the current node from the swarm | | [swarm update](swarm_update.md) | Update attributes of a swarm | +| [swarm join-token](swarm_join_token.md) | Display or rotate join tokens | ### Swarm service commands diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 7d0743554f..04ccc8ed67 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -38,7 +38,7 @@ available on the volume where `/var/lib/docker` is mounted. ## Display Docker system information Here is a sample output for a daemon running on Ubuntu, using the overlay -storage driver and a node that is part of a 2 node Swarm cluster: +storage driver and a node that is part of a 2 node swarm cluster: $ docker -D info Containers: 14 diff --git a/docs/reference/commandline/node_accept.md b/docs/reference/commandline/node_accept.md deleted file mode 100644 index 73676c086c..0000000000 --- a/docs/reference/commandline/node_accept.md +++ /dev/null @@ -1,32 +0,0 @@ - - -# node accept - -```markdown -Usage: docker node accept NODE [NODE...] - -Accept a node in the swarm - -Options: - --help Print usage -``` - -Accept a node into the swarm. This command targets a docker engine that is a manager in the swarm cluster. - - -```bash -$ docker node accept -``` - -## Related information - -* [node promote](node_promote.md) -* [node demote](node_demote.md) diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index 5d765adfaf..a1baff0e50 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -29,5 +29,4 @@ $ docker node demote ## Related information -* [node accept](node_accept.md) * [node promote](node_promote.md) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index a565bb3af0..6cba8ece37 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -41,7 +41,6 @@ Example output: "UpdatedAt": "2016-06-16T22:52:45.230878043Z", "Spec": { "Role": "manager", - "Membership": "accepted", "Availability": "active" }, "Description": { diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index fee03cc588..f446568b3c 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -30,10 +30,10 @@ Lists all the nodes that the Docker Swarm manager knows about. You can filter us Example output: $ docker node ls - ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER - 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Accepted Ready Active - 38ciaotwjuritcdtn9npbnkuz swarm-worker1 Accepted Ready Active - e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Accepted Ready Active Reachable Yes + ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS + 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active + 38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active + e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader ## Filtering @@ -54,16 +54,16 @@ The `name` filter matches on all or part of a node name. The following filter matches the node with a name equal to `swarm-master` string. $ docker node ls -f name=swarm-manager1 - ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER - e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Accepted Ready Active Reachable Yes + ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS + e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader ### id The `id` filter matches all or part of a node's id. $ docker node ls -f id=1 - ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER - 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Accepted Ready Active + ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS + 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active #### label @@ -75,8 +75,8 @@ The following filter matches nodes with the `usage` label regardless of its valu ```bash $ docker node ls -f "label=foo" -ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER -1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Accepted Ready Active +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active ``` diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md index 884fee8fc9..b507e7d489 100644 --- a/docs/reference/commandline/node_promote.md +++ b/docs/reference/commandline/node_promote.md @@ -28,5 +28,4 @@ $ docker node promote ## Related information -* [node accept](node_accept.md) * [node demote](node_demote.md) diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index f03f8a19ad..1ed6a39336 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -23,14 +23,13 @@ Options: --help Print usage ``` -Removes specified nodes from a swarm. Rejects nodes with `Pending` -membership from the swarm. +Removes specified nodes from a swarm. Example output: $ docker node rm swarm-node-02 - Node swarm-node-02 removed from Swarm + Node swarm-node-02 removed from swarm ## Related information diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index f90b40cc97..479db326c1 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -21,7 +21,6 @@ Options: --help Print usage --label-add value Add or update a node label (key=value) (default []) --label-rm value Remove a node label if exists (default []) - --membership string Membership of the node (accepted/rejected) --role string Role of the node (worker/manager) ``` diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 3d81286c4d..795ee395e8 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -31,7 +31,7 @@ Options: --name string Service name --network value Network attachments (default []) -p, --publish value Publish a port as a node port (default []) - --registry-auth Send registry authentication details to Swarm agents + --registry-auth Send registry authentication details to swarm agents --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) --reserve-memory value Reserve Memory (default 0 B) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 7796d8d0b5..f834ac4b31 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -38,7 +38,7 @@ Options: --network-rm value Remove a network by name (default []) --publish-add value Add or update a published port (default []) --publish-rm value Remove a published port by its target port (default []) - --registry-auth Send registry authentication details to Swarm agents + --registry-auth Send registry authentication details to swarm agents --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) --reserve-memory value Reserve Memory (default 0 B) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index e7f8f3f166..c7575047af 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -14,74 +14,43 @@ parent = "smn_cli" ```markdown Usage: docker swarm init [OPTIONS] -Initialize a Swarm +Initialize a swarm Options: - --auto-accept value Auto acceptance policy (default worker) --cert-expiry duration Validity period for node certificates (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --external-ca value Specifications of one or more certificate signing endpoints --force-new-cluster Force create a new cluster from current state. --help Print usage --listen-addr value Listen address (default 0.0.0.0:2377) - --secret string Set secret value needed to accept nodes into cluster --task-history-limit int Task history retention limit (default 10) ``` -Initialize a Swarm cluster. The docker engine targeted by this command becomes a manager -in the newly created one node Swarm cluster. +Initialize a swarm cluster. The docker engine targeted by this command becomes a manager +in the newly created one node swarm cluster. ```bash $ docker swarm init --listen-addr 192.168.99.121:2377 -No --secret provided. Generated random secret: - 4ao565v9jsuogtq5t8s379ulb - -Swarm initialized: current node (1ujecd0j9n3ro9i6628smdmth) is now a manager. +Swarm initialized: current node (bvz81updecsj6wjz393c09vti) is now a manager. To add a worker to this swarm, run the following command: - docker swarm join --secret 4ao565v9jsuogtq5t8s379ulb \ - --ca-hash sha256:07ce22bd1a7619f2adc0d63bd110479a170e7c4e69df05b67a1aa2705c88ef09 \ - 192.168.99.121:2377 -$ docker node ls -ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER -1ujecd0j9n3ro9i6628smdmth * manager1 Accepted Ready Active Reachable Yes + docker swarm join \ + --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \ + 172.17.0.2:2377 + +To add a manager to this swarm, run the following command: + docker swarm join \ + --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 \ + 172.17.0.2:2377 ``` -If a secret for joining new nodes is not provided with `--secret`, `docker swarm init` will -generate a random one and print it to the terminal (as seen in the example above). To initialize -a swarm with no secret, use `--secret ""`. +`docker swarm init` generates two random tokens, a worker token and a manager token. When you join +a new node to the swarm, the node joins as a worker or manager node based upon the token you pass +to [swarm join](swarm_join.md). -### `--auto-accept value` - -This flag controls node acceptance into the cluster. By default, `worker` nodes are -automatically accepted by the cluster. This can be changed by specifying what kinds of nodes -can be auto-accepted into the cluster. If auto-accept is not turned on, then -[node accept](node_accept.md) can be used to explicitly accept a node into the cluster. - -For example, the following initializes a cluster with auto-acceptance of workers, but not managers - - -```bash -$ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker -``` - -It is possible to pass a comma-separated list of node types. The following initializes a cluster -with auto-acceptance of both `worker` and `manager` nodes - -```bash -$ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept worker,manager -``` - -To disable auto acceptance, use the `none` option. Note that this option cannot -be combined with other values. When disabling auto acceptance, nodes must be -manually accepted or rejected using `docker node accept` or `docker node rm`. - -The following example enables swarm mode with auto acceptance disabled: - -```bash -$ docker swarm init --listen-addr 192.168.99.121:2377 --auto-accept none -``` +After you create the swarm, you can display or rotate the token using +[swarm join-token](swarm_join_token.md). ### `--cert-expiry` @@ -105,11 +74,7 @@ This flag forces an existing node that was part of a quorum that was lost to res ### `--listen-addr value` -The node listens for inbound Swarm manager traffic on this IP:PORT - -### `--secret string` - -Secret value needed to accept nodes into the Swarm +The node listens for inbound swarm manager traffic on this IP:PORT ### `--task-history-limit` @@ -120,5 +85,5 @@ This flag sets up task history retention limit. * [swarm join](swarm_join.md) * [swarm leave](swarm_leave.md) * [swarm update](swarm_update.md) -* [node accept](node_accept.md) +* [swarm join-token](swarm_join_token.md) * [node rm](node_rm.md) diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 0499b10894..a8edc348d7 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -14,55 +14,54 @@ parent = "smn_cli" ```markdown Usage: docker swarm join [OPTIONS] HOST:PORT -Join a Swarm as a node and/or manager +Join a swarm as a node and/or manager Options: - --ca-hash string Hash of the Root Certificate Authority certificate used for trusted join --help Print usage --listen-addr value Listen address (default 0.0.0.0:2377) - --manager Try joining as a manager. - --secret string Secret for node acceptance + --token string Token for entry into the swarm ``` -Join a node to a Swarm cluster. If the `--manager` flag is specified, the docker engine -targeted by this command becomes a `manager`. If it is not specified, it becomes a `worker`. +Join a node to a swarm. The node joins as a manager node or worker node based upon the token you +pass with the `--token` flag. If you pass a manager token, the node joins as a manager. If you +pass a worker token, the node joins as a worker. ### Join a node to swarm as a manager +The example below demonstrates joining a manager node using a manager token. + ```bash -$ docker swarm join --secret 4ao565v9jsuogtq5t8s379ulb --manager --listen-addr 192.168.99.122:2377 192.168.99.121:2377 -This node joined a Swarm as a manager. +$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 --listen-addr 192.168.99.122:2377 192.168.99.121:2377 +This node joined a swarm as a manager. $ docker node ls -ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER -dkp8vy1dq1kxleu9g4u78tlag * manager2 Accepted Ready Active Reachable -dvfxp4zseq4s0rih1selh0d20 manager1 Accepted Ready Active Reachable Yes +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +dkp8vy1dq1kxleu9g4u78tlag * manager2 Ready Active Reachable +dvfxp4zseq4s0rih1selh0d20 manager1 Ready Active Leader ``` +A cluster should only have 3-7 managers at most, because a majority of managers must be available +for the cluster to function. Nodes that aren't meant to participate in this management quorum +should join as workers instead. Managers should be stable hosts that have static IP addresses. + ### Join a node to swarm as a worker +The example below demonstrates joining a worker node using a worker token. + ```bash -$ docker swarm join --secret 4ao565v9jsuogtq5t8s379ulb --listen-addr 192.168.99.123:2377 192.168.99.121:2377 -This node joined a Swarm as a worker. +$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx --listen-addr 192.168.99.123:2377 192.168.99.121:2377 +This node joined a swarm as a worker. $ docker node ls -ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER -7ln70fl22uw2dvjn2ft53m3q5 worker2 Accepted Ready Active -dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachable -dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +7ln70fl22uw2dvjn2ft53m3q5 worker2 Ready Active +dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active Reachable +dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader ``` -### `--ca-hash` - -Hash of the Root Certificate Authority certificate used for trusted join. - ### `--listen-addr value` -The node listens for inbound Swarm manager traffic on this IP:PORT +The node listens for inbound swarm manager traffic on this IP:PORT -### `--manager` - -Joins the node as a manager - -### `--secret string` +### `--token string` Secret value required for nodes to join the swarm diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md new file mode 100644 index 0000000000..1355f70ba1 --- /dev/null +++ b/docs/reference/commandline/swarm_join_token.md @@ -0,0 +1,76 @@ + + +# swarm join-token + +```markdown +Usage: docker swarm join-token [--rotate] (worker|manager) + +Manage join tokens + +Options: + --help Print usage + -q, --quiet Only display token + --rotate Rotate join token +``` + +Join tokens are secrets that determine whether or not a node will join the swarm as a manager node +or a worker node. You pass the token using the `--token flag` when you run +[swarm join](swarm_join.md). You can access the current tokens or rotate the tokens using +`swarm join-token`. + +Run with only a single `worker` or `manager` argument, it will print a command for joining a new +node to the swarm, including the necessary token: + +```bash +$ docker swarm join-token worker +To add a worker to this swarm, run the following command: + docker swarm join \ + --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \ + 172.17.0.2:2377 + +$ docker swarm join-token manager +To add a manager to this swarm, run the following command: + docker swarm join \ + --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 \ + 172.17.0.2:2377 +``` + +Use the `--rotate` flag to generate a new join token for the specified role: + +```bash +$ docker swarm join-token --rotate worker +To add a worker to this swarm, run the following command: + docker swarm join \ + --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t \ + 172.17.0.2:2377 +``` + +After using `--rotate`, only the new token will be valid for joining with the specified role. + +The `-q` (or `--quiet`) flag only prints the token: + +```bash +$ docker swarm join-token -q worker +SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t +``` + +### `--rotate` + +Update the join token for a specified role with a new token and print the token. + +### `--quiet` + +Only print the token. Do not print a complete command for joining. + +## Related information + +* [swarm join](swarm_join.md) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index ffae0d6ab1..e838097c80 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -14,7 +14,7 @@ parent = "smn_cli" ```markdown Usage: docker swarm leave [OPTIONS] -Leave a Swarm +Leave a swarm Options: --force Force leave ignoring warnings. @@ -26,10 +26,10 @@ This command causes the node to leave the swarm. On a manager node: ```bash $ docker node ls -ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER -7ln70fl22uw2dvjn2ft53m3q5 worker2 Accepted Ready Active -dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachable -dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +7ln70fl22uw2dvjn2ft53m3q5 worker2 Ready Active +dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active Reachable +dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader ``` On a worker node: @@ -41,10 +41,10 @@ Node left the default swarm. On a manager node: ```bash $ docker node ls -ID HOSTNAME MEMBERSHIP STATUS AVAILABILITY MANAGER STATUS LEADER -7ln70fl22uw2dvjn2ft53m3q5 worker2 Accepted Down Active -dkp8vy1dq1kxleu9g4u78tlag worker1 Accepted Ready Active Reachable -dvfxp4zseq4s0rih1selh0d20 * manager1 Accepted Ready Active Reachable Yes +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +7ln70fl22uw2dvjn2ft53m3q5 worker2 Down Active +dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active Reachable +dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader ``` ## Related information diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 8ab715e278..6a5eb7305f 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -14,23 +14,21 @@ parent = "smn_cli" ```markdown Usage: docker swarm update [OPTIONS] -Update the Swarm +Update the swarm Options: - --auto-accept value Auto acceptance policy (worker, manager or none) --cert-expiry duration Validity period for node certificates (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --external-ca value Specifications of one or more certificate signing endpoints --help Print usage - --secret string Set secret value needed to accept nodes into cluster --task-history-limit int Task history retention limit (default 10) ``` -Updates a Swarm cluster with new parameter values. This command must target a manager node. +Updates a swarm cluster with new parameter values. This command must target a manager node. ```bash -$ docker swarm update --auto-accept manager +$ docker swarm update --cert-expirty 4000h0m0s ``` ## Related information From 6a891c67fd87175436b53f74210cb92ee7556eb6 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 22 Jul 2016 09:43:08 +0100 Subject: [PATCH 1601/2538] Make README less scabious Signed-off-by: Justin Cormack --- man/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/README.md b/man/README.md index 4b6f90b2a0..82dac650f9 100644 --- a/man/README.md +++ b/man/README.md @@ -8,7 +8,7 @@ Do *not* edit the man pages in the man1 directory. Instead, update the Cobra command or amend the Markdown files for legacy pages. -## Generate the mange pages +## Generate the man pages From within the project root directory run: From 6eef41333d82aaedcaaf935f090d16df919a3aa3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 22 Jul 2016 13:09:09 +0200 Subject: [PATCH 1602/2538] remove "secrets" from completion scripts Swarm join has been changed in f5e1f6f6880391a5a3399023cf93a3c48502e57d, removing various options and the "node accept" command. This removes the removed options from the completion scripts. NOTE: a new command ("docker swarm join-token") was also added, but is not part of this commit. Signed-off-by: Sebastiaan van Stijn --- contrib/completion/bash/docker | 38 ++++++---------------------------- contrib/completion/zsh/_docker | 18 +++++----------- 2 files changed, 11 insertions(+), 45 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a387e4137d..a2d606b437 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1832,24 +1832,17 @@ _docker_swarm() { _docker_swarm_init() { case "$prev" in - --auto-accept) - COMPREPLY=( $( compgen -W "manager none worker" -- "$cur" ) ) - return - ;; --listen-addr) if [[ $cur == *: ]] ; then COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) fi return ;; - --secret) - return - ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--auto-accept --force-new-cluster --help --listen-addr --secret" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force-new-cluster --help --listen-addr" -- "$cur" ) ) ;; esac } @@ -1870,7 +1863,7 @@ _docker_swarm_inspect() { _docker_swarm_join() { case "$prev" in - --ca-hash|--secret) + --token) return ;; --listen-addr) @@ -1883,7 +1876,7 @@ _docker_swarm_join() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--ca-hash --help --listen-addr --manager --secret" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --listen-addr --token" -- "$cur" ) ) ;; *:) COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) @@ -1901,25 +1894,20 @@ _docker_swarm_leave() { _docker_swarm_update() { case "$prev" in - --auto-accept) - COMPREPLY=( $( compgen -W "manager none worker" -- "$cur" ) ) - return - ;; - --cert-expiry|--dispatcher-heartbeat|--secret|--task-history-limit) + --cert-expiry|--dispatcher-heartbeat|--task-history-limit) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--auto-accept --cert-expiry --dispatcher-heartbeat --help --secret --task-history-limit" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--cert-expiry --dispatcher-heartbeat --help --task-history-limit" -- "$cur" ) ) ;; esac } _docker_node() { local subcommands=" - accept demote inspect ls list @@ -1940,16 +1928,6 @@ _docker_node() { esac } -_docker_node_accept() { - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) - ;; - *) - __docker_complete_nodes --id --filter membership=pending - esac -} - _docker_node_demote() { case "$cur" in -*) @@ -2072,10 +2050,6 @@ _docker_node_update() { COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) ) return ;; - --membership) - COMPREPLY=( $( compgen -W "accepted rejected" -- "$cur" ) ) - return - ;; --role) COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) ) return @@ -2087,7 +2061,7 @@ _docker_node_update() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--availability --help --label-add --label-rm --membership --role" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--availability --help --label-add --label-rm --role" -- "$cur" ) ) ;; *) __docker_complete_nodes diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 724d869837..4a947c6685 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -782,7 +782,6 @@ __docker_complete_worker_nodes() { __docker_node_commands() { local -a _docker_node_subcommands _docker_node_subcommands=( - "accept:Accept a node in the swarm" "demote:Demote a node as manager in the swarm" "inspect:Display detailed information on one or more nodes" "ls:List nodes in the swarm" @@ -802,7 +801,7 @@ __docker_node_subcommand() { opts_help=("(: -)--help[Print usage]") case "$words[1]" in - (accept|rm|remove) + (rm|remove) _arguments $(__docker_arguments) \ $opts_help \ "($help -)*:node:__docker_complete_pending_nodes" && ret=0 @@ -854,7 +853,6 @@ __docker_node_subcommand() { "($help)--availability=[Availability of the node]:availability:(active pause drain)" \ "($help)*--label-add=[Add or update a node label]:key=value: " \ "($help)*--label-rm=[Remove a node label if exists]:label: " \ - "($help)--membership=[Membership of the node]:membership:(accepted rejected)" \ "($help)--role=[Role of the node]:role:(manager worker)" \ "($help -)1:node:__docker_complete_nodes" && ret=0 ;; @@ -1205,11 +1203,9 @@ __docker_swarm_subcommand() { (init) _arguments $(__docker_arguments) \ $opts_help \ - "($help)--auto-accept=[Acceptance policy]:policy:(manager none worker)" \ "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ "($help)--force-new-cluster[Force create a new cluster from current state]" \ - "($help)--listen-addr[Listen address]:ip\:port: " \ - "($help)--secret[Set secret value needed to accept nodes into cluster]:secret: " && ret=0 + "($help)--listen-addr=[Listen address]:ip\:port: " && ret=0 ;; (inspect) _arguments $(__docker_arguments) \ @@ -1219,10 +1215,8 @@ __docker_swarm_subcommand() { (join) _arguments $(__docker_arguments) \ $opts_help \ - "($help)--ca-hash=[Hash of the Root Certificate Authority certificate used for trusted join]:hash: " \ - "($help)--listen-addr[Listen address]:ip\:port: " \ - "($help)--manager[Try joining as a manager]" \ - "($help)--secret[Secret for node acceptance]:secret: " \ + "($help)--listen-addr=[Listen address]:ip\:port: " \ + "($help)--token=[Token for entry into the swarm]:secret: " \ "($help -):host\:port: " && ret=0 ;; (leave) @@ -1232,11 +1226,9 @@ __docker_swarm_subcommand() { (update) _arguments $(__docker_arguments) \ $opts_help \ - "($help)--auto-accept=[Acceptance policy]:policy:(manager none worker)" \ "($help)--cert-expiry=[Validity period for node certificates]:duration: " \ "($help)--dispatcher-heartbeat=[Dispatcher heartbeat period]:duration: " \ - "($help)--secret[Set secret value needed to accept nodes into cluster]:secret: " \ - "($help)--task-history-limit[Task history retention limit]:limit: " && ret=0 + "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0 ;; (help) _arguments $(__docker_arguments) ":subcommand:__docker_network_commands" && ret=0 From 2f9e9bcbaa44ba94508a5891d220d0cad02104d1 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 22 Jul 2016 10:38:56 +0200 Subject: [PATCH 1603/2538] Append --registry-auth with with `--with-registry-auth` is more explicit. Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 2 +- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/deploy.md | 6 +++--- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- experimental/docker-stacks-and-bundles.md | 6 +++--- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a2d606b437..f3f47b8042 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1733,7 +1733,7 @@ _docker_service_update() { local boolean_options=" --help - --registry-auth + --with-registry-auth " __docker_complete_log_driver_options && return diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4a947c6685..8ccf34b476 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1085,7 +1085,6 @@ __docker_service_subcommand() { "($help)--name=[Service name]:name: " "($help)*--network=[Network attachments]:network: " "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: " - "($help)--registry-auth[Send registry authentication details to swarm agents]" "($help)--replicas=[Number of tasks]:replicas: " "($help)--reserve-cpu=[Reserve CPUs]:value: " "($help)--reserve-memory=[Reserve Memory]:value: " @@ -1097,6 +1096,7 @@ __docker_service_subcommand() { "($help)--update-delay=[Delay between updates]:delay: " "($help)--update-parallelism=[Maximum number of tasks updated simultaneously]:number: " "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" + "($help)--with-registry-auth[Send registry authentication details to swarm agents]" "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" ) diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index c18a8f58bb..908131e4bb 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -17,9 +17,9 @@ Usage: docker deploy [OPTIONS] STACK Create and update a stack from a Distributed Application Bundle (DAB) Options: - --file string Path to a Distributed Application Bundle file (Default: STACK.dab) - --help Print usage - --registry-auth Send registry authentication details to swarm agents + --file string Path to a Distributed Application Bundle file (Default: STACK.dab) + --help Print usage + --with-registry-auth Send registry authentication details to swarm agents ``` Create and update a stack from a `dab` file. This command has to be diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 795ee395e8..c265205c09 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -31,7 +31,6 @@ Options: --name string Service name --network value Network attachments (default []) -p, --publish value Publish a port as a node port (default []) - --registry-auth Send registry authentication details to swarm agents --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) --reserve-memory value Reserve Memory (default 0 B) @@ -43,6 +42,7 @@ Options: --update-delay duration Delay between updates --update-parallelism uint Maximum number of tasks updated simultaneously -u, --user string Username or UID + --with-registry-auth Send registry authentication details to Swarm agents -w, --workdir string Working directory inside the container ``` diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index f834ac4b31..25817e115c 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -38,7 +38,6 @@ Options: --network-rm value Remove a network by name (default []) --publish-add value Add or update a published port (default []) --publish-rm value Remove a published port by its target port (default []) - --registry-auth Send registry authentication details to swarm agents --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) --reserve-memory value Reserve Memory (default 0 B) @@ -50,6 +49,7 @@ Options: --update-delay duration Delay between updates --update-parallelism uint Maximum number of tasks updated simultaneously -u, --user string Username or UID + --with-registry-auth Send registry authentication details to Swarm agents -w, --workdir string Working directory inside the container ``` diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 5145362b09..6ca37a4934 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -44,9 +44,9 @@ Usage: docker deploy [OPTIONS] STACK Create and update a stack Options: - --file string Path to a Distributed Application Bundle file (Default: STACK.dab) - --help Print usage - --registry-auth Send registry authentication details to Swarm agents + --file string Path to a Distributed Application Bundle file (Default: STACK.dab) + --help Print usage + --with-registry-auth Send registry authentication details to Swarm agents ``` Let's deploy the stack created before: From a35ae076b48fb7afbd1ccff535fd8ff57fa11517 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 22 Jul 2016 17:39:55 +0200 Subject: [PATCH 1604/2538] bash completion for `docker swarm join-token` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f3f47b8042..c220ac05d8 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1815,6 +1815,7 @@ _docker_swarm() { init inspect join + join-token leave update " @@ -1884,6 +1885,20 @@ _docker_swarm_join() { esac } +_docker_swarm_join-token() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) ) + ;; + *) + local counter=$( __docker_pos_first_nonflag ) + if [ $cword -eq $counter ]; then + COMPREPLY=( $( compgen -W "manager worker" -- "$cur" ) ) + fi + ;; + esac +} + _docker_swarm_leave() { case "$cur" in -*) From 2a87a358d412ea6ff1fa0fbc62025cbf53d66940 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 22 Jul 2016 13:13:30 +0200 Subject: [PATCH 1605/2538] Remove "secrets" leftovers from docs f5e1f6f6880391a5a3399023cf93a3c48502e57d replaced "secrets" with "join tokens", which also removed the "auto-accept" policy. This removes some remaining references to those features. Note that there are other references, but those are already addressed in another pull request. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/node_ls.md | 30 +++++++++++++++++---------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index f446568b3c..0118342a67 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -29,12 +29,14 @@ Lists all the nodes that the Docker Swarm manager knows about. You can filter us Example output: - $ docker node ls - ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS - 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active - 38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active - e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader +```bash +$ docker node ls +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active +38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active +e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader +``` ## Filtering @@ -53,18 +55,23 @@ The `name` filter matches on all or part of a node name. The following filter matches the node with a name equal to `swarm-master` string. - $ docker node ls -f name=swarm-manager1 - ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS - e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader +```bash +$ docker node ls -f name=swarm-manager1 + +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader +``` ### id The `id` filter matches all or part of a node's id. - $ docker node ls -f id=1 - ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS - 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active +```bash +$ docker node ls -f id=1 +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active +``` #### label @@ -75,6 +82,7 @@ The following filter matches nodes with the `usage` label regardless of its valu ```bash $ docker node ls -f "label=foo" + ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active ``` From 012fa2fd1bc3a28bb5c541ded44b9fab91043f14 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Fri, 22 Jul 2016 19:07:10 -0700 Subject: [PATCH 1606/2538] Update --update-parallelism docs Update documentation to account for the changes in #24952. docs/swarm/swarm-tutorial/rolling-update.md doesn't need any changes, but the CLI reference pages should show the current help text. drain-node.md no longer needs to specify --update-parallelism 1 in its example. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index c265205c09..d5df309bbb 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -40,7 +40,7 @@ Options: --restart-window value Window used to evaluate the restart policy (default none) --stop-grace-period value Time to wait before force killing a container (default none) --update-delay duration Delay between updates - --update-parallelism uint Maximum number of tasks updated simultaneously + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) -u, --user string Username or UID --with-registry-auth Send registry authentication details to Swarm agents -w, --workdir string Working directory inside the container diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 25817e115c..2405dd4090 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -47,7 +47,7 @@ Options: --restart-window value Window used to evaluate the restart policy (default none) --stop-grace-period value Time to wait before force killing a container (default none) --update-delay duration Delay between updates - --update-parallelism uint Maximum number of tasks updated simultaneously + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) -u, --user string Username or UID --with-registry-auth Send registry authentication details to Swarm agents -w, --workdir string Working directory inside the container From 871366c8b4445b949187f93a230a4a404500f369 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sun, 24 Jul 2016 11:13:06 +0200 Subject: [PATCH 1607/2538] Update swarm init task-history-limit docs Signed-off-by: Vincent Demeester --- docs/reference/commandline/swarm_init.md | 2 +- docs/reference/commandline/swarm_update.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index c7575047af..452071b7b5 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -23,7 +23,7 @@ Options: --force-new-cluster Force create a new cluster from current state. --help Print usage --listen-addr value Listen address (default 0.0.0.0:2377) - --task-history-limit int Task history retention limit (default 10) + --task-history-limit int Task history retention limit (default 5) ``` Initialize a swarm cluster. The docker engine targeted by this command becomes a manager diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 6a5eb7305f..f72e13c1f5 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -21,7 +21,7 @@ Options: --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --external-ca value Specifications of one or more certificate signing endpoints --help Print usage - --task-history-limit int Task history retention limit (default 10) + --task-history-limit int Task history retention limit (default 5) ``` Updates a swarm cluster with new parameter values. This command must target a manager node. From 18cd5ac352d6dbb5d538a7bcf0e96ef160618d3b Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 30 Jun 2016 18:07:35 -0700 Subject: [PATCH 1608/2538] Split advertised address from listen address There are currently problems with "swarm init" and "swarm join" when an explicit --listen-addr flag is not provided. swarmkit defaults to finding the IP address associated with the default route, and in cloud setups this is often the wrong choice. Introduce a notion of "advertised address", with the client flag --advertise-addr, and the daemon flag --swarm-default-advertise-addr to provide a default. The default listening address is now 0.0.0.0, but a valid advertised address must be detected or specified. If no explicit advertised address is specified, error out if there is more than one usable candidate IP address on the system. This requires a user to explicitly choose instead of letting swarmkit make the wrong choice. For the purposes of this autodetection, we ignore certain interfaces that are unlikely to be relevant (currently docker*). The user is also required to choose a listen address on swarm init if they specify an explicit advertise address that is a hostname or an IP address that's not local to the system. This is a requirement for overlay networking. Also support specifying interface names to --listen-addr, --advertise-addr, and the daemon flag --swarm-default-advertise-addr. This will fail if the interface has multiple IP addresses (unless it has a single IPv4 address and a single IPv6 address - then we resolve the tie in favor of IPv4). This change also exposes the node's externally-reachable address in docker info, as requested by #24017. Make corresponding API and CLI docs changes. Signed-off-by: Aaron Lehmann --- contrib/completion/bash/docker | 16 +++++++-- contrib/completion/zsh/_docker | 2 ++ docs/reference/commandline/dockerd.md | 3 ++ docs/reference/commandline/swarm_init.md | 29 +++++++++++++--- docs/reference/commandline/swarm_join.md | 42 ++++++++++++++++++++---- man/dockerd.8.md | 6 ++++ 6 files changed, 86 insertions(+), 12 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c220ac05d8..f3fd9eac6c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1839,11 +1839,17 @@ _docker_swarm_init() { fi return ;; + --advertise-addr) + if [[ $cur == *: ]] ; then + COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) + fi + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--force-new-cluster --help --listen-addr" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--advertise-addr --force-new-cluster --help --listen-addr" -- "$cur" ) ) ;; esac } @@ -1873,11 +1879,17 @@ _docker_swarm_join() { fi return ;; + --advertise-addr) + if [[ $cur == *: ]] ; then + COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) + fi + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --listen-addr --token" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--adveritse-addr --help --listen-addr --token" -- "$cur" ) ) ;; *:) COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8ccf34b476..bf85d10e6d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1203,6 +1203,7 @@ __docker_swarm_subcommand() { (init) _arguments $(__docker_arguments) \ $opts_help \ + "($help)--advertise-addr[Advertised address]:ip\:port: " \ "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ "($help)--force-new-cluster[Force create a new cluster from current state]" \ "($help)--listen-addr=[Listen address]:ip\:port: " && ret=0 @@ -1215,6 +1216,7 @@ __docker_swarm_subcommand() { (join) _arguments $(__docker_arguments) \ $opts_help \ + "($help)--advertise-addr[Advertised address]:ip\:port: " \ "($help)--listen-addr=[Listen address]:ip\:port: " \ "($help)--token=[Token for entry into the swarm]:secret: " \ "($help -):host\:port: " && ret=0 diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 8581ec095f..029d6cbf92 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -69,6 +69,7 @@ Options: -s, --storage-driver Storage driver to use --selinux-enabled Enable selinux support --storage-opt=[] Storage driver options + --swarm-default-advertise-addr Set default address or interface for swarm advertised address --tls Use TLS; implied by --tlsverify --tlscacert=~/.docker/ca.pem Trust certs signed only by this CA --tlscert=~/.docker/cert.pem Path to TLS certificate file @@ -1042,6 +1043,7 @@ This is a full example of the allowed configuration options on Linux: "tlscacert": "", "tlscert": "", "tlskey": "", + "swarm-default-advertise-addr": "", "api-cors-header": "", "selinux-enabled": false, "userns-remap": "", @@ -1112,6 +1114,7 @@ This is a full example of the allowed configuration options on Windows: "tlscacert": "", "tlscert": "", "tlskey": "", + "swarm-default-advertise-addr": "", "group": "", "default-ulimits": {}, "bridge": "", diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 452071b7b5..8d9687abce 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -17,12 +17,13 @@ Usage: docker swarm init [OPTIONS] Initialize a swarm Options: + --advertise-addr value Advertised address (format: [:port]) --cert-expiry duration Validity period for node certificates (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --external-ca value Specifications of one or more certificate signing endpoints --force-new-cluster Force create a new cluster from current state. --help Print usage - --listen-addr value Listen address (default 0.0.0.0:2377) + --listen-addr value Listen address (format: [:port]) --task-history-limit int Task history retention limit (default 5) ``` @@ -31,7 +32,7 @@ in the newly created one node swarm cluster. ```bash -$ docker swarm init --listen-addr 192.168.99.121:2377 +$ docker swarm init --advertise-addr 192.168.99.121 Swarm initialized: current node (bvz81updecsj6wjz393c09vti) is now a manager. To add a worker to this swarm, run the following command: @@ -70,11 +71,31 @@ The URL specifies the endpoint where signing requests should be submitted. ### `--force-new-cluster` -This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data +This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data. ### `--listen-addr value` -The node listens for inbound swarm manager traffic on this IP:PORT +The node listens for inbound Swarm manager traffic on this address. The default is to listen on +0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's +address; for example `--listen-addr eth0:2377`. + +Specifying a port is optional. If the value is a bare IP address, hostname, or interface +name, the default port 2377 will be used. + +### `--advertise-addr value` + +This flag specifies the address that will be advertised to other members of the +swarm for API access and overlay networking. If unspecified, Docker will check +if the system has a single IP address, and use that IP address with with the +listening port (see `--listen-addr`). If the system has multiple IP addresses, +`--advertise-addr` must be specified so that the correct address is chosen for +inter-manager communication and overlay networking. + +It is also possible to specify a network interface to advertise that interface's address; +for example `--advertise-addr eth0:2377`. + +Specifying a port is optional. If the value is a bare IP address, hostname, or interface +name, the default port 2377 will be used. ### `--task-history-limit` diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index a8edc348d7..42638c09ae 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -17,9 +17,10 @@ Usage: docker swarm join [OPTIONS] HOST:PORT Join a swarm as a node and/or manager Options: - --help Print usage - --listen-addr value Listen address (default 0.0.0.0:2377) - --token string Token for entry into the swarm + --advertise-addr value Advertised address (format: [:port]) + --help Print usage + --listen-addr value Listen address + --token string Token for entry into the swarm ``` Join a node to a swarm. The node joins as a manager node or worker node based upon the token you @@ -31,7 +32,7 @@ pass a worker token, the node joins as a worker. The example below demonstrates joining a manager node using a manager token. ```bash -$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 --listen-addr 192.168.99.122:2377 192.168.99.121:2377 +$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 192.168.99.121:2377 This node joined a swarm as a manager. $ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS @@ -48,7 +49,7 @@ should join as workers instead. Managers should be stable hosts that have static The example below demonstrates joining a worker node using a worker token. ```bash -$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx --listen-addr 192.168.99.123:2377 192.168.99.121:2377 +$ docker swarm join --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx 192.168.99.121:2377 This node joined a swarm as a worker. $ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS @@ -59,7 +60,36 @@ dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader ### `--listen-addr value` -The node listens for inbound swarm manager traffic on this IP:PORT +If the node is a manager, it will listen for inbound Swarm manager traffic on this +address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a +network interface to listen on that interface's address; for example `--listen-addr eth0:2377`. + +Specifying a port is optional. If the value is a bare IP address, hostname, or interface +name, the default port 2377 will be used. + +This flag is generally not necessary when joining an existing swarm. + +### `--advertise-addr value` + +This flag specifies the address that will be advertised to other members of the +swarm for API access. If unspecified, Docker will check if the system has a +single IP address, and use that IP address with with the listening port (see +`--listen-addr`). If the system has multiple IP addresses, `--advertise-addr` +must be specified so that the correct address is chosen for inter-manager +communication and overlay networking. + +It is also possible to specify a network interface to advertise that interface's address; +for example `--advertise-addr eth0:2377`. + +Specifying a port is optional. If the value is a bare IP address, hostname, or interface +name, the default port 2377 will be used. + +This flag is generally not necessary when joining an existing swarm. + +### `--manager` + +Joins the node as a manager +>>>>>>> 22565e1... Split advertised address from listen address ### `--token string` diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 333cf5a5aa..15e2d9635a 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -55,6 +55,7 @@ dockerd - Enable daemon mode [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] [**--selinux-enabled**] [**--storage-opt**[=*[]*]] +[**--swarm-default-advertise-addr**[=*IP|HOSTNAME|INTERFACE*]] [**--tls**] [**--tlscacert**[=*~/.docker/ca.pem*]] [**--tlscert**[=*~/.docker/cert.pem*]] @@ -239,6 +240,11 @@ output otherwise. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. +**--swarm-default-advertise-addr**=*IP|HOSTNAME|INTERFACE* + Set default address or interface for swarm to advertise as its externally-reachable address to other cluster + members. This can be a hostname, an IP address, or an interface such as `eth0`. A port cannot be specified with + this option. + **--tls**=*true*|*false* Use TLS; implied by --tlsverify. Default is false. From 1918ec39879e32e8461e126009d585db5c5f0341 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 21 Jul 2016 10:40:19 -0700 Subject: [PATCH 1609/2538] Require listen address and advertise address to be an IP address or an interface name Hostnames are not supported for now because libnetwork can't use them for overlay networking yet. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/swarm_init.md | 8 ++++---- docs/reference/commandline/swarm_join.md | 8 ++++---- man/dockerd.8.md | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 8d9687abce..6534cba5de 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -17,13 +17,13 @@ Usage: docker swarm init [OPTIONS] Initialize a swarm Options: - --advertise-addr value Advertised address (format: [:port]) + --advertise-addr value Advertised address (format: [:port]) --cert-expiry duration Validity period for node certificates (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --external-ca value Specifications of one or more certificate signing endpoints --force-new-cluster Force create a new cluster from current state. --help Print usage - --listen-addr value Listen address (format: [:port]) + --listen-addr value Listen address (format: [:port]) --task-history-limit int Task history retention limit (default 5) ``` @@ -79,7 +79,7 @@ The node listens for inbound Swarm manager traffic on this address. The default 0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's address; for example `--listen-addr eth0:2377`. -Specifying a port is optional. If the value is a bare IP address, hostname, or interface +Specifying a port is optional. If the value is a bare IP address or interface name, the default port 2377 will be used. ### `--advertise-addr value` @@ -94,7 +94,7 @@ inter-manager communication and overlay networking. It is also possible to specify a network interface to advertise that interface's address; for example `--advertise-addr eth0:2377`. -Specifying a port is optional. If the value is a bare IP address, hostname, or interface +Specifying a port is optional. If the value is a bare IP address or interface name, the default port 2377 will be used. ### `--task-history-limit` diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 42638c09ae..9f5ff1dda8 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -17,9 +17,9 @@ Usage: docker swarm join [OPTIONS] HOST:PORT Join a swarm as a node and/or manager Options: - --advertise-addr value Advertised address (format: [:port]) + --advertise-addr value Advertised address (format: [:port]) --help Print usage - --listen-addr value Listen address + --listen-addr value Listen address (format: [:port) --token string Token for entry into the swarm ``` @@ -64,7 +64,7 @@ If the node is a manager, it will listen for inbound Swarm manager traffic on th address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's address; for example `--listen-addr eth0:2377`. -Specifying a port is optional. If the value is a bare IP address, hostname, or interface +Specifying a port is optional. If the value is a bare IP address, or interface name, the default port 2377 will be used. This flag is generally not necessary when joining an existing swarm. @@ -81,7 +81,7 @@ communication and overlay networking. It is also possible to specify a network interface to advertise that interface's address; for example `--advertise-addr eth0:2377`. -Specifying a port is optional. If the value is a bare IP address, hostname, or interface +Specifying a port is optional. If the value is a bare IP address, or interface name, the default port 2377 will be used. This flag is generally not necessary when joining an existing swarm. diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 15e2d9635a..a098a708a3 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -55,7 +55,7 @@ dockerd - Enable daemon mode [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] [**--selinux-enabled**] [**--storage-opt**[=*[]*]] -[**--swarm-default-advertise-addr**[=*IP|HOSTNAME|INTERFACE*]] +[**--swarm-default-advertise-addr**[=*IP|INTERFACE*]] [**--tls**] [**--tlscacert**[=*~/.docker/ca.pem*]] [**--tlscert**[=*~/.docker/cert.pem*]] @@ -240,7 +240,7 @@ output otherwise. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. -**--swarm-default-advertise-addr**=*IP|HOSTNAME|INTERFACE* +**--swarm-default-advertise-addr**=*IP|INTERFACE* Set default address or interface for swarm to advertise as its externally-reachable address to other cluster members. This can be a hostname, an IP address, or an interface such as `eth0`. A port cannot be specified with this option. From fea5a343d565d65beef34ad093a8e09a4f65c2ff Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 25 Jul 2016 08:39:33 +0200 Subject: [PATCH 1610/2538] Add zsh completion for 'docker swarm join-token' command Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index bf85d10e6d..f1f53f09d4 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1186,6 +1186,7 @@ __docker_swarm_commands() { "init:Initialize a swarm" "inspect:Inspect the swarm" "join:Join a swarm as a node and/or manager" + "join-token:Manage join tokens" "leave:Leave a swarm" "update:Update the swarm" ) @@ -1221,6 +1222,13 @@ __docker_swarm_subcommand() { "($help)--token=[Token for entry into the swarm]:secret: " \ "($help -):host\:port: " && ret=0 ;; + (join-token) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -q --quiet)"{-q,--quiet}"[Only display token]" \ + "($help)--rotate[Rotate join token]" \ + "($help -):role:(manager worker)" && ret=0 + ;; (leave) _arguments $(__docker_arguments) \ $opts_help && ret=0 From efdd85fb201483a63464d1921404d833c01b355c Mon Sep 17 00:00:00 2001 From: allencloud Date: Thu, 21 Jul 2016 18:03:37 +0800 Subject: [PATCH 1611/2538] fix typos Signed-off-by: allencloud --- experimental/vlan-networks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index 6018ea8a60..56440672a2 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -223,7 +223,7 @@ docker exec -it cid3 /bin/sh VLANs (Virtual Local Area Networks) have long been a primary means of virtualizing data center networks and are still in virtually all existing networks today. VLANs work by tagging a Layer-2 isolation domain with a 12-bit identifier ranging from 1-4094 that is inserted into a packet header that enables a logical grouping of a single or multiple subnets of both IPv4 and IPv6. It is very common for network operators to separate traffic using VLANs based on a subnet(s) function or security profile such as `web`, `db` or any other isolation needs. -It is very common to have a compute host requirement of running multiple virtual networks concurrently on a host. Linux networking has long supported VLAN tagging, also known by it's standard 802.1q, for maintaining datapath isolation between networks. The Ethernet link connected to a Docker host can be configured to support the 802.1q VLAN IDs, by creating Linux sub-interfaces, each one dedicated to a unique VLAN ID. +It is very common to have a compute host requirement of running multiple virtual networks concurrently on a host. Linux networking has long supported VLAN tagging, also known by its standard 802.1q, for maintaining datapath isolation between networks. The Ethernet link connected to a Docker host can be configured to support the 802.1q VLAN IDs, by creating Linux sub-interfaces, each one dedicated to a unique VLAN ID. ![Simple Ipvlan L2 Mode Example](images/multi_tenant_8021q_vlans.png) From d41421140ca1d91311121d0b1720e5ea54f41804 Mon Sep 17 00:00:00 2001 From: Everett Toews Date: Sun, 24 Jul 2016 22:57:48 -0500 Subject: [PATCH 1612/2538] Fix AuthzPlugin URL fragment in docs These docs have AuthzPlugin with a lower case 'z'. What the plugin api is actually looking for is AuthZPlugin with an upper case 'Z'. See https://github.com/docker/docker/blob/46e3a249a1971f8697ca338c9b02e27d36ddab12/pkg/authorization/api.go#L5-L8 Signed-off-by: Everett Toews --- docs/extend/plugins_authorization.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 16e453f86e..4c11fa26ca 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -141,11 +141,11 @@ docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZP In addition to Docker's standard plugin registration method, each plugin should implement the following two methods: -* `/AuthzPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request. +* `/AuthZPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request. -* `/AuthzPlugin.AuthZRes` This authorize response method is called before the response is returned from Docker daemon to the client. +* `/AuthZPlugin.AuthZRes` This authorize response method is called before the response is returned from Docker daemon to the client. -#### /AuthzPlugin.AuthZReq +#### /AuthZPlugin.AuthZReq **Request**: @@ -169,7 +169,7 @@ should implement the following two methods: "Err": "The error message if things go wrong" } ``` -#### /AuthzPlugin.AuthZRes +#### /AuthZPlugin.AuthZRes **Request**: From 897dc90656898ef0a18488f716ca142d9cdd50ec Mon Sep 17 00:00:00 2001 From: Aanand Prasad Date: Mon, 25 Jul 2016 17:21:23 +0100 Subject: [PATCH 1613/2538] Add note about --entrypoint overriding default command Signed-off-by: Aanand Prasad --- docs/reference/run.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index ae40cf4bc7..4f6e679c9e 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1305,6 +1305,9 @@ or two examples of how to pass more parameters to that ENTRYPOINT: $ docker run -it --entrypoint /bin/bash example/redis -c ls -l $ docker run -it --entrypoint /usr/bin/redis-cli example/redis --help +> **Note**: Passing `--entrypoint` will clear out any default command set on the +> image (i.e. any `CMD` instruction in the Dockerfile used to build it). + ### EXPOSE (incoming ports) The following `run` command options work with container networking: From b41c3dd208152f50999401436cd95b38e63cd390 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Fri, 22 Jul 2016 11:35:51 -0700 Subject: [PATCH 1614/2538] Add failure action for rolling updates This changes the default behavior so that rolling updates will not proceed once an updated task fails to start, or stops running during the update. Users can use docker service inspect --pretty servicename to see the update status, and if it pauses due to a failure, it will explain that the update is paused, and show the task ID that caused it to pause. It also shows the time since the update started. A new --update-on-failure=(pause|continue) flag selects the behavior. Pause means the update stops once a task fails, continue means the old behavior of continuing the update anyway. In the future this will be extended with additional behaviors like automatic rollback, and flags controlling parameters like how many tasks need to fail for the update to stop proceeding. This is a minimal solution for 1.12. Signed-off-by: Aaron Lehmann --- contrib/completion/bash/docker | 1 + contrib/completion/zsh/_docker | 1 + docs/reference/commandline/service_create.md | 55 ++++++++-------- docs/reference/commandline/service_update.md | 69 ++++++++++---------- 4 files changed, 65 insertions(+), 61 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f3fd9eac6c..4c064df7be 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1726,6 +1726,7 @@ _docker_service_update() { --restart-window --stop-grace-period --update-delay + --update-failure-action --update-parallelism --user -u --workdir -w diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index f1f53f09d4..b8dcd36a57 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1094,6 +1094,7 @@ __docker_service_subcommand() { "($help)--restart-window=[Window used to evaluate the restart policy]:window: " "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: " "($help)--update-delay=[Delay between updates]:delay: " + "($help)--update-failure-action=[Action on update failure]:mode:(pause continue)" "($help)--update-parallelism=[Maximum number of tasks updated simultaneously]:number: " "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" "($help)--with-registry-auth[Send registry authentication details to swarm agents]" diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index d5df309bbb..b47fd7e0cd 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -17,33 +17,34 @@ Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] Create a new service Options: - --constraint value Placement constraints (default []) - --endpoint-mode string Endpoint mode (vip or dnsrr) - -e, --env value Set environment variables (default []) - --help Print usage - -l, --label value Service labels (default []) - --limit-cpu value Limit CPUs (default 0.000) - --limit-memory value Limit Memory (default 0 B) - --log-driver string Logging driver for service - --log-opt value Logging driver options (default []) - --mode string Service mode (replicated or global) (default "replicated") - --mount value Attach a mount to the service - --name string Service name - --network value Network attachments (default []) - -p, --publish value Publish a port as a node port (default []) - --replicas value Number of tasks (default none) - --reserve-cpu value Reserve CPUs (default 0.000) - --reserve-memory value Reserve Memory (default 0 B) - --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay value Delay between restart attempts (default none) - --restart-max-attempts value Maximum number of restarts before giving up (default none) - --restart-window value Window used to evaluate the restart policy (default none) - --stop-grace-period value Time to wait before force killing a container (default none) - --update-delay duration Delay between updates - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID - --with-registry-auth Send registry authentication details to Swarm agents - -w, --workdir string Working directory inside the container + --constraint value Placement constraints (default []) + --endpoint-mode string Endpoint mode (vip or dnsrr) + -e, --env value Set environment variables (default []) + --help Print usage + -l, --label value Service labels (default []) + --limit-cpu value Limit CPUs (default 0.000) + --limit-memory value Limit Memory (default 0 B) + --log-driver string Logging driver for service + --log-opt value Logging driver options (default []) + --mode string Service mode (replicated or global) (default "replicated") + --mount value Attach a mount to the service + --name string Service name + --network value Network attachments (default []) + -p, --publish value Publish a port as a node port (default []) + --replicas value Number of tasks (default none) + --reserve-cpu value Reserve CPUs (default 0.000) + --reserve-memory value Reserve Memory (default 0 B) + --restart-condition string Restart when condition is met (none, on-failure, or any) + --restart-delay value Delay between restart attempts (default none) + --restart-max-attempts value Maximum number of restarts before giving up (default none) + --restart-window value Window used to evaluate the restart policy (default none) + --stop-grace-period value Time to wait before force killing a container (default none) + --update-delay duration Delay between updates + --update-failure-action string Action on update failure (pause|continue) (default "pause") + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) + -u, --user string Username or UID + --with-registry-auth Send registry authentication details to Swarm agents + -w, --workdir string Working directory inside the container ``` Creates a service as described by the specified parameters. This command has to diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 2405dd4090..e65556e483 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -17,40 +17,41 @@ Usage: docker service update [OPTIONS] SERVICE Update a service Options: - --args string Service command args - --constraint-add value Add or update placement constraints (default []) - --constraint-rm value Remove a constraint (default []) - --endpoint-mode string Endpoint mode (vip or dnsrr) - --env-add value Add or update environment variables (default []) - --env-rm value Remove an environment variable (default []) - --help Print usage - --image string Service image tag - --label-add value Add or update service labels (default []) - --label-rm value Remove a label by its key (default []) - --limit-cpu value Limit CPUs (default 0.000) - --limit-memory value Limit Memory (default 0 B) - --log-driver string Logging driver for service - --log-opt value Logging driver options (default []) - --mount-add value Add or update a mount on a service - --mount-rm value Remove a mount by its target path (default []) - --name string Service name - --network-add value Add or update network attachments (default []) - --network-rm value Remove a network by name (default []) - --publish-add value Add or update a published port (default []) - --publish-rm value Remove a published port by its target port (default []) - --replicas value Number of tasks (default none) - --reserve-cpu value Reserve CPUs (default 0.000) - --reserve-memory value Reserve Memory (default 0 B) - --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay value Delay between restart attempts (default none) - --restart-max-attempts value Maximum number of restarts before giving up (default none) - --restart-window value Window used to evaluate the restart policy (default none) - --stop-grace-period value Time to wait before force killing a container (default none) - --update-delay duration Delay between updates - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID - --with-registry-auth Send registry authentication details to Swarm agents - -w, --workdir string Working directory inside the container + --args string Service command args + --constraint-add value Add or update placement constraints (default []) + --constraint-rm value Remove a constraint (default []) + --endpoint-mode string Endpoint mode (vip or dnsrr) + --env-add value Add or update environment variables (default []) + --env-rm value Remove an environment variable (default []) + --help Print usage + --image string Service image tag + --label-add value Add or update service labels (default []) + --label-rm value Remove a label by its key (default []) + --limit-cpu value Limit CPUs (default 0.000) + --limit-memory value Limit Memory (default 0 B) + --log-driver string Logging driver for service + --log-opt value Logging driver options (default []) + --mount-add value Add or update a mount on a service + --mount-rm value Remove a mount by its target path (default []) + --name string Service name + --network-add value Add or update network attachments (default []) + --network-rm value Remove a network by name (default []) + --publish-add value Add or update a published port (default []) + --publish-rm value Remove a published port by its target port (default []) + --replicas value Number of tasks (default none) + --reserve-cpu value Reserve CPUs (default 0.000) + --reserve-memory value Reserve Memory (default 0 B) + --restart-condition string Restart when condition is met (none, on-failure, or any) + --restart-delay value Delay between restart attempts (default none) + --restart-max-attempts value Maximum number of restarts before giving up (default none) + --restart-window value Window used to evaluate the restart policy (default none) + --stop-grace-period value Time to wait before force killing a container (default none) + --update-delay duration Delay between updates + --update-failure-action string Action on update failure (pause|continue) (default "pause") + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) + -u, --user string Username or UID + --with-registry-auth Send registry authentication details to Swarm agents + -w, --workdir string Working directory inside the container ``` Updates a service as described by the specified parameters. This command has to be run targeting a manager node. From fa9465f093b743b00c35208527a17494a2fa55f0 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Wed, 20 Jul 2016 10:50:04 -0700 Subject: [PATCH 1615/2538] healthcheck: do not interpret exit code 2 as "starting" Instead reserve exit code 2 to be future proof, document that it should not be used. Implementation-wise, it is considered as unhealthy, but users should not rely on this as it may change in the future. Signed-off-by: Tibor Vass --- docs/reference/builder.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index d677d63b8b..5975110fe4 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1524,10 +1524,7 @@ The possible values are: - 0: success - the container is healthy and ready for use - 1: unhealthy - the container is not working correctly -- 2: starting - the container is not ready for use yet, but is working correctly - -If the probe returns 2 ("starting") when the container has already moved out of the -"starting" state then it is treated as "unhealthy" instead. +- 2: reserved - do not use this exit code For example, to check every five minutes or so that a web-server is able to serve the site's main page within three seconds: From 91e476b7e9ae1a72470662893f98d85823a309dc Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Mon, 25 Jul 2016 11:38:01 +0200 Subject: [PATCH 1616/2538] Add container labels to service create/update Swarm mode makes it possible through the API to set labels to containers but not through command line. This tries to fix it. Signed-off-by: Vincent Demeester --- docs/reference/commandline/service_create.md | 1 + docs/reference/commandline/service_update.md | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index b47fd7e0cd..bd29552ba3 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -18,6 +18,7 @@ Create a new service Options: --constraint value Placement constraints (default []) + --container-label value Service container labels (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) -e, --env value Set environment variables (default []) --help Print usage diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index e65556e483..8d49fe0638 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -20,6 +20,8 @@ Options: --args string Service command args --constraint-add value Add or update placement constraints (default []) --constraint-rm value Remove a constraint (default []) + --container-label-add value Add or update container labels (default []) + --container-label-rm value Remove a container label by its key (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) --env-add value Add or update environment variables (default []) --env-rm value Remove an environment variable (default []) From 6ff1bec0bae4d88977e416dcdc9ea3de9d2f2310 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 26 Jul 2016 04:45:57 -0700 Subject: [PATCH 1617/2538] bash completion for container labels to `service {create,update}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4c064df7be..a33438bac1 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1741,6 +1741,7 @@ _docker_service_update() { if [ "$subcommand" = "create" ] ; then options_with_args="$options_with_args + --container-label --mode " @@ -1754,6 +1755,8 @@ _docker_service_update() { if [ "$subcommand" = "update" ] ; then options_with_args="$options_with_args --arg + --container-label-add + --container-label-rm --image " From bd66024f73a87b75cf6b38a39c5e36384927a38b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 26 Jul 2016 04:51:27 -0700 Subject: [PATCH 1618/2538] Remove bash completion for `docker swarm inspect` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a33438bac1..1844aa40f9 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1817,7 +1817,6 @@ _docker_service_update() { _docker_swarm() { local subcommands=" init - inspect join join-token leave @@ -1858,20 +1857,6 @@ _docker_swarm_init() { esac } -_docker_swarm_inspect() { - case "$prev" in - --format|-f) - return - ;; - esac - - case "$cur" in - -*) - COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) - ;; - esac -} - _docker_swarm_join() { case "$prev" in --token) From 2cab081e166efaaf434c1c763bd51e79549815aa Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Mon, 18 Jul 2016 21:40:07 -0700 Subject: [PATCH 1619/2538] add doc for live-restore setting and daemonless containers, fix admin guide menu Signed-off-by: Charles Smith --- docs/reference/commandline/dockerd.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 029d6cbf92..f3ac7e5fb4 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -56,7 +56,7 @@ Options: --ipv6 Enable IPv6 networking -l, --log-level=info Set the logging level --label=[] Set key=value labels to the daemon - --live-restore Enable live restore of docker when containers are still running + --live-restore Enables keeping containers alive during daemon downtime --log-driver=json-file Default driver for container logs --log-opt=map[] Default log driver options for containers --max-concurrent-downloads=3 Set the max concurrent downloads for each pull @@ -1003,14 +1003,14 @@ via flags. The docker daemon fails to start if an option is duplicated between the file and the flags, regardless their value. We do this to avoid silently ignore changes introduced in configuration reloads. For example, the daemon fails to start if you set daemon labels -in the configuration file and also set daemon labels via the `--label` flag. +in the configuration file and also set daemon labels via the `--label` flag. Options that are not present in the file are ignored when the daemon starts. ### Linux configuration file -The default location of the configuration file on Linux is +The default location of the configuration file on Linux is `/etc/docker/daemon.json`. The `--config-file` flag can be used to specify a - non-default location. + non-default location. This is a full example of the allowed configuration options on Linux: @@ -1025,6 +1025,7 @@ This is a full example of the allowed configuration options on Linux: "storage-driver": "", "storage-opts": [], "labels": [], + "live-restore": true, "log-driver": "", "log-opts": [], "mtu": 0, @@ -1087,7 +1088,7 @@ This is a full example of the allowed configuration options on Linux: The default location of the configuration file on Windows is `%programdata%\docker\config\daemon.json`. The `--config-file` flag can be - used to specify a non-default location. + used to specify a non-default location. This is a full example of the allowed configuration options on Windows: @@ -1101,7 +1102,8 @@ This is a full example of the allowed configuration options on Windows: "storage-driver": "", "storage-opts": [], "labels": [], - "log-driver": "", + "live-restore": true, + "log-driver": "", "mtu": 0, "pidfile": "", "graph": "", @@ -1142,6 +1144,7 @@ The list of currently supported options that can be reconfigured is this: - `cluster-store-opts`: it uses the new options to reload the discovery store. - `cluster-advertise`: it modifies the address advertised after reloading. - `labels`: it replaces the daemon labels with a new set of labels. +- `live-restore`: Enables [keeping containers alive during daemon downtime](../../admin/live-restore.md). - `max-concurrent-downloads`: it updates the max concurrent downloads for each pull. - `max-concurrent-uploads`: it updates the max concurrent uploads for each push. - `default-runtime`: it updates the runtime to be used if not is From cb9ecd914606c82286d1da22c976af4a40eff112 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 25 Jul 2016 12:37:56 -0700 Subject: [PATCH 1620/2538] Add a bundlefile example in the documentation There is no example bundlefile in the documentation so a bundlefile example has been added. This should help in case user don't want to search inside the source code. Signed-off-by: Yong Tang --- experimental/docker-stacks-and-bundles.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 6ca37a4934..4749a73e5b 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -182,3 +182,21 @@ A service has the following fields: +The following is an example of bundlefile with two services: + +```json +{ + "Version": "0.1", + "Services": { + "redis": { + "Image": "redis@sha256:4b24131101fa0117bcaa18ac37055fffd9176aa1a240392bb8ea85e0be50f2ce", + "Networks": ["default"] + }, + "web": { + "Image": "dockercloud/hello-world@sha256:fe79a2cfbd17eefc344fb8419420808df95a1e22d93b7f621a7399fd1e9dca1d", + "Networks": ["default"], + "User": "web" + } + } +} +``` From 00a430d2554a413ee30d98430630f690900b13df Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 27 Jul 2016 11:24:16 +0200 Subject: [PATCH 1621/2538] Remove release-candidate advisories Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/node_inspect.md | 1 - docs/reference/commandline/node_ls.md | 1 - docs/reference/commandline/node_rm.md | 1 - docs/reference/commandline/node_tasks.md | 1 - docs/reference/commandline/node_update.md | 1 - docs/reference/commandline/service_create.md | 1 - docs/reference/commandline/service_inspect.md | 1 - docs/reference/commandline/service_ls.md | 1 - docs/reference/commandline/service_rm.md | 1 - docs/reference/commandline/service_scale.md | 1 - docs/reference/commandline/service_tasks.md | 1 - docs/reference/commandline/service_update.md | 1 - docs/reference/commandline/swarm_init.md | 1 - docs/reference/commandline/swarm_join.md | 1 - docs/reference/commandline/swarm_join_token.md | 1 - docs/reference/commandline/swarm_leave.md | 1 - docs/reference/commandline/swarm_update.md | 1 - 17 files changed, 17 deletions(-) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 6cba8ece37..f35c9680e9 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -3,7 +3,6 @@ title = "node inspect" description = "The node inspect command description and usage" keywords = ["node, inspect"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 0118342a67..ed6df59b6d 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -3,7 +3,6 @@ title = "node ls" description = "The node ls command description and usage" keywords = ["node, list"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index 1ed6a39336..49f270896e 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -3,7 +3,6 @@ title = "node rm" description = "The node rm command description and usage" keywords = ["node, remove"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_tasks.md index 6da8002ff4..a31961abda 100644 --- a/docs/reference/commandline/node_tasks.md +++ b/docs/reference/commandline/node_tasks.md @@ -3,7 +3,6 @@ title = "node tasks" description = "The node tasks command description and usage" keywords = ["node, tasks"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index 479db326c1..d2bc13b067 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -3,7 +3,6 @@ title = "node update" description = "The node update command description and usage" keywords = ["resources, update, dynamically"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index bd29552ba3..9ea44704c0 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -3,7 +3,6 @@ title = "service create" description = "The service create command description and usage" keywords = ["service, create"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 8e1a80db3f..cce238b637 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -3,7 +3,6 @@ title = "service inspect" description = "The service inspect command description and usage" keywords = ["service, inspect"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 491a7928fd..6208348f76 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -3,7 +3,6 @@ title = "service ls" description = "The service ls command description and usage" keywords = ["service, ls"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index 197a233113..149f97b354 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -3,7 +3,6 @@ title = "service rm" description = "The service rm command description and usage" keywords = ["service, rm"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index 64317a106b..80ee4dc4a8 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -3,7 +3,6 @@ title = "service scale" description = "The service scale command description and usage" keywords = ["service, scale"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_tasks.md b/docs/reference/commandline/service_tasks.md index 51524bc69d..52c9167dd0 100644 --- a/docs/reference/commandline/service_tasks.md +++ b/docs/reference/commandline/service_tasks.md @@ -3,7 +3,6 @@ title = "service tasks" description = "The service tasks command description and usage" keywords = ["service, tasks"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 8d49fe0638..bd1afbe19b 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -3,7 +3,6 @@ title = "service update" description = "The service update command description and usage" keywords = ["service, update"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 6534cba5de..0df2b23bfc 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -3,7 +3,6 @@ title = "swarm init" description = "The swarm init command description and usage" keywords = ["swarm, init"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 9f5ff1dda8..1d1d782d2e 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -3,7 +3,6 @@ title = "swarm join" description = "The swarm join command description and usage" keywords = ["swarm, join"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index 1355f70ba1..07943266a1 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -3,7 +3,6 @@ title = "swarm join-token" description = "The swarm join-token command description and usage" keywords = ["swarm, join-token"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index e838097c80..214307944a 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -3,7 +3,6 @@ title = "swarm leave" description = "The swarm leave command description and usage" keywords = ["swarm, leave"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index f72e13c1f5..cbefd6dcdc 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -3,7 +3,6 @@ title = "swarm update" description = "The swarm update command description and usage" keywords = ["swarm, update"] -advisory = "rc" [menu.main] parent = "smn_cli" +++ From 3f2cdadc7edc50f0fc9133b9601fd9d3e0852416 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 27 Jul 2016 11:30:42 +0200 Subject: [PATCH 1622/2538] Add back links to 1.12 release in deprecated.md These links were temporarily changed, because the docs were published before the 1.12.0 tag was available. Signed-off-by: Sebastiaan van Stijn --- docs/deprecated.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 7fc59ad443..668d8e89b4 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -20,13 +20,13 @@ see [Feature Deprecation Policy](index.md#feature-deprecation-policy). ### Three argument form in `docker import` **Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** The `docker import` command format 'file|URL|- [REPOSITORY [TAG]]' is deprecated since November 2013. It's no more supported. ### `-h` shorthand for `--help` -**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** **Target For Removal In Release: v1.15** @@ -53,7 +53,7 @@ The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide **Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** The endpoint `/containers/(id or name)/copy` is deprecated in favor of `/containers/(id or name)/archive`. @@ -66,14 +66,14 @@ See the events API documentation for the new format. ### `-f` flag on `docker tag` **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use. ### HostConfig at API container start **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** Passing an `HostConfig` to `POST /containers/{name}/start` is deprecated in favor of defining it at container creation (`POST /containers/create`). @@ -82,14 +82,14 @@ defining it at container creation (`POST /containers/create`). **Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** The `docker ps --before` and `docker ps --since` options are deprecated. Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. ### Docker search 'automated' and 'stars' options -**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** **Target For Removal In Release: v1.15** @@ -99,7 +99,7 @@ Use `docker search --filter=is-automated=...` and `docker search --filter=stars= ### Driver Specific Log Tags **Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** Log tags are now generated in a standard way across different logging drivers. Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and @@ -165,7 +165,7 @@ The following double-dash options are deprecated and have no replacement: **Deprecated In Release: [v1.5.0](https://github.com/docker/docker/releases/tag/v1.5.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** The single-dash (`-help`) was removed, in favor of the double-dash `--help` @@ -180,7 +180,7 @@ Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the d ### Docker Content Trust ENV passphrase variables name change **Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/)** +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the Tagging key has been renamed to Repository key. Due to this renaming, we're also changing the corresponding environment variables From 6895b9f339e12b40127dc350e0a0ac88847aa6ea Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Mon, 18 Jul 2016 08:02:12 -0700 Subject: [PATCH 1623/2538] Make daemon events listen for plugin lifecycle events. Signed-off-by: Anusha Ragunathan --- docs/reference/commandline/events.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index c966289d59..18b92fccb4 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -30,6 +30,10 @@ Docker images report the following events: delete, import, load, pull, push, save, tag, untag +Docker plugins(experimental) report the following events: + + install, enable, disable, remove + Docker volumes report the following events: create, mount, unmount, destroy @@ -74,6 +78,7 @@ The currently supported filters are: * container (`container=`) * event (`event=`) * image (`image=`) +* plugin (experimental) (`plugin=`) * label (`label=` or `label==`) * type (`type=`) * volume (`volume=`) @@ -171,3 +176,7 @@ relative to the current time on the client machine: $ docker events --filter 'type=network' 2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) + + $ docker events --filter 'type=plugin' (experimental) + 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) + 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) From 9d114f0fae3a5a50c48288a36deb27957331f3ec Mon Sep 17 00:00:00 2001 From: Stephen J Day Date: Tue, 19 Jul 2016 14:01:31 -0700 Subject: [PATCH 1624/2538] cli: `docker service|node|stack ps` instead of tasks Rather than conflict with the unexposed task model, change the names of the object-oriented task display to `docker ps`. The command works identically to `docker service tasks`. This change is superficial. This provides a more sensical docker experience while not trampling on the task model that may be introduced as a top-level command at a later date. The following is an example of the display using `docker service ps` with a service named `condescending_cori`: ``` $ docker service ps condescending_cori ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE e2cd9vqb62qjk38lw65uoffd2 condescending_cori.1 condescending_cori alpine Running 13 minutes ago Running 6c6d232a5d0e ``` The following shows the output for the node on which the command is running: ```console $ docker node ps self ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE b1tpbi43k1ibevg2e94bmqo0s mad_kalam.1 mad_kalam apline Accepted 2 seconds ago Accepted 6c6d232a5d0e e2cd9vqb62qjk38lw65uoffd2 condescending_cori.1 condescending_cori alpine Running 12 minutes ago Running 6c6d232a5d0e 4x609m5o0qyn0kgpzvf0ad8x5 furious_davinci.1 furious_davinci redis Running 32 minutes ago Running 6c6d232a5d0e ``` Signed-off-by: Stephen J Day --- contrib/completion/bash/docker | 8 ++++---- contrib/completion/zsh/_docker | 16 ++++++++-------- docs/reference/commandline/index.md | 4 ++-- docs/reference/commandline/node_inspect.md | 2 +- docs/reference/commandline/node_ls.md | 2 +- .../commandline/{node_tasks.md => node_ps.md} | 19 ++++++++++--------- docs/reference/commandline/node_rm.md | 2 +- docs/reference/commandline/node_update.md | 2 +- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_inspect.md | 2 +- docs/reference/commandline/service_ls.md | 2 +- .../{service_tasks.md => service_ps.md} | 17 +++++++++-------- docs/reference/commandline/service_rm.md | 2 +- docs/reference/commandline/service_scale.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 15 files changed, 43 insertions(+), 41 deletions(-) rename docs/reference/commandline/{node_tasks.md => node_ps.md} (89%) rename docs/reference/commandline/{service_tasks.md => service_ps.md} (90%) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1844aa40f9..f3a7407037 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1573,7 +1573,7 @@ _docker_service() { ls list rm remove scale - tasks + ps update " __docker_subcommands "$subcommands" && return @@ -1667,7 +1667,7 @@ _docker_service_scale() { esac } -_docker_service_tasks() { +_docker_service_ps() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in desired-state) @@ -1929,7 +1929,7 @@ _docker_node() { ls list promote rm remove - tasks + ps update " __docker_subcommands "$subcommands" && return @@ -2026,7 +2026,7 @@ _docker_node_rm() { esac } -_docker_node_tasks() { +_docker_node_ps() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in desired-state) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index b8dcd36a57..e85c95627b 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -683,7 +683,7 @@ __docker_node_complete_ls_filters() { return ret } -__docker_node_complete_tasks_filters() { +__docker_node_complete_ps_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -787,7 +787,7 @@ __docker_node_commands() { "ls:List nodes in the swarm" "promote:Promote a node as manager in the swarm" "rm:Remove a node from the swarm" - "tasks:List tasks running on a node" + "ps:List tasks running on a node" "update:Update a node" ) _describe -t docker-node-commands "docker node command" _docker_node_subcommands @@ -834,7 +834,7 @@ __docker_node_subcommand() { $opts_help \ "($help -)*:node:__docker_complete_worker_nodes" && ret=0 ;; - (tasks) + (ps) _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Display all instances]" \ @@ -843,7 +843,7 @@ __docker_node_subcommand() { "($help -)1:node:__docker_complete_nodes" && ret=0 case $state in (filter-options) - __docker_node_complete_tasks_filters && ret=0 + __docker_node_complete_ps_filters && ret=0 ;; esac ;; @@ -970,7 +970,7 @@ __docker_service_complete_ls_filters() { return ret } -__docker_service_complete_tasks_filters() { +__docker_service_complete_ps_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -1060,7 +1060,7 @@ __docker_service_commands() { "ls:List services" "rm:Remove a service" "scale:Scale one or multiple services" - "tasks:List the tasks of a service" + "ps:List the tasks of a service" "update:Update a service" ) _describe -t docker-service-commands "docker service command" _docker_service_subcommands @@ -1148,7 +1148,7 @@ __docker_service_subcommand() { ;; esac ;; - (tasks) + (ps) _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Display all tasks]" \ @@ -1157,7 +1157,7 @@ __docker_service_subcommand() { "($help -)1:service:__docker_complete_services" && ret=0 case $state in (filter-options) - __docker_service_complete_tasks_filters && ret=0 + __docker_service_complete_ps_filters && ret=0 ;; esac ;; diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 583ddf9f95..e83c756136 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -115,7 +115,7 @@ read the [`dockerd`](dockerd.md) reference page. | [node demote](node_demote.md) | Demotes an existing manager so that it is no longer a manager | | [node inspect](node_inspect.md) | Inspect a node in the swarm | | [node update](node_update.md) | Update attributes for a node | -| [node tasks](node_tasks.md) | List tasks running on a node | +| [node ps](node_ps.md) | List tasks running on a node | | [node ls](node_ls.md) | List nodes in the swarm | | [node rm](node_rm.md) | Remove a node from the swarm | @@ -138,5 +138,5 @@ read the [`dockerd`](dockerd.md) reference page. | [service ls](service_ls.md) | List services in the swarm | | [service rm](service_rm.md) | Reemove a swervice from the swarm | | [service scale](service_scale.md) | Set the number of replicas for the desired state of the service | -| [service tasks](service_tasks.md) | List the tasks of a service | +| [service ps](service_ps.md) | List the tasks of a service | | [service update](service_update.md) | Update the attributes of a service | diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index f35c9680e9..8789a0da24 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -120,6 +120,6 @@ Example output: ## Related information * [node update](node_update.md) -* [node tasks](node_tasks.md) +* [node ps](node_ps.md) * [node ls](node_ls.md) * [node rm](node_rm.md) diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index ed6df59b6d..e918b7d11a 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -91,5 +91,5 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS * [node inspect](node_inspect.md) * [node update](node_update.md) -* [node tasks](node_tasks.md) +* [node ps](node_ps.md) * [node rm](node_rm.md) diff --git a/docs/reference/commandline/node_tasks.md b/docs/reference/commandline/node_ps.md similarity index 89% rename from docs/reference/commandline/node_tasks.md rename to docs/reference/commandline/node_ps.md index a31961abda..0859bf3cdd 100644 --- a/docs/reference/commandline/node_tasks.md +++ b/docs/reference/commandline/node_ps.md @@ -1,17 +1,18 @@ -# node tasks +# node ps ```markdown -Usage: docker node tasks [OPTIONS] self|NODE +Usage: docker node ps [OPTIONS] self|NODE List tasks running on a node @@ -26,7 +27,7 @@ Lists all the tasks on a Node that Docker knows about. You can filter using the Example output: - $ docker node tasks swarm-manager1 + $ docker node ps swarm-manager1 ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE 7q92v0nr1hcgts2amcjyqg3pq redis.1 redis redis:3.0.6 Running 5 hours Running swarm-manager1 b465edgho06e318egmgjbqo4o redis.6 redis redis:3.0.6 Running 29 seconds Running swarm-manager1 @@ -53,7 +54,7 @@ The `name` filter matches on all or part of a task's name. The following filter matches all tasks with a name containing the `redis` string. - $ docker node tasks -f name=redis swarm-manager1 + $ docker node ps -f name=redis swarm-manager1 ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE 7q92v0nr1hcgts2amcjyqg3pq redis.1 redis redis:3.0.6 Running 5 hours Running swarm-manager1 b465edgho06e318egmgjbqo4o redis.6 redis redis:3.0.6 Running 29 seconds Running swarm-manager1 @@ -66,7 +67,7 @@ The following filter matches all tasks with a name containing the `redis` string The `id` filter matches a task's id. - $ docker node tasks -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1 + $ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1 ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 @@ -79,7 +80,7 @@ value. The following filter matches tasks with the `usage` label regardless of its value. ```bash -$ docker node tasks -f "label=usage" +$ docker node ps -f "label=usage" ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE b465edgho06e318egmgjbqo4o redis.6 redis redis:3.0.6 Running 10 minutes Running swarm-manager1 bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 9 minutes Running swarm-manager1 diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index 49f270896e..bb9fcadb32 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -35,5 +35,5 @@ Example output: * [node inspect](node_inspect.md) * [node update](node_update.md) -* [node tasks](node_tasks.md) +* [node ps](node_ps.md) * [node ls](node_ls.md) diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index d2bc13b067..5205a7d96a 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -59,6 +59,6 @@ metadata](../../userguide/labels-custom-metadata.md). ## Related information * [node inspect](node_inspect.md) -* [node tasks](node_tasks.md) +* [node ps](node_ps.md) * [node ls](node_ls.md) * [node rm](node_rm.md) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 9ea44704c0..4711b1aee3 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -183,5 +183,5 @@ $ docker service create \ * [service ls](service_ls.md) * [service rm](service_rm.md) * [service scale](service_scale.md) -* [service tasks](service_tasks.md) +* [service ps](service_ps.md) * [service update](service_update.md) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index cce238b637..2fbaedd8fe 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -149,5 +149,5 @@ $ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis * [service ls](service_ls.md) * [service rm](service_rm.md) * [service scale](service_scale.md) -* [service tasks](service_tasks.md) +* [service ps](service_ps.md) * [service update](service_update.md) diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 6208348f76..68c3ade6ce 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -104,5 +104,5 @@ ID NAME REPLICAS IMAGE COMMAND * [service inspect](service_inspect.md) * [service rm](service_rm.md) * [service scale](service_scale.md) -* [service tasks](service_tasks.md) +* [service ps](service_ps.md) * [service update](service_update.md) diff --git a/docs/reference/commandline/service_tasks.md b/docs/reference/commandline/service_ps.md similarity index 90% rename from docs/reference/commandline/service_tasks.md rename to docs/reference/commandline/service_ps.md index 52c9167dd0..61424deaa0 100644 --- a/docs/reference/commandline/service_tasks.md +++ b/docs/reference/commandline/service_ps.md @@ -1,17 +1,18 @@ -# service tasks +# service ps ```Markdown -Usage: docker service tasks [OPTIONS] SERVICE +Usage: docker service ps [OPTIONS] SERVICE List the tasks of a service @@ -33,7 +34,7 @@ has to be run targeting a manager node. The following command shows all the tasks that are part of the `redis` service: ```bash -$ docker service tasks redis +$ docker service ps redis ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE 0qihejybwf1x5vqi8lgzlgnpq redis.1 redis redis:3.0.6 Running 8 seconds Running manager1 bk658fpbex0d57cqcwoe3jthu redis.2 redis redis:3.0.6 Running 9 seconds Running worker2 @@ -67,7 +68,7 @@ The currently supported filters are: The `id` filter matches on all or a prefix of a task's ID. ```bash -$ docker service tasks -f "id=8" redis +$ docker service ps -f "id=8" redis ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE 8ryt076polmclyihzx67zsssj redis.4 redis redis:3.0.6 Running 4 minutes Running worker1 8eaxrb2fqpbnv9x30vr06i6vt redis.10 redis redis:3.0.6 Running 4 minutes Running manager1 @@ -78,7 +79,7 @@ ID NAME SERVICE IMAGE LAST STATE DE The `name` filter matches on task names. ```bash -$ docker service tasks -f "name=redis.1" redis +$ docker service ps -f "name=redis.1" redis ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE 0qihejybwf1x5vqi8lgzlgnpq redis.1 redis redis:3.0.6 Running Running 8 seconds manager1 ``` diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index 149f97b354..d47dc5f82e 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -45,5 +45,5 @@ ID NAME SCALE IMAGE COMMAND * [service inspect](service_inspect.md) * [service ls](service_ls.md) * [service scale](service_scale.md) -* [service tasks](service_tasks.md) +* [service ps](service_ps.md) * [service update](service_update.md) diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index 80ee4dc4a8..f4356945e5 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -74,5 +74,5 @@ ID NAME REPLICAS IMAGE COMMAND * [service inspect](service_inspect.md) * [service ls](service_ls.md) * [service rm](service_rm.md) -* [service tasks](service_tasks.md) +* [service ps](service_ps.md) * [service update](service_update.md) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index bd1afbe19b..dcb0278c39 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -71,6 +71,6 @@ $ docker service update --limit-cpu 2 redis * [service create](service_create.md) * [service inspect](service_inspect.md) -* [service tasks](service_tasks.md) +* [service ps](service_ps.md) * [service ls](service_ls.md) * [service rm](service_rm.md) From ddc2f8b05ae36118bd7ee34ace5de5fddedd1102 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 26 Jul 2016 01:24:32 +0200 Subject: [PATCH 1625/2538] Update usage of "Swarm" for consistency Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/info.md | 2 +- docs/reference/commandline/node_demote.md | 2 +- docs/reference/commandline/node_promote.md | 2 +- docs/reference/commandline/swarm_init.md | 4 ++-- docs/reference/commandline/swarm_update.md | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 04ccc8ed67..f62add6603 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -38,7 +38,7 @@ available on the volume where `/var/lib/docker` is mounted. ## Display Docker system information Here is a sample output for a daemon running on Ubuntu, using the overlay -storage driver and a node that is part of a 2 node swarm cluster: +storage driver and a node that is part of a 2-node swarm: $ docker -D info Containers: 14 diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index a1baff0e50..78acbfdf40 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -20,7 +20,7 @@ Options: ``` -Demotes an existing manager so that it is no longer a manager. This command targets a docker engine that is a manager in the swarm cluster. +Demotes an existing manager so that it is no longer a manager. This command targets a docker engine that is a manager in the swarm. ```bash diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md index b507e7d489..de0bb9a0aa 100644 --- a/docs/reference/commandline/node_promote.md +++ b/docs/reference/commandline/node_promote.md @@ -19,7 +19,7 @@ Options: --help Print usage ``` -Promotes a node that is pending a promotion to manager. This command targets a docker engine that is a manager in the swarm cluster. +Promotes a node to manager. This command targets a docker engine that is a manager in the swarm. ```bash diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 0df2b23bfc..c4a7a99e84 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -26,8 +26,8 @@ Options: --task-history-limit int Task history retention limit (default 5) ``` -Initialize a swarm cluster. The docker engine targeted by this command becomes a manager -in the newly created one node swarm cluster. +Initialize a swarm. The docker engine targeted by this command becomes a manager +in the newly created single-node swarm. ```bash diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index cbefd6dcdc..9aa8131941 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -23,7 +23,7 @@ Options: --task-history-limit int Task history retention limit (default 5) ``` -Updates a swarm cluster with new parameter values. This command must target a manager node. +Updates a swarm with new parameter values. This command must target a manager node. ```bash From e2a6cf9fd573739451a40b38f4e438a71ef41709 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 12 Jul 2016 14:29:02 +0200 Subject: [PATCH 1626/2538] docs: cleanup docker update docs move the "kernel memory" examples to the "examples" section, and fix some formatting and grammar. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/update.md | 72 +++++++++++++++++----------- man/docker-update.1.md | 72 +++++++++++++++++----------- 2 files changed, 88 insertions(+), 56 deletions(-) diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index 7cd624c9d5..1b1365dedb 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -31,44 +31,25 @@ Options: ``` The `docker update` command dynamically updates container configuration. -You can use this command to prevent containers from consuming too many resources -from their Docker host. With a single command, you can place limits on -a single container or on many. To specify more than one container, provide -space-separated list of container names or IDs. +You can use this command to prevent containers from consuming too many +resources from their Docker host. With a single command, you can place +limits on a single container or on many. To specify more than one container, +provide space-separated list of container names or IDs. -With the exception of the `--kernel-memory` value, you can specify these +With the exception of the `--kernel-memory` option, you can specify these options on a running or a stopped container. You can only update `--kernel-memory` on a stopped container or on a running container with -kernel memory initialized. For example, if you started a container with -command: - - # docker run -ti --name test --kernel-memory 50M ubuntu bash - -You can update kernel memory of this running container: - - # docker update --kernel-memory 80M test - -If you started a container without kernel memory initialized: - - # docker run -ti --name test2 --memory 300M ubuntu bash - -Update kernel memory of running container `test2` will fail, you can only -stop the container and update kernel memory then. The next time you -restart it, the container uses the new value. - -Another configuration you can change with this command is restart policy, -new restart policy will take effect instantly after you run `docker update` -on a container. +kernel memory initialized. ## EXAMPLES The following sections illustrate ways to use this command. -### Update a container with cpu-shares=512 +### Update a container's cpu-shares To limit a container's cpu-shares to 512, first identify the container -name or ID. You can use **docker ps** to find these values. You can also -use the ID returned from the **docker run** command. Then, do the following: +name or ID. You can use `docker ps` to find these values. You can also +use the ID returned from the `docker run` command. Then, do the following: ```bash $ docker update --cpu-shares 512 abebf7571666 @@ -82,9 +63,44 @@ To update multiple resource configurations for multiple containers: $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse ``` +### Update a container's kernel memory constraints + +You can update a container's kernel memory limit using the `--kernel-memory` +option. This option can be updated on a running container only if the container +was started with `--kernel-memory`. If the container was started *without* +`--kernel-memory` you need to stop the container before updating kernel memory. + +For example, if you started a container with this command: + +```bash +$ docker run -dit --name test --kernel-memory 50M ubuntu bash +``` + +You can update kernel memory while the container is running: + +```bash +$ docker update --kernel-memory 80M test +``` + +If you started a container *without* kernel memory initialized: + +```bash +$ docker run -dit --name test2 --memory 300M ubuntu bash +``` + +Update kernel memory of running container `test2` will fail. You need to stop +the container before updating the `--kernel-memory` setting. The next time you +start it, the container uses the new value. + + ### Update a container's restart policy +You can change a container's restart policy on a running container. The new +restart policy takes effect instantly after you run `docker update` on a +container. + To update restart policy for one or more containers: + ```bash $ docker update --restart=on-failure:3 abebf7571666 hopeful_morse ``` diff --git a/man/docker-update.1.md b/man/docker-update.1.md index 9d39d78b13..3dd6a4f989 100644 --- a/man/docker-update.1.md +++ b/man/docker-update.1.md @@ -22,37 +22,19 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker update` command dynamically updates container configuration. -you can Use this command to prevent containers from consuming too many +The **docker update** command dynamically updates container configuration. +You can use this command to prevent containers from consuming too many resources from their Docker host. With a single command, you can place limits on a single container or on many. To specify more than one container, provide space-separated list of container names or IDs. -With the exception of the `--kernel-memory` value, you can specify these +With the exception of the **--kernel-memory** option, you can specify these options on a running or a stopped container. You can only update -`--kernel-memory` on a stopped container or on a running container with -kernel memory initialized. For example, if you started a container with -command: - - # docker run -ti --name test --kernel-memory 50M ubuntu bash - -You can update kernel memory of this running container: - - # docker update --kernel-memory 80M test - -If you started a container without kernel memory initialized: - - # docker run -ti --name test2 --memory 300M ubuntu bash - -Update kernel memory of running container `test2` will fail, you can only -stop the container and update kernel memory then. The next time you -restart it, the container uses the new value. - -Another configuration you can change with this command is restart policy, -new restart policy will take effect instantly after you run `docker update` -on a container. +**--kernel-memory** on a stopped container or on a running container with +kernel memory initialized. # OPTIONS + **--blkio-weight**=0 Block IO weight (relative weight) accepts a weight value between 10 and 1000. @@ -77,9 +59,9 @@ on a container. **--kernel-memory**="" Kernel memory limit (format: `[]`, where unit = b, k, m or g) - Note that you can not update kernel memory to a running container if the container -is started without kernel memory initialized, in this case, it can only be updated -after it's stopped, and affect after it's started. + Note that you can not update kernel memory on a running container if the container + is started without kernel memory initialized, in this case, it can only be updated + after it's stopped. The new setting takes effect when the container is started. **-m**, **--memory**="" Memory limit (format: , where unit = b, k, m or g) @@ -97,7 +79,7 @@ after it's stopped, and affect after it's started. The following sections illustrate ways to use this command. -### Update a container with cpu-shares=512 +### Update a container's cpu-shares To limit a container's cpu-shares to 512, first identify the container name or ID. You can use **docker ps** to find these values. You can also @@ -115,9 +97,43 @@ To update multiple resource configurations for multiple containers: $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse ``` +### Update a container's kernel memory constraints + +You can update a container's kernel memory limit using the **--kernel-memory** +option. This option can be updated on a running container only if the container +was started with **--kernel-memory**. If the container was started *without* +**--kernel-memory** you need to stop the container before updating kernel memory. + +For example, if you started a container with this command: + +```bash +$ docker run -dit --name test --kernel-memory 50M ubuntu bash +``` + +You can update kernel memory while the container is running: + +```bash +$ docker update --kernel-memory 80M test +``` + +If you started a container *without* kernel memory initialized: + +```bash +$ docker run -dit --name test2 --memory 300M ubuntu bash +``` + +Update kernel memory of running container `test2` will fail. You need to stop +the container before updating the **--kernel-memory** setting. The next time you +start it, the container uses the new value. + ### Update a container's restart policy +You can change a container's restart policy on a running container. The new +restart policy takes effect instantly after you run `docker update` on a +container. + To update restart policy for one or more containers: + ```bash $ docker update --restart=on-failure:3 abebf7571666 hopeful_morse ``` From de93020c0204e7c73429d0f917a0dfde823cd284 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 29 Jul 2016 07:41:27 +0200 Subject: [PATCH 1627/2538] Remove zsh completion for 'docker swarm inspect' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 6 ------ 1 file changed, 6 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index e85c95627b..d37afa4f20 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1185,7 +1185,6 @@ __docker_swarm_commands() { local -a _docker_swarm_subcommands _docker_swarm_subcommands=( "init:Initialize a swarm" - "inspect:Inspect the swarm" "join:Join a swarm as a node and/or manager" "join-token:Manage join tokens" "leave:Leave a swarm" @@ -1210,11 +1209,6 @@ __docker_swarm_subcommand() { "($help)--force-new-cluster[Force create a new cluster from current state]" \ "($help)--listen-addr=[Listen address]:ip\:port: " && ret=0 ;; - (inspect) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 - ;; (join) _arguments $(__docker_arguments) \ $opts_help \ From f6aa2d75f064b9e0e8df2e121985ea813f1e6df6 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 29 Jul 2016 07:54:10 +0200 Subject: [PATCH 1628/2538] Add zsh completion for 'docker service {create,update} --container-label{-add,-rm}' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d37afa4f20..1dbe1ad016 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1106,6 +1106,7 @@ __docker_service_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ $opts_create_update \ + "($help)*--container-label=[Container labels]:label: " \ "($help)--mode=[Service Mode]:mode:(global replicated)" \ "($help -): :__docker_images" \ "($help -):command: _command_names -e" \ @@ -1166,6 +1167,8 @@ __docker_service_subcommand() { $opts_help \ $opts_create_update \ "($help)--arg=[Service command args]:arguments: _normal" \ + "($help)*--container-label-add=[Add or update container labels]:label: " \ + "($help)*--container-label-rm=[Remove a container label by its key]:label: " \ "($help)--image=[Service image tag]:image:__docker_repositories" \ "($help -)1:service:__docker_complete_services" && ret=0 ;; From 958d9a4844f55c6dad8e7efe7f845d4c4f055723 Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Wed, 27 Jul 2016 21:24:38 -0700 Subject: [PATCH 1629/2538] add advertise address, clarify join token Signed-off-by: Charles Smith --- .../reference/commandline/swarm_join_token.md | 33 +++++++++++++++---- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index 07943266a1..996ca01fee 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -21,13 +21,17 @@ Options: --rotate Rotate join token ``` -Join tokens are secrets that determine whether or not a node will join the swarm as a manager node -or a worker node. You pass the token using the `--token flag` when you run -[swarm join](swarm_join.md). You can access the current tokens or rotate the tokens using -`swarm join-token`. +Join tokens are secrets that allow a node to join the swarm. There are two +different join tokens available, one for the worker role and one for the manager +role. You pass the token using the `--token` flag when you run +[swarm join](swarm_join.md). Nodes use the join token only when they join the +swarm. -Run with only a single `worker` or `manager` argument, it will print a command for joining a new -node to the swarm, including the necessary token: +You can view or rotate the join tokens using `swarm join-token`. + +As a convenience, you can pass `worker` or `manager` as an argument to +`join-token` to print the full `docker swarm join` command to join a new node to +the swarm: ```bash $ docker swarm join-token worker @@ -64,7 +68,22 @@ SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7 ### `--rotate` -Update the join token for a specified role with a new token and print the token. +Because tokens allow new nodes to join the swarm, you should keep them secret. +Be particularly careful with manager tokens since they allow new manager nodes +to join the swarm. A rogue manager has the potential to disrupt the operation of +your swarm. + +Rotate your swarm's join token if a token gets checked-in to version control, +stolen, or a node is compromised. You may also want to periodically rotate the +token to ensure any unknown token leaks do not allow a rogue node to join +the swarm. + +To rotate the join token and print the newly generated token, run +`docker swarm join-token --rotate` and pass the role: `manager` or `worker`. + +Rotating a join-token means that no new nodes will be able to join the swarm +using the old token. Rotation does not affect existing nodes in the swarm +because the join token is only used for authorizing new nodes joining the swarm. ### `--quiet` From 0ab07d2bd7a952e69550b4c123615ab7349395b6 Mon Sep 17 00:00:00 2001 From: allencloud Date: Sat, 30 Jul 2016 01:41:52 +0800 Subject: [PATCH 1630/2538] update command description in CLI Signed-off-by: allencloud --- contrib/completion/zsh/_docker | 6 +++--- docs/reference/commandline/index.md | 2 +- docs/reference/commandline/kill.md | 2 +- docs/reference/commandline/network_rm.md | 4 ++-- docs/reference/commandline/node_demote.md | 2 +- docs/reference/commandline/node_promote.md | 2 +- docs/reference/commandline/node_rm.md | 2 +- docs/reference/commandline/service_rm.md | 4 ++-- docs/reference/commandline/volume_rm.md | 6 +++--- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1dbe1ad016..1eed282ba3 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -786,7 +786,7 @@ __docker_node_commands() { "inspect:Display detailed information on one or more nodes" "ls:List nodes in the swarm" "promote:Promote a node as manager in the swarm" - "rm:Remove a node from the swarm" + "rm:Remove one or more nodes from the swarm" "ps:List tasks running on a node" "update:Update a node" ) @@ -1058,7 +1058,7 @@ __docker_service_commands() { "create:Create a new service" "inspect:Display detailed information on one or more services" "ls:List services" - "rm:Remove a service" + "rm:Remove one or more services" "scale:Scale one or multiple services" "ps:List the tasks of a service" "update:Update a service" @@ -1314,7 +1314,7 @@ __docker_volume_commands() { "create:Create a volume" "inspect:Display detailed information on one or more volumes" "ls:List volumes" - "rm:Remove a volume" + "rm:Remove one or more volumes" ) _describe -t docker-volume-commands "docker volume command" _docker_volume_subcommands } diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index e83c756136..9cd3679aa4 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -117,7 +117,7 @@ read the [`dockerd`](dockerd.md) reference page. | [node update](node_update.md) | Update attributes for a node | | [node ps](node_ps.md) | List tasks running on a node | | [node ls](node_ls.md) | List nodes in the swarm | -| [node rm](node_rm.md) | Remove a node from the swarm | +| [node rm](node_rm.md) | Remove one or more nodes from the swarm | ### Swarm swarm commands diff --git a/docs/reference/commandline/kill.md b/docs/reference/commandline/kill.md index e85ba61657..55b11efad2 100644 --- a/docs/reference/commandline/kill.md +++ b/docs/reference/commandline/kill.md @@ -13,7 +13,7 @@ parent = "smn_cli" ```markdown Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...] -Kill one or more running container +Kill one or more running containers Options: --help Print usage diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index ce213b47fe..949d9b56b9 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -11,9 +11,9 @@ parent = "smn_cli" # network rm ```markdown -Usage: docker network rm NETWORK [NETWORK]... +Usage: docker network rm NETWORK [NETWORK...] -Remove a network +Remove one or more networks Aliases: rm, remove diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index 78acbfdf40..2cec22ac3b 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -13,7 +13,7 @@ parent = "smn_cli" ```markdown Usage: docker node demote NODE [NODE...] -Demote a node from manager in the swarm +Demote one or more nodes from manager in the swarm Options: --help Print usage diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md index de0bb9a0aa..7f5830d92a 100644 --- a/docs/reference/commandline/node_promote.md +++ b/docs/reference/commandline/node_promote.md @@ -13,7 +13,7 @@ parent = "smn_cli" ```markdown Usage: docker node promote NODE [NODE...] -Promote a node to a manager in the swarm +Promote one or more nodes to manager in the swarm Options: --help Print usage diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index bb9fcadb32..e2f913e1a8 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -13,7 +13,7 @@ parent = "smn_cli" ```markdown Usage: docker node rm NODE [NODE...] -Remove a node from the swarm +Remove one or more nodes from the swarm Aliases: rm, remove diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index d47dc5f82e..ca2e9aecb4 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -11,9 +11,9 @@ parent = "smn_cli" # service rm ```Markdown -Usage: docker service rm [OPTIONS] SERVICE +Usage: docker service rm [OPTIONS] SERVICE [SERVICE...] -Remove a service +Remove one or more services Aliases: rm, remove diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index 1760a5d905..52d7f067bf 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -11,9 +11,9 @@ parent = "smn_cli" # volume rm ```markdown -Usage: docker volume rm VOLUME [VOLUME]... +Usage: docker volume rm VOLUME [VOLUME...] -Remove a volume +Remove one or more volumes Aliases: rm, remove @@ -22,7 +22,7 @@ Options: --help Print usage ``` -Removes one or more volumes. You cannot remove a volume that is in use by a container. +Remove one or more volumes. You cannot remove a volume that is in use by a container. $ docker volume rm hello hello From 69eb98ada5e3060b69236a2153a4f3653152e1f5 Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Wed, 27 Jul 2016 09:03:15 +0800 Subject: [PATCH 1631/2538] Fix kernel memory updating docs Specify that kernel memory updating limitation only applies on kernel version older than 4.6. Signed-off-by: Qiang Huang --- docs/reference/commandline/update.md | 15 +++++++++------ man/docker-update.1.md | 23 ++++++++++++++--------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index 1b1365dedb..da7162848d 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -37,9 +37,9 @@ limits on a single container or on many. To specify more than one container, provide space-separated list of container names or IDs. With the exception of the `--kernel-memory` option, you can specify these -options on a running or a stopped container. You can only update -`--kernel-memory` on a stopped container or on a running container with -kernel memory initialized. +options on a running or a stopped container. On kernel version older than +4.6, you can only update `--kernel-memory` on a stopped container or on +a running container with kernel memory initialized. ## EXAMPLES @@ -66,9 +66,10 @@ $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse ### Update a container's kernel memory constraints You can update a container's kernel memory limit using the `--kernel-memory` -option. This option can be updated on a running container only if the container -was started with `--kernel-memory`. If the container was started *without* -`--kernel-memory` you need to stop the container before updating kernel memory. +option. On kernel version older than 4.6, this option can be updated on a +running container only if the container was started with `--kernel-memory`. +If the container was started *without* `--kernel-memory` you need to stop +the container before updating kernel memory. For example, if you started a container with this command: @@ -92,6 +93,8 @@ Update kernel memory of running container `test2` will fail. You need to stop the container before updating the `--kernel-memory` setting. The next time you start it, the container uses the new value. +Kernel version newer than (include) 4.6 does not have this limitation, you +can use `--kernel-memory` the same way as other options. ### Update a container's restart policy diff --git a/man/docker-update.1.md b/man/docker-update.1.md index 3dd6a4f989..68eb0ba4b6 100644 --- a/man/docker-update.1.md +++ b/man/docker-update.1.md @@ -29,9 +29,9 @@ limits on a single container or on many. To specify more than one container, provide space-separated list of container names or IDs. With the exception of the **--kernel-memory** option, you can specify these -options on a running or a stopped container. You can only update -**--kernel-memory** on a stopped container or on a running container with -kernel memory initialized. +options on a running or a stopped container. On kernel version older than +4.6, You can only update **--kernel-memory** on a stopped container or on +a running container with kernel memory initialized. # OPTIONS @@ -59,9 +59,10 @@ kernel memory initialized. **--kernel-memory**="" Kernel memory limit (format: `[]`, where unit = b, k, m or g) - Note that you can not update kernel memory on a running container if the container - is started without kernel memory initialized, in this case, it can only be updated - after it's stopped. The new setting takes effect when the container is started. + Note that on kernel version older than 4.6, you can not update kernel memory on + a running container if the container is started without kernel memory initialized, + in this case, it can only be updated after it's stopped. The new setting takes + effect when the container is started. **-m**, **--memory**="" Memory limit (format: , where unit = b, k, m or g) @@ -100,9 +101,10 @@ $ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse ### Update a container's kernel memory constraints You can update a container's kernel memory limit using the **--kernel-memory** -option. This option can be updated on a running container only if the container -was started with **--kernel-memory**. If the container was started *without* -**--kernel-memory** you need to stop the container before updating kernel memory. +option. On kernel version older than 4.6, this option can be updated on a +running container only if the container was started with **--kernel-memory**. +If the container was started *without* **--kernel-memory** you need to stop +the container before updating kernel memory. For example, if you started a container with this command: @@ -126,6 +128,9 @@ Update kernel memory of running container `test2` will fail. You need to stop the container before updating the **--kernel-memory** setting. The next time you start it, the container uses the new value. +Kernel version newer than (include) 4.6 does not have this limitation, you +can use `--kernel-memory` the same way as other options. + ### Update a container's restart policy You can change a container's restart policy on a running container. The new From aee09a390b9278c21348c0586cc1ceeeabd36460 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 2 Aug 2016 06:58:02 -0700 Subject: [PATCH 1632/2538] Update docs in `docker service create/update` for flag `--user` In `docker service create/update`, flag `--user` actually supports `uid:gid` (same as `docker run`). However, this is not reflected in the help and documentation yet. This fix updates docs in `docker service create/update` to change the description to `Username or UID (format: [:])`. The help message output has also been updated. This fix is related to 25304. Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 4711b1aee3..164d3d2119 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -42,7 +42,7 @@ Options: --update-delay duration Delay between updates --update-failure-action string Action on update failure (pause|continue) (default "pause") --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID + -u, --user string Username or UID (format: [:]) --with-registry-auth Send registry authentication details to Swarm agents -w, --workdir string Working directory inside the container ``` diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index dcb0278c39..6d73fb6fd0 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -50,7 +50,7 @@ Options: --update-delay duration Delay between updates --update-failure-action string Action on update failure (pause|continue) (default "pause") --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID + -u, --user string Username or UID (format: [:]) --with-registry-auth Send registry authentication details to Swarm agents -w, --workdir string Working directory inside the container ``` From 231703c3c6d6afe9cb3d127d825986361db430e4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 27 Jul 2016 16:14:29 +0200 Subject: [PATCH 1633/2538] Improve swarm join-token instructions this change improves the instructions for swarm join-token and swarm init; - only print the join-token command for workers instead of for both managers and workers, to prevent users from copying the wrong command. An extra line is added to explain how to obtain the manager token. - print a message that a token was rotated sucesfully if '--rotate' is used. - add some extra white-space before / after the join commands, to make copy/pasting easier. this change also does some refactoring of join-token; - move flagname-constants together with other constants - use variables for selected role ("worker" / "manager") to prevent checking for them multiple times, and to keep the "worker" / "manager" sting centralized - add an extra blank line after "join-token" instructions this makes it easier to copy, and cleans up the code a tiny bit Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/swarm_init.md | 6 ++---- docs/reference/commandline/swarm_join_token.md | 6 ++++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index c4a7a99e84..e52af0e5cd 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -35,14 +35,12 @@ $ docker swarm init --advertise-addr 192.168.99.121 Swarm initialized: current node (bvz81updecsj6wjz393c09vti) is now a manager. To add a worker to this swarm, run the following command: + docker swarm join \ --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \ 172.17.0.2:2377 -To add a manager to this swarm, run the following command: - docker swarm join \ - --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 \ - 172.17.0.2:2377 +To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions. ``` `docker swarm init` generates two random tokens, a worker token and a manager token. When you join diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index 996ca01fee..4b4d652bf3 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -36,12 +36,14 @@ the swarm: ```bash $ docker swarm join-token worker To add a worker to this swarm, run the following command: + docker swarm join \ --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-1awxwuwd3z9j1z3puu7rcgdbx \ 172.17.0.2:2377 $ docker swarm join-token manager To add a manager to this swarm, run the following command: + docker swarm join \ --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-7p73s1dx5in4tatdymyhg9hu2 \ 172.17.0.2:2377 @@ -51,7 +53,10 @@ Use the `--rotate` flag to generate a new join token for the specified role: ```bash $ docker swarm join-token --rotate worker +Succesfully rotated worker join token. + To add a worker to this swarm, run the following command: + docker swarm join \ --token SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t \ 172.17.0.2:2377 @@ -63,6 +68,7 @@ The `-q` (or `--quiet`) flag only prints the token: ```bash $ docker swarm join-token -q worker + SWMTKN-1-3pu6hszjas19xyp7ghgosyx9k8atbfcr8p2is99znpy26u2lkl-b30ljddcqhef9b9v4rs7mel7t ``` From 71f2e0f2a4e9aaad1e9cb71d200ad51f6a70722f Mon Sep 17 00:00:00 2001 From: Josh Horwitz Date: Fri, 29 Jul 2016 13:46:38 -0400 Subject: [PATCH 1634/2538] Added shutdown to desired-state docs for filter node/service ps Signed-off-by: Josh Horwitz $Updated http docs for /tasks filters $Signed-off-by: Josh Horwitz --- docs/reference/commandline/node_ps.md | 2 +- docs/reference/commandline/service_ps.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 0859bf3cdd..24b13d582a 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -89,7 +89,7 @@ bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 9 minutes Ru #### desired-state -The `desired-state` filter can take the values `running` and `accepted`. +The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. ## Related information diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 61424deaa0..4fb27699be 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -87,7 +87,7 @@ ID NAME SERVICE IMAGE DESIRED STATE LAST S #### desired-state -The `desired-state` filter can take the values `running` and `accepted`. +The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. ## Related information From f314ccfb47ad637ed9991629826f92c416b8b6b7 Mon Sep 17 00:00:00 2001 From: Diogo Monica Date: Wed, 27 Jul 2016 21:17:00 -0700 Subject: [PATCH 1635/2538] Add --force to node removal Signed-off-by: Diogo Monica --- docs/reference/commandline/node_rm.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index e2f913e1a8..f5d5daaf1c 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -11,7 +11,7 @@ parent = "smn_cli" # node rm ```markdown -Usage: docker node rm NODE [NODE...] +Usage: docker node rm [OPTIONS] NODE [NODE...] Remove one or more nodes from the swarm @@ -19,6 +19,7 @@ Aliases: rm, remove Options: + --force Force remove an active node --help Print usage ``` @@ -30,6 +31,24 @@ Example output: $ docker node rm swarm-node-02 Node swarm-node-02 removed from swarm +Removes nodes from the swarm that are in the down state. Attempting to remove +an active node will result in an error: + +```bash +$ docker node rm swarm-node-03 +Error response from daemon: rpc error: code = 9 desc = node swarm-node-03 is not down and can't be removed +``` + +If a worker node becomes compromised, exhibits unexpected or unwanted behavior, or if you lose access to it so +that a clean shutdown is impossible, you can use the force option. + +```bash +$ docker node rm --force swarm-node-03 +Node swarm-node-03 removed from swarm +``` + +Note that manager nodes have to be demoted to worker nodes before they can be removed +from the cluster. ## Related information From d01b14ad80e0ed6122113d8d1979ad98d6451a44 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 3 Aug 2016 11:07:24 +0200 Subject: [PATCH 1636/2538] Add bash completion for `docker node rm --force` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f3a7407037..decd2d3064 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2019,7 +2019,7 @@ _docker_node_remove() { _docker_node_rm() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force --help" -- "$cur" ) ) ;; *) __docker_complete_nodes From 3a778c9e1f5d4aba0c4c75fc92cff1f7475b8f68 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 3 Aug 2016 05:36:07 -0700 Subject: [PATCH 1637/2538] Update `--user`/`-u` flag in man page of `docker create` The `--user`/`-u` of the `docker create` is the same as `docker run`, which could take either `uid` or `uid:gid` format. However, the description in the man page of `docker create` is missing and may cause some confusions (comared with `docker run`). This fix updates the man page of `docker create` so that it is consistent with the man page of `docker run`. This fix is related to 25304. Signed-off-by: Yong Tang --- man/docker-create.1.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 980e09c101..8a7cac8b80 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -375,7 +375,12 @@ any options, the systems uses the following options: `rw,noexec,nosuid,nodev,size=65536k`. **-u**, **--user**="" - Username or UID + Sets the username or UID used and optionally the groupname or GID for the specified command. + + The followings examples are all valid: + --user [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Without this argument root user will be used in the container by default. **--ulimit**=[] Ulimit options From d30cedfe7c42b2addfd4db19fa63ea48fcb62773 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 28 Jul 2016 14:53:08 -0400 Subject: [PATCH 1638/2538] Fix the man/Dockerfile for arm Signed-off-by: Daniel Nephin --- man/Dockerfile | 24 ++++++++++++++---------- man/Dockerfile.armhf | 24 ++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 10 deletions(-) create mode 100644 man/Dockerfile.armhf diff --git a/man/Dockerfile b/man/Dockerfile index d4eb76ad6b..5657d13c92 100644 --- a/man/Dockerfile +++ b/man/Dockerfile @@ -1,16 +1,20 @@ -FROM golang:1.6.3-alpine +FROM alpine:3.4 -RUN apk add -U git bash curl gcc musl-dev +RUN apk add -U git go bash curl gcc musl-dev make -RUN export GLIDE=0.10.2; \ - export SRC=https://github.com/Masterminds/glide/releases/download/; \ - curl -sL ${SRC}/${GLIDE}/glide-${GLIDE}-linux-amd64.tar.gz | \ - tar -xz linux-amd64/glide && \ - mv linux-amd64/glide /usr/bin/glide && \ - chmod +x /usr/bin/glide +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* -COPY man/glide.yaml /manvendor/ -COPY man/glide.lock /manvendor/ +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ WORKDIR /manvendor/ RUN glide install && mv vendor src ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor diff --git a/man/Dockerfile.armhf b/man/Dockerfile.armhf new file mode 100644 index 0000000000..a3552c660b --- /dev/null +++ b/man/Dockerfile.armhf @@ -0,0 +1,24 @@ +FROM armhf/alpine:3.4 + +RUN apk add -U git go bash curl gcc musl-dev make + +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* + +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] From 202d38d0179eeb479a99bda9eff1f306e5619195 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 4 Aug 2016 08:01:04 +0200 Subject: [PATCH 1639/2538] Add zsh completion for 'docker node rm --force' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1eed282ba3..c8a3394274 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -804,6 +804,7 @@ __docker_node_subcommand() { (rm|remove) _arguments $(__docker_arguments) \ $opts_help \ + "($help)--force[Force remove an active node]" \ "($help -)*:node:__docker_complete_pending_nodes" && ret=0 ;; (demote) From 8b51443ea1c428fa0d24443ed608286dd2b30a42 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20B=C3=B6=C3=A4nziger?= Date: Fri, 5 Aug 2016 09:19:16 +0200 Subject: [PATCH 1640/2538] Remove git conflict markers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Bänziger --- docs/reference/commandline/swarm_join.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 1d1d782d2e..9a13430b46 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -88,7 +88,6 @@ This flag is generally not necessary when joining an existing swarm. ### `--manager` Joins the node as a manager ->>>>>>> 22565e1... Split advertised address from listen address ### `--token string` From 811862e8abaf8bd20372bf7934589680445a74de Mon Sep 17 00:00:00 2001 From: Kevin Richardson Date: Fri, 5 Aug 2016 07:35:16 -0400 Subject: [PATCH 1641/2538] Fix typo in run command documentation Signed-off-by: Kevin Richardson --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index fb8d75de25..449e09e3e1 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -95,7 +95,7 @@ Options: -P, --publish-all Publish all exposed ports to random ports --read-only Mount the container's root filesystem as read only --restart string Restart policy to apply when a container exits (default "no") - Possible values are : no, on-failuer[:max-retry], always, unless-stopped + Possible values are : no, on-failure[:max-retry], always, unless-stopped --rm Automatically remove the container when it exits --runtime string Runtime to use for this container --security-opt value Security Options (default []) From 24c39ea25b955db0d504ae8a81164fc1aa2e42e8 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 22 Jul 2016 08:24:54 -0700 Subject: [PATCH 1642/2538] Add --force to docker plugin remove Signed-off-by: Victor Vieux --- docs/reference/commandline/plugin_rm.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 4225b5fad2..6535b5e102 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -12,7 +12,7 @@ parent = "smn_cli" # plugin rm (experimental) ```markdown -Usage: docker plugin rm PLUGIN +Usage: docker plugin rm [OPTIONS] PLUGIN [PLUGIN...] Remove a plugin @@ -20,12 +20,14 @@ Aliases: rm, remove Options: - --help Print usage + -f, --force Force the removal of an active plugin + --help Print usage ``` Removes a plugin. You cannot remove a plugin if it is active, you must disable a plugin using the [`docker plugin disable`](plugin_disable.md) before removing -it. +it (or use --force, use of force is not recommended, since it can affect +functioning of running containers using the plugin). The following example disables and removes the `no-remove:latest` plugin; From fd300754634649e423a0c0dd6abc28dca98614da Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 4 Aug 2016 14:59:51 +0200 Subject: [PATCH 1643/2538] Add network --format flag to ls Signed-off-by: Vincent Demeester --- docs/reference/commandline/network_ls.md | 33 ++++++++++++++++++++++++ man/docker-network-ls.1.md | 13 ++++++++++ 2 files changed, 46 insertions(+) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 49614bdaf4..e8ba6d97fb 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -20,6 +20,7 @@ Aliases: Options: -f, --filter value Provide filter values (i.e. 'dangling=true') (default []) + --format string Pretty-print networks using a Go template --help Print usage --no-trunc Do not truncate the output -q, --quiet Only display volume names @@ -169,6 +170,38 @@ $ docker network rm `docker network ls --filter type=custom -q` A warning will be issued when trying to remove a network that has containers attached. +## Formatting + +The formatting options (`--format`) pretty-prints networks output +using a Go template. + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +------------|------------------------------------------------------------------------------------------ +`.ID` | Network ID +`.Name` | Network name +`.Driver` | Network driver +`.Scope` | Network scope (local, global) +`.IPv6` | Whether IPv6 is enabled on the network or not. +`.Internal` | Whether the network is internal or not. +`.Labels` | All labels assigned to the network. +`.Label` | Value of a specific label for this network. For example `{{.Label "project.version"}}` + +When using the `--format` option, the `network ls` command will either +output the data exactly as the template declares or, when using the +`table` directive, includes column headers as well. + +The following example uses a template without headers and outputs the +`ID` and `Driver` entries separated by a colon for all networks: + +```bash +$ docker network ls --format "{{.ID}}: {{.Driver}}" +afaaab448eb2: bridge +d1584f8dc718: host +391df270dc66: null +``` + ## Related information * [network disconnect ](network_disconnect.md) diff --git a/man/docker-network-ls.1.md b/man/docker-network-ls.1.md index 3eeff05993..d5399d7a59 100644 --- a/man/docker-network-ls.1.md +++ b/man/docker-network-ls.1.md @@ -7,6 +7,7 @@ docker-network-ls - list networks # SYNOPSIS **docker network ls** [**-f**|**--filter**[=*[]*]] +[**--format**=*"TEMPLATE"*] [**--no-trunc**[=*true*|*false*]] [**-q**|**--quiet**[=*true*|*false*]] [**--help**] @@ -162,6 +163,18 @@ attached. **-f**, **--filter**=*[]* filter output based on conditions provided. +**--format**="*TEMPLATE*" + Pretty-print networks using a Go template. + Valid placeholders: + .ID - Network ID + .Name - Network name + .Driver - Network driver + .Scope - Network scope (local, global) + .IPv6 - Whether IPv6 is enabled on the network or not + .Internal - Whether the network is internal or not + .Labels - All labels assigned to the network + .Label - Value of a specific label for this network. For example `{{.Label "project.version"}}` + **--no-trunc**=*true*|*false* Do not truncate the output From cfd7733d305cdd93a3153cab2fefdc935cf5be56 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 4 Aug 2016 14:59:55 +0200 Subject: [PATCH 1644/2538] Add volume --format flag to ls Signed-off-by: Vincent Demeester --- docs/reference/commandline/volume_ls.md | 31 +++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index cdeea42e8c..df2430a35f 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -23,6 +23,7 @@ Options: - dangling= a volume if referenced or not - driver= a volume's driver name - name= a volume's name + --format string Pretty-print volumes using a Go template --help Print usage -q, --quiet Only display volume names ``` @@ -82,6 +83,36 @@ The following filter matches all volumes with a name containing the `rose` strin DRIVER VOLUME NAME local rosemary +## Formatting + +The formatting options (`--format`) pretty-prints volumes output +using a Go template. + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +--------------|------------------------------------------------------------------------------------------ +`.Name` | Network name +`.Driver` | Network driver +`.Scope` | Network scope (local, global) +`.Mountpoint` | Whether the network is internal or not. +`.Labels` | All labels assigned to the volume. +`.Label` | Value of a specific label for this volume. For example `{{.Label "project.version"}}` + +When using the `--format` option, the `volume ls` command will either +output the data exactly as the template declares or, when using the +`table` directive, includes column headers as well. + +The following example uses a template without headers and outputs the +`Name` and `Driver` entries separated by a colon for all volumes: + +```bash +$ docker volume ls --format "{{.Name}}: {{.Driver}}" +vol1: local +vol2: local +vol3: local +``` + ## Related information * [volume create](volume_create.md) From 5b559678c329943cf82e48d18d906680e8016cea Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 5 Aug 2016 18:06:25 +0200 Subject: [PATCH 1645/2538] Add `self` to bash completion of `docker node inspect` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index decd2d3064..ccc53868b7 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1966,7 +1966,7 @@ _docker_node_inspect() { COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) ) ;; *) - __docker_complete_nodes + __docker_complete_nodes_plus_self esac } From e428a09ae7adbf830f10c16e063b8922c1f10136 Mon Sep 17 00:00:00 2001 From: Liron Levin Date: Mon, 16 May 2016 21:12:48 +0300 Subject: [PATCH 1646/2538] Enable to dynamically reload authorization plugins via daemon.config Following #22729, enable to dynamically reload/remove the daemon authorization plugins (via standard reloading mechanism). https://docs.docker.com/engine/reference/commandline/daemon/#daemon- configuration-file Daemon must store a reference to the authorization middleware to refresh the plugin on configuration changes. Signed-off-by: Liron Levin --- docs/extend/plugins_authorization.md | 2 ++ docs/reference/commandline/dockerd.md | 1 + 2 files changed, 3 insertions(+) diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 4c11fa26ca..8630bfb761 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -104,6 +104,8 @@ support the Docker client interactions detailed in this section. Enable the authorization plugin with a dedicated command line flag in the `--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` value. This value can be the plugin’s socket or a path to a specification file. +Authorization plugins can be loaded without restarting the daemon. Refer +to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reloading) for more information. ```bash $ docker daemon --authorization-plugin=plugin1 --authorization-plugin=plugin2,... diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index f3ac7e5fb4..9c0d4b71c6 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1152,6 +1152,7 @@ The list of currently supported options that can be reconfigured is this: the runtime shipped with the official docker packages. - `runtimes`: it updates the list of available OCI runtimes that can be used to run containers +- `authorization-plugin`: specifies the authorization plugins to use. Updating and reloading the cluster configurations such as `--cluster-store`, `--cluster-advertise` and `--cluster-store-opts` will take effect only if From 8f0986f04bfdd3b552a1948c12ad499767f5a208 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 5 Aug 2016 19:14:13 +0200 Subject: [PATCH 1647/2538] Fix bash completion for `docker swarm join --advertise-addr` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ccc53868b7..c5e7b7948e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1878,7 +1878,7 @@ _docker_swarm_join() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--adveritse-addr --help --listen-addr --token" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--advertise-addr --help --listen-addr --token" -- "$cur" ) ) ;; *:) COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) From 6c4812f606b954ea710b813bea5df68b58de9080 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 5 Aug 2016 18:56:17 +0200 Subject: [PATCH 1648/2538] Improve bash completion for `docker swarm {init,join} --{advertise,listen}-addr}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 48 ++++++++++++++++++++++++++-------- 1 file changed, 37 insertions(+), 11 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c5e7b7948e..8384cbc890 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -414,6 +414,20 @@ __docker_complete_resolved_hostname() { COMPREPLY=( $(host 2>/dev/null "${cur%:}" | awk '/has address/ {print $4}') ) } +__docker_local_interfaces() { + command -v ip >/dev/null 2>&1 || return + ip addr show scope global 2>/dev/null | sed -n 's| \+inet \([0-9.]\+\).* \([^ ]\+\)|\1 \2|p' +} + +__docker_complete_local_interfaces() { + local additional_interface + if [ "$1" = "--add" ] ; then + additional_interface="$2" + fi + + COMPREPLY=( $( compgen -W "$(__docker_local_interfaces) $additional_interface" -- "$cur" ) ) +} + __docker_complete_capabilities() { # The list of capabilities is defined in types.go, ALL was added manually. COMPREPLY=( $( compgen -W " @@ -1836,15 +1850,21 @@ _docker_swarm() { _docker_swarm_init() { case "$prev" in - --listen-addr) - if [[ $cur == *: ]] ; then - COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) - fi - return - ;; --advertise-addr) if [[ $cur == *: ]] ; then COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) + else + __docker_complete_local_interfaces + __docker_nospace + fi + return + ;; + --listen-addr) + if [[ $cur == *: ]] ; then + COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) + else + __docker_complete_local_interfaces --add 0.0.0.0 + __docker_nospace fi return ;; @@ -1859,19 +1879,25 @@ _docker_swarm_init() { _docker_swarm_join() { case "$prev" in - --token) + --advertise-addr) + if [[ $cur == *: ]] ; then + COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) + else + __docker_complete_local_interfaces + __docker_nospace + fi return ;; --listen-addr) if [[ $cur == *: ]] ; then COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) + else + __docker_complete_local_interfaces --add 0.0.0.0 + __docker_nospace fi return ;; - --advertise-addr) - if [[ $cur == *: ]] ; then - COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) - fi + --token) return ;; esac From 52dd4d9c5ea4baafb1b1e3d6a11560208c3a730a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 5 Aug 2016 17:41:40 +0200 Subject: [PATCH 1649/2538] Fix bash completion for `docker service {create,update} {-e,--env}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8384cbc890..0ded2a0c2c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1788,7 +1788,8 @@ _docker_service_update() { return ;; --env|-e) - COMPREPLY=( $( compgen -e -S = -- "$cur" ) ) + # we do not append a "=" here because "-e VARNAME" is legal systax, too + COMPREPLY=( $( compgen -e -- "$cur" ) ) __docker_nospace return ;; @@ -2457,6 +2458,7 @@ _docker_run() { return ;; --env|-e) + # we do not append a "=" here because "-e VARNAME" is legal systax, too COMPREPLY=( $( compgen -e -- "$cur" ) ) __docker_nospace return From 86315be2f0af17a922b13d562e8ce8feaa99a9e6 Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Fri, 5 Aug 2016 16:51:07 -0700 Subject: [PATCH 1650/2538] fix typo, change sample cert expiry value Signed-off-by: Charles Smith --- docs/reference/commandline/swarm_update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 9aa8131941..5299be257d 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -27,7 +27,7 @@ Updates a swarm with new parameter values. This command must target a manager no ```bash -$ docker swarm update --cert-expirty 4000h0m0s +$ docker swarm update --cert-expiry 720h ``` ## Related information From 68ea0dc2d05a4e0d2f38945c16bf5bddb694ebfe Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 5 Aug 2016 15:00:41 -0700 Subject: [PATCH 1651/2538] Update documentation for entrypoint unset with `docker run/create` Signed-off-by: Yong Tang --- docs/reference/run.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index 4f6e679c9e..87fb0e8c81 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1305,6 +1305,10 @@ or two examples of how to pass more parameters to that ENTRYPOINT: $ docker run -it --entrypoint /bin/bash example/redis -c ls -l $ docker run -it --entrypoint /usr/bin/redis-cli example/redis --help +You can reset a containers entrypoint by passing an empty string, for example: + + $ docker run -it --entrypoint="" mysql bash + > **Note**: Passing `--entrypoint` will clear out any default command set on the > image (i.e. any `CMD` instruction in the Dockerfile used to build it). From e5a1e08fa03030e21501c5cf1922011773df02ba Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 9 Aug 2016 00:10:19 +0800 Subject: [PATCH 1652/2538] update go-units vendor to newest version Signed-off-by: allencloud --- docs/reference/commandline/ps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 48ef2ce13e..cb6c76e720 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -119,7 +119,7 @@ You can also filter for a substring in a name as this shows: $ docker ps --filter "name=nostalgic" CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -715ebfcee040 busybox "top" 3 seconds ago Up 1 seconds i_am_nostalgic +715ebfcee040 busybox "top" 3 seconds ago Up 1 second i_am_nostalgic 9b6247364a03 busybox "top" 7 minutes ago Up 7 minutes nostalgic_stallman 673394ef1d4c busybox "top" 38 minutes ago Up 38 minutes nostalgic_shockley ``` From 0f6a96d2a4cc69d4f9f7ab55b68d06982072bc33 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Thu, 9 Jun 2016 23:32:20 +0800 Subject: [PATCH 1653/2538] Wait container's removal via Events API If AutoRemove is set, wait until client get `destroy` events, or get `detach` events that implies container is detached but not stopped. Signed-off-by: Zhang Wei --- man/docker-run.1.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 65cdc7ae9f..060ec8e035 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -468,7 +468,9 @@ its root filesystem mounted as read only prohibiting any writes. Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). **--rm**=*true*|*false* - Automatically remove the container when it exits (incompatible with -d). The default is *false*. + Automatically remove the container when it exits. The default is *false*. + `--rm` flag can work together with `-d`, and auto-removal will be done on daemon side. Note that it's +incompatible with any restart policy other than `none`. **--security-opt**=[] Security Options From 503690bf4aa809191ed953bf194e07536f9c3c78 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 9 Aug 2016 13:04:35 +0200 Subject: [PATCH 1654/2538] Update example output for node inspect commit 41d580c7a610d8111dc63353cbd94319ca854627 added "Joined at" to the output of node inspect, but I forgot that docs changes are needed. This change updates the example output of node inspect in the documentation. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/node_inspect.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 8789a0da24..2f3370adbc 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -99,6 +99,7 @@ Example output: $ docker node inspect --pretty self ID: e216jshn25ckzbvmwlnh5jr3g Hostname: swarm-manager + Joined at: 2016-06-16 22:52:44.9910662 +0000 utc Status: State: Ready Availability: Active From 7a4dfc4a33402dca67e01bd1f3eb57ec72e32364 Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Wed, 8 Jun 2016 12:41:48 -0700 Subject: [PATCH 1655/2538] Windows: Added support for storage-opt size Signed-off-by: Darren Stahl --- docs/reference/commandline/create.md | 2 +- docs/reference/commandline/run.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 3b550c0464..55454e7a72 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -170,7 +170,7 @@ Set storage driver options per container. This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. This option is only -available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. +available for the `devicemapper`, `btrfs`, `windowsfilter`, and `zfs` graph drivers. ### Specify isolation technology for container (--isolation) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 449e09e3e1..0284df96af 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -198,7 +198,7 @@ The `-w` lets the command being executed inside directory given, here This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. This option is only -available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. +available for the `devicemapper`, `btrfs`, `windowsfilter`, and `zfs` graph drivers. ### Mount tmpfs (--tmpfs) From 3b2ecd70529d1dd5d778308dda1d4b14b344adfb Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Mon, 8 Aug 2016 18:36:03 +0800 Subject: [PATCH 1656/2538] Fix update memory without memoryswap The memory should always be smaller than memoryswap, we should error out with message that user know how to do rather than just an invalid argument error if user update the memory limit bigger than already set memory swap. Signed-off-by: Lei Jitang --- man/docker-update.1.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/man/docker-update.1.md b/man/docker-update.1.md index 68eb0ba4b6..ad86297a07 100644 --- a/man/docker-update.1.md +++ b/man/docker-update.1.md @@ -67,6 +67,12 @@ a running container with kernel memory initialized. **-m**, **--memory**="" Memory limit (format: , where unit = b, k, m or g) + Note that the memory should be smaller than the already set swap memory limit. + If you want update a memory limit bigger than the already set swap memory limit, + you should update swap memory limit at the same time. If you don't set swap memory + limit on docker create/run but only memory limit, the swap memory is double + the memory limit. + **--memory-reservation**="" Memory soft limit (format: [], where unit = b, k, m or g) From 710f8d8dea48488a86553aaa170268048873f4e8 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 10 Aug 2016 12:47:07 -0700 Subject: [PATCH 1657/2538] Update docs so that log-opts takes map (`{}`) instead of `[]` This fix updates docs so that log-opts takes map (`{}`) instead of `[]`, as is defined in the impmenetation (`map[string]string`) This fix fixes 22311. Signed-off-by: Yong Tang --- docs/reference/commandline/dockerd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 9c0d4b71c6..6487371360 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1027,7 +1027,7 @@ This is a full example of the allowed configuration options on Linux: "labels": [], "live-restore": true, "log-driver": "", - "log-opts": [], + "log-opts": {}, "mtu": 0, "pidfile": "", "graph": "", From afbc834a9990e1b3cdbaf692c51feea81ad80931 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 9 Aug 2016 15:44:54 -0700 Subject: [PATCH 1658/2538] add description in docker plugin ls Signed-off-by: Victor Vieux --- docs/reference/commandline/plugin_disable.md | 8 ++++---- docs/reference/commandline/plugin_enable.md | 8 ++++---- docs/reference/commandline/plugin_install.md | 4 ++-- docs/reference/commandline/plugin_ls.md | 7 ++++--- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index ba64889545..a3b2b8868e 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -30,8 +30,8 @@ and active: ```bash $ docker plugin ls -NAME TAG ACTIVE -tiborvass/no-remove latest true +NAME TAG DESCRIPTION ACTIVE +tiborvass/no-remove latest A test plugin for Docker true ``` To disable the plugin, use the following command: @@ -47,8 +47,8 @@ After the plugin is disabled, it appears as "inactive" in the list of plugins: ```bash $ docker plugin ls -NAME VERSION ACTIVE -tiborvass/no-remove latest false +NAME TAG DESCRIPTION ACTIVE +tiborvass/no-remove latest A test plugin for Docker false ``` ## Related information diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index d8b69d46f0..91f85b0fa4 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -30,8 +30,8 @@ but disabled ("inactive"): ```bash $ docker plugin ls -NAME VERSION ACTIVE -tiborvass/no-remove latest false +NAME TAG DESCRIPTION ACTIVE +tiborvass/no-remove latest A test plugin for Docker false ``` To enable the plugin, use the following command: @@ -47,8 +47,8 @@ After the plugin is enabled, it appears as "active" in the list of plugins: ```bash $ docker plugin ls -NAME VERSION ACTIVE -tiborvass/no-remove latest true +NAME TAG DESCRIPTION ACTIVE +tiborvass/no-remove latest A test plugin for Docker true ``` ## Related information diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 9084d84555..085714e067 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -47,8 +47,8 @@ After the plugin is installed, it appears in the list of plugins: ```bash $ docker plugin ls -NAME VERSION ACTIVE -tiborvass/no-remove latest true +NAME TAG DESCRIPTION ACTIVE +tiborvass/no-remove latest A test plugin for Docker true ``` ## Related information diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index 91ac98ae1d..f94d80d0cc 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -20,7 +20,8 @@ Aliases: ls, list Options: - --help Print usage + --help Print usage + --no-trunc Don't truncate output ``` Lists all the plugins that are currently installed. You can install plugins @@ -31,8 +32,8 @@ Example output: ```bash $ docker plugin ls -NAME VERSION ACTIVE -tiborvass/no-remove latest true +NAME TAG DESCRIPTION ACTIVE +tiborvass/no-remove latest A test plugin for Docker true ``` ## Related information From e15ee6cec4cb4fbe2882d1e7371db51552481742 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Thu, 11 Aug 2016 18:30:04 -0700 Subject: [PATCH 1659/2538] Remove --network-add and --network-rm flags from service update These flags were not supported (daemon returns an error), and it was an oversight. They were not present in completion scripts. Signed-off-by: Tibor Vass --- docs/reference/commandline/service_update.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 6d73fb6fd0..b84afcd7f5 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -35,8 +35,6 @@ Options: --mount-add value Add or update a mount on a service --mount-rm value Remove a mount by its target path (default []) --name string Service name - --network-add value Add or update network attachments (default []) - --network-rm value Remove a network by name (default []) --publish-add value Add or update a published port (default []) --publish-rm value Remove a published port by its target port (default []) --replicas value Number of tasks (default none) From ac5ac973aae656f66497a8ba9af9da7a447c4fbe Mon Sep 17 00:00:00 2001 From: Lei Jitang Date: Thu, 11 Aug 2016 21:08:54 -0400 Subject: [PATCH 1660/2538] Fix inspect network show gateway with mask Signed-off-by: Lei Jitang --- docs/reference/commandline/network_inspect.md | 2 +- man/docker-network-inspect.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index e72a5c793f..e2e3dc7833 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -102,7 +102,7 @@ $ docker network inspect simple-network "Config": [ { "Subnet": "172.22.0.0/16", - "Gateway": "172.22.0.1/16" + "Gateway": "172.22.0.1" } ] }, diff --git a/man/docker-network-inspect.1.md b/man/docker-network-inspect.1.md index da4e7c3550..3805fb25a8 100644 --- a/man/docker-network-inspect.1.md +++ b/man/docker-network-inspect.1.md @@ -91,7 +91,7 @@ $ docker network inspect simple-network "Config": [ { "Subnet": "172.22.0.0/16", - "Gateway": "172.22.0.1/16" + "Gateway": "172.22.0.1" } ] }, From 76d46c34304dd2c6ac1195f70a88e0f1a4cb024c Mon Sep 17 00:00:00 2001 From: David Lechner Date: Fri, 12 Aug 2016 12:15:32 -0500 Subject: [PATCH 1661/2538] Move export from image commands to container commands The export command operates on containers, not images, so it should be listed under the container commands, not the image commands. Signed-off-by: David Lechner --- docs/reference/commandline/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 9cd3679aa4..e74a217f83 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -39,7 +39,6 @@ read the [`dockerd`](dockerd.md) reference page. |:--------|:-------------------------------------------------------------------| | [build](build.md) | Build an image from a Dockerfile | | [commit](commit.md) | Create a new image from a container's changes | -| [export](export.md) | Export a container's filesystem as a tar archive | | [history](history.md) | Show the history of an image | | [images](images.md) | List images | | [import](import.md) | Import the contents from a tarball to create a filesystem image | @@ -58,6 +57,7 @@ read the [`dockerd`](dockerd.md) reference page. | [diff](diff.md) | Inspect changes on a container's filesystem | | [events](events.md) | Get real time events from the server | | [exec](exec.md) | Run a command in a running container | +| [export](export.md) | Export a container's filesystem as a tar archive | | [kill](kill.md) | Kill a running container | | [logs](logs.md) | Fetch the logs of a container | | [pause](pause.md) | Pause all processes within a container | From 32a613412e84b969376ca2ccef2cf04d96ac6137 Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Tue, 26 Jul 2016 20:40:17 -0700 Subject: [PATCH 1662/2538] add overlay networking security model node Signed-off-by: Charles Smith --- docs/reference/commandline/network_connect.md | 2 +- docs/reference/commandline/network_create.md | 2 +- docs/reference/commandline/network_disconnect.md | 2 +- docs/reference/commandline/network_inspect.md | 2 +- docs/reference/commandline/network_ls.md | 2 +- docs/reference/commandline/network_rm.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index 60accc763c..5a9ed866ef 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -93,5 +93,5 @@ You can connect a container to one or more networks. The networks need not be th * [network disconnect](network_disconnect.md) * [network ls](network_ls.md) * [network rm](network_rm.md) -* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) +* [Understand Docker container networks](../../userguide/networking/index.md) * [Work with networks](../../userguide/networking/work-with-networks.md) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index b6039734fe..67884bb0b9 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -192,4 +192,4 @@ to create an externally isolated `overlay` network, you can specify the * [network disconnect](network_disconnect.md) * [network ls](network_ls.md) * [network rm](network_rm.md) -* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) +* [Understand Docker container networks](../../userguide/networking/index.md) diff --git a/docs/reference/commandline/network_disconnect.md b/docs/reference/commandline/network_disconnect.md index 9d0c31580d..2d43ccb1e9 100644 --- a/docs/reference/commandline/network_disconnect.md +++ b/docs/reference/commandline/network_disconnect.md @@ -34,4 +34,4 @@ Disconnects a container from a network. The container must be running to disconn * [network create](network_create.md) * [network ls](network_ls.md) * [network rm](network_rm.md) -* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) +* [Understand Docker container networks](../../userguide/networking/index.md) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index e2e3dc7833..1f35592b5d 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -119,4 +119,4 @@ $ docker network inspect simple-network * [network create](network_create.md) * [network ls](network_ls.md) * [network rm](network_rm.md) -* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) +* [Understand Docker container networks](../../userguide/networking/index.md) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index e8ba6d97fb..d1d92f4be8 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -209,4 +209,4 @@ d1584f8dc718: host * [network create](network_create.md) * [network inspect](network_inspect.md) * [network rm](network_rm.md) -* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) +* [Understand Docker container networks](../../userguide/networking/index.md) diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index 949d9b56b9..d57254636a 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -50,4 +50,4 @@ deletion. * [network create](network_create.md) * [network ls](network_ls.md) * [network inspect](network_inspect.md) -* [Understand Docker container networks](../../userguide/networking/dockernetworks.md) +* [Understand Docker container networks](../../userguide/networking/index.md) From 4d268629e22e1d05681fbce47e40bd4895ba59cd Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 15 Aug 2016 14:14:41 +0200 Subject: [PATCH 1663/2538] Fix capitalization Signed-off-by: YuPengZTE Signed-off-by: Sebastiaan van Stijn --- man/docker-run.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 060ec8e035..ad62fa0737 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -992,7 +992,7 @@ network namespace, run this command: Note: -Not all sysctls are namespaced. docker does not support changing sysctls +Not all sysctls are namespaced. Docker does not support changing sysctls inside of a container that also modify the host system. As the kernel evolves we expect to see more sysctls become namespaced. From 5a3c9e8c247ae6795ba18670034754f2ce182d16 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 15 Aug 2016 13:41:18 +0200 Subject: [PATCH 1664/2538] Restore missing ps example for killed containers This example was added in b0b2f979c7c43e2975d5e39340c168da2da42d1d, but got lost during splitting up the cli.md docs into separate files; 561bfb268de3c674b04d48895b7e46ae890ef795 This restores the missing example. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/ps.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index cb6c76e720..185cce16f3 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -138,6 +138,23 @@ ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago 48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds ``` +#### Killed containers + +You can use a filter to locate containers that exited with status of `137` +meaning a `SIGKILL(9)` killed them. + +```bash +$ docker ps -a --filter 'exited=137' +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +b3e1c0ed5bfe ubuntu:latest "sleep 1000" 12 seconds ago Exited (137) 5 seconds ago grave_kowalevski +a2eb5558d669 redis:latest "/entrypoint.sh redi 2 hours ago Exited (137) 2 hours ago sharp_lalande + +Any of these events result in a `137` status: + +* the `init` process of the container is killed manually +* `docker kill` kills the container +* Docker daemon restarts which kills all running containers + #### Status The `status` filter matches containers by status. You can filter using From 420b6a91af7d53afb250ad48eb487e8d9b59eadd Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 21 Jun 2016 09:15:17 +0000 Subject: [PATCH 1665/2538] add `--format` flag to `docker info` Signed-off-by: Akihiro Suda --- contrib/completion/bash/docker | 8 +++++++- contrib/completion/fish/docker.fish | 4 ++++ contrib/completion/zsh/_docker | 3 ++- docs/reference/commandline/info.md | 12 +++++++++++- man/docker-info.1.md | 14 +++++++++++++- 5 files changed, 37 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0ded2a0c2c..90c08112a5 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1290,9 +1290,15 @@ _docker_import() { } _docker_info() { + case "$prev" in + --format|-f) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) ;; esac } diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 72ccd05533..2ee367ff30 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -200,6 +200,8 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from import' -l help -d 'Pri # info complete -c docker -f -n '__fish_docker_no_subcommand' -a info -d 'Display system-wide information' +complete -c docker -A -f -n '__fish_seen_subcommand_from info' -s f -l format -d 'Format the output using the given go template' +complete -c docker -A -f -n '__fish_seen_subcommand_from info' -l help -d 'Print usage' # inspect complete -c docker -f -n '__fish_docker_no_subcommand' -a inspect -d 'Return low-level information on a container or image' @@ -393,6 +395,8 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from unpause' -a '(__fish_pr # version complete -c docker -f -n '__fish_docker_no_subcommand' -a version -d 'Show the Docker version information' +complete -c docker -A -f -n '__fish_seen_subcommand_from version' -s f -l format -d 'Format the output using the given go template' +complete -c docker -A -f -n '__fish_seen_subcommand_from version' -l help -d 'Print usage' # wait complete -c docker -f -n '__fish_docker_no_subcommand' -a wait -d 'Block until a container stops, then print its exit code' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index c8a3394274..d09445bf71 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1709,7 +1709,8 @@ __docker_subcommand() { ;; (info|version) _arguments $(__docker_arguments) \ - $opts_help && ret=0 + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 ;; (inspect) local state diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index f62add6603..00d5b935c1 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -16,7 +16,8 @@ Usage: docker info Display system-wide information Options: - --help Print usage + -f, --format string Format the output using the given go template + --help Print usage ``` This command displays system wide information regarding the Docker installation. @@ -24,6 +25,10 @@ Information displayed includes the kernel version, number of containers and imag The number of images shown is the number of unique images. The same image tagged under different names is counted only once. +If a format is specified, the given template will be executed instead of the +default format. Go's [text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. + Depending on the storage driver in use, additional information can be shown, such as pool name, data file, metadata file, data space used, total data space, metadata space used, and total metadata space. @@ -144,3 +149,8 @@ information about the devicemapper storage driver is shown: Insecure registries: myinsecurehost:5000 127.0.0.0/8 + +You can also specify the output format: + + $ docker info --format '{{json .}}' + {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} diff --git a/man/docker-info.1.md b/man/docker-info.1.md index 1d96b562eb..810b215363 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -7,7 +7,7 @@ docker-info - Display system-wide information # SYNOPSIS **docker info** [**--help**] - +[**-f**|**--format**[=*FORMAT*]] # DESCRIPTION This command displays system wide information regarding the Docker installation. @@ -15,6 +15,10 @@ Information displayed includes the kernel version, number of containers and imag The number of images shown is the number of unique images. The same image tagged under different names is counted only once. +If a format is specified, the given template will be executed instead of the +default format. Go's **text/template** package +describes all the details of the format. + Depending on the storage driver in use, additional information can be shown, such as pool name, data file, metadata file, data space used, total data space, metadata space used, and total metadata space. @@ -28,6 +32,9 @@ available on the volume where `/var/lib/docker` is mounted. **--help** Print usage statement +**-f**, **--format**="" + Format the output using the given go template + # EXAMPLES ## Display Docker system information @@ -140,6 +147,11 @@ information about the devicemapper storage driver is shown: myinsecurehost:5000 127.0.0.0/8 +You can also specify the output format: + + $ docker info --format '{{json .}}' + {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From 1cddc8ee6893a1a73bab7ac457c20b3db4d1c776 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 16 Aug 2016 09:10:46 +0200 Subject: [PATCH 1666/2538] Add bash completion for `docker volume ls --filter label` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 90c08112a5..00486ba146 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2831,7 +2831,7 @@ _docker_volume_ls() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "dangling driver name" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "dangling driver label name" -- "$cur" ) ) __docker_nospace return ;; From 9cec1ce2ee6a6a73cd22dc208c1d7f0ff7b5cd2a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 15 Aug 2016 17:39:50 +0200 Subject: [PATCH 1667/2538] Add missing docs for volume ls filter=label This filter option was added in be045ee2da7c2c83e859d86cb496e86ec6de8566, but didn't update the documentation and man pages. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/volume_ls.md | 92 ++++++++++++++++++++----- 1 file changed, 74 insertions(+), 18 deletions(-) diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index df2430a35f..eedb40c67d 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -19,9 +19,10 @@ Aliases: ls, list Options: - -f, --filter value Provide filter values (i.e. 'dangling=true') (default []) + -f, --filter value Provide filter values (e.g. 'dangling=true') (default []) - dangling= a volume if referenced or not - driver= a volume's driver name + - label= or label== - name= a volume's name --format string Pretty-print volumes using a Go template --help Print usage @@ -32,14 +33,16 @@ Lists all the volumes Docker knows about. You can filter using the `-f` or `--fi Example output: - $ docker volume create --name rosemary - rosemary - $docker volume create --name tyler - tyler - $ docker volume ls - DRIVER VOLUME NAME - local rosemary - local tyler +```bash +$ docker volume create --name rosemary +rosemary +$docker volume create --name tyler +tyler +$ docker volume ls +DRIVER VOLUME NAME +local rosemary +local tyler +``` ## Filtering @@ -50,17 +53,21 @@ The currently supported filters are: * dangling (boolean - true or false, 0 or 1) * driver (a volume driver's name) +* label (`label=` or `label==`) * name (a volume's name) ### dangling The `dangling` filter matches on all volumes not referenced by any containers - $ docker run -d -v tyler:/tmpwork busybox - f86a7dd02898067079c99ceacd810149060a70528eff3754d0b0f1a93bd0af18 - $ docker volume ls -f dangling=true - DRIVER VOLUME NAME - local rosemary +```bash +$ docker run -d -v tyler:/tmpwork busybox + +f86a7dd02898067079c99ceacd810149060a70528eff3754d0b0f1a93bd0af18 +$ docker volume ls -f dangling=true +DRIVER VOLUME NAME +local rosemary +``` ### driver @@ -68,10 +75,59 @@ The `driver` filter matches on all or part of a volume's driver name. The following filter matches all volumes with a driver name containing the `local` string. - $ docker volume ls -f driver=local - DRIVER VOLUME NAME - local rosemary - local tyler +```bash +$ docker volume ls -f driver=local + +DRIVER VOLUME NAME +local rosemary +local tyler +``` + +#### Label + +The `label` filter matches volumes based on the presence of a `label` alone or +a `label` and a value. + +First, let's create some volumes to illustrate this; + +```bash +$ docker volume create --name the-doctor --label is-timelord=yes +the-doctor +$ docker volume create --name daleks --label is-timelord=no +daleks +``` + +The following example filter matches volumes with the `is-timelord` label +regardless of its value. + +```bash +$ docker volume ls --filter label=is-timelord + +DRIVER NAME +local daleks +local the-doctor +``` + +As can be seen in the above example, both volumes with `is-timelord=yes`, and +`is-timelord=no` are returned. + +Filtering on both `key` *and* `value` of the label, produces the expected result: + +```bash +$ docker volume ls --filter label=is-timelord=yes + +DRIVER NAME +local the-doctor +``` + +Specifying multiple label filter produces an "and" search; all conditions +should be met; + +```bash +$ docker volume ls --filter label=is-timelord=yes --filter label=is-timelord=no + +DRIVER NAME +``` ### name From 9b4b730adb2c089e4d99ad58f129cc29bc69b08b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 16 Aug 2016 14:10:28 +0200 Subject: [PATCH 1668/2538] Add bash completion for `docker {network,volume} ls --format` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 00486ba146..bd35434529 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1546,11 +1546,14 @@ _docker_network_ls() { __docker_nospace return ;; + --format) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --help --no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) ) ;; esac } @@ -2835,11 +2838,14 @@ _docker_volume_ls() { __docker_nospace return ;; + --format) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) ) ;; esac } From b5c313651fe6aab6236185e8352019dcccff2d99 Mon Sep 17 00:00:00 2001 From: Josh Horwitz Date: Tue, 2 Aug 2016 12:25:14 -0400 Subject: [PATCH 1669/2538] Add --no-trunc to service/node/stack ps output Signed-off-by: Josh Horwitz --- contrib/completion/bash/docker | 4 ++-- contrib/completion/zsh/_docker | 2 ++ docs/reference/commandline/node_ps.md | 1 + docs/reference/commandline/service_ps.md | 1 + 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index bd35434529..6d7278bc57 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1713,7 +1713,7 @@ _docker_service_ps() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve --no-trunc" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--filter|-f') @@ -2085,7 +2085,7 @@ _docker_node_ps() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve --no-trunc" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--filter|-f') diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d09445bf71..733477cbb9 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -841,6 +841,7 @@ __docker_node_subcommand() { "($help -a --all)"{-a,--all}"[Display all instances]" \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ "($help)--no-resolve[Do not map IDs to Names]" \ + "($help)--no-trunc[Do not truncate output]" \ "($help -)1:node:__docker_complete_nodes" && ret=0 case $state in (filter-options) @@ -1156,6 +1157,7 @@ __docker_service_subcommand() { "($help -a --all)"{-a,--all}"[Display all tasks]" \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ "($help)--no-resolve[Do not map IDs to Names]" \ + "($help)--no-trunc[Do not truncate output]" \ "($help -)1:service:__docker_complete_services" && ret=0 case $state in (filter-options) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 24b13d582a..fc003e9224 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -21,6 +21,7 @@ Options: -f, --filter value Filter output based on conditions provided --help Print usage --no-resolve Do not map IDs to Names + --no-trunc Do not truncate output ``` Lists all the tasks on a Node that Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 4fb27699be..90f67fb39b 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -21,6 +21,7 @@ Options: -f, --filter value Filter output based on conditions provided --help Print usage --no-resolve Do not map IDs to Names + --no-trunc Do not truncate output ``` Lists the tasks that are running as part of the specified service. This command From f63d53c7365327c31c40ff9a871a6ea96fa8a6d0 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Mon, 15 Aug 2016 16:38:47 +0800 Subject: [PATCH 1670/2538] Forbid update restart policy of container with AutoRemove flag "--restart" and "--rm" are conflict options, if a container is started with AutoRemove flag, we should forbid the update action for its Restart Policy. Signed-off-by: Zhang Wei --- docs/reference/commandline/update.md | 4 ++++ man/docker-update.1.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index da7162848d..3eb2b7deac 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -107,3 +107,7 @@ To update restart policy for one or more containers: ```bash $ docker update --restart=on-failure:3 abebf7571666 hopeful_morse ``` + +Note that if the container is started with "--rm" flag, you cannot update the restart +policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the +container. diff --git a/man/docker-update.1.md b/man/docker-update.1.md index ad86297a07..71fb6e476a 100644 --- a/man/docker-update.1.md +++ b/man/docker-update.1.md @@ -148,3 +148,7 @@ To update restart policy for one or more containers: ```bash $ docker update --restart=on-failure:3 abebf7571666 hopeful_morse ``` + +Note that if the container is started with "--rm" flag, you cannot update the restart +policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the +container. From 1ccb0210f5b2ac9ea30b8814665cd2a066781e4a Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 17 Aug 2016 08:15:26 +0200 Subject: [PATCH 1671/2538] Add zsh completion for 'docker volume ls --filter label' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 733477cbb9..3dac03bde4 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1272,7 +1272,7 @@ __docker_volume_complete_ls_filters() { ;; esac else - opts=('dangling' 'driver' 'name') + opts=('dangling' 'driver' 'label' 'name') _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 fi From f68f53f3eccec46407e7425c0200defd6a52604a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 15 Aug 2016 13:32:03 +0200 Subject: [PATCH 1672/2538] Add missing docs about binary remote contexts This feature was added in docker 1.8, through 7491f9a9c11ad3fd3b587fa6f7e53b297b3b88c7. However, the API docs ended up in the wrong API version (1.19 instead of 1.20), so were never included in future API docs. Also, the CLI docs got lost during splitting up the cli.md docs into separate files; 561bfb268de3c674b04d48895b7e46ae890ef795 This moves the API docs to the correct versions, and restores the CLI documentation. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/build.md | 78 +++++++++++++++++++++++------ 1 file changed, 63 insertions(+), 15 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index e1e007dcf1..d7e1291b9e 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -49,13 +49,18 @@ to any of the files in the context. For example, your build can use an [*ADD*](../builder.md#add) instruction to reference a file in the context. -The `URL` parameter can specify the location of a Git repository; the repository -acts as the build context. The system recursively clones the repository and its -submodules using a `git clone --depth 1 --recursive` command. This command runs -in a temporary directory on your local host. After the command succeeds, the -directory is sent to the Docker daemon as the context. Local clones give you the -ability to access private repositories using local user credentials, VPNs, and -so forth. +The `URL` parameter can refer to three kinds of resources: Git repositories, +pre-packaged tarball contexts and plain text files. + +### Git repositories + +When the `URL` parameter points to the location of a Git repository, the +repository acts as the build context. The system recursively clones the +repository and its submodules using a `git clone --depth 1 --recursive` +command. This command runs in a temporary directory on your local host. After +the command succeeds, the directory is sent to the Docker daemon as the +context. Local clones give you the ability to access private repositories using +local user credentials, VPN's, and so forth. Git URLs accept context configuration in their fragment section, separated by a colon `:`. The first part represents the reference that Git will check out, @@ -84,9 +89,29 @@ Build Syntax Suffix | Commit Used | Build Context Used `myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` `myrepo.git#abcdef:myfolder` | `sha1 = abcdef` | `/myfolder` + +### Tarball contexts + +If you pass an URL to a remote tarball, the URL itself is sent to the daemon: + Instead of specifying a context, you can pass a single Dockerfile in the `URL` or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: +```bash +$ docker build http://server/context.tar.gz + +The download operation will be performed on the host the Docker daemon is +running on, which is not necessarily the same host from which the build command +is being issued. The Docker daemon will fetch `context.tar.gz` and use it as the +build context. Tarball contexts must be tar archives conforming to the standard +`tar` UNIX format and can be compressed with any one of the 'xz', 'bzip2', +'gzip' or 'identity' (no compression) formats. + +### Text files + +Instead of specifying a context, you can pass a single `Dockerfile` in the +`URL` or pipe the file in via `STDIN`. To pipe a `Dockerfile` from `STDIN`: + ```bash $ docker build - < Dockerfile ``` @@ -97,16 +122,16 @@ With Powershell on Windows, you can run: Get-Content Dockerfile | docker build - ``` -If you use STDIN or specify a `URL`, the system places the contents into a file -called `Dockerfile`, and any `-f`, `--file` option is ignored. In this -scenario, there is no context. +If you use `STDIN` or specify a `URL` pointing to a plain text file, the system +places the contents into a file called `Dockerfile`, and any `-f`, `--file` +option is ignored. In this scenario, there is no context. By default the `docker build` command will look for a `Dockerfile` at the root of the build context. The `-f`, `--file`, option lets you specify the path to an alternative file to use instead. This is useful in cases where the same set of files are used for multiple builds. The path must be to a file within the -build context. If a relative path is specified then it must to be relative to -the current directory. +build context. If a relative path is specified then it is interpreted as +relative to the root of the context. In most cases, it's best to put each Dockerfile in an empty directory. Then, add to that directory only the files needed for building the Dockerfile. To @@ -199,9 +224,32 @@ $ docker build github.com/creack/docker-firefox ``` This will clone the GitHub repository and use the cloned repository as context. -The Dockerfile at the root of the repository is used as Dockerfile. Note that -you can specify an arbitrary Git repository by using the `git://` or `git@` -scheme. +The Dockerfile at the root of the repository is used as Dockerfile. You can +specify an arbitrary Git repository by using the `git://` or `git@` scheme. + +```bash +$ docker build -f ctx/Dockerfile http://server/ctx.tar.gz + +Downloading context: http://server/ctx.tar.gz [===================>] 240 B/240 B +Step 0 : FROM busybox + ---> 8c2e06607696 +Step 1 : ADD ctx/container.cfg / + ---> e7829950cee3 +Removing intermediate container b35224abf821 +Step 2 : CMD /bin/ls + ---> Running in fbc63d321d73 + ---> 3286931702ad +Removing intermediate container fbc63d321d73 +Successfully built 377c409b35e4 +``` + +This sends the URL `http://server/ctx.tar.gz` to the Docker daemon, which +downloads and extracts the referenced tarball. The `-f ctx/Dockerfile` +parameter specifies a path inside `ctx.tar.gz` to the `Dockerfile` that is used +to build the image. Any `ADD` commands in that `Dockerfile` that refer to local +paths must be relative to the root of the contents inside `ctx.tar.gz`. In the +example above, the tarball contains a directory `ctx/`, so the `ADD +ctx/container.cfg /` operation works as expected. ### Build with - From ab24559a627dabac59262b9e1a1f1f8de790bf2a Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 17 Aug 2016 08:21:15 +0200 Subject: [PATCH 1673/2538] Add zsh completion for 'docker {network,volume} ls --format' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3dac03bde4..1963f4cd6b 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -629,6 +629,7 @@ __docker_network_subcommand() { $opts_help \ "($help)--no-trunc[Do not truncate the output]" \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help)--format=[Pretty-print networks using a Go template]:template: " \ "($help -q --quiet)"{-q,--quiet}"[Only display numeric IDs]" && ret=0 case $state in (filter-options) @@ -1348,6 +1349,7 @@ __docker_volume_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help)--format=[Pretty-print volumes using a Go template]:template: " \ "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0 case $state in (filter-options) @@ -1690,7 +1692,7 @@ __docker_subcommand() { "($help -a --all)"{-a,--all}"[Show all images]" \ "($help)--digests[Show digests]" \ "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ - "($help)--format[Pretty-print containers using a Go template]:format: " \ + "($help)--format[Pretty-print containers using a Go template]:template: " \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -): :__docker_repositories" && ret=0 @@ -1837,7 +1839,7 @@ __docker_subcommand() { "($help -a --all)"{-a,--all}"[Show all containers]" \ "($help)--before=[Show only container created before...]:containers:__docker_containers" \ "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \ - "($help)--format[Pretty-print containers using a Go template]:format: " \ + "($help)--format[Pretty-print containers using a Go template]:template: " \ "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ "($help -n --last)"{-n=,--last=}"[Show n last created containers (includes all states)]:n:(1 5 10 25 50)" \ "($help)--no-trunc[Do not truncate output]" \ From 1ec3668e69f58802922d4bd5bd720b4871ef2229 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 17 Aug 2016 09:38:34 -0700 Subject: [PATCH 1674/2538] Replace old oci specs import with runtime-specs Fixes #25804 The upstream repo changed the import paths. Signed-off-by: Michael Crosby --- docs/reference/commandline/dockerd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 6487371360..ccf120c3b9 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -590,7 +590,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. ## Docker runtime execution options The Docker daemon relies on a -[OCI](https://github.com/opencontainers/specs) compliant runtime +[OCI](https://github.com/opencontainers/runtime-spec) compliant runtime (invoked via the `containerd` daemon) as its interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. From ff474eb300cafed80cd6883fbb1e8cccd60b5419 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Wed, 17 Aug 2016 21:16:54 +0100 Subject: [PATCH 1675/2538] Split list of capabilities into those added by default and those not The documentation was a bit unhelpful as to what are the default capabilities, so split. Signed-off-by: Justin Cormack --- docs/reference/run.md | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 87fb0e8c81..005a87c8db 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1138,11 +1138,30 @@ This can be overridden using a third `:rwm` set of options to each `--device` fl In addition to `--privileged`, the operator can have fine grain control over the capabilities using `--cap-add` and `--cap-drop`. By default, Docker has a default -list of capabilities that are kept. The following table lists the Linux capability options which can be added or dropped. +list of capabilities that are kept. The following table lists the Linux capability +options which are allowed by default and can be dropped. | Capability Key | Capability Description | | ---------------- | ----------------------------------------------------------------------------------------------------------------------------- | | SETPCAP | Modify process capabilities. | +| MKNOD | Create special files using mknod(2). | +| AUDIT_WRITE | Write records to kernel auditing log. | +| CHOWN | Make arbitrary changes to file UIDs and GIDs (see chown(2)). | +| NET_RAW | Use RAW and PACKET sockets. | +| DAC_OVERRIDE | Bypass file read, write, and execute permission checks. | +| FOWNER | Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file. | +| FSETID | Don't clear set-user-ID and set-group-ID permission bits when a file is modified. | +| KILL | Bypass permission checks for sending signals. | +| SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. | +| SETUID | Make arbitrary manipulations of process UIDs. | +| NET_BIND_SERVICE | Bind a socket to internet domain privileged ports (port numbers less than 1024). | +| SYS_CHROOT | Use chroot(2), change root directory. | +| SETFCAP | Set file capabilities. | + +The next table shows the capabilities which are not granted by default and may be added. + +| Capability Key | Capability Description | +| ---------------- | ----------------------------------------------------------------------------------------------------------------------------- | | SYS_MODULE | Load and unload kernel modules. | | SYS_RAWIO | Perform I/O port operations (iopl(2) and ioperm(2)). | | SYS_PACCT | Use acct(2), switch process accounting on or off. | @@ -1151,36 +1170,23 @@ list of capabilities that are kept. The following table lists the Linux capabili | SYS_RESOURCE | Override resource Limits. | | SYS_TIME | Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock. | | SYS_TTY_CONFIG | Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals. | -| MKNOD | Create special files using mknod(2). | -| AUDIT_WRITE | Write records to kernel auditing log. | | AUDIT_CONTROL | Enable and disable kernel auditing; change auditing filter rules; retrieve auditing status and filtering rules. | | MAC_OVERRIDE | Allow MAC configuration or state changes. Implemented for the Smack LSM. | | MAC_ADMIN | Override Mandatory Access Control (MAC). Implemented for the Smack Linux Security Module (LSM). | | NET_ADMIN | Perform various network-related operations. | | SYSLOG | Perform privileged syslog(2) operations. | -| CHOWN | Make arbitrary changes to file UIDs and GIDs (see chown(2)). | -| NET_RAW | Use RAW and PACKET sockets. | -| DAC_OVERRIDE | Bypass file read, write, and execute permission checks. | -| FOWNER | Bypass permission checks on operations that normally require the file system UID of the process to match the UID of the file. | | DAC_READ_SEARCH | Bypass file read permission checks and directory read and execute permission checks. | -| FSETID | Don't clear set-user-ID and set-group-ID permission bits when a file is modified. | -| KILL | Bypass permission checks for sending signals. | -| SETGID | Make arbitrary manipulations of process GIDs and supplementary GID list. | -| SETUID | Make arbitrary manipulations of process UIDs. | | LINUX_IMMUTABLE | Set the FS_APPEND_FL and FS_IMMUTABLE_FL i-node flags. | -| NET_BIND_SERVICE | Bind a socket to internet domain privileged ports (port numbers less than 1024). | | NET_BROADCAST | Make socket broadcasts, and listen to multicasts. | | IPC_LOCK | Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2)). | | IPC_OWNER | Bypass permission checks for operations on System V IPC objects. | -| SYS_CHROOT | Use chroot(2), change root directory. | | SYS_PTRACE | Trace arbitrary processes using ptrace(2). | | SYS_BOOT | Use reboot(2) and kexec_load(2), reboot and load a new kernel for later execution. | | LEASE | Establish leases on arbitrary files (see fcntl(2)). | -| SETFCAP | Set file capabilities. | | WAKE_ALARM | Trigger something that will wake up the system. | -| BLOCK_SUSPEND | Employ features that can block system suspend. +| BLOCK_SUSPEND | Employ features that can block system suspend. | -Further reference information is available on the [capabilities(7) - Linux man page](http://linux.die.net/man/7/capabilities) +Further reference information is available on the [capabilities(7) - Linux man page](http://man7.org/linux/man-pages/man7/capabilities.7.html) Both flags support the value `ALL`, so if the operator wants to have all capabilities but `MKNOD` they could use: From 17a0affff1d78c93853cd180f0a0c6f01ab25ecb Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Wed, 17 Aug 2016 15:59:51 +0800 Subject: [PATCH 1676/2538] Specify woker node for docker swarm leave command Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/swarm_leave.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 214307944a..938caae58e 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -31,7 +31,7 @@ dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active Reachable dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader ``` -On a worker node: +On a worker node, worker2 in the following example: ```bash $ docker swarm leave Node left the default swarm. From 4755904cc3e297fa5f1bb8b25734693d6e0d821b Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Mon, 15 Aug 2016 11:03:05 -0700 Subject: [PATCH 1677/2538] adding some documentation about the new plugin system Signed-off-by: Victor Vieux --- docs/extend/index.md | 8 +- docs/extend/legacy/index.md | 22 ++ docs/extend/{ => legacy}/plugin_api.md | 0 docs/extend/{ => legacy}/plugins.md | 0 .../{ => legacy}/plugins_authorization.md | 0 docs/extend/{ => legacy}/plugins_network.md | 0 docs/extend/{ => legacy}/plugins_volume.md | 0 docs/extend/new/index.md | 18 ++ docs/extend/new/plugins.md | 227 ++++++++++++++++++ 9 files changed, 270 insertions(+), 5 deletions(-) create mode 100644 docs/extend/legacy/index.md rename docs/extend/{ => legacy}/plugin_api.md (100%) rename docs/extend/{ => legacy}/plugins.md (100%) rename docs/extend/{ => legacy}/plugins_authorization.md (100%) rename docs/extend/{ => legacy}/plugins_network.md (100%) rename docs/extend/{ => legacy}/plugins_volume.md (100%) create mode 100644 docs/extend/new/index.md create mode 100644 docs/extend/new/plugins.md diff --git a/docs/extend/index.md b/docs/extend/index.md index 8a061e4e29..588dc10a2f 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -15,8 +15,6 @@ weight = 6 Currently, you can extend Docker Engine by adding a plugin. This section contains the following topics: -* [Understand Docker plugins](plugins.md) -* [Write a volume plugin](plugins_volume.md) -* [Write a network plugin](plugins_network.md) -* [Write an authorization plugin](plugins_authorization.md) -* [Docker plugin API](plugin_api.md) +* [New Docker Plugin System](new/index.md) +* [Legacy Docker Plugins](legacy/index.md) + diff --git a/docs/extend/legacy/index.md b/docs/extend/legacy/index.md new file mode 100644 index 0000000000..031d7d2394 --- /dev/null +++ b/docs/extend/legacy/index.md @@ -0,0 +1,22 @@ + + + +## Legacy Docker Plugins + +Currently, you can extend Docker Engine by adding a plugin. This section contains the following topics: + +* [Understand Docker plugins](plugins.md) +* [Write a volume plugin](plugins_volume.md) +* [Write a network plugin](plugins_network.md) +* [Write an authorization plugin](plugins_authorization.md) +* [Docker plugin API](plugin_api.md) diff --git a/docs/extend/plugin_api.md b/docs/extend/legacy/plugin_api.md similarity index 100% rename from docs/extend/plugin_api.md rename to docs/extend/legacy/plugin_api.md diff --git a/docs/extend/plugins.md b/docs/extend/legacy/plugins.md similarity index 100% rename from docs/extend/plugins.md rename to docs/extend/legacy/plugins.md diff --git a/docs/extend/plugins_authorization.md b/docs/extend/legacy/plugins_authorization.md similarity index 100% rename from docs/extend/plugins_authorization.md rename to docs/extend/legacy/plugins_authorization.md diff --git a/docs/extend/plugins_network.md b/docs/extend/legacy/plugins_network.md similarity index 100% rename from docs/extend/plugins_network.md rename to docs/extend/legacy/plugins_network.md diff --git a/docs/extend/plugins_volume.md b/docs/extend/legacy/plugins_volume.md similarity index 100% rename from docs/extend/plugins_volume.md rename to docs/extend/legacy/plugins_volume.md diff --git a/docs/extend/new/index.md b/docs/extend/new/index.md new file mode 100644 index 0000000000..9c809a03a4 --- /dev/null +++ b/docs/extend/new/index.md @@ -0,0 +1,18 @@ + + + +## New Docker Plugin System + +Currently, you can extend Docker Engine by adding a plugin. This section contains the following topics: + +* [Understand Docker plugins](plugins.md) diff --git a/docs/extend/new/plugins.md b/docs/extend/new/plugins.md new file mode 100644 index 0000000000..04f83ea243 --- /dev/null +++ b/docs/extend/new/plugins.md @@ -0,0 +1,227 @@ + + +# New Plugin System + +The goal of this document is to describe the current state of the new plugin system available today in the **experimental build** of Docker 1.12. + +The main difference, compared to legacy plugins, is that plugins are now managed by Docker: plugins are installed, started, stopped and removed by docker. + +Only volume drivers are currently supported but more types will be added in the next release. + +This document is split in two parts, the user perspective, “how to operate a plugin” and the developer perspective “how to create a plugin” + + +## How to operate a plugin + +Plugins are distributed as docker images, so they can be hosted on the Docker Hub or on a private registry. +Installing a plugin is very easy, it’s a simple command: `docker plugin install` +This command is going to pull the plugin from the Docker Hub / Private registry, ask the operator to accept privileges (for example, plugin requires access to a device on the host system), if necessary and enable it. +You can then check the status of the plugin with the docker plugin ls command, the plugin will be marked as ENABLED if it was started without issue. + +Then, the plugin behavior is the same as legacy plugins, here is a full example using a sshfs plugin: + +### install the plugin +```bash +$ docker plugin install vieux/sshfs +Plugin "vieux/sshfs" is requesting the following privileges: + - network: [host] + - capabilities: [CAP_SYS_ADMIN] +Do you grant the above permissions? [y/N] y +vieux/sshfs +``` + +Here the plugin requests 2 privileges, the `CAP_SYS_ADMIN` capability to be able to do mount inside the plugin and `host networking`. + +### verify that the plugin has correctly started +##### by looking at the ENABLED column. (The value should be true) + +```bash +$ docker plugin ls +NAME TAG ENABLED +vieux/sshfs latest true +``` + +### create a volume using the plugin installed above + +```bash +$ docker volume create -d vieux/sshfs --name sshvolume -o sshcmd=user@1.2.3.4:/remote +sshvolume +``` + +### use the volume created above + +```bash +$ docker run -v sshvolume:/data busybox ls /data + +``` + +### verify that the plugin was created successfully + +```bash +$ docker volume ls +DRIVER NAME +vieux/sshfs sshvolume +``` + +It’s also possible to stop a plugin with the `docker plugin disable` command and to remove a plugin with `docker plugin remove`. + +See the [command line reference](../engine/reference/commandline/) for more information. + +## How to create a plugin + +The creation of plugin is currently a manual process, in the future release, a command such as `docker plugin build` will be added to automate the process. So here we are going to describe the format of an existing enabled plugin, to create a plugin you have to manually craft all those files by hand. + +Plugins are stored in `/var/lib/docker/plugins`. See this example: + +```bash +# ls -la /var/lib/docker/plugins +total 20 +drwx------ 4 root root 4096 Aug 8 18:03 . +drwx--x--x 12 root root 4096 Aug 8 17:53 .. +drwxr-xr-x 3 root root 4096 Aug 8 17:56 cd851ce43a403 +-rw------- 1 root root 2107 Aug 8 18:03 plugins.json +``` + +The file `plugins.json` is an inventory of all installed plugins, see an example of the content: + +```bash +# cat plugins.json +{ + "cd851ce43a403": { + "plugin": { + "Manifest": { + "Args": { + "Value": null, + "Settable": null, + "Description": "", + "Name": "" + }, + "Env": null, + "Devices": null, + "Mounts": null, + "Capabilities": [ + "CAP_SYS_ADMIN" + ], + "ManifestVersion": "v0.1", + "Description": "sshFS plugin for Docker", + "Documentation": "https://docs.docker.com/engine/extend/plugins/", + "Interface": { + "Socket": "sshfs.sock", + "Types": [ + "docker.volumedriver/1.0" + ] + }, + "Entrypoint": [ + "/go/bin/docker-volume-sshfs" + ], + "Workdir": "", + "User": {}, + "Network": { + "Type": "host" + } + }, + "Config": { + "Devices": null, + "Args": null, + "Env": [], + "Mounts": [] + }, + "Active": true, + "Tag": "latest", + "Name": "vieux/sshfs", + "Id": "cd851ce43a403" + } + } +} +``` + +Each folder represents a plugin, for example: + +```bash +# ls -la /var/lib/docker/plugins/cd851ce43a403 +total 12 +drwx------ 19 root root 4096 Aug 8 17:56 rootfs +-rw-r--r-- 1 root root 50 Aug 8 17:56 plugin-config.json +-rw------- 1 root root 347 Aug 8 17:56 manifest.json +``` + +rootfs represents the root filesystem of the plugin, in this example, it was created from this Dockerfile as follows: + +_Note: `/run/docker/plugins` is mandatory for docker to communicate with the plugin._ + +```bash +$ git clone github.com/vieux/docker-volume-sshfs +$ cd docker-volume-sshfs +$ docker build -t rootfs . +$ id=$(docker create rootfs true) # id was cd851ce43a403 when the image was created +$ mkdir -p /var/lib/docker/plugins/$id/rootfs +$ docker export "$id" | tar -x -C /var/lib/docker/plugins/$id/rootfs +$ docker rm -vf "$id" +$ docker rmi rootfs +``` + +`manifest.json` describe the plugin and `plugin-config.json` contains some runtime parameters, see for example: + +```bash +# cat manifest.json +{ + "manifestVersion": "v0.1", + "description": "sshFS plugin for Docker", + "documentation": "https://docs.docker.com/engine/extend/plugins/", + "entrypoint": ["/go/bin/docker-volume-sshfs"], + "network": { + "type": "host" + }, + "interface" : { + "types": ["docker.volumedriver/1.0"], + "socket": "sshfs.sock" + }, + "capabilities": ["CAP_SYS_ADMIN"] +} +``` + +In this example, you can see the plugin is a volume driver, requires the `CAP_SYS_ADMIN` capability, `host networking`, `/go/bin/docker-volume-sshfs` as entrypoint and is going to use `/run/docker/plugins/sshfs.sock` to communicate with the docker engine. + +```bash +# cat plugin-config.json +{ + "Devices": null, + "Args": null, + "Env": [], + "Mounts": [] +} +``` + +No runtime parameters are needed for this plugin. + +Both `manifest.json` and `plugin-config.json` are part of the `plugins.json`. +`manifest.json` is read-only and `plugin-config.json` is read-write. + + + +To sum up, here are the steps required to create a plugin today: + +0. choose the name of the plugins, same format as images, for example `/` +1. create a rootfs as showed above in `/var/lib/docker/plugins/$id/rootfs` +2. create manifest.json file in `/var/lib/docker/plugins/$id/` as shown above +3. create a `plugin-config.json` if needed, as shown above. +4. create or add a section to `/var/lib/docker/plugins/plugins.json` as shown above, use +`/` as “Name” and `$id` as “Id” +5. restart docker +6. `docker plugin ls` + a. if your plugin is listed as `ENABLED=true`, go to 7. + b. if the plugins is not listed or listed as `ENABLED=false` something went wrong, look at the daemon logs. +7. if not logged in already, use `docker login` to authenticate against a registry. +8. push the plugin with `docker plugin push /` + + From 16de3a25f40a81ab439d35e7c25173bb4213a431 Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Tue, 16 Aug 2016 11:53:36 -0700 Subject: [PATCH 1678/2538] edit plugin system doc, fix menu system Signed-off-by: Charles Smith --- docs/extend/index.md | 20 -- docs/extend/legacy/index.md | 22 -- .../{legacy/plugins.md => legacy_plugins.md} | 10 +- docs/extend/{new/index.md => menu.md} | 9 +- docs/extend/new/plugins.md | 227 --------------- docs/extend/{legacy => }/plugin_api.md | 8 +- docs/extend/plugins.md | 272 ++++++++++++++++++ .../{legacy => }/plugins_authorization.md | 6 +- docs/extend/{legacy => }/plugins_network.md | 5 + docs/extend/{legacy => }/plugins_volume.md | 5 + 10 files changed, 305 insertions(+), 279 deletions(-) delete mode 100644 docs/extend/index.md delete mode 100644 docs/extend/legacy/index.md rename docs/extend/{legacy/plugins.md => legacy_plugins.md} (97%) rename docs/extend/{new/index.md => menu.md} (78%) delete mode 100644 docs/extend/new/plugins.md rename docs/extend/{legacy => }/plugin_api.md (96%) create mode 100644 docs/extend/plugins.md rename docs/extend/{legacy => }/plugins_authorization.md (97%) rename docs/extend/{legacy => }/plugins_network.md (91%) rename docs/extend/{legacy => }/plugins_volume.md (96%) diff --git a/docs/extend/index.md b/docs/extend/index.md deleted file mode 100644 index 588dc10a2f..0000000000 --- a/docs/extend/index.md +++ /dev/null @@ -1,20 +0,0 @@ - - - -## Extending Docker Engine - -Currently, you can extend Docker Engine by adding a plugin. This section contains the following topics: - -* [New Docker Plugin System](new/index.md) -* [Legacy Docker Plugins](legacy/index.md) - diff --git a/docs/extend/legacy/index.md b/docs/extend/legacy/index.md deleted file mode 100644 index 031d7d2394..0000000000 --- a/docs/extend/legacy/index.md +++ /dev/null @@ -1,22 +0,0 @@ - - - -## Legacy Docker Plugins - -Currently, you can extend Docker Engine by adding a plugin. This section contains the following topics: - -* [Understand Docker plugins](plugins.md) -* [Write a volume plugin](plugins_volume.md) -* [Write a network plugin](plugins_network.md) -* [Write an authorization plugin](plugins_authorization.md) -* [Docker plugin API](plugin_api.md) diff --git a/docs/extend/legacy/plugins.md b/docs/extend/legacy_plugins.md similarity index 97% rename from docs/extend/legacy/plugins.md rename to docs/extend/legacy_plugins.md index 72d50bd150..02874f315e 100644 --- a/docs/extend/legacy/plugins.md +++ b/docs/extend/legacy_plugins.md @@ -5,11 +5,15 @@ description = "How to add additional functionality to Docker with plugins extens keywords = ["Examples, Usage, plugins, docker, documentation, user guide"] [menu.main] parent = "engine_extend" -weight=-1 +weight=3 +++ -# Understand Engine plugins +# Understand legacy Docker Engine plugins + +This document describes the Docker Engine plugins generally available in Docker +Engine 1.12 and earlier. To view information on plugins managed by Docker +Engine, refer to [Docker Engine plugin system](plugins.md). You can extend the capabilities of the Docker Engine by loading third-party plugins. This page explains the types of plugins and provides links to several @@ -72,7 +76,7 @@ Plugin ### Authorization plugins - Plugin | Description + Plugin | Description ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ [Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name). diff --git a/docs/extend/new/index.md b/docs/extend/menu.md similarity index 78% rename from docs/extend/new/index.md rename to docs/extend/menu.md index 9c809a03a4..026e56427f 100644 --- a/docs/extend/new/index.md +++ b/docs/extend/menu.md @@ -1,12 +1,13 @@ diff --git a/docs/extend/new/plugins.md b/docs/extend/new/plugins.md deleted file mode 100644 index 04f83ea243..0000000000 --- a/docs/extend/new/plugins.md +++ /dev/null @@ -1,227 +0,0 @@ - - -# New Plugin System - -The goal of this document is to describe the current state of the new plugin system available today in the **experimental build** of Docker 1.12. - -The main difference, compared to legacy plugins, is that plugins are now managed by Docker: plugins are installed, started, stopped and removed by docker. - -Only volume drivers are currently supported but more types will be added in the next release. - -This document is split in two parts, the user perspective, “how to operate a plugin” and the developer perspective “how to create a plugin” - - -## How to operate a plugin - -Plugins are distributed as docker images, so they can be hosted on the Docker Hub or on a private registry. -Installing a plugin is very easy, it’s a simple command: `docker plugin install` -This command is going to pull the plugin from the Docker Hub / Private registry, ask the operator to accept privileges (for example, plugin requires access to a device on the host system), if necessary and enable it. -You can then check the status of the plugin with the docker plugin ls command, the plugin will be marked as ENABLED if it was started without issue. - -Then, the plugin behavior is the same as legacy plugins, here is a full example using a sshfs plugin: - -### install the plugin -```bash -$ docker plugin install vieux/sshfs -Plugin "vieux/sshfs" is requesting the following privileges: - - network: [host] - - capabilities: [CAP_SYS_ADMIN] -Do you grant the above permissions? [y/N] y -vieux/sshfs -``` - -Here the plugin requests 2 privileges, the `CAP_SYS_ADMIN` capability to be able to do mount inside the plugin and `host networking`. - -### verify that the plugin has correctly started -##### by looking at the ENABLED column. (The value should be true) - -```bash -$ docker plugin ls -NAME TAG ENABLED -vieux/sshfs latest true -``` - -### create a volume using the plugin installed above - -```bash -$ docker volume create -d vieux/sshfs --name sshvolume -o sshcmd=user@1.2.3.4:/remote -sshvolume -``` - -### use the volume created above - -```bash -$ docker run -v sshvolume:/data busybox ls /data - -``` - -### verify that the plugin was created successfully - -```bash -$ docker volume ls -DRIVER NAME -vieux/sshfs sshvolume -``` - -It’s also possible to stop a plugin with the `docker plugin disable` command and to remove a plugin with `docker plugin remove`. - -See the [command line reference](../engine/reference/commandline/) for more information. - -## How to create a plugin - -The creation of plugin is currently a manual process, in the future release, a command such as `docker plugin build` will be added to automate the process. So here we are going to describe the format of an existing enabled plugin, to create a plugin you have to manually craft all those files by hand. - -Plugins are stored in `/var/lib/docker/plugins`. See this example: - -```bash -# ls -la /var/lib/docker/plugins -total 20 -drwx------ 4 root root 4096 Aug 8 18:03 . -drwx--x--x 12 root root 4096 Aug 8 17:53 .. -drwxr-xr-x 3 root root 4096 Aug 8 17:56 cd851ce43a403 --rw------- 1 root root 2107 Aug 8 18:03 plugins.json -``` - -The file `plugins.json` is an inventory of all installed plugins, see an example of the content: - -```bash -# cat plugins.json -{ - "cd851ce43a403": { - "plugin": { - "Manifest": { - "Args": { - "Value": null, - "Settable": null, - "Description": "", - "Name": "" - }, - "Env": null, - "Devices": null, - "Mounts": null, - "Capabilities": [ - "CAP_SYS_ADMIN" - ], - "ManifestVersion": "v0.1", - "Description": "sshFS plugin for Docker", - "Documentation": "https://docs.docker.com/engine/extend/plugins/", - "Interface": { - "Socket": "sshfs.sock", - "Types": [ - "docker.volumedriver/1.0" - ] - }, - "Entrypoint": [ - "/go/bin/docker-volume-sshfs" - ], - "Workdir": "", - "User": {}, - "Network": { - "Type": "host" - } - }, - "Config": { - "Devices": null, - "Args": null, - "Env": [], - "Mounts": [] - }, - "Active": true, - "Tag": "latest", - "Name": "vieux/sshfs", - "Id": "cd851ce43a403" - } - } -} -``` - -Each folder represents a plugin, for example: - -```bash -# ls -la /var/lib/docker/plugins/cd851ce43a403 -total 12 -drwx------ 19 root root 4096 Aug 8 17:56 rootfs --rw-r--r-- 1 root root 50 Aug 8 17:56 plugin-config.json --rw------- 1 root root 347 Aug 8 17:56 manifest.json -``` - -rootfs represents the root filesystem of the plugin, in this example, it was created from this Dockerfile as follows: - -_Note: `/run/docker/plugins` is mandatory for docker to communicate with the plugin._ - -```bash -$ git clone github.com/vieux/docker-volume-sshfs -$ cd docker-volume-sshfs -$ docker build -t rootfs . -$ id=$(docker create rootfs true) # id was cd851ce43a403 when the image was created -$ mkdir -p /var/lib/docker/plugins/$id/rootfs -$ docker export "$id" | tar -x -C /var/lib/docker/plugins/$id/rootfs -$ docker rm -vf "$id" -$ docker rmi rootfs -``` - -`manifest.json` describe the plugin and `plugin-config.json` contains some runtime parameters, see for example: - -```bash -# cat manifest.json -{ - "manifestVersion": "v0.1", - "description": "sshFS plugin for Docker", - "documentation": "https://docs.docker.com/engine/extend/plugins/", - "entrypoint": ["/go/bin/docker-volume-sshfs"], - "network": { - "type": "host" - }, - "interface" : { - "types": ["docker.volumedriver/1.0"], - "socket": "sshfs.sock" - }, - "capabilities": ["CAP_SYS_ADMIN"] -} -``` - -In this example, you can see the plugin is a volume driver, requires the `CAP_SYS_ADMIN` capability, `host networking`, `/go/bin/docker-volume-sshfs` as entrypoint and is going to use `/run/docker/plugins/sshfs.sock` to communicate with the docker engine. - -```bash -# cat plugin-config.json -{ - "Devices": null, - "Args": null, - "Env": [], - "Mounts": [] -} -``` - -No runtime parameters are needed for this plugin. - -Both `manifest.json` and `plugin-config.json` are part of the `plugins.json`. -`manifest.json` is read-only and `plugin-config.json` is read-write. - - - -To sum up, here are the steps required to create a plugin today: - -0. choose the name of the plugins, same format as images, for example `/` -1. create a rootfs as showed above in `/var/lib/docker/plugins/$id/rootfs` -2. create manifest.json file in `/var/lib/docker/plugins/$id/` as shown above -3. create a `plugin-config.json` if needed, as shown above. -4. create or add a section to `/var/lib/docker/plugins/plugins.json` as shown above, use -`/` as “Name” and `$id` as “Id” -5. restart docker -6. `docker plugin ls` - a. if your plugin is listed as `ENABLED=true`, go to 7. - b. if the plugins is not listed or listed as `ENABLED=false` something went wrong, look at the daemon logs. -7. if not logged in already, use `docker login` to authenticate against a registry. -8. push the plugin with `docker plugin push /` - - diff --git a/docs/extend/legacy/plugin_api.md b/docs/extend/plugin_api.md similarity index 96% rename from docs/extend/legacy/plugin_api.md rename to docs/extend/plugin_api.md index a799a13520..1f55b6d528 100644 --- a/docs/extend/legacy/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -5,7 +5,7 @@ description = "How to write Docker plugins extensions " keywords = ["API, Usage, plugins, documentation, developer"] [menu.main] parent = "engine_extend" -weight=1 +weight=7 +++ @@ -14,9 +14,13 @@ weight=1 Docker plugins are out-of-process extensions which add capabilities to the Docker Engine. +This document describes the Docker Engine plugin API generally available in +Docker Engine 1.12 and earlier. To view information on plugins managed by Docker +Engine, refer to [Docker Engine plugin system](plugins.md). + This page is intended for people who want to develop their own Docker plugin. If you just want to learn about or use Docker plugins, look -[here](plugins.md). +[here](legacy_plugins.md). ## What plugins are diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md new file mode 100644 index 0000000000..fb7af836e5 --- /dev/null +++ b/docs/extend/plugins.md @@ -0,0 +1,272 @@ + + +# Docker Engine plugin system + +This document describes the plugin system available today in the **experimental +build** of Docker 1.12: + +* [How to operate an existing plugin](#how-to-operate-a-plugin) +* [How to develop a plugin](#how-to-develop-a-plugin) + +Unlike the legacy plugin system, you now manage plugins using Docker Engine: + +* install plugins +* start plugins +* stop plugins +* remove plugins + +The current Docker Engine plugin system only supports volume drivers. We are +adding more plugin driver types in the future releases. + +For information on Docker Engine plugins generally available in Docker Engine +1.12 and earlier, refer to [Understand legacy Docker Engine plugins](legacy_plugins.md). + +## How to operate a plugin + +Plugins are distributed as Docker images, so develpers can host them on Docker +Hub or on a private registry. + +You install the plugin using a single command: `docker plugin install `. +The `plugin install` command pulls the plugin from the Docker Hub or private +registry. If necessary the CLI prompts you to accept any privilige requriements. +For example the plugin may require access to a device on the host system. +Finally it enables the plugin. + +Run `docker plugin ls` to check the status of installed plugins. The Engine +markes plugins that are started without issues as `ENABLED`. + +After you install a plugin, the plugin behavior is the same as legacy plugins. +The following example demonstrates how to install the `sshfs` plugin and use it +to create a volume. + +1. Install the `sshfs` plugin. + + ```bash + $ docker plugin install vieux/sshfs + + Plugin "vieux/sshfs" is requesting the following privileges: + - network: [host] + - capabilities: [CAP_SYS_ADMIN] + Do you grant the above permissions? [y/N] y + + vieux/sshfs + ``` + + The plugin requests 2 privileges, the `CAP_SYS_ADMIN` capability to be able + to do mount inside the plugin and `host networking`. + +2. Check for a value of `true` the `ENABLED` column to verify the plugin +started without error. + + ```bash + $ docker plugin ls + + NAME TAG ENABLED + vieux/sshfs latest true + ``` + +3. Create a volume using the plugin. + + ```bash + $ docker volume create \ + -d vieux/sshfs \ + --name sshvolume \ + -o sshcmd=user@1.2.3.4:/remote + + sshvolume + ``` + +4. Use the volume `sshvolume`. + + ```bash + $ docker run -v sshvolume:/data busybox ls /data + + + ``` + +5. Verify the plugin successfully crated the volume. + + ```bash + $ docker volume ls + + DRIVER NAME + vieux/sshfs sshvolume + ``` + + You can stop a plugin with the `docker plugin disable` + command or remove a plugin with `docker plugin remove`. + +See the [command line reference](../engine/reference/commandline/) for more +information. + +## How to develop a plugin + +Plugin creation is currently a manual process. We plan to add automation in a +future release with a command such as `docker plugin build`. + +This section describes the format of an existing enabled plugin. You have to +create and format the plugin files by hand. + +Plugins are stored in `/var/lib/docker/plugins`. For instance: + +```bash +# ls -la /var/lib/docker/plugins +total 20 +drwx------ 4 root root 4096 Aug 8 18:03 . +drwx--x--x 12 root root 4096 Aug 8 17:53 .. +drwxr-xr-x 3 root root 4096 Aug 8 17:56 cd851ce43a403 +-rw------- 1 root root 2107 Aug 8 18:03 plugins.json +``` + +`plugins.json` is an inventory of all installed plugins. For example: + +```bash +# cat plugins.json +{ + "cd851ce43a403": { + "plugin": { + "Manifest": { + "Args": { + "Value": null, + "Settable": null, + "Description": "", + "Name": "" + }, + "Env": null, + "Devices": null, + "Mounts": null, + "Capabilities": [ + "CAP_SYS_ADMIN" + ], + "ManifestVersion": "v0.1", + "Description": "sshFS plugin for Docker", + "Documentation": "https://docs.docker.com/engine/extend/plugins/", + "Interface": { + "Socket": "sshfs.sock", + "Types": [ + "docker.volumedriver/1.0" + ] + }, + "Entrypoint": [ + "/go/bin/docker-volume-sshfs" + ], + "Workdir": "", + "User": {}, + "Network": { + "Type": "host" + } + }, + "Config": { + "Devices": null, + "Args": null, + "Env": [], + "Mounts": [] + }, + "Active": true, + "Tag": "latest", + "Name": "vieux/sshfs", + "Id": "cd851ce43a403" + } + } +} +``` + +Each folder represents a plugin. For example: + +```bash +# ls -la /var/lib/docker/plugins/cd851ce43a403 +total 12 +drwx------ 19 root root 4096 Aug 8 17:56 rootfs +-rw-r--r-- 1 root root 50 Aug 8 17:56 plugin-config.json +-rw------- 1 root root 347 Aug 8 17:56 manifest.json +``` + +`rootfs` represents the root filesystem of the plugin. In this example, it was +created from a Dockerfile as follows: + +>**Note:** `/run/docker/plugins` is mandatory for docker to communicate with +the plugin._ + +```bash +$ git clone github.com/vieux/docker-volume-sshfs +$ cd docker-volume-sshfs +$ docker build -t rootfs . +$ id=$(docker create rootfs true) # id was cd851ce43a403 when the image was created +$ mkdir -p /var/lib/docker/plugins/$id/rootfs +$ docker export "$id" | tar -x -C /var/lib/docker/plugins/$id/rootfs +$ docker rm -vf "$id" +$ docker rmi rootfs +``` + +`manifest.json` describes the plugin and `plugin-config.json` contains some +runtime parameters. For example: + +```bash +# cat manifest.json +{ + "manifestVersion": "v0.1", + "description": "sshFS plugin for Docker", + "documentation": "https://docs.docker.com/engine/extend/plugins/", + "entrypoint": ["/go/bin/docker-volume-sshfs"], + "network": { + "type": "host" + }, + "interface" : { + "types": ["docker.volumedriver/1.0"], + "socket": "sshfs.sock" + }, + "capabilities": ["CAP_SYS_ADMIN"] +} +``` + +In this example, you can see the plugin is a volume driver, requires the +`CAP_SYS_ADMIN` capability, `host networking`, `/go/bin/docker-volume-sshfs` as +entrypoint and is going to use `/run/docker/plugins/sshfs.sock` to communicate +with the Docker Engine. + +```bash +# cat plugin-config.json +{ + "Devices": null, + "Args": null, + "Env": [], + "Mounts": [] +} +``` + +This plugin doesn't require runtime parameters. + +Both `manifest.json` and `plugin-config.json` are part of the `plugins.json`. +`manifest.json` is read-only and `plugin-config.json` is read-write. + +To summarize, follow the steps below to create a plugin: + +0. Choose a name for the plugin. Plugin name uses the same format as images, +for example: `/`. +1. Create a rootfs in `/var/lib/docker/plugins/$id/rootfs`. +2. Create manifest.json file in `/var/lib/docker/plugins/$id/`. +3. Create a `plugin-config.json` if needed. +4. Create or add a section to `/var/lib/docker/plugins/plugins.json`. Use + `/` as “Name” and `$id` as “Id”. +5. Restart the Docker Engine. +6. Run `docker plugin ls`. + * If your plugin is listed as `ENABLED=true`, you can push it to the + registry. + * If the plugin is not listed or if `ENABLED=false`, something went wrong. + Check the daemon logs for errors. +7. If you are not already logged in, use `docker login` to authenticate against + a registry. +8. Run `docker plugin push /` to push the plugin. diff --git a/docs/extend/legacy/plugins_authorization.md b/docs/extend/plugins_authorization.md similarity index 97% rename from docs/extend/legacy/plugins_authorization.md rename to docs/extend/plugins_authorization.md index 8630bfb761..572c6e99be 100644 --- a/docs/extend/legacy/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -6,13 +6,17 @@ keywords = ["security, authorization, authentication, docker, documentation, plu aliases = ["/engine/extend/authorization/"] [menu.main] parent = "engine_extend" -weight = -1 +weight = 4 +++ # Create an authorization plugin +This document describes Docker Engine authorization plugins generally +available in Docker Engine 1.12 and earlier. To view information on plugins +managed by Docker Engine, refer to [Docker Engine plugin system](plugins.md). + Docker's out-of-the-box authorization model is all or nothing. Any user with permission to access the Docker daemon can run any Docker client command. The same is true for callers using Docker's remote API to contact the daemon. If you diff --git a/docs/extend/legacy/plugins_network.md b/docs/extend/plugins_network.md similarity index 91% rename from docs/extend/legacy/plugins_network.md rename to docs/extend/plugins_network.md index ec1ccddfea..f1d72ceeae 100644 --- a/docs/extend/legacy/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -5,11 +5,16 @@ description = "Network driver plugins." keywords = ["Examples, Usage, plugins, docker, documentation, user guide"] [menu.main] parent = "engine_extend" +weight=5 +++ # Engine network driver plugins +This document describes Docker Engine network driver plugins generally +available in Docker Engine 1.12 and earlier. To view information on plugins +managed by Docker Engine, refer to [Docker Engine plugin system](plugins.md). + Docker Engine network plugins enable Engine deployments to be extended to support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN or something completely different. Network driver plugins are supported via the diff --git a/docs/extend/legacy/plugins_volume.md b/docs/extend/plugins_volume.md similarity index 96% rename from docs/extend/legacy/plugins_volume.md rename to docs/extend/plugins_volume.md index 66afa7d439..45eb25eb04 100644 --- a/docs/extend/legacy/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -5,11 +5,16 @@ description = "How to manage data with external volume plugins" keywords = ["Examples, Usage, volume, docker, data, volumes, plugin, api"] [menu.main] parent = "engine_extend" +weight=6 +++ # Write a volume plugin +This document describes Docker Engine volume plugins generally available in +Docker Engine 1.12 and earlier. To view information on plugins managed by Docker +Engine, refer to [Docker Engine plugin system](plugins.md). + Docker Engine volume plugins enable Engine deployments to be integrated with external storage systems, such as Amazon EBS, and enable data volumes to persist beyond the lifetime of a single Engine host. See the [plugin From ebc23f61162d4a946deb677e19fc6f8bef4b2e91 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 16 Aug 2016 14:56:47 -0700 Subject: [PATCH 1679/2538] fix broken link Signed-off-by: Victor Vieux --- docs/extend/menu.md | 1 + docs/extend/plugins.md | 4 ++-- docs/extend/plugins_volume.md | 4 ---- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/docs/extend/menu.md b/docs/extend/menu.md index 026e56427f..1c523e2dfa 100644 --- a/docs/extend/menu.md +++ b/docs/extend/menu.md @@ -17,3 +17,4 @@ weight = 0 Currently, you can extend Docker Engine by adding a plugin. This section contains the following topics: * [Understand Docker plugins](plugins.md) +* [Write a volume plugin](plugins_volume.md) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index fb7af836e5..cba09f5cd5 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -97,7 +97,7 @@ started without error. ``` -5. Verify the plugin successfully crated the volume. +5. Verify the plugin successfully created the volume. ```bash $ docker volume ls @@ -109,7 +109,7 @@ started without error. You can stop a plugin with the `docker plugin disable` command or remove a plugin with `docker plugin remove`. -See the [command line reference](../engine/reference/commandline/) for more +See the [command line reference](../reference/commandline/index.md) for more information. ## How to develop a plugin diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 45eb25eb04..b20732febe 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -11,10 +11,6 @@ weight=6 # Write a volume plugin -This document describes Docker Engine volume plugins generally available in -Docker Engine 1.12 and earlier. To view information on plugins managed by Docker -Engine, refer to [Docker Engine plugin system](plugins.md). - Docker Engine volume plugins enable Engine deployments to be integrated with external storage systems, such as Amazon EBS, and enable data volumes to persist beyond the lifetime of a single Engine host. See the [plugin From 280a6f966392c25ddf061046ea3d6c1db4c8d7c2 Mon Sep 17 00:00:00 2001 From: timfeirg Date: Mon, 15 Aug 2016 19:33:56 +0800 Subject: [PATCH 1680/2538] expose RemovalInProgress in StateString #25652 Signed-off-by: timfeirg --- contrib/completion/bash/docker | 2 +- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/ps.md | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 6d7278bc57..197f8977e9 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2182,7 +2182,7 @@ _docker_ps() { return ;; status) - COMPREPLY=( $( compgen -W "created dead exited paused restarting running" -- "${cur##*=}" ) ) + COMPREPLY=( $( compgen -W "created dead exited paused restarting running removing" -- "${cur##*=}" ) ) return ;; volume) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1963f4cd6b..615c9869a2 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -340,7 +340,7 @@ __docker_complete_ps_filters() { __docker_networks && ret=0 ;; (status) - status_opts=('created' 'dead' 'exited' 'paused' 'restarting' 'running') + status_opts=('created' 'dead' 'exited' 'paused' 'restarting' 'running' 'removing') _describe -t status-filter-opts "Status Filter Options" status_opts && ret=0 ;; (volume) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 185cce16f3..1f3ceb3799 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -20,7 +20,7 @@ Options: -f, --filter value Filter output based on conditions provided (default []) - exited= an exit code of - label= or label== - - status=(created|restarting|running|paused|exited) + - status=(created|restarting|removing|running|paused|exited) - name= a container's name - id= a container's ID - before=(|) @@ -68,7 +68,7 @@ The currently supported filters are: * label (`label=` or `label==`) * name (container's name) * exited (int - the code of exited containers. Only useful with `--all`) -* status (created|restarting|running|paused|exited|dead) +* status (created|restarting|running|removing|paused|exited|dead) * ancestor (`[:]`, `` or ``) - filters containers that were created from the given image or a descendant. * before (container's id or name) - filters containers created before given id or name * since (container's id or name) - filters containers created since given id or name @@ -158,7 +158,7 @@ Any of these events result in a `137` status: #### Status The `status` filter matches containers by status. You can filter using -`created`, `restarting`, `running`, `paused`, `exited` and `dead`. For example, +`created`, `restarting`, `running`, `removing`, `paused`, `exited` and `dead`. For example, to filter for `running` containers: ```bash From 3ef90ec019e983c54710459ed4d833013c364634 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 18 Aug 2016 20:03:08 -0400 Subject: [PATCH 1681/2538] Use the correct version of glide In `man/Dockerfile` we are specifying a tagged version of glide to checkout, but never actually checking it out. This checks out the requested version before building. Signed-off-by: Brian Goff --- man/Dockerfile | 1 + man/Dockerfile.armhf | 1 + 2 files changed, 2 insertions(+) diff --git a/man/Dockerfile b/man/Dockerfile index 5657d13c92..6c11bcccff 100644 --- a/man/Dockerfile +++ b/man/Dockerfile @@ -9,6 +9,7 @@ RUN export GLIDE=v0.11.1; \ mkdir -p ${TARGET} && \ git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ cd ${TARGET}/glide && \ + git checkout $GLIDE && \ make build && \ cp ./glide /usr/bin/glide && \ cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* diff --git a/man/Dockerfile.armhf b/man/Dockerfile.armhf index a3552c660b..c8815c30ef 100644 --- a/man/Dockerfile.armhf +++ b/man/Dockerfile.armhf @@ -9,6 +9,7 @@ RUN export GLIDE=v0.11.1; \ mkdir -p ${TARGET} && \ git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ cd ${TARGET}/glide && \ + git checkout $GLIDE && \ make build && \ cp ./glide /usr/bin/glide && \ cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* From 52f1cdbab56a13b817e943d3efda3bd2609b17b9 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 19 Aug 2016 13:14:03 +0200 Subject: [PATCH 1682/2538] Remove -run flag from commit command. This flag has been deprecated in version below 1.10 so it's safe to remove now, according to our deprecation policy. Signed-off-by: Vincent Demeester --- docs/deprecated.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index 668d8e89b4..907092c6a4 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -172,6 +172,15 @@ The single-dash (`-help`) was removed, in favor of the double-dash `--help` docker -help docker [COMMAND] -help +### `--run` flag on docker commit + +**Deprecated In Release: [v0.10.0](https://github.com/docker/docker/releases/tag/v0.10.0)** + +**Removed In Release: [v1.13.0](https://github.com/docker/docker/releases/)** + +The flag `--run` of the docker commit (and its short version `-run`) were deprecated in favor +of the `--changes` flag that allows to pass `Dockerfile` commands. + ### Interacting with V1 registries @@ -186,3 +195,4 @@ Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the - DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE - DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE + From be1a73f20001633f01403b5feef7504161c041f2 Mon Sep 17 00:00:00 2001 From: Christopher Jones Date: Fri, 27 May 2016 17:26:37 -0400 Subject: [PATCH 1683/2538] ppc64le: add support for building docker debs for xenial This PR adds the ability to make docker debs for xenial on power Signed-off-by: Christopher Jones Signed-off-by: Christopher Jones --- man/Dockerfile.ppc64le | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 man/Dockerfile.ppc64le diff --git a/man/Dockerfile.ppc64le b/man/Dockerfile.ppc64le new file mode 100644 index 0000000000..4ae0eeee82 --- /dev/null +++ b/man/Dockerfile.ppc64le @@ -0,0 +1,25 @@ +FROM ppc64le/ubuntu:xenial + +RUN apt-get update && apt-get install -y git golang-go + +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go:/usr/lib/go-1.6 +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + git checkout $GLIDE && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* + +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] From 0c200d4894e717439933980e21a934a125a3d1d0 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Wed, 17 Aug 2016 15:45:04 +0800 Subject: [PATCH 1684/2538] Modify usage of docker swarm join-token command Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/swarm_join_token.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index 4b4d652bf3..f808d84244 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -11,7 +11,7 @@ parent = "smn_cli" # swarm join-token ```markdown -Usage: docker swarm join-token [--rotate] (worker|manager) +Usage: docker swarm join-token [OPTIONS] (worker|manager) Manage join tokens From 9a16c4fccd686e9a91e7c012bfe12091cf29d02f Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 10 Jun 2016 07:40:09 -0700 Subject: [PATCH 1685/2538] Add `--force` in `docker volume rm` to fix out-of-band volume driver deletion This fix tries to address the issue in raised #23367 where an out-of-band volume driver deletion leaves some data in docker. This prevent the reuse of deleted volume names (by out-of-band volume driver like flocker). This fix adds a `--force` field in `docker volume rm` to forcefully purge the data of the volume that has already been deleted. Related documentations have been updated. This fix is tested manually with flocker, as is specified in #23367. An integration test has also been added for the scenario described. This fix fixes #23367. Signed-off-by: Yong Tang --- docs/reference/commandline/volume_rm.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index 52d7f067bf..aa66684259 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -11,7 +11,7 @@ parent = "smn_cli" # volume rm ```markdown -Usage: docker volume rm VOLUME [VOLUME...] +Usage: docker volume rm [OPTIONS] VOLUME [VOLUME...] Remove one or more volumes @@ -19,6 +19,7 @@ Aliases: rm, remove Options: + -f, --force Force the removal of one or more volumes --help Print usage ``` From cebe3440af209c5913dd35007357da20d9791ca0 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 18 Aug 2016 18:41:15 -0700 Subject: [PATCH 1686/2538] Update zsh and bash completion scripts. This is to update the zsh and bash completion script for 23367. Signed-off-by: Yong Tang --- contrib/completion/bash/docker | 2 +- contrib/completion/zsh/_docker | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 197f8977e9..1bc4f73667 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2853,7 +2853,7 @@ _docker_volume_ls() { _docker_volume_rm() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) ;; *) __docker_complete_volumes diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 615c9869a2..ab445c92ba 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1360,6 +1360,7 @@ __docker_volume_subcommand() { (rm) _arguments $(__docker_arguments) \ $opts_help \ + "($help -f --force)"{-f,--force}"[Force the removal of one or more volumes]" \ "($help -):volume:__docker_volumes" && ret=0 ;; (help) From 6132c35c04e1a3c2850f7f55733cefb100bf28de Mon Sep 17 00:00:00 2001 From: Mihai Borobocea Date: Sat, 20 Aug 2016 16:19:05 +0300 Subject: [PATCH 1687/2538] docs: fix typo in url fragment I noticed the broken hyperlink in this page: https://docs.docker.com/engine/reference/builder/ The link should point to `#parser-directives`. Signed-off-by: Mihai Borobocea --- docs/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 5975110fe4..2a21056ad8 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -120,7 +120,7 @@ instruction must be \`FROM\`** in order to specify the [*Base Image*](glossary.md#base-image) from which you are building. Docker treats lines that *begin* with `#` as a comment, unless the line is -a valid [parser directive](builder.md#parser directives). A `#` marker anywhere +a valid [parser directive](builder.md#parser-directives). A `#` marker anywhere else in a line is treated as an argument. This allows statements like: ```Dockerfile From 2b84c776d0aa3361132723c2e53d8516f44a8025 Mon Sep 17 00:00:00 2001 From: David Dooling Date: Tue, 16 Aug 2016 15:01:05 -0500 Subject: [PATCH 1688/2538] Remove erroneous ENTRYPOINT note The Dockerfile parser does not subsitute ENV variables in any form of the ENTRYPOINT command. Any substitution, if done, is done by the shell when the command is executed. Signed-off-by: David Dooling --- docs/reference/builder.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 2a21056ad8..b84f1811f2 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1075,8 +1075,6 @@ sys 0m 0.03s > `ENTRYPOINT [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. > If you want shell processing then either use the *shell* form or execute > a shell directly, for example: `ENTRYPOINT [ "sh", "-c", "echo $HOME" ]`. -> Variables that are defined in the `Dockerfile`using `ENV`, will be substituted by -> the `Dockerfile` parser. ### Shell form ENTRYPOINT example From e6c152e5ee579a9d7806e0c121aa7a118cbc4696 Mon Sep 17 00:00:00 2001 From: David Dooling Date: Wed, 17 Aug 2016 06:31:19 -0500 Subject: [PATCH 1689/2538] Make it clear who is doing variable expansion Add sentece to RUN, CMD, and ENTRYPOINT exec sections making it clear that it is the shell doing the environment variable expansion. Signed-off-by: David Dooling --- docs/reference/builder.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index b84f1811f2..c63bcf5347 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -541,6 +541,9 @@ RUN /bin/bash -c 'source $HOME/.bashrc ; echo $HOME' > `RUN [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. > If you want shell processing then either use the *shell* form or execute > a shell directly, for example: `RUN [ "sh", "-c", "echo $HOME" ]`. +> When using the exec form and executing a shell directly, as in the case for +> the shell form, it is the shell that is doing the environment variable +> expansion, not docker. > > **Note**: > In the *JSON* form, it is necessary to escape backslashes. This is @@ -607,6 +610,9 @@ instruction as well. > `CMD [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. > If you want shell processing then either use the *shell* form or execute > a shell directly, for example: `CMD [ "sh", "-c", "echo $HOME" ]`. +> When using the exec form and executing a shell directly, as in the case for +> the shell form, it is the shell that is doing the environment variable +> expansion, not docker. When used in the shell or exec formats, the `CMD` instruction sets the command to be executed when running the image. @@ -1075,6 +1081,9 @@ sys 0m 0.03s > `ENTRYPOINT [ "echo", "$HOME" ]` will not do variable substitution on `$HOME`. > If you want shell processing then either use the *shell* form or execute > a shell directly, for example: `ENTRYPOINT [ "sh", "-c", "echo $HOME" ]`. +> When using the exec form and executing a shell directly, as in the case for +> the shell form, it is the shell that is doing the environment variable +> expansion, not docker. ### Shell form ENTRYPOINT example From 6625943f44a2a672ab9b542cf9071e7ec949c552 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 19 Aug 2016 15:39:21 +0100 Subject: [PATCH 1690/2538] Add a Dockerfile for generating manpages on aarch64 Signed-off-by: Justin Cormack --- man/Dockerfile.aarch64 | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 man/Dockerfile.aarch64 diff --git a/man/Dockerfile.aarch64 b/man/Dockerfile.aarch64 new file mode 100644 index 0000000000..a12cbeda0a --- /dev/null +++ b/man/Dockerfile.aarch64 @@ -0,0 +1,25 @@ +FROM aarch64/ubuntu:xenial + +RUN apt-get update && apt-get install -y git golang-go + +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + git checkout $GLIDE && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* + +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] From 2d81ec0fae27314d069e4ea37326c1e44d0246fd Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Mon, 22 Aug 2016 15:42:38 +0800 Subject: [PATCH 1691/2538] Remove option "--manager" description for swarm_join.md Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/swarm_join.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 9a13430b46..af1a8724ed 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -85,10 +85,6 @@ name, the default port 2377 will be used. This flag is generally not necessary when joining an existing swarm. -### `--manager` - -Joins the node as a manager - ### `--token string` Secret value required for nodes to join the swarm From 016a00dc6efbf184209aff36338694b4d2ef3150 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 24 Aug 2016 10:09:33 +0800 Subject: [PATCH 1692/2538] Modify incorrect repository URL Signed-off-by: yuexiao-wang --- docs/extend/plugins.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugins.md b/docs/extend/plugins.md index cba09f5cd5..fd17441714 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/plugins.md @@ -201,7 +201,7 @@ created from a Dockerfile as follows: the plugin._ ```bash -$ git clone github.com/vieux/docker-volume-sshfs +$ git clone https://github.com/vieux/docker-volume-sshfs $ cd docker-volume-sshfs $ docker build -t rootfs . $ id=$(docker create rootfs true) # id was cd851ce43a403 when the image was created From a8a90829bb5c0b4e26e27f41622a31297304cdd7 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 19 Aug 2016 17:18:49 +0100 Subject: [PATCH 1693/2538] Add a Dockerfile for generating manpages on s390x Untested. Hoping CI and @michael-holzheu can test... Signed-off-by: Justin Cormack --- man/Dockerfile.s390x | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 man/Dockerfile.s390x diff --git a/man/Dockerfile.s390x b/man/Dockerfile.s390x new file mode 100644 index 0000000000..a6de5667be --- /dev/null +++ b/man/Dockerfile.s390x @@ -0,0 +1,25 @@ +FROM s390x/ubuntu:xenial + +RUN apt-get update && apt-get install -y git golang-go + +RUN mkdir -p /go/src /go/bin /go/pkg +ENV GOPATH=/go:/usr/lib/go-1.6 +RUN export GLIDE=v0.11.1; \ + export TARGET=/go/src/github.com/Masterminds; \ + mkdir -p ${TARGET} && \ + git clone https://github.com/Masterminds/glide.git ${TARGET}/glide && \ + cd ${TARGET}/glide && \ + git checkout $GLIDE && \ + make build && \ + cp ./glide /usr/bin/glide && \ + cd / && rm -rf /go/src/* /go/bin/* /go/pkg/* + +COPY glide.yaml /manvendor/ +COPY glide.lock /manvendor/ +WORKDIR /manvendor/ +RUN glide install && mv vendor src +ENV GOPATH=$GOPATH:/go/src/github.com/docker/docker/vendor:/manvendor +RUN go build -o /usr/bin/go-md2man github.com/cpuguy83/go-md2man + +WORKDIR /go/src/github.com/docker/docker/ +ENTRYPOINT ["man/generate.sh"] From ed38ec18bf89909a6b68078701812bbe74d3ece0 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 25 Aug 2016 11:47:33 +0800 Subject: [PATCH 1694/2538] Replace docker command from 'docker daemon' to 'dockerd' Signed-off-by: yuexiao-wang --- docs/extend/plugins_authorization.md | 2 +- docs/reference/commandline/dockerd.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 572c6e99be..f5c3a882b9 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -112,7 +112,7 @@ Authorization plugins can be loaded without restarting the daemon. Refer to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reloading) for more information. ```bash -$ docker daemon --authorization-plugin=plugin1 --authorization-plugin=plugin2,... +$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... ``` Docker's authorization subsystem supports multiple `--authorization-plugin` parameters. diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index ccf120c3b9..8231060f7d 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -574,7 +574,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. **size** cannot be smaller than **btrfs.min_space**. Example use: - $ docker daemon -s btrfs --storage-opt btrfs.min_space=10G + $ dockerd -s btrfs --storage-opt btrfs.min_space=10G #### Overlay2 options @@ -1213,7 +1213,7 @@ The `--tls*` options enable use of specific certificates for individual daemons. Example script for a separate “bootstrap” instance of the Docker daemon without network: ```bash -$ docker daemon \ +$ dockerd \ -H unix:///var/run/docker-bootstrap.sock \ -p /var/run/docker-bootstrap.pid \ --iptables=false \ From 7225cc5604000532bed95487c4d02fa03ff39bf4 Mon Sep 17 00:00:00 2001 From: Denis Gladkikh Date: Thu, 9 Jun 2016 21:06:44 -0700 Subject: [PATCH 1695/2538] Splunk Logging Driver: formats and verifyconnection `--log-opt splunk-format=inline|json|raw` allows to change how logging driver sends data to Splunk, where `inline` - default value, format used before, message is injected as a line in JSON payload `json` - driver will try to parse each line as a JSON object and embed it inside of the JSON payload `raw` - driver will send Raw payload instead of JSON, tag and attributes will be prefixed before the message `--log-opt splunk-verify-connection=true|false` - allows to skip verification for Splunk Url Signed-off-by: Denis Gladkikh --- contrib/completion/bash/docker | 8 ++++++-- contrib/completion/zsh/_docker | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1bc4f73667..baef6b90ed 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -520,7 +520,7 @@ __docker_complete_log_options() { local journald_options="env labels tag" local json_file_options="env labels max-file max-size" local syslog_options="env labels syslog-address syslog-facility syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify tag" - local splunk_options="env labels splunk-caname splunk-capath splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url tag" + local splunk_options="env labels splunk-caname splunk-capath splunk-format splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url splunk-verify-connection tag" local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" @@ -629,10 +629,14 @@ __docker_complete_log_driver_options() { __ltrim_colon_completions "${cur}" return ;; - splunk-insecureskipverify) + splunk-insecureskipverify|splunk-verify-connection) COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) return ;; + splunk-format) + COMPREPLY=( $( compgen -W "inline json raw" -- "${cur##*=}" ) ) + return + ;; esac return 1 } diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ab445c92ba..8224c729f8 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -228,7 +228,7 @@ __docker_get_log_options() { journald_options=("env" "labels" "tag") json_file_options=("env" "labels" "max-file" "max-size") syslog_options=("env" "labels" "syslog-address" "syslog-facility" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "tag") - splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "tag") + splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-format" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "splunk-verify-connection" "tag") [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0 [[ $log_driver = (fluentd|all) ]] && _describe -t fluentd-options "fluentd options" fluentd_options "$@" && ret=0 From 6e33dc2d91429ac1238f15ecac46478dcea3f9a0 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 23 Jun 2016 11:25:51 -0400 Subject: [PATCH 1696/2538] Remove old cli framework. Also consolidate the leftover packages under cli. Remove pkg/mflag. Make manpage generation work with new cobra layout. Remove remaining mflag and fix tests after rebase with master. Signed-off-by: Daniel Nephin --- man/generate.go | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/man/generate.go b/man/generate.go index 7bcc57009e..cee5a7fdd2 100644 --- a/man/generate.go +++ b/man/generate.go @@ -4,8 +4,10 @@ import ( "fmt" "os" - "github.com/docker/docker/cli/cobraadaptor" - cliflags "github.com/docker/docker/cli/flags" + "github.com/docker/docker/api/client" + "github.com/docker/docker/api/client/command" + "github.com/docker/docker/pkg/term" + "github.com/spf13/cobra" "github.com/spf13/cobra/doc" ) @@ -15,10 +17,12 @@ func generateManPages(path string) error { Section: "1", Source: "Docker Community", } - flags := &cliflags.ClientFlags{ - Common: cliflags.InitCommonFlags(), - } - cmd := cobraadaptor.NewCobraAdaptor(flags).GetRootCommand() + + stdin, stdout, stderr := term.StdStreams() + dockerCli := client.NewDockerCli(stdin, stdout, stderr) + cmd := &cobra.Command{Use: "docker"} + command.AddCommands(cmd, dockerCli) + cmd.DisableAutoGenTag = true return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{ Header: header, From 463d68bde9979040942863fdad10dd9827661795 Mon Sep 17 00:00:00 2001 From: Rich Moyse Date: Thu, 25 Aug 2016 16:49:37 -0400 Subject: [PATCH 1697/2538] Fixes #25918 - Changed --permissive to --privileged. Signed-off-by: Rich Moyse --- docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 005a87c8db..31c5366d49 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -645,7 +645,7 @@ allows you to share the same content between containers. > **Note**: Automatic translation of MLS labels is not currently supported. To disable the security labeling for this container versus running with the -`--permissive` flag, use the following command: +`--privileged` flag, use the following command: $ docker run --security-opt label=disable -it fedora bash From cfb8a110b44209f89bc5e6cfcb60ea999dab4e7f Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 25 Aug 2016 22:05:38 -0700 Subject: [PATCH 1698/2538] Update docs for `docker create` to include `--rm` flag Since 20848 has been merged and both `docker create` and `docker run` share the same `runconfig` parser, now both `docker run` and `docker create` allow to specify the `--rm` flag. However, docs for `docker create` has not been udpated yet. This fix updates docs for `docker create` so that `--rm` flag has been included. This fix is related to 20848 and 25577. Signed-off-by: Yong Tang --- docs/reference/commandline/create.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 55454e7a72..8446c6d140 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -90,6 +90,7 @@ Options: --read-only Mount the container's root filesystem as read only --restart string Restart policy to apply when a container exits (default "no") Possible values are: no, on-failure[:max-retry], always, unless-stopped + --rm Automatically remove the container when it exits --runtime string Runtime to use for this container --security-opt value Security Options (default []) --shm-size string Size of /dev/shm, default value is 64MB. From a2b443d1dfb2d103e57c1f278548514903879cd5 Mon Sep 17 00:00:00 2001 From: "Arnaud Porterie (icecrime)" Date: Wed, 15 Jun 2016 21:41:54 -0700 Subject: [PATCH 1699/2538] Refactor `docker inspect` to work on all types Signed-off-by: Arnaud Porterie (icecrime) --- docs/reference/commandline/inspect.md | 7 ++++--- man/docker-inspect.1.md | 21 +++++++++++---------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 7ccc7f7392..6232ec12b6 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -11,15 +11,16 @@ parent = "smn_cli" # inspect ```markdown -Usage: docker inspect [OPTIONS] CONTAINER|IMAGE|TASK [CONTAINER|IMAGE|TASK...] +Usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...] -Return low-level information on a container, image or task +Return low-level information on one or multiple containers, images, volumes, +networks, nodes, services, or tasks identified by name or ID. -f, --format Format the output using the given go template --help Print usage -s, --size Display total file sizes if the type is container values are "image" or "container" or "task - --type Return JSON for specified type, (e.g image, container or task) + --type Return JSON for specified type ``` By default, this will render all results in a JSON array. If the container and diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 6d7a54ad3b..3dbf600fde 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -2,23 +2,23 @@ % Docker Community % JUNE 2014 # NAME -docker-inspect - Return low-level information on a container or image +docker-inspect - Return low-level information on docker objects # SYNOPSIS **docker inspect** [**--help**] [**-f**|**--format**[=*FORMAT*]] [**-s**|**--size**] -[**--type**=*container*|*image*] -CONTAINER|IMAGE [CONTAINER|IMAGE...] +[**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume*] +NAME|ID [NAME|ID...] # DESCRIPTION -This displays all the information available in Docker for a given -container or image. By default, this will render all results in a JSON -array. If the container and image have the same name, this will return -container JSON for unspecified type. If a format is specified, the given -template will be executed for each result. +This displays all the information available in Docker for one or multiple given +containers, images, volumes, networks, nodes, services, or tasks. By default, +this will render all results in a JSON array. If the container and image have +the same name, this will return container JSON for unspecified type. If a format +is specified, the given template will be executed for each result. # OPTIONS **--help** @@ -30,8 +30,9 @@ template will be executed for each result. **-s**, **--size** Display total file sizes if the type is container. -**--type**="*container*|*image*" - Return JSON for specified type, permissible values are "image" or "container" +**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume* + Return JSON for specified type, permissible values are "image", "container", + "network", "node", "service", "task", and "volume". # EXAMPLES From 4594e5d50e377e9f7b197b0f38e5ea17f8abd767 Mon Sep 17 00:00:00 2001 From: Kara Alexandra Date: Tue, 14 Jun 2016 15:42:30 -0700 Subject: [PATCH 1700/2538] Add option to specify name without --name in volume create Signed-off-by: Kara Alexandra --- docs/reference/commandline/volume_create.md | 11 +++++------ docs/reference/commandline/volume_ls.md | 8 ++++---- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 56c8a5fcc0..65dbba2f64 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -11,7 +11,7 @@ parent = "smn_cli" # volume create ```markdown -Usage: docker volume create [OPTIONS] +Usage: docker volume create [OPTIONS] [VOLUME] Create a volume @@ -19,14 +19,13 @@ Options: -d, --driver string Specify volume driver name (default "local") --help Print usage --label value Set metadata for a volume (default []) - --name string Specify volume name -o, --opt value Set driver specific options (default map[]) ``` Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: ```bash -$ docker volume create --name hello +$ docker volume create hello hello $ docker run -d -v hello:/world busybox ls /world @@ -62,19 +61,19 @@ The built-in `local` driver on Linux accepts options similar to the linux `mount For example, the following creates a `tmpfs` volume called `foo` with a size of 100 megabyte and `uid` of 1000. ```bash -$ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 --name foo +$ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 foo ``` Another example that uses `btrfs`: ```bash -$ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 --name foo +$ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 foo ``` Another example that uses `nfs` to mount the `/path/to/dir` in `rw` mode from `192.168.1.1`: ```bash -$ docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.1,rw --opt device=:/path/to/dir --name foo +$ docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.1,rw --opt device=:/path/to/dir foo ``` diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index eedb40c67d..34e2ae927d 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -34,9 +34,9 @@ Lists all the volumes Docker knows about. You can filter using the `-f` or `--fi Example output: ```bash -$ docker volume create --name rosemary +$ docker volume create rosemary rosemary -$docker volume create --name tyler +$docker volume create tyler tyler $ docker volume ls DRIVER VOLUME NAME @@ -91,9 +91,9 @@ a `label` and a value. First, let's create some volumes to illustrate this; ```bash -$ docker volume create --name the-doctor --label is-timelord=yes +$ docker volume create the-doctor --label is-timelord=yes the-doctor -$ docker volume create --name daleks --label is-timelord=no +$ docker volume create daleks --label is-timelord=no daleks ``` From cfa7f94c026fc75b264e55e22c6413126f84f4a2 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 4 Aug 2016 16:19:46 -0700 Subject: [PATCH 1701/2538] replace active by enabled for consistency in plugins Signed-off-by: Victor Vieux --- docs/reference/commandline/plugin_disable.md | 10 +++------- docs/reference/commandline/plugin_enable.md | 10 +++------- docs/reference/commandline/plugin_inspect.md | 2 +- docs/reference/commandline/plugin_install.md | 2 +- docs/reference/commandline/plugin_ls.md | 2 +- docs/reference/commandline/plugin_rm.md | 2 +- 6 files changed, 10 insertions(+), 18 deletions(-) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index a3b2b8868e..eae31975e1 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -25,12 +25,12 @@ see [`docker plugin install`](plugin_install.md). The following example shows that the `no-remove` plugin is installed -and active: +and enabled: ```bash $ docker plugin ls -NAME TAG DESCRIPTION ACTIVE +NAME TAG DESCRIPTION ENABLED tiborvass/no-remove latest A test plugin for Docker true ``` @@ -40,14 +40,10 @@ To disable the plugin, use the following command: $ docker plugin disable tiborvass/no-remove tiborvass/no-remove -``` -After the plugin is disabled, it appears as "inactive" in the list of plugins: - -```bash $ docker plugin ls -NAME TAG DESCRIPTION ACTIVE +NAME TAG DESCRIPTION ENABLED tiborvass/no-remove latest A test plugin for Docker false ``` diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index 91f85b0fa4..44ef3c2fa3 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -25,12 +25,12 @@ see [`docker plugin install`](plugin_install.md). The following example shows that the `no-remove` plugin is installed, -but disabled ("inactive"): +but disabled: ```bash $ docker plugin ls -NAME TAG DESCRIPTION ACTIVE +NAME TAG DESCRIPTION ENABLED tiborvass/no-remove latest A test plugin for Docker false ``` @@ -40,14 +40,10 @@ To enable the plugin, use the following command: $ docker plugin enable tiborvass/no-remove tiborvass/no-remove -``` -After the plugin is enabled, it appears as "active" in the list of plugins: - -```bash $ docker plugin ls -NAME TAG DESCRIPTION ACTIVE +NAME TAG DESCRIPTION ENABLED tiborvass/no-remove latest A test plugin for Docker true ``` diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 80da2dcd0e..17993d573b 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -33,7 +33,7 @@ $ docker plugin inspect tiborvass/no-remove:latest "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21", "Name": "tiborvass/no-remove", "Tag": "latest", - "Active": true, + "Enabled": true, "Config": { "Mounts": [ { diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 085714e067..3dc4869d36 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -47,7 +47,7 @@ After the plugin is installed, it appears in the list of plugins: ```bash $ docker plugin ls -NAME TAG DESCRIPTION ACTIVE +NAME TAG DESCRIPTION ENABLED tiborvass/no-remove latest A test plugin for Docker true ``` diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index f94d80d0cc..77999bc1b4 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -32,7 +32,7 @@ Example output: ```bash $ docker plugin ls -NAME TAG DESCRIPTION ACTIVE +NAME TAG DESCRIPTION ENABLED tiborvass/no-remove latest A test plugin for Docker true ``` diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 6535b5e102..d78f8bd712 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -24,7 +24,7 @@ Options: --help Print usage ``` -Removes a plugin. You cannot remove a plugin if it is active, you must disable +Removes a plugin. You cannot remove a plugin if it is enabled, you must disable a plugin using the [`docker plugin disable`](plugin_disable.md) before removing it (or use --force, use of force is not recommended, since it can affect functioning of running containers using the plugin). From 2ff594515f801f84591e617cd5fe3f8a67a54284 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 18 Aug 2016 10:21:41 +0800 Subject: [PATCH 1702/2538] clean up the run.md in reference Signed-off-by: yuexiao-wang --- docs/reference/run.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 31c5366d49..a0ffea07e8 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -9,15 +9,6 @@ weight=-80 +++ - - # Docker run reference Docker runs processes in isolated containers. A container is a process From 7ebb7c738a7d8f461de64f90fb284ec7581babc2 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 17 Aug 2016 04:52:27 -0700 Subject: [PATCH 1703/2538] add -f to plugin inspect Signed-off-by: Victor Vieux Signed-off-by: Victor Vieux --- docs/reference/commandline/plugin_inspect.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 17993d573b..ed90eafb15 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -17,7 +17,8 @@ Usage: docker plugin inspect PLUGIN Inspect a plugin Options: - --help Print usage + -f, --format string Format the output using the given go template + --help Print usage ``` Returns information about a plugin. By default, this command renders all results @@ -138,6 +139,13 @@ $ docker plugin inspect tiborvass/no-remove:latest (output formatted for readability) +```bash +$ docker plugin inspect -f '{{.Id}}' tiborvass/no-remove:latest +``` +``` +8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21 +``` + ## Related information From 1e95101ade0883e61e420e8bdce1e162de3a1b1c Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 28 Aug 2016 12:40:10 +0200 Subject: [PATCH 1704/2538] Replace zsh completion for 'docker volume create --name' by 'docker volume create {name}' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8224c729f8..66dfeea9ef 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -463,6 +463,8 @@ __docker_complete_events_filter() { return ret } +# BO network + __docker_network_complete_ls_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -650,6 +652,8 @@ __docker_network_subcommand() { return ret } +# EO network + # BO node __docker_node_complete_ls_filters() { @@ -1252,6 +1256,8 @@ __docker_swarm_subcommand() { # EO swarm +# BO volume + __docker_volume_complete_ls_filters() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -1332,12 +1338,12 @@ __docker_volume_subcommand() { case "$words[1]" in (create) - _arguments $(__docker_arguments) \ + _arguments $(__docker_arguments) -A '-*' \ $opts_help \ "($help -d --driver)"{-d=,--driver=}"[Volume driver name]:Driver name:(local)" \ "($help)*--label=[Set metadata for a volume]:label=value: " \ - "($help)--name=[Volume name]" \ - "($help)*"{-o=,--opt=}"[Driver specific options]:Driver option: " && ret=0 + "($help)*"{-o=,--opt=}"[Driver specific options]:Driver option: " \ + "($help -)1:Volume name: " && ret=0 ;; (inspect) _arguments $(__docker_arguments) \ @@ -1371,6 +1377,8 @@ __docker_volume_subcommand() { return ret } +# EO volume + __docker_caching_policy() { oldp=( "$1"(Nmh+1) ) # 1 hour (( $#oldp )) From c37fcc3f49e31abfcbf59f22429ce308cdbf03bb Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 1 Aug 2016 18:34:51 -0700 Subject: [PATCH 1705/2538] Support `--group-add` and `--group-rm` in `docker service create/update` This fix tries to address the issue raised in 25304 to support `--group-add` and `--group-rm` in `docker service create`. This fix adds `--group-add` to `docker service create` and `docker service update`, adds `--group-rm` to `docker service update`. This fix updates docs for `docker service create` and `docker service update`: 1. Add `--group-add` to `docker service create` and `docker service update` 2. Add `--group-rm` to `docker service update` Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 1 + docs/reference/commandline/service_update.md | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 164d3d2119..09e1c39615 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -20,6 +20,7 @@ Options: --container-label value Service container labels (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) -e, --env value Set environment variables (default []) + --group-add value Add additional user groups to the container (default []) --help Print usage -l, --label value Service labels (default []) --limit-cpu value Limit CPUs (default 0.000) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index b84afcd7f5..3879a7dcc4 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -24,6 +24,8 @@ Options: --endpoint-mode string Endpoint mode (vip or dnsrr) --env-add value Add or update environment variables (default []) --env-rm value Remove an environment variable (default []) + --group-add value Add additional user groups to the container (default []) + --group-rm value Remove previously added user groups from the container (default []) --help Print usage --image string Service image tag --label-add value Add or update service labels (default []) From 8918ff39e206baa4f3323c42d4d93727421da057 Mon Sep 17 00:00:00 2001 From: Kris-Mikael Krister Date: Tue, 30 Aug 2016 09:23:10 +0200 Subject: [PATCH 1706/2538] Fix typo in builder.md Signed-off-by: Kris-Mikael Krister --- docs/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index c63bcf5347..cba4ddb518 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1068,7 +1068,7 @@ user 0m 0.03s sys 0m 0.03s ``` -> **Note:** you can over ride the `ENTRYPOINT` setting using `--entrypoint`, +> **Note:** you can override the `ENTRYPOINT` setting using `--entrypoint`, > but this can only set the binary to *exec* (no `sh -c` will be used). > **Note**: From fa710a059aa1d49e9571665bd1b7a81948fb18bf Mon Sep 17 00:00:00 2001 From: ohmystack Date: Mon, 29 Aug 2016 16:00:52 +0800 Subject: [PATCH 1707/2538] Add docs for "--containerd" in dockerd Signed-off-by: ohmystack --- docs/reference/commandline/dockerd.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 8231060f7d..079e318a63 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -594,6 +594,14 @@ The Docker daemon relies on a (invoked via the `containerd` daemon) as its interface to the Linux kernel `namespaces`, `cgroups`, and `SELinux`. +By default, the Docker daemon automatically starts `containerd`. If you want to +control `containerd` startup, manually start `containerd` and pass the path to +the `containerd` socket using the `--containerd` flag. For example: + +```bash +$ dockerd --containerd /var/run/dev/docker-containerd.sock +``` + Runtimes can be registered with the daemon either via the configuration file or using the `--add-runtime` command line argument. From b0b59a7e35ef812746bff011ca11c080ec17e6ac Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Tue, 30 Aug 2016 11:40:51 +0800 Subject: [PATCH 1708/2538] usage description of docker deploy in md not consistant with go file Signed-off-by: lixiaobing10051267 --- experimental/docker-stacks-and-bundles.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 4749a73e5b..3bae4f4c4b 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -41,7 +41,7 @@ A stack is created using the `docker deploy` command: Usage: docker deploy [OPTIONS] STACK -Create and update a stack +Create and update a stack from a Distributed Application Bundle (DAB) Options: --file string Path to a Distributed Application Bundle file (Default: STACK.dab) From 4d1fc99027ae7f48ecfa6b873523610f25bbada6 Mon Sep 17 00:00:00 2001 From: allencloud Date: Fri, 29 Jul 2016 17:20:59 +0800 Subject: [PATCH 1709/2538] make node ps default to self in swarm node Signed-off-by: allencloud --- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/index.md | 2 +- docs/reference/commandline/node_ps.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 66dfeea9ef..3bed1d82fd 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -792,7 +792,7 @@ __docker_node_commands() { "ls:List nodes in the swarm" "promote:Promote a node as manager in the swarm" "rm:Remove one or more nodes from the swarm" - "ps:List tasks running on a node" + "ps:List tasks running on a node, defaults to current node" "update:Update a node" ) _describe -t docker-node-commands "docker node command" _docker_node_subcommands diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index e74a217f83..761238202c 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -115,7 +115,7 @@ read the [`dockerd`](dockerd.md) reference page. | [node demote](node_demote.md) | Demotes an existing manager so that it is no longer a manager | | [node inspect](node_inspect.md) | Inspect a node in the swarm | | [node update](node_update.md) | Update attributes for a node | -| [node ps](node_ps.md) | List tasks running on a node | +| [node ps](node_ps.md) | List tasks running on a node | | [node ls](node_ls.md) | List nodes in the swarm | | [node rm](node_rm.md) | Remove one or more nodes from the swarm | diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index fc003e9224..2856d2533b 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -12,9 +12,9 @@ parent = "smn_cli" # node ps ```markdown -Usage: docker node ps [OPTIONS] self|NODE +Usage: docker node ps [OPTIONS] [NODE] -List tasks running on a node +List tasks running on a node, defaults to current node. Options: -a, --all Display all instances From 7b7ff161758f04cdbcb9896d5a876e3d9edf6a0e Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 30 Aug 2016 23:07:42 +0800 Subject: [PATCH 1710/2538] update command description Signed-off-by: allencloud --- docs/reference/commandline/restart.md | 2 +- docs/reference/commandline/wait.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/restart.md b/docs/reference/commandline/restart.md index 661e16d4de..9e40a4f6c4 100644 --- a/docs/reference/commandline/restart.md +++ b/docs/reference/commandline/restart.md @@ -13,7 +13,7 @@ parent = "smn_cli" ```markdown Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...] -Restart a container +Restart one or more containers Options: --help Print usage diff --git a/docs/reference/commandline/wait.md b/docs/reference/commandline/wait.md index b10f6a1a21..b6fd68dbdb 100644 --- a/docs/reference/commandline/wait.md +++ b/docs/reference/commandline/wait.md @@ -13,7 +13,7 @@ parent = "smn_cli" ```markdown Usage: docker wait CONTAINER [CONTAINER...] -Block until a container stops, then print its exit code +Block until one or more containers stop, then print their exit codes Options: --help Print usage From 2c9a4c7f0b178ce2bd3de7c75a7a435d9e7ad1cd Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 30 Aug 2016 18:45:06 +0800 Subject: [PATCH 1711/2538] Modify options for the command plugin install Signed-off-by: yuexiao-wang --- docs/reference/commandline/plugin_install.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 3dc4869d36..952f692793 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -17,8 +17,8 @@ Usage: docker plugin install [OPTIONS] PLUGIN Install a plugin Options: - --disable do not enable the plugin on install - --grant-all-permissions grant all permissions necessary to run the plugin + --disable Do not enable the plugin on install + --grant-all-permissions Grant all permissions necessary to run the plugin --help Print usage ``` From d9340c47aff552a8cd2f7d378983ee50b116519e Mon Sep 17 00:00:00 2001 From: zhouhao Date: Tue, 30 Aug 2016 12:07:38 +0800 Subject: [PATCH 1712/2538] Modify restart function prompt Signed-off-by: zhouhao --- man/docker.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker.1.md b/man/docker.1.md index cf91741c7d..ecf048ef39 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -161,7 +161,7 @@ inside it) See **docker-rename(1)** for full documentation on the **rename** command. **restart** - Restart a container + Restart one or more containers See **docker-restart(1)** for full documentation on the **restart** command. **rm** From 9c9cd1a439a6736f7ba0bbc84a314ab4067cce1a Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Mon, 29 Aug 2016 16:37:01 -0700 Subject: [PATCH 1713/2538] some fixes to clean up new plugin system docs Signed-off-by: Charles Smith --- docs/extend/{plugins.md => index.md} | 6 +++--- docs/extend/legacy_plugins.md | 11 ++++++----- docs/extend/menu.md | 11 +++-------- docs/extend/plugin_api.md | 6 +++--- docs/extend/plugins_authorization.md | 6 +++--- docs/extend/plugins_network.md | 6 +++--- docs/extend/plugins_volume.md | 4 ++-- 7 files changed, 23 insertions(+), 27 deletions(-) rename docs/extend/{plugins.md => index.md} (98%) diff --git a/docs/extend/plugins.md b/docs/extend/index.md similarity index 98% rename from docs/extend/plugins.md rename to docs/extend/index.md index fd17441714..4e77c698e6 100644 --- a/docs/extend/plugins.md +++ b/docs/extend/index.md @@ -3,8 +3,8 @@ aliases = [ "/engine/extend/" ] -title = "New Plugin System" -description = "How to operate and create a plugin with the new system" +title = "Managed plugin system" +description = "How develop and use a plugin with the managed plugin system" keywords = ["API, Usage, plugins, documentation, developer"] advisory = "experimental" [menu.main] @@ -13,7 +13,7 @@ weight=1 +++ -# Docker Engine plugin system +# Docker Engine managed plugin system This document describes the plugin system available today in the **experimental build** of Docker 1.12: diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index 02874f315e..0d3404831c 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -1,6 +1,7 @@ -# Understand legacy Docker Engine plugins +# Use Docker Engine plugins This document describes the Docker Engine plugins generally available in Docker -Engine 1.12 and earlier. To view information on plugins managed by Docker -Engine, refer to [Docker Engine plugin system](plugins.md). +Engine. To view information on plugins managed by Docker Engine currently in +experimental status, refer to [Docker Engine plugin system](index.md). You can extend the capabilities of the Docker Engine by loading third-party plugins. This page explains the types of plugins and provides links to several @@ -21,7 +22,7 @@ volume and network plugins for Docker. ## Types of plugins -Plugins extend Docker's functionality. They come in specific types. For +Plugins extend Docker's functionality. They come in specific types. For example, a [volume plugin](plugins_volume.md) might enable Docker volumes to persist across multiple Docker hosts and a [network plugin](plugins_network.md) might provide network plumbing. diff --git a/docs/extend/menu.md b/docs/extend/menu.md index 1c523e2dfa..4b9955038a 100644 --- a/docs/extend/menu.md +++ b/docs/extend/menu.md @@ -1,7 +1,7 @@ -## New Docker Plugin System - -Currently, you can extend Docker Engine by adding a plugin. This section contains the following topics: - -* [Understand Docker plugins](plugins.md) -* [Write a volume plugin](plugins_volume.md) + diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index 1f55b6d528..5801ba9151 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -14,9 +14,9 @@ weight=7 Docker plugins are out-of-process extensions which add capabilities to the Docker Engine. -This document describes the Docker Engine plugin API generally available in -Docker Engine 1.12 and earlier. To view information on plugins managed by Docker -Engine, refer to [Docker Engine plugin system](plugins.md). +This document describes the Docker Engine plugin API. To view information on +plugins managed by Docker Engine currently in experimental status, refer to +[Docker Engine plugin system](index.md). This page is intended for people who want to develop their own Docker plugin. If you just want to learn about or use Docker plugins, look diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index f5c3a882b9..2c3d79e25d 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -13,9 +13,9 @@ weight = 4 # Create an authorization plugin -This document describes Docker Engine authorization plugins generally -available in Docker Engine 1.12 and earlier. To view information on plugins -managed by Docker Engine, refer to [Docker Engine plugin system](plugins.md). +This document describes the Docker Engine plugins generally available in Docker +Engine. To view information on plugins managed by Docker Engine currently in +experimental status, refer to [Docker Engine plugin system](index.md). Docker's out-of-the-box authorization model is all or nothing. Any user with permission to access the Docker daemon can run any Docker client command. The diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index f1d72ceeae..7a107e2ce3 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -12,8 +12,8 @@ weight=5 # Engine network driver plugins This document describes Docker Engine network driver plugins generally -available in Docker Engine 1.12 and earlier. To view information on plugins -managed by Docker Engine, refer to [Docker Engine plugin system](plugins.md). +available in Docker Engine. To view information on plugins +managed by Docker Engine, refer to [Docker Engine plugin system](index.md). Docker Engine network plugins enable Engine deployments to be extended to support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN @@ -46,7 +46,7 @@ commands. For example, $ docker network create --driver weave mynet -Some network driver plugins are listed in [plugins](plugins.md) +Some network driver plugins are listed in [plugins](legacy_plugins.md) The `mynet` network is now owned by `weave`, so subsequent commands referring to that network will be sent to the plugin, diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index b20732febe..f9c93a3de1 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -13,8 +13,8 @@ weight=6 Docker Engine volume plugins enable Engine deployments to be integrated with external storage systems, such as Amazon EBS, and enable data volumes to persist -beyond the lifetime of a single Engine host. See the [plugin -documentation](plugins.md) for more information. +beyond the lifetime of a single Engine host. See the +[plugin documentation](legacy_plugins.md) for more information. ## Changelog From a916015f4601758332dbad02c8c78869c45c62ce Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 31 Aug 2016 09:50:11 +0200 Subject: [PATCH 1714/2538] Remove bash completion for `docker volume create --name` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index baef6b90ed..cceb6663ea 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2788,14 +2788,14 @@ _docker_volume_create() { __docker_complete_plugins Volume return ;; - --label|--name|--opt|-o) + --label|--opt|-o) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--driver -d --help --label --name --opt -o" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--driver -d --help --label --opt -o" -- "$cur" ) ) ;; esac } From 79a055386c154d45fbc3fd9f0d7dfcfd5a3a4be2 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 31 Aug 2016 14:42:52 +0800 Subject: [PATCH 1715/2538] Update description for docker plugin inspect Signed-off-by: yuexiao-wang --- docs/reference/commandline/plugin_inspect.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index ed90eafb15..e8c219d266 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -12,9 +12,9 @@ parent = "smn_cli" # plugin inspect (experimental) ```markdown -Usage: docker plugin inspect PLUGIN +Usage: docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...] -Inspect a plugin +Display detailed information on one or more plugins Options: -f, --format string Format the output using the given go template From eb1b81c204ae19a448c6a38caf8c87034c5e7d61 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Wed, 31 Aug 2016 17:36:45 +0800 Subject: [PATCH 1716/2538] provide actual command format for docker network create Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/network_create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 67884bb0b9..2414fadb55 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -11,7 +11,7 @@ parent = "smn_cli" # network create ```markdown -Usage: docker network create [OPTIONS] +Usage: docker network create [OPTIONS] NETWORK Create a network From 8e27afeb398179b31311457f4a5da73559fe6215 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Wed, 31 Aug 2016 19:59:23 +0800 Subject: [PATCH 1717/2538] make command "docker plugin inspect" complete Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/plugin_inspect.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 docs/reference/commandline/plugin_inspect.md diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md old mode 100644 new mode 100755 From 95b80f2984e693f9b0c4ac5e497709c68a67236f Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 31 Aug 2016 14:18:41 +0800 Subject: [PATCH 1718/2538] Miss the options in some commands Signed-off-by: yuexiao-wang --- docs/reference/commandline/info.md | 2 +- docs/reference/commandline/plugin_ls.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 00d5b935c1..4a25a04fa0 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -11,7 +11,7 @@ parent = "smn_cli" # info ```markdown -Usage: docker info +Usage: docker info [OPTIONS] Display system-wide information diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index 77999bc1b4..c73fb72dd2 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -12,7 +12,7 @@ parent = "smn_cli" # plugin ls (experimental) ```markdown -Usage: docker plugin ls +Usage: docker plugin ls [OPTIONS] List plugins From 5f30004f0872f406d7ce6f71d1690dd0a8460841 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Thu, 11 Aug 2016 09:41:26 -0400 Subject: [PATCH 1719/2538] Linux upstream kernel Overlay file systems support SELinux Remove checks that prevent overlay and SELinux from working together. Fixes are arriving in the 4.9 kernel. Signed-off-by: Dan Walsh --- man/dockerd.8.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/dockerd.8.md b/man/dockerd.8.md index a098a708a3..06c3820027 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -235,7 +235,7 @@ output otherwise. Force the Docker runtime to use a specific storage driver. **--selinux-enabled**=*true*|*false* - Enable selinux support. Default is false. SELinux does not presently support either of the overlay storage drivers. + Enable selinux support. Default is false. **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. From c5a30e87bfb232d688512fc8cdc92164a9a6f097 Mon Sep 17 00:00:00 2001 From: YuPengZTE Date: Thu, 1 Sep 2016 17:03:01 +0800 Subject: [PATCH 1720/2538] The first letter docker is small --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 0284df96af..19bdcabcf6 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -657,7 +657,7 @@ network namespace, run this command: $ docker run --sysctl net.ipv4.ip_forward=1 someimage -> **Note**: Not all sysctls are namespaced. docker does not support changing sysctls +> **Note**: Not all sysctls are namespaced. Docker does not support changing sysctls > inside of a container that also modify the host system. As the kernel > evolves we expect to see more sysctls become namespaced. From d6024863465af4047985935d492295907843e978 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 2 Sep 2016 09:59:20 +0000 Subject: [PATCH 1721/2538] update docs/reference/commandline/service_create.md Signed-off-by: Akihiro Suda --- docs/reference/commandline/service_create.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 09e1c39615..82e9c4eeab 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -139,9 +139,9 @@ metadata](../../userguide/labels-custom-metadata.md). ### Set service mode -Is this a replicated service or a global service. A replicated service runs as -many tasks as specified, while a global service runs on each active node in the -swarm. +You can set the service mode to "replicated" (default) or to "global". A +replicated service runs as many tasks as specified, while a global service +runs on each active node in the swarm. The following command creates a "global" service: From de4127305efeef22c9915dce0cc83b9b4337e711 Mon Sep 17 00:00:00 2001 From: zhouhao Date: Fri, 2 Sep 2016 13:06:08 +0800 Subject: [PATCH 1722/2538] Modify docker-restart.1.md Signed-off-by: zhouhao --- man/docker-restart.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-restart.1.md b/man/docker-restart.1.md index e0ffb32db2..271c4eee1b 100644 --- a/man/docker-restart.1.md +++ b/man/docker-restart.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-restart - Restart a container +docker-restart - Restart one or more containers # SYNOPSIS **docker restart** From 88f17e8ef3739728a6c201e0023f36ef77779bf2 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Sun, 4 Sep 2016 18:01:57 +0200 Subject: [PATCH 1723/2538] =?UTF-8?q?Add=20health=C2=A0status=20as=20actio?= =?UTF-8?q?n=20on=20events=20documentations?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was missing from the docs for 1.12.0. Signed-off-by: Vincent Demeester --- docs/reference/commandline/events.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 18b92fccb4..1900d09c2b 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -24,7 +24,7 @@ Options: Docker containers report the following events: - attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update + attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, health_status, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update Docker images report the following events: From 1d481e22fc4aab1672491f6a2add5362d55abe53 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 1 Sep 2016 15:13:06 +0800 Subject: [PATCH 1724/2538] Remove -h option for docker cli Signed-off-by: yuexiao-wang --- docs/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 746b84b03a..61e33957b1 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -26,7 +26,7 @@ Options: --config=~/.docker Location of client config files -D, --debug Enable debug mode -H, --host=[] Daemon socket(s) to connect to - -h, --help Print usage + --help Print usage -l, --log-level=info Set the logging level --tls Use TLS; implied by --tlsverify --tlscacert=~/.docker/ca.pem Trust certs signed only by this CA From be3bfbec556490214e61e316aecd646c618a5f39 Mon Sep 17 00:00:00 2001 From: unclejack Date: Mon, 5 Sep 2016 12:38:50 +0300 Subject: [PATCH 1725/2538] docs: mention NFS support for contiv volume plugin Signed-off-by: Cristian Staretu --- docs/extend/legacy_plugins.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index 0d3404831c..d9d4e5d192 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -56,7 +56,7 @@ Plugin ----------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Azure File Storage plugin](https://github.com/Azure/azurefile-dockervolumedriver) | Lets you mount Microsoft [Azure File Storage](https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/) shares to Docker containers as volumes using the SMB 3.0 protocol. [Learn more](https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/). [Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. -[Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption using ceph underneath. +[Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption. It has support for Ceph and NFS. [Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. [DRBD plugin](https://www.drbd.org/en/supported-projects/docker) | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes. [Flocker plugin](https://clusterhq.com/docker-plugin/) | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines. From 3f171a31b19a34a8f33d39230deb2e515aa2ea43 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 5 Sep 2016 08:38:32 -0700 Subject: [PATCH 1726/2538] Update man page for `docker create` to add `--rm` flag The `--rm` flag has been part of the `docker create` and related docs in `docs/reference/commandline/create.md` already includes the `--rm` flag. However, man page `man/docker-create.1.md` has not adds the `--rm` flag yet. This fix adds the description of `--rm` flag to `man/docker-create.1.md` Signed-off-by: Yong Tang --- man/docker-create.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 8a7cac8b80..f31732d0bf 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -64,6 +64,7 @@ docker-create - Create a new container [**--privileged**] [**--read-only**] [**--restart**[=*RESTART*]] +[**--rm**] [**--security-opt**[=*[]*]] [**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] @@ -317,6 +318,9 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--restart**="*no*" Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). +**--rm**=*true*|*false* + Automatically remove the container when it exits. The default is *false*. + **--shm-size**="" Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. From 6aa365d7e996b6018ae9f1f93ee72b4b05dba344 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 5 Sep 2016 03:11:14 -0700 Subject: [PATCH 1727/2538] Fix incorrect help output in `docker network ls` As is raised in 26312, in `docker network ls`, the help output was mistaken to `volume names`: ``` -q, --quiet Only display volume names ``` This fix changes the help output to: ``` -q, --quiet Only display network IDs ``` This fix also updates the documentation in: `docs/reference/commandline/network_ls.md` This fix fixes 26312. Signed-off-by: Yong Tang --- docs/reference/commandline/network_ls.md | 2 +- man/docker-network-ls.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index d1d92f4be8..18a65da06a 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -23,7 +23,7 @@ Options: --format string Pretty-print networks using a Go template --help Print usage --no-trunc Do not truncate the output - -q, --quiet Only display volume names + -q, --quiet Only display network IDs ``` Lists all the networks the Engine `daemon` knows about. This includes the diff --git a/man/docker-network-ls.1.md b/man/docker-network-ls.1.md index d5399d7a59..4166ba967a 100644 --- a/man/docker-network-ls.1.md +++ b/man/docker-network-ls.1.md @@ -179,7 +179,7 @@ attached. Do not truncate the output **-q**, **--quiet**=*true*|*false* - Only display numeric IDs + Only display network IDs **--help** Print usage statement From ba7648fa62b47193e15f2211fb62e5901ba40f4c Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Mon, 5 Sep 2016 04:44:18 +0000 Subject: [PATCH 1728/2538] fix docs about `sudo docker login` Signed-off-by: Akihiro Suda --- docs/reference/commandline/login.md | 3 --- man/docker-login.1.md | 3 --- 2 files changed, 6 deletions(-) diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index 4c5670ea53..3308ae5d6b 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -38,9 +38,6 @@ You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. -> **Note**: When running `sudo docker login` credentials are saved in `/root/.docker/config.json`. -> - ## Credentials store The Docker Engine can keep user credentials in an external credentials store, diff --git a/man/docker-login.1.md b/man/docker-login.1.md index ea89937644..6bb0355946 100644 --- a/man/docker-login.1.md +++ b/man/docker-login.1.md @@ -26,9 +26,6 @@ You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. -> **Note**: When running `sudo docker login` credentials are saved in `/root/.docker/config.json`. -> - # OPTIONS **--help** Print usage statement From 21e45b5ad9fe985688bf519106692655b7119fdc Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Wed, 31 Aug 2016 10:13:04 -0400 Subject: [PATCH 1729/2538] devmapper: Provide a knob dm.xfs_nospace_max_retries When xfs filesystem is being used on top of thin pool, xfs can get ENOSPC errors from thin pool when thin pool is full. As of now xfs retries the IO and keeps on retrying and does not give up. This can result in container application being stuck for a very long time. In fact I have seen instances of unkillable processes. So that means once thin pool is full and process gets stuck, container can't be stopped/killed either and only option left seems to be power recycle of the box. In another instance, writer did not block but failed after a while. But when I tried to exit/stop the container, unmounting xfs hanged and only thing I could do was power cycle the machine. Now upstream kernel has committed patches where it allows user space to customize user space behavior in case of errors. One of the knobs is max_retries, which specifies how many times an IO should be retried when ENOSPC is encountered. This patch sets provides a tunable knob (dm.xfs_nospace_max_retries) so that user can specify value for max_retries and tune xfs behavior. If one sets this value to 0, xfs will not retry IO when ENOSPC error is encountered. It will instead give up and shutdown filesystem. This knob can be useful if one is running into unkillable processes/containers issue on top of xfs. Signed-off-by: Vivek Goyal --- docs/reference/commandline/dockerd.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 079e318a63..3552bf0fd9 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -552,6 +552,22 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ dockerd --storage-opt dm.min_free_space=10% ``` +* `dm.xfs_nospace_max_retries` + + Specifies the maximum number of retries XFS should attempt to complete + IO when ENOSPC (no space) error is returned by underlying storage device. + + By default XFS retries infinitely for IO to finish and this can result + in unkillable process. To change this behavior one can set + xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting + ENOSPC and will shutdown filesystem. + + Example use: + + ```bash + $ dockerd --storage-opt dm.xfs_nospace_max_retries=0 + ``` + #### ZFS options * `zfs.fsname` From 865d0e364deba568d7a33e40f78b7e57d69d1def Mon Sep 17 00:00:00 2001 From: frosforever Date: Wed, 31 Aug 2016 18:09:43 -0400 Subject: [PATCH 1730/2538] Correct typo in run reference docs that use the create command Signed-off-by: Yosef Fertel --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 19bdcabcf6..57e752bf50 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -194,7 +194,7 @@ The `-w` lets the command being executed inside directory given, here ### Set storage driver options per container - $ docker create -it --storage-opt size=120G fedora /bin/bash + $ docker run -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. This option is only From 6d8cf3fb44e8ce24dfcadfb5537f35337d42f721 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Fri, 2 Sep 2016 17:23:59 +0800 Subject: [PATCH 1731/2538] Remove the option for the command service rm Signed-off-by: yuexiao-wang --- docs/reference/commandline/service_rm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index ca2e9aecb4..edd9b417ed 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -11,7 +11,7 @@ parent = "smn_cli" # service rm ```Markdown -Usage: docker service rm [OPTIONS] SERVICE [SERVICE...] +Usage: docker service rm SERVICE [SERVICE...] Remove one or more services From 894c3a5cbf30eaa91b60f03c0f7a0d58f0c618de Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 6 Sep 2016 13:41:53 -0700 Subject: [PATCH 1732/2538] Add completion for `docker events -f event=health_status` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + contrib/completion/zsh/_docker | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index cceb6663ea..024c00a354 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1103,6 +1103,7 @@ _docker_events() { exec_detach exec_start export + health_status import kill load diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3bed1d82fd..2bcd1aa509 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -434,7 +434,7 @@ __docker_complete_events_filter() { (event) local -a event_opts event_opts=('attach' 'commit' 'connect' 'copy' 'create' 'delete' 'destroy' 'detach' 'die' 'disconnect' 'exec_create' 'exec_detach' - 'exec_start' 'export' 'import' 'kill' 'load' 'mount' 'oom' 'pause' 'pull' 'push' 'reload' 'rename' 'resize' 'restart' 'save' 'start' + 'exec_start' 'export' 'health_status' 'import' 'kill' 'load' 'mount' 'oom' 'pause' 'pull' 'push' 'reload' 'rename' 'resize' 'restart' 'save' 'start' 'stop' 'tag' 'top' 'unmount' 'unpause' 'untag' 'update') _describe -t event-filter-opts "event filter options" event_opts && ret=0 ;; From e63e3d9fdf35f63dc5f29a49e11958b319e9101b Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Tue, 30 Aug 2016 11:04:41 -0700 Subject: [PATCH 1733/2538] Sanitize uses of Swarm as a proper and improper noun Fixes #24905 Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/swarm_init.md | 2 +- docs/reference/commandline/swarm_join.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index e52af0e5cd..6df0cdb1d0 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -72,7 +72,7 @@ This flag forces an existing node that was part of a quorum that was lost to res ### `--listen-addr value` -The node listens for inbound Swarm manager traffic on this address. The default is to listen on +The node listens for inbound swarm manager traffic on this address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's address; for example `--listen-addr eth0:2377`. diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index af1a8724ed..c0a7d91cc3 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -59,7 +59,7 @@ dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader ### `--listen-addr value` -If the node is a manager, it will listen for inbound Swarm manager traffic on this +If the node is a manager, it will listen for inbound swarm manager traffic on this address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's address; for example `--listen-addr eth0:2377`. From 80600090cb58f7801f4c9a76f4ca869ac43b6cd1 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Thu, 1 Sep 2016 12:11:02 +0800 Subject: [PATCH 1734/2538] check inconsistant command in docs/reference/commandline Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/plugin_rm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index d78f8bd712..6b6a2239b6 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -14,7 +14,7 @@ parent = "smn_cli" ```markdown Usage: docker plugin rm [OPTIONS] PLUGIN [PLUGIN...] -Remove a plugin +Remove one or more plugins Aliases: rm, remove From bf70112273601137cb351d4049f37ff7ecf6df62 Mon Sep 17 00:00:00 2001 From: zhouhao Date: Thu, 1 Sep 2016 09:25:11 +0800 Subject: [PATCH 1735/2538] Modify rename function usage Signed-off-by: zhouhao --- docs/reference/commandline/rename.md | 2 +- man/docker-rename.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/rename.md b/docs/reference/commandline/rename.md index 11bf5d0a14..f5a4fe23ec 100644 --- a/docs/reference/commandline/rename.md +++ b/docs/reference/commandline/rename.md @@ -11,7 +11,7 @@ parent = "smn_cli" # rename ```markdown -Usage: docker rename OLD_NAME NEW_NAME +Usage: docker rename CONTAINER NEW_NAME Rename a container diff --git a/man/docker-rename.1.md b/man/docker-rename.1.md index aa19a03ae7..eaeea5c6e0 100644 --- a/man/docker-rename.1.md +++ b/man/docker-rename.1.md @@ -6,7 +6,7 @@ docker-rename - Rename a container # SYNOPSIS **docker rename** -OLD_NAME NEW_NAME +CONTAINER NEW_NAME # OPTIONS There are no available options. From 3b2455d983d517c76f8d64055495273f11ae0e5e Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 8 Sep 2016 17:25:56 +0000 Subject: [PATCH 1736/2538] update go-md2man to v1.0.6 Signed-off-by: Akihiro Suda --- man/glide.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/glide.lock b/man/glide.lock index 40c5f5a64a..620a9d4c04 100644 --- a/man/glide.lock +++ b/man/glide.lock @@ -4,7 +4,7 @@ imports: - name: github.com/BurntSushi/toml version: f0aeabca5a127c4078abb8c8d64298b147264b55 - name: github.com/cpuguy83/go-md2man - version: 2724a9c9051aa62e9cca11304e7dd518e9e41599 + version: a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa subpackages: - md2man - name: github.com/fsnotify/fsnotify From 37eb9061fcc03d45c49204aa047966f27bc968a8 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 8 Sep 2016 13:11:39 -0400 Subject: [PATCH 1737/2538] Move api/client -> cli/command Using gomvpkg -from github.com/docker/docker/api/client -to github.com/docker/docker/cli/command -vcs_mv_cmd 'git mv {{.Src}} {{.Dst}}' Signed-off-by: Daniel Nephin --- man/generate.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/man/generate.go b/man/generate.go index cee5a7fdd2..f21614d94a 100644 --- a/man/generate.go +++ b/man/generate.go @@ -4,8 +4,8 @@ import ( "fmt" "os" - "github.com/docker/docker/api/client" - "github.com/docker/docker/api/client/command" + "github.com/docker/docker/cli/command" + "github.com/docker/docker/cli/command/commands" "github.com/docker/docker/pkg/term" "github.com/spf13/cobra" "github.com/spf13/cobra/doc" @@ -19,9 +19,9 @@ func generateManPages(path string) error { } stdin, stdout, stderr := term.StdStreams() - dockerCli := client.NewDockerCli(stdin, stdout, stderr) + dockerCli := command.NewDockerCli(stdin, stdout, stderr) cmd := &cobra.Command{Use: "docker"} - command.AddCommands(cmd, dockerCli) + commands.AddCommands(cmd, dockerCli) cmd.DisableAutoGenTag = true return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{ From b1839d16dc0ffcecf15cd521ee8f4753b4e05eaf Mon Sep 17 00:00:00 2001 From: boucher Date: Thu, 12 May 2016 10:52:00 -0400 Subject: [PATCH 1738/2538] Initial implementation of containerd Checkpoint API. Signed-off-by: boucher --- experimental/README.md | 7 +-- experimental/checkpoint-restore.md | 75 ++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 experimental/checkpoint-restore.md diff --git a/experimental/README.md b/experimental/README.md index 3253cb5c41..abf54f2bd5 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -2,7 +2,7 @@ This page contains a list of features in the Docker engine which are experimental. Experimental features are **not** ready for production. They are -provided for test and evaluation in your sandbox environments. +provided for test and evaluation in your sandbox environments. The information below describes each feature and the GitHub pull requests and issues associated with it. If necessary, links are provided to additional @@ -74,9 +74,10 @@ to build a Docker binary with the experimental features enabled: * [External graphdriver plugins](plugins_graphdriver.md) * [Macvlan and Ipvlan Network Drivers](vlan-networks.md) * [Docker Stacks and Distributed Application Bundles](docker-stacks-and-bundles.md) + * [Checkpoint & Restore](checkpoint-restore.md) ## How to comment on an experimental feature -Each feature's documentation includes a list of proposal pull requests or PRs associated with the feature. If you want to comment on or suggest a change to a feature, please add it to the existing feature PR. +Each feature's documentation includes a list of proposal pull requests or PRs associated with the feature. If you want to comment on or suggest a change to a feature, please add it to the existing feature PR. -Issues or problems with a feature? Inquire for help on the `#docker` IRC channel or in on the [Docker Google group](https://groups.google.com/forum/#!forum/docker-user). +Issues or problems with a feature? Inquire for help on the `#docker` IRC channel or in on the [Docker Google group](https://groups.google.com/forum/#!forum/docker-user). diff --git a/experimental/checkpoint-restore.md b/experimental/checkpoint-restore.md new file mode 100644 index 0000000000..9c46e69cd6 --- /dev/null +++ b/experimental/checkpoint-restore.md @@ -0,0 +1,75 @@ +# Docker Checkpoint & Restore + +Checkpoint & Restore is a new feature that allows you to freeze a running +container by checkpointing it, which turns its state into a collection of files +on disk. Later, the container can be restored from the point it was frozen. + +This is accomplished using a tool called [CRIU](http://criu.org), which is an +external dependency of this feature. A good overview of the history of +checkpoint and restore in Docker is available in this +[Kubernetes blog post](http://blog.kubernetes.io/2015/07/how-did-quake-demo-from-dockercon-work.html). + +## Installing CRIU + +If you use a Debian system, you can add the CRIU PPA and install with apt-get +[from the criu launchpad](https://launchpad.net/~criu/+archive/ubuntu/ppa). + +Alternatively, you can [build CRIU from source](http://criu.org/Installation). + +You need at least version 2.0 of CRIU to run checkpoint/restore in Docker. + +## Use cases for checkpoint & restore + +This feature is currently focused on single-host use cases for checkpoint and +restore. Here are a few: + +- Restarting the host machine without stopping/starting containers +- Speeding up the start time of slow start applications +- "Rewinding" processes to an earlier point in time +- "Forensic debugging" of running processes + +Another primary use case of checkpoint & restore outside of Docker is the live +migration of a server from one machine to another. This is possible with the +current implementation, but not currently a priority (and so the workflow is +not optimized for the task). + +## Using Checkpoint & Restore + +A new top level commands `docker checkpoint` is introduced, with three subcommands: +- `create` (creates a new checkpoint) +- `ls` (lists existing checkpoints) +- `rm` (deletes an existing checkpoint) + +Additionally, a `--checkpoint` flag is added to the container start command. + +The options for checkpoint create: + + Usage: docker checkpoint [OPTIONS] CONTAINER CHECKPOINT_ID + + Checkpoint the specified container + + --leave-running=false leave the container running after checkpoint + +And to restore a container: + + Usage: docker start --checkpoint CHECKPOINT_ID [OTHER OPTIONS] CONTAINER + + +A simple example of using checkpoint & restore on a container: + + $ docker run --security-opt=seccomp:unconfined --name cr -d busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' + > abc0123 + + $ docker checkpoint create cr checkpoint1 + + # + $ docker start --checkpoint checkpoint1 cr + > abc0123 + +This process just logs an incrementing counter to stdout. If you `docker logs` +in between running/checkpoint/restoring you should see that the counter +increases while the process is running, stops while it's checkpointed, and +resumes from the point it left off once you restore. + +Note that seccomp is only supported by CRIU in very up to date kernels. + From 9163eecf912aad7b9503f29f60ee5b850d2d5b0b Mon Sep 17 00:00:00 2001 From: Richard Mathie Date: Thu, 4 Aug 2016 17:56:59 +0100 Subject: [PATCH 1739/2538] Update service_create.md More info on endpoint setting, and service discovery on swarm mode overlay network. Signed-off-by: Richard Mathie --- docs/reference/commandline/service_create.md | 39 ++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 82e9c4eeab..781a2bf8cf 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -178,6 +178,45 @@ $ docker service create \ redis:3.0.6 ``` +### Container networking +The containers provisioned in docker swarm mode can be accessed in service discovery either via a Virtual IP (VIP) and routed through the docker swarm ingress overlay network. Or via a DNS round robbin (DNSRR). This configuration is set using the `--endpoint-mode [vip|dnsrr]` setting. Note that dnsrr is incompatible with `--published` ports. + +### Service discovery + +Discovering other service from within a container can be ac hived via DNS lookup, but you will get different results depending on whether you want the actual service IPs, or the VIP's. + +``` +~> nslookup service + +Address: 10.255.0.7 # this is the VIP on the ingress network + +~> nslookup tasks.service + +Non-authoritative answer: +Name: tasks.service +Address: 10.255.0.26 # this is the real IP of a service on the ingress network +Name: tasks.service +Address: 10.255.0.27 +Name: tasks.service +Address: 10.255.0.24 + +~> nslookup tasks.service.your_net + +Name: tasks.service.your_net +Address: 10.0.0.29 # service 1 IP on your net +Name: tasks.service.your_net +Address: 10.0.0.26 # service 2 IP on your net +Name: tasks.service.your_net +Address: 10.0.0.28 # service 3 IP on your net + + +~> nslookup service.your_net + +Non-authoritative answer: +Name: service.your_net +Address: 10.0.0.25 # VIP on your net +``` + ## Related information * [service inspect](service_inspect.md) From 63478d277abec0b6ddf1e6e63ed7903756fcd27a Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Thu, 8 Sep 2016 12:10:04 -0700 Subject: [PATCH 1740/2538] carries and closes 25414 Signed-off-by: Charles Smith --- docs/reference/commandline/service_create.md | 111 +++++++++++-------- 1 file changed, 63 insertions(+), 48 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 781a2bf8cf..381a36360b 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -48,8 +48,8 @@ Options: -w, --workdir string Working directory inside the container ``` -Creates a service as described by the specified parameters. This command has to -be run targeting a manager node. +Creates a service as described by the specified parameters. You must run this +command on a manager node. ## Examples @@ -64,10 +64,10 @@ ID NAME REPLICAS IMAGE COMMAND dmu1ept4cxcf redis 1/1 redis:3.0.6 ``` -### Create a service with 5 tasks +### Create a service with 5 replica tasks (--replicas) -You can set the number of tasks for a service using the `--replicas` option. The -following command creates a `redis` service with `5` tasks: +Use the `--replicas` flag to set the number of replica tasks for a replicated +service. The following command creates a `redis` service with `5` replica tasks: ```bash $ docker service create --name redis --replicas=5 redis:3.0.6 @@ -75,12 +75,12 @@ $ docker service create --name redis --replicas=5 redis:3.0.6 ``` The above command sets the *desired* number of tasks for the service. Even -though the command returns directly, actual scaling of the service may take +though the command returns immediately, actual scaling of the service may take some time. The `REPLICAS` column shows both the *actual* and *desired* number -of tasks for the service. +of replica tasks for the service. -In the following example, the desired number of tasks is set to `5`, but the -*actual* number is `3` +In the following example the desired state is `5` replicas, but the current +number of `RUNNING` tasks is `3`: ```bash $ docker service ls @@ -88,8 +88,8 @@ ID NAME REPLICAS IMAGE COMMAND 4cdgfyky7ozw redis 3/5 redis:3.0.7 ``` -Once all the tasks are created, the actual number of tasks is equal to the -desired number: +Once all the tasks are created and `RUNNING`, the actual number of tasks is +equal to the desired number: ```bash $ docker service ls @@ -97,10 +97,8 @@ ID NAME REPLICAS IMAGE COMMAND 4cdgfyky7ozw redis 5/5 redis:3.0.7 ``` - ### Create a service with a rolling update policy - ```bash $ docker service create \ --replicas 10 \ @@ -110,10 +108,12 @@ $ docker service create \ redis:3.0.6 ``` -When this service is [updated](service_update.md), a rolling update will update -tasks in batches of `2`, with `10s` between batches. +When you run a [service update](service_update.md), the scheduler updates a +maximum of 2 tasks at a time, with `10s` between updates. For more information, +refer to the [rolling updates +tutorial](../../swarm/swarm-tutorial/rolling-update.md). -### Setting environment variables (-e --env) +### Set environment variables (-e, --env) This sets environmental variables for all tasks in a service. For example: @@ -121,7 +121,7 @@ This sets environmental variables for all tasks in a service. For example: $ docker service create --name redis_2 --replicas 5 --env MYVAR=foo redis:3.0.6 ``` -### Set metadata on a service (-l --label) +### Set metadata on a service (-l, --label) A label is a `key=value` pair that applies metadata to a service. To label a service with two labels: @@ -137,19 +137,22 @@ $ docker service create \ For more information about labels, refer to [apply custom metadata](../../userguide/labels-custom-metadata.md). -### Set service mode +### Set service mode (--mode) -You can set the service mode to "replicated" (default) or to "global". A -replicated service runs as many tasks as specified, while a global service -runs on each active node in the swarm. +You can set the service mode to "replicated" (default) or to "global". A +replicated service runs the number of replica tasks you specify. A global +service runs on each active node in the swarm. The following command creates a "global" service: ```bash -$ docker service create --name redis_2 --mode global redis:3.0.6 +$ docker service create \ + --name redis_2 \ + --mode global \ + redis:3.0.6 ``` -### Specify service constraints +### Specify service constraints (--constraint) You can limit the set of nodes where a task can be scheduled by defining constraint expressions. Multiple constraints find nodes that satisfy every @@ -178,45 +181,57 @@ $ docker service create \ redis:3.0.6 ``` -### Container networking -The containers provisioned in docker swarm mode can be accessed in service discovery either via a Virtual IP (VIP) and routed through the docker swarm ingress overlay network. Or via a DNS round robbin (DNSRR). This configuration is set using the `--endpoint-mode [vip|dnsrr]` setting. Note that dnsrr is incompatible with `--published` ports. +### Attach a service to an existing network (--network) -### Service discovery +You can use overlay networks to connect one or more services within the swarm. -Discovering other service from within a container can be ac hived via DNS lookup, but you will get different results depending on whether you want the actual service IPs, or the VIP's. +First, create an overlay network on a manager node the docker network create +command: +```bash +$ docker network create --driver overlay my-network + +etjpu59cykrptrgw0z0hk5snf ``` -~> nslookup service -Address: 10.255.0.7 # this is the VIP on the ingress network +After you create an overlay network in swarm mode, all manager nodes have +access to the network. -~> nslookup tasks.service +When you create a service and pass the --network flag to attach the service to +the overlay network: -Non-authoritative answer: -Name: tasks.service -Address: 10.255.0.26 # this is the real IP of a service on the ingress network -Name: tasks.service -Address: 10.255.0.27 -Name: tasks.service -Address: 10.255.0.24 +$ docker service create \ + --replicas 3 \ + --network my-network \ + --name my-web \ + nginx -~> nslookup tasks.service.your_net +716thylsndqma81j6kkkb5aus +The swarm extends my-network to each node running the service. -Name: tasks.service.your_net -Address: 10.0.0.29 # service 1 IP on your net -Name: tasks.service.your_net -Address: 10.0.0.26 # service 2 IP on your net -Name: tasks.service.your_net -Address: 10.0.0.28 # service 3 IP on your net +Containers on the same network can access each other using +[service discovery](../../swarm/networking.md#use-swarm-mode-service-discovery). +### Publish service ports externally to the swarm (-p, --publish) -~> nslookup service.your_net +You can publish service ports to make them available externally to the swarm +using the `--publish` flag: -Non-authoritative answer: -Name: service.your_net -Address: 10.0.0.25 # VIP on your net +```bash +docker service create --publish : nginx ``` +For example: + +```bash +docker service create --name my_web --replicas 3 --publish 8080:80 nginx +``` + +When you publish a service port, the swarm routing mesh makes the service +accessible at the target port on every node regardless if there is a task for +the service running on the node. For more information refer to +[Use swarm mode routing mesh](../../swarm/ingress.md). + ## Related information * [service inspect](service_inspect.md) From a45c6fc8bdef27076f6471154b5ad15ecb1e2d8d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 4 Sep 2016 05:50:49 -0700 Subject: [PATCH 1741/2538] Add bash completion for `service {create,update} --group-{add,rm}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 024c00a354..222f74caac 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1736,6 +1736,7 @@ _docker_service_update() { --constraint --endpoint-mode --env -e + --group-add --label -l --limit-cpu --limit-memory @@ -1785,10 +1786,15 @@ _docker_service_update() { --arg --container-label-add --container-label-rm + --group-rm --image " case "$prev" in + --group-rm) + COMPREPLY=( $(compgen -g -- "$cur") ) + return + ;; --image) __docker_complete_image_repos_and_tags return @@ -1807,6 +1813,10 @@ _docker_service_update() { __docker_nospace return ;; + --group-add) + COMPREPLY=( $(compgen -g -- "$cur") ) + return + ;; --log-driver) __docker_complete_log_drivers return From 98043e3f798414e44b1a2e37d946e0fd339a8cba Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 11 Sep 2016 10:52:40 -0700 Subject: [PATCH 1742/2538] Fix documentation for `Step 0` to `Step 1` in `docker build` The indexing of steps in the output of `docker build` starts with `Step 1`. However, there are several places in the docs that start with `Step 0`. This fix addresses the issue and changes `Step 0` to `Step 1` (and subsequent steps). Signed-off-by: Yong Tang --- docs/reference/builder.md | 8 ++++---- docs/reference/commandline/build.md | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index cba4ddb518..3434c1b43f 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -86,15 +86,15 @@ the `Using cache` message in the console output. $ docker build -t svendowideit/ambassador . Sending build context to Docker daemon 15.36 kB - Step 0 : FROM alpine:3.2 + Step 1 : FROM alpine:3.2 ---> 31f630c65071 - Step 1 : MAINTAINER SvenDowideit@home.org.au + Step 2 : MAINTAINER SvenDowideit@home.org.au ---> Using cache ---> 2a1c91448f5f - Step 2 : RUN apk update && apk add socat && rm -r /var/cache/ + Step 3 : RUN apk update && apk add socat && rm -r /var/cache/ ---> Using cache ---> 21ed6e7fbb73 - Step 3 : CMD env | grep _TCP= | (sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' && echo wait) | sh + Step 4 : CMD env | grep _TCP= | (sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' && echo wait) | sh ---> Using cache ---> 7ea8aef582cc Successfully built 7ea8aef582cc diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index d7e1291b9e..0f700c7a20 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -231,12 +231,12 @@ specify an arbitrary Git repository by using the `git://` or `git@` scheme. $ docker build -f ctx/Dockerfile http://server/ctx.tar.gz Downloading context: http://server/ctx.tar.gz [===================>] 240 B/240 B -Step 0 : FROM busybox +Step 1 : FROM busybox ---> 8c2e06607696 -Step 1 : ADD ctx/container.cfg / +Step 2 : ADD ctx/container.cfg / ---> e7829950cee3 Removing intermediate container b35224abf821 -Step 2 : CMD /bin/ls +Step 3 : CMD /bin/ls ---> Running in fbc63d321d73 ---> 3286931702ad Removing intermediate container fbc63d321d73 From 05f167e92a10ecd27d5d0a70e0fc13930673a58e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 12 Sep 2016 08:27:14 +0200 Subject: [PATCH 1743/2538] Add zsh completion for 'service {create,update} --group-{add,rm}' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2bcd1aa509..a881e0bf7b 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1083,6 +1083,7 @@ __docker_service_subcommand() { "($help)*--constraint=[Placement constraints]:constraint: " "($help)--endpoint-mode=[Placement constraints]:mode:(dnsrr vip)" "($help)*"{-e=,--env=}"[Set environment variables]:env: " + "($help)*--group-add=[Add additional user groups to the container]:group:_groups" "($help)*--label=[Service labels]:label: " "($help)--limit-cpu=[Limit CPUs]:value: " "($help)--limit-memory=[Limit Memory]:value: " @@ -1177,6 +1178,7 @@ __docker_service_subcommand() { "($help)--arg=[Service command args]:arguments: _normal" \ "($help)*--container-label-add=[Add or update container labels]:label: " \ "($help)*--container-label-rm=[Remove a container label by its key]:label: " \ + "($help)*--group-rm=[Remove previously added user groups from the container]:group:_groups" \ "($help)--image=[Service image tag]:image:__docker_repositories" \ "($help -)1:service:__docker_complete_services" && ret=0 ;; From d7d9f926afeceef4a14e0297de4f539a6bba0648 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Mon, 12 Sep 2016 18:34:44 +0800 Subject: [PATCH 1744/2538] update option for docker commands Signed-off-by: yuexiao-wang --- docs/reference/commandline/exec.md | 7 ++++--- docs/reference/commandline/inspect.md | 5 +++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index a5e1d3c9c5..3f422de662 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -15,11 +15,12 @@ Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...] Run a command in a running container +Options: -d, --detach Detached mode: run command in the background - --detach-keys Override the key sequence for detaching a container - --help Print usage + --detach-keys Override the key sequence for detaching a container + --help Print usage -i, --interactive Keep STDIN open even if not attached - --privileged Give extended privileges to the command + --privileged Give extended privileges to the command -t, --tty Allocate a pseudo-TTY -u, --user Username or UID (format: [:]) ``` diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 6232ec12b6..d5c073f26c 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -16,11 +16,12 @@ Usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...] Return low-level information on one or multiple containers, images, volumes, networks, nodes, services, or tasks identified by name or ID. +Options: -f, --format Format the output using the given go template - --help Print usage + --help Print usage -s, --size Display total file sizes if the type is container values are "image" or "container" or "task - --type Return JSON for specified type + --type Return JSON for specified type ``` By default, this will render all results in a JSON array. If the container and From 62f35ffbdc4ffede8f29da72aa6202d8baa76066 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Sat, 6 Aug 2016 14:34:49 +0200 Subject: [PATCH 1745/2538] Begin process of deprecating MAINTAINER This may take some time, but start by pointing people at LABEL instead. MAINTAINER predates general LABEL and has basically no tooling, only allows a single item to be added, and is has been unofficially deprecated for some time, with many images not including it, but we have never specifically said that it should be replaced by LABEL as a better more generic metadata solution. Signed-off-by: Justin Cormack --- docs/deprecated.md | 4 ++++ docs/reference/builder.md | 23 ++++++++++++++--------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 907092c6a4..c5c0b228ce 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -196,3 +196,7 @@ Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the - DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE - DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE +### `MAINTAINER` in Dockerfile +**Deprecated In Release: v1.13.0** + +`MAINTAINER` was an early very limited form of `LABEL` which should be used instead. diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 3434c1b43f..cd94170807 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -486,13 +486,6 @@ before each new `FROM` command. assumes a `latest` by default. The builder returns an error if it cannot match the `tag` value. -## MAINTAINER - - MAINTAINER - -The `MAINTAINER` instruction allows you to set the *Author* field of the -generated images. - ## RUN RUN has 2 forms: @@ -687,6 +680,20 @@ To view an image's labels, use the `docker inspect` command. "other": "value3" }, +## MAINTAINER (deprecated) + + MAINTAINER + +The `MAINTAINER` instruction sets the *Author* field of the generated images. +The `LABEL` instruction is a much more flexible version of this and you should use +it instead, as it enables setting any metadata you require, and can be viewed +easily, for example with `docker inspect`. To set a label corresponding to the +`MAINTAINER` field you could use: + + LABEL maintainer "SvenDowideit@home.org.au" + +This will then be visible from `docker inspect` with the other labels. + ## EXPOSE EXPOSE [...] @@ -1676,8 +1683,6 @@ something more realistic, take a look at the list of [Dockerization examples](.. # VERSION 0.0.1 FROM ubuntu -MAINTAINER Victor Vieux - LABEL Description="This image is used to start the foobar executable" Vendor="ACME Products" Version="1.0" RUN apt-get update && apt-get install -y inotify-tools nginx apache2 openssh-server ``` From 87c8d755bdb9c6eda5cbf575116186fc0272ae97 Mon Sep 17 00:00:00 2001 From: Charles Smith Date: Wed, 17 Aug 2016 13:58:34 -0700 Subject: [PATCH 1746/2538] add swarm mode terms to the glossary Signed-off-by: Charles Smith --- docs/reference/glossary.md | 77 ++++++++++++++++++++++++++++++++++---- 1 file changed, 69 insertions(+), 8 deletions(-) diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index 22c2d36d40..d386d52bbb 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -19,7 +19,7 @@ aufs (advanced multi layered unification filesystem) is a Linux [filesystem](#fi Docker supports as a storage backend. It implements the [union mount](http://en.wikipedia.org/wiki/Union_mount) for Linux file systems. -## Base image +## base image An image that has no parent is a **base image**. @@ -153,6 +153,16 @@ installs Docker on them, then configures the Docker client to talk to them. *Also known as : docker-machine* +## node + +A [node](../swarm/how-swarm-mode-works/nodes.md) is a physical or virtual +machine running an instance of the Docker Engine in swarm mode. + +**Manager nodes** perform swarm management and orchestration duties. By default +manager nodes are also worker nodes. + +**Worker nodes** execute tasks. + ## overlay network driver Overlay network driver provides out of the box multi-host network connectivity @@ -181,15 +191,54 @@ labeled using [tags](#tag). Here is an example of the shared [nginx repository](https://hub.docker.com/_/nginx/) and its [tags](https://hub.docker.com/r/library/nginx/tags/) + +## service + +A [service](../swarm/how-swarm-mode-works/services.md) is the definition of how +you want to run your application containers in a swarm. At the most basic level +a service defines which container image to run in the swarm and which commands +to run in the container. For orchestration purposes, the service defines the +"desired state", meaning how many containers to run as tasks and constraints for +deploying the containers. + +Frequently a service is a microservice within the context of some larger +application. Examples of services might include an HTTP server, a database, or +any other type of executable program that you wish to run in a distributed +environment. + +## service discovery + +Swarm mode [service discovery](../swarm/networking.md) is a DNS component +internal to the swarm that automatically assigns each service on an overlay +network in the swarm a VIP and DNS entry. Containers on the network share DNS +mappings for the service via gossip so any container on the network can access +the service via its service name. + +You don’t need to expose service-specific ports to make the service available to +other services on the same overlay network. The swarm’s internal load balancer +automatically distributes requests to the service VIP among the active tasks. + +## swarm + +A [swarm](../swarm/index.md) is a cluster of one or more Docker Engines running in [swarm mode](#swarm-mode). + ## Swarm -[Swarm](https://github.com/docker/swarm) is a native clustering tool for Docker. -Swarm pools together several Docker hosts and exposes them as a single virtual -Docker host. It serves the standard Docker API, so any tool that already works -with Docker can now transparently scale up to multiple hosts. +Do not confuse [Docker Swarm](https://github.com/docker/swarm) with the [swarm mode](#swarm-mode) features in Docker Engine. + +Docker Swarm is the name of a standalone native clustering tool for Docker. +Docker Swarm pools together several Docker hosts and exposes them as a single +virtual Docker host. It serves the standard Docker API, so any tool that already +works with Docker can now transparently scale up to multiple hosts. *Also known as : docker-swarm* +## swarm mode + +[Swarm mode](../swarm/index.md) refers to cluster management and orchestration +features embedded in Docker Engine. When you initialize a new swarm (cluster) or +join nodes to a swarm, the Docker Engine runs in swarm mode. + ## tag A tag is a label applied to a Docker image in a [repository](#repository). @@ -197,6 +246,18 @@ tags are how various images in a repository are distinguished from each other. *Note : This label is not related to the key=value labels set for docker daemon* +## task + +A [task](../swarm/how-swarm-mode-works/services.md#tasks-and-scheduling) is the +atomic unit of scheduling within a swarm. A task carries a Docker container and +the commands to run inside the container. Manager nodes assign tasks to worker +nodes according to the number of replicas set in the service scale. + +The diagram below illustrates the relationship of services to tasks and +containers. + +![services diagram](../swarm/images/services-diagram.png) + ## Toolbox Docker Toolbox is the installer for Mac and Windows users. @@ -209,13 +270,13 @@ very lightweight and fast. Docker uses union file systems to provide the buildin blocks for containers. -## Virtual Machine +## virtual machine -A Virtual Machine is a program that emulates a complete computer and imitates dedicated hardware. +A virtual machine is a program that emulates a complete computer and imitates dedicated hardware. It shares physical hardware resources with other users but isolates the operating system. The end user has the same experience on a Virtual Machine as they would have on dedicated hardware. -Compared to to containers, a Virtual Machine is heavier to run, provides more isolation, +Compared to to containers, a virtual machine is heavier to run, provides more isolation, gets its own set of resources and does minimal sharing. *Also known as : VM* From 6f3f6a78a91374e40f7c17f2d5934c2ff417d3d6 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 13 Sep 2016 05:14:41 +0000 Subject: [PATCH 1747/2538] add current limitation to experimental/checkpoint-restore.md Signed-off-by: Akihiro Suda --- experimental/checkpoint-restore.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/experimental/checkpoint-restore.md b/experimental/checkpoint-restore.md index 9c46e69cd6..4e2bca1cd7 100644 --- a/experimental/checkpoint-restore.md +++ b/experimental/checkpoint-restore.md @@ -71,5 +71,17 @@ in between running/checkpoint/restoring you should see that the counter increases while the process is running, stops while it's checkpointed, and resumes from the point it left off once you restore. -Note that seccomp is only supported by CRIU in very up to date kernels. +## Current Limitation + +seccomp is only supported by CRIU in very up to date kernels. + +External terminal (i.e. `docker run -t ..`) is not supported at the moment. +If you try to create a checkpoint for a container with an external terminal, +it would fail: + + $ docker checkpoint create cr checkpoint1 + Error response from daemon: Cannot checkpoint container c1: rpc error: code = 2 desc = exit status 1: "criu failed: type NOTIFY errno 0\nlog file: /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log\n" + + $ cat /var/lib/docker/containers/eb62ebdbf237ce1a8736d2ae3c7d88601fc0a50235b0ba767b559a1f3c5a600b/checkpoints/checkpoint1/criu.work/dump.log + Error (mount.c:740): mnt: 126:./dev/console doesn't have a proper root mount From 0d521e018a33c42008b85c052f7bc994056e0f3e Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 7 Sep 2016 02:34:57 -0700 Subject: [PATCH 1748/2538] add some plugin manifest reference doc Signed-off-by: Victor Vieux --- docs/extend/index.md | 16 +-- docs/extend/manifest.md | 222 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 230 insertions(+), 8 deletions(-) create mode 100644 docs/extend/manifest.md diff --git a/docs/extend/index.md b/docs/extend/index.md index 4e77c698e6..4ce1eac1c5 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -151,7 +151,7 @@ drwxr-xr-x 3 root root 4096 Aug 8 17:56 cd851ce43a403 "Capabilities": [ "CAP_SYS_ADMIN" ], - "ManifestVersion": "v0.1", + "ManifestVersion": "v0", "Description": "sshFS plugin for Docker", "Documentation": "https://docs.docker.com/engine/extend/plugins/", "Interface": { @@ -212,23 +212,23 @@ $ docker rmi rootfs ``` `manifest.json` describes the plugin and `plugin-config.json` contains some -runtime parameters. For example: +runtime parameters. [See the Plugins Manifest reference](manifest.md). For example: ```bash # cat manifest.json { - "manifestVersion": "v0.1", + "manifestVersion": "v0", "description": "sshFS plugin for Docker", "documentation": "https://docs.docker.com/engine/extend/plugins/", "entrypoint": ["/go/bin/docker-volume-sshfs"], "network": { "type": "host" }, - "interface" : { - "types": ["docker.volumedriver/1.0"], - "socket": "sshfs.sock" - }, - "capabilities": ["CAP_SYS_ADMIN"] + "interface" : { + "types": ["docker.volumedriver/1.0"], + "socket": "sshfs.sock" + }, + "capabilities": ["CAP_SYS_ADMIN"] } ``` diff --git a/docs/extend/manifest.md b/docs/extend/manifest.md new file mode 100644 index 0000000000..d47efce8e8 --- /dev/null +++ b/docs/extend/manifest.md @@ -0,0 +1,222 @@ + + +# Plugin Manifest Version 0 of Plugin V2 + +This document outlines the format of the V0 plugin manifest. The plugin +manifest described herein was introduced in the Docker daemon (experimental version) in the [v1.12.0 +release](https://github.com/docker/docker/commit/f37117045c5398fd3dca8016ea8ca0cb47e7312b). + +Plugin manifests describe the various constituents of a docker plugin. Plugin +manifests can be serialized to JSON format with the following media types: + +Manifest Type | Media Type +------------- | ------------- +manifest | "application/vnd.docker.plugin.v0+json" + + +## *Manifest* Field Descriptions + +Manifest provides the base accessible fields for working with V0 plugin format + in the registry. + +- **`manifestVersion`** *string* + + version of the plugin manifest (This version uses V0) + +- **`description`** *string* + + description of the plugin + +- **`documentation`** *string* + + link to the documentation about the plugin + +- **`interface`** *PluginInterface* + + interface implemented by the plugins, struct consisting of the following fields + + - **`types`** *string array* + + types indicate what interface(s) the plugin currently implements. + + currently supported: + + - **docker.volumedriver/1.0** + + - **`socket`** *string* + + socket is the name of the socket the engine should use to communicate with the plugins. + the socket will be created in `/run/docker/plugins`. + + +- **`entrypoint`** *string array* + + entrypoint of the plugin, see [`ENTRYPOINT`](../reference/builder.md#entrypoint) + +- **`workdir`** *string* + + workdir of the plugin, see [`WORKDIR`](../reference/builder.md#workdir) + +- **`network`** *PluginNetwork* + + network of the plugin, struct consisting of the following fields + + - **`type`** *string* + + network type. + + currently supported: + + - **bridge** + - **host** + - **none** + +- **`capabilities`** *array* + + capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security) + +- **`mounts`** *PluginMount array* + + mount of the plugin, struct consisting of the following fields, see [`MOUNTS`](https://github.com/opencontainers/runtime-spec/blob/master/config.md#mounts) + + - **`name`** *string* + + name of the mount. + + - **`description`** *string* + + description of the mount. + + - **`source`** *string* + + source of the mount. + + - **`destination`** *string* + + destination of the mount. + + - **`type`** *string* + + mount type. + + - **`options`** *string array* + + options of the mount. + +- **`devices`** *PluginDevice array* + + device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices) + + - **`name`** *string* + + name of the device. + + - **`description`** *string* + + description of the device. + + - **`path`** *string* + + path of the device. + +- **`env`** *PluginEnv array* + + env of the plugin, struct consisting of the following fields + + - **`name`** *string* + + name of the env. + + - **`description`** *string* + + description of the env. + + - **`value`** *string* + + value of the env. + +- **`args`** *PluginArgs* + + args of the plugin, struct consisting of the following fields + + - **`name`** *string* + + name of the env. + + - **`description`** *string* + + description of the env. + + - **`value`** *string array* + + values of the args. + + +## Example Manifest + +*Example showing the 'tiborvass/no-remove' plugin manifest.* + +``` +{ + "manifestVersion": "v0", + "description": "A test plugin for Docker", + "documentation": "https://docs.docker.com/engine/extend/plugins/", + "entrypoint": ["plugin-no-remove", "/data"], + "interface" : { + "types": ["docker.volumedriver/1.0"], + "socket": "plugins.sock" + }, + "network": { + "type": "host" + }, + + "mounts": [ + { + "source": "/data", + "destination": "/data", + "type": "bind", + "options": ["shared", "rbind"] + }, + { + "destination": "/foobar", + "type": "tmpfs" + } + ], + + "args": { + "name": "args", + "description": "command line arguments", + "value": [] + }, + + "env": [ + { + "name": "DEBUG", + "description": "If set, prints debug messages", + "value": "1" + } + ], + + "devices": [ + { + "name": "device", + "description": "a host device to mount", + "path": "/dev/cpu_dma_latency" + } + ] +} + +``` From cf8c2c21acb61cc59819689e3cff86cdccca93b5 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Tue, 9 Aug 2016 12:14:38 -0400 Subject: [PATCH 1749/2538] Remove --read-only restriction when user ns enabled The restriction is no longer necessary given changes at the runc layer related to mount options of the rootfs. Also cleaned up the docs on restrictions left for userns enabled mode. Re-enabled tests related to --read-only when testing a userns-enabled daemon in integration-cli. Docker-DCO-1.1-Signed-off-by: Phil Estes (github: estesp) --- docs/reference/commandline/dockerd.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 3552bf0fd9..658a18a48a 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -955,16 +955,16 @@ This option will completely disable user namespace mapping for the container's u The following standard Docker features are currently incompatible when running a Docker daemon with user namespaces enabled: - - sharing PID or NET namespaces with the host (`--pid=host` or `--network=host`) - - A `--read-only` container filesystem (this is a Linux kernel restriction against remounting with modified flags of a currently mounted filesystem when inside a user namespace) - - external (volume or graph) drivers which are unaware/incapable of using daemon user mappings + - sharing PID or NET namespaces with the host (`--pid=host` or `--net=host`) - Using `--privileged` mode flag on `docker run` (unless also specifying `--userns=host`) In general, user namespaces are an advanced feature and will require coordination with other capabilities. For example, if volumes are mounted from the host, file ownership will have to be pre-arranged if the user or administrator wishes the containers to have expected access to the volume -contents. +contents. Note that when using external volume or graph driver plugins, those +external software programs must be made aware of user and group mapping ranges +if they are to work seamlessly with user namespace support. Finally, while the `root` user inside a user namespaced container process has many of the expected admin privileges that go along with being the superuser, the From e0c33c5988f7e92022ad7e4a0c402d2e49544929 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Tue, 13 Sep 2016 20:24:31 +0800 Subject: [PATCH 1750/2538] fix some incorrect symbols before executing command Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/attach.md | 2 +- docs/reference/commandline/run.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index dd581ace9a..d0b519840b 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -119,7 +119,7 @@ process is returned by the `docker attach` command to its caller too: $ docker run --name test -d -it debian 275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab $ docker attach test - $$ exit 13 + root@f38c87f2a42d:/# exit 13 exit $ echo $? 13 diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 57e752bf50..71340058e6 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -546,7 +546,7 @@ more `--add-host` flags. This example adds a static address for a host named `docker`: $ docker run --add-host=docker:10.180.0.1 --rm -it debian - $$ ping docker + root@f38c87f2a42d:/# ping docker PING docker (10.180.0.1): 48 data bytes 56 bytes from 10.180.0.1: icmp_seq=0 ttl=254 time=7.600 ms 56 bytes from 10.180.0.1: icmp_seq=1 ttl=254 time=30.705 ms From d3bfb92962dcaf1c5d8d01ffdb93419335599762 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Wed, 14 Sep 2016 10:18:09 -0700 Subject: [PATCH 1751/2538] Update plugin install docs with registry specifics. Signed-off-by: Anusha Ragunathan --- docs/reference/commandline/plugin_install.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 952f692793..f3b26ab0c8 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -24,7 +24,8 @@ Options: Installs and enables a plugin. Docker looks first for the plugin on your Docker host. If the plugin does not exist locally, then the plugin is pulled from -Docker Hub. +the registry. Note that the minimum required registry version to distribute +plugins is 2.3.0 The following example installs `no-remove` plugin. Install consists of pulling the From e1a8e15e8dac2c4f794164317d3ef62227146214 Mon Sep 17 00:00:00 2001 From: David Dooling Date: Tue, 16 Aug 2016 15:08:07 -0500 Subject: [PATCH 1752/2538] Update ENTRYPOINT/CMD table to agree with docs Several other places in the document it states that when using the shell form of ENTRYPOINT, CMD and command line arguments are ignored. That is accurate, this table was not. It is now. Signed-off-by: David Dooling --- docs/reference/builder.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index cd94170807..a42b631eb8 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1168,12 +1168,12 @@ or for executing an ad-hoc command in a container. The table below shows what command is executed for different `ENTRYPOINT` / `CMD` combinations: -| | No ENTRYPOINT | ENTRYPOINT exec_entry p1_entry | ENTRYPOINT ["exec_entry", "p1_entry"] | -|--------------------------------|----------------------------|-----------------------------------------------------------|------------------------------------------------| -| **No CMD** | *error, not allowed* | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry | -| **CMD ["exec_cmd", "p1_cmd"]** | exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry exec_cmd p1_cmd | exec_entry p1_entry exec_cmd p1_cmd | -| **CMD ["p1_cmd", "p2_cmd"]** | p1_cmd p2_cmd | /bin/sh -c exec_entry p1_entry p1_cmd p2_cmd | exec_entry p1_entry p1_cmd p2_cmd | -| **CMD exec_cmd p1_cmd** | /bin/sh -c exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd | exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd | +| | No ENTRYPOINT | ENTRYPOINT exec_entry p1_entry | ENTRYPOINT ["exec_entry", "p1_entry"] | +|--------------------------------|----------------------------|--------------------------------|------------------------------------------------| +| **No CMD** | *error, not allowed* | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry | +| **CMD ["exec_cmd", "p1_cmd"]** | exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry exec_cmd p1_cmd | +| **CMD ["p1_cmd", "p2_cmd"]** | p1_cmd p2_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry p1_cmd p2_cmd | +| **CMD exec_cmd p1_cmd** | /bin/sh -c exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd | ## VOLUME From 6abd40c653e23cf42121dcf8af18751777b15408 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 15 Sep 2016 16:06:29 +0200 Subject: [PATCH 1753/2538] Restore missing "format" example The "format" example got lost during the rewrite of the documentation for Cobra. This restores the missing example. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/create.md | 7 ++++--- docs/reference/commandline/run.md | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 8446c6d140..9e3dfdead5 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -108,9 +108,10 @@ Options: 'host': Use the Docker host user namespace '': Use the Docker daemon user namespace specified by `--userns-remap` option. --uts string UTS namespace to use - -v, --volume value Bind mount a volume (default []). The comma-delimited - `options` are [rw|ro], [z|Z], - [[r]shared|[r]slave|[r]private], and + -v, --volume value Bind mount a volume (default []). The format + is `[host-src:]container-dest[:]`. + The comma-delimited `options` are [rw|ro], + [z|Z], [[r]shared|[r]slave|[r]private], and [nocopy]. The 'host-src' is an absolute path or a name value. --volume-driver string Optional volume driver for the container diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 71340058e6..78f271391e 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -115,9 +115,10 @@ Options: 'host': Use the Docker host user namespace '': Use the Docker daemon user namespace specified by `--userns-remap` option. --uts string UTS namespace to use - -v, --volume value Bind mount a volume (default []). The comma-delimited - `options` are [rw|ro], [z|Z], - [[r]shared|[r]slave|[r]private], and + -v, --volume value Bind mount a volume (default []). The format + is `[host-src:]container-dest[:]`. + The comma-delimited `options` are [rw|ro], + [z|Z], [[r]shared|[r]slave|[r]private], and [nocopy]. The 'host-src' is an absolute path or a name value. --volume-driver string Optional volume driver for the container From 7d50b656d435816919a0ff42a012edc7047f3289 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 15 Sep 2016 18:53:46 +0200 Subject: [PATCH 1754/2538] Synchronize push reference with man page Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/push.md | 37 ++++++++++++++++++++++++++++-- man/docker-push.1.md | 22 ++++++++++++------ 2 files changed, 50 insertions(+), 9 deletions(-) diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 42601ed1bb..f8803a45d1 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -22,9 +22,42 @@ Options: Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) registry or to a self-hosted one. -[Read more about valid image names and tags](tag.md). + +Refer to the [`docker tag`](tag.md) reference for more information about valid +image and tag names. Killing the `docker push` process, for example by pressing `CTRL-c` while it is -running in a terminal, will terminate the push operation. +running in a terminal, terminates the push operation. Registry credentials are managed by [docker login](login.md). + +## EXAMPLES + +### Pushing a new image to a registry + +First save the new image by finding the container ID (using [`docker ps`](ps.md)) +and then committing it to a new image name. Note that only `a-z0-9-_.` are +allowed when naming images: + +```bash +$ docker commit c16378f943fe rhel-httpd +``` + +Now, push the image to the registry using the image ID. In this example the +registry is on host named `registry-host` and listening on port `5000`. To do +this, tag the image with the host name or IP address, and the port of the +registry: + +```bash +$ docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd +$ docker push registry-host:5000/myadmin/rhel-httpd +``` + +Check that this worked by running: + +```bash +$ docker images +``` + +You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` +listed. diff --git a/man/docker-push.1.md b/man/docker-push.1.md index 4919489a99..847e66d2e4 100644 --- a/man/docker-push.1.md +++ b/man/docker-push.1.md @@ -11,18 +11,28 @@ NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] # DESCRIPTION -This command pushes an image or a repository to a registry. If you do not -specify a `REGISTRY_HOST`, the command uses Docker's public registry located at -`registry-1.docker.io` by default. Refer to **docker-tag(1)** for more -information about valid image and tag names. +Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) +registry or to a self-hosted one. + +Refer to **docker-tag(1)** for more information about valid image and tag names. + +Killing the **docker push** process, for example by pressing **CTRL-c** while it +is running in a terminal, terminates the push operation. + +Registry credentials are managed by **docker-login(1)**. + # OPTIONS + +**--disable-content-trust** + Skip image verification (default true) + **--help** Print usage statement # EXAMPLES -# Pushing a new image to a registry +## Pushing a new image to a registry First save the new image by finding the container ID (using **docker ps**) and then committing it to a new image name. Note that only a-z0-9-_. are @@ -45,8 +55,6 @@ Check that this worked by running: You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` listed. -Registry credentials are managed by **docker-login(1)**. - # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From e3279502d0f909bd649a8c2f7a5ef5e2feaa2315 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 16 Sep 2016 15:29:28 +0200 Subject: [PATCH 1755/2538] Add link to logging drivers reference Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/logs.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index 9074311405..437e709631 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -24,11 +24,14 @@ Options: -t, --timestamps Show timestamps ``` -> **Note**: this command is available only for containers with `json-file` and -> `journald` logging drivers. - The `docker logs` command batch-retrieves logs present at the time of execution. +> **Note**: this command is only functional for containers that are started with +> the `json-file` or `journald` logging driver. + +For more information about selecting and configuring login-drivers, refer to +[Configure logging drivers](../../admin/logging/overview.md). + The `docker logs --follow` command will continue streaming the new output from the container's `STDOUT` and `STDERR`. From 36ffab578f3f80807004fdb08e6bfac9661c5ff4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 16 Sep 2016 17:22:58 +0200 Subject: [PATCH 1756/2538] Use "sudo" for dockerd examples Because we standardize on using a non-privileged prompt (`$`) instead of `#`, replacing the examples to use `sudo` instead to indicate this has to be run as root. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 241 ++++++++++++++++---------- 1 file changed, 153 insertions(+), 88 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 658a18a48a..3c393b004b 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -123,26 +123,32 @@ find examples of using Systemd socket activation with Docker and Systemd in the You can configure the Docker daemon to listen to multiple sockets at the same time using multiple `-H` options: - # listen using the default unix socket, and on 2 specific IP addresses on this host. - dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2 +```bash +# listen using the default unix socket, and on 2 specific IP addresses on this host. +$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2 +``` The Docker client will honor the `DOCKER_HOST` environment variable to set the `-H` flag for the client. - $ docker -H tcp://0.0.0.0:2375 ps - # or - $ export DOCKER_HOST="tcp://0.0.0.0:2375" - $ docker ps - # both are equal +```bash +$ docker -H tcp://0.0.0.0:2375 ps +# or +$ export DOCKER_HOST="tcp://0.0.0.0:2375" +$ docker ps +# both are equal +``` Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than the empty string is equivalent to setting the `--tlsverify` flag. The following are equivalent: - $ docker --tlsverify ps - # or - $ export DOCKER_TLS_VERIFY=1 - $ docker ps +```bash +$ docker --tlsverify ps +# or +$ export DOCKER_TLS_VERIFY=1 +$ docker ps +``` The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes @@ -188,27 +194,31 @@ For example: `-H`, when empty, will default to the same value as when no `-H` was passed in. -`-H` also accepts short form for TCP bindings: - - `host:` or `host:port` or `:port` +`-H` also accepts short form for TCP bindings: `host:` or `host:port` or `:port` Run Docker in daemon mode: - $ sudo /dockerd -H 0.0.0.0:5555 & +```bash +$ sudo /dockerd -H 0.0.0.0:5555 & +``` Download an `ubuntu` image: - $ docker -H :5555 pull ubuntu +```bash +$ docker -H :5555 pull ubuntu +``` You can use multiple `-H`, for example, if you want to listen on both TCP and a Unix socket - # Run docker in daemon mode - $ sudo /dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock & - # Download an ubuntu image, use default Unix socket - $ docker pull ubuntu - # OR use the TCP port - $ docker -H tcp://127.0.0.1:2375 pull ubuntu +```bash +# Run docker in daemon mode +$ sudo /dockerd -H tcp://127.0.0.1:2375 -H unix:///var/run/docker.sock & +# Download an ubuntu image, use default Unix socket +$ docker pull ubuntu +# OR use the TCP port +$ docker -H tcp://127.0.0.1:2375 pull ubuntu +``` ### Daemon storage-driver option @@ -272,29 +282,30 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. * `dm.thinpooldev` - Specifies a custom block storage device to use for the thin pool. + Specifies a custom block storage device to use for the thin pool. - If using a block device for device mapper storage, it is best to use `lvm` - to create and manage the thin-pool volume. This volume is then handed to Docker - to exclusively create snapshot volumes needed for images and containers. + If using a block device for device mapper storage, it is best to use `lvm` + to create and manage the thin-pool volume. This volume is then handed to Docker + to exclusively create snapshot volumes needed for images and containers. - Managing the thin-pool outside of Engine makes for the most feature-rich - method of having Docker utilize device mapper thin provisioning as the - backing storage for Docker containers. The highlights of the lvm-based - thin-pool management feature include: automatic or interactive thin-pool - resize support, dynamically changing thin-pool features, automatic thinp - metadata checking when lvm activates the thin-pool, etc. + Managing the thin-pool outside of Engine makes for the most feature-rich + method of having Docker utilize device mapper thin provisioning as the + backing storage for Docker containers. The highlights of the lvm-based + thin-pool management feature include: automatic or interactive thin-pool + resize support, dynamically changing thin-pool features, automatic thinp + metadata checking when lvm activates the thin-pool, etc. - As a fallback if no thin pool is provided, loopback files are - created. Loopback is very slow, but can be used without any - pre-configuration of storage. It is strongly recommended that you do - not use loopback in production. Ensure your Engine daemon has a - `--storage-opt dm.thinpooldev` argument provided. + As a fallback if no thin pool is provided, loopback files are + created. Loopback is very slow, but can be used without any + pre-configuration of storage. It is strongly recommended that you do + not use loopback in production. Ensure your Engine daemon has a + `--storage-opt dm.thinpooldev` argument provided. - Example use: + Example use: - $ dockerd \ - --storage-opt dm.thinpooldev=/dev/mapper/thin-pool + ```bash + $ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool + ``` * `dm.basesize` @@ -310,7 +321,10 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd --storage-opt dm.basesize=50G + ```bash + $ sudo dockerd --storage-opt dm.basesize=50G + ``` + This will increase the base device size to 50G. The Docker daemon will throw an error if existing base device size is larger than 50G. A user can use @@ -320,19 +334,23 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. that may already be initialized and inherited by pulled images. Typically, a change to this value requires additional steps to take effect: - $ sudo service docker stop - $ sudo rm -rf /var/lib/docker - $ sudo service docker start + ```bash + $ sudo service docker stop + $ sudo rm -rf /var/lib/docker + $ sudo service docker start + ``` Example use: - $ dockerd --storage-opt dm.basesize=20G + ```bash + $ sudo dockerd --storage-opt dm.basesize=20G + ``` * `dm.loopdatasize` > **Note**: - > This option configures devicemapper loopback, which should not - > be used in production. + > This option configures devicemapper loopback, which should not + > be used in production. Specifies the size to use when creating the loopback file for the "data" device which is used for the thin pool. The default size is @@ -341,7 +359,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd --storage-opt dm.loopdatasize=200G + ```bash + $ sudo dockerd --storage-opt dm.loopdatasize=200G + ``` * `dm.loopmetadatasize` @@ -356,7 +376,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd --storage-opt dm.loopmetadatasize=4G + ```bash + $ sudo dockerd --storage-opt dm.loopmetadatasize=4G + ``` * `dm.fs` @@ -365,7 +387,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd --storage-opt dm.fs=ext4 + ```bash + $ sudo dockerd --storage-opt dm.fs=ext4 + ``` * `dm.mkfsarg` @@ -373,7 +397,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd --storage-opt "dm.mkfsarg=-O ^has_journal" + ```bash + $ sudo dockerd --storage-opt "dm.mkfsarg=-O ^has_journal" + ``` * `dm.mountopt` @@ -381,7 +407,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd --storage-opt dm.mountopt=nodiscard + ```bash + $ sudo dockerd --storage-opt dm.mountopt=nodiscard + ``` * `dm.datadev` @@ -395,9 +423,11 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd \ - --storage-opt dm.datadev=/dev/sdb1 \ - --storage-opt dm.metadatadev=/dev/sdc1 + ```bash + $ sudo dockerd \ + --storage-opt dm.datadev=/dev/sdb1 \ + --storage-opt dm.metadatadev=/dev/sdc1 + ``` * `dm.metadatadev` @@ -411,13 +441,17 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. If setting up a new metadata pool it is required to be valid. This can be achieved by zeroing the first 4k to indicate empty metadata, like this: - $ dd if=/dev/zero of=$metadata_dev bs=4096 count=1 + ```bash + $ dd if=/dev/zero of=$metadata_dev bs=4096 count=1 + ``` Example use: - $ dockerd \ - --storage-opt dm.datadev=/dev/sdb1 \ - --storage-opt dm.metadatadev=/dev/sdc1 + ```bash + $ sudo dockerd \ + --storage-opt dm.datadev=/dev/sdb1 \ + --storage-opt dm.metadatadev=/dev/sdc1 + ``` * `dm.blocksize` @@ -426,7 +460,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd --storage-opt dm.blocksize=512K + ```bash + $ sudo dockerd --storage-opt dm.blocksize=512K + ``` * `dm.blkdiscard` @@ -440,7 +476,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd --storage-opt dm.blkdiscard=false + ```bash + $ sudo dockerd --storage-opt dm.blkdiscard=false + ``` * `dm.override_udev_sync_check` @@ -450,10 +488,12 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. To view the `udev` sync support of a Docker daemon that is using the `devicemapper` driver, run: - $ docker info - [...] - Udev Sync Supported: true - [...] + ```bash + $ docker info + [...] + Udev Sync Supported: true + [...] + ``` When `udev` sync support is `true`, then `devicemapper` and udev can coordinate the activation and deactivation of devices for containers. @@ -466,7 +506,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. To allow the `docker` daemon to start, regardless of `udev` sync not being supported, set `dm.override_udev_sync_check` to true: - $ dockerd --storage-opt dm.override_udev_sync_check=true + ```bash + $ sudo dockerd --storage-opt dm.override_udev_sync_check=true + ``` When this value is `true`, the `devicemapper` continues and simply warns you the errors are happening. @@ -496,7 +538,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd --storage-opt dm.use_deferred_removal=true + ```bash + $ sudo dockerd --storage-opt dm.use_deferred_removal=true + ``` * `dm.use_deferred_deletion` @@ -510,9 +554,11 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. To avoid this failure, enable both deferred device deletion and deferred device removal on the daemon. - $ dockerd \ - --storage-opt dm.use_deferred_deletion=true \ - --storage-opt dm.use_deferred_removal=true + ```bash + $ sudo dockerd \ + --storage-opt dm.use_deferred_deletion=true \ + --storage-opt dm.use_deferred_removal=true + ``` With these two options enabled, if a device is busy when the driver is deleting a container, the driver marks the device as deleted. Later, when @@ -549,7 +595,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: ```bash - $ dockerd --storage-opt dm.min_free_space=10% + $ sudo dockerd --storage-opt dm.min_free_space=10% ``` * `dm.xfs_nospace_max_retries` @@ -565,7 +611,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: ```bash - $ dockerd --storage-opt dm.xfs_nospace_max_retries=0 + $ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0 ``` #### ZFS options @@ -578,7 +624,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Example use: - $ dockerd -s zfs --storage-opt zfs.fsname=zroot/docker + ```bash + $ sudo dockerd -s zfs --storage-opt zfs.fsname=zroot/docker + ``` #### Btrfs options @@ -590,7 +638,10 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. **size** cannot be smaller than **btrfs.min_space**. Example use: - $ dockerd -s btrfs --storage-opt btrfs.min_space=10G + + ```bash + $ sudo dockerd -s btrfs --storage-opt btrfs.min_space=10G + ``` #### Overlay2 options @@ -615,7 +666,7 @@ control `containerd` startup, manually start `containerd` and pass the path to the `containerd` socket using the `--containerd` flag. For example: ```bash -$ dockerd --containerd /var/run/dev/docker-containerd.sock +$ sudo dockerd --containerd /var/run/dev/docker-containerd.sock ``` Runtimes can be registered with the daemon either via the @@ -639,9 +690,11 @@ The following is an example adding 2 runtimes via the configuration: This is the same example via the command line: - $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement +```bash +$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement +``` -**Note**: defining runtime arguments via the command line is not supported. +> **Note**: defining runtime arguments via the command line is not supported. ## Options for the runtime @@ -656,14 +709,18 @@ cgroups. You can specify only specify `cgroupfs` or `systemd`. If you specify This example sets the `cgroupdriver` to `systemd`: - $ sudo dockerd --exec-opt native.cgroupdriver=systemd +```bash +$ sudo dockerd --exec-opt native.cgroupdriver=systemd +``` Setting this option applies to all containers the daemon launches. Also Windows Container makes use of `--exec-opt` for special purpose. Docker user can specify default container isolation technology with this, for example: - $ dockerd --exec-opt isolation=hyperv +```bash +$ sudo dockerd --exec-opt isolation=hyperv +``` Will make `hyperv` the default isolation technology on Windows. If no isolation value is specified on daemon start, on Windows client, the default is @@ -671,11 +728,19 @@ value is specified on daemon start, on Windows client, the default is ## Daemon DNS options -To set the DNS server for all Docker containers, use -`dockerd --dns 8.8.8.8`. +To set the DNS server for all Docker containers, use: + +```bash +$ sudo dockerd --dns 8.8.8.8 +``` + + +To set the DNS search domain for all Docker containers, use: + +```bash +$ sudo dockerd --dns-search example.com +``` -To set the DNS search domain for all Docker containers, use -`dockerd --dns-search example.com`. ## Insecure registries @@ -770,7 +835,7 @@ using the `--cluster-store-opt` flag, specifying the paths to PEM encoded files. For example: ```bash -dockerd \ +$ sudo dockerd \ --cluster-advertise 192.168.1.2:2376 \ --cluster-store etcd://192.168.1.2:2379 \ --cluster-store-opt kv.cacertfile=/path/to/ca.pem \ @@ -820,7 +885,7 @@ authorization plugins when you start the Docker `daemon` using the `--authorization-plugin=PLUGIN_ID` option. ```bash -dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... +$ sudo dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... ``` The `PLUGIN_ID` value is either the plugin's name or a path to its specification @@ -891,10 +956,10 @@ startup will fail with an error message. > *before* the `--userns-remap` option is enabled. Once these files exist, the > daemon can be (re)started and range assignment on user creation works properly. -*Example: starting with default Docker user management:* +**Example: starting with default Docker user management:** ```bash -$ dockerd --userns-remap=default +$ sudo dockerd --userns-remap=default ``` When `default` is provided, Docker will create - or find the existing - user and group @@ -1237,7 +1302,7 @@ The `--tls*` options enable use of specific certificates for individual daemons. Example script for a separate “bootstrap” instance of the Docker daemon without network: ```bash -$ dockerd \ +$ sudo dockerd \ -H unix:///var/run/docker-bootstrap.sock \ -p /var/run/docker-bootstrap.pid \ --iptables=false \ From db4e32d39e5fb1906eef4270cb98628931c5609c Mon Sep 17 00:00:00 2001 From: Denis Gladkikh Date: Thu, 25 Aug 2016 11:27:02 -0700 Subject: [PATCH 1757/2538] Splunk Logging Driver performance improvements New driver options: - `splunk-gzip` - gzip compress all requests to Splunk HEC (enabled by default) - `splunk-gzip-level` - change compression level. Messages are sent in batches by 1000, with frequency of 5 seconds. Maximum buffer is 10,000 events. If HEC will not be available, Splunk Logging Driver will keep retrying while it can hold messages in buffer. Added unit tests for driver. Signed-off-by: Denis Gladkikh --- contrib/completion/bash/docker | 4 ++-- contrib/completion/zsh/_docker | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 222f74caac..8daaee30f5 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -520,7 +520,7 @@ __docker_complete_log_options() { local journald_options="env labels tag" local json_file_options="env labels max-file max-size" local syslog_options="env labels syslog-address syslog-facility syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify tag" - local splunk_options="env labels splunk-caname splunk-capath splunk-format splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url splunk-verify-connection tag" + local splunk_options="env labels splunk-caname splunk-capath splunk-format splunk-gzip splunk-gzip-level splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url splunk-verify-connection tag" local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" @@ -629,7 +629,7 @@ __docker_complete_log_driver_options() { __ltrim_colon_completions "${cur}" return ;; - splunk-insecureskipverify|splunk-verify-connection) + splunk-gzip|splunk-insecureskipverify|splunk-verify-connection) COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) return ;; diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a881e0bf7b..ab9ba2d7c8 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -228,7 +228,7 @@ __docker_get_log_options() { journald_options=("env" "labels" "tag") json_file_options=("env" "labels" "max-file" "max-size") syslog_options=("env" "labels" "syslog-address" "syslog-facility" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "tag") - splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-format" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "splunk-verify-connection" "tag") + splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-format" "splunk-gzip" "splunk-gzip-level" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "splunk-verify-connection" "tag") [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0 [[ $log_driver = (fluentd|all) ]] && _describe -t fluentd-options "fluentd options" fluentd_options "$@" && ret=0 From 622f3bf19f1c0048dad90bfa75ee0999feee5c55 Mon Sep 17 00:00:00 2001 From: Josh Bodah Date: Fri, 16 Sep 2016 15:32:12 -0400 Subject: [PATCH 1758/2538] Remove extra paren in `run --link` docs Signed-off-by: Josh Bodah --- docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index a0ffea07e8..375c0c1538 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1362,7 +1362,7 @@ If the operator uses `--link` when starting a new client container in the default bridge network, then the client container can access the exposed port via a private networking interface. If `--link` is used when starting a container in a user-defined network as -described in [*Docker network overview*](../userguide/networking/index.md)), +described in [*Docker network overview*](../userguide/networking/index.md), it will provide a named alias for the container being linked to. ### ENV (environment variables) From f9832ceac0666e7c6e662284a4cabb94b8cc2d94 Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Fri, 2 Sep 2016 15:39:22 -0700 Subject: [PATCH 1759/2538] Fix mtu option in documentation Signed-off-by: Alessandro Boch --- docs/reference/commandline/network_create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 2414fadb55..4a6fe8fba6 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -156,7 +156,7 @@ equivalent docker daemon flags used for docker0 bridge: | `com.docker.network.bridge.enable_ip_masquerade` | `--ip-masq` | Enable IP masquerading | | `com.docker.network.bridge.enable_icc` | `--icc` | Enable or Disable Inter Container Connectivity | | `com.docker.network.bridge.host_binding_ipv4` | `--ip` | Default IP when binding container ports | -| `com.docker.network.mtu` | `--mtu` | Set the containers network MTU | +| `com.docker.network.driver.mtu` | `--mtu` | Set the containers network MTU | The following arguments can be passed to `docker network create` for any network driver, again with their approximate equivalents to `docker daemon`. From f7b0c9b47232be2df21f7bdf7329388629ed89d5 Mon Sep 17 00:00:00 2001 From: John Howard Date: Wed, 7 Sep 2016 16:08:51 -0700 Subject: [PATCH 1760/2538] Windows: stats support Signed-off-by: John Howard --- docs/reference/commandline/stats.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index 3e1a5c4ccc..a26a95f958 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -27,7 +27,7 @@ If you want more detailed information about a container's resource usage, use th ## Examples -Running `docker stats` on all running containers +Running `docker stats` on all running containers against a Linux daemon. $ docker stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O @@ -35,9 +35,30 @@ Running `docker stats` on all running containers 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B -Running `docker stats` on multiple containers by name and id. +Running `docker stats` on multiple containers by name and id against a Linux daemon. $ docker stats fervent_panini 5acfcb1b4fd1 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B + +Running `docker stats` on all running containers against a Windows daemon. + + PS E:\> docker stats + CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O + 09d3bb5b1604 6.61% 38.21 MiB 17.1 kB / 7.73 kB 10.7 MB / 3.57 MB + 9db7aa4d986d 9.19% 38.26 MiB 15.2 kB / 7.65 kB 10.6 MB / 3.3 MB + 3f214c61ad1d 0.00% 28.64 MiB 64 kB / 6.84 kB 4.42 MB / 6.93 MB + +Running `docker stats` on multiple containers by name and id against a Windows daemon. + + PS E:\> docker ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 3f214c61ad1d nanoserver "cmd" 2 minutes ago Up 2 minutes big_minsky + 9db7aa4d986d windowsservercore "cmd" 2 minutes ago Up 2 minutes mad_wilson + 09d3bb5b1604 windowsservercore "cmd" 2 minutes ago Up 2 minutes affectionate_easley + + PS E:\> docker stats 3f214c61ad1d mad_wilson + CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O + 3f214c61ad1d 0.00% 46.25 MiB 76.3 kB / 7.92 kB 10.3 MB / 14.7 MB + mad_wilson 9.59% 40.09 MiB 27.6 kB / 8.81 kB 17 MB / 20.1 MB \ No newline at end of file From 20463c7b18b9361697d506c62d16a17ee36dd247 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Sun, 18 Sep 2016 11:00:19 +0800 Subject: [PATCH 1761/2538] fix typo for docs reference Signed-off-by: yuexiao-wang --- docs/reference/commandline/info.md | 2 +- docs/reference/commandline/push.md | 2 +- docs/reference/commandline/update.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 4a25a04fa0..ad137071ce 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -38,7 +38,7 @@ meta data regarding those images are stored. When run for the first time Docker allocates a certain amount of data space and meta data space from the space available on the volume where `/var/lib/docker` is mounted. -# EXAMPLES +# Examples ## Display Docker system information diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index f8803a45d1..9b70fd3516 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -31,7 +31,7 @@ running in a terminal, terminates the push operation. Registry credentials are managed by [docker login](login.md). -## EXAMPLES +## Examples ### Pushing a new image to a registry diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index 3eb2b7deac..bacecd0106 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -41,7 +41,7 @@ options on a running or a stopped container. On kernel version older than 4.6, you can only update `--kernel-memory` on a stopped container or on a running container with kernel memory initialized. -## EXAMPLES +## Examples The following sections illustrate ways to use this command. From 060fd9fa5c208e9d09b6335286995becb786fa91 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 15 Aug 2016 23:51:15 +0200 Subject: [PATCH 1762/2538] Add --mount syntax documentation to CLI reference Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/run.md | 2 + docs/reference/commandline/service_create.md | 125 +++++++++++++++++-- docs/reference/commandline/service_update.md | 29 +++++ 3 files changed, 149 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 78f271391e..50023af7f1 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -240,6 +240,8 @@ binary (refer to [get the linux binary]( you give the container the full access to create and manipulate the host's Docker daemon. +For in-depth information about volumes, refer to [manage data in containers](../../tutorials/dockervolumes.md) + ### Publish or expose port (-p, --expose) $ docker run -p 127.0.0.1:80:8080 ubuntu bash diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 381a36360b..fd1ce78110 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -137,6 +137,114 @@ $ docker service create \ For more information about labels, refer to [apply custom metadata](../../userguide/labels-custom-metadata.md). +### Add volumes or bind-mounts + +The following table describes the options for defining mounts in a service: + +| Option | Required | Description +|:----------------------|:------------------|:-------------------------------------------------------------------------------------------------------------------- +| **type** | | The type of mount, can be either "volume", or "bind". Defaults to "volume" if no type is specified.
  • `volume`: (default) mounts a [managed volume](volume_create.md) into the container.
  • `bind`: bind-mounts a directory or file from the host into the container.
+| **src** | `bind` only |
  • `type=volume`: Use `src` to specify the name of the volume (e.g., `src=my-volume`). If a volume with the given name does not exist, it is automatically created. If this option is omitted, an ephemeral volume with a random name is generated. Random names are guaranteed to be unique on the host, but may not be unique cluster-wide. Ephemeral volumes have the same lifecycle as the container it is attached to, and are destroyed when the *container* is destroyed (which is upon `service update`, or when scaling or re-balancing the service).
  • `type=bind`: Use `src` to specify host-path to bind mount (e.g., `src=/path/on/host/`). When using a bind-mount (`"type=bind"`), the `src` path must be specified as an absolute path, and *must* be a pre-existing path, or an error is produced.
+| **source** | | Alias for `src`. +| **dst** | yes | Mount path inside the container, for example `/some/path/in/container/`. If the path does not exist in the container's filesystem, the Engine creates a directory at the specified location before mounting the volume or bind-mount. +| **destination** | | Alias for `dst`. +| **target** | | Alias for `dst`. +| **readonly** | | By default, the Engine mounts binds and volumes `read-write`. Pass the `readonly` option to mount the bind or volume `read-only` in the container.

A value is optional:
  • `true` or `1`: Default if you do not provide a value. Mounts the bind or volume read-only in the container.
  • `false` or `0`: Mounts the bind or volume read-write in the container.
+| **ro** | | Alias for `readonly`. + +The following options can only be used for bind-mounts (`type=bind`); + + +| Option | Description +|:----------------------|:-------------------------------------------------------------------------------------------------------------------- +| **bind-propagation** | Bind propagation options to set on the mount at runtime. Valid options are `shared`, `slave`, `private`, `rshared`, `rslave`, and `rprivate`. Defaults to `rprivate` if not specified. For volumes, bind propagation is not configurable, and also defaults to `rprivate`. + + +The following options can only be used for named volumes (`type=volume`); + +| Option | Description +|:----------------------|:-------------------------------------------------------------------------------------------------------------------- +| **volume-driver** | Name of the volume-driver plugin to use for the volume. Defaults to the ``"local"`` volume driver to create the volume if it does not exist. +| **volume-label** | Custom metadata ("labels") to apply to the volume upon creation. Labels are provided as comma-separated list of key/value pairs, for example, `volume-label=hello=world`. For more information about labels, refer to [apply custom metadata](../../userguide/labels-custom-metadata.md). +| **volume-nocopy** | By default, if you attach an empty volume to a container, the Engine propagates the files and directories that are present at the mount-path (`dst`) inside the container into the volume. Set `volume-nocopy` to disables copying files from the container's filesystem to the volume and mount the empty volume.

A value is optional:
  • `true` or `1`: Default if you do not provide a value. Disables copying.
  • `false` or `0`: Enables copying.
+| **volume-opt** | Volume driver-specific options to use when creating the volume. Options are provided as comma-separated list of key/value pairs, for example, `volume-opt=some-option=some-value,some-other-option=some-other-value`. For available options, refer to the documentation of the volume driver that is used. + +#### Differences between "--mount" and "--volume" + +The `--mount` flag features most options that are supported by the `-v` / +`--volume` flag for `docker run`. There are some differences; + +- The `--mount` flag allows specifying a volume driver, and volume driver + options *per volume*, without having to create volumes in advance. When using + `docker run`, only a single volume driver can be specified (using the + `--volume-driver` flag), which is shared by all volumes. +- The `--mount` flag allows specifying custom metadata ("labels") for the volume, + without having to create the volume out of band. +- When using `type=bind`, the host-path must refer to an *existing* path on the + host, and is not automatically created if the path does not exist. If the + specified path does not exist on the host, an error is produced, and the + service will fail to be deployed succesfully. +- The `--mount` flag does not allow you to relabel volumes with `Z` or `z` + +#### Create a service using a named volume + +The following example creates a service that uses a named volume: + +```bash +$ docker service create \ + --name my-service \ + --replicas 3 \ + --mount type=volume,source=my-volume,destination=/path/in/container,volume-label="color=red",volume-label="shape=round" \ + nginx:alpine +``` + +For each replica of the service, the engine requests a volume named "my-volume" +from the default ("local") volume driver where the task is deployed. If the +volume does not exist, the engine creates a new volume and applies the "color" +and "shape" labels. + +When the task is started, the volume is mounted on `/path/in/container/` inside +the container. + +Be aware that the default ("local") volume is a locally scoped volume driver. +This means that depending on where a task is deployed, either that task gets a +*new* volume named "my-volume", or shares the same "my-volume" with other tasks +of the same service. Multiple containers writing to a single shared volume can +cause data corruption if the software running inside the container is not +designed to handle concurrent processes writing to the same location. Also take +into account that containers can be re-scheduled by the Swarm orchestrator and +be deployed on a different node. + +#### Create a service that uses an anonymous (ephemeral) volume + +The following command creates a service with three replicas with an anonymous +volume on `/path/in/container`: + +```bash +$ docker service create \ + --name my-service \ + --replicas 3 \ + --mount type=volume,destination=/path/in/container \ + nginx:alpine +``` + +In this example, no name (`source`) is specified for the volume, hence a new, +*randomly named* volume is created for each task. This guarantees that each task +gets its own volume, and volumes are not shared between tasks. Unnamed volumes +are considered "ephemeral", and are destroyed when the container is destroyed. + +#### Create a service that uses a bind-mounted host directory + +The following example bind-mounts a host directory at `/path/in/container` in +the containers backing the service: + +```bash +$ docker service create \ + --name my-service \ + --mount type=bind,source=/path/on/host,destination=/path/in/container \ + nginx:alpine +``` + ### Set service mode (--mode) You can set the service mode to "replicated" (default) or to "global". A @@ -159,13 +267,13 @@ constraint expressions. Multiple constraints find nodes that satisfy every expression (AND match). Constraints can match node or Docker Engine labels as follows: -| node attribute | matches | example | -|:------------- |:-------------| :---------------------------------------------| -| node.id | node ID | `node.id == 2ivku8v2gvtg4` | -| node.hostname | node hostname | `node.hostname != node-2` | -| node.role | node role: manager | `node.role == manager` | -| node.labels | user defined node labels | `node.labels.security == high` | -| engine.labels | Docker Engine's labels | `engine.labels.operatingsystem == ubuntu 14.04`| +| node attribute | matches | example | +|:----------------|:--------------------------|:------------------------------------------------| +| node.id | node ID | `node.id == 2ivku8v2gvtg4` | +| node.hostname | node hostname | `node.hostname != node-2` | +| node.role | node role: manager | `node.role == manager` | +| node.labels | user defined node labels | `node.labels.security == high` | +| engine.labels | Docker Engine's labels | `engine.labels.operatingsystem == ubuntu 14.04` | `engine.labels` apply to Docker Engine labels like operating system, drivers, etc. Swarm administrators add `node.labels` for operational purposes by @@ -240,3 +348,6 @@ the service running on the node. For more information refer to * [service scale](service_scale.md) * [service ps](service_ps.md) * [service update](service_update.md) + + + diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 3879a7dcc4..1347248660 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -67,6 +67,35 @@ for further information. $ docker service update --limit-cpu 2 redis ``` +### Adding and removing mounts + +You can add, or remove bind-mounts or volumes to a service using the +`--mount-add` and `--mount-rm` options. + +The following example creates a service using the `test-data` volume, then +updates the service to mount another volume, and finally unmounts the first +volume: + +```bash +$ docker service create --name=myservice --mount type=volume,source=test-data,target=/somewhere nginx:alpine + +myservice + +$ docker service update --mount-add type=volume,source=other-volume,target=/somewhere-else myservice + +myservice + +$ docker service update --mount-rm /somewhere myservice + +myservice +``` + +The `--mount-rm` flag takes the `target` path of the mount. The `--mount-add` +flag takes the same parameters as the `--mount` flag on `service create`. Refer +to the [volumes and bind-mounts](service_create.md#volumes-and-bind-mounts-mount) section in the +`service create` reference for details. + + ## Related information * [service create](service_create.md) From b3341fb7af79efefe02b3b395bc61b8d34c19f99 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Fri, 9 Sep 2016 17:29:32 -0700 Subject: [PATCH 1763/2538] Misty's edits and additions Signed-off-by: Misty Stanley-Jones (cherry picked from commit 3de7d725137ee1620ae2050e65ace4990a3af87e) --- docs/reference/commandline/run.md | 8 +- docs/reference/commandline/service_create.md | 147 +++++++++++++------ docs/reference/commandline/service_update.md | 37 +++-- 3 files changed, 132 insertions(+), 60 deletions(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 50023af7f1..23f6d8f656 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -197,8 +197,8 @@ The `-w` lets the command being executed inside directory given, here $ docker run -it --storage-opt size=120G fedora /bin/bash -This (size) will allow to set the container rootfs size to 120G at creation time. -User cannot pass a size less than the Default BaseFS Size. This option is only +This (size) will allow to set the container rootfs size to 120G at creation time. +User cannot pass a size less than the Default BaseFS Size. This option is only available for the `devicemapper`, `btrfs`, `windowsfilter`, and `zfs` graph drivers. ### Mount tmpfs (--tmpfs) @@ -636,14 +636,14 @@ On Microsoft Windows, can take any of these values: | `hyperv` | Hyper-V hypervisor partition-based isolation. | On Windows, the default isolation for client is `hyperv`, and for server is -`process`. Therefore when running on Windows server without a `daemon` option +`process`. Therefore when running on Windows server without a `daemon` option set, these two commands are equivalent: ``` $ docker run -d --isolation default busybox top $ docker run -d --isolation process busybox top ``` -If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, +If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, if running on Windows server, any of these commands also result in `hyperv` isolation: ``` diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index fd1ce78110..a42ad0dc4f 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -137,54 +137,116 @@ $ docker service create \ For more information about labels, refer to [apply custom metadata](../../userguide/labels-custom-metadata.md). -### Add volumes or bind-mounts +### Add bind-mounts or volumes -The following table describes the options for defining mounts in a service: +Docker supports two different kinds of mounts, which allow containers to read to +or write from files or directories on other containers or the host operating +system. These types are _data volumes_ (often referred to simply as volumes) and +_bind-mounts_. -| Option | Required | Description -|:----------------------|:------------------|:-------------------------------------------------------------------------------------------------------------------- -| **type** | | The type of mount, can be either "volume", or "bind". Defaults to "volume" if no type is specified.
  • `volume`: (default) mounts a [managed volume](volume_create.md) into the container.
  • `bind`: bind-mounts a directory or file from the host into the container.
-| **src** | `bind` only |
  • `type=volume`: Use `src` to specify the name of the volume (e.g., `src=my-volume`). If a volume with the given name does not exist, it is automatically created. If this option is omitted, an ephemeral volume with a random name is generated. Random names are guaranteed to be unique on the host, but may not be unique cluster-wide. Ephemeral volumes have the same lifecycle as the container it is attached to, and are destroyed when the *container* is destroyed (which is upon `service update`, or when scaling or re-balancing the service).
  • `type=bind`: Use `src` to specify host-path to bind mount (e.g., `src=/path/on/host/`). When using a bind-mount (`"type=bind"`), the `src` path must be specified as an absolute path, and *must* be a pre-existing path, or an error is produced.
-| **source** | | Alias for `src`. -| **dst** | yes | Mount path inside the container, for example `/some/path/in/container/`. If the path does not exist in the container's filesystem, the Engine creates a directory at the specified location before mounting the volume or bind-mount. -| **destination** | | Alias for `dst`. -| **target** | | Alias for `dst`. -| **readonly** | | By default, the Engine mounts binds and volumes `read-write`. Pass the `readonly` option to mount the bind or volume `read-only` in the container.

A value is optional:
  • `true` or `1`: Default if you do not provide a value. Mounts the bind or volume read-only in the container.
  • `false` or `0`: Mounts the bind or volume read-write in the container.
-| **ro** | | Alias for `readonly`. +A **bind-mount** makes a file or directory on the host available to the +container it is mounted within. A bind-mount may be either read-only or +read-write. For example, a container might share its host's DNS information by +means of a bind-mount of the host's `/etc/resolv.conf` or a container might +write logs to its host's `/var/log/myContainerLogs` directory. If you use +bind-mounts and your host and containers have different notions of permissions, +access controls, or other such details, you will run into portability issues. -The following options can only be used for bind-mounts (`type=bind`); +A **named volume** is a mechanism for decoupling persistent data needed by your +container from the image used to create the container and from the host machine. +Named volumes are created and managed by Docker, and a named volume persists +even when no container is currently using it. Data in named volumes can be +shared between a container and the host machine, as well as between multiple +containers. Docker uses a _volume driver_ to create, manage, and mount volumes. +You can back up or restore volumes using Docker commands. +Consider a situation where your image starts a lightweight web server. You could +use that image as a base image, copy in your website's HTML files, and package +that into another image. Each time your website changed, you'd need to update +the new image and redeploy all of the containers serving your website. A better +solution is to store the website in a named volume which is attached to each of +your web server containers when they start. To update the website, you just +update the named volume. -| Option | Description -|:----------------------|:-------------------------------------------------------------------------------------------------------------------- -| **bind-propagation** | Bind propagation options to set on the mount at runtime. Valid options are `shared`, `slave`, `private`, `rshared`, `rslave`, and `rprivate`. Defaults to `rprivate` if not specified. For volumes, bind propagation is not configurable, and also defaults to `rprivate`. +For more information about named volumes, see +[Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/). +The following table describes options which apply to both bind-mounts and named +volumes in a service: +| Option | Required | Description +|:-----------------------------------------|:--------------------------|:----------------------------------------------------------------------------------------- +| **type** | | The type of mount, can be either `volume`, or `bind`. Defaults to `volume` if no type is specified.
  • `volume`: mounts a [managed volume](volume_create.md) into the container.
  • `bind`: bind-mounts a directory or file from the host into the container.
+| **src** or **source** | for `type=bind` only |
  • `type=volume`: `src` is an optional way to specify the name of the volume (for example, `src=my-volume`). If the named volume does not exist, it is automatically created. If no `src` is specified, the volume is assigned a random name which is guaranteed to be unique on the host, but may not be unique cluster-wide. A randomly-named volume has the same lifecycle as its container and is destroyed when the *container* is destroyed (which is upon `service update`, or when scaling or re-balancing the service).
  • `type=bind`: `src` is required, and specifies an absolute path to the file or directory to bind-mount (for example, `src=/path/on/host/`). An error is produced if the file or directory does not exist.
+| **dst** or **destination** or **target** | yes | Mount path inside the container, for example `/some/path/in/container/`. If the path does not exist in the container's filesystem, the Engine creates a directory at the specified location before mounting the volume or bind-mount. +| **readonly** or **ro** | | The Engine mounts binds and volumes `read-write` unless `readonly` option is given when mounting the bind or volume.

  • `true` or `1` or no value: Mounts the bind or volume read-only.
  • `false` or `0`: Mounts the bind or volume read-write.
+ +#### Bind Propagation + +Bind propagation refers to whether or not mounts created within a given +bind-mount or named volume can be propagated to replicas of that mount. Consider +a mount point `/mnt`, which is also mounted on `/tmp`. The propation settings +control whether a mount on `/tmp/a` would also be available on `/mnt/a`. Each +propagation setting has a recursive counterpoint. In the case of recursion, +consider that `/tmp/a` is also mounted as `/foo`. The propagation settings +control whether `/mnt/a` and/or `/tmp/a` would exist. + +The `bind-propagation` option defaults to `rprivate` for both bind-mounts and +volume mounts, and is only configurable for bind-mounts. In other words, named +volumes do not support bind propagation. + +- **`shared`**: Sub-mounts of the original mount are exposed to replica mounts, + and sub-mounts of replica mounts are also propagated to the + original mount. +- **`slave`**: similar to a shared mount, but only in one direction. If the + original mount exposes a sub-mount, the replica mount can see it. + However, if the replica mount exposes a sub-mount, the original + mount cannot see it. +- **`private`**: The mount is private. Sub-mounts within it are not exposed to + replica mounts, and sub-mounts of replica mounts are not + exposed to the original mount. +- **`rshared`**: The same as shared, but the propagation also extends to and from + mount points nested within any of the original or replica mount + points. +- **`rslave`**: The same as `slave`, but the propagation also extends to and from + mount points nested within any of the original or replica mount + points. +- **`rprivate`**: The default. The same as `private`, meaning that no mount points + anywhere within the original or replica mount points propagate + in either direction. + +For more information about bind propagation, see the +[Linux kernel documentation for shared subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt). + +#### Options for Named Volumes The following options can only be used for named volumes (`type=volume`); | Option | Description |:----------------------|:-------------------------------------------------------------------------------------------------------------------- -| **volume-driver** | Name of the volume-driver plugin to use for the volume. Defaults to the ``"local"`` volume driver to create the volume if it does not exist. -| **volume-label** | Custom metadata ("labels") to apply to the volume upon creation. Labels are provided as comma-separated list of key/value pairs, for example, `volume-label=hello=world`. For more information about labels, refer to [apply custom metadata](../../userguide/labels-custom-metadata.md). -| **volume-nocopy** | By default, if you attach an empty volume to a container, the Engine propagates the files and directories that are present at the mount-path (`dst`) inside the container into the volume. Set `volume-nocopy` to disables copying files from the container's filesystem to the volume and mount the empty volume.

A value is optional:
  • `true` or `1`: Default if you do not provide a value. Disables copying.
  • `false` or `0`: Enables copying.
-| **volume-opt** | Volume driver-specific options to use when creating the volume. Options are provided as comma-separated list of key/value pairs, for example, `volume-opt=some-option=some-value,some-other-option=some-other-value`. For available options, refer to the documentation of the volume driver that is used. +| **volume-driver** | Name of the volume-driver plugin to use for the volume. Defaults to ``"local"``, to use the local volume driver to create the volume if the volume does not exist. +| **volume-label** | One or more custom metadata ("labels") to apply to the volume upon creation. For example, `volume-label=mylabel=hello-world,my-other-label=hello-mars`. For more information about labels, refer to [apply custom metadata](../../userguide/labels-custom-metadata.md). +| **volume-nocopy** | By default, if you attach an empty volume to a container, and files or directories already existed at the mount-path in the container (`dst`), the Engine copies those files and directories into the volume, allowing the host to access them. Set `volume-nocopy` to disables copying files from the container's filesystem to the volume and mount the empty volume.

A value is optional:
  • `true` or `1`: Default if you do not provide a value. Disables copying.
  • `false` or `0`: Enables copying.
+| **volume-opt** | Options specific to a given volume driver, which will be passed to the driver when creating the volume. Options are provided as a comma-separated list of key/value pairs, for example, `volume-opt=some-option=some-value,some-other-option=some-other-value`. For available options for a given driver, refer to that driver's documentation. #### Differences between "--mount" and "--volume" -The `--mount` flag features most options that are supported by the `-v` / -`--volume` flag for `docker run`. There are some differences; +The `--mount` flag supports most options that are supported by the `-v` +or `--volume` flag for `docker run`, with some important exceptions: -- The `--mount` flag allows specifying a volume driver, and volume driver - options *per volume*, without having to create volumes in advance. When using - `docker run`, only a single volume driver can be specified (using the - `--volume-driver` flag), which is shared by all volumes. -- The `--mount` flag allows specifying custom metadata ("labels") for the volume, - without having to create the volume out of band. -- When using `type=bind`, the host-path must refer to an *existing* path on the - host, and is not automatically created if the path does not exist. If the - specified path does not exist on the host, an error is produced, and the - service will fail to be deployed succesfully. -- The `--mount` flag does not allow you to relabel volumes with `Z` or `z` +- The `--mount` flag allows you to specify a volume driver and volume driver + options *per volume*, without creating the volumes in advance. In contrast, + `docker run` allows you to specify a single volume driver which is shared + by all volumes, using the `--volume-driver` flag. + +- The `--mount` flag allows you to specify custom metadata ("labels") for a volume, + before the volume is created. + +- When you use `--mount` with `type=bind`, the host-path must refer to an *existing* + path on the host. The path will not be created for you and the service will fail + with an error if the path does not exist. + +- The `--mount` flag does not allow you to relabel a volume with `Z` or `z` flags, + which are used for `selinux` labeling. #### Create a service using a named volume @@ -215,9 +277,9 @@ designed to handle concurrent processes writing to the same location. Also take into account that containers can be re-scheduled by the Swarm orchestrator and be deployed on a different node. -#### Create a service that uses an anonymous (ephemeral) volume +#### Create a service that uses an anonymous volume -The following command creates a service with three replicas with an anonymous +The following command creates a service with three replicas with an anonymous volume on `/path/in/container`: ```bash @@ -228,10 +290,10 @@ $ docker service create \ nginx:alpine ``` -In this example, no name (`source`) is specified for the volume, hence a new, -*randomly named* volume is created for each task. This guarantees that each task -gets its own volume, and volumes are not shared between tasks. Unnamed volumes -are considered "ephemeral", and are destroyed when the container is destroyed. +In this example, no name (`source`) is specified for the volume, so a new volume +is created for each task. This guarantees that each task gets its own volume, +and volumes are not shared between tasks. Anonymous volumes are removed after +the task using them is complete. #### Create a service that uses a bind-mounted host directory @@ -247,11 +309,11 @@ $ docker service create \ ### Set service mode (--mode) -You can set the service mode to "replicated" (default) or to "global". A -replicated service runs the number of replica tasks you specify. A global +The service mode determines whether this is a _replicated_ service or a _global_ +service. A replicated service runs as many tasks as specified, while a global service runs on each active node in the swarm. -The following command creates a "global" service: +The following command creates a global service: ```bash $ docker service create \ @@ -350,4 +412,3 @@ the service running on the node. For more information refer to * [service update](service_update.md) - diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 1347248660..dd65bb288f 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -69,19 +69,36 @@ $ docker service update --limit-cpu 2 redis ### Adding and removing mounts -You can add, or remove bind-mounts or volumes to a service using the -`--mount-add` and `--mount-rm` options. +Use the `--mount-add` or `--mount-rm` options add or remove a service's bind-mounts +or volumes. -The following example creates a service using the `test-data` volume, then -updates the service to mount another volume, and finally unmounts the first -volume: +The following example creates a service which mounts the `test-data` volume to +`/somewhere`. The next step updates the service to also mount the `other-volume` +volume to `/somewhere-else`volume, The last step unmounts the `/somewhere` mount +point, effectively removing the `test-data` volume. Each command returns the +service name. + +- The `--mount-add` flag takes the same parameters as the `--mount` flag on + `service create`. Refer to the [volumes and + bind-mounts](service_create.md#volumes-and-bind-mounts-mount) section in the + `service create` reference for details. + +- The `--mount-rm` flag takes the `target` path of the mount. ```bash -$ docker service create --name=myservice --mount type=volume,source=test-data,target=/somewhere nginx:alpine +$ docker service create \ + --name=myservice \ + --mount \ + type=volume,source=test-data,target=/somewhere \ + nginx:alpine \ + myservice myservice -$ docker service update --mount-add type=volume,source=other-volume,target=/somewhere-else myservice +$ docker service update \ + --mount-add \ + type=volume,source=other-volume,target=/somewhere-else \ + myservice myservice @@ -90,12 +107,6 @@ $ docker service update --mount-rm /somewhere myservice myservice ``` -The `--mount-rm` flag takes the `target` path of the mount. The `--mount-add` -flag takes the same parameters as the `--mount` flag on `service create`. Refer -to the [volumes and bind-mounts](service_create.md#volumes-and-bind-mounts-mount) section in the -`service create` reference for details. - - ## Related information * [service create](service_create.md) From efe94b9d9255bafad529080ad1a00eef8c6805d3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 19 Sep 2016 13:57:39 +0200 Subject: [PATCH 1764/2538] Fix Markdown formatting and missing prompt in service create Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/service_create.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index a42ad0dc4f..059996dadf 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -370,6 +370,7 @@ access to the network. When you create a service and pass the --network flag to attach the service to the overlay network: +```bash $ docker service create \ --replicas 3 \ --network my-network \ @@ -377,6 +378,8 @@ $ docker service create \ nginx 716thylsndqma81j6kkkb5aus +``` + The swarm extends my-network to each node running the service. Containers on the same network can access each other using @@ -388,13 +391,13 @@ You can publish service ports to make them available externally to the swarm using the `--publish` flag: ```bash -docker service create --publish : nginx +$ docker service create --publish : nginx ``` For example: ```bash -docker service create --name my_web --replicas 3 --publish 8080:80 nginx +$ docker service create --name my_web --replicas 3 --publish 8080:80 nginx ``` When you publish a service port, the swarm routing mesh makes the service From 71e220fc1173b96c468f249e6d7d728a2a7cbebe Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 2 Sep 2016 07:40:06 +0000 Subject: [PATCH 1765/2538] add `docker events --format` Signed-off-by: Akihiro Suda --- contrib/completion/bash/docker | 2 +- contrib/completion/fish/docker.fish | 1 + contrib/completion/zsh/_docker | 3 ++- docs/reference/commandline/events.md | 30 ++++++++++++++++++++++++++++ man/docker-events.1.md | 29 +++++++++++++++++++++++++++ 5 files changed, 63 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8daaee30f5..39b7863300 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1162,7 +1162,7 @@ _docker_events() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --help --since --until" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --help --since --until --format" -- "$cur" ) ) ;; esac } diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 2ee367ff30..e72fb4e012 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -164,6 +164,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from events' -s f -l filter complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l help -d 'Print usage' complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l since -d 'Show all events created since timestamp' complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l until -d 'Stream events until this timestamp' +complete -c docker -A -f -n '__fish_seen_subcommand_from events' -l format -d 'Format the output using the given go template' # exec complete -c docker -f -n '__fish_docker_no_subcommand' -a exec -d 'Run a command in a running container' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ab9ba2d7c8..ff8952e7e0 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1660,7 +1660,8 @@ __docker_subcommand() { $opts_help \ "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_events_filter" \ "($help)--since=[Events created since this timestamp]:timestamp: " \ - "($help)--until=[Events created until this timestamp]:timestamp: " && ret=0 + "($help)--until=[Events created until this timestamp]:timestamp: " \ + "($help)--format=[Format the output using the given go template]:template: " && ret=0 ;; (exec) local state diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 1900d09c2b..789bb57ffb 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -17,6 +17,7 @@ Get real time events from the server Options: -f, --filter value Filter output based on conditions provided (default []) + --format string Format the output using the given go template --help Print usage --since string Show all events created since timestamp --until string Stream events until this timestamp @@ -85,6 +86,16 @@ The currently supported filters are: * network (`network=`) * daemon (`daemon=`) +## Format + +If a format (`--format`) is specified, the given template will be executed +instead of the default +format. Go's [text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. + +If a format is set to `{{json .}}`, the events are streamed as valid JSON +Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . + ## Examples You'll need two shells for this example. @@ -180,3 +191,22 @@ relative to the current time on the client machine: $ docker events --filter 'type=plugin' (experimental) 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) + +**Format:** + + $ docker events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' + Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + +**Format (as JSON Lines):** + + $ docker events --format '{{json .}}' + {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. + {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. + {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. diff --git a/man/docker-events.1.md b/man/docker-events.1.md index 4e38b53687..311020f6ef 100644 --- a/man/docker-events.1.md +++ b/man/docker-events.1.md @@ -10,6 +10,7 @@ docker-events - Get real time events from the server [**-f**|**--filter**[=*[]*]] [**--since**[=*SINCE*]] [**--until**[=*UNTIL*]] +[**--format**[=*FORMAT*]] # DESCRIPTION @@ -45,6 +46,9 @@ Docker networks report the following events: **--until**="" Stream events until this timestamp +**--format**="" + Format the output using the given go template + The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine's time. If you do not provide the `--since` option, @@ -96,6 +100,31 @@ relative to the current time on the client machine: If you do not provide the --since option, the command returns only new and/or live events. +## Format + +If a format (`--format`) is specified, the given template will be executed +instead of the default format. Go's **text/template** package describes all the +details of the format. + + # docker events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' + Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 + +If a format is set to `{{json .}}`, the events are streamed as valid JSON +Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . + + # docker events --format '{{json .}}' + {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. + {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. + {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) based on docker.com source material and internal work. From d72deed554026586ad4185638bc869942722bdfd Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Mon, 27 Jun 2016 14:38:47 -0700 Subject: [PATCH 1766/2538] Add init process for zombie fighting This adds a small C binary for fighting zombies. It is mounted under `/dev/init` and is prepended to the args specified by the user. You enable it via a daemon flag, `dockerd --init`, as it is disable by default for backwards compat. You can also override the daemon option or specify this on a per container basis with `docker run --init=true|false`. You can test this by running a process like this as the pid 1 in a container and see the extra zombie that appears in the container as it is running. ```c int main(int argc, char ** argv) { pid_t pid = fork(); if (pid == 0) { pid = fork(); if (pid == 0) { exit(0); } sleep(3); exit(0); } printf("got pid %d and exited\n", pid); sleep(20); } ``` Signed-off-by: Michael Crosby --- docs/reference/commandline/dockerd.md | 2 ++ man/dockerd.8.md | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 3c393b004b..5fff237b1c 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -48,6 +48,7 @@ Options: -H, --host=[] Daemon socket(s) to connect to --help Print usage --icc=true Enable inter-container communication + --init Run an init inside containers to forward signals and reap processes --insecure-registry=[] Enable insecure registry communication --ip=0.0.0.0 Default IP when binding container ports --ip-forward=true Enable net.ipv4.ip_forward @@ -1140,6 +1141,7 @@ This is a full example of the allowed configuration options on Linux: "group": "", "cgroup-parent": "", "default-ulimits": {}, + "init": false, "ipv6": false, "iptables": false, "ip-forward": false, diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 06c3820027..a84cd76715 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -34,6 +34,7 @@ dockerd - Enable daemon mode [**-H**|**--host**[=*[]*]] [**--help**] [**--icc**[=*true*]] +[**--init**[=*false*]] [**--insecure-registry**[=*[]*]] [**--ip**[=*0.0.0.0*]] [**--ip-forward**[=*true*]] @@ -166,6 +167,9 @@ unix://[/path/to/socket] to use. **--icc**=*true*|*false* Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true. +**--init** +Run an init process inside containers for signal forwarding and process reaping. + **--insecure-registry**=[] Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. From d0e704b31daf6eeffb7995d9f1f167b1cf7cef4c Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Mon, 12 Sep 2016 16:08:59 +0800 Subject: [PATCH 1767/2538] add option and update the description Signed-off-by: yuexiao-wang --- docs/reference/commandline/cli.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 61e33957b1..3982941d75 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -174,8 +174,9 @@ To list the help on any command just execute the command, followed by the Run a command in a new container - -a, --attach=[] Attach to STDIN, STDOUT or STDERR - --cpu-shares=0 CPU shares (relative weight) + Options: + --add-host value Add a custom host-to-IP mapping (host:ip) (default []) + -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) ... ## Option types From b2dc10a65332570d03af6a3f401eb03a0f6fcfa9 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 20 Sep 2016 11:14:58 +0800 Subject: [PATCH 1768/2538] Update on index refernce documentation Signed-off-by: yuexiao-wang --- docs/reference/commandline/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 761238202c..e8a6bb93d6 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -136,7 +136,7 @@ read the [`dockerd`](dockerd.md) reference page. | [service create](service_create.md) | Create a new service | | [service inspect](service_inspect.md) | Inspect a service | | [service ls](service_ls.md) | List services in the swarm | -| [service rm](service_rm.md) | Reemove a swervice from the swarm | +| [service rm](service_rm.md) | Remove a service from the swarm | | [service scale](service_scale.md) | Set the number of replicas for the desired state of the service | | [service ps](service_ps.md) | List the tasks of a service | | [service update](service_update.md) | Update the attributes of a service | From 347ce7aad39ee852e77d74b9cb19d43872f933e1 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 25 Jul 2016 15:24:34 -0400 Subject: [PATCH 1769/2538] Add formatter for service inspect Allows the user to use `pretty` as the format string. This enables users to put custom format options into their CLI config just like is supported for `docker ps` and `docker images` Signed-off-by: Brian Goff --- docs/reference/commandline/cli.md | 8 ++++++++ docs/reference/commandline/service_inspect.md | 2 ++ 2 files changed, 10 insertions(+) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 3982941d75..51a8dd6aba 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -143,6 +143,13 @@ Docker's client uses this property. If this property is not set, the client falls back to the default table format. For a list of supported formatting directives, see the [**Formatting** section in the `docker images` documentation](images.md) +The property `serviceInspectFormat` specifies the default format for `docker +service inspect` output. When the `--format` flag is not provided with the +`docker service inspect` command, Docker's client uses this property. If this +property is not set, the client falls back to the default json format. For a +list of supported formatting directives, see the +[**Formatting** section in the `docker service inspect` documentation](service_inspect.md) + Following is a sample `config.json` file: { @@ -151,6 +158,7 @@ Following is a sample `config.json` file: }, "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}", "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", + "serviceInspectFormat": "pretty", "detachKeys": "ctrl-e,e" } diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 2fbaedd8fe..4923d8e706 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -130,6 +130,8 @@ Ports: PublishedPort = 4443 ``` +You can also use `--format pretty` for the same effect. + ### Finding the number of tasks running as part of a service From a64a1aa0ae42cc97b6a8619018ff2aaa096c787d Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 2 Sep 2016 09:51:41 +0000 Subject: [PATCH 1770/2538] fix the man page and zsh completion for `docker images` Signed-off-by: Akihiro Suda --- contrib/completion/zsh/_docker | 2 +- man/docker-images.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ff8952e7e0..1366fd61b5 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1704,7 +1704,7 @@ __docker_subcommand() { "($help -a --all)"{-a,--all}"[Show all images]" \ "($help)--digests[Show digests]" \ "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ - "($help)--format[Pretty-print containers using a Go template]:template: " \ + "($help)--format[Pretty-print images using a Go template]:template: " \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -): :__docker_repositories" && ret=0 diff --git a/man/docker-images.1.md b/man/docker-images.1.md index fd551a58db..d8a4ac4b03 100644 --- a/man/docker-images.1.md +++ b/man/docker-images.1.md @@ -45,7 +45,7 @@ versions. - since=([:tag]||) **--format**="*TEMPLATE*" - Pretty-print containers using a Go template. + Pretty-print images using a Go template. Valid placeholders: .ID - Image ID .Repository - Image repository From 5790fa5793eb64d2892db7b9a370b9d0febb7395 Mon Sep 17 00:00:00 2001 From: Jeff Silberman Date: Tue, 20 Sep 2016 20:49:30 -0700 Subject: [PATCH 1771/2538] Add Portworx Volume Plugin Description Signed-off-by: Jeff Silberman --- docs/extend/legacy_plugins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index d9d4e5d192..aa4fa4a9b3 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -70,6 +70,7 @@ Plugin [NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future. [Netshare plugin](https://github.com/ContainX/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. +[Portworx Volume Plugin](https://github.com/portworx/px-dev) | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler. [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. [REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. [Virtuozzo Storage and Ploop plugin](https://github.com/virtuozzo/docker-volume-ploop) | A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices. From 8121d5a885488ce72db4ac3be2a31cff1a639631 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 21 Sep 2016 20:19:14 +0200 Subject: [PATCH 1772/2538] Add bash completion for `docker stats --format` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 39b7863300..18b8080c35 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2669,9 +2669,15 @@ _docker_start() { } _docker_stats() { + case "$prev" in + --format) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --help --no-stream" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --format --help --no-stream" -- "$cur" ) ) ;; *) __docker_complete_containers_running From 088cfc36debd63010dcab249df47e35341152c90 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Thu, 1 Sep 2016 15:38:25 -0700 Subject: [PATCH 1773/2538] Clarify usage of --force when used on a swarm manager Fixes #26125 Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/node_rm.md | 37 ++++++++++++++--------- docs/reference/commandline/swarm_leave.md | 30 +++++++++--------- 2 files changed, 38 insertions(+), 29 deletions(-) diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index f5d5daaf1c..ee6dcf7212 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -23,36 +23,45 @@ Options: --help Print usage ``` -Removes specified nodes from a swarm. +When run from a manager node, removes the specified nodes from a swarm. Example output: - $ docker node rm swarm-node-02 - Node swarm-node-02 removed from swarm +```nohighlight +$ docker node rm swarm-node-02 -Removes nodes from the swarm that are in the down state. Attempting to remove -an active node will result in an error: - -```bash -$ docker node rm swarm-node-03 -Error response from daemon: rpc error: code = 9 desc = node swarm-node-03 is not down and can't be removed +Node swarm-node-02 removed from swarm ``` -If a worker node becomes compromised, exhibits unexpected or unwanted behavior, or if you lose access to it so -that a clean shutdown is impossible, you can use the force option. +Removes the specified nodes from the swarm, but only if the nodes are in the +down state. If you attempt to remove an active node you will receive an error: -```bash +```nohighlight +$ docker node rm swarm-node-03 + +Error response from daemon: rpc error: code = 9 desc = node swarm-node-03 is not +down and can't be removed +``` + +If you lose access to a worker node or need to shut it down because it has been +compromised or is not behaving as expected, you can use the `--force` option. +This may cause transient errors or interruptions, depending on the type of task +being run on the node. + +```nohighlight $ docker node rm --force swarm-node-03 + Node swarm-node-03 removed from swarm ``` -Note that manager nodes have to be demoted to worker nodes before they can be removed -from the cluster. +A manager node must be demoted to a worker node (using `docker node demote`) +before you can remove it from the swarm. ## Related information * [node inspect](node_inspect.md) * [node update](node_update.md) +* [node demote](node_demote.md) * [node ps](node_ps.md) * [node ls](node_ls.md) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 938caae58e..99185dbb50 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -13,41 +13,41 @@ parent = "smn_cli" ```markdown Usage: docker swarm leave [OPTIONS] -Leave a swarm +Leave the swarm (workers only). Options: - --force Force leave ignoring warnings. + --force Force this node to leave the swarm, ignoring warnings --help Print usage ``` -This command causes the node to leave the swarm. +When you run this command on a worker, that worker leaves the swarm. -On a manager node: +You can use the `--force` option to on a manager to remove it from the swarm. +However, this does not reconfigure the swarm to ensure that there are enough +managers to maintain a quorum in the swarm. The safe way to remove a manager +from a swarm is to demote it to a worker and then direct it to leave the quorum +without using `--force`. Only use `--force` in situations where the swarm will +no longer be used after the manager leaves, such as in a single-node swarm. + +Consider the following swarm, as seen from the manager: ```bash $ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 7ln70fl22uw2dvjn2ft53m3q5 worker2 Ready Active -dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active Reachable +dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader ``` -On a worker node, worker2 in the following example: +To remove `worker2`, issue the following command from `worker2` itself: ```bash $ docker swarm leave Node left the default swarm. ``` - -On a manager node: -```bash -$ docker node ls -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -7ln70fl22uw2dvjn2ft53m3q5 worker2 Down Active -dkp8vy1dq1kxleu9g4u78tlag worker1 Ready Active Reachable -dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader -``` +To remove an inactive node, use the [`node rm`](swarm_rm.md) command instead. ## Related information +* [node rm](node_rm.md) * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) * [swarm update](swarm_update.md) From a179b5f518e169d34c788af20a64086587c025f4 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Thu, 8 Sep 2016 17:27:33 +0800 Subject: [PATCH 1774/2538] Labels info ommitted while inspecting self-defined network Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/network_inspect.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 1f35592b5d..9aebc66b5a 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -80,7 +80,8 @@ $ sudo docker network inspect bridge "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" - } + }, + "Labels": {} } ] ``` @@ -107,7 +108,8 @@ $ docker network inspect simple-network ] }, "Containers": {}, - "Options": {} + "Options": {}, + "Labels": {} } ] ``` From 47e0458ffb46ac3d10dfa2776153660b08ba1cf8 Mon Sep 17 00:00:00 2001 From: allencloud Date: Sun, 4 Sep 2016 15:38:50 +0800 Subject: [PATCH 1775/2538] support docker node ps multiNodes Signed-off-by: allencloud --- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/index.md | 2 +- docs/reference/commandline/node_ps.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1366fd61b5..81ef7ade32 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -792,7 +792,7 @@ __docker_node_commands() { "ls:List nodes in the swarm" "promote:Promote a node as manager in the swarm" "rm:Remove one or more nodes from the swarm" - "ps:List tasks running on a node, defaults to current node" + "ps:List tasks running on one or more nodes, defaults to current node" "update:Update a node" ) _describe -t docker-node-commands "docker node command" _docker_node_subcommands diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index e8a6bb93d6..ed8d2996a8 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -115,7 +115,7 @@ read the [`dockerd`](dockerd.md) reference page. | [node demote](node_demote.md) | Demotes an existing manager so that it is no longer a manager | | [node inspect](node_inspect.md) | Inspect a node in the swarm | | [node update](node_update.md) | Update attributes for a node | -| [node ps](node_ps.md) | List tasks running on a node | +| [node ps](node_ps.md) | List tasks running on one or more nodes | | [node ls](node_ls.md) | List nodes in the swarm | | [node rm](node_rm.md) | Remove one or more nodes from the swarm | diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 2856d2533b..f382a9f7e6 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -12,9 +12,9 @@ parent = "smn_cli" # node ps ```markdown -Usage: docker node ps [OPTIONS] [NODE] +Usage: docker node ps [OPTIONS] [NODE...] -List tasks running on a node, defaults to current node. +List tasks running on one or more nodes, defaults to current node. Options: -a, --all Display all instances From 129cd0b9015041251b6a76b885e1abc718c4a5f5 Mon Sep 17 00:00:00 2001 From: YuPengZTE Date: Fri, 23 Sep 2016 15:22:52 +0800 Subject: [PATCH 1776/2538] Del the extra dot Signed-off-by: YuPengZTE --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 23f6d8f656..b0cde6eb1d 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -76,7 +76,7 @@ Options: -m, --memory string Memory limit --memory-reservation string Memory soft limit --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap - --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1). + --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) --name string Assign a name to the container --network-alias value Add network-scoped alias for the container (default []) --network string Connect a container to a network From 4785157d5464d047c4b802839948d079ac1da295 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 21 Sep 2016 17:42:53 -0700 Subject: [PATCH 1777/2538] Update documentation and change log to include the preliminary validation of dockerfile. This commit updates documentation and change log to include the preliminary validation of the dockerfile before instructions in dockerfile is run one-by-one. Signed-off-by: Yong Tang --- docs/reference/builder.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index a42b631eb8..a4352bb914 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -68,6 +68,13 @@ add multiple `-t` parameters when you run the `build` command: $ docker build -t shykes/myapp:1.0.2 -t shykes/myapp:latest . +Before the Docker daemon runs the instructions in the `Dockerfile`, it performs +a preliminary validation of the `Dockerfile` and returns an error if the syntax is incorrect: + + $ docker build -t test/myapp . + Sending build context to Docker daemon 2.048 kB + Error response from daemon: Unknown instruction: RUNCMD + The Docker daemon runs the instructions in the `Dockerfile` one-by-one, committing the result of each instruction to a new image if necessary, before finally outputting the ID of your From 9f22887e061c7de3c2749d63a822c4e5d22e55f7 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 22 Sep 2016 22:38:18 +0200 Subject: [PATCH 1778/2538] Deprecate "daemon" subcommand The daemon is in a separate (dockerd) binary since docker 1.12, so should no longer be used. This marks the command as deprecated, and adds it to the deprecated features list. Signed-off-by: Sebastiaan van Stijn --- docs/deprecated.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index c5c0b228ce..e7a301aa27 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -17,6 +17,13 @@ To learn more about Docker Engine's deprecation policy, see [Feature Deprecation Policy](index.md#feature-deprecation-policy). +### `docker daemon` subcommand +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** + +**Target For Removal In Release: v1.16** + +The daemon is moved to a separate binary (`dockerd`), and should be used instead. + ### Three argument form in `docker import` **Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** From fadc2868b18008945e6690bb58ebf36c584e051c Mon Sep 17 00:00:00 2001 From: allencloud Date: Mon, 12 Sep 2016 12:09:54 +0800 Subject: [PATCH 1779/2538] change-code-and-fix-docs-about-checkpoint Signed-off-by: allencloud --- experimental/checkpoint-restore.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/experimental/checkpoint-restore.md b/experimental/checkpoint-restore.md index 4e2bca1cd7..dc1f9cfb19 100644 --- a/experimental/checkpoint-restore.md +++ b/experimental/checkpoint-restore.md @@ -35,7 +35,7 @@ not optimized for the task). ## Using Checkpoint & Restore -A new top level commands `docker checkpoint` is introduced, with three subcommands: +A new top level command `docker checkpoint` is introduced, with three subcommands: - `create` (creates a new checkpoint) - `ls` (lists existing checkpoints) - `rm` (deletes an existing checkpoint) @@ -44,9 +44,9 @@ Additionally, a `--checkpoint` flag is added to the container start command. The options for checkpoint create: - Usage: docker checkpoint [OPTIONS] CONTAINER CHECKPOINT_ID + Usage: docker checkpoint create [OPTIONS] CONTAINER CHECKPOINT - Checkpoint the specified container + Create a checkpoint from a running container --leave-running=false leave the container running after checkpoint From 6f4c4e466b6409a2749bcd444ac8422e456330eb Mon Sep 17 00:00:00 2001 From: Boaz Shuster Date: Sun, 25 Sep 2016 17:07:15 +0300 Subject: [PATCH 1780/2538] Add documentation for docker stats --format Signed-off-by: Boaz Shuster --- docs/reference/commandline/stats.md | 53 ++++++++++++++++++++++++++--- man/docker-stats.1.md | 12 +++++++ 2 files changed, 61 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index a26a95f958..d6d6ed0e1f 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -23,7 +23,7 @@ Options: The `docker stats` command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data. -If you want more detailed information about a container's resource usage, use the `/containers/(id)/stats` API endpoint. +If you want more detailed information about a container's resource usage, use the `/containers/(id)/stats` API endpoint. ## Examples @@ -38,7 +38,7 @@ Running `docker stats` on all running containers against a Linux daemon. Running `docker stats` on multiple containers by name and id against a Linux daemon. $ docker stats fervent_panini 5acfcb1b4fd1 - CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O + CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B @@ -57,8 +57,53 @@ Running `docker stats` on multiple containers by name and id against a Windows d 3f214c61ad1d nanoserver "cmd" 2 minutes ago Up 2 minutes big_minsky 9db7aa4d986d windowsservercore "cmd" 2 minutes ago Up 2 minutes mad_wilson 09d3bb5b1604 windowsservercore "cmd" 2 minutes ago Up 2 minutes affectionate_easley - + PS E:\> docker stats 3f214c61ad1d mad_wilson CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O 3f214c61ad1d 0.00% 46.25 MiB 76.3 kB / 7.92 kB 10.3 MB / 14.7 MB - mad_wilson 9.59% 40.09 MiB 27.6 kB / 8.81 kB 17 MB / 20.1 MB \ No newline at end of file + mad_wilson 9.59% 40.09 MiB 27.6 kB / 8.81 kB 17 MB / 20.1 MB + +## Formatting + +The formatting option (`--format`) pretty prints container output +using a Go template. + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +------------ | -------------------------------------------- +`.Container` | Container name or ID +`.CPUPerc` | CPU percentage +`.MemUsage` | Memory usage +`.NetIO` | Network IO +`.BlockIO` | Block IO +`.MemPerc` | Memory percentage (Not available on Windows) +`.PIDs` | Number of PIDs (Not available on Windows) + + +When using the `--format` option, the `stats` command either +outputs the data exactly as the template declares or, when using the +`table` directive, includes column headers as well. + +The following example uses a template without headers and outputs the +`Container` and `CPUPerc` entries separated by a colon for all images: + +```bash +$ docker stats --format "{{.Container}}: {{.CPUPerc}}" + +09d3bb5b1604: 6.61% +9db7aa4d986d: 9.19% +3f214c61ad1d: 0.00% +``` + +To list all containers statistics with their name, CPU percentage and memory +usage in a table format you can use: + +```bash +$ docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" + +CONTAINER CPU % PRIV WORKING SET +1285939c1fd3 0.07% 796 KiB / 64 MiB +9c76f7834ae2 0.07% 2.746 MiB / 64 MiB +d1ea048f04e4 0.03% 4.583 MiB / 64 MiB +``` diff --git a/man/docker-stats.1.md b/man/docker-stats.1.md index 41c4b722a5..6c1c7bb365 100644 --- a/man/docker-stats.1.md +++ b/man/docker-stats.1.md @@ -9,6 +9,7 @@ docker-stats - Display a live stream of one or more containers' resource usage s [**-a**|**--all**] [**--help**] [**--no-stream**] +[**--format[="*TEMPLATE*"]**] [CONTAINER...] # DESCRIPTION @@ -25,6 +26,17 @@ Display a live stream of one or more containers' resource usage statistics **--no-stream**=*true*|*false* Disable streaming stats and only pull the first result, default setting is false. +**--format**="*TEMPLATE*" + Pretty-print containers statistics using a Go template. + Valid placeholders: + .Container - Container name or ID. + .CPUPerc - CPU percentage. + .MemUsage - Memory usage. + .NetIO - Network IO. + .BlockIO - Block IO. + .MemPerc - Memory percentage (Not available on Windows). + .PIDs - Number of PIDs (Not available on Windows). + # EXAMPLES Running `docker stats` on all running containers From 365e71d8689397f59fcefb8ae58c40b1b6202ed6 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 26 Sep 2016 09:16:16 +0200 Subject: [PATCH 1781/2538] Add zsh completion for multi-nodes 'node ps' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 81ef7ade32..cd16fa8cf0 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -847,7 +847,7 @@ __docker_node_subcommand() { "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ "($help)--no-resolve[Do not map IDs to Names]" \ "($help)--no-trunc[Do not truncate output]" \ - "($help -)1:node:__docker_complete_nodes" && ret=0 + "($help -)*:node:__docker_complete_nodes" && ret=0 case $state in (filter-options) __docker_node_complete_ps_filters && ret=0 From bed270a5070576e314acb519c0cb71f8f5f25369 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 26 Sep 2016 09:06:55 +0200 Subject: [PATCH 1782/2538] Add zsh completion for 'docker stats --format' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index cd16fa8cf0..6f1c660bc1 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1704,7 +1704,7 @@ __docker_subcommand() { "($help -a --all)"{-a,--all}"[Show all images]" \ "($help)--digests[Show digests]" \ "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ - "($help)--format[Pretty-print images using a Go template]:template: " \ + "($help)--format=[Pretty-print images using a Go template]:template: " \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -): :__docker_repositories" && ret=0 @@ -1726,7 +1726,7 @@ __docker_subcommand() { (info|version) _arguments $(__docker_arguments) \ $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 ;; (inspect) local state @@ -1851,7 +1851,7 @@ __docker_subcommand() { "($help -a --all)"{-a,--all}"[Show all containers]" \ "($help)--before=[Show only container created before...]:containers:__docker_containers" \ "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \ - "($help)--format[Pretty-print containers using a Go template]:template: " \ + "($help)--format=[Pretty-print containers using a Go template]:template: " \ "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ "($help -n --last)"{-n=,--last=}"[Show n last created containers (includes all states)]:n:(1 5 10 25 50)" \ "($help)--no-trunc[Do not truncate output]" \ @@ -1999,6 +1999,7 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Show all containers (default shows just running)]" \ + "($help)--format=[Pretty-print images using a Go template]:template: " \ "($help)--no-stream[Disable streaming stats and only pull the first result]" \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; From 1a8bdcd36fc538c908c56d00de34e6182e2ad1a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?To=CC=83nis=20Tiigi?= Date: Thu, 22 Sep 2016 14:38:00 -0700 Subject: [PATCH 1783/2538] Implement build cache based on history array Based on work by KJ Tsanaktsidis Signed-off-by: Tonis Tiigi Signed-off-by: KJ Tsanaktsidis --- docs/reference/builder.md | 7 +++++++ docs/reference/commandline/build.md | 1 + 2 files changed, 8 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index a4352bb914..bef2b85535 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -106,6 +106,13 @@ the `Using cache` message in the console output. ---> 7ea8aef582cc Successfully built 7ea8aef582cc +Build cache is only used from images that have a local parent chain. This means +that these images were created by previous builds or the whole chain of images +was loaded with `docker load`. If you wish to use build cache of a specific +image you can specify it with `--cache-from` option. Images specified with +`--cache-from` do not need to have a parent chain and may be pulled from other +registries. + When you're done with your build, you're ready to look into [*Pushing a repository to its registry*](../tutorials/dockerrepos.md#contributing-to-docker-hub). diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 0f700c7a20..68e39dfd77 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -17,6 +17,7 @@ Build an image from a Dockerfile Options: --build-arg value Set build-time variables (default []) + --cache-from value Images to consider as cache sources (default []) --cgroup-parent string Optional parent cgroup for the container --cpu-period int Limit the CPU CFS (Completely Fair Scheduler) period --cpu-quota int Limit the CPU CFS (Completely Fair Scheduler) quota From 1f015b1700227a95443b35d7372539c8426337f3 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 26 Sep 2016 15:08:23 +0200 Subject: [PATCH 1784/2538] Update man page for dm.xfs_nospace_max_retries This option was added through commit 0d03c060c7e6800e60833c4462b917ee9b081440, but didn't update the man page. Signed-off-by: Sebastiaan van Stijn --- man/dockerd.8.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/man/dockerd.8.md b/man/dockerd.8.md index a84cd76715..ecbc43c030 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -533,6 +533,21 @@ the issue. Example use:: `dockerd --storage-opt dm.min_free_space=10%` +#### dm.xfs_nospace_max_retries + +Specifies the maximum number of retries XFS should attempt to complete +IO when ENOSPC (no space) error is returned by underlying storage device. + +By default XFS retries infinitely for IO to finish and this can result +in unkillable process. To change this behavior one can set +xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting +ENOSPC and will shutdown filesystem. + +Example use: + + $ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0 + + ## ZFS options #### zfs.fsname From 268c22d77b6cb3caaa3ca85f8b2b9a4029fafa05 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Thu, 23 Jun 2016 05:00:21 +0000 Subject: [PATCH 1785/2538] add `docker stack ls` Signed-off-by: Akihiro Suda --- docs/reference/commandline/stack_config.md | 1 + docs/reference/commandline/stack_deploy.md | 1 + docs/reference/commandline/stack_ls.md | 37 ++++++++++++++++++++ docs/reference/commandline/stack_rm.md | 1 + docs/reference/commandline/stack_services.md | 1 + docs/reference/commandline/stack_tasks.md | 1 + experimental/docker-stacks-and-bundles.md | 1 + 7 files changed, 43 insertions(+) create mode 100644 docs/reference/commandline/stack_ls.md diff --git a/docs/reference/commandline/stack_config.md b/docs/reference/commandline/stack_config.md index 4c6cfa1089..9a39d27116 100644 --- a/docs/reference/commandline/stack_config.md +++ b/docs/reference/commandline/stack_config.md @@ -29,3 +29,4 @@ Displays the configuration of a stack. * [stack rm](stack_rm.md) * [stack services](stack_services.md) * [stack tasks](stack_tasks.md) +* [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index a1a9366c7f..bcafb7f686 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -58,3 +58,4 @@ axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-co * [stack rm](stack_rm.md) * [stack services](stack_services.md) * [stack tasks](stack_tasks.md) +* [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md new file mode 100644 index 0000000000..11abc34727 --- /dev/null +++ b/docs/reference/commandline/stack_ls.md @@ -0,0 +1,37 @@ + + +# stack ls (experimental) + +```markdown +Usage: docker stack ls + +List stacks +``` + +Lists the stacks. + +For example, the following command shows all stacks and some additional information: + +```bash +$ docker stack ls + +ID SERVICES +vossibility-stack 6 +myapp 2 +``` + +## Related information + +* [stack config](stack_config.md) +* [stack deploy](stack_deploy.md) +* [stack rm](stack_rm.md) +* [stack tasks](stack_tasks.md) diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md index 8e3f2259a7..5d4e4d57be 100644 --- a/docs/reference/commandline/stack_rm.md +++ b/docs/reference/commandline/stack_rm.md @@ -32,3 +32,4 @@ a manager node. * [stack deploy](stack_deploy.md) * [stack services](stack_services.md) * [stack tasks](stack_tasks.md) +* [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_services.md b/docs/reference/commandline/stack_services.md index dedb22f8c8..8f28410bf3 100644 --- a/docs/reference/commandline/stack_services.md +++ b/docs/reference/commandline/stack_services.md @@ -63,3 +63,4 @@ The currently supported filters are: * [stack deploy](stack_deploy.md) * [stack rm](stack_rm.md) * [stack tasks](stack_tasks.md) +* [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_tasks.md b/docs/reference/commandline/stack_tasks.md index b8bc91aa9d..24b00e69cc 100644 --- a/docs/reference/commandline/stack_tasks.md +++ b/docs/reference/commandline/stack_tasks.md @@ -45,3 +45,4 @@ The currently supported filters are: * [stack deploy](stack_deploy.md) * [stack rm](stack_rm.md) * [stack services](stack_services.md) +* [stack ls](stack_ls.md) diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 3bae4f4c4b..8902a19ea1 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -93,6 +93,7 @@ Options: Commands: config Print the stack configuration deploy Create and update a stack + ls List stacks rm Remove the stack services List the services in the stack tasks List the tasks in the stack From 1c60ac11d68c98c8144d1ad0f3843d9805994d37 Mon Sep 17 00:00:00 2001 From: allencloud Date: Sun, 25 Sep 2016 16:47:45 +0800 Subject: [PATCH 1786/2538] add endpoint mode in service pretty Signed-off-by: allencloud --- docs/reference/commandline/service_inspect.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 4923d8e706..e24927f433 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -115,7 +115,7 @@ ID: c8wgl7q4ndfd52ni6qftkvnnp Name: frontend Labels: - org.example.projectname=demo-app -Mode: REPLICATED +Service Mode: REPLICATED Replicas: 5 Placement: UpdateConfig: @@ -123,6 +123,7 @@ UpdateConfig: ContainerSpec: Image: nginx:alpine Resources: +Endpoint Mode: vip Ports: Name = Protocol = tcp From 6fe8c73b605a411ef57d79fca4e57f2c6b7c2a50 Mon Sep 17 00:00:00 2001 From: allencloud Date: Fri, 26 Aug 2016 00:34:32 +0800 Subject: [PATCH 1787/2538] move mcvlan out of experimental docs Signed-off-by: allencloud --- experimental/README.md | 2 +- .../images/macvlan_bridge_simple.gliffy | 1 - experimental/images/macvlan_bridge_simple.png | Bin 22392 -> 0 bytes experimental/images/macvlan_bridge_simple.svg | 1 - experimental/vlan-networks.md | 274 +----------------- 5 files changed, 13 insertions(+), 265 deletions(-) delete mode 100644 experimental/images/macvlan_bridge_simple.gliffy delete mode 100644 experimental/images/macvlan_bridge_simple.png delete mode 100644 experimental/images/macvlan_bridge_simple.svg diff --git a/experimental/README.md b/experimental/README.md index abf54f2bd5..91cf48cbdb 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -72,7 +72,7 @@ to build a Docker binary with the experimental features enabled: ## Current experimental features * [External graphdriver plugins](plugins_graphdriver.md) - * [Macvlan and Ipvlan Network Drivers](vlan-networks.md) + * [Ipvlan Network Drivers](vlan-networks.md) * [Docker Stacks and Distributed Application Bundles](docker-stacks-and-bundles.md) * [Checkpoint & Restore](checkpoint-restore.md) diff --git a/experimental/images/macvlan_bridge_simple.gliffy b/experimental/images/macvlan_bridge_simple.gliffy deleted file mode 100644 index 9d77e1f6fc..0000000000 --- a/experimental/images/macvlan_bridge_simple.gliffy +++ /dev/null @@ -1 +0,0 @@ -{"contentType":"application/gliffy+json","version":"1.3","stage":{"background":"#ffffff","width":328,"height":292,"nodeIndex":215,"autoFit":true,"exportBorder":false,"gridOn":true,"snapToGrid":false,"drawingGuidesOn":false,"pageBreaksOn":false,"printGridOn":false,"printPaper":"LETTER","printShrinkToFit":false,"printPortrait":true,"maxWidth":5000,"maxHeight":5000,"themeData":null,"viewportType":"default","fitBB":{"min":{"x":16,"y":21.51999694824218},"max":{"x":328,"y":291.5}},"printModel":{"pageSize":"a4","portrait":false,"fitToOnePage":false,"displayPageBreaks":false},"objects":[{"x":241.0,"y":36.0,"rotation":0.0,"id":199,"width":73.00000000000003,"height":40.150000000000006,"uid":"com.gliffy.shape.network.network_v4.business.router","order":42,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.network.network_v4.business.router","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#3966A0","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":85.0,"y":50.0,"rotation":0.0,"id":150,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":38,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":10.0,"controlPath":[[3.1159999999999997,6.359996948242184],[85.55799999999999,6.359996948242184],[85.55799999999999,62.0],[84.0,62.0]],"lockSegments":{"1":true},"ortho":true}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":22.803646598905374,"y":21.51999694824218,"rotation":0.0,"id":134,"width":64.31235340109463,"height":90.0,"uid":"com.gliffy.shape.cisco.cisco_v1.servers.standard_host","order":44,"lockAspectRatio":true,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.cisco.cisco_v1.servers.standard_host","strokeWidth":2.0,"strokeColor":"#333333","fillColor":"#3d85c6","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":89.0,"y":22.199996948242188,"rotation":0.0,"id":187,"width":105.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":40,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

eth1 172.16.86.0/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":147.0,"y":50.0,"rotation":0.0,"id":196,"width":211.0,"height":31.0,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":41,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":199,"py":0.5,"px":0.0}}},"graphic":{"type":"Line","Line":{"strokeWidth":6.0,"strokeColor":"#999999","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-82.00001598011289,6.075000000000003],[94.0,6.075000000000003]],"lockSegments":{"1":true},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":210.0,"y":80.19999694824219,"rotation":0.0,"id":207,"width":120.00000000000001,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":43,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Network Router

172.16.86.1/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":27.38636363636374,"y":108.14285409109937,"rotation":0.0,"id":129,"width":262.0,"height":124.0,"uid":"com.gliffy.shape.iphone.iphone_ios7.icons_glyphs.glyph_cloud","order":0,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.iphone.iphone_ios7.icons_glyphs.glyph_cloud","strokeWidth":1.0,"strokeColor":"#000000","fillColor":"#929292","gradient":false,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":33.0,"y":157.96785409109907,"rotation":0.0,"id":114,"width":150.0,"height":60.0,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":1,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.9951060358893704,"rotation":0.0,"id":95,"width":62.0,"height":36.17618270799329,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":6,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.2300163132136848,"rotation":0.0,"id":96,"width":3.719999999999998,"height":29.7161500815659,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":15,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":99,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":99,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8599999999999994,-1.2920065252854727],[1.8599999999999994,31.0081566068514]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.2300163132136848,"rotation":0.0,"id":97,"width":1.2156862745098034,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":12,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.292006525285804],[-1.4193795664340882,31.008156606851536]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.5073409461663854,"rotation":0.0,"id":98,"width":1.239999999999999,"height":31.008156606851365,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":9,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.4306688417619762],[2.0393795664339223,32.73083197389853]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9380097879282103,"rotation":0.0,"id":99,"width":62.0,"height":32.300163132136866,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":4,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":38.326264274062034,"rotation":0.0,"id":112,"width":150.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":17,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

container1

172.16.86.2/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":124.0,"y":157.96785409109907,"rotation":0.0,"id":115,"width":150.0,"height":58.99999999999999,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":34,"lockAspectRatio":false,"lockShape":false,"children":[{"x":44.0,"y":2.94518760195788,"rotation":0.0,"id":116,"width":62.0,"height":35.573246329526725,"uid":"com.gliffy.shape.basic.basic_v1.default.group","order":22,"lockAspectRatio":false,"lockShape":false,"children":[{"x":29.139999999999997,"y":3.1761827079934557,"rotation":0.0,"id":117,"width":3.719999999999998,"height":29.220880913539798,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":31,"lockAspectRatio":false,"lockShape":false,"constraints":{"constraints":[],"startConstraint":{"type":"StartPositionConstraint","StartPositionConstraint":{"nodeId":120,"py":0.0,"px":0.5}},"endConstraint":{"type":"EndPositionConstraint","EndPositionConstraint":{"nodeId":120,"py":1.0,"px":0.5}}},"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[1.8600000000000136,-1.2704730831974018],[1.8600000000000136,30.49135399673719]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":51.46,"y":3.1761827079934557,"rotation":0.0,"id":118,"width":1.2156862745098034,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":28,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[-1.4193795664340882,-1.2704730831977067],[-1.4193795664340882,30.491353996737335]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":9.919999999999993,"y":1.482218597063612,"rotation":0.0,"id":119,"width":1.239999999999999,"height":30.49135399673717,"uid":"com.gliffy.shape.basic.basic_v1.default.line","order":25,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Line","Line":{"strokeWidth":2.0,"strokeColor":"#0b5394","fillColor":"none","dashStyle":null,"startArrow":0,"endArrow":0,"startArrowRotation":"auto","endArrowRotation":"auto","interpolationType":"linear","cornerRadius":null,"controlPath":[[2.0393795664339223,0.42349102773260977],[2.0393795664339223,32.185318107666895]],"lockSegments":{},"ortho":false}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":1.9057096247960732,"rotation":0.0,"id":120,"width":62.0,"height":31.76182707993458,"uid":"com.gliffy.shape.basic.basic_v1.default.rectangle","order":20,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Shape","Shape":{"tid":"com.gliffy.stencil.rectangle.basic_v1","strokeWidth":2.0,"strokeColor":"#6fa8dc","fillColor":"#3d85c6","gradient":true,"dashStyle":null,"dropShadow":false,"state":0,"opacity":1.0,"shadowX":0.0,"shadowY":0.0}},"linkMap":[],"children":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":0.0,"y":37.45415986949433,"rotation":0.0,"id":121,"width":150.0,"height":28.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":33,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

container2

172.16.86.3/24

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":102.0,"y":130.1999969482422,"rotation":0.0,"id":130,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":35,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

pub_net (eth0)

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":93.0,"y":92.69999694824219,"rotation":0.0,"id":140,"width":150.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":36,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"


","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":14.0,"y":114.19999694824219,"rotation":0.0,"id":142,"width":78.0,"height":14.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":37,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

Docker Host

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"},{"x":71.0,"y":235.5,"rotation":0.0,"id":184,"width":196.0,"height":56.0,"uid":"com.gliffy.shape.basic.basic_v1.default.text","order":39,"lockAspectRatio":false,"lockShape":false,"graphic":{"type":"Text","Text":{"overflow":"none","paddingTop":2,"paddingRight":2,"paddingBottom":2,"paddingLeft":2,"outerPaddingTop":6,"outerPaddingRight":6,"outerPaddingBottom":2,"outerPaddingLeft":6,"type":"fixed","lineTValue":null,"linePerpValue":null,"cardinalityType":null,"html":"

docker network create -d macvlan \\

    --subnet=172.16.86.0/24 \\

    --gateway=172.16.86.1  \\

    -o parent=eth1 pub_net

","tid":null,"valign":"middle","vposition":"none","hposition":"none"}},"linkMap":[],"hidden":false,"layerId":"9wom3rMkTrb3"}],"layers":[{"guid":"9wom3rMkTrb3","order":0,"name":"Layer 0","active":true,"locked":false,"visible":true,"nodeIndex":45}],"shapeStyles":{},"lineStyles":{"global":{"stroke":"#999999","strokeWidth":6,"orthoMode":1}},"textStyles":{"global":{"bold":true,"face":"Arial","size":"12px","color":"#000000"}}},"metadata":{"title":"untitled","revision":0,"exportBorder":false,"loadPosition":"default","libraries":["com.gliffy.libraries.network.network_v4.home","com.gliffy.libraries.network.network_v4.business","com.gliffy.libraries.network.network_v4.rack","com.gliffy.libraries.network.network_v3.home","com.gliffy.libraries.network.network_v3.business","com.gliffy.libraries.network.network_v3.rack"],"lastSerialized":1457586216662,"analyticsProduct":"Confluence"},"embeddedResources":{"index":0,"resources":[]}} \ No newline at end of file diff --git a/experimental/images/macvlan_bridge_simple.png b/experimental/images/macvlan_bridge_simple.png deleted file mode 100644 index 51fa66e263793573edbad30350a6e59cfbdd0256..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 22392 zcmY&;WmFtm(k<@p?(XgqAh=7=MgqaDae})`aF;-E*EH@DG`K_KA-EItb!O&$bLR)F zUU2$U)vjH;jzw#z$)lr?pg=)Ep(`r9*MfqA20(rUkq{t%IiUa30tKZfsrX(>$9wf8 z@68$ao_OR1bAz(pgPkCU&o)KOcCK6Dn!#}njeYe1{T4Mx*EWAxsO8DE`DC>=2N|3; z{F4I@*kW!o0LJ-+?}~*s^d);RTnHEpNJed2KHoTWQ%o@X-Z+O^eDy>xo-|!>?KZ|) zCnokPMrlqJhIRF>5Qt12)=wXXg_40KjTEkoM2*Km9p*0n_qPTp3`=?&M;htte+GT2 zjr{*ZnE=xN9{P9C?Ct*z{X4_|&DWkEX$V5cMhBm?hzfal@H7(Ds`VM!fQxgQc0^`D zp7sO~7e3?E;_Xaqz>Brr!%(~o{21NIcq19EF8F>PN~-^TA&T!_S)Mi1)CRn(NceX+ zR&A>8XFr6kfSEX*sGg_$NFJ}dhjLH?pNTNR=v~$(jzlLnx-`<~U*Sg1e8Ap1i6v*! zD4nR)K)HGiXRvxWYtr}~<+<^-rO|!WWirSl515DJ-h$ccZEG9FOhV>|;)HypkCwe3 z1c}`<nXwj4_cCbFFm~6)r(yGX6Jc${2;3~*2=!^lh&DPsl-{N)lf(u zrt)DP+&fzG(n5!#i=UEC5hYMEz?Sthc}IdgL1m}V$`?vW0g_4$(CMw6EZ;@HC~eaC z#c`lSxLdI{QIoNs*9cp~OtLLsz z%5g`_98bj+PbR<$jSUL5s(dRppHT14FY?;BLvVSlgavU~k-- zE8vhr&9sZ$BUXC2dv0lH6MTUw8`;m_0;)E5gvw_Om^Z_F(roR*7sc&gVhy*~`Wqa% zN__OD^*k&hkHDE&q-YaG%z$7+fKl@w%IjU#>xhRdRWU}uu?DF1>yH>+_EfMBMvS4f z$^BZ8MNA7`TqUV)M>P=nD^PT(N{~ymhbjUl>_MqBM{VH^xyG}B#9$BJZPq6y4P1L|+YW1eaK=q{n0lj{tWzQ7kMNGw&^B%*t$ z$K!TF`~;UP@UBKHt)ct;NvGRivu(89+iT*AyTZO8G6J@mV7Mo!hE0~}5b9KvR=V8+ z%-OGE9WAw5B_BId*&${7SwEcg#_{y%PYaT;((x3hncbpM%5w_uH5OX}u{J17?EQqV z2Y@K6_tlHje5(NmA+oAmO{jc{bYo5H;Z@lh23nT#YJDaDEkU48RtV>W){{;Hq`BJ$ zTq$KB=W&__$KP|9U!%&`JIy)yQMWWPcej4#^hq?qk}d@@uczVhqU>ZxLm{qw5<>dQ z^lAtQPM+w8Hp@U!VBYp&aPGHf^@>WHW($6aODcxL7SM~ zmUQ9Zd6>%9c-J0|CHHY#UO^3Zr=;`!36|XK=w>Xy@H<@3K&l%F)K+6D0s3z_p=$;h z%roqtlZx?j36mxUj5kHeP8dDe*dN3n$Lmj7Q0)49)WUbiud;%{xFX?eHDn?N1UR?h z?WEJcQ;oPoKK?N(qn9i7hB>aow#Pehr2?_W3{!^#zRgLiSS&_yfS8Y|k-LIUd zTewSRuv#EPL)jlgG#Gr6@;s(ayx(EPDP-C;(%Q&J!nLc4wCt%*v;>F-^#PT8Lrje* z9ie0;C$rWtovs)S^gptHUr~#t6(uwqBC*~oafnIMV12Jn-c^djcgk?Ry8@*iW(eGw zm5XiCEvruV#FxE!Hdln3z|D#3*fhl1`l%`|Tc?7;K!0^Q^n~gNF}M%vFa|I02h z2+=MDd=aKPJLlN$w$d58tC_|zkEu=r4%wQSzwnMUIRktO#Q{wvK;u1akaE1^_oWB9b#VLKrTvt6FVLGvMhkBEEA zazIrk^`UZ|tf$6G#>ejlHB~?T;Y0n_v79f-9{#85RNnAJOTV{ugYgo?xl!hc*U)kp zwtT%c|Fls^kuH2k*|BWgPu^tg!cp_(pmJw8Pq@LjDh;>~mkF-n-L0D9T>k8L^TxJ* zF)F)Iz8z5cVo0^-PN62>R;3XxbgN;Q)>&@Czsz1acahpyKcrFZktt)Vxt)L)LcxAE zBt?yzF|84shHs6)YUIj9fI2!#Q6JM?1pm5}yAk9-IO^F;OX>@Be8!N7-s*g=eV#o@ zVe)s^M!7fY*<^%U7w>$$ttfG{gPAzYC;x7N=~Vvx$zU4k@}}WU$6z@{dSM3+@Z6H0)PvB7us1%Er7a^Q zyFQ|3U~a^Qgqqh*(g-v-PK)PmCygQu3_04{8@#p01adQC3n~JI4>TYd zO}dmzcR^mn{^(AN%sT4LJ_{j#7My6CcBPM;cfwkj8$8*{dQ{7-&q$FU+8H-kb`-T^ zq+LN?Upc#fQ#dN*cngv*Gb#sM7c$yi_~OK`SS|C4(Z ze1;|Q19kR~5(@scq6V#KLLyNN(>C$@U_G4bb#5GyPvbl;X!?mf-)D)^m#~nDZrj&g zU0s7LM0U8WzN_W@=@wdI?PZrcw&cG2gl<O4AY<7$?=u;z3FW12}1E3rP5Y23!f=L=_tz5aBzb z&KiQ{j(Fv9A=!DFGITofw(~a3UUIlQ;NPy0y}7;pIFdkaercHf=H^q@>dOn0(X~Ok z<3jPGPJ8Jf242>$$qd>!k}W&~(c; z#Putl3^U?c_X0`G9@KqJdpDbV;DZXeV7x6#!U5F%i%eOCZn_1cfBeR`kI(y)P-S>N(?dY%yg|rzZee2$E+v+AQRB1c*{I~yAnPIO^U z4`rX3M(#*nUY?D!^WpEX_I8o^`T4^3_Entr+uK_rBBI_B<%~gQH{0ce;n#Qsz*yG- zREBOwN#e{zHbt^!@Y93+q&^;`ZY{S5e%smFMjyK-l8efL`Juh;&o$QKbaeo#GgwrGhlUE75N5q)esB=3gh-{g zL>8yH{QW1Gv(@=+9^m!jHVzPVVf(LDm~{`1v0&|hB{+Z*f3Ac-3C&+k3}Wpy9`ZW_ zg9|^jz?6}`_d;0j>3SpP_xZt*0wy+s&O}8DMKd22iJOSw0ocq3=BZNZjw<+`aV3!p3TquYdhq`hx*H>uLaFUqxYo4iHH+_a^&S zh#kQ}%CYin!E1AKurm>M?>HbH{tFSnzY)LzZ-xU9)k`S6#f>7H2oD5=9oj;P7BH^G z0}m@+VE#SI_l-}0cqDPoxS8Ss_wzJ^SL;cf)&2kfr|A%{`H!1-1+1rPk7#D>3*ahQX!n|$UFQ<~{`%lC< zohU>&|Kl9QS0`bxlW!UM)7q4i``nuEzrJ4!=|v2}{bK7wte);q$m@)rRa9wDaxoO9%5<7@;>-|_V&0Qdf^Z*C+z1ne z<3dS=Q|dC{=NWiaIeq1*$_F;drVpO|k8^-W0b>Hm{qdniDTYGmq0I0znSLG6q( zhId#VHYP>ViLomGN>A~Yj!y9bmbupZ<}z2oS=vPu46LG(6`>81ShtFHK*|MZ-hfVh-(#kMD#CrN38toJ4 zK1D!^6d9=6m`^|atcIXqh7onaHWP2+Rna{i4Ft#l?sI?d6Pczed@G$&h0+Wpo@T*~ zDo(ZhDNdT4$hz0%01|y;^WixEz_2ublufP;|D}0}G(y$$Yu)W&w@x ziHq##eOlk4$M0S5uMc?!;0lpvhqM^xJSmG3vqLx+vf;Rl$$I6zo;$N#H6_@Fn7^XGtEP_0n++n2ZSMb0!9*(;fXM{uM>TjkY` zgzQ>mdE>n98Rri=FjKfnVdgs(DuiH}5PTvST%>_S>W^^5D6pB7u;c*%v!Im=_CxRA zefBxTzNf~EzTLAQE;cW-da#NoP!v4zOv%#5lAt5<6~5rhFyPv(*wF{o3wy<|}KDZtqc8DbY+z`LA4&&AF~ zRLb=7u>MH;ztv-`NH3#oVdG-B%wN3ApPnNSqVe^^k4x)~!;x!@PD6nakx4si4pXYtg(i0Gg1^z&%*Dz zh=yEoml7Ui4K|1a)YB6Uxp5EAt!TjQJQ$k z?6OP+rL$YS8YoKPicc|th{=)vB0FR;{;ziTFHwYiRtV~#1LwD2L1BhsZ4OxPqP?DB zI`Sido~6%Tcd@({n&?+d124wD1&!MRA;WEGf=%GQLV3+Mb8&EZdo6`G3@4$!sVbos z12!5?B~2e}wQN7Gk3N?Xa#G=d)f93KzSLw!J>lSqyugBdPWAx;@>$TD`SwUvCJEP` zyzqREfpkw}wluW_S6B-5=8p(Vyqy32P&umrWtbL;Bav28Y6%UoM zNL!B&R@0CegZpBRzv_pu(iq)0!73k)=0aF&-WJUfyG}Aq%97{bk$!&AfS^Q;eaX>2mit;3*#9cVfrj8Yr(yo=B)A`!tg^;_)aSA{{iz7JpV2c#cIh4BYuc zUKtsj3st6&?He?|K~RCo|C{CeKj1|B4CJq%EAxLBX;{o}iJvqYZI>=LXSO<&-RUM=uQ;B>Q2z4_zUy!QCiDp&SH9b26a4r z>(veFXzWGbkYmgRW1{d*P#f9xwz5xs;zC1}@Yt`^DeUO8KaD(e1MIy?*NY}zDYxWWj= z2>PsX>^H2F-(yGx!RPNTWi{Sdndk1arDLT9He0qIe7cRk>wF4mh=;0Ca$e$`yqR4k z>W=8$u{R9p&(|?s4Ew~~xr%xJqbb})t}*~LO=!Y46o3OHZuM2)l4GhjCV;Hm!Ru{q z{=FL@7up00ag>=G)=oc3TU(N}!R@6j4MZC5vX{6VFmpR->y53% zeecl9)bf7A)|T1|1w0GAhiuQ|pzlxF4}lj?qDX{rt>ZORNWiN-#e|iBhwVsXu+wH| zR>0J|fQJj}v-P%6&yM)<49?yDa8!`{5l*d1S4@te^Um2uhxY{-I$!K_KSh%QU9W#= zu1ssZrl*=c0)VFzaSP(cxG<#Ts^ zd*nk4E}`VAX{R?fA|}P4Jf(jsLI~WB1b7&j|5%vezGs`lI1xzozNiFRk1ji3XxL|G z5ZUkXsO(3OG6Kg-PNzw>QPSn*2<7f*5-rGO7Xboet<8|f@gh5m8kG<|44XJ`r6Yd# zJF6rUg$gn5v$+}_4mc)V8Sk7j!r ziwzdSC=2VNE}G{vNvSWM=NsNMZCcs$GfT3m?48si1-SxFPayaOt`@B92!#-5i zb<>=C$;0G*B_5sUNaputs9qbBfK1=&CnW+5A~9_t6|=1bszT;vamBT z&0jrd-P^KEd|AGx{S}8on$UB$)l={lKVsXCbBby@|BhFUgUiwmh$KhX3txI7jNsX_ zrlo3Nh^VtbKsNG@S#;@?j8f>aXmu$o&NiYaCLZ7us!i^dO4 zq+&Eq6d5ikR7)LJlH5Y;JhWN!wh$$Hk_D7tF%)Jr)5B=F;HQA!YNVdA=Y6LKs}T_s z0EC5fc>F09c%oarLbPDbE|HjlJo_K`Z|@ zIrrz48yH!0ohR8j zLUyi7xx0@RQ>I=ZP1lv@eBL6bzNopy5@Vvt6Ixg*0wa0o&I{ehm0UeU#i zVCs*Lr;o&|bW!;DOGI72oS^aY#g(4uw9xvzO8+E{Ld4xB)f`G`((oGHJXI?-P;6`t z>NXl2Aqoi+&H@DeJ6!k<&^7AzjZ5m`x0jFDy4_M0+6KeHAwNJ&^&dr@3EXQQbjG}L8?E@evi70)(oG-HRwOnumy_IWOHQ~_g{9^QG0 znzZhx=p7dh_VPnpUTm_mld=H(8QFfd=eIt_x~jrsG56XN$^E8@RhRhlp5y=t$oM5P zXHw?)#{hbvp6|4DrN^`o%10a7K{xp3b+e@JB!wn%=578<)*7~LRPl!pVt{0pj&d@m zyW4xTQi*5egqQvptXwoG4GzJtwK^)J!k_W7k}wa1u1b}na|3_pDFlhSTpB3YjjqTB zlWdE9dw4V>ULt0KF9~@qfuq)q2GOO9*Y9PB?bRqgnEAQvlVwOSmd(06W+?=*W@C4G zU($FWNzL&cCGfX3tumS9FgOg@di+&H1oK!O-5i)!9b$$Gi_g00e9pB#MuV_?* zo+R&TU(0Ha(GI6q2#x2Of83D<1_!Q|s!3;;+NsT_g8ec)vuJ2a%&T;hTBL)qZF>8_ z>C$oscBqGk>e@YEl@dH7y8YcQbSN>thw@en&^;{&+fBCofZM7+ z6Nqr9G)dEoPc~edgu_D!!Q}I~v@6CYHdiA^Gp{m#p@3w=W zJzqXLh4=s<$KLwit8|KFrN!d9wp(HhjicYgBqnmzMx+%OSPgR=93Fb9I&8DAZ&G|a z(9qpp?%S=_zTYPXz^RH}ChywdRl?Yh;=M1kBQW$K za5SJN%oB3dP+K8K;hMyf=j84B{)2F;3wxThZqoEpwS?7ZyHiN{aahtvU%e361Hzjh6-K2Xq~ks~fEV&s#8 zb?(c(gCAEhG~|U&y*K=AY!q4!I2hmF1Me*jfD=k>aLUD@tjvX44)H$(2lbO)!&jQ~ z_>Jy(Idpwt<(q~`Qm9_D?AGviu(+d4#pfT02-_rC-*!a;1|87t3SnO)#>7@L<=eL$ zGFCW@yzbcaz1+8wlQ0OV?#}3WC%t&>lUg>Q!07D3XTk>N6s|p@%xhuGn=t4b)BP5|9ADBu6=&yddTs zF`i@o)g~rp$U#_{dV+Uzwkp64U9gGO7k0)*r|l0jR-YrWQP(QJW(y(om8rG0brO3} z9BlQiIkWWf9(KTCv3%lB0{fPWDi8KMEH7)b2IS@jK_H*;N^%(xN!qZsdEJB+beiS~ zon6s9m%n{A?eUVx{v7pvu2kL)6YawB#>MueIGdQ`p)BST4eoKpm7~c!S?he=oc@i( ztWIC>O~LO9B^H=iuz(~mg50FuPRfE3#-Xr}t`z%SME}G@T#7-9g&LcWCAMY3j$t6U zy@aE+Ef1#kC2=8OP#*>yQi$~_bFJw zjj!I10Y3&z>e>@S3xgyOeru$IwU#8494rGk-aO@o>_xZ$yzPa0u(biiJ0Sbev! zskg<8i;D_W7rbZ#^_`KBy?_+NSY2>&L%JYKItg3|g93DOXQInG0OBFP8JET9;+?(p zcR%4GJ=o4I$g&8cz&_}BM@{a=I7r!W7wT9A0BnHi6a8rQyPquY3_OIPs3DOR3Kb9u zqZ*2}Bst2!(}21q3=oQ)f(sRc0GI9eJUlKCpM6h@!VOsC06HzN*gK3YHUfQV#I;DZ z_oMr+rK1>VXv@s4lm5oNf2|(d+;-%{n*38htN$i zQC0cP9>sGshCkV%54Z1<7viPzP-;X{r#OG+WKfm&t&Lmy) zy5Fp_n7U#0{BcX(6cLT@wHNdcMimMs75d%0-O!pBS%s0hI`Wcmjuu8V?j$5ejn&rz zry{JYr`M+26aVg%6Ujj!X9yvS7CWlsYV22Dz`ICk?8l=OCV!r%%sSzyL}!VjfilLU zi;C#k<4C7R7(yV7AaLHc$tZ-?qN~Fq9{uCSkBG)W5xWv`|3@7^cUhqQm5uO<5%0z8 z{=TJ-^fEs7gYs1y4~KfmuXv5H09Pv^zO(O5?4^KsQ7FBFp@0@@nd{=Vg>v z{D_w`Ix(AK!oj_SORE1#gNUOT{(4<{0rRd_>PWlSBQ*r53{&!BPVL&q-}?;+^6>&< zi)ZX|8zW#a6+I4e1M`M+h!GPWpLL4^S^o4PDFe(*$$6@ai))&RB)5}9zDd4M@6w69 zB9XTHuRS;lRqEvbB2r8X!?Q>c$B%Jo7JZTiwrt%%)sYR}PI2gLX$HG8W3$~IuM;g} z1z8#o$eKOp=l|a%Ug`ix2wh{!N$imr zOq(c)wkjJuX9z($@h$D>i7iHi+$uugqg)jR)rQ=>JlVw%QYks)00&U?MQbH^YI^#3 z9cj5D{QfXMx_9~c``E*UT(ZeA*+?;SH^^^N>Y1Za39*C53J_J@{!fyLioDhENR(69 zLlVWIlh|_IT{%KRw%~YYQ{9jejNa%imY^83;jYw4+44#^@bv>6;c-iYzRKZ%e6*Y2 zg)a*X?fq*--2DLS{Nm>UKd~+@mjXz5m?J4SK6-<3n8PXmg>AP2Y!dq>Lwq=lcD;2i zXA=@YYOrsQQS=lcyqKAm{y*#|v_MA`KS?y3T)ZRU6j*|rWCdXvRrlHXFO!mz=128{ zH>!E2;yC6KH#?*dWpE#GuK5vNBsyWBxptqIV{*EC;d6V@$vjrQSwOH}O=CjF;)@Uv za#<5^?Ms9NTX#C^enUv%K}umi-R-O2A1hbvQ#3B{rE%hCSV-)%A(_06f3MKgC}lk& z&Cft-K0HxjGYM& z*xk5Zd%gb@YUSF6zHj{DbirJW(f8)25Xga%omvpwBrQnjOJU0Ip+CVC$Y*7NTN-jp zz>ol-SR5xnkxuUcV($aaaO;!{-22)8Av|l~nugpVzgx93?;KKIcX$61*?XHovg6rm zcd|O;{|H&R(}2Y(F1TDYOwYG9*3U}{7wK$wBr%PWLBcz?7P=E}UA@~xZ}{>n{o`xL z_Ur_o^jGXqNDgra#<8HTXKn^t!u|)(z-J$0>;;Pre)9`{#2Et$dok#DbQ?DdAH)}b zLy9bbO}`>9J32b0w%GH+|cJ>l8946;$g={>#?C;3zvbwA-#x|dY-f;&988oVCL^WYD zGM7@9N?{WARSx^wOMy6qI(CJAEA$dSc=WULj%VQ%hR** zP>_7F0ihXzu=1i3`6y>@Zz9x#jV-(G{H`yf40|Y!371&7a(jP#(S$s)|E>Hp35k;c zU&)@1fES;yzsy&%_zIAnI5L`^XD`wtnyjaBCOAW$R1QE`%8PjV@}%a)C8~cd%6Xqk z+%>t=!k&Yi%>UgLRxcrfQf!on+90G^Se1SaXv!IdTP3rw6<;Ds<1pquV<7+q;evvT zmq#XAwp8c%P8@J!&LEEl6t5$}MQUX>*0Bbteexksd+8R^Y=B8wsA76|^Jd}Uok1Zu zsA4U$j_Ch%%8?Q6KL4G9kud$<+TAgq+KlRzNP!XkdBFrR3!NAXy@r2Ru5{61QwwB53U+LnGi6@EC6?XWJ`o)FtjdyCJht)vY<2;XV=Cp4&EOg2`VVz znBhOZl2fX~-#6T7QcHJPxWl_n%9Wx%4bL19^%zXLsp@fqm;XQB4T+3xkkeVBj)gGM zIWA!P&q?jR4|uZrG#Cf+eJ|rV^wbpI9-Ja1q*+d3W<`_SRB?JzaOq`Cg9*li|L%Ov zyAZ*8J))Ek1HCPXpZFjgK{^s~)nLM!$Ou72BgZj6tJG{qqp24QPly#5d1oCC1$Aw*x%)pr&h*JhPkfHv_gSHG zQaWL1B!m!BIo)*ck1N9eSz@~5cH2nse7v#Mw3JLuO$`wpaQm(+%X4Aq78m5t4(cHl zVjAq?+&|JD7@6Yj)Dr5~W?+Cz2d|nC9TTtt!b%wtkyObiLg)YB zyocyo0=X#L)5BDrXbE^K)slyJyv@jX$)6LXy!r4Q%WF{XS4VZR@vsQsVo0-D7+!=G z4yw1|fATbREP=CgcNpm+4q}#~gYeL+o2&oY4|yQ30sFt9yN7^xsIwQ=!ZfiE`ANQk zr+No?s%sn{WgWJ<^UMMW*Wv2|=>}^8DNAEB(9D_#!`KrAB7+L!-a#!Z*kX+cBsS1aq3`y3m#(nI|LFCy1W>4=Y{=p{bqBmoCZk?b9jKSs`*Z$<{;2N&bn* zY^3AAV9zm!pbltpk846MPqctWHp@niEmdf@IIGgY!#drt%ocM(<7QAn?B3)wM)4%K zlTSpf;6L4j5aQZIJ1i65aW5NrjSHeop5jYbKUP>hJ7PRivh0D)yK|Z$zL2|yap=Wv z|EF)@)}QrReU0Tp)#PwqYUha3>sXUB-woskY-|aR2W{M9NVB-4p`ge*qW+;vU4pN{ zSWA*au3hB?$oo_qL>ut}BcN^DsC%e?I^&)UE^5!TOv>r&lVS$3^HoK=<2Bfl_H{j_ zy+{M@_nv;)sL&y1)t^e|SODJKYpG#=fjIstwC6sbrK1WOjvoj*@?)3Lj}F=NARZl4 zZN?%JJ+53n{Wpn6bbaC5mMOZ$00&@l$Xe0ucSjTEO}t=HJyj%^Q(P4|f;+dQ=RexQ z5X#{Wwy2BK5`Ow9 zPN-qrAX_It_4_2&n?t2)w>5j53sQCwBdk%(?2f@MfR^E73|^S7)+$tlG@S- z1@Bu2)qeaVm81Pkw6#_gkX{h*f4X2ZQnm|6$cg^z_}G5+-0O6e9{#)RdH;7DfJ2lG zXk{io~czlMGp zVJonfIauLeJGPQ)fFQ^n#1l&qBCDOhnGYBb1YwGF6={&Yi z6q<|3Z5SKR!@EZ^8{xb^U&rRyG+=`Nj&DU2QIAl|SNFcR8PJ>q;}R~ii59+JpMz%% z%r-0nbiW^7x>I>4I$euBCEn%Cm=qvQpN3YToY&qPtsxs z9oc0iCpmE-NEM(s31<|Vc@Z8GAq|z6<9tV1J*FLYTCAN%3ppymgAWzQON@B1HV(!r zX-ko-z?wqr|7L^0T)~u8JcU(~O44`Znk}8gXG?Htwje#W_Y;gzzz4tbIY}ePpPvP^Ez63d|ZNrOGABT+&$6-&poGN&4x`36V0 z6nBio*r>xnSdQo?V=JPqvbg5fDNfRRD_1clpMtz2jLfLOjL$^yJ^<(2nx+M`E#ef?pLJ}g=nrTaz=b^yf}s3Zw7;++KPfgy^<7RfpK;ze&(rBj1|@D`6i=s zE-A6@H%RvzUR#cf=a)1F5P9IitE$h{?PV2VQ;B(pD*LXc0*-YEcK%eR?*kDhpl5N^ zKOvbooZ%;hf|krkGfa=-5PnTSUhwcQP0sAkw8aY0cUd9!oUEynX`{Wu*-AO}dciZVvUH9h!?s{Ut;F9XAq>`t3lIeR36-_2om2#XvVq_g`dmGaLI7Wp=9@^Z%D z5#A~^sWZwN?Nly84P2HUiwtFzmR{Z>Y7E zxxVeD)G~EiJcG{f+<7P+n~#0sc{K9{S&pnYrgH3S-aU){NVB=Ie0X1BPNj-+>+Z#W z@L}>O=ipL;dGL5nl71FF-u05|O|D)an6 zf>ogG%e`D2kgs39aHaC&qyA7%KYF)|3ckv1->=qgoKHL#Ri(UTxQn&MYt40KTFeHR zUI=K)y==0C=Q1LRir6;cNJynJe%2xf-&{OWCf{{L+}TFV#kLh-vz=WX*AS#nQqYfgx~x}0IYT2wS=2}2fFs6S z`KEZR&+D#2?2-Jn9Aw!utVD061^n2(a%SJXk}`QXHXD>j3$qgL5Kl~(;jA17YrT%D!~hOJ!J_ui@`m;9Tr_<(sS zY>5;pV*mu+7qdtV^8O6-Xa@n&$(kN5xCw|=UXH&o%Vp6lr=?}yWXZO$yF8nVjmjT? zJ*%ru;;5V?(xU0DODvk*~j)|XKG66f45>yH(3x8%M9CBisVKq5HO~n zg9ptU5mkjqW0q#$r9eG6xilf*0>QO5Jd2zyB&7@pTauD*V^az>^^j)Q0xJG_>LA=Y@|Kq+WDJdAji2T_z*? zGe5LNA4U+KQxTDo;YFyO*HfYd#m3AqpN4Iw7GSaKSu%^M&%Q;v zKvG+VAFvzET*(z6Ojxj&!(n%Op>6StttTZGi#~0Y&)g<8KFcH8MLa7x;@hR0>+fck zsO_b=vMRiK3KKD`9a*r<6hjXF#hX9ku&;=L!9Bf`4gk^dCJ$~fkoaI?cpsTM znc9l>BNyS$yIi;d)!ZK-P`@lpsRc)-hJlWPl-(uT?T&Rzz~M5Zsn@TRv-{wpwdu-6 zla~DJN8JT&LF}^^^>3R-915)Zsao}BIQmPMFKR}n%*gAK&4$Prr&31Hg^cqb$JhKw zT+7zU16*d=Xh@}(Pb10X9tLn~U&6j3+ESjpx`L-A-^hBNuTY^Ff{i{Z2KDK`%m3|r z-t~R!{3QL5uPpy^gaOe1_r(va8CO6`GmWEv6U{0qVgs==-1aKr zb}VOi{pMNx(Ez3-U#PwF%b-2NE)AyST-^AIqv`)o2S_xXa+%<5|b~Y;~BrgltQCVHR(Q_N6?X|X6lY(1*GB`1kZ_m8yTju?iTtsLL z0EEy!Gp=nOA~XbCj=vu>fe`HTOB-Pzvn5ck;W}b+T*8$j*5Ae1Y=CCHImdcIPPYE(%n#8;WsKYDm=tUJc=kqeTt(^}r@w&bs{|1m2YeOBTdpk-Pl6#0NY){+z0$ zINIbn#@0OzyS?0ZXcRW76A9nXU!bHcMcjDgJNYXu+9NCk1HKN=-k z6#Z&ij_3FU2Q65dhHRIv$i@C_^D`x?HDoSIK@W!6+Q%Zrq1;}*u|ql`IIR7}3M=!HS?!@QdEys$J6)EI z=#$(S({pI{68Y|)fq7onFh9(dA2|wWAI`z3*101 zX^njC8_$;k4M`qG_tXs0WbY2rs7}euI#%(PdIU~@J#v#HIazH9O6(px%XM5ku7tv; zcnBA&^0*|%MOim~RV}H`k7JZP{S2Dh$bRcIYGh=CPvELyGT-EanIA)5(AHvUm)hXo zMNF{JU%kWFekN#``&%nWVzVLHc`0@uH2Wgbg=yPJr_+;M%^VfWJOFN!jj5{x_YeonD&3KeTO$FVj{(~#`^K(#hdK?BGS1Y*^?4MO* z@?-4IkNxQbj*^)p|8Y=3UR)oCb)d#9!4KI)Yq_ytWKJXg2nBT!3`E2AF@AZGECx(W z9IsndS+L6}!!kmz@umvLuBwZMCST_I$rBC{0L9S@t1@nJl_;ZEzOg@{{+TLdS?D!v zS?a(fu_WRF)&hr#0hlK)VscBBv_LLfM!6hK6GFtri#{81A2ue$1FI?c_L6B^%dut$ zz>uLDPhUvKp0=w|k|&>vO+NiiXn^Gc_-Z?F0L$vK5eCEP7e8?@ z%zQ84KA;t3ny2pF6xk_5H-Smsc)z#}(O*d-I=ds9qQ+5rZ&c+0TDg$UMU4rrJcRV# zy{?;{gI-2EabioQorhi<%geM3Z5g{(D$X}r^F**-a=TBB z*cn1UwKF0k2b4**vR~0+)b`(&xeDVduAZI)-3(LYT3Ll1Bn^O{ZA-J(Y^~y`UY{?u z=InSrEqWSs;`KX;rN2X*T5$_{AMi8J>yHP$@ z21xRxc4NMRBrM>dX|_}8kNU*b)(QS}M+noO>=|NxC075awCbDoPaS_|zW%!jc%=-n*?h!C-ZS*rN`=)QXS#C=D`s8F z*~-;yr+7Hn1TucJ0JIZU(bUeG_5q{3Lk&WC756iN^7+ERS~>zwDfDYt5$OQ=NH=K{U%HH6JvM!0f-AhrKs%*b;KtWA#VhIXnYixUH&?skO@P;_ zrKRi`^U%o@ zolj*F@438ppwC%$<;-1PiV7nVZ(KgGBoe&NRBE03KuV?7JzVf<;6FY2SAgfSy!D|vPNGc9ukd9?YZp~`6k+E1zIU!u=`B%;rW)t;txlf{L z^+T^rfAxEPw@M+O7E;)|`_#&QO-?E9_Ti7W))=HMc6T>DX+vdf9`8GziB;6Hw@7FcaKX-oH-ePM%ZelL`$KSV_S1Gtf-f$1_cwb+)L? zQoMHnGLxD9H0n*po^hx-)jC93)7x;DWRD=FKk_jh>4mS?&skBDy^!hOvce8`04>(? zlj;&ms#rAY{M);`kY_PWAjg>!6YoBe^KDD7C12W4F|;Q2QCKsO#*x*D{d;>a6Cag@ zeissnGUik$#}9!uK$#gv9qxx*HKhicz=lo>ZN~U^1zrBQB&2#*GFTb3=(LeyT6>ZD z2al;9ww6*hH@D5$VYBPo_;4)ozR8k6_%js`U2jgGyrP?*g`_lPlcs44xt<>*G-V_6 zOk56NoRiQ4xe3%&EhddN;8wWUPW9nv@hig_jXdY#4vPvVRCu!M=Kuw*T+PHr`;J7F-CE8LS7)r7THe!q-Vlb6rYA=-<+@OudX z#9Jt6677b*+$u|YqKqhJ%5TU7oqzw5gX(T&EG(Apt%!cpC;R$Y^b)tTrYL4a+Vt*F z{pY820+3E}aVsAH4#g3pf~aKc1fQ<56LyXQoe9ZTpC(99^;c~nCs)eh1COZ@f-*B= ztx-p?R=;bk&h+=7P|OgWbv}9irks+-W6NUzKW39Txet ze>4^e7QPRB$`k)39hGKt>2_FG6DPaI_g{A+uC99CSjEs#Zq-mVa#5N#r(?1a>d`ip z(I{@g_keZroJf5L-u-vV{@o=0T`Gju?&X6VD>nF3l-EL^Ek|&z;>E_P=cJI4lS#9B zZVr>-nZ&&}U}sljBgd#GXA@S$rqTl&bn?D+5oM`rQ@vi1%Cr0Oa}Zk(?A^0e^%y-T z1jhS4aA@PY#zDAbnNib{Uy8%fbE;Bv1+qD&AGn0u((hPWQ3zVE-lsTiUg-?eF?2`# zd%7YKf5<#UTxkl6drjLsw9#J1lp?D{`;o<0-~|gD)6gTDM;hB(`QX4NgE$=cq3vNH zz}c{Zh|EC@>*upe+0Bc3eRd z0K5wFi2QT@QFp@+BzT(0&nDj#!WtFV)y251=`z^1J9`iZb`K`wPJo(VLjjA3ml#3m zqldJ8J^v%1oJw#DS9M&*aFW z-Y%>%1V3w8!rnw5xx_ghRpKy~E0lcEfG@*bL3FV11Q$U>^uhkhwk#3f!Q7mLUNgqg zHiCX4nP0z(3tXiz(_i$4Z_f!BCAYXT>d`~js7;p*~i|=r!2wLI3yz8cN6P_1lBV1C_ zMd%r+RS^w#zC3S+-lz(OsVXPPD828~Zx%rXISpdt*z4qOS_qaYDo*5JU9jnSTmC51 z2U5ZsAkoS@7`uFAzhNz=_3eU9o)L96>bTmZNzdau94Rn6T_}TQ-!;bUXOiI@aZRmE z4XjedFtMYdi=sp$g92HIJGMN#zOn@y`vJV+{I|!Z7{dKv4z*8&^5usDW3I-&J4t&L zJY$`O?CBduxmuF~K>EofrN`-7=s&?!shLMO+>E_HsIsQ$Utz*IQaqo>(lr6fBRn`~ zOGPZd$T#UdMOgc47*!PwKt2%}#J1{UG=Dt#Rk5>*RH?~(yh}8I|JXe^5JR(U3inM< z{B3LBsT1Wti1T%NrAShoqlYJf2jDhJZh)caU81(NlN&dHiu1F;Gs4G2NbA+dv`FjK z6dD~y)Oq}G=peWp<2YZ&nQ+)7npsH#)x6N6f4#3;8ZRP^{|*;3<5qCjAl(jnUm#rk zp>I@TD0`6}IFGn2ir7!^(by0i61^&sx*n#nUJa#F`XG4NY>^oc_kkS&PVR6^paNs? z!>B7HweT)=4Kv_Pdh>30i!xoHFA{AhuzrIEHsyzO+s!5nP$ zm(K9TnX|oZdvE{aXQ%7}4VJ!Al9=Wy2Baap{vB#f)A`h`-BQpd>di0fUDLbCqLS=(po1DqK z(9ft?M@7sQSCU`RyT?1w>MYn#2}XIyLAX_?XVs#hN{R&l8|0A;@G!Gy3>@$=A#<=+ zVN){G!1ngEzDgxaG~G?4NN5~Kq3OpkBx6Tu%(3#fRe7^$ji0& zGY)Lvs~x2(q|0HD1oN-;f}EUuhbO;c65QR|^)Q0{?B~fgrKrM)yZXAwt8Tzn1YF!sS?jrMpmvRoBqQDYlc-{pv?l&md>aG1qXqD)S z)PKX+#`Q!T!%z+>5hcKy_0-p2qyWHoURPsVF=%R7eiL!C9$dj^2J@=Uf*Z)od6|rY z8hN*W{)V_2t&!s#l?dzO^&99DO$PRgozj@T?~ArK6P9nbt!NDWO$WYTm>l(naiYT;+C7n_ zVA)X7Q6Z5z02@@LSh8l8G=D z>N|}eZmH`qv4^2t4_eC@`&qWz8?tFL+?f&c&j diff --git a/experimental/images/macvlan_bridge_simple.svg b/experimental/images/macvlan_bridge_simple.svg deleted file mode 100644 index bce931f000..0000000000 --- a/experimental/images/macvlan_bridge_simple.svg +++ /dev/null @@ -1 +0,0 @@ -container1172.16.86.2/24container2172.16.86.3/24pub_net (eth0)DockerHostdockernetworkcreate -dmacvlan \--subnet=172.16.86.0/24 \--gateway=172.16.86.1  \-oparent=eth1pub_neteth1172.16.86.0/24NetworkRouter172.16.86.1/24 \ No newline at end of file diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index 56440672a2..caec6d6c6b 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -1,15 +1,12 @@ - - -# Macvlan and Ipvlan Network Drivers +# Ipvlan Network Driver ### Getting Started -The Macvlan and Ipvlan drivers are currently in experimental mode in order to incubate Docker users use cases and vet the implementation to ensure a hardened, production ready driver in a future release. Libnetwork now gives users total control over both IPv4 and IPv6 addressing. The VLAN drivers build on top of that in giving operators complete control of layer 2 VLAN tagging and even Ipvlan L3 routing for users interested in underlay network integration. For overlay deployments that abstract away physical constraints see the [multi-host overlay ](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) driver. +The Ipvlan driver is currently in experimental mode in order to incubate Docker users use cases and vet the implementation to ensure a hardened, production ready driver in a future release. Libnetwork now gives users total control over both IPv4 and IPv6 addressing. The VLAN driver builds on top of that in giving operators complete control of layer 2 VLAN tagging and even Ipvlan L3 routing for users interested in underlay network integration. For overlay deployments that abstract away physical constraints see the [multi-host overlay ](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) driver. -Macvlan and Ipvlan are a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network. - -Macvlan and Ipvlan offer a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having less moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a very simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no port mappings in these scenarios. +Ipvlan is a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network. +Ipvlan offers a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having less moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a very simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no port mappings in these scenarios. ### Pre-Requisites @@ -20,122 +17,11 @@ Macvlan and Ipvlan offer a number of unique features and plenty of room for furt - Kernel requirements: - To check your current kernel version, use `uname -r` to display your kernel version - - Macvlan Linux kernel v3.9–3.19 and 4.0+ - Ipvlan Linux kernel v4.2+ (support for earlier kernels exists but is buggy) - -### MacVlan Bridge Mode Example Usage - -Macvlan Bridge mode has a unique MAC address per container used to track MAC to port mappings by the Docker host. This is the largest difference from Ipvlan L2 mode which uses the same MAC address as the parent interface for each container `eth0` interface. - -- Macvlan and Ipvlan driver networks are attached to a parent Docker host interface. Examples are a physical interface such as `eth0`, a sub-interface for 802.1q VLAN tagging like `eth0.10` (`.10` representing VLAN `10`) or even bonded host adaptors which bundle two Ethernet interfaces into a single logical interface. - -- The specified gateway is external to the host provided by the network infrastructure. - -- Each Macvlan Bridge mode Docker network is isolated from one another and there can be only one network attached to a parent interface at a time. There is a theoretical limit of 4,094 sub-interfaces per host adaptor that a Docker network could be attached to. - -- It is not recommended to mix ipvlan and macvlan networks on the same `-o parent=` interface. Older kernel versions will throw uninformative netlink errors such as `device is busy`. - -- Any container inside the same subnet can talk any other container in the same network without a gateway in both `macvlan bridge` mode and `ipvlan L2` modes. - -- The same `docker network` commands apply to the vlan drivers. Some are irrelevant such as `-icc` or `--set-macaddress` for the Ipvlan driver. - -- In Macvlan and Ipvlan L2 mode, containers on separate networks cannot reach one another without an external process routing between the two networks/subnets. This also applies to multiple subnets within the same `docker network`. See Ipvlan L3 mode for inter-subnet communications without a router. - -In the following example, `eth0` on the docker host has an IP on the `172.16.86.0/24` network and a default gateway of `172.16.86.1`. The gateway is an external router with an address of `172.16.86.1`. An IP address is not required on the Docker host interface `eth0` in `bridge` mode, it merely needs to be on the proper upstream network to get forwarded by a network switch or network router. - -![Simple Macvlan Bridge Mode Example](images/macvlan_bridge_simple.png) - - -**Note** For Macvlan bridge mode and Ipvlan L2 mode the subnet values need to match the NIC's interface of the Docker host. For example, Use the same subnet and gateway of the Docker host ethernet interface that is specified by the `-o parent=` option. - -- The parent interface used in this example is `eth0` and it is on the subnet `172.16.86.0/24`. The containers in the `docker network` will also need to be on this same subnet as the parent `-o parent=`. The gateway is an external router on the network, not any ip masquerading or any other local proxy. - -- The driver is specified with `-d driver_name` option. In this case `-d macvlan` - -- The parent interface `-o parent=eth0` is configured as followed: - -``` -ip addr show eth0 -3: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - inet 172.16.86.250/24 brd 172.16.86.255 scope global eth0 -``` - -Create the macvlan network and run a couple of containers attached to it: - -``` -# Macvlan (-o macvlan_mode= Defaults to Bridge mode if not specified) -docker network create -d macvlan \ - --subnet=172.16.86.0/24 \ - --gateway=172.16.86.1 \ - -o parent=eth0 pub_net - -# Run a container on the new network specifying the --ip address. -docker run --net=pub_net --ip=172.16.86.10 -itd alpine /bin/sh - -# Start a second container and ping the first -docker run --net=pub_net -it --rm alpine /bin/sh -ping -c 4 172.16.86.10 - -``` - - Take a look at the containers ip and routing table: - -``` - -ip a show eth0 - eth0@if3: mtu 1500 qdisc noqueue state UNKNOWN - link/ether 46:b2:6b:26:2f:69 brd ff:ff:ff:ff:ff:ff - inet 172.16.86.2/24 scope global eth0 - -ip route - default via 172.16.86.1 dev eth0 - 172.16.86.0/24 dev eth0 src 172.16.86.2 - -# NOTE: the containers can NOT ping the underlying host interfaces as -# they are intentionally filtered by Linux for additional isolation. -# In this case the containers cannot ping the -o parent=172.16.86.250 -``` - - -You can explicitly specify the `bridge` mode option `-o macvlan_mode=bridge`. It is the default so will be in `bridge` mode either way. - -While the `eth0` interface does not need to have an IP address in Macvlan Bridge mode or Ipvlan L2 mode it is not uncommon to have an IP address on the interface. Addresses can be excluded from getting an address from the default built in IPAM by using the `--aux-address=x.x.x.x` flag. This will blacklist the specified address from being handed out to containers. The same network example above blocking the `-o parent=eth0` address from being handed out to a container. - -``` -docker network create -d macvlan \ - --subnet=172.16.86.0/24 \ - --gateway=172.16.86.1 \ - --aux-address="exclude_host=172.16.86.250" \ - -o parent=eth0 pub_net -``` - -Another option for subpool IP address selection in a network provided by the default Docker IPAM driver is to use `--ip-range=`. This specifies the driver to allocate container addresses from this pool rather then the broader range from the `--subnet=` argument from a network create as seen in the following example that will allocate addresses beginning at `192.168.32.128` and increment upwards from there. - -``` -docker network create -d macvlan \ - --subnet=192.168.32.0/24 \ - --ip-range=192.168.32.128/25 \ - --gateway=192.168.32.254 \ - -o parent=eth0 macnet32 - -# Start a container and verify the address is 192.168.32.128 -docker run --net=macnet32 -it --rm alpine /bin/sh -``` - -The network can then be deleted with: - -``` -docker network rm -``` - -- **Note:** In both Macvlan and Ipvlan you are not able to ping or communicate with the default namespace IP address. For example, if you create a container and try to ping the Docker host's `eth0` it will **not** work. That traffic is explicitly filtered by the kernel modules themselves to offer additional provider isolation and security. - -For more on Docker networking commands see [Working with Docker network commands](https://docs.docker.com/engine/userguide/networking/work-with-networks/) - ### Ipvlan L2 Mode Example Usage -The ipvlan `L2` mode example is virtually identical to the macvlan `bridge` mode example. The driver is specified with `-d driver_name` option. In this case `-d ipvlan` +The ipvlan `L2` mode example is like the following image. The driver is specified with `-d driver_name` option. In this case `-d ipvlan`. ![Simple Ipvlan L2 Mode Example](images/ipvlan_l2_simple.png) @@ -166,11 +52,11 @@ docker run --net=db_net -it --rm alpine /bin/sh # they are intentionally filtered by Linux for additional isolation. ``` -The default mode for Ipvlan is `l2`. The default mode for Macvlan is `bridge`. If `-o ipvlan_mode=` or `-o macvlan_mode=` are left unspecified, the default modes will be used. Similarly, if the `--gateway` is left empty, the first usable address on the network will be set as the gateway. For example, if the subnet provided in the network create is `--subnet=192.168.1.0/24` then the gateway the container receives is `192.168.1.1`. +The default mode for Ipvlan is `l2`. If `-o ipvlan_mode=` are left unspecified, the default mode will be used. Similarly, if the `--gateway` is left empty, the first usable address on the network will be set as the gateway. For example, if the subnet provided in the network create is `--subnet=192.168.1.0/24` then the gateway the container receives is `192.168.1.1`. -To help understand how this mode interacts with other hosts, the following figure shows the same layer 2 segment between two Docker hosts that applies to both Macvlan Bride mode and Ipvlan L2 mode. +To help understand how this mode interacts with other hosts, the following figure shows the same layer 2 segment between two Docker hosts that applies to and Ipvlan L2 mode. -![Multiple Ipvlan and Macvlan Hosts](images/macvlan-bridge-ipvlan-l2.png) +![Multiple Ipvlan Hosts](images/macvlan-bridge-ipvlan-l2.png) The following will create the exact same network as the network `db_net` created prior, with the driver defaults for `--gateway=192.168.1.1` and `-o ipvlan_mode=l2`. @@ -219,84 +105,6 @@ docker exec -it cid2 /bin/sh docker exec -it cid3 /bin/sh ``` -### Macvlan 802.1q Trunk Bridge Mode Example Usage - -VLANs (Virtual Local Area Networks) have long been a primary means of virtualizing data center networks and are still in virtually all existing networks today. VLANs work by tagging a Layer-2 isolation domain with a 12-bit identifier ranging from 1-4094 that is inserted into a packet header that enables a logical grouping of a single or multiple subnets of both IPv4 and IPv6. It is very common for network operators to separate traffic using VLANs based on a subnet(s) function or security profile such as `web`, `db` or any other isolation needs. - -It is very common to have a compute host requirement of running multiple virtual networks concurrently on a host. Linux networking has long supported VLAN tagging, also known by its standard 802.1q, for maintaining datapath isolation between networks. The Ethernet link connected to a Docker host can be configured to support the 802.1q VLAN IDs, by creating Linux sub-interfaces, each one dedicated to a unique VLAN ID. - -![Simple Ipvlan L2 Mode Example](images/multi_tenant_8021q_vlans.png) - -Trunking 802.1q to a Linux host is notoriously painful for many in operations. It requires configuration file changes in order to be persistent through a reboot. If a bridge is involved, a physical NIC needs to be moved into the bridge and the bridge then gets the IP address. This has lead to many a stranded servers since the risk of cutting off access during that convoluted process is high. - -Like all of the Docker network drivers, the overarching goal is to alleviate the operational pains of managing network resources. To that end, when a network receives a sub-interface as the parent that does not exist, the drivers create the VLAN tagged interfaces while creating the network. - -In the case of a host reboot, instead of needing to modify often complex network configuration files the driver will recreate all network links when the Docker daemon restarts. The driver tracks if it created the VLAN tagged sub-interface originally with the network create and will **only** recreate the sub-interface after a restart or delete `docker network rm` the link if it created it in the first place with `docker network create`. - -If the user doesn't want Docker to modify the `-o parent` sub-interface, the user simply needs to pass an existing link that already exists as the parent interface. Parent interfaces such as `eth0` are not deleted, only sub-interfaces that are not master links. - -For the driver to add/delete the vlan sub-interfaces the format needs to be `interface_name.vlan_tag`. - -For example: `eth0.50` denotes a parent interface of `eth0` with a slave of `eth0.50` tagged with vlan id `50`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.50 type vlan id 50`. - -Replace the `macvlan` with `ipvlan` in the `-d` driver argument to create macvlan 802.1q trunks. - -**Vlan ID 50** - -In the first network tagged and isolated by the Docker host, `eth0.50` is the parent interface tagged with vlan id `50` specified with `-o parent=eth0.50`. Other naming formats can be used, but the links need to be added and deleted manually using `ip link` or Linux configuration files. As long as the `-o parent` exists anything can be used if compliant with Linux netlink. - -``` -# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged -docker network create -d macvlan \ - --subnet=192.168.50.0/24 \ - --gateway=192.168.50.1 \ - -o parent=eth0.50 macvlan50 - -# In two separate terminals, start a Docker container and the containers can now ping one another. -docker run --net=macvlan50 -it --name macvlan_test5 --rm alpine /bin/sh -docker run --net=macvlan50 -it --name macvlan_test6 --rm alpine /bin/sh -``` - -**Vlan ID 60** - -In the second network, tagged and isolated by the Docker host, `eth0.60` is the parent interface tagged with vlan id `60` specified with `-o parent=eth0.60`. The `macvlan_mode=` defaults to `macvlan_mode=bridge`. It can also be explicitly set with the same result as shown in the next example. - -``` -# now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged. -docker network create -d macvlan \ - --subnet=192.168.60.0/24 \ - --gateway=192.168.60.1 \ - -o parent=eth0.60 -o \ - -o macvlan_mode=bridge macvlan60 - -# In two separate terminals, start a Docker container and the containers can now ping one another. -docker run --net=macvlan60 -it --name macvlan_test7 --rm alpine /bin/sh -docker run --net=macvlan60 -it --name macvlan_test8 --rm alpine /bin/sh -``` - -**Example:** Multi-Subnet Macvlan 802.1q Trunking - -The same as the example before except there is an additional subnet bound to the network that the user can choose to provision containers on. In MacVlan/Bridge mode, containers can only ping one another if they are on the same subnet/broadcast domain unless there is an external router that routes the traffic (answers ARP etc) between the two subnets. - -``` -### Create multiple L2 subnets -docker network create -d ipvlan \ - --subnet=192.168.210.0/24 \ - --subnet=192.168.212.0/24 \ - --gateway=192.168.210.254 \ - --gateway=192.168.212.254 \ - -o ipvlan_mode=l2 ipvlan210 - -# Test 192.168.210.0/24 connectivity between containers -docker run --net=ipvlan210 --ip=192.168.210.10 -itd alpine /bin/sh -docker run --net=ipvlan210 --ip=192.168.210.9 -it --rm alpine ping -c 2 192.168.210.10 - -# Test 192.168.212.0/24 connectivity between containers -docker run --net=ipvlan210 --ip=192.168.212.10 -itd alpine /bin/sh -docker run --net=ipvlan210 --ip=192.168.212.9 -it --rm alpine ping -c 2 192.168.212.10 - -``` - ### Ipvlan 802.1q Trunk L2 Mode Example Usage Architecturally, Ipvlan L2 mode trunking is the same as Macvlan with regard to gateways and L2 path isolation. There are nuances that can be advantageous for CAM table pressure in ToR switches, one MAC per port and MAC exhaustion on a host's parent NIC to name a few. The 802.1q trunk scenario looks the same. Both modes adhere to tagging standards and have seamless integration with the physical network for underlay integration and hardware vendor plugin integrations. @@ -356,7 +164,7 @@ $ ip route 192.168.30.0/24 dev eth0 src 192.168.30.2 ``` -Example: Multi-Subnet Ipvlan L2 Mode starting two containers on the same subnet and pinging one another. In order for the `192.168.114.0/24` to reach `192.168.116.0/24` it requires an external router in L2 mode. L3 mode can route between subnets that share a common `-o parent=`. This same multi-subnet example is also valid for Macvlan `bridge` mode. +Example: Multi-Subnet Ipvlan L2 Mode starting two containers on the same subnet and pinging one another. In order for the `192.168.114.0/24` to reach `192.168.116.0/24` it requires an external router in L2 mode. L3 mode can route between subnets that share a common `-o parent=`. Secondary addresses on network routers are common as an address space becomes exhausted to add another secondary to a L3 vlan interface or commonly referred to as a "switched virtual interface" (SVI). @@ -393,13 +201,13 @@ IPVlan will require routes to be distributed to each endpoint. The driver only b ![Docker Ipvlan L2 Mode](images/ipvlan-l3.png) -Ipvlan L3 mode drops all broadcast and multicast traffic. This reason alone makes Ipvlan L3 mode a prime candidate for those looking for massive scale and predictable network integrations. It is predictable and in turn will lead to greater uptimes because there is no bridging involved. Bridging loops have been responsible for high profile outages that can be hard to pinpoint depending on the size of the failure domain. This is due to the cascading nature of BPDUs (Bridge Port Data Units) that are flooded throughout a broadcast domain (VLAN) to find and block topology loops. Eliminating bridging domains, or at the least, keeping them isolated to a pair of ToRs (top of rack switches) will reduce hard to troubleshoot bridging instabilities. Macvlan Bridge and Ipvlan L2 modes are well suited for isolated VLANs only trunked into a pair of ToRs that can provide a loop-free non-blocking fabric. The next step further is to route at the edge via Ipvlan L3 mode that reduces a failure domain to a local host only. +Ipvlan L3 mode drops all broadcast and multicast traffic. This reason alone makes Ipvlan L3 mode a prime candidate for those looking for massive scale and predictable network integrations. It is predictable and in turn will lead to greater uptimes because there is no bridging involved. Bridging loops have been responsible for high profile outages that can be hard to pinpoint depending on the size of the failure domain. This is due to the cascading nature of BPDUs (Bridge Port Data Units) that are flooded throughout a broadcast domain (VLAN) to find and block topology loops. Eliminating bridging domains, or at the least, keeping them isolated to a pair of ToRs (top of rack switches) will reduce hard to troubleshoot bridging instabilities. Ipvlan L2 modes is well suited for isolated VLANs only trunked into a pair of ToRs that can provide a loop-free non-blocking fabric. The next step further is to route at the edge via Ipvlan L3 mode that reduces a failure domain to a local host only. - L3 mode needs to be on a separate subnet as the default namespace since it requires a netlink route in the default namespace pointing to the Ipvlan parent interface. - The parent interface used in this example is `eth0` and it is on the subnet `192.168.1.0/24`. Notice the `docker network` is **not** on the same subnet as `eth0`. -- Unlike macvlan bridge mode and ipvlan l2 modes, different subnets/networks can ping one another as long as they share the same parent interface `-o parent=`. +- Unlike ipvlan l2 modes, different subnets/networks can ping one another as long as they share the same parent interface `-o parent=`. ``` ip a show eth0 @@ -444,61 +252,6 @@ $ ip route In order to ping the containers from a remote Docker host or the container be able to ping a remote host, the remote host or the physical network in between need to have a route pointing to the host IP address of the container's Docker host eth interface. More on this as we evolve the Ipvlan `L3` story. -### Dual Stack IPv4 IPv6 Macvlan Bridge Mode - -**Example:** Macvlan Bridge mode, 802.1q trunk, VLAN ID: 218, Multi-Subnet, Dual Stack - -``` -# Create multiple bridge subnets with a gateway of x.x.x.1: -docker network create -d macvlan \ - --subnet=192.168.216.0/24 --subnet=192.168.218.0/24 \ - --gateway=192.168.216.1 --gateway=192.168.218.1 \ - --subnet=2001:db8:abc8::/64 --gateway=2001:db8:abc8::10 \ - -o parent=eth0.218 \ - -o macvlan_mode=bridge macvlan216 - -# Start a container on the first subnet 192.168.216.0/24 -docker run --net=macvlan216 --name=macnet216_test --ip=192.168.216.10 -itd alpine /bin/sh - -# Start a container on the second subnet 192.168.218.0/24 -docker run --net=macvlan216 --name=macnet216_test --ip=192.168.218.10 -itd alpine /bin/sh - -# Ping the first container started on the 192.168.216.0/24 subnet -docker run --net=macvlan216 --ip=192.168.216.11 -it --rm alpine /bin/sh -ping 192.168.216.10 - -# Ping the first container started on the 192.168.218.0/24 subnet -docker run --net=macvlan216 --ip=192.168.218.11 -it --rm alpine /bin/sh -ping 192.168.218.10 -``` - -View the details of one of the containers: - -``` -docker run --net=macvlan216 --ip=192.168.216.11 -it --rm alpine /bin/sh - -root@526f3060d759:/# ip a show eth0 - eth0@if92: mtu 1500 qdisc noqueue state UNKNOWN group default - link/ether 8e:9a:99:25:b6:16 brd ff:ff:ff:ff:ff:ff - inet 192.168.216.11/24 scope global eth0 - valid_lft forever preferred_lft forever - inet6 2001:db8:abc4::8c9a:99ff:fe25:b616/64 scope link tentative - valid_lft forever preferred_lft forever - inet6 2001:db8:abc8::2/64 scope link nodad - valid_lft forever preferred_lft forever - -# Specified v4 gateway of 192.168.216.1 -root@526f3060d759:/# ip route - default via 192.168.216.1 dev eth0 - 192.168.216.0/24 dev eth0 proto kernel scope link src 192.168.216.11 - -# Specified v6 gateway of 2001:db8:abc8::10 -root@526f3060d759:/# ip -6 route - 2001:db8:abc4::/64 dev eth0 proto kernel metric 256 - 2001:db8:abc8::/64 dev eth0 proto kernel metric 256 - default via 2001:db8:abc8::10 dev eth0 metric 1024 -``` - ### Dual Stack IPv4 IPv6 Ipvlan L2 Mode - Not only does Libnetwork give you complete control over IPv4 addressing, but it also gives you total control over IPv6 addressing as well as feature parity between the two address families. @@ -602,13 +355,10 @@ Start a second container with a specific `--ip4` address and ping the first host docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh ``` -**Note**: Different subnets on the same parent interface in both Ipvlan `L2` mode and Macvlan `bridge` mode cannot ping one another. That requires a router to proxy-arp the requests with a secondary subnet. However, Ipvlan `L3` will route the unicast traffic between disparate subnets as long as they share the same `-o parent` parent link. - - +**Note**: Different subnets on the same parent interface in Ipvlan `L2` mode cannot ping one another. That requires a router to proxy-arp the requests with a secondary subnet. However, Ipvlan `L3` will route the unicast traffic between disparate subnets as long as they share the same `-o parent` parent link. ### Dual Stack IPv4 IPv6 Ipvlan L3 Mode - **Example:** IpVlan L3 Mode Dual Stack IPv4/IPv6, Multi-Subnet w/ 802.1q Vlan Tag:118 As in all of the examples, a tagged VLAN interface does not have to be used. The sub-interfaces can be swapped with `eth0`, `eth1`, `bond0` or any other valid interface on the host other then the `lo` loopback. From 21171be26ea7c4a12b39d9f2a9faff5c2c52b078 Mon Sep 17 00:00:00 2001 From: John Howard Date: Wed, 7 Sep 2016 15:10:00 -0700 Subject: [PATCH 1788/2538] Add isolation to info Signed-off-by: John Howard --- docs/reference/commandline/info.md | 33 ++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index ad137071ce..3bf813c057 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -154,3 +154,36 @@ You can also specify the output format: $ docker info --format '{{json .}}' {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} + +Here is a sample output for a daemon running on Windows Server 2016: + + E:\docker>docker info + Containers: 1 + Running: 0 + Paused: 0 + Stopped: 1 + Images: 17 + Server Version: 1.13.0-dev + Storage Driver: windowsfilter + Windows: + Logging Driver: json-file + Plugins: + Volume: local + Network: nat null overlay + Swarm: inactive + Default Isolation: process + Kernel Version: 10.0 14393 (14393.206.amd64fre.rs1_release.160912-1937) + Operating System: Windows Server 2016 Datacenter + OSType: windows + Architecture: x86_64 + CPUs: 8 + Total Memory: 3.999 GiB + Name: WIN-V0V70C0LU5P + ID: NYMS:B5VK:UMSL:FVDZ:EWB5:FKVK:LPFL:FJMQ:H6FT:BZJ6:L2TD:XH62 + Docker Root Dir: C:\control + Debug Mode (client): false + Debug Mode (server): false + Registry: https://index.docker.io/v1/ + Insecure Registries: + 127.0.0.0/8 + Live Restore Enabled: false \ No newline at end of file From ee85efb76d6ff128b062bb4d3911249026deffbf Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 27 Sep 2016 18:58:48 +0200 Subject: [PATCH 1789/2538] Fix bash completion for `docker logs --since` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 18b8080c35..2c2a95fe04 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1406,7 +1406,7 @@ _docker_logs() { COMPREPLY=( $( compgen -W "--details --follow -f --help --since --tail --timestamps -t" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--tail') + local counter=$(__docker_pos_first_nonflag '--since|--tail') if [ $cword -eq $counter ]; then __docker_complete_containers_all fi From 676773a78043666438a70931fa8961cc0d591707 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 27 Sep 2016 01:02:57 +0200 Subject: [PATCH 1790/2538] Fix incorrect aux-address examples and test The (host)name for aux-addresses should be unique, otherwise later values overwrite earlier values. Before this change, the example command would send this API request; { "Attachable": false, "CheckDuplicate": true, "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Config": [ { "Gateway": "192.168.0.100", "IPRange": "192.168.1.0/24", "Subnet": "192.168.0.0/16" }, { "AuxiliaryAddresses": { "a": "192.170.1.5", "b": "192.170.1.6" }, "Gateway": "192.170.0.100", "Subnet": "192.170.0.0/16" } ], "Driver": "default", "Options": { } }, "Internal": false, "Labels": { }, "Name": "my-multihost-network", "Options": { } } After this change, the request looks like this (all aux-addresses preserved); { "Attachable": false, "CheckDuplicate": true, "Driver": "overlay", "EnableIPv6": false, "IPAM": { "Config": [ { "AuxiliaryAddresses": { "my-router": "192.168.1.5", "my-switch": "192.168.1.6" }, "Gateway": "192.168.0.100", "IPRange": "192.168.1.0/24", "Subnet": "192.168.0.0/16" }, { "AuxiliaryAddresses": { "my-printer": "192.170.1.5", "my-nas": "192.170.1.6" }, "Gateway": "192.170.0.100", "Subnet": "192.170.0.0/16" } ], "Driver": "default", "Options": { } }, "Internal": false, "Labels": { }, "Name": "my-multihost-network", "Options": { } } Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/network_create.md | 4 ++-- man/docker-network-create.1.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 4a6fe8fba6..8ffed10972 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -136,8 +136,8 @@ $ docker network create -d overlay \ --gateway=192.168.0.100 \ --gateway=192.170.0.100 \ --ip-range=192.168.1.0/24 \ - --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 \ - --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 \ + --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \ + --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \ my-multihost-network ``` diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index 1505339df8..3000bb2135 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -127,8 +127,8 @@ $ docker network create -d overlay \ --gateway=192.168.0.100 \ --gateway=192.170.0.100 \ --ip-range=192.168.1.0/24 \ - --aux-address a=192.168.1.5 --aux-address b=192.168.1.6 \ - --aux-address a=192.170.1.5 --aux-address b=192.170.1.6 \ + --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \ + --aux-address="my-printer=192.170.1.5" --aux-address="my-nas=192.170.1.6" \ my-multihost-network ``` From d0134a5f758abc5434377545c458a3f717cf2ee2 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 27 Sep 2016 19:12:48 -0700 Subject: [PATCH 1791/2538] Update docs for `service ps` This fix updates docs for `service ps` as now the TASK ID part has been removed. Also, this fix fixes several incorrect sample output. Signed-off-by: Yong Tang --- docs/reference/commandline/node_ps.md | 34 ++++++++++++------------ docs/reference/commandline/service_ps.md | 32 +++++++++++----------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index f382a9f7e6..538132408a 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -29,12 +29,12 @@ Lists all the tasks on a Node that Docker knows about. You can filter using the Example output: $ docker node ps swarm-manager1 - ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE - 7q92v0nr1hcgts2amcjyqg3pq redis.1 redis redis:3.0.6 Running 5 hours Running swarm-manager1 - b465edgho06e318egmgjbqo4o redis.6 redis redis:3.0.6 Running 29 seconds Running swarm-manager1 - bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 - dkkual96p4bb3s6b10r7coxxt redis.9 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 - 0tgctg8h8cech4w0k0gwrmr23 redis.10 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 + NAME IMAGE NODE DESIRED STATE CURRENT STATE + redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours + redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds + redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds + redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds + redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds ## Filtering @@ -56,12 +56,12 @@ The `name` filter matches on all or part of a task's name. The following filter matches all tasks with a name containing the `redis` string. $ docker node ps -f name=redis swarm-manager1 - ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE - 7q92v0nr1hcgts2amcjyqg3pq redis.1 redis redis:3.0.6 Running 5 hours Running swarm-manager1 - b465edgho06e318egmgjbqo4o redis.6 redis redis:3.0.6 Running 29 seconds Running swarm-manager1 - bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 - dkkual96p4bb3s6b10r7coxxt redis.9 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 - 0tgctg8h8cech4w0k0gwrmr23 redis.10 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 + NAME IMAGE NODE DESIRED STATE CURRENT STATE + redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours + redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds + redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds + redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds + redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds #### id @@ -69,8 +69,8 @@ The following filter matches all tasks with a name containing the `redis` string The `id` filter matches a task's id. $ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1 - ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE - bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 5 seconds Running swarm-manager1 + NAME IMAGE NODE DESIRED STATE CURRENT STATE + redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds #### label @@ -82,9 +82,9 @@ The following filter matches tasks with the `usage` label regardless of its valu ```bash $ docker node ps -f "label=usage" -ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE -b465edgho06e318egmgjbqo4o redis.6 redis redis:3.0.6 Running 10 minutes Running swarm-manager1 -bg8c07zzg87di2mufeq51a2qp redis.7 redis redis:3.0.6 Running 9 minutes Running swarm-manager1 +NAME IMAGE NODE DESIRED STATE CURRENT STATE +redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 10 minutes +redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 9 minutes ``` diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 90f67fb39b..231ef0d733 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -36,17 +36,17 @@ The following command shows all the tasks that are part of the `redis` service: ```bash $ docker service ps redis -ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE -0qihejybwf1x5vqi8lgzlgnpq redis.1 redis redis:3.0.6 Running 8 seconds Running manager1 -bk658fpbex0d57cqcwoe3jthu redis.2 redis redis:3.0.6 Running 9 seconds Running worker2 -5ls5s5fldaqg37s9pwayjecrf redis.3 redis redis:3.0.6 Running 9 seconds Running worker1 -8ryt076polmclyihzx67zsssj redis.4 redis redis:3.0.6 Running 9 seconds Running worker1 -1x0v8yomsncd6sbvfn0ph6ogc redis.5 redis redis:3.0.6 Running 8 seconds Running manager1 -71v7je3el7rrw0osfywzs0lko redis.6 redis redis:3.0.6 Running 9 seconds Running worker2 -4l3zm9b7tfr7cedaik8roxq6r redis.7 redis redis:3.0.6 Running 9 seconds Running worker2 -9tfpyixiy2i74ad9uqmzp1q6o redis.8 redis redis:3.0.6 Running 9 seconds Running worker1 -3w1wu13yuplna8ri3fx47iwad redis.9 redis redis:3.0.6 Running 8 seconds Running manager1 -8eaxrb2fqpbnv9x30vr06i6vt redis.10 redis redis:3.0.6 Running 8 seconds Running manager1 +NAME IMAGE NODE DESIRED STATE CURRENT STATE +redis.1.0qihejybwf1x5vqi8lgzlgnpq redis:3.0.6 manager1 Running Running 8 seconds +redis.2.bk658fpbex0d57cqcwoe3jthu redis:3.0.6 worker2 Running Running 9 seconds +redis.3.5ls5s5fldaqg37s9pwayjecrf redis:3.0.6 worker1 Running Running 9 seconds +redis.4.8ryt076polmclyihzx67zsssj redis:3.0.6 worker1 Running Running 9 seconds +redis.5.1x0v8yomsncd6sbvfn0ph6ogc redis:3.0.6 manager1 Running Running 8 seconds +redis.6.71v7je3el7rrw0osfywzs0lko redis:3.0.6 worker2 Running Running 9 seconds +redis.7.4l3zm9b7tfr7cedaik8roxq6r redis:3.0.6 worker2 Running Running 9 seconds +redis.8.9tfpyixiy2i74ad9uqmzp1q6o redis:3.0.6 worker1 Running Running 9 seconds +redis.9.3w1wu13yuplna8ri3fx47iwad redis:3.0.6 manager1 Running Running 8 seconds +redis.10.8eaxrb2fqpbnv9x30vr06i6vt redis:3.0.6 manager1 Running Running 8 seconds ``` @@ -70,9 +70,9 @@ The `id` filter matches on all or a prefix of a task's ID. ```bash $ docker service ps -f "id=8" redis -ID NAME SERVICE IMAGE LAST STATE DESIRED STATE NODE -8ryt076polmclyihzx67zsssj redis.4 redis redis:3.0.6 Running 4 minutes Running worker1 -8eaxrb2fqpbnv9x30vr06i6vt redis.10 redis redis:3.0.6 Running 4 minutes Running manager1 +NAME IMAGE NODE DESIRED STATE CURRENT STATE +redis.4.8ryt076polmclyihzx67zsssj redis:3.0.6 worker1 Running Running 9 seconds +redis.10.8eaxrb2fqpbnv9x30vr06i6vt redis:3.0.6 manager1 Running Running 8 seconds ``` #### Name @@ -81,8 +81,8 @@ The `name` filter matches on task names. ```bash $ docker service ps -f "name=redis.1" redis -ID NAME SERVICE IMAGE DESIRED STATE LAST STATE NODE -0qihejybwf1x5vqi8lgzlgnpq redis.1 redis redis:3.0.6 Running Running 8 seconds manager1 +NAME IMAGE NODE DESIRED STATE CURRENT STATE +redis.1.0qihejybwf1x5vqi8lgzlgnpq redis:3.0.6 manager1 Running Running 8 seconds ``` From c17012948e089fee11b6d59b724b2d846feba059 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Tue, 27 Sep 2016 12:51:42 +0200 Subject: [PATCH 1792/2538] configure docker-init binary path Signed-off-by: Antonio Murdaca --- docs/reference/commandline/dockerd.md | 2 ++ man/dockerd.8.md | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 5fff237b1c..b558895ea5 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -49,6 +49,7 @@ Options: --help Print usage --icc=true Enable inter-container communication --init Run an init inside containers to forward signals and reap processes + --init-path Path to the docker-init binary --insecure-registry=[] Enable insecure registry communication --ip=0.0.0.0 Default IP when binding container ports --ip-forward=true Enable net.ipv4.ip_forward @@ -1142,6 +1143,7 @@ This is a full example of the allowed configuration options on Linux: "cgroup-parent": "", "default-ulimits": {}, "init": false, + "init-path": "/usr/libexec/docker-init", "ipv6": false, "iptables": false, "ip-forward": false, diff --git a/man/dockerd.8.md b/man/dockerd.8.md index ecbc43c030..503b76061e 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -35,6 +35,7 @@ dockerd - Enable daemon mode [**--help**] [**--icc**[=*true*]] [**--init**[=*false*]] +[**--init-path**[=*""*]] [**--insecure-registry**[=*[]*]] [**--ip**[=*0.0.0.0*]] [**--ip-forward**[=*true*]] @@ -170,6 +171,9 @@ unix://[/path/to/socket] to use. **--init** Run an init process inside containers for signal forwarding and process reaping. +**--init-path** +Path to the docker-init binary. + **--insecure-registry**=[] Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. From 247a2f112b842e968f66844192f03ed18bb168d5 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Wed, 28 Sep 2016 20:19:00 -0700 Subject: [PATCH 1793/2538] Fix link to non-existent file Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/swarm_leave.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 99185dbb50..112813466b 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -43,7 +43,7 @@ To remove `worker2`, issue the following command from `worker2` itself: $ docker swarm leave Node left the default swarm. ``` -To remove an inactive node, use the [`node rm`](swarm_rm.md) command instead. +To remove an inactive node, use the [`node rm`](node_rm.md) command instead. ## Related information From cd547751dff7376b262fb980d1fed3b62971a4b5 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 28 Sep 2016 12:45:30 +0200 Subject: [PATCH 1794/2538] Add a new "is-task" ps filter This makes it easier to list containers that are part of a task (swarm mode) and those who are not. Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 4 ++++ contrib/completion/zsh/_docker | 3 +++ docs/reference/commandline/ps.md | 1 + man/docker-ps.1.md | 1 + 4 files changed, 9 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2c2a95fe04..23f56fcc14 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2181,6 +2181,10 @@ _docker_ps() { __docker_complete_container_ids return ;; + is-task) + COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) ) + return + ;; name) cur="${cur##*=}" __docker_complete_container_names diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 6f1c660bc1..535f1f1ec2 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -333,6 +333,9 @@ __docker_complete_ps_filters() { (id) __docker_containers_ids && ret=0 ;; + (is-task) + _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0 + ;; (name) __docker_containers_names && ret=0 ;; diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 1f3ceb3799..541979e819 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -27,6 +27,7 @@ Options: - since=(|) - ancestor=([:tag]||) containers created from an image or a descendant. + - is-task=(true|false) --format string Pretty-print containers using a Go template --help Print usage -n, --last int Show n last created containers (includes all states) (default -1) diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index 14c770121f..fd6c4e78fa 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -32,6 +32,7 @@ the running containers. - status=(created|restarting|running|paused|exited|dead) - name= a container's name - id= a container's ID + - is-task=(true|false) - containers that are a task (part of a service managed by swarm) - before=(|) - since=(|) - ancestor=([:tag]||) - containers created from an image or a descendant. From 82e697e5eccc967bf1a20dbb7e618f43802d8951 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 29 Sep 2016 18:55:52 -0700 Subject: [PATCH 1795/2538] Update docs for node filter of `docker service ps` As is specified in 26964, it is possible to specify a filter based on the node name or node ID. This fix updates the related docs for that. Signed-off-by: Yong Tang --- docs/reference/commandline/service_ps.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 231ef0d733..d6f9de5f27 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -61,6 +61,7 @@ The currently supported filters are: * [id](#id) * [name](#name) +* [node](#node) * [desired-state](#desired-state) @@ -86,6 +87,20 @@ redis.1.0qihejybwf1x5vqi8lgzlgnpq redis:3.0.6 manager1 Running Runnin ``` +#### Node + +The `node` filter matches on a node name or a node ID. + +```bash +$ docker service ps -f "node=manager1" redis +NAME IMAGE NODE DESIRED STATE CURRENT STATE +redis.1.0qihejybwf1x5vqi8lgzlgnpq redis:3.0.6 manager1 Running Running 8 seconds +redis.5.1x0v8yomsncd6sbvfn0ph6ogc redis:3.0.6 manager1 Running Running 8 seconds +redis.9.3w1wu13yuplna8ri3fx47iwad redis:3.0.6 manager1 Running Running 8 seconds +redis.10.8eaxrb2fqpbnv9x30vr06i6vt redis:3.0.6 manager1 Running Running 8 seconds +``` + + #### desired-state The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. From 4705d820987c187f9680a9255cfe1894309b30ca Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Wed, 31 Aug 2016 09:57:32 -0700 Subject: [PATCH 1796/2538] Add documentation for container, volume, image and system prune subcommands Signed-off-by: Kenfe-Mickael Laventure --- docs/reference/commandline/container_prune.md | 41 +++++++++++ docs/reference/commandline/image_prune.md | 65 +++++++++++++++++ docs/reference/commandline/system_df.md | 68 ++++++++++++++++++ docs/reference/commandline/system_prune.md | 70 +++++++++++++++++++ docs/reference/commandline/volume_prune.md | 48 +++++++++++++ 5 files changed, 292 insertions(+) create mode 100644 docs/reference/commandline/container_prune.md create mode 100644 docs/reference/commandline/image_prune.md create mode 100644 docs/reference/commandline/system_df.md create mode 100644 docs/reference/commandline/system_prune.md create mode 100644 docs/reference/commandline/volume_prune.md diff --git a/docs/reference/commandline/container_prune.md b/docs/reference/commandline/container_prune.md new file mode 100644 index 0000000000..cc23b24ca5 --- /dev/null +++ b/docs/reference/commandline/container_prune.md @@ -0,0 +1,41 @@ + + +# container prune + +```markdown +Usage: docker container prune + +Remove all stopped containers + +Options: + -f, --force Do not prompt for confirmation + --help Print usage +``` + +Example output: + +```bash +$ docker container prune +WARNING! This will remove all stopped containers. +Are you sure you want to continue? [y/N] y +Deleted Containers: +4a7f7eebae0f63178aff7eb0aa39cd3f0627a203ab2df258c1a00b456cf20063 +f98f9c2aa1eaf727e4ec9c0283bc7d4aa4762fbdba7f26191f26c97f64090360 + +Total reclaimed space: 212 B +``` + +## Related information + +* [system df](system_df.md) +* [volume prune](container_prune.md) +* [image prune](container_prune.md) +* [system prune](system_prune.md) diff --git a/docs/reference/commandline/image_prune.md b/docs/reference/commandline/image_prune.md new file mode 100644 index 0000000000..7ac17399e9 --- /dev/null +++ b/docs/reference/commandline/image_prune.md @@ -0,0 +1,65 @@ + + +# image prune + +```markdown +Usage: docker image prune + +Remove unused images + +Options: + -a, --all Remove all unused images, not just dangling ones + -f, --force Do not prompt for confirmation + --help Print usage +``` + +Remove all dangling images. If `-a` is specified, will also remove all images not referenced by any container. + +Example output: + +```bash +$ docker image prune -a +WARNING! This will remove all images without at least one container associated to them. +Are you sure you want to continue? [y/N] y +Deleted Images: +untagged: alpine:latest +untagged: alpine@sha256:3dcdb92d7432d56604d4545cbd324b14e647b313626d99b889d0626de158f73a +deleted: sha256:4e38e38c8ce0b8d9041a9c4fefe786631d1416225e13b0bfe8cfa2321aec4bba +deleted: sha256:4fe15f8d0ae69e169824f25f1d4da3015a48feeeeebb265cd2e328e15c6a869f +untagged: alpine:3.3 +untagged: alpine@sha256:4fa633f4feff6a8f02acfc7424efd5cb3e76686ed3218abf4ca0fa4a2a358423 +untagged: my-jq:latest +deleted: sha256:ae67841be6d008a374eff7c2a974cde3934ffe9536a7dc7ce589585eddd83aff +deleted: sha256:34f6f1261650bc341eb122313372adc4512b4fceddc2a7ecbb84f0958ce5ad65 +deleted: sha256:cf4194e8d8db1cb2d117df33f2c75c0369c3a26d96725efb978cc69e046b87e7 +untagged: my-curl:latest +deleted: sha256:b2789dd875bf427de7f9f6ae001940073b3201409b14aba7e5db71f408b8569e +deleted: sha256:96daac0cb203226438989926fc34dd024f365a9a8616b93e168d303cfe4cb5e9 +deleted: sha256:5cbd97a14241c9cd83250d6b6fc0649833c4a3e84099b968dd4ba403e609945e +deleted: sha256:a0971c4015c1e898c60bf95781c6730a05b5d8a2ae6827f53837e6c9d38efdec +deleted: sha256:d8359ca3b681cc5396a4e790088441673ed3ce90ebc04de388bfcd31a0716b06 +deleted: sha256:83fc9ba8fb70e1da31dfcc3c88d093831dbd4be38b34af998df37e8ac538260c +deleted: sha256:ae7041a4cc625a9c8e6955452f7afe602b401f662671cea3613f08f3d9343b35 +deleted: sha256:35e0f43a37755b832f0bbea91a2360b025ee351d7309dae0d9737bc96b6d0809 +deleted: sha256:0af941dd29f00e4510195dd00b19671bc591e29d1495630e7e0f7c44c1e6a8c0 +deleted: sha256:9fc896fc2013da84f84e45b3096053eb084417b42e6b35ea0cce5a3529705eac +deleted: sha256:47cf20d8c26c46fff71be614d9f54997edacfe8d46d51769706e5aba94b16f2b +deleted: sha256:2c675ee9ed53425e31a13e3390bf3f539bf8637000e4bcfbb85ee03ef4d910a1 + +Total reclaimed space: 16.43 MB +``` + +## Related information + +* [system df](system_df.md) +* [container prune](container_prune.md) +* [volume prune](container_prune.md) +* [system prune](system_prune.md) diff --git a/docs/reference/commandline/system_df.md b/docs/reference/commandline/system_df.md new file mode 100644 index 0000000000..9f03dc8250 --- /dev/null +++ b/docs/reference/commandline/system_df.md @@ -0,0 +1,68 @@ + + +# system df + +```markdown +Usage: docker system df [OPTIONS] + +Show docker filesystem usage + +Options: + --help Print usage + -v, --verbose Show detailed information on space usage +``` + +The `docker system df` command displays information regarding the +amount of disk space used by the docker daemon. + +By default the command will just show a summary of the data used: +```bash +$ docker system df +TYPE TOTAL ACTIVE SIZE RECLAIMABLE +Images 5 2 16.43 MB 11.63 MB (70%) +Containers 2 0 212 B 212 B (100%) +Local Volumes 2 1 36 B 0 B (0%) +``` + +A more detailed view can be requested using the `-v, --verbose` flag: +```bash +$ docker system df -v +Images space usage: + +REPOSITORY TAG IMAGE ID CREATED SIZE SHARED SIZE UNIQUE SIZE CONTAINERS +my-curl latest b2789dd875bf 6 minutes ago 11 MB 11 MB 5 B 0 +my-jq latest ae67841be6d0 6 minutes ago 9.623 MB 8.991 MB 632.1 kB 0 + a0971c4015c1 6 minutes ago 11 MB 11 MB 0 B 0 +alpine latest 4e38e38c8ce0 9 weeks ago 4.799 MB 0 B 4.799 MB 1 +alpine 3.3 47cf20d8c26c 9 weeks ago 4.797 MB 4.797 MB 0 B 1 + +Containers space usage: + +CONTAINER ID IMAGE COMMAND LOCAL VOLUMES SIZE CREATED STATUS NAMES +4a7f7eebae0f alpine:latest "sh" 1 0 B 16 minutes ago Exited (0) 5 minutes ago hopeful_yalow +f98f9c2aa1ea alpine:3.3 "sh" 1 212 B 16 minutes ago Exited (0) 48 seconds ago anon-vol + +Local Volumes space usage: + +NAME LINKS SIZE +07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e 2 36 B +my-named-vol 0 0 B +``` + +* `SHARED SIZE` is the amount of space that an image shares with another one (i.e. their common data) +* `UNIQUE SIZE` is the amount of space that is only used by a given image +* `SIZE` is the virtual size of the image, it is the sum of `SHARED SIZE` and `UNIQUE SIZE` + +## Related Information +* [system prune](system_prune.md) +* [container prune](container_prune.md) +* [volume prune](volume_prune.md) +* [image prune](image_prune.md) diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md new file mode 100644 index 0000000000..0d4bc72fce --- /dev/null +++ b/docs/reference/commandline/system_prune.md @@ -0,0 +1,70 @@ + + +# system prune + +```markdown +Usage: docker system prune COMMAND + +Delete unused data + +Options: + -a, --all Remove all unused images not just dangling ones + -f, --force Do not prompt for confirmation + --help Print usage +``` + +Remove all unused containers, volumes and images (both dangling and unreferenced). + +Example output: + +```bash +$ docker system prune -a +WARNING! This will remove: + - all stopped containers + - all volumes not used by at least one container + - all images without at least one container associated to them +Are you sure you want to continue? [y/N] y +Deleted Containers:0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b +73958bfb884fa81fa4cc6baf61055667e940ea2357b4036acbbe25a60f442a4d + +Deleted Volumes: +named-vol + +Deleted Images: +untagged: my-curl:latest +deleted: sha256:7d88582121f2a29031d92017754d62a0d1a215c97e8f0106c586546e7404447d +deleted: sha256:dd14a93d83593d4024152f85d7c63f76aaa4e73e228377ba1d130ef5149f4d8b +untagged: alpine:3.3 +deleted: sha256:695f3d04125db3266d4ab7bbb3c6b23aa4293923e762aa2562c54f49a28f009f +untagged: alpine:latest +deleted: sha256:ee4603260daafe1a8c2f3b78fd760922918ab2441cbb2853ed5c439e59c52f96 +deleted: sha256:9007f5987db353ec398a223bc5a135c5a9601798ba20a1abba537ea2f8ac765f +deleted: sha256:71fa90c8f04769c9721459d5aa0936db640b92c8c91c9b589b54abd412d120ab +deleted: sha256:bb1c3357b3c30ece26e6604aea7d2ec0ace4166ff34c3616701279c22444c0f3 +untagged: my-jq:latest +deleted: sha256:6e66d724542af9bc4c4abf4a909791d7260b6d0110d8e220708b09e4ee1322e1 +deleted: sha256:07b3fa89d4b17009eb3988dfc592c7d30ab3ba52d2007832dffcf6d40e3eda7f +deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548 + +Total reclaimed space: 13.5 MB +``` + +## Related information + +* [volume create](volume_create.md) +* [volume ls](volume_ls.md) +* [volume inspect](volume_inspect.md) +* [volume rm](volume_rm.md) +* [Understand Data Volumes](../../tutorials/dockervolumes.md) +* [system df](system_df.md) +* [container prune](container_prune.md) +* [image prune](container_prune.md) +* [system prune](system_prune.md) diff --git a/docs/reference/commandline/volume_prune.md b/docs/reference/commandline/volume_prune.md new file mode 100644 index 0000000000..3016a73dc8 --- /dev/null +++ b/docs/reference/commandline/volume_prune.md @@ -0,0 +1,48 @@ + + +# volume prune + +```markdown +Usage: docker volume prune + +Remove all unused volumes + +Options: + -f, --force Do not prompt for confirmation + --help Print usage +``` + +Remove all unused volumes. Unused volumes are those which are not referenced by any containers + +Example output: + +```bash +$ docker volume prune +WARNING! This will remove all volumes not used by at least one container. +Are you sure you want to continue? [y/N] y +Deleted Volumes: +07c7bdf3e34ab76d921894c2b834f073721fccfbbcba792aa7648e3a7a664c2e +my-named-vol + +Total reclaimed space: 36 B +``` + +## Related information + +* [volume create](volume_create.md) +* [volume ls](volume_ls.md) +* [volume inspect](volume_inspect.md) +* [volume rm](volume_rm.md) +* [Understand Data Volumes](../../tutorials/dockervolumes.md) +* [system df](system_df.md) +* [container prune](container_prune.md) +* [image prune](container_prune.md) +* [system prune](system_prune.md) From 3171c7b6e7b17965af43c3bd9f75cb789b2420af Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 2 Oct 2016 05:10:00 -0700 Subject: [PATCH 1797/2538] Add bash completion for `dockerd --init-path` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 23f56fcc14..5ae7a1f7ee 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -922,6 +922,7 @@ _docker_daemon() { --fixed-cidr-v6 --graph -g --group -G + --init-path --insecure-registry --ip --label @@ -981,6 +982,10 @@ _docker_daemon() { __docker_nospace return ;; + --config-file|--containerd|--init-path|--pidfile|-p|--tlscacert|--tlscert|--tlskey) + _filedir + return + ;; --exec-root|--graph|-g) _filedir -d return @@ -989,10 +994,6 @@ _docker_daemon() { __docker_complete_log_drivers return ;; - --config-file|--containerd|--pidfile|-p|--tlscacert|--tlscert|--tlskey) - _filedir - return - ;; --storage-driver|-s) COMPREPLY=( $( compgen -W "aufs btrfs devicemapper overlay overlay2 vfs zfs" -- "$(echo $cur | tr '[:upper:]' '[:lower:]')" ) ) return From 62e87d49969b9eba4a469db1c2d2db0684aab525 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 2 Oct 2016 05:18:32 -0700 Subject: [PATCH 1798/2538] Add support for multiple nodes in bash completion for `docker node ps` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5ae7a1f7ee..827f02f999 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2104,10 +2104,7 @@ _docker_node_ps() { COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve --no-trunc" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--filter|-f') - if [ $cword -eq $counter ]; then - __docker_complete_nodes_plus_self - fi + __docker_complete_nodes_plus_self ;; esac } From 454f365dfe87861bdfb3747db307151f4c28e3ab Mon Sep 17 00:00:00 2001 From: Laura Frank Date: Wed, 5 Oct 2016 11:13:08 +0200 Subject: [PATCH 1799/2538] Update readme link to binary installation instructions Signed-off-by: Laura Frank --- experimental/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/README.md b/experimental/README.md index 91cf48cbdb..0ee893deaf 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -54,7 +54,7 @@ use the following URLs: https://experimental.docker.com/builds/Linux/x86_64/docker-latest.tgz After downloading the appropriate binary, you can follow the instructions -[here](https://docs.docker.com/installation/binaries/#get-the-docker-binary) to run the `docker` daemon. +[here](https://docs.docker.com/engine/installation/binaries/#/get-the-docker-engine-binaries) to run the `docker` daemon. > **Note** > From 9c85295b1c3fcd0130d39d200106604f790cf97f Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 18 Aug 2016 16:35:23 +0800 Subject: [PATCH 1800/2538] Add support for compressing build context during image build When sending a build context to a remote server it may be (significantly) advantageous to compress the build context. This commit adds support for gz compression when constructing a build context using a command like "docker build --compress ." Signed-off-by: Paul Kehrer --- contrib/completion/bash/docker | 3 ++- contrib/completion/zsh/_docker | 1 + docs/reference/commandline/build.md | 1 + man/docker-build.1.md | 4 ++++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 827f02f999..11d7b9faf4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -758,6 +758,7 @@ _docker_build() { " local boolean_options=" + --compress --disable-content-trust=false --force-rm --help @@ -1301,7 +1302,7 @@ _docker_info() { return ;; esac - + case "$cur" in -*) COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 535f1f1ec2..94243a1181 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1509,6 +1509,7 @@ __docker_subcommand() { $opts_build_create_run \ $opts_build_create_run_update \ "($help)*--build-arg[Build-time variables]:=: " \ + "($help)--compress[Compress the build context using gzip]" \ "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ "($help)--force-rm[Always remove intermediate containers]" \ "($help)*--label=[Set metadata for an image]:label=value: " \ diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 68e39dfd77..95c278f761 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -19,6 +19,7 @@ Options: --build-arg value Set build-time variables (default []) --cache-from value Images to consider as cache sources (default []) --cgroup-parent string Optional parent cgroup for the container + --compress Compress the build context using gzip --cpu-period int Limit the CPU CFS (Completely Fair Scheduler) period --cpu-quota int Limit the CPU CFS (Completely Fair Scheduler) quota -c, --cpu-shares int CPU shares (relative weight) diff --git a/man/docker-build.1.md b/man/docker-build.1.md index b654e2d922..b07061ea91 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -16,6 +16,7 @@ docker-build - Build a new image from the source code at PATH [**--label**[=*[]*]] [**--no-cache**] [**--pull**] +[**--compress**] [**-q**|**--quiet**] [**--rm**[=*true*]] [**-t**|**--tag**[=*[]*]] @@ -84,6 +85,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **--pull**=*true*|*false* Always attempt to pull a newer version of the image. The default is *false*. +**--compress**=*true*|*false* + Compress the build context using gzip. The default is *false*. + **-q**, **--quiet**=*true*|*false* Suppress the build output and print image ID on success. The default is *false*. From 9014b21a6106f05395bedd870c3cbee39c3fbf83 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 6 Oct 2016 07:38:39 +0200 Subject: [PATCH 1801/2538] Add zsh completion for 'dockerd --init-path' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 94243a1181..62dc465043 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1598,6 +1598,7 @@ __docker_subcommand() { "($help -g --graph)"{-g=,--graph=}"[Root of the Docker runtime]:path:_directories" \ "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \ "($help)--icc[Enable inter-container communication]" \ + "($help)--init-path=[Path to the docker-init binary]:docker-init binary:_files" \ "($help)*--insecure-registry=[Enable insecure registry communication]:registry: " \ "($help)--ip=[Default IP when binding container ports]" \ "($help)--ip-forward[Enable net.ipv4.ip_forward]" \ From e9cb71acbbe8be9b41803b470a51d13aa7904759 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Sat, 24 Sep 2016 15:44:25 +0200 Subject: [PATCH 1802/2538] daemon: add --userland-proxy-path flag Signed-off-by: Antonio Murdaca --- docs/reference/commandline/dockerd.md | 2 ++ man/dockerd.8.md | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index b558895ea5..d134f6e102 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -78,6 +78,7 @@ Options: --tlskey=~/.docker/key.pem Path to TLS key file --tlsverify Use TLS and verify the remote --userland-proxy=true Use userland proxy for loopback traffic + --userland-proxy-path="" Path to the userland proxy binary --userns-remap User/Group setting for user namespaces -v, --version Print version information and quit ``` @@ -1149,6 +1150,7 @@ This is a full example of the allowed configuration options on Linux: "ip-forward": false, "ip-masq": false, "userland-proxy": false, + "userland-proxy-path": "/usr/libexec/docker-proxy", "ip": "0.0.0.0", "bridge": "", "bip": "", diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 503b76061e..84ae3df6b4 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -64,6 +64,7 @@ dockerd - Enable daemon mode [**--tlskey**[=*~/.docker/key.pem*]] [**--tlsverify**] [**--userland-proxy**[=*true*]] +[**--userland-proxy-path**[=*""*]] [**--userns-remap**[=*default*]] # DESCRIPTION @@ -272,6 +273,9 @@ output otherwise. **--userland-proxy**=*true*|*false* Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. +**--userland-proxy-path**="" + Path to the userland proxy binary. + **--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid* Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. From 78cc1b2b6ab9da88899ddcb3eb8f56a9468eb73c Mon Sep 17 00:00:00 2001 From: John Howard Date: Tue, 7 Jun 2016 12:15:50 -0700 Subject: [PATCH 1803/2538] Windows: Support credential specs Signed-off-by: John Howard --- docs/reference/commandline/build.md | 7 +++++++ docs/reference/commandline/run.md | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 95c278f761..65f54cc81f 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -37,6 +37,7 @@ Options: --pull Always attempt to pull a newer version of the image -q, --quiet Suppress the build output and print image ID on success --rm Remove intermediate containers after a successful build (default true) + --security-opt value Security Options (default []) --shm-size string Size of /dev/shm, default value is 64MB. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), @@ -397,6 +398,12 @@ Dockerfile are echoed during the build process. For detailed information on using `ARG` and `ENV` instructions, see the [Dockerfile reference](../builder.md). +### Optional security options (--security-opt) + +This flag is only supported on a daemon running on Windows, and only supports +the `credentialspec` option. The `credentialspec` must be in the format +`file://spec.txt` or `registry://keyname`. + ### Specify isolation technology for container (--isolation) This option is useful in situations where you are running Docker containers on diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index b0cde6eb1d..b169f9c476 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -614,6 +614,11 @@ The `--stop-signal` flag sets the system call signal that will be sent to the co This signal can be a valid unsigned number that matches a position in the kernel's syscall table, for instance 9, or a signal name in the format SIGNAME, for instance SIGKILL. +### Optional security options (--security-opt) + +On Windows, this flag can be used to specify the `credentialspec` option. +The `credentialspec` must be in the format `file://spec.txt` or `registry://keyname`. + ### Specify isolation technology for container (--isolation) This option is useful in situations where you are running Docker containers on From da56054d1c43b4b51f32fe09743aa99a99085c48 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Mon, 10 Oct 2016 23:26:05 +0800 Subject: [PATCH 1804/2538] Fix the incorrect links Signed-off-by: yuexiao-wang --- docs/reference/commandline/image_prune.md | 2 +- docs/reference/commandline/system_prune.md | 2 +- docs/reference/commandline/volume_prune.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/image_prune.md b/docs/reference/commandline/image_prune.md index 7ac17399e9..0ba0ae69cb 100644 --- a/docs/reference/commandline/image_prune.md +++ b/docs/reference/commandline/image_prune.md @@ -61,5 +61,5 @@ Total reclaimed space: 16.43 MB * [system df](system_df.md) * [container prune](container_prune.md) -* [volume prune](container_prune.md) +* [volume prune](volume_prune.md) * [system prune](system_prune.md) diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index 0d4bc72fce..a7a0f9820a 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -66,5 +66,5 @@ Total reclaimed space: 13.5 MB * [Understand Data Volumes](../../tutorials/dockervolumes.md) * [system df](system_df.md) * [container prune](container_prune.md) -* [image prune](container_prune.md) +* [image prune](image_prune.md) * [system prune](system_prune.md) diff --git a/docs/reference/commandline/volume_prune.md b/docs/reference/commandline/volume_prune.md index 3016a73dc8..f184f4ec76 100644 --- a/docs/reference/commandline/volume_prune.md +++ b/docs/reference/commandline/volume_prune.md @@ -44,5 +44,5 @@ Total reclaimed space: 36 B * [Understand Data Volumes](../../tutorials/dockervolumes.md) * [system df](system_df.md) * [container prune](container_prune.md) -* [image prune](container_prune.md) +* [image prune](image_prune.md) * [system prune](system_prune.md) From cfd1182bda3a8ca226502d60019d571c502057cb Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Mon, 10 Oct 2016 23:07:32 +0800 Subject: [PATCH 1805/2538] Add the OPTIONS and Fix the links for contain prune Signed-off-by: yuexiao-wang --- docs/reference/commandline/container_prune.md | 8 ++++---- docs/reference/commandline/image_prune.md | 2 +- docs/reference/commandline/system_prune.md | 2 +- docs/reference/commandline/volume_prune.md | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/container_prune.md b/docs/reference/commandline/container_prune.md index cc23b24ca5..2301353afa 100644 --- a/docs/reference/commandline/container_prune.md +++ b/docs/reference/commandline/container_prune.md @@ -11,7 +11,7 @@ parent = "smn_cli" # container prune ```markdown -Usage: docker container prune +Usage: docker container prune [OPTIONS] Remove all stopped containers @@ -20,7 +20,7 @@ Options: --help Print usage ``` -Example output: +## Examples ```bash $ docker container prune @@ -36,6 +36,6 @@ Total reclaimed space: 212 B ## Related information * [system df](system_df.md) -* [volume prune](container_prune.md) -* [image prune](container_prune.md) +* [volume prune](volume_prune.md) +* [image prune](image_prune.md) * [system prune](system_prune.md) diff --git a/docs/reference/commandline/image_prune.md b/docs/reference/commandline/image_prune.md index 0ba0ae69cb..85bd8ce1a6 100644 --- a/docs/reference/commandline/image_prune.md +++ b/docs/reference/commandline/image_prune.md @@ -11,7 +11,7 @@ parent = "smn_cli" # image prune ```markdown -Usage: docker image prune +Usage: docker image prune [OPTIONS] Remove unused images diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index a7a0f9820a..3ba73ee818 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -11,7 +11,7 @@ parent = "smn_cli" # system prune ```markdown -Usage: docker system prune COMMAND +Usage: docker system prune [OPTIONS] Delete unused data diff --git a/docs/reference/commandline/volume_prune.md b/docs/reference/commandline/volume_prune.md index f184f4ec76..4c6eab0d53 100644 --- a/docs/reference/commandline/volume_prune.md +++ b/docs/reference/commandline/volume_prune.md @@ -11,7 +11,7 @@ parent = "smn_cli" # volume prune ```markdown -Usage: docker volume prune +Usage: docker volume prune [OPTIONS] Remove all unused volumes From 856a50e733ec5ef5cc71f837bed001fee20c7458 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Wed, 28 Sep 2016 13:46:11 +0100 Subject: [PATCH 1806/2538] Add support for ambient capabilities Linux kernel 4.3 and later supports "ambient capabilities" which are the only way to pass capabilities to containers running as a non root uid. Previously there was no way to allow containers not running as root capabilities in a useful way. Fix #8460 Signed-off-by: Justin Cormack --- docs/reference/run.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index 375c0c1538..82bffc1537 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1220,6 +1220,10 @@ since Docker 1.12. In Docker 1.10 and 1.11 this did not happen and it may be nec to use a custom seccomp profile or use `--security-opt seccomp=unconfined` when adding capabilities. +It is only possible to grant capabilities to a container running as a user other than `root` +on a system with a Linux kernel version of 4.3 or later, as this requires "ambient capabilities" +to be granted. These will be added if the kernel allows it from Docker version 1.13. + ## Logging drivers (--log-driver) The container can have a different logging driver than the Docker daemon. Use From db0cbdff0477cc29786d0c31c644aba184798e72 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 25 Sep 2016 16:26:46 +0200 Subject: [PATCH 1807/2538] Improve --log-level help text This information was added in 1efc940e6f547760e5e8f4648acb120ff19fdc58, but removed again in a271eaeba224652e3a12af0287afbae6f82a9333 to make the help-output fit in a 80-chars terminal. This adds the available options again in the help output, and updates the CLI reference documentation to match actual output. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/cli.md | 22 ++--- docs/reference/commandline/dockerd.md | 124 +++++++++++++------------- 2 files changed, 73 insertions(+), 73 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 51a8dd6aba..f79bf45406 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -23,17 +23,17 @@ A self-sufficient runtime for containers. Options: - --config=~/.docker Location of client config files - -D, --debug Enable debug mode - -H, --host=[] Daemon socket(s) to connect to - --help Print usage - -l, --log-level=info Set the logging level - --tls Use TLS; implied by --tlsverify - --tlscacert=~/.docker/ca.pem Trust certs signed only by this CA - --tlscert=~/.docker/cert.pem Path to TLS certificate file - --tlskey=~/.docker/key.pem Path to TLS key file - --tlsverify Use TLS and verify the remote - -v, --version Print version information and quit + --config string Location of client config files (default "/root/.docker") + -D, --debug Enable debug mode + --help Print usage + -H, --host value Daemon socket(s) to connect to (default []) + -l, --log-level string Set the logging level (debug, info, warn, error, fatal) (default "info") + --tls Use TLS; implied by --tlsverify + --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") + --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") + --tlskey string Path to TLS key file (default "/root/.docker/key.pem") + --tlsverify Use TLS and verify the remote + -v, --version Print version information and quit Commands: attach Attach to a running container diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index d134f6e102..0233476ce8 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -19,68 +19,68 @@ A self-sufficient runtime for containers. Options: - --add-runtime=[] Register an additional OCI compatible runtime - --api-cors-header Set CORS headers in the remote API - --authorization-plugin=[] Authorization plugins to load - -b, --bridge Attach containers to a network bridge - --bip Specify network bridge IP - --cgroup-parent Set parent cgroup for all containers - --cluster-advertise Address or interface name to advertise - --cluster-store URL of the distributed storage backend - --cluster-store-opt=map[] Set cluster store options - --config-file=/etc/docker/daemon.json Daemon configuration file - --containerd Path to containerd socket - -D, --debug Enable debug mode - --default-gateway Container default gateway IPv4 address - --default-gateway-v6 Container default gateway IPv6 address - --default-runtime=runc Default OCI runtime for containers - --default-ulimit=[] Default ulimits for containers - --disable-legacy-registry Disable contacting legacy registries - --dns=[] DNS server to use - --dns-opt=[] DNS options to use - --dns-search=[] DNS search domains to use - --exec-opt=[] Runtime execution options - --exec-root=/var/run/docker Root directory for execution state files - --fixed-cidr IPv4 subnet for fixed IPs - --fixed-cidr-v6 IPv6 subnet for fixed IPs - -G, --group=docker Group for the unix socket - -g, --graph=/var/lib/docker Root of the Docker runtime - -H, --host=[] Daemon socket(s) to connect to - --help Print usage - --icc=true Enable inter-container communication - --init Run an init inside containers to forward signals and reap processes - --init-path Path to the docker-init binary - --insecure-registry=[] Enable insecure registry communication - --ip=0.0.0.0 Default IP when binding container ports - --ip-forward=true Enable net.ipv4.ip_forward - --ip-masq=true Enable IP masquerading - --iptables=true Enable addition of iptables rules - --ipv6 Enable IPv6 networking - -l, --log-level=info Set the logging level - --label=[] Set key=value labels to the daemon - --live-restore Enables keeping containers alive during daemon downtime - --log-driver=json-file Default driver for container logs - --log-opt=map[] Default log driver options for containers - --max-concurrent-downloads=3 Set the max concurrent downloads for each pull - --max-concurrent-uploads=5 Set the max concurrent uploads for each push - --mtu Set the containers network MTU - --oom-score-adjust=-500 Set the oom_score_adj for the daemon - -p, --pidfile=/var/run/docker.pid Path to use for daemon PID file - --raw-logs Full timestamps without ANSI coloring - --registry-mirror=[] Preferred Docker registry mirror - -s, --storage-driver Storage driver to use - --selinux-enabled Enable selinux support - --storage-opt=[] Storage driver options - --swarm-default-advertise-addr Set default address or interface for swarm advertised address - --tls Use TLS; implied by --tlsverify - --tlscacert=~/.docker/ca.pem Trust certs signed only by this CA - --tlscert=~/.docker/cert.pem Path to TLS certificate file - --tlskey=~/.docker/key.pem Path to TLS key file - --tlsverify Use TLS and verify the remote - --userland-proxy=true Use userland proxy for loopback traffic - --userland-proxy-path="" Path to the userland proxy binary - --userns-remap User/Group setting for user namespaces - -v, --version Print version information and quit + --add-runtime value Register an additional OCI compatible runtime (default []) + --api-cors-header string Set CORS headers in the remote API + --authorization-plugin value Authorization plugins to load (default []) + --bip string Specify network bridge IP + -b, --bridge string Attach containers to a network bridge + --cgroup-parent string Set parent cgroup for all containers + --cluster-advertise string Address or interface name to advertise + --cluster-store string URL of the distributed storage backend + --cluster-store-opt value Set cluster store options (default map[]) + --config-file string Daemon configuration file (default "/etc/docker/daemon.json") + --containerd string Path to containerd socket + -D, --debug Enable debug mode + --default-gateway value Container default gateway IPv4 address + --default-gateway-v6 value Container default gateway IPv6 address + --default-runtime string Default OCI runtime for containers (default "runc") + --default-ulimit value Default ulimits for containers (default []) + --disable-legacy-registry Disable contacting legacy registries + --dns value DNS server to use (default []) + --dns-opt value DNS options to use (default []) + --dns-search value DNS search domains to use (default []) + --exec-opt value Runtime execution options (default []) + --exec-root string Root directory for execution state files (default "/var/run/docker") + --fixed-cidr string IPv4 subnet for fixed IPs + --fixed-cidr-v6 string IPv6 subnet for fixed IPs + -g, --graph string Root of the Docker runtime (default "/var/lib/docker") + -G, --group string Group for the unix socket (default "docker") + --help Print usage + -H, --host value Daemon socket(s) to connect to (default []) + --icc Enable inter-container communication (default true) + --init Run an init in the container to forward signals and reap processes + --init-path string Path to the docker-init binary + --insecure-registry value Enable insecure registry communication (default []) + --ip value Default IP when binding container ports (default 0.0.0.0) + --ip-forward Enable net.ipv4.ip_forward (default true) + --ip-masq Enable IP masquerading (default true) + --iptables Enable addition of iptables rules (default true) + --ipv6 Enable IPv6 networking + --label value Set key=value labels to the daemon (default []) + --live-restore Enable live restore of docker when containers are still running + --log-driver string Default driver for container logs (default "json-file") + -l, --log-level string Set the logging level (debug, info, warn, error, fatal) (default "info") + --log-opt value Default log driver options for containers (default map[]) + --max-concurrent-downloads int Set the max concurrent downloads for each pull (default 3) + --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) + --mtu int Set the containers network MTU + --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) + -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") + --raw-logs Full timestamps without ANSI coloring + --registry-mirror value Preferred Docker registry mirror (default []) + --selinux-enabled Enable selinux support + -s, --storage-driver string Storage driver to use + --storage-opt value Storage driver options (default []) + --swarm-default-advertise-addr string Set default address or interface for swarm advertised address + --tls Use TLS; implied by --tlsverify + --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") + --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") + --tlskey string Path to TLS key file (default "/root/.docker/key.pem") + --tlsverify Use TLS and verify the remote + --userland-proxy Use userland proxy for loopback traffic (default true) + --userland-proxy-path string Path to the userland proxy binary + --userns-remap string User/Group setting for user namespaces + -v, --version Print version information and quit ``` Options with [] may be specified multiple times. From 9ad418fe9775333b54fdc97ed7959d0b4c4654a7 Mon Sep 17 00:00:00 2001 From: Wenzhi Liang Date: Wed, 28 Sep 2016 11:27:11 +0800 Subject: [PATCH 1808/2538] allow restarting stopped containers by id Signed-off-by: Wenzhi Liang --- contrib/completion/zsh/_docker | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 62dc465043..97ee9a221c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1883,12 +1883,18 @@ __docker_subcommand() { "($help -):old name:__docker_containers" \ "($help -):new name: " && ret=0 ;; - (restart|stop) + (stop) _arguments $(__docker_arguments) \ $opts_help \ "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ "($help -)*:containers:__docker_runningcontainers" && ret=0 ;; + (restart) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ + "($help -)*:containers:__docker_containers_ids" && ret=0 + ;; (rm) _arguments $(__docker_arguments) \ $opts_help \ From ae466f24051e2dadc669d1e43fc869fac798d70e Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Thu, 6 Oct 2016 17:12:17 -0700 Subject: [PATCH 1809/2538] Deprecate repo:shortid syntax Signed-off-by: Tonis Tiigi --- docs/deprecated.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index e7a301aa27..a591880ef0 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -17,6 +17,13 @@ To learn more about Docker Engine's deprecation policy, see [Feature Deprecation Policy](index.md#feature-deprecation-policy). +### `repository:shortid` image references +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** + +**Target For Removal In Release: v1.16** + +`repository:shortid` syntax for referencing images is very little used, collides with with tag references can be confused with digest references. + ### `docker daemon` subcommand **Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** From f7bfe864405af37a9061dc4489f1c0b56468f8d0 Mon Sep 17 00:00:00 2001 From: Darren Stahl Date: Thu, 8 Sep 2016 17:31:04 -0700 Subject: [PATCH 1810/2538] Implement Pause Resume support for Windows Signed-off-by: Darren Stahl --- docs/reference/commandline/pause.md | 11 ++++++----- docs/reference/commandline/unpause.md | 4 ++-- man/docker-pause.1.md | 11 ++++++----- man/docker-unpause.1.md | 4 ++-- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index 629c6ed091..6e85ebbea0 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -19,11 +19,12 @@ Options: --help Print usage ``` -The `docker pause` command uses the cgroups freezer to suspend all processes in -a container. Traditionally, when suspending a process the `SIGSTOP` signal is -used, which is observable by the process being suspended. With the cgroups freezer -the process is unaware, and unable to capture, that it is being suspended, -and subsequently resumed. +The `docker pause` command suspends all processes in a container. On Linux, +this uses the cgroups freezer. Traditionally, when suspending a process the +`SIGSTOP` signal is used, which is observable by the process being suspended. +With the cgroups freezer the process is unaware, and unable to capture, +that it is being suspended, and subsequently resumed. On Windows, only Hyper-V +containers can be paused. See the [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index e5c9d506e0..9795f16482 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -19,8 +19,8 @@ Options: --help Print usage ``` -The `docker unpause` command uses the cgroups freezer to un-suspend all -processes in a container. +The `docker unpause` command un-suspends all processes in a container. +On Linux, it does this using the cgroups freezer. See the [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) diff --git a/man/docker-pause.1.md b/man/docker-pause.1.md index 5d2267af62..ffc3b35ca0 100644 --- a/man/docker-pause.1.md +++ b/man/docker-pause.1.md @@ -10,11 +10,12 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker pause` command uses the cgroups freezer to suspend all processes in -a container. Traditionally when suspending a process the `SIGSTOP` signal is -used, which is observable by the process being suspended. With the cgroups freezer -the process is unaware, and unable to capture, that it is being suspended, -and subsequently resumed. +The `docker pause` command suspends all processes in a container. On Linux, +this uses the cgroups freezer. Traditionally, when suspending a process the +`SIGSTOP` signal is used, which is observable by the process being suspended. +With the cgroups freezer the process is unaware, and unable to capture, +that it is being suspended, and subsequently resumed. On Windows, only Hyper-V +containers can be paused. See the [cgroups freezer documentation] (https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for diff --git a/man/docker-unpause.1.md b/man/docker-unpause.1.md index 466e1bb1a3..8c64e68de6 100644 --- a/man/docker-unpause.1.md +++ b/man/docker-unpause.1.md @@ -10,8 +10,8 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker unpause` command uses the cgroups freezer to un-suspend all -processes in a container. +The `docker unpause` command un-suspends all processes in a container. +On Linux, it does this using the cgroups freezer. See the [cgroups freezer documentation] (https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for From f840df5a2b84b69be48e012378b287c4f3af82bf Mon Sep 17 00:00:00 2001 From: Alicia Lauerman Date: Thu, 13 Oct 2016 15:03:08 -0400 Subject: [PATCH 1811/2538] add documentation for `docker stack ps` also updates related stack docs and removes stack_tasks.md Signed-off-by: Alicia Lauerman --- docs/reference/commandline/stack_config.md | 2 +- docs/reference/commandline/stack_deploy.md | 2 +- docs/reference/commandline/stack_ls.md | 2 +- .../commandline/{stack_tasks.md => stack_ps.md} | 12 ++++++------ docs/reference/commandline/stack_rm.md | 2 +- docs/reference/commandline/stack_services.md | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) rename docs/reference/commandline/{stack_tasks.md => stack_ps.md} (82%) diff --git a/docs/reference/commandline/stack_config.md b/docs/reference/commandline/stack_config.md index 9a39d27116..a7b8f6f5b8 100644 --- a/docs/reference/commandline/stack_config.md +++ b/docs/reference/commandline/stack_config.md @@ -28,5 +28,5 @@ Displays the configuration of a stack. * [stack deploy](stack_deploy.md) * [stack rm](stack_rm.md) * [stack services](stack_services.md) -* [stack tasks](stack_tasks.md) +* [stack ps](stack_ps.md) * [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index bcafb7f686..7f3c341ae3 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -57,5 +57,5 @@ axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-co * [stack config](stack_config.md) * [stack rm](stack_rm.md) * [stack services](stack_services.md) -* [stack tasks](stack_tasks.md) +* [stack ps](stack_ps.md) * [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md index 11abc34727..acd570214c 100644 --- a/docs/reference/commandline/stack_ls.md +++ b/docs/reference/commandline/stack_ls.md @@ -34,4 +34,4 @@ myapp 2 * [stack config](stack_config.md) * [stack deploy](stack_deploy.md) * [stack rm](stack_rm.md) -* [stack tasks](stack_tasks.md) +* [stack ps](stack_ps.md) diff --git a/docs/reference/commandline/stack_tasks.md b/docs/reference/commandline/stack_ps.md similarity index 82% rename from docs/reference/commandline/stack_tasks.md rename to docs/reference/commandline/stack_ps.md index 24b00e69cc..bc71b2e4d9 100644 --- a/docs/reference/commandline/stack_tasks.md +++ b/docs/reference/commandline/stack_ps.md @@ -1,26 +1,26 @@ -# stack tasks (experimental) +# stack ps (experimental) ```markdown -Usage: docker stack tasks [OPTIONS] STACK +Usage: docker stack ps [OPTIONS] STACK List the tasks in the stack Options: -a, --all Display all tasks -f, --filter value Filter output based on conditions provided - --help Print usage --no-resolve Do not map IDs to Names + --no-trunc Do not truncate output ``` Lists the tasks that are running as part of the specified stack. This diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md index 5d4e4d57be..8aae98c162 100644 --- a/docs/reference/commandline/stack_rm.md +++ b/docs/reference/commandline/stack_rm.md @@ -31,5 +31,5 @@ a manager node. * [stack config](stack_config.md) * [stack deploy](stack_deploy.md) * [stack services](stack_services.md) -* [stack tasks](stack_tasks.md) +* [stack ps](stack_ps.md) * [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_services.md b/docs/reference/commandline/stack_services.md index 8f28410bf3..ed44d6b1d4 100644 --- a/docs/reference/commandline/stack_services.md +++ b/docs/reference/commandline/stack_services.md @@ -39,7 +39,7 @@ dn7m7nhhfb9y myapp_db 1/1 mysql@sha256:a9a5b559f8821fe73d58c3606c8 The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). -Multiple filter flags are combined as an `OR` filter. +Multiple filter flags are combined as an `OR` filter. The following command shows both the `web` and `db` services: @@ -62,5 +62,5 @@ The currently supported filters are: * [stack config](stack_config.md) * [stack deploy](stack_deploy.md) * [stack rm](stack_rm.md) -* [stack tasks](stack_tasks.md) +* [stack ps](stack_ps.md) * [stack ls](stack_ls.md) From 68d252bc19336e026ddbe5b74a7e17fb7c432cbc Mon Sep 17 00:00:00 2001 From: John Mulhausen Date: Tue, 11 Oct 2016 12:14:15 -0700 Subject: [PATCH 1812/2538] Remove old documentation, add README.md with pointer Signed-off-by: John Mulhausen --- docs/README.md | 296 +----------------- docs/deprecated.md | 216 ------------- docs/extend/images/authz_additional_info.png | Bin 45916 -> 0 bytes docs/extend/images/authz_allow.png | Bin 33505 -> 0 bytes docs/extend/images/authz_chunked.png | Bin 33168 -> 0 bytes .../extend/images/authz_connection_hijack.png | Bin 38780 -> 0 bytes docs/extend/images/authz_deny.png | Bin 27099 -> 0 bytes docs/extend/index.md | 272 ---------------- docs/extend/legacy_plugins.md | 93 ------ docs/extend/manifest.md | 222 ------------- docs/extend/menu.md | 15 - docs/extend/plugin_api.md | 192 ------------ docs/extend/plugins_authorization.md | 256 --------------- docs/extend/plugins_network.md | 73 ----- docs/extend/plugins_volume.md | 268 ---------------- 15 files changed, 13 insertions(+), 1890 deletions(-) delete mode 100644 docs/deprecated.md delete mode 100644 docs/extend/images/authz_additional_info.png delete mode 100644 docs/extend/images/authz_allow.png delete mode 100644 docs/extend/images/authz_chunked.png delete mode 100644 docs/extend/images/authz_connection_hijack.png delete mode 100644 docs/extend/images/authz_deny.png delete mode 100644 docs/extend/index.md delete mode 100644 docs/extend/legacy_plugins.md delete mode 100644 docs/extend/manifest.md delete mode 100644 docs/extend/menu.md delete mode 100644 docs/extend/plugin_api.md delete mode 100644 docs/extend/plugins_authorization.md delete mode 100644 docs/extend/plugins_network.md delete mode 100644 docs/extend/plugins_volume.md diff --git a/docs/README.md b/docs/README.md index 7a5db6e833..45c9e22948 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,288 +1,18 @@ - +# The non-reference docs have been moved! -# Docker Documentation +The documentation for Docker Engine has been merged into +[the general documentation repo](https://github.com/docker/docker.github.io). -The source for Docker documentation is in this directory. Our -documentation uses extended Markdown, as implemented by -[MkDocs](http://mkdocs.org). The current release of the Docker documentation -resides on [https://docs.docker.com](https://docs.docker.com). +If you'd like to edit the current published version of the Engine docs, +do it in the master branch here: +https://github.com/docker/docker.github.io/tree/master/engine -## Understanding the documentation branches and processes +If you need to document the functionality of an upcoming Engine release, +use the `vnext-engine` branch: +https://github.com/docker/docker.github.io/tree/vnext-engine/engine -Docker has two primary branches for documentation: +The reference docs have been left in docker/docker (this repo), which remains +the place to edit them. -| Branch | Description | URL (published via commit-hook) | -|----------|--------------------------------|------------------------------------------------------------------------------| -| `docs` | Official release documentation | [https://docs.docker.com](https://docs.docker.com) | -| `master` | Merged but unreleased development work | | - -Additions and updates to upcoming releases are made in a feature branch off of -the `master` branch. The Docker maintainers also support a `docs` branch that -contains the last release of documentation. - -After a release, documentation updates are continually merged into `master` as -they occur. This work includes new documentation for forthcoming features, bug -fixes, and other updates. - -Periodically, the Docker maintainers update `docs.docker.com` between official -releases of Docker. They do this by cherry-picking commits from `master`, -merging them into `docs`, and then publishing the result. - -In the rare case where a change is not forward-compatible, changes may be made -on other branches by special arrangement with the Docker maintainers. - -### Quickstart for documentation contributors - -If you are a new or beginner contributor, we encourage you to read through the -[our detailed contributors -guide](https://docs.docker.com/opensource/code/). The guide explains in -detail, with examples, how to contribute. If you are an experienced contributor -this quickstart should be enough to get you started. - -The following is the essential workflow for contributing to the documentation: - -1. Fork the `docker/docker` repository. - -2. Clone the repository to your local machine. - -3. Select an issue from `docker/docker` to work on or submit a proposal of your -own. - -4. Create a feature branch from `master` in which to work. - - By basing from `master` your work is automatically included in the next - release. It also allows docs maintainers to easily cherry-pick your changes - into the `docs` release branch. - -4. Modify existing or add new `.md` files to the `docs` directory. - -5. As you work, build the documentation site locally to see your changes. - - The `docker/docker` repository contains a `Dockerfile` and a `Makefile`. - Together, these create a development environment in which you can build and - run a container running the Docker documentation website. To build the - documentation site, enter `make docs` in the `docs` directory of your `docker/docker` fork: - - $ make docs - .... (lots of output) .... - docker run --rm -it -e AWS_S3_BUCKET -p 8000:8000 "docker-docs:master" mkdocs serve - Running at: http://0.0.0.0:8000/ - Live reload enabled. - Hold ctrl+c to quit. - - - The build creates an image containing all the required tools, adds the local - `docs/` directory and generates the HTML files. Then, it runs a Docker - container with this image. - - The container exposes port 8000 on the localhost so that you can connect and - see your changes. If you use Docker Machine, the `docker-machine ip - ` command gives you the address of your server. - -6. Check your writing for style and mechanical errors. - - Use our [documentation style - guide](https://docs.docker.com/opensource/doc-style/) to check style. There are - several [good grammar and spelling online - checkers](http://www.hemingwayapp.com/) that can check your writing - mechanics. - -7. Squash your commits on your branch. - -8. Make a pull request from your fork back to Docker's `master` branch. - -9. Work with the reviewers until your change is approved and merged. - -### Debugging and testing - -If you have any issues you need to debug, you can use `make docs-shell` and then -run `mkdocs serve`. You can use `make docs-test` to generate a report of missing -links that are referenced in the documentation—there should be none. - -## Style guide - -If you have questions about how to write for Docker's documentation, please see -the [style guide](https://docs.docker.com/opensource/doc-style/). The style guide provides -guidance about grammar, syntax, formatting, styling, language, or tone. If -something isn't clear in the guide, please submit an issue to let us know or -submit a pull request to help us improve it. - - -## Publishing documentation (for Docker maintainers) - -To publish Docker's documentation you need to have Docker up and running on your -machine. You'll also need a `docs/awsconfig` file containing the settings you -need to access the AWS bucket you'll be deploying to. - -The process for publishing is to build first to an AWS bucket, verify the build, -and then publish the final release. - -1. Have Docker installed and running on your machine. - -2. Ask the core maintainers for the `awsconfig` file. - -3. Copy the `awsconfig` file to the `docs/` directory. - - The `awsconfig` file contains the profiles of the S3 buckets for our - documentation sites. (If needed, the release script creates an S3 bucket and - pushes the files to it.) Each profile has this format: - - [profile dowideit-docs] - aws_access_key_id = IHOIUAHSIDH234rwf.... - aws_secret_access_key = OIUYSADJHLKUHQWIUHE...... - region = ap-southeast-2 - - The `profile` name must be the same as the name of the bucket you are - deploying to. - -4. Call the `make` from the `docker` directory. - - $ make AWS_S3_BUCKET=dowideit-docs docs-release - - This publishes _only_ to the `http://bucket-url/v1.2/` version of the - documentation. - -5. If you're publishing the current release's documentation, you need to also -update the root docs pages by running - - $ make AWS_S3_BUCKET=dowideit-docs BUILD_ROOT=yes docs-release - -### Errors publishing using a Docker Machine VM - -Sometimes, in a Windows or Mac environment, the publishing procedure returns this -error: - - Post http:///var/run/docker.sock/build?rm=1&t=docker-docs%3Apost-1.2.0-docs_update-2: - dial unix /var/run/docker.sock: no such file or directory. - -If this happens, set the Docker host. Run the following command to get the -variables in your shell: - - docker-machine env - -Then, set your environment accordingly. - -## Cherry-picking documentation changes to update an existing release. - -Whenever the core team makes a release, they publish the documentation based on -the `release` branch. At that time, the `release` branch is copied into the -`docs` branch. The documentation team makes updates between Docker releases by -cherry-picking changes from `master` into any of the documentation branches. -Typically, we cherry-pick into the `docs` branch. - -For example, to update the current release's docs, do the following: - -1. Go to your `docker/docker` fork and get the latest from master. - - $ git fetch upstream - -2. Checkout a new branch based on `upstream/docs`. - - You should give your new branch a descriptive name. - - $ git checkout -b post-1.2.0-docs-update-1 upstream/docs - -3. In a browser window, open [https://github.com/docker/docker/commits/master]. - -4. Locate the merges you want to publish. - - You should only cherry-pick individual commits; do not cherry-pick merge - commits. To minimize merge conflicts, start with the oldest commit and work - your way forward in time. - -5. Copy the commit SHA from GitHub. - -6. Cherry-pick the commit. - - $ git cherry-pick -x fe845c4 - -7. Repeat until you have cherry-picked everything you want to merge. - -8. Push your changes to your fork. - - $ git push origin post-1.2.0-docs-update-1 - -9. Make a pull request to merge into the `docs` branch. - - Do __NOT__ merge into `master`. - -10. Have maintainers review your pull request. - -11. Once the PR has the needed "LGTMs", merge it on GitHub. - -12. Return to your local fork and make sure you are still on the `docs` branch. - - $ git checkout docs - -13. Fetch your merged pull request from `docs`. - - $ git fetch upstream/docs - -14. Ensure your branch is clean and set to the latest. - - $ git reset --hard upstream/docs - -15. Copy the `awsconfig` file into the `docs` directory. - -16. Make the beta documentation - - $ make AWS_S3_BUCKET=beta-docs.docker.io BUILD_ROOT=yes docs-release - -17. Open [the beta -website](http://beta-docs.docker.io.s3-website-us-west-2.amazonaws.com/) site -and make sure what you published is correct. - -19. When you're happy with your content, publish the docs to our live site: - - $ make AWS_S3_BUCKET=docs.docker.com BUILD_ROOT=yes -DISTRIBUTION_ID=C2K6......FL2F docs-release - -20. Test the uncached version of the live docs at [http://docs.docker.com.s3-website-us-east-1.amazonaws.com/] - - -### Caching and the docs - -New docs do not appear live on the site until the cache (a complex, distributed -CDN system) is flushed. The `make docs-release` command flushes the cache _if_ -the `DISTRIBUTION_ID` is set to the Cloudfront distribution ID. The cache flush -can take at least 15 minutes to run and you can check its progress with the CDN -Cloudfront Purge Tool Chrome app. - -## Removing files from the docs.docker.com site - -Sometimes it becomes necessary to remove files from the historical published documentation. -The most reliable way to do this is to do it directly using `aws s3` commands running in a -docs container: - -Start the docs container like `make docs-shell`, but bind mount in your `awsconfig`: - -``` -docker run --rm -it -v $(CURDIR)/docs/awsconfig:/docs/awsconfig docker-docs:master bash -``` - -and then the following example shows deleting 2 documents from s3, and then requesting the -CloudFlare cache to invalidate them: - - -``` -export BUCKET BUCKET=docs.docker.com -export AWS_CONFIG_FILE=$(pwd)/awsconfig -aws s3 --profile $BUCKET ls s3://$BUCKET -aws s3 --profile $BUCKET rm s3://$BUCKET/v1.0/reference/api/docker_io_oauth_api/index.html -aws s3 --profile $BUCKET rm s3://$BUCKET/v1.1/reference/api/docker_io_oauth_api/index.html - -aws configure set preview.cloudfront true -export DISTRIBUTION_ID=YUTIYUTIUTIUYTIUT -aws cloudfront create-invalidation --profile docs.docker.com --distribution-id $DISTRIBUTION_ID --invalidation-batch '{"Paths":{"Quantity":1, "Items":["/v1.0/reference/api/docker_io_oauth_api/"]},"CallerReference":"6Mar2015sventest1"}' -aws cloudfront create-invalidation --profile docs.docker.com --distribution-id $DISTRIBUTION_ID --invalidation-batch '{"Paths":{"Quantity":1, "Items":["/v1.1/reference/api/docker_io_oauth_api/"]},"CallerReference":"6Mar2015sventest1"}' -``` - -### Generate the man pages - -For information on generating man pages (short for manual page), see the README.md -document in [the man page directory](https://github.com/docker/docker/tree/master/man) -in this project. +The docs in the general repo are open-source and we appreciate +your feedback and pull requests! diff --git a/docs/deprecated.md b/docs/deprecated.md deleted file mode 100644 index a591880ef0..0000000000 --- a/docs/deprecated.md +++ /dev/null @@ -1,216 +0,0 @@ - - -# Deprecated Engine Features - -The following list of features are deprecated in Engine. -To learn more about Docker Engine's deprecation policy, -see [Feature Deprecation Policy](index.md#feature-deprecation-policy). - - -### `repository:shortid` image references -**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** - -**Target For Removal In Release: v1.16** - -`repository:shortid` syntax for referencing images is very little used, collides with with tag references can be confused with digest references. - -### `docker daemon` subcommand -**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** - -**Target For Removal In Release: v1.16** - -The daemon is moved to a separate binary (`dockerd`), and should be used instead. - -### Three argument form in `docker import` -**Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -The `docker import` command format 'file|URL|- [REPOSITORY [TAG]]' is deprecated since November 2013. It's no more supported. - -### `-h` shorthand for `--help` - -**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -**Target For Removal In Release: v1.15** - -The shorthand (`-h`) is less common than `--help` on Linux and cannot be used -on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on -`docker create`). For this reason, the `-h` shorthand was not printed in the -"usage" output of subcommands, nor documented, and is now marked "deprecated". - -### `-e` and `--email` flags on `docker login` -**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** - -**Target For Removal In Release: v1.14** - -The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. - -### Separator (`:`) of `--security-opt` flag on `docker run` -**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** - -**Target For Removal In Release: v1.14** - -The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consistency with other similar flags, like `--storage-opt`. - -### `/containers/(id or name)/copy` endpoint - -**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -The endpoint `/containers/(id or name)/copy` is deprecated in favor of `/containers/(id or name)/archive`. - -### Ambiguous event fields in API -**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -The fields `ID`, `Status` and `From` in the events API have been deprecated in favor of a more rich structure. -See the events API documentation for the new format. - -### `-f` flag on `docker tag` -**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use. - -### HostConfig at API container start -**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -Passing an `HostConfig` to `POST /containers/{name}/start` is deprecated in favor of -defining it at container creation (`POST /containers/create`). - -### Docker ps 'before' and 'since' options - -**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -The `docker ps --before` and `docker ps --since` options are deprecated. -Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. - -### Docker search 'automated' and 'stars' options - -**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -**Target For Removal In Release: v1.15** - -The `docker search --automated` and `docker search --stars` options are deprecated. -Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead. - -### Driver Specific Log Tags -**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -Log tags are now generated in a standard way across different logging drivers. -Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and -`fluentd-tag` have been deprecated in favor of the generic `tag` option. - - docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" - -### LXC built-in exec driver -**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** - -**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -The built-in LXC execution driver, the lxc-conf flag, and API fields have been removed. - -### Old Command Line Options -**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** - -**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** - -The flags `-d` and `--daemon` are deprecated in favor of the `daemon` subcommand: - - docker daemon -H ... - -The following single-dash (`-opt`) variant of certain command line options -are deprecated and replaced with double-dash options (`--opt`): - - docker attach -nostdin - docker attach -sig-proxy - docker build -no-cache - docker build -rm - docker commit -author - docker commit -run - docker events -since - docker history -notrunc - docker images -notrunc - docker inspect -format - docker ps -beforeId - docker ps -notrunc - docker ps -sinceId - docker rm -link - docker run -cidfile - docker run -dns - docker run -entrypoint - docker run -expose - docker run -link - docker run -lxc-conf - docker run -n - docker run -privileged - docker run -volumes-from - docker search -notrunc - docker search -stars - docker search -t - docker search -trusted - docker tag -force - -The following double-dash options are deprecated and have no replacement: - - docker run --cpuset - docker run --networking - docker ps --since-id - docker ps --before-id - docker search --trusted - -**Deprecated In Release: [v1.5.0](https://github.com/docker/docker/releases/tag/v1.5.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -The single-dash (`-help`) was removed, in favor of the double-dash `--help` - - docker -help - docker [COMMAND] -help - -### `--run` flag on docker commit - -**Deprecated In Release: [v0.10.0](https://github.com/docker/docker/releases/tag/v0.10.0)** - -**Removed In Release: [v1.13.0](https://github.com/docker/docker/releases/)** - -The flag `--run` of the docker commit (and its short version `-run`) were deprecated in favor -of the `--changes` flag that allows to pass `Dockerfile` commands. - - -### Interacting with V1 registries - -Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 registries. Though disabled by default, this signals the intent to deprecate the v1 protocol. - -### Docker Content Trust ENV passphrase variables name change -**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** - -**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** - -Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the Tagging key has been renamed to Repository key. Due to this renaming, we're also changing the corresponding environment variables - -- DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE -- DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE - -### `MAINTAINER` in Dockerfile -**Deprecated In Release: v1.13.0** - -`MAINTAINER` was an early very limited form of `LABEL` which should be used instead. diff --git a/docs/extend/images/authz_additional_info.png b/docs/extend/images/authz_additional_info.png deleted file mode 100644 index 1a6a6d01d2048fcb975b7d2b025cdfabd4c4f5f3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45916 zcmd43bx@UE)He)x5RM?JfJle5lt_rQlp>N6($cM@(x9NyQUU^sbT>#NA)(SC4bm-w zNPg=w?&o>uo%!bb^P4&MJ;U}~wXeO`TEAH5*`3>RXU|Zc!N9;cs~|6?8mEj#}{hMznYINBu?&oe6G$A5M8Mr ztp2%?yOZk~NktGSO(E}t`um}Kj_Q>uvLRE#Vv_j#d5(dNzJ`Sk$N2q`=ttiPm#IZt z{P`34KQ{W{zd!!}_0JMA*zHq|{>*G_?Q1M*>9Dh#VM&LRcFg&rSx zqV8j@3jHsWhM6dpm8o)fUw9v_7<@n2sL#1iD7KdpOnpr=U%!@JyZC-ld^Fc=n`(Vf zM)_vzcntLu*&9zJ`cVqiE^F_shw^Vnd;OY=O}q7q&(Hq!q}M^-d*1oauSeN#GtfA# zk7;ij$t%$jUG;sZpjTY`IUxJC_u*EcN>L!KmzLE~zAaVT!R<_nr_a?GDsE&_@Fi0) zP6ZiKT(Jn3mgzU2sByQuS+|h%I9TZ5=Z4@6OjFa=YRMOo=jYgFK8Dl#&*oRJKRBG@ z_I8}AvEDoSIXO@!_2i5&pJ~T8x6MWzY6I`1vQ&e5FZPXG?Gj3b_pTduQ9oglMuoy& zCkj8zwnkoMpS!nhmFGdZ$xQRJ(B*-gYj@1vJ1tQaX2DAceSOW9(*3ISU{|5!cH?dv zt+%?PzS}hR?0d05y!T=k_|2RWuepBSI^6zp?fH3*`3A?ij%ezK^Ig0h-Pc%@lbn96 zj`T%{dwa>naB5Q#iXRr5w1rX=e8P0zWwDv48NsZ6LB_Q#pDb3(sGKAk`rdg(gp5-w zoc&h>qa4-vd*_GWI%B^?2tPE_xU{U2DtlIg`{84{qUgQ#VN{3O#X6@YRZ|m~C5;oz z&gl<<*Df2><)&uZ(j6Yn&FAaieo{^4_T0Wj_Aoi_AbG-jDJ?cpaXVJIGlomUYtLZ3 z(8xd4X{mSFTTob7doH8%1DPk$TFmvwE<2JshbOe6Zrwd;H_7GJ$Ev7d(LNOY{*f`% z`*=I~_U=>zZNAGodH(rc8>fqld3JaPHqKth<O{E%xZw@1v&Si_61$gmMUD=>Y9uD`AKSVZ);YO=~aOVtu2P{+n;3-nzPj= zq^!!r-LRq5JxbRW?`9|`52jQ4bsHROR#xT2suU(rD{t+Dw9#JN`J^&**M3L3o1ONk zTgD);yZhJ9VvqEIL@bVD@X41emc5x_p?8b#E6Dj`VXKRb5&m!w+Q%cmOmXgT&T7cZ zNWHl&&e>YFZ^qct{jSbU-k)lV* zTNPn%C^&YXL{>-d4t5*X^Y{~RrhF+$*>*De@*=JBezPuz6q>?|e%P3k1dY-sr|Py^FNW@{3|+gd_x@e} z!J}b1>N=H074qPY#Tp0x?nch=&9Fk3H65ID0(Di(d&jsWN6G;>XZP$z%RlkjjR`Rl z2ESk2{L!a;alv{ZdrqswEQGy8JxjIK{o!M+kd08K6j68qcEbTZ5%ouF_MvQQ=|Wb6 zxt59cJ#U}n$J5In&e=ansD5+-yLx2noWZ2qVUgodzFz3hN$<(b6*cASb9>)AxzE0_ ziw^U$cx$tX>V&N)a=aDhok?jyQ#tWYfs{G!OQP^><-vOO*^6h$FRu>QKCYN;4Y^2g zNK1cN3^p(y>!OFpj$HLFUMfR6wSn#Qi@bsIUVMLBJhk(|dIn>kJkO<;zhqI?Wc*4& zJhWzeT)+L3#)e|btZms-c6)1}?M~GB1E;#i2Nho@%;t|puZ_{+cV=axNydA|Y*z+y z78*j()BRa$trh76)FMKX-Gq*~q(>oWhX|JDhKbt8A$#>ly9x1pjRM=Jx;t>6o!2Fx z5;8pGf7565aesejr6Xyh{$v8P(U@SiElhC6`+Gaf{7nLHnyW<4B4bq#km9;|J0cNy}-r55^xow;zzj zB^tk6P=EYhjaTzm9BuqY?aw4NeIcI7;7>IWvyRQ6T#jTPRI$fAio%&1dy5V6QJO8T~s7rs(4oNw&7KK${cDNFc4aJ^?&w&$A} zyRzC(u>4)C=$OU%YA)UgN&aZl6f&wI>PDEp@kOIUS;FE6x^? z-S~TE@uMFv@6~x|6VQleex4pjn|8)%9PFvRce0GGcVzIP<|v9pD1^HXtjq1S1ybu8n#%bC+FPfSngyMl&03W^N?PvBi+_( z5*&97vHIivoQ^cO&)c5N(ogZfckzFrU^Z09wcc!@-GaCu@0uBURMexU-S{0-&HjyQ znqsTz_G8Pgs|z0^J_My62;2^MXq&M>p(Y1UV|1#mYa@@C+>{(TpmwMCq z*VVL^o*2&2thSTo{AB(%Yfp>US|?G3GddBmn40vpX~&~qbEGRlP`R-8G&d&9L4wXY zo=TDXwwWbtI-?AIzaUaK;g=cYSEh}ucNJZKPN24>hglm+{pZ@|Q)qMd6VK~9Y&Txh zxFdM9@ z&)XYnrlw-9@T%2^Jh$YqysOeWL}geGVU|=Hzw^FO8RDbcbMkHx822u;FTZf2CbH-i zGVAc*Z25%Qfl*F=#)y|*hC~HSRFUv-Ic_O|2z6cQEC2bl`Y4?$oP=%O4V(u^+{Lys z;2HC`w0C$WLo2ZTvz&H-n55=)nWX<|D|IH5*5HoYH9rlz;&`8a8YwXs+}%pQd&pRQ zAbPwv8_92ed#6>LN$BBxaK!BmNLw-+l)BqW1cYkTc9V5^6ZI)!MPccZ+oEC{LKW79oZM>U8E(-R)DA}A5 zIV7#!Y{DysP}?Z|9s(#k-jRgl<3)$#L-$&18|7p%+f|b`E02t3Nt!rp&N|7e(+?*d zS@J!$Dw;l(t=^$NDDKe}Zv5V!C|uIET04?<5Sh_DJx^&>h1L zIK8w?y%dESx5y$JrRU*tPJv>**U>kBLa{q)bVNdrhM~;VGxiEHj57X`bX_E?XaEb7 zrHgQm*88w0j=eV`Z`iN+((Oc6H?Hq3FUYaWy|!A&t-ikVI@)KyDf({b!7`rYaalX3Equj=e#2 zyz3Re>5s*p@5culoxvCQQO2n0c9vvy-EUjNCSmPwZ@jp_|6^%6dUe^alQ!6R(TBXG zanhva`S}hxspKJD2x4WU6xZWK-HX4AOVmNFs_xuP=!CCq6=6sw3z6|nFs-=$?#5)n z3xaksMm}7_zDh?ENnuEQC0A_kC$+UDFztMr8+V;Ne|^S?j3%yFssUFqS6^ zTLv&bd8wSDQPeSDcf`>B=s?lDqWnxib+rg=vg(@!U$m>fXf2t%DOMg`+8DH3TPqmP zntAd`Z&0bVZbBMM*{tT{t;fA4ujrZ}y=3cuOZ$>gq1EE6!69<5_R+waj!O*==1ts) z!J3Zw;UW_P&N;q?XP%rlTkv`c?Y(&8&+DEhq)B8qcqpuem3wO0uEjwPC_vi)r*fh42NZj=S&#j7%PinPJBl)_@ zTY1AlqP2Oeg&l1*Bq(kUr?ZcqVCsLqPoOoP`YPkyJBrxCbNb0`FP4dNAC&3V^RO?N zwdv~a8C#d-N%fG~Wg8}bZyg_#+o^u#B<1>(m*c15>#&u<4$oFA+7e@f%t~Ebd;W(8 zKQG^PnHDYogo}WRypKNR|HTv+B{qp?mqo3<}UUF>%+W3}v!+a0E z$^ZKHQn}wkCW7Hcl=MX^MWZhZ$=>-k{ktgy_O&}Pl)S$7vQN&OZ_e#E=-heL(}b=HqOsc@BV32x_V&wbFhQ`mPk z(E}?lLnGg1h1_>=^sY#CnFih1^?@EJAk=68m1rJlv9504ugKVTv9?!s*%wJhmCbUf z*4%5`c+lXD^&xOxgJnxq++b%9iqdGhhC<`^NapCmKFdNBxfhdwRXe?IUm8Lm{%u_bi0U2D8)xEB_HOGbkY`631^n91a87 z8ok*X92KA66`tuMj-!0&X{7yw)2#guL-S0kK~s$B8P;{3oo2j+!2$zrH*-7>olOS* zy&S{+(_(^?-Y3^vC=cmOpwG3 zQ3{p&Z33Z!>!3O7P!{k_2L4E6kJ%SS$X$XgRZlr15C_8>7F(Q@9Wu zL6VWDt@ih#gq0_iVr? zg7^pCZpg5WWZ(yS^2_&v(6b{$#&2KQSl{Q|aUPYzFEaW;kLJB&Cijm}GkgtG5kR^Sh!qLnC{QPZ2t{N-GUd=Eb)r^9}DN>495(<;>G?qAQ1$#TmS`Y z3FF^aMpAg&$FEt0KmGR$M5Yjz7xPRc(J51x|Cqf&I7Z97_1u30^p_+gNsLpvLjTc$ z4I-FlNLISy{QeElHN#tx!jBsH`=T+>S}gG1USClAyUsDt0deqVgM9g}{e5qAm@6n7 zHu<`fZ*Et8!H3A_dzTLp0 zXX!4rR2x{JdAwQ_KDV}>)B~GGkCkLYsn~!tMUxzU zID~`?)S3%Iz0%L7>-U<3~m&gnk-Nb>Afk*2&C{j z+PTZDD!#wSs9kCifmD7m-|yci*_6RBuz+1$P)Fo>{A=OCw~xfBC+>=~D;})t7l5`* z9(p`EWZ=yuXg3xPsb1uj$?-|!lhF$MPADYjXixS6_g6xXYYNGFy{GlT+s(Xa^FYHlhMcRn}pjL;ztUac{38b`5xJzDXF`2!QRwD2UHjU!02xKa=l!|beOYEu z;l(P8AE_%%-bxl5pA}aIj`ZD~H&T8^o=^8K`KS~(`r~xMZvEB~&9R(LIVoVa#&E+B zYX8V-AWmG{w5TevdW&vSNzX3oh;G`6^R08&FJM4T2==C%0EKXbOXxBE?NQonauV^O$xeayQs;++Y`Fi{4g(R_qA@UzcjR*bqcc_)IUZh+>ROBY*q zy=N~QF`*xWk5`HH&}Ga1%!sKIT3d&y2FwaV8|7m%irNpJn3lwcRpy4MG}n!Z?2QJw zq|i&y7iLz4uNk zKYMLPiqX9%K#+Fie=W0Kv6y*OU}hlL&9oY7i+biY^@00?t`8|=^9`sIYHsl7Pq$)7 zV$%C39OH4He-b=(V27l|5_2yK4>Q%hlsT9CZ8Wu(6LCXhyTEffbo{e+HbiZ;c6Kn!ckPb`v6 z?b0hD$G1>JOY{5)5mT-A@)UO4Oo@LaWAI^9$U}GYta_kyAb|qRxas$A?W)=8Y)hjR z1wejDrYj{}0tTsm>Zu*U@ehTE9_u)A7^#f7)Yn|pbwyW+d0L1pHW!jGRjMD%Df;qr zc`S6_-Qqdf9ksts_QI0+)?MTG*nXPcD&ON8K0O()cFifd@q*0x;lNk6A9{!O9*0|P zR#6vsTGiPT9rZTK)*qM|xXLm6eip{UXP|h8tM@TkT>Pmh6@-JrsHM~}vFu*G+D95` z)}!TlB4S>Ll_Klo)fFOM5CC3(*DEr9A~Kn!#xm;x#P2{=M$)4Wp}^P37J9t_kK^bC z1oHA2;OLNtZ@!`hM(>QwDT^`6g*xHWhz=)bdbI${9XuoIb?8>G_4vo)o0+_ORjMu4 zW0ggWKp1WT0uW9EO19{^x!vrY9}x(%KQ~%vB;5wwc`#qH_p!UP7jOivRr8+`avmal zk0Ze~&}CE>Xdf-o&(=hXSu&k5X6aue4`35}`Sin}ZiSujne*)5J||*1!Y8am(GCtP6p(s z>}^8PO&_r}huXW=1oJ0KGA^zs0(@v=7OEo_+=p@f(+$#3IQw$2?cv!axE;8SY$?PH876@*NJN5K7F;DadLuIT-8jTRVqJ85cKL~!M6tEJy z5Zpt8y7h_<^;M3C-IxFoBSf0r@ds8MfI-UC3y!BV)bfDUw>-+2Zqqdl!CQmz`b9xI zbv4wy_3BGA%IQ&{zchyp&z)s7#NE_DD$8Y#M?aXT$PAvtrG!11!xxR^i>5q1;?2*`qS_B0Z52 ziQ?2&-N??XQ<$1=frpO0toOhw2XbWg?8Al6?Xc|LH8V}z^-G(@rC655)u8n)z{E-{ z_=L%D5tGB0Xet5Ygyq&+C7#1i_ zE%Z190HY^tiuWess_j>GgE*q4&FK$M;~HWw4;@cO^?29cdR2dC`h`KA$1l_g3sGy_ zXZ)*%a~F>by1W=flsQ$qPw@5=GxDtUhKH_4Jg?s_CuVZU^`nEF8fKVRo8e>6O`+77 zSY3cIiGkYlsR1UNCRKVQ!9T;BN;$N2zH}^%0JHYn-N~-0jIG|A+*z)Ji*qBJ^u2^0 z<1xOw#L90+hH#T<8n;T%NFB&F(za3!vwXVJR6?jy?eXhDwD6(O7}x68u?(Y1*U6=Mo+~~*b7w_W|O1lEpwC6ek*li+0V@pI!Vptc6@7?XQcw8#f8bmLBA8oi# z#+bc#l`z9($cOu;gKDcf9hD&Qj~|INj(wK*u+zk7pL0!wUYJi+SkIA+K7TWikoNLM&35Q_vNnge)(uKj8>bq?aR)yioT0#K z5!A$`zV)fHZv1?X$z~qz@oBBMmduOZsvMRSf}$uM@sOn}xjYgVO*&2)qr9Xj%mi_Q zW9S#{Ur(c#$ z&R4JnkB^TIIzeze^m-OvC3^kJ#?q*d@a3N$q%jy!f(yJRt*pss4p%Y!Tx4Yo_;5Jc zJX#Y(F8=cZ%thbrXRE~*O!RENS3VKg-D;oO5Q_?ZI?wZX*Jg*({)hKngL4l>*8`I< z5i2V7=&Nk7qR9^hDO_2fwRYbK?a6X8AH?0mWa@6GZNBN>Whzo%vz;8*=nP&8}XQ$w6!Siw;ZP<`+ z*gE&&ty{?yC}tZu`mN3$qm7%FYI+21hEwdWQk1ue<41`n_GA5;$Eqfp;;c6NM7bk& z#w$mlFwg^s(EfUTSOj*k&9p9gVhX*)rcZ+vJL<x!Un#tu4m5t{jkG=h0UOt6(V=zo0CZPzLcJa8`e2Qjb(rs8m#xUU2q|WAJ z60PO=_BY*n%y?v+nO@{LsoX>iZiSMK6&5{GXV9UNQ?DBP`ifhyr5f+I)3We%3n)92{igaPb0467W&o`dy%5KLz}{`G!>m+ zpm!o}8jvf!p07LhuKr;CS|gu9|0z!r-CP%+J8XCJ6Rk;T0$*XE(0=--SF(hTT=Z*l z@jY?Xyol)Bo?v)=$GZ8RS0m^kCTY3b9sBW@ZZCGCp?&YhKC%Lt}pFRpOwu z-51QdCIu`gGhWSVqpvrWm6z@n`jMo{QW%|SAw0kA;XhJ*f|BMIwX_wGB1vNByZaj# z`pOeEuoCIFW7HEr^hqX{`tbDZr;I9PtlKD?Iq8}E7YP4=U*qQ(6UEPm_zZh6C&K(9 zNcN%((-@nBex1$d)!?PPNDMHTxUowL`7+%x+K^J_feg?m>RIsRexA|=4%<)dMPFaOdV_kiwr_QLEw^IynLR}Rp++2x?;(Z6%z!8sj! zf^$)S5qtAhK;y%9;yTKIc>qUAIOpZ~i0Hq7-FFxP;KM)?VI9t&wg{N(Gk-(8kY<6a3h)*2o6iSf3DLCE9s=5EDa3?tW2WD7!bMGnA_!VHxc@M(F zqCcaqZ4rhl*PPyEJ}9-R`B`SDP*QOEX801Ll8+cu#HG*Q|06n7iGenH62S7`00T19 zz0KM*{}CPRFp*i|oB!r9T;d&KNQxKg{EzvNzX8XbCrSE``3SlKb1hG5?*1Rqkp)xv zPO6FYzkvv3vMpyg!~P>W&ciY4@^1gbeDuO>Gbkm_{l|Q~V~~)HJcCvq4rxfc8T$>; zl?(ri-9J1?KsYQJT%-LC07UnS0RyV{Y;rV%xOZnkx6F!JK|#Sz94f9<}b z_L_fA)Q)`l(iCdEtd7tpq;2DMI~Wpi#0gGdy-iH=_mZ z_1QFY^KqR+;*b+bq zK*rMPw_j(^0KF;yVBs^@TxV=7zygY`p*&p{jcoM@QTOlizy8q{<8Gs!Euh*q z48W${3r`u-E-^#PYKvmuA~t$=AHYr|z4Yk|eD{OiDJSb^Yv!?o6D!)XFTEY8pm*R< z@;fBv5m5zNN?Dt70sI?tyvoC_-@hpcoB<$DgWxTRcQTAltHUa+if<*8OyNZ`iTFA_ zBcSWu;Z}VY1aw+Y)-cduBGiF1hTvPWT0W)5`f)OWsAujxxBk5~8d0}9q14wdIW!GS z@2-tnEuZdV0fae_F;I@!UE1bP-D;zA>nzc)eZ=Rweox@}_Wnu%hwkK~6)q5fUkK*} zt#TXG-P0+xpx2SO@$L?p)bD^rM@9dv?>2^aaItCUnPxw6V-y9QJ`tS|yGAw>u(5(- zaUG59)VV)?{j5J(lR4WbglpM*m~jpKJAIY;)T*^}Xcqn9_{hk&>AoPgaDu^!KW5*m zI{4OyniA7aGG;{~RT8uAuHPZ}7VNxRJe3EuSQPXPR*7iROSsM0C>#&P)-c+FL%Gk1 z!l|>`nVaOBx&{PNnqi}#D)_Fl4C?C; ztun94*Sif?adZjWp(@x+vQ(vHU_x*3=mltqSr6u_j*uktt zOe&1#`aAEFV?MC6I8!|nKgS%A(#3~FyD4u}B-NwH6Yqr?JNy1jl?T8dT@Ze7e{A3r z!TF|aD$a!gZr2ijCEu@8BG&^{D23Lnl1X;cB-;7(-k}Q%WFY|J#bC(E`!Rp~;i%-p z$m}>?lS_pT_X&YeH=N09@%%bE?gm=(BJbY-l_b%`d2qB|y@ARRq>xfhfhq_~ZpdvO zPo>y#R(8iL$}Qh~@iETB->d!vmnoP|A@=g?M`z!AYf-#FsggSEa4S&zoBxT_Sj^!( zeyGWrt;cNmOj98~89jt+W6xtN_3AuEbjfP|2n$3QnET-Jbt+w+yV8XEzTADo=e?th9G2+s|^GX1gdW8$?xColpkpTwm(f*a%J-OeaB#)8`2 zcuw8&TM$0XD2hPz7GQ8(`zkPd4`jdlz`6CND_s=!+%I)n?pHAToM?G3`KoPv6uX8Z z#Dq(bI${yx)VkVrBL-L(1>jxNJbr!WGik+lreWl$dN3E+lPY%;?jy~j=dG*=I4_vK zR@ieRu297n#IM01+YYo()MY&#voA@u!$n|mj5Ywbs`@d|iNyUM?j{*{?nL+J>E3-X z-^B)Q%a_kcS)PBGCbD;-eDWah&-!72iDmE;E`D+g*hx^q8C}PnV-f!%B9E&sUS@7S;{MS#8`;%pi)&EidcuO z50||#Qs-H{I##7tw>N_)Nu_K`_o?dP!aE4?y>Fy(%IXapv6hAkk`FgO5GsmF_(*)C zn}FE_nd1hSeO3j&K$2v;mh3izHYJ>4B;=|T9m!hx%=KqY+=o>z^Yme}Vx#{fNJUmr zr=HCC9s~2584(~6LcwbsV5t5UOg&cbrV%&Hgqg_wk3~KYtAhko@H*SBf@~z;KR3^A_D=xy^`i zf5PwOWXOWGw0a-k7M+A4D>oIO1J-Ls{#!2$OQ)gozWVuIa#vXTu1F(W7Iq9;E6Tj{T*mWVjC-@Ufm{ET$D(Xvh}Pe;HR_u@3Ue?$nlCO_8x zoXA;T>f8lSUG~zYhe>f>O&^~TXs)e-)D%o5tjbbxM7D-CT@Ju=>1$ce73;xUz;C6< zB(H^J_`dNj? zagBGIsSGoO^M2`wu1n+laRu}P`Ng!!xI9_!Evgyq%z#M}WCZmc@0eSD`s|w!%V2~c z#UY}R+B0OwCVUIEkpjT>=!eU|9Q0rLeE4fSIxO%r9wS|xj&J1_86@X7bW;v)YhoH0FX%P(u4lmK+rdp-Qj<-a&HTXY-CI1*IiJb(GiT(Q@0Dz$3bS zDgkCATZ}^3@Aam+`@(D2cfh@htp&H?I*>i3{RAZ?7dJXgjwY8Ba*8LCQ!=>x%2ABC zo1{RcFgI9H1OYk5j1nm;V=3MZSBS9+a{J(SQn61aQ zg0iXMJ`SOx(5I$ycnPW@&k;vl(xYWIjnkSFh;C)okE*+*wd6m=rW_nVr;N*e>l31y zeII-HB`a(sUFK_>6=QI`l%s#R1Jv_h2?PJn<1eZ`QPk3?lda#$BGmgujqKkuxW$ye(fBSx*=xX6z56JGRdS-_>u%$UcO`uDDKaGXbD6|u`+zE?@- zW=ZDd5b^t7SEXRx|30r8%2*>9338xE(IMRiPzki0dq@dsnP?Ioa;Dl-yPAin!Fs4D z{!$E;mJz?#N+z(a(2*d#bIRXH;sYm=`{)d@5{uCk)TEc#F}>48KtH$f$H}n-e?9{e zIqM@66BBJNj#}U%lWGAE6_2W5nqu*V?cMo(uCq2YoT_4^mPzh{M^o!bnXb zd?Zt3o{=EI7|azf97F%+szyMH=ulcU7FNt#-glyyEM`l-!h9LgLkc6y?YcsY3xiS| zC801Ffz%dky__tU(RZSnO-qVZVNit*2C)}8`Rd@C&37LcUxmRQc;CyzebLWQJY$D|gyL%KwmnJlavmQJWt)S{{JSfBxf3%W?2W2;#*qM1bDh5|OQP(<7)s4LijB-R8w**>n9vlgxW zXt@#qRVt(=c=zE0mESwS$w;!IW;QD~|B@7PLD!NMFcO?XW&<*tA#R{n7D)=dIR zr9dRuqi_EDK4;n*d_nfmd1X)mJkU(gs?nRP&A-(B#vkdE2`7|wy%S16anvY)idws@ z45pC(FJM<$*Z!&-M_YpD`kotm@`3_g4{#bxj|dHqOrA;rZXJj^ldkc@93*6;GFmJn zplGs1anY`rsYD=9#2y{|#FLQ$H{QS^zK0;srz^nt3(P%)CJCh137=X-9rhRtQjY=S zP}$kLGzP5q^?9_fzbKv7?L;B^ftH0TOXtV#=; zi4hsTIfGa*G&H*cQ8ow!Ci^78DBmE68B8`cTK~&`De6ujz)L(?txaD-bjND}>lnkR z7PW?R#IlOzcH`^-fx+APR31vOG^>H^-U@qzS5Pe?t_gPaOuCP>n1l-=&dY8cy+ZX? z1MFe$O?600SBV2V>&G}=6VwcSe$4$bKv{KV!8L*QJZeZ z%-b&}q$E);+Q5o!2pR;aKW??0yuZj2~{ z=k@2e%={}J)Qq_P`fjRGGe29vb=)fbnoaRAt;NlSrGf2Ybp_EHqb~(R_uCtIWt8Sk z0cb2o%tp-Q$gSBnj*|%R8f5kaLt<}-h-(UkY_N0c;z=JWwU2bAehQBihcqKlxN{ngWfFr)Q-rM^E)Dt4D z*L0`8Enjvk`MoM0-n}jKStTmKpM5*{iZ4@O5>tp%J2B_~M$)L8rYc+VKAvo)dCxV3 zwLa$t18N5>-8t~sDthv^ey&V7-Sjbhm(9o^r08^7RTD9Z3l<5TZvZ`p zcuc-tb*rtXuqsJ~QUcNWR62zqGc#rg#}XLa?jO`uMRB+kH}xrCAuuBgpC_&t0FqE-LNHq7`@2h~{*UApL6>4cO8cx>>ohtb0jiuz zG`}~J=5SB>Mn#>Qwuj)arQbMl6HI>&;ioHZjVQFregR^c~IHvSq#vE zggAfb<7|u>xa8!)LubMC`q=?HZE4UqkZs7zOvz=p73Hb8% zAM_^mg`NRL#M&??L&SWJDd`c`mwya>6j~yRQ>Rp3n|R}GfFD!G>yVbe|KuZxwMnah zQjwCJ$s^yS{F^w3eIyuyNY0R4bh;A%FD=&LHdnJw7aJH{_Zj+oO}aBE!~la-(GXRx zMeCQ_XlsMb0_h~7 z{tUWf0C)oh=u|$W!ItC-lGwnbfY%&K@UZ|oa;(~||0dsM60c`&-6@i)l@3PjV7-EL zcgJOQczQej^IiM#k>#vg@3g^127L`Tz^cOt{K89UmHG$)U*k2e4(hZBQkv*}D9RA6 z9Z3COtaDeQu$uYBpSouvEA5Rn!;zyEUS&tpz57eZI zPT!2-R3Y34kE1-|Dgw7$wvGMJ7%|W28DdP`@o4w|mA?(Gp*D#=yZ-%3GF~YSlBJDT z{$}a;lHe6jxMe$i&EKv~shcS<(~(@dS9c%}%c9Lb#WRDqn(xeVUq%=u+eoEjD&oLI zhk(nc^Dm^ovn778%HL?w`GUKSwes}VA5x$g(r}}7Zy^4KxA_`>83lMcH7^b~e>T}$ zAS^IKBa2EZIV;t!+j}#Lh2m7(8zV^_&AKWakkK=*VaduZ_h-#Usx5zzScwqHXcm%| zjHFoW()mrn$>SP!V5>1*b6r>WVx&lG==T#o2YfZP6csQ?9UcnQv?5OO;RI^p^LGI9 zw?}itA`AhLC+WM6!Cydv1SNt|wLt&+t81?Lxq8)_A)$uZ3*dlK9dWBRyWCb&V7sGv zDP8$F8JE@VOQs!Bjv`lS4Mk2j>L&RPTU}6Wi(o*ac#6BnxCsfSwSHJ`p8)w zd-HS!1;!s7?K_($R9j=8Imbh8x@xUUFC-d`P%9bnZyT@NhD^w;6o2ATQ18B-9{*md z^(*}VaK!k#>V(7DYkc@hKGcANBp6GcBb$%tEEa(B=-S6W*%vfL3wg6$E_43+=LPuw z`Pv393gvMXOqkqID#burXT!O>=Xbw7@&-Z($QmF<9{IpP@xyCClyd_ar+GW=Be~~OhouiP^F^on0jxExMvFhDxz-q{zM2Su~` z>ZVwv3>s|Ty}h|CzXNj|hO87%nP1?QfDf=3FN0Ajao>>g^bnZYGd&cNJiaUZn(`;? zzk;t>oNG|856$Up*mz`7V0Xgxvas9RobIi9Xg;U@+yoah(Vvucw^nak!`a@{xP^$y z%!osCx4}FeRxkU_pf}LTnK>Z6`3$J15Z)(qT*?OJGi}@ZKR39c>fJVdGQAhdOS`3rtJ>BA(}xI zyEC{7rH@ED|9Ra>cmVuRuvSX{!(~KVSocgxxxRD8A`1n`XHbuy(3c|ie4V7Oe>AT= z9R>ttObHW`{}5g`f&;mf=l|L2nScO46N!<+i~gHq!X+#q23aOLSRTAO7Vdn4zY~Wg*0a5mpSi-3{XSCPu_;?2F znVA(4zV;}#mumY!W8Hl4pg32*Rzzc@$l)#M-AF1gNC(UI5VB?q92uOqAo@H%0eQ)j zOc=x*$$G@12pTybfaRr`HSda3Ndljx`}7lX(bj2fk|2aX+UkwWmAggS@B!eK z@$ySZ4vqfuw0|YvXu&oJV2MZzAyl_Wt{zkg&hw(!T_4wlT|^JFsj&r{mI;XM7{Cok zhgt9*D4Q=q>yrmQ{vB*fgzdg?%_a9yrty88xkaBI+I!LxBkSLtgsAu|y6M=!_Vw*c zvH_^Ftk55R#}bHLM&OTQz%$Ioo4zezk92TAH5&tbb~|9vbE$$8Zqgv0b0Q%F8UWNL zJb&tC>6B%|4`4{>dmlM7{<>@6$qYC=8fN{BkW!+MieZ?>CE2G8SeOHKo{xV)Op3Zr zfqCKjqf)Sot3e)M2MkOelqr6+r2M_W`{*VT6@h@)&~_`vA*W{@g5DXVrM60F{iVbh zu{^n}fbkP~x(*cRRPSVky37o9-hg#VB%pWgc{VmqOE253&@h$XIfV>JYW!RIeTitr#kVOPt7@NDSJBy(4G!U+5E`I@^ zKo&7JE}3Wz4gpoB7?BvHdQx28AcCL^u0}9r>;|4^`zWD%RRzle{z=h6!e$K++x4!E zx&u4+{iTe7(la)XK)W!7xXA9cJ^u+1KWFy%p(&QiJlDNS2T7$io5?!8XVH&0YVRtI z8^vcCw>($ml(M0MWXt=&{0sjVQAQ9iqQRxf?ieJ5&qP#!1iAvQ&PO+%U^L^_EmfcX zAHYDW+=Z?cqb+Ysz9@|0?724r9Iq)y=$@FF@7s!$!YJ}Tn!5^@n z(v17PaZ&!Yh_k4vWuifuRdk!E(Ik-61O6_cbATOz!k1!;#qiwBsC|7j4vkv_n+VMm zt`6%oMXF#Sbt*j$A&vT53_lD8^iB;tdH)Zz(9#qkDfQ4OnQ4m0<`X6OT@$7A)WF zHWj~43U~sIbE3InP;SU_IK}^wByJ@eer=@ch+;DlbNbr$1LyzX2;y%0=5692lDV4x zI)NdJ&8fQ&8`Mdq;;)?i%74;BOYK0w$O>qCo)?G8l-bG`@67kYiQE+*v1hIdI{=y))L;HhedUl>9VKZ zC7TjT#VA&KXn=Q6e9FdA;?`&SxMY&epN`Jzp+G3E!xR7IB7;geql~uGNaCAtYFQ3PrL)jUeV`^xfSLZOE zviBWe#3dp|T;?1ag&jBqMOxIe9Kb9X&!PV>UEa^trSfzXnwCl^NarjCTD#gM??K!X z+(+QTpQ~C(QllNJso`}Dxwu#)zMGOn6bSp{3!>W>3x-+?TlKU0wjDrTn5~S-)nUSo zJBSqIjl?+7^h>MN!b}Ca0ew8rH)VsDq3tmvJXYx_z5agXvOpR3!d-9ws)GH5r(5!L z@yK>l+ULAxhIS)m>>?JM#)>g{&S@@JxlRb_ox0 zgB5;m`m^#=)^XY7{3FKgmnRGlyib05^O}@sNN+8>?X5MmJ@G}&yvDdY()<{&#EYJ# z5Twau_hk)AF~(LmRBj#8tdgq#0<0l7#-BP+`e?{$o|^C)EiqTlX{Sg=y+y1;R*TvW zxg9)vR~dTM_e1_~-+*j{>&t_ig{fqUqeub)IYJ);da zgx`7uz!V!zP4+R=rghCZ=IQjVL%^#f&!9|TD7(5ssfu-unZBjH3u+LOL>TmQ#n2QN zg2Bcu6Dy>sKJRXhg-YZ)uMYF7YM2WDsnJf5rp(m*LW>>-sKJA4 zcE4H|+l=rDyR60;jYHAVFZc^G;)R7D^3uQ#e*;X}3+*MZgde6mdP2TJ`ecyq3a5<; zJ+R+c-g^vPmUDoH5YGDIg2x)C-g|ZM&agrAR0RBV1_;S|s9i&u(`^W#9zuQ)NqqvO z$26$jA_c591^8wyzsbhZq6wgUiiOm5AsHx5dE^%Y)+#1rAOu;fRsJdDgNS^ch}i>M z_9P7fghCdgty;;i{uUue69L^i24HZT=4Woc2|odF9}ED!nJSFTMB$6jD-;DkkfM)p zI!I~p1dqJqrLtJocYle-%ri1AkkGSaPuHAB_4ro)Kh(W>IMjdpH_SAav5rwuqQTgg z$WmFyzGlr96{2s6P?jOvNTTdZDN9*eM4}``HKG*SktoKRJ(N_BV1fEka{0G!w;_A6|>^ePesiA=o}cnETh1WUiM zx!6w!fTSf7W}~v;&9meRze8{p*%`4pEM@bS{qHJ4AEwqqZC|MAy>r+JNzCX}f@w@n z!$DRZJS&QUu~*+5F+)XafL?HR&j;QgJ!-Sc^j`)q*3sDkBMBXjwbDco3vTm#d|+We zB0iukk$?i~Fsr1En%#B0u?GQ1G2Zw--}D&mAa|1~9JF45ELV)wYCo;E0$InWy|)L= zk~|xvaKD*ju}d)hyPMb_0-~6VK~7e)!Tr0Kc$*0l=7Q@zu=^WgS>_laK5d#jry3)2 zd~~6|eR>bN%9b0hca!!{(hD^}h!*zkjS0&;-CoRz}@JR($N#)Kly=wmjvo%PU`xNflI%Y#~nejihwyS zFzMIaN_`6VB1xTjWtx`wLVEH}vt0*x=1g^d4)HgzQ&yHE(%( ziKV>;A5+8W^+`|NhZ^l;A_Z+f)Q87n2)9pwM=#E5H5*!SOAk$Dok? z%IfQZX75_5XjZ=rt)D+?J!<8_SK*q-kyJj}`=H035G?Yt27KZwC`Q}sCx=Nh_TtHltiqKwBYOO>XOi(dbehjQ< zmxD1JkLVd&f6PX_KQ`iLN0V!$%VtzV*jZpOx3TdOAhzqu3d_2Irk? z*gBnOH|XW|zmEcVeUF48V3m1zUFn?B$n1G3s%0j#F@!myhbU7Kae?sh&V zN@)hrz%-PRw$B&Bi!7X6s|U*lzVK;f7Q zykO|LXR1bQ6>q2UKeS3_oY03D~KH z$S01x^$@&r?XB9u*JQXK5N?$XO8L@KQJA=c$dwR(sej$+rs5hlo?YI6&DX4u{5szaIM9C9O0fJ7o2I{SN)pOqP?SqwKSJe9VOy$Qw}Ko)UDXGRpk zH^7=(fZx_@?FVR>)a;NFxYW6-h_Dg$ThN+VBT2_VG<0#XZ_Wzri?9vg9ze-wJ|$k@ zwnI{PHCgIm_-C`BIc$MD8tV-JkzH~Qe8eW`h{21o_f~9pdOn00L+3wXn-5x}=MY<$ zElsT*e^Y#_#NwP4BKT00i;Tm;5R~V)Fp%^6=;VFg^@1BFV7i7%CZUSY;Y9CaHEN=J zhoyDL)SwcY!HTG$;UPd5)UqnZ_uJt zB7ghNDF(mMqtmn&o4JG7XUL29J*dK7irR*sobzA$bl+4}F2miWj_&N+tW{@rKwIGO zju>#{$=yRq*XzH&)HElfK_W33K$li%y0APIGb~76MN3~>jDoLh#!^JIuQLSph&MP3 zIDBaYpFr`Zoa+q_?;c*>N`2J&N_Ryb5GJG^eAc(J96G$O=-vK}9K2q_5yBIc+3J(2 z_$8{6`N@#|jH9v+^iEY47F}&TNpbW-HL#&dY!ZoH3JjaR_qmv3G!_o&yZT9Gb?rsn-b4g3f zwIC76q*z5TXUf$y2!|BPbqx;`T2JhvNW>8-4 zDfzRT8=nUQD+FdCQt(1B4%OvZ-9*2`-o_Nn@ssa=w*s}@k>C9_buYCof zLGaKsXCwgotj1P@RX{m9zRUY7!!Ni1LePOT_?wyJO@tf(DK_auI70%> znE1j;&&Ybe9`)JaJ>uuJkJqFh0W`)uts0P*l+C&o#Q_YZOcYXCaPo_%lOy>4m!iUr z|8GTwvJV^k(;y%cDZM44mzUnc!1)0np8FvX#R5%JSv>@^A;KGg$m3q4uM1;U+5gi3 zQF#d5U*j9!dVD(wvTM8B2X@NruD-Sky_8lQm*ovB(wUyz#WII{E2iuvoMwt`z%$Yu zu`qATLyHi63&-0FV})iu=P+~JGX}e11uDmn2O_^ux*#*gWZ$EGFbv2?|9W?^1k$vD zf!YYT;l81&W)XWa68JJuhbMt0im@UB13ClypL_2eHNstdk-M!GhCe6-={FH(*U8UJ;;`_7D*ij*2H#r?Bz=+MfYy} zL$W#o(ag!dMn&@A*h(jY&BxT{zy=cD0|T+z4&oew4zD*agvM!9`}gftdK}9eVQMoC zE;($md;tbH3Ol56_z#X^%YXDNyY`|8L~+zgrh_3rVZFFU9}0e&(x-nL@34SW?n_NZ zke-VaLP4Umfz8#c>R^o9gBt+^kPhCv^oFLbH{ej^LsMd_inkyC#xd-lpmh$zlT z%We6=5F##DuT%Z21=w@{+O>ddPp-xD;02%`#wX+ejW+hq=gc4gh#NlRolc?Q3Is>( z?WtGi>OYizP3&ARt{NZ~&x>D!YeHICXMeqJYm6<4X>%&{gS&4r4X`llY=SSJu)T3S z0F0SbY3d1uxt(Tae3q}s@{C3#pQw1{6lzaF?Ok5A(;uf5;SDs^FR}HV;5alXRh2Hiawp^cAWt zwZbbfq1Hh!X1z?#{LR?uRw z(K;l&Wy{;occlBj?JRkIyWWOidUW*8(ZaTl17U!cnbY^^LJDH8i}5kfWTr*CZ?0Ue zp`wPB_gP<7CvN=Ke(v6~px)b}xX2F6_{AzR6r-xw=6`&@OT*;zEVcsWS?R550==R~n zP;d;H;aVI+X2=aP!(aIdzc$@P6bsbqMF>Qc&})!G z0%(E*!@|NyXByp0k`I+`54t=?yuva7W#Hct1=`yOQIk%{9^6)RFt_6 z!HR!hVt@e=)Uve~o^lHooOVG{h&FX$ZjdgRdSUwU;=Oxo&OR&WzcG!v2w)4Xeq%yO z6EESsczeJF&7khbFbm9-D8jjh1U~U0xJ2Go?KimxlaJwXITka+z}tUQ4=cC))fZ+{ z)7OK(@cWcN_1`>0F)OAbFNhbu{?YU_fg>Yfn;Pd|#r<)9kTn`K8R1wGA1q>TtZF@| z*YF9|(uKrCbCugRe+n+4QkM$9t+;q6I{MN{^xEJLo(}`Z5!zFMR$1h?$iWPORMXRs zR-!)KIehNj9UEc5gin*cGI|~8qXeaFpiORAJP6=S{&h+1@Na2Am8*69w8;mF#yYc+ zztR?Et4nZ9#im}xTj}XYIlT=~;dJtoF@0=w_9sIqwuw+1K7So$OoxA;ltE0lsZY+oU5pOHp-`N} z_q{*-lx3Pi!k4v4n`)`cY=Q9*{?rm^{&_HR8SgzlrRGxOdwvtjJZo9y6wKX%Mqlee zLGyL{5yXut0rYhaC;-#{!e!*#6fH*CJmZ}=il=&VS}#L<=I-{|$B#609@ zLNN4a9Tk;*ZjR;7qU&UL*;v8|f4LTP6B9f=cE_l(B(+1g714E2xt-aK0yR_yaO|@t zB4G^P>L6b{2T>YDaovmfd5ey@d+43yoxUC&6J{~s)FFaK zL@@r;iJdu0dfrb?ZpI9PiZ#|l(z>P)brCr1#I2l7 zAc+leJ$*;4J2JU4OqKH!SI58Cyt*S?PB$d}jN5$#C~AZfoqTvhX_b{;#>Olc z#@uhn#QZTIT_2x}ig(mrgEq3a{}5U*kS$OMa1KFOSOFGb$DW5JMGa4Y@q2r{ z7fLnE{|+VaMiJg_!dHpo{T}ZW<8Lx1&a2eU0usnJV2*Z0_I^Lq)7Cd#dx_`U zkkh%@=m?8Z!@0{UD#p(Q(d>(KDW7oz+tcuOsr`J%Gy(_WUPX>9Ime%B-1GR!yE_qF z=Z0S7zTXqltlq_K%@esd31Q~82y28B(SCLFOfq)mIFVrpl5AZrlxD#g(%3WeYqRUe9Acs4r^IvB>3n! zFm&?V8Ur=w_}aPZR~_os6A4cmY}VJCxI?%)L`e%-|2**^KbF)L=c0qoT)6Tnf=Y&i z7w8*kTzqae{lT<+ZOk5JPS(9lZb|4ZDDW$Dul#%!jq*_gx=(IZicpUH6%-r@FZK>_ z$R?3_Tkn@^&9~dzf%I2x2uWXt&y%&-VvRC0@Lp#M3z0q6WefXq(9T}pMjNilWk`g| zme%*>rg#dnHtM0pPH^g&1NNAePigoB8KBsz?Kv`W^Puf3^UL`V=k34f=J&NabKmDzs*#<+-litkb{DXlBTSc~dnKFTKB!ome_B`dmkr(PxpWU9! zoZwc(nN8bp@#-be?AP$&58>=<_!eX7?)fm*l-Ii;Eo|@5H{rHpaUuk%cDL2i%zPY= zRug5LVBe+kE!Bac9VN%kQBKB^gQR7>^H)ng8B-_`!}h?#xf}|T&j?8r>95 zRsT~L(_&sA1b7MS{`IeCU=yO24Ys^qH7pV;cOXFfB9kxUONC#HLq5TPQI_sMjR^pZ zU^?;q${+J$RVPXfAkx^1PyT%lc76=S3CE9%V<4cbubbTflfJy`t&*WtrX_Z}*Z$ZB zqt)hzNPUegk=&u3ep#L7=AXf&-GqzhrWrLi4Oq;b}cGGQ=tM3p+I9W4=By7t2Bh3E&(ZWtM;_Ur<2F|!4p@5wDP@_ zL2eXbnWq)D)yx={NVyCQ4oZM7!44J)AqGP*UKA<`q?=y3wzaYV#%L5;THFRcyJv8l z2~W78GOY+-^Tc;y1zvj$%b;HKN<4P37)S{8_f)hf)E0Ava z31V$wiy9eVh;oi82pK|CAYNra0YC$5^K*&{&mdT0cPRuD&c)JH-ok<+mj~f@=0Ie1 z#~c=UDMH7U4JGwC46Y^68lbkx|H-k<@X;Ewqo+5uk3>9C#8? zllw56l=p;IYbCKCR0i4qywWY%dCLZy7AQwUty>=L8eqm?E+Tx2g7-g5rU7}?B!gCS zNdVa4<7fr?O>a;c`gB@>w6_GvZSy?Xo0AvYl(-T2=$KXkYaaNK|*^BU(S9bU|n@jA6^s(L_hAfocV=Hx((Q!D8VSx}&on zr>Dh!pw;~v8wMhbbjD9uZWno%*uOy!xZ1O)W%P6;;qrVYiWlCo)5F4)7>u(?T1x!^ zm+s7?b>}3wZj8p2)|sNr;UaziQ_s46 zHxHFd^L#n#Ax5U-8y*)e?dSf9MCXNHk3Oip1(#q7>LM>768377G#q1Tro>%X zlnVuFD;|e==xLTDX`(`p(r20K_-So?T3K?El250lyQ0wf#4ZSDUreEwUWgb20w!n% zZ|{L~3LgX?p`J+_hgdeS%O&6CdmxGi&jAk>UV5n^9uE&T1xW~j0{>6U`!tiIejyAoTVde9!uQY}G^z7|spJQnzq$mx!X9-EOH|D}x;j=VpGMu1GdOyaN|=$@)W` z`#C|Q1~=FpBi9e6j2B0O7e{{UA6-FKKDgB$qM$gnZvgs09(x?AYQD*lAEeM8V8 zAsM_2fbry#rsn2W$gOCsYd)BNg6S8mS9y4J^tC9uMfYn8{E^m`o6u@vNzkv`fs+); z$sr@j06gFdU~bAl$>ML$ATkR4lJ5n4W~Xx??XyUzrFa&8oii|9F^6vxTl8`<6Nqp(BF} zS{69y{Pi)2ZP3Zn;%WoVH;LMBQU1ZC4#()8;l%u#A<)`c27w^z%p=k8Fd?Ig zGEPa`(9IU2u)F%T(Y@cxkXz+Ni(x+UB?TPSKhrp z>S+(+K5uvmwD}X11*ZwDGvFN#X3RjK)y{+{{XN3muT0=bMVhu2{@CP|g=XD$9m>9M z8lH|K5i@$!ZCC??+RFYS4v!PNE}O3lzMG;+q3lbm{n4ry7d_Gfd^H&|~*52+U(d_|{lyG$}YiY4>#j!w+au)Voib0J2 z?5^_tnq44<=&L%CeG(=bWXZe?itV`$r+sE{8Qt*Im;%hKl9{>ZXs( z?%D>CQ5$rl>V3N^^>A2<(cH+3GM*EQb!g})zjq`ke^Ua?104XXlnAqO5$ zOOT)z4oEJ^u-WhT*y1)@%Nc+CAzDznUcx4LVSnnjklq&R4ZIhOf4in=uQ?5~A3b-< z1(V;6_)dIK65XY#CjuNFvM(`>Zs`TDqpCN276!>BwCSA8JsgB49(PCX1101nas++g zR2N?fiur|-edW72`?^JZF_rAlcE3S*9&{re^4vowgd(7>Ma|1;i6*$x%6Ygv==yI! z12R8*mDu)FZwF+z-y_&0JctRs3i{BN9zue~QdP5%rvGpZTfL>ABRP+|UJLKKEV<8( z@8Yq+r`*FE^dNY0%^Tcuh*<*51@LI@xzHK{fSz*Hx_fhmE=jcwB1+qM(47e`J4kIkFIBGZ3h*xHLs7Y&Z;@*feUdhxwhsRZ~c zy?ihXk3O-k^U!yMOh?veyJM>b&0eYw$82a|n5$`zp+3uh3{%zCV$XS!;2@$NALID- z-HFB%q#LL=QGw<{^M_7PfhWdst@uIJUbVO%tc({!u0_Mlxq?f=XT{welrgUx;M_z)k#NU)Hc#MYJ1)H|83c!DI=;sw;c{W3*T52s@SQ}VRH87o#Cv%s_IT- zvaZv=^&7-D$jpnN#PAcr&`0ZgvdJ;P2WxnHTIu~Egc*Gz(5ZXBpZ0oH@M&VXy%)zk z*M0b=8FZ-jbv~U8O}!aRV;LmNHbcyc_zVD9tzZ|c=lSsMOW#T~TL1&2H>F82KTTUO zY=RU(OCo?h>j7&5A+`6Wc$JM6=u0Bsg11Hz66UQ|p#t1xo7MFb>yEtf7?@Z|bW@j0 zd!Q5Qx_tEmjJecy$elrmnn@Gkl5}EMg?A%#19qTtG?QKPPjI>kDE{YuWhnr`U=e|(O_v6reEiqb>Y;ER>@|6Y0iPi-MXtx?S{@Szkr7RU z4(&Vyjzk)v&JCPdWi^Azk71ck;Gzr!iY|1g>O;dv4~hW2)@A4ofYHrZ93Nq26jzj5 z?9PASC;9-8=@_B_%B;a)a2bf}lzEU6oxb_IyX2M5Vq4%xs4&^YLlBLM3hqDs+t8<5 z!U0dPtD()@lvs&Hv3+3g+jS8+E`f#@o&dYTx_ygx)J7seVwD9=K`V5S-thbyX9gDm z`a{yZG0=%26*tPz%)SXN9RntJxSnNsLDg({8;PgcaD?1_XU#LX_YyME+zS2Z%d3y$`5X*l6bf#6%g^7(#bRqM~}e$G>PJqqN3D zXwwP&{KeQOkkLB~FgjXQL{$Jpz^>61qK#&p`#@T?>-_YjFYM~<36b;`?;a>k?j1*c zeD>6Z!M^3Q^^1?8>Y)%gil`xu96=RWC>k7>`|mNLdT;gIorM=i4%;E$5XyVr3`bTW{Ha6vPck z(REO{s5Nphd0V@fVjEmO*Il={WTlWJ1f9JA4TE2Nti9{IzZ24qdh&`Pf&IwI3gvHNC4i# za~SbA4U1jsj1Y~lC4Z`=2`KDtPv_-y)`iw}ztG(H+I8zBAhF@=?u*+rgLf=POcY9R zZ42|+Z#Uk)>33;QUMNhVXr^d`;W6SxeY^0*+jO&?1;rsCPeE^**n;Pk@>9iLxVWx*nF z*$)s&S?B4X#T9>h8QMizJ~hCBz4^CZEwQ?rEwNv`sbIatriW&%WD$ZRl&Z(qHNi&Z ze2OXF4W$WyRwN6hO~W%WoPQwh)w5ANKyw!s2=dJZU~G4%Ler!WS2Gd6egLaiKNIJk z!zK`wkOSbl1q6zqjjoSK+JT-wBqAy-&l5|a*#YeWOJOO?x#_>jT$>T*`7=9Mq{3GN}>P3G6$ z!Bkg#V5f#mW zQ!g(Jy|=VBoBJ^PYzCd{BEQLUaHi`UGVz{hOtUAEZcFP0DD&f-6Pf<`;9Pq5;9+O{ z!s;~S;c>&@?TJWUMO7g`-@R)i1*y0Lp3%(GGPy%YfPW!qL zzlN_CIps!lI8Mi3bi*Cgx%K0d-5dk~q8sBy%i-Cp1@&_8!cYnWOO^iDL&b?Sp!d+o zN)Ql`f*?bssj5yfmc%>1&U7-^X&W3}+rY9@%v~@ZL9!@A5u`eI%B4NH67Rg!+|3Y< z!8iPaFD4ZBvKC=Q_~j(wbNar~?{B9dfDx>yx&=~zz%iQ&^rQ%QalkpdWC3_NUtaua zwbIk$V;qo(Aot}EW8y;}$5v)IMBwQz23F@Y!W(Gcu~9#V1vY2|T?75r)3JA;BHIzY zTu<-eNQ`abcwi{B+Og2qP$4dtv)_=j_2BtcOcLU0tsf~ z=}^w&t~OM+*rD&YV~^@t^h5ds zHZcP@L%LZ%cN*!%fti%@fB5rCadJU->LAJ%gl2;QKtWpD5G2WFA=mhR?K^zmkKeMt z`{H`v8%MRgkUw}_+*zhLMy#E|4j|Ff0L^1q2N@Lg9N6B?z+Nx}*|wP|3yt#-fW;C3 z#K1~Jwb*!5ghZ2aA?Dc$~6n2 z?gLLB9`FHlXzT6*FZ~?$rIWw_BGMBGk?E zFr;d%+YZH|7z{X10mDcF=iv6KML_71Ae;G9j!xu#J^_Kx)o9U$F;EuC06qyRD=R;R z1~D1hr;QLX6+HB{=2iOGO%^BDOxMq73vhP?09PjKHb;I-w*?VpqwC^);6i69=xUy7 zeyJb4liWMmK3p5MIPUa*sc`q_wB+DwaRqcLP}BHnX`Jz<&kXvPt z?(6e=6*0LQ$*BGG?OeZe>;Y!Wem}U{O5EXsPJ*JUp`|Fe9%Wu3Z5gZqxE>#Vpe?8H zG=mrpbLqM8QNwn|Dn#K#PR{J?>DXe!;7jy@U9UA-KzA zbJov8CYK|3HaU+ZDS6!^39vu=4=#JRKkIS~AQct{~?k9`l zSdbhWxhF7gux4-p*{Wo|v;w=ZEA2C!Kv{Ib9Y;%uR%@yV(gI=q$+U0#<&XD#KI43J zqJ3D5eI8sh=7ypbSAgUhxbgef_RzlG?*126q24ZsgtSSH;|kpjx^TT1lQnz1vsy^RHBqNoxJ4wCs<($4uC=d>*r3I zS|7$rwaR?0Ptezu3Ff+KDt}KnI07yq(p`2D*m=eDN}_<>Q55cobz%*y=i*{QL{}RI zL)-0=W#8mZ`97YVEZn(z;Jd59k*Yosp#CR$2u{^>rv0XmtDFupfF9J11DO-o=*B!Q z6K;yZW<2>b!oq(^7op}t6Y(#wpUMP$01j`u{;&9plokQc{`{Y2$ZKR&4j91=;fyB} zT^LSv^ixoBe3J4rDmdfDX+dnGUmAy?eo8WhMFL*ECDzNL%8Jg z1elU7A|mP`)ZYQc?1EfoeWOyzDx2WI+W8eOe$WyGXSu+pk@IkX?$76hkGd1t`#(J_ z9`-P&Lr?7C<1+IC1PpoKCO_D72q?;@YRx4;tZnB%mzz_BGvng0Xgf=uZuDMAF%n1B z4!~p!5Mp`3k#{`_(sf!POVAt60-xXT8qr>tLoivs(m?Up#3i_v;-WXd(dUE!?6Iz@ z;*;_`d8J6h3obTO7;zj5(d-LJrJSC|^=S4r1B9OCCrprX$aS|DPchzo_lN>A5%*@m zC}su&2Ez7_j=hyY(msG!U7;hGzCoFWPP397KH4)uYhQ3hgE6MIcpvaa3qnFz&VJ#0 zAyXGXwqyp1uM()dErX~I-Mo_zVSbPjG@ivaF_VYV$BT-Ju%2uMgqa(TH!h$EvsENJ zP$Na|fB5ta$!F4`633@Il>WmJZwDv4C|YMr;Kkz?(CV=#Cn&eEm=TzltX#kxDG%?> z;r7wpHNG-H$2i^&K?DitgzW~r047*VvTCo@$8>_E)^lpPc;16dlQ*u|_eg|w{pE)^ zym(br6=v23-c9pWNO+ioSb-L3QMER90J@BpmeLxJf`14}Ls6s?0014zf;A0E`H1ZT ze=eeE<{*OK9J-Ve({wSB)?psF#}32sP~{l?rdvsztUR}(iLDY7EDGE?6NQXoF!T-I zZ>{37W*^W~a%DBp#uFLmtJmY%94oF@>~_Fb?6SnoA>`ALhdTP~5QnQirqm+Fb11q# zdZGW+%8goikAp^1mYN3)eJ^zuI2`gLDgMkP2^`Lv!$?qClDrs|Y#k1eiK8 zn%O%!bYSTRUF85beA?fU7Ubsgfx~OabSPs!HEh$PVOK?%F3B@iG#SPjsB3YX(yU=E zJMX#C(SuO#Qkun;>*5lz`esb84(kz>U}{3arw-w#L*myl*K56W9ca8?|EB+8JCW%P zz?zO?G?h;C2S%=qu{2=t%dcDs7rHeD44QM7x%i}oJ9sXRLh|k+#=TX+Bu1HZc4F(s zO+FaP(a|EKGbMoZz=zH6bIe&69c_kKIIt2%jn&2O;K0_HQbf8_cpEg;)C8oJe)FmI zDN81>!%AbfP$qaC`uJT_Z$Ds`Alnjb^5j8RO#8D+|*Ihce7U!q>-L zwxCz&jFz^0*QLatl7pP`)sf-==z;{F;5a>eV_w zU4;v6;IJ+Sa$LNd1+gI#E+9e0bXl$tv@_@r(G49CmH$Xu7sx{(h0{gIpf-mHhfNcJ zKp|9c>|*5i^Mkc;%*g2>zwVCU@vN7R{r?t-!%#6qCkr4A47mk6q<{&{0Hs`WI4re& z@;=J%{*HY>OnXDqh~&9wv**i!1)cw9dKiWsXo-M>?}2t#0#=>a{p4;;131nC;!8=8 zI>9jJ0L9gf0u+$C;;%6WC7vQ{LG1pt|Cm6iJ5iX)V!)<)lmBi&_+2n=aQEil@9ZbL_p(j}$j0{a!fiT|#KTtQBNTgRAt7&Z_$_`QL} z^J$<~eFoV7Fnq9R*$3Lyh0;}!`53B$lNd=uV>eh_%i@>}4Iwb4{U2bvuYUx8rCk4Q zk4Dyeps_})RB%ZkjWq-IxE@G#WbX+^yMod1fjj*lEHK6u!rw~b??OOaf7L^f{#@Jo z>B9#Q3*Ma?GXC?8OaOLdXh<{$Kd<1--s3C3e`K35?`8S@{{$DBCp-W#aRyTSfb|$T zZqUMx7L8*gNpm?!CItD>io26WkM@E5=?**fE9eQ(7WwR2X&^WVJEU*J_a=LURecQW zLG9YmWdlo_(7E{j7myJ{Z>;u6KKj$~lv~igix3jhp&|VgTF7m9ZsZR}D8+RQtKqR7 z+bB~@D~|BjH+;VbfrAtXWZe-qSF+Lg&Ejqp&8v$1i4DKK}k$9e>VKq`-%MWnAE2I|F8No!428W8F6 zR%rr_1|ZkU?&@+5mL9Mt1`P}hc+HP@+}}Q*+%LLM|2e|Ag03f^ss(?}lH7Ylg>Hj< zwG+fXqHRw%z=8}8d2LX_5;lP#VQo`9QD;q~Ou|Zx(;5SP=T4m7HHciciDj*lgS+n> zOhTpm@k(cM&I7#n99$DwId7WpEq-?dxbsu?6Td(I3Sc4@ytpUNR;=u}?v=x$XtdgB z!}fqnr{9saUVtQXm*sPCi6i7L_R?F_(*Q*6P|gu+m#(zP+NjJPb8`C|y?VI%GEsbl zp8?qyVRmc=TM7uVG1?uc_A|QeBY(t)l{{3{_=2m4gmZt_fT+JP_Pj7GiMC}fukCrN zlw9^t6RY&nfzM-1mVGDj4U-$O@46+w#dMsA&LV=ce|3|&*zgeG?WSY7%i4xB`unFdx!K!_1T!Qq#&7mKynUuvTvgP@2 z!P0)>m%FBBm6t2J)@Y39N$#}Y^Ma|Zl@bK#8wGrv(D0S$vT1&x?frQYGDm^e_RG zFcBlOOV*-i8FU>yE+gd*J1gDRO33IQa>g*835c%?F;iF^lU)|}m#XLAm56CuF*R#R zWMkWmTl}X?Ry9LpBCg9Zjj6~b3rmn?xOf=d_)Kcd4HlfuA=|e#ey%Ielo`YhdX;1v zJ85w^9AzDV#et$vk^xx#hK?Z;g|#}^lU^W2Bzuw64p=h@E7780`N*+3EkN`LBz^7l`R5N#PdX!R@X zii66%Q{%#m)wzrsfO?9T4-9%%Ybi|O2 z)Ai9Wz1mU*Xn_p0jL)FvbbJTUsB9kXX&>f%+5+S&O3!JKzTmxVL20pJ%MKG zMaw7>JOs_t=$l6%5bPX^&H$)^ku3sBCySt?cS@BvpRSH^6lx~m4&D1==HPL>S3@8VwVIX1+RjKH` zK+bC2`jLO({iEf}^|mvnexRj!xUziw9x!`^o6*ZZucAx^9uck4W%nZz%(^)8&_L0r zoBMRim8_SW%E6*gEwtRr3UX+f8lC|fHH-1n!FkyFw1~D)a;4LywbAPt*&RW-D zZ%_O6zP@nc+kH@EhTr^zbiE-en~13$9}b6`>)N0C9OZSJNSm>-Nb^URt-)@MJ&nsP z`;Mg6AY>cAC<~3<5x&o`-Bd}ELoHQQIQ03a+95=og1z}HkbW{wl5Q(#Km~Yz$2w}2 zTf%vm@r+P}h1$~#u*9qsmi5s-UAKpg9Ycvy1vX^~!3{Z+Xv=-*SIul3%FavK?3rhv z0rRm1piV_@u-m@rrHA$$Lz5y<`!FyCZ5u&BCh;PH6%E=cUF$zm$3YdO zTnahD5uiUtVmIV}(psRO*y`~Z8#Y>a3adLhl9hGrZQjLJ8F8jB>~;WsbZk@nZYt<$ zdc?fNpVe>*SbLU+>V*8pd#BI*gw=Z!RlB+5JZcGz3i#?@#?J?tkA$GS8$Sh5TjxGl z_IrHq%t|tpE150Zx|0icVF&Locixvf|M|YAta|qWl1d`YjIS0vK1XV`&~lca4v;>h zb3LUla4=p28odyo-*CD6Jb<`0pGeTES`A0R;sl@L0GSB)^i&@zuF(doOp2egGu%eq zy}++Ge}@d;Qa_N61^IHe>tFi7+EP)Hr2^{#_k(EC?D>TfEtry>@&LylQ;UYL(%~W4 zWv)lSyJI2uhn~v{r((kCb#PQ2Jk#Lqz zNa!$3#xJ)+SDU$~;*oCnXYk=w{386mnt8R4>r->^c)K!4Kd;{wLW>5xwZL_q;#a|m z)>5|EgEMFlD4>cu?tLq|P-C1{q#!py-CZT)aIV|?V2SDOE@)4@d0RSgey3AYoq9lH zRk}^6;!($i6F;N*&wu*8tifT{ps)1u;@X@>1MWt4Azs|HM!#coP&HY?Fn7Q7wSfM| zn7a>m^jEA4eU1G0z4)&>6puDsg*}ODSm~q`vvwIBpyU=Z*Yp0A8lY0FSQ}kq<3#yO zh6==IPUqNz=D1z9rqSUhZ2B2)7ps>v4LGv}T!o*sJ)b?zTLuS|to1AKjke>dVVhr> zsU*`C8jrQsuTsvlT+&b2S`M^C|&sF~Vo2C^aDi1dA^|r*2%Uhu~ zPUpH5f9*fsmZRJ~SNMsST^I?~56@s8l_u*dL}Tctn5GiJw}kTL!lmWKNG>j>uiVNsv`p%FSK5 zDgGZ(QHrWyDabpmp6DMmG&1@W+8AdEm_TR(?qkrsg3VSezk^l09~M4N-Uk>Sc0~&R zRPd$cp~r38miC<=Gz>bQQ*voV;G4R2Uxi=)z3IeVLw>wMda*QF_6#VZ>?7UB&1;WS zx3TP>en{|KlZIb|mMKu$c)b0s3YG)4Sl(Vp9X@)HeN^VruV${mjawdk%LqS^Tu_iK zC>Gi9KJxs>V@;U{zYq7n6WL^an;7J~cEF=8@pH*}msXDA}UD($H z>!kXRM4Q(fvYpr+uj4cy(j+eWkfm3h5*7L6Q-3YUlENe1Vih$d`hGPWnI0IUs|DTt zv?o&Q{U_V1<{CIq*?Zvw&J3SU*rpd7T@FLJb#K(79~wF9zh^jh*4807_kI1xLwhg_ z9`Pp3xA!O+#@4CkSZ#c-a>sAwZk0LVD{Q~GIw6_btMdGshZQzKAUULO*n+3bwQyU^?Tl%+|yzjMR``uVB_lhL=YYDM1-vofuQSS#;`km_r zGr!{XA8I{<&Jmw}9d7-6MBr|Ej2Iq9rNPT+-5FR=t{n`l<=?{})ikTcv~w4yzvpSMik@;EUO76(hx`uk(x^^oJudl%E-PU#*t+I-M zs$|YIQ5WXstL)$;6?#)8VCr!G`-}csmp9Iez))LhmHb&j;!bjHx}gwM>+pS<#F6T4 za}V=Bk}=VI?75d5xjxWw<$_X708YdU-|tdI&%pxdMvVA?aSB^THd+V22m!y*v+4zY?kG4)Q2#cv5613ZI!Z= zi5SjyYM0dJ-j?$@;ogx4T!qP@#l*8%YW&DIXsk<{DT7O)$wtbb2anQm#8JUVIKjDh zdXp7*=;xK$Psjf-IR0Vgp+X6yZ+%P`{(QbpbRcW_0R2#hwf210>BJM;n%{lBuqhsU zP_)#qDUB=sKHW$^?S@rCN8^kPKSXZe)kO$`r={+Q8Dm3b1I`aH>n`xo;FhOw+?6hn z-wq4g_e~w0Z2rXaF*m_@AE<|ZRZ)9HR+Ma(+3hS|=5tQ!>sL-9XZu%aiqiy5WQN79 zettnmi*v@ezk*ZmHJ(^Yc2{3Vcq#PphG@(>gKaquF|&RjKRmvXbn5K+&6suN$C~)D z6hC4ubk1S(Y3gmS8-6B-UZI<4OT4O^*(G)NxKs?yCeLZ6J$z9+hDd8{d2K>T*l@t1 ze+jwQx_Q!Lq73EJ%G^!I{8{76`V*I8M!CYJU_%o<6{0Tru6ao zfLZARwb|ea-H(=f(Q4sMAm}j=rZ}8*y~*D4GiV{WSF( zG{RCjBWFVBc}?36Xp*mG$-BIr$5*hOXTst#3RovfHGT)})hg%ujE`R;l4sbN>*p}` z_my`g^eJe!7q*&@`NyZ&Q)@d{I13)m>hfJ1vK9)Q_S{b3nu$K$=Ud;!+iJSJ6vEaL zb#}in=Fp7l*`b^>oPk?;cUlG4XgqE41vcvX0log@7nYsk?w6NuXWZ!2pXK=JT!BkJCkk$+sx8VZ! znu2Un)qi9wZaW`)nIJ)`6^0iy#JbC1C@r!gtubb76devNi3FJjOOph?ul#Nb9ZDN> zWno&iV^NVqHd*R3sTdFZ?;=x6D;oc4{g z&H6)sUHz-X=SjJ|7`swDN$h@l@?XyIFjA0&ti1WVJ0yV}25-JM$-ay%CaM|@eV^6yb}|Sc!~cVqyO6Q{^nwcAuFq4kT{?%e`fQ4u{3{2bv{Ja6$yP{|2sy5 zVwQ0D$L1S1sYYzMG~`JEodj=)nv5a<8mIZXA2OBY0ibcsi<3~t4iLnG@>%^G9My3rQ}2vgXj6;DwJ?hbi#iP!Kry(pDXOf4+|yv^0{9 zIQ>`kL}1qeNMe=TA>qGc(H9MZgI9>fNc|AjL3cfQ~JDl zEP(ab`+4e5nerZA`rhO3(}lLUr_8lAigk_Nh|vD13M00RV|mV{6d+lHlN4vbqA~~L z5=xI2gE{IPOc}0U=60)Z1$(R$04@&q7Ic9A7<7IwnhRMKjwlU6u(_#8S`+4-@n?^~ zomc8~vp|;fGv{`+L48UWA}j_#*SpyiELSDa&HB{c-5T5j`(g@zu?C00=m$zDap<^h zLoVr5@00TXeeLV0zyC+Tdn93WJ_q(yY2G&g+HFC*Do;r^E7oI^S2h3E82D6FP#>5A zmZbvdX?VmnG`efSZ`J+%|LW=5t#}G@+>|$LSDvMH*M402Y);0B6m&r6( zOGtyQXz7r0-PW|pamiM0p;;wLE-4c!!Z2j`*RGLDa?_=BZufNRuK9~3Rz2bW8 zC8z^O)}pW?*Kxh3KzMO?Z^%GZJ|F5WHdIPXu*Vsbg-86=etI#yr9ruu0U0`f-=7w2 zP`^wlo6<2Nmn}j7y9qe>UMOffC5TtdKql9{JERjBmbxpW-w)!G)fm8cI$#tUhPDkC zzRkPPanrn>Gvcwf|F#>Zx(&z`3|0{ zZqR#Qvb_>@RhpF|@jf$%XgG~-G=f3I6hKs!69b|aJ|fz74 z`NA{EWP%InF45)F=1ab5LSj zx{P#jvh=3LSNFFviTg1jV(}?stXeK&81e)*EHZ<20Jp}CMN~Dl^R@4OR9Ao|bIy5Y zNkFxr<%Z@#Qan#A>y7W8&?b7C4!x}+adaz$ERA9q8j#WQW%uDKeSKjjT7V5>4+8D~ z(thm1Yv7u*)74ERfLIu_Ej@`xdH_~TkvPE>+gKseg`^n?Uk*zyewgPdDeSTGw_clq zidYf_TYC%a0M8X`pK@Vz#bN||CvsOzG3ws#prLQD>r&CJwl<47{Oa-0RjukHVFG?t zEtq~k-W20mbutk=L-fEw2{37;x=lQpq>7s-GwFmh3Ax%SFVKIx>-V4c_Z~%@T12H(Ar-^1rWx0h24RG zuk%>N1VUWeAqNqf8i5RR(cVLQWJ-#FiO7(IDPec&W32xLYdE#~k0|LzoE%0w<4eBH z>*r@qwN)+Wh#yxR4!>USLZ`GO%Q9bxo2>#k70Y}-6j{bD=j&0|QkmwOL=b|oAh(8W zO-sKmA+&oFxpHaMrsz7TetoTE?%=e5B;mCRuWsI#saWwddqf<35JW`wB)bF*lR(kHd zr{0cl*g^LN2;55T)RwVGffVR7uf#H>u}~i$70ATCZR|+#k$UG|=!z4jFU`rAHG!KU zGraC@f4k2+i^7tKICDe;8DR}X?zI_XByEr9`N6c$nTIulE;th&8>Xr(YkE}AG6)Z? zoH%*qn#B||OTCwK2;Ogv(vVHN`nbX+LU8TjWTmFxt3%_TeM1=ve6c~kzqFLW-B*8# zcaAFwfkFgwXZGW1RGpju9QRbniV`ViW z0?9ptTbPE)Ya@x>JMn=10T_{?+Z$YzOu)Ap#6SCd6sG^1fo!<_ zB2Y%N?(aan&;GDAkVB>QAu3kpzc`no)wZ4u-yp~a*kLP|vkwTi+^?>=rngg%ACD3x zic~IdFfnn@*SwRp2m{T|7;#ZQB#Gi6jmC}x19J$y&;TPCm6ON`vz_hF5=B^DZHT%K z9O@66i*ixgCY?-$mL`V}L&ZTPrcaA(z=ROO7Q-|c+sM)0r8bgQ39r~*htA345(yYnR5`czI#;WUf zbz5I5a~FFHQKnr#|ErraZ()Ct Ol5(_nwX52}O8Ou06wbc@ diff --git a/docs/extend/images/authz_allow.png b/docs/extend/images/authz_allow.png deleted file mode 100644 index f42108040bbbf9facb9fff0c320428323f061e10..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33505 zcmdSB1yEIg6hBBjN;;%dQfW}S1ZgBh8UaD1rBg{Mr4a;_loDxCN>UIMkWxZGLZm?& zY4%+8xBK7!?9S}Y&d%)4ym98ryZ65PjdRW?&V8hn=q!g+ci8JxciMc^7!KkZ>@vJuSY|M72eJ0*RBf^rxl2wv9?-oiI(lUN6 zFTW}e7?N}zG8p>)$&@ceomwRb_4h-s%3R0l@IfsB4KM!BhYN$k&kUDM4g>j2Tfh;H zC||MCpF=t1ZlOD;t;3&{XH}UwaPy)c z8F$#SHy>}Q*9Dx^o2<#69lQG;Z+3qFK~_~|J8;3M>4C4MCgG9zOY@PkTYBQ(s%(fI zd{4!$4aQdJC#H>uqm_$~U)H-unBT8V;e7}Hxr~4PB?0TMq(oj5kvgBv7d;u021+rs z>~>!YVoC%_c}jH)HAA%CJk(o_6v27QB#zNAf1z_slYPL`xp4U0`{6HzTHRxB9foKK z=|qwivI5PV%p3jmP7nG5JGzTZYVLJ3>{VKIPQ==Lex}Dze6uL=aYXm&+YvM2L8+tF zs^!|6gN^&Ye|^fn`Y=x=;le9-ojNz`nk5t~IjJ?3o zd3weAucUs$)B9aCYpBgreWGMPTv9aX`@GP!&MjX@w()N3Hl3Zv{`_<2uV1gVhG4OK zE`LpARVFIZEsX6+6ISNb={#}WxEtZ>MzTBPz}PQ-v^!!xH)LR*EFX66Vy4Aqs}2J9 z>VO)|qLe8DGO-6as|I>ZH39bS|!itj*|`F#IXAkVzVyWC6cZ?&Caw%Y;ATj zsSmx5OzTOK-oHM|o^BGi9-cRKuXCHbu|}X3VtVv)>6}}T5L?W@{#If z(FotI^;#RVUKO?NXEw`t=e1@}fA+iiY|Tqb{VC6~;fKfP^&WgFxE}MSp5Vdyw<=|Z z^`YVv*M=MUY8}<$Yp<=lC%SwN=2999+QjF&Q@n3A_zb8_y|z|Q7IB~NDbq+3qFL}< z8NQzHyE|kMBj)tw@p!!pg7rBp&2*6+%F(#dTz!igB{D^8XQvk30Ps<&+?rWfmv zT>t*A=CRgOp0pL18l{FB!i?dGGC#VJ?%z{^&gou9drk&1v{#~qJS9#DB|XLb58tdL zC^K$8tJcnuFN3AIlvidk&Yg;kS2-d68-EYK0Lh3TvBFCwkJ5rDLp_!T>&ncV%ZQTs zZjJ4?N_nlOiq~;d=S;oxE-$v}%j}4oJX&vFH?F!Hv(gbmcS-9+A%dxAXX(qkjyR_E z!@Y6mTY(4N=F#rYM4j&?$=VIFvC1gN(w7Au&oY&1$)0@GD>c5tI+<>EHp&v1r)=!u zDB?7hx3$Bew9uR3&TClFvSxLf5V$j-OsILqVff~pJoVkr&*sLO{NFjWN0Nr~*5@XX z;5d7=v{Q$?+sk~j_3KguQ-Hv#5(7!V!5kGU z(c0n87cIJ>i+Zn;B*Ir(&1?O3UvVowrnux3LBwFXSn=YanD5pdDha%gR1D}0lfDZK zxjhn|%e74qIff?d+k#_o+p@{>*Uwj!S#SKE>CpX@w+xo@yLjw_YNv618wXtJ zADDLK7Gvy!BQgZ|1^&^GUD^auTsyILU1xfCI%63+hz()=MPo8O*a#+#W8!wlRa$hN ze5sQg-LQdaM|Af#?Pc3|*Tu=k`+Oc!8<@DahpwK*&no+!ot{XH?ZU{@u^OhkPq(0Z z_8eRNhAl+5v>VPZIM}%vqa(i6&gn2*QkE5X`c3S3HcqzwZeQlw){ev?>8)?Ctz+Jt zitWE<9X)*J8*qBCp!AKHN#?T83#$}u+yb*E$KU6f95Z0$7L2YCO(b2^joy=cey1mO z!1L_XpGqRHKBFi1fwSk8!Z4pQlN!xi3M%jJ|Gq~hfiWM?Z!VK8Dy0w6Q<#X?=ym&0 z#chQVhw{b(DKsiRQx|rvOw)X)siwvRBD(rE{MHd))VNve8+FU_6N~ZA(!_~MY4qL! z$vfvdObHutiCyOv?J^|2MG~(+7a`1$vXV8Wd+RVF^19=NT;n;$np2i^ad#zn0Gqcl zZ&KZd(cNc#h=PbxJ9h}?kEP=d#-=K*B0Sb7Z!u_QO4apbN}H%X<*{Sq*DZ+lSRK`Q zb+hQg_CjAulmAf{)9D6|c))S3nmarqt5XG?YU#RFob+9aN4^f9$=yHWg}DrI3wpkn zAP$Y86FoQV>NxgBb?t03E|B8Qr_awt=iaS1J%Qj#Gh{#6P*=I;gz0`7Cv*5x;*IBu zzFmKIu!TQfQ{~gPp2gK~RUyO}^V`BUy^eRjy->tAg6$JcFMi|m_co%Q6V~aynr5HIj|<1)Ci`vSV_RZO*tFRQxMrAXbU@*JNX{{_qMePtrDJ z#Way@z&_~?K_){`9xh#g?Pqk$xa>eNe)A?r`i={neHO9r+~yuH+c60>z@{sABJ5+0sLQS*uS(xNu;6 z=9PivGHQTP(yL^m)>T2;MHOFq3_EJPqJo^^ozr;r#ch@!=ehO2>TMpz#Pqdf$j+jyrz9lD+@x}N`vdhSbjvXV*gS($mmt7n z?oKl_GOc>czettzzQ?LQadDbPGeg4q+HJ)*HZ5vPa+vK5vRi&^usS7uw?B)1*Hl)< zdrzDYp^VNwQAx|B5k<-SYLMe5XAOb0SE8}GyQJ@(HE+@MT{Vr2<>6B9G$HF7B3A5; zdr!X>8)z+$l$ZYybsS~(YftaDH8Wt$Oml8N(cfDeFZ?wsr!1lnPOvO+?JPgVjLh^4 z)II}+A7Ln>ogA4Nls3m!^48ibYiq^k@Dw_`wlTGWY*b!0CJz3a<32x^sY#UBiyH5v z4^@+^)n_Z_XRq#2ZE0M-^O5Arix0flsJ~4sYn@SF;8kkOS4+N8xc058liL6JwqR5S zW5)A1ocat-Eyj!bC8_k%em7&L1?mTWX?lniXlB^o!E)UoxGO0Y=lg4Rn5%Y;bi;yF zm^;G@M#XLGr|R3IF7EP=6}Q`VSUer*yn19O=eICt;=dl!cA)A=9UDVF$q0Iec>jb{ zq+fHh_t_Qo^AY3IYAJlYB=@COW>(6ZMara|FD%>5<|srY6*K8x?UVkU-mp7tviy*U zu>duFrDZLDQTx3@yr{F;?oDM=a-WXSUn+b?udiMIp6%pXoLT4ieY4*>m*A&Sjy%?G ze1S!lRzi}Op!xkVM&~Km0L}*jy-g5E_nhAOJT~%8cVa zEyPu_oM>uf2&i@Xf3JU-C+TKOCor-}tutG%!ZlIv zsqSkLPt+HmDrEgQiAzVGh)KrLV^SbFZ=5>!h*$#nHh9644EIOCy zD+!cKh)mT)TlvjNG=SE6z~8 zd6tLytLtMjcgjdZr9IO~Fj4CpgNn7pR0k$6_5yzo|9z)GjPzV@Ih*SSt*eg#BQ(aw z{*KXkY{nL$*Y1+ih8cvVp2~DROQzAnj5wE){&)2v4)>rS?fXSs_irwB&y+bg&+U?< z8;I#QS%pa|X&TaFQE_GJhYJaq$C3uHVJIcKeE(r|U=c#K*OCb}0NuR@CAcG63>pLx zwqHd@{jj{?rjOFinuWz6-GN+ubRqO6?xMbOYl zI&#%gzII%3JSlZ=U}0L_}3y`&iFiyC%708ZdKcj z24t-P_X)YrYwYqJESf0blPRFBhjku}E0Fp~hlW@>E|7Mu2FH{*s+^lyQ88K>qC94PBvBWm+m+x+UExs zNYH^wOnQ4Z02fzoagDYsnY*wI-;8e0@oGvpJ493bw9N)a`EVf);d8sY)K5qhL)~{O z$F@pD|6q7I4H&h~Yr<8Df2XZdEl8fJn77aG$sd5gP^=eSbGMmty`@$hu1fFg-g!s~hjUoFIQbmU^(?UwWHX^d8TrMD`~D?OyIfx%}$H zeWAB5AHTB~0?wV;j+mK`&wNi)S~h0d^zOfi+2!=z`kBb0fPGQtMd&f0fh8=yuPD7?G6Eh8&-H6VG!IryE(U%CR4zmYV3DA;Lq+x7=Vo zB$nBiJB51mV{V+xtI(59robeK)5aTd!BGv6>0Ud26I%LG7}r;SJyXi4H&dFs&V6Ao zje`QGzv}l6U+4w%`I(HCsnb2tIq6^=>+Si^Ti?B>J`EKc=oM}NoJ@g<=>mMynAKyb zOeTjzY&lwPF1y<-27s1rM3~}igema2(zW!5-<80zH+H$#nr;@|7|c~B7QO#@M6CA! z2!*5?``zWCLvk&rv!q8L+O}18J3ki-MG@%PTGiNZ(=mwZo@9pFMVcmpW@O@ zm8QdG?zs+xDConN0XUNgB}4H2l-6&k>7hqaQBO`!j=D=tYQ7TZR5|pFrQ!9Y3Mv3Z zF9>D)avzXS-4^QE7ehNbhOfU@!vh&d&ir)}MRxEBBm zOfM5QP$DoParT$c%k)jjH@I>d3bO)?`ycHR0JCT-hw=MxdHVf+?c_1Pszd!Y%4mbGN+^T)5@xJ#^lOgAgs=L>X zV6TR>_hrfQBc5a1romcZ zlJe31w)^vm*7BVn2lu;H2IQ=Y3A=F{DR1=LKf*VBfHlyYCEMJ5r$g{qSmEWs)t0!W z;_{|fdxABm?c`dxr|6&2-J4b7)}d}ZS3oX6HBn+D{0*oEHDJgLfH9033y*Kniy*>K z@W7ppIOlXQ?%Yh{6pE#nx*SZkSX7vKV~t3sV8bNZjb|;)7Tp!uT{gP z;nL?VjgKAj?tQO!JKlG_f)(aK$Y)r>&|<3*fv|?jm-Ox&?{D6CW2>|Dt*S7I@0Kx# zW;$2kej5`?_WeA`$18T4O!(u}pIJQ?`>*;dTqB*f*L1}Fc}B}n4`uy1N_5K;k}}T7 zpUtPc{8=9?{m^yQUEbvi7vkW_Xl=Mnw*+Hes+J4JFpI^e3R}S+SqJEvv_P@j@rH_$ z)bEthuRCodSM(BPoIATvq=hy^eLM^}!N4sbLkTZ^K_-2~e54Vw8*V&tlfhQ~GF=Bl&HIsho`9;QWU#;|J zNM=Ud!n-vKEC1$*8?4A%6*R3?nwdxSB+j0WL$8uw;~XppNeq?UGWj42b*jYJ+`;`< z;;CnW@uTC;c?qgyBJW*K*jnkwGwstzrIl1&%6~jf)W#}t{E*bb8YgwZW&IhZk`eVL z5L0q7lb<`MuL$7OE|5$Q+Ej3$H-;P>?yhvnX?(WuFnDXPC;CvZUO8xmo~3dGS7~!z zyV6qeZIn;#LrcK+yU}6s zL0U?9;}x?-qZ05$H}5YGoSyaKey7xLYi+L?Y#k88!KywCgGF%2QsH6i{-T z*!U_Q0816}1gAF~6>6eSCF2E%IRq9z0lPhItW-#%tEEaki0Bn2_LpArDf!fLi0cKGa@n&@aZYG!W=499G?qbYi&siSU9mD?Dz#Vx`HOS_4 z%C;#p`LiKBW5dy}cLAT4%{crHVWICle~PoFjwV|`jc&CoX*x$;Iqmn}_M|-Uq}Xlg zDZjbdcg5fjN`|3%3VG$Eqmk2f^=9L_k{KH=g6*6^MIt^+0*CD(N_|1W7?g6BW7zn; zBs(`B@BLVGmy*<#kfE5Wtzp971sXD&awq(PR-iA+SowQvyTvCHIpxddO%EoC1baJB z@LN+?XvJKz5f-adBdohic)FAHch`>>9sc=vShe2--pk`)@cH!>F5P}BrG%T>_n}m~ z6?GDKzDHbxju9i(r2Wk~ec{}gnZxjpRt(stb@OQJL?Mj9VcWEVDaAG1H(zF#nMaG= zez@QndcTx(qn|5$AN6LOv6(!zZI58%=d@<{!S+ITs-V@)1+6$47Ry?8O&sSq%{@or z43Si4sXFrQrBrj}LLsug9Y|c%*K%TEea9KFdnCSz;GVpyH2N&ansT<)Gmdlew&wZY z54;GtC%Ls^<1lKl@unK@6B*v z>wG)yB*9;FHsTYq05SdLFjni)^hz3YI19@dJetdAt1e74VjiNe=qt$rLm#F!FrLy3 zVDe{1M~M6EjLkf4Q()hSi?T7aYNa=I_EG!Fne~9o#UXovn2J`v2_bV&g6Aq{DA#hGQFQ3cqgGs0lqk#UzE0=&^SHJ51l(HR zOV(~whS0b_p`L5?d=&95l}U=M3^ok=jJ2HdUb2Ci4)J>HV}H{rA2Z2-$R}?6wdFz? zBym_yw)cI`j!*jJZ8u5iT-w{5TsTohCj~S;EEPXgdxwbXz%f5SNT#hN%dBeQCsmb+w_$8FC zvZ;Bh1P10Y|BUx}{;#bf@&e7}Ij^%0LQ~{~q|liK73HSMeC;hCM-{oR_IQ1aXIU=8 zZ3vEU4M53%56J253%FKlBlt_ZbtfXTpr7(b8K;lu<-LYtU5WLGoXk1iB}+w&N9bRDTo z5ZMMk-g|`}Hfgq|=%5PnH?u0L0((&_@bJkY+eOw)M>?Q)YOd=JX#e9Ha5K@uWPI*Q z{YPy$Dg?tPdFb9M+=)2xvr>yTpYQ+5B#Xv!DZYef+X)j1R+qUV!t2?0<=n;AuSV#fLT>!vFCk zB5-cC-6dMJf4Y1td3HZeU$o6%4L?4}372gtU&PhbwYrFlFoqtzfuVcOO|eYwDTNS* zLIhE=_L=#%AFk1MyQ$JlEu$6Di%2$i_AM$JLW>k2kCXtx#a_NQG0MlG4orlTRq?m} zwegzng6q$FbYjP5_)&SWFXA{%^PmV7RTH zg@peb61hbfLWRC0@qfb~WR0u6$oqxja_B!U3Vwk+lV3qk!oOo4WWLi1vRVF{Z$FsN zeqrm_|K^JZ=BxWM7U8DiG-#A=Gw-p?BWSe#{JiN1SPR7I+Du)~t`zf_)(V(a`xKi^ zHTmm3DAq4!1J2$|7D|wW&{)-mO|WjEAMb;aX?{tsMuz8HaQEAVPq&x#OawU<25q*scI(^@%wuvnwHPk zyMYMp(Eqzc^jTrF45NO2Oi(yS$@5YM)asEcxysRCE?9Y!m1?sPxBu9kd>{RyX*$RJ=;V=w~n zgQXz_7Kqx>-kSCP#!SeA=@>b2i58P!D_pK|lT05yPP6;zpyGW3j`eG~x%u9&@5Q}# z-|OF+Hu&gBc&)ya5SK6y_{&kDfahbPE{xA#{#x|Jt+cJNOcp>op3&)~P{>9sov3Cq zPVgS3fPHV$#V3di!Q2b5`^F@yC&sFNrt$ZrZrK@PfT-$|;l{)!0KikG0!YIe$dk#} z9#QYWqR}Tc;3~(sh?_3yt%=BWCx^Sb3;f1!R34oHe) zDf#A0?W=x!s}}(cCIQEz0*DjqfYsu%d9gmPxe@Iq2)x^AoU4-HJJ_P7m+(*l%)~)* zW*bVxAc6ZqhW4is2VT5fEp8rxK}XMsWbpC9wmJaz38K3n<6E6%DI~2rWA*r4Y6laV zWrIiN&I7;U#3&nJ+M6!UYAE%x4H)7ie5QLl7+B{PZFj*~;9BFqO*FBEd%9JEm@k0a z@MW0v|9#7P1=MUVL>IL=pRfjiNgdc4MQ@D@H@NUwAQA-&kWEL*M7!jsU73HUp2WpM zG9!15vHFE>5E=`=Np*>7quSDFdf?f3slCerE1TA7R`(K!%^j|d@xA7m zh7WK}K;6nN!2I#!2iQpXI(R+D_*lOPI6HoOt@ub16`3MeYsD&(ta=sBoWUHG3>2()v#Un<9W=R&y`o6|)3Y>ZMdL&KSpw0!@o(_7d~_ zeUN;M75yWKnVy1wpm+(hcDphr2sh4j$Su zWUlpCx`E{Jo2ABjh(-r{;%4!dV4#fmFVnXwMBAreE783YDi(OSR2X81S#oGzX&GkB z8~5;Zs~tm;XIX(}kt>^?=Y5-qJVeQ#;H`N=%BuA8MCCYVR5?Vb8`4@ND);1U^CtTt{3+)2o)1YD_hsmm*F_>#8%qpf)a9ROVz>Exf(6F#I-its%2y zghTU9B^`#XE>h#|t2-t-$z%|Jr4koo!86J@cL`naWvG|idB}pUG##g|f!fyEa zGl?GtkP>7({q92Mk+ASrhE7g2%WM|QiIC_@;)Ef{x&y9}n{nQ``LDlee(ZW;P! zT~Iv7{Y>RKlDk?sAu4NKmXgDG!8m3G8j8lB|Gfvn-pfI7j7|_^K0(TCtL=~d%!>_z zmR0eNd}PQ-;PFD`s;G}hvOkU&mfBu~t??dC#}l@EOwHONen9QuqMw4I z*94_t1N-i72y6cmBY=KS>;)gGr-=Y2+*5xpWV2OCkvA#a{F9}RXL13mzqmF5Ioeejwbzv!a zORP*Y^HI2jBvl-V+}9$ZijdD{y#+AoV6(&7k||=Pp4=hP;y^AC1$ux<9*evk_B~Q=FlRMv_e#D7 zQ<}K@e00JI1o^MHhd^>DnF2kIgzi5YI(W_yD?@=snk9XfnClA)UgMiWcYC;Qz4J;2 zXIPOH4iSAk1S+*^$8UMS$O?h4sLO#U$N*73S6I!w54+S1Ola{jkoG(;mF0c!jaOf{A1MQy$DITaNxFbn z{4nSCNLDgNzV0fLU`3!9sPV=06ApYIiidE)zCRO`5#ji$mdruB$!j0iMG9b8)xi*u z+kh_7nkjw%4v;}x0AJMsyz+r2kPIx7dahDTo>`-xy(ZIznXc_6^LxU*i!o1`v7U9dTl1FppX3(w9qN#^$q>dp1vFv?i9Dq_F;vd+ zYE|FYk0Y#hE$<#;6Ou*0fRs?I)B%3NsLh?)nyCO2u!*rlV2_6F{DBz{}?6T?*{=(?Y6CrE0i-r~1*|~45yD4)g zCy@O|h;h*>_gST`dh~pyPnpZid!_st#?Hlkq>v`HnGB*EHxJrhjt6m}F7T|09@5Zt zycWgsze&h^U18c2{Dfg3)@ZN$oj@#2Cu7@gg<_)U)@Ytjf=qhA*~JdjdA^&Il}DVGscHJNl<<5KRg`pJtkbrrQ`?!w|gZurWiIb%~-%S-a&jnC+e7}4@N{5~8a&XXnA{6N%0lmgbGa;brtR?`OY z7R~Ltc`MBcB~Efe4&fk8kBNhr8H_0*850G26+& zRQq)k6C#EZVn;N-De8adG1r?V?q2XrVZ^f|l7Y|5gZ4OV{`2!AzCwDnI<^1l-h}OoKVSC~A=lXSff{!~TLXcYh`#bNG`ELc+ z>GYU)gHD9d07WLHb0N%`k*OJgd% zHDn;x(M;jXcmUbWK9o2`YNF22x?BM=*;iX@xBuWaEIJpN;5%iZ9O4Wu7JxVH&(~(m>oEj< zPtbGedK-G>TSS$-3@W82u zHc?Ir!!SEyXrBNANiPHv?*O{0a8iyS#W>`D*euRN$S;0_T6006M?Qe`$e=@|9|Eb1 z2C_`At@7}D3>5R04>cj?pUV6ZTvo00s)?hzT+}g0Mvgi-J$+W0nZa6$y|(jg*_GKu%Ccw94X#Z9(Bi0B#JU;TKsF%Db0np~c00 zSoV|TZFuy0ZtwQkK7uTQ`W8dHzZbE@yku8dfe^2s7T(Gy|w;FUialCeF^!i^` zC9Ou^^T=Bq0#hKyf+nctcee+|Aqe$e1J1tN(leQcn#L|1m8^0y;wE#Ug<9Z?ankN1 zYV^nc?b=n$P+_t`uHr;z)M7_}EM1NyuVO&9CXHdXS#x;WtGrX!V0&9WgPdCMJS&;_ zJe>GaMTiMb)Q0axJmcDqGQu!kwW37h)`Y24g>hCF!H;>(jUIUd$!gVJW(`uJ3p3mq zlP+2BF&}!Q^xt_5gHgN0dsPytM-cQ*0CRUcsEg-6JbDR^_3iM+{^TE6C%2&zAjZ6T z_pgdBhoO()Q8o2`BKXb72Nx5n3F>Si^?%0|=ir`t#vxuXjmSri8t`WuS~4ZS)}kG!3I1kAZPs)4rW+fW;+P$TxR5b zglx*#rnTX@BSd(Lt(`Ey1elCa_`LFDSUq-YNE-13)%zi|qta}TE zVCc60`jQ0-ia3L6h6|Ywwp7102R1WkKJ z9gKzhEg^?!*pqjAS!8%R|_l@Cr7_i9vp0`Ld!rNuuZQab$e>A442M< z);b6U+R&$ggTuo;n}^MA$KMuW;>x!G*Z()cv8k;6;0>8Gj<|m-5UL$=eIk-c7~7&P z=Ke_xrO$|z3i{=__BycSbUhEMbJY-S_&s^QYd7$4$IchzR_m4^bcns@m&V=}^MDuG z}*0iT@*tzpJo`VH01tbStO5$b2YdQBmg02w+O$lRvDt@yG zr>O=^Z}E_3sgCze= zM_!>MU?U-fVX@V=Nn<0qijlg`r}N^PHv9hySI5=7ai!V=AaQM)?z$|ba2seQa-PLi zZ2(rae}?9}6y^a~&Qf8t9=ro}o-0quPQU@eWe^BPprMAq?DLy{SBUra{B^yCdGbi! zmpC6}NN#A5^I>>=kBH*gW=F>%u?5?%afU3EC&9J~9|dh>?Z0wekqv|z^U7fplt?^g z4Teyy723!2VilY#(8?;K{P{UuTo#vXLL0|Zy202eh61XP1BI4)IIbm;hGt^~io zu$J6Nx(n}@aEpLfq=7Dp|5NnRBqh}yHBC=|UCntT8MMM#Tc z?gbM;k;NEV@u@+HVUB+HY<9C$r5tJ0p*FU}IWC;2jf$B5QWH_%wYMX8pcJrY>Z5P@ zA?4hfMR?k^X_Hmsh7prHilg>;N&Y%>n!1*8n1l`foGAE95o0a^qtvLp{s4s}+4S3= z%|jLcQ0~4~#!l|kgYB5ri8@`gz?0oP8_IC{hPwTkjDGjMhRpY98ActfEu{WZY|#*1 zEAY`v$Pw$qnq}GRC#?5PuB5O==l4s#pfSQDi@c8Evrk+=u}b-7bk+z9mccz(1}@}x zPh(jHpjV(~p|ef8yDyO1BJ`w#&N;p_upBRtO17PGgbWie^f{VyIlk!a`E@Z2{^nz$ zk^5q0dTqKa&h9()Y&}B}%Lix@S^-ajL^0?G{&TwFvZ6OKmxF2JHcyz*la@e;iV%fN75i$znEaVs$zJcDnZb%vPyiRU616bBVK)*X0A z3Pg*HKr#<=5sGU|mHp%P6Nvs<6n;`ENH!p2mP^n=BO#8+fJC?&X@sN`9`gRUcQMx3 zCHFl5VB~gZ<-?7{Qqjz6x`%d&?pZv)8AIGtsj4ub0SW1d6gT4I(S6*w6I}7O9}uCt z%Wl1618d0B5)$Q|r;e1gib#%W!kf;|JvMxZK3TH?T>&(Dr4nnhv9$xWd>9EPk5$e)E*p)0&2r@57@=53QDeeO?!B0Z@7fV|NVx(r( zyc*SATnqHC{O2&FWVX<&EbKR#{*jG`j0qHI%od833u~Uewbh3Be^O~M7YWj#<2coH z3;3f6HGXhz@qowobR$CcBNza_$13_o$TQjf;EDT_IU(#L^o>vTRY0mghLGl`tzi@A z4^eR*s4$tqb|c2W`PT~fjs1|?#^(7F=AHE1-$N47f1iLE_As~*vq_Dx{-yE_MJVc{ z2xk8)4Tyv3MDKlsBzv4!(ZO=A@yb}R{-4=b!OerBoR_E#L-4_WmYoK^6qYwANUon= zmcJy z4nh|?cPcyrTZcA77<3k?R$6{QW#BTzn}fnQRBHV%r4}prRG9()&kllYBA7;s%$u85 zzrPc0wURJDS^KPSZv7)2Y+U$eG|#2)dm(N$1RRGGGnFk9tYcFz_Sd>vc@i8oZS5Gu zA(kj06!YQU2#cLj%HDkOe_LodENHGUhUqQ&#H80+R4Cs2?=0#BA0ZiZYr?(n6Zl~6 zoE{$tc`RzPn<1V6j_c33THC>CSCtQG|Bs;zaL|x1*uZqRzv5HzB|*m3x=t$RLd9d4 zjoJa=3kdrB(nxvMrSU02=PM%P=Ul@}C%dGebqVQs6S8PQ3oZq6Lr=t~`wM-_s2>lI z!Jd}DAh7Z`?j(wN{j&22L@K;_Vsdd`59LSMs34L&- zBNiczbTOS${1)A{sH(I%2Dvo;?D+Rtn>fU;8IND(r{eDPwJKRP?;V z(5txw-Q(}=!>j?C!!bGiCN)mBG{}--dyHnf?vlI?M8@ZCtDA&WRpN;IZB5<-8WQYf z^7gdS#aP6MbGNcJwg_oGt-H4f=*~$XP zVOPhLpu70IlT&fC(2Np45IqN%k-oq2CSRO;zNkQ7jt+fy8vSqcPc}>bt7+x0p+OtX zaD8)-xI^gsF#PU%&y|V9_xW)Hvey{jI}uS=${sG}s@(+cW2JhT-tq`)fw#CMbIzj` zR{>b&Uuy=a*|i23yP10&1g#9onmR5klksybzxC$9?D(T@d8U`&pe!9BoCVjwfcKRG zTWA=6>3HrDR!q|}y2;yH;W?Dwrz0m{5Gqvtsq)EC;Cf;Oa#%lVi#c=y0|Cj*J*ni) z(6<%MBy09-s=1tU{&tzP|KZMHgRlD>FE!B6(^8R_=KGYP9rL-UvwqY}JpZ8OCX?yj z=$H_GItZX~k z(I=wt>X~c)Hfphw{{IQF#>x9F>4wc1hJg^?$4M)?S9F|k zhI6oW7a7JXN+qiS#;-xC}ooJ8~Jcp8R_oHWF(nE4W0_qW&d{U>9I&BcAYW z|6yHWGPwYgD%YVKO8v<&Xn3JdAYZ3@r2X}2LmiL?$6bUiKmKJB=5%|2(%Gh7LSwoEv6^&%exs3-r3b*piU*zhlV0kaOvRKKzx{ z;^oAkHfU2#@%`^O38@t((0DRYt8&@UJQ`w<`)jna?ehfKfM4zd0*mw==Oy)qX?cOT z$n}nS(orQ^)Bh6@UD?$723WV27{JhkILNo9@DNY(V=8{W^@inN4e7IR#I4 z9?-#v_x+;L>%3?NN&OAJT`+=lL8uuLAMFFl1)}B1$6Vm;5WBrq79EVYDhQZbw6dAk zF*b1>Cu#-F(lb~A1~Nm!7?uZsbYc?Y3j7Wdi628m2h zzs&R^xOd}0?mFns?1bS8LC6FQ$|s3IvKS=3g)!FzpEdh#7nGd1Y5wO0px`q#ber$F z2uWU_bq7e?BLx;uy-&!Pk)57=u=e1^s$U(S^9f+kA{=etkg$eo(krgDRdG z5$zv6AvhH~wC!@BFbYCNsfjlYw#$`^qmA{ z?q6Wcvax#qp$zk0f&v$mlw=MJ#G8|^t)nJAj}RjC7;N)Orq3?hwX1$%RQgbR6@!ww zg|rciHke~HF6fKmWB{*x6ztmv&;fIFq0NVE<0=|=XJvgRt2R>*HEdXmivS8uUWwaA zGvKm$IM6HyExZ?wmy<^U6_C%!o31Uv$Qhi6JYN`NUyLdSShf?PVme|NSn*v+MYXHp zXdvvT8!V=vFTyN%Y~g6Pem~0Ta0fa}KV!BPA>88Zh)N*X1W5y~SR2rMGiZqdCQrGt z#_)MRJ;a1{h$oYE0#8w7Y;u)aB&5h%Hw=PZixDG7zN#K%={!}PJI6-CjRe%e!4jKM zT40H-Q7KateBM z^P;SMk$5=`v2T)-mXSHQoiu1v7|#EHMtLFE1gci>;tr7idgY`aim&PBsjvV;{{&g6 z(C%iD?3KfC#*S2>G%^or4H#LKqT@@9s?SnL-vLexzSs$-GuRpgE zSac4MAd+C&cR@{o`e6>1b?D#qDKW#ZE*2fD0Q1;?1@_wNpGRgR!NU;b-Vt~E86Sd$ z--Q@@5f>Q}0MDJj#Kz>mlhEpqL3~xP|B{xHsLp4C3`gjJt607 zko^V&G6#x7J?*_I*e5AS9|7{d39wJNNQN_*dzKkizR<{!(96fMc|$CLFY&d+NcV1U zdXe|RpJY_c89%sp1y=`a`n@xFI>;W}!Mhq#0hm}G2^4RMSu$h;n-G8nKZOmtWNvf@ z9&al9&ZpV10lL^4wTc5@h`~?j0}1JEfi~f!c(7jFf;__suhOWJg2HgCQ1(Q%?pXq{ z1Qi5igC)VRpx^1aEF>3kZJ`DJyM4?SY}OYjXP^RKLlZgDD!puI zk+)JFE$5^d99$3QnqmrsGAIuW{W%R5V`@tn^~ zJg#kK%236I&^3BNE=TmOH*k(gsVtZNDRW5Mk!f?lEj&J@S$OY3GQ3_y6^ObyxVgTK zRo*06?9)JerLAM#f)AJ8S;&?2-sF{;4ob|+`%Dc#5LWQu&r#V!!;BDe~7>jS%CV8^sHR$ylQpr)kEK3G-f#I3pAit z7Z$MeYywYu<6UqPX=JIyy4>KQRpIugKEKBcfecHc%m+Q451fvQg$pcOTtQZ{zjL-+ zTz*LlUkc&4Q(%!Db`3}3j00ytcjWc07PvS-<(%MYy9L7YBPnq5dkJQEL5<25EZ5UJ za9`+Q5Fe0rbq%hLP(*Bfv&s4dJ0^L|Gu#{Xh1J}D zH<@%9uY-p!gINtIB1`>6!39Fs z_C*@}8qlvfscBZij7VI1oGdG8l{QoPJ9tfDH=Xa+h5eL&m2=@J%#1AhC?~MUFUQ~CgolF`neL8y3jZ^(1R~Q&H zJ>uHw0V6ySwwnu3<-EK|$@8@Rg=~q<{_%F-kd#P)WICgE;8&Uv2GCZ5w(;6a`mOF! z7Oz&yGh86niFj#ok8uWk3`r1RU(FgyMOdX`c4A1Dyzj(y0dJK3kjP*wgM`a;OLiGG zBy;{~y-64ASsbVrCYQ-IlngWC9w2x~f+KZ2T=WHK$6b;nkA*@ik?}kT!fCkR!f(ZZ z*+90~j-n&`@pzZG#(7Gg)%R!2`Qyc&;J^}8$y>t;i>oC!Q+C;cQ#s;$!py}YBEUBB zGI6y<*#AMh?a?sKB>GO?RAHjM^0`kq0(>H9^X)b z9QKOJv@EFB3(0aAEX>)8GJ-Xj;n_ZS|L9FJaDD$5GoUI(2O0fb+ajUmX&06)6|8tB zbRI^S0sg!;YX9b&5NefcD=5O7bh;7ae8vLpTsOu10kruHli zsaisyYN4P=Q|=*E$&k46L1x}K<2(oYeZ*5!_1*R@78E$V{kWGwrewYfzX?Suh>o|< zAy@hPbGR~0O377F-D145&x^qS)ws?Mc#uV+!}q9d@8}C2qk1fvP6rJ!5PXM1Fsc}L z0ULTV>dk14{ZN;)1S1=Q=~a+tNEGRIllser(wl4PBXCIus;oUbZex3L43hiEz?1#I zDiZ#ynEr~}a5Ll+EC2;(1p1{al+M>Y> z9?jRFLAoc6K?_eM!g)E(#(0CEw0(%A9X1d8G$2HW*N)-+KdRu^yaST-X4hR5(ATSQ z-%d@Fssc(5clT?rSuupG%d-uj-f`zRk5`wbOW)V$oB=Q`7Y#*sr{Tk@ z`eC+sc%>9#S~-N*%IFN{samZre12{KXFFJH8oa)vN&`K+zy>N4(Tin2p`L=b1|@*u zQw`if?C_o?q1*3K$z`|O!V}@WTgY2{kg_b_yUuj5IWQ1$Yap&7cs~a}APYSxGbA}c z*NPXNdY}tgn>9{)FO`5=K+c8e{r>=SgRdimYo`li0|R2c2L44g7y~O0df(jEC#5|n z417P5?{3~Lywu;v^pz%)Twnk_GZ_jY&Uy`Jde6yY4s>o36+0|eTTDE$47ozhjGqS! zS>DAQs8V>d);-spiQrU_0X6G(AgirkS%H7mp~C$MRu(r9ri#oO>vxui)b&dYS!7T5 zbEUR>gw-ZM!o7%3$)k;d@A?Zk(Zdoj@y^{}8Rlir1WM~ER5dE4#&45cMC}HzAr%`^ z#Fm&hn`KNv>!d2Y?^jg=RAXz>ku#tIg z>L~|WKLxh(TbVeA)@k$R7ci%UmGcsX%6tiZ(sEYz(dFs;236(`JPVMMDh?hVY->jV zM}Q}Vv2PK}I0tW9(VITMab7?#DB%Q%6tBl{S_$!6gEG=i6zz2!p}Swd^=;Gz@x&qUQc2R&y! zg&7ik?GGNN{4dpgbx>9NyEot_50XlVgtQ0>qJVTtsDN}y3W79%g0}m%;Xd40h(E4rL?|o01jPQJ z9HBRTe7Bo#q1o+6|LJeBPyb-4NOlaVU~$0E({7obO4A)<`oc-~UKfm_Ec60}z7q|E zEF@Nc;NeA9R@r z??quvcY{KgTmzft8jEpcC14E!a$dqnYt10)mPWOCY7~;;2!__k8W5*RE!=CGGzOq7 zukc>$mC2(p5{&-V-F5bnCuL=*f&>HTn~OSwFta^A9BIOkgTC8^qYY-!WB zhIssd>D;?leSu-gXfX7|y&7Dhh(mq~=sH>65;BTHaqMu>B4J+`&~Hl(!JPUq8pKRW zyc>~Q_7xxbY9g--84Q0OzOFJ{ zQ)PD-^bnjeIu4704pR68%C{rhNFPi#-A8`Enc0nW;V%3C%MHj=?xo^gr?< z(24M>vo?-k0+Y!(qT91Ma+wY9Oc6DRvS@7pZ!6>!RLm+5Jm|3+UB~2;7={-MJ%k~5 ze@EnT?Sq_8>`P9A^GyAb01=8(x~HGi`;$4@i9vzQo|O2I6_ATUSWDc>&+BFXIynf7 zwrLv)k+)5mp!F4;NDjYXjLDC>=XKn_bY?#Qa>!n*xiQY(zDqA}3{rRsYU-H^54LRS zgt%a^T3p65jlw4w*Tqym!ZB;o2nAJ?il|5`Z6;A-M}RBE<~i(=53A;amE6ogt1+JL5%45iJoOCL8haJFyvZ2o}3h3rr2M96K!yBw0LD?W9 zC4WU7B%V>BOM|{J;9(;?weVqXEMC9@WCLAPY+M%*5+*h?yWsMwTko*mCR5Z}GBA@C zH4{jv`Tza;2#=U1thHsd0y4CD*IXV8)ou`|vy!3zB46yH3%K-e-B3vGrEP_X`O|Ba zQ>cYRe@TR4zE}+JN_W&{{rxUU8}dyE&A16GP%O9Z`EnHywS9vx7qH}j3m4+Ud85N~ zfotKf7{^X%SG2lL$iewPMUoHC<2@1|D8Fq_MkmF5l?iE#UcBvt-~zYFVPG>^YzQBe z{98?wWC#JWEJC1Ko;Xa_+JC()HX%yJ0(W6}E?2ki(L!fR;3o-M=PdX&f2jZaiq7;O zl=H#Yw#ofq%`U##!mJCj@Lb5qbnXVGD4u zA5RTQ-xr(*L6Hgq=oZN#o6tU>`A+rr*W_2Br&mG80!nKPDfB}d7-@q~bZ>oO~?0666%~7@3SLX=CmL6V5*#s<%58O*QkA0vcLNJWe z){42m16Uq3;Ir8PZHNcSq{2XfQ32*T)QebgZx3Xh0Sk|8=mg-_NZs6 z2W5$cytEGhMsaqDu7*==K;YhU>T=0>rg&s`d5XAOaksS>3 zfRBTNmF^`7A%`U<`ySo8j9BGI#*_po`g!wxLLrNwyAwU~gf`|IP&o zpkIrm0`cBJ2Ff__d2wfet;>gbt^yX>S&!v0|Cr8EK9(L|K~dXlHi-xO8#S6KD7)_1 zPl)Au2c6sGingyeL$wQ9BR>0P*Ka!N;ClM+3&?IP?q5<=Q z`BgK%4JpaE=zN>oza^BHy$a=_bg#?wzg|I-P%XK)`*HM%mi;q@7-O zN0Y4&VpUH`hw`Y;JZN-AqkIbGOZ{1h-Pn9lBi{A3yvAd*q)*>)JaRHbeCS@H1X}ZS z60j~WIuzCXY@)lJEo!g~Sg00bc$VW!;J8+N4>o*bA;j(vm8ywiMtAp?d>^Bv8(_P6 zpy7)K<)IREXj9;biiQq>h$`p!IYR?LJ6Mr-4xY*_(MM$L6(f}D>?0(>ej-@BJpPRV zWP2!Uw{hpWgu!yPwDkJ2`LlxE_q0!mDYwVDYl+;=MhMPu0L*2B>uebq0gnZ!GIhJx zfJP-7rP&-Lv9cZ)xI`eT^)<7^q>-%iZuZkL}jWucKdh0|hlxWp>dhQah} z->8*-?XW(aVu2)un1s|t=n-x{ra*R}-$UITj7Rzf*DT5Z6pecz5f;D6nfUj$P86VY z9=6gC{(LUeO>`WYmhivF@qpI@)|7g(e|X1Jz{Zi%Dp~w}J-|}CGyCcjd+Bd+#4ZJz z{ym@IE7pSU*FLAt7M(_+5Vk1e(>iy|`@wurKi@d_5)SVdNI3S&8WdW@kj{xO^S}yW z@#r41fFlZ6^Cn&SbHqBB5C6aT|4f$&5#9>?COaVS4lJ;GkstS+>7?hgf5$dK0>i2X z;#|X?2F3ZU6Ao2->!W4O{d@Lf7+CoR1QVzLaIAm}_HKL(-tEVMOiGH-L3~Sb9f<)= z07!doiN?7NgVpn2bq#bq@!%v1Yx@@a-(pgSsyqe%HbgH&}2pkwa}SrgwwGaV}p=VKaJcnV2?oP#?-c#Ie{uWE&vm9}2bB~=IqZABq5m<^D1yW#9_#1XuT@z62uT%bME zN2|be3dhX{i;DI9|5ZDPJi;Ow=O%F=krPXnKH5*?YJH5 z7XeFx?U37r;S(6nUjvr-dVuoA36|SFtTz@_Q--PmZ^mOh^R>7Ree}l|7D6~R>3kwMwI`tZQ-~s zkgS?OAkm!L0Q375WNjDKx;4pTIU@dF7~7F_7yb#3PrJJDO4{#;}kdGab4IY8~l)&Z$ zL}GmuoNIG+i~<21=dXG3He{J^?MqI9xa@U3mCJ{^ ztq=#U>ApkiJzU};R9B8U>V;VRO z@I!t9BacZ51PRU$%k_vo@b}X=D!h<^0)mL_+eEe6zcIVz-!rfRlem8Zl?TrXL_LP8 zG+pLPkOAqktSVI|*ypu9fA{5^zx#5@`65-aEjy4sj^zXsxPI@Id($05)rSEV6+zc8 z)cFpgNMr$YFdu&FA}q2VVHI#sm}$Rt_0}_esUc+42bzh6tR&yFBZV)|BqXl z@&~@2w{Vus9ya})u^82xzbH+R-bmFb7cLc}Z+ZUW{kvTJ>T&UjRJSdUab+{}a6%na z(`C-W9h5HCxDa2K|IKN7)w9XHYGd7K$@}2bf$!+(>ejOFW9LrK&W$G<-kt89&Ykq> zB#sih%Yj@g@B{oaJ;HZzw8R6Nmyhj{dDtiQ{Z|bvEOPE18>8z6W*a5%HTh>UdQl)x zE?o6K<$wt4AA-HB%-{Gm^eTV5$yt|uar{sAsJAfM@AFn6*cn)FWCHBG z@GVel-iE-{>{{A@j9*_KRsq-leewjkyL3^m=UOb^~EIZcg zM&+?ennm{z%Ck?$dnaAcuf~KObHVJB%r~RpTookNv0haH5H(a664D+Ii1aIFj2{?q*Il8i^H|V`2T@<^=FiF1g+<4r(rk^Fg089hWw+VD z>FR3K`qRtDj)ZK?hf~6wb=cII>C7Vs~?tr(I|v4 zQ*2(^PSX-?JJf5E5#wmA)#cuLbZF^gO2g#N9?|>BEpUj^@e-)^;Af`lDjoj5eiUgL zq?U~(pHY7S{Th>`9AmhL#p%Nd2}j8;cQ+vln`rR}P>Eb?x=dky5RfwIWL1^8tjBfl>ctfW^KkXw4r%E}7jDzU3Z zAazp=ItI_z4xvIwY5|+u2$C!EcbH*Nl=v%^{-QnC*3-`v0PD$uGUe2FO|S(jS<9I; zjPRY=w1o+%2pbWSxf{YPEHY0^0EEfyvI3h`pO$U%(e<4VEK!zv>0gB2Qv(ar8h@Gv znzh(ZhMqiMovTKxYy`bUTiTZLq6RJ07;tdKW;oW5Dea;Nbg(Arg!4V0?fKveK^afI ze)uY~3cx-i#-JzM@ zHFq6D6^~Nx9vk_b1{v&t@;EGe*+6g>LkrOz<9^WyrSi5G!g+3=1$BDu}9o zmhw96*N^>AAequ!K^UdJebq&MpJCgRj^bNWlx14p%XRo_6%Ho;xLBjFE8{D-Q>V=n z12$h~U0+lEfjr<`vyefd0I?G#ADcl=!vg@2Hvc|=LG=Qgz@^*(T9K1?No_?CTgPR4 zW9b~2Itq{wbNf{LD4WIiA&jB-y5^l8(*f_-#wnBD8LM^SWz0~PIsh%oA z8LhlegHm~}?xeH!Kk0?gg{f4}#Tb|e^WG4%k3l@_4QLBvcnI6;)8m$5rfI$S$slvp z4AFTI&Y@x4TjI30{;BQh!R{@wpmW&MeUKwzZNDlQMF{+G?Uq}{QC&1u?tWMCRdYUj zSymMfNT=@ajC4)=O?{WUeN;!aZ@4_n(S5FQ+6r1JWwzS>Fahib6sa4*61!3m%i9W< z-l&csAFyd*J((n$@x9H-sKJ1yFYG09M74xJ?xMbMXY{~uIWhngaLLkK?;TbL3kk-D z&o(=-fphk@&`%XZZnkZv>W1H65~2wK9jx`rJwbI&{7S^ZMIoE|R}_?GAu$GmW} zy$5t}$q`Kt)wdDLMUdc#=b&`e^^?wX(14Ox`q|YDoqIpIQPj*pd6mQXYz6S-NWgJ) z`*F>#oX6U1db27k@5l5&$xD|o%jwcL_Q61-OkbByq%Ky7Q)V};H%G68-6yHqo$$4c z!k$j*8J2C9WlzQmM8hh=YK%LrSsDW}uU2UPT!@HlkFx7*k{DmGfccFFf#pbjIQ7K2 zGY0&gS742pf*9p!SZ@f$-`j;|Uwd1RKTebB{({K4FrDCV zNN$p*i%BU0dwOBsjIYWsk1b)iC$S{(ULm>kkPhs5Ww7S=k>U|y4wc@ewIDS z7)tmRK$*VbNyBCSx>;2tb~mXd9a4E0o`T?$MCOh&M5k0x*uo`mYHM%rcLQB?&nlR= zzHjlA4`s~2GvEFQHPq`K0QjfOL1i1T1~sKq{kj*OcX;*kT z`IXUD7+VTF(#as3X{NZ4!wV_|&CdE@(kPm0&>WsXU*|+V9E6>Rr^5?okiiMKJc{*i z<~~OW^g@EfwT$8Wddl6lHmKh*(Y1tdO@J_mq%b`vx>eIQhs&B zc_&)cy#2$6?p>xEXE@b8Jl-1GLsm_2^6_%*A0*dR^z|$*EdcLtj$tURK^(ybO#M# zk`#*J{REqs*w8l3GT`)GVtra2pTu2%F=@*9U`PK7(mIssHzNNFwWtId*l! z?#;sMul?r{+wg++i+7amiqKIVvoS}~HsY6DWSiD^U|+AfzQ|uu&C5#!hD(J^y8d#c z6J_r|?-XjhucN8PfZJZYu5aXi{StWoJ}O~d!QMBy7eOwXbBqZ@&1CI~GnWek2uV5$ z{p#-64? zJF8o6YCYF_b(?hkQ}t(6qWCFRByzTK`S`~9me>Ihhf~0`3@D!%_-Yo)j+xd7F|x(1 zHjoKLyv0q?CeXr@#8r-<33g9gifBs&76t(91$78C4|TJKz+la6MRCsJFa<_(K)FH z<6J=2UIbG}y-8r^9SK8_0$4lz7G3+{*`p;cjR<8>$naf-f z`vfTR`A>8(oAZ#2i{`&tBHTSX^j=`g_rz>>6{ID31h}uL29OLxCi?T$?)1f(>7<2j z_rAh~7Q`jj8%d;Y2r?@6Oqy?ksF#IQY%N-Jb1aa&J2F%_Bke$5`SJzFWUTpW_s+ z)1Atzw*>nBq&r;_2VOViuy3&loziWY69^EMt{hnxka*ok_z(3rS)7F1fe%SCRfH~h z;2yyhLeaYHt)$T%D<3Q+kT&%N|=nd$J4bhu>3H1 zS1s4Ap<3r>gUROxvf3f$9L=$gaN+yk>693JXn4Q9#T}pzq4#Gij;MHQ9d)i^49B*H z#*vwH{Hi1*(sVeK8*q1?b_mV54doi(1w4^zn^KQYH zG+(;xgYdW5zj1|v+vxolS8m&S0-mJWN+Nvvmj&yQ`#+`jpi-VKs9aHMr_-)@dh1&0 zxJT1sp{O!3Hm9qXD%umrdEm1+ttowJ_oJZzb1Areo*EXn4O0wW9_o7CJX>pO1gX3A zTdh1`885bT3H!B_GUpon&kw$nCw`8YdNc`t@X$3j!VxksEw$qj+)Sp8hJi-7u7^tc z+RV3KRZS$RNE2Vfq{H}rfpFqx!?Qr0HiACU98u$SKj*aLn`ca(KZuneWbFuHa4X_x zm>%n~4%Q_}RvK$;WEgNr2>gEZovawxSouETdF=D1*R8I@W(~chnD%nZsaf25M-GlE zx2b<{IBI~rn)SFH`Q9}DQN`;IX>a^4F6&=c5fIG~eH z(Misw@eu_qZgd2fVG%J99jO`waxO1aFn;TthVY2>vR>nT&dsq}jgxln5rPa|&X=)9 zKKzREG}Z`C`M!L;$%3DTelpM;myydR{zx0C=;C;ne@&uahthI$%vf~r+^nQD#mCDw zK9x0_g=j~+fNys=@xQS8j6>LN?VFj@xrq19p+ehJ&Fg}}b9=meqmi+{j*m5U z>4nkOE#XkM===0oPAdeQ6(=uuv`pe0=Xf|sLVI3TTW;(enVMRZ-{|^`t4E&vg)OJ> z<6H^*g?+~af_2t0XYje1eRlnslI`q#27R1lmfVK2PV_K#QAHij_7qZBTK{mXG*wpW zkImt{nJ;b|dhGs$lz{c)NpJD77G?kyq9xTRYxD2wWDo~iyj*Jjz~KB#Ck4Z{G{Sc- z@1OVWjaOmrw9p{_9mATZf;H{1BOgDu8GeJV=m#N5+j3>sgKvI$Dtu*1l5$V=)*FWq z=pmU;P>Vl%pU$q^_l;6WjQV}7nOXIm=Ly#jF&B!Er!c+lw$uCt2Gs7u>sF29{D0$Z ze^RDpL_MW7L+6J+uaztE%CkA(IbG)<5~p{$}ke(8BA}>YDAGe;CgO6*z4l zi}1hcJ*Q>hwfXZf+P?w2n}n)8&0XPqe;7|DNQdotc2$!v^KklRC6j=OdNYylZ`yAb zvA@CIb<|QlyDF8~Q_1326KNja@(zDRv6>tu@i#1OBrVjH{~$Dw4z-N(59DOFVh=XD zse#4jh*^Zjpn)y5HXhh1ZpinzGDewjCxh^U?H3K?)oU~R%-~f=Gb_7m6D5V4XeP&~ zVa)y4Gnz#KOzAT8@RSLp7TsU{DZ$tumW!+MsrbXDM`^QC7TiB@X0*Sq3Ak!u819 zWIQa2Bqy!5U_B5N8lzVC(N0yV}`& z2v`K{v_KuEHu9D3xaTR{5pM3t777B%TJUNFHs!8{T+ zI{pOzq)5m`Z_EKSQr}=ne?-BiqyS)WHjJi_b601hSPjBZj{-=!LZN_zVDfZ6fM+z$ zx$}~I+R*Y4NM|l>WMo%abetG2u7JRf+rOGdsS2l;&>jOFqp$&vQ?GM!vm>9{_T4Wg z^Ph{4U~!oQq?n)5GiCW4&dATJ=lP^tkkkcx=-2@I~YXqb9;bZoeAbhb(2<>*t>(m zjSQpWb9i>Zk5Ov3+zy*tY9XsAaE5(eWA2pzbw41vs&88Hi>;d&vLi5zJF zt3)Kld5uR!siHfW$%Mzes)KPR#eOk+<(W9u^W!?d(|nD>P;EA3B;~;1n#7(kF?2pk(8!JTcvZ4^ z6s%0j!q{G)JB22Rok0Vj$)Fkr7|8`V?cPew0>fdH3H4lKmw1N9?d6u=gr6GXMxU^z z&Hr

n2L|QNjuH0gY?``98dz!+rP4sz-~>n0h2UJ|yt@5G3@|T*xn29kD-R9|CCI9twHC4;H|uCd8~Rv$ z1i0gpqA{5ZL|$$I!iAh?9>Ym}j=j0pSuQTv4^>>h*3HW|X$1PVY;dwU0R*Q6?qQ6D zdxA}U_R*+2SIvxDYn4!7UZqVJ%iiTHaQnecp?sd#B-4k9_pvqzT46?A8mgI2vR>8V00Sy@-%Q0`L7Ra6 z((r}bZ1IWwl|DS#t(R%aLo=YMzMEson@yh2VC%I*7y1?M$%`p{$|4Mf<<@lJMiO$xC-czcN^$OG@a?3J(6b$buiqzR`N zdk7_ik1UJ>v>A_pU-wg@ZXTCDi@xnES-|_0k!>|O__lavyp=AG0Z>V+%sG2jyXC%R z@%l%&ts_b=x1`;KCv|V{LgiIBfde;k9AJRC8NqQ>`w;jl3jtVX5vsrP-BpNV+zh`c z3&mvnKg4F71ySRygix%BRf7K3OL#IB_t9Y5Npx}p03HqiG_->usp~%Bdy{*SJ(i`V zd|`5KqFt>J5;vc&)A;6A7sJen%RyQh+4l88JB=Y;09dSm#au*cY#HxanWfdI7uqVT z)v!czU%d}wdKlabCsrkIgUd)hA7Gv-GR zoj8S{4z4PdYf3tc4&3Ut`Xi;L!mjMtZojd6Md>lvr{j7vw~)9lQfNXsRd43;>{xPe zn0UWi{7|Pi_*@-;PnNxXeI0PR?EuAE!5%p{aWOIJEuSxa1fuzQ;4pX|uK`xtA#t+e z$tf%>95+Q-DUE|Im8u$`d{bubv(QiX^NkWeyU@NWe}%3y3@Ud2EtAND4#Cm(>G0qk z2b_6GoZA+uRV3+*xXU1_w=J;b5K?j;0?E|D^e85`olqdJ`*Rnr2Tgw;Y65~fr-k={zlyfOERWx(D8w-jvNrt5Zvf@F-*aRyT&H&wM4sOv8lGzq$i7_aN|&5s zMhmxh^_PglegVeNKCSZ$kn_3blSB-R>#&UVv`A-_l3PNn^<$l6MqKDYUGgZ`m7xQ` zOkqiN>E9w9`Pn7DWAl0^rnlUk^x15Txac;BmD0j0prYX^J83azNASWTaKV`5Srt5` zb74o4UCT3q9}BnQ&Rh{ap^7rAz9z+=u$5>3_f$}T34aRks0DIq;19X9bq`AmyVmsx-HtJ33JiH40FuiB z1<_X4y*Fp@surD_qlyljW##kOZj)w-lW9_cS-^rh0SNkI@t)w2L%m|Bu9IkL&dyXW t{`B9d77A&U7VZb{!qJ#((6j~HnNeK-%)Zb~CNyMLr_wfZ6Ib^eZ5npA9(WRnkv0@}@nx)!0 zf;6vg_@mLt5TeTB#2`4yzqU$=OGYp4&il*s(vl-A8W)XAhMxBQR#^XS*Y~7vrzzd4 z(rM_O@zCBorxj;c-pDVr1Wbgqs26`<2xQjoykxnG9fk7u&zDY|u_rRh~JfX_t#|MQt`Kc<G$S()49>g@OyT0UJI2b91^yU{%mO~_LA@D+atkfKeEk+0*|Ngl3r)sM6y?)go{-yGX8YgKBFP2-_ z2zgq|Qs%AtB|4S&di={1H6IH!_J04!E_5skC-eLKima-1 zjFnr*=Weu9K9y%478= z{WzJCo5a_gWBKico}t?o2MZ}rb96qK$ua2^3I!E#iMefviyqDqy)&pOqm7``EYOJI zG8VP|QI`9Ayh@pjtK#v9mRQ5=oAZ;rm>T6bq8^E6WS762tUR_@`AGPrjxp!Ft!n*z z)%aZP+)B`CLF1ggT6_AuSvaZx*Oxqe!Og~u)tRx}U{+c`@6#i9Ny*d3lP&qC#ax-_ zdsKa~%#jYBFs}5$cj}ZQE5bXD3*E`>H4PrSYKyrF$ph*I8mtv-&;P(q2;1&U6`W;N z$q+B9=dp~S3NdyMi4-F&WV2K4K&CERhyIG?1J ztOi@cei30-PQTR~{#2im?6nq!fZgvZj-O<&`5(WHuZ*2a#uT;mic) z$D3bhC>IYuMyyXYl`M>!_?^KUyxu2nvnMZ!m?>5}j_1C{+E8vw7iyOzNWCIuWgqVC z_+>Ire(O=x$Y$Q(nwI=f_jw_toDj@C*~x5^`K}IxGEcihZ^>{?ulFW9Cz??RaH7YiU^o z)!ny81Jf-5maD_>ZM;d8u~Y9j+%x&QWKryNZ~W*JzLWDmqt6k2D z`e%P$ZyhMSz9sttkCKV2>7;Corl8StcSW=R^e8vcNUfgJpqlpkTSfIJw2^lAJ97Gh zRHE>PMRe#s2fwQomqZ)Vrr9@S$_X?1JG}=AX+oMWG1spbqrZXuR^WBKzn-XVN~N>>#O9-C*BSn z&bFJ|KU{o6c}yehHZ7aTnMT3$srA9pcApqt7yd9W$L%x|mq*FJOLGFEF)bH6qVLD! zb{!7n%IjV4YxFu6E~SfB=1y>K^gIl6DluxXnfv(U2d{Df2A=TKhTQ~H-Q;9EDxtwU z`;!gNF+TEIc3wLsvXRB?YJMWyw9$(D;I6omlaS9@J+u4P+=?5_X-}}Q$n!moW7CH0 zGi>X}C6^T`&D+CxEcD7OUM`1x$-XH+xErf1x+(M`TxEAYTRM`0w?%ET+97)}QtV7+ zetoQ>%W1xogiE*abWeZwL?Qr#{L8OT#AKf}jp@z5%XxNj@Ap-o<*6!o9(jL_VI;wH z+t?6$OEhY&e0^-I+3yne%6$jjftEAnQ5WNHyH49Ne&!Na`Zf-57UaB$9+XkzpFKU} zif7Z5+qmm>RL-GOD*kM3f;C0psTL`5Z|kE$V~?GF>F}SWg9I+&hYa1?H%zHWvDA8A z^P_L83Q1JLeMxD#box@aoe_VA}MGLJBnvje{i<_=DefQb{x@S5^~?|Wb?~VwpLO}Uku|b zQu=9LQH7rE-+n8rB^hmT1ls2>m8ZU(QwmG#Jv)h94y-0?3tDpbaHH7pAr3v3GH@wd zg*tW_+NZ9KE@?k3ab3*-@%4}L62 zyh&ix@FEZR2D@7>Pbn>otjNS9Xqx||`3l!noBpgI($DK~wO)K1+Qw5(rD;jLzgEOH zmybQfFDG+{Y$`5zC2|?>;n02ji2qrWxo!=&ao1_J(#Lj2i{kbmrBlD#G8*x%2UQ`% z?ZP+DtdS8`4l5_eVYW=}Vb`zDc=iuUpHtJ*SUF)oe>EpwTxTS|rivNcy}OmB{Uw|- zL4mgG&Q*D*ngtJ&s2m~;ZNIId#iWv<f~O%-RCQ5eeQM~V&2@q8bUU1+j+v=u<~EE-7+j3klMt zanB4J&yH4Cm`=O-`tqd}c0z=Um8fMHgwwOmRX07PCnQ~jJP%3Go z`thjIVLF<=ewi&P&?9-92mf}$P5p<$S>{)$ahQy~A{sZ%$A#@j8=hCqcn>c!J;PqL zZ}vr9QDvIrH*3Q(mqRJ}Flas79`2!elVJLLp*Gjy?~i?hJ1^2~ZK*pDTioJU+wP-R zER99oHZpJ`B*jVnt5weNC~vc9?XC=|D`e<&d&<IV7TaE1K9|P_pjO0PE>Y?Uw)x zs^Xn=@1Fl%N~0@j+y|*V<}W6RxywJ|laph9FdOl@5t3!#fD>Qd)AJ-<`Llk^j-tav zwL?~Xq;5@nm0LAtv`O;*Qvdy*gBcl{d)$Uvp4$rDho#S=RPrE%cP_s1;S8~e>{49T zf7^>mO1$tOGs-l`EF=57Q=dql_H0Gq=eOU*&NlJ+F>&UfM$`^}A*%CS$_ySX$4H-- z^1n-@MMp?Cv@5)WFLsjgR&ts#Nz|)WZ6Tj8%XKqMIK~hzKPSTrN@9BHi0i7BI;Yr{ z#_fe7GnV%(L>JU}xWX5sTBPtDdEzrMpZd*(aeWs*)cJ$&LJpUGt>Z=u?oJz#GS=I1 z?$S@^-H>jwB1~0cj`2lKTmEF&+Uk`h6S0PH@F6QU^-Z!ukaF&!N>ZK>* zx|+f~*S_69y1p)G{Tu&*IsUr92AZb96Q{f^4YJwHRvVC#Ke?fpeM?arq${t-esrr%Wu!y^47DBD{RMa(^f&T<-W0omiB8r*#G6)mA6XIev&zhOw{Kv z+HN1Ep@Nncy7t= zJ}5leU1etIk~9pcZNagbYHYCRN>HrX-PB^Qo^`&e!@aKEenN}(!o)9u(@?Kr7pK^3 z&>D($qo+NgCC!g8=fdl0aktRLBy}(;g^8zld2;=%;-XCyo6}w)3aRa$xk+q16l}Xm zJB_I&@|L@sVCGo`|5hMJshsL0eWdU&5{VMT_BQjN7kQsKJq0!OH8X-4wuyt2!|m{9p8Ds>FA*}$A_zC*(vtVq zvg2O{;sxL9e7LvK?=LR#*uJ5q0k`lq@(`-Ohoq@rZpRHwmZ9}Sa5uf|P!r~KIz4jP zJ-E6+$}<(}sxuozY#+cEje=brjIxfqSHXYN`dEjT`5(|+8jq4)XZ!hUw~Q|W`PVFp zrZKSh!9wXDkZi(^%4V(az{~gV@sTL;WP%%`fNubfapN@D!Qe1urQY)4Oc#HIb6 zKH36o6_~CCQJ-bPV!n$5qv5f7iw@pGlmN zYN)5H^I~o#dEsaoJCRPMze{m-2xdCF)?HWd;%FJ<(O=(7|B(H=@L8`>;+-`FxY(sH zj{XWq)7R{>+`YIA4di94ELhH8Y!kX(fOWEOL>piNrB(*t(SOfV zPQ=8gcH6WY%#S|eK25vpI(SBA?5S$|M&$YMYQ4%6&-2s$GWYET6^kC>)2r9`ZQ^Xk z;oIb0fLY{UTqe(P+x)dv)pV+etj7*&V(RFUn?Lr67LFa)ET(^aPjPnU3dLk`XN}vY zS?WBn1mjBq3ujApqRvYy@rg~1ubiOpV-$3pi$ZRTh2FGP&EoZjp4E(S%9(nrF_y~5 zWpc|oukWEYou3`^J{je132x5J>38=zKXv_4q+L5Zai9Hw+7Ck+}vL3lzY^u z$-9A~sKl^NODSF0y4>p?>gZ;Z{s%LuuIJy7n96m1GX9qJfZI#!wYobSkTg4?D4Ux) zKdU;T67|%y#W(@< zMhQ%L@|hGWrrcKSO%TLHpS_R5hHc#%Wgc7fat_dcVZ1{ z9HsEq&JJert;Z|hUl(#_SqpP}F^g^T4P9!u>Z$SW`E39fl3h=}oUbvz@ig0!*tx%5 zV%e1-Cy~gZtLCw@G{aa@v;ONf0BtRIpW*lV%dfX)hmvxhk%IqV%2zBOHFZvh3u1x5P&lD2D*T3e!(7 z2C}4ZYh2gUx2_{xq7|7p)2)d*u3FAsQ{0Xqj^inVBtLCsZTKjW`WniT8re-1OA>#{m*Q_Nym>#X+ip`za_ zg*>S3Wsr!SX`z>=3f5^`?1(#2Rwl#e{Hz_1@KiRh;rYH?-LpS&g~X(|b_ei%&F{=d z*Bio=eI$(UjU!s?1^=I^DLj{!ho%G?<4CLlR<$rF&`rnQ{XRTbk#eE zNJoJ!Yf!?g^zkqxZlQei(d&3m7SJT(JUIUxNWD|G58~TZ8>Q3dL?d+Q+fBIgbwEuN z{JgrZQmA$FN2%%kREEB^yUey@<*NH1zQ!`k|0uJZt#9{4TT_-<5;#*Ubr~F?7Ic&x zt9n|pW=+obkl5fHur7Oz&0v0}GSSrYx8q02sI8gou&R34X6YkrH|}8J>}Lj3mkIUU zdEukRqRZksae^dsD#B~#R)z|3&pvcxZ>QX$=^~(ifMu|ewC;I!xMY=1+(hBGy3+;iDDwEfE*VWP0wTs7oP_LsEJ)F0xFoQY2qc)gk?bI) zx;U2GcEjRf*AK6j7D{Bs%iZzP}j`B6;Yoyd96>1D6dV_ zh(KW2GpM$2VZS?d>??Y3yxznfVUnkwacR?Nq%Ld+ws2k)-xWz$OePdI`-w?Y$-aea*(?Dk$ zgP&RFR%tOQr$K(v!)+d&)dhqr8R5jVLN9X$y$yu$w}GDrF^Wn6!9K^vFQmX;dzcfr zN2b%appkhGz2fDmeZ|TSgy#ZHoe>%P$HjUTa=JqHt|{Lkn!C;uAi3JOS0kR?c&9{@ zc#_XPeMjX&C;W9q59+@$S^XamIiJ0!uce?SPn*7Ze{0ufX?6pRZkoht@fGRKP?G-l zeV-g#1F<`Wf`cMxIP`UT?LX0nQ{C0#mQGCy%rm`ef*VOV@lz;MX@dnLW#U_(zh!jX zBI6$?g}1L~btS4pukHj`W&e>$I3c$utBP-5A{24!7A+*gZ5ZFwNKp)6=iF`7=Q zs6|*w$l+IDritm*gUWF22R?W^Jpo?V7=d{v-ch|g$c+~}8kk4*Ew5+0S4bH#x8j|@ zkFIw#%t&#pn^Ak$y2(85mOoQQ4nDOoiyH=yO6wAZmcYWFUvf#tlC7y*m^7YOH=M(S zdstPNuMihKY)n{{RTdZX&V9<8wC}Z;<~q2&d-OrDjrkE{{y2Z;DdV>cUe1!J%AHG6 zD67@D-6bjN<@?H)%K(oQ6ok2(`d|kX{TZ(+bl3LzLiAA?zsz&{+o|Nb^b^#Dt{DQq zJkDY_3IlaHYyICvH7XZ2;u+h<HcHo!>o%*%p zDAG>OPn*t}12FLufQHlM9ikTtYqaW1w{_>le}IWP!ENeJ*GaKvsYAS^Um9cVwW~SL zc~iSMHFQE61rP19Gmfi|Uzkjz>VzJ(h+AOdS4C`fl?~sPmHR4bPg}*QCESu)#qEh> z(zU)B5qO2Kqe!n;nZLBEBGA|yR9Ak7qJDR)ypw)ZXhni1j2y1-6F|$uyKP=q7^bf= zhP%JHasNffQh&ClGlPM6BenpaF!RgaP%E5SIeYz<*M3{U`s4dIEkion^QoK?+$5Pq zWzRpgEmEXYdY~maeJV#}J?@{hC%Z2}kAZ5Z=HwrYE~_t-`I~FOan}QsDNW-SQds1k z$HeJ1QmtKH6LIB*l>2DiKaQB(9$dw4GHF307qCmEh_Wuk$H9tJT%KF!|InDaTeGSA z>wR#NSi2`LhR2K>*ZoqLz~}&>wb2jsTJhY?{nXhym^GiG5!Z?CV7LlQGQ4oVFWgl7 zeBX}C#7!7AvSRwjL*X;TW0qos00Wxh#*^HVp>WD+{ih9#d{(`ekAf~OY?ZU~eS0+I z$vJXg86}ilpa+n4fuLT!5veRDRi<$=5jBtd{!iB-&Qlo;mg847PZ}cpSSF>zYpfB( z$={*W%`_rX7N2`c1ByV3~cFgDbmB`5m!wn>I?3xoz5HESR+n>rQ(N#_f8C z%TB%5WIy!;C8AE#5U#IE*^?RQy7Be3y(9{F8`givKrN&Z*qZF4FTp89X=L>3hzte` z3%r`Bt5KC6yEeOFMdKXl8I&yxM48`qQW-f^-0qv)pk2Bu2XijDL!XJ?QYIdCZDKMc z|8pu;5qCBEW){JA7yZ2rD`z8@~u72eSVh?JQ^S-FNW6v9RkE|H$mzm1iE~6;%L-$T!@!atMJo z9-QAc4}M1~Q}LL5_QL0~^mhn2$CT_|ZHy4V^R|O_`kFjN^>lh5I%;n4Bk2j}OdV5f zbB*x*yYYD~i*=<}iy=^@pS#$5S=KIO~Y#n}dteXV79fSQl z3=iQ?`$Bfi=_py|yO`J}E;HfA)tkShXiMcB)CaHy=9of64Q9^G?KWKnJ1kIA2W5%XXmk^#M-$omte z5x4)|Ck^yCUh2ZO$3dHqDBs?(KmTTDmZl9?zFRMV@w}D>LoZ8gEdH0e^bVy$wlC_L zwEcS97m?Bk;y2Ip4Y&B-1QN)+V6Gx^WQ|it<5HAyD6VDF8@)m!Y9RG%w(y}sv^4GL z9`0U!2mRF=!dYxg1@cEDjm6mM8Gf#)=~#C~wX(JqyJJqjyiU*NuzsxS9(Ms6uc2*_ zPV;DX-%lYjyB)PMQu1`N#|4wfelWE>Kv4A-5*&tHLvz!=My)C3doz9Ng;cnpjqoxW zx~(^nZktADuD_aWUHOczEg`Mn5+e#(*_jG1n!{$oU15m;6g^3|;MwR8OSzPjuT^D( z6Xo^pm;dVp5RgY=UcV?Jaf2@QlKL#~8(d-NfpI8{Irl>olP?f%lz1y(TIN)$5@1V^ zs=i+o@CR2|jUHZrSaCFLW^u+e`)Bnr|L_g>fPWCmaZ48bhmT-L1svP@V^i+$*HH{-NIYg(~pIzBbm3@ zf3;GCUE{gue@bI@x2`l`RAc^Nhc6{GEdNQ2JE0pU`lyU7QV^jLdpek}niIkSB*Uv~ zx|gtP&A(hZ+;2LkTC#6jk8JZMF<#=g8I1DSUC}in{qyIE?jh}!+RQfyzm}~ylcQuy z3{_9=mIP-8R)Vnm#YPPjB%xd}M|5YK8?T1jymy;!QvUgqI(pXS9i!vF)|l=zux95o zoc?$6np@z~sV43ahhMz>2`_*CJS!5pU}gefCGJ)`uuxpQtb>?E_qKX`9RS6+XC1VGsk?&pCwQGy5^1kLWep_wKryJOVkhx`x4Qg^gm@l*H zqjph*vT+Wiw1G-neSUEs-US@wcqMt@eqgYfc=l(E)%BLaz)=+(A0>AwSJ1Q-p-CNA z*o1h@4^_M4TnB-lneAw4X4x+uvdd(rAm_%{oq)2x)r!m20gz`NfYCsWla+3@eP$C! z!=7Q?vzsRADn}icJVZ1x0TPpqO%aqKl0ox$-++gSMhE??A3 z3}9?fYxHzSIwb%#OCiacNa3vzS|0|Te(*S4iOc=q1GWLw?Lg1P-Zb^$qm}?n%ejtd zw9jc8%b+F`vaRG~^*O?R6sKk6VZieXruL8lx_e&J4fv<}%0Hvm#JuYrDLw{(M1eZu$ zh1jESw2Z4zTC+geC}2fWxr-FsVwn^r@i|(xxN+%_5v~dATTH}OvG3u}U!Py$5m>4XjB){C zyfcWJh=?B04=;7yfFpVG3sa>2E~olE>&m4kq!MThS6@MF1_RKKI@c1Rhw+Or*BU5e znfHSkypDD{=dY068IHax9Bl4pBxJA*?9V+ZD$X&EV4#u{;YQ{nu%kp=tq3=%1Sf}l zy0CkW<9w%DiIE7nkU~Pw+C4V`H*1QMEz}fhy)P&ZGE2K<9n(A%v9vW*s9l)<hCI^vOPT}HI76rue!V84U;u|7N8M*W!eAm{F1+B-1D_c3+L5&S-Sf2%?! z{l=(yB)0$8tTaC2UEtrc(`O>~YF`vraa+OinqXBwkcCaE)-c9B0I$*XLo_`J z`qsNrp~Q9%T52I&2KvE@UZedOvP5g5_026$@M3&OE;k>W?>wJY9G!}!r$a7Eyo~?| z+-j!m<{2h<&+ZpTBtk|Ug7z>&H3O;`B0u9)e1;Q-TMEZrp|l|-eu?NVK@FEYWaYz- z61PCozrXjgcWy9zt9N&r75RCC=_Bn+%VQOVVUz-#MllAp z&a6g@%ySk_s@f` z&hIRLe{n4spGGTT6)5j8uW$Sifg~6f23nK74y@~=bgiTfVR$XQp0ixt9*x`mMN>AW()?{AG zm@KJRod7#bJ3c(>r;9fRf<*HSLJrv=eX(%W(OT0NIF!Xs%N0`Z@UReMd;_ltBa+e5s&0G)v{c#S z5za#(!Ym-I^7@>4)_`;8){{|{bhlsF{K0tWLT(!-F4sp48$2{Qjp|t-Q^f)M*$J93 zViCc1X~dw>Q#ajfPuKcqZH3;OyROAMD?{?$N6XB)Dw%Pa2M&|zBF`-#o|ORr>=KTo z5i6d1^8Iai4CW#|z6cgJLtgRS#J?+Phg?Y}>h`US`YY7J`9-G0xQzQhtlqG`;>$F< zOeLgY(twl_b#t1|jtV!micv3N$P{S2%YjUZWC8t#-V=4U*Si5xo(llPap~I)ua5OC zz%``RO+0TRgn9bvK?b!{72ElCe+&4}F7VX6!@#y?g= zW}ia`@|0>&txZ?uJB7CCB#~5j;npm=byt)IdH_pVQ zkc8lB9Gw)7`^L22rp*dl?TS^3{b5cAXb34BdR6${uJ`o>2)pw%NPt z&lBWd)_ESXcbi#fq4Z3J%MAgveHQWWP!e{Ar<3*V@1SfkL3ip~KnV7XypEKb6~d4) zdDZe6=st7@Y_LUX-O`G8q4R?f#t0$oS{hEei)+uxsEsCVCf_%)I1 z4Gv0*pwnANKj1?3d&pNOOjtkN#0z>F|N547RuP|$g~|cY%W6(dkmf$rDp28SV4#g= zY=HKmZuy=*r0D5XqrbAWnGez@diVM;-$IY;@6j8e%T#oK1ev2ibc0)5sXH=~T0~FC zWra8|wcia5ZHt?$3F=Tcv2?Odye$K5_1RDT`Cqa;VHt!9^eYsD zah7-jw+%8v7KYzJR`2XQI+%^z|#6<0$XgI&=tks5CQEjG=UBSl`V57BztY+mu)Yjik{WuKM}|o9KPrYLokK!H3ixlkg&=#Qm|w zC1#~=C?N0UsB3U9zs&sdShg7-^?kO;Ro2Gq-C&dX}@@?+>zr7t7eEpEy*`yrOro|$B;D=RgK_pwNbSmVN? z-$vw{h1?3Xe*al`KZL>mU;ut?{~}J& zO>!Pg!VqrwZGvGFVu3Pji+?dEAu_FtdL8ATLJm#@_2lqW3hMMus7B@hupJSbyB}yw7OR=pgt z%*tAe{Exngmsxf(f$ulY`ukh*MdUpMv55J{N2^2t0`h<&Ea58rJ*Uyd1%+CWpp#|X zIGs9D8tLc(A{VJ4%L0M%SI>J5(7XdmryOtt+xTW}_KoflJ1@lbAcw_;{oky_-mm#$Eg+I1aSfGz%C& zA=Mn=GOE{MT?5~NELZ^>w!+q5XbNg=WnSl_xh&^AR`34NXg&t<1PCVEyJ`<*(1sBv znyqrT&Zk2w?^f6h$(g*I4HmSHyKCNl*^i%^rKRD@D-Xb=F+wgj5v#s}pa|_=ZzwyMNpRJ5kJk>#A6@B-%5ihbNY4 zn+_F|p!viO@cb+z0kIHaoIO&^p)1Ht&CG`xrR-|JBXa{OnbCdg+@%-H>dH04(TNuj z)!{EhbzB|3nOl0-WhG}~7W6!=?THqxHaQIB)z>-9zF;%j-i$}*RaZS$o2jINSXdcA zw@vHELjNsCmWTvh^x1D6zt$ka_UpSzJm!O*JJ41VKlJ?k%uBb{`Q4L=YE^>fW|XyE z&`%4dKfvzo0z>r>PoZ!Xlpb*t|ADL{xBi8!6xN?!;2~?fLYFBqt&7WlN`6*Zk@a?U zoQ7&m{=dS})z1j-#nAs}F!qu72PH7FPuoa4AA%66sd4*?-uz1wAw)*zWfu3i0AHRW zdY9z^sY&SQID}GQ=yp1*G;MN|1!DkmM;@|&nG%II2aRej9z=}$j)kI`qr*YPr(pa< zq&K0|^wV`t*3YjP(0*&5kLZP9e96{43gS3-Ww`Zt%KP~J?}-}qN%zIHZ^Tz44NhyC zXHdU64gO}{^!=)CPLRP!g^TTqEI`vx7Czr~UYge7u~xlXX-%iZ&9)r!m={L@jlq}f zV>90RTn-6;`dur!{}$8fctK zuh&|GWr;vH?Df!|E&4n21L;QW5l1>8Y zqV$!oH+sI|ArB4VH;AbG*qq25LyL;oa94cbz>IR83p*6W_#q)NQ~F;w+ZlG?Jqi5= z+RshI6O=Y+04-x_d`?u=@|37nvg)_;82k%XiL2p`abErl%#yG7vu$TB4x zK)44MOtB3J@SYHqb^I}5$c?%3g0K(PnHDve-~brfIb;$I{^Ii=mi7}v_!9?c%ZbY& zfpe>!aHRfo?te*IcCd#}%PT@4js`}y+vyt;0YtX zsi(n>@(ueCnLS0kHU0tZLV;Y)(9@y}+$b}ca$_Jtb^)CICH!`KNZzLmgNZY0g(c|h;JGatPYm!~PBSN`Y**b<^ZD(-|z!KKpFP)#1IDPT>$q*78{9q?#B04KY$yLA0=7fX*$@Shf*y^ zhu`IVdhr?^x!Zlc5CE|mfzH(cUiZ`MR6xmdJt-qBInt5TompqdHa5s_a))mri?V4I zu>iNIy6AJdJAzht(jzcMd_CYE(tuKy4=MD98~Or}z=I!PmgNETSpuPALw)_}FMms~ zjcEzsZgR>TRqxDUJ9l60wUX)zExQ!|vg*0WRtLR*EqzNU_!cXbl|Bd%=|zqT2KnH} zJ0B!}{L3%N+(NA`oH3dNs`GX53x3?HB0&-k9TnSqrlhQDZJsi=un`RGsU{W{c7XGf z9WK(H|A!NL>0Vhhc5Gwlg0wvQO+C+OW#mTg8+);9=!VT~`KWYYNW6*~ggD zWDfcEHkoD7W8KWaOYy+jjOnb|RyTv;i2ZBqc}b5u@X7Og((OV^U2MvTDf9wNiy=pH z{}=8-3C>A=AMYTe3YLH$1cOdUq#7vXao390!EA;b$F|^GVo*c(#{1|UlBz(DHnkIk zfVIw#e)bcByet?6bLq z_$Y5W|K`oo(vS659tJEKNJ4Qwwto zsw$Ij$1kW&SIQ0dMz03r>@Gtzc7 zU5#=glcvx;(#kw<>}6*A54F?7PjF4#&^AD_orz%!Dr;C;Q!3E1toau`VFH@EgK~kq zA+9r!pgwSACUH-Y{~ME|9-+A*I9?OoTz+I{ID8=k(q;jml6Kx!bwjQ=t=}Ugfa`hR zRr^oUx&>zpu@l9)i0W5+khrqOMOWbB=n&-5{XNn%7l|n=8JX0pI9DJ1{k^OGa5R1G zA&c*CvfA&gOjZ)C!B>{XfW#5>3FvlIfSfAtV?;1J&N^nRUn_=V2U;x zLbeZ$`7HKQ@svDIYr}&Dkc2Byx^?fNI9k8#Gyushpn&8cbX$VEqhD8cI23VR3Fcx3 zPjXX+_8k_Ig-4o`-QjeWP^yDqwVWaOqtUAlv@_{4i?4J@SP1X|w=vQHY->oqvh&h7 zl79kJd(C~gKvNzZv9?c~f5ZNBIUZupj3k8_XYsGguFN2dQ3{G z*R1@$MA9U}7L@~Q?;O+>NamKD$1D)3s{#o}2ev+K_aA)2#GBmIAKo02L3}WXjfsOkq}UyqJ;#D&>G* zkAYN$-K!kW7OzpHqpI6gngM5KqZF{y(AtG@L4!8uUjjFtT^kvdk*?jZ2{%(T_kGVU#UDUlG99bkY49KyQHyv1N#zx4UvS3@Q?`^rw@f#e> za?sg^xP+oJSX#ucUCe=Ol|@R;$d37v)oLhC#a#uCK_XTXXI}!J{Eu|kJG_CE9&lDz z20~!FH8x+pe5tzKrNt}$jz+{|a5WB8WElYPnzs%BlW@UVHTr)+g%A(MYcJ9wHW-y`mlhOVrj*1Q#-_GyeO>m@du7W7~d#cG;<%{?`;4hK9wjZN6 zgm-&(mUMf?`a zBkq<7zKQWhY%NE?jTS%?HwK5<>U1X=KZv_MF{jcA9KV)WYT)YTBQlOhIbUde40=>& zg@Jwa8%3zKPkt7GTWgc?>P;MqU4Uh-%`2a7z9*v2zQ<-%U#(W|Ax69oNo)7*2rt;G z9k&-0&5dE}FsS9BhsoIo!4?EQ5^IL{vFp_kCiFiMq~yi=L zV?czlD!-H)0OfQx2KJpmnDP4*{$`T+sB9}s*7C!Fh!~`pr&fj16)A_Nrz&kZ zufqyc`mankcNeEO-DqDfR2G}RPsaFvg;A@dt#Vn_vL48J z2_pJ^Xi;W>PU31X?+;Y}0)OBNUm&teb&v7cJhX7I^})tvxXo@2{U7jr2e$r0Nk@zW zw0^MrmK1OUh(|u`LEGio`s7Vyh8+6>VGd|y9LOvvH$T|V+_MJT0g^U@(w7MyY!L-f zPafo93+Ts3E&gSfN1*fZVYu-Agp(Xck@=9h6BN*S7 zM?YkLP%f$8Y^UV)*m>0OF2O!|ZLC5bq5$UZ*H);8o>T2t`9(HoUyiGAT{nXEfdCG@ z@{T(sodrO&Ii4Ii=+-@Zul81Duyk$n_aFGe&>@snT9&PflhA_UzTU7uh`BKHHW-su z1-$1mjx#jSTA-Wgw-sa-ppDwO`QOYU(SP8%B5{m3mLV-jY>EgV?Fbi!hni%sV6R`o zV1&*h?GcQECQWy(T>-?=V{`@Bbu7TmsRfX*EC6L$=yLhGk^4N!XR1pX;$J72(b6v9 z=2baJ?{xktJRFi~$j1mk&qE?Sx@6TbL0)G9NpnK4K6}?D_}nXmjcI-l6(*Kdnht3d zYAJ#&mV?hKPaR4*%(L(*S_{wznAj8k4^m<-@l0(H<2aObvY_=*m}o$YXh+|a9B4*y zQh1isEK^7!2rBTn&))wc6q%mGWkKT(q!yP9>4ieP`I4W|yIBK_;*#NFI&fMHEC`A17+sf zg6pn}RZp2py@57+9AcIXE^Ybh>Gx`I`wf{Edd{?`^FL0Y;AjrzgbtbRWWFyQ@aU3q z;Cfv%luD~JN4>hf++N9zZ93AAw_?oeRp+|#SV1AobL%T}==Zzp_1PGFCKy3fPwq`+ zWL-%h?Sm4nG{v_tzFg~@{g2n`@Z5mGlU306y6c9HsvTzIG_e@%;!R%Cn|kXpS0@E1 zmWCl8yy90;NZ-KYiuagm{0P%^7t--y{p|&ho@FR=7J776;kgCs$3IVAa)CBjksph$k0<6bXi>yuM*qSiTw2VTToZ#vm} zWfp|m3X>sR{um&f1GLFT%bK1%g(u_0wYD_k ziynxxD!&iB#7|u0fMD-Q6;$u}(Th|k{V;^4T*W5(u#5uAp2O`qWD2^eS$npm%9%=Q z(teP^P5nw@mKNAzZ1U9G<1Kn&T8C!E6w@vjkB;0V% zsy3T7JNkRSSqFB+-I;Hv&y}|p`Ll;^|AlOTz-vgtKGDN#94h@|_B4#Cx{z0rsUNO75_z!(AG#is< zAG8T|wq#tgyb1jK`_(5`ck$3eq|-7=fql%FYw;AqV77k@s*;As{@Q!*BOxF8i{ay5 z!jN>Mzp;e3y*uVK{oIawTw}0B<(DAT5zmNZ7B4(H z%3_*J+^uh5F(M?&kbEx>$=HAXMJkxIPpJOjg^VE+9f#3>7hHNvx9K}_F zXn85B&Nbpw_s8hrjctGV$V{ebHb%T8jls+{wf+<_66c-Dn~xu$DKSn9F^0d$$a-eu z>RfD~@vYaEQtkm-ze01o90i`76jjg9vB_FhiSe%38psL=W!T3QA^G_M>nwI6u{dMz zZ}xe_`to5_>&a$gmuEeD;G}|+NARr##pSg@9MaZBg)k_|>F-tt9dns!4H|%EIT!jVV4kjnLC5QLDX4mYZv0WS9jd-#fywVd`tvnG zM$%y(dnDy{3wAMNZYJoNA^m-hq$a;Bi@Cf$_&aa&069;ceWB;8v#_L*4f&KP2rcsO z)N*s|XIi($9+zNqd<3Q6&5+-+6PV$g5R2|4Riv;5rkhw`|Jh$1K(AbT%~)9wI)q>? zB*gkpU6RT{2YoOqmja;Gxf77W;El_q;3%R6K_(Uoq)zCS3zN@y(g}nQc<-X1*p{co zr74^5PFAmVUFQT^BmvT5p+rcNr>WuI|Cz(oNY2OX^nkX9T)UsOThQjz37R6_D`zlX zAt`W(x3A(@RPX(->b^Uk%f9cMpFNVj_g>keNcP@QRz}F?M~F~<_Ff@Mg~$$tl#!KP zl$}k=3`N7J=X2;hulu~N`?~Juy6@NPc|Ff_{&$|8bo`FraeTk;&wG74li4bh%tvNR z<*8jwZ{S44m=qf-_29=dgrBH+1^1=^^fw8p=0Z5c0ss(cf~JBXmnDDURr0Mm`2TNxCYbt*J{h9)m0ld}8J0*s`VKxFZpJ=hB0qy7L+ z!ltDC$@*)%rGhw)8`BLJPP&h?!+0p6ANe?p5@|Fmha9fJIeu4uX89LE(D3E=6MU_v z+31@pZyLYN1cf#J1*hyH5y<}nr{LmH@T-to1L)$VuTk`TKLNa}sX+jn7(Zh3dVbRI zu%h=#=?jiQ8zI~0-izwsYt3XVM?jhJGatuVAQ`=W9DEr_)DbIg!zu!Lv{RuxYd>NP z+Y@2n6|>-#`Q;}W6u;&=*JsmjccYvD-8*67J{ z3;q~*tX5Qd)1numK6e98{qDu3m&96kPuG&tiz%9i0uy`-_-MhxdYC{Rd+OZA^o<|t z3ef*|5DO9AXTVM)SSVJ)VTw^#u-T3TZvlEv&^biD_Od;u?AzyUdw`;_+)xU}Sj*ha z$ET;)Y&nOO`5{6lwv)*};uH&Dsn!N!-bt-7#%Y7r1A^~M4 zRkligw_{W9*i+c~@LkX0TYflNbQfh<=nf^=MBCUYJ*k`Rt7lBzUTgJYEPbX7% z<4Nx~P&AAi1H7fp6jNxZZIFr{Y*MS~53Qsh8uAV(#5aVFJAnPbOZZg3TzT)4w4oe= z(Hr2P<)?8gl_r`FzfP`- zeaN;GUo_(6zrk=8S1=dX<-}xn*v6CS zcbDAEACj&UPrdHzf_#C5QQx;p6KaQ-XK{5}DNr|>K1M*;ti1S*L^gcVlw;@U-#sR1 zN2n$|)FlfnTIuT;d?S*~2h*6Nb(c7K=-bF3hF1HmZ%8~}*rwSErm_d9ytzj#U`u{%XlG=Q zBWt8~jw^uV&HGmFvS9J9#2CNya3z9Xi^hOzi?KkiRVHHcb9O}BM;Kb9X@>0m@ReXK_3PqWa!6vd*w1QN??kBB+|;>5-Z86GYt7*kk-Isx$IynPt&?BVL%n97bLC0o9gKU&@JdM_M_us+YS_ich!udyRdQH? z)FoAn?!1^>PkQKdVv#dc0n^-ibiG;-OxP3s+{nOZO6TkOY@O;ijPm3FwlFjE@|oYr zg)<4*nGR_Nyx$rtngnQvr!`V*TEF>jZ-noD)Wd(|d`me(L6$W;u=N&d-Q-1TDtAwH zB1{>S0J>Ot?<^bb78U?&Nxx6o;Pd&tR>ns_IFxrXq+EwJK^e?g4(2=+j#%6Oj!ChA zE}?7)ls!xV|FhMZ4{=D-Zo`hAaHZCfXcLC%3uKUt7!SJ50QVIB=vSYBWa*)c*aM9Z5# zu!3Af>Px`qno7x|-3`3~;2nV(Hd?u2)hm=d6)IEtCxGb5$G3F81Gh&D5x!^Qo;VHk zBCQP~n0$R0{*kqK?C6CkIbvH-M{LWbf62B09Lxmvy9a5xQiw$K@XE!XCxLz}?Nu~K zT1Ub8)D8abgmZc25TFr6sCGbif{w&$$JST}Ht#_-#9gTUv^C|WHh>-OebcuYs`tla z&d6h7fYrE_UiJ-?r{3qJ>7vw3jl_mYhVC$7r$G*iabo7VpN<$gMxtX5&(nd_f?eh_ zVze&hYdlV$j&S!EnTnB3ab%W!xspa~8q%c0pbm(c{eZ^DLa;)*vfvPq`lPVo1Awq? z0U*Ip>E0jGwuU8hG$!f7)31grV{aC7`eHp=DUHuS1SpWv2H{&(^>Eij;Ofq2E>^zy z=^EIqFb*vnjvno$73V8%LkWo{n{lQ*wM_XU7+p&ak!F*B68$lb13t_s(;X?+Fpa@h zhr+YOgM$jh!)`uo_yO}-52_k-!2E2!4uv%7km41LAI`ad?@MIP^mD(Pa51IWxbo!1 zTn^B$laju z1I&!(Ri%oNw;w-;dt-lcHoZ&Hrt;P@lgaRHe8g2h&kM^XEX`JRA55SfL;BZg!0KN- zYZW}FWF2XgV=Z~64pPO=R!~{>xAK~GvW4uVw!9ljoyls50tx&uyn&Go(<0u#dwU2t zjQ%^-qc?eU9)2}n3R>tO5&)*3QP>uZdO22dj?W$o=fczf;9*{-5j=(t2boOf4=l+3 z>GB$94XLL|TfAj+-KbnlG4v&=C;CSFV;R03?E01vs;@^jv6Fz5>j~@6YY`X^VkNWZ zL&-&PD1ZG`iesdBF(GWhTNvXbIKywYh%N%<uqiP-4X~aO2EoK)6ET39WxEpyozPY$Y!n0uhfHDWudl@;+ftQ*Y z&XUrzGd&cmaZFaC$H#HD?2c*<#geaIJ>)s^di?>+N(w5dYocbrk+)k+b1yz>B+|*1 zLNOAHpE+JgDHWt`Ej6ijmS%`>LtT%D)vZ95E=4SDx-W%!(LmZ=q=-|0HS5^{Pm{hj#Tu6z46MR6W`o zu$B@uvT|DRAhO|XM!(h@??4f z?!Upoc)GZZ{*m2UK$JJDn?|-rd=B0(qfK8WMgjQAiJ(RbznBY5#TlwH%q502TFQ){WX5 ze+hsM7m0ryxWDN)HQNakuqgw-8@OH`+qL7HgPqJJd)&B;-WPtZZjWzH+g%;QZyo+I}{tPwfUE^ObRsB z8Kp+g{};?c<{LM5{YWXI0nsslm8WoD^13FwxM$Oy!hYR8ML33t%ovN%!QUQ2R8 zvfOkw;?4nFU6Vgom2MFjmAV1Og92~dfZ5gOce)E9#k}6($tqPlkJ~mj*Vf0y!Piye zlhJ-LiEV1LDjzD`x$uao2XB?}SZ$pz0a|pm%Cs46KkyfL0$|DBf#iY&K0h=Q{ZnxW zT49kZ-VN<)oNY{M{tteL5?z}%O8oBIhmA=r$a@=osr;Fbfqvkka%Fz+GF%;IqAx?I zTVFD}hdCa+(O@GgzsRzZ_{`00ZG7}>ec84VA#=M`e@mY~3H^tE>UoE@dlXW$UB;>|f6a z=6M+!SyC*B1BqowiLOW^JFkSJF!d5iQDYmSH<3Pc?Rnc-s2|ErFFN0bVI&!qMfH#u z^6~ zIN~x;rEu)P@L$xRfMG&J3{sW~6zc)(s4aO^_?{I*>%wI&Vt< zqMW$vRU)$P<6mmB23R21c-tm|XL;b|28x=)<5>MzUJj(}J{8ueSU3|(j(xgug<^|- z*-Q7%e#Q^xM>j*WvG!xL@y8Z*T1+#2m4%nTqn3WW(F>*Z^L;Anrh(Gu0^%Z(e?gJ9 zW{5HJv+SMF^TUL}zhiEOl$s2^{dd!4?u{f0{kY=Q>31x-iTsgyZ?F3x8-}VLis^nsWY(Y^RKGGZd) zz*y>1V%_w7Z_mtG+xAf&ckYWB>I)3+AL|LX>uE5*W@r2qHB5cy=LwW`3ZglibT+Y7 z_+!O=l`{xA)hJM%VVsN^BK)RG*Nl`m^E5Y`v^QC}+3#WzX>}ibY={p0=s2DEN@U&h z(;2?NO}%GcAMONRar)FG>E>}(va9{>qS^Gu>xw=K^-v153$B@FgYOsbc?RTP zZE>d_88F4!NEZX>^^F6U=3vp6F{=9{l4nzYU&wKK&~}|PM7AJ6fh1H?>OY0xy&RD zxCj%NPo=%1-Kh8pCb?g+kVTIHjwL2pVNWv$7HCaux>^`u6DMH^jNP7G5gK*g(c05fQ+!)}VPGd|0WHPWnc`>WG7lpLugtI>;pJ$A_mAWA^{#E7vC8G8!@oS#RL5m*WImI4FSwlk?FM)dr$$b z22^neDB3GHS9qDHn}i`dk0&n}x<(LB3XyMs?+jdEJg|XraAeGs!%@Mj zs+t;+mzUQ~mvsuvMBRMp3~O+9v?DI4=z5H#&f-Xb0otO3SrvjcZ#Do>i%&@*_Xf?Y zFF`hPh$~c!4%ZwukCmW1;`ZuseeTI#SHV$g!KQk4_*bpx^le;UP$oOTc$ikuxYryn z4}>23#sCbMkIH8Q`0=w*3ue4uWKkR_M3@!lY>fskxOPcmaeZf-C3F;Pi zf!$XSA9!6Ra%wxXq^|#1x>fVp=CMO;z+$3IxuC19ZLaf3X+}(PGT$qVY4&=0OqZ@4 z_6qw+eXbr(PEJ*2Wt86*s8mc9o{%5Jb(hQXP-gK=NSL_5dgdB8bojd&fk)Q(tkO}t zt2eN7+`_gu!$Mzxi0eG|h-D%U@wm-g-}k_#$2!L`6j@sHs&~uNI5H zIh#Aux<3>0?INb9nBx$*T$E5bI8olX63bVk8X(l3RxtW?fIHjjJGO^EpssCDp$LPa z+ZDe51Y+@XUoD-@wn8{XyKj5Z32lI{>|8_ZZ0p$A1&F}C;Y2rVFkB5!2d&If}! z?U!XL+hA1QEIpUoTJdM==e}CL%Y&FsDFXuo%mIvJ1wLR~)#0IvvcK%Q=EO*@e{E4p z*@8%EJn$7oPB=RnFuRvXHf?k=wK8oROZY4}Z`B8?c=o@4Ck!^b78XLa;(Z9kpm-)* zRae0ZWWs#PCn60A7UqMj<(rIQD-|WY`fw~63!kfI4NP3MU&C&a>+%eCeBa+c$JWwv zT#`6K$o*bi+N2Hp;2Rr>%l-V<_cvtTK)Vq3$nRR$4uBp#5#iSfc6r^G%uWaZ6?(fE zYB9baew$T$ldq-*Z<-o_pqG%nR0SRo58vX9`Ow+jm5V=E%bW*;Hk&jq5Gs-nKdDQT zo)zIW2S$+`Z5D1ox<`aN1(T$1Gp%4?mU(VzC$5g(g5G5@N^fASh(o@-l1c2~6(u~x zKlA}uSdgLGWQPiCzcZiZlyJp$)v0rJ)5PwrIwdOJeBTHvPOGIdy}iAAE-}KF{R7rV zejAuwR!#{D#vx^|`U5ZqYPZQqNTju?C@a@&!31V#27OXBVpHW7wQ+6m=$AxlsHz%{ z!nE1 z#Nq`@oNk&I5b^2yvol|pMX|B5JD$SSCm}9w6y#)PMjr|1zvz&-y{i$3gyw2}lJ-}i zHVRD5&f1U|=>Hm)D4gqj_w~uii#~B_DJkqgatk#zHWuvFEiNt=K7IOhXKO137F?~i z*Jx(LRInVdGh^;@o|}EtHU^KNx`syCdoTrVcW_BbnUF{}5*S8YHSVT%@f%o0g>&&osLo57T|8k?6LbF6o^1K( zF0LOPp(~pAqlRMOu)_6&EMk%&{PQ-*gKiv9UaDj$6YjntYIbG~RypmR7<91(4ZL1S zp4HFsl`5VAy=JkZI9*W$%SDPh;(jk!80jjE`bo5bFW->25}Jv^eGv}+RAadk(>hkV zpy~DoMn(p;!AuNkEu$c-g`#X@n}0L(nEwj!E%U8UVmo{9{719A#p6Pjx--` z`aS2|x|7`N6;aca{*1oPYT#Todg^P+CXDY5AC>*|>C;*bwa#zC?g3LR3V*Bq%@gZI zotX;cCK>EOyL96QN@)LKD&9QyfZT9fuShSv;e}2@Cmco7C_ zYedQf53zHyu?S9R3_>|(M#PB-glPUHnXQozc2zg%K}NOLX|*jcsoI>K=*mYl7E}l| zm2{S!vG({zs6xe4IiY*#Zqq}<$n58gqc2(ZvrC@KovR-rbdl9l)I_4$w#V}Y+SVD% zJjXYLDc0lJ$J4>?>nw5V^1W*kBe8m?%2vL7K3vmK^mt($PP*OH3c-rLLui^TY5K9U;WNJ3;NZ;?FJmEiQ{-=A_cEGymq_|W!2x)BTBR~ zIgXDQn8*f`*osE0j+;oaPgDutSZ^}N2@^f_$##?4+=&|NGYU|-rQA^pH?Y5S@P7zCu zref8lM<<~Ko`k)PE0&LnwVueTZND6Q zLZXLbx0Rdkc#)qxs_I#*F!rWJjm+>%^1&^o(Ay>kgH@r!#678pYQL=gY@n`wwa<(q zpEN3jILK2;c8X6r)!5HoIP}$MN-hJ2?*JsmmmuV5Q%TgWhGVtW38-}@#Y%UW7wWyH zDPnEAP8uY^d#!T83g2xlMvZK>9<;+>CPY-sh2nb#+yt^bDE&oQd_Ng|%J6CO{R>FU zk~`Ec2vt{W>m^xt)=t_XHa9Bb0nyjpRC7*9#0?dl6lAEMaHxL5V^{iN56LiSpoUgXnw`X$HmzkU$q!APcdZ4YYm zm$Nj3NuugJLQY?8h(5>Ctd}L2-u}>zrTRXz{tYu8Aw9y^KL}pkKWn3tbn@io585kF zYV#S2q; z2Na=mvb(G0w%IhHzdj-6p?jtoMwuy$29-m`kuHvIf4~-@5RrkG(~Et@4`@he?u#q%)v~hl=5INUNCu{ zCj2AtuXuG)VFt+8V%|A7wtZ$DqtuP{*BJT7G)|7(qhrp>1iXVP~B-vrs~X zhnTnRfuZZAmqLZJj~)lvKQ7wKD-qgz(8PbrPxS?c0grx;sdYS-?OV$k{!{kFO}zub z?keoZfV)qlY3u1MuWJ-BUGk=L2Yp-r-uLgOlDuOoEyzZCca3B2IZr1UK^AGctIY_m zoOABQP~JAyv*+`_KYZVN*d>2Wzc%fpjY*Q@?-{cSAKRIvN{`0h`An-5&Ty_0PKem7 zoH$C~@uvT!oOXP^EVu68zho{SxrP7pUvZKX4Ivkd${olx*m6Y=-}HclPCj(RnasnJNa+ct zIIS~Svc(VK_TdUYIeNs{YdKS3=%Zj|6#t4e&8i2)wLFQ1O)M*dAJUMF9;5&&7}USU(__WlvsO^ zdI0K8K3HWrL7&fullJn#T(JPj5G^wi%esUG`7>wKfZgnX`k9*V;Dm_j4Z5G{JsI;k9hIotR0*q zcp2k^1Z;I~K(5^g&KO#V{E1=)vO{GXj^^TI2HOn}BvE*km6iFYm<>$7L6paEa_%nD zt_N}od2@5K30dRu-3tznSWFrHq@yRnoS_QJsVdB!nm5U5X?ZW%+Y6MPSfZ3|xD$Ky zI0vy0LacrQ!ZDXJvaqmd2;S<&)D6+4Zph5^A{G+FwF0xW@jVRTL1Kcv$l=4F&J6~^t#O1&#W9+U<5-L%olx;i` z62{FCo%#${PMs_dxVT7Gr!n<{=wNFuL_TllKH)Anv3&t$hrDJJ8t^bdj!k=@JNX(Y z{Fd=HRkoNM8822Ml`Hk&LOeL@7(Hl8McR}CBw8l8V2Tssy4Eb^Pn`Ofb50u3T25$ zUgk?1Q0r9T2UOu@QiY5NuE~VqmD>x)2Aqn2=3Tz7Xw$ASlRf8w@xPf{L%d%3ujR)@KbCwuKV$pg>qTSl@tSNE`xph;OdV5zu%( zJdNq7kU~UNbv$PRiT-L3BX>2&Ad>7h0QV`P_&#S%?9Ykzb`?oC#Y4|h7Srp(DTla%x@h_oP1tQCucwC+7T{Bf{y z!~^w6K|#R*UU^aI>f{pM#wUx7jg32T5y+9sGxlq@I50(=ItQi`yYi_Q4o{1VNqi+M zsP3@LP`ZJ4)*jbV8dsK=WcfIdkaY0sa5ko}1~4w<_7;CE+B?=JylwKs#InTc+^+Ok z5_AR{Ppr6-$$aObZ&n$>3$sYAT~fa0&wQ?U8~N_n!xRk-Q^p@Vk`TGbQqRLW9dZd~ z_tms~>rbO~NFbdqu z#C>g!u6o?j0A!WPS8%ww1@1bIp(4rAw78jr<-rg-$OlI?w?oEOTO6YW2Ik-sOcC{` z9(N2`S=)Pmc=txE>C{veqsGM@k0>oGm{Lo;7(PE#sNmZ~c2!Ts{^x zB6mdPq|#qQ))dh7em}CiM5sOtIIIW<}7H~s&cTNzPdDF7ZhEo1b34M z4bDD=iA$yvJ119Q(@7Z`1*1`qof{OrNdOCNamuz#{R~uTsUG62P}qP(DOlvgECyyJNo~(Ay0)hN+>j&hZ6W3U#qb7q^u$ zCh3x=A@U3*Uom7yh7?KX6R-mzTw_7ezpb7RWmRccrJ3K%jpJ5&^DL9U0BX~`&fVO{ zB%JOmB-he9?kraJ9^1Kl9t#VbPfJzF#8X={{H%Nz69@syHHsJ%CE3L|_)WI~VQATs z5j+8deTq|qV1u=0I}_t>*aLRvCD@qXLuPXMZtoh~%u+WAskk>LoQ_wA-Cp?}rGdSl z3}3-E>y-`XarpH9^KE!-)b+5g=mgZZuQ563JbTOjz*NUmzvB-uW{6vL{2H_-IDGV9 zj?alXwcdyBBqk&r)E76T%SZYS5qap-Q^7RoWnwZ}Sf&%R zWWDp9;V3n#^iR8Vn5G7s8%$`TBUq(bOW3l;WI2z2oK;v^MMVvqsmsGpp^oOEh3*cG zliyR;W6gg9+c|{T=da2c*`tmAfMoR8XHdTgjE9x7LPN4EvEUyqHGS1b%C=$u3#2zz AiU0rr diff --git a/docs/extend/images/authz_connection_hijack.png b/docs/extend/images/authz_connection_hijack.png deleted file mode 100644 index f13a2987b28d70f81bda7096a54ec479f20b2690..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 38780 zcmdRWcQlrN{5QHQWZa>Wd6P|cLS$x-WJmTWTSjDrtVC8;86`53k(E6|W|FMz>~$kq z;dx*6UFY}5^T%_Z^PKaX<9p8c+}-zeeXh@Vzu&L%z8+mylP4ymBE-SLAy!n7y@7*+ zrw0GA;-7#|9MZp9Nu8EL$=dljUBrC8qOcZqwAp>oGp5>Y6`LFzYZtTam6~jq zl(O->Yv}U0x4S0Q8_JNEaN@t7u9aS2%^r1;MNd*kcE>vaFz z5`!y2a9wzpAnfBm*HrLpe6;=dC}A)=ihhkB)vv3_{WAtU3bpE!|9-z-9X{|4FysIC zNnSWjiBAaQ9qex>ynipe^-RF}iRHnK42757b01?{H@w+Mb#iW8>t~h;CXy?v@!A#| zE;Mf?No$QjeRCr6Kf|fhR%So)ZE^ao@hDl4(_ChP5&vrOXw|)at|5biD%SkSd0{MB3haB+ zu?K4qm?#;BPH3G{z`Q2VdZVK%dT%w4(xM~&;%j~3(skto?zsLpx&}HtpZ9wV4(NS% zOkdSl_2f85QNz5RfcZRj{IUXOfuO{3+z6X~jm2MKO~P^O!D_`Eiie6I%FhvxCU>(d zl$|lO9+v)9us$IL8z$#QX3X+XvGUuSr51<3b{*b+Dq^_vIU~C6=+MB(bLI@YUf~Oq zI`7?$jrCUgs?65z-dFN*bIWjPD!8EerNH~Oyl8BNWO6$H|*flr<}TKpI@tT-lk7%*fg_D^WJ#G!72ZQ zhC|$g_&mRCzG1~wyx1q9*nccoaHfEc7Ig9x8!xA zC@7Ur?a=r2^(cw(Q4WjYpvF~pgM|&Q@z0qiFnHWl1j6Bxb-o9NjOj+j z);(o;w>G|i?BD%X;X*xk+2Px~QXEH|^V@Ejx}Im3Iuu5Vt<~eWuZ2%B@`*f#Vnd303ey;0#-cUPNOQTi5y4&vQlKu2>sck;hC7b3B`MJy9J5J@w@I%jnI~@r;Yob1TCDB)r zc{-f$eU;xBbjsjsmPtcE{ss9bly2+gDG^kc-gT;PzbrqLky8BFayzs&*edw2^5}5? z;!^G18Kr3s$E~$*6~)dg#t#lGGf2M+%+VJLfZ~CI1p<%M^Shc4d z?RzOawF{Dwu@7ar-jJo$_o++Rch>d_tYCd%l|3GfdrT8ocy7Ml`wIKk@X`gFFWDM$ zqMSURS4PTb;3@FbyCSGBTm0Htm)j$~x>G+WHwF`;u^&pVUu+e@rTPhIXBvy>}WvM6J z>3f|sjr~43tQgCp*q^K2Uu5jNdo9)Hr+%sZ;k4uPAD0eahlDInG(229q!hdzWj9u> zFZYCoJ<-{72W#qo@7nXa74PlQdvPa~jkkY}ICfOJEoI0)BHN3a@yZ_5J9~I^@@Qw8 zG)dSw-Fttfe53Ic52a$3T8fR`$;#7h*6qeEscwE*d6pgV8w17)%-X%>A{|!P9bi&cq}6dT_zs3pLogx-*SUu0NOc zUmaGtuiTxaz5)kz`srmyqYEoRr_P0Y$MYDk=E5<31LuUh_Utd7+fq!0%3apN-`wuEdD{_mRDM(phX&uM^$Bh4wZ~^a{#+TcoNkF| z=k(XYTIdbcY>(N}1YbT?Jc{lK^dP1z<1u{yqRjS7Hbdx2Z*b)qZo@$~8G7~3Dwq%- z>z-8YYxVnY2CEHwK zULTSo3w*BCk@5o3z(h(HYNt=tjvw^qGRJ)~j~24hzORl}afs}lU$+{bun%}yH+lRR z>4TA+P5kfTU+k*;i4W3=jV}ApH@$jxeREsjOk2%&{c|27rErK99XC=?G|G^sif%Q9 z`Afdhd7EM0`efatK4neBFl6Eek%mc|oI(3j_TxN6Cz+J3#Q9f54yZ_J6VF=BzOY8A zc~J#Y1cwJ$)-Jm2ZdkrzBTDk5TFeev7wbvdE~RYdE8gMH>K(b6ZA$Mym}+&^ef672 zPv6uV)zou4N|AoP_V`vmiEe+LyY47(!Fc7%!0`<_8=r^ak@z~pRWug^nyCDPXQ zBv-@w4eHN!CPnnk^`u=c+iF?p%i6NKKIYTU3R_lAMCX)X-8PS;u*fSBnlC z`0H`oW9vPiJvnN0=5$_waqjLarSX}|O_Svbl1AHZ1q^USxl<*bC_D}0%$;31{24zs zur7I3^O0$I4=akCX#4A6k-3j{#GE1~4{DIcu(Y6)k8$wQx6oZ3Jau`8yH^i)rrY~o z){xiIwTvysz%e+3da}7gKq7X%1maK+KGi^L%pNT%`+=swxX*UV{lR&Dz94E&<9+kn z2_p2xIEJ;}6;!nk=T1s(plvBP0!-ORQt|Dvvt7v|nrlic!=(``8N=__YWKtQ1`3QF z?aYtic8Poae9Er*I(zb~R|gx;4eQED*#+NlS{*B4x`V!0UP zPB0RT?=V~~6<=>Aw;?w}1v7jWbz8&_R%TFh8ZD?h%gn*}o;-G-a=dZS zFa@fEoXH>e#ysU|TMFsF9)A_>XHFn2em`aFu{hqWzT08`bYPMrsTkIe?@E?JG-FF8 z?|mPZPRS~t{W3h8)QG?&8LPfxEH-~->ceC1PBrQI*xjJ>R`=z!3$6NhHR(Gu`j*BL zmmY3C#x@q^=@&09dim7d-^!)F>|!)XCw{-g`Jxp~ne9OL+k@F3aU9xrO?}wy{rO1* z59lBKnru%J$g=d|eT8kMfAB@y`S@owLu-d~WqcjzS$mzEH;VbFrix6hURz5nGU;p= zmG2pJ<(~Q>a0cIeGfz}p`3w=KR`!d*X@RN-N4}#JwXuG$@IOs|*Hi2WJ1&jW#7Sus za1y`iMCgGOhPRsJf?W7@eTM8k*o;I>1{W@x*$CMWGmTcdX%;UQ-rcznDVDBtIp3f> zKbl*M`u0ftMS~2P5R#ZnwmO%X9%<+Eg}*-bLPOp-81t>5c25awUk8c7X3M^L`GqP3 zkGlrfsAW&*x0#sxILYo3y?`z5d?S#8iBL!TZ_#pL(<~;cpl5f+t8GvYwI2 z7bJ6H^cQXuX4MIIW5gxHs^O%cXvCM%*?B}PHc@KoiE0)xedI5Bw&}~jrua{ML7OiM zSNE3%`klNNc-19C#i{K02nNX~?xG;q#iM8xO@7Sxwm5p0I*i_Y`!Z1P&GA!bDH|qd zjjQijT+quYB(LXKhYBmcN8-q^|G4tK!~{otujBf-WKI~|`^hwe?0IAaJB)=;uiW{X zmo!lCN|aM2=Iv5Cpzsj+@~?`*zB zZKIc^(4*AoL>s)qTeSeYAmjGk`>dibd=nWS318}b(G;%I$(RB4_aOO;){m*AJu&~F z3_mG9y5D8>-@rzpJ{2b@R-8VS`Cnx75I*q_K#K6c{!G*%G=7w9ApRGL6tYTA zTJ(fiEB5p*2*%^|Zmy~LKUYS-aN@u2^zdJ#wG1$6Xme8k-z)RtXYiIu zzt?yrN1UVmMh9Ox{B3$LG4)vkVs{VQb6k2Dm)XwfyEE+~)vxnXFXOo_eu+LoOyzNf z_LK7%Dek11*(tn+YWj=s<{0Qvjf}~)2R{w&4433Y=B~R+cQUJCdN=TbL;kZUvG6n2)2siv|2aUFM)g?Uf7i)_41UJc=<}cZOT!L0MM=l< z?;sH{nkxHV{onf=;a?Z_#BFN&&ma*<8;igFpZlMJr{yv6Nc?w@Vg#}&PJ4jHW_IV& z5}M!Th(41mp;EDz?7$K8q%p=t0KES4-Uy^C9*{hFP zQ#~3DV*DZv4(e>+AacxgCJ9{K^xByWiSW`MFVr>F1T!v-q5W1mQcO{dp`JmPI78C`ifRUv&~k7mC=;-Hzdt)7JD~JRE&`Am`y#!hUPBQ!l=*tKhco;27k;@Ct49EcIw0J? ztYzv9u&QT_j@{TtdxGm-OL}Wqa&PsP#1NqPq#Ab<{KLIp{7x_ zFFo(q1w`{~hF-+usreDJakJ5-;!YpSE>dg$+TC32Xaby+0oncCy|uBy0J7<~K_2t`ajnHaT@T~x02n@SBfK>B$%OO=R6 zRG$lVEuFlm9M2WQs!rEXcrpUT7>!e%gU}|v2YVlZh3J3COg7RW${Jn|@stYyoOUCD zDIstYFE{F0xym!@2m_Ajk9I;fqI@-Tj~TTez^RvMlcb?V-x+@Whdgvb~u9P0`Y+bKGqbN4x6mI(dnA zFPPuXfJ*=F-j6%wT)bnXy<2l>50st@*?$rC2H=z_7eR%mTVD2r_DVaT)VJ=Z9|t+_ zkNfVcrp;a@H?#+n<{mT;xV|K-X3i*>ik# z8aD46F(`-FA|(#rQ;9ZzB3yOzxT`T{9x2YU^KSYM;6E}CO2RW78Px=B-B&Pg zZ5PkFYY;8JaJ;uN%)GVOPyTBSH|y9*5oOA zgQixjt(@?G%uR-&a_4Kk;%jJgrghq!nHYW$~Rzs2a4C4 zvyUfbiI~k3iKp})B>lMW|KSmEb8lV&cT_G+J;?CQ`27O_D+O{~pB#u>E@Y2x9#w01 zSJS`EmR;x5rBp$wrA_DqWj85(ceL75;Drjr6KA(kh&*51E*g|+?YBnK>+U1f-2Phi z<`aWjh&j5gBc-<1G>(uVMSpe*^iZ}I7TNT3xK+zX(zUDuK7V80_gYop$#L5YgLV(K z3-r3J=Rdv7KRnn!N!$>6`ofn3*j|()Vn80Ie}1c1B%S#NjtM6>clTBksl@wR<+pno z@K@OaoyDrD`<3W7LPEA*Rr*iv+Q>YIl#%m90$YD;8Q@849Osa>lkKD8#~VGoh96 z;8flCu;5h)G>y#>WGbMA>e%=qw^9qWP7*b-7MhIihZg&r-VGkYGM@}idcfN}gIPt( z+}8!^-ca=l`{Ui>=fbZ}kg2?oDO^*r+s%yLHIJIjtr%TrQM#XL7W zj5(s`v6D@~^9|=Td#<{6%pcV`J*#t_>TrHSBZAuImlXu za@$18%m_(5hTa}yMCK}IP7xBNm z@Zp@XmW=RBM}ls##OYsQFZAqR)^2OaC(bR4+@e32L8V&W^v1(K?{|-8>@;f7i>mfI zBZj`I1m7=s;icw^<(C1EFijsZ$~8R$LjUQ=t9#kcgvrCjRyMHZ5jP8`l}qEK2Isn- z4=hqdeqck=Ii)7Om`7nao%qeJPkx*OeOUGLw$CP-0=Fc*&wuOLc}*l0%plU!-@->t zGX4X7Ie`7Ef8wF!$-BgTF_IV*`nf*?XQxhM&EuEcp)AdFrt>X!*xbgF5Dfd8k4we< zD(N7?MHhld{Kbjg-TIpnyj%{-kJTkf`zDX*&HTiOQ{_6f3`=fDBh1C4J1eyQZ1rS# z!+E~Bt;G_q!;)j`kBLL&rM<~y@3Vbv-z<;Vc^4t%Fj98WC>A4HdQxaikuFppPvbPr zlb51-_)i9j^AtBXdnBsd*j~RiyD9k9sPP8Q&g+#9-etdfrM!nz3n`5f8&`ey+JFrB zWmMQ@m`YcP{Yl)K96!Q@#>Wk17JDHVPWjTz7b_skOUoPH6FS5jv9~o~tQ+!U14q$w z?Rm%7k)8C1DgT#*TxxfW6nJx1eRxzgjCj2#J$Gjk z`puFPqeFTw`Z^MmmNn;H`~J4`w(t`i+aKc9tL{gSF@}X~%)(|xN}aB<^xG>Vy0jsQ zxVFu)o`lbv59_2uQDO$@wwoDV=EiStUOJ;Tx#Ep!J$C0pt=+@}@v}TF33lENyqX#h zSkTLA7jRWE9Aav>iGnX+S16=W0^C^O4*gs4$D6UwRTEDvUG&pF##aX-g2BNmZM8mH z#pC*v*VRSO@TSN%W z*~q}{6QnryJFSsHJd@5J!bO{RC(CJyb}+suYTPN|Cp=Vz8I{{^K4RnRFZL!w=usV{ zFKBo2CTRt-Fxg7+TnnBA+tv_2k ztrr=%Q*_Oaj2DDC@ZErg@@n;=<~o%T@xG2%i|E7-*QBREJ!Oj!SJa$b;bM<>vNDF` zjc!ooeKe6No6wgoB4tkt>a)vbK_t{dDqXWQqORHYqN%Pd{wCYTg_|xcrER%qtX`PC z*CbV595yc#s&>K-9-lrL>sI^7bM7FP@_s{wkd2sHLqmh%AEDDM0;k$W@AV01RV$f1 zOdiyevrXTgIOA!MPg6`Ew9Wnju1rxlItMK`E+q;FZe>n*N_Uc5Y0C&E=~AehoUY~y z10Z@$!}=ZjA0!HR37c@JaYu!>G52TU+lWU}iTdZlX2|ghE*0RP!zIjeingx!^VKI9 zzrjz|X+AnNG#U&#jlBq3pINx30W3dRrPF!xH|(uf1hAg`g*xxl->}>76)+znm0o%x|G;k6(=VLv-f%4B z{s&P%VF4cC|IUC+_oK(5YP&*3#3>K?$= zjQ8}f(3&wq?A>RAk7nn06p8@QwZoy#gai_O!*T(b@Rj|lDVEfu^f%Zc7O zPf#KNLJc>Rn-k;<#TE{~g{n`3^jfPw|p^VrtPp zOhWRjohI=LdlXFZs&hEe+kSqsM!7TH?}L){crtvp%vsd50$U|11xU z3M@}UN>lDX4glfDusp?k4@(*TrY@X#VR=s8BYE?W&_2Nh%hSC``Zf5UkoS4Z@SO4vv@EKi?58;M{{`bbdg}RZ_UrreEm^y+nSjZ09~83Hzn{AhLNL?#|6X zQCq5d?jq|!#Ys@MxnOIZ3+)Do(gqAbCNRpME8T4MAs}jj&4S}Uy{{93AAjBVz_&-=eC8@ zf9J=3tSW!At`msq%s0a z)@b{1<0KI!MkjCL8c-RzQ~p2DY|k1%K+ZI*xSPx6RO!9@PJ_o$Eb0Xe_jBEY2N&LY zHhnAC*{%lz!38yQ^z*#Xuf0vmj(y+frNf1sjDQ{kq0+;2%%` zMb&b$F-T6$N(U5iP3b#3*hw4VQvr@3PPe~#=#BYxxK;4rBk06WaUO1;v}!#zCm%t@ zoFeMR-%ey6Y8$IAgBdb4U_#d0lTi)5R-@-_r+l4L4x?8+2zg z-d=wh0Q!K;qcC8S43!eN-v)a-kr+Ki(5yjx%Q}z^_q)jPX1;%nU2Gs)>juosq|bj; za%K4E!S;9ua2O^}&$P8XcdX5ckr7O%2g-&O!BBLi09&(N)Wx@+ssNvL(V&Zvt`d|w zg-2w}PbmXF!LSmj$PPfwj$>7BHIiymNfy?aF>gI)R1N#3D(+kxiJ0p|$o(Dj!*84u zSMGdfDqpTY9zeED7=c7RvlKA&kd5N*Zp>)Pu+A>?Sy0$fOZZk(Z8Uy5zfn%EQn?&( z{8Vn&!;_@#Mdq!jCbi+!ZxyeCm$BEo(>3Y`##4A2(~-BO`!MfJ&~gw0<2L7d zsCkGcO?Bu{&A^M!$l*2J<6U8vE-VwG9kfqirEAOP41Ul1D`b$4NOOT1-?hdyb@tvZ zmgZQY&@(+AH29AY60T%I>L!u$0)JuT4s&wr(x;a)qF1(7*{NJpX1h~3HD9ZoCfc5) z3dQfDwwL3I8xrKaLO1(^U`WoJ!t4WY^}-z}3}YcCaF}NH?79^ArCGf#XsSxBux8fk zT6nLDq=8;Fzee_9uff+oSjKt-e)nZPfBeQKIzDytmT--ARmvyQonL^`?Jqe(D(!Dr z9J#^`fD%vHq(1!w)~jEnN{m62SFH5jnvr4xcM27EGa2DvFoPuBTw!W#Rs(s!Nl`KN zVP3&tN(PT2%nLNp0Wd$=49d-miNsP1l+T(vWl9K|Tf~ zpAKTHJTI+9Fg(QhHr=oR6T@SUb-dT3%uF52t*h$Vne3lf}QwUp>ZF#*b} zUQ>@)zjR(j1zdoo|H(&wdc_Y1ru4NX7b)uej)~5=`1ZF~va)MqHF5L)a|A|}U;&ck zx9-j}YesvJB9D##M81OH5|K+fv0ga=9g7N~B+k_*y8@_1eeNA;F@y6TV$YnRgQ79? z5}q?RZ8Dkd#qHvn#IF%aH#~$}E2W4`l5lH6t+PE%SZIRVup0vt{{AKb=af$g`dqBm z#n%a$`1EuBRU`)~+3VfbXANG#Geo>k!!n6W7ABQyNJ%GwZL@0@TNgOBRnP1NF8JmFX}y85bhh5YZ+AP+@e_EIR;e5eEwmFYNqobjSv zOc6s!a9!}4Y1TVMxDYPXfrOOjc`*Ki7vRfYKHXu$)au?iXG}<{4tC@OhNUXzweBP+*y*fD6E0uQ`J4kM~@%Jf}X?F7{aWmBw%v{bxbWZ^8Q+e;l0(nfFv+9lScPzSpYssM+P<`+XuNQr_ zQ_0~03t{!{?DKc73pYgEmlOR>#%q1rn_QrLo7RIe*y4Lz^k=Y$h=6Ud#CAZ4vQm)*K2U0l4rRv^V{Qa#(#jkn#ncxuN_t|rGqe;yLk6s%m8*O67hcgp39hjVnL~AE{H4rE zsVm+y72w{>fw*ANovaV2n|-=9@*K#&?puO{Gry(pW`G+I#eV78>_N)U^x9s%@!rYQ zbGfMXJHnE@*+uJ%xXeC<$>em5tDT2RA|C27joPC_Fa4VPrCfT2l2AvnL10e+yGwQ= zTj(=DT{)ZYSHT|%#pZcLU0nWFp;`NDLs^Q-(Q@LM%Uri2R79Ded)at_)$uc!IT1DP zX`BD`07{ukC{5cyLAU5lzgFf+C+e!uUksr=_o_mqSPAbB9raOnB>YB6a={i3n;DCY zE|a50xbTYo1nQVJ1*Yi)&m0ycG?fXs3#!Sf}Els7@DChpHnMYMC~~P$Ek$ zs}GLZ?>p<$@tzA0(YBWDPc>+wtRVwr0`TE?nN>-VO*xg33Oa=5O5>$ytWq>%5Cz+H zNsQQK$1%H-=hVpQo_H)tXiVUdiegN`saD0G<<`oM>ZKqGY4F+vU6ZP{lbW*Zoj~Y$ zd+-RxkCZ!hG(0@nkH!RlFBt`;lz3>t2cO0MV=QX|Y@Wqi9oyurYS|~NcfUiCR^YB7 z-)!HY`4kl93OFTNSA6;pU~z2{dy`p%X(u0jK6_gnv9+EDI;8g7`r7o#bwWrv|HPRFt}De250CQ@3?J_qdae5W={%y? z!k}6e7B8yfD>U;b5pM|^+g?2vF@k<;a;jk)D0cj*Z^#*pP_=vxC13!6XZAM9q?BTO zNkfyJ#gD9MTBJ&1T7vtreqo=^LWaeapJUq*)Uy=Lb~tQXpa}Z@mvzBApR-?zc_g7j zN`W;%jJEcvh$yw<&q}f-Tip*1;7kApSC`I55TIQng$sa3I8m*2O>n~m8SGy^ks*9m zoJgW6JuzaVbDh2q+Z3M*y;XT8sOb5E7Zox|-I?C^HBA%F*} zEhaGa-2lBO=T=o25uMl|f6eZTa(>?BkdvYTJsRa%X}&i-lQ^_)F!#R!#tRTAh zOpr7eh1Ji7>KTF_vW-B=<|xBh7S-SWZOeR3E_-u#hUzGEERwOv3NN7NHqM|;@3|2r zgC?E$jQEV=IyK*?i+1S`@nt)#QG7;v>9|EUCD_xU@%!xFDE+%Pz^}ueLm=>g4C5b) z@uR#%RPY%=xAjke!=R;2MT&*zz;>5n@WXij{!sQ9#GBjm z*UJ1+G%7ghh$2gp&+v!rID`Yek#b88$OxF>c-^B)9*kg~LQ0r^$#y{bx8h#uP9cz)oEArGIyvX@U}uLjB1C zp-v!t{0Qcq`Lv#uGG39A-xRx!SLzCj{~-9LD5wuQbz&qH2(F6-QCvO+H^*my;h`I? zG?>uJD7I9yobn+ZvQS!NO8N%u*a-rY{m!a0@FX5b%wCdYurrhx3p?T76Lly|s*v5F zBn=W3(Py9*NKdC8!Y6YQ!VLw_84UYBTL#%~NFl-mUy}|<3i^xv`v2}blAqCkmpXU& zt@Gj0*I}+d$TS{<|DD7{F)N?de`ldsolY%y8{@P8Q@i!~C0iC}XXp3=#%p1r1)FV5 zV7GA?$Wnc-1IB*_sDhs8x--#a8`V@U50`S1<+h8)NNRz6~C|b z?6M;_xJsTPF@4LnGM)jDHDG7qt0_CxQk!5x^7ogj(=6SNW>^9-;)@VhN)>4TN}Dfg|L zQ4&OqQ=qu~jL&rTo@tLW+LS#|OBKthz6nsODx8u}8gnpzn=bUNi9^vP!UqcBk+EVO+L=P>my@ z6-_Kw!j|Pfyd~nk)py+X>izLmTA4)r7Wr^0us}rsZmZXDOdjOSBZr7@ zP9W&;O|Pq#`igs=Bua{sVfGH3B#znz@J+Q}aRm#NewkfTo^hQ~>2Wh+nTJ4o-@u(h zJfBeB=eoFiIt-U6J_?8CHYKF4aAFAVFC>=n6YDk=XB|v1_GS0_xvVjg`e1p{1lb;9 z9oT!uk6B4Zc9p{yk`Y@YyLiKWBnYB#o3Ve02872}f9aC15Z~@J@_LBD#1FFvTmYrpb(3srZTVQ6lYrSZNV_!d9U?unK+7Ql~!; zmB(=FGhO_%<@{BmgK_4%5^wJQ5|>;5&cpuNh0I?#fo{V6##3FSBox0>jHf$_aU-aLRh}cQ!D@)9WOc35~Y8 zDQ5bX3tGgIpwfu-3URyOkI%qsKP*^2{-DW;$oR+-hx8L-SKHV*@@ia-5B6xRfx>_l zF-5Db(td^A6j%>CrAN3Pf8mXjZXZXB;s8OBTEopWrMZvy$nb@bVW~dd{iDmER3uM^ zp5xTvny~f61lzXt&IDW$3PPguWW$k{E_)MG~eCG-p)g=*2~zTQ4H z!mRlPG%)<#N^u>$)+rC>LQq2v4c zbJC3sA?5PL4>WPJx>7x#ym1yiO|Sh%m*#lJkV7)E?1^;E-WLiV|fR1s5; z8rc~gWOQQw5~dhKaGLu7_h|>cQWet>zSiy2_Utcrw`4O~(pyt7jFm7ewBoqF#_!35 zS>wX%WlIJ8zeHzY|Mxx8@nxTTOx;DDcH1v{_vd+-ChYJKs~!MBMd*qc<+zzHOMpZ? zc%W+_U(C33$GF2~a?15||GKo3us`I4Q(wQfL*G&LGxvqh*Ty`iBRpC!EWm;?ZJk|G z`aSECcqFU{(b3TH{92`xS$J%D>WuSW*MP~vLcQ}HH?ZojaUjqQB2(;TelfMbe$IqO z`@?Da2uKaDlI1g*rtr0!kwvwCet>&gA(kbAP)Dww-w5nOaZu8=E%v`T)*kZ6haA%N zec7JG%~9#ogsczP_=tbYd6Kf^J3yU%2kgHXl!Ha9LG+9P;4bf4m8`Q1)_u{pN>T-+ zL7JbU`DOkLH0yL5NMZ=ctU*vdID?~?1`0ZWg|-AzBIbfT$->vS&yluE7WGsvARXdh zPL!aX==cJd?0CQod}*m_tyZ&<6DZpod3t>QY< zz|IWqs5ipEIaJ>#j}k#0}m;Q`DY3!YE_JN5_(lG}x?_4h9W z*L$|h;C6i0ttt^yhZIl8;n^%UDj-`v+7)hnIeT1Bd!%QDB)l zSS6JxKuj>MbYHRQ=Fcr-PfpLhGDP`j1vv5E8kEOFRg`_sEP28WkzanJ+p!w2do!MU zV5>rssS-L9;U9GJ*pQ-b0ihcFw{yXF9N>c1Hz>2yNX-HPhS1l@qTUa8(eOXn{futV znbJxBJ;3*t&7r5;sRJ7|=pE<6+db{(E7R>9EzROqL7qJ|O!BaN0m=St?1v80Bc~;@ z=EbBZDN+vFb^gq4BECsBv5YxnYb|G0?4F6jM>{atXjP&45YaE~#(oG1Etz2mgGBKt zSQBHQ5*6{lzM#3{u3~RaUw|Zm=nL{0I&W_x9m*YW!s5yaWW1p$(jFR25lAo}`|4K8 zN#0}yjL~IdmcOci`Iib+V&pe;UC#FwcEvTldU#GiRHzzemIbk&+@RkXC#L-_?T$7?WVLUHI&+>S9qRGom&8izm-eTV(2Bnxt@B60EPduN&c zu0=y&W;(B(AF0eo%Z;@o{W;UbU8Xzm>D?Hvp$7*n;8VLH6W^wH(tTv+5ssJRisUV~ zn(#2W$rIvg8iP4@WPeUzBS8rW1wU7-Nrd11?FATp6VS}SHIWI*T#4j7=Jh<3cKps$ zvK8R-#9XH-Qi2T<3r2rVN2F`+_<&Rf=I}Pu3hzKKJd+&Z9euW8o-)0uY*fVfZ6PQ5 zx@u^zwAi`DO6XOSK}#!`&EJJw%^~Rxj@aB3wjOSEV>eZ>$D4(0C8zfTDk`-e;{H8n z{;1P_)&w#(XmYeLpnzxyB01-R$DJII8sO^!&@=JB+v6^G8p26W$pe?`-MQ|Iu(8hm znplB~EfY2$hcNX%noBs?#KvwUWwRfril0vg?LU{zX|=)d`VGKZ4&~4?#M?R)5IS@d zI)?dN?<8auR8Glz@Bdi10CoC?_ExAk{oLn=&rXj7X1o<{$%0N%3xxSw|AoO4PxO85B1>yKrzVQuF;PP5d7t0fPOU5gs_dL(lZj z&H$Fd>GVWi<-hh9CbSt|Xiqxx6C821N7Jou{>m3nt%gEGCvp>d{&z%YiV_Cs`Ty=a zhByMwzdU|}>?pru_!HYbAR!RK5MI9MPr-`;iv1d8{>>;R z*Pze~BaHlWLXjH554ik4ZB_q#O9!SWFB?nwdxyeTfWrrT_wN6r3;B`aK^+_qZ8E#7 zRcqgFKo77wE%f|XCYFzqIfnqQH$#XByMdx9cXJHNGel*g!{TV(%Qb=~S5?1iiozJpg3yce@)sc1vSEzBIvEu@`?h}BI zM4UEEU}AJ1+63}SG8BM(5We7J27f&!oL&n1R5Fj}+{U$BNZ5rg9R&#dPfvnL!n5p_ z_r`Zc_M0Wy22{&Ub^n2zZV2B|}%6By) zj(SV*OxVO5Ay5%%a$sD9f<4RW?yDABGJGCnRW_^_n9y;kbPd6muQ1O5?=hoAfQ#TY z0xmxadHcX82gk4PER~0IL~DigQm6s!;Xy3E-q1>g z2rKM2GD6GkJdlt3{j0D+NP>-@)=Vk1s}8g=mHU9 zx%4q_#%p3_!g{5rY%iN5uafYUcy3zNEd5LsvcC!K0b$NukkH6fo08?4-~|w;)%@tP z@Yf`D(oo6LnBi-&n!?3&$k|{963*z5D+QGvfMXSG`jbYSNuxK#4h4~e7-+zu`bmT} zJi_0378YrUt#SZU>@^IOZHrlU-kH;$Wd9lq(brJJ<&He?+LPif;f42UY&JsAV^Ao_ zuPnfWDg-1aF%zId01*c?MOQ>gs*u;`@pFAi1h+@xY<&v|F|rb{IP+`fWl<<;=@-yH zO`*=f&?OBI-U$75?8!g$g$QKNlFSeEgW$59V9gJsHlKmie`h0NIv2dhwa9MP+NgUX0(bJX@cA96fgU& zOMeT6|G9YLA7&BV$(3{t373HgqcHfX*aV?k(CWX*;m{Khq20}|kblN#xntS}&CA+h zDj-b3FsNl|^)cpJFeyDZ5F&9fk;*{X&3t`pfY)&BwC7Cw8MmZc&!LqhJ-;XZ;&Y4y z{`IE=|IunOR^po_=96!YDv6OMXCyI5_)|<4NPizNLEe?oH2po^ZoKvu68V2SwrpzQ zEi>!D?Mb3l5_zSFC*ydG$Gny7)2`f8gLY0fggAtk0NnKbwJz@ojYV-gP)3Jr+&w`0 z9FXR7f&$hw?;DUTSdk7kL(n2`xzRL*qV*8&6sV+jP+b|ezqv$;?JpP0i5$L;&{gd7 z2MwO>tO=f}3nVszKy>?8s{xi!X8cT0^L~q!&6HwyvBMW{Rcc|hpnvq$aL7whdx-Pz zEaBPErjsQK@9UaAhFHQuYd#Ac2-(oMM>bHam!m6~4rZ_cOv>>pp3cA6iBr#cD8esizq>b{ESll$AN7h$ypgYhOk12F#g-awz=qTyd!C``BV|Ps3oH&rO(q&enJ(`yE}W4500e*pjU3Qc9K@JjV(7nBDc}|pjk6tt-QU)!-R;8$5Mg!XpndCrtrSN}ca^ zNKnE3g=*=8C;Q&8c2BnRf}fr008J!R9I>+$_LSZR&f5mh1%Jg7-ck~sEaK7*8*=(g zcp{@mKquaD={NA+n;XzuYtS3mi8ipLi)kzZE`cz34C!%1b|)yc*(>KF7}R!vlx~ zNkK$(k#v-Mc3YZUGedy^kbX40I_DO&ZZJGJ*h(N16b_zPMtW?CXP9w9Fjy+h9ad-+ zEO#6~i_)$`oRLp*z+7NMX$P-n;=rLUQUkb&$ zi6v*0g)n|}W2~VXsDTSO^uhJsL2k12rj^*h4i{xo9>V;Pl2 z3109!za-Sq6e#JaQrF6ttekBsGzdV`67Y?Z3I>OkE(z?U?CM0_Qq?Auxd2i=BWYOa zwr6d=jLKIq8h=?952Z#qpQJLeA9!t@>M6&eo1bSz%IHCxda3!Ispm;Oh}vLmy~=O% zg{?f-?7hGju5TRZK-#b@jHJa`NU*0>G2Jugf1U2_BJiEz)21&@fu`x)V0KD;4;D z^p>2<5`dfh)5kCIlRfp9Uo(@2yk9!|V&zj};2RZiApN5xo0uuo2~e#aj4=p7>Q2oG zPQoY@lwV}H+K;njEgF;+foq&k(|r`${w@X?M^qr{*WTMo@VlxYZZLKb$jEd)BLU@c$D>noQ&uk7Vw4s90q%+(^ zqp{nqvy{Gbwn?nw#S3GKYn_(zZIk%c6OF$m0?MA=?c|?}`Ezl|Rg_~(=~n=Ihhx5& zoZuP<9+Y%!AciF|24QsjA1fWI<)yO+x-7IlO8jAC+(|IWV-QN*9RXj<{KgDl;;fIKt>NOqS zGjt`~DxPDF|7kf0TMwsPK>)p=fvD7{+;?kmOWmok+25);&tEr7Aa0N}8?3`b5+`H) z9MwiAM6`n*H3hFHYuj;xjb9vxQ^!#z|_4I0|0bD}h+FH7Kk=ge6 zW?|vWL%Ls}C>X(;G2e+59eg%3xp`(d!p8vb3Gslus!ID@#%Rx=6Ik^XRydps8n^1^ zeSWi9?x`3y*F{tH37w+JK3TUKU|CHMhxWa^X87y-2jVQ?G!O@4zSA#{0bQLFBp`|K zM8#zi$qpw45Az3yw(<5~hR@8wwg*`UE)e-L$%o=)kvdI%+dXUUY}Hu+`M%b2*b4TD zYwi-Ud3yDsSBDnt7NXvxfwe0%SWJzjdg)tmqwde5UG`W$)%vf-1ust*3SQDpmH?fFY!pO|ABVyN%j%oJ}zeScC65P8OOFVZKp&JO%9On?F4Tm@X zm6qY3O$*~0TWL)=mN8f>Ugy0I>JX{@EZemkJ8Z|%rh9RPzA#))8iIIhxo*a?Rte>w zsMkYteiUfFZ-2B8oSYH7O6KMXLhk|w46cmM(-YhOu(EVGT_^Ue@Sp8ElYHXw$-$2U zPR-fzvPj*s0o6Z7+0!Wi8rC=P!4EgLLr)-6C+|@C2;~)`m+Tc;WW(8$W8a>fndn&} zI)Gh~-tbkm!y8p?<%H|uUeyVUU|{WOCly^rZ8_l#=!Rp#QeJyZIYsqSy|87wWOhEveI8W;W>VvZDC~zN-_K*Y-CdH37JJj&sa}s~ zG#h=~0z^^Aw#(prJOO7etyVzUH8BIQu%2K^$(xzUZ*o>X(PQAwXXGP0`c4RC&S=m- zC>)sliY|dnJGlJs=|5J_o|C-ciiGj`U8dEhN*&v?cdA$o;s_`p+r&*SaTYySp211< zqtm8Px_={LnBmedtUc(Uto^vQS2S*cv+P|w!8PE_7f@U#ur#|6Tr4~~XBV*iS~#*C zqF1Z8YKzM#L$eEJ-vH#2p_{zgGwA*0ia@D`a-kRDb~S1oNvq{BgT^Isk2KNZbLsG-11dZj^xd_db)r$_|3(ZlHzTE!HsUzwcZw!26ExZh9qT?jCxsSRijP!h=sjf5>0FyzR_}O_=?u-1=^R%z-|zB7<2Ij2{`t$hO9m^F$ED=-%jE-$+62ISly*D^&*!*i%(C? z)-FcL?s#=?Px16zmu9_}Ymkp-gMF9b0Y1`WN?q$#O{vq zT~GL#G>IH39B55E%Uz_X+1n+!@%iLY$c0ps^USgj{2#`V5 zksRMr68o`>nX)Hvo;Hnr);KwVeXB~n31HSIz&{Pv8qm3dP$9xQ`BVEmfdK#sot=hVV9w71n>8xz`Cr7gg|HbiO^ zEyxMW0>1@|(ru!F+S#5H$~bE}Frp>FVT}$;G-^Z3zPDMj<4?8AZA5GrPKPPW$ZCg0 zTo}xAPO`m5_ciN9_NvK;A@zq{PTFgy5Dy@Sa{sTV1wH(7)?rOVd}gNdLE%L!EsH5G zh~uupnx%q?;l<7_o=fv=JC(})M2Z;i?kQQA;JnJUY}dNWbD7~ek&bqY)(9>fSO=3q zn+VJcXLVP!8$bE|Aj1l!>o>Nz0gL>x=kRHcVis*RVU%oHMNOiKe15MP*xr^B7Z$p@ za-1toO)XV}LmjQada5C+iB4G{*?E*Sha1a&1Hj;zihF@>LeuCE{x$pDqgOwe5S9;w zX&`-V1{lXodQ}@}^7;ovm~uE93Q--Wn|y5T-E7x-|2EQ(O=25|60bQ8cpXPR1Z4TwGAP$W{J4ecD(duP> z91%gqXFx1my{Ssm z<88_61n_hVMo^tnNTof!5EQ=9S6PI+OOH#U(jMc85YIHw(g4K$9=Ak zt}cA|5^~kOcS;7#I2aTw89y>6e2&m84lu9F_md)2-r6NvnX&vqY9Bqntx8(CDvpCE zLr9Y_@7cwZy@^f9J=NZa_&QfdCkc({`BPoS%XGIIYxLfCZK#?sq057xwDjWBAD$^$ zC{I+KOY_$kHtXcMcT=@|H}qo0gwq5j%tgFGn%yo6t%KA8zYo?Lts%nZE5m{lhltWD z>r=p(L++)!O5OC@EQ^Bl%}kO77SohR3fKqE2{t%>1udBqi>HlaZb1|e>Nt=sM%#W8%qGW5*EDL~rg^TyYhz*I&g3QLVTZ*&?nrUC zrmXfQp0n-`D+Le%H-mvPdg&{#ZL@j6>X$h_y@66>e|w+L8Hbk&qRZz+93k#>w2YD& zZm}zF_(m**0%#vgg?*cMV&}oXg-VDD9Sd8;-&{&8}~13Mg&D+lamIKjO!yn3sg(Db~S`2Hzjb zhh{b7|3uDoJF5X<$EO0wRHQo_VJoKsi))k8Q)HQkt^-MEPmLuc{pkOZm|2kh`Gol9 z%h9O4s?l3_L;<6EZn)@3yE*|NPkei8jGmGhN%g;?oh}LTd<>q&8u$}gc|s^MJvkPI zu)hgF=WT@AeAu(QeFrLg2|1F-^jPz4gw$j37_Y_e=$nfl9R45!>@gat2y>qznr?1v z%_U2Tk#-vN!QEg6!mN5FX~KVb8WXJcdU=LtI-Sc*;>)3azjI3NGjPYd+M$r8+*gPr z<06q2Hk^(elk{T{uP^dGy*4_iQ*jy!m|d41EbOu?4P;C&L|wb%vKtJUi4vy2{n>6| z;lAdaoWfnO(lReQ4;_xVw)bwY;j=4k3vC!LlUfJ$U-$iH+chJFFg4{8MZUr1UQP78 zfbnCHk)^4D87qri{vz@N>6;XGfqvATeV+b7p8vQ2<0vd0fhZG^VfwLw+Bp)arvUG! zVm

#p8!y=e%VSEz5A1!{}AOuQ0US)*&9cEQaDFTK4dXv*Ss2JHEZmqF*js$nh!g z7(PsTXuHQ67S_@q_Z*)uCN6R;d{j;IJ4VvHGM16B>XM=jEF?5eHM4mdr{asBpRXTD z-^GxJxM7R1ouXq#q|^xLGIbCUq(55SXt?xM33H$-@wfl^{X<6I_pCysXP#LpuhxhR zo^%;aF?uNv;)&ky(2Ff<{K}6w{cymn$bDnuNKiS@#<&?6elVBqC{bbw(29dI_9F@R zU|=cxcNhVVYnu2gxNRKb52_ym(j7}$7px`TQ^QsHCkM9oxDa?B7J<#xOKcVI+W9hU ze8-_dm?jN-7W^L4IjFt;pNggR^8T%+@utFqo(7y{VaOFsuU<>q{|-IOTka!)rPCoI zkt^(-YD4E3coMQ|@J;GGd{0n*! zxwy=q?<3)U7VsR^;NT)nPdpFb`Wx2=(GRHE83by29O-%2^d?LAeEi;;ncvg=M=d!{ zQ(5koaBcsL5*Z9)d1= z(}}O&GCvN~-p!C4*%;RdGE-*0RmlKfW!zfl%Uq|4>6hEauJY)E+hV^aE;e2EV2xJi zJ{{5w3ps2rj>EQ8i$>dp!De@!{aNJxI{Z@OrL8uoO&``;SD2tcH+@vtZA#ZMWV6vq=&r;om~9#2cM?*N|YfX zDc%r#TYK`?;9&FJ8_QG7Mwy<^0bNwCaWH)7Kdw#@*kEch!2kAnD2~KGvQ=R}sTIDu z8uE?3d*5_1`i;P37kXVu$zN>W^bmIKfTkXP#u(fgYjfsn&%)d@7AueEIz9QYigh^f z^f{PvOBDAo#Jyjixs*|dfp+EhYQh}Nq;BQ5ue~nvHVvo5M-!0CmHn{=F7z(6_9qk% z`|AW#-FWN&_$(au@|r+XR|oMgh!>omy%MMBsa_9KU_{730g!3FWtoprh>XqV0Wjb z+_-do-4VSP;rg9C^1CYL9#N9YjB*%&H$b48wNjVLxzAdRz7IIW_%CbWp$$m^p*USt zKh*t}YiR0@u$aF#zkao%LWmIO@vfFZQPknl?14^%J_3Ei;*MWhrhCgbq&qH&PNs83EiZkbbD&k2@2Mq`!nf$? zJPl=p{Y%9enL`+)m<)Jy{JAJ%Wn8~~iVEINZ74IU>pwhr*tBkI-QD#cc3GvEJhj^3 zUC?J~oZaU15h7N|?|NOD<6ZrNqPVyFss2mC0y%rZQ}2*7b4~Bm5lYcqRr&4j{gbpo z+czkRo#V!zZ(?o%gy|IH=q`4;{Y||{W+0+jRcd& z)BjldMpEhEUV`3sXzDW<*wqrB2z7N^NHRoz{~EkPat0(sB&Sz^m%}@3y2hN{yNMXY zKx0oSMV>{Qw*bUAM|UDuC1xhn+7rHoNT1Tgf0CjP4X|{nZb5~;Av`jc28i;K*lCx+ zv0NDb=Ga(@#x8D)&p6bO+N>nDA%?_v2E_xBUU>BJrOs4eS+n1SU*%Xb=_$`qcfj}n zE8S6|Nk#T08FFB?AcHKOUH{sqX(QRAgwT(Xl8A23VyaoWt zqeTKIZ!VwdV^11FfP)K<^gBTLUDn{{T-ER?!dbuGZUfkV zkvQW>=vf;+k*wiW71WZJIkq1%bP?a2Av|b{1;KU89V7mnM+s*pYm|?F4wH9&yE4fp z&))VZKoctVwq53~CvU3(PIE3@>I@0+n@3PlO2%8oNxp7hR8%1G;03X#XqrH-d1J*# z?_ax;pd1dens!t7>Z?z)ko@#=UHiSvq?jAqFAVO_JvnBa&~kiKC7QSI?hOmKSN9L5 z{h4OuYfPaw1*PSI8ZQ0p4tUa=kzW=jF9GHo|0zWieCV&d!9Rd%F^}x2ty@Nfl54%) zK;KgF98FcNOy!!fcW`K8SbV1p3T+X@<0vG;8PY{)CdkTLAN_pnMb-A^^2?0d_>PuI zU1W>R)|t-iJ7SU%@g~_&l%%p2XZ-pO+)la7y*eQ-o%zb;TQ~kZP3I(N+E*Ce-bSDK zNLvb75G-2!`v!dd=cM<2ZC|`7`59bVaID0^cu7a${C%Z9>1N*6}@Z^bc^$>cIFmHJ}_FfpH0dc+h*```U|`HCJ$eu;mC(9Wn~(-F@dP9la#bewn5O|XFu6qM>@Ky>DS7_F5)u;qCsInqBDpB;5y_OEYH3mVX-0Sr zdZ~-w-fFjlme0t>c+sbq=R|I|@_MtiDd_0y2ajfcv5ej+IMa?1-HMFXj@15r%r#&_bpC;s2G- zhB&ELl*ligFQ2$DLxXY zcuzaMCQUV1k<#?%*2&$g<5ON8fjQFr-E-idE^FYhoHx@io}e61R(TelD)R4^e6?}g z#|*U1{xk0X!kyUJJ*9LjX#R59NN^Kj)mr;E*85W8Oc4`*w1o)F2Sw#T8dk~w`xnF} zHiTVkU}+hBsP$gW<|k;MW_%kS9=2Eixv88RFm$dsmjBT83!(Umk{A2QZq2SnWqcdN z1HxlUzAUg3y>ek*-1R2<-jz_%2p2NWdHiEfdmtMojE7^W3L<6hfkH~?rhx3Vp?;G^ zw~wQYnha=^xJ8IB_(C2V^tVbx@1jgsz)@VM!j2U(kHD5_bf~*zC~VIFguK$qEgsS^ zG7XI|PKbE25Jn|h-%i0CjTmI9jZ}-0=yDar&9G%E=IG~0z`N%PibffJbV9C>cm#w) zbru{@GAykDf{a8*DlO8z5qw$EQ-sf|qe#nVjDUTTH2@*I7BKv6FmlsPh-?uLH?!BZ z%u;Y*Zex^*|0vxU-~iFX7sh9?IzN;v~?`7_Jc z5T*B7vTh>vD}#t#dYHt+@Mybxq>oGVD>c{Gc)c&ULhVXy)F)tnGoX}5CM>%Bn*xXZ%S=;q5C z8+H`I=iRZpxV~ifi4*rmw&tfxv1FkR_7qovUmDL!8?&rZlz8z3amZ?LMyrrCNcp$G zzB;9|TQ^)%EV2Mw|MqI1%O-T$VjX%(jI8uY(t!HuM9I9C8)!^T*5F)UnR+U*9<9iC zAh+3-_n|GCkLDLYl!&8!O`9D{P6%4}lDS6&hXTSK15%#>Np*0lFo<1l#@S&Wi?5$& z;j1o#;sMHgC&il|I-UonskHmPPDZLl@JsI`wJ&_z{GV}ISM3R94{De@kGVuN9;g%> zaBoC55>v>FhHhx(r=yK?PlQSO zHLk$3cE9@WPA*qYKky@-1G8DBA9t@k;(Yqcbg>0~EiE=Gn3SeqfWjg-m?ovKztcck zjN>&WH=Ska+I>K{ZmHys;GFp`i4$hputQshr^{JbwtS=27HnO0LT{EOw+E zP-SQ>=lc~s{^?lJn?H+VO;;R?dMc4X~uHZS6alTo6a#>JCv{y4{Mh)u(!I3GgOTEkS?>DsTIB;n} z)_Vo#4^eX*nJGLaF9>h<&(C{J9IH#W%QL!FLvQ^eL1R{lktosTy6A%_QFL^5C#Gf5 zUZR{2js&UIv#0KFc`^Oqoy*xDbbrrv_g&(ULW+prZat9kwM6H5;oprV-ix5bCxlwg~>ze4X) zs-(+p)r+s>SVZO-IX>=ANC_rg6YmMX9G-`hKL=z9@s`M0P7q!$XcUGZlRPw6{8-xt^0G?LsobyzoIsguZ^Jj75n?Ocx%Vi^b z6c6KQCL=+l(eYQC>`fvzj=VytYSlX4Q(x1Vx;5q&-!E4pQYrKPsgMz3E}TSV+ag)w zMAQYIKl{JNurJ&QaI!G_od;dO!LIUiPE0wVxu4NZfW952g~TGZWs&f)BXhC-=ei<* zzVa1m%eCW*qu=AukzL>dPQWoRjL7^*g+O8!w!_r+Pa}Xq2s`sqi#7Ecwe+Sw^^(+TtNdrv zKii1uQBFRgpX3~0ZvwTP45kxoxdpUKj6^9gjG6Va=;)1D?Yj>GV4TbB(0aFQfS-v0 z&OS18WCXy@bExzh87v9G4M+L0D#4EdX{6a-yGWbG?K)4TC1u?(Sj-zjk3X0lT>qD{#j<5%lo3DcpsIK7gfHg_xF9If?6(ggMnofwW@HW}_-mn#lqW-i7N@Aoui|@=cvq%wlWC5>`yZQM zj?0w7FKbHknWS?R!|z1zzaXugSwtKZkJZoM;fuxwey{8|$fY+!4PQ7b7RI&b$%19y zX!d_c(jryHTx3O*J183RI+Mij(@(i*oQL$)ErY!dd-*C19<^snB5Vs{xjL~1vQ`k03UusA{>r^ z9Zi`jn>QK=sIO(;@&*TfNnd(wEMK0&wG|hQLl`X9@;~79EeUKoK~3iCm$WO=@4sSl z?xLRWv~wK4jX{M^cnTk>?m5w22>oPqg z+zhOA`#XSsZNH%Wx=NZ7Y1Fleu2r%kCdT15dBb87puBv?*H@g;0K_r8{o{8z!5q>b zocnon9j7%%+e19UiZ?cbut_#Hfrm(f&Q+hUc!LX9_P2N_K1()y?v{gU;v9TYf2#%G z^CWxHacFSgL{Z%LPwTJ*aUr@|FL^lH!1cwyrsEzXTrZb^=~7cej*`s3pQK5*M~D1+ zDRZR-%xk!AQ`i4X<29A>E_=0QOWf`MD+n}D5PU!4@D|;wKLMs#0+)J-&QN~-4gZU~ z|8BDd9}#6NEd8JH@iYl;&%(F;)ji`(y^j0HXB4aWvoQGoqXdMTUk~M-=W7o;ZhSaI z0)M5t_(#9E4X#JZ=;`ZAianNXIQ;(678KYr7i~^$RTP%J*pJFjY<*XV3^vBCYi*n{ zx(V9Fch#dg9QlGcS9S`XdM_d(#w-yuJb&q89R_rSiUvD0;nc$-;mYCsYxF>VTZL`S zCR6Xi2x+G%DuV{J@E%%)kBQLkU>I7SM=yGI%Gh`M+%A#Zj2-;XKzs)mz|ufBc(3vX z(ELRhk2|agy9f5a2^c(Gm3?_8Vv&343iU6AMba5jS`v(??!5+dC)iHyy=yk-5;V8o zl3WPx<<>V%<}dGp7y{_UmmBA{*4*;P8DM3(cbrw7-%`pb9wqgam}CAcVOL<;Ob+q( z&3P4)H^W_`hab~l+-X%U(_-q}>o(DFe@TQ(-`1x49v|D6(t`NRhE=y0oa zY)OB28F`ejeWR`}jF>N_4T}A7tIWz_^LHvty9T$qPe5(HOcthP#;vaGpw8c^FXaXH z-qnLc|J!V^m1OVvmP!5h@l@n|AW{6kyP!v}TwC)U&#PeyrFoH;2jPa2nh`xwIWYdB zklJ|MJkXRLgXGQ7%d4>9BOqS4GYDHbCu)uosWLJv<6|LrjIMCIgVbiFq1)c%bL#!k zV31sN5tv11r@m+qJ<{rw;y(Hn_3)`_l0!3vTguQs=lAa-;;|z01sJnd4|pkcZ??K6 zjQvuvFJ};czFSCt5(-5~2|b8WHH1FPa*laFt9!b_Ma{70OJKN@MRYi&p;b!OO1DJH z6ZNmSgoGYTnOP9`;cUoGs?p(eL_<0sGkOT(1I<)HlP%m=hz1kB2AM@P=Df?8*>}*9 zU;<=XYWnpoTpFdGO^uxQG>nCkloZzuH?@OvvxIm}m1zq{vvxicT5beS>9K#%}ZBI^SO|~JwB#zOx9tg5E z#>HzzO%Tj5(dT!&`OS^=j#2}d^-Ct1Fda5{zmv4#h|=eV$LFiQMrcnHscIC$_aY+) zeagprFa2lzk(>E1>UKcEZJl(P@9|Ekx2HhJCGgzXi0fFN6>)LsZ+j@0pQz*RvWHss zh!2F!$qQG}jlXoRW!QTRiI3-`%w)zy4x}Nq2hjeDBelNmv}$7@ugy641jCZ49pRS& ztIrK7Zw>IHlwPFKvq(xxnzJp($lNhI#wt&MC2WVO?pf^k@OS%EoH&7Q3M+wOv7NXHWVD zDql?Sa!-SoW&7cLft@MJ*Z1}&y5l1eK2zH9rAwH9{KQ4PevOQ52Lp?sYU2-T>C>BK zNN$oLz;c>gc%sx1o-fW#Zm_Xkmb? zo_2>#{=R?Fg^N4qv}7gEFB};MS(09q1uJfm#29&wGX#nmPjS{U+aI+&w2}wffUInW zV-Tf%L&u4s4y|WFy23ufVK!as89g{RP85}fSfYty^}Dn#8>r3*D2a>2&%mnO0}9#3 zQ@@~eA$C(*KVrE%*7MU&Ki|!8|AOiu*oedvs_(QKY7GA=;`HE2yc|@oj;l+y2yHm9 z;xoSLC?%tgb$fX`6q!YP0Y=^1^!Z%b6$Ta|zMbP-v(3+DZolfh4%Wb`lJFyJL-Jal zUZ7Q*Q@t4y$e8UK1C*uHW$l0y&_*?c9QXvr53Da_?&m6T+_n8PWR`I!PbO%1% zBpJp~0P zP?5Ko9x7dZ)92>w8K@qdD(S{571zbJdO!OzZMe^8RKKF4In0t_1>b0%9O^`NZG%cY z&|G3*Yh0FT2Rde1M6%-_uro^g0ptGkAINq+YIb2NK*2`{>gvYOVo!G_0`e~cY{Z2m z``5STy5rvHA@#K)C+>Z`ui5Xzp@9b3OFe(vH4jAi;5E^wfg<^CG*rz;V!q>kEWg5u z>@d!6e$t@bTJ-q%m-G{#i=6e_$yBsUZJ3Yn3180*1#sMwvwd)g-*863XwghsEOl#_ z5&e3fCyXK0nz@hVcqoW>7JvVFcgOPdlhDj1!PQF-oL`n{?~^ECMFC3bA$JW&W5Sbj zX!`q`i=e7(DJ-!G)@A#72_ML(tk%4dpx zZ`gRrHFDXsBx9e>UhA!4%AGDt-muxEJ8dmyVmG428t$YH>|t}?QF;A0A=vj`QejKl z{@HhrGsUP=K2mcNSG{aBT4Fh&6+CP7gdnf&yuDB_frDxl6xmV~u|?u|Do9DH6>dhe zy=I^qyM=6#q8QyLZZS{4I;6i^cEhtzdhM|X5bv!W*n8pA)1R}7)a@a>ZhR``sX}y9 zA5hw+w^~H#P5ZF@zL1;FDjKJ1Cni{OD%z~dA&7?AqvJe=2u!tEH+(%Y9*05p0u`kO zi)W~Gft(UXA}hj#G;BMLM@Rd{G}|Z#a&9+j`s%B?=YdFL@eH3#+K}m$f^Q=(UBTWP zsNKx_ZTdg#)%Rtu#71j04wqin?)x;MW4*tM>w8yKGC@=*-E{h_e=z3)#$+*~3Qg@g zA%yxYX%43CCbZH@wV$U;tpyok)wOan2FvOe(w<-Qf>ut2!Db?u=Gn4wLHkX0yNlHi z#qJAakC>QI5E4zu-Y@pixs_TvdPSv}qj*&EXI=pJ$zy>q3ToTDlI0dq&G$de&*?yr zGt9TaU4G0(TTaUd^U8Ls4j+qyPoLKApo`&YpOY76>gl$x`z?R)s?CAq-x)=Vd*3`< zeeu1}0{LUl-L~?XxN-${-h=sj$r%wpx{uXVRr>aGcC_lt8HToaB4jO)sA>yUp%m26 zsU%JI@>;b@ za?Wi3Tzq=KN6}6g_9SNU#dX!YefIL4HFz6H(t_ZoLD!1*{eh?n#y2{;!k4O309oLtUKF zl;C>itVJf9^oL(JMg0f+RI(z@sFYMIlnqci6ntMF4ZBcW@^M|qSuVDT*gIzzDEi+} zZAuDLjmSBgp3^pb?&<9g<&XCcTHJT7WV>puurVu1sb$!FK(07f4uIA(DckdAblKE6 zYKl5Icmz4#e$(&f&URlp$Nq!<*BO8NP?-77R9;tLQ822R_^x!J$<_T$Ks&=_8%eR= zrK%zxv6m@a8)=I8WAjU$#7B1-xs@F7_gQ}D@C(|cbOz5rVU^!Sk9T_S#P~?J-S#>Z z)$xx)E#DT=UT;%)Z=z}Xrt>$ux@HlrXt+(9GO$+YC$5l2q< z-ea67ms2VhVw^FgHdxr_6ql7U`gi_ zzYPb81~6w~MZVR_^OYYrw=mHhX)U3j}izPk*X~ww&N_5|rl+mNp5iE!nnf(RiM{({(?J z7vm%Qa>kg_SDiz9O52tMW#nBID54JSFm~;zj8r^%-FtTWmp4B}t!nAApv!r5djWa% zoo9R_@aXZ7(t_aU<%Qu|aunrwL|)5*(`668`o1gbG z-7u3$w|LrjowKsPLoJ(ZbVr-t76v0LyW^XF==s+){aRqD8}8qEc7J`MmeU%O%<3}l z^X)sz0#-?%=A@T-!`j?w7yh6s^-0qyPL?HyHZfjk$>fq1d|fG5IOJcz=CClc)AX}* zi`dw2rqx`0@BIBT!$&py2Z6@*m~cv|i!^ha>lYsCc(VNZl277Gf3aH2^qr=A^_@j5 z@z3p-oS=L(*%M+{LBD)C^(56kaGm_rKJLpU3y;|~X}(ARd}#LUbnxqyd}L->Rx;^P z_m#EhK2q^XbjbWztmiv^tBhw;qT>_4ksqpzzBJZLzY49dNL_I9d!;tpb$$C$%q$Ze zs)z`elkW=UbsPFoc0|Sght?E>(z5cSf^q^3Sb_WMMG5X^(?ezK{sW85*xx&km)A=3 zSt8Dly(~S>dEb#qv$to$FR@qfL!PvFEB~83YIJTE)0sO=ZCZ8$OWLn`hHieosqa_J z&m{kw*}t6=O-FY;*|@PUWaey|J+=60;1~Kcc6?O~j2?$uZfo=?U(w__nX~EOm>o5F zW1jS`mzL5Ihb-uyINr?5%X3=0-^eJ;QB_Yh%J;*-{)cM&&6(x0a_M;A#CvWxcaCUk zXcJD@Nqb)$Mk>`PsOx}?f) zg z00;hWT~M;|D#sz`Miw!QH~`0l-iM{rP*_#9)w<%H(4h+cqow`dBRCgP&+%SRU@0@W z#j@|eA?q;ME>0^5Ik0cuThXAH4XeK)tGtmer^C(e7%(Uoc%vpJx%aOJ9#)?zSuP1KySf2M+x#s|7q3>>oQ;{ z!=_xn5yUNv?+ltIh2yFwsqV(~m3-$3qQKHxUHvRohG)FkA!OBKq zWeMfWb+5BJA>Ee0YhoBWpF92iD9vNzHyCJh~NyFilk zk-H6vVj7%{zj&b^PPDao>*G^=pRsR@iReb56GJ32qz8&JD+-*j=Kvm_>YRZlMP@ZB zAYu;i7$&`vXVCLChpVz*p6@Y;62G5gCYJvn8gln&lkr;DK9>$M^?l85_nF;gd`eKw zy$B8H~V|x4-*e4kxoS4J|xx(%OS#a ztEu<`dX1WgcS;|bm4FV&IeR!i?DJa=sqIK|JLoHlC@gC>`p}XtM#eaZOR{XllL4>V z1X@v}o9xws?{Isxb_q}r^62IyO)Ww}`|3Ah<|CNdx+Udxg7te?I6AuU~cGUdl@ z{&cTym~~u!jjl5)8No`3Cc{pDe_X|#+Kn~i0YVlml!FHTnk^x(2J=; zRpSi%lxp6Ef6~e{B#qRSR?8U3L(wabw(0!R-T# zHTr56Xd5o2J{pHOK>#@LmSO9GUe2Lke!LG+s|t`R5QL6zH46ptKqh62TgoxqjEGwP z<&z{i%pXN+g6`Oj<;(Z}eG>Ckjx<`nLc5Y6e@>xnZ%k2FUILS{_1dc?j;WqRIb)oJ zio8ygPHqCm3ReiJkZ6pvzkOX3M<&)e$qa(k;8e?Kv1uHhOV{o}JBXTA6q5!yjLPXDP6yn3>>L9CbEg=cnZeS zCh^GL`=S4wVpGL+8MJ*C1>>h(+Z^{tWf6qNkm2zAOWwiAMMc@fZ%eN1GdChL{3sA z!eHRV2lM*Y;Dotx{7^v0Qelf=yOI0f_g$@KF5{pLn~L#!WS1X9li(BiMXvZ4qaH7d z@+b~CRXq4Rc;u27neJxWu76kU!x7h2xLebQG3xA=yE9I%1TOh1TRrPhN!`nbEW4KQ znW_e+FKKwAveV-4E{N6y;YWP+Y7;<+0+sEcA?<~w73rUtW(}Bp;hg%VB{ecw@NIR8 z6yI`pGK0m(^-!g`=Z~@}xM~lF%wmVe3@_3j0ZLPgVlF!17jfnMO7#zXeaS9gzSe(K z$}||{q&{uOmX2;5pEsQO?$?XNdd07nHC#>rDFGJp zQ^!v*=&F0=rCVn?A+EHyz$R-L4O;;af8>d@rTjobG=h?B@F3(%{Me3)wjMpayy&BQ z_DE8y4v&kK>|SKjFcifkvGmoCwN8y@jwSj|FsZP8)fp0O;fV(}`Wau`gU&-a(;@yf z%>`vzJA&ccQJiX%cT4rG*ZBII*-{#qTfYo(|O!GSu@%Cl^ zC&kl05B0=8h3jEY^ae1}M8P0lzM;!BJA;Hys9(sRKlz+ z?&1Irb}PZ5p{lj*cKZvkGt!%mepc9c(FX`>5=w&F1E82iZ11@fe|ju{E#qBBCQBLd z^R>P3is;K@^e_UD4;rG)t>qWYXeWxz z9Cz7??Y}gGxVs%HY(dG6*#r9|&IKlIsx~!x*Wm2MXU8TvLKtkkXSbia+ZkweAa%*& z1;zYDczPbR z!LxJZOWhH>wIbGSB4Tvj{eaTnGzPN) z-PS&R0`H5u`vw~lBP^01sC|Q<&RqCE!(bO954%^?mbAvk)=5*+m~(^y9Z}eSVb&{~79<=wxrS^Z#E_0V5ay diff --git a/docs/extend/images/authz_deny.png b/docs/extend/images/authz_deny.png deleted file mode 100644 index fa4a48584abb3db280b8226d18888cb0539de89d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 27099 zcmdSBbySsY*Dnf)5~8$(2q@hlA|NS9OM`Tygn}SQH&QM-Rir~Y1VN-Fln`m8B_*Xh z_Po{i+k1awpYz`y`w4>|{)(SmnBm_`vP$p%`-!N8Fx9lYaf;>N>#OjT;s1Lx zpD;Aij7t}k<^H~tPiU0qzn?H4W4u7EAvq-JEXGqk>Gi z80oWdry&CguGZU=9&|Q?1@>}#Eo4UJn`31bFJBtT>(^}eDrlWvy=|))!rnq0)XyxV z#^yfhxo7oI=l#R`) z?Q5OqQKswG{N}J(#MdY~ndle|sWyh7U|Z2E$(U+M4Nq8->25k+U*8!r>iF^gk--?F zax(is{sU)wh4z*t!Dr@;e&^*vC^rS(87+K!>m>T|*}`QjuL*%nbHTg1a*WjRn8Wo= zWjY>LLPL9)(!XCwHuYiDHb(!WgPf^pdgtp~3ew?JEU$PiaG%WQCb|V(zJ}?Y z%kfh!ynnvoSW?pGgpE&M@-1tQn&kaqg+nZS>R1}DeTg8;v8qzxgV~tF{&#|c2Qh#Feh32>)UpQAunIX$j7lRR*`Y)mte)jbLcG{N6trxoib-BB*ddA zZpyEYR5%GJ+i<eGv#=TI>R^!uR?-PY7+XV6U;q3cY^EtGN4WB4W4;CBQ9h_{XoH=eh ztFLn1%Jx`q#B%suyN5d{-It@x^#YfaD6`&m>*3y%!@;J7>)yEYd7IT=M#et;E$=1` z?yB0w1c`ZGG>Pf$zE3SMExNbhRo3>?6_-FIR)da!hNf6b>g@hoALX|;p#k}hj zsJlh>lG>gItLLgQ#3d$LzVKctZF3x6`SCvg@sBc{jcUim^v~N%104=GEp)4%rp-O% z3Ob=Oq3ww0P^aKEe~Kq&(N1#h8yS}J+;_q_HQ)ZB^_tZWqZ$XBb50+}Ix3ADF=EPR zHr9WB&VyS}+0UjB&(3N$Q8RLFLHaVa@H<;rmtK>6K5Eh@Ap6-XU;uLvjtx8giyf;%WV|V4p z3=s!GOO^eM^gyk<^YZnZmfvZ2PWC4ApDlb_SjK^*s)5XVXdyn+3}WE z(iIL}?Slv!u?dH6*imk9_XgT%ybJO)^B;a3{rm>&La&TVK+DSpWwDdYzU|D&a4Ny{ zy5miS1hFIk&2M*pmkSIO8R#v%3|fAa;+Z{Ippy}ZPh%U`Qlq^;J(WwvY@E7Nu@#U$ zQf?JfwD7AZqmWlZ?kL*(bSp(`e`z3}tp>X@Swt_6U8mQflC4#%P}j^VQdW>8+n}Lchp?sL2MlR508JOpRC}c z@J065#>wDF24P@VWQ#Mw>x2Ki54K z#z)_hdc1t&dqhX{>b+`}&aK+C_k41;OAsFCS~q>vboYm`W5_AS0hC-)k{knEQr67R z{=O_Xj~BY$eFza^WL*+!%xo(9al#*-E;20(R$dKc-^8SzQQko%gAt~(vC|rUn`EQZvXD#_9ETz zLZ$O>!)x=0JIh+b;>yu_lcA(+x;my|{p-z#uWmPvOuxGM$T3p4!g|q3pP1UlwsO+z z)5rcc*gV*S>$Jnu{uQiS36YVh- zG3~JM*4a8Cj_rXwlp#!;p8}@iKfcYtiT4x39;AE!sM|Jc`&ULpJG=@PoiysZO+;Fe zv)WO7{fY3$lMal}F_DC+n$};w3o&`@ENMP*wZ7ZH-5S%-Z~>n{Saz(%z=TnTaLUAj zj9Dhw^;fchebZ*3Z_uaVak#&WYpa_+^(}q==cuWS9p>6eS1*1}4WjWHW}x477lo6$ zxz#PEx5mBFK!XZNRg7W%T3CE^!Q*pZZP!@Gqua)QJt3bOroJ+J?KggD!#)iCBoV*y zeyFYLKwY}VQoQuZ=!g4PLz>&#^rX2-Sv3gAtz3y~NIKu%d5~({g~hmD_ChqQ9#DXK zwsHz*p`cn|j@o30Y$|~+ zDzAGaKRsWatr#+V77|W&ky)Pk9!lE;9oI&an?t88^YU`O5+_cz0exlN?sEr)k!1_0 zJnY`ujGr!k*c@ii`|xW*L2Z>!Im=#Q zs-gwDx1Wq;7A9;&Com{nxrXPt`|43L;kJ?cIF!A$XuKwqSj$5f=H<6Zb#r!N%C=_? zzMo%45=;g2&}-K+S*J*^_GAR{%Q;8zn13MUH6%^q5x;>ITlXnB_h5JPChuKwg< z*xJhCaGXEI$&Zs05iXTfpIBB+`RBhUI1*V~u2#GX_4iBWvx<(>I62%YeD=(gE6Dzt zkm)FTw(9j^swa;urjMchm3g0ec|uuNrVw&`w^1gox{FmW;_WQ}*FehzL%5Ouf-qmi zwL94|+Agw^8DvL=g=-mJ-tgj zLc@hV&u|f!qHo?(=J81h+oAE$o$qxP#qVoVevFTItLJ-vOzgbNJT?0UOifAH}tjQ$>^Zkpl^1>I*sRclu~zd%V`C)uJ8Iw zbh}p5=+?7ZQUe9o=-DVacZbk(g-!|Knk9k;8j$W~kJIhKGI? z^_O}R+k_5Zd|CSv%eNj6t1S2?@L&&$l|JZA(64b( zjhH9AY>^~jpB~GiF3o+&$Hkx6dV4jbXXeiDnv5gi!R7T{|L4th(sU8Ro52BP6T21n zy$|DA9;CMQFB$p9-+cHvXreAia2N+g&eK%Zzx?BU&UnY1$G0RwErG;UNhpt*dtMX@ zV$T9t#CEx+M^?Ytj45L-*UGl2?I#bdwB;~7H8h`K__XPH_b>}Pcw zMKJZ->L<;WH!kPet_o()u2s!kCbJQ1>lAS@KE#VpD?w{vK7WBIG1Kbhs>wLSjM{y93*9M|b*!-@mvc3Z3Q{hvqwMo5h68iSuK_GVR& zj~|#`!l#o$;cjGIE59l2n&=kLcyTFN-}ibf53QelOr_UyG8x|Ub&)B?`>$nxHob5X z+P~W)i7%3wqr)T5=XXnJ`*-Dpn}YF}KNmw$(P|~9kpr$~?YULG>=j>XI27k~ zziD4exo~(}i>=!&1`TJQ5$)cS!SFY?Y_j8Ge{17OU_>eS*r1|DpR)_%1fb9cZ<$a% zTN@LsEo?I1-tJR=qfRYHYmM`?nY`kDM`)CIFHXbv*1D9-ECcUUB>^7I^=Pv%3i2@G z1kj)t@dO&ZDUqU&T*55j3=>JyUhwy89tv9@P1g3$h!ig;h8i}am$*ashfiV$qZyrH zG_^GRWrICRKB52nqoiiyRpg0(m@DlFjtY;o`^EQOf1ivFL=+F3>>PX`AfQrr&{OtyoG#~qw_H8&yz8w;C*QI@f82?QG!({7#X!Mbj1EX z*$12cVCdF5+r<70CwWV3JPO`so2J>{q{>n*ht_6BamF<3_kvIBu<0xD59P(wPGXJ= zHIBbCrUhpIINDies`FxuIhOn^nx(dr6XqHB!n1+w`k^}=0ZQ~2$BFE&LcHnr&U&~x zcdpKJ;dPJF9VSKVL0?yQCIZy%MQO?j1-VH}#)i|Gv1)xY$A^+Mf7e7#4>KOf zPb)y2YWn}*2MOXsH-?P7;}(+LmD&@yxBx4~QwciAj#oQbOgD!(Y|Yxdl*X?2ft^Gy$L00sz)O8&4ZX)%fY{2+zuvHDkBtJ* zul3={X#Dh?X<)9*)XyNALC>F2GSoP_*M-M#a_D{NKcEux8ha$_wA5dEn6sFZ9PW>W zKWOE;G=!ZZ>gk5iSYasqyk@O<2_EAqES$*_HL_nHX%f7=Ml3geMX4g7_o&tBpbob!CPBl?IRJIVMv7!yhU{3EsY(v- zslB8@xz8uNuWh*fE(W?(WLV2ear2=gOLnc%=b6^9s}9r6I0uV4Dch4p2A^iTZcjRf ze11vJm>SJ|74D=Ke4qsmlV1enzQ*N7+`Ug(cS=k?J9?7~JWUn7Ov(3!<=y0((q5-ogh=+5 ztfJ!f9S&u5nF#8_K9&bXNkY%&QJ1F+jp!Pp85A@E@hCI^ZV#kM202pgJqpdK@%tIC z*3Ftz7Fc#BFh{|%W^yyG+VkkSE1+Zq)|ELfs^w}GzV29-2hKY?YF9tdmp9WEk?=VP z|I_}Pmq2agLAp8L=My_c(D17U`0wUYesO!tOR^S4_47HS-P)s!zkQiRJBURqo1xgg{nM_R4901+BFT2b5E$c zuT0k0?@USPQTzZ>>-g)tgmQ(&mq-aQ+2w)!oSfSG~dF3tTp@^oAbC+Lbt#!nhU4+_Z;DndM7@6X8@(w?mX}BjxNx7k2`HQUagss z|FG*dV`7z9{xB8?U#=Gse`pUgb-}1BF}bh!S5i*>VLk2+{M*bVS4mi@LqS>U9n!v9 zpqddlm0fmmu%CdsZEwO|dBSa(1f3!D!S~G}uS>E3YjFHMVSu0qircnH zW6qPFeprbH$5!s{`<5bYmV}!T-p7(OX^ynSjEdjeGLN?wk{cDe5%H7z(Dw=YAwg_A zkj!iEn{`c&c2{@shzwmiFXo$J;!^|N=qb7vO0qF^HIev`yrP^l;O1?dj zNAFwJ+gJRP-(~vgsV#W;i-^7DG7_y7eY&$W;1fDqNBtcHwYQfCDXtrQdOk3OhzSbS zTk~CgYpbJ`m1AAHZGFmOPd@(qbBIhnIsdl(c&9Ky8$H^78eh-52~!Qz$cBfp5JV!& zE0Z2uVb865GeZpBk3nixB=9_*e#zx1aHqq#{2uUD$LdRzd@8r?CdxNK`^tH4^wA+} zZm`Dn+3Id17LB&8z`_1ZM1?yPbB;ank%`b)RLtMnQQWk%JfsOHRui^ttWISc<+Ib{ zgB{(ZBcarzlSjRu4=LKQilmd)C_dN0wp$we_>8fN^5#R7QU>g~_%}y#pr|+{y8o_y zU{L4rV_ffGX$SN=~)Yvh^P2Eo<^ebEgHo zR4aRU818PT+9C8a^du)t6fHRU?@Vr*Hvd9XH{i~=9N!>xNxd9l_r{dpImr!-Gq>OZ zEcK*~<7cRSGM2~kV;R&YGh21uUC{}{Q12y|8-vAgT5`Ju7_$;b_kU<$?%~wT)96Wf z+D7sr3RHw8b<~aPiC6SWjD5Xq+BEVElD$t|MK(`1+Guu2(#E+4N2%#Nv@=c1Bcg;b zZ8|}f?R#P=9rOHQqfn40^Fs!dG5>{W(X!j8i55*L^ufE2x|2O$GUVX|%_Q=eZ8MY5 zsUDkP1`*!KcDW9BhN$3xLB?1_%=^@1yplW48q=u>6<1HR?D^eDDGe{7+MW9Gt;8@Qsq<<~&o!ReCg2UPVQO{sLClcnNEH=>o7EqvUA zeJiU^#AIr;ZQL{VxkaqVgn#icgw-~4JK(&~c&F0Hpu=3_xY#?sIUOo~wD-F*meSB` ze6))p?X0$c#OUz`Mlz_`5@#(hiL=jQ*sk(F{(drE7jD@bz>~I^(b~26%P>KE*3G;-&a;p@Zsv-B=+T7D7P+^fU1(Ir^m%&t)^rzDa#C`NL9!fd`O=#Yun8;l{5 zR9#rO#tjRciR0_DYt)yAO2@E7He@eVmZ+k%&5_gN0iviODV@+hv=1W+XsvkU+zo6u zx3XVUjzckazoei%iMdYOgne-^EwQ@Ul3+Ek$2fvoWZO|MOFpjr78l+nV;^JstWgY$ zfGWL|*PDq6*E=;-P9xCbNx47!^;|;5kDcc#;)W0Cv58`@tu)5`wf&!w zbzW|$-h0Va7YUossGjy!&n4=^VN;XlzJ+t+qYVLkA+GzB*U{>2GHveMz*nNX)Ta5E(u{SO zeNVY58>rd$dKjotT=mCgim!NEes?wO9(QUa_l>5BJkCs!q?k70bNr=JJ0IA+D}l1V zFw)7%E$F>kF;pJ&LzJ-nL&?IEZyTmB>^w{h2?NQV9{}OndDQT|du)hx^{43~m9#ooS9CdYF|yLV5$e*$uN`3H)IUxQZl?=>T7 z-|p+lD8`xMQf63_pQG^QI2V7FIZBfDu{26NkZaQT5}{pDVtb>s!5C^^i4M=4+rXbo z(__0w#*4Uhlq=i7xHca2Njo>it+bix`vk3+a;`D=KGJe8>3~r&@rdkF20k<4`)>hJ zSET!0Mqj9skX)w@F4=sM>bV||CwWydw`l}_nVnqKSQqEb@6|Wik^@(&xv5W0NM4c^ zfK{~=aj7Al^aOkIv{{l}@Mu%moUBKQ+gQTgY`%5$1g$0D{+@AA*M7-m=})_heKMaU zb$q!7pN^A0aQIEZo?&brnn1lZJ%f647@%U3aiJ@KVrGFf4}bzg#-FEfU|S;Zgm zjTNOr&@kl2g^BV+xQE|-c>42h?OCoyt{SUZD~c5WT%KXA8}u!?N{@2`o)J+;6SV#K z?!|^~iwv5e=+~0v%SPSE1EJCy8YAbx?W5qaJ!=yhvL#TkJrma9&D8`QW>tpI-Gcf_ zRzIu1|9LQl+c&mxW$$kFZhcjifM%VC>kE;jC8WBWuHd6L5fKr|E^T`8Y}cCy zzpu4Yi*aK;_~cUkC~26^5V0mk1bz<|zEPNzqDVSj*Y`>ET3x)_AmkI|z1B^FiIW+Q zs9rm*@6ji(c+E!1@I8pFu%Btw3SaAHWxA}?O~aN(pPVX8(v8{MAjoof)h!J@d*yG`u7_JWsR2g#+igB!%cNnB_pkl<*)ep&j+@MNcWK2E5GLZDv+}jb<#%R zJzT&eL>48AFnaLr1mL1-u(q1NH5(T31`jG5bs5zqP@!g^j^^89O~n?|CMn&I&a<^NR^rWCT-#XsPZr?+ z^@;!2AEeb0yE9O1B(@N{NbGHJsmNJJEm|4%%)XHF>Kyp}|D=Q+EM6*n)UHf3HwXO*Vu2b#|U7EB!jiC1oh za*F6kEjUJg_*dKy*}!Gr-;}ul{=P#94H+3zh4n!6`HNS^qMhjl`U`Z_`RyjCaPC=9 zAYqAy7Z9Ad7@ldMm?WUO`+KtZ3_vI&zVNz_Q|-ep%8fZYhZE=ug)SWfgWHmmXK z3VKFHd4#{xoryd`V$6KX zeyTcv`px&&#xX1gGv$aybX!KKv%NtId6#2~Pc6(`s9O<@7(^gHv%J0I91k71S3R23 z79g*aB5~*yD{*^jK?kWktwL7Mquqgxh0a$QadWUA=fG{Tmm?+v8M?kD?DC(g!-;8o zF~Kk3nIN~D8&E@o(EYJz-5>R_X3~KlMROVmz3qQ-kt|c(7lYTTm%i~`pB%T-%cvPB zwG5Jhc$=+P?S7?#O&7m5{;31}ZiHVuv|V$??hP_7-v^c>z+m;UJ4I}gr)#3ty`v{X zX6Icw$UwXR4dmVo*6$TWh#tzSh$;%I|G7Y8e=g7sc+2?BxsFc(ozV<0JDj*Vr9mml zq35Xx*{)@giZKF}V|x)^a1Ka1hS_yGP;9=d=OqrZt7Qh;54J(}<&*v>7x#VKjrfPq zuFRMEbKNxV7&o993_4G^$_PDQu~crKIT$R|%X(03h{z|bG7$m4WHIO?Ut=D-w^L7qh8nqr|NaGDv(c$dh2SJV?8HUeNQfd?$!SOS__pclUSw+4Jimi<-d{b8xx3 zHg5;soahZGC2Yr?3tar+b#f>Nno2LpQ3{6P3C$qmte8K{_}8TktQyKn4%i0 zTjmvCzIJxzEG-;0+R5vZfnPu2yeG3`m4_7>s_?^$c5u<*+Rz4Yu=LWzgHVQLp^*F*HI& z(R$uM1-J)lem1l1!+9ki`JT7f#ZU;<-oT$)SBm2;C})v>4(rZ~5hn+s8*ipHWH9}e z(P4=<2B+?FyBh!iDQb}Wzu3GF=CX$f(t#d|a5A(2e$C~Z_@j*+^e)$1%V3dC`Ct5# zi^G<|pyCNM%a?L}^^PQ?##cv#DEKK{IKl}ZcF{jcHu0yho(l;~>VJ)iKab{q_W|!V z#;h&;1>b_oEMX|0B(84=(yYXZ;CM2kzYf{#Rp7$$8hHpby!C6bS=Z}Z76286Rsi8T zQiA!j$5vGDyW&bE@Kk)k{&3sMJHs81ER;{=p_I&@ZGR6IAs67i*vs&W|H*6Nt$v_xy$24n zUyx`;92CKeUWV;@f`y8%cM&V*r<8b$4T?(Y1aoRs&5 z`ynsY50NzX%Iy1Z^5BCmEn}R=eFyc&Fa=!KNuiY(Wzk%vB!M)r0J7oQWq_QU2L@*b z?iKcT6JAG8oFE5LVb#Z|nJG)S11Fu8xENaZ63F(fJUpr(ENXWp^322wBaL`Vz-cM= z8{LBaY%6Tg3K^dS@b|Eq98gl zDICe^H8L08eSzyX3waptug3>l|LHQaAc$u{8lxBTRE@uSu{T?V9!=D^W&sf@1LbdK zZexGkc@igEt5h_Uuhh26VNPDefnC3<CpGp*zNbB(4BL+8pFasQY-s$t~g` z zo)>tnlX4l3g@!G*1K#)|c6OlL(dFf5bhDS z>y&Z{oNqx+?$dV@M*1|MmZfQD5H^-=VhNYC6Q{wDCaCV56~|1a(q`qOm$r* z>pbJtQ|F|lj1F`|g1+Kp=b31{IJE~0p#6c7XI4(u=S&y&3&0UlpvIqITKJiCG=V3? z2sf>Q`~^lm5;iN&m*BaZD_)|M$fC~ZX?t70k@*WvWA%0E$W}j6`w~%{IZLDZ?bvvA zYL(CuwTg?7-?$ zCws)-)IBG>J8Z@a$-G6_-{o3SJ2!maF#!5D?lYA-uW;YF@g2@!hKi}Zz5OPrkjsSh zv7I277w*V5FZX7>tbv#augCt=J#+n{()oS(Fdc||eIA!26470khKji$jPgN2K$%R* z)mZm=Px?Jxn?d$Mv=p}`77_UZ-HJS6=ukrVs4F~v#|H~3JG%7jX4jRhOwEJ&HZXix z`oI&@INd4sUKCTdcu86bRjM5h_x3MAt)))4XmLIQ*>j^AmhXZqg&N4G|I&@$9ONfW z!D!h}GSX~Bk5=BhS(6?au&^l5>K>}JtC`u-HW1Psq2mNZiUWc&2a))Cr>`7Tc1)xN zm4xt$K+d^A_cs8#$DBwC8rvBP_0NgB>?txB+}M6;#4iw=+3!B|wPC4OhF@^RS>`(u zlp!WewONyh4jp0z*bJ(cKjIgqB#Y_Qi*=o5XO`kp4?HdNW-Hz zm?<3>of{8t3{tQ_8H|#ImvtCn%~r5}5DM-eiu_86>er}*Uc_=$W(zFaxrqEp+ zNh%5Qr7?Qsd?w|?zC91y*A+Zz))aUER_tRnuoSHZ^5V9C^+=vI$qOXh9_eVc%L21L zsK^T%Z#aj#5~D8`jmP)p;8O71j=4Q}DQ*hkL^c#+T6#QVBd!j>@jcjDSf-J0wY#VG z2LNZm2hAq2nkVK)e>|1rfJc6n4$uXC4BQ`HbY3@092LR9crJCgnpJUVq%(zzzla`U zzN7kFAfZh~6zl*OSaqVIM@@va&C*J4&>yoY1^#lsl2Bn^4CDD6Hj@XM&!3*t$Ot?A zak?T`CML?E`8N->n3r&-D~~-9t?w{>gD0x=#~Pu54RhN$tjk{@fqJ8wnq3%fuL}_b z8H7h)WNk{IwQu-hQLht*PW(Yn0)R{!UhzNyLVyAZ02tJCtHl8Fp?okgkRXD<&DOtJ z{a{mMnPXK2lz*Q*1qJKeqgF8ck#498N&-*l)dbCdS&1b008^dh{(l1wp~y|MpDDBc z`($4PC?!#tA#VyehzAzIY^$#o_V>vM*73b*hWD3RGb10lC9ESaN<08l7e*BX}Y1ax5;18R%C?Phym9rczE4Amp*IkdUL*fU6>TFMcsl#8=pLQx@vS zjuC`<8KAQaI)OLTl2D(UDxwb+)M9p&t_1O+WXiZ!Ai8(P|u?x2vLDQu_Pvvf!uxt5rh>XJX!`5DsaU+aUSnOxy_Ig_jEJOAbHep7|OuRP-1HA z=a3F(dr(Aj{A=^7UCniH84^H-SAf=M0WcCtIDVW7zk|6bnMw~Vb0#)(P83wpHa^ul z@Zy$K7a^Ey{_A@h2E&!d8^|SkoM0t_$c3cLNkfQ>p?`ZTJw3!(3Dk5fp zEU{ch6Im`gW#;xDFSoWpQhO(sKAS(P?)D4IO;AY_MPX2&m`cb|)|lOV7UB9cBozLXq8}dbUvHw`b2L5q^uPo&mUopg-4#+aR?c4S=jTdatsG!v5m;3dBn@_ z(OGds$VCc!BMJiO!K&qJCNB3e&Va98-El6Wr>Fm=n1zPM_TyHIpAy!zb-69f_?l2HZwaYT0=v_TR3J^%F~5-6Pp`aqRI#R4jB&H z5Vi6plFjH$7fp$!T`Lg#Dn zJARpP!X8CJRaweODXE*Kk@S&5nCqo}vP7R8P?-+z3x3}7QP2H3K+WEDhP_`VPtQ!W z9)y-NbCTA~y@n|ex1WFm=%f9o{LH%D};%Mi^b3%nbpNiuFS_w-LRWA9DgTMW;DZb$x zzA!CIA^h(1hdU+4f4duPWN&*^Xw*sg-*&cwlbPv|X^MBW)_?)m0veu=xI9bSXfOy1 zf7)zQ92)zJ@hk}EY<{7O_%d8-mIdMZwTZ8F*`|v8cNzcmS9$_m3}otTwmoh+KJ(`X z_dQ#kIuAk884kx^|DI5R*&0FfTl;oaEVRSc9x*{`NRM6?Y5hAF7c7Ld@1e{Bg1_w> z!Dfs>)H8pVg!#4s0zca_)BedNDL88XxqhZ^#6h>x7v-e>pQ>;(e_6BBVh=a z%kyyC0Vcv^A!O*d|GVx;iTluFF)IPnOC=o|Yd>Av9|&yXH4}Eb+z1l$S?+slytZQk z63Gx|8KC(j&7|9Q$z%3y*A8=12(D$c2stfP zWjQWes4d&u$g}*u+mg81`3lrI@c^O*4d!f4WcXl+l*jsWY>ELyPO`bu8sy{It@e6{ zK&9`?5K;U(G6$KacmxCf6PFLEhW4+5?Sm*;FeAkT$0-gd>0-}~Y-6#bm78x-x5eB= zcb}Kt$kb$$@Ncq|A56D1NvYK>L>(f@f z*WAVqd06e%?G~hbFO&sL6-}l(p|;TSW0za?Nk3m3%ME*)D!|=N#bX+9`hjV1TPa19 z1LiN&^y|G0u1*^lazh*KO}}?hgc51VwA8T#B$J3zT`6I5?B_^$rByWXZi`^u)uq{m zmsOR*rFFr#)CzLa3qZfFAQ3er;jR$=uO4lnJiEYg-^c=Fr;H-H-J98=@5m$f_g%oI zt0#YFwXLCw+3HS0BrD`AeiT`}Ak~VZ7yv=&+Qo9vdpfV@!T6_+2>|dc>!G5;vPa!T zz!{4`tVxI1TkeVX!5o<;=oPC-Nw@{Xn{5K zavq3TtPpR@gGa5wNfx5+b=rJSbUGQ5QzkSQ!i-4mJD^|ZSofsA0ROz25(Yz*oaNKTc6O4#b=Mjhak7qjREIPRf;7w$1Nzr5=vpmp4F>=5A7l6fbUHK4zx>A%;Xhr4 z9o7HR;0Vt$Hb?!d`CWi^GCn%#-2VGyAB4c5P(ZDb-je?+eAXySm~}uF4vF9WWB;;wiu?D=;C}$F!dj zi6-;khoKw)I3iH`Q%%ij{t`u6^s8X+UByfO+giYJraSu6_n`F+L)RHGUXT6P`e42r z>+f1+|1ZsV)BWjS1t}LH$@~_Yrvl6ma{_aFxe{8s4Yz;=PzujI`kE~Vl+0Lvciu8m(^DtHCLyLc=CT(Rgt^INA8;>p6UnJ~uc03inj2r14XacGzp z{)$ALF7^OJ%7pNNo78_)>D|%yk0JmIsv}b~Na&Y@MNLY`d5s-HUf8_vA*1$6(hpFg-&`7 z-1B1CEM(_yg(b6wPW|}J4je@lPQ4ROB#)W&pX|wPeLPA&*>T80kDNfO$}?{CTLNuc z3uvAuoLDs=MXHltM}>zl*-N^)+Lsei4P(>tii#TGFls^HQ~^Gvg2cDMv=~|hm~r3Y zYjjI>9fSHC|4LzSesi}x=HebWdI7U>`gjVj?N|o{yk~B_#KfPo4|qtN`xr3%VFyhu z&k2vM`>WwXsa{C5bms_Kpa#^30Wd{kD|tB~5)ZSrYS+ZP^bMe#rWM?O&DUe)wso!> zMlIffyLau%5b$g@5EoP-;r9S^M{5xBm%weX2HwvKPtWr{J2mW>R+FG1t2>O0__ZBw zf-#XIs)`X9%Ckw?J1Tieo(GBdK$qeqeWr#&#{ZemqLCDhA2jKxC(1oiTAJqf$7`VH76Rls=!hfvcAX6VaTD5#&5~ z#~~^lZ^~zHfRTGvOpavfYa1@<4;AV?I^Pw?mT(9${2B*eF+*IW6o0TC&$At?GHKbH z4?0$%!6x|)cT_WuRnt)jR9p?vT`PMV<&aFB>2_-egI~l&JI^mN8g6X@zN2?VZde@B z6DVT9%_LR)^j5@OOIh$RX1CO=ZM*z>lWE}wfC9I}Z_Ty#Gl9nP1K8R8VGY3xAV42( z=H?_v!(ClssYj%F@TC>Gi)Fkwn;nY{I(NW-L0qNhT%NUdlcF760TonZO2z@0a&LCe zw3Ny$Iv&38xw^Dah=S7?ldGQ7jwDF?Z9sCFd+R(wsQA)tOCd$HHrX2HM$^B20_(@& z^w?G8lE+j7I*VaVmFDH7SZ39`M(%7c6)+7W#e<v=IB?C5RBx!ld$tX+}my+}I4AqcY(!B|tRvFmAC4TM4(_wAb}9Rn128(luO@ia(P z3BsaTl0laTvGLHo_J3mifN!B79rTJ$5(YJ%?vC>s3He|Hwj~U;@tQVc`5;Wt)6saSA&dhRyKVnUbK6@hg!7&=!>L^&4l2BoMb~Rh6OKwS z1_#}W)O8B{j_m!a)nsW|FnejEGX_ya5&vxUZ9eT-4VI;R-$e<>`*w6K@E2JwZ@j=( z+JrfKy-`v{Nn_ooFlyw+XEo;H$mru_SdcRDtXo8jR`I@Bz*vS1eg}sjQ#L*W)1}t1 z`xr^`VO`H7f_2^1Ls<;aYqU)aHo;#TaKAjh)z*fY?6E25{K)VQ0b&$Ry!mMI`NEUq z_n>y@)Vftn7%dUJ_(mUT3LAP2|shA~$n37lRY(jmrU-hqZyZHW;h0y!l$A#oi z46h)WGdV4d^$3HMO)K{2=O6{>sXLTUK{+}fU-x|3cwu<^y6<-)kc2D`cz5WDumiI! zh~7UeXTCvjj_samzwS?UQl+dwWxW!5TTE(?b%`ejzvdqsn1&JJi~i9gjGai5BgK6H z-<-p2onnzO1`E*bkZ2U+kL@3+1`nu*@@?THqVcb*3tm8lA)qH(4!Zd(GzyV&P}e0p z5^}*M8G{bLp~dKka}z@&++>iJ{W6Y}Afhd)60k*fJsv&qyjqy?uFW?|%+y0<1#0N}u5qNxNs)A!?a)q^VG`{yqm zyIuH?(L&d1Ol;xCa`&&=E*n*oh=cqAB3KvhK78``OJ_U)PHdwG{}JNFF-q^j0zQnq zsrU;U*Cjwb!J9WO2ae3^B%ver7#kQcR=;1JVg6 zil1YWLEmTH?+^Y%p`~mZQu6)d*$MSvge{Z*H+J2dqfC>q4CQ&r^Et5GIH(h{h&qkX z?8~RJn*X|kzu{nAMa(}3O7!gZ7GBg9HD&JtisxStv`Dd8!dQl9`rsN5&O3m_6@dIS=V-ZCqsHRzL zI4+OH1as28p*?y!`ZxCNe@;+)NtwW!ufv-C{K?P>f)8%Bf&(M>{$ZE!4gvIm)YL*SfxF@zLjk!YCmzwWO1hW|dJQqsGvBDJj0Br$J8<*sS<$3VYt z>nxhV+{gBx_5M8_O^M=)Y|?mD>4L3n{;%m4CVEI;rbR;;U8WIb2MpGGKm`svn<(lz9HAna&&)F5qF30fz$O#j zn|Fp7&sP`)<45yD?*^<5o$1!$qvT{zrjXuFtvdZErS5Qv4bjydLu%s~d{}vyk&2Va z>5G~uQq_i&Z7WPp}t)KRT@}nQ!04AMn-mWA4^tH}2zM-c`SSHWl(}(tC zkxzzL&AK$GN5U^E7M`H&K$gmRYclJ1TxmCHd%gpvRe3K+a&IGv%cg2Gs3jUOmq$8? z6E(D4TwiqQkxB~qH2HAHmicN9;CqP-L738=140r9p^qJ~YKH6Oi#99P_?wzy8m62@xQkEkty-vLwEWF)5mR(XhK(am6cY_tXT)% zs3~4<)(&-F>St-3=!D>mFzN)I6^zknTi*`f}h;%@*Y|}qi75q#Xme?XJx7reH zVUm*c$$%-6-!@GY?__QTYwimm(AseFkJ+T6&KO2&O*tIeL`1>2FnHd#27AJ6Ap3Vc zQq#gH9iu<00QwnDGs+Y*8jIS+r@iN_t}*hD^bmt-D$kStBA3dnEaiPK@~f%azKQB6 zTFJRz&S%ErfBK6c22U<|PrF7q&(M&L3G%D;m*SnQ(%;h@w(}#n|7gk0B)*ASC`+ph zDzm%+9i6}LDTBdNOfGSuolvYx>Tj>2^`-ZgO1fGiIqK@+`Pk=JvO|nPZEv8puDwBY z>LtO6C!wq@&32qu<{{H^$L)asQQddHQ~AgLm&|0oDcdm$;n<<z ztYh!&y;s>QTU!d*LK(^4gwONteO=$b;QPbp^MjwxIoEYN_v?PWo{xDLURdqz`QJXt zp2?&xJ{*U)b^d)@Ix&7J#r1sFx2rJh{1~rZ?@2SsV=W94gNDuZ_TzeHtdh>%myNm6 z!xbjH(9K19>kCiDJfxaM#j8YpLB9kz`%)PWksp8_6TqOI@6niS{)@_Eej{ zZcQnmwP{G(ZPBNw_4Y7(7V}TQ{|lc7uwsHN6#JxM^n_kJ4Ie;MDL@1xRP~c)ez)*8 zn*ny);j$D^wz!&b9ab^-mlDt>_YrsatJ|K)UVidtOY>N36E6ELh>mDL#5Rv;qYerv zVbJw~Gw-m+6(~Swz;mT$oVCOq4c4oT3oMm;C-7+gguhteACfG_j>Mz@+_G_Lq(vj8 zEvJAfR1pp!Nunjh9Perj_sc-PGv>hqqef>2#i3|wgf z*b)*XU95KC-3p~+;89oZbMh_lc*jfkglDJB`KlfFQIvK@ z%q+__?P5sCBq7J;=0d*!f;531Xl$vV;nh=XgYGry^6Nf-JS4sLtHNJ5BBUt|j5~s4 z$|U4xai5T~h|0FZ5~SGWgQ%{fmi5&cWejNNvAp`|rSba8wgvDLm03G=R+n*q1xN_| zi|GKz1bpTW(7dbq_fo+G2F*x`h}ul`(kv!`CZxXv<$pn5*gRJnzPBq#&r13YkZM>; zU)=cjNym$`EFY2|?QmwyuK-ueaeA`%IvoxAQ&Fp(qkjqu=_gPMUy=++dtUUg`u;I*$=w}!?d!YT5m+bu5?qx_K>ubudLPXe z=o5_$7Mh-^g7b9BMp^0YwJ=Uy{|NM&3Y@z;gXn^eb`}9GgFqj!+Y<=ruR8x85qb)` zPCjt=0WaA;A{-tVJdFbm$9K^&Ioo(EjZo=l3k8T-r-2`VOp>}vUbxc$sCfAZ&x!41 zLd3xG_gHP|6YVm4-~f#fw4E7`3`Lq!8_#@va6t2|HZ7wwoqnH%uv3=iQ)=I3o7vT= zRwEdfi!v_*;->AMhBF+k4`;f%pp&m&HN|}!tz*u|G`aVr4C=S82;%w2@`5v=9+SxW z(T`3nJ-B7>R0cWCTm zz@|tqjje&?>#al>>21Pco_UXGGYA-c+DUxgF4JR6{3Y->#bBuOf}IC3_ChqE8PSCh z6{!&vCwvOQ=KZg`yXynk$N}~rtf%|IG73v_h_)A{afE%tF!Q7k8tV;Rr9r5J& z+GW+~-mx{%KN$!L@`Pd=;9^WZW44Jqbgpm~+xy?k0nW2HM_?wB=P?KD%!7q=w-f~V z>%hr%JRDi9(<}uoZ`dCQf%}U`q1mjgURr6tO1Z~|mBWpAIC&fhn(@!LD=QxY+{jDs zez-%|@%Tcw_XCGNLhql^pDPRclp%d|QB~(3@;)KU-o<;|N;&&o#N-@`Y8whj_m;ty zYGgas2Uv(E2lJ~##J`@=^ZH&MKFWHXra+H&+mjl3^j!LuV3EHQ(Jq?sX4O2b{>$E7 zm^*_eReMx+50g*(XtHCdFW*Vl_7)ZAWm&C8!}@bEM_OH%mcc9a4xCmMW-L|HR7Q5F zrly3%{ zgkR!PJLS>`6*}vv*_(MFkHk{p>+OituLG^<>S3bvhP*t_5pE?uznem<;Qy}Df2*>7 zEqvheaF`d#a1ClCSRA~#ecwI4z6#eSau?pO?u*!UDNB<3@G;!21)llk*8KT7QiJzm zVSR$CkBlT*IS*bK3Ub`%T2_3e6tSb#-0eI*mv6l~(a1nFd>}<)ibd3oZv#>XTzwx~ zwi^n~52Ky>t_ui0}-pv>G!{?qOzlmV;%-cz6rV7hO3hZnQ z!xQsdy6QK`({ljQaLZLC*LCFh5O(}7hn(#CR`cql4$ZI`?=d81w2^$5e@1n&?52=g z=m2VrEVqM28oRhu2NbcbohcndJ8+nH>IvQvJJrjG{S*?onOvL&ED;|s<~czwBOQMu zsp)<5AJ2+i=wLo~txKU7beb@eze8BQKoGD79VP(-~6OPt;WJ zPr~?y%B-~$iy9`{m`$KQN;od(uxh&72XyX)*5wwRWWzWksU=Ex{LbEeLha(@U+wp4 zciVv=aX?pLw8%ufe@l1kk>J$4ND5{!qJGi_tGTLDbdV2u2=iyybgKW#K}xYyVf{_d z5oOt6;qERQ@Z4cPl4Y(0(#>6{Nio4VpN!d6+H$?}W{p4HY-+iCsg23-h z&@6uS`(La0KkVaH#NRUt%&xnvu{4RU2+z5`&{{obsF|bb= z3nc_bG&Rs~q$|8m~-etE+C*k176>Zd!=5li@NKu;qB$Yq<&QJgRTC!G9E$gtMU`~4t^|k47 zarNL5ephp;KV94x1q`G;cL!M+{ciCdQnek21{*l<{(Sldos*7f57_Pf5K(`0HjE^7 zwSzo$!yFu-h*IVr{1VTsY^I5~;>VPTfl|jC8Ug9~p7$g`7Y*&ihR6A$R{aO51fo5r zzMo_Bi0Ny^Q#Es8ZBGuNK8qjQ^psP_6H_H_58Z9pQz!z?*8%-r7w9@&$m7Ae75C(T zu;hq^W3N@dh;`Sr6$&6q6ho=80(vp*w{(C49s*2aQsS^n)wnj)DT5wFIB@g~GIT(W zCcBF05$vC6pSO+c{|(21qiaE~E50C_m3SR&p7)fH_U70Dkb!7n2us&g4vb3{Aq7hr z+PEQW&vxdh1gX&oi=C(wJQ~(3GceB&jRQ~3vh$qHC9l&>Fy!moxOn}u1xrvL`cHFC zGAg8vv+NzBQscM&wzLR7?AyB)107xCxVXMK;2GR9ZyUIrf*XM5v5$v@@JAj$K0(b^WDx*A6(#xvTZ!}PbI zsvzr@!Nb4-pAKb?&Z;19C-d5fB^wd@$LBAEd*X70W;3Ap(n({8<0wkxq{`6J70v!P z&5aT!#!zt7#imRLi{-?8OZlt*w}U(3fAx$04~|(l+CFKhNaOv;#QyHOY`yF6 zXiJjF@d7&ctP68U@Rt9Y@_{;eex^{1jD+PsDneOK5qu3~|Nngr&uIN23q>kpTm=}a z>Z-oPMJq@)YeAK~Nev>mJ%Iw_+Y%SWa^5NS(B1pk(}@@`{H*a{vyFxEP8E_@(nMLM z)A+GFDiW_<%>Pn6DF0|`KMUXx9hJ9261pWVa0!W4(z%K4Fst(ezxeXkH&C3BIX(4r zN#Pl=;Ud2g;3jSTiHXOkt_=T1T0+OE#vgUo4hrZiMgShdF8~nFcbJ9)_#JH$C%`ki zl_W7cJp@qzlAqdSg&Tg>M6(UM{s17n?fL`2 zQ`z?KuL+LZiESx_$iskC!!8WK7|qb(0NSp)7^PRth=7Z>isHy2!r7XCVJD{Ao zHA%3@c#VWD%Oo`U9Aj-qsU*p1IK{gx9p6P9h?rScNaDPFu+(3Stb?O0WX97 z0NXtQ(|aQf(vdIXokMeA@hgh@1I=C1$Kt8>Z3Z^UtMIm8(6O(LSpS~%%bvDi0Zr;w zbv54H68G*dg>JA%Ukf6}ARGV;U_#T;YO^jdrEamIp`mvab%4tr1kHO8$WmRny*glQ zuSHT^y727}=G+P&got|i;oe#$yr}^3Yah4fd&5AA7z&0U_gf3tOU!;uH2vbN9OBp9 zQfg9qPR?BN-maoG-{GAptf};2*jU{r5rH!oVlXDiPaTv1e*~AMj))pR!I=WlON}E> z)$#b_w_KSzfQR&9f$BpWeAPRI88LC+2T4X_FA(OyQUs)z8@^Hk9YIAJ$xvm!PZB7F z);klo-y`>ch*DS2kTUG)=_y7!*^gLdybKD1uvuilV=arQYwrPuxGIPmDe*&O-3oOWl!pL4ZQqngo|(9JU_>ruvq9PBv5}L2A8(1Y`oSQzeUmoK z3C_aAQ?Oi=3tN3CT9?ZN3JW2<4*_-5$j%~E%+bLeMyHiKG$cqsHqm(_pUykqfu$2n z^!4v#AbO@-`$*S2V!vns91Z-ZaOaIbrb%k^q8yCDcjKu#n!SkAf+lxxS`;B%jY%tZ z=$$n@4<&GfA09%kRf*F+3l) z*5)R(pK7!?9YMpH4j{Q92tt(GaNle?{Wi7JqOcdV!SVWCuZ3_Nd)Q~3jYaI;N3muR ze7Kj@nA<03d3rh{Bh(%lQ1V>M;}*v8$c7Q}Dg{0^#AIJst?&POG*MwYabr!KaV@Q| zVIhOH-}}?T#GaH(#)8Pyj|U}3M$K7@^K=Jk=t^pTvoJY(`*IIY&wmyc7A$;yGZpNi zWrLlP_%1Q+Ovm9NHYPT9Gxs=WChS{eW25AGmxm7@7GGUwlco+0Nlj%m7fvb47)@*_ zE-TBsYbU`}5RFps*{>d7>HO&&IyGe)laYa@ymE_p<;EoDF?$(~60NGMOB-~wZ@Ts< zFVnvN{d?^pR9?uAKgug5E{@}a)vK|o(NUF$&uDiZ_l?+$Gm{f7=_DNU81P*jn4T7B zF|Cxiaf8D+GAb(Qqg5`8hklt}sh>UH(9n>Don5%Y(*3)4v!)oAencj-k`60+W+o;U zJpVv7cKn3-sg&7{BO^UMn{-M_%7h69y)RCAK1k8WM`p-waR2dnZD3+TyS24t;q0u%#Kc6*G1)$|wG}t?MNCXgw>4_#)JTCV zJjSQar1T%lnSHi)?qQM7R(Yv3ipK$M1_2WsX;+v;r-JM1t~oh7D|lqfuH$viMrOop?yq{o*Jp5Kep4{aAv%Brru zx9=t6j6*&AzOcBcTvk~bUQlqw%}RDsQ}<6HWz@;+tcAZe-?f^~PKCp>PWWbGpPvlt z>+6>shKG|nucChaURi;CjfDL(E-H$2yNiUfkeOpr;&QfZMj!PB!bastQgKa9%}2}{ z%zR3Rjnn_?r|qwIiT8{b6H46q{d<;; ztu0$$FZnsH+i5;#W@ba?j%iqnJZ*=^W!GBWaI2NUj2h|5;qD*TJ9s1|Q>MyoOq?c5 zc0fm# zGZtGCpOC<_va*u*+(m(mj7+iUsfWj1Ch}lmQBlPee>uNRSJWpISBMwAGWQ#8h9yGD z;+&j-j3B0;o12@LHp#~150@4fv%L6~g-{|+Ed9!|$BNjL^mJWeVPTyc(VpE> z&CShA$8x?kN%8T~>1u5xK?+i2J<8T)jo$_bxh*X%OUUEz5e*pKuCbfum!4pcAs!`D zljrPAi?JqBA=#{VH^*^KQ@U;@DSqGM@QWZ%y+V5J-@#k&HFsUEr+1@=WH?xk>+9>o z-v4ATd?1_>a{1j468QZMLIQgHNLvi%J88@VEcV4USqa6*0U{zIB_!CUfu+^eNP}$D zmLC&d9q)}xHEX|rbL*8Ryph2~X{f7v+kX4nU+23(m(7a%Ha~CWY%D1$d0ttF4?fAo zM9$mJ#L3(|sev=DGg+qVnC)(ntHT>DDlJttG&0Jy7B-?UGr$o%->*6odqE~k&O%a& zBfWaQVu5ah32wSi{kCIsTiX>i|M1brdhNXgMzov0zwdOmH$*1Bj8l|jM^Wt)QMK>U z=EV-7fbai#n_)Jes=qyv$qFivHO`FbB)MrEGI@!-8@;UeK z-^Abla@yPbeBDE;bH$yD@5)%Hs$R)OGQ&hzP@H%qerHBX_QyUfE*32=FaI+-I=cNW z7>mVHV|IJB -+++ -aliases = [ -"/engine/extend/" -] -title = "Managed plugin system" -description = "How develop and use a plugin with the managed plugin system" -keywords = ["API, Usage, plugins, documentation, developer"] -advisory = "experimental" -[menu.main] -parent = "engine_extend" -weight=1 -+++ - - -# Docker Engine managed plugin system - -This document describes the plugin system available today in the **experimental -build** of Docker 1.12: - -* [How to operate an existing plugin](#how-to-operate-a-plugin) -* [How to develop a plugin](#how-to-develop-a-plugin) - -Unlike the legacy plugin system, you now manage plugins using Docker Engine: - -* install plugins -* start plugins -* stop plugins -* remove plugins - -The current Docker Engine plugin system only supports volume drivers. We are -adding more plugin driver types in the future releases. - -For information on Docker Engine plugins generally available in Docker Engine -1.12 and earlier, refer to [Understand legacy Docker Engine plugins](legacy_plugins.md). - -## How to operate a plugin - -Plugins are distributed as Docker images, so develpers can host them on Docker -Hub or on a private registry. - -You install the plugin using a single command: `docker plugin install `. -The `plugin install` command pulls the plugin from the Docker Hub or private -registry. If necessary the CLI prompts you to accept any privilige requriements. -For example the plugin may require access to a device on the host system. -Finally it enables the plugin. - -Run `docker plugin ls` to check the status of installed plugins. The Engine -markes plugins that are started without issues as `ENABLED`. - -After you install a plugin, the plugin behavior is the same as legacy plugins. -The following example demonstrates how to install the `sshfs` plugin and use it -to create a volume. - -1. Install the `sshfs` plugin. - - ```bash - $ docker plugin install vieux/sshfs - - Plugin "vieux/sshfs" is requesting the following privileges: - - network: [host] - - capabilities: [CAP_SYS_ADMIN] - Do you grant the above permissions? [y/N] y - - vieux/sshfs - ``` - - The plugin requests 2 privileges, the `CAP_SYS_ADMIN` capability to be able - to do mount inside the plugin and `host networking`. - -2. Check for a value of `true` the `ENABLED` column to verify the plugin -started without error. - - ```bash - $ docker plugin ls - - NAME TAG ENABLED - vieux/sshfs latest true - ``` - -3. Create a volume using the plugin. - - ```bash - $ docker volume create \ - -d vieux/sshfs \ - --name sshvolume \ - -o sshcmd=user@1.2.3.4:/remote - - sshvolume - ``` - -4. Use the volume `sshvolume`. - - ```bash - $ docker run -v sshvolume:/data busybox ls /data - - - ``` - -5. Verify the plugin successfully created the volume. - - ```bash - $ docker volume ls - - DRIVER NAME - vieux/sshfs sshvolume - ``` - - You can stop a plugin with the `docker plugin disable` - command or remove a plugin with `docker plugin remove`. - -See the [command line reference](../reference/commandline/index.md) for more -information. - -## How to develop a plugin - -Plugin creation is currently a manual process. We plan to add automation in a -future release with a command such as `docker plugin build`. - -This section describes the format of an existing enabled plugin. You have to -create and format the plugin files by hand. - -Plugins are stored in `/var/lib/docker/plugins`. For instance: - -```bash -# ls -la /var/lib/docker/plugins -total 20 -drwx------ 4 root root 4096 Aug 8 18:03 . -drwx--x--x 12 root root 4096 Aug 8 17:53 .. -drwxr-xr-x 3 root root 4096 Aug 8 17:56 cd851ce43a403 --rw------- 1 root root 2107 Aug 8 18:03 plugins.json -``` - -`plugins.json` is an inventory of all installed plugins. For example: - -```bash -# cat plugins.json -{ - "cd851ce43a403": { - "plugin": { - "Manifest": { - "Args": { - "Value": null, - "Settable": null, - "Description": "", - "Name": "" - }, - "Env": null, - "Devices": null, - "Mounts": null, - "Capabilities": [ - "CAP_SYS_ADMIN" - ], - "ManifestVersion": "v0", - "Description": "sshFS plugin for Docker", - "Documentation": "https://docs.docker.com/engine/extend/plugins/", - "Interface": { - "Socket": "sshfs.sock", - "Types": [ - "docker.volumedriver/1.0" - ] - }, - "Entrypoint": [ - "/go/bin/docker-volume-sshfs" - ], - "Workdir": "", - "User": {}, - "Network": { - "Type": "host" - } - }, - "Config": { - "Devices": null, - "Args": null, - "Env": [], - "Mounts": [] - }, - "Active": true, - "Tag": "latest", - "Name": "vieux/sshfs", - "Id": "cd851ce43a403" - } - } -} -``` - -Each folder represents a plugin. For example: - -```bash -# ls -la /var/lib/docker/plugins/cd851ce43a403 -total 12 -drwx------ 19 root root 4096 Aug 8 17:56 rootfs --rw-r--r-- 1 root root 50 Aug 8 17:56 plugin-config.json --rw------- 1 root root 347 Aug 8 17:56 manifest.json -``` - -`rootfs` represents the root filesystem of the plugin. In this example, it was -created from a Dockerfile as follows: - ->**Note:** `/run/docker/plugins` is mandatory for docker to communicate with -the plugin._ - -```bash -$ git clone https://github.com/vieux/docker-volume-sshfs -$ cd docker-volume-sshfs -$ docker build -t rootfs . -$ id=$(docker create rootfs true) # id was cd851ce43a403 when the image was created -$ mkdir -p /var/lib/docker/plugins/$id/rootfs -$ docker export "$id" | tar -x -C /var/lib/docker/plugins/$id/rootfs -$ docker rm -vf "$id" -$ docker rmi rootfs -``` - -`manifest.json` describes the plugin and `plugin-config.json` contains some -runtime parameters. [See the Plugins Manifest reference](manifest.md). For example: - -```bash -# cat manifest.json -{ - "manifestVersion": "v0", - "description": "sshFS plugin for Docker", - "documentation": "https://docs.docker.com/engine/extend/plugins/", - "entrypoint": ["/go/bin/docker-volume-sshfs"], - "network": { - "type": "host" - }, - "interface" : { - "types": ["docker.volumedriver/1.0"], - "socket": "sshfs.sock" - }, - "capabilities": ["CAP_SYS_ADMIN"] -} -``` - -In this example, you can see the plugin is a volume driver, requires the -`CAP_SYS_ADMIN` capability, `host networking`, `/go/bin/docker-volume-sshfs` as -entrypoint and is going to use `/run/docker/plugins/sshfs.sock` to communicate -with the Docker Engine. - -```bash -# cat plugin-config.json -{ - "Devices": null, - "Args": null, - "Env": [], - "Mounts": [] -} -``` - -This plugin doesn't require runtime parameters. - -Both `manifest.json` and `plugin-config.json` are part of the `plugins.json`. -`manifest.json` is read-only and `plugin-config.json` is read-write. - -To summarize, follow the steps below to create a plugin: - -0. Choose a name for the plugin. Plugin name uses the same format as images, -for example: `/`. -1. Create a rootfs in `/var/lib/docker/plugins/$id/rootfs`. -2. Create manifest.json file in `/var/lib/docker/plugins/$id/`. -3. Create a `plugin-config.json` if needed. -4. Create or add a section to `/var/lib/docker/plugins/plugins.json`. Use - `/` as “Name” and `$id` as “Id”. -5. Restart the Docker Engine. -6. Run `docker plugin ls`. - * If your plugin is listed as `ENABLED=true`, you can push it to the - registry. - * If the plugin is not listed or if `ENABLED=false`, something went wrong. - Check the daemon logs for errors. -7. If you are not already logged in, use `docker login` to authenticate against - a registry. -8. Run `docker plugin push /` to push the plugin. diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md deleted file mode 100644 index aa4fa4a9b3..0000000000 --- a/docs/extend/legacy_plugins.md +++ /dev/null @@ -1,93 +0,0 @@ - - -# Use Docker Engine plugins - -This document describes the Docker Engine plugins generally available in Docker -Engine. To view information on plugins managed by Docker Engine currently in -experimental status, refer to [Docker Engine plugin system](index.md). - -You can extend the capabilities of the Docker Engine by loading third-party -plugins. This page explains the types of plugins and provides links to several -volume and network plugins for Docker. - -## Types of plugins - -Plugins extend Docker's functionality. They come in specific types. For -example, a [volume plugin](plugins_volume.md) might enable Docker -volumes to persist across multiple Docker hosts and a -[network plugin](plugins_network.md) might provide network plumbing. - -Currently Docker supports authorization, volume and network driver plugins. In the future it -will support additional plugin types. - -## Installing a plugin - -Follow the instructions in the plugin's documentation. - -## Finding a plugin - -The sections below provide an inexhaustive overview of available plugins. - - - -### Network plugins - -Plugin | Description ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -[Contiv Networking](https://github.com/contiv/netplugin) | An open source network plugin to provide infrastructure and security policies for a multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards. -[Kuryr Network Plugin](https://github.com/openstack/kuryr) | A network plugin is developed as part of the OpenStack Kuryr project and implements the Docker networking (libnetwork) remote driver API by utilizing Neutron, the OpenStack networking service. It includes an IPAM driver as well. -[Weave Network Plugin](https://www.weave.works/docs/net/latest/introducing-weave/) | A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. - -### Volume plugins - -Plugin | Description ------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -[Azure File Storage plugin](https://github.com/Azure/azurefile-dockervolumedriver) | Lets you mount Microsoft [Azure File Storage](https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/) shares to Docker containers as volumes using the SMB 3.0 protocol. [Learn more](https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/). -[Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. -[Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption. It has support for Ceph and NFS. -[Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. -[DRBD plugin](https://www.drbd.org/en/supported-projects/docker) | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes. -[Flocker plugin](https://clusterhq.com/docker-plugin/) | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines. -[gce-docker plugin](https://github.com/mcuadros/gce-docker) | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks). -[GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs) | A volume plugin that provides multi-host volumes management for Docker using GlusterFS. -[Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3. -[HPE 3Par Volume Plugin](https://github.com/hpe-storage/python-hpedockerplugin/) | A volume plugin that supports HPE 3Par and StoreVirtual iSCSI storage arrays. -[IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs) | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume. -[Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) | A plugin that provides credentials and secret management using Keywhiz as a central repository. -[Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. -[NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future. -[Netshare plugin](https://github.com/ContainX/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. -[OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. -[Portworx Volume Plugin](https://github.com/portworx/px-dev) | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler. -[Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. -[REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. -[Virtuozzo Storage and Ploop plugin](https://github.com/virtuozzo/docker-volume-ploop) | A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices. -[VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere) | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments. - -### Authorization plugins - - Plugin | Description -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ - [Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name). - -## Troubleshooting a plugin - -If you are having problems with Docker after loading a plugin, ask the authors -of the plugin for help. The Docker team may not be able to assist you. - -## Writing a plugin - -If you are interested in writing a plugin for Docker, or seeing how they work -under the hood, see the [docker plugins reference](plugin_api.md). diff --git a/docs/extend/manifest.md b/docs/extend/manifest.md deleted file mode 100644 index d47efce8e8..0000000000 --- a/docs/extend/manifest.md +++ /dev/null @@ -1,222 +0,0 @@ - - -# Plugin Manifest Version 0 of Plugin V2 - -This document outlines the format of the V0 plugin manifest. The plugin -manifest described herein was introduced in the Docker daemon (experimental version) in the [v1.12.0 -release](https://github.com/docker/docker/commit/f37117045c5398fd3dca8016ea8ca0cb47e7312b). - -Plugin manifests describe the various constituents of a docker plugin. Plugin -manifests can be serialized to JSON format with the following media types: - -Manifest Type | Media Type -------------- | ------------- -manifest | "application/vnd.docker.plugin.v0+json" - - -## *Manifest* Field Descriptions - -Manifest provides the base accessible fields for working with V0 plugin format - in the registry. - -- **`manifestVersion`** *string* - - version of the plugin manifest (This version uses V0) - -- **`description`** *string* - - description of the plugin - -- **`documentation`** *string* - - link to the documentation about the plugin - -- **`interface`** *PluginInterface* - - interface implemented by the plugins, struct consisting of the following fields - - - **`types`** *string array* - - types indicate what interface(s) the plugin currently implements. - - currently supported: - - - **docker.volumedriver/1.0** - - - **`socket`** *string* - - socket is the name of the socket the engine should use to communicate with the plugins. - the socket will be created in `/run/docker/plugins`. - - -- **`entrypoint`** *string array* - - entrypoint of the plugin, see [`ENTRYPOINT`](../reference/builder.md#entrypoint) - -- **`workdir`** *string* - - workdir of the plugin, see [`WORKDIR`](../reference/builder.md#workdir) - -- **`network`** *PluginNetwork* - - network of the plugin, struct consisting of the following fields - - - **`type`** *string* - - network type. - - currently supported: - - - **bridge** - - **host** - - **none** - -- **`capabilities`** *array* - - capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security) - -- **`mounts`** *PluginMount array* - - mount of the plugin, struct consisting of the following fields, see [`MOUNTS`](https://github.com/opencontainers/runtime-spec/blob/master/config.md#mounts) - - - **`name`** *string* - - name of the mount. - - - **`description`** *string* - - description of the mount. - - - **`source`** *string* - - source of the mount. - - - **`destination`** *string* - - destination of the mount. - - - **`type`** *string* - - mount type. - - - **`options`** *string array* - - options of the mount. - -- **`devices`** *PluginDevice array* - - device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices) - - - **`name`** *string* - - name of the device. - - - **`description`** *string* - - description of the device. - - - **`path`** *string* - - path of the device. - -- **`env`** *PluginEnv array* - - env of the plugin, struct consisting of the following fields - - - **`name`** *string* - - name of the env. - - - **`description`** *string* - - description of the env. - - - **`value`** *string* - - value of the env. - -- **`args`** *PluginArgs* - - args of the plugin, struct consisting of the following fields - - - **`name`** *string* - - name of the env. - - - **`description`** *string* - - description of the env. - - - **`value`** *string array* - - values of the args. - - -## Example Manifest - -*Example showing the 'tiborvass/no-remove' plugin manifest.* - -``` -{ - "manifestVersion": "v0", - "description": "A test plugin for Docker", - "documentation": "https://docs.docker.com/engine/extend/plugins/", - "entrypoint": ["plugin-no-remove", "/data"], - "interface" : { - "types": ["docker.volumedriver/1.0"], - "socket": "plugins.sock" - }, - "network": { - "type": "host" - }, - - "mounts": [ - { - "source": "/data", - "destination": "/data", - "type": "bind", - "options": ["shared", "rbind"] - }, - { - "destination": "/foobar", - "type": "tmpfs" - } - ], - - "args": { - "name": "args", - "description": "command line arguments", - "value": [] - }, - - "env": [ - { - "name": "DEBUG", - "description": "If set, prints debug messages", - "value": "1" - } - ], - - "devices": [ - { - "name": "device", - "description": "a host device to mount", - "path": "/dev/cpu_dma_latency" - } - ] -} - -``` diff --git a/docs/extend/menu.md b/docs/extend/menu.md deleted file mode 100644 index 4b9955038a..0000000000 --- a/docs/extend/menu.md +++ /dev/null @@ -1,15 +0,0 @@ - - - - diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md deleted file mode 100644 index 5801ba9151..0000000000 --- a/docs/extend/plugin_api.md +++ /dev/null @@ -1,192 +0,0 @@ - - -# Docker Plugin API - -Docker plugins are out-of-process extensions which add capabilities to the -Docker Engine. - -This document describes the Docker Engine plugin API. To view information on -plugins managed by Docker Engine currently in experimental status, refer to -[Docker Engine plugin system](index.md). - -This page is intended for people who want to develop their own Docker plugin. -If you just want to learn about or use Docker plugins, look -[here](legacy_plugins.md). - -## What plugins are - -A plugin is a process running on the same or a different host as the docker daemon, -which registers itself by placing a file on the same docker host in one of the plugin -directories described in [Plugin discovery](#plugin-discovery). - -Plugins have human-readable names, which are short, lowercase strings. For -example, `flocker` or `weave`. - -Plugins can run inside or outside containers. Currently running them outside -containers is recommended. - -## Plugin discovery - -Docker discovers plugins by looking for them in the plugin directory whenever a -user or container tries to use one by name. - -There are three types of files which can be put in the plugin directory. - -* `.sock` files are UNIX domain sockets. -* `.spec` files are text files containing a URL, such as `unix:///other.sock` or `tcp://localhost:8080`. -* `.json` files are text files containing a full json specification for the plugin. - -Plugins with UNIX domain socket files must run on the same docker host, whereas -plugins with spec or json files can run on a different host if a remote URL is specified. - -UNIX domain socket files must be located under `/run/docker/plugins`, whereas -spec files can be located either under `/etc/docker/plugins` or `/usr/lib/docker/plugins`. - -The name of the file (excluding the extension) determines the plugin name. - -For example, the `flocker` plugin might create a UNIX socket at -`/run/docker/plugins/flocker.sock`. - -You can define each plugin into a separated subdirectory if you want to isolate definitions from each other. -For example, you can create the `flocker` socket under `/run/docker/plugins/flocker/flocker.sock` and only -mount `/run/docker/plugins/flocker` inside the `flocker` container. - -Docker always searches for unix sockets in `/run/docker/plugins` first. It checks for spec or json files under -`/etc/docker/plugins` and `/usr/lib/docker/plugins` if the socket doesn't exist. The directory scan stops as -soon as it finds the first plugin definition with the given name. - -### JSON specification - -This is the JSON format for a plugin: - -```json -{ - "Name": "plugin-example", - "Addr": "https://example.com/docker/plugin", - "TLSConfig": { - "InsecureSkipVerify": false, - "CAFile": "/usr/shared/docker/certs/example-ca.pem", - "CertFile": "/usr/shared/docker/certs/example-cert.pem", - "KeyFile": "/usr/shared/docker/certs/example-key.pem", - } -} -``` - -The `TLSConfig` field is optional and TLS will only be verified if this configuration is present. - -## Plugin lifecycle - -Plugins should be started before Docker, and stopped after Docker. For -example, when packaging a plugin for a platform which supports `systemd`, you -might use [`systemd` dependencies]( -http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=) to -manage startup and shutdown order. - -When upgrading a plugin, you should first stop the Docker daemon, upgrade the -plugin, then start Docker again. - -## Plugin activation - -When a plugin is first referred to -- either by a user referring to it by name -(e.g. `docker run --volume-driver=foo`) or a container already configured to -use a plugin being started -- Docker looks for the named plugin in the plugin -directory and activates it with a handshake. See Handshake API below. - -Plugins are *not* activated automatically at Docker daemon startup. Rather, -they are activated only lazily, or on-demand, when they are needed. - -## Systemd socket activation - -Plugins may also be socket activated by `systemd`. The official [Plugins helpers](https://github.com/docker/go-plugins-helpers) -natively supports socket activation. In order for a plugin to be socket activated it needs -a `service` file and a `socket` file. - -The `service` file (for example `/lib/systemd/system/your-plugin.service`): - -``` -[Unit] -Description=Your plugin -Before=docker.service -After=network.target your-plugin.socket -Requires=your-plugin.socket docker.service - -[Service] -ExecStart=/usr/lib/docker/your-plugin - -[Install] -WantedBy=multi-user.target -``` -The `socket` file (for example `/lib/systemd/system/your-plugin.socket`): -``` -[Unit] -Description=Your plugin - -[Socket] -ListenStream=/run/docker/plugins/your-plugin.sock - -[Install] -WantedBy=sockets.target -``` - -This will allow plugins to be actually started when the Docker daemon connects to -the sockets they're listening on (for instance the first time the daemon uses them -or if one of the plugin goes down accidentally). - -## API design - -The Plugin API is RPC-style JSON over HTTP, much like webhooks. - -Requests flow *from* the Docker daemon *to* the plugin. So the plugin needs to -implement an HTTP server and bind this to the UNIX socket mentioned in the -"plugin discovery" section. - -All requests are HTTP `POST` requests. - -The API is versioned via an Accept header, which currently is always set to -`application/vnd.docker.plugins.v1+json`. - -## Handshake API - -Plugins are activated via the following "handshake" API call. - -### /Plugin.Activate - -**Request:** empty body - -**Response:** -``` -{ - "Implements": ["VolumeDriver"] -} -``` - -Responds with a list of Docker subsystems which this plugin implements. -After activation, the plugin will then be sent events from this subsystem. - -Possible values are: - -* [`authz`](plugins_authorization.md) -* [`NetworkDriver`](plugins_network.md) -* [`VolumeDriver`](plugins_volume.md) - - -## Plugin retries - -Attempts to call a method on a plugin are retried with an exponential backoff -for up to 30 seconds. This may help when packaging plugins as containers, since -it gives plugin containers a chance to start up before failing any user -containers which depend on them. - -## Plugins helpers - -To ease plugins development, we're providing an `sdk` for each kind of plugins -currently supported by Docker at [docker/go-plugins-helpers](https://github.com/docker/go-plugins-helpers). diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md deleted file mode 100644 index 2c3d79e25d..0000000000 --- a/docs/extend/plugins_authorization.md +++ /dev/null @@ -1,256 +0,0 @@ - - - -# Create an authorization plugin - -This document describes the Docker Engine plugins generally available in Docker -Engine. To view information on plugins managed by Docker Engine currently in -experimental status, refer to [Docker Engine plugin system](index.md). - -Docker's out-of-the-box authorization model is all or nothing. Any user with -permission to access the Docker daemon can run any Docker client command. The -same is true for callers using Docker's remote API to contact the daemon. If you -require greater access control, you can create authorization plugins and add -them to your Docker daemon configuration. Using an authorization plugin, a -Docker administrator can configure granular access policies for managing access -to Docker daemon. - -Anyone with the appropriate skills can develop an authorization plugin. These -skills, at their most basic, are knowledge of Docker, understanding of REST, and -sound programming knowledge. This document describes the architecture, state, -and methods information available to an authorization plugin developer. - -## Basic principles - -Docker's [plugin infrastructure](plugin_api.md) enables -extending Docker by loading, removing and communicating with -third-party components using a generic API. The access authorization subsystem -was built using this mechanism. - -Using this subsystem, you don't need to rebuild the Docker daemon to add an -authorization plugin. You can add a plugin to an installed Docker daemon. You do -need to restart the Docker daemon to add a new plugin. - -An authorization plugin approves or denies requests to the Docker daemon based -on both the current authentication context and the command context. The -authentication context contains all user details and the authentication method. -The command context contains all the relevant request data. - -Authorization plugins must follow the rules described in [Docker Plugin API](plugin_api.md). -Each plugin must reside within directories described under the -[Plugin discovery](plugin_api.md#plugin-discovery) section. - -**Note**: the abbreviations `AuthZ` and `AuthN` mean authorization and authentication -respectively. - -## Default user authorization mechanism - -If TLS is enabled in the [Docker daemon](../security/https.md), the default user authorization flow extracts the user details from the certificate subject name. -That is, the `User` field is set to the client certificate subject common name, and the `AuthenticationMethod` field is set to `TLS`. - -## Basic architecture - -You are responsible for registering your plugin as part of the Docker daemon -startup. You can install multiple plugins and chain them together. This chain -can be ordered. Each request to the daemon passes in order through the chain. -Only when all the plugins grant access to the resource, is the access granted. - -When an HTTP request is made to the Docker daemon through the CLI or via the -remote API, the authentication subsystem passes the request to the installed -authentication plugin(s). The request contains the user (caller) and command -context. The plugin is responsible for deciding whether to allow or deny the -request. - -The sequence diagrams below depict an allow and deny authorization flow: - -![Authorization Allow flow](images/authz_allow.png) - -![Authorization Deny flow](images/authz_deny.png) - -Each request sent to the plugin includes the authenticated user, the HTTP -headers, and the request/response body. Only the user name and the -authentication method used are passed to the plugin. Most importantly, no user -credentials or tokens are passed. Finally, not all request/response bodies -are sent to the authorization plugin. Only those request/response bodies where -the `Content-Type` is either `text/*` or `application/json` are sent. - -For commands that can potentially hijack the HTTP connection (`HTTP -Upgrade`), such as `exec`, the authorization plugin is only called for the -initial HTTP requests. Once the plugin approves the command, authorization is -not applied to the rest of the flow. Specifically, the streaming data is not -passed to the authorization plugins. For commands that return chunked HTTP -response, such as `logs` and `events`, only the HTTP request is sent to the -authorization plugins. - -During request/response processing, some authorization flows might -need to do additional queries to the Docker daemon. To complete such flows, -plugins can call the daemon API similar to a regular user. To enable these -additional queries, the plugin must provide the means for an administrator to -configure proper authentication and security policies. - -## Docker client flows - -To enable and configure the authorization plugin, the plugin developer must -support the Docker client interactions detailed in this section. - -### Setting up Docker daemon - -Enable the authorization plugin with a dedicated command line flag in the -`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` -value. This value can be the plugin’s socket or a path to a specification file. -Authorization plugins can be loaded without restarting the daemon. Refer -to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reloading) for more information. - -```bash -$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... -``` - -Docker's authorization subsystem supports multiple `--authorization-plugin` parameters. - -### Calling authorized command (allow) - -```bash -$ docker pull centos -... -f1b10cd84249: Pull complete -... -``` - -### Calling unauthorized command (deny) - -```bash -$ docker pull centos -... -docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed. -``` - -### Error from plugins - -```bash -$ docker pull centos -... -docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?. -``` - -## API schema and implementation - -In addition to Docker's standard plugin registration method, each plugin -should implement the following two methods: - -* `/AuthZPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request. - -* `/AuthZPlugin.AuthZRes` This authorize response method is called before the response is returned from Docker daemon to the client. - -#### /AuthZPlugin.AuthZReq - -**Request**: - -```json -{ - "User": "The user identification", - "UserAuthNMethod": "The authentication method used", - "RequestMethod": "The HTTP method", - "RequestURI": "The HTTP request URI", - "RequestBody": "Byte array containing the raw HTTP request body", - "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string " -} -``` - -**Response**: - -```json -{ - "Allow": "Determined whether the user is allowed or not", - "Msg": "The authorization message", - "Err": "The error message if things go wrong" -} -``` -#### /AuthZPlugin.AuthZRes - -**Request**: - -```json -{ - "User": "The user identification", - "UserAuthNMethod": "The authentication method used", - "RequestMethod": "The HTTP method", - "RequestURI": "The HTTP request URI", - "RequestBody": "Byte array containing the raw HTTP request body", - "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string", - "ResponseBody": "Byte array containing the raw HTTP response body", - "ResponseHeader": "Byte array containing the raw HTTP response header as a map[string][]string", - "ResponseStatusCode":"Response status code" -} -``` - -**Response**: - -```json -{ - "Allow": "Determined whether the user is allowed or not", - "Msg": "The authorization message", - "Err": "The error message if things go wrong" -} -``` - -### Request authorization - -Each plugin must support two request authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message. - -#### Daemon -> Plugin - -Name | Type | Description ------------------------|-------------------|------------------------------------------------------- -User | string | The user identification -Authentication method | string | The authentication method used -Request method | enum | The HTTP method (GET/DELETE/POST) -Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json) -Request headers | map[string]string | Request headers as key value pairs (without the authorization header) -Request body | []byte | Raw request body - - -#### Plugin -> Daemon - -Name | Type | Description ---------|--------|---------------------------------------------------------------------------------- -Allow | bool | Boolean value indicating whether the request is allowed or denied -Msg | string | Authorization message (will be returned to the client in case the access is denied) -Err | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information) - -### Response authorization - -The plugin must support two authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message. - -#### Daemon -> Plugin - - -Name | Type | Description ------------------------ |------------------ |---------------------------------------------------- -User | string | The user identification -Authentication method | string | The authentication method used -Request method | string | The HTTP method (GET/DELETE/POST) -Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json) -Request headers | map[string]string | Request headers as key value pairs (without the authorization header) -Request body | []byte | Raw request body -Response status code | int | Status code from the docker daemon -Response headers | map[string]string | Response headers as key value pairs -Response body | []byte | Raw docker daemon response body - - -#### Plugin -> Daemon - -Name | Type | Description ---------|--------|---------------------------------------------------------------------------------- -Allow | bool | Boolean value indicating whether the response is allowed or denied -Msg | string | Authorization message (will be returned to the client in case the access is denied) -Err | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information) diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md deleted file mode 100644 index 7a107e2ce3..0000000000 --- a/docs/extend/plugins_network.md +++ /dev/null @@ -1,73 +0,0 @@ - - -# Engine network driver plugins - -This document describes Docker Engine network driver plugins generally -available in Docker Engine. To view information on plugins -managed by Docker Engine, refer to [Docker Engine plugin system](index.md). - -Docker Engine network plugins enable Engine deployments to be extended to -support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN -or something completely different. Network driver plugins are supported via the -LibNetwork project. Each plugin is implemented as a "remote driver" for -LibNetwork, which shares plugin infrastructure with Engine. Effectively, network -driver plugins are activated in the same way as other plugins, and use the same -kind of protocol. - -## Network driver plugins and swarm mode - -Docker 1.12 adds support for cluster management and orchestration called -[swarm mode](../swarm/index.md). Docker Engine running in swarm mode currently -only supports the built-in overlay driver for networking. Therefore existing -networking plugins will not work in swarm mode. - -When you run Docker Engine outside of swarm mode, all networking plugins that -worked in Docker 1.11 will continue to function normally. They do not require -any modification. - -## Using network driver plugins - -The means of installing and running a network driver plugin depend on the -particular plugin. So, be sure to install your plugin according to the -instructions obtained from the plugin developer. - -Once running however, network driver plugins are used just like the built-in -network drivers: by being mentioned as a driver in network-oriented Docker -commands. For example, - - $ docker network create --driver weave mynet - -Some network driver plugins are listed in [plugins](legacy_plugins.md) - -The `mynet` network is now owned by `weave`, so subsequent commands -referring to that network will be sent to the plugin, - - $ docker run --network=mynet busybox top - - -## Write a network plugin - -Network plugins implement the [Docker plugin -API](https://docs.docker.com/extend/plugin_api/) and the network plugin protocol - -## Network plugin protocol - -The network driver protocol, in addition to the plugin activation call, is -documented as part of libnetwork: -[https://github.com/docker/libnetwork/blob/master/docs/remote.md](https://github.com/docker/libnetwork/blob/master/docs/remote.md). - -# Related Information - -To interact with the Docker maintainers and other interested users, see the IRC channel `#docker-network`. - -- [Docker networks feature overview](../userguide/networking/index.md) -- The [LibNetwork](https://github.com/docker/libnetwork) project diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md deleted file mode 100644 index f9c93a3de1..0000000000 --- a/docs/extend/plugins_volume.md +++ /dev/null @@ -1,268 +0,0 @@ - - -# Write a volume plugin - -Docker Engine volume plugins enable Engine deployments to be integrated with -external storage systems, such as Amazon EBS, and enable data volumes to persist -beyond the lifetime of a single Engine host. See the -[plugin documentation](legacy_plugins.md) for more information. - -## Changelog - -### 1.12.0 - -- Add `Status` field to `VolumeDriver.Get` response ([#21006](https://github.com/docker/docker/pull/21006#)) -- Add `VolumeDriver.Capabilities` to get capabilities of the volume driver([#22077](https://github.com/docker/docker/pull/22077)) - -### 1.10.0 - -- Add `VolumeDriver.Get` which gets the details about the volume ([#16534](https://github.com/docker/docker/pull/16534)) -- Add `VolumeDriver.List` which lists all volumes owned by the driver ([#16534](https://github.com/docker/docker/pull/16534)) - -### 1.8.0 - -- Initial support for volume driver plugins ([#14659](https://github.com/docker/docker/pull/14659)) - -## Command-line changes - -A volume plugin makes use of the `-v`and `--volume-driver` flag on the `docker run` command. The `-v` flag accepts a volume name and the `--volume-driver` flag a driver type, for example: - - $ docker run -ti -v volumename:/data --volume-driver=flocker busybox sh - -This command passes the `volumename` through to the volume plugin as a -user-given name for the volume. The `volumename` must not begin with a `/`. - -By having the user specify a `volumename`, a plugin can associate the volume -with an external volume beyond the lifetime of a single container or container -host. This can be used, for example, to move a stateful container from one -server to another. - -By specifying a `volumedriver` in conjunction with a `volumename`, users can use plugins such as [Flocker](https://clusterhq.com/docker-plugin/) to manage volumes external to a single host, such as those on EBS. - - -## Create a VolumeDriver - -The container creation endpoint (`/containers/create`) accepts a `VolumeDriver` -field of type `string` allowing to specify the name of the driver. It's default -value of `"local"` (the default driver for local volumes). - -## Volume plugin protocol - -If a plugin registers itself as a `VolumeDriver` when activated, then it is -expected to provide writeable paths on the host filesystem for the Docker -daemon to provide to containers to consume. - -The Docker daemon handles bind-mounting the provided paths into user -containers. - -> **Note**: Volume plugins should *not* write data to the `/var/lib/docker/` -> directory, including `/var/lib/docker/volumes`. The `/var/lib/docker/` -> directory is reserved for Docker. - -### /VolumeDriver.Create - -**Request**: -```json -{ - "Name": "volume_name", - "Opts": {} -} -``` - -Instruct the plugin that the user wants to create a volume, given a user -specified volume name. The plugin does not need to actually manifest the -volume on the filesystem yet (until Mount is called). -Opts is a map of driver specific options passed through from the user request. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a string error if an error occurred. - -### /VolumeDriver.Remove - -**Request**: -```json -{ - "Name": "volume_name" -} -``` - -Delete the specified volume from disk. This request is issued when a user invokes `docker rm -v` to remove volumes associated with a container. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a string error if an error occurred. - -### /VolumeDriver.Mount - -**Request**: -```json -{ - "Name": "volume_name", - "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c" -} -``` - -Docker requires the plugin to provide a volume, given a user specified volume -name. This is called once per container start. If the same volume_name is requested -more than once, the plugin may need to keep track of each new mount request and provision -at the first mount request and deprovision at the last corresponding unmount request. - -`ID` is a unique ID for the caller that is requesting the mount. - -**Response**: -```json -{ - "Mountpoint": "/path/to/directory/on/host", - "Err": "" -} -``` - -Respond with the path on the host filesystem where the volume has been made -available, and/or a string error if an error occurred. - -### /VolumeDriver.Path - -**Request**: -```json -{ - "Name": "volume_name" -} -``` - -Docker needs reminding of the path to the volume on the host. - -**Response**: -```json -{ - "Mountpoint": "/path/to/directory/on/host", - "Err": "" -} -``` - -Respond with the path on the host filesystem where the volume has been made -available, and/or a string error if an error occurred. `Mountpoint` is optional, -however the plugin may be queried again later if one is not provided. - -### /VolumeDriver.Unmount - -**Request**: -```json -{ - "Name": "volume_name", - "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c" -} -``` - -Indication that Docker no longer is using the named volume. This is called once -per container stop. Plugin may deduce that it is safe to deprovision it at -this point. - -`ID` is a unique ID for the caller that is requesting the mount. - -**Response**: -```json -{ - "Err": "" -} -``` - -Respond with a string error if an error occurred. - - -### /VolumeDriver.Get - -**Request**: -```json -{ - "Name": "volume_name" -} -``` - -Get the volume info. - - -**Response**: -```json -{ - "Volume": { - "Name": "volume_name", - "Mountpoint": "/path/to/directory/on/host", - "Status": {} - }, - "Err": "" -} -``` - -Respond with a string error if an error occurred. `Mountpoint` and `Status` are -optional. - - -### /VolumeDriver.List - -**Request**: -```json -{} -``` - -Get the list of volumes registered with the plugin. - -**Response**: -```json -{ - "Volumes": [ - { - "Name": "volume_name", - "Mountpoint": "/path/to/directory/on/host" - } - ], - "Err": "" -} -``` - -Respond with a string error if an error occurred. `Mountpoint` is optional. - -### /VolumeDriver.Capabilities - -**Request**: -```json -{} -``` - -Get the list of capabilities the driver supports. -The driver is not required to implement this endpoint, however in such cases -the default values will be taken. - -**Response**: -```json -{ - "Capabilities": { - "Scope": "global" - } -} -``` - -Supported scopes are `global` and `local`. Any other value in `Scope` will be -ignored and assumed to be `local`. Scope allows cluster managers to handle the -volume differently, for instance with a scope of `global`, the cluster manager -knows it only needs to create the volume once instead of on every engine. More -capabilities may be added in the future. From 12a392015357da8509be7bfefa11adc291076e67 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Wed, 12 Oct 2016 16:23:01 -0700 Subject: [PATCH 1813/2538] Add a link to the new build instructions Signed-off-by: Misty Stanley-Jones --- docs/README.md | 3 + docs/deprecated.md | 216 ++++++++++++++ docs/extend/images/authz_additional_info.png | Bin 0 -> 45916 bytes docs/extend/images/authz_allow.png | Bin 0 -> 33505 bytes docs/extend/images/authz_chunked.png | Bin 0 -> 33168 bytes .../extend/images/authz_connection_hijack.png | Bin 0 -> 38780 bytes docs/extend/images/authz_deny.png | Bin 0 -> 27099 bytes docs/extend/index.md | 272 ++++++++++++++++++ docs/extend/legacy_plugins.md | 93 ++++++ docs/extend/manifest.md | 222 ++++++++++++++ docs/extend/menu.md | 15 + docs/extend/plugin_api.md | 192 +++++++++++++ docs/extend/plugins_authorization.md | 256 +++++++++++++++++ docs/extend/plugins_network.md | 73 +++++ docs/extend/plugins_volume.md | 268 +++++++++++++++++ 15 files changed, 1610 insertions(+) create mode 100644 docs/deprecated.md create mode 100644 docs/extend/images/authz_additional_info.png create mode 100644 docs/extend/images/authz_allow.png create mode 100644 docs/extend/images/authz_chunked.png create mode 100644 docs/extend/images/authz_connection_hijack.png create mode 100644 docs/extend/images/authz_deny.png create mode 100644 docs/extend/index.md create mode 100644 docs/extend/legacy_plugins.md create mode 100644 docs/extend/manifest.md create mode 100644 docs/extend/menu.md create mode 100644 docs/extend/plugin_api.md create mode 100644 docs/extend/plugins_authorization.md create mode 100644 docs/extend/plugins_network.md create mode 100644 docs/extend/plugins_volume.md diff --git a/docs/README.md b/docs/README.md index 45c9e22948..a1e0a179d3 100644 --- a/docs/README.md +++ b/docs/README.md @@ -3,6 +3,9 @@ The documentation for Docker Engine has been merged into [the general documentation repo](https://github.com/docker/docker.github.io). +See the [README](https://github.com/docker/docker.github.io/blob/master/README.md) +for instructions on contributing to and building the documentation. + If you'd like to edit the current published version of the Engine docs, do it in the master branch here: https://github.com/docker/docker.github.io/tree/master/engine diff --git a/docs/deprecated.md b/docs/deprecated.md new file mode 100644 index 0000000000..a591880ef0 --- /dev/null +++ b/docs/deprecated.md @@ -0,0 +1,216 @@ + + +# Deprecated Engine Features + +The following list of features are deprecated in Engine. +To learn more about Docker Engine's deprecation policy, +see [Feature Deprecation Policy](index.md#feature-deprecation-policy). + + +### `repository:shortid` image references +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** + +**Target For Removal In Release: v1.16** + +`repository:shortid` syntax for referencing images is very little used, collides with with tag references can be confused with digest references. + +### `docker daemon` subcommand +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** + +**Target For Removal In Release: v1.16** + +The daemon is moved to a separate binary (`dockerd`), and should be used instead. + +### Three argument form in `docker import` +**Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +The `docker import` command format 'file|URL|- [REPOSITORY [TAG]]' is deprecated since November 2013. It's no more supported. + +### `-h` shorthand for `--help` + +**Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +**Target For Removal In Release: v1.15** + +The shorthand (`-h`) is less common than `--help` on Linux and cannot be used +on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on +`docker create`). For this reason, the `-h` shorthand was not printed in the +"usage" output of subcommands, nor documented, and is now marked "deprecated". + +### `-e` and `--email` flags on `docker login` +**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** + +**Target For Removal In Release: v1.14** + +The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. + +### Separator (`:`) of `--security-opt` flag on `docker run` +**Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** + +**Target For Removal In Release: v1.14** + +The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consistency with other similar flags, like `--storage-opt`. + +### `/containers/(id or name)/copy` endpoint + +**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +The endpoint `/containers/(id or name)/copy` is deprecated in favor of `/containers/(id or name)/archive`. + +### Ambiguous event fields in API +**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** + +The fields `ID`, `Status` and `From` in the events API have been deprecated in favor of a more rich structure. +See the events API documentation for the new format. + +### `-f` flag on `docker tag` +**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +To make tagging consistent across the various `docker` commands, the `-f` flag on the `docker tag` command is deprecated. It is not longer necessary to specify `-f` to move a tag from one image to another. Nor will `docker` generate an error if the `-f` flag is missing and the specified tag is already in use. + +### HostConfig at API container start +**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +Passing an `HostConfig` to `POST /containers/{name}/start` is deprecated in favor of +defining it at container creation (`POST /containers/create`). + +### Docker ps 'before' and 'since' options + +**Deprecated In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +The `docker ps --before` and `docker ps --since` options are deprecated. +Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. + +### Docker search 'automated' and 'stars' options + +**Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +**Target For Removal In Release: v1.15** + +The `docker search --automated` and `docker search --stars` options are deprecated. +Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead. + +### Driver Specific Log Tags +**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +Log tags are now generated in a standard way across different logging drivers. +Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and +`fluentd-tag` have been deprecated in favor of the generic `tag` option. + + docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" + +### LXC built-in exec driver +**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** + +**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** + +The built-in LXC execution driver, the lxc-conf flag, and API fields have been removed. + +### Old Command Line Options +**Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** + +**Removed In Release: [v1.10.0](https://github.com/docker/docker/releases/tag/v1.10.0)** + +The flags `-d` and `--daemon` are deprecated in favor of the `daemon` subcommand: + + docker daemon -H ... + +The following single-dash (`-opt`) variant of certain command line options +are deprecated and replaced with double-dash options (`--opt`): + + docker attach -nostdin + docker attach -sig-proxy + docker build -no-cache + docker build -rm + docker commit -author + docker commit -run + docker events -since + docker history -notrunc + docker images -notrunc + docker inspect -format + docker ps -beforeId + docker ps -notrunc + docker ps -sinceId + docker rm -link + docker run -cidfile + docker run -dns + docker run -entrypoint + docker run -expose + docker run -link + docker run -lxc-conf + docker run -n + docker run -privileged + docker run -volumes-from + docker search -notrunc + docker search -stars + docker search -t + docker search -trusted + docker tag -force + +The following double-dash options are deprecated and have no replacement: + + docker run --cpuset + docker run --networking + docker ps --since-id + docker ps --before-id + docker search --trusted + +**Deprecated In Release: [v1.5.0](https://github.com/docker/docker/releases/tag/v1.5.0)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +The single-dash (`-help`) was removed, in favor of the double-dash `--help` + + docker -help + docker [COMMAND] -help + +### `--run` flag on docker commit + +**Deprecated In Release: [v0.10.0](https://github.com/docker/docker/releases/tag/v0.10.0)** + +**Removed In Release: [v1.13.0](https://github.com/docker/docker/releases/)** + +The flag `--run` of the docker commit (and its short version `-run`) were deprecated in favor +of the `--changes` flag that allows to pass `Dockerfile` commands. + + +### Interacting with V1 registries + +Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 registries. Though disabled by default, this signals the intent to deprecate the v1 protocol. + +### Docker Content Trust ENV passphrase variables name change +**Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** + +**Removed In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** + +Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the Tagging key has been renamed to Repository key. Due to this renaming, we're also changing the corresponding environment variables + +- DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE +- DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE + +### `MAINTAINER` in Dockerfile +**Deprecated In Release: v1.13.0** + +`MAINTAINER` was an early very limited form of `LABEL` which should be used instead. diff --git a/docs/extend/images/authz_additional_info.png b/docs/extend/images/authz_additional_info.png new file mode 100644 index 0000000000000000000000000000000000000000..1a6a6d01d2048fcb975b7d2b025cdfabd4c4f5f3 GIT binary patch literal 45916 zcmd43bx@UE)He)x5RM?JfJle5lt_rQlp>N6($cM@(x9NyQUU^sbT>#NA)(SC4bm-w zNPg=w?&o>uo%!bb^P4&MJ;U}~wXeO`TEAH5*`3>RXU|Zc!N9;cs~|6?8mEj#}{hMznYINBu?&oe6G$A5M8Mr ztp2%?yOZk~NktGSO(E}t`um}Kj_Q>uvLRE#Vv_j#d5(dNzJ`Sk$N2q`=ttiPm#IZt z{P`34KQ{W{zd!!}_0JMA*zHq|{>*G_?Q1M*>9Dh#VM&LRcFg&rSx zqV8j@3jHsWhM6dpm8o)fUw9v_7<@n2sL#1iD7KdpOnpr=U%!@JyZC-ld^Fc=n`(Vf zM)_vzcntLu*&9zJ`cVqiE^F_shw^Vnd;OY=O}q7q&(Hq!q}M^-d*1oauSeN#GtfA# zk7;ij$t%$jUG;sZpjTY`IUxJC_u*EcN>L!KmzLE~zAaVT!R<_nr_a?GDsE&_@Fi0) zP6ZiKT(Jn3mgzU2sByQuS+|h%I9TZ5=Z4@6OjFa=YRMOo=jYgFK8Dl#&*oRJKRBG@ z_I8}AvEDoSIXO@!_2i5&pJ~T8x6MWzY6I`1vQ&e5FZPXG?Gj3b_pTduQ9oglMuoy& zCkj8zwnkoMpS!nhmFGdZ$xQRJ(B*-gYj@1vJ1tQaX2DAceSOW9(*3ISU{|5!cH?dv zt+%?PzS}hR?0d05y!T=k_|2RWuepBSI^6zp?fH3*`3A?ij%ezK^Ig0h-Pc%@lbn96 zj`T%{dwa>naB5Q#iXRr5w1rX=e8P0zWwDv48NsZ6LB_Q#pDb3(sGKAk`rdg(gp5-w zoc&h>qa4-vd*_GWI%B^?2tPE_xU{U2DtlIg`{84{qUgQ#VN{3O#X6@YRZ|m~C5;oz z&gl<<*Df2><)&uZ(j6Yn&FAaieo{^4_T0Wj_Aoi_AbG-jDJ?cpaXVJIGlomUYtLZ3 z(8xd4X{mSFTTob7doH8%1DPk$TFmvwE<2JshbOe6Zrwd;H_7GJ$Ev7d(LNOY{*f`% z`*=I~_U=>zZNAGodH(rc8>fqld3JaPHqKth<O{E%xZw@1v&Si_61$gmMUD=>Y9uD`AKSVZ);YO=~aOVtu2P{+n;3-nzPj= zq^!!r-LRq5JxbRW?`9|`52jQ4bsHROR#xT2suU(rD{t+Dw9#JN`J^&**M3L3o1ONk zTgD);yZhJ9VvqEIL@bVD@X41emc5x_p?8b#E6Dj`VXKRb5&m!w+Q%cmOmXgT&T7cZ zNWHl&&e>YFZ^qct{jSbU-k)lV* zTNPn%C^&YXL{>-d4t5*X^Y{~RrhF+$*>*De@*=JBezPuz6q>?|e%P3k1dY-sr|Py^FNW@{3|+gd_x@e} z!J}b1>N=H074qPY#Tp0x?nch=&9Fk3H65ID0(Di(d&jsWN6G;>XZP$z%RlkjjR`Rl z2ESk2{L!a;alv{ZdrqswEQGy8JxjIK{o!M+kd08K6j68qcEbTZ5%ouF_MvQQ=|Wb6 zxt59cJ#U}n$J5In&e=ansD5+-yLx2noWZ2qVUgodzFz3hN$<(b6*cASb9>)AxzE0_ ziw^U$cx$tX>V&N)a=aDhok?jyQ#tWYfs{G!OQP^><-vOO*^6h$FRu>QKCYN;4Y^2g zNK1cN3^p(y>!OFpj$HLFUMfR6wSn#Qi@bsIUVMLBJhk(|dIn>kJkO<;zhqI?Wc*4& zJhWzeT)+L3#)e|btZms-c6)1}?M~GB1E;#i2Nho@%;t|puZ_{+cV=axNydA|Y*z+y z78*j()BRa$trh76)FMKX-Gq*~q(>oWhX|JDhKbt8A$#>ly9x1pjRM=Jx;t>6o!2Fx z5;8pGf7565aesejr6Xyh{$v8P(U@SiElhC6`+Gaf{7nLHnyW<4B4bq#km9;|J0cNy}-r55^xow;zzj zB^tk6P=EYhjaTzm9BuqY?aw4NeIcI7;7>IWvyRQ6T#jTPRI$fAio%&1dy5V6QJO8T~s7rs(4oNw&7KK${cDNFc4aJ^?&w&$A} zyRzC(u>4)C=$OU%YA)UgN&aZl6f&wI>PDEp@kOIUS;FE6x^? z-S~TE@uMFv@6~x|6VQleex4pjn|8)%9PFvRce0GGcVzIP<|v9pD1^HXtjq1S1ybu8n#%bC+FPfSngyMl&03W^N?PvBi+_( z5*&97vHIivoQ^cO&)c5N(ogZfckzFrU^Z09wcc!@-GaCu@0uBURMexU-S{0-&HjyQ znqsTz_G8Pgs|z0^J_My62;2^MXq&M>p(Y1UV|1#mYa@@C+>{(TpmwMCq z*VVL^o*2&2thSTo{AB(%Yfp>US|?G3GddBmn40vpX~&~qbEGRlP`R-8G&d&9L4wXY zo=TDXwwWbtI-?AIzaUaK;g=cYSEh}ucNJZKPN24>hglm+{pZ@|Q)qMd6VK~9Y&Txh zxFdM9@ z&)XYnrlw-9@T%2^Jh$YqysOeWL}geGVU|=Hzw^FO8RDbcbMkHx822u;FTZf2CbH-i zGVAc*Z25%Qfl*F=#)y|*hC~HSRFUv-Ic_O|2z6cQEC2bl`Y4?$oP=%O4V(u^+{Lys z;2HC`w0C$WLo2ZTvz&H-n55=)nWX<|D|IH5*5HoYH9rlz;&`8a8YwXs+}%pQd&pRQ zAbPwv8_92ed#6>LN$BBxaK!BmNLw-+l)BqW1cYkTc9V5^6ZI)!MPccZ+oEC{LKW79oZM>U8E(-R)DA}A5 zIV7#!Y{DysP}?Z|9s(#k-jRgl<3)$#L-$&18|7p%+f|b`E02t3Nt!rp&N|7e(+?*d zS@J!$Dw;l(t=^$NDDKe}Zv5V!C|uIET04?<5Sh_DJx^&>h1L zIK8w?y%dESx5y$JrRU*tPJv>**U>kBLa{q)bVNdrhM~;VGxiEHj57X`bX_E?XaEb7 zrHgQm*88w0j=eV`Z`iN+((Oc6H?Hq3FUYaWy|!A&t-ikVI@)KyDf({b!7`rYaalX3Equj=e#2 zyz3Re>5s*p@5culoxvCQQO2n0c9vvy-EUjNCSmPwZ@jp_|6^%6dUe^alQ!6R(TBXG zanhva`S}hxspKJD2x4WU6xZWK-HX4AOVmNFs_xuP=!CCq6=6sw3z6|nFs-=$?#5)n z3xaksMm}7_zDh?ENnuEQC0A_kC$+UDFztMr8+V;Ne|^S?j3%yFssUFqS6^ zTLv&bd8wSDQPeSDcf`>B=s?lDqWnxib+rg=vg(@!U$m>fXf2t%DOMg`+8DH3TPqmP zntAd`Z&0bVZbBMM*{tT{t;fA4ujrZ}y=3cuOZ$>gq1EE6!69<5_R+waj!O*==1ts) z!J3Zw;UW_P&N;q?XP%rlTkv`c?Y(&8&+DEhq)B8qcqpuem3wO0uEjwPC_vi)r*fh42NZj=S&#j7%PinPJBl)_@ zTY1AlqP2Oeg&l1*Bq(kUr?ZcqVCsLqPoOoP`YPkyJBrxCbNb0`FP4dNAC&3V^RO?N zwdv~a8C#d-N%fG~Wg8}bZyg_#+o^u#B<1>(m*c15>#&u<4$oFA+7e@f%t~Ebd;W(8 zKQG^PnHDYogo}WRypKNR|HTv+B{qp?mqo3<}UUF>%+W3}v!+a0E z$^ZKHQn}wkCW7Hcl=MX^MWZhZ$=>-k{ktgy_O&}Pl)S$7vQN&OZ_e#E=-heL(}b=HqOsc@BV32x_V&wbFhQ`mPk z(E}?lLnGg1h1_>=^sY#CnFih1^?@EJAk=68m1rJlv9504ugKVTv9?!s*%wJhmCbUf z*4%5`c+lXD^&xOxgJnxq++b%9iqdGhhC<`^NapCmKFdNBxfhdwRXe?IUm8Lm{%u_bi0U2D8)xEB_HOGbkY`631^n91a87 z8ok*X92KA66`tuMj-!0&X{7yw)2#guL-S0kK~s$B8P;{3oo2j+!2$zrH*-7>olOS* zy&S{+(_(^?-Y3^vC=cmOpwG3 zQ3{p&Z33Z!>!3O7P!{k_2L4E6kJ%SS$X$XgRZlr15C_8>7F(Q@9Wu zL6VWDt@ih#gq0_iVr? zg7^pCZpg5WWZ(yS^2_&v(6b{$#&2KQSl{Q|aUPYzFEaW;kLJB&Cijm}GkgtG5kR^Sh!qLnC{QPZ2t{N-GUd=Eb)r^9}DN>495(<;>G?qAQ1$#TmS`Y z3FF^aMpAg&$FEt0KmGR$M5Yjz7xPRc(J51x|Cqf&I7Z97_1u30^p_+gNsLpvLjTc$ z4I-FlNLISy{QeElHN#tx!jBsH`=T+>S}gG1USClAyUsDt0deqVgM9g}{e5qAm@6n7 zHu<`fZ*Et8!H3A_dzTLp0 zXX!4rR2x{JdAwQ_KDV}>)B~GGkCkLYsn~!tMUxzU zID~`?)S3%Iz0%L7>-U<3~m&gnk-Nb>Afk*2&C{j z+PTZDD!#wSs9kCifmD7m-|yci*_6RBuz+1$P)Fo>{A=OCw~xfBC+>=~D;})t7l5`* z9(p`EWZ=yuXg3xPsb1uj$?-|!lhF$MPADYjXixS6_g6xXYYNGFy{GlT+s(Xa^FYHlhMcRn}pjL;ztUac{38b`5xJzDXF`2!QRwD2UHjU!02xKa=l!|beOYEu z;l(P8AE_%%-bxl5pA}aIj`ZD~H&T8^o=^8K`KS~(`r~xMZvEB~&9R(LIVoVa#&E+B zYX8V-AWmG{w5TevdW&vSNzX3oh;G`6^R08&FJM4T2==C%0EKXbOXxBE?NQonauV^O$xeayQs;++Y`Fi{4g(R_qA@UzcjR*bqcc_)IUZh+>ROBY*q zy=N~QF`*xWk5`HH&}Ga1%!sKIT3d&y2FwaV8|7m%irNpJn3lwcRpy4MG}n!Z?2QJw zq|i&y7iLz4uNk zKYMLPiqX9%K#+Fie=W0Kv6y*OU}hlL&9oY7i+biY^@00?t`8|=^9`sIYHsl7Pq$)7 zV$%C39OH4He-b=(V27l|5_2yK4>Q%hlsT9CZ8Wu(6LCXhyTEffbo{e+HbiZ;c6Kn!ckPb`v6 z?b0hD$G1>JOY{5)5mT-A@)UO4Oo@LaWAI^9$U}GYta_kyAb|qRxas$A?W)=8Y)hjR z1wejDrYj{}0tTsm>Zu*U@ehTE9_u)A7^#f7)Yn|pbwyW+d0L1pHW!jGRjMD%Df;qr zc`S6_-Qqdf9ksts_QI0+)?MTG*nXPcD&ON8K0O()cFifd@q*0x;lNk6A9{!O9*0|P zR#6vsTGiPT9rZTK)*qM|xXLm6eip{UXP|h8tM@TkT>Pmh6@-JrsHM~}vFu*G+D95` z)}!TlB4S>Ll_Klo)fFOM5CC3(*DEr9A~Kn!#xm;x#P2{=M$)4Wp}^P37J9t_kK^bC z1oHA2;OLNtZ@!`hM(>QwDT^`6g*xHWhz=)bdbI${9XuoIb?8>G_4vo)o0+_ORjMu4 zW0ggWKp1WT0uW9EO19{^x!vrY9}x(%KQ~%vB;5wwc`#qH_p!UP7jOivRr8+`avmal zk0Ze~&}CE>Xdf-o&(=hXSu&k5X6aue4`35}`Sin}ZiSujne*)5J||*1!Y8am(GCtP6p(s z>}^8PO&_r}huXW=1oJ0KGA^zs0(@v=7OEo_+=p@f(+$#3IQw$2?cv!axE;8SY$?PH876@*NJN5K7F;DadLuIT-8jTRVqJ85cKL~!M6tEJy z5Zpt8y7h_<^;M3C-IxFoBSf0r@ds8MfI-UC3y!BV)bfDUw>-+2Zqqdl!CQmz`b9xI zbv4wy_3BGA%IQ&{zchyp&z)s7#NE_DD$8Y#M?aXT$PAvtrG!11!xxR^i>5q1;?2*`qS_B0Z52 ziQ?2&-N??XQ<$1=frpO0toOhw2XbWg?8Al6?Xc|LH8V}z^-G(@rC655)u8n)z{E-{ z_=L%D5tGB0Xet5Ygyq&+C7#1i_ zE%Z190HY^tiuWess_j>GgE*q4&FK$M;~HWw4;@cO^?29cdR2dC`h`KA$1l_g3sGy_ zXZ)*%a~F>by1W=flsQ$qPw@5=GxDtUhKH_4Jg?s_CuVZU^`nEF8fKVRo8e>6O`+77 zSY3cIiGkYlsR1UNCRKVQ!9T;BN;$N2zH}^%0JHYn-N~-0jIG|A+*z)Ji*qBJ^u2^0 z<1xOw#L90+hH#T<8n;T%NFB&F(za3!vwXVJR6?jy?eXhDwD6(O7}x68u?(Y1*U6=Mo+~~*b7w_W|O1lEpwC6ek*li+0V@pI!Vptc6@7?XQcw8#f8bmLBA8oi# z#+bc#l`z9($cOu;gKDcf9hD&Qj~|INj(wK*u+zk7pL0!wUYJi+SkIA+K7TWikoNLM&35Q_vNnge)(uKj8>bq?aR)yioT0#K z5!A$`zV)fHZv1?X$z~qz@oBBMmduOZsvMRSf}$uM@sOn}xjYgVO*&2)qr9Xj%mi_Q zW9S#{Ur(c#$ z&R4JnkB^TIIzeze^m-OvC3^kJ#?q*d@a3N$q%jy!f(yJRt*pss4p%Y!Tx4Yo_;5Jc zJX#Y(F8=cZ%thbrXRE~*O!RENS3VKg-D;oO5Q_?ZI?wZX*Jg*({)hKngL4l>*8`I< z5i2V7=&Nk7qR9^hDO_2fwRYbK?a6X8AH?0mWa@6GZNBN>Whzo%vz;8*=nP&8}XQ$w6!Siw;ZP<`+ z*gE&&ty{?yC}tZu`mN3$qm7%FYI+21hEwdWQk1ue<41`n_GA5;$Eqfp;;c6NM7bk& z#w$mlFwg^s(EfUTSOj*k&9p9gVhX*)rcZ+vJL<x!Un#tu4m5t{jkG=h0UOt6(V=zo0CZPzLcJa8`e2Qjb(rs8m#xUU2q|WAJ z60PO=_BY*n%y?v+nO@{LsoX>iZiSMK6&5{GXV9UNQ?DBP`ifhyr5f+I)3We%3n)92{igaPb0467W&o`dy%5KLz}{`G!>m+ zpm!o}8jvf!p07LhuKr;CS|gu9|0z!r-CP%+J8XCJ6Rk;T0$*XE(0=--SF(hTT=Z*l z@jY?Xyol)Bo?v)=$GZ8RS0m^kCTY3b9sBW@ZZCGCp?&YhKC%Lt}pFRpOwu z-51QdCIu`gGhWSVqpvrWm6z@n`jMo{QW%|SAw0kA;XhJ*f|BMIwX_wGB1vNByZaj# z`pOeEuoCIFW7HEr^hqX{`tbDZr;I9PtlKD?Iq8}E7YP4=U*qQ(6UEPm_zZh6C&K(9 zNcN%((-@nBex1$d)!?PPNDMHTxUowL`7+%x+K^J_feg?m>RIsRexA|=4%<)dMPFaOdV_kiwr_QLEw^IynLR}Rp++2x?;(Z6%z!8sj! zf^$)S5qtAhK;y%9;yTKIc>qUAIOpZ~i0Hq7-FFxP;KM)?VI9t&wg{N(Gk-(8kY<6a3h)*2o6iSf3DLCE9s=5EDa3?tW2WD7!bMGnA_!VHxc@M(F zqCcaqZ4rhl*PPyEJ}9-R`B`SDP*QOEX801Ll8+cu#HG*Q|06n7iGenH62S7`00T19 zz0KM*{}CPRFp*i|oB!r9T;d&KNQxKg{EzvNzX8XbCrSE``3SlKb1hG5?*1Rqkp)xv zPO6FYzkvv3vMpyg!~P>W&ciY4@^1gbeDuO>Gbkm_{l|Q~V~~)HJcCvq4rxfc8T$>; zl?(ri-9J1?KsYQJT%-LC07UnS0RyV{Y;rV%xOZnkx6F!JK|#Sz94f9<}b z_L_fA)Q)`l(iCdEtd7tpq;2DMI~Wpi#0gGdy-iH=_mZ z_1QFY^KqR+;*b+bq zK*rMPw_j(^0KF;yVBs^@TxV=7zygY`p*&p{jcoM@QTOlizy8q{<8Gs!Euh*q z48W${3r`u-E-^#PYKvmuA~t$=AHYr|z4Yk|eD{OiDJSb^Yv!?o6D!)XFTEY8pm*R< z@;fBv5m5zNN?Dt70sI?tyvoC_-@hpcoB<$DgWxTRcQTAltHUa+if<*8OyNZ`iTFA_ zBcSWu;Z}VY1aw+Y)-cduBGiF1hTvPWT0W)5`f)OWsAujxxBk5~8d0}9q14wdIW!GS z@2-tnEuZdV0fae_F;I@!UE1bP-D;zA>nzc)eZ=Rweox@}_Wnu%hwkK~6)q5fUkK*} zt#TXG-P0+xpx2SO@$L?p)bD^rM@9dv?>2^aaItCUnPxw6V-y9QJ`tS|yGAw>u(5(- zaUG59)VV)?{j5J(lR4WbglpM*m~jpKJAIY;)T*^}Xcqn9_{hk&>AoPgaDu^!KW5*m zI{4OyniA7aGG;{~RT8uAuHPZ}7VNxRJe3EuSQPXPR*7iROSsM0C>#&P)-c+FL%Gk1 z!l|>`nVaOBx&{PNnqi}#D)_Fl4C?C; ztun94*Sif?adZjWp(@x+vQ(vHU_x*3=mltqSr6u_j*uktt zOe&1#`aAEFV?MC6I8!|nKgS%A(#3~FyD4u}B-NwH6Yqr?JNy1jl?T8dT@Ze7e{A3r z!TF|aD$a!gZr2ijCEu@8BG&^{D23Lnl1X;cB-;7(-k}Q%WFY|J#bC(E`!Rp~;i%-p z$m}>?lS_pT_X&YeH=N09@%%bE?gm=(BJbY-l_b%`d2qB|y@ARRq>xfhfhq_~ZpdvO zPo>y#R(8iL$}Qh~@iETB->d!vmnoP|A@=g?M`z!AYf-#FsggSEa4S&zoBxT_Sj^!( zeyGWrt;cNmOj98~89jt+W6xtN_3AuEbjfP|2n$3QnET-Jbt+w+yV8XEzTADo=e?th9G2+s|^GX1gdW8$?xColpkpTwm(f*a%J-OeaB#)8`2 zcuw8&TM$0XD2hPz7GQ8(`zkPd4`jdlz`6CND_s=!+%I)n?pHAToM?G3`KoPv6uX8Z z#Dq(bI${yx)VkVrBL-L(1>jxNJbr!WGik+lreWl$dN3E+lPY%;?jy~j=dG*=I4_vK zR@ieRu297n#IM01+YYo()MY&#voA@u!$n|mj5Ywbs`@d|iNyUM?j{*{?nL+J>E3-X z-^B)Q%a_kcS)PBGCbD;-eDWah&-!72iDmE;E`D+g*hx^q8C}PnV-f!%B9E&sUS@7S;{MS#8`;%pi)&EidcuO z50||#Qs-H{I##7tw>N_)Nu_K`_o?dP!aE4?y>Fy(%IXapv6hAkk`FgO5GsmF_(*)C zn}FE_nd1hSeO3j&K$2v;mh3izHYJ>4B;=|T9m!hx%=KqY+=o>z^Yme}Vx#{fNJUmr zr=HCC9s~2584(~6LcwbsV5t5UOg&cbrV%&Hgqg_wk3~KYtAhko@H*SBf@~z;KR3^A_D=xy^`i zf5PwOWXOWGw0a-k7M+A4D>oIO1J-Ls{#!2$OQ)gozWVuIa#vXTu1F(W7Iq9;E6Tj{T*mWVjC-@Ufm{ET$D(Xvh}Pe;HR_u@3Ue?$nlCO_8x zoXA;T>f8lSUG~zYhe>f>O&^~TXs)e-)D%o5tjbbxM7D-CT@Ju=>1$ce73;xUz;C6< zB(H^J_`dNj? zagBGIsSGoO^M2`wu1n+laRu}P`Ng!!xI9_!Evgyq%z#M}WCZmc@0eSD`s|w!%V2~c z#UY}R+B0OwCVUIEkpjT>=!eU|9Q0rLeE4fSIxO%r9wS|xj&J1_86@X7bW;v)YhoH0FX%P(u4lmK+rdp-Qj<-a&HTXY-CI1*IiJb(GiT(Q@0Dz$3bS zDgkCATZ}^3@Aam+`@(D2cfh@htp&H?I*>i3{RAZ?7dJXgjwY8Ba*8LCQ!=>x%2ABC zo1{RcFgI9H1OYk5j1nm;V=3MZSBS9+a{J(SQn61aQ zg0iXMJ`SOx(5I$ycnPW@&k;vl(xYWIjnkSFh;C)okE*+*wd6m=rW_nVr;N*e>l31y zeII-HB`a(sUFK_>6=QI`l%s#R1Jv_h2?PJn<1eZ`QPk3?lda#$BGmgujqKkuxW$ye(fBSx*=xX6z56JGRdS-_>u%$UcO`uDDKaGXbD6|u`+zE?@- zW=ZDd5b^t7SEXRx|30r8%2*>9338xE(IMRiPzki0dq@dsnP?Ioa;Dl-yPAin!Fs4D z{!$E;mJz?#N+z(a(2*d#bIRXH;sYm=`{)d@5{uCk)TEc#F}>48KtH$f$H}n-e?9{e zIqM@66BBJNj#}U%lWGAE6_2W5nqu*V?cMo(uCq2YoT_4^mPzh{M^o!bnXb zd?Zt3o{=EI7|azf97F%+szyMH=ulcU7FNt#-glyyEM`l-!h9LgLkc6y?YcsY3xiS| zC801Ffz%dky__tU(RZSnO-qVZVNit*2C)}8`Rd@C&37LcUxmRQc;CyzebLWQJY$D|gyL%KwmnJlavmQJWt)S{{JSfBxf3%W?2W2;#*qM1bDh5|OQP(<7)s4LijB-R8w**>n9vlgxW zXt@#qRVt(=c=zE0mESwS$w;!IW;QD~|B@7PLD!NMFcO?XW&<*tA#R{n7D)=dIR zr9dRuqi_EDK4;n*d_nfmd1X)mJkU(gs?nRP&A-(B#vkdE2`7|wy%S16anvY)idws@ z45pC(FJM<$*Z!&-M_YpD`kotm@`3_g4{#bxj|dHqOrA;rZXJj^ldkc@93*6;GFmJn zplGs1anY`rsYD=9#2y{|#FLQ$H{QS^zK0;srz^nt3(P%)CJCh137=X-9rhRtQjY=S zP}$kLGzP5q^?9_fzbKv7?L;B^ftH0TOXtV#=; zi4hsTIfGa*G&H*cQ8ow!Ci^78DBmE68B8`cTK~&`De6ujz)L(?txaD-bjND}>lnkR z7PW?R#IlOzcH`^-fx+APR31vOG^>H^-U@qzS5Pe?t_gPaOuCP>n1l-=&dY8cy+ZX? z1MFe$O?600SBV2V>&G}=6VwcSe$4$bKv{KV!8L*QJZeZ z%-b&}q$E);+Q5o!2pR;aKW??0yuZj2~{ z=k@2e%={}J)Qq_P`fjRGGe29vb=)fbnoaRAt;NlSrGf2Ybp_EHqb~(R_uCtIWt8Sk z0cb2o%tp-Q$gSBnj*|%R8f5kaLt<}-h-(UkY_N0c;z=JWwU2bAehQBihcqKlxN{ngWfFr)Q-rM^E)Dt4D z*L0`8Enjvk`MoM0-n}jKStTmKpM5*{iZ4@O5>tp%J2B_~M$)L8rYc+VKAvo)dCxV3 zwLa$t18N5>-8t~sDthv^ey&V7-Sjbhm(9o^r08^7RTD9Z3l<5TZvZ`p zcuc-tb*rtXuqsJ~QUcNWR62zqGc#rg#}XLa?jO`uMRB+kH}xrCAuuBgpC_&t0FqE-LNHq7`@2h~{*UApL6>4cO8cx>>ohtb0jiuz zG`}~J=5SB>Mn#>Qwuj)arQbMl6HI>&;ioHZjVQFregR^c~IHvSq#vE zggAfb<7|u>xa8!)LubMC`q=?HZE4UqkZs7zOvz=p73Hb8% zAM_^mg`NRL#M&??L&SWJDd`c`mwya>6j~yRQ>Rp3n|R}GfFD!G>yVbe|KuZxwMnah zQjwCJ$s^yS{F^w3eIyuyNY0R4bh;A%FD=&LHdnJw7aJH{_Zj+oO}aBE!~la-(GXRx zMeCQ_XlsMb0_h~7 z{tUWf0C)oh=u|$W!ItC-lGwnbfY%&K@UZ|oa;(~||0dsM60c`&-6@i)l@3PjV7-EL zcgJOQczQej^IiM#k>#vg@3g^127L`Tz^cOt{K89UmHG$)U*k2e4(hZBQkv*}D9RA6 z9Z3COtaDeQu$uYBpSouvEA5Rn!;zyEUS&tpz57eZI zPT!2-R3Y34kE1-|Dgw7$wvGMJ7%|W28DdP`@o4w|mA?(Gp*D#=yZ-%3GF~YSlBJDT z{$}a;lHe6jxMe$i&EKv~shcS<(~(@dS9c%}%c9Lb#WRDqn(xeVUq%=u+eoEjD&oLI zhk(nc^Dm^ovn778%HL?w`GUKSwes}VA5x$g(r}}7Zy^4KxA_`>83lMcH7^b~e>T}$ zAS^IKBa2EZIV;t!+j}#Lh2m7(8zV^_&AKWakkK=*VaduZ_h-#Usx5zzScwqHXcm%| zjHFoW()mrn$>SP!V5>1*b6r>WVx&lG==T#o2YfZP6csQ?9UcnQv?5OO;RI^p^LGI9 zw?}itA`AhLC+WM6!Cydv1SNt|wLt&+t81?Lxq8)_A)$uZ3*dlK9dWBRyWCb&V7sGv zDP8$F8JE@VOQs!Bjv`lS4Mk2j>L&RPTU}6Wi(o*ac#6BnxCsfSwSHJ`p8)w zd-HS!1;!s7?K_($R9j=8Imbh8x@xUUFC-d`P%9bnZyT@NhD^w;6o2ATQ18B-9{*md z^(*}VaK!k#>V(7DYkc@hKGcANBp6GcBb$%tEEa(B=-S6W*%vfL3wg6$E_43+=LPuw z`Pv393gvMXOqkqID#burXT!O>=Xbw7@&-Z($QmF<9{IpP@xyCClyd_ar+GW=Be~~OhouiP^F^on0jxExMvFhDxz-q{zM2Su~` z>ZVwv3>s|Ty}h|CzXNj|hO87%nP1?QfDf=3FN0Ajao>>g^bnZYGd&cNJiaUZn(`;? zzk;t>oNG|856$Up*mz`7V0Xgxvas9RobIi9Xg;U@+yoah(Vvucw^nak!`a@{xP^$y z%!osCx4}FeRxkU_pf}LTnK>Z6`3$J15Z)(qT*?OJGi}@ZKR39c>fJVdGQAhdOS`3rtJ>BA(}xI zyEC{7rH@ED|9Ra>cmVuRuvSX{!(~KVSocgxxxRD8A`1n`XHbuy(3c|ie4V7Oe>AT= z9R>ttObHW`{}5g`f&;mf=l|L2nScO46N!<+i~gHq!X+#q23aOLSRTAO7Vdn4zY~Wg*0a5mpSi-3{XSCPu_;?2F znVA(4zV;}#mumY!W8Hl4pg32*Rzzc@$l)#M-AF1gNC(UI5VB?q92uOqAo@H%0eQ)j zOc=x*$$G@12pTybfaRr`HSda3Ndljx`}7lX(bj2fk|2aX+UkwWmAggS@B!eK z@$ySZ4vqfuw0|YvXu&oJV2MZzAyl_Wt{zkg&hw(!T_4wlT|^JFsj&r{mI;XM7{Cok zhgt9*D4Q=q>yrmQ{vB*fgzdg?%_a9yrty88xkaBI+I!LxBkSLtgsAu|y6M=!_Vw*c zvH_^Ftk55R#}bHLM&OTQz%$Ioo4zezk92TAH5&tbb~|9vbE$$8Zqgv0b0Q%F8UWNL zJb&tC>6B%|4`4{>dmlM7{<>@6$qYC=8fN{BkW!+MieZ?>CE2G8SeOHKo{xV)Op3Zr zfqCKjqf)Sot3e)M2MkOelqr6+r2M_W`{*VT6@h@)&~_`vA*W{@g5DXVrM60F{iVbh zu{^n}fbkP~x(*cRRPSVky37o9-hg#VB%pWgc{VmqOE253&@h$XIfV>JYW!RIeTitr#kVOPt7@NDSJBy(4G!U+5E`I@^ zKo&7JE}3Wz4gpoB7?BvHdQx28AcCL^u0}9r>;|4^`zWD%RRzle{z=h6!e$K++x4!E zx&u4+{iTe7(la)XK)W!7xXA9cJ^u+1KWFy%p(&QiJlDNS2T7$io5?!8XVH&0YVRtI z8^vcCw>($ml(M0MWXt=&{0sjVQAQ9iqQRxf?ieJ5&qP#!1iAvQ&PO+%U^L^_EmfcX zAHYDW+=Z?cqb+Ysz9@|0?724r9Iq)y=$@FF@7s!$!YJ}Tn!5^@n z(v17PaZ&!Yh_k4vWuifuRdk!E(Ik-61O6_cbATOz!k1!;#qiwBsC|7j4vkv_n+VMm zt`6%oMXF#Sbt*j$A&vT53_lD8^iB;tdH)Zz(9#qkDfQ4OnQ4m0<`X6OT@$7A)WF zHWj~43U~sIbE3InP;SU_IK}^wByJ@eer=@ch+;DlbNbr$1LyzX2;y%0=5692lDV4x zI)NdJ&8fQ&8`Mdq;;)?i%74;BOYK0w$O>qCo)?G8l-bG`@67kYiQE+*v1hIdI{=y))L;HhedUl>9VKZ zC7TjT#VA&KXn=Q6e9FdA;?`&SxMY&epN`Jzp+G3E!xR7IB7;geql~uGNaCAtYFQ3PrL)jUeV`^xfSLZOE zviBWe#3dp|T;?1ag&jBqMOxIe9Kb9X&!PV>UEa^trSfzXnwCl^NarjCTD#gM??K!X z+(+QTpQ~C(QllNJso`}Dxwu#)zMGOn6bSp{3!>W>3x-+?TlKU0wjDrTn5~S-)nUSo zJBSqIjl?+7^h>MN!b}Ca0ew8rH)VsDq3tmvJXYx_z5agXvOpR3!d-9ws)GH5r(5!L z@yK>l+ULAxhIS)m>>?JM#)>g{&S@@JxlRb_ox0 zgB5;m`m^#=)^XY7{3FKgmnRGlyib05^O}@sNN+8>?X5MmJ@G}&yvDdY()<{&#EYJ# z5Twau_hk)AF~(LmRBj#8tdgq#0<0l7#-BP+`e?{$o|^C)EiqTlX{Sg=y+y1;R*TvW zxg9)vR~dTM_e1_~-+*j{>&t_ig{fqUqeub)IYJ);da zgx`7uz!V!zP4+R=rghCZ=IQjVL%^#f&!9|TD7(5ssfu-unZBjH3u+LOL>TmQ#n2QN zg2Bcu6Dy>sKJRXhg-YZ)uMYF7YM2WDsnJf5rp(m*LW>>-sKJA4 zcE4H|+l=rDyR60;jYHAVFZc^G;)R7D^3uQ#e*;X}3+*MZgde6mdP2TJ`ecyq3a5<; zJ+R+c-g^vPmUDoH5YGDIg2x)C-g|ZM&agrAR0RBV1_;S|s9i&u(`^W#9zuQ)NqqvO z$26$jA_c591^8wyzsbhZq6wgUiiOm5AsHx5dE^%Y)+#1rAOu;fRsJdDgNS^ch}i>M z_9P7fghCdgty;;i{uUue69L^i24HZT=4Woc2|odF9}ED!nJSFTMB$6jD-;DkkfM)p zI!I~p1dqJqrLtJocYle-%ri1AkkGSaPuHAB_4ro)Kh(W>IMjdpH_SAav5rwuqQTgg z$WmFyzGlr96{2s6P?jOvNTTdZDN9*eM4}``HKG*SktoKRJ(N_BV1fEka{0G!w;_A6|>^ePesiA=o}cnETh1WUiM zx!6w!fTSf7W}~v;&9meRze8{p*%`4pEM@bS{qHJ4AEwqqZC|MAy>r+JNzCX}f@w@n z!$DRZJS&QUu~*+5F+)XafL?HR&j;QgJ!-Sc^j`)q*3sDkBMBXjwbDco3vTm#d|+We zB0iukk$?i~Fsr1En%#B0u?GQ1G2Zw--}D&mAa|1~9JF45ELV)wYCo;E0$InWy|)L= zk~|xvaKD*ju}d)hyPMb_0-~6VK~7e)!Tr0Kc$*0l=7Q@zu=^WgS>_laK5d#jry3)2 zd~~6|eR>bN%9b0hca!!{(hD^}h!*zkjS0&;-CoRz}@JR($N#)Kly=wmjvo%PU`xNflI%Y#~nejihwyS zFzMIaN_`6VB1xTjWtx`wLVEH}vt0*x=1g^d4)HgzQ&yHE(%( ziKV>;A5+8W^+`|NhZ^l;A_Z+f)Q87n2)9pwM=#E5H5*!SOAk$Dok? z%IfQZX75_5XjZ=rt)D+?J!<8_SK*q-kyJj}`=H035G?Yt27KZwC`Q}sCx=Nh_TtHltiqKwBYOO>XOi(dbehjQ< zmxD1JkLVd&f6PX_KQ`iLN0V!$%VtzV*jZpOx3TdOAhzqu3d_2Irk? z*gBnOH|XW|zmEcVeUF48V3m1zUFn?B$n1G3s%0j#F@!myhbU7Kae?sh&V zN@)hrz%-PRw$B&Bi!7X6s|U*lzVK;f7Q zykO|LXR1bQ6>q2UKeS3_oY03D~KH z$S01x^$@&r?XB9u*JQXK5N?$XO8L@KQJA=c$dwR(sej$+rs5hlo?YI6&DX4u{5szaIM9C9O0fJ7o2I{SN)pOqP?SqwKSJe9VOy$Qw}Ko)UDXGRpk zH^7=(fZx_@?FVR>)a;NFxYW6-h_Dg$ThN+VBT2_VG<0#XZ_Wzri?9vg9ze-wJ|$k@ zwnI{PHCgIm_-C`BIc$MD8tV-JkzH~Qe8eW`h{21o_f~9pdOn00L+3wXn-5x}=MY<$ zElsT*e^Y#_#NwP4BKT00i;Tm;5R~V)Fp%^6=;VFg^@1BFV7i7%CZUSY;Y9CaHEN=J zhoyDL)SwcY!HTG$;UPd5)UqnZ_uJt zB7ghNDF(mMqtmn&o4JG7XUL29J*dK7irR*sobzA$bl+4}F2miWj_&N+tW{@rKwIGO zju>#{$=yRq*XzH&)HElfK_W33K$li%y0APIGb~76MN3~>jDoLh#!^JIuQLSph&MP3 zIDBaYpFr`Zoa+q_?;c*>N`2J&N_Ryb5GJG^eAc(J96G$O=-vK}9K2q_5yBIc+3J(2 z_$8{6`N@#|jH9v+^iEY47F}&TNpbW-HL#&dY!ZoH3JjaR_qmv3G!_o&yZT9Gb?rsn-b4g3f zwIC76q*z5TXUf$y2!|BPbqx;`T2JhvNW>8-4 zDfzRT8=nUQD+FdCQt(1B4%OvZ-9*2`-o_Nn@ssa=w*s}@k>C9_buYCof zLGaKsXCwgotj1P@RX{m9zRUY7!!Ni1LePOT_?wyJO@tf(DK_auI70%> znE1j;&&Ybe9`)JaJ>uuJkJqFh0W`)uts0P*l+C&o#Q_YZOcYXCaPo_%lOy>4m!iUr z|8GTwvJV^k(;y%cDZM44mzUnc!1)0np8FvX#R5%JSv>@^A;KGg$m3q4uM1;U+5gi3 zQF#d5U*j9!dVD(wvTM8B2X@NruD-Sky_8lQm*ovB(wUyz#WII{E2iuvoMwt`z%$Yu zu`qATLyHi63&-0FV})iu=P+~JGX}e11uDmn2O_^ux*#*gWZ$EGFbv2?|9W?^1k$vD zf!YYT;l81&W)XWa68JJuhbMt0im@UB13ClypL_2eHNstdk-M!GhCe6-={FH(*U8UJ;;`_7D*ij*2H#r?Bz=+MfYy} zL$W#o(ag!dMn&@A*h(jY&BxT{zy=cD0|T+z4&oew4zD*agvM!9`}gftdK}9eVQMoC zE;($md;tbH3Ol56_z#X^%YXDNyY`|8L~+zgrh_3rVZFFU9}0e&(x-nL@34SW?n_NZ zke-VaLP4Umfz8#c>R^o9gBt+^kPhCv^oFLbH{ej^LsMd_inkyC#xd-lpmh$zlT z%We6=5F##DuT%Z21=w@{+O>ddPp-xD;02%`#wX+ejW+hq=gc4gh#NlRolc?Q3Is>( z?WtGi>OYizP3&ARt{NZ~&x>D!YeHICXMeqJYm6<4X>%&{gS&4r4X`llY=SSJu)T3S z0F0SbY3d1uxt(Tae3q}s@{C3#pQw1{6lzaF?Ok5A(;uf5;SDs^FR}HV;5alXRh2Hiawp^cAWt zwZbbfq1Hh!X1z?#{LR?uRw z(K;l&Wy{;occlBj?JRkIyWWOidUW*8(ZaTl17U!cnbY^^LJDH8i}5kfWTr*CZ?0Ue zp`wPB_gP<7CvN=Ke(v6~px)b}xX2F6_{AzR6r-xw=6`&@OT*;zEVcsWS?R550==R~n zP;d;H;aVI+X2=aP!(aIdzc$@P6bsbqMF>Qc&})!G z0%(E*!@|NyXByp0k`I+`54t=?yuva7W#Hct1=`yOQIk%{9^6)RFt_6 z!HR!hVt@e=)Uve~o^lHooOVG{h&FX$ZjdgRdSUwU;=Oxo&OR&WzcG!v2w)4Xeq%yO z6EESsczeJF&7khbFbm9-D8jjh1U~U0xJ2Go?KimxlaJwXITka+z}tUQ4=cC))fZ+{ z)7OK(@cWcN_1`>0F)OAbFNhbu{?YU_fg>Yfn;Pd|#r<)9kTn`K8R1wGA1q>TtZF@| z*YF9|(uKrCbCugRe+n+4QkM$9t+;q6I{MN{^xEJLo(}`Z5!zFMR$1h?$iWPORMXRs zR-!)KIehNj9UEc5gin*cGI|~8qXeaFpiORAJP6=S{&h+1@Na2Am8*69w8;mF#yYc+ zztR?Et4nZ9#im}xTj}XYIlT=~;dJtoF@0=w_9sIqwuw+1K7So$OoxA;ltE0lsZY+oU5pOHp-`N} z_q{*-lx3Pi!k4v4n`)`cY=Q9*{?rm^{&_HR8SgzlrRGxOdwvtjJZo9y6wKX%Mqlee zLGyL{5yXut0rYhaC;-#{!e!*#6fH*CJmZ}=il=&VS}#L<=I-{|$B#609@ zLNN4a9Tk;*ZjR;7qU&UL*;v8|f4LTP6B9f=cE_l(B(+1g714E2xt-aK0yR_yaO|@t zB4G^P>L6b{2T>YDaovmfd5ey@d+43yoxUC&6J{~s)FFaK zL@@r;iJdu0dfrb?ZpI9PiZ#|l(z>P)brCr1#I2l7 zAc+leJ$*;4J2JU4OqKH!SI58Cyt*S?PB$d}jN5$#C~AZfoqTvhX_b{;#>Olc z#@uhn#QZTIT_2x}ig(mrgEq3a{}5U*kS$OMa1KFOSOFGb$DW5JMGa4Y@q2r{ z7fLnE{|+VaMiJg_!dHpo{T}ZW<8Lx1&a2eU0usnJV2*Z0_I^Lq)7Cd#dx_`U zkkh%@=m?8Z!@0{UD#p(Q(d>(KDW7oz+tcuOsr`J%Gy(_WUPX>9Ime%B-1GR!yE_qF z=Z0S7zTXqltlq_K%@esd31Q~82y28B(SCLFOfq)mIFVrpl5AZrlxD#g(%3WeYqRUe9Acs4r^IvB>3n! zFm&?V8Ur=w_}aPZR~_os6A4cmY}VJCxI?%)L`e%-|2**^KbF)L=c0qoT)6Tnf=Y&i z7w8*kTzqae{lT<+ZOk5JPS(9lZb|4ZDDW$Dul#%!jq*_gx=(IZicpUH6%-r@FZK>_ z$R?3_Tkn@^&9~dzf%I2x2uWXt&y%&-VvRC0@Lp#M3z0q6WefXq(9T}pMjNilWk`g| zme%*>rg#dnHtM0pPH^g&1NNAePigoB8KBsz?Kv`W^Puf3^UL`V=k34f=J&NabKmDzs*#<+-litkb{DXlBTSc~dnKFTKB!ome_B`dmkr(PxpWU9! zoZwc(nN8bp@#-be?AP$&58>=<_!eX7?)fm*l-Ii;Eo|@5H{rHpaUuk%cDL2i%zPY= zRug5LVBe+kE!Bac9VN%kQBKB^gQR7>^H)ng8B-_`!}h?#xf}|T&j?8r>95 zRsT~L(_&sA1b7MS{`IeCU=yO24Ys^qH7pV;cOXFfB9kxUONC#HLq5TPQI_sMjR^pZ zU^?;q${+J$RVPXfAkx^1PyT%lc76=S3CE9%V<4cbubbTflfJy`t&*WtrX_Z}*Z$ZB zqt)hzNPUegk=&u3ep#L7=AXf&-GqzhrWrLi4Oq;b}cGGQ=tM3p+I9W4=By7t2Bh3E&(ZWtM;_Ur<2F|!4p@5wDP@_ zL2eXbnWq)D)yx={NVyCQ4oZM7!44J)AqGP*UKA<`q?=y3wzaYV#%L5;THFRcyJv8l z2~W78GOY+-^Tc;y1zvj$%b;HKN<4P37)S{8_f)hf)E0Ava z31V$wiy9eVh;oi82pK|CAYNra0YC$5^K*&{&mdT0cPRuD&c)JH-ok<+mj~f@=0Ie1 z#~c=UDMH7U4JGwC46Y^68lbkx|H-k<@X;Ewqo+5uk3>9C#8? zllw56l=p;IYbCKCR0i4qywWY%dCLZy7AQwUty>=L8eqm?E+Tx2g7-g5rU7}?B!gCS zNdVa4<7fr?O>a;c`gB@>w6_GvZSy?Xo0AvYl(-T2=$KXkYaaNK|*^BU(S9bU|n@jA6^s(L_hAfocV=Hx((Q!D8VSx}&on zr>Dh!pw;~v8wMhbbjD9uZWno%*uOy!xZ1O)W%P6;;qrVYiWlCo)5F4)7>u(?T1x!^ zm+s7?b>}3wZj8p2)|sNr;UaziQ_s46 zHxHFd^L#n#Ax5U-8y*)e?dSf9MCXNHk3Oip1(#q7>LM>768377G#q1Tro>%X zlnVuFD;|e==xLTDX`(`p(r20K_-So?T3K?El250lyQ0wf#4ZSDUreEwUWgb20w!n% zZ|{L~3LgX?p`J+_hgdeS%O&6CdmxGi&jAk>UV5n^9uE&T1xW~j0{>6U`!tiIejyAoTVde9!uQY}G^z7|spJQnzq$mx!X9-EOH|D}x;j=VpGMu1GdOyaN|=$@)W` z`#C|Q1~=FpBi9e6j2B0O7e{{UA6-FKKDgB$qM$gnZvgs09(x?AYQD*lAEeM8V8 zAsM_2fbry#rsn2W$gOCsYd)BNg6S8mS9y4J^tC9uMfYn8{E^m`o6u@vNzkv`fs+); z$sr@j06gFdU~bAl$>ML$ATkR4lJ5n4W~Xx??XyUzrFa&8oii|9F^6vxTl8`<6Nqp(BF} zS{69y{Pi)2ZP3Zn;%WoVH;LMBQU1ZC4#()8;l%u#A<)`c27w^z%p=k8Fd?Ig zGEPa`(9IU2u)F%T(Y@cxkXz+Ni(x+UB?TPSKhrp z>S+(+K5uvmwD}X11*ZwDGvFN#X3RjK)y{+{{XN3muT0=bMVhu2{@CP|g=XD$9m>9M z8lH|K5i@$!ZCC??+RFYS4v!PNE}O3lzMG;+q3lbm{n4ry7d_Gfd^H&|~*52+U(d_|{lyG$}YiY4>#j!w+au)Voib0J2 z?5^_tnq44<=&L%CeG(=bWXZe?itV`$r+sE{8Qt*Im;%hKl9{>ZXs( z?%D>CQ5$rl>V3N^^>A2<(cH+3GM*EQb!g})zjq`ke^Ua?104XXlnAqO5$ zOOT)z4oEJ^u-WhT*y1)@%Nc+CAzDznUcx4LVSnnjklq&R4ZIhOf4in=uQ?5~A3b-< z1(V;6_)dIK65XY#CjuNFvM(`>Zs`TDqpCN276!>BwCSA8JsgB49(PCX1101nas++g zR2N?fiur|-edW72`?^JZF_rAlcE3S*9&{re^4vowgd(7>Ma|1;i6*$x%6Ygv==yI! z12R8*mDu)FZwF+z-y_&0JctRs3i{BN9zue~QdP5%rvGpZTfL>ABRP+|UJLKKEV<8( z@8Yq+r`*FE^dNY0%^Tcuh*<*51@LI@xzHK{fSz*Hx_fhmE=jcwB1+qM(47e`J4kIkFIBGZ3h*xHLs7Y&Z;@*feUdhxwhsRZ~c zy?ihXk3O-k^U!yMOh?veyJM>b&0eYw$82a|n5$`zp+3uh3{%zCV$XS!;2@$NALID- z-HFB%q#LL=QGw<{^M_7PfhWdst@uIJUbVO%tc({!u0_Mlxq?f=XT{welrgUx;M_z)k#NU)Hc#MYJ1)H|83c!DI=;sw;c{W3*T52s@SQ}VRH87o#Cv%s_IT- zvaZv=^&7-D$jpnN#PAcr&`0ZgvdJ;P2WxnHTIu~Egc*Gz(5ZXBpZ0oH@M&VXy%)zk z*M0b=8FZ-jbv~U8O}!aRV;LmNHbcyc_zVD9tzZ|c=lSsMOW#T~TL1&2H>F82KTTUO zY=RU(OCo?h>j7&5A+`6Wc$JM6=u0Bsg11Hz66UQ|p#t1xo7MFb>yEtf7?@Z|bW@j0 zd!Q5Qx_tEmjJecy$elrmnn@Gkl5}EMg?A%#19qTtG?QKPPjI>kDE{YuWhnr`U=e|(O_v6reEiqb>Y;ER>@|6Y0iPi-MXtx?S{@Szkr7RU z4(&Vyjzk)v&JCPdWi^Azk71ck;Gzr!iY|1g>O;dv4~hW2)@A4ofYHrZ93Nq26jzj5 z?9PASC;9-8=@_B_%B;a)a2bf}lzEU6oxb_IyX2M5Vq4%xs4&^YLlBLM3hqDs+t8<5 z!U0dPtD()@lvs&Hv3+3g+jS8+E`f#@o&dYTx_ygx)J7seVwD9=K`V5S-thbyX9gDm z`a{yZG0=%26*tPz%)SXN9RntJxSnNsLDg({8;PgcaD?1_XU#LX_YyME+zS2Z%d3y$`5X*l6bf#6%g^7(#bRqM~}e$G>PJqqN3D zXwwP&{KeQOkkLB~FgjXQL{$Jpz^>61qK#&p`#@T?>-_YjFYM~<36b;`?;a>k?j1*c zeD>6Z!M^3Q^^1?8>Y)%gil`xu96=RWC>k7>`|mNLdT;gIorM=i4%;E$5XyVr3`bTW{Ha6vPck z(REO{s5Nphd0V@fVjEmO*Il={WTlWJ1f9JA4TE2Nti9{IzZ24qdh&`Pf&IwI3gvHNC4i# za~SbA4U1jsj1Y~lC4Z`=2`KDtPv_-y)`iw}ztG(H+I8zBAhF@=?u*+rgLf=POcY9R zZ42|+Z#Uk)>33;QUMNhVXr^d`;W6SxeY^0*+jO&?1;rsCPeE^**n;Pk@>9iLxVWx*nF z*$)s&S?B4X#T9>h8QMizJ~hCBz4^CZEwQ?rEwNv`sbIatriW&%WD$ZRl&Z(qHNi&Z ze2OXF4W$WyRwN6hO~W%WoPQwh)w5ANKyw!s2=dJZU~G4%Ler!WS2Gd6egLaiKNIJk z!zK`wkOSbl1q6zqjjoSK+JT-wBqAy-&l5|a*#YeWOJOO?x#_>jT$>T*`7=9Mq{3GN}>P3G6$ z!Bkg#V5f#mW zQ!g(Jy|=VBoBJ^PYzCd{BEQLUaHi`UGVz{hOtUAEZcFP0DD&f-6Pf<`;9Pq5;9+O{ z!s;~S;c>&@?TJWUMO7g`-@R)i1*y0Lp3%(GGPy%YfPW!qL zzlN_CIps!lI8Mi3bi*Cgx%K0d-5dk~q8sBy%i-Cp1@&_8!cYnWOO^iDL&b?Sp!d+o zN)Ql`f*?bssj5yfmc%>1&U7-^X&W3}+rY9@%v~@ZL9!@A5u`eI%B4NH67Rg!+|3Y< z!8iPaFD4ZBvKC=Q_~j(wbNar~?{B9dfDx>yx&=~zz%iQ&^rQ%QalkpdWC3_NUtaua zwbIk$V;qo(Aot}EW8y;}$5v)IMBwQz23F@Y!W(Gcu~9#V1vY2|T?75r)3JA;BHIzY zTu<-eNQ`abcwi{B+Og2qP$4dtv)_=j_2BtcOcLU0tsf~ z=}^w&t~OM+*rD&YV~^@t^h5ds zHZcP@L%LZ%cN*!%fti%@fB5rCadJU->LAJ%gl2;QKtWpD5G2WFA=mhR?K^zmkKeMt z`{H`v8%MRgkUw}_+*zhLMy#E|4j|Ff0L^1q2N@Lg9N6B?z+Nx}*|wP|3yt#-fW;C3 z#K1~Jwb*!5ghZ2aA?Dc$~6n2 z?gLLB9`FHlXzT6*FZ~?$rIWw_BGMBGk?E zFr;d%+YZH|7z{X10mDcF=iv6KML_71Ae;G9j!xu#J^_Kx)o9U$F;EuC06qyRD=R;R z1~D1hr;QLX6+HB{=2iOGO%^BDOxMq73vhP?09PjKHb;I-w*?VpqwC^);6i69=xUy7 zeyJb4liWMmK3p5MIPUa*sc`q_wB+DwaRqcLP}BHnX`Jz<&kXvPt z?(6e=6*0LQ$*BGG?OeZe>;Y!Wem}U{O5EXsPJ*JUp`|Fe9%Wu3Z5gZqxE>#Vpe?8H zG=mrpbLqM8QNwn|Dn#K#PR{J?>DXe!;7jy@U9UA-KzA zbJov8CYK|3HaU+ZDS6!^39vu=4=#JRKkIS~AQct{~?k9`l zSdbhWxhF7gux4-p*{Wo|v;w=ZEA2C!Kv{Ib9Y;%uR%@yV(gI=q$+U0#<&XD#KI43J zqJ3D5eI8sh=7ypbSAgUhxbgef_RzlG?*126q24ZsgtSSH;|kpjx^TT1lQnz1vsy^RHBqNoxJ4wCs<($4uC=d>*r3I zS|7$rwaR?0Ptezu3Ff+KDt}KnI07yq(p`2D*m=eDN}_<>Q55cobz%*y=i*{QL{}RI zL)-0=W#8mZ`97YVEZn(z;Jd59k*Yosp#CR$2u{^>rv0XmtDFupfF9J11DO-o=*B!Q z6K;yZW<2>b!oq(^7op}t6Y(#wpUMP$01j`u{;&9plokQc{`{Y2$ZKR&4j91=;fyB} zT^LSv^ixoBe3J4rDmdfDX+dnGUmAy?eo8WhMFL*ECDzNL%8Jg z1elU7A|mP`)ZYQc?1EfoeWOyzDx2WI+W8eOe$WyGXSu+pk@IkX?$76hkGd1t`#(J_ z9`-P&Lr?7C<1+IC1PpoKCO_D72q?;@YRx4;tZnB%mzz_BGvng0Xgf=uZuDMAF%n1B z4!~p!5Mp`3k#{`_(sf!POVAt60-xXT8qr>tLoivs(m?Up#3i_v;-WXd(dUE!?6Iz@ z;*;_`d8J6h3obTO7;zj5(d-LJrJSC|^=S4r1B9OCCrprX$aS|DPchzo_lN>A5%*@m zC}su&2Ez7_j=hyY(msG!U7;hGzCoFWPP397KH4)uYhQ3hgE6MIcpvaa3qnFz&VJ#0 zAyXGXwqyp1uM()dErX~I-Mo_zVSbPjG@ivaF_VYV$BT-Ju%2uMgqa(TH!h$EvsENJ zP$Na|fB5ta$!F4`633@Il>WmJZwDv4C|YMr;Kkz?(CV=#Cn&eEm=TzltX#kxDG%?> z;r7wpHNG-H$2i^&K?DitgzW~r047*VvTCo@$8>_E)^lpPc;16dlQ*u|_eg|w{pE)^ zym(br6=v23-c9pWNO+ioSb-L3QMER90J@BpmeLxJf`14}Ls6s?0014zf;A0E`H1ZT ze=eeE<{*OK9J-Ve({wSB)?psF#}32sP~{l?rdvsztUR}(iLDY7EDGE?6NQXoF!T-I zZ>{37W*^W~a%DBp#uFLmtJmY%94oF@>~_Fb?6SnoA>`ALhdTP~5QnQirqm+Fb11q# zdZGW+%8goikAp^1mYN3)eJ^zuI2`gLDgMkP2^`Lv!$?qClDrs|Y#k1eiK8 zn%O%!bYSTRUF85beA?fU7Ubsgfx~OabSPs!HEh$PVOK?%F3B@iG#SPjsB3YX(yU=E zJMX#C(SuO#Qkun;>*5lz`esb84(kz>U}{3arw-w#L*myl*K56W9ca8?|EB+8JCW%P zz?zO?G?h;C2S%=qu{2=t%dcDs7rHeD44QM7x%i}oJ9sXRLh|k+#=TX+Bu1HZc4F(s zO+FaP(a|EKGbMoZz=zH6bIe&69c_kKIIt2%jn&2O;K0_HQbf8_cpEg;)C8oJe)FmI zDN81>!%AbfP$qaC`uJT_Z$Ds`Alnjb^5j8RO#8D+|*Ihce7U!q>-L zwxCz&jFz^0*QLatl7pP`)sf-==z;{F;5a>eV_w zU4;v6;IJ+Sa$LNd1+gI#E+9e0bXl$tv@_@r(G49CmH$Xu7sx{(h0{gIpf-mHhfNcJ zKp|9c>|*5i^Mkc;%*g2>zwVCU@vN7R{r?t-!%#6qCkr4A47mk6q<{&{0Hs`WI4re& z@;=J%{*HY>OnXDqh~&9wv**i!1)cw9dKiWsXo-M>?}2t#0#=>a{p4;;131nC;!8=8 zI>9jJ0L9gf0u+$C;;%6WC7vQ{LG1pt|Cm6iJ5iX)V!)<)lmBi&_+2n=aQEil@9ZbL_p(j}$j0{a!fiT|#KTtQBNTgRAt7&Z_$_`QL} z^J$<~eFoV7Fnq9R*$3Lyh0;}!`53B$lNd=uV>eh_%i@>}4Iwb4{U2bvuYUx8rCk4Q zk4Dyeps_})RB%ZkjWq-IxE@G#WbX+^yMod1fjj*lEHK6u!rw~b??OOaf7L^f{#@Jo z>B9#Q3*Ma?GXC?8OaOLdXh<{$Kd<1--s3C3e`K35?`8S@{{$DBCp-W#aRyTSfb|$T zZqUMx7L8*gNpm?!CItD>io26WkM@E5=?**fE9eQ(7WwR2X&^WVJEU*J_a=LURecQW zLG9YmWdlo_(7E{j7myJ{Z>;u6KKj$~lv~igix3jhp&|VgTF7m9ZsZR}D8+RQtKqR7 z+bB~@D~|BjH+;VbfrAtXWZe-qSF+Lg&Ejqp&8v$1i4DKK}k$9e>VKq`-%MWnAE2I|F8No!428W8F6 zR%rr_1|ZkU?&@+5mL9Mt1`P}hc+HP@+}}Q*+%LLM|2e|Ag03f^ss(?}lH7Ylg>Hj< zwG+fXqHRw%z=8}8d2LX_5;lP#VQo`9QD;q~Ou|Zx(;5SP=T4m7HHciciDj*lgS+n> zOhTpm@k(cM&I7#n99$DwId7WpEq-?dxbsu?6Td(I3Sc4@ytpUNR;=u}?v=x$XtdgB z!}fqnr{9saUVtQXm*sPCi6i7L_R?F_(*Q*6P|gu+m#(zP+NjJPb8`C|y?VI%GEsbl zp8?qyVRmc=TM7uVG1?uc_A|QeBY(t)l{{3{_=2m4gmZt_fT+JP_Pj7GiMC}fukCrN zlw9^t6RY&nfzM-1mVGDj4U-$O@46+w#dMsA&LV=ce|3|&*zgeG?WSY7%i4xB`unFdx!K!_1T!Qq#&7mKynUuvTvgP@2 z!P0)>m%FBBm6t2J)@Y39N$#}Y^Ma|Zl@bK#8wGrv(D0S$vT1&x?frQYGDm^e_RG zFcBlOOV*-i8FU>yE+gd*J1gDRO33IQa>g*835c%?F;iF^lU)|}m#XLAm56CuF*R#R zWMkWmTl}X?Ry9LpBCg9Zjj6~b3rmn?xOf=d_)Kcd4HlfuA=|e#ey%Ielo`YhdX;1v zJ85w^9AzDV#et$vk^xx#hK?Z;g|#}^lU^W2Bzuw64p=h@E7780`N*+3EkN`LBz^7l`R5N#PdX!R@X zii66%Q{%#m)wzrsfO?9T4-9%%Ybi|O2 z)Ai9Wz1mU*Xn_p0jL)FvbbJTUsB9kXX&>f%+5+S&O3!JKzTmxVL20pJ%MKG zMaw7>JOs_t=$l6%5bPX^&H$)^ku3sBCySt?cS@BvpRSH^6lx~m4&D1==HPL>S3@8VwVIX1+RjKH` zK+bC2`jLO({iEf}^|mvnexRj!xUziw9x!`^o6*ZZucAx^9uck4W%nZz%(^)8&_L0r zoBMRim8_SW%E6*gEwtRr3UX+f8lC|fHH-1n!FkyFw1~D)a;4LywbAPt*&RW-D zZ%_O6zP@nc+kH@EhTr^zbiE-en~13$9}b6`>)N0C9OZSJNSm>-Nb^URt-)@MJ&nsP z`;Mg6AY>cAC<~3<5x&o`-Bd}ELoHQQIQ03a+95=og1z}HkbW{wl5Q(#Km~Yz$2w}2 zTf%vm@r+P}h1$~#u*9qsmi5s-UAKpg9Ycvy1vX^~!3{Z+Xv=-*SIul3%FavK?3rhv z0rRm1piV_@u-m@rrHA$$Lz5y<`!FyCZ5u&BCh;PH6%E=cUF$zm$3YdO zTnahD5uiUtVmIV}(psRO*y`~Z8#Y>a3adLhl9hGrZQjLJ8F8jB>~;WsbZk@nZYt<$ zdc?fNpVe>*SbLU+>V*8pd#BI*gw=Z!RlB+5JZcGz3i#?@#?J?tkA$GS8$Sh5TjxGl z_IrHq%t|tpE150Zx|0icVF&Locixvf|M|YAta|qWl1d`YjIS0vK1XV`&~lca4v;>h zb3LUla4=p28odyo-*CD6Jb<`0pGeTES`A0R;sl@L0GSB)^i&@zuF(doOp2egGu%eq zy}++Ge}@d;Qa_N61^IHe>tFi7+EP)Hr2^{#_k(EC?D>TfEtry>@&LylQ;UYL(%~W4 zWv)lSyJI2uhn~v{r((kCb#PQ2Jk#Lqz zNa!$3#xJ)+SDU$~;*oCnXYk=w{386mnt8R4>r->^c)K!4Kd;{wLW>5xwZL_q;#a|m z)>5|EgEMFlD4>cu?tLq|P-C1{q#!py-CZT)aIV|?V2SDOE@)4@d0RSgey3AYoq9lH zRk}^6;!($i6F;N*&wu*8tifT{ps)1u;@X@>1MWt4Azs|HM!#coP&HY?Fn7Q7wSfM| zn7a>m^jEA4eU1G0z4)&>6puDsg*}ODSm~q`vvwIBpyU=Z*Yp0A8lY0FSQ}kq<3#yO zh6==IPUqNz=D1z9rqSUhZ2B2)7ps>v4LGv}T!o*sJ)b?zTLuS|to1AKjke>dVVhr> zsU*`C8jrQsuTsvlT+&b2S`M^C|&sF~Vo2C^aDi1dA^|r*2%Uhu~ zPUpH5f9*fsmZRJ~SNMsST^I?~56@s8l_u*dL}Tctn5GiJw}kTL!lmWKNG>j>uiVNsv`p%FSK5 zDgGZ(QHrWyDabpmp6DMmG&1@W+8AdEm_TR(?qkrsg3VSezk^l09~M4N-Uk>Sc0~&R zRPd$cp~r38miC<=Gz>bQQ*voV;G4R2Uxi=)z3IeVLw>wMda*QF_6#VZ>?7UB&1;WS zx3TP>en{|KlZIb|mMKu$c)b0s3YG)4Sl(Vp9X@)HeN^VruV${mjawdk%LqS^Tu_iK zC>Gi9KJxs>V@;U{zYq7n6WL^an;7J~cEF=8@pH*}msXDA}UD($H z>!kXRM4Q(fvYpr+uj4cy(j+eWkfm3h5*7L6Q-3YUlENe1Vih$d`hGPWnI0IUs|DTt zv?o&Q{U_V1<{CIq*?Zvw&J3SU*rpd7T@FLJb#K(79~wF9zh^jh*4807_kI1xLwhg_ z9`Pp3xA!O+#@4CkSZ#c-a>sAwZk0LVD{Q~GIw6_btMdGshZQzKAUULO*n+3bwQyU^?Tl%+|yzjMR``uVB_lhL=YYDM1-vofuQSS#;`km_r zGr!{XA8I{<&Jmw}9d7-6MBr|Ej2Iq9rNPT+-5FR=t{n`l<=?{})ikTcv~w4yzvpSMik@;EUO76(hx`uk(x^^oJudl%E-PU#*t+I-M zs$|YIQ5WXstL)$;6?#)8VCr!G`-}csmp9Iez))LhmHb&j;!bjHx}gwM>+pS<#F6T4 za}V=Bk}=VI?75d5xjxWw<$_X708YdU-|tdI&%pxdMvVA?aSB^THd+V22m!y*v+4zY?kG4)Q2#cv5613ZI!Z= zi5SjyYM0dJ-j?$@;ogx4T!qP@#l*8%YW&DIXsk<{DT7O)$wtbb2anQm#8JUVIKjDh zdXp7*=;xK$Psjf-IR0Vgp+X6yZ+%P`{(QbpbRcW_0R2#hwf210>BJM;n%{lBuqhsU zP_)#qDUB=sKHW$^?S@rCN8^kPKSXZe)kO$`r={+Q8Dm3b1I`aH>n`xo;FhOw+?6hn z-wq4g_e~w0Z2rXaF*m_@AE<|ZRZ)9HR+Ma(+3hS|=5tQ!>sL-9XZu%aiqiy5WQN79 zettnmi*v@ezk*ZmHJ(^Yc2{3Vcq#PphG@(>gKaquF|&RjKRmvXbn5K+&6suN$C~)D z6hC4ubk1S(Y3gmS8-6B-UZI<4OT4O^*(G)NxKs?yCeLZ6J$z9+hDd8{d2K>T*l@t1 ze+jwQx_Q!Lq73EJ%G^!I{8{76`V*I8M!CYJU_%o<6{0Tru6ao zfLZARwb|ea-H(=f(Q4sMAm}j=rZ}8*y~*D4GiV{WSF( zG{RCjBWFVBc}?36Xp*mG$-BIr$5*hOXTst#3RovfHGT)})hg%ujE`R;l4sbN>*p}` z_my`g^eJe!7q*&@`NyZ&Q)@d{I13)m>hfJ1vK9)Q_S{b3nu$K$=Ud;!+iJSJ6vEaL zb#}in=Fp7l*`b^>oPk?;cUlG4XgqE41vcvX0log@7nYsk?w6NuXWZ!2pXK=JT!BkJCkk$+sx8VZ! znu2Un)qi9wZaW`)nIJ)`6^0iy#JbC1C@r!gtubb76devNi3FJjOOph?ul#Nb9ZDN> zWno&iV^NVqHd*R3sTdFZ?;=x6D;oc4{g z&H6)sUHz-X=SjJ|7`swDN$h@l@?XyIFjA0&ti1WVJ0yV}25-JM$-ay%CaM|@eV^6yb}|Sc!~cVqyO6Q{^nwcAuFq4kT{?%e`fQ4u{3{2bv{Ja6$yP{|2sy5 zVwQ0D$L1S1sYYzMG~`JEodj=)nv5a<8mIZXA2OBY0ibcsi<3~t4iLnG@>%^G9My3rQ}2vgXj6;DwJ?hbi#iP!Kry(pDXOf4+|yv^0{9 zIQ>`kL}1qeNMe=TA>qGc(H9MZgI9>fNc|AjL3cfQ~JDl zEP(ab`+4e5nerZA`rhO3(}lLUr_8lAigk_Nh|vD13M00RV|mV{6d+lHlN4vbqA~~L z5=xI2gE{IPOc}0U=60)Z1$(R$04@&q7Ic9A7<7IwnhRMKjwlU6u(_#8S`+4-@n?^~ zomc8~vp|;fGv{`+L48UWA}j_#*SpyiELSDa&HB{c-5T5j`(g@zu?C00=m$zDap<^h zLoVr5@00TXeeLV0zyC+Tdn93WJ_q(yY2G&g+HFC*Do;r^E7oI^S2h3E82D6FP#>5A zmZbvdX?VmnG`efSZ`J+%|LW=5t#}G@+>|$LSDvMH*M402Y);0B6m&r6( zOGtyQXz7r0-PW|pamiM0p;;wLE-4c!!Z2j`*RGLDa?_=BZufNRuK9~3Rz2bW8 zC8z^O)}pW?*Kxh3KzMO?Z^%GZJ|F5WHdIPXu*Vsbg-86=etI#yr9ruu0U0`f-=7w2 zP`^wlo6<2Nmn}j7y9qe>UMOffC5TtdKql9{JERjBmbxpW-w)!G)fm8cI$#tUhPDkC zzRkPPanrn>Gvcwf|F#>Zx(&z`3|0{ zZqR#Qvb_>@RhpF|@jf$%XgG~-G=f3I6hKs!69b|aJ|fz74 z`NA{EWP%InF45)F=1ab5LSj zx{P#jvh=3LSNFFviTg1jV(}?stXeK&81e)*EHZ<20Jp}CMN~Dl^R@4OR9Ao|bIy5Y zNkFxr<%Z@#Qan#A>y7W8&?b7C4!x}+adaz$ERA9q8j#WQW%uDKeSKjjT7V5>4+8D~ z(thm1Yv7u*)74ERfLIu_Ej@`xdH_~TkvPE>+gKseg`^n?Uk*zyewgPdDeSTGw_clq zidYf_TYC%a0M8X`pK@Vz#bN||CvsOzG3ws#prLQD>r&CJwl<47{Oa-0RjukHVFG?t zEtq~k-W20mbutk=L-fEw2{37;x=lQpq>7s-GwFmh3Ax%SFVKIx>-V4c_Z~%@T12H(Ar-^1rWx0h24RG zuk%>N1VUWeAqNqf8i5RR(cVLQWJ-#FiO7(IDPec&W32xLYdE#~k0|LzoE%0w<4eBH z>*r@qwN)+Wh#yxR4!>USLZ`GO%Q9bxo2>#k70Y}-6j{bD=j&0|QkmwOL=b|oAh(8W zO-sKmA+&oFxpHaMrsz7TetoTE?%=e5B;mCRuWsI#saWwddqf<35JW`wB)bF*lR(kHd zr{0cl*g^LN2;55T)RwVGffVR7uf#H>u}~i$70ATCZR|+#k$UG|=!z4jFU`rAHG!KU zGraC@f4k2+i^7tKICDe;8DR}X?zI_XByEr9`N6c$nTIulE;th&8>Xr(YkE}AG6)Z? zoH%*qn#B||OTCwK2;Ogv(vVHN`nbX+LU8TjWTmFxt3%_TeM1=ve6c~kzqFLW-B*8# zcaAFwfkFgwXZGW1RGpju9QRbniV`ViW z0?9ptTbPE)Ya@x>JMn=10T_{?+Z$YzOu)Ap#6SCd6sG^1fo!<_ zB2Y%N?(aan&;GDAkVB>QAu3kpzc`no)wZ4u-yp~a*kLP|vkwTi+^?>=rngg%ACD3x zic~IdFfnn@*SwRp2m{T|7;#ZQB#Gi6jmC}x19J$y&;TPCm6ON`vz_hF5=B^DZHT%K z9O@66i*ixgCY?-$mL`V}L&ZTPrcaA(z=ROO7Q-|c+sM)0r8bgQ39r~*htA345(yYnR5`czI#;WUf zbz5I5a~FFHQKnr#|ErraZ()Ct Ol5(_nwX52}O8Ou06wbc@ literal 0 HcmV?d00001 diff --git a/docs/extend/images/authz_allow.png b/docs/extend/images/authz_allow.png new file mode 100644 index 0000000000000000000000000000000000000000..f42108040bbbf9facb9fff0c320428323f061e10 GIT binary patch literal 33505 zcmdSB1yEIg6hBBjN;;%dQfW}S1ZgBh8UaD1rBg{Mr4a;_loDxCN>UIMkWxZGLZm?& zY4%+8xBK7!?9S}Y&d%)4ym98ryZ65PjdRW?&V8hn=q!g+ci8JxciMc^7!KkZ>@vJuSY|M72eJ0*RBf^rxl2wv9?-oiI(lUN6 zFTW}e7?N}zG8p>)$&@ceomwRb_4h-s%3R0l@IfsB4KM!BhYN$k&kUDM4g>j2Tfh;H zC||MCpF=t1ZlOD;t;3&{XH}UwaPy)c z8F$#SHy>}Q*9Dx^o2<#69lQG;Z+3qFK~_~|J8;3M>4C4MCgG9zOY@PkTYBQ(s%(fI zd{4!$4aQdJC#H>uqm_$~U)H-unBT8V;e7}Hxr~4PB?0TMq(oj5kvgBv7d;u021+rs z>~>!YVoC%_c}jH)HAA%CJk(o_6v27QB#zNAf1z_slYPL`xp4U0`{6HzTHRxB9foKK z=|qwivI5PV%p3jmP7nG5JGzTZYVLJ3>{VKIPQ==Lex}Dze6uL=aYXm&+YvM2L8+tF zs^!|6gN^&Ye|^fn`Y=x=;le9-ojNz`nk5t~IjJ?3o zd3weAucUs$)B9aCYpBgreWGMPTv9aX`@GP!&MjX@w()N3Hl3Zv{`_<2uV1gVhG4OK zE`LpARVFIZEsX6+6ISNb={#}WxEtZ>MzTBPz}PQ-v^!!xH)LR*EFX66Vy4Aqs}2J9 z>VO)|qLe8DGO-6as|I>ZH39bS|!itj*|`F#IXAkVzVyWC6cZ?&Caw%Y;ATj zsSmx5OzTOK-oHM|o^BGi9-cRKuXCHbu|}X3VtVv)>6}}T5L?W@{#If z(FotI^;#RVUKO?NXEw`t=e1@}fA+iiY|Tqb{VC6~;fKfP^&WgFxE}MSp5Vdyw<=|Z z^`YVv*M=MUY8}<$Yp<=lC%SwN=2999+QjF&Q@n3A_zb8_y|z|Q7IB~NDbq+3qFL}< z8NQzHyE|kMBj)tw@p!!pg7rBp&2*6+%F(#dTz!igB{D^8XQvk30Ps<&+?rWfmv zT>t*A=CRgOp0pL18l{FB!i?dGGC#VJ?%z{^&gou9drk&1v{#~qJS9#DB|XLb58tdL zC^K$8tJcnuFN3AIlvidk&Yg;kS2-d68-EYK0Lh3TvBFCwkJ5rDLp_!T>&ncV%ZQTs zZjJ4?N_nlOiq~;d=S;oxE-$v}%j}4oJX&vFH?F!Hv(gbmcS-9+A%dxAXX(qkjyR_E z!@Y6mTY(4N=F#rYM4j&?$=VIFvC1gN(w7Au&oY&1$)0@GD>c5tI+<>EHp&v1r)=!u zDB?7hx3$Bew9uR3&TClFvSxLf5V$j-OsILqVff~pJoVkr&*sLO{NFjWN0Nr~*5@XX z;5d7=v{Q$?+sk~j_3KguQ-Hv#5(7!V!5kGU z(c0n87cIJ>i+Zn;B*Ir(&1?O3UvVowrnux3LBwFXSn=YanD5pdDha%gR1D}0lfDZK zxjhn|%e74qIff?d+k#_o+p@{>*Uwj!S#SKE>CpX@w+xo@yLjw_YNv618wXtJ zADDLK7Gvy!BQgZ|1^&^GUD^auTsyILU1xfCI%63+hz()=MPo8O*a#+#W8!wlRa$hN ze5sQg-LQdaM|Af#?Pc3|*Tu=k`+Oc!8<@DahpwK*&no+!ot{XH?ZU{@u^OhkPq(0Z z_8eRNhAl+5v>VPZIM}%vqa(i6&gn2*QkE5X`c3S3HcqzwZeQlw){ev?>8)?Ctz+Jt zitWE<9X)*J8*qBCp!AKHN#?T83#$}u+yb*E$KU6f95Z0$7L2YCO(b2^joy=cey1mO z!1L_XpGqRHKBFi1fwSk8!Z4pQlN!xi3M%jJ|Gq~hfiWM?Z!VK8Dy0w6Q<#X?=ym&0 z#chQVhw{b(DKsiRQx|rvOw)X)siwvRBD(rE{MHd))VNve8+FU_6N~ZA(!_~MY4qL! z$vfvdObHutiCyOv?J^|2MG~(+7a`1$vXV8Wd+RVF^19=NT;n;$np2i^ad#zn0Gqcl zZ&KZd(cNc#h=PbxJ9h}?kEP=d#-=K*B0Sb7Z!u_QO4apbN}H%X<*{Sq*DZ+lSRK`Q zb+hQg_CjAulmAf{)9D6|c))S3nmarqt5XG?YU#RFob+9aN4^f9$=yHWg}DrI3wpkn zAP$Y86FoQV>NxgBb?t03E|B8Qr_awt=iaS1J%Qj#Gh{#6P*=I;gz0`7Cv*5x;*IBu zzFmKIu!TQfQ{~gPp2gK~RUyO}^V`BUy^eRjy->tAg6$JcFMi|m_co%Q6V~aynr5HIj|<1)Ci`vSV_RZO*tFRQxMrAXbU@*JNX{{_qMePtrDJ z#Way@z&_~?K_){`9xh#g?Pqk$xa>eNe)A?r`i={neHO9r+~yuH+c60>z@{sABJ5+0sLQS*uS(xNu;6 z=9PivGHQTP(yL^m)>T2;MHOFq3_EJPqJo^^ozr;r#ch@!=ehO2>TMpz#Pqdf$j+jyrz9lD+@x}N`vdhSbjvXV*gS($mmt7n z?oKl_GOc>czettzzQ?LQadDbPGeg4q+HJ)*HZ5vPa+vK5vRi&^usS7uw?B)1*Hl)< zdrzDYp^VNwQAx|B5k<-SYLMe5XAOb0SE8}GyQJ@(HE+@MT{Vr2<>6B9G$HF7B3A5; zdr!X>8)z+$l$ZYybsS~(YftaDH8Wt$Oml8N(cfDeFZ?wsr!1lnPOvO+?JPgVjLh^4 z)II}+A7Ln>ogA4Nls3m!^48ibYiq^k@Dw_`wlTGWY*b!0CJz3a<32x^sY#UBiyH5v z4^@+^)n_Z_XRq#2ZE0M-^O5Arix0flsJ~4sYn@SF;8kkOS4+N8xc058liL6JwqR5S zW5)A1ocat-Eyj!bC8_k%em7&L1?mTWX?lniXlB^o!E)UoxGO0Y=lg4Rn5%Y;bi;yF zm^;G@M#XLGr|R3IF7EP=6}Q`VSUer*yn19O=eICt;=dl!cA)A=9UDVF$q0Iec>jb{ zq+fHh_t_Qo^AY3IYAJlYB=@COW>(6ZMara|FD%>5<|srY6*K8x?UVkU-mp7tviy*U zu>duFrDZLDQTx3@yr{F;?oDM=a-WXSUn+b?udiMIp6%pXoLT4ieY4*>m*A&Sjy%?G ze1S!lRzi}Op!xkVM&~Km0L}*jy-g5E_nhAOJT~%8cVa zEyPu_oM>uf2&i@Xf3JU-C+TKOCor-}tutG%!ZlIv zsqSkLPt+HmDrEgQiAzVGh)KrLV^SbFZ=5>!h*$#nHh9644EIOCy zD+!cKh)mT)TlvjNG=SE6z~8 zd6tLytLtMjcgjdZr9IO~Fj4CpgNn7pR0k$6_5yzo|9z)GjPzV@Ih*SSt*eg#BQ(aw z{*KXkY{nL$*Y1+ih8cvVp2~DROQzAnj5wE){&)2v4)>rS?fXSs_irwB&y+bg&+U?< z8;I#QS%pa|X&TaFQE_GJhYJaq$C3uHVJIcKeE(r|U=c#K*OCb}0NuR@CAcG63>pLx zwqHd@{jj{?rjOFinuWz6-GN+ubRqO6?xMbOYl zI&#%gzII%3JSlZ=U}0L_}3y`&iFiyC%708ZdKcj z24t-P_X)YrYwYqJESf0blPRFBhjku}E0Fp~hlW@>E|7Mu2FH{*s+^lyQ88K>qC94PBvBWm+m+x+UExs zNYH^wOnQ4Z02fzoagDYsnY*wI-;8e0@oGvpJ493bw9N)a`EVf);d8sY)K5qhL)~{O z$F@pD|6q7I4H&h~Yr<8Df2XZdEl8fJn77aG$sd5gP^=eSbGMmty`@$hu1fFg-g!s~hjUoFIQbmU^(?UwWHX^d8TrMD`~D?OyIfx%}$H zeWAB5AHTB~0?wV;j+mK`&wNi)S~h0d^zOfi+2!=z`kBb0fPGQtMd&f0fh8=yuPD7?G6Eh8&-H6VG!IryE(U%CR4zmYV3DA;Lq+x7=Vo zB$nBiJB51mV{V+xtI(59robeK)5aTd!BGv6>0Ud26I%LG7}r;SJyXi4H&dFs&V6Ao zje`QGzv}l6U+4w%`I(HCsnb2tIq6^=>+Si^Ti?B>J`EKc=oM}NoJ@g<=>mMynAKyb zOeTjzY&lwPF1y<-27s1rM3~}igema2(zW!5-<80zH+H$#nr;@|7|c~B7QO#@M6CA! z2!*5?``zWCLvk&rv!q8L+O}18J3ki-MG@%PTGiNZ(=mwZo@9pFMVcmpW@O@ zm8QdG?zs+xDConN0XUNgB}4H2l-6&k>7hqaQBO`!j=D=tYQ7TZR5|pFrQ!9Y3Mv3Z zF9>D)avzXS-4^QE7ehNbhOfU@!vh&d&ir)}MRxEBBm zOfM5QP$DoParT$c%k)jjH@I>d3bO)?`ycHR0JCT-hw=MxdHVf+?c_1Pszd!Y%4mbGN+^T)5@xJ#^lOgAgs=L>X zV6TR>_hrfQBc5a1romcZ zlJe31w)^vm*7BVn2lu;H2IQ=Y3A=F{DR1=LKf*VBfHlyYCEMJ5r$g{qSmEWs)t0!W z;_{|fdxABm?c`dxr|6&2-J4b7)}d}ZS3oX6HBn+D{0*oEHDJgLfH9033y*Kniy*>K z@W7ppIOlXQ?%Yh{6pE#nx*SZkSX7vKV~t3sV8bNZjb|;)7Tp!uT{gP z;nL?VjgKAj?tQO!JKlG_f)(aK$Y)r>&|<3*fv|?jm-Ox&?{D6CW2>|Dt*S7I@0Kx# zW;$2kej5`?_WeA`$18T4O!(u}pIJQ?`>*;dTqB*f*L1}Fc}B}n4`uy1N_5K;k}}T7 zpUtPc{8=9?{m^yQUEbvi7vkW_Xl=Mnw*+Hes+J4JFpI^e3R}S+SqJEvv_P@j@rH_$ z)bEthuRCodSM(BPoIATvq=hy^eLM^}!N4sbLkTZ^K_-2~e54Vw8*V&tlfhQ~GF=Bl&HIsho`9;QWU#;|J zNM=Ud!n-vKEC1$*8?4A%6*R3?nwdxSB+j0WL$8uw;~XppNeq?UGWj42b*jYJ+`;`< z;;CnW@uTC;c?qgyBJW*K*jnkwGwstzrIl1&%6~jf)W#}t{E*bb8YgwZW&IhZk`eVL z5L0q7lb<`MuL$7OE|5$Q+Ej3$H-;P>?yhvnX?(WuFnDXPC;CvZUO8xmo~3dGS7~!z zyV6qeZIn;#LrcK+yU}6s zL0U?9;}x?-qZ05$H}5YGoSyaKey7xLYi+L?Y#k88!KywCgGF%2QsH6i{-T z*!U_Q0816}1gAF~6>6eSCF2E%IRq9z0lPhItW-#%tEEaki0Bn2_LpArDf!fLi0cKGa@n&@aZYG!W=499G?qbYi&siSU9mD?Dz#Vx`HOS_4 z%C;#p`LiKBW5dy}cLAT4%{crHVWICle~PoFjwV|`jc&CoX*x$;Iqmn}_M|-Uq}Xlg zDZjbdcg5fjN`|3%3VG$Eqmk2f^=9L_k{KH=g6*6^MIt^+0*CD(N_|1W7?g6BW7zn; zBs(`B@BLVGmy*<#kfE5Wtzp971sXD&awq(PR-iA+SowQvyTvCHIpxddO%EoC1baJB z@LN+?XvJKz5f-adBdohic)FAHch`>>9sc=vShe2--pk`)@cH!>F5P}BrG%T>_n}m~ z6?GDKzDHbxju9i(r2Wk~ec{}gnZxjpRt(stb@OQJL?Mj9VcWEVDaAG1H(zF#nMaG= zez@QndcTx(qn|5$AN6LOv6(!zZI58%=d@<{!S+ITs-V@)1+6$47Ry?8O&sSq%{@or z43Si4sXFrQrBrj}LLsug9Y|c%*K%TEea9KFdnCSz;GVpyH2N&ansT<)Gmdlew&wZY z54;GtC%Ls^<1lKl@unK@6B*v z>wG)yB*9;FHsTYq05SdLFjni)^hz3YI19@dJetdAt1e74VjiNe=qt$rLm#F!FrLy3 zVDe{1M~M6EjLkf4Q()hSi?T7aYNa=I_EG!Fne~9o#UXovn2J`v2_bV&g6Aq{DA#hGQFQ3cqgGs0lqk#UzE0=&^SHJ51l(HR zOV(~whS0b_p`L5?d=&95l}U=M3^ok=jJ2HdUb2Ci4)J>HV}H{rA2Z2-$R}?6wdFz? zBym_yw)cI`j!*jJZ8u5iT-w{5TsTohCj~S;EEPXgdxwbXz%f5SNT#hN%dBeQCsmb+w_$8FC zvZ;Bh1P10Y|BUx}{;#bf@&e7}Ij^%0LQ~{~q|liK73HSMeC;hCM-{oR_IQ1aXIU=8 zZ3vEU4M53%56J253%FKlBlt_ZbtfXTpr7(b8K;lu<-LYtU5WLGoXk1iB}+w&N9bRDTo z5ZMMk-g|`}Hfgq|=%5PnH?u0L0((&_@bJkY+eOw)M>?Q)YOd=JX#e9Ha5K@uWPI*Q z{YPy$Dg?tPdFb9M+=)2xvr>yTpYQ+5B#Xv!DZYef+X)j1R+qUV!t2?0<=n;AuSV#fLT>!vFCk zB5-cC-6dMJf4Y1td3HZeU$o6%4L?4}372gtU&PhbwYrFlFoqtzfuVcOO|eYwDTNS* zLIhE=_L=#%AFk1MyQ$JlEu$6Di%2$i_AM$JLW>k2kCXtx#a_NQG0MlG4orlTRq?m} zwegzng6q$FbYjP5_)&SWFXA{%^PmV7RTH zg@peb61hbfLWRC0@qfb~WR0u6$oqxja_B!U3Vwk+lV3qk!oOo4WWLi1vRVF{Z$FsN zeqrm_|K^JZ=BxWM7U8DiG-#A=Gw-p?BWSe#{JiN1SPR7I+Du)~t`zf_)(V(a`xKi^ zHTmm3DAq4!1J2$|7D|wW&{)-mO|WjEAMb;aX?{tsMuz8HaQEAVPq&x#OawU<25q*scI(^@%wuvnwHPk zyMYMp(Eqzc^jTrF45NO2Oi(yS$@5YM)asEcxysRCE?9Y!m1?sPxBu9kd>{RyX*$RJ=;V=w~n zgQXz_7Kqx>-kSCP#!SeA=@>b2i58P!D_pK|lT05yPP6;zpyGW3j`eG~x%u9&@5Q}# z-|OF+Hu&gBc&)ya5SK6y_{&kDfahbPE{xA#{#x|Jt+cJNOcp>op3&)~P{>9sov3Cq zPVgS3fPHV$#V3di!Q2b5`^F@yC&sFNrt$ZrZrK@PfT-$|;l{)!0KikG0!YIe$dk#} z9#QYWqR}Tc;3~(sh?_3yt%=BWCx^Sb3;f1!R34oHe) zDf#A0?W=x!s}}(cCIQEz0*DjqfYsu%d9gmPxe@Iq2)x^AoU4-HJJ_P7m+(*l%)~)* zW*bVxAc6ZqhW4is2VT5fEp8rxK}XMsWbpC9wmJaz38K3n<6E6%DI~2rWA*r4Y6laV zWrIiN&I7;U#3&nJ+M6!UYAE%x4H)7ie5QLl7+B{PZFj*~;9BFqO*FBEd%9JEm@k0a z@MW0v|9#7P1=MUVL>IL=pRfjiNgdc4MQ@D@H@NUwAQA-&kWEL*M7!jsU73HUp2WpM zG9!15vHFE>5E=`=Np*>7quSDFdf?f3slCerE1TA7R`(K!%^j|d@xA7m zh7WK}K;6nN!2I#!2iQpXI(R+D_*lOPI6HoOt@ub16`3MeYsD&(ta=sBoWUHG3>2()v#Un<9W=R&y`o6|)3Y>ZMdL&KSpw0!@o(_7d~_ zeUN;M75yWKnVy1wpm+(hcDphr2sh4j$Su zWUlpCx`E{Jo2ABjh(-r{;%4!dV4#fmFVnXwMBAreE783YDi(OSR2X81S#oGzX&GkB z8~5;Zs~tm;XIX(}kt>^?=Y5-qJVeQ#;H`N=%BuA8MCCYVR5?Vb8`4@ND);1U^CtTt{3+)2o)1YD_hsmm*F_>#8%qpf)a9ROVz>Exf(6F#I-its%2y zghTU9B^`#XE>h#|t2-t-$z%|Jr4koo!86J@cL`naWvG|idB}pUG##g|f!fyEa zGl?GtkP>7({q92Mk+ASrhE7g2%WM|QiIC_@;)Ef{x&y9}n{nQ``LDlee(ZW;P! zT~Iv7{Y>RKlDk?sAu4NKmXgDG!8m3G8j8lB|Gfvn-pfI7j7|_^K0(TCtL=~d%!>_z zmR0eNd}PQ-;PFD`s;G}hvOkU&mfBu~t??dC#}l@EOwHONen9QuqMw4I z*94_t1N-i72y6cmBY=KS>;)gGr-=Y2+*5xpWV2OCkvA#a{F9}RXL13mzqmF5Ioeejwbzv!a zORP*Y^HI2jBvl-V+}9$ZijdD{y#+AoV6(&7k||=Pp4=hP;y^AC1$ux<9*evk_B~Q=FlRMv_e#D7 zQ<}K@e00JI1o^MHhd^>DnF2kIgzi5YI(W_yD?@=snk9XfnClA)UgMiWcYC;Qz4J;2 zXIPOH4iSAk1S+*^$8UMS$O?h4sLO#U$N*73S6I!w54+S1Ola{jkoG(;mF0c!jaOf{A1MQy$DITaNxFbn z{4nSCNLDgNzV0fLU`3!9sPV=06ApYIiidE)zCRO`5#ji$mdruB$!j0iMG9b8)xi*u z+kh_7nkjw%4v;}x0AJMsyz+r2kPIx7dahDTo>`-xy(ZIznXc_6^LxU*i!o1`v7U9dTl1FppX3(w9qN#^$q>dp1vFv?i9Dq_F;vd+ zYE|FYk0Y#hE$<#;6Ou*0fRs?I)B%3NsLh?)nyCO2u!*rlV2_6F{DBz{}?6T?*{=(?Y6CrE0i-r~1*|~45yD4)g zCy@O|h;h*>_gST`dh~pyPnpZid!_st#?Hlkq>v`HnGB*EHxJrhjt6m}F7T|09@5Zt zycWgsze&h^U18c2{Dfg3)@ZN$oj@#2Cu7@gg<_)U)@Ytjf=qhA*~JdjdA^&Il}DVGscHJNl<<5KRg`pJtkbrrQ`?!w|gZurWiIb%~-%S-a&jnC+e7}4@N{5~8a&XXnA{6N%0lmgbGa;brtR?`OY z7R~Ltc`MBcB~Efe4&fk8kBNhr8H_0*850G26+& zRQq)k6C#EZVn;N-De8adG1r?V?q2XrVZ^f|l7Y|5gZ4OV{`2!AzCwDnI<^1l-h}OoKVSC~A=lXSff{!~TLXcYh`#bNG`ELc+ z>GYU)gHD9d07WLHb0N%`k*OJgd% zHDn;x(M;jXcmUbWK9o2`YNF22x?BM=*;iX@xBuWaEIJpN;5%iZ9O4Wu7JxVH&(~(m>oEj< zPtbGedK-G>TSS$-3@W82u zHc?Ir!!SEyXrBNANiPHv?*O{0a8iyS#W>`D*euRN$S;0_T6006M?Qe`$e=@|9|Eb1 z2C_`At@7}D3>5R04>cj?pUV6ZTvo00s)?hzT+}g0Mvgi-J$+W0nZa6$y|(jg*_GKu%Ccw94X#Z9(Bi0B#JU;TKsF%Db0np~c00 zSoV|TZFuy0ZtwQkK7uTQ`W8dHzZbE@yku8dfe^2s7T(Gy|w;FUialCeF^!i^` zC9Ou^^T=Bq0#hKyf+nctcee+|Aqe$e1J1tN(leQcn#L|1m8^0y;wE#Ug<9Z?ankN1 zYV^nc?b=n$P+_t`uHr;z)M7_}EM1NyuVO&9CXHdXS#x;WtGrX!V0&9WgPdCMJS&;_ zJe>GaMTiMb)Q0axJmcDqGQu!kwW37h)`Y24g>hCF!H;>(jUIUd$!gVJW(`uJ3p3mq zlP+2BF&}!Q^xt_5gHgN0dsPytM-cQ*0CRUcsEg-6JbDR^_3iM+{^TE6C%2&zAjZ6T z_pgdBhoO()Q8o2`BKXb72Nx5n3F>Si^?%0|=ir`t#vxuXjmSri8t`WuS~4ZS)}kG!3I1kAZPs)4rW+fW;+P$TxR5b zglx*#rnTX@BSd(Lt(`Ey1elCa_`LFDSUq-YNE-13)%zi|qta}TE zVCc60`jQ0-ia3L6h6|Ywwp7102R1WkKJ z9gKzhEg^?!*pqjAS!8%R|_l@Cr7_i9vp0`Ld!rNuuZQab$e>A442M< z);b6U+R&$ggTuo;n}^MA$KMuW;>x!G*Z()cv8k;6;0>8Gj<|m-5UL$=eIk-c7~7&P z=Ke_xrO$|z3i{=__BycSbUhEMbJY-S_&s^QYd7$4$IchzR_m4^bcns@m&V=}^MDuG z}*0iT@*tzpJo`VH01tbStO5$b2YdQBmg02w+O$lRvDt@yG zr>O=^Z}E_3sgCze= zM_!>MU?U-fVX@V=Nn<0qijlg`r}N^PHv9hySI5=7ai!V=AaQM)?z$|ba2seQa-PLi zZ2(rae}?9}6y^a~&Qf8t9=ro}o-0quPQU@eWe^BPprMAq?DLy{SBUra{B^yCdGbi! zmpC6}NN#A5^I>>=kBH*gW=F>%u?5?%afU3EC&9J~9|dh>?Z0wekqv|z^U7fplt?^g z4Teyy723!2VilY#(8?;K{P{UuTo#vXLL0|Zy202eh61XP1BI4)IIbm;hGt^~io zu$J6Nx(n}@aEpLfq=7Dp|5NnRBqh}yHBC=|UCntT8MMM#Tc z?gbM;k;NEV@u@+HVUB+HY<9C$r5tJ0p*FU}IWC;2jf$B5QWH_%wYMX8pcJrY>Z5P@ zA?4hfMR?k^X_Hmsh7prHilg>;N&Y%>n!1*8n1l`foGAE95o0a^qtvLp{s4s}+4S3= z%|jLcQ0~4~#!l|kgYB5ri8@`gz?0oP8_IC{hPwTkjDGjMhRpY98ActfEu{WZY|#*1 zEAY`v$Pw$qnq}GRC#?5PuB5O==l4s#pfSQDi@c8Evrk+=u}b-7bk+z9mccz(1}@}x zPh(jHpjV(~p|ef8yDyO1BJ`w#&N;p_upBRtO17PGgbWie^f{VyIlk!a`E@Z2{^nz$ zk^5q0dTqKa&h9()Y&}B}%Lix@S^-ajL^0?G{&TwFvZ6OKmxF2JHcyz*la@e;iV%fN75i$znEaVs$zJcDnZb%vPyiRU616bBVK)*X0A z3Pg*HKr#<=5sGU|mHp%P6Nvs<6n;`ENH!p2mP^n=BO#8+fJC?&X@sN`9`gRUcQMx3 zCHFl5VB~gZ<-?7{Qqjz6x`%d&?pZv)8AIGtsj4ub0SW1d6gT4I(S6*w6I}7O9}uCt z%Wl1618d0B5)$Q|r;e1gib#%W!kf;|JvMxZK3TH?T>&(Dr4nnhv9$xWd>9EPk5$e)E*p)0&2r@57@=53QDeeO?!B0Z@7fV|NVx(r( zyc*SATnqHC{O2&FWVX<&EbKR#{*jG`j0qHI%od833u~Uewbh3Be^O~M7YWj#<2coH z3;3f6HGXhz@qowobR$CcBNza_$13_o$TQjf;EDT_IU(#L^o>vTRY0mghLGl`tzi@A z4^eR*s4$tqb|c2W`PT~fjs1|?#^(7F=AHE1-$N47f1iLE_As~*vq_Dx{-yE_MJVc{ z2xk8)4Tyv3MDKlsBzv4!(ZO=A@yb}R{-4=b!OerBoR_E#L-4_WmYoK^6qYwANUon= zmcJy z4nh|?cPcyrTZcA77<3k?R$6{QW#BTzn}fnQRBHV%r4}prRG9()&kllYBA7;s%$u85 zzrPc0wURJDS^KPSZv7)2Y+U$eG|#2)dm(N$1RRGGGnFk9tYcFz_Sd>vc@i8oZS5Gu zA(kj06!YQU2#cLj%HDkOe_LodENHGUhUqQ&#H80+R4Cs2?=0#BA0ZiZYr?(n6Zl~6 zoE{$tc`RzPn<1V6j_c33THC>CSCtQG|Bs;zaL|x1*uZqRzv5HzB|*m3x=t$RLd9d4 zjoJa=3kdrB(nxvMrSU02=PM%P=Ul@}C%dGebqVQs6S8PQ3oZq6Lr=t~`wM-_s2>lI z!Jd}DAh7Z`?j(wN{j&22L@K;_Vsdd`59LSMs34L&- zBNiczbTOS${1)A{sH(I%2Dvo;?D+Rtn>fU;8IND(r{eDPwJKRP?;V z(5txw-Q(}=!>j?C!!bGiCN)mBG{}--dyHnf?vlI?M8@ZCtDA&WRpN;IZB5<-8WQYf z^7gdS#aP6MbGNcJwg_oGt-H4f=*~$XP zVOPhLpu70IlT&fC(2Np45IqN%k-oq2CSRO;zNkQ7jt+fy8vSqcPc}>bt7+x0p+OtX zaD8)-xI^gsF#PU%&y|V9_xW)Hvey{jI}uS=${sG}s@(+cW2JhT-tq`)fw#CMbIzj` zR{>b&Uuy=a*|i23yP10&1g#9onmR5klksybzxC$9?D(T@d8U`&pe!9BoCVjwfcKRG zTWA=6>3HrDR!q|}y2;yH;W?Dwrz0m{5Gqvtsq)EC;Cf;Oa#%lVi#c=y0|Cj*J*ni) z(6<%MBy09-s=1tU{&tzP|KZMHgRlD>FE!B6(^8R_=KGYP9rL-UvwqY}JpZ8OCX?yj z=$H_GItZX~k z(I=wt>X~c)Hfphw{{IQF#>x9F>4wc1hJg^?$4M)?S9F|k zhI6oW7a7JXN+qiS#;-xC}ooJ8~Jcp8R_oHWF(nE4W0_qW&d{U>9I&BcAYW z|6yHWGPwYgD%YVKO8v<&Xn3JdAYZ3@r2X}2LmiL?$6bUiKmKJB=5%|2(%Gh7LSwoEv6^&%exs3-r3b*piU*zhlV0kaOvRKKzx{ z;^oAkHfU2#@%`^O38@t((0DRYt8&@UJQ`w<`)jna?ehfKfM4zd0*mw==Oy)qX?cOT z$n}nS(orQ^)Bh6@UD?$723WV27{JhkILNo9@DNY(V=8{W^@inN4e7IR#I4 z9?-#v_x+;L>%3?NN&OAJT`+=lL8uuLAMFFl1)}B1$6Vm;5WBrq79EVYDhQZbw6dAk zF*b1>Cu#-F(lb~A1~Nm!7?uZsbYc?Y3j7Wdi628m2h zzs&R^xOd}0?mFns?1bS8LC6FQ$|s3IvKS=3g)!FzpEdh#7nGd1Y5wO0px`q#ber$F z2uWU_bq7e?BLx;uy-&!Pk)57=u=e1^s$U(S^9f+kA{=etkg$eo(krgDRdG z5$zv6AvhH~wC!@BFbYCNsfjlYw#$`^qmA{ z?q6Wcvax#qp$zk0f&v$mlw=MJ#G8|^t)nJAj}RjC7;N)Orq3?hwX1$%RQgbR6@!ww zg|rciHke~HF6fKmWB{*x6ztmv&;fIFq0NVE<0=|=XJvgRt2R>*HEdXmivS8uUWwaA zGvKm$IM6HyExZ?wmy<^U6_C%!o31Uv$Qhi6JYN`NUyLdSShf?PVme|NSn*v+MYXHp zXdvvT8!V=vFTyN%Y~g6Pem~0Ta0fa}KV!BPA>88Zh)N*X1W5y~SR2rMGiZqdCQrGt z#_)MRJ;a1{h$oYE0#8w7Y;u)aB&5h%Hw=PZixDG7zN#K%={!}PJI6-CjRe%e!4jKM zT40H-Q7KateBM z^P;SMk$5=`v2T)-mXSHQoiu1v7|#EHMtLFE1gci>;tr7idgY`aim&PBsjvV;{{&g6 z(C%iD?3KfC#*S2>G%^or4H#LKqT@@9s?SnL-vLexzSs$-GuRpgE zSac4MAd+C&cR@{o`e6>1b?D#qDKW#ZE*2fD0Q1;?1@_wNpGRgR!NU;b-Vt~E86Sd$ z--Q@@5f>Q}0MDJj#Kz>mlhEpqL3~xP|B{xHsLp4C3`gjJt607 zko^V&G6#x7J?*_I*e5AS9|7{d39wJNNQN_*dzKkizR<{!(96fMc|$CLFY&d+NcV1U zdXe|RpJY_c89%sp1y=`a`n@xFI>;W}!Mhq#0hm}G2^4RMSu$h;n-G8nKZOmtWNvf@ z9&al9&ZpV10lL^4wTc5@h`~?j0}1JEfi~f!c(7jFf;__suhOWJg2HgCQ1(Q%?pXq{ z1Qi5igC)VRpx^1aEF>3kZJ`DJyM4?SY}OYjXP^RKLlZgDD!puI zk+)JFE$5^d99$3QnqmrsGAIuW{W%R5V`@tn^~ zJg#kK%236I&^3BNE=TmOH*k(gsVtZNDRW5Mk!f?lEj&J@S$OY3GQ3_y6^ObyxVgTK zRo*06?9)JerLAM#f)AJ8S;&?2-sF{;4ob|+`%Dc#5LWQu&r#V!!;BDe~7>jS%CV8^sHR$ylQpr)kEK3G-f#I3pAit z7Z$MeYywYu<6UqPX=JIyy4>KQRpIugKEKBcfecHc%m+Q451fvQg$pcOTtQZ{zjL-+ zTz*LlUkc&4Q(%!Db`3}3j00ytcjWc07PvS-<(%MYy9L7YBPnq5dkJQEL5<25EZ5UJ za9`+Q5Fe0rbq%hLP(*Bfv&s4dJ0^L|Gu#{Xh1J}D zH<@%9uY-p!gINtIB1`>6!39Fs z_C*@}8qlvfscBZij7VI1oGdG8l{QoPJ9tfDH=Xa+h5eL&m2=@J%#1AhC?~MUFUQ~CgolF`neL8y3jZ^(1R~Q&H zJ>uHw0V6ySwwnu3<-EK|$@8@Rg=~q<{_%F-kd#P)WICgE;8&Uv2GCZ5w(;6a`mOF! z7Oz&yGh86niFj#ok8uWk3`r1RU(FgyMOdX`c4A1Dyzj(y0dJK3kjP*wgM`a;OLiGG zBy;{~y-64ASsbVrCYQ-IlngWC9w2x~f+KZ2T=WHK$6b;nkA*@ik?}kT!fCkR!f(ZZ z*+90~j-n&`@pzZG#(7Gg)%R!2`Qyc&;J^}8$y>t;i>oC!Q+C;cQ#s;$!py}YBEUBB zGI6y<*#AMh?a?sKB>GO?RAHjM^0`kq0(>H9^X)b z9QKOJv@EFB3(0aAEX>)8GJ-Xj;n_ZS|L9FJaDD$5GoUI(2O0fb+ajUmX&06)6|8tB zbRI^S0sg!;YX9b&5NefcD=5O7bh;7ae8vLpTsOu10kruHli zsaisyYN4P=Q|=*E$&k46L1x}K<2(oYeZ*5!_1*R@78E$V{kWGwrewYfzX?Suh>o|< zAy@hPbGR~0O377F-D145&x^qS)ws?Mc#uV+!}q9d@8}C2qk1fvP6rJ!5PXM1Fsc}L z0ULTV>dk14{ZN;)1S1=Q=~a+tNEGRIllser(wl4PBXCIus;oUbZex3L43hiEz?1#I zDiZ#ynEr~}a5Ll+EC2;(1p1{al+M>Y> z9?jRFLAoc6K?_eM!g)E(#(0CEw0(%A9X1d8G$2HW*N)-+KdRu^yaST-X4hR5(ATSQ z-%d@Fssc(5clT?rSuupG%d-uj-f`zRk5`wbOW)V$oB=Q`7Y#*sr{Tk@ z`eC+sc%>9#S~-N*%IFN{samZre12{KXFFJH8oa)vN&`K+zy>N4(Tin2p`L=b1|@*u zQw`if?C_o?q1*3K$z`|O!V}@WTgY2{kg_b_yUuj5IWQ1$Yap&7cs~a}APYSxGbA}c z*NPXNdY}tgn>9{)FO`5=K+c8e{r>=SgRdimYo`li0|R2c2L44g7y~O0df(jEC#5|n z417P5?{3~Lywu;v^pz%)Twnk_GZ_jY&Uy`Jde6yY4s>o36+0|eTTDE$47ozhjGqS! zS>DAQs8V>d);-spiQrU_0X6G(AgirkS%H7mp~C$MRu(r9ri#oO>vxui)b&dYS!7T5 zbEUR>gw-ZM!o7%3$)k;d@A?Zk(Zdoj@y^{}8Rlir1WM~ER5dE4#&45cMC}HzAr%`^ z#Fm&hn`KNv>!d2Y?^jg=RAXz>ku#tIg z>L~|WKLxh(TbVeA)@k$R7ci%UmGcsX%6tiZ(sEYz(dFs;236(`JPVMMDh?hVY->jV zM}Q}Vv2PK}I0tW9(VITMab7?#DB%Q%6tBl{S_$!6gEG=i6zz2!p}Swd^=;Gz@x&qUQc2R&y! zg&7ik?GGNN{4dpgbx>9NyEot_50XlVgtQ0>qJVTtsDN}y3W79%g0}m%;Xd40h(E4rL?|o01jPQJ z9HBRTe7Bo#q1o+6|LJeBPyb-4NOlaVU~$0E({7obO4A)<`oc-~UKfm_Ec60}z7q|E zEF@Nc;NeA9R@r z??quvcY{KgTmzft8jEpcC14E!a$dqnYt10)mPWOCY7~;;2!__k8W5*RE!=CGGzOq7 zukc>$mC2(p5{&-V-F5bnCuL=*f&>HTn~OSwFta^A9BIOkgTC8^qYY-!WB zhIssd>D;?leSu-gXfX7|y&7Dhh(mq~=sH>65;BTHaqMu>B4J+`&~Hl(!JPUq8pKRW zyc>~Q_7xxbY9g--84Q0OzOFJ{ zQ)PD-^bnjeIu4704pR68%C{rhNFPi#-A8`Enc0nW;V%3C%MHj=?xo^gr?< z(24M>vo?-k0+Y!(qT91Ma+wY9Oc6DRvS@7pZ!6>!RLm+5Jm|3+UB~2;7={-MJ%k~5 ze@EnT?Sq_8>`P9A^GyAb01=8(x~HGi`;$4@i9vzQo|O2I6_ATUSWDc>&+BFXIynf7 zwrLv)k+)5mp!F4;NDjYXjLDC>=XKn_bY?#Qa>!n*xiQY(zDqA}3{rRsYU-H^54LRS zgt%a^T3p65jlw4w*Tqym!ZB;o2nAJ?il|5`Z6;A-M}RBE<~i(=53A;amE6ogt1+JL5%45iJoOCL8haJFyvZ2o}3h3rr2M96K!yBw0LD?W9 zC4WU7B%V>BOM|{J;9(;?weVqXEMC9@WCLAPY+M%*5+*h?yWsMwTko*mCR5Z}GBA@C zH4{jv`Tza;2#=U1thHsd0y4CD*IXV8)ou`|vy!3zB46yH3%K-e-B3vGrEP_X`O|Ba zQ>cYRe@TR4zE}+JN_W&{{rxUU8}dyE&A16GP%O9Z`EnHywS9vx7qH}j3m4+Ud85N~ zfotKf7{^X%SG2lL$iewPMUoHC<2@1|D8Fq_MkmF5l?iE#UcBvt-~zYFVPG>^YzQBe z{98?wWC#JWEJC1Ko;Xa_+JC()HX%yJ0(W6}E?2ki(L!fR;3o-M=PdX&f2jZaiq7;O zl=H#Yw#ofq%`U##!mJCj@Lb5qbnXVGD4u zA5RTQ-xr(*L6Hgq=oZN#o6tU>`A+rr*W_2Br&mG80!nKPDfB}d7-@q~bZ>oO~?0666%~7@3SLX=CmL6V5*#s<%58O*QkA0vcLNJWe z){42m16Uq3;Ir8PZHNcSq{2XfQ32*T)QebgZx3Xh0Sk|8=mg-_NZs6 z2W5$cytEGhMsaqDu7*==K;YhU>T=0>rg&s`d5XAOaksS>3 zfRBTNmF^`7A%`U<`ySo8j9BGI#*_po`g!wxLLrNwyAwU~gf`|IP&o zpkIrm0`cBJ2Ff__d2wfet;>gbt^yX>S&!v0|Cr8EK9(L|K~dXlHi-xO8#S6KD7)_1 zPl)Au2c6sGingyeL$wQ9BR>0P*Ka!N;ClM+3&?IP?q5<=Q z`BgK%4JpaE=zN>oza^BHy$a=_bg#?wzg|I-P%XK)`*HM%mi;q@7-O zN0Y4&VpUH`hw`Y;JZN-AqkIbGOZ{1h-Pn9lBi{A3yvAd*q)*>)JaRHbeCS@H1X}ZS z60j~WIuzCXY@)lJEo!g~Sg00bc$VW!;J8+N4>o*bA;j(vm8ywiMtAp?d>^Bv8(_P6 zpy7)K<)IREXj9;biiQq>h$`p!IYR?LJ6Mr-4xY*_(MM$L6(f}D>?0(>ej-@BJpPRV zWP2!Uw{hpWgu!yPwDkJ2`LlxE_q0!mDYwVDYl+;=MhMPu0L*2B>uebq0gnZ!GIhJx zfJP-7rP&-Lv9cZ)xI`eT^)<7^q>-%iZuZkL}jWucKdh0|hlxWp>dhQah} z->8*-?XW(aVu2)un1s|t=n-x{ra*R}-$UITj7Rzf*DT5Z6pecz5f;D6nfUj$P86VY z9=6gC{(LUeO>`WYmhivF@qpI@)|7g(e|X1Jz{Zi%Dp~w}J-|}CGyCcjd+Bd+#4ZJz z{ym@IE7pSU*FLAt7M(_+5Vk1e(>iy|`@wurKi@d_5)SVdNI3S&8WdW@kj{xO^S}yW z@#r41fFlZ6^Cn&SbHqBB5C6aT|4f$&5#9>?COaVS4lJ;GkstS+>7?hgf5$dK0>i2X z;#|X?2F3ZU6Ao2->!W4O{d@Lf7+CoR1QVzLaIAm}_HKL(-tEVMOiGH-L3~Sb9f<)= z07!doiN?7NgVpn2bq#bq@!%v1Yx@@a-(pgSsyqe%HbgH&}2pkwa}SrgwwGaV}p=VKaJcnV2?oP#?-c#Ie{uWE&vm9}2bB~=IqZABq5m<^D1yW#9_#1XuT@z62uT%bME zN2|be3dhX{i;DI9|5ZDPJi;Ow=O%F=krPXnKH5*?YJH5 z7XeFx?U37r;S(6nUjvr-dVuoA36|SFtTz@_Q--PmZ^mOh^R>7Ree}l|7D6~R>3kwMwI`tZQ-~s zkgS?OAkm!L0Q375WNjDKx;4pTIU@dF7~7F_7yb#3PrJJDO4{#;}kdGab4IY8~l)&Z$ zL}GmuoNIG+i~<21=dXG3He{J^?MqI9xa@U3mCJ{^ ztq=#U>ApkiJzU};R9B8U>V;VRO z@I!t9BacZ51PRU$%k_vo@b}X=D!h<^0)mL_+eEe6zcIVz-!rfRlem8Zl?TrXL_LP8 zG+pLPkOAqktSVI|*ypu9fA{5^zx#5@`65-aEjy4sj^zXsxPI@Id($05)rSEV6+zc8 z)cFpgNMr$YFdu&FA}q2VVHI#sm}$Rt_0}_esUc+42bzh6tR&yFBZV)|BqXl z@&~@2w{Vus9ya})u^82xzbH+R-bmFb7cLc}Z+ZUW{kvTJ>T&UjRJSdUab+{}a6%na z(`C-W9h5HCxDa2K|IKN7)w9XHYGd7K$@}2bf$!+(>ejOFW9LrK&W$G<-kt89&Ykq> zB#sih%Yj@g@B{oaJ;HZzw8R6Nmyhj{dDtiQ{Z|bvEOPE18>8z6W*a5%HTh>UdQl)x zE?o6K<$wt4AA-HB%-{Gm^eTV5$yt|uar{sAsJAfM@AFn6*cn)FWCHBG z@GVel-iE-{>{{A@j9*_KRsq-leewjkyL3^m=UOb^~EIZcg zM&+?ennm{z%Ck?$dnaAcuf~KObHVJB%r~RpTookNv0haH5H(a664D+Ii1aIFj2{?q*Il8i^H|V`2T@<^=FiF1g+<4r(rk^Fg089hWw+VD z>FR3K`qRtDj)ZK?hf~6wb=cII>C7Vs~?tr(I|v4 zQ*2(^PSX-?JJf5E5#wmA)#cuLbZF^gO2g#N9?|>BEpUj^@e-)^;Af`lDjoj5eiUgL zq?U~(pHY7S{Th>`9AmhL#p%Nd2}j8;cQ+vln`rR}P>Eb?x=dky5RfwIWL1^8tjBfl>ctfW^KkXw4r%E}7jDzU3Z zAazp=ItI_z4xvIwY5|+u2$C!EcbH*Nl=v%^{-QnC*3-`v0PD$uGUe2FO|S(jS<9I; zjPRY=w1o+%2pbWSxf{YPEHY0^0EEfyvI3h`pO$U%(e<4VEK!zv>0gB2Qv(ar8h@Gv znzh(ZhMqiMovTKxYy`bUTiTZLq6RJ07;tdKW;oW5Dea;Nbg(Arg!4V0?fKveK^afI ze)uY~3cx-i#-JzM@ zHFq6D6^~Nx9vk_b1{v&t@;EGe*+6g>LkrOz<9^WyrSi5G!g+3=1$BDu}9o zmhw96*N^>AAequ!K^UdJebq&MpJCgRj^bNWlx14p%XRo_6%Ho;xLBjFE8{D-Q>V=n z12$h~U0+lEfjr<`vyefd0I?G#ADcl=!vg@2Hvc|=LG=Qgz@^*(T9K1?No_?CTgPR4 zW9b~2Itq{wbNf{LD4WIiA&jB-y5^l8(*f_-#wnBD8LM^SWz0~PIsh%oA z8LhlegHm~}?xeH!Kk0?gg{f4}#Tb|e^WG4%k3l@_4QLBvcnI6;)8m$5rfI$S$slvp z4AFTI&Y@x4TjI30{;BQh!R{@wpmW&MeUKwzZNDlQMF{+G?Uq}{QC&1u?tWMCRdYUj zSymMfNT=@ajC4)=O?{WUeN;!aZ@4_n(S5FQ+6r1JWwzS>Fahib6sa4*61!3m%i9W< z-l&csAFyd*J((n$@x9H-sKJ1yFYG09M74xJ?xMbMXY{~uIWhngaLLkK?;TbL3kk-D z&o(=-fphk@&`%XZZnkZv>W1H65~2wK9jx`rJwbI&{7S^ZMIoE|R}_?GAu$GmW} zy$5t}$q`Kt)wdDLMUdc#=b&`e^^?wX(14Ox`q|YDoqIpIQPj*pd6mQXYz6S-NWgJ) z`*F>#oX6U1db27k@5l5&$xD|o%jwcL_Q61-OkbByq%Ky7Q)V};H%G68-6yHqo$$4c z!k$j*8J2C9WlzQmM8hh=YK%LrSsDW}uU2UPT!@HlkFx7*k{DmGfccFFf#pbjIQ7K2 zGY0&gS742pf*9p!SZ@f$-`j;|Uwd1RKTebB{({K4FrDCV zNN$p*i%BU0dwOBsjIYWsk1b)iC$S{(ULm>kkPhs5Ww7S=k>U|y4wc@ewIDS z7)tmRK$*VbNyBCSx>;2tb~mXd9a4E0o`T?$MCOh&M5k0x*uo`mYHM%rcLQB?&nlR= zzHjlA4`s~2GvEFQHPq`K0QjfOL1i1T1~sKq{kj*OcX;*kT z`IXUD7+VTF(#as3X{NZ4!wV_|&CdE@(kPm0&>WsXU*|+V9E6>Rr^5?okiiMKJc{*i z<~~OW^g@EfwT$8Wddl6lHmKh*(Y1tdO@J_mq%b`vx>eIQhs&B zc_&)cy#2$6?p>xEXE@b8Jl-1GLsm_2^6_%*A0*dR^z|$*EdcLtj$tURK^(ybO#M# zk`#*J{REqs*w8l3GT`)GVtra2pTu2%F=@*9U`PK7(mIssHzNNFwWtId*l! z?#;sMul?r{+wg++i+7amiqKIVvoS}~HsY6DWSiD^U|+AfzQ|uu&C5#!hD(J^y8d#c z6J_r|?-XjhucN8PfZJZYu5aXi{StWoJ}O~d!QMBy7eOwXbBqZ@&1CI~GnWek2uV5$ z{p#-64? zJF8o6YCYF_b(?hkQ}t(6qWCFRByzTK`S`~9me>Ihhf~0`3@D!%_-Yo)j+xd7F|x(1 zHjoKLyv0q?CeXr@#8r-<33g9gifBs&76t(91$78C4|TJKz+la6MRCsJFa<_(K)FH z<6J=2UIbG}y-8r^9SK8_0$4lz7G3+{*`p;cjR<8>$naf-f z`vfTR`A>8(oAZ#2i{`&tBHTSX^j=`g_rz>>6{ID31h}uL29OLxCi?T$?)1f(>7<2j z_rAh~7Q`jj8%d;Y2r?@6Oqy?ksF#IQY%N-Jb1aa&J2F%_Bke$5`SJzFWUTpW_s+ z)1Atzw*>nBq&r;_2VOViuy3&loziWY69^EMt{hnxka*ok_z(3rS)7F1fe%SCRfH~h z;2yyhLeaYHt)$T%D<3Q+kT&%N|=nd$J4bhu>3H1 zS1s4Ap<3r>gUROxvf3f$9L=$gaN+yk>693JXn4Q9#T}pzq4#Gij;MHQ9d)i^49B*H z#*vwH{Hi1*(sVeK8*q1?b_mV54doi(1w4^zn^KQYH zG+(;xgYdW5zj1|v+vxolS8m&S0-mJWN+Nvvmj&yQ`#+`jpi-VKs9aHMr_-)@dh1&0 zxJT1sp{O!3Hm9qXD%umrdEm1+ttowJ_oJZzb1Areo*EXn4O0wW9_o7CJX>pO1gX3A zTdh1`885bT3H!B_GUpon&kw$nCw`8YdNc`t@X$3j!VxksEw$qj+)Sp8hJi-7u7^tc z+RV3KRZS$RNE2Vfq{H}rfpFqx!?Qr0HiACU98u$SKj*aLn`ca(KZuneWbFuHa4X_x zm>%n~4%Q_}RvK$;WEgNr2>gEZovawxSouETdF=D1*R8I@W(~chnD%nZsaf25M-GlE zx2b<{IBI~rn)SFH`Q9}DQN`;IX>a^4F6&=c5fIG~eH z(Misw@eu_qZgd2fVG%J99jO`waxO1aFn;TthVY2>vR>nT&dsq}jgxln5rPa|&X=)9 zKKzREG}Z`C`M!L;$%3DTelpM;myydR{zx0C=;C;ne@&uahthI$%vf~r+^nQD#mCDw zK9x0_g=j~+fNys=@xQS8j6>LN?VFj@xrq19p+ehJ&Fg}}b9=meqmi+{j*m5U z>4nkOE#XkM===0oPAdeQ6(=uuv`pe0=Xf|sLVI3TTW;(enVMRZ-{|^`t4E&vg)OJ> z<6H^*g?+~af_2t0XYje1eRlnslI`q#27R1lmfVK2PV_K#QAHij_7qZBTK{mXG*wpW zkImt{nJ;b|dhGs$lz{c)NpJD77G?kyq9xTRYxD2wWDo~iyj*Jjz~KB#Ck4Z{G{Sc- z@1OVWjaOmrw9p{_9mATZf;H{1BOgDu8GeJV=m#N5+j3>sgKvI$Dtu*1l5$V=)*FWq z=pmU;P>Vl%pU$q^_l;6WjQV}7nOXIm=Ly#jF&B!Er!c+lw$uCt2Gs7u>sF29{D0$Z ze^RDpL_MW7L+6J+uaztE%CkA(IbG)<5~p{$}ke(8BA}>YDAGe;CgO6*z4l zi}1hcJ*Q>hwfXZf+P?w2n}n)8&0XPqe;7|DNQdotc2$!v^KklRC6j=OdNYylZ`yAb zvA@CIb<|QlyDF8~Q_1326KNja@(zDRv6>tu@i#1OBrVjH{~$Dw4z-N(59DOFVh=XD zse#4jh*^Zjpn)y5HXhh1ZpinzGDewjCxh^U?H3K?)oU~R%-~f=Gb_7m6D5V4XeP&~ zVa)y4Gnz#KOzAT8@RSLp7TsU{DZ$tumW!+MsrbXDM`^QC7TiB@X0*Sq3Ak!u819 zWIQa2Bqy!5U_B5N8lzVC(N0yV}`& z2v`K{v_KuEHu9D3xaTR{5pM3t777B%TJUNFHs!8{T+ zI{pOzq)5m`Z_EKSQr}=ne?-BiqyS)WHjJi_b601hSPjBZj{-=!LZN_zVDfZ6fM+z$ zx$}~I+R*Y4NM|l>WMo%abetG2u7JRf+rOGdsS2l;&>jOFqp$&vQ?GM!vm>9{_T4Wg z^Ph{4U~!oQq?n)5GiCW4&dATJ=lP^tkkkcx=-2@I~YXqb9;bZoeAbhb(2<>*t>(m zjSQpWb9i>Zk5Ov3+zy*tY9XsAaE5(eWA2pzbw41vs&88Hi>;d&vLi5zJF zt3)Kld5uR!siHfW$%Mzes)KPR#eOk+<(W9u^W!?d(|nD>P;EA3B;~;1n#7(kF?2pk(8!JTcvZ4^ z6s%0j!q{G)JB22Rok0Vj$)Fkr7|8`V?cPew0>fdH3H4lKmw1N9?d6u=gr6GXMxU^z z&Hr

n2L|QNjuH0gY?``98dz!+rP4sz-~>n0h2UJ|yt@5G3@|T*xn29kD-R9|CCI9twHC4;H|uCd8~Rv$ z1i0gpqA{5ZL|$$I!iAh?9>Ym}j=j0pSuQTv4^>>h*3HW|X$1PVY;dwU0R*Q6?qQ6D zdxA}U_R*+2SIvxDYn4!7UZqVJ%iiTHaQnecp?sd#B-4k9_pvqzT46?A8mgI2vR>8V00Sy@-%Q0`L7Ra6 z((r}bZ1IWwl|DS#t(R%aLo=YMzMEson@yh2VC%I*7y1?M$%`p{$|4Mf<<@lJMiO$xC-czcN^$OG@a?3J(6b$buiqzR`N zdk7_ik1UJ>v>A_pU-wg@ZXTCDi@xnES-|_0k!>|O__lavyp=AG0Z>V+%sG2jyXC%R z@%l%&ts_b=x1`;KCv|V{LgiIBfde;k9AJRC8NqQ>`w;jl3jtVX5vsrP-BpNV+zh`c z3&mvnKg4F71ySRygix%BRf7K3OL#IB_t9Y5Npx}p03HqiG_->usp~%Bdy{*SJ(i`V zd|`5KqFt>J5;vc&)A;6A7sJen%RyQh+4l88JB=Y;09dSm#au*cY#HxanWfdI7uqVT z)v!czU%d}wdKlabCsrkIgUd)hA7Gv-GR zoj8S{4z4PdYf3tc4&3Ut`Xi;L!mjMtZojd6Md>lvr{j7vw~)9lQfNXsRd43;>{xPe zn0UWi{7|Pi_*@-;PnNxXeI0PR?EuAE!5%p{aWOIJEuSxa1fuzQ;4pX|uK`xtA#t+e z$tf%>95+Q-DUE|Im8u$`d{bubv(QiX^NkWeyU@NWe}%3y3@Ud2EtAND4#Cm(>G0qk z2b_6GoZA+uRV3+*xXU1_w=J;b5K?j;0?E|D^e85`olqdJ`*Rnr2Tgw;Y65~fr-k={zlyfOERWx(D8w-jvNrt5Zvf@F-*aRyT&H&wM4sOv8lGzq$i7_aN|&5s zMhmxh^_PglegVeNKCSZ$kn_3blSB-R>#&UVv`A-_l3PNn^<$l6MqKDYUGgZ`m7xQ` zOkqiN>E9w9`Pn7DWAl0^rnlUk^x15Txac;BmD0j0prYX^J83azNASWTaKV`5Srt5` zb74o4UCT3q9}BnQ&Rh{ap^7rAz9z+=u$5>3_f$}T34aRks0DIq;19X9bq`AmyVmsx-HtJ33JiH40FuiB z1<_X4y*Fp@surD_qlyljW##kOZj)w-lW9_cS-^rh0SNkI@t)w2L%m|Bu9IkL&dyXW t{`B9d77A&U7VZb{!qJ#((6j~HnNeK-%)Zb~CNyMLr_wfZ6Ib^eZ5npA9(WRnkv0@}@nx)!0 zf;6vg_@mLt5TeTB#2`4yzqU$=OGYp4&il*s(vl-A8W)XAhMxBQR#^XS*Y~7vrzzd4 z(rM_O@zCBorxj;c-pDVr1Wbgqs26`<2xQjoykxnG9fk7u&zDY|u_rRh~JfX_t#|MQt`Kc<G$S()49>g@OyT0UJI2b91^yU{%mO~_LA@D+atkfKeEk+0*|Ngl3r)sM6y?)go{-yGX8YgKBFP2-_ z2zgq|Qs%AtB|4S&di={1H6IH!_J04!E_5skC-eLKima-1 zjFnr*=Weu9K9y%478= z{WzJCo5a_gWBKico}t?o2MZ}rb96qK$ua2^3I!E#iMefviyqDqy)&pOqm7``EYOJI zG8VP|QI`9Ayh@pjtK#v9mRQ5=oAZ;rm>T6bq8^E6WS762tUR_@`AGPrjxp!Ft!n*z z)%aZP+)B`CLF1ggT6_AuSvaZx*Oxqe!Og~u)tRx}U{+c`@6#i9Ny*d3lP&qC#ax-_ zdsKa~%#jYBFs}5$cj}ZQE5bXD3*E`>H4PrSYKyrF$ph*I8mtv-&;P(q2;1&U6`W;N z$q+B9=dp~S3NdyMi4-F&WV2K4K&CERhyIG?1J ztOi@cei30-PQTR~{#2im?6nq!fZgvZj-O<&`5(WHuZ*2a#uT;mic) z$D3bhC>IYuMyyXYl`M>!_?^KUyxu2nvnMZ!m?>5}j_1C{+E8vw7iyOzNWCIuWgqVC z_+>Ire(O=x$Y$Q(nwI=f_jw_toDj@C*~x5^`K}IxGEcihZ^>{?ulFW9Cz??RaH7YiU^o z)!ny81Jf-5maD_>ZM;d8u~Y9j+%x&QWKryNZ~W*JzLWDmqt6k2D z`e%P$ZyhMSz9sttkCKV2>7;Corl8StcSW=R^e8vcNUfgJpqlpkTSfIJw2^lAJ97Gh zRHE>PMRe#s2fwQomqZ)Vrr9@S$_X?1JG}=AX+oMWG1spbqrZXuR^WBKzn-XVN~N>>#O9-C*BSn z&bFJ|KU{o6c}yehHZ7aTnMT3$srA9pcApqt7yd9W$L%x|mq*FJOLGFEF)bH6qVLD! zb{!7n%IjV4YxFu6E~SfB=1y>K^gIl6DluxXnfv(U2d{Df2A=TKhTQ~H-Q;9EDxtwU z`;!gNF+TEIc3wLsvXRB?YJMWyw9$(D;I6omlaS9@J+u4P+=?5_X-}}Q$n!moW7CH0 zGi>X}C6^T`&D+CxEcD7OUM`1x$-XH+xErf1x+(M`TxEAYTRM`0w?%ET+97)}QtV7+ zetoQ>%W1xogiE*abWeZwL?Qr#{L8OT#AKf}jp@z5%XxNj@Ap-o<*6!o9(jL_VI;wH z+t?6$OEhY&e0^-I+3yne%6$jjftEAnQ5WNHyH49Ne&!Na`Zf-57UaB$9+XkzpFKU} zif7Z5+qmm>RL-GOD*kM3f;C0psTL`5Z|kE$V~?GF>F}SWg9I+&hYa1?H%zHWvDA8A z^P_L83Q1JLeMxD#box@aoe_VA}MGLJBnvje{i<_=DefQb{x@S5^~?|Wb?~VwpLO}Uku|b zQu=9LQH7rE-+n8rB^hmT1ls2>m8ZU(QwmG#Jv)h94y-0?3tDpbaHH7pAr3v3GH@wd zg*tW_+NZ9KE@?k3ab3*-@%4}L62 zyh&ix@FEZR2D@7>Pbn>otjNS9Xqx||`3l!noBpgI($DK~wO)K1+Qw5(rD;jLzgEOH zmybQfFDG+{Y$`5zC2|?>;n02ji2qrWxo!=&ao1_J(#Lj2i{kbmrBlD#G8*x%2UQ`% z?ZP+DtdS8`4l5_eVYW=}Vb`zDc=iuUpHtJ*SUF)oe>EpwTxTS|rivNcy}OmB{Uw|- zL4mgG&Q*D*ngtJ&s2m~;ZNIId#iWv<f~O%-RCQ5eeQM~V&2@q8bUU1+j+v=u<~EE-7+j3klMt zanB4J&yH4Cm`=O-`tqd}c0z=Um8fMHgwwOmRX07PCnQ~jJP%3Go z`thjIVLF<=ewi&P&?9-92mf}$P5p<$S>{)$ahQy~A{sZ%$A#@j8=hCqcn>c!J;PqL zZ}vr9QDvIrH*3Q(mqRJ}Flas79`2!elVJLLp*Gjy?~i?hJ1^2~ZK*pDTioJU+wP-R zER99oHZpJ`B*jVnt5weNC~vc9?XC=|D`e<&d&<IV7TaE1K9|P_pjO0PE>Y?Uw)x zs^Xn=@1Fl%N~0@j+y|*V<}W6RxywJ|laph9FdOl@5t3!#fD>Qd)AJ-<`Llk^j-tav zwL?~Xq;5@nm0LAtv`O;*Qvdy*gBcl{d)$Uvp4$rDho#S=RPrE%cP_s1;S8~e>{49T zf7^>mO1$tOGs-l`EF=57Q=dql_H0Gq=eOU*&NlJ+F>&UfM$`^}A*%CS$_ySX$4H-- z^1n-@MMp?Cv@5)WFLsjgR&ts#Nz|)WZ6Tj8%XKqMIK~hzKPSTrN@9BHi0i7BI;Yr{ z#_fe7GnV%(L>JU}xWX5sTBPtDdEzrMpZd*(aeWs*)cJ$&LJpUGt>Z=u?oJz#GS=I1 z?$S@^-H>jwB1~0cj`2lKTmEF&+Uk`h6S0PH@F6QU^-Z!ukaF&!N>ZK>* zx|+f~*S_69y1p)G{Tu&*IsUr92AZb96Q{f^4YJwHRvVC#Ke?fpeM?arq${t-esrr%Wu!y^47DBD{RMa(^f&T<-W0omiB8r*#G6)mA6XIev&zhOw{Kv z+HN1Ep@Nncy7t= zJ}5leU1etIk~9pcZNagbYHYCRN>HrX-PB^Qo^`&e!@aKEenN}(!o)9u(@?Kr7pK^3 z&>D($qo+NgCC!g8=fdl0aktRLBy}(;g^8zld2;=%;-XCyo6}w)3aRa$xk+q16l}Xm zJB_I&@|L@sVCGo`|5hMJshsL0eWdU&5{VMT_BQjN7kQsKJq0!OH8X-4wuyt2!|m{9p8Ds>FA*}$A_zC*(vtVq zvg2O{;sxL9e7LvK?=LR#*uJ5q0k`lq@(`-Ohoq@rZpRHwmZ9}Sa5uf|P!r~KIz4jP zJ-E6+$}<(}sxuozY#+cEje=brjIxfqSHXYN`dEjT`5(|+8jq4)XZ!hUw~Q|W`PVFp zrZKSh!9wXDkZi(^%4V(az{~gV@sTL;WP%%`fNubfapN@D!Qe1urQY)4Oc#HIb6 zKH36o6_~CCQJ-bPV!n$5qv5f7iw@pGlmN zYN)5H^I~o#dEsaoJCRPMze{m-2xdCF)?HWd;%FJ<(O=(7|B(H=@L8`>;+-`FxY(sH zj{XWq)7R{>+`YIA4di94ELhH8Y!kX(fOWEOL>piNrB(*t(SOfV zPQ=8gcH6WY%#S|eK25vpI(SBA?5S$|M&$YMYQ4%6&-2s$GWYET6^kC>)2r9`ZQ^Xk z;oIb0fLY{UTqe(P+x)dv)pV+etj7*&V(RFUn?Lr67LFa)ET(^aPjPnU3dLk`XN}vY zS?WBn1mjBq3ujApqRvYy@rg~1ubiOpV-$3pi$ZRTh2FGP&EoZjp4E(S%9(nrF_y~5 zWpc|oukWEYou3`^J{je132x5J>38=zKXv_4q+L5Zai9Hw+7Ck+}vL3lzY^u z$-9A~sKl^NODSF0y4>p?>gZ;Z{s%LuuIJy7n96m1GX9qJfZI#!wYobSkTg4?D4Ux) zKdU;T67|%y#W(@< zMhQ%L@|hGWrrcKSO%TLHpS_R5hHc#%Wgc7fat_dcVZ1{ z9HsEq&JJert;Z|hUl(#_SqpP}F^g^T4P9!u>Z$SW`E39fl3h=}oUbvz@ig0!*tx%5 zV%e1-Cy~gZtLCw@G{aa@v;ONf0BtRIpW*lV%dfX)hmvxhk%IqV%2zBOHFZvh3u1x5P&lD2D*T3e!(7 z2C}4ZYh2gUx2_{xq7|7p)2)d*u3FAsQ{0Xqj^inVBtLCsZTKjW`WniT8re-1OA>#{m*Q_Nym>#X+ip`za_ zg*>S3Wsr!SX`z>=3f5^`?1(#2Rwl#e{Hz_1@KiRh;rYH?-LpS&g~X(|b_ei%&F{=d z*Bio=eI$(UjU!s?1^=I^DLj{!ho%G?<4CLlR<$rF&`rnQ{XRTbk#eE zNJoJ!Yf!?g^zkqxZlQei(d&3m7SJT(JUIUxNWD|G58~TZ8>Q3dL?d+Q+fBIgbwEuN z{JgrZQmA$FN2%%kREEB^yUey@<*NH1zQ!`k|0uJZt#9{4TT_-<5;#*Ubr~F?7Ic&x zt9n|pW=+obkl5fHur7Oz&0v0}GSSrYx8q02sI8gou&R34X6YkrH|}8J>}Lj3mkIUU zdEukRqRZksae^dsD#B~#R)z|3&pvcxZ>QX$=^~(ifMu|ewC;I!xMY=1+(hBGy3+;iDDwEfE*VWP0wTs7oP_LsEJ)F0xFoQY2qc)gk?bI) zx;U2GcEjRf*AK6j7D{Bs%iZzP}j`B6;Yoyd96>1D6dV_ zh(KW2GpM$2VZS?d>??Y3yxznfVUnkwacR?Nq%Ld+ws2k)-xWz$OePdI`-w?Y$-aea*(?Dk$ zgP&RFR%tOQr$K(v!)+d&)dhqr8R5jVLN9X$y$yu$w}GDrF^Wn6!9K^vFQmX;dzcfr zN2b%appkhGz2fDmeZ|TSgy#ZHoe>%P$HjUTa=JqHt|{Lkn!C;uAi3JOS0kR?c&9{@ zc#_XPeMjX&C;W9q59+@$S^XamIiJ0!uce?SPn*7Ze{0ufX?6pRZkoht@fGRKP?G-l zeV-g#1F<`Wf`cMxIP`UT?LX0nQ{C0#mQGCy%rm`ef*VOV@lz;MX@dnLW#U_(zh!jX zBI6$?g}1L~btS4pukHj`W&e>$I3c$utBP-5A{24!7A+*gZ5ZFwNKp)6=iF`7=Q zs6|*w$l+IDritm*gUWF22R?W^Jpo?V7=d{v-ch|g$c+~}8kk4*Ew5+0S4bH#x8j|@ zkFIw#%t&#pn^Ak$y2(85mOoQQ4nDOoiyH=yO6wAZmcYWFUvf#tlC7y*m^7YOH=M(S zdstPNuMihKY)n{{RTdZX&V9<8wC}Z;<~q2&d-OrDjrkE{{y2Z;DdV>cUe1!J%AHG6 zD67@D-6bjN<@?H)%K(oQ6ok2(`d|kX{TZ(+bl3LzLiAA?zsz&{+o|Nb^b^#Dt{DQq zJkDY_3IlaHYyICvH7XZ2;u+h<HcHo!>o%*%p zDAG>OPn*t}12FLufQHlM9ikTtYqaW1w{_>le}IWP!ENeJ*GaKvsYAS^Um9cVwW~SL zc~iSMHFQE61rP19Gmfi|Uzkjz>VzJ(h+AOdS4C`fl?~sPmHR4bPg}*QCESu)#qEh> z(zU)B5qO2Kqe!n;nZLBEBGA|yR9Ak7qJDR)ypw)ZXhni1j2y1-6F|$uyKP=q7^bf= zhP%JHasNffQh&ClGlPM6BenpaF!RgaP%E5SIeYz<*M3{U`s4dIEkion^QoK?+$5Pq zWzRpgEmEXYdY~maeJV#}J?@{hC%Z2}kAZ5Z=HwrYE~_t-`I~FOan}QsDNW-SQds1k z$HeJ1QmtKH6LIB*l>2DiKaQB(9$dw4GHF307qCmEh_Wuk$H9tJT%KF!|InDaTeGSA z>wR#NSi2`LhR2K>*ZoqLz~}&>wb2jsTJhY?{nXhym^GiG5!Z?CV7LlQGQ4oVFWgl7 zeBX}C#7!7AvSRwjL*X;TW0qos00Wxh#*^HVp>WD+{ih9#d{(`ekAf~OY?ZU~eS0+I z$vJXg86}ilpa+n4fuLT!5veRDRi<$=5jBtd{!iB-&Qlo;mg847PZ}cpSSF>zYpfB( z$={*W%`_rX7N2`c1ByV3~cFgDbmB`5m!wn>I?3xoz5HESR+n>rQ(N#_f8C z%TB%5WIy!;C8AE#5U#IE*^?RQy7Be3y(9{F8`givKrN&Z*qZF4FTp89X=L>3hzte` z3%r`Bt5KC6yEeOFMdKXl8I&yxM48`qQW-f^-0qv)pk2Bu2XijDL!XJ?QYIdCZDKMc z|8pu;5qCBEW){JA7yZ2rD`z8@~u72eSVh?JQ^S-FNW6v9RkE|H$mzm1iE~6;%L-$T!@!atMJo z9-QAc4}M1~Q}LL5_QL0~^mhn2$CT_|ZHy4V^R|O_`kFjN^>lh5I%;n4Bk2j}OdV5f zbB*x*yYYD~i*=<}iy=^@pS#$5S=KIO~Y#n}dteXV79fSQl z3=iQ?`$Bfi=_py|yO`J}E;HfA)tkShXiMcB)CaHy=9of64Q9^G?KWKnJ1kIA2W5%XXmk^#M-$omte z5x4)|Ck^yCUh2ZO$3dHqDBs?(KmTTDmZl9?zFRMV@w}D>LoZ8gEdH0e^bVy$wlC_L zwEcS97m?Bk;y2Ip4Y&B-1QN)+V6Gx^WQ|it<5HAyD6VDF8@)m!Y9RG%w(y}sv^4GL z9`0U!2mRF=!dYxg1@cEDjm6mM8Gf#)=~#C~wX(JqyJJqjyiU*NuzsxS9(Ms6uc2*_ zPV;DX-%lYjyB)PMQu1`N#|4wfelWE>Kv4A-5*&tHLvz!=My)C3doz9Ng;cnpjqoxW zx~(^nZktADuD_aWUHOczEg`Mn5+e#(*_jG1n!{$oU15m;6g^3|;MwR8OSzPjuT^D( z6Xo^pm;dVp5RgY=UcV?Jaf2@QlKL#~8(d-NfpI8{Irl>olP?f%lz1y(TIN)$5@1V^ zs=i+o@CR2|jUHZrSaCFLW^u+e`)Bnr|L_g>fPWCmaZ48bhmT-L1svP@V^i+$*HH{-NIYg(~pIzBbm3@ zf3;GCUE{gue@bI@x2`l`RAc^Nhc6{GEdNQ2JE0pU`lyU7QV^jLdpek}niIkSB*Uv~ zx|gtP&A(hZ+;2LkTC#6jk8JZMF<#=g8I1DSUC}in{qyIE?jh}!+RQfyzm}~ylcQuy z3{_9=mIP-8R)Vnm#YPPjB%xd}M|5YK8?T1jymy;!QvUgqI(pXS9i!vF)|l=zux95o zoc?$6np@z~sV43ahhMz>2`_*CJS!5pU}gefCGJ)`uuxpQtb>?E_qKX`9RS6+XC1VGsk?&pCwQGy5^1kLWep_wKryJOVkhx`x4Qg^gm@l*H zqjph*vT+Wiw1G-neSUEs-US@wcqMt@eqgYfc=l(E)%BLaz)=+(A0>AwSJ1Q-p-CNA z*o1h@4^_M4TnB-lneAw4X4x+uvdd(rAm_%{oq)2x)r!m20gz`NfYCsWla+3@eP$C! z!=7Q?vzsRADn}icJVZ1x0TPpqO%aqKl0ox$-++gSMhE??A3 z3}9?fYxHzSIwb%#OCiacNa3vzS|0|Te(*S4iOc=q1GWLw?Lg1P-Zb^$qm}?n%ejtd zw9jc8%b+F`vaRG~^*O?R6sKk6VZieXruL8lx_e&J4fv<}%0Hvm#JuYrDLw{(M1eZu$ zh1jESw2Z4zTC+geC}2fWxr-FsVwn^r@i|(xxN+%_5v~dATTH}OvG3u}U!Py$5m>4XjB){C zyfcWJh=?B04=;7yfFpVG3sa>2E~olE>&m4kq!MThS6@MF1_RKKI@c1Rhw+Or*BU5e znfHSkypDD{=dY068IHax9Bl4pBxJA*?9V+ZD$X&EV4#u{;YQ{nu%kp=tq3=%1Sf}l zy0CkW<9w%DiIE7nkU~Pw+C4V`H*1QMEz}fhy)P&ZGE2K<9n(A%v9vW*s9l)<hCI^vOPT}HI76rue!V84U;u|7N8M*W!eAm{F1+B-1D_c3+L5&S-Sf2%?! z{l=(yB)0$8tTaC2UEtrc(`O>~YF`vraa+OinqXBwkcCaE)-c9B0I$*XLo_`J z`qsNrp~Q9%T52I&2KvE@UZedOvP5g5_026$@M3&OE;k>W?>wJY9G!}!r$a7Eyo~?| z+-j!m<{2h<&+ZpTBtk|Ug7z>&H3O;`B0u9)e1;Q-TMEZrp|l|-eu?NVK@FEYWaYz- z61PCozrXjgcWy9zt9N&r75RCC=_Bn+%VQOVVUz-#MllAp z&a6g@%ySk_s@f` z&hIRLe{n4spGGTT6)5j8uW$Sifg~6f23nK74y@~=bgiTfVR$XQp0ixt9*x`mMN>AW()?{AG zm@KJRod7#bJ3c(>r;9fRf<*HSLJrv=eX(%W(OT0NIF!Xs%N0`Z@UReMd;_ltBa+e5s&0G)v{c#S z5za#(!Ym-I^7@>4)_`;8){{|{bhlsF{K0tWLT(!-F4sp48$2{Qjp|t-Q^f)M*$J93 zViCc1X~dw>Q#ajfPuKcqZH3;OyROAMD?{?$N6XB)Dw%Pa2M&|zBF`-#o|ORr>=KTo z5i6d1^8Iai4CW#|z6cgJLtgRS#J?+Phg?Y}>h`US`YY7J`9-G0xQzQhtlqG`;>$F< zOeLgY(twl_b#t1|jtV!micv3N$P{S2%YjUZWC8t#-V=4U*Si5xo(llPap~I)ua5OC zz%``RO+0TRgn9bvK?b!{72ElCe+&4}F7VX6!@#y?g= zW}ia`@|0>&txZ?uJB7CCB#~5j;npm=byt)IdH_pVQ zkc8lB9Gw)7`^L22rp*dl?TS^3{b5cAXb34BdR6${uJ`o>2)pw%NPt z&lBWd)_ESXcbi#fq4Z3J%MAgveHQWWP!e{Ar<3*V@1SfkL3ip~KnV7XypEKb6~d4) zdDZe6=st7@Y_LUX-O`G8q4R?f#t0$oS{hEei)+uxsEsCVCf_%)I1 z4Gv0*pwnANKj1?3d&pNOOjtkN#0z>F|N547RuP|$g~|cY%W6(dkmf$rDp28SV4#g= zY=HKmZuy=*r0D5XqrbAWnGez@diVM;-$IY;@6j8e%T#oK1ev2ibc0)5sXH=~T0~FC zWra8|wcia5ZHt?$3F=Tcv2?Odye$K5_1RDT`Cqa;VHt!9^eYsD zah7-jw+%8v7KYzJR`2XQI+%^z|#6<0$XgI&=tks5CQEjG=UBSl`V57BztY+mu)Yjik{WuKM}|o9KPrYLokK!H3ixlkg&=#Qm|w zC1#~=C?N0UsB3U9zs&sdShg7-^?kO;Ro2Gq-C&dX}@@?+>zr7t7eEpEy*`yrOro|$B;D=RgK_pwNbSmVN? z-$vw{h1?3Xe*al`KZL>mU;ut?{~}J& zO>!Pg!VqrwZGvGFVu3Pji+?dEAu_FtdL8ATLJm#@_2lqW3hMMus7B@hupJSbyB}yw7OR=pgt z%*tAe{Exngmsxf(f$ulY`ukh*MdUpMv55J{N2^2t0`h<&Ea58rJ*Uyd1%+CWpp#|X zIGs9D8tLc(A{VJ4%L0M%SI>J5(7XdmryOtt+xTW}_KoflJ1@lbAcw_;{oky_-mm#$Eg+I1aSfGz%C& zA=Mn=GOE{MT?5~NELZ^>w!+q5XbNg=WnSl_xh&^AR`34NXg&t<1PCVEyJ`<*(1sBv znyqrT&Zk2w?^f6h$(g*I4HmSHyKCNl*^i%^rKRD@D-Xb=F+wgj5v#s}pa|_=ZzwyMNpRJ5kJk>#A6@B-%5ihbNY4 zn+_F|p!viO@cb+z0kIHaoIO&^p)1Ht&CG`xrR-|JBXa{OnbCdg+@%-H>dH04(TNuj z)!{EhbzB|3nOl0-WhG}~7W6!=?THqxHaQIB)z>-9zF;%j-i$}*RaZS$o2jINSXdcA zw@vHELjNsCmWTvh^x1D6zt$ka_UpSzJm!O*JJ41VKlJ?k%uBb{`Q4L=YE^>fW|XyE z&`%4dKfvzo0z>r>PoZ!Xlpb*t|ADL{xBi8!6xN?!;2~?fLYFBqt&7WlN`6*Zk@a?U zoQ7&m{=dS})z1j-#nAs}F!qu72PH7FPuoa4AA%66sd4*?-uz1wAw)*zWfu3i0AHRW zdY9z^sY&SQID}GQ=yp1*G;MN|1!DkmM;@|&nG%II2aRej9z=}$j)kI`qr*YPr(pa< zq&K0|^wV`t*3YjP(0*&5kLZP9e96{43gS3-Ww`Zt%KP~J?}-}qN%zIHZ^Tz44NhyC zXHdU64gO}{^!=)CPLRP!g^TTqEI`vx7Czr~UYge7u~xlXX-%iZ&9)r!m={L@jlq}f zV>90RTn-6;`dur!{}$8fctK zuh&|GWr;vH?Df!|E&4n21L;QW5l1>8Y zqV$!oH+sI|ArB4VH;AbG*qq25LyL;oa94cbz>IR83p*6W_#q)NQ~F;w+ZlG?Jqi5= z+RshI6O=Y+04-x_d`?u=@|37nvg)_;82k%XiL2p`abErl%#yG7vu$TB4x zK)44MOtB3J@SYHqb^I}5$c?%3g0K(PnHDve-~brfIb;$I{^Ii=mi7}v_!9?c%ZbY& zfpe>!aHRfo?te*IcCd#}%PT@4js`}y+vyt;0YtX zsi(n>@(ueCnLS0kHU0tZLV;Y)(9@y}+$b}ca$_Jtb^)CICH!`KNZzLmgNZY0g(c|h;JGatPYm!~PBSN`Y**b<^ZD(-|z!KKpFP)#1IDPT>$q*78{9q?#B04KY$yLA0=7fX*$@Shf*y^ zhu`IVdhr?^x!Zlc5CE|mfzH(cUiZ`MR6xmdJt-qBInt5TompqdHa5s_a))mri?V4I zu>iNIy6AJdJAzht(jzcMd_CYE(tuKy4=MD98~Or}z=I!PmgNETSpuPALw)_}FMms~ zjcEzsZgR>TRqxDUJ9l60wUX)zExQ!|vg*0WRtLR*EqzNU_!cXbl|Bd%=|zqT2KnH} zJ0B!}{L3%N+(NA`oH3dNs`GX53x3?HB0&-k9TnSqrlhQDZJsi=un`RGsU{W{c7XGf z9WK(H|A!NL>0Vhhc5Gwlg0wvQO+C+OW#mTg8+);9=!VT~`KWYYNW6*~ggD zWDfcEHkoD7W8KWaOYy+jjOnb|RyTv;i2ZBqc}b5u@X7Og((OV^U2MvTDf9wNiy=pH z{}=8-3C>A=AMYTe3YLH$1cOdUq#7vXao390!EA;b$F|^GVo*c(#{1|UlBz(DHnkIk zfVIw#e)bcByet?6bLq z_$Y5W|K`oo(vS659tJEKNJ4Qwwto zsw$Ij$1kW&SIQ0dMz03r>@Gtzc7 zU5#=glcvx;(#kw<>}6*A54F?7PjF4#&^AD_orz%!Dr;C;Q!3E1toau`VFH@EgK~kq zA+9r!pgwSACUH-Y{~ME|9-+A*I9?OoTz+I{ID8=k(q;jml6Kx!bwjQ=t=}Ugfa`hR zRr^oUx&>zpu@l9)i0W5+khrqOMOWbB=n&-5{XNn%7l|n=8JX0pI9DJ1{k^OGa5R1G zA&c*CvfA&gOjZ)C!B>{XfW#5>3FvlIfSfAtV?;1J&N^nRUn_=V2U;x zLbeZ$`7HKQ@svDIYr}&Dkc2Byx^?fNI9k8#Gyushpn&8cbX$VEqhD8cI23VR3Fcx3 zPjXX+_8k_Ig-4o`-QjeWP^yDqwVWaOqtUAlv@_{4i?4J@SP1X|w=vQHY->oqvh&h7 zl79kJd(C~gKvNzZv9?c~f5ZNBIUZupj3k8_XYsGguFN2dQ3{G z*R1@$MA9U}7L@~Q?;O+>NamKD$1D)3s{#o}2ev+K_aA)2#GBmIAKo02L3}WXjfsOkq}UyqJ;#D&>G* zkAYN$-K!kW7OzpHqpI6gngM5KqZF{y(AtG@L4!8uUjjFtT^kvdk*?jZ2{%(T_kGVU#UDUlG99bkY49KyQHyv1N#zx4UvS3@Q?`^rw@f#e> za?sg^xP+oJSX#ucUCe=Ol|@R;$d37v)oLhC#a#uCK_XTXXI}!J{Eu|kJG_CE9&lDz z20~!FH8x+pe5tzKrNt}$jz+{|a5WB8WElYPnzs%BlW@UVHTr)+g%A(MYcJ9wHW-y`mlhOVrj*1Q#-_GyeO>m@du7W7~d#cG;<%{?`;4hK9wjZN6 zgm-&(mUMf?`a zBkq<7zKQWhY%NE?jTS%?HwK5<>U1X=KZv_MF{jcA9KV)WYT)YTBQlOhIbUde40=>& zg@Jwa8%3zKPkt7GTWgc?>P;MqU4Uh-%`2a7z9*v2zQ<-%U#(W|Ax69oNo)7*2rt;G z9k&-0&5dE}FsS9BhsoIo!4?EQ5^IL{vFp_kCiFiMq~yi=L zV?czlD!-H)0OfQx2KJpmnDP4*{$`T+sB9}s*7C!Fh!~`pr&fj16)A_Nrz&kZ zufqyc`mankcNeEO-DqDfR2G}RPsaFvg;A@dt#Vn_vL48J z2_pJ^Xi;W>PU31X?+;Y}0)OBNUm&teb&v7cJhX7I^})tvxXo@2{U7jr2e$r0Nk@zW zw0^MrmK1OUh(|u`LEGio`s7Vyh8+6>VGd|y9LOvvH$T|V+_MJT0g^U@(w7MyY!L-f zPafo93+Ts3E&gSfN1*fZVYu-Agp(Xck@=9h6BN*S7 zM?YkLP%f$8Y^UV)*m>0OF2O!|ZLC5bq5$UZ*H);8o>T2t`9(HoUyiGAT{nXEfdCG@ z@{T(sodrO&Ii4Ii=+-@Zul81Duyk$n_aFGe&>@snT9&PflhA_UzTU7uh`BKHHW-su z1-$1mjx#jSTA-Wgw-sa-ppDwO`QOYU(SP8%B5{m3mLV-jY>EgV?Fbi!hni%sV6R`o zV1&*h?GcQECQWy(T>-?=V{`@Bbu7TmsRfX*EC6L$=yLhGk^4N!XR1pX;$J72(b6v9 z=2baJ?{xktJRFi~$j1mk&qE?Sx@6TbL0)G9NpnK4K6}?D_}nXmjcI-l6(*Kdnht3d zYAJ#&mV?hKPaR4*%(L(*S_{wznAj8k4^m<-@l0(H<2aObvY_=*m}o$YXh+|a9B4*y zQh1isEK^7!2rBTn&))wc6q%mGWkKT(q!yP9>4ieP`I4W|yIBK_;*#NFI&fMHEC`A17+sf zg6pn}RZp2py@57+9AcIXE^Ybh>Gx`I`wf{Edd{?`^FL0Y;AjrzgbtbRWWFyQ@aU3q z;Cfv%luD~JN4>hf++N9zZ93AAw_?oeRp+|#SV1AobL%T}==Zzp_1PGFCKy3fPwq`+ zWL-%h?Sm4nG{v_tzFg~@{g2n`@Z5mGlU306y6c9HsvTzIG_e@%;!R%Cn|kXpS0@E1 zmWCl8yy90;NZ-KYiuagm{0P%^7t--y{p|&ho@FR=7J776;kgCs$3IVAa)CBjksph$k0<6bXi>yuM*qSiTw2VTToZ#vm} zWfp|m3X>sR{um&f1GLFT%bK1%g(u_0wYD_k ziynxxD!&iB#7|u0fMD-Q6;$u}(Th|k{V;^4T*W5(u#5uAp2O`qWD2^eS$npm%9%=Q z(teP^P5nw@mKNAzZ1U9G<1Kn&T8C!E6w@vjkB;0V% zsy3T7JNkRSSqFB+-I;Hv&y}|p`Ll;^|AlOTz-vgtKGDN#94h@|_B4#Cx{z0rsUNO75_z!(AG#is< zAG8T|wq#tgyb1jK`_(5`ck$3eq|-7=fql%FYw;AqV77k@s*;As{@Q!*BOxF8i{ay5 z!jN>Mzp;e3y*uVK{oIawTw}0B<(DAT5zmNZ7B4(H z%3_*J+^uh5F(M?&kbEx>$=HAXMJkxIPpJOjg^VE+9f#3>7hHNvx9K}_F zXn85B&Nbpw_s8hrjctGV$V{ebHb%T8jls+{wf+<_66c-Dn~xu$DKSn9F^0d$$a-eu z>RfD~@vYaEQtkm-ze01o90i`76jjg9vB_FhiSe%38psL=W!T3QA^G_M>nwI6u{dMz zZ}xe_`to5_>&a$gmuEeD;G}|+NARr##pSg@9MaZBg)k_|>F-tt9dns!4H|%EIT!jVV4kjnLC5QLDX4mYZv0WS9jd-#fywVd`tvnG zM$%y(dnDy{3wAMNZYJoNA^m-hq$a;Bi@Cf$_&aa&069;ceWB;8v#_L*4f&KP2rcsO z)N*s|XIi($9+zNqd<3Q6&5+-+6PV$g5R2|4Riv;5rkhw`|Jh$1K(AbT%~)9wI)q>? zB*gkpU6RT{2YoOqmja;Gxf77W;El_q;3%R6K_(Uoq)zCS3zN@y(g}nQc<-X1*p{co zr74^5PFAmVUFQT^BmvT5p+rcNr>WuI|Cz(oNY2OX^nkX9T)UsOThQjz37R6_D`zlX zAt`W(x3A(@RPX(->b^Uk%f9cMpFNVj_g>keNcP@QRz}F?M~F~<_Ff@Mg~$$tl#!KP zl$}k=3`N7J=X2;hulu~N`?~Juy6@NPc|Ff_{&$|8bo`FraeTk;&wG74li4bh%tvNR z<*8jwZ{S44m=qf-_29=dgrBH+1^1=^^fw8p=0Z5c0ss(cf~JBXmnDDURr0Mm`2TNxCYbt*J{h9)m0ld}8J0*s`VKxFZpJ=hB0qy7L+ z!ltDC$@*)%rGhw)8`BLJPP&h?!+0p6ANe?p5@|Fmha9fJIeu4uX89LE(D3E=6MU_v z+31@pZyLYN1cf#J1*hyH5y<}nr{LmH@T-to1L)$VuTk`TKLNa}sX+jn7(Zh3dVbRI zu%h=#=?jiQ8zI~0-izwsYt3XVM?jhJGatuVAQ`=W9DEr_)DbIg!zu!Lv{RuxYd>NP z+Y@2n6|>-#`Q;}W6u;&=*JsmjccYvD-8*67J{ z3;q~*tX5Qd)1numK6e98{qDu3m&96kPuG&tiz%9i0uy`-_-MhxdYC{Rd+OZA^o<|t z3ef*|5DO9AXTVM)SSVJ)VTw^#u-T3TZvlEv&^biD_Od;u?AzyUdw`;_+)xU}Sj*ha z$ET;)Y&nOO`5{6lwv)*};uH&Dsn!N!-bt-7#%Y7r1A^~M4 zRkligw_{W9*i+c~@LkX0TYflNbQfh<=nf^=MBCUYJ*k`Rt7lBzUTgJYEPbX7% z<4Nx~P&AAi1H7fp6jNxZZIFr{Y*MS~53Qsh8uAV(#5aVFJAnPbOZZg3TzT)4w4oe= z(Hr2P<)?8gl_r`FzfP`- zeaN;GUo_(6zrk=8S1=dX<-}xn*v6CS zcbDAEACj&UPrdHzf_#C5QQx;p6KaQ-XK{5}DNr|>K1M*;ti1S*L^gcVlw;@U-#sR1 zN2n$|)FlfnTIuT;d?S*~2h*6Nb(c7K=-bF3hF1HmZ%8~}*rwSErm_d9ytzj#U`u{%XlG=Q zBWt8~jw^uV&HGmFvS9J9#2CNya3z9Xi^hOzi?KkiRVHHcb9O}BM;Kb9X@>0m@ReXK_3PqWa!6vd*w1QN??kBB+|;>5-Z86GYt7*kk-Isx$IynPt&?BVL%n97bLC0o9gKU&@JdM_M_us+YS_ich!udyRdQH? z)FoAn?!1^>PkQKdVv#dc0n^-ibiG;-OxP3s+{nOZO6TkOY@O;ijPm3FwlFjE@|oYr zg)<4*nGR_Nyx$rtngnQvr!`V*TEF>jZ-noD)Wd(|d`me(L6$W;u=N&d-Q-1TDtAwH zB1{>S0J>Ot?<^bb78U?&Nxx6o;Pd&tR>ns_IFxrXq+EwJK^e?g4(2=+j#%6Oj!ChA zE}?7)ls!xV|FhMZ4{=D-Zo`hAaHZCfXcLC%3uKUt7!SJ50QVIB=vSYBWa*)c*aM9Z5# zu!3Af>Px`qno7x|-3`3~;2nV(Hd?u2)hm=d6)IEtCxGb5$G3F81Gh&D5x!^Qo;VHk zBCQP~n0$R0{*kqK?C6CkIbvH-M{LWbf62B09Lxmvy9a5xQiw$K@XE!XCxLz}?Nu~K zT1Ub8)D8abgmZc25TFr6sCGbif{w&$$JST}Ht#_-#9gTUv^C|WHh>-OebcuYs`tla z&d6h7fYrE_UiJ-?r{3qJ>7vw3jl_mYhVC$7r$G*iabo7VpN<$gMxtX5&(nd_f?eh_ zVze&hYdlV$j&S!EnTnB3ab%W!xspa~8q%c0pbm(c{eZ^DLa;)*vfvPq`lPVo1Awq? z0U*Ip>E0jGwuU8hG$!f7)31grV{aC7`eHp=DUHuS1SpWv2H{&(^>Eij;Ofq2E>^zy z=^EIqFb*vnjvno$73V8%LkWo{n{lQ*wM_XU7+p&ak!F*B68$lb13t_s(;X?+Fpa@h zhr+YOgM$jh!)`uo_yO}-52_k-!2E2!4uv%7km41LAI`ad?@MIP^mD(Pa51IWxbo!1 zTn^B$laju z1I&!(Ri%oNw;w-;dt-lcHoZ&Hrt;P@lgaRHe8g2h&kM^XEX`JRA55SfL;BZg!0KN- zYZW}FWF2XgV=Z~64pPO=R!~{>xAK~GvW4uVw!9ljoyls50tx&uyn&Go(<0u#dwU2t zjQ%^-qc?eU9)2}n3R>tO5&)*3QP>uZdO22dj?W$o=fczf;9*{-5j=(t2boOf4=l+3 z>GB$94XLL|TfAj+-KbnlG4v&=C;CSFV;R03?E01vs;@^jv6Fz5>j~@6YY`X^VkNWZ zL&-&PD1ZG`iesdBF(GWhTNvXbIKywYh%N%<uqiP-4X~aO2EoK)6ET39WxEpyozPY$Y!n0uhfHDWudl@;+ftQ*Y z&XUrzGd&cmaZFaC$H#HD?2c*<#geaIJ>)s^di?>+N(w5dYocbrk+)k+b1yz>B+|*1 zLNOAHpE+JgDHWt`Ej6ijmS%`>LtT%D)vZ95E=4SDx-W%!(LmZ=q=-|0HS5^{Pm{hj#Tu6z46MR6W`o zu$B@uvT|DRAhO|XM!(h@??4f z?!Upoc)GZZ{*m2UK$JJDn?|-rd=B0(qfK8WMgjQAiJ(RbznBY5#TlwH%q502TFQ){WX5 ze+hsM7m0ryxWDN)HQNakuqgw-8@OH`+qL7HgPqJJd)&B;-WPtZZjWzH+g%;QZyo+I}{tPwfUE^ObRsB z8Kp+g{};?c<{LM5{YWXI0nsslm8WoD^13FwxM$Oy!hYR8ML33t%ovN%!QUQ2R8 zvfOkw;?4nFU6Vgom2MFjmAV1Og92~dfZ5gOce)E9#k}6($tqPlkJ~mj*Vf0y!Piye zlhJ-LiEV1LDjzD`x$uao2XB?}SZ$pz0a|pm%Cs46KkyfL0$|DBf#iY&K0h=Q{ZnxW zT49kZ-VN<)oNY{M{tteL5?z}%O8oBIhmA=r$a@=osr;Fbfqvkka%Fz+GF%;IqAx?I zTVFD}hdCa+(O@GgzsRzZ_{`00ZG7}>ec84VA#=M`e@mY~3H^tE>UoE@dlXW$UB;>|f6a z=6M+!SyC*B1BqowiLOW^JFkSJF!d5iQDYmSH<3Pc?Rnc-s2|ErFFN0bVI&!qMfH#u z^6~ zIN~x;rEu)P@L$xRfMG&J3{sW~6zc)(s4aO^_?{I*>%wI&Vt< zqMW$vRU)$P<6mmB23R21c-tm|XL;b|28x=)<5>MzUJj(}J{8ueSU3|(j(xgug<^|- z*-Q7%e#Q^xM>j*WvG!xL@y8Z*T1+#2m4%nTqn3WW(F>*Z^L;Anrh(Gu0^%Z(e?gJ9 zW{5HJv+SMF^TUL}zhiEOl$s2^{dd!4?u{f0{kY=Q>31x-iTsgyZ?F3x8-}VLis^nsWY(Y^RKGGZd) zz*y>1V%_w7Z_mtG+xAf&ckYWB>I)3+AL|LX>uE5*W@r2qHB5cy=LwW`3ZglibT+Y7 z_+!O=l`{xA)hJM%VVsN^BK)RG*Nl`m^E5Y`v^QC}+3#WzX>}ibY={p0=s2DEN@U&h z(;2?NO}%GcAMONRar)FG>E>}(va9{>qS^Gu>xw=K^-v153$B@FgYOsbc?RTP zZE>d_88F4!NEZX>^^F6U=3vp6F{=9{l4nzYU&wKK&~}|PM7AJ6fh1H?>OY0xy&RD zxCj%NPo=%1-Kh8pCb?g+kVTIHjwL2pVNWv$7HCaux>^`u6DMH^jNP7G5gK*g(c05fQ+!)}VPGd|0WHPWnc`>WG7lpLugtI>;pJ$A_mAWA^{#E7vC8G8!@oS#RL5m*WImI4FSwlk?FM)dr$$b z22^neDB3GHS9qDHn}i`dk0&n}x<(LB3XyMs?+jdEJg|XraAeGs!%@Mj zs+t;+mzUQ~mvsuvMBRMp3~O+9v?DI4=z5H#&f-Xb0otO3SrvjcZ#Do>i%&@*_Xf?Y zFF`hPh$~c!4%ZwukCmW1;`ZuseeTI#SHV$g!KQk4_*bpx^le;UP$oOTc$ikuxYryn z4}>23#sCbMkIH8Q`0=w*3ue4uWKkR_M3@!lY>fskxOPcmaeZf-C3F;Pi zf!$XSA9!6Ra%wxXq^|#1x>fVp=CMO;z+$3IxuC19ZLaf3X+}(PGT$qVY4&=0OqZ@4 z_6qw+eXbr(PEJ*2Wt86*s8mc9o{%5Jb(hQXP-gK=NSL_5dgdB8bojd&fk)Q(tkO}t zt2eN7+`_gu!$Mzxi0eG|h-D%U@wm-g-}k_#$2!L`6j@sHs&~uNI5H zIh#Aux<3>0?INb9nBx$*T$E5bI8olX63bVk8X(l3RxtW?fIHjjJGO^EpssCDp$LPa z+ZDe51Y+@XUoD-@wn8{XyKj5Z32lI{>|8_ZZ0p$A1&F}C;Y2rVFkB5!2d&If}! z?U!XL+hA1QEIpUoTJdM==e}CL%Y&FsDFXuo%mIvJ1wLR~)#0IvvcK%Q=EO*@e{E4p z*@8%EJn$7oPB=RnFuRvXHf?k=wK8oROZY4}Z`B8?c=o@4Ck!^b78XLa;(Z9kpm-)* zRae0ZWWs#PCn60A7UqMj<(rIQD-|WY`fw~63!kfI4NP3MU&C&a>+%eCeBa+c$JWwv zT#`6K$o*bi+N2Hp;2Rr>%l-V<_cvtTK)Vq3$nRR$4uBp#5#iSfc6r^G%uWaZ6?(fE zYB9baew$T$ldq-*Z<-o_pqG%nR0SRo58vX9`Ow+jm5V=E%bW*;Hk&jq5Gs-nKdDQT zo)zIW2S$+`Z5D1ox<`aN1(T$1Gp%4?mU(VzC$5g(g5G5@N^fASh(o@-l1c2~6(u~x zKlA}uSdgLGWQPiCzcZiZlyJp$)v0rJ)5PwrIwdOJeBTHvPOGIdy}iAAE-}KF{R7rV zejAuwR!#{D#vx^|`U5ZqYPZQqNTju?C@a@&!31V#27OXBVpHW7wQ+6m=$AxlsHz%{ z!nE1 z#Nq`@oNk&I5b^2yvol|pMX|B5JD$SSCm}9w6y#)PMjr|1zvz&-y{i$3gyw2}lJ-}i zHVRD5&f1U|=>Hm)D4gqj_w~uii#~B_DJkqgatk#zHWuvFEiNt=K7IOhXKO137F?~i z*Jx(LRInVdGh^;@o|}EtHU^KNx`syCdoTrVcW_BbnUF{}5*S8YHSVT%@f%o0g>&&osLo57T|8k?6LbF6o^1K( zF0LOPp(~pAqlRMOu)_6&EMk%&{PQ-*gKiv9UaDj$6YjntYIbG~RypmR7<91(4ZL1S zp4HFsl`5VAy=JkZI9*W$%SDPh;(jk!80jjE`bo5bFW->25}Jv^eGv}+RAadk(>hkV zpy~DoMn(p;!AuNkEu$c-g`#X@n}0L(nEwj!E%U8UVmo{9{719A#p6Pjx--` z`aS2|x|7`N6;aca{*1oPYT#Todg^P+CXDY5AC>*|>C;*bwa#zC?g3LR3V*Bq%@gZI zotX;cCK>EOyL96QN@)LKD&9QyfZT9fuShSv;e}2@Cmco7C_ zYedQf53zHyu?S9R3_>|(M#PB-glPUHnXQozc2zg%K}NOLX|*jcsoI>K=*mYl7E}l| zm2{S!vG({zs6xe4IiY*#Zqq}<$n58gqc2(ZvrC@KovR-rbdl9l)I_4$w#V}Y+SVD% zJjXYLDc0lJ$J4>?>nw5V^1W*kBe8m?%2vL7K3vmK^mt($PP*OH3c-rLLui^TY5K9U;WNJ3;NZ;?FJmEiQ{-=A_cEGymq_|W!2x)BTBR~ zIgXDQn8*f`*osE0j+;oaPgDutSZ^}N2@^f_$##?4+=&|NGYU|-rQA^pH?Y5S@P7zCu zref8lM<<~Ko`k)PE0&LnwVueTZND6Q zLZXLbx0Rdkc#)qxs_I#*F!rWJjm+>%^1&^o(Ay>kgH@r!#678pYQL=gY@n`wwa<(q zpEN3jILK2;c8X6r)!5HoIP}$MN-hJ2?*JsmmmuV5Q%TgWhGVtW38-}@#Y%UW7wWyH zDPnEAP8uY^d#!T83g2xlMvZK>9<;+>CPY-sh2nb#+yt^bDE&oQd_Ng|%J6CO{R>FU zk~`Ec2vt{W>m^xt)=t_XHa9Bb0nyjpRC7*9#0?dl6lAEMaHxL5V^{iN56LiSpoUgXnw`X$HmzkU$q!APcdZ4YYm zm$Nj3NuugJLQY?8h(5>Ctd}L2-u}>zrTRXz{tYu8Aw9y^KL}pkKWn3tbn@io585kF zYV#S2q; z2Na=mvb(G0w%IhHzdj-6p?jtoMwuy$29-m`kuHvIf4~-@5RrkG(~Et@4`@he?u#q%)v~hl=5INUNCu{ zCj2AtuXuG)VFt+8V%|A7wtZ$DqtuP{*BJT7G)|7(qhrp>1iXVP~B-vrs~X zhnTnRfuZZAmqLZJj~)lvKQ7wKD-qgz(8PbrPxS?c0grx;sdYS-?OV$k{!{kFO}zub z?keoZfV)qlY3u1MuWJ-BUGk=L2Yp-r-uLgOlDuOoEyzZCca3B2IZr1UK^AGctIY_m zoOABQP~JAyv*+`_KYZVN*d>2Wzc%fpjY*Q@?-{cSAKRIvN{`0h`An-5&Ty_0PKem7 zoH$C~@uvT!oOXP^EVu68zho{SxrP7pUvZKX4Ivkd${olx*m6Y=-}HclPCj(RnasnJNa+ct zIIS~Svc(VK_TdUYIeNs{YdKS3=%Zj|6#t4e&8i2)wLFQ1O)M*dAJUMF9;5&&7}USU(__WlvsO^ zdI0K8K3HWrL7&fullJn#T(JPj5G^wi%esUG`7>wKfZgnX`k9*V;Dm_j4Z5G{JsI;k9hIotR0*q zcp2k^1Z;I~K(5^g&KO#V{E1=)vO{GXj^^TI2HOn}BvE*km6iFYm<>$7L6paEa_%nD zt_N}od2@5K30dRu-3tznSWFrHq@yRnoS_QJsVdB!nm5U5X?ZW%+Y6MPSfZ3|xD$Ky zI0vy0LacrQ!ZDXJvaqmd2;S<&)D6+4Zph5^A{G+FwF0xW@jVRTL1Kcv$l=4F&J6~^t#O1&#W9+U<5-L%olx;i` z62{FCo%#${PMs_dxVT7Gr!n<{=wNFuL_TllKH)Anv3&t$hrDJJ8t^bdj!k=@JNX(Y z{Fd=HRkoNM8822Ml`Hk&LOeL@7(Hl8McR}CBw8l8V2Tssy4Eb^Pn`Ofb50u3T25$ zUgk?1Q0r9T2UOu@QiY5NuE~VqmD>x)2Aqn2=3Tz7Xw$ASlRf8w@xPf{L%d%3ujR)@KbCwuKV$pg>qTSl@tSNE`xph;OdV5zu%( zJdNq7kU~UNbv$PRiT-L3BX>2&Ad>7h0QV`P_&#S%?9Ykzb`?oC#Y4|h7Srp(DTla%x@h_oP1tQCucwC+7T{Bf{y z!~^w6K|#R*UU^aI>f{pM#wUx7jg32T5y+9sGxlq@I50(=ItQi`yYi_Q4o{1VNqi+M zsP3@LP`ZJ4)*jbV8dsK=WcfIdkaY0sa5ko}1~4w<_7;CE+B?=JylwKs#InTc+^+Ok z5_AR{Ppr6-$$aObZ&n$>3$sYAT~fa0&wQ?U8~N_n!xRk-Q^p@Vk`TGbQqRLW9dZd~ z_tms~>rbO~NFbdqu z#C>g!u6o?j0A!WPS8%ww1@1bIp(4rAw78jr<-rg-$OlI?w?oEOTO6YW2Ik-sOcC{` z9(N2`S=)Pmc=txE>C{veqsGM@k0>oGm{Lo;7(PE#sNmZ~c2!Ts{^x zB6mdPq|#qQ))dh7em}CiM5sOtIIIW<}7H~s&cTNzPdDF7ZhEo1b34M z4bDD=iA$yvJ119Q(@7Z`1*1`qof{OrNdOCNamuz#{R~uTsUG62P}qP(DOlvgECyyJNo~(Ay0)hN+>j&hZ6W3U#qb7q^u$ zCh3x=A@U3*Uom7yh7?KX6R-mzTw_7ezpb7RWmRccrJ3K%jpJ5&^DL9U0BX~`&fVO{ zB%JOmB-he9?kraJ9^1Kl9t#VbPfJzF#8X={{H%Nz69@syHHsJ%CE3L|_)WI~VQATs z5j+8deTq|qV1u=0I}_t>*aLRvCD@qXLuPXMZtoh~%u+WAskk>LoQ_wA-Cp?}rGdSl z3}3-E>y-`XarpH9^KE!-)b+5g=mgZZuQ563JbTOjz*NUmzvB-uW{6vL{2H_-IDGV9 zj?alXwcdyBBqk&r)E76T%SZYS5qap-Q^7RoWnwZ}Sf&%R zWWDp9;V3n#^iR8Vn5G7s8%$`TBUq(bOW3l;WI2z2oK;v^MMVvqsmsGpp^oOEh3*cG zliyR;W6gg9+c|{T=da2c*`tmAfMoR8XHdTgjE9x7LPN4EvEUyqHGS1b%C=$u3#2zz AiU0rr literal 0 HcmV?d00001 diff --git a/docs/extend/images/authz_connection_hijack.png b/docs/extend/images/authz_connection_hijack.png new file mode 100644 index 0000000000000000000000000000000000000000..f13a2987b28d70f81bda7096a54ec479f20b2690 GIT binary patch literal 38780 zcmdRWcQlrN{5QHQWZa>Wd6P|cLS$x-WJmTWTSjDrtVC8;86`53k(E6|W|FMz>~$kq z;dx*6UFY}5^T%_Z^PKaX<9p8c+}-zeeXh@Vzu&L%z8+mylP4ymBE-SLAy!n7y@7*+ zrw0GA;-7#|9MZp9Nu8EL$=dljUBrC8qOcZqwAp>oGp5>Y6`LFzYZtTam6~jq zl(O->Yv}U0x4S0Q8_JNEaN@t7u9aS2%^r1;MNd*kcE>vaFz z5`!y2a9wzpAnfBm*HrLpe6;=dC}A)=ihhkB)vv3_{WAtU3bpE!|9-z-9X{|4FysIC zNnSWjiBAaQ9qex>ynipe^-RF}iRHnK42757b01?{H@w+Mb#iW8>t~h;CXy?v@!A#| zE;Mf?No$QjeRCr6Kf|fhR%So)ZE^ao@hDl4(_ChP5&vrOXw|)at|5biD%SkSd0{MB3haB+ zu?K4qm?#;BPH3G{z`Q2VdZVK%dT%w4(xM~&;%j~3(skto?zsLpx&}HtpZ9wV4(NS% zOkdSl_2f85QNz5RfcZRj{IUXOfuO{3+z6X~jm2MKO~P^O!D_`Eiie6I%FhvxCU>(d zl$|lO9+v)9us$IL8z$#QX3X+XvGUuSr51<3b{*b+Dq^_vIU~C6=+MB(bLI@YUf~Oq zI`7?$jrCUgs?65z-dFN*bIWjPD!8EerNH~Oyl8BNWO6$H|*flr<}TKpI@tT-lk7%*fg_D^WJ#G!72ZQ zhC|$g_&mRCzG1~wyx1q9*nccoaHfEc7Ig9x8!xA zC@7Ur?a=r2^(cw(Q4WjYpvF~pgM|&Q@z0qiFnHWl1j6Bxb-o9NjOj+j z);(o;w>G|i?BD%X;X*xk+2Px~QXEH|^V@Ejx}Im3Iuu5Vt<~eWuZ2%B@`*f#Vnd303ey;0#-cUPNOQTi5y4&vQlKu2>sck;hC7b3B`MJy9J5J@w@I%jnI~@r;Yob1TCDB)r zc{-f$eU;xBbjsjsmPtcE{ss9bly2+gDG^kc-gT;PzbrqLky8BFayzs&*edw2^5}5? z;!^G18Kr3s$E~$*6~)dg#t#lGGf2M+%+VJLfZ~CI1p<%M^Shc4d z?RzOawF{Dwu@7ar-jJo$_o++Rch>d_tYCd%l|3GfdrT8ocy7Ml`wIKk@X`gFFWDM$ zqMSURS4PTb;3@FbyCSGBTm0Htm)j$~x>G+WHwF`;u^&pVUu+e@rTPhIXBvy>}WvM6J z>3f|sjr~43tQgCp*q^K2Uu5jNdo9)Hr+%sZ;k4uPAD0eahlDInG(229q!hdzWj9u> zFZYCoJ<-{72W#qo@7nXa74PlQdvPa~jkkY}ICfOJEoI0)BHN3a@yZ_5J9~I^@@Qw8 zG)dSw-Fttfe53Ic52a$3T8fR`$;#7h*6qeEscwE*d6pgV8w17)%-X%>A{|!P9bi&cq}6dT_zs3pLogx-*SUu0NOc zUmaGtuiTxaz5)kz`srmyqYEoRr_P0Y$MYDk=E5<31LuUh_Utd7+fq!0%3apN-`wuEdD{_mRDM(phX&uM^$Bh4wZ~^a{#+TcoNkF| z=k(XYTIdbcY>(N}1YbT?Jc{lK^dP1z<1u{yqRjS7Hbdx2Z*b)qZo@$~8G7~3Dwq%- z>z-8YYxVnY2CEHwK zULTSo3w*BCk@5o3z(h(HYNt=tjvw^qGRJ)~j~24hzORl}afs}lU$+{bun%}yH+lRR z>4TA+P5kfTU+k*;i4W3=jV}ApH@$jxeREsjOk2%&{c|27rErK99XC=?G|G^sif%Q9 z`Afdhd7EM0`efatK4neBFl6Eek%mc|oI(3j_TxN6Cz+J3#Q9f54yZ_J6VF=BzOY8A zc~J#Y1cwJ$)-Jm2ZdkrzBTDk5TFeev7wbvdE~RYdE8gMH>K(b6ZA$Mym}+&^ef672 zPv6uV)zou4N|AoP_V`vmiEe+LyY47(!Fc7%!0`<_8=r^ak@z~pRWug^nyCDPXQ zBv-@w4eHN!CPnnk^`u=c+iF?p%i6NKKIYTU3R_lAMCX)X-8PS;u*fSBnlC z`0H`oW9vPiJvnN0=5$_waqjLarSX}|O_Svbl1AHZ1q^USxl<*bC_D}0%$;31{24zs zur7I3^O0$I4=akCX#4A6k-3j{#GE1~4{DIcu(Y6)k8$wQx6oZ3Jau`8yH^i)rrY~o z){xiIwTvysz%e+3da}7gKq7X%1maK+KGi^L%pNT%`+=swxX*UV{lR&Dz94E&<9+kn z2_p2xIEJ;}6;!nk=T1s(plvBP0!-ORQt|Dvvt7v|nrlic!=(``8N=__YWKtQ1`3QF z?aYtic8Poae9Er*I(zb~R|gx;4eQED*#+NlS{*B4x`V!0UP zPB0RT?=V~~6<=>Aw;?w}1v7jWbz8&_R%TFh8ZD?h%gn*}o;-G-a=dZS zFa@fEoXH>e#ysU|TMFsF9)A_>XHFn2em`aFu{hqWzT08`bYPMrsTkIe?@E?JG-FF8 z?|mPZPRS~t{W3h8)QG?&8LPfxEH-~->ceC1PBrQI*xjJ>R`=z!3$6NhHR(Gu`j*BL zmmY3C#x@q^=@&09dim7d-^!)F>|!)XCw{-g`Jxp~ne9OL+k@F3aU9xrO?}wy{rO1* z59lBKnru%J$g=d|eT8kMfAB@y`S@owLu-d~WqcjzS$mzEH;VbFrix6hURz5nGU;p= zmG2pJ<(~Q>a0cIeGfz}p`3w=KR`!d*X@RN-N4}#JwXuG$@IOs|*Hi2WJ1&jW#7Sus za1y`iMCgGOhPRsJf?W7@eTM8k*o;I>1{W@x*$CMWGmTcdX%;UQ-rcznDVDBtIp3f> zKbl*M`u0ftMS~2P5R#ZnwmO%X9%<+Eg}*-bLPOp-81t>5c25awUk8c7X3M^L`GqP3 zkGlrfsAW&*x0#sxILYo3y?`z5d?S#8iBL!TZ_#pL(<~;cpl5f+t8GvYwI2 z7bJ6H^cQXuX4MIIW5gxHs^O%cXvCM%*?B}PHc@KoiE0)xedI5Bw&}~jrua{ML7OiM zSNE3%`klNNc-19C#i{K02nNX~?xG;q#iM8xO@7Sxwm5p0I*i_Y`!Z1P&GA!bDH|qd zjjQijT+quYB(LXKhYBmcN8-q^|G4tK!~{otujBf-WKI~|`^hwe?0IAaJB)=;uiW{X zmo!lCN|aM2=Iv5Cpzsj+@~?`*zB zZKIc^(4*AoL>s)qTeSeYAmjGk`>dibd=nWS318}b(G;%I$(RB4_aOO;){m*AJu&~F z3_mG9y5D8>-@rzpJ{2b@R-8VS`Cnx75I*q_K#K6c{!G*%G=7w9ApRGL6tYTA zTJ(fiEB5p*2*%^|Zmy~LKUYS-aN@u2^zdJ#wG1$6Xme8k-z)RtXYiIu zzt?yrN1UVmMh9Ox{B3$LG4)vkVs{VQb6k2Dm)XwfyEE+~)vxnXFXOo_eu+LoOyzNf z_LK7%Dek11*(tn+YWj=s<{0Qvjf}~)2R{w&4433Y=B~R+cQUJCdN=TbL;kZUvG6n2)2siv|2aUFM)g?Uf7i)_41UJc=<}cZOT!L0MM=l< z?;sH{nkxHV{onf=;a?Z_#BFN&&ma*<8;igFpZlMJr{yv6Nc?w@Vg#}&PJ4jHW_IV& z5}M!Th(41mp;EDz?7$K8q%p=t0KES4-Uy^C9*{hFP zQ#~3DV*DZv4(e>+AacxgCJ9{K^xByWiSW`MFVr>F1T!v-q5W1mQcO{dp`JmPI78C`ifRUv&~k7mC=;-Hzdt)7JD~JRE&`Am`y#!hUPBQ!l=*tKhco;27k;@Ct49EcIw0J? ztYzv9u&QT_j@{TtdxGm-OL}Wqa&PsP#1NqPq#Ab<{KLIp{7x_ zFFo(q1w`{~hF-+usreDJakJ5-;!YpSE>dg$+TC32Xaby+0oncCy|uBy0J7<~K_2t`ajnHaT@T~x02n@SBfK>B$%OO=R6 zRG$lVEuFlm9M2WQs!rEXcrpUT7>!e%gU}|v2YVlZh3J3COg7RW${Jn|@stYyoOUCD zDIstYFE{F0xym!@2m_Ajk9I;fqI@-Tj~TTez^RvMlcb?V-x+@Whdgvb~u9P0`Y+bKGqbN4x6mI(dnA zFPPuXfJ*=F-j6%wT)bnXy<2l>50st@*?$rC2H=z_7eR%mTVD2r_DVaT)VJ=Z9|t+_ zkNfVcrp;a@H?#+n<{mT;xV|K-X3i*>ik# z8aD46F(`-FA|(#rQ;9ZzB3yOzxT`T{9x2YU^KSYM;6E}CO2RW78Px=B-B&Pg zZ5PkFYY;8JaJ;uN%)GVOPyTBSH|y9*5oOA zgQixjt(@?G%uR-&a_4Kk;%jJgrghq!nHYW$~Rzs2a4C4 zvyUfbiI~k3iKp})B>lMW|KSmEb8lV&cT_G+J;?CQ`27O_D+O{~pB#u>E@Y2x9#w01 zSJS`EmR;x5rBp$wrA_DqWj85(ceL75;Drjr6KA(kh&*51E*g|+?YBnK>+U1f-2Phi z<`aWjh&j5gBc-<1G>(uVMSpe*^iZ}I7TNT3xK+zX(zUDuK7V80_gYop$#L5YgLV(K z3-r3J=Rdv7KRnn!N!$>6`ofn3*j|()Vn80Ie}1c1B%S#NjtM6>clTBksl@wR<+pno z@K@OaoyDrD`<3W7LPEA*Rr*iv+Q>YIl#%m90$YD;8Q@849Osa>lkKD8#~VGoh96 z;8flCu;5h)G>y#>WGbMA>e%=qw^9qWP7*b-7MhIihZg&r-VGkYGM@}idcfN}gIPt( z+}8!^-ca=l`{Ui>=fbZ}kg2?oDO^*r+s%yLHIJIjtr%TrQM#XL7W zj5(s`v6D@~^9|=Td#<{6%pcV`J*#t_>TrHSBZAuImlXu za@$18%m_(5hTa}yMCK}IP7xBNm z@Zp@XmW=RBM}ls##OYsQFZAqR)^2OaC(bR4+@e32L8V&W^v1(K?{|-8>@;f7i>mfI zBZj`I1m7=s;icw^<(C1EFijsZ$~8R$LjUQ=t9#kcgvrCjRyMHZ5jP8`l}qEK2Isn- z4=hqdeqck=Ii)7Om`7nao%qeJPkx*OeOUGLw$CP-0=Fc*&wuOLc}*l0%plU!-@->t zGX4X7Ie`7Ef8wF!$-BgTF_IV*`nf*?XQxhM&EuEcp)AdFrt>X!*xbgF5Dfd8k4we< zD(N7?MHhld{Kbjg-TIpnyj%{-kJTkf`zDX*&HTiOQ{_6f3`=fDBh1C4J1eyQZ1rS# z!+E~Bt;G_q!;)j`kBLL&rM<~y@3Vbv-z<;Vc^4t%Fj98WC>A4HdQxaikuFppPvbPr zlb51-_)i9j^AtBXdnBsd*j~RiyD9k9sPP8Q&g+#9-etdfrM!nz3n`5f8&`ey+JFrB zWmMQ@m`YcP{Yl)K96!Q@#>Wk17JDHVPWjTz7b_skOUoPH6FS5jv9~o~tQ+!U14q$w z?Rm%7k)8C1DgT#*TxxfW6nJx1eRxzgjCj2#J$Gjk z`puFPqeFTw`Z^MmmNn;H`~J4`w(t`i+aKc9tL{gSF@}X~%)(|xN}aB<^xG>Vy0jsQ zxVFu)o`lbv59_2uQDO$@wwoDV=EiStUOJ;Tx#Ep!J$C0pt=+@}@v}TF33lENyqX#h zSkTLA7jRWE9Aav>iGnX+S16=W0^C^O4*gs4$D6UwRTEDvUG&pF##aX-g2BNmZM8mH z#pC*v*VRSO@TSN%W z*~q}{6QnryJFSsHJd@5J!bO{RC(CJyb}+suYTPN|Cp=Vz8I{{^K4RnRFZL!w=usV{ zFKBo2CTRt-Fxg7+TnnBA+tv_2k ztrr=%Q*_Oaj2DDC@ZErg@@n;=<~o%T@xG2%i|E7-*QBREJ!Oj!SJa$b;bM<>vNDF` zjc!ooeKe6No6wgoB4tkt>a)vbK_t{dDqXWQqORHYqN%Pd{wCYTg_|xcrER%qtX`PC z*CbV595yc#s&>K-9-lrL>sI^7bM7FP@_s{wkd2sHLqmh%AEDDM0;k$W@AV01RV$f1 zOdiyevrXTgIOA!MPg6`Ew9Wnju1rxlItMK`E+q;FZe>n*N_Uc5Y0C&E=~AehoUY~y z10Z@$!}=ZjA0!HR37c@JaYu!>G52TU+lWU}iTdZlX2|ghE*0RP!zIjeingx!^VKI9 zzrjz|X+AnNG#U&#jlBq3pINx30W3dRrPF!xH|(uf1hAg`g*xxl->}>76)+znm0o%x|G;k6(=VLv-f%4B z{s&P%VF4cC|IUC+_oK(5YP&*3#3>K?$= zjQ8}f(3&wq?A>RAk7nn06p8@QwZoy#gai_O!*T(b@Rj|lDVEfu^f%Zc7O zPf#KNLJc>Rn-k;<#TE{~g{n`3^jfPw|p^VrtPp zOhWRjohI=LdlXFZs&hEe+kSqsM!7TH?}L){crtvp%vsd50$U|11xU z3M@}UN>lDX4glfDusp?k4@(*TrY@X#VR=s8BYE?W&_2Nh%hSC``Zf5UkoS4Z@SO4vv@EKi?58;M{{`bbdg}RZ_UrreEm^y+nSjZ09~83Hzn{AhLNL?#|6X zQCq5d?jq|!#Ys@MxnOIZ3+)Do(gqAbCNRpME8T4MAs}jj&4S}Uy{{93AAjBVz_&-=eC8@ zf9J=3tSW!At`msq%s0a z)@b{1<0KI!MkjCL8c-RzQ~p2DY|k1%K+ZI*xSPx6RO!9@PJ_o$Eb0Xe_jBEY2N&LY zHhnAC*{%lz!38yQ^z*#Xuf0vmj(y+frNf1sjDQ{kq0+;2%%` zMb&b$F-T6$N(U5iP3b#3*hw4VQvr@3PPe~#=#BYxxK;4rBk06WaUO1;v}!#zCm%t@ zoFeMR-%ey6Y8$IAgBdb4U_#d0lTi)5R-@-_r+l4L4x?8+2zg z-d=wh0Q!K;qcC8S43!eN-v)a-kr+Ki(5yjx%Q}z^_q)jPX1;%nU2Gs)>juosq|bj; za%K4E!S;9ua2O^}&$P8XcdX5ckr7O%2g-&O!BBLi09&(N)Wx@+ssNvL(V&Zvt`d|w zg-2w}PbmXF!LSmj$PPfwj$>7BHIiymNfy?aF>gI)R1N#3D(+kxiJ0p|$o(Dj!*84u zSMGdfDqpTY9zeED7=c7RvlKA&kd5N*Zp>)Pu+A>?Sy0$fOZZk(Z8Uy5zfn%EQn?&( z{8Vn&!;_@#Mdq!jCbi+!ZxyeCm$BEo(>3Y`##4A2(~-BO`!MfJ&~gw0<2L7d zsCkGcO?Bu{&A^M!$l*2J<6U8vE-VwG9kfqirEAOP41Ul1D`b$4NOOT1-?hdyb@tvZ zmgZQY&@(+AH29AY60T%I>L!u$0)JuT4s&wr(x;a)qF1(7*{NJpX1h~3HD9ZoCfc5) z3dQfDwwL3I8xrKaLO1(^U`WoJ!t4WY^}-z}3}YcCaF}NH?79^ArCGf#XsSxBux8fk zT6nLDq=8;Fzee_9uff+oSjKt-e)nZPfBeQKIzDytmT--ARmvyQonL^`?Jqe(D(!Dr z9J#^`fD%vHq(1!w)~jEnN{m62SFH5jnvr4xcM27EGa2DvFoPuBTw!W#Rs(s!Nl`KN zVP3&tN(PT2%nLNp0Wd$=49d-miNsP1l+T(vWl9K|Tf~ zpAKTHJTI+9Fg(QhHr=oR6T@SUb-dT3%uF52t*h$Vne3lf}QwUp>ZF#*b} zUQ>@)zjR(j1zdoo|H(&wdc_Y1ru4NX7b)uej)~5=`1ZF~va)MqHF5L)a|A|}U;&ck zx9-j}YesvJB9D##M81OH5|K+fv0ga=9g7N~B+k_*y8@_1eeNA;F@y6TV$YnRgQ79? z5}q?RZ8Dkd#qHvn#IF%aH#~$}E2W4`l5lH6t+PE%SZIRVup0vt{{AKb=af$g`dqBm z#n%a$`1EuBRU`)~+3VfbXANG#Geo>k!!n6W7ABQyNJ%GwZL@0@TNgOBRnP1NF8JmFX}y85bhh5YZ+AP+@e_EIR;e5eEwmFYNqobjSv zOc6s!a9!}4Y1TVMxDYPXfrOOjc`*Ki7vRfYKHXu$)au?iXG}<{4tC@OhNUXzweBP+*y*fD6E0uQ`J4kM~@%Jf}X?F7{aWmBw%v{bxbWZ^8Q+e;l0(nfFv+9lScPzSpYssM+P<`+XuNQr_ zQ_0~03t{!{?DKc73pYgEmlOR>#%q1rn_QrLo7RIe*y4Lz^k=Y$h=6Ud#CAZ4vQm)*K2U0l4rRv^V{Qa#(#jkn#ncxuN_t|rGqe;yLk6s%m8*O67hcgp39hjVnL~AE{H4rE zsVm+y72w{>fw*ANovaV2n|-=9@*K#&?puO{Gry(pW`G+I#eV78>_N)U^x9s%@!rYQ zbGfMXJHnE@*+uJ%xXeC<$>em5tDT2RA|C27joPC_Fa4VPrCfT2l2AvnL10e+yGwQ= zTj(=DT{)ZYSHT|%#pZcLU0nWFp;`NDLs^Q-(Q@LM%Uri2R79Ded)at_)$uc!IT1DP zX`BD`07{ukC{5cyLAU5lzgFf+C+e!uUksr=_o_mqSPAbB9raOnB>YB6a={i3n;DCY zE|a50xbTYo1nQVJ1*Yi)&m0ycG?fXs3#!Sf}Els7@DChpHnMYMC~~P$Ek$ zs}GLZ?>p<$@tzA0(YBWDPc>+wtRVwr0`TE?nN>-VO*xg33Oa=5O5>$ytWq>%5Cz+H zNsQQK$1%H-=hVpQo_H)tXiVUdiegN`saD0G<<`oM>ZKqGY4F+vU6ZP{lbW*Zoj~Y$ zd+-RxkCZ!hG(0@nkH!RlFBt`;lz3>t2cO0MV=QX|Y@Wqi9oyurYS|~NcfUiCR^YB7 z-)!HY`4kl93OFTNSA6;pU~z2{dy`p%X(u0jK6_gnv9+EDI;8g7`r7o#bwWrv|HPRFt}De250CQ@3?J_qdae5W={%y? z!k}6e7B8yfD>U;b5pM|^+g?2vF@k<;a;jk)D0cj*Z^#*pP_=vxC13!6XZAM9q?BTO zNkfyJ#gD9MTBJ&1T7vtreqo=^LWaeapJUq*)Uy=Lb~tQXpa}Z@mvzBApR-?zc_g7j zN`W;%jJEcvh$yw<&q}f-Tip*1;7kApSC`I55TIQng$sa3I8m*2O>n~m8SGy^ks*9m zoJgW6JuzaVbDh2q+Z3M*y;XT8sOb5E7Zox|-I?C^HBA%F*} zEhaGa-2lBO=T=o25uMl|f6eZTa(>?BkdvYTJsRa%X}&i-lQ^_)F!#R!#tRTAh zOpr7eh1Ji7>KTF_vW-B=<|xBh7S-SWZOeR3E_-u#hUzGEERwOv3NN7NHqM|;@3|2r zgC?E$jQEV=IyK*?i+1S`@nt)#QG7;v>9|EUCD_xU@%!xFDE+%Pz^}ueLm=>g4C5b) z@uR#%RPY%=xAjke!=R;2MT&*zz;>5n@WXij{!sQ9#GBjm z*UJ1+G%7ghh$2gp&+v!rID`Yek#b88$OxF>c-^B)9*kg~LQ0r^$#y{bx8h#uP9cz)oEArGIyvX@U}uLjB1C zp-v!t{0Qcq`Lv#uGG39A-xRx!SLzCj{~-9LD5wuQbz&qH2(F6-QCvO+H^*my;h`I? zG?>uJD7I9yobn+ZvQS!NO8N%u*a-rY{m!a0@FX5b%wCdYurrhx3p?T76Lly|s*v5F zBn=W3(Py9*NKdC8!Y6YQ!VLw_84UYBTL#%~NFl-mUy}|<3i^xv`v2}blAqCkmpXU& zt@Gj0*I}+d$TS{<|DD7{F)N?de`ldsolY%y8{@P8Q@i!~C0iC}XXp3=#%p1r1)FV5 zV7GA?$Wnc-1IB*_sDhs8x--#a8`V@U50`S1<+h8)NNRz6~C|b z?6M;_xJsTPF@4LnGM)jDHDG7qt0_CxQk!5x^7ogj(=6SNW>^9-;)@VhN)>4TN}Dfg|L zQ4&OqQ=qu~jL&rTo@tLW+LS#|OBKthz6nsODx8u}8gnpzn=bUNi9^vP!UqcBk+EVO+L=P>my@ z6-_Kw!j|Pfyd~nk)py+X>izLmTA4)r7Wr^0us}rsZmZXDOdjOSBZr7@ zP9W&;O|Pq#`igs=Bua{sVfGH3B#znz@J+Q}aRm#NewkfTo^hQ~>2Wh+nTJ4o-@u(h zJfBeB=eoFiIt-U6J_?8CHYKF4aAFAVFC>=n6YDk=XB|v1_GS0_xvVjg`e1p{1lb;9 z9oT!uk6B4Zc9p{yk`Y@YyLiKWBnYB#o3Ve02872}f9aC15Z~@J@_LBD#1FFvTmYrpb(3srZTVQ6lYrSZNV_!d9U?unK+7Ql~!; zmB(=FGhO_%<@{BmgK_4%5^wJQ5|>;5&cpuNh0I?#fo{V6##3FSBox0>jHf$_aU-aLRh}cQ!D@)9WOc35~Y8 zDQ5bX3tGgIpwfu-3URyOkI%qsKP*^2{-DW;$oR+-hx8L-SKHV*@@ia-5B6xRfx>_l zF-5Db(td^A6j%>CrAN3Pf8mXjZXZXB;s8OBTEopWrMZvy$nb@bVW~dd{iDmER3uM^ zp5xTvny~f61lzXt&IDW$3PPguWW$k{E_)MG~eCG-p)g=*2~zTQ4H z!mRlPG%)<#N^u>$)+rC>LQq2v4c zbJC3sA?5PL4>WPJx>7x#ym1yiO|Sh%m*#lJkV7)E?1^;E-WLiV|fR1s5; z8rc~gWOQQw5~dhKaGLu7_h|>cQWet>zSiy2_Utcrw`4O~(pyt7jFm7ewBoqF#_!35 zS>wX%WlIJ8zeHzY|Mxx8@nxTTOx;DDcH1v{_vd+-ChYJKs~!MBMd*qc<+zzHOMpZ? zc%W+_U(C33$GF2~a?15||GKo3us`I4Q(wQfL*G&LGxvqh*Ty`iBRpC!EWm;?ZJk|G z`aSECcqFU{(b3TH{92`xS$J%D>WuSW*MP~vLcQ}HH?ZojaUjqQB2(;TelfMbe$IqO z`@?Da2uKaDlI1g*rtr0!kwvwCet>&gA(kbAP)Dww-w5nOaZu8=E%v`T)*kZ6haA%N zec7JG%~9#ogsczP_=tbYd6Kf^J3yU%2kgHXl!Ha9LG+9P;4bf4m8`Q1)_u{pN>T-+ zL7JbU`DOkLH0yL5NMZ=ctU*vdID?~?1`0ZWg|-AzBIbfT$->vS&yluE7WGsvARXdh zPL!aX==cJd?0CQod}*m_tyZ&<6DZpod3t>QY< zz|IWqs5ipEIaJ>#j}k#0}m;Q`DY3!YE_JN5_(lG}x?_4h9W z*L$|h;C6i0ttt^yhZIl8;n^%UDj-`v+7)hnIeT1Bd!%QDB)l zSS6JxKuj>MbYHRQ=Fcr-PfpLhGDP`j1vv5E8kEOFRg`_sEP28WkzanJ+p!w2do!MU zV5>rssS-L9;U9GJ*pQ-b0ihcFw{yXF9N>c1Hz>2yNX-HPhS1l@qTUa8(eOXn{futV znbJxBJ;3*t&7r5;sRJ7|=pE<6+db{(E7R>9EzROqL7qJ|O!BaN0m=St?1v80Bc~;@ z=EbBZDN+vFb^gq4BECsBv5YxnYb|G0?4F6jM>{atXjP&45YaE~#(oG1Etz2mgGBKt zSQBHQ5*6{lzM#3{u3~RaUw|Zm=nL{0I&W_x9m*YW!s5yaWW1p$(jFR25lAo}`|4K8 zN#0}yjL~IdmcOci`Iib+V&pe;UC#FwcEvTldU#GiRHzzemIbk&+@RkXC#L-_?T$7?WVLUHI&+>S9qRGom&8izm-eTV(2Bnxt@B60EPduN&c zu0=y&W;(B(AF0eo%Z;@o{W;UbU8Xzm>D?Hvp$7*n;8VLH6W^wH(tTv+5ssJRisUV~ zn(#2W$rIvg8iP4@WPeUzBS8rW1wU7-Nrd11?FATp6VS}SHIWI*T#4j7=Jh<3cKps$ zvK8R-#9XH-Qi2T<3r2rVN2F`+_<&Rf=I}Pu3hzKKJd+&Z9euW8o-)0uY*fVfZ6PQ5 zx@u^zwAi`DO6XOSK}#!`&EJJw%^~Rxj@aB3wjOSEV>eZ>$D4(0C8zfTDk`-e;{H8n z{;1P_)&w#(XmYeLpnzxyB01-R$DJII8sO^!&@=JB+v6^G8p26W$pe?`-MQ|Iu(8hm znplB~EfY2$hcNX%noBs?#KvwUWwRfril0vg?LU{zX|=)d`VGKZ4&~4?#M?R)5IS@d zI)?dN?<8auR8Glz@Bdi10CoC?_ExAk{oLn=&rXj7X1o<{$%0N%3xxSw|AoO4PxO85B1>yKrzVQuF;PP5d7t0fPOU5gs_dL(lZj z&H$Fd>GVWi<-hh9CbSt|Xiqxx6C821N7Jou{>m3nt%gEGCvp>d{&z%YiV_Cs`Ty=a zhByMwzdU|}>?pru_!HYbAR!RK5MI9MPr-`;iv1d8{>>;R z*Pze~BaHlWLXjH554ik4ZB_q#O9!SWFB?nwdxyeTfWrrT_wN6r3;B`aK^+_qZ8E#7 zRcqgFKo77wE%f|XCYFzqIfnqQH$#XByMdx9cXJHNGel*g!{TV(%Qb=~S5?1iiozJpg3yce@)sc1vSEzBIvEu@`?h}BI zM4UEEU}AJ1+63}SG8BM(5We7J27f&!oL&n1R5Fj}+{U$BNZ5rg9R&#dPfvnL!n5p_ z_r`Zc_M0Wy22{&Ub^n2zZV2B|}%6By) zj(SV*OxVO5Ay5%%a$sD9f<4RW?yDABGJGCnRW_^_n9y;kbPd6muQ1O5?=hoAfQ#TY z0xmxadHcX82gk4PER~0IL~DigQm6s!;Xy3E-q1>g z2rKM2GD6GkJdlt3{j0D+NP>-@)=Vk1s}8g=mHU9 zx%4q_#%p3_!g{5rY%iN5uafYUcy3zNEd5LsvcC!K0b$NukkH6fo08?4-~|w;)%@tP z@Yf`D(oo6LnBi-&n!?3&$k|{963*z5D+QGvfMXSG`jbYSNuxK#4h4~e7-+zu`bmT} zJi_0378YrUt#SZU>@^IOZHrlU-kH;$Wd9lq(brJJ<&He?+LPif;f42UY&JsAV^Ao_ zuPnfWDg-1aF%zId01*c?MOQ>gs*u;`@pFAi1h+@xY<&v|F|rb{IP+`fWl<<;=@-yH zO`*=f&?OBI-U$75?8!g$g$QKNlFSeEgW$59V9gJsHlKmie`h0NIv2dhwa9MP+NgUX0(bJX@cA96fgU& zOMeT6|G9YLA7&BV$(3{t373HgqcHfX*aV?k(CWX*;m{Khq20}|kblN#xntS}&CA+h zDj-b3FsNl|^)cpJFeyDZ5F&9fk;*{X&3t`pfY)&BwC7Cw8MmZc&!LqhJ-;XZ;&Y4y z{`IE=|IunOR^po_=96!YDv6OMXCyI5_)|<4NPizNLEe?oH2po^ZoKvu68V2SwrpzQ zEi>!D?Mb3l5_zSFC*ydG$Gny7)2`f8gLY0fggAtk0NnKbwJz@ojYV-gP)3Jr+&w`0 z9FXR7f&$hw?;DUTSdk7kL(n2`xzRL*qV*8&6sV+jP+b|ezqv$;?JpP0i5$L;&{gd7 z2MwO>tO=f}3nVszKy>?8s{xi!X8cT0^L~q!&6HwyvBMW{Rcc|hpnvq$aL7whdx-Pz zEaBPErjsQK@9UaAhFHQuYd#Ac2-(oMM>bHam!m6~4rZ_cOv>>pp3cA6iBr#cD8esizq>b{ESll$AN7h$ypgYhOk12F#g-awz=qTyd!C``BV|Ps3oH&rO(q&enJ(`yE}W4500e*pjU3Qc9K@JjV(7nBDc}|pjk6tt-QU)!-R;8$5Mg!XpndCrtrSN}ca^ zNKnE3g=*=8C;Q&8c2BnRf}fr008J!R9I>+$_LSZR&f5mh1%Jg7-ck~sEaK7*8*=(g zcp{@mKquaD={NA+n;XzuYtS3mi8ipLi)kzZE`cz34C!%1b|)yc*(>KF7}R!vlx~ zNkK$(k#v-Mc3YZUGedy^kbX40I_DO&ZZJGJ*h(N16b_zPMtW?CXP9w9Fjy+h9ad-+ zEO#6~i_)$`oRLp*z+7NMX$P-n;=rLUQUkb&$ zi6v*0g)n|}W2~VXsDTSO^uhJsL2k12rj^*h4i{xo9>V;Pl2 z3109!za-Sq6e#JaQrF6ttekBsGzdV`67Y?Z3I>OkE(z?U?CM0_Qq?Auxd2i=BWYOa zwr6d=jLKIq8h=?952Z#qpQJLeA9!t@>M6&eo1bSz%IHCxda3!Ispm;Oh}vLmy~=O% zg{?f-?7hGju5TRZK-#b@jHJa`NU*0>G2Jugf1U2_BJiEz)21&@fu`x)V0KD;4;D z^p>2<5`dfh)5kCIlRfp9Uo(@2yk9!|V&zj};2RZiApN5xo0uuo2~e#aj4=p7>Q2oG zPQoY@lwV}H+K;njEgF;+foq&k(|r`${w@X?M^qr{*WTMo@VlxYZZLKb$jEd)BLU@c$D>noQ&uk7Vw4s90q%+(^ zqp{nqvy{Gbwn?nw#S3GKYn_(zZIk%c6OF$m0?MA=?c|?}`Ezl|Rg_~(=~n=Ihhx5& zoZuP<9+Y%!AciF|24QsjA1fWI<)yO+x-7IlO8jAC+(|IWV-QN*9RXj<{KgDl;;fIKt>NOqS zGjt`~DxPDF|7kf0TMwsPK>)p=fvD7{+;?kmOWmok+25);&tEr7Aa0N}8?3`b5+`H) z9MwiAM6`n*H3hFHYuj;xjb9vxQ^!#z|_4I0|0bD}h+FH7Kk=ge6 zW?|vWL%Ls}C>X(;G2e+59eg%3xp`(d!p8vb3Gslus!ID@#%Rx=6Ik^XRydps8n^1^ zeSWi9?x`3y*F{tH37w+JK3TUKU|CHMhxWa^X87y-2jVQ?G!O@4zSA#{0bQLFBp`|K zM8#zi$qpw45Az3yw(<5~hR@8wwg*`UE)e-L$%o=)kvdI%+dXUUY}Hu+`M%b2*b4TD zYwi-Ud3yDsSBDnt7NXvxfwe0%SWJzjdg)tmqwde5UG`W$)%vf-1ust*3SQDpmH?fFY!pO|ABVyN%j%oJ}zeScC65P8OOFVZKp&JO%9On?F4Tm@X zm6qY3O$*~0TWL)=mN8f>Ugy0I>JX{@EZemkJ8Z|%rh9RPzA#))8iIIhxo*a?Rte>w zsMkYteiUfFZ-2B8oSYH7O6KMXLhk|w46cmM(-YhOu(EVGT_^Ue@Sp8ElYHXw$-$2U zPR-fzvPj*s0o6Z7+0!Wi8rC=P!4EgLLr)-6C+|@C2;~)`m+Tc;WW(8$W8a>fndn&} zI)Gh~-tbkm!y8p?<%H|uUeyVUU|{WOCly^rZ8_l#=!Rp#QeJyZIYsqSy|87wWOhEveI8W;W>VvZDC~zN-_K*Y-CdH37JJj&sa}s~ zG#h=~0z^^Aw#(prJOO7etyVzUH8BIQu%2K^$(xzUZ*o>X(PQAwXXGP0`c4RC&S=m- zC>)sliY|dnJGlJs=|5J_o|C-ciiGj`U8dEhN*&v?cdA$o;s_`p+r&*SaTYySp211< zqtm8Px_={LnBmedtUc(Uto^vQS2S*cv+P|w!8PE_7f@U#ur#|6Tr4~~XBV*iS~#*C zqF1Z8YKzM#L$eEJ-vH#2p_{zgGwA*0ia@D`a-kRDb~S1oNvq{BgT^Isk2KNZbLsG-11dZj^xd_db)r$_|3(ZlHzTE!HsUzwcZw!26ExZh9qT?jCxsSRijP!h=sjf5>0FyzR_}O_=?u-1=^R%z-|zB7<2Ij2{`t$hO9m^F$ED=-%jE-$+62ISly*D^&*!*i%(C? z)-FcL?s#=?Px16zmu9_}Ymkp-gMF9b0Y1`WN?q$#O{vq zT~GL#G>IH39B55E%Uz_X+1n+!@%iLY$c0ps^USgj{2#`V5 zksRMr68o`>nX)Hvo;Hnr);KwVeXB~n31HSIz&{Pv8qm3dP$9xQ`BVEmfdK#sot=hVV9w71n>8xz`Cr7gg|HbiO^ zEyxMW0>1@|(ru!F+S#5H$~bE}Frp>FVT}$;G-^Z3zPDMj<4?8AZA5GrPKPPW$ZCg0 zTo}xAPO`m5_ciN9_NvK;A@zq{PTFgy5Dy@Sa{sTV1wH(7)?rOVd}gNdLE%L!EsH5G zh~uupnx%q?;l<7_o=fv=JC(})M2Z;i?kQQA;JnJUY}dNWbD7~ek&bqY)(9>fSO=3q zn+VJcXLVP!8$bE|Aj1l!>o>Nz0gL>x=kRHcVis*RVU%oHMNOiKe15MP*xr^B7Z$p@ za-1toO)XV}LmjQada5C+iB4G{*?E*Sha1a&1Hj;zihF@>LeuCE{x$pDqgOwe5S9;w zX&`-V1{lXodQ}@}^7;ovm~uE93Q--Wn|y5T-E7x-|2EQ(O=25|60bQ8cpXPR1Z4TwGAP$W{J4ecD(duP> z91%gqXFx1my{Ssm z<88_61n_hVMo^tnNTof!5EQ=9S6PI+OOH#U(jMc85YIHw(g4K$9=Ak zt}cA|5^~kOcS;7#I2aTw89y>6e2&m84lu9F_md)2-r6NvnX&vqY9Bqntx8(CDvpCE zLr9Y_@7cwZy@^f9J=NZa_&QfdCkc({`BPoS%XGIIYxLfCZK#?sq057xwDjWBAD$^$ zC{I+KOY_$kHtXcMcT=@|H}qo0gwq5j%tgFGn%yo6t%KA8zYo?Lts%nZE5m{lhltWD z>r=p(L++)!O5OC@EQ^Bl%}kO77SohR3fKqE2{t%>1udBqi>HlaZb1|e>Nt=sM%#W8%qGW5*EDL~rg^TyYhz*I&g3QLVTZ*&?nrUC zrmXfQp0n-`D+Le%H-mvPdg&{#ZL@j6>X$h_y@66>e|w+L8Hbk&qRZz+93k#>w2YD& zZm}zF_(m**0%#vgg?*cMV&}oXg-VDD9Sd8;-&{&8}~13Mg&D+lamIKjO!yn3sg(Db~S`2Hzjb zhh{b7|3uDoJF5X<$EO0wRHQo_VJoKsi))k8Q)HQkt^-MEPmLuc{pkOZm|2kh`Gol9 z%h9O4s?l3_L;<6EZn)@3yE*|NPkei8jGmGhN%g;?oh}LTd<>q&8u$}gc|s^MJvkPI zu)hgF=WT@AeAu(QeFrLg2|1F-^jPz4gw$j37_Y_e=$nfl9R45!>@gat2y>qznr?1v z%_U2Tk#-vN!QEg6!mN5FX~KVb8WXJcdU=LtI-Sc*;>)3azjI3NGjPYd+M$r8+*gPr z<06q2Hk^(elk{T{uP^dGy*4_iQ*jy!m|d41EbOu?4P;C&L|wb%vKtJUi4vy2{n>6| z;lAdaoWfnO(lReQ4;_xVw)bwY;j=4k3vC!LlUfJ$U-$iH+chJFFg4{8MZUr1UQP78 zfbnCHk)^4D87qri{vz@N>6;XGfqvATeV+b7p8vQ2<0vd0fhZG^VfwLw+Bp)arvUG! zVm

#p8!y=e%VSEz5A1!{}AOuQ0US)*&9cEQaDFTK4dXv*Ss2JHEZmqF*js$nh!g z7(PsTXuHQ67S_@q_Z*)uCN6R;d{j;IJ4VvHGM16B>XM=jEF?5eHM4mdr{asBpRXTD z-^GxJxM7R1ouXq#q|^xLGIbCUq(55SXt?xM33H$-@wfl^{X<6I_pCysXP#LpuhxhR zo^%;aF?uNv;)&ky(2Ff<{K}6w{cymn$bDnuNKiS@#<&?6elVBqC{bbw(29dI_9F@R zU|=cxcNhVVYnu2gxNRKb52_ym(j7}$7px`TQ^QsHCkM9oxDa?B7J<#xOKcVI+W9hU ze8-_dm?jN-7W^L4IjFt;pNggR^8T%+@utFqo(7y{VaOFsuU<>q{|-IOTka!)rPCoI zkt^(-YD4E3coMQ|@J;GGd{0n*! zxwy=q?<3)U7VsR^;NT)nPdpFb`Wx2=(GRHE83by29O-%2^d?LAeEi;;ncvg=M=d!{ zQ(5koaBcsL5*Z9)d1= z(}}O&GCvN~-p!C4*%;RdGE-*0RmlKfW!zfl%Uq|4>6hEauJY)E+hV^aE;e2EV2xJi zJ{{5w3ps2rj>EQ8i$>dp!De@!{aNJxI{Z@OrL8uoO&``;SD2tcH+@vtZA#ZMWV6vq=&r;om~9#2cM?*N|YfX zDc%r#TYK`?;9&FJ8_QG7Mwy<^0bNwCaWH)7Kdw#@*kEch!2kAnD2~KGvQ=R}sTIDu z8uE?3d*5_1`i;P37kXVu$zN>W^bmIKfTkXP#u(fgYjfsn&%)d@7AueEIz9QYigh^f z^f{PvOBDAo#Jyjixs*|dfp+EhYQh}Nq;BQ5ue~nvHVvo5M-!0CmHn{=F7z(6_9qk% z`|AW#-FWN&_$(au@|r+XR|oMgh!>omy%MMBsa_9KU_{730g!3FWtoprh>XqV0Wjb z+_-do-4VSP;rg9C^1CYL9#N9YjB*%&H$b48wNjVLxzAdRz7IIW_%CbWp$$m^p*USt zKh*t}YiR0@u$aF#zkao%LWmIO@vfFZQPknl?14^%J_3Ei;*MWhrhCgbq&qH&PNs83EiZkbbD&k2@2Mq`!nf$? zJPl=p{Y%9enL`+)m<)Jy{JAJ%Wn8~~iVEINZ74IU>pwhr*tBkI-QD#cc3GvEJhj^3 zUC?J~oZaU15h7N|?|NOD<6ZrNqPVyFss2mC0y%rZQ}2*7b4~Bm5lYcqRr&4j{gbpo z+czkRo#V!zZ(?o%gy|IH=q`4;{Y||{W+0+jRcd& z)BjldMpEhEUV`3sXzDW<*wqrB2z7N^NHRoz{~EkPat0(sB&Sz^m%}@3y2hN{yNMXY zKx0oSMV>{Qw*bUAM|UDuC1xhn+7rHoNT1Tgf0CjP4X|{nZb5~;Av`jc28i;K*lCx+ zv0NDb=Ga(@#x8D)&p6bO+N>nDA%?_v2E_xBUU>BJrOs4eS+n1SU*%Xb=_$`qcfj}n zE8S6|Nk#T08FFB?AcHKOUH{sqX(QRAgwT(Xl8A23VyaoWt zqeTKIZ!VwdV^11FfP)K<^gBTLUDn{{T-ER?!dbuGZUfkV zkvQW>=vf;+k*wiW71WZJIkq1%bP?a2Av|b{1;KU89V7mnM+s*pYm|?F4wH9&yE4fp z&))VZKoctVwq53~CvU3(PIE3@>I@0+n@3PlO2%8oNxp7hR8%1G;03X#XqrH-d1J*# z?_ax;pd1dens!t7>Z?z)ko@#=UHiSvq?jAqFAVO_JvnBa&~kiKC7QSI?hOmKSN9L5 z{h4OuYfPaw1*PSI8ZQ0p4tUa=kzW=jF9GHo|0zWieCV&d!9Rd%F^}x2ty@Nfl54%) zK;KgF98FcNOy!!fcW`K8SbV1p3T+X@<0vG;8PY{)CdkTLAN_pnMb-A^^2?0d_>PuI zU1W>R)|t-iJ7SU%@g~_&l%%p2XZ-pO+)la7y*eQ-o%zb;TQ~kZP3I(N+E*Ce-bSDK zNLvb75G-2!`v!dd=cM<2ZC|`7`59bVaID0^cu7a${C%Z9>1N*6}@Z^bc^$>cIFmHJ}_FfpH0dc+h*```U|`HCJ$eu;mC(9Wn~(-F@dP9la#bewn5O|XFu6qM>@Ky>DS7_F5)u;qCsInqBDpB;5y_OEYH3mVX-0Sr zdZ~-w-fFjlme0t>c+sbq=R|I|@_MtiDd_0y2ajfcv5ej+IMa?1-HMFXj@15r%r#&_bpC;s2G- zhB&ELl*ligFQ2$DLxXY zcuzaMCQUV1k<#?%*2&$g<5ON8fjQFr-E-idE^FYhoHx@io}e61R(TelD)R4^e6?}g z#|*U1{xk0X!kyUJJ*9LjX#R59NN^Kj)mr;E*85W8Oc4`*w1o)F2Sw#T8dk~w`xnF} zHiTVkU}+hBsP$gW<|k;MW_%kS9=2Eixv88RFm$dsmjBT83!(Umk{A2QZq2SnWqcdN z1HxlUzAUg3y>ek*-1R2<-jz_%2p2NWdHiEfdmtMojE7^W3L<6hfkH~?rhx3Vp?;G^ zw~wQYnha=^xJ8IB_(C2V^tVbx@1jgsz)@VM!j2U(kHD5_bf~*zC~VIFguK$qEgsS^ zG7XI|PKbE25Jn|h-%i0CjTmI9jZ}-0=yDar&9G%E=IG~0z`N%PibffJbV9C>cm#w) zbru{@GAykDf{a8*DlO8z5qw$EQ-sf|qe#nVjDUTTH2@*I7BKv6FmlsPh-?uLH?!BZ z%u;Y*Zex^*|0vxU-~iFX7sh9?IzN;v~?`7_Jc z5T*B7vTh>vD}#t#dYHt+@Mybxq>oGVD>c{Gc)c&ULhVXy)F)tnGoX}5CM>%Bn*xXZ%S=;q5C z8+H`I=iRZpxV~ifi4*rmw&tfxv1FkR_7qovUmDL!8?&rZlz8z3amZ?LMyrrCNcp$G zzB;9|TQ^)%EV2Mw|MqI1%O-T$VjX%(jI8uY(t!HuM9I9C8)!^T*5F)UnR+U*9<9iC zAh+3-_n|GCkLDLYl!&8!O`9D{P6%4}lDS6&hXTSK15%#>Np*0lFo<1l#@S&Wi?5$& z;j1o#;sMHgC&il|I-UonskHmPPDZLl@JsI`wJ&_z{GV}ISM3R94{De@kGVuN9;g%> zaBoC55>v>FhHhx(r=yK?PlQSO zHLk$3cE9@WPA*qYKky@-1G8DBA9t@k;(Yqcbg>0~EiE=Gn3SeqfWjg-m?ovKztcck zjN>&WH=Ska+I>K{ZmHys;GFp`i4$hputQshr^{JbwtS=27HnO0LT{EOw+E zP-SQ>=lc~s{^?lJn?H+VO;;R?dMc4X~uHZS6alTo6a#>JCv{y4{Mh)u(!I3GgOTEkS?>DsTIB;n} z)_Vo#4^eX*nJGLaF9>h<&(C{J9IH#W%QL!FLvQ^eL1R{lktosTy6A%_QFL^5C#Gf5 zUZR{2js&UIv#0KFc`^Oqoy*xDbbrrv_g&(ULW+prZat9kwM6H5;oprV-ix5bCxlwg~>ze4X) zs-(+p)r+s>SVZO-IX>=ANC_rg6YmMX9G-`hKL=z9@s`M0P7q!$XcUGZlRPw6{8-xt^0G?LsobyzoIsguZ^Jj75n?Ocx%Vi^b z6c6KQCL=+l(eYQC>`fvzj=VytYSlX4Q(x1Vx;5q&-!E4pQYrKPsgMz3E}TSV+ag)w zMAQYIKl{JNurJ&QaI!G_od;dO!LIUiPE0wVxu4NZfW952g~TGZWs&f)BXhC-=ei<* zzVa1m%eCW*qu=AukzL>dPQWoRjL7^*g+O8!w!_r+Pa}Xq2s`sqi#7Ecwe+Sw^^(+TtNdrv zKii1uQBFRgpX3~0ZvwTP45kxoxdpUKj6^9gjG6Va=;)1D?Yj>GV4TbB(0aFQfS-v0 z&OS18WCXy@bExzh87v9G4M+L0D#4EdX{6a-yGWbG?K)4TC1u?(Sj-zjk3X0lT>qD{#j<5%lo3DcpsIK7gfHg_xF9If?6(ggMnofwW@HW}_-mn#lqW-i7N@Aoui|@=cvq%wlWC5>`yZQM zj?0w7FKbHknWS?R!|z1zzaXugSwtKZkJZoM;fuxwey{8|$fY+!4PQ7b7RI&b$%19y zX!d_c(jryHTx3O*J183RI+Mij(@(i*oQL$)ErY!dd-*C19<^snB5Vs{xjL~1vQ`k03UusA{>r^ z9Zi`jn>QK=sIO(;@&*TfNnd(wEMK0&wG|hQLl`X9@;~79EeUKoK~3iCm$WO=@4sSl z?xLRWv~wK4jX{M^cnTk>?m5w22>oPqg z+zhOA`#XSsZNH%Wx=NZ7Y1Fleu2r%kCdT15dBb87puBv?*H@g;0K_r8{o{8z!5q>b zocnon9j7%%+e19UiZ?cbut_#Hfrm(f&Q+hUc!LX9_P2N_K1()y?v{gU;v9TYf2#%G z^CWxHacFSgL{Z%LPwTJ*aUr@|FL^lH!1cwyrsEzXTrZb^=~7cej*`s3pQK5*M~D1+ zDRZR-%xk!AQ`i4X<29A>E_=0QOWf`MD+n}D5PU!4@D|;wKLMs#0+)J-&QN~-4gZU~ z|8BDd9}#6NEd8JH@iYl;&%(F;)ji`(y^j0HXB4aWvoQGoqXdMTUk~M-=W7o;ZhSaI z0)M5t_(#9E4X#JZ=;`ZAianNXIQ;(678KYr7i~^$RTP%J*pJFjY<*XV3^vBCYi*n{ zx(V9Fch#dg9QlGcS9S`XdM_d(#w-yuJb&q89R_rSiUvD0;nc$-;mYCsYxF>VTZL`S zCR6Xi2x+G%DuV{J@E%%)kBQLkU>I7SM=yGI%Gh`M+%A#Zj2-;XKzs)mz|ufBc(3vX z(ELRhk2|agy9f5a2^c(Gm3?_8Vv&343iU6AMba5jS`v(??!5+dC)iHyy=yk-5;V8o zl3WPx<<>V%<}dGp7y{_UmmBA{*4*;P8DM3(cbrw7-%`pb9wqgam}CAcVOL<;Ob+q( z&3P4)H^W_`hab~l+-X%U(_-q}>o(DFe@TQ(-`1x49v|D6(t`NRhE=y0oa zY)OB28F`ejeWR`}jF>N_4T}A7tIWz_^LHvty9T$qPe5(HOcthP#;vaGpw8c^FXaXH z-qnLc|J!V^m1OVvmP!5h@l@n|AW{6kyP!v}TwC)U&#PeyrFoH;2jPa2nh`xwIWYdB zklJ|MJkXRLgXGQ7%d4>9BOqS4GYDHbCu)uosWLJv<6|LrjIMCIgVbiFq1)c%bL#!k zV31sN5tv11r@m+qJ<{rw;y(Hn_3)`_l0!3vTguQs=lAa-;;|z01sJnd4|pkcZ??K6 zjQvuvFJ};czFSCt5(-5~2|b8WHH1FPa*laFt9!b_Ma{70OJKN@MRYi&p;b!OO1DJH z6ZNmSgoGYTnOP9`;cUoGs?p(eL_<0sGkOT(1I<)HlP%m=hz1kB2AM@P=Df?8*>}*9 zU;<=XYWnpoTpFdGO^uxQG>nCkloZzuH?@OvvxIm}m1zq{vvxicT5beS>9K#%}ZBI^SO|~JwB#zOx9tg5E z#>HzzO%Tj5(dT!&`OS^=j#2}d^-Ct1Fda5{zmv4#h|=eV$LFiQMrcnHscIC$_aY+) zeagprFa2lzk(>E1>UKcEZJl(P@9|Ekx2HhJCGgzXi0fFN6>)LsZ+j@0pQz*RvWHss zh!2F!$qQG}jlXoRW!QTRiI3-`%w)zy4x}Nq2hjeDBelNmv}$7@ugy641jCZ49pRS& ztIrK7Zw>IHlwPFKvq(xxnzJp($lNhI#wt&MC2WVO?pf^k@OS%EoH&7Q3M+wOv7NXHWVD zDql?Sa!-SoW&7cLft@MJ*Z1}&y5l1eK2zH9rAwH9{KQ4PevOQ52Lp?sYU2-T>C>BK zNN$oLz;c>gc%sx1o-fW#Zm_Xkmb? zo_2>#{=R?Fg^N4qv}7gEFB};MS(09q1uJfm#29&wGX#nmPjS{U+aI+&w2}wffUInW zV-Tf%L&u4s4y|WFy23ufVK!as89g{RP85}fSfYty^}Dn#8>r3*D2a>2&%mnO0}9#3 zQ@@~eA$C(*KVrE%*7MU&Ki|!8|AOiu*oedvs_(QKY7GA=;`HE2yc|@oj;l+y2yHm9 z;xoSLC?%tgb$fX`6q!YP0Y=^1^!Z%b6$Ta|zMbP-v(3+DZolfh4%Wb`lJFyJL-Jal zUZ7Q*Q@t4y$e8UK1C*uHW$l0y&_*?c9QXvr53Da_?&m6T+_n8PWR`I!PbO%1% zBpJp~0P zP?5Ko9x7dZ)92>w8K@qdD(S{571zbJdO!OzZMe^8RKKF4In0t_1>b0%9O^`NZG%cY z&|G3*Yh0FT2Rde1M6%-_uro^g0ptGkAINq+YIb2NK*2`{>gvYOVo!G_0`e~cY{Z2m z``5STy5rvHA@#K)C+>Z`ui5Xzp@9b3OFe(vH4jAi;5E^wfg<^CG*rz;V!q>kEWg5u z>@d!6e$t@bTJ-q%m-G{#i=6e_$yBsUZJ3Yn3180*1#sMwvwd)g-*863XwghsEOl#_ z5&e3fCyXK0nz@hVcqoW>7JvVFcgOPdlhDj1!PQF-oL`n{?~^ECMFC3bA$JW&W5Sbj zX!`q`i=e7(DJ-!G)@A#72_ML(tk%4dpx zZ`gRrHFDXsBx9e>UhA!4%AGDt-muxEJ8dmyVmG428t$YH>|t}?QF;A0A=vj`QejKl z{@HhrGsUP=K2mcNSG{aBT4Fh&6+CP7gdnf&yuDB_frDxl6xmV~u|?u|Do9DH6>dhe zy=I^qyM=6#q8QyLZZS{4I;6i^cEhtzdhM|X5bv!W*n8pA)1R}7)a@a>ZhR``sX}y9 zA5hw+w^~H#P5ZF@zL1;FDjKJ1Cni{OD%z~dA&7?AqvJe=2u!tEH+(%Y9*05p0u`kO zi)W~Gft(UXA}hj#G;BMLM@Rd{G}|Z#a&9+j`s%B?=YdFL@eH3#+K}m$f^Q=(UBTWP zsNKx_ZTdg#)%Rtu#71j04wqin?)x;MW4*tM>w8yKGC@=*-E{h_e=z3)#$+*~3Qg@g zA%yxYX%43CCbZH@wV$U;tpyok)wOan2FvOe(w<-Qf>ut2!Db?u=Gn4wLHkX0yNlHi z#qJAakC>QI5E4zu-Y@pixs_TvdPSv}qj*&EXI=pJ$zy>q3ToTDlI0dq&G$de&*?yr zGt9TaU4G0(TTaUd^U8Ls4j+qyPoLKApo`&YpOY76>gl$x`z?R)s?CAq-x)=Vd*3`< zeeu1}0{LUl-L~?XxN-${-h=sj$r%wpx{uXVRr>aGcC_lt8HToaB4jO)sA>yUp%m26 zsU%JI@>;b@ za?Wi3Tzq=KN6}6g_9SNU#dX!YefIL4HFz6H(t_ZoLD!1*{eh?n#y2{;!k4O309oLtUKF zl;C>itVJf9^oL(JMg0f+RI(z@sFYMIlnqci6ntMF4ZBcW@^M|qSuVDT*gIzzDEi+} zZAuDLjmSBgp3^pb?&<9g<&XCcTHJT7WV>puurVu1sb$!FK(07f4uIA(DckdAblKE6 zYKl5Icmz4#e$(&f&URlp$Nq!<*BO8NP?-77R9;tLQ822R_^x!J$<_T$Ks&=_8%eR= zrK%zxv6m@a8)=I8WAjU$#7B1-xs@F7_gQ}D@C(|cbOz5rVU^!Sk9T_S#P~?J-S#>Z z)$xx)E#DT=UT;%)Z=z}Xrt>$ux@HlrXt+(9GO$+YC$5l2q< z-ea67ms2VhVw^FgHdxr_6ql7U`gi_ zzYPb81~6w~MZVR_^OYYrw=mHhX)U3j}izPk*X~ww&N_5|rl+mNp5iE!nnf(RiM{({(?J z7vm%Qa>kg_SDiz9O52tMW#nBID54JSFm~;zj8r^%-FtTWmp4B}t!nAApv!r5djWa% zoo9R_@aXZ7(t_aU<%Qu|aunrwL|)5*(`668`o1gbG z-7u3$w|LrjowKsPLoJ(ZbVr-t76v0LyW^XF==s+){aRqD8}8qEc7J`MmeU%O%<3}l z^X)sz0#-?%=A@T-!`j?w7yh6s^-0qyPL?HyHZfjk$>fq1d|fG5IOJcz=CClc)AX}* zi`dw2rqx`0@BIBT!$&py2Z6@*m~cv|i!^ha>lYsCc(VNZl277Gf3aH2^qr=A^_@j5 z@z3p-oS=L(*%M+{LBD)C^(56kaGm_rKJLpU3y;|~X}(ARd}#LUbnxqyd}L->Rx;^P z_m#EhK2q^XbjbWztmiv^tBhw;qT>_4ksqpzzBJZLzY49dNL_I9d!;tpb$$C$%q$Ze zs)z`elkW=UbsPFoc0|Sght?E>(z5cSf^q^3Sb_WMMG5X^(?ezK{sW85*xx&km)A=3 zSt8Dly(~S>dEb#qv$to$FR@qfL!PvFEB~83YIJTE)0sO=ZCZ8$OWLn`hHieosqa_J z&m{kw*}t6=O-FY;*|@PUWaey|J+=60;1~Kcc6?O~j2?$uZfo=?U(w__nX~EOm>o5F zW1jS`mzL5Ihb-uyINr?5%X3=0-^eJ;QB_Yh%J;*-{)cM&&6(x0a_M;A#CvWxcaCUk zXcJD@Nqb)$Mk>`PsOx}?f) zg z00;hWT~M;|D#sz`Miw!QH~`0l-iM{rP*_#9)w<%H(4h+cqow`dBRCgP&+%SRU@0@W z#j@|eA?q;ME>0^5Ik0cuThXAH4XeK)tGtmer^C(e7%(Uoc%vpJx%aOJ9#)?zSuP1KySf2M+x#s|7q3>>oQ;{ z!=_xn5yUNv?+ltIh2yFwsqV(~m3-$3qQKHxUHvRohG)FkA!OBKq zWeMfWb+5BJA>Ee0YhoBWpF92iD9vNzHyCJh~NyFilk zk-H6vVj7%{zj&b^PPDao>*G^=pRsR@iReb56GJ32qz8&JD+-*j=Kvm_>YRZlMP@ZB zAYu;i7$&`vXVCLChpVz*p6@Y;62G5gCYJvn8gln&lkr;DK9>$M^?l85_nF;gd`eKw zy$B8H~V|x4-*e4kxoS4J|xx(%OS#a ztEu<`dX1WgcS;|bm4FV&IeR!i?DJa=sqIK|JLoHlC@gC>`p}XtM#eaZOR{XllL4>V z1X@v}o9xws?{Isxb_q}r^62IyO)Ww}`|3Ah<|CNdx+Udxg7te?I6AuU~cGUdl@ z{&cTym~~u!jjl5)8No`3Cc{pDe_X|#+Kn~i0YVlml!FHTnk^x(2J=; zRpSi%lxp6Ef6~e{B#qRSR?8U3L(wabw(0!R-T# zHTr56Xd5o2J{pHOK>#@LmSO9GUe2Lke!LG+s|t`R5QL6zH46ptKqh62TgoxqjEGwP z<&z{i%pXN+g6`Oj<;(Z}eG>Ckjx<`nLc5Y6e@>xnZ%k2FUILS{_1dc?j;WqRIb)oJ zio8ygPHqCm3ReiJkZ6pvzkOX3M<&)e$qa(k;8e?Kv1uHhOV{o}JBXTA6q5!yjLPXDP6yn3>>L9CbEg=cnZeS zCh^GL`=S4wVpGL+8MJ*C1>>h(+Z^{tWf6qNkm2zAOWwiAMMc@fZ%eN1GdChL{3sA z!eHRV2lM*Y;Dotx{7^v0Qelf=yOI0f_g$@KF5{pLn~L#!WS1X9li(BiMXvZ4qaH7d z@+b~CRXq4Rc;u27neJxWu76kU!x7h2xLebQG3xA=yE9I%1TOh1TRrPhN!`nbEW4KQ znW_e+FKKwAveV-4E{N6y;YWP+Y7;<+0+sEcA?<~w73rUtW(}Bp;hg%VB{ecw@NIR8 z6yI`pGK0m(^-!g`=Z~@}xM~lF%wmVe3@_3j0ZLPgVlF!17jfnMO7#zXeaS9gzSe(K z$}||{q&{uOmX2;5pEsQO?$?XNdd07nHC#>rDFGJp zQ^!v*=&F0=rCVn?A+EHyz$R-L4O;;af8>d@rTjobG=h?B@F3(%{Me3)wjMpayy&BQ z_DE8y4v&kK>|SKjFcifkvGmoCwN8y@jwSj|FsZP8)fp0O;fV(}`Wau`gU&-a(;@yf z%>`vzJA&ccQJiX%cT4rG*ZBII*-{#qTfYo(|O!GSu@%Cl^ zC&kl05B0=8h3jEY^ae1}M8P0lzM;!BJA;Hys9(sRKlz+ z?&1Irb}PZ5p{lj*cKZvkGt!%mepc9c(FX`>5=w&F1E82iZ11@fe|ju{E#qBBCQBLd z^R>P3is;K@^e_UD4;rG)t>qWYXeWxz z9Cz7??Y}gGxVs%HY(dG6*#r9|&IKlIsx~!x*Wm2MXU8TvLKtkkXSbia+ZkweAa%*& z1;zYDczPbR z!LxJZOWhH>wIbGSB4Tvj{eaTnGzPN) z-PS&R0`H5u`vw~lBP^01sC|Q<&RqCE!(bO954%^?mbAvk)=5*+m~(^y9Z}eSVb&{~79<=wxrS^Z#E_0V5ay literal 0 HcmV?d00001 diff --git a/docs/extend/images/authz_deny.png b/docs/extend/images/authz_deny.png new file mode 100644 index 0000000000000000000000000000000000000000..fa4a48584abb3db280b8226d18888cb0539de89d GIT binary patch literal 27099 zcmdSBbySsY*Dnf)5~8$(2q@hlA|NS9OM`Tygn}SQH&QM-Rir~Y1VN-Fln`m8B_*Xh z_Po{i+k1awpYz`y`w4>|{)(SmnBm_`vP$p%`-!N8Fx9lYaf;>N>#OjT;s1Lx zpD;Aij7t}k<^H~tPiU0qzn?H4W4u7EAvq-JEXGqk>Gi z80oWdry&CguGZU=9&|Q?1@>}#Eo4UJn`31bFJBtT>(^}eDrlWvy=|))!rnq0)XyxV z#^yfhxo7oI=l#R`) z?Q5OqQKswG{N}J(#MdY~ndle|sWyh7U|Z2E$(U+M4Nq8->25k+U*8!r>iF^gk--?F zax(is{sU)wh4z*t!Dr@;e&^*vC^rS(87+K!>m>T|*}`QjuL*%nbHTg1a*WjRn8Wo= zWjY>LLPL9)(!XCwHuYiDHb(!WgPf^pdgtp~3ew?JEU$PiaG%WQCb|V(zJ}?Y z%kfh!ynnvoSW?pGgpE&M@-1tQn&kaqg+nZS>R1}DeTg8;v8qzxgV~tF{&#|c2Qh#Feh32>)UpQAunIX$j7lRR*`Y)mte)jbLcG{N6trxoib-BB*ddA zZpyEYR5%GJ+i<eGv#=TI>R^!uR?-PY7+XV6U;q3cY^EtGN4WB4W4;CBQ9h_{XoH=eh ztFLn1%Jx`q#B%suyN5d{-It@x^#YfaD6`&m>*3y%!@;J7>)yEYd7IT=M#et;E$=1` z?yB0w1c`ZGG>Pf$zE3SMExNbhRo3>?6_-FIR)da!hNf6b>g@hoALX|;p#k}hj zsJlh>lG>gItLLgQ#3d$LzVKctZF3x6`SCvg@sBc{jcUim^v~N%104=GEp)4%rp-O% z3Ob=Oq3ww0P^aKEe~Kq&(N1#h8yS}J+;_q_HQ)ZB^_tZWqZ$XBb50+}Ix3ADF=EPR zHr9WB&VyS}+0UjB&(3N$Q8RLFLHaVa@H<;rmtK>6K5Eh@Ap6-XU;uLvjtx8giyf;%WV|V4p z3=s!GOO^eM^gyk<^YZnZmfvZ2PWC4ApDlb_SjK^*s)5XVXdyn+3}WE z(iIL}?Slv!u?dH6*imk9_XgT%ybJO)^B;a3{rm>&La&TVK+DSpWwDdYzU|D&a4Ny{ zy5miS1hFIk&2M*pmkSIO8R#v%3|fAa;+Z{Ippy}ZPh%U`Qlq^;J(WwvY@E7Nu@#U$ zQf?JfwD7AZqmWlZ?kL*(bSp(`e`z3}tp>X@Swt_6U8mQflC4#%P}j^VQdW>8+n}Lchp?sL2MlR508JOpRC}c z@J065#>wDF24P@VWQ#Mw>x2Ki54K z#z)_hdc1t&dqhX{>b+`}&aK+C_k41;OAsFCS~q>vboYm`W5_AS0hC-)k{knEQr67R z{=O_Xj~BY$eFza^WL*+!%xo(9al#*-E;20(R$dKc-^8SzQQko%gAt~(vC|rUn`EQZvXD#_9ETz zLZ$O>!)x=0JIh+b;>yu_lcA(+x;my|{p-z#uWmPvOuxGM$T3p4!g|q3pP1UlwsO+z z)5rcc*gV*S>$Jnu{uQiS36YVh- zG3~JM*4a8Cj_rXwlp#!;p8}@iKfcYtiT4x39;AE!sM|Jc`&ULpJG=@PoiysZO+;Fe zv)WO7{fY3$lMal}F_DC+n$};w3o&`@ENMP*wZ7ZH-5S%-Z~>n{Saz(%z=TnTaLUAj zj9Dhw^;fchebZ*3Z_uaVak#&WYpa_+^(}q==cuWS9p>6eS1*1}4WjWHW}x477lo6$ zxz#PEx5mBFK!XZNRg7W%T3CE^!Q*pZZP!@Gqua)QJt3bOroJ+J?KggD!#)iCBoV*y zeyFYLKwY}VQoQuZ=!g4PLz>&#^rX2-Sv3gAtz3y~NIKu%d5~({g~hmD_ChqQ9#DXK zwsHz*p`cn|j@o30Y$|~+ zDzAGaKRsWatr#+V77|W&ky)Pk9!lE;9oI&an?t88^YU`O5+_cz0exlN?sEr)k!1_0 zJnY`ujGr!k*c@ii`|xW*L2Z>!Im=#Q zs-gwDx1Wq;7A9;&Com{nxrXPt`|43L;kJ?cIF!A$XuKwqSj$5f=H<6Zb#r!N%C=_? zzMo%45=;g2&}-K+S*J*^_GAR{%Q;8zn13MUH6%^q5x;>ITlXnB_h5JPChuKwg< z*xJhCaGXEI$&Zs05iXTfpIBB+`RBhUI1*V~u2#GX_4iBWvx<(>I62%YeD=(gE6Dzt zkm)FTw(9j^swa;urjMchm3g0ec|uuNrVw&`w^1gox{FmW;_WQ}*FehzL%5Ouf-qmi zwL94|+Agw^8DvL=g=-mJ-tgj zLc@hV&u|f!qHo?(=J81h+oAE$o$qxP#qVoVevFTItLJ-vOzgbNJT?0UOifAH}tjQ$>^Zkpl^1>I*sRclu~zd%V`C)uJ8Iw zbh}p5=+?7ZQUe9o=-DVacZbk(g-!|Knk9k;8j$W~kJIhKGI? z^_O}R+k_5Zd|CSv%eNj6t1S2?@L&&$l|JZA(64b( zjhH9AY>^~jpB~GiF3o+&$Hkx6dV4jbXXeiDnv5gi!R7T{|L4th(sU8Ro52BP6T21n zy$|DA9;CMQFB$p9-+cHvXreAia2N+g&eK%Zzx?BU&UnY1$G0RwErG;UNhpt*dtMX@ zV$T9t#CEx+M^?Ytj45L-*UGl2?I#bdwB;~7H8h`K__XPH_b>}Pcw zMKJZ->L<;WH!kPet_o()u2s!kCbJQ1>lAS@KE#VpD?w{vK7WBIG1Kbhs>wLSjM{y93*9M|b*!-@mvc3Z3Q{hvqwMo5h68iSuK_GVR& zj~|#`!l#o$;cjGIE59l2n&=kLcyTFN-}ibf53QelOr_UyG8x|Ub&)B?`>$nxHob5X z+P~W)i7%3wqr)T5=XXnJ`*-Dpn}YF}KNmw$(P|~9kpr$~?YULG>=j>XI27k~ zziD4exo~(}i>=!&1`TJQ5$)cS!SFY?Y_j8Ge{17OU_>eS*r1|DpR)_%1fb9cZ<$a% zTN@LsEo?I1-tJR=qfRYHYmM`?nY`kDM`)CIFHXbv*1D9-ECcUUB>^7I^=Pv%3i2@G z1kj)t@dO&ZDUqU&T*55j3=>JyUhwy89tv9@P1g3$h!ig;h8i}am$*ashfiV$qZyrH zG_^GRWrICRKB52nqoiiyRpg0(m@DlFjtY;o`^EQOf1ivFL=+F3>>PX`AfQrr&{OtyoG#~qw_H8&yz8w;C*QI@f82?QG!({7#X!Mbj1EX z*$12cVCdF5+r<70CwWV3JPO`so2J>{q{>n*ht_6BamF<3_kvIBu<0xD59P(wPGXJ= zHIBbCrUhpIINDies`FxuIhOn^nx(dr6XqHB!n1+w`k^}=0ZQ~2$BFE&LcHnr&U&~x zcdpKJ;dPJF9VSKVL0?yQCIZy%MQO?j1-VH}#)i|Gv1)xY$A^+Mf7e7#4>KOf zPb)y2YWn}*2MOXsH-?P7;}(+LmD&@yxBx4~QwciAj#oQbOgD!(Y|Yxdl*X?2ft^Gy$L00sz)O8&4ZX)%fY{2+zuvHDkBtJ* zul3={X#Dh?X<)9*)XyNALC>F2GSoP_*M-M#a_D{NKcEux8ha$_wA5dEn6sFZ9PW>W zKWOE;G=!ZZ>gk5iSYasqyk@O<2_EAqES$*_HL_nHX%f7=Ml3geMX4g7_o&tBpbob!CPBl?IRJIVMv7!yhU{3EsY(v- zslB8@xz8uNuWh*fE(W?(WLV2ear2=gOLnc%=b6^9s}9r6I0uV4Dch4p2A^iTZcjRf ze11vJm>SJ|74D=Ke4qsmlV1enzQ*N7+`Ug(cS=k?J9?7~JWUn7Ov(3!<=y0((q5-ogh=+5 ztfJ!f9S&u5nF#8_K9&bXNkY%&QJ1F+jp!Pp85A@E@hCI^ZV#kM202pgJqpdK@%tIC z*3Ftz7Fc#BFh{|%W^yyG+VkkSE1+Zq)|ELfs^w}GzV29-2hKY?YF9tdmp9WEk?=VP z|I_}Pmq2agLAp8L=My_c(D17U`0wUYesO!tOR^S4_47HS-P)s!zkQiRJBURqo1xgg{nM_R4901+BFT2b5E$c zuT0k0?@USPQTzZ>>-g)tgmQ(&mq-aQ+2w)!oSfSG~dF3tTp@^oAbC+Lbt#!nhU4+_Z;DndM7@6X8@(w?mX}BjxNx7k2`HQUagss z|FG*dV`7z9{xB8?U#=Gse`pUgb-}1BF}bh!S5i*>VLk2+{M*bVS4mi@LqS>U9n!v9 zpqddlm0fmmu%CdsZEwO|dBSa(1f3!D!S~G}uS>E3YjFHMVSu0qircnH zW6qPFeprbH$5!s{`<5bYmV}!T-p7(OX^ynSjEdjeGLN?wk{cDe5%H7z(Dw=YAwg_A zkj!iEn{`c&c2{@shzwmiFXo$J;!^|N=qb7vO0qF^HIev`yrP^l;O1?dj zNAFwJ+gJRP-(~vgsV#W;i-^7DG7_y7eY&$W;1fDqNBtcHwYQfCDXtrQdOk3OhzSbS zTk~CgYpbJ`m1AAHZGFmOPd@(qbBIhnIsdl(c&9Ky8$H^78eh-52~!Qz$cBfp5JV!& zE0Z2uVb865GeZpBk3nixB=9_*e#zx1aHqq#{2uUD$LdRzd@8r?CdxNK`^tH4^wA+} zZm`Dn+3Id17LB&8z`_1ZM1?yPbB;ank%`b)RLtMnQQWk%JfsOHRui^ttWISc<+Ib{ zgB{(ZBcarzlSjRu4=LKQilmd)C_dN0wp$we_>8fN^5#R7QU>g~_%}y#pr|+{y8o_y zU{L4rV_ffGX$SN=~)Yvh^P2Eo<^ebEgHo zR4aRU818PT+9C8a^du)t6fHRU?@Vr*Hvd9XH{i~=9N!>xNxd9l_r{dpImr!-Gq>OZ zEcK*~<7cRSGM2~kV;R&YGh21uUC{}{Q12y|8-vAgT5`Ju7_$;b_kU<$?%~wT)96Wf z+D7sr3RHw8b<~aPiC6SWjD5Xq+BEVElD$t|MK(`1+Guu2(#E+4N2%#Nv@=c1Bcg;b zZ8|}f?R#P=9rOHQqfn40^Fs!dG5>{W(X!j8i55*L^ufE2x|2O$GUVX|%_Q=eZ8MY5 zsUDkP1`*!KcDW9BhN$3xLB?1_%=^@1yplW48q=u>6<1HR?D^eDDGe{7+MW9Gt;8@Qsq<<~&o!ReCg2UPVQO{sLClcnNEH=>o7EqvUA zeJiU^#AIr;ZQL{VxkaqVgn#icgw-~4JK(&~c&F0Hpu=3_xY#?sIUOo~wD-F*meSB` ze6))p?X0$c#OUz`Mlz_`5@#(hiL=jQ*sk(F{(drE7jD@bz>~I^(b~26%P>KE*3G;-&a;p@Zsv-B=+T7D7P+^fU1(Ir^m%&t)^rzDa#C`NL9!fd`O=#Yun8;l{5 zR9#rO#tjRciR0_DYt)yAO2@E7He@eVmZ+k%&5_gN0iviODV@+hv=1W+XsvkU+zo6u zx3XVUjzckazoei%iMdYOgne-^EwQ@Ul3+Ek$2fvoWZO|MOFpjr78l+nV;^JstWgY$ zfGWL|*PDq6*E=;-P9xCbNx47!^;|;5kDcc#;)W0Cv58`@tu)5`wf&!w zbzW|$-h0Va7YUossGjy!&n4=^VN;XlzJ+t+qYVLkA+GzB*U{>2GHveMz*nNX)Ta5E(u{SO zeNVY58>rd$dKjotT=mCgim!NEes?wO9(QUa_l>5BJkCs!q?k70bNr=JJ0IA+D}l1V zFw)7%E$F>kF;pJ&LzJ-nL&?IEZyTmB>^w{h2?NQV9{}OndDQT|du)hx^{43~m9#ooS9CdYF|yLV5$e*$uN`3H)IUxQZl?=>T7 z-|p+lD8`xMQf63_pQG^QI2V7FIZBfDu{26NkZaQT5}{pDVtb>s!5C^^i4M=4+rXbo z(__0w#*4Uhlq=i7xHca2Njo>it+bix`vk3+a;`D=KGJe8>3~r&@rdkF20k<4`)>hJ zSET!0Mqj9skX)w@F4=sM>bV||CwWydw`l}_nVnqKSQqEb@6|Wik^@(&xv5W0NM4c^ zfK{~=aj7Al^aOkIv{{l}@Mu%moUBKQ+gQTgY`%5$1g$0D{+@AA*M7-m=})_heKMaU zb$q!7pN^A0aQIEZo?&brnn1lZJ%f647@%U3aiJ@KVrGFf4}bzg#-FEfU|S;Zgm zjTNOr&@kl2g^BV+xQE|-c>42h?OCoyt{SUZD~c5WT%KXA8}u!?N{@2`o)J+;6SV#K z?!|^~iwv5e=+~0v%SPSE1EJCy8YAbx?W5qaJ!=yhvL#TkJrma9&D8`QW>tpI-Gcf_ zRzIu1|9LQl+c&mxW$$kFZhcjifM%VC>kE;jC8WBWuHd6L5fKr|E^T`8Y}cCy zzpu4Yi*aK;_~cUkC~26^5V0mk1bz<|zEPNzqDVSj*Y`>ET3x)_AmkI|z1B^FiIW+Q zs9rm*@6ji(c+E!1@I8pFu%Btw3SaAHWxA}?O~aN(pPVX8(v8{MAjoof)h!J@d*yG`u7_JWsR2g#+igB!%cNnB_pkl<*)ep&j+@MNcWK2E5GLZDv+}jb<#%R zJzT&eL>48AFnaLr1mL1-u(q1NH5(T31`jG5bs5zqP@!g^j^^89O~n?|CMn&I&a<^NR^rWCT-#XsPZr?+ z^@;!2AEeb0yE9O1B(@N{NbGHJsmNJJEm|4%%)XHF>Kyp}|D=Q+EM6*n)UHf3HwXO*Vu2b#|U7EB!jiC1oh za*F6kEjUJg_*dKy*}!Gr-;}ul{=P#94H+3zh4n!6`HNS^qMhjl`U`Z_`RyjCaPC=9 zAYqAy7Z9Ad7@ldMm?WUO`+KtZ3_vI&zVNz_Q|-ep%8fZYhZE=ug)SWfgWHmmXK z3VKFHd4#{xoryd`V$6KX zeyTcv`px&&#xX1gGv$aybX!KKv%NtId6#2~Pc6(`s9O<@7(^gHv%J0I91k71S3R23 z79g*aB5~*yD{*^jK?kWktwL7Mquqgxh0a$QadWUA=fG{Tmm?+v8M?kD?DC(g!-;8o zF~Kk3nIN~D8&E@o(EYJz-5>R_X3~KlMROVmz3qQ-kt|c(7lYTTm%i~`pB%T-%cvPB zwG5Jhc$=+P?S7?#O&7m5{;31}ZiHVuv|V$??hP_7-v^c>z+m;UJ4I}gr)#3ty`v{X zX6Icw$UwXR4dmVo*6$TWh#tzSh$;%I|G7Y8e=g7sc+2?BxsFc(ozV<0JDj*Vr9mml zq35Xx*{)@giZKF}V|x)^a1Ka1hS_yGP;9=d=OqrZt7Qh;54J(}<&*v>7x#VKjrfPq zuFRMEbKNxV7&o993_4G^$_PDQu~crKIT$R|%X(03h{z|bG7$m4WHIO?Ut=D-w^L7qh8nqr|NaGDv(c$dh2SJV?8HUeNQfd?$!SOS__pclUSw+4Jimi<-d{b8xx3 zHg5;soahZGC2Yr?3tar+b#f>Nno2LpQ3{6P3C$qmte8K{_}8TktQyKn4%i0 zTjmvCzIJxzEG-;0+R5vZfnPu2yeG3`m4_7>s_?^$c5u<*+Rz4Yu=LWzgHVQLp^*F*HI& z(R$uM1-J)lem1l1!+9ki`JT7f#ZU;<-oT$)SBm2;C})v>4(rZ~5hn+s8*ipHWH9}e z(P4=<2B+?FyBh!iDQb}Wzu3GF=CX$f(t#d|a5A(2e$C~Z_@j*+^e)$1%V3dC`Ct5# zi^G<|pyCNM%a?L}^^PQ?##cv#DEKK{IKl}ZcF{jcHu0yho(l;~>VJ)iKab{q_W|!V z#;h&;1>b_oEMX|0B(84=(yYXZ;CM2kzYf{#Rp7$$8hHpby!C6bS=Z}Z76286Rsi8T zQiA!j$5vGDyW&bE@Kk)k{&3sMJHs81ER;{=p_I&@ZGR6IAs67i*vs&W|H*6Nt$v_xy$24n zUyx`;92CKeUWV;@f`y8%cM&V*r<8b$4T?(Y1aoRs&5 z`ynsY50NzX%Iy1Z^5BCmEn}R=eFyc&Fa=!KNuiY(Wzk%vB!M)r0J7oQWq_QU2L@*b z?iKcT6JAG8oFE5LVb#Z|nJG)S11Fu8xENaZ63F(fJUpr(ENXWp^322wBaL`Vz-cM= z8{LBaY%6Tg3K^dS@b|Eq98gl zDICe^H8L08eSzyX3waptug3>l|LHQaAc$u{8lxBTRE@uSu{T?V9!=D^W&sf@1LbdK zZexGkc@igEt5h_Uuhh26VNPDefnC3<CpGp*zNbB(4BL+8pFasQY-s$t~g` z zo)>tnlX4l3g@!G*1K#)|c6OlL(dFf5bhDS z>y&Z{oNqx+?$dV@M*1|MmZfQD5H^-=VhNYC6Q{wDCaCV56~|1a(q`qOm$r* z>pbJtQ|F|lj1F`|g1+Kp=b31{IJE~0p#6c7XI4(u=S&y&3&0UlpvIqITKJiCG=V3? z2sf>Q`~^lm5;iN&m*BaZD_)|M$fC~ZX?t70k@*WvWA%0E$W}j6`w~%{IZLDZ?bvvA zYL(CuwTg?7-?$ zCws)-)IBG>J8Z@a$-G6_-{o3SJ2!maF#!5D?lYA-uW;YF@g2@!hKi}Zz5OPrkjsSh zv7I277w*V5FZX7>tbv#augCt=J#+n{()oS(Fdc||eIA!26470khKji$jPgN2K$%R* z)mZm=Px?Jxn?d$Mv=p}`77_UZ-HJS6=ukrVs4F~v#|H~3JG%7jX4jRhOwEJ&HZXix z`oI&@INd4sUKCTdcu86bRjM5h_x3MAt)))4XmLIQ*>j^AmhXZqg&N4G|I&@$9ONfW z!D!h}GSX~Bk5=BhS(6?au&^l5>K>}JtC`u-HW1Psq2mNZiUWc&2a))Cr>`7Tc1)xN zm4xt$K+d^A_cs8#$DBwC8rvBP_0NgB>?txB+}M6;#4iw=+3!B|wPC4OhF@^RS>`(u zlp!WewONyh4jp0z*bJ(cKjIgqB#Y_Qi*=o5XO`kp4?HdNW-Hz zm?<3>of{8t3{tQ_8H|#ImvtCn%~r5}5DM-eiu_86>er}*Uc_=$W(zFaxrqEp+ zNh%5Qr7?Qsd?w|?zC91y*A+Zz))aUER_tRnuoSHZ^5V9C^+=vI$qOXh9_eVc%L21L zsK^T%Z#aj#5~D8`jmP)p;8O71j=4Q}DQ*hkL^c#+T6#QVBd!j>@jcjDSf-J0wY#VG z2LNZm2hAq2nkVK)e>|1rfJc6n4$uXC4BQ`HbY3@092LR9crJCgnpJUVq%(zzzla`U zzN7kFAfZh~6zl*OSaqVIM@@va&C*J4&>yoY1^#lsl2Bn^4CDD6Hj@XM&!3*t$Ot?A zak?T`CML?E`8N->n3r&-D~~-9t?w{>gD0x=#~Pu54RhN$tjk{@fqJ8wnq3%fuL}_b z8H7h)WNk{IwQu-hQLht*PW(Yn0)R{!UhzNyLVyAZ02tJCtHl8Fp?okgkRXD<&DOtJ z{a{mMnPXK2lz*Q*1qJKeqgF8ck#498N&-*l)dbCdS&1b008^dh{(l1wp~y|MpDDBc z`($4PC?!#tA#VyehzAzIY^$#o_V>vM*73b*hWD3RGb10lC9ESaN<08l7e*BX}Y1ax5;18R%C?Phym9rczE4Amp*IkdUL*fU6>TFMcsl#8=pLQx@vS zjuC`<8KAQaI)OLTl2D(UDxwb+)M9p&t_1O+WXiZ!Ai8(P|u?x2vLDQu_Pvvf!uxt5rh>XJX!`5DsaU+aUSnOxy_Ig_jEJOAbHep7|OuRP-1HA z=a3F(dr(Aj{A=^7UCniH84^H-SAf=M0WcCtIDVW7zk|6bnMw~Vb0#)(P83wpHa^ul z@Zy$K7a^Ey{_A@h2E&!d8^|SkoM0t_$c3cLNkfQ>p?`ZTJw3!(3Dk5fp zEU{ch6Im`gW#;xDFSoWpQhO(sKAS(P?)D4IO;AY_MPX2&m`cb|)|lOV7UB9cBozLXq8}dbUvHw`b2L5q^uPo&mUopg-4#+aR?c4S=jTdatsG!v5m;3dBn@_ z(OGds$VCc!BMJiO!K&qJCNB3e&Va98-El6Wr>Fm=n1zPM_TyHIpAy!zb-69f_?l2HZwaYT0=v_TR3J^%F~5-6Pp`aqRI#R4jB&H z5Vi6plFjH$7fp$!T`Lg#Dn zJARpP!X8CJRaweODXE*Kk@S&5nCqo}vP7R8P?-+z3x3}7QP2H3K+WEDhP_`VPtQ!W z9)y-NbCTA~y@n|ex1WFm=%f9o{LH%D};%Mi^b3%nbpNiuFS_w-LRWA9DgTMW;DZb$x zzA!CIA^h(1hdU+4f4duPWN&*^Xw*sg-*&cwlbPv|X^MBW)_?)m0veu=xI9bSXfOy1 zf7)zQ92)zJ@hk}EY<{7O_%d8-mIdMZwTZ8F*`|v8cNzcmS9$_m3}otTwmoh+KJ(`X z_dQ#kIuAk884kx^|DI5R*&0FfTl;oaEVRSc9x*{`NRM6?Y5hAF7c7Ld@1e{Bg1_w> z!Dfs>)H8pVg!#4s0zca_)BedNDL88XxqhZ^#6h>x7v-e>pQ>;(e_6BBVh=a z%kyyC0Vcv^A!O*d|GVx;iTluFF)IPnOC=o|Yd>Av9|&yXH4}Eb+z1l$S?+slytZQk z63Gx|8KC(j&7|9Q$z%3y*A8=12(D$c2stfP zWjQWes4d&u$g}*u+mg81`3lrI@c^O*4d!f4WcXl+l*jsWY>ELyPO`bu8sy{It@e6{ zK&9`?5K;U(G6$KacmxCf6PFLEhW4+5?Sm*;FeAkT$0-gd>0-}~Y-6#bm78x-x5eB= zcb}Kt$kb$$@Ncq|A56D1NvYK>L>(f@f z*WAVqd06e%?G~hbFO&sL6-}l(p|;TSW0za?Nk3m3%ME*)D!|=N#bX+9`hjV1TPa19 z1LiN&^y|G0u1*^lazh*KO}}?hgc51VwA8T#B$J3zT`6I5?B_^$rByWXZi`^u)uq{m zmsOR*rFFr#)CzLa3qZfFAQ3er;jR$=uO4lnJiEYg-^c=Fr;H-H-J98=@5m$f_g%oI zt0#YFwXLCw+3HS0BrD`AeiT`}Ak~VZ7yv=&+Qo9vdpfV@!T6_+2>|dc>!G5;vPa!T zz!{4`tVxI1TkeVX!5o<;=oPC-Nw@{Xn{5K zavq3TtPpR@gGa5wNfx5+b=rJSbUGQ5QzkSQ!i-4mJD^|ZSofsA0ROz25(Yz*oaNKTc6O4#b=Mjhak7qjREIPRf;7w$1Nzr5=vpmp4F>=5A7l6fbUHK4zx>A%;Xhr4 z9o7HR;0Vt$Hb?!d`CWi^GCn%#-2VGyAB4c5P(ZDb-je?+eAXySm~}uF4vF9WWB;;wiu?D=;C}$F!dj zi6-;khoKw)I3iH`Q%%ij{t`u6^s8X+UByfO+giYJraSu6_n`F+L)RHGUXT6P`e42r z>+f1+|1ZsV)BWjS1t}LH$@~_Yrvl6ma{_aFxe{8s4Yz;=PzujI`kE~Vl+0Lvciu8m(^DtHCLyLc=CT(Rgt^INA8;>p6UnJ~uc03inj2r14XacGzp z{)$ALF7^OJ%7pNNo78_)>D|%yk0JmIsv}b~Na&Y@MNLY`d5s-HUf8_vA*1$6(hpFg-&`7 z-1B1CEM(_yg(b6wPW|}J4je@lPQ4ROB#)W&pX|wPeLPA&*>T80kDNfO$}?{CTLNuc z3uvAuoLDs=MXHltM}>zl*-N^)+Lsei4P(>tii#TGFls^HQ~^Gvg2cDMv=~|hm~r3Y zYjjI>9fSHC|4LzSesi}x=HebWdI7U>`gjVj?N|o{yk~B_#KfPo4|qtN`xr3%VFyhu z&k2vM`>WwXsa{C5bms_Kpa#^30Wd{kD|tB~5)ZSrYS+ZP^bMe#rWM?O&DUe)wso!> zMlIffyLau%5b$g@5EoP-;r9S^M{5xBm%weX2HwvKPtWr{J2mW>R+FG1t2>O0__ZBw zf-#XIs)`X9%Ckw?J1Tieo(GBdK$qeqeWr#&#{ZemqLCDhA2jKxC(1oiTAJqf$7`VH76Rls=!hfvcAX6VaTD5#&5~ z#~~^lZ^~zHfRTGvOpavfYa1@<4;AV?I^Pw?mT(9${2B*eF+*IW6o0TC&$At?GHKbH z4?0$%!6x|)cT_WuRnt)jR9p?vT`PMV<&aFB>2_-egI~l&JI^mN8g6X@zN2?VZde@B z6DVT9%_LR)^j5@OOIh$RX1CO=ZM*z>lWE}wfC9I}Z_Ty#Gl9nP1K8R8VGY3xAV42( z=H?_v!(ClssYj%F@TC>Gi)Fkwn;nY{I(NW-L0qNhT%NUdlcF760TonZO2z@0a&LCe zw3Ny$Iv&38xw^Dah=S7?ldGQ7jwDF?Z9sCFd+R(wsQA)tOCd$HHrX2HM$^B20_(@& z^w?G8lE+j7I*VaVmFDH7SZ39`M(%7c6)+7W#e<v=IB?C5RBx!ld$tX+}my+}I4AqcY(!B|tRvFmAC4TM4(_wAb}9Rn128(luO@ia(P z3BsaTl0laTvGLHo_J3mifN!B79rTJ$5(YJ%?vC>s3He|Hwj~U;@tQVc`5;Wt)6saSA&dhRyKVnUbK6@hg!7&=!>L^&4l2BoMb~Rh6OKwS z1_#}W)O8B{j_m!a)nsW|FnejEGX_ya5&vxUZ9eT-4VI;R-$e<>`*w6K@E2JwZ@j=( z+JrfKy-`v{Nn_ooFlyw+XEo;H$mru_SdcRDtXo8jR`I@Bz*vS1eg}sjQ#L*W)1}t1 z`xr^`VO`H7f_2^1Ls<;aYqU)aHo;#TaKAjh)z*fY?6E25{K)VQ0b&$Ry!mMI`NEUq z_n>y@)Vftn7%dUJ_(mUT3LAP2|shA~$n37lRY(jmrU-hqZyZHW;h0y!l$A#oi z46h)WGdV4d^$3HMO)K{2=O6{>sXLTUK{+}fU-x|3cwu<^y6<-)kc2D`cz5WDumiI! zh~7UeXTCvjj_samzwS?UQl+dwWxW!5TTE(?b%`ejzvdqsn1&JJi~i9gjGai5BgK6H z-<-p2onnzO1`E*bkZ2U+kL@3+1`nu*@@?THqVcb*3tm8lA)qH(4!Zd(GzyV&P}e0p z5^}*M8G{bLp~dKka}z@&++>iJ{W6Y}Afhd)60k*fJsv&qyjqy?uFW?|%+y0<1#0N}u5qNxNs)A!?a)q^VG`{yqm zyIuH?(L&d1Ol;xCa`&&=E*n*oh=cqAB3KvhK78``OJ_U)PHdwG{}JNFF-q^j0zQnq zsrU;U*Cjwb!J9WO2ae3^B%ver7#kQcR=;1JVg6 zil1YWLEmTH?+^Y%p`~mZQu6)d*$MSvge{Z*H+J2dqfC>q4CQ&r^Et5GIH(h{h&qkX z?8~RJn*X|kzu{nAMa(}3O7!gZ7GBg9HD&JtisxStv`Dd8!dQl9`rsN5&O3m_6@dIS=V-ZCqsHRzL zI4+OH1as28p*?y!`ZxCNe@;+)NtwW!ufv-C{K?P>f)8%Bf&(M>{$ZE!4gvIm)YL*SfxF@zLjk!YCmzwWO1hW|dJQqsGvBDJj0Br$J8<*sS<$3VYt z>nxhV+{gBx_5M8_O^M=)Y|?mD>4L3n{;%m4CVEI;rbR;;U8WIb2MpGGKm`svn<(lz9HAna&&)F5qF30fz$O#j zn|Fp7&sP`)<45yD?*^<5o$1!$qvT{zrjXuFtvdZErS5Qv4bjydLu%s~d{}vyk&2Va z>5G~uQq_i&Z7WPp}t)KRT@}nQ!04AMn-mWA4^tH}2zM-c`SSHWl(}(tC zkxzzL&AK$GN5U^E7M`H&K$gmRYclJ1TxmCHd%gpvRe3K+a&IGv%cg2Gs3jUOmq$8? z6E(D4TwiqQkxB~qH2HAHmicN9;CqP-L738=140r9p^qJ~YKH6Oi#99P_?wzy8m62@xQkEkty-vLwEWF)5mR(XhK(am6cY_tXT)% zs3~4<)(&-F>St-3=!D>mFzN)I6^zknTi*`f}h;%@*Y|}qi75q#Xme?XJx7reH zVUm*c$$%-6-!@GY?__QTYwimm(AseFkJ+T6&KO2&O*tIeL`1>2FnHd#27AJ6Ap3Vc zQq#gH9iu<00QwnDGs+Y*8jIS+r@iN_t}*hD^bmt-D$kStBA3dnEaiPK@~f%azKQB6 zTFJRz&S%ErfBK6c22U<|PrF7q&(M&L3G%D;m*SnQ(%;h@w(}#n|7gk0B)*ASC`+ph zDzm%+9i6}LDTBdNOfGSuolvYx>Tj>2^`-ZgO1fGiIqK@+`Pk=JvO|nPZEv8puDwBY z>LtO6C!wq@&32qu<{{H^$L)asQQddHQ~AgLm&|0oDcdm$;n<<z ztYh!&y;s>QTU!d*LK(^4gwONteO=$b;QPbp^MjwxIoEYN_v?PWo{xDLURdqz`QJXt zp2?&xJ{*U)b^d)@Ix&7J#r1sFx2rJh{1~rZ?@2SsV=W94gNDuZ_TzeHtdh>%myNm6 z!xbjH(9K19>kCiDJfxaM#j8YpLB9kz`%)PWksp8_6TqOI@6niS{)@_Eej{ zZcQnmwP{G(ZPBNw_4Y7(7V}TQ{|lc7uwsHN6#JxM^n_kJ4Ie;MDL@1xRP~c)ez)*8 zn*ny);j$D^wz!&b9ab^-mlDt>_YrsatJ|K)UVidtOY>N36E6ELh>mDL#5Rv;qYerv zVbJw~Gw-m+6(~Swz;mT$oVCOq4c4oT3oMm;C-7+gguhteACfG_j>Mz@+_G_Lq(vj8 zEvJAfR1pp!Nunjh9Perj_sc-PGv>hqqef>2#i3|wgf z*b)*XU95KC-3p~+;89oZbMh_lc*jfkglDJB`KlfFQIvK@ z%q+__?P5sCBq7J;=0d*!f;531Xl$vV;nh=XgYGry^6Nf-JS4sLtHNJ5BBUt|j5~s4 z$|U4xai5T~h|0FZ5~SGWgQ%{fmi5&cWejNNvAp`|rSba8wgvDLm03G=R+n*q1xN_| zi|GKz1bpTW(7dbq_fo+G2F*x`h}ul`(kv!`CZxXv<$pn5*gRJnzPBq#&r13YkZM>; zU)=cjNym$`EFY2|?QmwyuK-ueaeA`%IvoxAQ&Fp(qkjqu=_gPMUy=++dtUUg`u;I*$=w}!?d!YT5m+bu5?qx_K>ubudLPXe z=o5_$7Mh-^g7b9BMp^0YwJ=Uy{|NM&3Y@z;gXn^eb`}9GgFqj!+Y<=ruR8x85qb)` zPCjt=0WaA;A{-tVJdFbm$9K^&Ioo(EjZo=l3k8T-r-2`VOp>}vUbxc$sCfAZ&x!41 zLd3xG_gHP|6YVm4-~f#fw4E7`3`Lq!8_#@va6t2|HZ7wwoqnH%uv3=iQ)=I3o7vT= zRwEdfi!v_*;->AMhBF+k4`;f%pp&m&HN|}!tz*u|G`aVr4C=S82;%w2@`5v=9+SxW z(T`3nJ-B7>R0cWCTm zz@|tqjje&?>#al>>21Pco_UXGGYA-c+DUxgF4JR6{3Y->#bBuOf}IC3_ChqE8PSCh z6{!&vCwvOQ=KZg`yXynk$N}~rtf%|IG73v_h_)A{afE%tF!Q7k8tV;Rr9r5J& z+GW+~-mx{%KN$!L@`Pd=;9^WZW44Jqbgpm~+xy?k0nW2HM_?wB=P?KD%!7q=w-f~V z>%hr%JRDi9(<}uoZ`dCQf%}U`q1mjgURr6tO1Z~|mBWpAIC&fhn(@!LD=QxY+{jDs zez-%|@%Tcw_XCGNLhql^pDPRclp%d|QB~(3@;)KU-o<;|N;&&o#N-@`Y8whj_m;ty zYGgas2Uv(E2lJ~##J`@=^ZH&MKFWHXra+H&+mjl3^j!LuV3EHQ(Jq?sX4O2b{>$E7 zm^*_eReMx+50g*(XtHCdFW*Vl_7)ZAWm&C8!}@bEM_OH%mcc9a4xCmMW-L|HR7Q5F zrly3%{ zgkR!PJLS>`6*}vv*_(MFkHk{p>+OituLG^<>S3bvhP*t_5pE?uznem<;Qy}Df2*>7 zEqvheaF`d#a1ClCSRA~#ecwI4z6#eSau?pO?u*!UDNB<3@G;!21)llk*8KT7QiJzm zVSR$CkBlT*IS*bK3Ub`%T2_3e6tSb#-0eI*mv6l~(a1nFd>}<)ibd3oZv#>XTzwx~ zwi^n~52Ky>t_ui0}-pv>G!{?qOzlmV;%-cz6rV7hO3hZnQ z!xQsdy6QK`({ljQaLZLC*LCFh5O(}7hn(#CR`cql4$ZI`?=d81w2^$5e@1n&?52=g z=m2VrEVqM28oRhu2NbcbohcndJ8+nH>IvQvJJrjG{S*?onOvL&ED;|s<~czwBOQMu zsp)<5AJ2+i=wLo~txKU7beb@eze8BQKoGD79VP(-~6OPt;WJ zPr~?y%B-~$iy9`{m`$KQN;od(uxh&72XyX)*5wwRWWzWksU=Ex{LbEeLha(@U+wp4 zciVv=aX?pLw8%ufe@l1kk>J$4ND5{!qJGi_tGTLDbdV2u2=iyybgKW#K}xYyVf{_d z5oOt6;qERQ@Z4cPl4Y(0(#>6{Nio4VpN!d6+H$?}W{p4HY-+iCsg23-h z&@6uS`(La0KkVaH#NRUt%&xnvu{4RU2+z5`&{{obsF|bb= z3nc_bG&Rs~q$|8m~-etE+C*k176>Zd!=5li@NKu;qB$Yq<&QJgRTC!G9E$gtMU`~4t^|k47 zarNL5ephp;KV94x1q`G;cL!M+{ciCdQnek21{*l<{(Sldos*7f57_Pf5K(`0HjE^7 zwSzo$!yFu-h*IVr{1VTsY^I5~;>VPTfl|jC8Ug9~p7$g`7Y*&ihR6A$R{aO51fo5r zzMo_Bi0Ny^Q#Es8ZBGuNK8qjQ^psP_6H_H_58Z9pQz!z?*8%-r7w9@&$m7Ae75C(T zu;hq^W3N@dh;`Sr6$&6q6ho=80(vp*w{(C49s*2aQsS^n)wnj)DT5wFIB@g~GIT(W zCcBF05$vC6pSO+c{|(21qiaE~E50C_m3SR&p7)fH_U70Dkb!7n2us&g4vb3{Aq7hr z+PEQW&vxdh1gX&oi=C(wJQ~(3GceB&jRQ~3vh$qHC9l&>Fy!moxOn}u1xrvL`cHFC zGAg8vv+NzBQscM&wzLR7?AyB)107xCxVXMK;2GR9ZyUIrf*XM5v5$v@@JAj$K0(b^WDx*A6(#xvTZ!}PbI zsvzr@!Nb4-pAKb?&Z;19C-d5fB^wd@$LBAEd*X70W;3Ap(n({8<0wkxq{`6J70v!P z&5aT!#!zt7#imRLi{-?8OZlt*w}U(3fAx$04~|(l+CFKhNaOv;#QyHOY`yF6 zXiJjF@d7&ctP68U@Rt9Y@_{;eex^{1jD+PsDneOK5qu3~|Nngr&uIN23q>kpTm=}a z>Z-oPMJq@)YeAK~Nev>mJ%Iw_+Y%SWa^5NS(B1pk(}@@`{H*a{vyFxEP8E_@(nMLM z)A+GFDiW_<%>Pn6DF0|`KMUXx9hJ9261pWVa0!W4(z%K4Fst(ezxeXkH&C3BIX(4r zN#Pl=;Ud2g;3jSTiHXOkt_=T1T0+OE#vgUo4hrZiMgShdF8~nFcbJ9)_#JH$C%`ki zl_W7cJp@qzlAqdSg&Tg>M6(UM{s17n?fL`2 zQ`z?KuL+LZiESx_$iskC!!8WK7|qb(0NSp)7^PRth=7Z>isHy2!r7XCVJD{Ao zHA%3@c#VWD%Oo`U9Aj-qsU*p1IK{gx9p6P9h?rScNaDPFu+(3Stb?O0WX97 z0NXtQ(|aQf(vdIXokMeA@hgh@1I=C1$Kt8>Z3Z^UtMIm8(6O(LSpS~%%bvDi0Zr;w zbv54H68G*dg>JA%Ukf6}ARGV;U_#T;YO^jdrEamIp`mvab%4tr1kHO8$WmRny*glQ zuSHT^y727}=G+P&got|i;oe#$yr}^3Yah4fd&5AA7z&0U_gf3tOU!;uH2vbN9OBp9 zQfg9qPR?BN-maoG-{GAptf};2*jU{r5rH!oVlXDiPaTv1e*~AMj))pR!I=WlON}E> z)$#b_w_KSzfQR&9f$BpWeAPRI88LC+2T4X_FA(OyQUs)z8@^Hk9YIAJ$xvm!PZB7F z);klo-y`>ch*DS2kTUG)=_y7!*^gLdybKD1uvuilV=arQYwrPuxGIPmDe*&O-3oOWl!pL4ZQqngo|(9JU_>ruvq9PBv5}L2A8(1Y`oSQzeUmoK z3C_aAQ?Oi=3tN3CT9?ZN3JW2<4*_-5$j%~E%+bLeMyHiKG$cqsHqm(_pUykqfu$2n z^!4v#AbO@-`$*S2V!vns91Z-ZaOaIbrb%k^q8yCDcjKu#n!SkAf+lxxS`;B%jY%tZ z=$$n@4<&GfA09%kRf*F+3l) z*5)R(pK7!?9YMpH4j{Q92tt(GaNle?{Wi7JqOcdV!SVWCuZ3_Nd)Q~3jYaI;N3muR ze7Kj@nA<03d3rh{Bh(%lQ1V>M;}*v8$c7Q}Dg{0^#AIJst?&POG*MwYabr!KaV@Q| zVIhOH-}}?T#GaH(#)8Pyj|U}3M$K7@^K=Jk=t^pTvoJY(`*IIY&wmyc7A$;yGZpNi zWrLlP_%1Q+Ovm9NHYPT9Gxs=WChS{eW25AGmxm7@7GGUwlco+0Nlj%m7fvb47)@*_ zE-TBsYbU`}5RFps*{>d7>HO&&IyGe)laYa@ymE_p<;EoDF?$(~60NGMOB-~wZ@Ts< zFVnvN{d?^pR9?uAKgug5E{@}a)vK|o(NUF$&uDiZ_l?+$Gm{f7=_DNU81P*jn4T7B zF|Cxiaf8D+GAb(Qqg5`8hklt}sh>UH(9n>Don5%Y(*3)4v!)oAencj-k`60+W+o;U zJpVv7cKn3-sg&7{BO^UMn{-M_%7h69y)RCAK1k8WM`p-waR2dnZD3+TyS24t;q0u%#Kc6*G1)$|wG}t?MNCXgw>4_#)JTCV zJjSQar1T%lnSHi)?qQM7R(Yv3ipK$M1_2WsX;+v;r-JM1t~oh7D|lqfuH$viMrOop?yq{o*Jp5Kep4{aAv%Brru zx9=t6j6*&AzOcBcTvk~bUQlqw%}RDsQ}<6HWz@;+tcAZe-?f^~PKCp>PWWbGpPvlt z>+6>shKG|nucChaURi;CjfDL(E-H$2yNiUfkeOpr;&QfZMj!PB!bastQgKa9%}2}{ z%zR3Rjnn_?r|qwIiT8{b6H46q{d<;; ztu0$$FZnsH+i5;#W@ba?j%iqnJZ*=^W!GBWaI2NUj2h|5;qD*TJ9s1|Q>MyoOq?c5 zc0fm# zGZtGCpOC<_va*u*+(m(mj7+iUsfWj1Ch}lmQBlPee>uNRSJWpISBMwAGWQ#8h9yGD z;+&j-j3B0;o12@LHp#~150@4fv%L6~g-{|+Ed9!|$BNjL^mJWeVPTyc(VpE> z&CShA$8x?kN%8T~>1u5xK?+i2J<8T)jo$_bxh*X%OUUEz5e*pKuCbfum!4pcAs!`D zljrPAi?JqBA=#{VH^*^KQ@U;@DSqGM@QWZ%y+V5J-@#k&HFsUEr+1@=WH?xk>+9>o z-v4ATd?1_>a{1j468QZMLIQgHNLvi%J88@VEcV4USqa6*0U{zIB_!CUfu+^eNP}$D zmLC&d9q)}xHEX|rbL*8Ryph2~X{f7v+kX4nU+23(m(7a%Ha~CWY%D1$d0ttF4?fAo zM9$mJ#L3(|sev=DGg+qVnC)(ntHT>DDlJttG&0Jy7B-?UGr$o%->*6odqE~k&O%a& zBfWaQVu5ah32wSi{kCIsTiX>i|M1brdhNXgMzov0zwdOmH$*1Bj8l|jM^Wt)QMK>U z=EV-7fbai#n_)Jes=qyv$qFivHO`FbB)MrEGI@!-8@;UeK z-^Abla@yPbeBDE;bH$yD@5)%Hs$R)OGQ&hzP@H%qerHBX_QyUfE*32=FaI+-I=cNW z7>mVHV|IJB ++++ +aliases = [ +"/engine/extend/" +] +title = "Managed plugin system" +description = "How develop and use a plugin with the managed plugin system" +keywords = ["API, Usage, plugins, documentation, developer"] +advisory = "experimental" +[menu.main] +parent = "engine_extend" +weight=1 ++++ + + +# Docker Engine managed plugin system + +This document describes the plugin system available today in the **experimental +build** of Docker 1.12: + +* [How to operate an existing plugin](#how-to-operate-a-plugin) +* [How to develop a plugin](#how-to-develop-a-plugin) + +Unlike the legacy plugin system, you now manage plugins using Docker Engine: + +* install plugins +* start plugins +* stop plugins +* remove plugins + +The current Docker Engine plugin system only supports volume drivers. We are +adding more plugin driver types in the future releases. + +For information on Docker Engine plugins generally available in Docker Engine +1.12 and earlier, refer to [Understand legacy Docker Engine plugins](legacy_plugins.md). + +## How to operate a plugin + +Plugins are distributed as Docker images, so develpers can host them on Docker +Hub or on a private registry. + +You install the plugin using a single command: `docker plugin install `. +The `plugin install` command pulls the plugin from the Docker Hub or private +registry. If necessary the CLI prompts you to accept any privilige requriements. +For example the plugin may require access to a device on the host system. +Finally it enables the plugin. + +Run `docker plugin ls` to check the status of installed plugins. The Engine +markes plugins that are started without issues as `ENABLED`. + +After you install a plugin, the plugin behavior is the same as legacy plugins. +The following example demonstrates how to install the `sshfs` plugin and use it +to create a volume. + +1. Install the `sshfs` plugin. + + ```bash + $ docker plugin install vieux/sshfs + + Plugin "vieux/sshfs" is requesting the following privileges: + - network: [host] + - capabilities: [CAP_SYS_ADMIN] + Do you grant the above permissions? [y/N] y + + vieux/sshfs + ``` + + The plugin requests 2 privileges, the `CAP_SYS_ADMIN` capability to be able + to do mount inside the plugin and `host networking`. + +2. Check for a value of `true` the `ENABLED` column to verify the plugin +started without error. + + ```bash + $ docker plugin ls + + NAME TAG ENABLED + vieux/sshfs latest true + ``` + +3. Create a volume using the plugin. + + ```bash + $ docker volume create \ + -d vieux/sshfs \ + --name sshvolume \ + -o sshcmd=user@1.2.3.4:/remote + + sshvolume + ``` + +4. Use the volume `sshvolume`. + + ```bash + $ docker run -v sshvolume:/data busybox ls /data + + + ``` + +5. Verify the plugin successfully created the volume. + + ```bash + $ docker volume ls + + DRIVER NAME + vieux/sshfs sshvolume + ``` + + You can stop a plugin with the `docker plugin disable` + command or remove a plugin with `docker plugin remove`. + +See the [command line reference](../reference/commandline/index.md) for more +information. + +## How to develop a plugin + +Plugin creation is currently a manual process. We plan to add automation in a +future release with a command such as `docker plugin build`. + +This section describes the format of an existing enabled plugin. You have to +create and format the plugin files by hand. + +Plugins are stored in `/var/lib/docker/plugins`. For instance: + +```bash +# ls -la /var/lib/docker/plugins +total 20 +drwx------ 4 root root 4096 Aug 8 18:03 . +drwx--x--x 12 root root 4096 Aug 8 17:53 .. +drwxr-xr-x 3 root root 4096 Aug 8 17:56 cd851ce43a403 +-rw------- 1 root root 2107 Aug 8 18:03 plugins.json +``` + +`plugins.json` is an inventory of all installed plugins. For example: + +```bash +# cat plugins.json +{ + "cd851ce43a403": { + "plugin": { + "Manifest": { + "Args": { + "Value": null, + "Settable": null, + "Description": "", + "Name": "" + }, + "Env": null, + "Devices": null, + "Mounts": null, + "Capabilities": [ + "CAP_SYS_ADMIN" + ], + "ManifestVersion": "v0", + "Description": "sshFS plugin for Docker", + "Documentation": "https://docs.docker.com/engine/extend/plugins/", + "Interface": { + "Socket": "sshfs.sock", + "Types": [ + "docker.volumedriver/1.0" + ] + }, + "Entrypoint": [ + "/go/bin/docker-volume-sshfs" + ], + "Workdir": "", + "User": {}, + "Network": { + "Type": "host" + } + }, + "Config": { + "Devices": null, + "Args": null, + "Env": [], + "Mounts": [] + }, + "Active": true, + "Tag": "latest", + "Name": "vieux/sshfs", + "Id": "cd851ce43a403" + } + } +} +``` + +Each folder represents a plugin. For example: + +```bash +# ls -la /var/lib/docker/plugins/cd851ce43a403 +total 12 +drwx------ 19 root root 4096 Aug 8 17:56 rootfs +-rw-r--r-- 1 root root 50 Aug 8 17:56 plugin-config.json +-rw------- 1 root root 347 Aug 8 17:56 manifest.json +``` + +`rootfs` represents the root filesystem of the plugin. In this example, it was +created from a Dockerfile as follows: + +>**Note:** `/run/docker/plugins` is mandatory for docker to communicate with +the plugin._ + +```bash +$ git clone https://github.com/vieux/docker-volume-sshfs +$ cd docker-volume-sshfs +$ docker build -t rootfs . +$ id=$(docker create rootfs true) # id was cd851ce43a403 when the image was created +$ mkdir -p /var/lib/docker/plugins/$id/rootfs +$ docker export "$id" | tar -x -C /var/lib/docker/plugins/$id/rootfs +$ docker rm -vf "$id" +$ docker rmi rootfs +``` + +`manifest.json` describes the plugin and `plugin-config.json` contains some +runtime parameters. [See the Plugins Manifest reference](manifest.md). For example: + +```bash +# cat manifest.json +{ + "manifestVersion": "v0", + "description": "sshFS plugin for Docker", + "documentation": "https://docs.docker.com/engine/extend/plugins/", + "entrypoint": ["/go/bin/docker-volume-sshfs"], + "network": { + "type": "host" + }, + "interface" : { + "types": ["docker.volumedriver/1.0"], + "socket": "sshfs.sock" + }, + "capabilities": ["CAP_SYS_ADMIN"] +} +``` + +In this example, you can see the plugin is a volume driver, requires the +`CAP_SYS_ADMIN` capability, `host networking`, `/go/bin/docker-volume-sshfs` as +entrypoint and is going to use `/run/docker/plugins/sshfs.sock` to communicate +with the Docker Engine. + +```bash +# cat plugin-config.json +{ + "Devices": null, + "Args": null, + "Env": [], + "Mounts": [] +} +``` + +This plugin doesn't require runtime parameters. + +Both `manifest.json` and `plugin-config.json` are part of the `plugins.json`. +`manifest.json` is read-only and `plugin-config.json` is read-write. + +To summarize, follow the steps below to create a plugin: + +0. Choose a name for the plugin. Plugin name uses the same format as images, +for example: `/`. +1. Create a rootfs in `/var/lib/docker/plugins/$id/rootfs`. +2. Create manifest.json file in `/var/lib/docker/plugins/$id/`. +3. Create a `plugin-config.json` if needed. +4. Create or add a section to `/var/lib/docker/plugins/plugins.json`. Use + `/` as “Name” and `$id` as “Id”. +5. Restart the Docker Engine. +6. Run `docker plugin ls`. + * If your plugin is listed as `ENABLED=true`, you can push it to the + registry. + * If the plugin is not listed or if `ENABLED=false`, something went wrong. + Check the daemon logs for errors. +7. If you are not already logged in, use `docker login` to authenticate against + a registry. +8. Run `docker plugin push /` to push the plugin. diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md new file mode 100644 index 0000000000..aa4fa4a9b3 --- /dev/null +++ b/docs/extend/legacy_plugins.md @@ -0,0 +1,93 @@ + + +# Use Docker Engine plugins + +This document describes the Docker Engine plugins generally available in Docker +Engine. To view information on plugins managed by Docker Engine currently in +experimental status, refer to [Docker Engine plugin system](index.md). + +You can extend the capabilities of the Docker Engine by loading third-party +plugins. This page explains the types of plugins and provides links to several +volume and network plugins for Docker. + +## Types of plugins + +Plugins extend Docker's functionality. They come in specific types. For +example, a [volume plugin](plugins_volume.md) might enable Docker +volumes to persist across multiple Docker hosts and a +[network plugin](plugins_network.md) might provide network plumbing. + +Currently Docker supports authorization, volume and network driver plugins. In the future it +will support additional plugin types. + +## Installing a plugin + +Follow the instructions in the plugin's documentation. + +## Finding a plugin + +The sections below provide an inexhaustive overview of available plugins. + + + +### Network plugins + +Plugin | Description +----------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +[Contiv Networking](https://github.com/contiv/netplugin) | An open source network plugin to provide infrastructure and security policies for a multi-tenant micro services deployment, while providing an integration to physical network for non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards. +[Kuryr Network Plugin](https://github.com/openstack/kuryr) | A network plugin is developed as part of the OpenStack Kuryr project and implements the Docker networking (libnetwork) remote driver API by utilizing Neutron, the OpenStack networking service. It includes an IPAM driver as well. +[Weave Network Plugin](https://www.weave.works/docs/net/latest/introducing-weave/) | A network plugin that creates a virtual network that connects your Docker containers - across multiple hosts or clouds and enables automatic discovery of applications. Weave networks are resilient, partition tolerant, secure and work in partially connected networks, and other adverse environments - all configured with delightful simplicity. + +### Volume plugins + +Plugin | Description +----------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +[Azure File Storage plugin](https://github.com/Azure/azurefile-dockervolumedriver) | Lets you mount Microsoft [Azure File Storage](https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/) shares to Docker containers as volumes using the SMB 3.0 protocol. [Learn more](https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/). +[Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. +[Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption. It has support for Ceph and NFS. +[Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. +[DRBD plugin](https://www.drbd.org/en/supported-projects/docker) | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes. +[Flocker plugin](https://clusterhq.com/docker-plugin/) | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines. +[gce-docker plugin](https://github.com/mcuadros/gce-docker) | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks). +[GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs) | A volume plugin that provides multi-host volumes management for Docker using GlusterFS. +[Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3. +[HPE 3Par Volume Plugin](https://github.com/hpe-storage/python-hpedockerplugin/) | A volume plugin that supports HPE 3Par and StoreVirtual iSCSI storage arrays. +[IPFS Volume Plugin](http://github.com/vdemeester/docker-volume-ipfs) | An open source volume plugin that allows using an [ipfs](https://ipfs.io/) filesystem as a volume. +[Keywhiz plugin](https://github.com/calavera/docker-volume-keywhiz) | A plugin that provides credentials and secret management using Keywhiz as a central repository. +[Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. +[NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future. +[Netshare plugin](https://github.com/ContainX/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. +[OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. +[Portworx Volume Plugin](https://github.com/portworx/px-dev) | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler. +[Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. +[REX-Ray plugin](https://github.com/emccode/rexray) | A volume plugin which is written in Go and provides advanced storage functionality for many platforms including VirtualBox, EC2, Google Compute Engine, OpenStack, and EMC. +[Virtuozzo Storage and Ploop plugin](https://github.com/virtuozzo/docker-volume-ploop) | A volume plugin with support for Virtuozzo Storage distributed cloud file system as well as ploop devices. +[VMware vSphere Storage Plugin](https://github.com/vmware/docker-volume-vsphere) | Docker Volume Driver for vSphere enables customers to address persistent storage requirements for Docker containers in vSphere environments. + +### Authorization plugins + + Plugin | Description +------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ + [Twistlock AuthZ Broker](https://github.com/twistlock/authz) | A basic extendable authorization plugin that runs directly on the host or inside a container. This plugin allows you to define user policies that it evaluates during authorization. Basic authorization is provided if Docker daemon is started with the --tlsverify flag (username is extracted from the certificate common name). + +## Troubleshooting a plugin + +If you are having problems with Docker after loading a plugin, ask the authors +of the plugin for help. The Docker team may not be able to assist you. + +## Writing a plugin + +If you are interested in writing a plugin for Docker, or seeing how they work +under the hood, see the [docker plugins reference](plugin_api.md). diff --git a/docs/extend/manifest.md b/docs/extend/manifest.md new file mode 100644 index 0000000000..d47efce8e8 --- /dev/null +++ b/docs/extend/manifest.md @@ -0,0 +1,222 @@ + + +# Plugin Manifest Version 0 of Plugin V2 + +This document outlines the format of the V0 plugin manifest. The plugin +manifest described herein was introduced in the Docker daemon (experimental version) in the [v1.12.0 +release](https://github.com/docker/docker/commit/f37117045c5398fd3dca8016ea8ca0cb47e7312b). + +Plugin manifests describe the various constituents of a docker plugin. Plugin +manifests can be serialized to JSON format with the following media types: + +Manifest Type | Media Type +------------- | ------------- +manifest | "application/vnd.docker.plugin.v0+json" + + +## *Manifest* Field Descriptions + +Manifest provides the base accessible fields for working with V0 plugin format + in the registry. + +- **`manifestVersion`** *string* + + version of the plugin manifest (This version uses V0) + +- **`description`** *string* + + description of the plugin + +- **`documentation`** *string* + + link to the documentation about the plugin + +- **`interface`** *PluginInterface* + + interface implemented by the plugins, struct consisting of the following fields + + - **`types`** *string array* + + types indicate what interface(s) the plugin currently implements. + + currently supported: + + - **docker.volumedriver/1.0** + + - **`socket`** *string* + + socket is the name of the socket the engine should use to communicate with the plugins. + the socket will be created in `/run/docker/plugins`. + + +- **`entrypoint`** *string array* + + entrypoint of the plugin, see [`ENTRYPOINT`](../reference/builder.md#entrypoint) + +- **`workdir`** *string* + + workdir of the plugin, see [`WORKDIR`](../reference/builder.md#workdir) + +- **`network`** *PluginNetwork* + + network of the plugin, struct consisting of the following fields + + - **`type`** *string* + + network type. + + currently supported: + + - **bridge** + - **host** + - **none** + +- **`capabilities`** *array* + + capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security) + +- **`mounts`** *PluginMount array* + + mount of the plugin, struct consisting of the following fields, see [`MOUNTS`](https://github.com/opencontainers/runtime-spec/blob/master/config.md#mounts) + + - **`name`** *string* + + name of the mount. + + - **`description`** *string* + + description of the mount. + + - **`source`** *string* + + source of the mount. + + - **`destination`** *string* + + destination of the mount. + + - **`type`** *string* + + mount type. + + - **`options`** *string array* + + options of the mount. + +- **`devices`** *PluginDevice array* + + device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices) + + - **`name`** *string* + + name of the device. + + - **`description`** *string* + + description of the device. + + - **`path`** *string* + + path of the device. + +- **`env`** *PluginEnv array* + + env of the plugin, struct consisting of the following fields + + - **`name`** *string* + + name of the env. + + - **`description`** *string* + + description of the env. + + - **`value`** *string* + + value of the env. + +- **`args`** *PluginArgs* + + args of the plugin, struct consisting of the following fields + + - **`name`** *string* + + name of the env. + + - **`description`** *string* + + description of the env. + + - **`value`** *string array* + + values of the args. + + +## Example Manifest + +*Example showing the 'tiborvass/no-remove' plugin manifest.* + +``` +{ + "manifestVersion": "v0", + "description": "A test plugin for Docker", + "documentation": "https://docs.docker.com/engine/extend/plugins/", + "entrypoint": ["plugin-no-remove", "/data"], + "interface" : { + "types": ["docker.volumedriver/1.0"], + "socket": "plugins.sock" + }, + "network": { + "type": "host" + }, + + "mounts": [ + { + "source": "/data", + "destination": "/data", + "type": "bind", + "options": ["shared", "rbind"] + }, + { + "destination": "/foobar", + "type": "tmpfs" + } + ], + + "args": { + "name": "args", + "description": "command line arguments", + "value": [] + }, + + "env": [ + { + "name": "DEBUG", + "description": "If set, prints debug messages", + "value": "1" + } + ], + + "devices": [ + { + "name": "device", + "description": "a host device to mount", + "path": "/dev/cpu_dma_latency" + } + ] +} + +``` diff --git a/docs/extend/menu.md b/docs/extend/menu.md new file mode 100644 index 0000000000..4b9955038a --- /dev/null +++ b/docs/extend/menu.md @@ -0,0 +1,15 @@ + + + + diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md new file mode 100644 index 0000000000..5801ba9151 --- /dev/null +++ b/docs/extend/plugin_api.md @@ -0,0 +1,192 @@ + + +# Docker Plugin API + +Docker plugins are out-of-process extensions which add capabilities to the +Docker Engine. + +This document describes the Docker Engine plugin API. To view information on +plugins managed by Docker Engine currently in experimental status, refer to +[Docker Engine plugin system](index.md). + +This page is intended for people who want to develop their own Docker plugin. +If you just want to learn about or use Docker plugins, look +[here](legacy_plugins.md). + +## What plugins are + +A plugin is a process running on the same or a different host as the docker daemon, +which registers itself by placing a file on the same docker host in one of the plugin +directories described in [Plugin discovery](#plugin-discovery). + +Plugins have human-readable names, which are short, lowercase strings. For +example, `flocker` or `weave`. + +Plugins can run inside or outside containers. Currently running them outside +containers is recommended. + +## Plugin discovery + +Docker discovers plugins by looking for them in the plugin directory whenever a +user or container tries to use one by name. + +There are three types of files which can be put in the plugin directory. + +* `.sock` files are UNIX domain sockets. +* `.spec` files are text files containing a URL, such as `unix:///other.sock` or `tcp://localhost:8080`. +* `.json` files are text files containing a full json specification for the plugin. + +Plugins with UNIX domain socket files must run on the same docker host, whereas +plugins with spec or json files can run on a different host if a remote URL is specified. + +UNIX domain socket files must be located under `/run/docker/plugins`, whereas +spec files can be located either under `/etc/docker/plugins` or `/usr/lib/docker/plugins`. + +The name of the file (excluding the extension) determines the plugin name. + +For example, the `flocker` plugin might create a UNIX socket at +`/run/docker/plugins/flocker.sock`. + +You can define each plugin into a separated subdirectory if you want to isolate definitions from each other. +For example, you can create the `flocker` socket under `/run/docker/plugins/flocker/flocker.sock` and only +mount `/run/docker/plugins/flocker` inside the `flocker` container. + +Docker always searches for unix sockets in `/run/docker/plugins` first. It checks for spec or json files under +`/etc/docker/plugins` and `/usr/lib/docker/plugins` if the socket doesn't exist. The directory scan stops as +soon as it finds the first plugin definition with the given name. + +### JSON specification + +This is the JSON format for a plugin: + +```json +{ + "Name": "plugin-example", + "Addr": "https://example.com/docker/plugin", + "TLSConfig": { + "InsecureSkipVerify": false, + "CAFile": "/usr/shared/docker/certs/example-ca.pem", + "CertFile": "/usr/shared/docker/certs/example-cert.pem", + "KeyFile": "/usr/shared/docker/certs/example-key.pem", + } +} +``` + +The `TLSConfig` field is optional and TLS will only be verified if this configuration is present. + +## Plugin lifecycle + +Plugins should be started before Docker, and stopped after Docker. For +example, when packaging a plugin for a platform which supports `systemd`, you +might use [`systemd` dependencies]( +http://www.freedesktop.org/software/systemd/man/systemd.unit.html#Before=) to +manage startup and shutdown order. + +When upgrading a plugin, you should first stop the Docker daemon, upgrade the +plugin, then start Docker again. + +## Plugin activation + +When a plugin is first referred to -- either by a user referring to it by name +(e.g. `docker run --volume-driver=foo`) or a container already configured to +use a plugin being started -- Docker looks for the named plugin in the plugin +directory and activates it with a handshake. See Handshake API below. + +Plugins are *not* activated automatically at Docker daemon startup. Rather, +they are activated only lazily, or on-demand, when they are needed. + +## Systemd socket activation + +Plugins may also be socket activated by `systemd`. The official [Plugins helpers](https://github.com/docker/go-plugins-helpers) +natively supports socket activation. In order for a plugin to be socket activated it needs +a `service` file and a `socket` file. + +The `service` file (for example `/lib/systemd/system/your-plugin.service`): + +``` +[Unit] +Description=Your plugin +Before=docker.service +After=network.target your-plugin.socket +Requires=your-plugin.socket docker.service + +[Service] +ExecStart=/usr/lib/docker/your-plugin + +[Install] +WantedBy=multi-user.target +``` +The `socket` file (for example `/lib/systemd/system/your-plugin.socket`): +``` +[Unit] +Description=Your plugin + +[Socket] +ListenStream=/run/docker/plugins/your-plugin.sock + +[Install] +WantedBy=sockets.target +``` + +This will allow plugins to be actually started when the Docker daemon connects to +the sockets they're listening on (for instance the first time the daemon uses them +or if one of the plugin goes down accidentally). + +## API design + +The Plugin API is RPC-style JSON over HTTP, much like webhooks. + +Requests flow *from* the Docker daemon *to* the plugin. So the plugin needs to +implement an HTTP server and bind this to the UNIX socket mentioned in the +"plugin discovery" section. + +All requests are HTTP `POST` requests. + +The API is versioned via an Accept header, which currently is always set to +`application/vnd.docker.plugins.v1+json`. + +## Handshake API + +Plugins are activated via the following "handshake" API call. + +### /Plugin.Activate + +**Request:** empty body + +**Response:** +``` +{ + "Implements": ["VolumeDriver"] +} +``` + +Responds with a list of Docker subsystems which this plugin implements. +After activation, the plugin will then be sent events from this subsystem. + +Possible values are: + +* [`authz`](plugins_authorization.md) +* [`NetworkDriver`](plugins_network.md) +* [`VolumeDriver`](plugins_volume.md) + + +## Plugin retries + +Attempts to call a method on a plugin are retried with an exponential backoff +for up to 30 seconds. This may help when packaging plugins as containers, since +it gives plugin containers a chance to start up before failing any user +containers which depend on them. + +## Plugins helpers + +To ease plugins development, we're providing an `sdk` for each kind of plugins +currently supported by Docker at [docker/go-plugins-helpers](https://github.com/docker/go-plugins-helpers). diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md new file mode 100644 index 0000000000..2c3d79e25d --- /dev/null +++ b/docs/extend/plugins_authorization.md @@ -0,0 +1,256 @@ + + + +# Create an authorization plugin + +This document describes the Docker Engine plugins generally available in Docker +Engine. To view information on plugins managed by Docker Engine currently in +experimental status, refer to [Docker Engine plugin system](index.md). + +Docker's out-of-the-box authorization model is all or nothing. Any user with +permission to access the Docker daemon can run any Docker client command. The +same is true for callers using Docker's remote API to contact the daemon. If you +require greater access control, you can create authorization plugins and add +them to your Docker daemon configuration. Using an authorization plugin, a +Docker administrator can configure granular access policies for managing access +to Docker daemon. + +Anyone with the appropriate skills can develop an authorization plugin. These +skills, at their most basic, are knowledge of Docker, understanding of REST, and +sound programming knowledge. This document describes the architecture, state, +and methods information available to an authorization plugin developer. + +## Basic principles + +Docker's [plugin infrastructure](plugin_api.md) enables +extending Docker by loading, removing and communicating with +third-party components using a generic API. The access authorization subsystem +was built using this mechanism. + +Using this subsystem, you don't need to rebuild the Docker daemon to add an +authorization plugin. You can add a plugin to an installed Docker daemon. You do +need to restart the Docker daemon to add a new plugin. + +An authorization plugin approves or denies requests to the Docker daemon based +on both the current authentication context and the command context. The +authentication context contains all user details and the authentication method. +The command context contains all the relevant request data. + +Authorization plugins must follow the rules described in [Docker Plugin API](plugin_api.md). +Each plugin must reside within directories described under the +[Plugin discovery](plugin_api.md#plugin-discovery) section. + +**Note**: the abbreviations `AuthZ` and `AuthN` mean authorization and authentication +respectively. + +## Default user authorization mechanism + +If TLS is enabled in the [Docker daemon](../security/https.md), the default user authorization flow extracts the user details from the certificate subject name. +That is, the `User` field is set to the client certificate subject common name, and the `AuthenticationMethod` field is set to `TLS`. + +## Basic architecture + +You are responsible for registering your plugin as part of the Docker daemon +startup. You can install multiple plugins and chain them together. This chain +can be ordered. Each request to the daemon passes in order through the chain. +Only when all the plugins grant access to the resource, is the access granted. + +When an HTTP request is made to the Docker daemon through the CLI or via the +remote API, the authentication subsystem passes the request to the installed +authentication plugin(s). The request contains the user (caller) and command +context. The plugin is responsible for deciding whether to allow or deny the +request. + +The sequence diagrams below depict an allow and deny authorization flow: + +![Authorization Allow flow](images/authz_allow.png) + +![Authorization Deny flow](images/authz_deny.png) + +Each request sent to the plugin includes the authenticated user, the HTTP +headers, and the request/response body. Only the user name and the +authentication method used are passed to the plugin. Most importantly, no user +credentials or tokens are passed. Finally, not all request/response bodies +are sent to the authorization plugin. Only those request/response bodies where +the `Content-Type` is either `text/*` or `application/json` are sent. + +For commands that can potentially hijack the HTTP connection (`HTTP +Upgrade`), such as `exec`, the authorization plugin is only called for the +initial HTTP requests. Once the plugin approves the command, authorization is +not applied to the rest of the flow. Specifically, the streaming data is not +passed to the authorization plugins. For commands that return chunked HTTP +response, such as `logs` and `events`, only the HTTP request is sent to the +authorization plugins. + +During request/response processing, some authorization flows might +need to do additional queries to the Docker daemon. To complete such flows, +plugins can call the daemon API similar to a regular user. To enable these +additional queries, the plugin must provide the means for an administrator to +configure proper authentication and security policies. + +## Docker client flows + +To enable and configure the authorization plugin, the plugin developer must +support the Docker client interactions detailed in this section. + +### Setting up Docker daemon + +Enable the authorization plugin with a dedicated command line flag in the +`--authorization-plugin=PLUGIN_ID` format. The flag supplies a `PLUGIN_ID` +value. This value can be the plugin’s socket or a path to a specification file. +Authorization plugins can be loaded without restarting the daemon. Refer +to the [`dockerd` documentation](../reference/commandline/dockerd.md#configuration-reloading) for more information. + +```bash +$ dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... +``` + +Docker's authorization subsystem supports multiple `--authorization-plugin` parameters. + +### Calling authorized command (allow) + +```bash +$ docker pull centos +... +f1b10cd84249: Pull complete +... +``` + +### Calling unauthorized command (deny) + +```bash +$ docker pull centos +... +docker: Error response from daemon: authorization denied by plugin PLUGIN_NAME: volumes are not allowed. +``` + +### Error from plugins + +```bash +$ docker pull centos +... +docker: Error response from daemon: plugin PLUGIN_NAME failed with error: AuthZPlugin.AuthZReq: Cannot connect to the Docker daemon. Is the docker daemon running on this host?. +``` + +## API schema and implementation + +In addition to Docker's standard plugin registration method, each plugin +should implement the following two methods: + +* `/AuthZPlugin.AuthZReq` This authorize request method is called before the Docker daemon processes the client request. + +* `/AuthZPlugin.AuthZRes` This authorize response method is called before the response is returned from Docker daemon to the client. + +#### /AuthZPlugin.AuthZReq + +**Request**: + +```json +{ + "User": "The user identification", + "UserAuthNMethod": "The authentication method used", + "RequestMethod": "The HTTP method", + "RequestURI": "The HTTP request URI", + "RequestBody": "Byte array containing the raw HTTP request body", + "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string " +} +``` + +**Response**: + +```json +{ + "Allow": "Determined whether the user is allowed or not", + "Msg": "The authorization message", + "Err": "The error message if things go wrong" +} +``` +#### /AuthZPlugin.AuthZRes + +**Request**: + +```json +{ + "User": "The user identification", + "UserAuthNMethod": "The authentication method used", + "RequestMethod": "The HTTP method", + "RequestURI": "The HTTP request URI", + "RequestBody": "Byte array containing the raw HTTP request body", + "RequestHeader": "Byte array containing the raw HTTP request header as a map[string][]string", + "ResponseBody": "Byte array containing the raw HTTP response body", + "ResponseHeader": "Byte array containing the raw HTTP response header as a map[string][]string", + "ResponseStatusCode":"Response status code" +} +``` + +**Response**: + +```json +{ + "Allow": "Determined whether the user is allowed or not", + "Msg": "The authorization message", + "Err": "The error message if things go wrong" +} +``` + +### Request authorization + +Each plugin must support two request authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message. + +#### Daemon -> Plugin + +Name | Type | Description +-----------------------|-------------------|------------------------------------------------------- +User | string | The user identification +Authentication method | string | The authentication method used +Request method | enum | The HTTP method (GET/DELETE/POST) +Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json) +Request headers | map[string]string | Request headers as key value pairs (without the authorization header) +Request body | []byte | Raw request body + + +#### Plugin -> Daemon + +Name | Type | Description +--------|--------|---------------------------------------------------------------------------------- +Allow | bool | Boolean value indicating whether the request is allowed or denied +Msg | string | Authorization message (will be returned to the client in case the access is denied) +Err | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information) + +### Response authorization + +The plugin must support two authorization messages formats, one from the daemon to the plugin and then from the plugin to the daemon. The tables below detail the content expected in each message. + +#### Daemon -> Plugin + + +Name | Type | Description +----------------------- |------------------ |---------------------------------------------------- +User | string | The user identification +Authentication method | string | The authentication method used +Request method | string | The HTTP method (GET/DELETE/POST) +Request URI | string | The HTTP request URI including API version (e.g., v.1.17/containers/json) +Request headers | map[string]string | Request headers as key value pairs (without the authorization header) +Request body | []byte | Raw request body +Response status code | int | Status code from the docker daemon +Response headers | map[string]string | Response headers as key value pairs +Response body | []byte | Raw docker daemon response body + + +#### Plugin -> Daemon + +Name | Type | Description +--------|--------|---------------------------------------------------------------------------------- +Allow | bool | Boolean value indicating whether the response is allowed or denied +Msg | string | Authorization message (will be returned to the client in case the access is denied) +Err | string | Error message (will be returned to the client in case the plugin encounter an error. The string value supplied may appear in logs, so should not include confidential information) diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md new file mode 100644 index 0000000000..7a107e2ce3 --- /dev/null +++ b/docs/extend/plugins_network.md @@ -0,0 +1,73 @@ + + +# Engine network driver plugins + +This document describes Docker Engine network driver plugins generally +available in Docker Engine. To view information on plugins +managed by Docker Engine, refer to [Docker Engine plugin system](index.md). + +Docker Engine network plugins enable Engine deployments to be extended to +support a wide range of networking technologies, such as VXLAN, IPVLAN, MACVLAN +or something completely different. Network driver plugins are supported via the +LibNetwork project. Each plugin is implemented as a "remote driver" for +LibNetwork, which shares plugin infrastructure with Engine. Effectively, network +driver plugins are activated in the same way as other plugins, and use the same +kind of protocol. + +## Network driver plugins and swarm mode + +Docker 1.12 adds support for cluster management and orchestration called +[swarm mode](../swarm/index.md). Docker Engine running in swarm mode currently +only supports the built-in overlay driver for networking. Therefore existing +networking plugins will not work in swarm mode. + +When you run Docker Engine outside of swarm mode, all networking plugins that +worked in Docker 1.11 will continue to function normally. They do not require +any modification. + +## Using network driver plugins + +The means of installing and running a network driver plugin depend on the +particular plugin. So, be sure to install your plugin according to the +instructions obtained from the plugin developer. + +Once running however, network driver plugins are used just like the built-in +network drivers: by being mentioned as a driver in network-oriented Docker +commands. For example, + + $ docker network create --driver weave mynet + +Some network driver plugins are listed in [plugins](legacy_plugins.md) + +The `mynet` network is now owned by `weave`, so subsequent commands +referring to that network will be sent to the plugin, + + $ docker run --network=mynet busybox top + + +## Write a network plugin + +Network plugins implement the [Docker plugin +API](https://docs.docker.com/extend/plugin_api/) and the network plugin protocol + +## Network plugin protocol + +The network driver protocol, in addition to the plugin activation call, is +documented as part of libnetwork: +[https://github.com/docker/libnetwork/blob/master/docs/remote.md](https://github.com/docker/libnetwork/blob/master/docs/remote.md). + +# Related Information + +To interact with the Docker maintainers and other interested users, see the IRC channel `#docker-network`. + +- [Docker networks feature overview](../userguide/networking/index.md) +- The [LibNetwork](https://github.com/docker/libnetwork) project diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md new file mode 100644 index 0000000000..f9c93a3de1 --- /dev/null +++ b/docs/extend/plugins_volume.md @@ -0,0 +1,268 @@ + + +# Write a volume plugin + +Docker Engine volume plugins enable Engine deployments to be integrated with +external storage systems, such as Amazon EBS, and enable data volumes to persist +beyond the lifetime of a single Engine host. See the +[plugin documentation](legacy_plugins.md) for more information. + +## Changelog + +### 1.12.0 + +- Add `Status` field to `VolumeDriver.Get` response ([#21006](https://github.com/docker/docker/pull/21006#)) +- Add `VolumeDriver.Capabilities` to get capabilities of the volume driver([#22077](https://github.com/docker/docker/pull/22077)) + +### 1.10.0 + +- Add `VolumeDriver.Get` which gets the details about the volume ([#16534](https://github.com/docker/docker/pull/16534)) +- Add `VolumeDriver.List` which lists all volumes owned by the driver ([#16534](https://github.com/docker/docker/pull/16534)) + +### 1.8.0 + +- Initial support for volume driver plugins ([#14659](https://github.com/docker/docker/pull/14659)) + +## Command-line changes + +A volume plugin makes use of the `-v`and `--volume-driver` flag on the `docker run` command. The `-v` flag accepts a volume name and the `--volume-driver` flag a driver type, for example: + + $ docker run -ti -v volumename:/data --volume-driver=flocker busybox sh + +This command passes the `volumename` through to the volume plugin as a +user-given name for the volume. The `volumename` must not begin with a `/`. + +By having the user specify a `volumename`, a plugin can associate the volume +with an external volume beyond the lifetime of a single container or container +host. This can be used, for example, to move a stateful container from one +server to another. + +By specifying a `volumedriver` in conjunction with a `volumename`, users can use plugins such as [Flocker](https://clusterhq.com/docker-plugin/) to manage volumes external to a single host, such as those on EBS. + + +## Create a VolumeDriver + +The container creation endpoint (`/containers/create`) accepts a `VolumeDriver` +field of type `string` allowing to specify the name of the driver. It's default +value of `"local"` (the default driver for local volumes). + +## Volume plugin protocol + +If a plugin registers itself as a `VolumeDriver` when activated, then it is +expected to provide writeable paths on the host filesystem for the Docker +daemon to provide to containers to consume. + +The Docker daemon handles bind-mounting the provided paths into user +containers. + +> **Note**: Volume plugins should *not* write data to the `/var/lib/docker/` +> directory, including `/var/lib/docker/volumes`. The `/var/lib/docker/` +> directory is reserved for Docker. + +### /VolumeDriver.Create + +**Request**: +```json +{ + "Name": "volume_name", + "Opts": {} +} +``` + +Instruct the plugin that the user wants to create a volume, given a user +specified volume name. The plugin does not need to actually manifest the +volume on the filesystem yet (until Mount is called). +Opts is a map of driver specific options passed through from the user request. + +**Response**: +```json +{ + "Err": "" +} +``` + +Respond with a string error if an error occurred. + +### /VolumeDriver.Remove + +**Request**: +```json +{ + "Name": "volume_name" +} +``` + +Delete the specified volume from disk. This request is issued when a user invokes `docker rm -v` to remove volumes associated with a container. + +**Response**: +```json +{ + "Err": "" +} +``` + +Respond with a string error if an error occurred. + +### /VolumeDriver.Mount + +**Request**: +```json +{ + "Name": "volume_name", + "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c" +} +``` + +Docker requires the plugin to provide a volume, given a user specified volume +name. This is called once per container start. If the same volume_name is requested +more than once, the plugin may need to keep track of each new mount request and provision +at the first mount request and deprovision at the last corresponding unmount request. + +`ID` is a unique ID for the caller that is requesting the mount. + +**Response**: +```json +{ + "Mountpoint": "/path/to/directory/on/host", + "Err": "" +} +``` + +Respond with the path on the host filesystem where the volume has been made +available, and/or a string error if an error occurred. + +### /VolumeDriver.Path + +**Request**: +```json +{ + "Name": "volume_name" +} +``` + +Docker needs reminding of the path to the volume on the host. + +**Response**: +```json +{ + "Mountpoint": "/path/to/directory/on/host", + "Err": "" +} +``` + +Respond with the path on the host filesystem where the volume has been made +available, and/or a string error if an error occurred. `Mountpoint` is optional, +however the plugin may be queried again later if one is not provided. + +### /VolumeDriver.Unmount + +**Request**: +```json +{ + "Name": "volume_name", + "ID": "b87d7442095999a92b65b3d9691e697b61713829cc0ffd1bb72e4ccd51aa4d6c" +} +``` + +Indication that Docker no longer is using the named volume. This is called once +per container stop. Plugin may deduce that it is safe to deprovision it at +this point. + +`ID` is a unique ID for the caller that is requesting the mount. + +**Response**: +```json +{ + "Err": "" +} +``` + +Respond with a string error if an error occurred. + + +### /VolumeDriver.Get + +**Request**: +```json +{ + "Name": "volume_name" +} +``` + +Get the volume info. + + +**Response**: +```json +{ + "Volume": { + "Name": "volume_name", + "Mountpoint": "/path/to/directory/on/host", + "Status": {} + }, + "Err": "" +} +``` + +Respond with a string error if an error occurred. `Mountpoint` and `Status` are +optional. + + +### /VolumeDriver.List + +**Request**: +```json +{} +``` + +Get the list of volumes registered with the plugin. + +**Response**: +```json +{ + "Volumes": [ + { + "Name": "volume_name", + "Mountpoint": "/path/to/directory/on/host" + } + ], + "Err": "" +} +``` + +Respond with a string error if an error occurred. `Mountpoint` is optional. + +### /VolumeDriver.Capabilities + +**Request**: +```json +{} +``` + +Get the list of capabilities the driver supports. +The driver is not required to implement this endpoint, however in such cases +the default values will be taken. + +**Response**: +```json +{ + "Capabilities": { + "Scope": "global" + } +} +``` + +Supported scopes are `global` and `local`. Any other value in `Scope` will be +ignored and assumed to be `local`. Scope allows cluster managers to handle the +volume differently, for instance with a scope of `global`, the cluster manager +knows it only needs to create the volume once instead of on every engine. More +capabilities may be added in the future. From 2845676cc2522165df1d57119ff37fa725a6f4f9 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Fri, 14 Oct 2016 15:30:36 -0700 Subject: [PATCH 1814/2538] Convert Markdown frontmatter to YAML Some frontmatter such as the weights, menu stuff, etc is no longer used 'draft=true' becomes 'published: false' Signed-off-by: Misty Stanley-Jones --- docs/deprecated.md | 19 ++---- docs/extend/index.md | 19 ++---- docs/extend/legacy_plugins.md | 17 ++--- docs/extend/manifest.md | 67 +++++++++---------- docs/extend/menu.md | 19 ++---- docs/extend/plugin_api.md | 15 ++--- docs/extend/plugins_authorization.md | 17 ++--- docs/extend/plugins_network.md | 15 ++--- docs/extend/plugins_volume.md | 15 ++--- docs/reference/builder.md | 17 ++--- docs/reference/commandline/attach.md | 14 ++-- docs/reference/commandline/build.md | 14 ++-- docs/reference/commandline/cli.md | 17 ++--- docs/reference/commandline/commit.md | 14 ++-- docs/reference/commandline/container_prune.md | 14 ++-- docs/reference/commandline/cp.md | 14 ++-- docs/reference/commandline/create.md | 14 ++-- docs/reference/commandline/deploy.md | 16 ++--- docs/reference/commandline/diff.md | 14 ++-- docs/reference/commandline/dockerd.md | 17 ++--- docs/reference/commandline/events.md | 14 ++-- docs/reference/commandline/exec.md | 14 ++-- docs/reference/commandline/export.md | 14 ++-- docs/reference/commandline/history.md | 14 ++-- docs/reference/commandline/image_prune.md | 14 ++-- docs/reference/commandline/images.md | 14 ++-- docs/reference/commandline/import.md | 14 ++-- docs/reference/commandline/index.md | 17 ++--- docs/reference/commandline/info.md | 14 ++-- docs/reference/commandline/inspect.md | 14 ++-- docs/reference/commandline/kill.md | 14 ++-- docs/reference/commandline/load.md | 14 ++-- docs/reference/commandline/login.md | 14 ++-- docs/reference/commandline/logout.md | 14 ++-- docs/reference/commandline/logs.md | 14 ++-- docs/reference/commandline/menu.md | 17 ++--- docs/reference/commandline/network_connect.md | 14 ++-- docs/reference/commandline/network_create.md | 14 ++-- .../commandline/network_disconnect.md | 14 ++-- docs/reference/commandline/network_inspect.md | 14 ++-- docs/reference/commandline/network_ls.md | 14 ++-- docs/reference/commandline/network_rm.md | 14 ++-- docs/reference/commandline/node_demote.md | 14 ++-- docs/reference/commandline/node_inspect.md | 14 ++-- docs/reference/commandline/node_ls.md | 14 ++-- docs/reference/commandline/node_promote.md | 14 ++-- docs/reference/commandline/node_ps.md | 16 ++--- docs/reference/commandline/node_rm.md | 14 ++-- docs/reference/commandline/node_update.md | 14 ++-- docs/reference/commandline/pause.md | 14 ++-- docs/reference/commandline/plugin_disable.md | 16 ++--- docs/reference/commandline/plugin_enable.md | 16 ++--- docs/reference/commandline/plugin_inspect.md | 16 ++--- docs/reference/commandline/plugin_install.md | 16 ++--- docs/reference/commandline/plugin_ls.md | 16 ++--- docs/reference/commandline/plugin_rm.md | 16 ++--- docs/reference/commandline/port.md | 14 ++-- docs/reference/commandline/ps.md | 14 ++-- docs/reference/commandline/pull.md | 14 ++-- docs/reference/commandline/push.md | 14 ++-- docs/reference/commandline/rename.md | 14 ++-- docs/reference/commandline/restart.md | 14 ++-- docs/reference/commandline/rm.md | 14 ++-- docs/reference/commandline/rmi.md | 14 ++-- docs/reference/commandline/run.md | 14 ++-- docs/reference/commandline/save.md | 14 ++-- docs/reference/commandline/search.md | 14 ++-- docs/reference/commandline/service_create.md | 14 ++-- docs/reference/commandline/service_inspect.md | 14 ++-- docs/reference/commandline/service_ls.md | 14 ++-- docs/reference/commandline/service_ps.md | 16 ++--- docs/reference/commandline/service_rm.md | 14 ++-- docs/reference/commandline/service_scale.md | 14 ++-- docs/reference/commandline/service_update.md | 14 ++-- docs/reference/commandline/stack_config.md | 16 ++--- docs/reference/commandline/stack_deploy.md | 16 ++--- docs/reference/commandline/stack_ls.md | 16 ++--- docs/reference/commandline/stack_ps.md | 16 ++--- docs/reference/commandline/stack_rm.md | 18 +++-- docs/reference/commandline/stack_services.md | 16 ++--- docs/reference/commandline/start.md | 14 ++-- docs/reference/commandline/stats.md | 14 ++-- docs/reference/commandline/stop.md | 14 ++-- docs/reference/commandline/swarm_init.md | 14 ++-- docs/reference/commandline/swarm_join.md | 14 ++-- .../reference/commandline/swarm_join_token.md | 14 ++-- docs/reference/commandline/swarm_leave.md | 14 ++-- docs/reference/commandline/swarm_update.md | 14 ++-- docs/reference/commandline/system_df.md | 14 ++-- docs/reference/commandline/system_prune.md | 14 ++-- docs/reference/commandline/tag.md | 14 ++-- docs/reference/commandline/top.md | 14 ++-- docs/reference/commandline/unpause.md | 14 ++-- docs/reference/commandline/update.md | 18 ++--- docs/reference/commandline/version.md | 14 ++-- docs/reference/commandline/volume_create.md | 16 ++--- docs/reference/commandline/volume_inspect.md | 14 ++-- docs/reference/commandline/volume_ls.md | 14 ++-- docs/reference/commandline/volume_prune.md | 14 ++-- docs/reference/commandline/volume_rm.md | 15 ++--- docs/reference/commandline/wait.md | 14 ++-- docs/reference/glossary.md | 15 ++--- docs/reference/index.md | 16 ++--- docs/reference/run.md | 17 ++--- 104 files changed, 581 insertions(+), 1012 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index a591880ef0..43dfc29275 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -1,14 +1,9 @@ - +--- +aliases: ["/engine/misc/deprecated/"] +title: "Deprecated Engine Features" +description: "Deprecated Features." +keywords: ["docker, documentation, about, technology, deprecate"] +--- # Deprecated Engine Features @@ -192,7 +187,7 @@ The single-dash (`-help`) was removed, in favor of the double-dash `--help` **Removed In Release: [v1.13.0](https://github.com/docker/docker/releases/)** -The flag `--run` of the docker commit (and its short version `-run`) were deprecated in favor +The flag `--run` of the docker commit (and its short version `-run`) were deprecated in favor of the `--changes` flag that allows to pass `Dockerfile` commands. diff --git a/docs/extend/index.md b/docs/extend/index.md index 4ce1eac1c5..9ca4dd9c42 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -1,17 +1,12 @@ - +title: "Managed plugin system" +description: "How develop and use a plugin with the managed plugin system" +keywords: ["API, Usage, plugins, documentation, developer"] +advisory: "experimental" +--- # Docker Engine managed plugin system diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index aa4fa4a9b3..4e4d88a871 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -1,14 +1,9 @@ - +--- +aliases: "/engine/extend/plugins/" +title: "Use Docker Engine plugins" +description: "How to add additional functionality to Docker with plugins extensions" +keywords: ["Examples, Usage, plugins, docker, documentation, user guide"] +--- # Use Docker Engine plugins diff --git a/docs/extend/manifest.md b/docs/extend/manifest.md index d47efce8e8..e0fc3c3bec 100644 --- a/docs/extend/manifest.md +++ b/docs/extend/manifest.md @@ -1,17 +1,12 @@ - +title: "Plugin manifest" +description: "How develop and use a plugin with the managed plugin system" +keywords: ["API, Usage, plugins, documentation, developer"] +advisory: "experimental" +--- # Plugin Manifest Version 0 of Plugin V2 @@ -47,7 +42,7 @@ Manifest provides the base accessible fields for working with V0 plugin format - **`interface`** *PluginInterface* interface implemented by the plugins, struct consisting of the following fields - + - **`types`** *string array* types indicate what interface(s) the plugin currently implements. @@ -55,9 +50,9 @@ Manifest provides the base accessible fields for working with V0 plugin format currently supported: - **docker.volumedriver/1.0** - + - **`socket`** *string* - + socket is the name of the socket the engine should use to communicate with the plugins. the socket will be created in `/run/docker/plugins`. @@ -73,7 +68,7 @@ Manifest provides the base accessible fields for working with V0 plugin format - **`network`** *PluginNetwork* network of the plugin, struct consisting of the following fields - + - **`type`** *string* network type. @@ -83,11 +78,11 @@ Manifest provides the base accessible fields for working with V0 plugin format - **bridge** - **host** - **none** - + - **`capabilities`** *array* capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security) - + - **`mounts`** *PluginMount array* mount of the plugin, struct consisting of the following fields, see [`MOUNTS`](https://github.com/opencontainers/runtime-spec/blob/master/config.md#mounts) @@ -95,27 +90,27 @@ Manifest provides the base accessible fields for working with V0 plugin format - **`name`** *string* name of the mount. - + - **`description`** *string* - + description of the mount. - + - **`source`** *string* source of the mount. - + - **`destination`** *string* destination of the mount. - + - **`type`** *string* mount type. - + - **`options`** *string array* options of the mount. - + - **`devices`** *PluginDevice array* device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices) @@ -123,11 +118,11 @@ Manifest provides the base accessible fields for working with V0 plugin format - **`name`** *string* name of the device. - + - **`description`** *string* description of the device. - + - **`path`** *string* path of the device. @@ -139,15 +134,15 @@ Manifest provides the base accessible fields for working with V0 plugin format - **`name`** *string* name of the env. - + - **`description`** *string* - + description of the env. - + - **`value`** *string* value of the env. - + - **`args`** *PluginArgs* args of the plugin, struct consisting of the following fields @@ -155,16 +150,16 @@ Manifest provides the base accessible fields for working with V0 plugin format - **`name`** *string* name of the env. - + - **`description`** *string* - + description of the env. - + - **`value`** *string array* values of the args. - - + + ## Example Manifest *Example showing the 'tiborvass/no-remove' plugin manifest.* diff --git a/docs/extend/menu.md b/docs/extend/menu.md index 4b9955038a..8403872625 100644 --- a/docs/extend/menu.md +++ b/docs/extend/menu.md @@ -1,15 +1,10 @@ - +--- +title: "Implement plugins" +description: "Develop plugins and use existing plugins for Docker Engine" +keywords: ["extend, plugins, docker, documentation, developer"] +type: "menu" +identifier: "engine_extend" +--- diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index 5801ba9151..edf05872cf 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -1,13 +1,8 @@ - +--- +title: "Plugins API" +description: "How to write Docker plugins extensions " +keywords: ["API, Usage, plugins, documentation, developer"] +--- # Docker Plugin API diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 2c3d79e25d..77749547f5 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -1,14 +1,9 @@ - +--- +title: "Access authorization plugin" +description: "How to create authorization plugins to manage access control to your Docker daemon." +keywords: ["security, authorization, authentication, docker, documentation, plugin, extend"] +aliases: ["/engine/extend/authorization/"] +--- # Create an authorization plugin diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index 7a107e2ce3..5313be8402 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -1,13 +1,8 @@ - +--- +title: "Docker network driver plugins" +description: "Network driver plugins." +keywords: ["Examples, Usage, plugins, docker, documentation, user guide"] +--- # Engine network driver plugins diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index f9c93a3de1..2f53047f33 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -1,13 +1,8 @@ - +--- +title: "Volume plugins" +description: "How to manage data with external volume plugins" +keywords: ["Examples, Usage, volume, docker, data, volumes, plugin, api"] +--- # Write a volume plugin diff --git a/docs/reference/builder.md b/docs/reference/builder.md index bef2b85535..5b22fa1412 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1,13 +1,8 @@ - +--- +title: "Dockerfile reference" +description: "Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image." +keywords: ["builder, docker, Dockerfile, automation, image creation"] +--- # Dockerfile reference @@ -698,7 +693,7 @@ To view an image's labels, use the `docker inspect` command. MAINTAINER -The `MAINTAINER` instruction sets the *Author* field of the generated images. +The `MAINTAINER` instruction sets the *Author* field of the generated images. The `LABEL` instruction is a much more flexible version of this and you should use it instead, as it enables setting any metadata you require, and can be viewed easily, for example with `docker inspect`. To set a label corresponding to the diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index d0b519840b..3a9f5316c0 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -1,12 +1,8 @@ - +--- +title: "attach" +description: "The attach command description and usage" +keywords: ["attach, running, container"] +--- # attach diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 65f54cc81f..667ea97977 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -1,12 +1,8 @@ - +--- +title: "build" +description: "The build command description and usage" +keywords: ["build, docker, image"] +--- # build diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index f79bf45406..9c13f81113 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -1,13 +1,8 @@ - +--- +title: "Use the Docker command line" +description: "Docker's CLI command description and usage" +keywords: ["Docker, Docker documentation, CLI, command line"] +--- # Use the Docker command line @@ -122,7 +117,7 @@ directives, see the Once attached to a container, users detach from it and leave it running using the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable using the `detachKeys` property. Specify a `` value for the -property. The format of the `` is a comma-separated list of either +property. The format of the `` is a comma-separated list of either a letter [a-Z], or the `ctrl-` combined with any of the following: * `a-z` (a single lowercase alpha character ) diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index acfb7c95be..22682b14c2 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -1,12 +1,8 @@ - +--- +title: "commit" +description: "The commit command description and usage" +keywords: ["commit, file, changes"] +--- # commit diff --git a/docs/reference/commandline/container_prune.md b/docs/reference/commandline/container_prune.md index 2301353afa..2f00f17165 100644 --- a/docs/reference/commandline/container_prune.md +++ b/docs/reference/commandline/container_prune.md @@ -1,12 +1,8 @@ - +--- +title: "container prune" +description: "Remove all stopped containers" +keywords: [container, prune, delete, remove] +--- # container prune diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index b3a0b78916..fc661d73c7 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -1,12 +1,8 @@ - +--- +title: "cp" +description: "The cp command description and usage" +keywords: ["copy, container, files, folders"] +--- # cp diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 9e3dfdead5..51a09a9c40 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -1,12 +1,8 @@ - +--- +title: "create" +description: "The create command description and usage" +keywords: ["docker, create, container"] +--- # create diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index 908131e4bb..bc17e7bcab 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -1,13 +1,9 @@ - +--- +title: "deploy" +description: "The deploy command description and usage" +keywords: ["stack, deploy"] +advisory: "experimental" +--- # stack deploy (experimental) diff --git a/docs/reference/commandline/diff.md b/docs/reference/commandline/diff.md index 8c01b8cdf2..011e36fb71 100644 --- a/docs/reference/commandline/diff.md +++ b/docs/reference/commandline/diff.md @@ -1,12 +1,8 @@ - +--- +title: "diff" +description: "The diff command description and usage" +keywords: ["list, changed, files, container"] +--- # diff diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 0233476ce8..6e020ff6ad 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1,14 +1,9 @@ - +--- +title: "dockerd" +aliases: ["/engine/reference/commandline/daemon/"] +description: "The daemon command description and usage" +keywords: ["container, daemon, runtime"] +--- # daemon diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 789bb57ffb..c9821814de 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -1,12 +1,8 @@ - +--- +title: "events" +description: "The events command description and usage" +keywords: ["events, container, report"] +--- # events diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index 3f422de662..9be6cbadd8 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -1,12 +1,8 @@ - +--- +title: "exec" +description: "The exec command description and usage" +keywords: ["command, container, run, execute"] +--- # exec diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index 54e6e01a6e..78c1a84ceb 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -1,12 +1,8 @@ - +--- +title: "export" +description: "The export command description and usage" +keywords: ["export, file, system, container"] +--- # export diff --git a/docs/reference/commandline/history.md b/docs/reference/commandline/history.md index 895fd55ea9..36668bdc4c 100644 --- a/docs/reference/commandline/history.md +++ b/docs/reference/commandline/history.md @@ -1,12 +1,8 @@ - +--- +title: "history" +description: "The history command description and usage" +keywords: ["docker, image, history"] +--- # history diff --git a/docs/reference/commandline/image_prune.md b/docs/reference/commandline/image_prune.md index 85bd8ce1a6..d4c269e33f 100644 --- a/docs/reference/commandline/image_prune.md +++ b/docs/reference/commandline/image_prune.md @@ -1,12 +1,8 @@ - +--- +title: "image prune" +description: "Remove all stopped images" +keywords: [image, prune, delete, remove] +--- # image prune diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index af21a8197d..414b6f4666 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -1,12 +1,8 @@ - +--- +title: "images" +description: "The images command description and usage" +keywords: ["list, docker, images"] +--- # images diff --git a/docs/reference/commandline/import.md b/docs/reference/commandline/import.md index 2d2c88b4e8..1319dce849 100644 --- a/docs/reference/commandline/import.md +++ b/docs/reference/commandline/import.md @@ -1,12 +1,8 @@ - +--- +title: "import" +description: "The import command description and usage" +keywords: ["import, file, system, container"] +--- # import diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index ed8d2996a8..86be46b543 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -1,14 +1,9 @@ - +--- +title: "Docker commands" +description: "Docker's CLI command description and usage" +keywords: ["Docker, Docker documentation, CLI, command line"] +identifier: "smn_cli_guide" +--- diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 3bf813c057..a880fb7556 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -1,12 +1,8 @@ - +--- +title: "info" +description: "The info command description and usage" +keywords: ["display, docker, information"] +--- # info diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index d5c073f26c..697254a07a 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -1,12 +1,8 @@ - +--- +title: "inspect" +description: "The inspect command description and usage" +keywords: ["inspect, container, json"] +--- # inspect diff --git a/docs/reference/commandline/kill.md b/docs/reference/commandline/kill.md index 55b11efad2..65c5ec1107 100644 --- a/docs/reference/commandline/kill.md +++ b/docs/reference/commandline/kill.md @@ -1,12 +1,8 @@ - +--- +title: "kill" +description: "The kill command description and usage" +keywords: ["container, kill, signal"] +--- # kill diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index be8ed05cf2..dd15c85eab 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -1,12 +1,8 @@ - +--- +title: "load" +description: "The load command description and usage" +keywords: ["stdin, tarred, repository"] +--- # load diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index 3308ae5d6b..b7a0c81a48 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -1,12 +1,8 @@ - +--- +title: "login" +description: "The login command description and usage" +keywords: ["registry, login, image"] +--- # login diff --git a/docs/reference/commandline/logout.md b/docs/reference/commandline/logout.md index a073b34f88..989be9b456 100644 --- a/docs/reference/commandline/logout.md +++ b/docs/reference/commandline/logout.md @@ -1,12 +1,8 @@ - +--- +title: "logout" +description: "The logout command description and usage" +keywords: ["logout, docker, registry"] +--- # logout diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index 437e709631..55823a3712 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -1,12 +1,8 @@ - +--- +title: "logs" +description: "The logs command description and usage" +keywords: ["logs, retrieve, docker"] +--- # logs diff --git a/docs/reference/commandline/menu.md b/docs/reference/commandline/menu.md index 9ade86d26a..41677e7ea7 100644 --- a/docs/reference/commandline/menu.md +++ b/docs/reference/commandline/menu.md @@ -1,14 +1,9 @@ - +--- +title: "Command line reference" +description: "Docker's CLI command description and usage" +keywords: ["Docker, Docker documentation, CLI, command line"] +identifier: "smn_cli" +--- diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index 5a9ed866ef..d4a2c90077 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -1,12 +1,8 @@ - +--- +title: "network connect" +description: "The network connect command description and usage" +keywords: ["network, connect, user-defined"] +--- # network connect diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 8ffed10972..426de03085 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -1,12 +1,8 @@ - +--- +title: "network create" +description: "The network create command description and usage" +keywords: ["network, create"] +--- # network create diff --git a/docs/reference/commandline/network_disconnect.md b/docs/reference/commandline/network_disconnect.md index 2d43ccb1e9..93afd19def 100644 --- a/docs/reference/commandline/network_disconnect.md +++ b/docs/reference/commandline/network_disconnect.md @@ -1,12 +1,8 @@ - +--- +title: "network disconnect" +description: "The network disconnect command description and usage" +keywords: ["network, disconnect, user-defined"] +--- # network disconnect diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 9aebc66b5a..1e0b3e53dd 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -1,12 +1,8 @@ - +--- +title: "network inspect" +description: "The network inspect command description and usage" +keywords: ["network, inspect, user-defined"] +--- # network inspect diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 18a65da06a..a52ebaea36 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -1,12 +1,8 @@ - +--- +title: "network ls" +description: "The network ls command description and usage" +keywords: ["network, list, user-defined"] +--- # docker network ls diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index d57254636a..b6586e72aa 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -1,12 +1,8 @@ - +--- +title: "network rm" +description: "the network rm command description and usage" +keywords: ["network, rm, user-defined"] +--- # network rm diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index 2cec22ac3b..e84d45c891 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -1,12 +1,8 @@ - +--- +title: "node demote" +description: "The node demote command description and usage" +keywords: ["node, demote"] +--- # node demote diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 2f3370adbc..9edc081f3b 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -1,12 +1,8 @@ - +--- +title: "node inspect" +description: "The node inspect command description and usage" +keywords: ["node, inspect"] +--- # node inspect diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index e918b7d11a..19d9ff377b 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -1,12 +1,8 @@ - +--- +title: "node ls" +description: "The node ls command description and usage" +keywords: ["node, list"] +--- # node ls diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md index 7f5830d92a..5beada1cc7 100644 --- a/docs/reference/commandline/node_promote.md +++ b/docs/reference/commandline/node_promote.md @@ -1,12 +1,8 @@ - +--- +title: "node promote" +description: "The node promote command description and usage" +keywords: ["node, promote"] +--- # node promote diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 538132408a..7a1272bb8b 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -1,13 +1,9 @@ - +--- +title: "node ps" +description: "The node ps command description and usage" +keywords: ["node, tasks", "ps"] +aliases: ["/engine/reference/commandline/node_tasks/"] +--- # node ps diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index ee6dcf7212..34643c395b 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -1,12 +1,8 @@ - +--- +title: "node rm" +description: "The node rm command description and usage" +keywords: ["node, remove"] +--- # node rm diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index 5205a7d96a..66fe091772 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -1,12 +1,8 @@ - +--- +title: "node update" +description: "The node update command description and usage" +keywords: ["resources, update, dynamically"] +--- ## update diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index 6e85ebbea0..14eca8dc3d 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -1,12 +1,8 @@ - +--- +title: "pause" +description: "The pause command description and usage" +keywords: ["cgroups, container, suspend, SIGSTOP"] +--- # pause diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index eae31975e1..a228cfd38c 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -1,13 +1,9 @@ - +--- +title: "plugin disable" +description: "the plugin disable command description and usage" +keywords: ["plugin, disable"] +advisory: "experimental" +--- # plugin disable (experimental) diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index 44ef3c2fa3..e78a6a798c 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -1,13 +1,9 @@ - +--- +title: "plugin enable" +description: "the plugin enable command description and usage" +keywords: ["plugin, enable"] +advisory: "experimental" +--- # plugin enable (experimental) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index e8c219d266..01f5877e8c 100755 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -1,13 +1,9 @@ - +--- +title: "plugin inspect" +description: "The plugin inspect command description and usage" +keywords: ["plugin, inspect"] +advisory: "experimental" +--- # plugin inspect (experimental) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index f3b26ab0c8..3f3e4b74af 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -1,13 +1,9 @@ - +--- +title: "plugin install" +description: "the plugin install command description and usage" +keywords: ["plugin, install"] +advisory: "experimental" +--- # plugin install (experimental) diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index c73fb72dd2..8f618171f1 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -1,13 +1,9 @@ - +--- +title: "plugin ls" +description: "The plugin ls command description and usage" +keywords: ["plugin, list"] +advisory: "experimental" +--- # plugin ls (experimental) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 6b6a2239b6..41b71c760b 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -1,13 +1,9 @@ - +--- +title: "plugin rm" +description: "the plugin rm command description and usage" +keywords: ["plugin, rm"] +advisory: "experimental" +--- # plugin rm (experimental) diff --git a/docs/reference/commandline/port.md b/docs/reference/commandline/port.md index e8da943c36..968ab545aa 100644 --- a/docs/reference/commandline/port.md +++ b/docs/reference/commandline/port.md @@ -1,12 +1,8 @@ - +--- +title: "port" +description: "The port command description and usage" +keywords: ["port, mapping, container"] +--- # port diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 541979e819..2e34ed59f2 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -1,12 +1,8 @@ - +--- +title: "ps" +description: "The ps command description and usage" +keywords: ["container, running, list"] +--- # ps diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index f10c134863..ec351153ca 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -1,12 +1,8 @@ - +--- +title: "pull" +description: "The pull command description and usage" +keywords: ["pull, image, hub, docker"] +--- # pull diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 9b70fd3516..f6cb0b0f73 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -1,12 +1,8 @@ - +--- +title: "push" +description: "The push command description and usage" +keywords: ["share, push, image"] +--- # push diff --git a/docs/reference/commandline/rename.md b/docs/reference/commandline/rename.md index f5a4fe23ec..66c8b2c52a 100644 --- a/docs/reference/commandline/rename.md +++ b/docs/reference/commandline/rename.md @@ -1,12 +1,8 @@ - +--- +title: "rename" +description: "The rename command description and usage" +keywords: ["rename, docker, container"] +--- # rename diff --git a/docs/reference/commandline/restart.md b/docs/reference/commandline/restart.md index 9e40a4f6c4..5c179b764d 100644 --- a/docs/reference/commandline/restart.md +++ b/docs/reference/commandline/restart.md @@ -1,12 +1,8 @@ - +--- +title: "restart" +description: "The restart command description and usage" +keywords: ["restart, container, Docker"] +--- # restart diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index 319ef4dbbc..ed8f354405 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -1,12 +1,8 @@ - +--- +title: "rm" +description: "The rm command description and usage" +keywords: ["remove, Docker, container"] +--- # rm diff --git a/docs/reference/commandline/rmi.md b/docs/reference/commandline/rmi.md index 328d9fe140..7c1faec77d 100644 --- a/docs/reference/commandline/rmi.md +++ b/docs/reference/commandline/rmi.md @@ -1,12 +1,8 @@ - +--- +title: "rmi" +description: "The rmi command description and usage" +keywords: ["remove, image, Docker"] +--- # rmi diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index b169f9c476..386f466f6a 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -1,12 +1,8 @@ - +--- +title: "run" +description: "The run command description and usage" +keywords: ["run, command, container"] +--- # run diff --git a/docs/reference/commandline/save.md b/docs/reference/commandline/save.md index f7d1fdedcb..2a4ce8d551 100644 --- a/docs/reference/commandline/save.md +++ b/docs/reference/commandline/save.md @@ -1,12 +1,8 @@ - +--- +title: "save" +description: "The save command description and usage" +keywords: ["tarred, repository, backup"] +--- # save diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 988db8bf1f..0efa6a5865 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -1,12 +1,8 @@ - +--- +title: "search" +description: "The search command description and usage" +keywords: ["search, hub, images"] +--- # search diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 059996dadf..f4d0815070 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -1,12 +1,8 @@ - +--- +title: "service create" +description: "The service create command description and usage" +keywords: ["service, create"] +--- # service create diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index e24927f433..fc167d77a8 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -1,12 +1,8 @@ - +--- +title: "service inspect" +description: "The service inspect command description and usage" +keywords: ["service, inspect"] +--- # service inspect diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 68c3ade6ce..5a2974aa41 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -1,12 +1,8 @@ - +--- +title: "service ls" +description: "The service ls command description and usage" +keywords: ["service, ls"] +--- # service ls diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index d6f9de5f27..4afdd455f4 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -1,13 +1,9 @@ - +--- +title: "service ps" +description: "The service ps command description and usage" +keywords: ["service, tasks", "ps"] +aliases: ["/engine/reference/commandline/service_tasks/"] +--- # service ps diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index edd9b417ed..1230ffb841 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -1,12 +1,8 @@ - +--- +title: "service rm" +description: "The service rm command description and usage" +keywords: ["service, rm"] +--- # service rm diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index f4356945e5..a21f5c4779 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -1,12 +1,8 @@ - +--- +title: "service scale" +description: "The service scale command description and usage" +keywords: ["service, scale"] +--- # service scale diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index dd65bb288f..f1698c3e01 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -1,12 +1,8 @@ - +--- +title: "service update" +description: "The service update command description and usage" +keywords: ["service, update"] +--- # service update diff --git a/docs/reference/commandline/stack_config.md b/docs/reference/commandline/stack_config.md index a7b8f6f5b8..470f63b621 100644 --- a/docs/reference/commandline/stack_config.md +++ b/docs/reference/commandline/stack_config.md @@ -1,13 +1,9 @@ - +--- +title: "stack config" +description: "The stack config command description and usage" +keywords: ["stack, config"] +advisory: "experimental" +--- # stack config (experimental) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 7f3c341ae3..5069c22032 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -1,13 +1,9 @@ - +--- +title: "stack deploy" +description: "The stack deploy command description and usage" +keywords: ["stack, deploy, up"] +advisory: "experimental" +--- # stack deploy (experimental) diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md index acd570214c..b91fe430d9 100644 --- a/docs/reference/commandline/stack_ls.md +++ b/docs/reference/commandline/stack_ls.md @@ -1,13 +1,9 @@ - +--- +title: "stack ls" +description: "The stack ls command description and usage" +keywords: ["stack, ls"] +advisory: "experimental" +--- # stack ls (experimental) diff --git a/docs/reference/commandline/stack_ps.md b/docs/reference/commandline/stack_ps.md index bc71b2e4d9..fec0b07399 100644 --- a/docs/reference/commandline/stack_ps.md +++ b/docs/reference/commandline/stack_ps.md @@ -1,13 +1,9 @@ - +--- +title: "stack ps" +description: "The stack ps command description and usage" +keywords: ["stack, ps"] +advisory: "experimental" +--- # stack ps (experimental) diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md index 8aae98c162..7e7a914311 100644 --- a/docs/reference/commandline/stack_rm.md +++ b/docs/reference/commandline/stack_rm.md @@ -1,13 +1,11 @@ - +--- +title: "stack rm" +description: "The stack rm command description and usage" +keywords: ["stack, rm, remove, down"] +advisory: "experimental" + + +--- # stack rm (experimental) diff --git a/docs/reference/commandline/stack_services.md b/docs/reference/commandline/stack_services.md index ed44d6b1d4..b7f4002416 100644 --- a/docs/reference/commandline/stack_services.md +++ b/docs/reference/commandline/stack_services.md @@ -1,13 +1,9 @@ - +--- +title: "stack services" +description: "The stack services command description and usage" +keywords: ["stack, services"] +advisory: "experimental" +--- # stack services (experimental) diff --git a/docs/reference/commandline/start.md b/docs/reference/commandline/start.md index 72ff7e1002..46b493c2b1 100644 --- a/docs/reference/commandline/start.md +++ b/docs/reference/commandline/start.md @@ -1,12 +1,8 @@ - +--- +title: "start" +description: "The start command description and usage" +keywords: ["Start, container, stopped"] +--- # start diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index d6d6ed0e1f..4ee79e292a 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -1,12 +1,8 @@ - +--- +title: "stats" +description: "The stats command description and usage" +keywords: ["container, resource, statistics"] +--- # stats diff --git a/docs/reference/commandline/stop.md b/docs/reference/commandline/stop.md index 662255846f..e888562799 100644 --- a/docs/reference/commandline/stop.md +++ b/docs/reference/commandline/stop.md @@ -1,12 +1,8 @@ - +--- +title: "stop" +description: "The stop command description and usage" +keywords: ["stop, SIGKILL, SIGTERM"] +--- # stop diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 6df0cdb1d0..7d33cdab3a 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -1,12 +1,8 @@ - +--- +title: "swarm init" +description: "The swarm init command description and usage" +keywords: ["swarm, init"] +--- # swarm init diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index c0a7d91cc3..9afdec1225 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -1,12 +1,8 @@ - +--- +title: "swarm join" +description: "The swarm join command description and usage" +keywords: ["swarm, join"] +--- # swarm join diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index f808d84244..468d841a6a 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -1,12 +1,8 @@ - +--- +title: "swarm join-token" +description: "The swarm join-token command description and usage" +keywords: ["swarm, join-token"] +--- # swarm join-token diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 112813466b..6520480025 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -1,12 +1,8 @@ - +--- +title: "swarm leave" +description: "The swarm leave command description and usage" +keywords: ["swarm, leave"] +--- # swarm leave diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 5299be257d..11362fb541 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -1,12 +1,8 @@ - +--- +title: "swarm update" +description: "The swarm update command description and usage" +keywords: ["swarm, update"] +--- # swarm update diff --git a/docs/reference/commandline/system_df.md b/docs/reference/commandline/system_df.md index 9f03dc8250..211ce4cfaf 100644 --- a/docs/reference/commandline/system_df.md +++ b/docs/reference/commandline/system_df.md @@ -1,12 +1,8 @@ - +--- +title: "system df" +description: "The system df command description and usage" +keywords: [system, data, usage, disk] +--- # system df diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index 3ba73ee818..393d96ed9d 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -1,12 +1,8 @@ - +--- +title: "system prune" +description: "Remove unused data" +keywords: [system, prune, delete, remove] +--- # system prune diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 60692958f1..7154725977 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -1,12 +1,8 @@ - +--- +title: "tag" +description: "The tag command description and usage" +keywords: ["tag, name, image"] +--- # tag diff --git a/docs/reference/commandline/top.md b/docs/reference/commandline/top.md index 291f96ce09..9f88f97456 100644 --- a/docs/reference/commandline/top.md +++ b/docs/reference/commandline/top.md @@ -1,12 +1,8 @@ - +--- +title: "top" +description: "The top command description and usage" +keywords: ["container, running, processes"] +--- # top diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index 9795f16482..953940446c 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -1,12 +1,8 @@ - +--- +title: "unpause" +description: "The unpause command description and usage" +keywords: ["cgroups, suspend, container"] +--- # unpause diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index bacecd0106..2d5266233c 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -1,12 +1,8 @@ - +--- +title: "update" +description: "The update command description and usage" +keywords: ["resources, update, dynamically"] +--- ## update @@ -31,8 +27,8 @@ Options: ``` The `docker update` command dynamically updates container configuration. -You can use this command to prevent containers from consuming too many -resources from their Docker host. With a single command, you can place +You can use this command to prevent containers from consuming too many +resources from their Docker host. With a single command, you can place limits on a single container or on many. To specify more than one container, provide space-separated list of container names or IDs. diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index e650e41a2d..ee95e6508a 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -1,12 +1,8 @@ - +--- +title: "version" +description: "The version command description and usage" +keywords: ["version, architecture, api"] +--- # version diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 65dbba2f64..b05b408736 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -1,12 +1,8 @@ - +--- +title: "volume create" +description: "The volume create command description and usage" +keywords: ["volume, create"] +--- # volume create @@ -57,7 +53,7 @@ different volume drivers may do different things (or nothing at all). The built-in `local` driver on Windows does not support any options. The built-in `local` driver on Linux accepts options similar to the linux `mount` command. You can provide multiple options by passing the `--opt` flag multiple times. Some `mount` options (such as the `o` option) can take a comma-separated list of options. Complete list of available mount options can be found [here](http://man7.org/linux/man-pages/man8/mount.8.html). - + For example, the following creates a `tmpfs` volume called `foo` with a size of 100 megabyte and `uid` of 1000. ```bash diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index fac9438e3d..dd748d2706 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -1,12 +1,8 @@ - +--- +title: "volume inspect" +description: "The volume inspect command description and usage" +keywords: ["volume, inspect"] +--- # volume inspect diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 34e2ae927d..8d36ce2b87 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -1,12 +1,8 @@ - +--- +title: "volume ls" +description: "The volume ls command description and usage" +keywords: ["volume, list"] +--- # volume ls diff --git a/docs/reference/commandline/volume_prune.md b/docs/reference/commandline/volume_prune.md index 4c6eab0d53..b3db90c03c 100644 --- a/docs/reference/commandline/volume_prune.md +++ b/docs/reference/commandline/volume_prune.md @@ -1,12 +1,8 @@ - +--- +title: "volume prune" +description: "Remove unused volumes" +keywords: [volume, prune, delete] +--- # volume prune diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index aa66684259..2e5e534309 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -1,12 +1,9 @@ - +--- +title: "volume rm" +description: "the volume rm command description and usage" +keywords: ["volume, rm"] +--- + # volume rm diff --git a/docs/reference/commandline/wait.md b/docs/reference/commandline/wait.md index b6fd68dbdb..057f404d89 100644 --- a/docs/reference/commandline/wait.md +++ b/docs/reference/commandline/wait.md @@ -1,12 +1,8 @@ - +--- +title: "wait" +description: "The wait command description and usage" +keywords: ["container, stop, wait"] +--- # wait diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index d386d52bbb..2490cd6729 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -1,13 +1,8 @@ - +--- +title: "Docker Glossary" +description: "Glossary of terms used around Docker" +keywords: ["glossary, docker, terms, definitions"] +--- # Glossary diff --git a/docs/reference/index.md b/docs/reference/index.md index a207ee7d05..c634e82a2d 100644 --- a/docs/reference/index.md +++ b/docs/reference/index.md @@ -1,14 +1,8 @@ - +--- +title: "Engine reference" +description: "Docker Engine reference" +keywords: ["Engine"] +--- # Engine reference diff --git a/docs/reference/run.md b/docs/reference/run.md index 82bffc1537..6b2994cc2a 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1,13 +1,8 @@ - +--- +title: "Docker run reference" +description: "Configure containers at runtime" +keywords: ["docker, run, configure, runtime"] +--- # Docker run reference @@ -181,7 +176,7 @@ Images using the v2 or later image format have a content-addressable identifier called a digest. As long as the input used to generate the image is unchanged, the digest value is predictable and referenceable. -The following example runs a container from the `alpine` image with the +The following example runs a container from the `alpine` image with the `sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0` digest: $ docker run alpine@sha256:9cacb71397b640eca97488cf08582ae4e4068513101088e9f96c9814bfda95e0 date From 833db8ffac19e73a2771631c1b96fb86fb53bf32 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 16 Oct 2016 21:13:26 -0700 Subject: [PATCH 1815/2538] Remove Fedora 22 from RPM build as it is EOL Fedora 22 reached end of life on July 19th, and will no longer receive updates; https://fedoramagazine.org/fedora-22-end-of-life-2016-july/ With the recent release of Fedora 24, Fedora 22 will officially enter End Of Life (EOL) status on July 19th, 2016. After July 19th, all packages in the Fedora 22 repositories will no longer receive security, bugfix, or enhancement updates, and no new packages will be added to the Fedora 22 collection. Upgrading to Fedora 23 or Fedora 24 before July 19th 2016 is highly recommended for all users still running Fedora 22. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 6e020ff6ad..37676b9652 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -949,11 +949,6 @@ these resources are name-based, not id-based. If the numeric ID information provided does not exist as entries in `/etc/passwd` or `/etc/group`, daemon startup will fail with an error message. -> **Note:** On Fedora 22, you have to `touch` the `/etc/subuid` and `/etc/subgid` -> files to have ranges assigned when users are created. This must be done -> *before* the `--userns-remap` option is enabled. Once these files exist, the -> daemon can be (re)started and range assignment on user creation works properly. - **Example: starting with default Docker user management:** ```bash From 6190d02e62679bb0d1f1e99aebde9e159a273d56 Mon Sep 17 00:00:00 2001 From: Amir Goldstein Date: Sun, 18 Sep 2016 22:35:55 +0300 Subject: [PATCH 1816/2538] overlay2: add support for --storage-opt size Allow passing --storage-opt size=X to docker create/run commands for the `overlay2` graphriver. The size option is only available if the backing fs is xfs that is mounted with the `pquota` mount option. The user can pass any size less then the backing fs size. Signed-off-by: Amir Goldstein --- docs/reference/commandline/create.md | 9 +++++++-- docs/reference/commandline/run.md | 9 +++++++-- man/docker-create.1.md | 7 +++++-- man/docker-run.1.md | 7 +++++-- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 51a09a9c40..d6c584d079 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -167,8 +167,13 @@ Set storage driver options per container. $ docker create -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. -User cannot pass a size less than the Default BaseFS Size. This option is only -available for the `devicemapper`, `btrfs`, `windowsfilter`, and `zfs` graph drivers. +This option is only available for the `devicemapper`, `btrfs`, `overlay2`, +`windowsfilter` and `zfs` graph drivers. +For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers, +user cannot pass a size less than the Default BaseFS Size. +For the `overlay2` storage driver, the size option is only available if the +backing fs is `xfs` and mounted with the `pquota` mount option. +Under these conditions, user can pass any size less then the backing fs size. ### Specify isolation technology for container (--isolation) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 386f466f6a..e22cbeafc4 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -194,8 +194,13 @@ The `-w` lets the command being executed inside directory given, here $ docker run -it --storage-opt size=120G fedora /bin/bash This (size) will allow to set the container rootfs size to 120G at creation time. -User cannot pass a size less than the Default BaseFS Size. This option is only -available for the `devicemapper`, `btrfs`, `windowsfilter`, and `zfs` graph drivers. +This option is only available for the `devicemapper`, `btrfs`, `overlay2`, +`windowsfilter` and `zfs` graph drivers. +For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers, +user cannot pass a size less than the Default BaseFS Size. +For the `overlay2` storage driver, the size option is only available if the +backing fs is `xfs` and mounted with the `pquota` mount option. +Under these conditions, user can pass any size less then the backing fs size. ### Mount tmpfs (--tmpfs) diff --git a/man/docker-create.1.md b/man/docker-create.1.md index f31732d0bf..64365fac74 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -343,8 +343,11 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. $ docker create -it --storage-opt size=120G fedora /bin/bash - This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. - This option is only available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. + This (size) will allow to set the container rootfs size to 120G at creation time. + This option is only available for the `devicemapper`, `btrfs`, `overlay2` and `zfs` graph drivers. + For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size. + For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option. + Under these conditions, user can pass any size less then the backing fs size. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index ad62fa0737..89166710c4 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -493,8 +493,11 @@ incompatible with any restart policy other than `none`. $ docker run -it --storage-opt size=120G fedora /bin/bash - This (size) will allow to set the container rootfs size to 120G at creation time. User cannot pass a size less than the Default BaseFS Size. - This option is only available for the `devicemapper`, `btrfs`, and `zfs` graph drivers. + This (size) will allow to set the container rootfs size to 120G at creation time. + This option is only available for the `devicemapper`, `btrfs`, `overlay2` and `zfs` graph drivers. + For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size. + For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option. + Under these conditions, user can pass any size less then the backing fs size. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. From 29392a7472aa6273e4ec6255bf03cd607c23fbc0 Mon Sep 17 00:00:00 2001 From: Luca Favatella Date: Mon, 17 Oct 2016 16:38:35 +0100 Subject: [PATCH 1817/2538] Fix typo in build documentation Signed-off-by: Luca Favatella --- docs/reference/commandline/build.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 667ea97977..720bfaabc2 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -98,6 +98,7 @@ or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: ```bash $ docker build http://server/context.tar.gz +``` The download operation will be performed on the host the Docker daemon is running on, which is not necessarily the same host from which the build command From ba49f7bfe9b6d4eb362f01633c535c5a7b2d4fdb Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Mon, 17 Oct 2016 17:25:58 +0800 Subject: [PATCH 1818/2538] fix wrong output titile for docker volume ls Signed-off-by: lixiaobing10051267 --- docs/extend/index.md | 2 +- docs/reference/commandline/volume_ls.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index 9ca4dd9c42..e8b964ba15 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -97,7 +97,7 @@ started without error. ```bash $ docker volume ls - DRIVER NAME + DRIVER VOLUME NAME vieux/sshfs sshvolume ``` diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 8d36ce2b87..fb8c658261 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -99,7 +99,7 @@ regardless of its value. ```bash $ docker volume ls --filter label=is-timelord -DRIVER NAME +DRIVER VOLUME NAME local daleks local the-doctor ``` @@ -112,7 +112,7 @@ Filtering on both `key` *and* `value` of the label, produces the expected result ```bash $ docker volume ls --filter label=is-timelord=yes -DRIVER NAME +DRIVER VOLUME NAME local the-doctor ``` @@ -122,7 +122,7 @@ should be met; ```bash $ docker volume ls --filter label=is-timelord=yes --filter label=is-timelord=no -DRIVER NAME +DRIVER VOLUME NAME ``` ### name From 83c7808f3aac4f19a44e1c46d3b07b14a901d24f Mon Sep 17 00:00:00 2001 From: Carlos Alexandro Becker Date: Wed, 1 Jun 2016 15:54:15 -0300 Subject: [PATCH 1819/2538] Added logentries dependency to vendor Signed-off-by: Carlos Alexandro Becker --- contrib/completion/bash/docker | 7 ++++++- contrib/completion/zsh/_docker | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 11d7b9faf4..0103b25590 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -505,6 +505,7 @@ __docker_complete_log_drivers() { gelf journald json-file + logentries none splunk syslog @@ -519,10 +520,11 @@ __docker_complete_log_options() { local gelf_options="env gelf-address gelf-compression-level gelf-compression-type labels tag" local journald_options="env labels tag" local json_file_options="env labels max-file max-size" + local logentries_options="logentries-token" local syslog_options="env labels syslog-address syslog-facility syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify tag" local splunk_options="env labels splunk-caname splunk-capath splunk-format splunk-gzip splunk-gzip-level splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url splunk-verify-connection tag" - local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $json_file_options $syslog_options $splunk_options" + local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $logentries_options $json_file_options $syslog_options $splunk_options" case $(__docker_value_of_option --log-driver) in '') @@ -546,6 +548,9 @@ __docker_complete_log_options() { json-file) COMPREPLY=( $( compgen -W "$json_file_options" -S = -- "$cur" ) ) ;; + logentries) + COMPREPLY=( $( compgen -W "$logentries_options" -S = -- "$cur" ) ) + ;; syslog) COMPREPLY=( $( compgen -W "$syslog_options" -S = -- "$cur" ) ) ;; diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 97ee9a221c..d9246105b9 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -219,7 +219,7 @@ __docker_get_log_options() { integer ret=1 local log_driver=${opt_args[--log-driver]:-"all"} - local -a awslogs_options fluentd_options gelf_options journald_options json_file_options syslog_options splunk_options + local -a awslogs_options fluentd_options gelf_options journald_options json_file_options logentries_options syslog_options splunk_options awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream") fluentd_options=("env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag") @@ -227,6 +227,7 @@ __docker_get_log_options() { gelf_options=("env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag") journald_options=("env" "labels" "tag") json_file_options=("env" "labels" "max-file" "max-size") + logentries_options=("logentries-token") syslog_options=("env" "labels" "syslog-address" "syslog-facility" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "tag") splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-format" "splunk-gzip" "splunk-gzip-level" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "splunk-verify-connection" "tag") @@ -236,6 +237,7 @@ __docker_get_log_options() { [[ $log_driver = (gelf|all) ]] && _describe -t gelf-options "gelf options" gelf_options "$@" && ret=0 [[ $log_driver = (journald|all) ]] && _describe -t journald-options "journald options" journald_options "$@" && ret=0 [[ $log_driver = (json-file|all) ]] && _describe -t json-file-options "json-file options" json_file_options "$@" && ret=0 + [[ $log_driver = (logentries|all) ]] && _describe -t logentries-options "logentries options" logentries_options "$@" && ret=0 [[ $log_driver = (syslog|all) ]] && _describe -t syslog-options "syslog options" syslog_options "$@" && ret=0 [[ $log_driver = (splunk|all) ]] && _describe -t splunk-options "splunk options" splunk_options "$@" && ret=0 From 4ff84a13da677b242f9fdb9e7cd72d568ec11759 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 26 May 2016 13:34:48 -0700 Subject: [PATCH 1820/2538] Add config parameter to change per-container stop timeout during daemon shutdown This fix tries to add a flag `--stop-timeout` to specify the timeout value (in seconds) for the container to stop before SIGKILL is issued. If stop timeout is not specified then the default timeout (10s) is used. Additional test cases have been added to cover the change. This fix is related to #22471. Another pull request will add `--shutdown-timeout` to daemon for #22471. Signed-off-by: Yong Tang --- docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 6 ++++++ man/docker-create.1.md | 4 ++++ man/docker-run.1.md | 4 ++++ 4 files changed, 15 insertions(+) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index d6c584d079..247e67f656 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -94,6 +94,7 @@ Options: Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. --stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM") + --stop-timeout=10 Timeout (in seconds) to stop a container --storage-opt value Storage driver options for the container (default []) --sysctl value Sysctl options (default map[]) --tmpfs value Mount a tmpfs directory (default []) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index e22cbeafc4..17b0c1e94e 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -101,6 +101,7 @@ Options: or `g` (gigabytes). If you omit the unit, the system uses bytes. --sig-proxy Proxy received signals to the process (default true) --stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM") + --stop-timeout=10 Timeout (in seconds) to stop a container --storage-opt value Storage driver options for the container (default []) --sysctl value Sysctl options (default map[]) --tmpfs value Mount a tmpfs directory (default []) @@ -620,6 +621,11 @@ or a signal name in the format SIGNAME, for instance SIGKILL. On Windows, this flag can be used to specify the `credentialspec` option. The `credentialspec` must be in the format `file://spec.txt` or `registry://keyname`. +### Stop container with timeout (--stop-timeout) + +The `--stop-timeout` flag sets the the timeout (in seconds) that a pre-defined (see `--stop-signal`) system call +signal that will be sent to the container to exit. After timeout elapses the container will be killed with SIGKILL. + ### Specify isolation technology for container (--isolation) This option is useful in situations where you are running Docker containers on diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 64365fac74..ece8a91f5f 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -68,6 +68,7 @@ docker-create - Create a new container [**--security-opt**[=*[]*]] [**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] +[**--stop-timeout**[=*TIMEOUT*]] [**--shm-size**[=*[]*]] [**--sysctl**[=*[]*]] [**-t**|**--tty**] @@ -352,6 +353,9 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. +**--stop-timeout**=*10* + Timeout (in seconds) to stop a container. Default is 10. + **--sysctl**=SYSCTL Configure namespaced kernel parameters at runtime diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 89166710c4..51df3df153 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -70,6 +70,7 @@ docker-run - Run a command in a new container [**--security-opt**[=*[]*]] [**--storage-opt**[=*[]*]] [**--stop-signal**[=*SIGNAL*]] +[**--stop-timeout**[=*TIMEOUT*]] [**--shm-size**[=*[]*]] [**--sig-proxy**[=*true*]] [**--sysctl**[=*[]*]] @@ -502,6 +503,9 @@ incompatible with any restart policy other than `none`. **--stop-signal**=*SIGTERM* Signal to stop a container. Default is SIGTERM. +**--stop-timeout**=*10* + Timeout (in seconds) to stop a container. Default is 10. + **--shm-size**="" Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or `g` (gigabytes). From b7b97fdce6e6b38c2552b3cf184abe3030e7252e Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 18 Oct 2016 14:20:12 +0800 Subject: [PATCH 1821/2538] wrap line in deleted containers when pruning Signed-off-by: allencloud --- docs/reference/commandline/system_prune.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index 393d96ed9d..6df4b21e0c 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -28,7 +28,8 @@ WARNING! This will remove: - all volumes not used by at least one container - all images without at least one container associated to them Are you sure you want to continue? [y/N] y -Deleted Containers:0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b +Deleted Containers: +0998aa37185a1a7036b0e12cf1ac1b6442dcfa30a5c9650a42ed5010046f195b 73958bfb884fa81fa4cc6baf61055667e940ea2357b4036acbbe25a60f442a4d Deleted Volumes: From 659eab057485d446d8589bc932a9870ada1f67b2 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 18 Oct 2016 18:50:11 +0800 Subject: [PATCH 1822/2538] Fix typs from go to Go Signed-off-by: yuexiao-wang --- docs/reference/commandline/events.md | 2 +- docs/reference/commandline/info.md | 2 +- docs/reference/commandline/inspect.md | 2 +- docs/reference/commandline/network_inspect.md | 2 +- docs/reference/commandline/node_inspect.md | 2 +- docs/reference/commandline/plugin_inspect.md | 2 +- docs/reference/commandline/service_inspect.md | 2 +- docs/reference/commandline/system_prune.md | 1 + docs/reference/commandline/version.md | 2 +- docs/reference/commandline/volume_create.md | 1 + docs/reference/commandline/volume_inspect.md | 3 ++- docs/reference/commandline/volume_ls.md | 3 ++- docs/reference/commandline/volume_rm.md | 1 + man/docker-events.1.md | 2 +- man/docker-info.1.md | 2 +- man/docker-network-inspect.1.md | 2 +- man/docker-version.1.md | 2 +- 17 files changed, 19 insertions(+), 14 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index c9821814de..cb34eee497 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -13,7 +13,7 @@ Get real time events from the server Options: -f, --filter value Filter output based on conditions provided (default []) - --format string Format the output using the given go template + --format string Format the output using the given Go template --help Print usage --since string Show all events created since timestamp --until string Stream events until this timestamp diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index a880fb7556..12c54d7a32 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -12,7 +12,7 @@ Usage: docker info [OPTIONS] Display system-wide information Options: - -f, --format string Format the output using the given go template + -f, --format string Format the output using the given Go template --help Print usage ``` diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 697254a07a..ec61d96cc3 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -13,7 +13,7 @@ Return low-level information on one or multiple containers, images, volumes, networks, nodes, services, or tasks identified by name or ID. Options: - -f, --format Format the output using the given go template + -f, --format Format the output using the given Go template --help Print usage -s, --size Display total file sizes if the type is container values are "image" or "container" or "task diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 1e0b3e53dd..9603d936dd 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -12,7 +12,7 @@ Usage: docker network inspect [OPTIONS] NETWORK [NETWORK...] Display detailed information on one or more networks Options: - -f, --format string Format the output using the given go template + -f, --format string Format the output using the given Go template --help Print usage ``` diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 9edc081f3b..8728605f2a 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -12,7 +12,7 @@ Usage: docker node inspect [OPTIONS] self|NODE [NODE...] Display detailed information on one or more nodes Options: - -f, --format string Format the output using the given go template + -f, --format string Format the output using the given Go template --help Print usage --pretty Print the information in a human friendly format. ``` diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 01f5877e8c..e0b566be99 100755 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -13,7 +13,7 @@ Usage: docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...] Display detailed information on one or more plugins Options: - -f, --format string Format the output using the given go template + -f, --format string Format the output using the given Go template --help Print usage ``` diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index fc167d77a8..29286dd7d5 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -12,7 +12,7 @@ Usage: docker service inspect [OPTIONS] SERVICE [SERVICE...] Display detailed information on one or more services Options: - -f, --format string Format the output using the given go template + -f, --format string Format the output using the given Go template --help Print usage --pretty Print the information in a human friendly format. ``` diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index 6df4b21e0c..cdea0c642f 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -60,6 +60,7 @@ Total reclaimed space: 13.5 MB * [volume ls](volume_ls.md) * [volume inspect](volume_inspect.md) * [volume rm](volume_rm.md) +* [volume prune](volume_prune.md) * [Understand Data Volumes](../../tutorials/dockervolumes.md) * [system df](system_df.md) * [container prune](container_prune.md) diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index ee95e6508a..169d077e10 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -12,7 +12,7 @@ Usage: docker version [OPTIONS] Show the Docker version information Options: - -f, --format string Format the output using the given go template + -f, --format string Format the output using the given Go template --help Print usage ``` diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index b05b408736..db9d7a28ce 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -78,4 +78,5 @@ $ docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.1,rw * [volume inspect](volume_inspect.md) * [volume ls](volume_ls.md) * [volume rm](volume_rm.md) +* [volume prune](volume_prune.md) * [Understand Data Volumes](../../tutorials/dockervolumes.md) diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index dd748d2706..fba4853178 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -12,7 +12,7 @@ Usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...] Display detailed information on one or more volumes Options: - -f, --format string Format the output using the given go template + -f, --format string Format the output using the given Go template --help Print usage ``` @@ -44,4 +44,5 @@ Example output: * [volume create](volume_create.md) * [volume ls](volume_ls.md) * [volume rm](volume_rm.md) +* [volume prune](volume_prune.md) * [Understand Data Volumes](../../tutorials/dockervolumes.md) diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index fb8c658261..d9dde580d1 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -25,7 +25,7 @@ Options: -q, --quiet Only display volume names ``` -Lists all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. +List all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. Example output: @@ -170,4 +170,5 @@ vol3: local * [volume create](volume_create.md) * [volume inspect](volume_inspect.md) * [volume rm](volume_rm.md) +* [volume prune](volume_prune.md) * [Understand Data Volumes](../../tutorials/dockervolumes.md) diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index 2e5e534309..ec54400778 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -30,4 +30,5 @@ Remove one or more volumes. You cannot remove a volume that is in use by a conta * [volume create](volume_create.md) * [volume inspect](volume_inspect.md) * [volume ls](volume_ls.md) +* [volume prune](volume_prune.md) * [Understand Data Volumes](../../tutorials/dockervolumes.md) diff --git a/man/docker-events.1.md b/man/docker-events.1.md index 311020f6ef..11b3e98e5a 100644 --- a/man/docker-events.1.md +++ b/man/docker-events.1.md @@ -47,7 +47,7 @@ Docker networks report the following events: Stream events until this timestamp **--format**="" - Format the output using the given go template + Format the output using the given Go template The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed diff --git a/man/docker-info.1.md b/man/docker-info.1.md index 810b215363..42f1efe863 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -33,7 +33,7 @@ available on the volume where `/var/lib/docker` is mounted. Print usage statement **-f**, **--format**="" - Format the output using the given go template + Format the output using the given Go template # EXAMPLES diff --git a/man/docker-network-inspect.1.md b/man/docker-network-inspect.1.md index 3805fb25a8..f27c98cb34 100644 --- a/man/docker-network-inspect.1.md +++ b/man/docker-network-inspect.1.md @@ -103,7 +103,7 @@ $ docker network inspect simple-network # OPTIONS **-f**, **--format**="" - Format the output using the given go template. + Format the output using the given Go template. **--help** Print usage statement diff --git a/man/docker-version.1.md b/man/docker-version.1.md index 04ae3464f8..bb521c4eed 100644 --- a/man/docker-version.1.md +++ b/man/docker-version.1.md @@ -18,7 +18,7 @@ daemon. Print usage statement **-f**, **--format**="" - Format the output using the given go template. + Format the output using the given Go template. # EXAMPLES From fbdf4c1ea3aa21e255ea5595703e1dfd1658b9cb Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 18 Oct 2016 22:59:18 +0800 Subject: [PATCH 1823/2538] Fix the link for sharing images via repositories Signed-off-by: yuexiao-wang --- docs/reference/commandline/tag.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 7154725977..7d60e58550 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -29,7 +29,7 @@ periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. You can group your images together using names and tags, and then upload them -to [*Share Images via Repositories*](../../tutorials/dockerrepos.md#contributing-to-docker-hub). +to [*Share Images via Repositories*](https://docs.docker.com/docker-hub/repos/). # Examples From fb809d05114539562fc05e08db26fc15ed084d9b Mon Sep 17 00:00:00 2001 From: Ding Fei Date: Sat, 15 Oct 2016 19:03:47 +0800 Subject: [PATCH 1824/2538] Fix typos in docs/reference/builder.md. Signed-off-by: Ding Fei --- docs/reference/builder.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 5b22fa1412..dab06da992 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -21,7 +21,7 @@ Practices](../userguide/eng-image/dockerfile_best-practices.md) for a tip-orient The [`docker build`](commandline/build.md) command builds an image from a `Dockerfile` and a *context*. The build's context is the files at a specified location `PATH` or `URL`. The `PATH` is a directory on your local filesystem. -The `URL` is a the location of a Git repository. +The `URL` is a Git repository location. A context is processed recursively. So, a `PATH` includes any subdirectories and the `URL` includes the repository and its submodules. A simple build command @@ -504,7 +504,7 @@ default is `/bin/sh -c` on Linux or `cmd /S /C` on Windows) - `RUN ["executable", "param1", "param2"]` (*exec* form) The `RUN` instruction will execute any commands in a new layer on top of the -current image and commit the results. The resulting comitted image will be +current image and commit the results. The resulting committed image will be used for the next step in the `Dockerfile`. Layering `RUN` instructions and generating commits conforms to the core @@ -519,13 +519,15 @@ command. In the *shell* form you can use a `\` (backslash) to continue a single RUN instruction onto the next line. For example, consider these two lines: + ``` -RUN /bin/bash -c 'source $HOME/.bashrc ;\ +RUN /bin/bash -c 'source $HOME/.bashrc; \ echo $HOME' ``` Together they are equivalent to this single line: + ``` -RUN /bin/bash -c 'source $HOME/.bashrc ; echo $HOME' +RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME' ``` > **Note**: @@ -641,7 +643,7 @@ If the user specifies arguments to `docker run` then they will override the default specified in `CMD`. > **Note**: -> don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits +> Don't confuse `RUN` with `CMD`. `RUN` actually runs a command and commits > the result; `CMD` does not execute anything at build time, but specifies > the intended command for the image. @@ -751,7 +753,7 @@ and ENV myDog Rex The Dog ENV myCat fluffy -will yield the same net results in the final container, but the first form +will yield the same net results in the final image, but the first form is preferred because it produces a single cache layer. The environment variables set using `ENV` will persist when a container is run @@ -773,7 +775,7 @@ ADD has two forms: whitespace) The `ADD` instruction copies new files, directories or remote file URLs from `` -and adds them to the filesystem of the container at the path ``. +and adds them to the filesystem of the image at the path ``. Multiple `` resource may be specified but if they are files or directories then they must be relative to the source directory that is @@ -806,7 +808,7 @@ of whether or not the file has changed and the cache should be updated. > can only contain a URL based `ADD` instruction. You can also pass a > compressed archive through STDIN: (`docker build - < archive.tar.gz`), > the `Dockerfile` at the root of the archive and the rest of the -> archive will get used at the context of the build. +> archive will be used as the context of the build. > **Note**: > If your URL files are protected using authentication, you @@ -848,7 +850,7 @@ guide](../userguide/eng-image/dockerfile_best-practices.md#build-cache) for more - If `` is a *local* tar archive in a recognized compression format (identity, gzip, bzip2 or xz) then it is unpacked as a directory. Resources from *remote* URLs are **not** decompressed. When a directory is copied or - unpacked, it has the same behavior as `tar -x`: the result is the union of: + unpacked, it has the same behavior as `tar -x`, the result is the union of: 1. Whatever existed at the destination path and 2. The contents of the source tree, with conflicts resolved in favor @@ -1677,7 +1679,7 @@ a shell operates. For example, using `SHELL cmd /S /C /V:ON|OFF` on Windows, del environment variable expansion semantics could be modified. The `SHELL` instruction can also be used on Linux should an alternate shell be -required such `zsh`, `csh`, `tcsh` and others. +required such as `zsh`, `csh`, `tcsh` and others. The `SHELL` feature was added in Docker 1.12. From a16bba06fdb7c159cd5ac8a5c1acb0ca6806d4c6 Mon Sep 17 00:00:00 2001 From: Ding Fei Date: Tue, 18 Oct 2016 18:01:46 +0800 Subject: [PATCH 1825/2538] Fix code block fences and typo. Signed-off-by: Ding Fei --- docs/extend/index.md | 8 ++++---- docs/extend/plugin_api.md | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index e8b964ba15..661bfc9f71 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -36,7 +36,7 @@ Hub or on a private registry. You install the plugin using a single command: `docker plugin install `. The `plugin install` command pulls the plugin from the Docker Hub or private -registry. If necessary the CLI prompts you to accept any privilige requriements. +registry. If necessary the CLI prompts you to accept any privilege requriements. For example the plugin may require access to a device on the host system. Finally it enables the plugin. @@ -63,7 +63,7 @@ to create a volume. The plugin requests 2 privileges, the `CAP_SYS_ADMIN` capability to be able to do mount inside the plugin and `host networking`. -2. Check for a value of `true` the `ENABLED` column to verify the plugin +2. Check for a value of `true` the `ENABLED` column to verify the plugin started without error. ```bash @@ -73,7 +73,7 @@ started without error. vieux/sshfs latest true ``` -3. Create a volume using the plugin. +3. Create a volume using the plugin. ```bash $ docker volume create \ @@ -92,7 +92,7 @@ started without error. ``` -5. Verify the plugin successfully created the volume. +5. Verify the plugin successfully created the volume. ```bash $ docker volume ls diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index edf05872cf..8e796e569b 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -121,6 +121,7 @@ ExecStart=/usr/lib/docker/your-plugin WantedBy=multi-user.target ``` The `socket` file (for example `/lib/systemd/system/your-plugin.socket`): + ``` [Unit] Description=Your plugin From b684e781cbb56f502712715d2eb7c98e9c8a997e Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Mon, 17 Oct 2016 22:55:45 +0800 Subject: [PATCH 1826/2538] Fix link for feature deprecation policy Signed-off-by: yuexiao-wang --- docs/deprecated.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 43dfc29275..a2183f99e7 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -9,7 +9,7 @@ keywords: ["docker, documentation, about, technology, deprecate"] The following list of features are deprecated in Engine. To learn more about Docker Engine's deprecation policy, -see [Feature Deprecation Policy](index.md#feature-deprecation-policy). +see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-deprecation-policy). ### `repository:shortid` image references From 77a68402561a38fe716c3a59386da42d5e7fa52b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 9 Oct 2016 04:46:20 -0700 Subject: [PATCH 1827/2538] Align bash completion of volumes to completion of nodes and services Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0103b25590..d29d0ad19f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -179,8 +179,25 @@ __docker_complete_containers_in_network() { COMPREPLY=( $(compgen -W "$containers" -- "$cur") ) } +# Returns a list of all volumes. Additional arguments to `docker volume ls` +# may be specified in order to filter the list, e.g. +# `__docker_volumes --filter dangling=true` +# Because volumes do not have IDs, this function does not distinguish between +# IDs and names. +__docker_volumes() { + __docker_q volume ls -q "$@" +} + +# Applies completion of volumes based on the current value of `$cur` or +# the value of the optional first option `--cur`, if given. +# Additional filters may be appended, see `__docker_volumes`. __docker_complete_volumes() { - COMPREPLY=( $(compgen -W "$(__docker_q volume ls -q)" -- "$cur") ) + local current="$cur" + if [ "$1" = "--cur" ] ; then + current="$2" + shift 2 + fi + COMPREPLY=( $(compgen -W "$(__docker_volumes "$@")" -- "$current") ) } __docker_plugins() { @@ -1150,8 +1167,7 @@ _docker_events() { return ;; volume) - cur="${cur##*=}" - __docker_complete_volumes + __docker_complete_volumes --cur "${cur##*=}" return ;; esac @@ -2209,8 +2225,7 @@ _docker_ps() { return ;; volume) - cur="${cur##*=}" - __docker_complete_volumes + __docker_complete_volumes --cur "${cur##*=}" return ;; esac @@ -2855,8 +2870,7 @@ _docker_volume_ls() { return ;; name) - cur=${cur##*=} - __docker_complete_volumes + __docker_complete_volumes --cur "${cur##*=}" return ;; esac From f1c1bbcbead7928190719067815bc7cb015b5f1b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 8 Oct 2016 10:50:31 -0700 Subject: [PATCH 1828/2538] Align bash completion of networks to completion of nodes and services Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 62 +++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 27 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d29d0ad19f..84401ca975 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -150,28 +150,40 @@ __docker_complete_containers_and_images() { COMPREPLY+=( "${containers[@]}" ) } -# Returns the names and optionally IDs of networks. -# The selection can be narrowed by an optional filter parameter, e.g. 'type=custom' +# Returns a list of all networks. Additional arguments to `docker network ls` +# may be specified in order to filter the list, e.g. +# `__docker_networks --filter type=custom` +# By default, only names are returned. +# Set DOCKER_COMPLETION_SHOW_NETWORK_IDS=yes to also complete IDs. +# An optional first option `--id|--name` may be used to limit the +# output to the IDs or names of matching items. This setting takes +# precedence over the environment setting. __docker_networks() { - local filter="$1" - # By default, only network names are completed. - # Set DOCKER_COMPLETION_SHOW_NETWORK_IDS=yes to also complete network IDs. - local fields='$2' - [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS}" = yes ] && fields='$1,$2' - __docker_q network ls --no-trunc ${filter:+-f "$filter"} | awk "NR>1 {print $fields}" - #__docker_q network ls --no-trunc | awk "NR>1 {print $fields}" + local format + if [ "$1" = "--id" ] ; then + format='{{.ID}}' + shift + elif [ "$1" = "--name" ] ; then + format='{{.Name}}' + shift + elif [ "${DOCKER_COMPLETION_SHOW_NETWORK_IDS}" = yes ] ; then + format='{{.ID}} {{.Name}}' + else + format='{{.Name}}' + fi + __docker_q network ls --format "$format" "$@" } +# Applies completion of networks based on the current value of `$cur` or +# the value of the optional first option `--cur`, if given. +# Additional filters may be appended, see `__docker_networks`. __docker_complete_networks() { - COMPREPLY=( $(compgen -W "$(__docker_networks $@)" -- "$cur") ) -} - -__docker_complete_network_ids() { - COMPREPLY=( $(compgen -W "$(__docker_q network ls -q --no-trunc)" -- "$cur") ) -} - -__docker_complete_network_names() { - COMPREPLY=( $(compgen -W "$(__docker_q network ls | awk 'NR>1 {print $2}')" -- "$cur") ) + local current="$cur" + if [ "$1" = "--cur" ] ; then + current="$2" + shift 2 + fi + COMPREPLY=( $(compgen -W "$(__docker_networks "$@")" -- "$current") ) } __docker_complete_containers_in_network() { @@ -1158,8 +1170,7 @@ _docker_events() { return ;; network) - cur="${cur##*=}" - __docker_complete_networks + __docker_complete_networks --cur "${cur##*=}" return ;; type) @@ -1553,13 +1564,11 @@ _docker_network_ls() { return ;; id) - cur="${cur##*=}" - __docker_complete_network_ids + __docker_complete_networks --cur "${cur##*=}" --id return ;; name) - cur="${cur##*=}" - __docker_complete_network_names + __docker_complete_networks --cur "${cur##*=}" --name return ;; type) @@ -1592,7 +1601,7 @@ _docker_network_rm() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - __docker_complete_networks type=custom + __docker_complete_networks --filter type=custom esac } @@ -2211,8 +2220,7 @@ _docker_ps() { return ;; network) - cur="${cur##*=}" - __docker_complete_networks + __docker_complete_networks --cur "${cur##*=}" return ;; since) From 9ef7847f74d6bfd57c2cdae59518ab9c894681ac Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 13 Oct 2016 04:09:53 -0700 Subject: [PATCH 1829/2538] Improve bash completion of containers Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 80 +++++++++++++++++++++------------- 1 file changed, 49 insertions(+), 31 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 84401ca975..96d93ac14c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -20,6 +20,7 @@ # For several commands, the amount of completions can be configured by # setting environment variables. # +# DOCKER_COMPLETION_SHOW_CONTAINER_IDS # DOCKER_COMPLETION_SHOW_NETWORK_IDS # DOCKER_COMPLETION_SHOW_NODE_IDS # DOCKER_COMPLETION_SHOW_SERVICE_IDS @@ -58,32 +59,56 @@ __docker_q() { docker ${host:+-H "$host"} ${config:+--config "$config"} 2>/dev/null "$@" } -__docker_complete_containers_all() { - local IFS=$'\n' - local containers=( $(__docker_q ps -aq --no-trunc) ) - if [ "$1" ]; then - containers=( $(__docker_q inspect --format "{{if $1}}{{.Id}}{{end}}" "${containers[@]}") ) +# Returns a list of containers. Additional arguments to `docker ps` +# may be specified in order to filter the list, e.g. +# `__docker_containers --filter status=running` +# By default, only names are returned. +# Set DOCKER_COMPLETION_SHOW_CONTAINER_IDS=yes to also complete IDs. +# An optional first option `--id|--name` may be used to limit the +# output to the IDs or names of matching items. This setting takes +# precedence over the environment setting. +__docker_containers() { + local format + if [ "$1" = "--id" ] ; then + format='{{.ID}}' + shift + elif [ "$1" = "--name" ] ; then + format='{{.Names}}' + shift + elif [ "${DOCKER_COMPLETION_SHOW_CONTAINER_IDS}" = yes ] ; then + format='{{.ID}} {{.Names}}' + else + format='{{.Names}}' fi - local names=( $(__docker_q inspect --format '{{.Name}}' "${containers[@]}") ) - names=( "${names[@]#/}" ) # trim off the leading "/" from the container names - unset IFS - COMPREPLY=( $(compgen -W "${names[*]} ${containers[*]}" -- "$cur") ) + __docker_q ps --format "$format" "$@" +} + +# Applies completion of containers based on the current value of `$cur` or +# the value of the optional first option `--cur`, if given. +# Additional filters may be appended, see `__docker_containers`. +__docker_complete_containers() { + local current="$cur" + if [ "$1" = "--cur" ] ; then + current="$2" + shift 2 + fi + COMPREPLY=( $(compgen -W "$(__docker_containers "$@")" -- "$current") ) +} + +__docker_complete_containers_all() { + __docker_complete_containers "$@" --all } __docker_complete_containers_running() { - __docker_complete_containers_all '.State.Running' + __docker_complete_containers "$@" --filter status=running } __docker_complete_containers_stopped() { - __docker_complete_containers_all 'not .State.Running' -} - -__docker_complete_containers_pauseable() { - __docker_complete_containers_all 'and .State.Running (not .State.Paused)' + __docker_complete_containers "$@" --filter status=exited } __docker_complete_containers_unpauseable() { - __docker_complete_containers_all '.State.Paused' + __docker_complete_containers "$@" --filter status=paused } __docker_complete_container_names() { @@ -1114,8 +1139,7 @@ _docker_events() { local key=$(__docker_map_key_of_current_option '-f|--filter') case "$key" in container) - cur="${cur##*=}" - __docker_complete_containers_all + __docker_complete_containers_all --cur "${cur##*=}" return ;; daemon) @@ -2172,7 +2196,7 @@ _docker_pause() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_complete_containers_pauseable + __docker_complete_containers_running fi ;; esac @@ -2201,13 +2225,11 @@ _docker_ps() { return ;; before) - cur="${cur##*=}" - __docker_complete_containers_all + __docker_complete_containers_all --cur "${cur##*=}" return ;; id) - cur="${cur##*=}" - __docker_complete_container_ids + __docker_complete_containers_all --cur "${cur##*=}" --id return ;; is-task) @@ -2215,8 +2237,7 @@ _docker_ps() { return ;; name) - cur="${cur##*=}" - __docker_complete_container_names + __docker_complete_containers_all --cur "${cur##*=}" --name return ;; network) @@ -2224,8 +2245,7 @@ _docker_ps() { return ;; since) - cur="${cur##*=}" - __docker_complete_containers_all + __docker_complete_containers_all --cur "${cur##*=}" return ;; status) @@ -2560,8 +2580,7 @@ _docker_run() { --network) case "$cur" in container:*) - local cur=${cur#*:} - __docker_complete_containers_all + __docker_complete_containers_all --cur "${cur#*:}" ;; *) COMPREPLY=( $( compgen -W "$(__docker_plugins Network) $(__docker_networks) container:" -- "$cur") ) @@ -2575,8 +2594,7 @@ _docker_run() { --pid) case "$cur" in *:*) - cur="${cur#*:}" - __docker_complete_containers_running + __docker_complete_containers_running --cur "${cur#*:}" ;; *) COMPREPLY=( $( compgen -W 'host container:' -- "$cur" ) ) From 3ba4b592331e29b4a1bc1acceabc4caaa1c62ec6 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 18 Oct 2016 15:24:28 +0200 Subject: [PATCH 1830/2538] Add bash completion for `docker {run,create} --stop-timeout` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 96d93ac14c..cb24bd0841 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2430,6 +2430,7 @@ _docker_run() { --security-opt --shm-size --stop-signal + --stop-timeout --storage-opt --tmpfs --sysctl From 8c03c1201bfb389aea3b2c59d21e1c87c4562b13 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Fri, 2 Sep 2016 14:12:05 -0700 Subject: [PATCH 1831/2538] Service update failure thresholds and rollback This adds support for two enhancements to swarm service rolling updates: - Failure thresholds: In Docker 1.12, a service update could be set up to either pause or continue after a single failure occurs. This adds an --update-max-failure-ratio flag that controls how many tasks need to fail to update for the update as a whole to be considered a failure. A counterpart flag, --update-monitor, controls how long to monitor each task for a failure after starting it during the update. - Rollback flag: service update --rollback reverts the service to its previous version. If a service update encounters task failures, or fails to function properly for some other reason, the user can roll back the update. SwarmKit also has the ability to roll back updates automatically after hitting the failure thresholds, but we've decided not to expose this in the Docker API/CLI for now, favoring a workflow where the decision to roll back is always made by an admin. Depending on user feedback, we may add a "rollback" option to --update-failure-action in the future. Signed-off-by: Aaron Lehmann --- contrib/completion/bash/docker | 3 + contrib/completion/zsh/_docker | 3 + docs/reference/commandline/service_create.md | 62 ++++++++-------- docs/reference/commandline/service_update.md | 77 ++++++++++---------- 4 files changed, 78 insertions(+), 67 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index cb24bd0841..43197c7d5f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1809,9 +1809,12 @@ _docker_service_update() { --restart-delay --restart-max-attempts --restart-window + --rollback --stop-grace-period --update-delay --update-failure-action + --update-max-failure-ratio + --update-monitor --update-parallelism --user -u --workdir -w diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d9246105b9..cb73073905 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1108,6 +1108,8 @@ __docker_service_subcommand() { "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: " "($help)--update-delay=[Delay between updates]:delay: " "($help)--update-failure-action=[Action on update failure]:mode:(pause continue)" + "($help)--update-max-failure-ratio=[Failure rate to tolerate during an update]:fraction: " + "($help)--update-monitor=[Duration after each task update to monitor for failure]:window: " "($help)--update-parallelism=[Maximum number of tasks updated simultaneously]:number: " "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" "($help)--with-registry-auth[Send registry authentication details to swarm agents]" @@ -1185,6 +1187,7 @@ __docker_service_subcommand() { "($help)*--container-label-rm=[Remove a container label by its key]:label: " \ "($help)*--group-rm=[Remove previously added user groups from the container]:group:_groups" \ "($help)--image=[Service image tag]:image:__docker_repositories" \ + "($help)--rollback[Rollback to previous specification]" \ "($help -)1:service:__docker_complete_services" && ret=0 ;; (help) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index f4d0815070..93ffb0e9a9 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -12,36 +12,38 @@ Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] Create a new service Options: - --constraint value Placement constraints (default []) - --container-label value Service container labels (default []) - --endpoint-mode string Endpoint mode (vip or dnsrr) - -e, --env value Set environment variables (default []) - --group-add value Add additional user groups to the container (default []) - --help Print usage - -l, --label value Service labels (default []) - --limit-cpu value Limit CPUs (default 0.000) - --limit-memory value Limit Memory (default 0 B) - --log-driver string Logging driver for service - --log-opt value Logging driver options (default []) - --mode string Service mode (replicated or global) (default "replicated") - --mount value Attach a mount to the service - --name string Service name - --network value Network attachments (default []) - -p, --publish value Publish a port as a node port (default []) - --replicas value Number of tasks (default none) - --reserve-cpu value Reserve CPUs (default 0.000) - --reserve-memory value Reserve Memory (default 0 B) - --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay value Delay between restart attempts (default none) - --restart-max-attempts value Maximum number of restarts before giving up (default none) - --restart-window value Window used to evaluate the restart policy (default none) - --stop-grace-period value Time to wait before force killing a container (default none) - --update-delay duration Delay between updates - --update-failure-action string Action on update failure (pause|continue) (default "pause") - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID (format: [:]) - --with-registry-auth Send registry authentication details to Swarm agents - -w, --workdir string Working directory inside the container + --constraint value Placement constraints (default []) + --container-label value Service container labels (default []) + --endpoint-mode string Endpoint mode (vip or dnsrr) + -e, --env value Set environment variables (default []) + --group-add value Add additional user groups to the container (default []) + --help Print usage + -l, --label value Service labels (default []) + --limit-cpu value Limit CPUs (default 0.000) + --limit-memory value Limit Memory (default 0 B) + --log-driver string Logging driver for service + --log-opt value Logging driver options (default []) + --mode string Service mode (replicated or global) (default "replicated") + --mount value Attach a mount to the service + --name string Service name + --network value Network attachments (default []) + -p, --publish value Publish a port as a node port (default []) + --replicas value Number of tasks (default none) + --reserve-cpu value Reserve CPUs (default 0.000) + --reserve-memory value Reserve Memory (default 0 B) + --restart-condition string Restart when condition is met (none, on-failure, or any) + --restart-delay value Delay between restart attempts (default none) + --restart-max-attempts value Maximum number of restarts before giving up (default none) + --restart-window value Window used to evaluate the restart policy (default none) + --stop-grace-period value Time to wait before force killing a container (default none) + --update-delay duration Delay between updates + --update-failure-action string Action on update failure (pause|continue) (default "pause") + --update-max-failure-ratio value Failure rate to tolerate during an update + --update-monitor duration Duration after each task update to monitor for failure (default 0s) + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) + -u, --user string Username or UID (format: [:]) + --with-registry-auth Send registry authentication details to Swarm agents + -w, --workdir string Working directory inside the container ``` Creates a service as described by the specified parameters. You must run this diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index f1698c3e01..d70a656837 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -12,43 +12,46 @@ Usage: docker service update [OPTIONS] SERVICE Update a service Options: - --args string Service command args - --constraint-add value Add or update placement constraints (default []) - --constraint-rm value Remove a constraint (default []) - --container-label-add value Add or update container labels (default []) - --container-label-rm value Remove a container label by its key (default []) - --endpoint-mode string Endpoint mode (vip or dnsrr) - --env-add value Add or update environment variables (default []) - --env-rm value Remove an environment variable (default []) - --group-add value Add additional user groups to the container (default []) - --group-rm value Remove previously added user groups from the container (default []) - --help Print usage - --image string Service image tag - --label-add value Add or update service labels (default []) - --label-rm value Remove a label by its key (default []) - --limit-cpu value Limit CPUs (default 0.000) - --limit-memory value Limit Memory (default 0 B) - --log-driver string Logging driver for service - --log-opt value Logging driver options (default []) - --mount-add value Add or update a mount on a service - --mount-rm value Remove a mount by its target path (default []) - --name string Service name - --publish-add value Add or update a published port (default []) - --publish-rm value Remove a published port by its target port (default []) - --replicas value Number of tasks (default none) - --reserve-cpu value Reserve CPUs (default 0.000) - --reserve-memory value Reserve Memory (default 0 B) - --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay value Delay between restart attempts (default none) - --restart-max-attempts value Maximum number of restarts before giving up (default none) - --restart-window value Window used to evaluate the restart policy (default none) - --stop-grace-period value Time to wait before force killing a container (default none) - --update-delay duration Delay between updates - --update-failure-action string Action on update failure (pause|continue) (default "pause") - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID (format: [:]) - --with-registry-auth Send registry authentication details to Swarm agents - -w, --workdir string Working directory inside the container + --args string Service command args + --constraint-add value Add or update placement constraints (default []) + --constraint-rm value Remove a constraint (default []) + --container-label-add value Add or update container labels (default []) + --container-label-rm value Remove a container label by its key (default []) + --endpoint-mode string Endpoint mode (vip or dnsrr) + --env-add value Add or update environment variables (default []) + --env-rm value Remove an environment variable (default []) + --group-add value Add additional user groups to the container (default []) + --group-rm value Remove previously added user groups from the container (default []) + --help Print usage + --image string Service image tag + --label-add value Add or update service labels (default []) + --label-rm value Remove a label by its key (default []) + --limit-cpu value Limit CPUs (default 0.000) + --limit-memory value Limit Memory (default 0 B) + --log-driver string Logging driver for service + --log-opt value Logging driver options (default []) + --mount-add value Add or update a mount on a service + --mount-rm value Remove a mount by its target path (default []) + --name string Service name + --publish-add value Add or update a published port (default []) + --publish-rm value Remove a published port by its target port (default []) + --replicas value Number of tasks (default none) + --reserve-cpu value Reserve CPUs (default 0.000) + --reserve-memory value Reserve Memory (default 0 B) + --restart-condition string Restart when condition is met (none, on-failure, or any) + --restart-delay value Delay between restart attempts (default none) + --restart-max-attempts value Maximum number of restarts before giving up (default none) + --restart-window value Window used to evaluate the restart policy (default none) + --rollback Rollback to previous specification + --stop-grace-period value Time to wait before force killing a container (default none) + --update-delay duration Delay between updates + --update-failure-action string Action on update failure (pause|continue) (default "pause") + --update-max-failure-ratio value Failure rate to tolerate during an update + --update-monitor duration Duration after each task update to monitor for failure (default 0s) + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) + -u, --user string Username or UID (format: [:]) + --with-registry-auth Send registry authentication details to Swarm agents + -w, --workdir string Working directory inside the container ``` Updates a service as described by the specified parameters. This command has to be run targeting a manager node. From cfdab875ce5de29e0900b3ba3d40760361292958 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Tue, 18 Oct 2016 12:06:55 -0700 Subject: [PATCH 1832/2538] Update sfp13/pflag Signed-off-by: Daniel Nephin --- man/glide.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/glide.lock b/man/glide.lock index 620a9d4c04..5ec765a4c6 100644 --- a/man/glide.lock +++ b/man/glide.lock @@ -35,7 +35,7 @@ imports: - name: github.com/spf13/jwalterweatherman version: 33c24e77fb80341fe7130ee7c594256ff08ccc46 - name: github.com/spf13/pflag - version: 367864438f1b1a3c7db4da06a2f55b144e6784e0 + version: dabebe21bf790f782ea4c7bbd2efc430de182afd - name: github.com/spf13/viper version: c1ccc378a054ea8d4e38d8c67f6938d4760b53dd - name: golang.org/x/sys From 2160c366b808814ce7100c699da48ee6b202fb59 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Wed, 19 Oct 2016 11:35:01 +0800 Subject: [PATCH 1833/2538] Remove invalid installtion content because there is no corresponding files Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/cli.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 9c13f81113..7bcab838c3 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -41,7 +41,7 @@ each `docker` command with `sudo`. To avoid having to use `sudo` with the `docker` and add users to it. For more information about installing Docker or `sudo` configuration, refer to -the [installation](../../installation/index.md) instructions for your operating system. +the [installation](https://docs.docker.com/engine/installation/) instructions for your operating system. ## Environment variables From 34630120b3705be782f09648566557eeb9900028 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 11 Oct 2016 03:21:47 -0700 Subject: [PATCH 1834/2538] Align bash completion of plugins to completion of nodes and services Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 62 ++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 15 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 43197c7d5f..012aba84f9 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -237,12 +237,49 @@ __docker_complete_volumes() { COMPREPLY=( $(compgen -W "$(__docker_volumes "$@")" -- "$current") ) } +# Returns a list of all plugins of a given type. +# The type has to be specified with the mandatory option `--type`. +# Valid types are: Network, Volume, Authorization. +# Completions may be added or removed with `--add` and `--remove` __docker_plugins() { - __docker_q info | sed -n "/^Plugins/,/^[^ ]/s/ $1: //p" + local type add=() remove=() + while true ; do + case "$1" in + --type) + type="$2" + shift 2 + ;; + --add) + add+=("$2") + shift 2 + ;; + --remove) + remove+=("$2") + shift 2 + ;; + *) + break + ;; + esac + done + + local plugins=($(__docker_q info | sed -n "/^Plugins/,/^[^ ]/s/ $type: //p")) + for del in "${remove[@]}" ; do + plugins=(${plugins[@]/$del/}) + done + echo "${plugins[@]} ${add[@]}" } +# Applies completion of plugins based on the current value of `$cur` or +# the value of the optional first option `--cur`, if given. +# The plugin type has to be specified with the next option `--type`. __docker_complete_plugins() { - COMPREPLY=( $(compgen -W "$(__docker_plugins $1)" -- "$cur") ) + local current="$cur" + if [ "$1" = "--cur" ] ; then + current="$2" + shift 2 + fi + COMPREPLY=( $(compgen -W "$(__docker_plugins "$@")" -- "$current") ) } __docker_runtimes() { @@ -1029,7 +1066,7 @@ _docker_daemon() { case "$prev" in --authorization-plugin) - __docker_complete_plugins Authorization + __docker_complete_plugins --type Authorization return ;; --cluster-store) @@ -1528,11 +1565,8 @@ _docker_network_create() { return ;; --driver|-d) - local plugins="$(__docker_plugins Network) macvlan" - # remove drivers that allow one instance only - plugins=${plugins/ host / } - plugins=${plugins/ null / } - COMPREPLY=( $(compgen -W "$plugins" -- "$cur") ) + # remove drivers that allow one instance only, add drivers missing in `docker info` + __docker_complete_plugins --type Network --remove host --remove null --add macvlan return ;; --label) @@ -1583,8 +1617,7 @@ _docker_network_ls() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in driver) - local plugins=" $(__docker_plugins Network) " - COMPREPLY=( $(compgen -W "$plugins" -- "${cur##*=}") ) + __docker_complete_plugins --cur "${cur##*=}" --type Network --add macvlan return ;; id) @@ -2587,7 +2620,7 @@ _docker_run() { __docker_complete_containers_all --cur "${cur#*:}" ;; *) - COMPREPLY=( $( compgen -W "$(__docker_plugins Network) $(__docker_networks) container:" -- "$cur") ) + COMPREPLY=( $( compgen -W "$(__docker_plugins --type Network) $(__docker_networks) container:" -- "$cur") ) if [ "${COMPREPLY[*]}" = "container:" ] ; then __docker_nospace fi @@ -2634,7 +2667,7 @@ _docker_run() { return ;; --volume-driver) - __docker_complete_plugins Volume + __docker_complete_plugins --type Volume return ;; --volumes-from) @@ -2855,7 +2888,7 @@ _docker_version() { _docker_volume_create() { case "$prev" in --driver|-d) - __docker_complete_plugins Volume + __docker_complete_plugins --type Volume return ;; --label|--opt|-o) @@ -2895,8 +2928,7 @@ _docker_volume_ls() { return ;; driver) - cur=${cur##*=} - __docker_complete_plugins Volume + __docker_complete_plugins --cur "${cur##*=}" --type Volume return ;; name) From fb789bd06d1cb9b1704fd92be7802222b529ee0a Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 30 Aug 2016 04:53:16 +0000 Subject: [PATCH 1835/2538] add creation timestamp to `docker network inspect` Signed-off-by: Akihiro Suda --- docs/reference/commandline/network_inspect.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 9603d936dd..7ad8c401f9 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -41,6 +41,7 @@ $ sudo docker network inspect bridge { "Name": "bridge", "Id": "b2b1a2cba717161d984383fd68218cf70bbbd17d328496885f7c921333228b0f", + "Created": "2016-10-19T04:33:30.360899459Z", "Scope": "local", "Driver": "bridge", "IPAM": { @@ -92,6 +93,7 @@ $ docker network inspect simple-network { "Name": "simple-network", "Id": "69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a", + "Created": "2016-10-19T04:33:30.360899459Z", "Scope": "local", "Driver": "bridge", "IPAM": { From ef158e3e0aa0de4c2302133ce64a42d3ae3e2ccd Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 26 May 2016 14:07:30 -0700 Subject: [PATCH 1836/2538] Add config parameter to change stop timeout during daemon shutdown This fix tries to add a daemon config parameter `--shutdown-timeout` that specifies the timeout value to stop containers gracefully (before SIGKILL). The default value is 15s. The `--shutdown-timeout` parameter is added to daemon options and config file. It will also be updated during daemon reload. Additional test cases have been added to cover the change. This fix fixes #22471. Signed-off-by: Yong Tang --- docs/reference/commandline/dockerd.md | 3 +++ man/dockerd.8.md | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 37676b9652..3bdf2a47ce 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -64,6 +64,7 @@ Options: --raw-logs Full timestamps without ANSI coloring --registry-mirror value Preferred Docker registry mirror (default []) --selinux-enabled Enable selinux support + --shutdown-timeout=15 Set the shutdown timeout value in seconds -s, --storage-driver string Storage driver to use --storage-opt value Storage driver options (default []) --swarm-default-advertise-addr string Set default address or interface for swarm advertised address @@ -1118,6 +1119,7 @@ This is a full example of the allowed configuration options on Linux: "cluster-advertise": "", "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, + "shutdown-timeout": 15, "debug": true, "hosts": [], "log-level": "", @@ -1194,6 +1196,7 @@ This is a full example of the allowed configuration options on Windows: "graph": "", "cluster-store": "", "cluster-advertise": "", + "shutdown-timeout": 15, "debug": true, "hosts": [], "log-level": "", diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 84ae3df6b4..24b71811fb 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -56,6 +56,7 @@ dockerd - Enable daemon mode [**--registry-mirror**[=*[]*]] [**-s**|**--storage-driver**[=*STORAGE-DRIVER*]] [**--selinux-enabled**] +[**--shutdown-timeout**[=*15*]] [**--storage-opt**[=*[]*]] [**--swarm-default-advertise-addr**[=*IP|INTERFACE*]] [**--tls**] @@ -246,6 +247,9 @@ output otherwise. **--selinux-enabled**=*true*|*false* Enable selinux support. Default is false. +**--shutdown-timeout**=*15* + Set the shutdown timeout value in seconds. Default is `15`. + **--storage-opt**=[] Set storage driver options. See STORAGE DRIVER OPTIONS. From 62fb2cfa9402c818e7c3988495f306315ae1b60c Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 18 Oct 2016 00:04:52 +0800 Subject: [PATCH 1837/2538] Update the link for understand data volumes Signed-off-by: yuexiao-wang --- docs/reference/commandline/system_prune.md | 2 +- docs/reference/commandline/volume_create.md | 2 +- docs/reference/commandline/volume_inspect.md | 2 +- docs/reference/commandline/volume_ls.md | 2 +- docs/reference/commandline/volume_prune.md | 2 +- docs/reference/commandline/volume_rm.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index cdea0c642f..dd0868b1ab 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -61,7 +61,7 @@ Total reclaimed space: 13.5 MB * [volume inspect](volume_inspect.md) * [volume rm](volume_rm.md) * [volume prune](volume_prune.md) -* [Understand Data Volumes](../../tutorials/dockervolumes.md) +* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) * [system df](system_df.md) * [container prune](container_prune.md) * [image prune](image_prune.md) diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index db9d7a28ce..45e0ebad66 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -79,4 +79,4 @@ $ docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.1,rw * [volume ls](volume_ls.md) * [volume rm](volume_rm.md) * [volume prune](volume_prune.md) -* [Understand Data Volumes](../../tutorials/dockervolumes.md) +* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index fba4853178..3de21548e9 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -45,4 +45,4 @@ Example output: * [volume ls](volume_ls.md) * [volume rm](volume_rm.md) * [volume prune](volume_prune.md) -* [Understand Data Volumes](../../tutorials/dockervolumes.md) +* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index d9dde580d1..c9cd3bf4df 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -171,4 +171,4 @@ vol3: local * [volume inspect](volume_inspect.md) * [volume rm](volume_rm.md) * [volume prune](volume_prune.md) -* [Understand Data Volumes](../../tutorials/dockervolumes.md) +* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) diff --git a/docs/reference/commandline/volume_prune.md b/docs/reference/commandline/volume_prune.md index b3db90c03c..acc7a3afe9 100644 --- a/docs/reference/commandline/volume_prune.md +++ b/docs/reference/commandline/volume_prune.md @@ -37,7 +37,7 @@ Total reclaimed space: 36 B * [volume ls](volume_ls.md) * [volume inspect](volume_inspect.md) * [volume rm](volume_rm.md) -* [Understand Data Volumes](../../tutorials/dockervolumes.md) +* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) * [system df](system_df.md) * [container prune](container_prune.md) * [image prune](image_prune.md) diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index ec54400778..6e4484f12f 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -31,4 +31,4 @@ Remove one or more volumes. You cannot remove a volume that is in use by a conta * [volume inspect](volume_inspect.md) * [volume ls](volume_ls.md) * [volume prune](volume_prune.md) -* [Understand Data Volumes](../../tutorials/dockervolumes.md) +* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) From a511da3c5759e98fac92dcbbbabceaff6ae77824 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 19 Oct 2016 18:59:01 +0200 Subject: [PATCH 1838/2538] Add bash completion for `dockerd --shutdown-timeout` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 012aba84f9..3cdab69813 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1031,6 +1031,7 @@ _docker_daemon() { --oom-score-adjust --pidfile -p --registry-mirror + --shutdown-timeout --storage-driver -s --storage-opt --userns-remap From ba501cf4fdbb4aaec975d5ad30311629b285e019 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 19 Oct 2016 15:15:15 +0200 Subject: [PATCH 1839/2538] Improve comments in bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 102 +++++++++++++++++---------------- 1 file changed, 52 insertions(+), 50 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 3cdab69813..aba5331b6e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -59,8 +59,8 @@ __docker_q() { docker ${host:+-H "$host"} ${config:+--config "$config"} 2>/dev/null "$@" } -# Returns a list of containers. Additional arguments to `docker ps` -# may be specified in order to filter the list, e.g. +# __docker_containers returns a list of containers. Additional options to +# `docker ps` may be specified in order to filter the list, e.g. # `__docker_containers --filter status=running` # By default, only names are returned. # Set DOCKER_COMPLETION_SHOW_CONTAINER_IDS=yes to also complete IDs. @@ -83,8 +83,8 @@ __docker_containers() { __docker_q ps --format "$format" "$@" } -# Applies completion of containers based on the current value of `$cur` or -# the value of the optional first option `--cur`, if given. +# __docker_complete_containers applies completion of containers based on the current +# value of `$cur` or the value of the optional first option `--cur`, if given. # Additional filters may be appended, see `__docker_containers`. __docker_complete_containers() { local current="$cur" @@ -175,8 +175,8 @@ __docker_complete_containers_and_images() { COMPREPLY+=( "${containers[@]}" ) } -# Returns a list of all networks. Additional arguments to `docker network ls` -# may be specified in order to filter the list, e.g. +# __docker_networks returns a list of all networks. Additional options to +# `docker network ls` may be specified in order to filter the list, e.g. # `__docker_networks --filter type=custom` # By default, only names are returned. # Set DOCKER_COMPLETION_SHOW_NETWORK_IDS=yes to also complete IDs. @@ -199,8 +199,8 @@ __docker_networks() { __docker_q network ls --format "$format" "$@" } -# Applies completion of networks based on the current value of `$cur` or -# the value of the optional first option `--cur`, if given. +# __docker_complete_networks applies completion of networks based on the current +# value of `$cur` or the value of the optional first option `--cur`, if given. # Additional filters may be appended, see `__docker_networks`. __docker_complete_networks() { local current="$cur" @@ -216,8 +216,8 @@ __docker_complete_containers_in_network() { COMPREPLY=( $(compgen -W "$containers" -- "$cur") ) } -# Returns a list of all volumes. Additional arguments to `docker volume ls` -# may be specified in order to filter the list, e.g. +# __docker_volumes returns a list of all volumes. Additional options to +# `docker volume ls` may be specified in order to filter the list, e.g. # `__docker_volumes --filter dangling=true` # Because volumes do not have IDs, this function does not distinguish between # IDs and names. @@ -225,8 +225,8 @@ __docker_volumes() { __docker_q volume ls -q "$@" } -# Applies completion of volumes based on the current value of `$cur` or -# the value of the optional first option `--cur`, if given. +# __docker_complete_volumes applies completion of volumes based on the current +# value of `$cur` or the value of the optional first option `--cur`, if given. # Additional filters may be appended, see `__docker_volumes`. __docker_complete_volumes() { local current="$cur" @@ -237,7 +237,7 @@ __docker_complete_volumes() { COMPREPLY=( $(compgen -W "$(__docker_volumes "$@")" -- "$current") ) } -# Returns a list of all plugins of a given type. +# __docker_plugins returns a list of all plugins of a given type. # The type has to be specified with the mandatory option `--type`. # Valid types are: Network, Volume, Authorization. # Completions may be added or removed with `--add` and `--remove` @@ -270,8 +270,8 @@ __docker_plugins() { echo "${plugins[@]} ${add[@]}" } -# Applies completion of plugins based on the current value of `$cur` or -# the value of the optional first option `--cur`, if given. +# __docker_complete_plugins applies completion of plugins based on the current +# value of `$cur` or the value of the optional first option `--cur`, if given. # The plugin type has to be specified with the next option `--type`. __docker_complete_plugins() { local current="$cur" @@ -290,13 +290,13 @@ __docker_complete_runtimes() { COMPREPLY=( $(compgen -W "$(__docker_runtimes)" -- "$cur") ) } -# Returns a list of all nodes. Additional arguments to `docker node` -# may be specified in order to filter the node list, e.g. +# __docker_nodes returns a list of all nodes. Additional options to +# `docker node ls` may be specified in order to filter the list, e.g. # `__docker_nodes --filter role=manager` -# By default, only node names are completed. +# By default, only node names are returned. # Set DOCKER_COMPLETION_SHOW_NODE_IDS=yes to also complete node IDs. -# An optional first argument `--id|--name` may be used to limit -# the output to the IDs or names of matching nodes. This setting takes +# An optional first option `--id|--name` may be used to limit the +# output to the IDs or names of matching items. This setting takes # precedence over the environment setting. __docker_nodes() { local fields='$2' # default: node name only @@ -312,11 +312,11 @@ __docker_nodes() { __docker_q node ls "$@" | tr -d '*' | awk "NR>1 {print $fields}" } -# Applies completion of nodes based on the current value of `$cur` or -# the value of the optional first argument `--cur`, if given. +# __docker_complete_nodes applies completion of nodes based on the current +# value of `$cur` or the value of the optional first option `--cur`, if given. # Additional filters may be appended, see `__docker_nodes`. __docker_complete_nodes() { - local current=$cur + local current="$cur" if [ "$1" = "--cur" ] ; then current="$2" shift 2 @@ -329,13 +329,13 @@ __docker_complete_nodes_plus_self() { COMPREPLY+=( self ) } -# Returns a list of all services. Additional arguments to `docker service ls` -# may be specified in order to filter the service list, e.g. +# __docker_services returns a list of all services. Additional options to +# `docker service ls` may be specified in order to filter the list, e.g. # `__docker_services --filter name=xxx` -# By default, only node names are completed. -# Set DOCKER_COMPLETION_SHOW_SERVICE_IDS=yes to also complete service IDs. -# An optional first argument `--id|--name` may be used to limit -# the output to the IDs or names of matching services. This setting takes +# By default, only node names are returned. +# Set DOCKER_COMPLETION_SHOW_SERVICE_IDS=yes to also complete IDs. +# An optional first option `--id|--name` may be used to limit the +# output to the IDs or names of matching items. This setting takes # precedence over the environment setting. __docker_services() { local fields='$2' # default: service name only @@ -351,11 +351,11 @@ __docker_services() { __docker_q service ls "$@" | awk "NR>1 {print $fields}" } -# Applies completion of services based on the current value of `$cur` or -# the value of the optional first argument `--cur`, if given. +# __docker_complete_services applies completion of services based on the current +# value of `$cur` or the value of the optional first option `--cur`, if given. # Additional filters may be appended, see `__docker_services`. __docker_complete_services() { - local current=$cur + local current="$cur" if [ "$1" = "--cur" ] ; then current="$2" shift 2 @@ -363,16 +363,18 @@ __docker_complete_services() { COMPREPLY=( $(compgen -W "$(__docker_services "$@")" -- "$current") ) } -# Appends the word passed as an argument to every word in `$COMPREPLY`. -# Normally you do this with `compgen -S`. This function exists so that you can use +# __docker_append_to_completions appends the word passed as an argument to every +# word in `$COMPREPLY`. +# Normally you do this with `compgen -S` while generating the completions. +# This function allows you to append a suffix later. It allows you to use # the __docker_complete_XXX functions in cases where you need a suffix. __docker_append_to_completions() { COMPREPLY=( ${COMPREPLY[@]/%/"$1"} ) } -# Finds the position of the first word that is neither option nor an option's argument. -# If there are options that require arguments, you should pass a glob describing those -# options, e.g. "--option1|-o|--option2" +# __docker_pos_first_nonflag finds the position of the first word that is neither +# option nor an option's argument. If there are options that require arguments, +# you should pass a glob describing those options, e.g. "--option1|-o|--option2" # Use this function to restrict completions to exact positions after the argument list. __docker_pos_first_nonflag() { local argument_flags=$1 @@ -405,8 +407,8 @@ __docker_pos_first_nonflag() { echo $counter } -# If we are currently completing the value of a map option (key=value) -# which matches the extglob given as an argument, returns key. +# __docker_map_key_of_current_option returns `key` if we are currently completing the +# value of a map option (`key=value`) which matches the extglob given as an argument. # This function is needed for key-specific completions. __docker_map_key_of_current_option() { local glob="$1" @@ -430,9 +432,9 @@ __docker_map_key_of_current_option() { [[ ${words[$glob_pos]} == @($glob) ]] && echo "$key" } -# Returns the value of the first option matching option_glob. -# Valid values for option_glob are option names like '--log-level' and -# globs like '--log-level|-l' +# __docker_value_of_option returns the value of the first option matching `option_glob`. +# Valid values for `option_glob` are option names like `--log-level` and globs like +# `--log-level|-l` # Only positions between the command and the current word are considered. __docker_value_of_option() { local option_extglob=$(__docker_to_extglob "$1") @@ -449,8 +451,8 @@ __docker_value_of_option() { done } -# Transforms a multiline list of strings into a single line string -# with the words separated by "|". +# __docker_to_alternatives transforms a multiline list of strings into a single line +# string with the words separated by `|`. # This is used to prepare arguments to __docker_pos_first_nonflag(). __docker_to_alternatives() { local parts=( $1 ) @@ -458,14 +460,14 @@ __docker_to_alternatives() { echo "${parts[*]}" } -# Transforms a multiline list of options into an extglob pattern +# __docker_to_extglob transforms a multiline list of options into an extglob pattern # suitable for use in case statements. __docker_to_extglob() { local extglob=$( __docker_to_alternatives "$1" ) echo "@($extglob)" } -# Subcommand processing. +# __docker_subcommands processes subcommands # Locates the first occurrence of any of the subcommands contained in the # first argument. In case of a match, calls the corresponding completion # function and returns 0. @@ -494,7 +496,7 @@ __docker_subcommands() { return 1 } -# suppress trailing whitespace +# __docker_nospace suppresses trailing whitespace __docker_nospace() { # compopt is not available in ancient bash versions type compopt &>/dev/null && compopt -o nospace @@ -757,8 +759,8 @@ __docker_complete_restart() { return 1 } -# a selection of the available signals that is most likely of interest in the -# context of docker containers. +# __docker_complete_signals returns a subset of the available signals that is most likely +# relevant in the context of docker containers __docker_complete_signals() { local signals=( SIGCONT @@ -783,8 +785,8 @@ __docker_complete_user_group() { fi } -# global options that may appear after the docker command _docker_docker() { + # global options that may appear after the docker command local boolean_options=" $global_boolean_options --help From 77bcb1c514e94836cc6e2b06edb622e765cbf4a4 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 20 Oct 2016 01:39:41 +0800 Subject: [PATCH 1840/2538] Update the link for sharing images via repositories Signed-off-by: yuexiao-wang --- docs/reference/commandline/tag.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 7d60e58550..2584f276b1 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -29,7 +29,7 @@ periods and dashes. A tag name may not start with a period or a dash and may contain a maximum of 128 characters. You can group your images together using names and tags, and then upload them -to [*Share Images via Repositories*](https://docs.docker.com/docker-hub/repos/). +to [*Share Images via Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub). # Examples From 38d93769fed6e644bda4fef803c05a22a3c8da25 Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Mon, 17 Oct 2016 17:23:09 +0200 Subject: [PATCH 1841/2538] zsh: fix completion when docker output only has the header line Unfortunately, `(f)` aka `(ps:\n:)` flag will not create an array when there is only one line. The subsequent use of indexes will then affect the string. This leads to `docker rmi ` to complete on the header line instead of nothing. Therefore, for each use of `(f)`, we ensure that we have an extra new line to be sure we get an array. Credit to @povesteam for the original report and fix in #27373. Signed-off-by: Vincent Bernat --- contrib/completion/zsh/_docker | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index cb73073905..2cefa33e50 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -57,7 +57,7 @@ __docker_get_containers() { type=$1; shift [[ $kind = (stopped|all) ]] && args=($args -a) - lines=(${(f)"$(_call_program commands docker $docker_options ps --format 'table' --no-trunc $args)"}) + lines=(${(f)${:-"$(_call_program commands docker $docker_options ps --format 'table' --no-trunc $args)"$'\n'}}) # Parse header line to find columns local i=1 j=1 k header=${lines[1]} @@ -153,7 +153,7 @@ __docker_images() { [[ $PREFIX = -* ]] && return 1 integer ret=1 declare -a images - images=(${${${(f)"$(_call_program commands docker $docker_options images)"}[2,-1]}/(#b)([^ ]##) ##([^ ]##) ##([^ ]##)*/${match[3]}:${(r:15:: :::)match[2]} in ${match[1]}}) + images=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}[2,-1]}/(#b)([^ ]##) ##([^ ]##) ##([^ ]##)*/${match[3]}:${(r:15:: :::)match[2]} in ${match[1]}}) _describe -t docker-images "images" images && ret=0 __docker_repositories_with_tags && ret=0 return ret @@ -162,7 +162,7 @@ __docker_images() { __docker_repositories() { [[ $PREFIX = -* ]] && return 1 declare -a repos - repos=(${${${(f)"$(_call_program commands docker $docker_options images)"}%% *}[2,-1]}) + repos=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}%% *}[2,-1]}) repos=(${repos#}) _describe -t docker-repos "repositories" repos } @@ -172,7 +172,7 @@ __docker_repositories_with_tags() { integer ret=1 declare -a repos onlyrepos matched declare m - repos=(${${${${(f)"$(_call_program commands docker $docker_options images)"}[2,-1]}/ ##/:::}%% *}) + repos=(${${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}[2,-1]}/ ##/:::}%% *}) repos=(${${repos%:::}#}) # Check if we have a prefix-match for the current prefix. onlyrepos=(${repos%::*}) @@ -208,7 +208,7 @@ __docker_search() { if ( [[ ${(P)+cachename} -eq 0 ]] || _cache_invalid ${cachename#_} ) \ && ! _retrieve_cache ${cachename#_}; then _message "Searching for ${searchterm}..." - result=(${${${(f)"$(_call_program commands docker $docker_options search $searchterm)"}%% *}[2,-1]}) + result=(${${${(f)${:-"$(_call_program commands docker $docker_options search $searchterm)"$'\n'}}%% *}[2,-1]}) _store_cache ${cachename#_} result fi _wanted dockersearch expl 'available images' compadd -a result @@ -509,7 +509,7 @@ __docker_get_networks() { type=$1; shift - lines=(${(f)"$(_call_program commands docker $docker_options network ls)"}) + lines=(${(f)${:-"$(_call_program commands docker $docker_options network ls)"$'\n'}}) # Parse header line to find columns local i=1 j=1 k header=${lines[1]} @@ -725,7 +725,7 @@ __docker_nodes() { filter=$1; shift [[ $filter != "none" ]] && args=("-f $filter") - lines=(${(f)"$(_call_program commands docker $docker_options node ls $args)"}) + lines=(${(f)${:-"$(_call_program commands docker $docker_options node ls $args)"$'\n'}}) # Parse header line to find columns local i=1 j=1 k header=${lines[1]} declare -A begin end @@ -886,7 +886,7 @@ __docker_complete_plugins() { local line s declare -a lines plugins - lines=(${(f)"$(_call_program commands docker $docker_options plugin ls)"}) + lines=(${(f)${:-"$(_call_program commands docker $docker_options plugin ls)"$'\n'}}) # Parse header line to find columns local i=1 j=1 k header=${lines[1]} @@ -1012,7 +1012,7 @@ __docker_services() { type=$1; shift - lines=(${(f)"$(_call_program commands docker $docker_options service ls)"}) + lines=(${(f)${:-"$(_call_program commands docker $docker_options service ls)"$'\n'}}) # Parse header line to find columns local i=1 j=1 k header=${lines[1]} @@ -1301,7 +1301,7 @@ __docker_volumes() { integer ret=1 declare -a lines volumes - lines=(${(f)"$(_call_program commands docker $docker_options volume ls)"}) + lines=(${(f)${:-"$(_call_program commands docker $docker_options volume ls)"$'\n'}}) # Parse header line to find columns local i=1 j=1 k header=${lines[1]} From 73dd34b2b332a8fc32bacb88bb8659d985e3222b Mon Sep 17 00:00:00 2001 From: Jonh Wendell Date: Wed, 13 Jul 2016 14:24:41 -0300 Subject: [PATCH 1842/2538] Exec: Add ability to set environment variables Keeping the current behavior for exec, i.e., inheriting variables from main process. New variables will be added to current ones. If there's already a variable with that name it will be overwritten. Example of usage: docker exec -it -e TERM=vt100 top Closes #24355. Signed-off-by: Jonh Wendell --- contrib/completion/bash/docker | 2 +- contrib/completion/zsh/_docker | 1 + docs/reference/commandline/exec.md | 1 + man/docker-exec.1.md | 7 +++++++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index aba5331b6e..588b9e1d37 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1277,7 +1277,7 @@ _docker_exec() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--detach -d --detach-keys --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--detach -d --detach-keys -e --env --help --interactive -i --privileged -t --tty -u --user" -- "$cur" ) ) ;; *) __docker_complete_containers_running diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2cefa33e50..e06082721f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1679,6 +1679,7 @@ __docker_subcommand() { $opts_help \ $opts_attach_exec_run_start \ "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ + "($help -e --env)"{-e,--env}"[Set environment variables]" \ "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \ "($help)--privileged[Give extended Linux capabilities to the command]" \ "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" \ diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index 9be6cbadd8..c6b7314dc7 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -14,6 +14,7 @@ Run a command in a running container Options: -d, --detach Detached mode: run command in the background --detach-keys Override the key sequence for detaching a container + -e, --env=[] Set environment variables --help Print usage -i, --interactive Keep STDIN open even if not attached --privileged Give extended privileges to the command diff --git a/man/docker-exec.1.md b/man/docker-exec.1.md index 16a061d069..fe9c279e7e 100644 --- a/man/docker-exec.1.md +++ b/man/docker-exec.1.md @@ -8,6 +8,7 @@ docker-exec - Run a command in a running container **docker exec** [**-d**|**--detach**] [**--detach-keys**[=*[]*]] +[**-e**|**--env**[=*[]*]] [**--help**] [**-i**|**--interactive**] [**--privileged**] @@ -32,6 +33,12 @@ container is unpaused, and then run **--detach-keys**="" Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. +**-e**, **--env**=[] + Set environment variables + + This option allows you to specify arbitrary environment variables that are +available for the command to be executed. + **--help** Print usage statement From c8da6308979e05749daa9653bc1f63355c952b81 Mon Sep 17 00:00:00 2001 From: YuPengZTE Date: Wed, 19 Oct 2016 17:42:45 +0800 Subject: [PATCH 1843/2538] Fix the typo of URLs Signed-off-by: YuPengZTE --- man/docker-build.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-build.1.md b/man/docker-build.1.md index b07061ea91..fb7394e034 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -203,7 +203,7 @@ Cgroups are created if they do not already exist. Ulimit options For more information about `ulimit` see [Setting ulimits in a -container](https://docs.docker.com/reference/commandline/run/#setting-ulimits-in-a-container) +container](https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit) # EXAMPLES From 9012efce150cf0ca921971a75a8b48db63dd645c Mon Sep 17 00:00:00 2001 From: allencloud Date: Mon, 25 Apr 2016 10:51:28 +0800 Subject: [PATCH 1844/2538] support insecure registry in configuration reload Signed-off-by: allencloud --- docs/reference/commandline/dockerd.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 3bdf2a47ce..10e782e878 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1241,12 +1241,13 @@ The list of currently supported options that can be reconfigured is this: - `runtimes`: it updates the list of available OCI runtimes that can be used to run containers - `authorization-plugin`: specifies the authorization plugins to use. +- `insecure-registries`: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon's configuration are not in newly reloaded insecure resgitries, these existing ones will be removed from daemon's config. Updating and reloading the cluster configurations such as `--cluster-store`, `--cluster-advertise` and `--cluster-store-opts` will take effect only if these configurations were not previously configured. If `--cluster-store` has been provided in flags and `cluster-advertise` not, `cluster-advertise` -can be added in the configuration file without accompanied by `--cluster-store` +can be added in the configuration file without accompanied by `--cluster-store`. Configuration reload will log a warning message if it detects a change in previously configured cluster configurations. From 7f36c3a1a06aff61df858abd81414f25b2420868 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Wed, 19 Oct 2016 10:25:45 -0700 Subject: [PATCH 1845/2538] Sync docker/docker refs with files mistakenly edited in docker.github.io repo Signed-off-by: Misty Stanley-Jones --- docs/README.md | 9 ++ docs/deprecated.md | 9 ++ docs/extend/index.md | 9 ++ docs/extend/legacy_plugins.md | 9 ++ docs/extend/manifest.md | 9 ++ docs/extend/menu.md | 8 ++ docs/extend/plugin_api.md | 9 ++ docs/extend/plugins_authorization.md | 8 ++ docs/extend/plugins_network.md | 9 ++ docs/extend/plugins_volume.md | 9 ++ docs/reference/builder.md | 24 ++++-- docs/reference/commandline/attach.md | 23 +++-- docs/reference/commandline/build.md | 13 ++- docs/reference/commandline/cli.md | 11 +++ docs/reference/commandline/commit.md | 15 +++- docs/reference/commandline/container_prune.md | 9 ++ docs/reference/commandline/cp.md | 13 ++- docs/reference/commandline/create.md | 11 ++- docs/reference/commandline/deploy.md | 9 ++ docs/reference/commandline/diff.md | 9 ++ docs/reference/commandline/dockerd.md | 83 ++++++++++--------- docs/reference/commandline/events.md | 9 ++ docs/reference/commandline/exec.md | 9 ++ docs/reference/commandline/export.md | 9 ++ docs/reference/commandline/history.md | 9 ++ docs/reference/commandline/image_prune.md | 9 ++ docs/reference/commandline/images.md | 13 +++ docs/reference/commandline/import.md | 9 ++ docs/reference/commandline/index.md | 9 +- docs/reference/commandline/info.md | 13 ++- docs/reference/commandline/inspect.md | 23 +++++ docs/reference/commandline/kill.md | 9 ++ docs/reference/commandline/load.md | 9 ++ docs/reference/commandline/login.md | 13 ++- docs/reference/commandline/logout.md | 9 ++ docs/reference/commandline/logs.md | 9 ++ docs/reference/commandline/menu.md | 9 +- docs/reference/commandline/network_connect.md | 9 ++ docs/reference/commandline/network_create.md | 11 ++- .../commandline/network_disconnect.md | 9 ++ docs/reference/commandline/network_inspect.md | 9 ++ docs/reference/commandline/network_ls.md | 11 ++- docs/reference/commandline/network_rm.md | 9 ++ docs/reference/commandline/node_demote.md | 9 ++ docs/reference/commandline/node_inspect.md | 11 +++ docs/reference/commandline/node_ls.md | 9 ++ docs/reference/commandline/node_promote.md | 9 ++ docs/reference/commandline/node_ps.md | 9 ++ docs/reference/commandline/node_rm.md | 9 ++ docs/reference/commandline/node_update.md | 9 ++ docs/reference/commandline/pause.md | 9 ++ docs/reference/commandline/plugin_disable.md | 9 ++ docs/reference/commandline/plugin_enable.md | 9 ++ docs/reference/commandline/plugin_inspect.md | 9 ++ docs/reference/commandline/plugin_install.md | 9 ++ docs/reference/commandline/plugin_ls.md | 9 ++ docs/reference/commandline/plugin_rm.md | 9 ++ docs/reference/commandline/port.md | 9 ++ docs/reference/commandline/ps.md | 22 ++++- docs/reference/commandline/pull.md | 13 ++- docs/reference/commandline/push.md | 9 ++ docs/reference/commandline/rename.md | 9 ++ docs/reference/commandline/restart.md | 9 ++ docs/reference/commandline/rm.md | 9 ++ docs/reference/commandline/rmi.md | 9 ++ docs/reference/commandline/run.md | 15 +++- docs/reference/commandline/save.md | 9 ++ docs/reference/commandline/search.md | 11 ++- docs/reference/commandline/service_create.md | 9 ++ docs/reference/commandline/service_inspect.md | 13 ++- docs/reference/commandline/service_ls.md | 9 ++ docs/reference/commandline/service_ps.md | 9 ++ docs/reference/commandline/service_rm.md | 9 ++ docs/reference/commandline/service_scale.md | 19 ++++- docs/reference/commandline/service_update.md | 9 ++ docs/reference/commandline/stack_config.md | 9 ++ docs/reference/commandline/stack_deploy.md | 9 ++ docs/reference/commandline/stack_ls.md | 9 ++ docs/reference/commandline/stack_ps.md | 9 ++ docs/reference/commandline/stack_rm.md | 11 ++- docs/reference/commandline/stack_services.md | 9 ++ docs/reference/commandline/start.md | 9 ++ docs/reference/commandline/stats.md | 9 ++ docs/reference/commandline/stop.md | 9 ++ docs/reference/commandline/swarm_init.md | 9 ++ docs/reference/commandline/swarm_join.md | 9 ++ .../reference/commandline/swarm_join_token.md | 9 ++ docs/reference/commandline/swarm_leave.md | 9 ++ docs/reference/commandline/swarm_update.md | 9 ++ docs/reference/commandline/system_df.md | 9 ++ docs/reference/commandline/system_prune.md | 9 ++ docs/reference/commandline/tag.md | 9 ++ docs/reference/commandline/top.md | 9 ++ docs/reference/commandline/unpause.md | 9 ++ docs/reference/commandline/update.md | 9 ++ docs/reference/commandline/version.md | 13 +++ docs/reference/commandline/volume_create.md | 9 ++ docs/reference/commandline/volume_inspect.md | 11 +++ docs/reference/commandline/volume_ls.md | 9 ++ docs/reference/commandline/volume_prune.md | 9 ++ docs/reference/commandline/volume_rm.md | 8 ++ docs/reference/commandline/wait.md | 9 ++ docs/reference/glossary.md | 11 ++- docs/reference/index.md | 9 ++ docs/reference/run.md | 51 +++++------- 105 files changed, 1074 insertions(+), 112 deletions(-) diff --git a/docs/README.md b/docs/README.md index a1e0a179d3..da93093075 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,5 +1,14 @@ # The non-reference docs have been moved! + + The documentation for Docker Engine has been merged into [the general documentation repo](https://github.com/docker/docker.github.io). diff --git a/docs/deprecated.md b/docs/deprecated.md index a2183f99e7..8f767a4ba5 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -5,6 +5,15 @@ description: "Deprecated Features." keywords: ["docker, documentation, about, technology, deprecate"] --- + + # Deprecated Engine Features The following list of features are deprecated in Engine. diff --git a/docs/extend/index.md b/docs/extend/index.md index 661bfc9f71..8316307cee 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -8,6 +8,15 @@ keywords: ["API, Usage, plugins, documentation, developer"] advisory: "experimental" --- + + # Docker Engine managed plugin system This document describes the plugin system available today in the **experimental diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index 4e4d88a871..725dde9bdd 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -5,6 +5,15 @@ description: "How to add additional functionality to Docker with plugins extensi keywords: ["Examples, Usage, plugins, docker, documentation, user guide"] --- + + # Use Docker Engine plugins This document describes the Docker Engine plugins generally available in Docker diff --git a/docs/extend/manifest.md b/docs/extend/manifest.md index e0fc3c3bec..dab94a67b6 100644 --- a/docs/extend/manifest.md +++ b/docs/extend/manifest.md @@ -8,6 +8,15 @@ keywords: ["API, Usage, plugins, documentation, developer"] advisory: "experimental" --- + + # Plugin Manifest Version 0 of Plugin V2 This document outlines the format of the V0 plugin manifest. The plugin diff --git a/docs/extend/menu.md b/docs/extend/menu.md index 8403872625..756f371b70 100644 --- a/docs/extend/menu.md +++ b/docs/extend/menu.md @@ -6,5 +6,13 @@ type: "menu" identifier: "engine_extend" --- + diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index 8e796e569b..7b75c563e2 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -4,6 +4,15 @@ description: "How to write Docker plugins extensions " keywords: ["API, Usage, plugins, documentation, developer"] --- + + # Docker Plugin API Docker plugins are out-of-process extensions which add capabilities to the diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 77749547f5..1b0f83b510 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -5,6 +5,14 @@ keywords: ["security, authorization, authentication, docker, documentation, plug aliases: ["/engine/extend/authorization/"] --- + # Create an authorization plugin diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index 5313be8402..9546195bbd 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -4,6 +4,15 @@ description: "Network driver plugins." keywords: ["Examples, Usage, plugins, docker, documentation, user guide"] --- + + # Engine network driver plugins This document describes Docker Engine network driver plugins generally diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 2f53047f33..e4a867256e 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -4,6 +4,15 @@ description: "How to manage data with external volume plugins" keywords: ["Examples, Usage, volume, docker, data, volumes, plugin, api"] --- + + # Write a volume plugin Docker Engine volume plugins enable Engine deployments to be integrated with diff --git a/docs/reference/builder.md b/docs/reference/builder.md index dab06da992..19e693482f 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -4,6 +4,15 @@ description: "Dockerfiles use a simple DSL which allows you to automate the step keywords: ["builder, docker, Dockerfile, automation, image creation"] --- + + # Dockerfile reference Docker can build images automatically by reading the instructions from a @@ -129,7 +138,7 @@ instruction must be \`FROM\`** in order to specify the [*Base Image*](glossary.md#base-image) from which you are building. Docker treats lines that *begin* with `#` as a comment, unless the line is -a valid [parser directive](builder.md#parser-directives). A `#` marker anywhere +a valid [parser directive](#parser-directives). A `#` marker anywhere else in a line is treated as an argument. This allows statements like: ```Dockerfile @@ -1265,9 +1274,9 @@ The output of the final `pwd` command in this `Dockerfile` would be ARG [=] The `ARG` instruction defines a variable that users can pass at build-time to -the builder with the `docker build` command using the `--build-arg -=` flag. If a user specifies a build argument that was not -defined in the Dockerfile, the build outputs an error. +the builder with the `docker build` command using the +`--build-arg =` flag. If a user specifies a build argument +that was not defined in the Dockerfile, the build outputs an error. ``` One or more build-args were not consumed, failing build. @@ -1380,8 +1389,11 @@ corresponding `ARG` instruction in the Dockerfile. * `NO_PROXY` * `no_proxy` -To use these, simply pass them on the command line using the `--build-arg -=` flag. +To use these, simply pass them on the command line using the flag: + +``` +--build-arg = +``` ### Impact on build caching diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 3a9f5316c0..3ce0b3b4c3 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -4,6 +4,15 @@ description: "The attach command description and usage" keywords: ["attach, running, container"] --- + + # attach ```markdown @@ -38,13 +47,13 @@ the container. You can detach from a container and leave it running using the It is forbidden to redirect the standard input of a `docker attach` command while attaching to a tty-enabled container (i.e.: launched with `-t`). -While a client is connected to container's stdio using `docker attach`, Docker -uses a ~1MB memory buffer to maximize the throughput of the application. If -this buffer is filled, the speed of the API connection will start to have an -effect on the process output writing speed. This is similar to other -applications like SSH. Because of this, it is not recommended to run -performance critical applications that generate a lot of output in the -foreground over a slow client connection. Instead, users should use the +While a client is connected to container's stdio using `docker attach`, Docker +uses a ~1MB memory buffer to maximize the throughput of the application. If +this buffer is filled, the speed of the API connection will start to have an +effect on the process output writing speed. This is similar to other +applications like SSH. Because of this, it is not recommended to run +performance critical applications that generate a lot of output in the +foreground over a slow client connection. Instead, users should use the `docker logs` command to get access to the logs. diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 720bfaabc2..f0627268a4 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -4,6 +4,15 @@ description: "The build command description and usage" keywords: ["build, docker, image"] --- + + # build ```markdown @@ -397,9 +406,9 @@ For detailed information on using `ARG` and `ENV` instructions, see the ### Optional security options (--security-opt) -This flag is only supported on a daemon running on Windows, and only supports +This flag is only supported on a daemon running on Windows, and only supports the `credentialspec` option. The `credentialspec` must be in the format -`file://spec.txt` or `registry://keyname`. +`file://spec.txt` or `registry://keyname`. ### Specify isolation technology for container (--isolation) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 7bcab838c3..34001ae044 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -4,6 +4,15 @@ description: "Docker's CLI command description and usage" keywords: ["Docker, Docker documentation, CLI, command line"] --- + + # Use the Docker command line To list available commands, either run `docker` with no parameters @@ -147,6 +156,7 @@ list of supported formatting directives, see the Following is a sample `config.json` file: + {% raw %} { "HttpHeaders": { "MyHeader": "MyValue" @@ -156,6 +166,7 @@ Following is a sample `config.json` file: "serviceInspectFormat": "pretty", "detachKeys": "ctrl-e,e" } + {% endraw %} ### Notary diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index 22682b14c2..4cccd6f5b9 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -4,6 +4,15 @@ description: "The commit command description and usage" keywords: ["commit, file, changes"] --- + + # commit ```markdown @@ -51,6 +60,7 @@ created. Supported `Dockerfile` instructions: ## Commit a container with new configurations + {% raw %} $ docker ps ID IMAGE COMMAND CREATED STATUS PORTS c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours @@ -61,8 +71,9 @@ created. Supported `Dockerfile` instructions: f5283438590d $ docker inspect -f "{{ .Config.Env }}" f5283438590d [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] + {% endraw %} -## Commit a container with new `CMD` and `EXPOSE` instructions +## Commit a container with new `CMD` and `EXPOSE` instructions $ docker ps ID IMAGE COMMAND CREATED STATUS PORTS @@ -71,7 +82,7 @@ created. Supported `Dockerfile` instructions: $ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a svendowideit/testimage:version4 f5283438590d - + $ docker run -d svendowideit/testimage:version4 89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0 diff --git a/docs/reference/commandline/container_prune.md b/docs/reference/commandline/container_prune.md index 2f00f17165..c63324d3ed 100644 --- a/docs/reference/commandline/container_prune.md +++ b/docs/reference/commandline/container_prune.md @@ -4,6 +4,15 @@ description: "Remove all stopped containers" keywords: [container, prune, delete, remove] --- + + # container prune ```markdown diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index fc661d73c7..52c58633ef 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -4,6 +4,15 @@ description: "The cp command description and usage" keywords: ["copy, container, files, folders"] --- + + # cp ```markdown @@ -29,7 +38,7 @@ either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from `STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container. The `SRC_PATH` or `DEST_PATH` can be a file or directory. -The `docker cp` command assumes container paths are relative to the container's +The `docker cp` command assumes container paths are relative to the container's `/` (root) directory. This means supplying the initial forward slash is optional; The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and `compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can @@ -74,7 +83,7 @@ argument of `DEST_PATH`, the behavior is as follows: The command requires `SRC_PATH` and `DEST_PATH` to exist according to the above rules. If `SRC_PATH` is local and is a symbolic link, the symbolic link, not -the target, is copied by default. To copy the link target and not the link, specify +the target, is copied by default. To copy the link target and not the link, specify the `-L` option. A colon (`:`) is used as a delimiter between `CONTAINER` and its path. You can diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 247e67f656..91c5f30ff5 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -4,6 +4,15 @@ description: "The create command description and usage" keywords: ["docker, create, container"] --- + + # create Creates a new container. @@ -167,7 +176,7 @@ Set storage driver options per container. $ docker create -it --storage-opt size=120G fedora /bin/bash -This (size) will allow to set the container rootfs size to 120G at creation time. +This (size) will allow to set the container rootfs size to 120G at creation time. This option is only available for the `devicemapper`, `btrfs`, `overlay2`, `windowsfilter` and `zfs` graph drivers. For the `devicemapper`, `btrfs`, `windowsfilter` and `zfs` graph drivers, diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index bc17e7bcab..fb6e0b5c2b 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -5,6 +5,15 @@ keywords: ["stack, deploy"] advisory: "experimental" --- + + # stack deploy (experimental) ```markdown diff --git a/docs/reference/commandline/diff.md b/docs/reference/commandline/diff.md index 011e36fb71..2018422370 100644 --- a/docs/reference/commandline/diff.md +++ b/docs/reference/commandline/diff.md @@ -4,6 +4,15 @@ description: "The diff command description and usage" keywords: ["list, changed, files, container"] --- + + # diff ```markdown diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 10e782e878..944bbc6b45 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -5,6 +5,15 @@ description: "The daemon command description and usage" keywords: ["container, daemon, runtime"] --- + + # daemon ```markdown @@ -279,7 +288,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. #### Devicemapper options -* `dm.thinpooldev` +* `dm.thinpooldev` Specifies a custom block storage device to use for the thin pool. @@ -306,7 +315,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool ``` -* `dm.basesize` +* `dm.basesize` Specifies the size to use when creating the base device, which limits the size of images and containers. The default value is 10G. Note, thin devices @@ -324,7 +333,6 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.basesize=50G ``` - This will increase the base device size to 50G. The Docker daemon will throw an error if existing base device size is larger than 50G. A user can use this option to expand the base device size however shrinking is not permitted. @@ -345,7 +353,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.basesize=20G ``` -* `dm.loopdatasize` +* `dm.loopdatasize` > **Note**: > This option configures devicemapper loopback, which should not @@ -362,7 +370,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.loopdatasize=200G ``` -* `dm.loopmetadatasize` +* `dm.loopmetadatasize` > **Note**: > This option configures devicemapper loopback, which should not @@ -379,7 +387,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.loopmetadatasize=4G ``` -* `dm.fs` +* `dm.fs` Specifies the filesystem type to use for the base device. The supported options are "ext4" and "xfs". The default is "xfs" @@ -390,7 +398,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.fs=ext4 ``` -* `dm.mkfsarg` +* `dm.mkfsarg` Specifies extra mkfs arguments to be used when creating the base device. @@ -400,7 +408,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt "dm.mkfsarg=-O ^has_journal" ``` -* `dm.mountopt` +* `dm.mountopt` Specifies extra mount options used when mounting the thin devices. @@ -410,7 +418,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.mountopt=nodiscard ``` -* `dm.datadev` +* `dm.datadev` (Deprecated, use `dm.thinpooldev`) @@ -428,7 +436,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. --storage-opt dm.metadatadev=/dev/sdc1 ``` -* `dm.metadatadev` +* `dm.metadatadev` (Deprecated, use `dm.thinpooldev`) @@ -452,7 +460,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. --storage-opt dm.metadatadev=/dev/sdc1 ``` -* `dm.blocksize` +* `dm.blocksize` Specifies a custom blocksize to use for the thin pool. The default blocksize is 64K. @@ -463,7 +471,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.blocksize=512K ``` -* `dm.blkdiscard` +* `dm.blkdiscard` Enables or disables the use of blkdiscard when removing devicemapper devices. This is enabled by default (only) if using loopback devices and is @@ -479,7 +487,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.blkdiscard=false ``` -* `dm.override_udev_sync_check` +* `dm.override_udev_sync_check` Overrides the `udev` synchronization checks between `devicemapper` and `udev`. `udev` is the device manager for the Linux kernel. @@ -519,7 +527,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. > Otherwise, set this flag for migrating existing Docker daemons to > a daemon with a supported environment. -* `dm.use_deferred_removal` +* `dm.use_deferred_removal` Enables use of deferred device removal if `libdm` and the kernel driver support the mechanism. @@ -541,7 +549,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. $ sudo dockerd --storage-opt dm.use_deferred_removal=true ``` -* `dm.use_deferred_deletion` +* `dm.use_deferred_deletion` Enables use of deferred device deletion for thin pool devices. By default, thin pool device deletion is synchronous. Before a container is deleted, @@ -567,7 +575,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. when unintentional leaking of mount point happens across multiple mount namespaces. -* `dm.min_free_space` +* `dm.min_free_space` Specifies the min free space percent in a thin pool require for new device creation to succeed. This check applies to both free data space as well @@ -615,7 +623,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. #### ZFS options -* `zfs.fsname` +* `zfs.fsname` Set zfs filesystem under which docker will create its own datasets. By default docker will pick up the zfs filesystem where docker graph @@ -629,9 +637,9 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. #### Btrfs options -* `btrfs.min_space` +* `btrfs.min_space` - Specifies the mininum size to use when creating the subvolume which is used + Specifies the minimum size to use when creating the subvolume which is used for containers. If user uses disk quota for btrfs when creating or running a container with **--storage-opt size** option, docker should ensure the **size** cannot be smaller than **btrfs.min_space**. @@ -644,7 +652,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. #### Overlay2 options -* `overlay2.override_kernel_check` +* `overlay2.override_kernel_check` Overrides the Linux kernel version check allowing overlay2. Support for specifying multiple lower directories needed by overlay2 was added to the @@ -672,19 +680,20 @@ Runtimes can be registered with the daemon either via the configuration file or using the `--add-runtime` command line argument. The following is an example adding 2 runtimes via the configuration: + ```json - "default-runtime": "runc", - "runtimes": { - "runc": { - "path": "runc" - }, - "custom": { - "path": "/usr/local/bin/my-runc-replacement", - "runtimeArgs": [ - "--debug" - ] - } +"default-runtime": "runc", +"runtimes": { + "runc": { + "path": "runc" + }, + "custom": { + "path": "/usr/local/bin/my-runc-replacement", + "runtimeArgs": [ + "--debug" + ] } +} ``` This is the same example via the command line: @@ -844,35 +853,35 @@ $ sudo dockerd \ The currently supported cluster store options are: -* `discovery.heartbeat` +* `discovery.heartbeat` Specifies the heartbeat timer in seconds which is used by the daemon as a keepalive mechanism to make sure discovery module treats the node as alive in the cluster. If not configured, the default value is 20 seconds. -* `discovery.ttl` +* `discovery.ttl` Specifies the ttl (time-to-live) in seconds which is used by the discovery module to timeout a node if a valid heartbeat is not received within the configured ttl value. If not configured, the default value is 60 seconds. -* `kv.cacertfile` +* `kv.cacertfile` Specifies the path to a local file with PEM encoded CA certificates to trust -* `kv.certfile` +* `kv.certfile` Specifies the path to a local file with a PEM encoded certificate. This certificate is used as the client cert for communication with the Key/Value store. -* `kv.keyfile` +* `kv.keyfile` Specifies the path to a local file with a PEM encoded private key. This private key is used as the client key for communication with the Key/Value store. -* `kv.path` +* `kv.path` Specifies the path in the Key/Value store. If not configured, the default value is 'docker/nodes'. diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index cb34eee497..44e51fe1bb 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -4,6 +4,15 @@ description: "The events command description and usage" keywords: ["events, container, report"] --- + + # events ```markdown diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index c6b7314dc7..cb569a253a 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -4,6 +4,15 @@ description: "The exec command description and usage" keywords: ["command, container, run, execute"] --- + + # exec ```markdown diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index 78c1a84ceb..e8e7f1c3f8 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -4,6 +4,15 @@ description: "The export command description and usage" keywords: ["export, file, system, container"] --- + + # export ```markdown diff --git a/docs/reference/commandline/history.md b/docs/reference/commandline/history.md index 36668bdc4c..53762ce723 100644 --- a/docs/reference/commandline/history.md +++ b/docs/reference/commandline/history.md @@ -4,6 +4,15 @@ description: "The history command description and usage" keywords: ["docker, image, history"] --- + + # history ```markdown diff --git a/docs/reference/commandline/image_prune.md b/docs/reference/commandline/image_prune.md index d4c269e33f..98c7c4bdf5 100644 --- a/docs/reference/commandline/image_prune.md +++ b/docs/reference/commandline/image_prune.md @@ -4,6 +4,15 @@ description: "Remove all stopped images" keywords: [image, prune, delete, remove] --- + + # image prune ```markdown diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index 414b6f4666..a8c75f6775 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -4,6 +4,15 @@ description: "The images command description and usage" keywords: ["list, docker, images"] --- + + # images ```markdown @@ -245,6 +254,7 @@ output the data exactly as the template declares or, when using the The following example uses a template without headers and outputs the `ID` and `Repository` entries separated by a colon for all images: + {% raw %} $ docker images --format "{{.ID}}: {{.Repository}}" 77af4d6b9913: b6fa739cedf5: committ @@ -255,10 +265,12 @@ The following example uses a template without headers and outputs the 746b819f315e: postgres 746b819f315e: postgres 746b819f315e: postgres + {% endraw %} To list all images with their repository and tag in a table format you can use: + {% raw %} $ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}" IMAGE ID REPOSITORY TAG 77af4d6b9913 @@ -270,3 +282,4 @@ can use: 746b819f315e postgres 9.3 746b819f315e postgres 9.3.5 746b819f315e postgres latest + {% endraw %} diff --git a/docs/reference/commandline/import.md b/docs/reference/commandline/import.md index 1319dce849..075fdd420d 100644 --- a/docs/reference/commandline/import.md +++ b/docs/reference/commandline/import.md @@ -4,6 +4,15 @@ description: "The import command description and usage" keywords: ["import, file, system, container"] --- + + # import ```markdown diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 86be46b543..d65ecad1ee 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -5,7 +5,14 @@ keywords: ["Docker, Docker documentation, CLI, command line"] identifier: "smn_cli_guide" --- - + # The Docker commands diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 12c54d7a32..2eb5edfc67 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -4,6 +4,15 @@ description: "The info command description and usage" keywords: ["display, docker, information"] --- + + # info ```markdown @@ -55,7 +64,7 @@ storage driver and a node that is part of a 2-node swarm: Plugins: Volume: local Network: bridge null host overlay - Swarm: + Swarm: NodeID: 0gac67oclbxq7 Is Manager: true Managers: 2 @@ -182,4 +191,4 @@ Here is a sample output for a daemon running on Windows Server 2016: Registry: https://index.docker.io/v1/ Insecure Registries: 127.0.0.0/8 - Live Restore Enabled: false \ No newline at end of file + Live Restore Enabled: false diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index ec61d96cc3..f169f42b45 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -4,6 +4,15 @@ description: "The inspect command description and usage" keywords: ["inspect, container, json"] --- + + # inspect ```markdown @@ -34,29 +43,39 @@ describes all the details of the format. For the most part, you can pick out any field from the JSON in a fairly straightforward manner. + {% raw %} $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID + {% endraw %} **Get an instance's MAC address:** For the most part, you can pick out any field from the JSON in a fairly straightforward manner. + {% raw %} $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID + {% endraw %} **Get an instance's log path:** + {% raw %} $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID + {% endraw %} **Get a Task's image name:** + {% raw %} $ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID + {% endraw %} **List all port bindings:** One can loop over arrays and maps in the results to produce simple text output: + {% raw %} $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID + {% endraw %} **Find a specific port mapping:** @@ -68,7 +87,9 @@ numeric public port, you use `index` to find the specific port map, and then `index` 0 contains the first object inside of that. Then we ask for the `HostPort` field to get the public address. + {% raw %} $ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID + {% endraw %} **Get a subsection in JSON format:** @@ -77,4 +98,6 @@ fields, by default you get a Go-style dump of the inner values. Docker adds a template function, `json`, which can be applied to get results in JSON format. + {% raw %} $ docker inspect --format='{{json .Config}}' $INSTANCE_ID + {% endraw %} diff --git a/docs/reference/commandline/kill.md b/docs/reference/commandline/kill.md index 65c5ec1107..8ce6cc57f5 100644 --- a/docs/reference/commandline/kill.md +++ b/docs/reference/commandline/kill.md @@ -4,6 +4,15 @@ description: "The kill command description and usage" keywords: ["container, kill, signal"] --- + + # kill ```markdown diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index dd15c85eab..fac6f4ebf3 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -4,6 +4,15 @@ description: "The load command description and usage" keywords: ["stdin, tarred, repository"] --- + + # load ```markdown diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index b7a0c81a48..160a11cb99 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -4,6 +4,15 @@ description: "The login command description and usage" keywords: ["registry, login, image"] --- + + # login ```markdown @@ -48,12 +57,12 @@ This is the list of currently available credentials helpers and where you can download them from: - D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases -- Apple OS X keychain: https://github.com/docker/docker-credential-helpers/releases +- Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases - Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases ### Usage -You need to speficy the credentials store in `$HOME/.docker/config.json` +You need to specify the credentials store in `$HOME/.docker/config.json` to tell the docker engine to use it: ```json diff --git a/docs/reference/commandline/logout.md b/docs/reference/commandline/logout.md index 989be9b456..8ca8aa5bc8 100644 --- a/docs/reference/commandline/logout.md +++ b/docs/reference/commandline/logout.md @@ -4,6 +4,15 @@ description: "The logout command description and usage" keywords: ["logout, docker, registry"] --- + + # logout ```markdown diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index 55823a3712..e1a4bda0a4 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -4,6 +4,15 @@ description: "The logs command description and usage" keywords: ["logs, retrieve, docker"] --- + + # logs ```markdown diff --git a/docs/reference/commandline/menu.md b/docs/reference/commandline/menu.md index 41677e7ea7..99515ecbf8 100644 --- a/docs/reference/commandline/menu.md +++ b/docs/reference/commandline/menu.md @@ -5,7 +5,14 @@ keywords: ["Docker, Docker documentation, CLI, command line"] identifier: "smn_cli" --- - + # The Docker commands diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index d4a2c90077..f3666bc77d 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -4,6 +4,15 @@ description: "The network connect command description and usage" keywords: ["network, connect, user-defined"] --- + + # network connect ```markdown diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 426de03085..3c0e68f996 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -4,6 +4,15 @@ description: "The network create command description and usage" keywords: ["network, create"] --- + + # network create ```markdown @@ -129,7 +138,7 @@ support it you can create multiple subnetworks. $ docker network create -d overlay \ --subnet=192.168.0.0/16 \ --subnet=192.170.0.0/16 \ - --gateway=192.168.0.100 \ + --gateway=192.168.0.100 \ --gateway=192.170.0.100 \ --ip-range=192.168.1.0/24 \ --aux-address="my-router=192.168.1.5" --aux-address="my-switch=192.168.1.6" \ diff --git a/docs/reference/commandline/network_disconnect.md b/docs/reference/commandline/network_disconnect.md index 93afd19def..3c8e4c6b22 100644 --- a/docs/reference/commandline/network_disconnect.md +++ b/docs/reference/commandline/network_disconnect.md @@ -4,6 +4,15 @@ description: "The network disconnect command description and usage" keywords: ["network, disconnect, user-defined"] --- + + # network disconnect ```markdown diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 7ad8c401f9..e3f0cb5015 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -4,6 +4,15 @@ description: "The network inspect command description and usage" keywords: ["network, inspect, user-defined"] --- + + # network inspect ```markdown diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index a52ebaea36..8f5ec0efef 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -4,6 +4,15 @@ description: "The network ls command description and usage" keywords: ["network, list, user-defined"] --- + + # docker network ls ```markdown @@ -175,7 +184,7 @@ Valid placeholders for the Go template are listed below: Placeholder | Description ------------|------------------------------------------------------------------------------------------ -`.ID` | Network ID +`.ID` | Network ID `.Name` | Network name `.Driver` | Network driver `.Scope` | Network scope (local, global) diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index b6586e72aa..d606b0355d 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -4,6 +4,15 @@ description: "the network rm command description and usage" keywords: ["network, rm, user-defined"] --- + + # network rm ```markdown diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index e84d45c891..462f0be22d 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -4,6 +4,15 @@ description: "The node demote command description and usage" keywords: ["node, demote"] --- + + # node demote ```markdown diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 8728605f2a..f5e644073a 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -4,6 +4,15 @@ description: "The node inspect command description and usage" keywords: ["node, inspect"] --- + + # node inspect ```markdown @@ -89,8 +98,10 @@ Example output: } ] + {% raw %} $ docker node inspect --format '{{ .ManagerStatus.Leader }}' self false + {% endraw %} $ docker node inspect --pretty self ID: e216jshn25ckzbvmwlnh5jr3g diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 19d9ff377b..3bc78aaf9b 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -4,6 +4,15 @@ description: "The node ls command description and usage" keywords: ["node, list"] --- + + # node ls ```markdown diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md index 5beada1cc7..7e03069a3d 100644 --- a/docs/reference/commandline/node_promote.md +++ b/docs/reference/commandline/node_promote.md @@ -4,6 +4,15 @@ description: "The node promote command description and usage" keywords: ["node, promote"] --- + + # node promote ```markdown diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 7a1272bb8b..1327cc69e5 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -5,6 +5,15 @@ keywords: ["node, tasks", "ps"] aliases: ["/engine/reference/commandline/node_tasks/"] --- + + # node ps ```markdown diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index 34643c395b..7cb512def4 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -4,6 +4,15 @@ description: "The node rm command description and usage" keywords: ["node, remove"] --- + + # node rm ```markdown diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index 66fe091772..ea549efe6e 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -4,6 +4,15 @@ description: "The node update command description and usage" keywords: ["resources, update, dynamically"] --- + + ## update ```markdown diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index 14eca8dc3d..48c1e94dac 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -4,6 +4,15 @@ description: "The pause command description and usage" keywords: ["cgroups, container, suspend, SIGSTOP"] --- + + # pause ```markdown diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index a228cfd38c..7088952131 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -5,6 +5,15 @@ keywords: ["plugin, disable"] advisory: "experimental" --- + + # plugin disable (experimental) ```markdown diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index e78a6a798c..64b99b6ec3 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -5,6 +5,15 @@ keywords: ["plugin, enable"] advisory: "experimental" --- + + # plugin enable (experimental) ```markdown diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index e0b566be99..6904d7a9cc 100755 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -5,6 +5,15 @@ keywords: ["plugin, inspect"] advisory: "experimental" --- + + # plugin inspect (experimental) ```markdown diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 3f3e4b74af..6378318bea 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -5,6 +5,15 @@ keywords: ["plugin, install"] advisory: "experimental" --- + + # plugin install (experimental) ```markdown diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index 8f618171f1..8499008f31 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -5,6 +5,15 @@ keywords: ["plugin, list"] advisory: "experimental" --- + + # plugin ls (experimental) ```markdown diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 41b71c760b..684d15bfab 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -5,6 +5,15 @@ keywords: ["plugin, rm"] advisory: "experimental" --- + + # plugin rm (experimental) ```markdown diff --git a/docs/reference/commandline/port.md b/docs/reference/commandline/port.md index 968ab545aa..a4ec605885 100644 --- a/docs/reference/commandline/port.md +++ b/docs/reference/commandline/port.md @@ -4,6 +4,15 @@ description: "The port command description and usage" keywords: ["port, mapping, container"] --- + + # port ```markdown diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 2e34ed59f2..fb5c919a87 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -4,6 +4,15 @@ description: "The ps command description and usage" keywords: ["container, running, list"] --- + + # ps ```markdown @@ -145,6 +154,7 @@ $ docker ps -a --filter 'exited=137' CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b3e1c0ed5bfe ubuntu:latest "sleep 1000" 12 seconds ago Exited (137) 5 seconds ago grave_kowalevski a2eb5558d669 redis:latest "/entrypoint.sh redi 2 hours ago Exited (137) 2 hours ago sharp_lalande +``` Any of these events result in a `137` status: @@ -271,7 +281,7 @@ CONTAINER ID IMAGE COMMAND CREATED STATUS The `volume` filter shows only containers that mount a specific volume or have a volume mounted in a specific path: -```bash +```bash{% raw %} $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume @@ -279,7 +289,7 @@ CONTAINER ID MOUNTS $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume -``` +{% endraw %}``` #### Network @@ -304,7 +314,9 @@ example shows all containers that are attached to the `net1` network, using the network id as a filter; ```bash +{% raw %} $ docker network inspect --format "{{.ID}}" net1 +{% endraw %} 8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 @@ -333,7 +345,7 @@ Placeholder | Description `.Size` | Container disk size. `.Names` | Container names. `.Labels` | All labels assigned to the container. -`.Label` | Value of a specific label for this container. For example `'{{.Label "com.docker.swarm.cpu"}}'` +`.Label` | Value of a specific label for this container. For example `'{% raw %}{{.Label "com.docker.swarm.cpu"}}{% endraw %}'` `.Mounts` | Names of the volumes mounted in this container. When using the `--format` option, the `ps` command will either output the data @@ -344,7 +356,9 @@ The following example uses a template without headers and outputs the `ID` and `Command` entries separated by a colon for all running containers: ```bash +{% raw %} $ docker ps --format "{{.ID}}: {{.Command}}" +{% endraw %} a87ecb4f327c: /bin/sh -c #(nop) MA 01946d9d34d8: /bin/sh -c #(nop) MA @@ -355,7 +369,9 @@ c1d3b0166030: /bin/sh -c yum -y up To list all running containers with their labels in a table format you can use: ```bash +{% raw %} $ docker ps --format "table {{.ID}}\t{{.Labels}}" +{% endraw %} CONTAINER ID LABELS a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index ec351153ca..fd6cd521dc 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -4,6 +4,15 @@ description: "The pull command description and usage" keywords: ["pull, image, hub, docker"] --- + + # pull ```markdown @@ -131,7 +140,7 @@ above, the digest of the image is: Docker also prints the digest of an image when *pushing* to a registry. This may be useful if you want to pin to a version of the image you just pushed. -A digest takes the place of the tag when pulling an image, for example, to +A digest takes the place of the tag when pulling an image, for example, to pull the above image by digest, run the following command: ```bash @@ -154,7 +163,7 @@ MAINTAINER some maintainer ``` > **Note**: Using this feature "pins" an image to a specific version in time. -> Docker will therefore not pull updated versions of an image, which may include +> Docker will therefore not pull updated versions of an image, which may include > security updates. If you want to pull an updated image, you need to change the > digest accordingly. diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index f6cb0b0f73..3a5fd4b143 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -4,6 +4,15 @@ description: "The push command description and usage" keywords: ["share, push, image"] --- + + # push ```markdown diff --git a/docs/reference/commandline/rename.md b/docs/reference/commandline/rename.md index 66c8b2c52a..c3ebaa1f75 100644 --- a/docs/reference/commandline/rename.md +++ b/docs/reference/commandline/rename.md @@ -4,6 +4,15 @@ description: "The rename command description and usage" keywords: ["rename, docker, container"] --- + + # rename ```markdown diff --git a/docs/reference/commandline/restart.md b/docs/reference/commandline/restart.md index 5c179b764d..fcc6d3f283 100644 --- a/docs/reference/commandline/restart.md +++ b/docs/reference/commandline/restart.md @@ -4,6 +4,15 @@ description: "The restart command description and usage" keywords: ["restart, container, Docker"] --- + + # restart ```markdown diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index ed8f354405..72abb9b931 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -4,6 +4,15 @@ description: "The rm command description and usage" keywords: ["remove, Docker, container"] --- + + # rm ```markdown diff --git a/docs/reference/commandline/rmi.md b/docs/reference/commandline/rmi.md index 7c1faec77d..dbd7c3078a 100644 --- a/docs/reference/commandline/rmi.md +++ b/docs/reference/commandline/rmi.md @@ -4,6 +4,15 @@ description: "The rmi command description and usage" keywords: ["remove, image, Docker"] --- + + # rmi ```markdown diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 17b0c1e94e..3228988df5 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -4,6 +4,15 @@ description: "The run command description and usage" keywords: ["run, command, container"] --- + + # run ```markdown @@ -618,8 +627,8 @@ or a signal name in the format SIGNAME, for instance SIGKILL. ### Optional security options (--security-opt) -On Windows, this flag can be used to specify the `credentialspec` option. -The `credentialspec` must be in the format `file://spec.txt` or `registry://keyname`. +On Windows, this flag can be used to specify the `credentialspec` option. +The `credentialspec` must be in the format `file://spec.txt` or `registry://keyname`. ### Stop container with timeout (--stop-timeout) @@ -673,7 +682,7 @@ network namespace, run this command: > **Note**: Not all sysctls are namespaced. Docker does not support changing sysctls -> inside of a container that also modify the host system. As the kernel +> inside of a container that also modify the host system. As the kernel > evolves we expect to see more sysctls become namespaced. #### Currently supported sysctls diff --git a/docs/reference/commandline/save.md b/docs/reference/commandline/save.md index 2a4ce8d551..f7b2c57bd9 100644 --- a/docs/reference/commandline/save.md +++ b/docs/reference/commandline/save.md @@ -4,6 +4,15 @@ description: "The save command description and usage" keywords: ["tarred, repository, backup"] --- + + # save ```markdown diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 0efa6a5865..4f36862a26 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -4,6 +4,15 @@ description: "The search command description and usage" keywords: ["search, hub, images"] --- + + # search ```markdown @@ -76,7 +85,7 @@ at least 3 stars and the description isn't truncated in the output: ## Limit search results (--limit) -The flag `--limit` is the maximium number of results returned by a search. This value could +The flag `--limit` is the maximum number of results returned by a search. This value could be in the range between 1 and 100. The default value of `--limit` is 25. diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 93ffb0e9a9..8ed450c742 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -4,6 +4,15 @@ description: "The service create command description and usage" keywords: ["service, create"] --- + + # service create ```Markdown diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 29286dd7d5..0407e19047 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -4,6 +4,15 @@ description: "The service inspect command description and usage" keywords: ["service, inspect"] --- + + # service inspect ```Markdown @@ -136,10 +145,10 @@ The `--format` option can be used to obtain specific information about a service. For example, the following command outputs the number of replicas of the "redis" service. -```bash +```bash{% raw %} $ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis 10 -``` +{% endraw %}``` ## Related information diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 5a2974aa41..909334dc3a 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -4,6 +4,15 @@ description: "The service ls command description and usage" keywords: ["service, ls"] --- + + # service ls ```Markdown diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 4afdd455f4..0a39d2b2e5 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -5,6 +5,15 @@ keywords: ["service, tasks", "ps"] aliases: ["/engine/reference/commandline/service_tasks/"] --- + + # service ps ```Markdown diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index 1230ffb841..43db9af7e6 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -4,6 +4,15 @@ description: "The service rm command description and usage" keywords: ["service, rm"] --- + + # service rm ```Markdown diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index a21f5c4779..3b71ce3ae2 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -4,6 +4,15 @@ description: "The service scale command description and usage" keywords: ["service, scale"] --- + + # service scale ```markdown @@ -19,8 +28,10 @@ Options: ### Scale a service -If you scale a service, you set the *desired* number of replicas. Even though -the command returns directly, actual scaling of the service may take some time. +The scale command enables you to scale one or more services either up or down to +the desired number of replicas. The command will return immediately, but the +actual scaling of the service may take some time. To stop all replicas of a +service while keeping the service active in the swarm you can set the scale to 0. For example, the following command scales the "frontend" service to 50 tasks. @@ -30,7 +41,7 @@ frontend scaled to 50 ``` Directly afterwards, run `docker service ls`, to see the actual number of -replicas +replicas. ```bash $ docker service ls --filter name=frontend @@ -40,7 +51,7 @@ ID NAME REPLICAS IMAGE COMMAND ``` You can also scale a service using the [`docker service update`](service_update.md) -command. The following commands are therefore equivalent: +command. The following commands are equivalent: ```bash $ docker service scale frontend=50 diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index d70a656837..abbd14a5ac 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -4,6 +4,15 @@ description: "The service update command description and usage" keywords: ["service, update"] --- + + # service update ```Markdown diff --git a/docs/reference/commandline/stack_config.md b/docs/reference/commandline/stack_config.md index 470f63b621..76a66cd144 100644 --- a/docs/reference/commandline/stack_config.md +++ b/docs/reference/commandline/stack_config.md @@ -5,6 +5,15 @@ keywords: ["stack, config"] advisory: "experimental" --- + + # stack config (experimental) ```markdown diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 5069c22032..384a1007fc 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -5,6 +5,15 @@ keywords: ["stack, deploy, up"] advisory: "experimental" --- + + # stack deploy (experimental) ```markdown diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md index b91fe430d9..156a5f5dd9 100644 --- a/docs/reference/commandline/stack_ls.md +++ b/docs/reference/commandline/stack_ls.md @@ -5,6 +5,15 @@ keywords: ["stack, ls"] advisory: "experimental" --- + + # stack ls (experimental) ```markdown diff --git a/docs/reference/commandline/stack_ps.md b/docs/reference/commandline/stack_ps.md index fec0b07399..7d098bb2c0 100644 --- a/docs/reference/commandline/stack_ps.md +++ b/docs/reference/commandline/stack_ps.md @@ -5,6 +5,15 @@ keywords: ["stack, ps"] advisory: "experimental" --- + + # stack ps (experimental) ```markdown diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md index 7e7a914311..66c5d4ad09 100644 --- a/docs/reference/commandline/stack_rm.md +++ b/docs/reference/commandline/stack_rm.md @@ -3,10 +3,17 @@ title: "stack rm" description: "The stack rm command description and usage" keywords: ["stack, rm, remove, down"] advisory: "experimental" - - --- + + # stack rm (experimental) ```markdown diff --git a/docs/reference/commandline/stack_services.md b/docs/reference/commandline/stack_services.md index b7f4002416..a820ac0cb2 100644 --- a/docs/reference/commandline/stack_services.md +++ b/docs/reference/commandline/stack_services.md @@ -5,6 +5,15 @@ keywords: ["stack, services"] advisory: "experimental" --- + + # stack services (experimental) ```markdown diff --git a/docs/reference/commandline/start.md b/docs/reference/commandline/start.md index 46b493c2b1..a8e845d413 100644 --- a/docs/reference/commandline/start.md +++ b/docs/reference/commandline/start.md @@ -4,6 +4,15 @@ description: "The start command description and usage" keywords: ["Start, container, stopped"] --- + + # start ```markdown diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index 4ee79e292a..f8eddd92bd 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -4,6 +4,15 @@ description: "The stats command description and usage" keywords: ["container, resource, statistics"] --- + + # stats ```markdown diff --git a/docs/reference/commandline/stop.md b/docs/reference/commandline/stop.md index e888562799..e9dcff0e32 100644 --- a/docs/reference/commandline/stop.md +++ b/docs/reference/commandline/stop.md @@ -4,6 +4,15 @@ description: "The stop command description and usage" keywords: ["stop, SIGKILL, SIGTERM"] --- + + # stop ```markdown diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 7d33cdab3a..4c15aafb92 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -4,6 +4,15 @@ description: "The swarm init command description and usage" keywords: ["swarm, init"] --- + + # swarm init ```markdown diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 9afdec1225..78b3f3d784 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -4,6 +4,15 @@ description: "The swarm join command description and usage" keywords: ["swarm, join"] --- + + # swarm join ```markdown diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index 468d841a6a..189687d955 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -4,6 +4,15 @@ description: "The swarm join-token command description and usage" keywords: ["swarm, join-token"] --- + + # swarm join-token ```markdown diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 6520480025..1fbdf4b6a4 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -4,6 +4,15 @@ description: "The swarm leave command description and usage" keywords: ["swarm, leave"] --- + + # swarm leave ```markdown diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 11362fb541..81c29c7798 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -4,6 +4,15 @@ description: "The swarm update command description and usage" keywords: ["swarm, update"] --- + + # swarm update ```markdown diff --git a/docs/reference/commandline/system_df.md b/docs/reference/commandline/system_df.md index 211ce4cfaf..044f5e4b66 100644 --- a/docs/reference/commandline/system_df.md +++ b/docs/reference/commandline/system_df.md @@ -4,6 +4,15 @@ description: "The system df command description and usage" keywords: [system, data, usage, disk] --- + + # system df ```markdown diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index dd0868b1ab..862b64d1f1 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -4,6 +4,15 @@ description: "Remove unused data" keywords: [system, prune, delete, remove] --- + + # system prune ```markdown diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 2584f276b1..75b7a51335 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -4,6 +4,15 @@ description: "The tag command description and usage" keywords: ["tag, name, image"] --- + + # tag ```markdown diff --git a/docs/reference/commandline/top.md b/docs/reference/commandline/top.md index 9f88f97456..b47b421827 100644 --- a/docs/reference/commandline/top.md +++ b/docs/reference/commandline/top.md @@ -4,6 +4,15 @@ description: "The top command description and usage" keywords: ["container, running, processes"] --- + + # top ```markdown diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index 953940446c..08c1aaf08a 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -4,6 +4,15 @@ description: "The unpause command description and usage" keywords: ["cgroups, suspend, container"] --- + + # unpause ```markdown diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index 2d5266233c..1a6a2690ba 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -4,6 +4,15 @@ description: "The update command description and usage" keywords: ["resources, update, dynamically"] --- + + ## update ```markdown diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index 169d077e10..494c3a208a 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -4,6 +4,15 @@ description: "The version command description and usage" keywords: ["version, architecture, api"] --- + + # version ```markdown @@ -45,10 +54,14 @@ describes all the details of the format. **Get server version:** + {% raw %} $ docker version --format '{{.Server.Version}}' 1.8.0 + {% endraw %} **Dump raw data:** + {% raw %} $ docker version --format '{{json .}}' {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} + {% endraw %} diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 45e0ebad66..308430614d 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -4,6 +4,15 @@ description: "The volume create command description and usage" keywords: ["volume, create"] --- + + # volume create ```markdown diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 3de21548e9..d3a36f29ff 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -4,6 +4,15 @@ description: "The volume inspect command description and usage" keywords: ["volume, inspect"] --- + + # volume inspect ```markdown @@ -36,8 +45,10 @@ Example output: } ] + {% raw %} $ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d /var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data + {% endraw %} ## Related information diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index c9cd3bf4df..e7f531f30d 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -4,6 +4,15 @@ description: "The volume ls command description and usage" keywords: ["volume, list"] --- + + # volume ls ```markdown diff --git a/docs/reference/commandline/volume_prune.md b/docs/reference/commandline/volume_prune.md index acc7a3afe9..80156296b2 100644 --- a/docs/reference/commandline/volume_prune.md +++ b/docs/reference/commandline/volume_prune.md @@ -4,6 +4,15 @@ description: "Remove unused volumes" keywords: [volume, prune, delete] --- + + # volume prune ```markdown diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index 6e4484f12f..e3526eaaac 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -4,6 +4,14 @@ description: "the volume rm command description and usage" keywords: ["volume, rm"] --- + # volume rm diff --git a/docs/reference/commandline/wait.md b/docs/reference/commandline/wait.md index 057f404d89..68da5a43b0 100644 --- a/docs/reference/commandline/wait.md +++ b/docs/reference/commandline/wait.md @@ -4,6 +4,15 @@ description: "The wait command description and usage" keywords: ["container, stop, wait"] --- + + # wait ```markdown diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index 2490cd6729..c99f18b3f4 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -4,6 +4,15 @@ description: "Glossary of terms used around Docker" keywords: ["glossary, docker, terms, definitions"] --- + + # Glossary A list of terms used around the Docker project. @@ -110,7 +119,7 @@ Examples : - Linux : ext4, aufs, btrfs, zfs - Windows : NTFS -- OS X : HFS+ +- macOS : HFS+ ## image diff --git a/docs/reference/index.md b/docs/reference/index.md index c634e82a2d..24d1b673e4 100644 --- a/docs/reference/index.md +++ b/docs/reference/index.md @@ -4,6 +4,15 @@ description: "Docker Engine reference" keywords: ["Engine"] --- + + # Engine reference * [Dockerfile reference](builder.md) diff --git a/docs/reference/run.md b/docs/reference/run.md index 6b2994cc2a..dd4264a79d 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -4,6 +4,15 @@ description: "Configure containers at runtime" keywords: ["docker, run, configure, runtime"] --- + + # Docker run reference Docker runs processes in isolated containers. A container is a process @@ -415,7 +424,7 @@ running the `redis-cli` command and connecting to the Redis server over the You can create a network using a Docker network driver or an external network driver plugin. You can connect multiple containers to the same network. Once connected to a user-defined network, the containers can communicate easily using -only another container's IP address or name. +only another container's IP address or name. For `overlay` networks or custom plugins that support multi-host connectivity, containers connected to the same multi-host network but launched from different @@ -532,13 +541,17 @@ will try forever to restart the container. The number of (attempted) restarts for a container can be obtained via [`docker inspect`](commandline/inspect.md). For example, to get the number of restarts for container "my-container"; + {% raw %} $ docker inspect -f "{{ .RestartCount }}" my-container # 2 + {% endraw %} Or, to get the last time the container was (re)started; + {% raw %} $ docker inspect -f "{{ .State.StartedAt }}" my-container # 2015-03-04T23:47:07.691840179Z + {% endraw %} Combining `--restart` (restart policy) with the `--rm` (clean up) flag results @@ -1369,34 +1382,12 @@ it will provide a named alias for the container being linked to. When a new container is created, Docker will set the following environment variables automatically: - - - - - - - - - - - - - - - - - - - - -
VariableValue
HOME - Set based on the value of USER -
HOSTNAME - The hostname associated with the container -
PATH - Includes popular directories, such as :
- /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -
TERMxterm if the container is allocated a pseudo-TTY
+| Variable | Value | +| -------- | ----- | +| `HOME` | Set based on the value of `USER` | +| `HOSTNAME` | The hostname associated with the container | +| `PATH` | Includes popular directories, such as `:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin` | +| `TERM` | `xterm` if the container is allocated a pseudo-TTY | Additionally, the operator can **set any environment variable** in the container by using one or more `-e` flags, even overriding those mentioned @@ -1425,6 +1416,7 @@ Similarly the operator can set the **hostname** with `-h`. Example: + {% raw %} $ docker run --name=test -d \ --health-cmd='stat /etc/passwd || exit 1' \ --health-interval=2s \ @@ -1469,6 +1461,7 @@ Example: } ] } + {% endraw %} The health status is also displayed in the `docker ps` output. From 7ec82562ce9ab727841beff8b58bdb93452186ea Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Thu, 20 Oct 2016 11:12:02 -0700 Subject: [PATCH 1846/2538] Rewrites to Developing Plugins topic Signed-off-by: Misty Stanley-Jones --- docs/extend/index.md | 217 ++++++++++++++++++++++++------------------- 1 file changed, 122 insertions(+), 95 deletions(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index 8316307cee..e0689f776b 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -1,11 +1,11 @@ --- -aliases: [ -"/engine/extend/" -] -title: "Managed plugin system" -description: "How develop and use a plugin with the managed plugin system" -keywords: ["API, Usage, plugins, documentation, developer"] -advisory: "experimental" +advisory: experimental +aliases: +- /engine/extend/ +description: Develop and use a plugin with the managed plugin system +keywords: +- API, Usage, plugins, documentation, developer +title: Managed plugin system --- dbfee88ee9fd - Step 2 : COPY testfile.txt c:RUN dir c: + Step 1/2 : FROM microsoft/nanoserver + ---> 22738ff49c6d + Step 2/2 : COPY testfile.txt c:\RUN dir c: GetFileAttributesEx c:RUN: The system cannot find the file specified. PS C:\John> @@ -280,7 +280,7 @@ expected with the use of natural platform semantics for file paths on `Windows`: # escape=` - FROM windowsservercore + FROM microsoft/nanoserver COPY testfile.txt c:\ RUN dir c:\ @@ -288,30 +288,29 @@ Results in: PS C:\John> docker build -t succeeds --no-cache=true . Sending build context to Docker daemon 3.072 kB - Step 1 : FROM windowsservercore - ---> dbfee88ee9fd - Step 2 : COPY testfile.txt c:\ - ---> 99ceb62e90df - Removing intermediate container 62afbe726221 - Step 3 : RUN dir c:\ - ---> Running in a5ff53ad6323 + Step 1/3 : FROM microsoft/nanoserver + ---> 22738ff49c6d + Step 2/3 : COPY testfile.txt c:\ + ---> 96655de338de + Removing intermediate container 4db9acbb1682 + Step 3/3 : RUN dir c:\ + ---> Running in a2c157f842f5 Volume in drive C has no label. - Volume Serial Number is 1440-27FA - + Volume Serial Number is 7E6D-E0F7 + Directory of c:\ - - 03/25/2016 05:28 AM

inetpub - 03/25/2016 04:22 AM PerfLogs - 04/22/2016 10:59 PM Program Files - 03/25/2016 04:22 AM Program Files (x86) - 04/18/2016 09:26 AM 4 testfile.txt - 04/22/2016 10:59 PM Users - 04/22/2016 10:59 PM Windows - 1 File(s) 4 bytes - 6 Dir(s) 21,252,689,920 bytes free - ---> 2569aa19abef - Removing intermediate container a5ff53ad6323 - Successfully built 2569aa19abef + + 10/05/2016 05:04 PM 1,894 License.txt + 10/05/2016 02:22 PM Program Files + 10/05/2016 02:14 PM Program Files (x86) + 10/28/2016 11:18 AM 62 testfile.txt + 10/28/2016 11:20 AM Users + 10/28/2016 11:20 AM Windows + 2 File(s) 1,956 bytes + 4 Dir(s) 21,259,096,064 bytes free + ---> 01c7f3bef04f + Removing intermediate container a2c157f842f5 + Successfully built 01c7f3bef04f PS C:\John> ## Environment replacement @@ -1596,7 +1595,7 @@ well as alternate shells available including `sh`. The `SHELL` instruction can appear multiple times. Each `SHELL` instruction overrides all previous `SHELL` instructions, and affects all subsequent instructions. For example: - FROM windowsservercore + FROM microsoft/windowsservercore # Executed as cmd /S /C echo default RUN echo default @@ -1645,7 +1644,7 @@ the `escape` parser directive: # escape=` - FROM windowsservercore + FROM microsoft/nanoserver SHELL ["powershell","-command"] RUN New-Item -ItemType Directory C:\Example ADD Execute-MyCmdlet.ps1 c:\example\ @@ -1654,36 +1653,36 @@ the `escape` parser directive: Resulting in: PS E:\docker\build\shell> docker build -t shell . - Sending build context to Docker daemon 3.584 kB - Step 1 : FROM windowsservercore - ---> 5bc36a335344 - Step 2 : SHELL powershell -command - ---> Running in 87d7a64c9751 - ---> 4327358436c1 - Removing intermediate container 87d7a64c9751 - Step 3 : RUN New-Item -ItemType Directory C:\Example - ---> Running in 3e6ba16b8df9 - - + Sending build context to Docker daemon 4.096 kB + Step 1/5 : FROM microsoft/nanoserver + ---> 22738ff49c6d + Step 2/5 : SHELL powershell -command + ---> Running in 6fcdb6855ae2 + ---> 6331462d4300 + Removing intermediate container 6fcdb6855ae2 + Step 3/5 : RUN New-Item -ItemType Directory C:\Example + ---> Running in d0eef8386e97 + + Directory: C:\ - - + + Mode LastWriteTime Length Name ---- ------------- ------ ---- - d----- 6/2/2016 2:59 PM Example - - - ---> 1f1dfdcec085 - Removing intermediate container 3e6ba16b8df9 - Step 4 : ADD Execute-MyCmdlet.ps1 c:\example\ - ---> 6770b4c17f29 - Removing intermediate container b139e34291dc - Step 5 : RUN c:\example\Execute-MyCmdlet -sample 'hello world' - ---> Running in abdcf50dfd1f - Hello from Execute-MyCmdlet.ps1 - passed hello world - ---> ba0e25255fda - Removing intermediate container abdcf50dfd1f - Successfully built ba0e25255fda + d----- 10/28/2016 11:26 AM Example + + + ---> 3f2fbf1395d9 + Removing intermediate container d0eef8386e97 + Step 4/5 : ADD Execute-MyCmdlet.ps1 c:\example\ + ---> a955b2621c31 + Removing intermediate container b825593d39fc + Step 5/5 : RUN c:\example\Execute-MyCmdlet 'hello world' + ---> Running in be6d8e63fe75 + hello world + ---> 8e559e9bf424 + Removing intermediate container be6d8e63fe75 + Successfully built 8e559e9bf424 PS E:\docker\build\shell> The `SHELL` instruction could also be used to modify the way in which From 836b1a7d0af2eb1169592d01e3b980c1d5e82efa Mon Sep 17 00:00:00 2001 From: Cezar Sa Espinola Date: Thu, 13 Oct 2016 15:28:32 -0300 Subject: [PATCH 1915/2538] Add --health-* commands to service create and update A HealthConfig entry was added to the ContainerSpec associated with the service being created or updated. Signed-off-by: Cezar Sa Espinola --- contrib/completion/bash/docker | 5 +++++ contrib/completion/zsh/_docker | 5 +++++ docs/reference/commandline/service_create.md | 5 +++++ docs/reference/commandline/service_update.md | 5 +++++ 4 files changed, 20 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 813f17e45b..e1fa2aa5eb 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2574,6 +2574,10 @@ _docker_service_update() { --env -e --force --group-add + --health-cmd + --health-interval + --health-retries + --health-timeout --label -l --limit-cpu --limit-memory @@ -2581,6 +2585,7 @@ _docker_service_update() { --log-opt --mount --network + --no-healthcheck --publish -p --replicas --reserve-cpu diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a2330b62d3..cb54e8dfc7 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1089,6 +1089,10 @@ __docker_service_subcommand() { "($help)--endpoint-mode=[Placement constraints]:mode:(dnsrr vip)" "($help)*"{-e=,--env=}"[Set environment variables]:env: " "($help)*--group-add=[Add additional user groups to the container]:group:_groups" + "($help)--health-cmd=[Command to run to check health]:command: " + "($help)--health-interval=[Time between running the check]:time: " + "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" + "($help)--health-timeout=[Maximum time to allow one check to run]:time: " "($help)*--label=[Service labels]:label: " "($help)--limit-cpu=[Limit CPUs]:value: " "($help)--limit-memory=[Limit Memory]:value: " @@ -1096,6 +1100,7 @@ __docker_service_subcommand() { "($help)*--log-opt=[Logging driver options]:log driver options:__docker_log_options" "($help)*--mount=[Attach a mount to the service]:mount: " "($help)*--network=[Network attachments]:network: " + "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: " "($help)--replicas=[Number of tasks]:replicas: " "($help)--reserve-cpu=[Reserve CPUs]:value: " diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 3feaf6435d..2c023f0c51 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -27,6 +27,10 @@ Options: -e, --env value Set environment variables (default []) --env-file value Read in a file of environment variables (default []) --group-add value Add additional user groups to the container (default []) + --health-cmd string Command to run to check health + --health-interval duration Time between running the check + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration Maximum time to allow one check to run --help Print usage -l, --label value Service labels (default []) --limit-cpu value Limit CPUs (default 0.000) @@ -37,6 +41,7 @@ Options: --mount value Attach a mount to the service --name string Service name --network value Network attachments (default []) + --no-healthcheck Disable any container-specified HEALTHCHECK -p, --publish value Publish a port as a node port (default []) --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index c30e5e973e..58ffe6e442 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -32,6 +32,10 @@ Options: --force Force update even if no changes require it --group-add value Add additional user groups to the container (default []) --group-rm value Remove previously added user groups from the container (default []) + --health-cmd string Command to run to check health + --health-interval duration Time between running the check + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration Maximum time to allow one check to run --help Print usage --image string Service image tag --label-add value Add or update service labels (default []) @@ -42,6 +46,7 @@ Options: --log-opt value Logging driver options (default []) --mount-add value Add or update a mount on a service --mount-rm value Remove a mount by its target path (default []) + --no-healthcheck Disable any container-specified HEALTHCHECK --publish-add value Add or update a published port (default []) --publish-rm value Remove a published port by its target port (default []) --replicas value Number of tasks (default none) From 2603a9c1dd8978e7b02af654b8572a87b16fe3d9 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Thu, 27 Oct 2016 16:24:55 +0800 Subject: [PATCH 1916/2538] fill the complete address because of no userguide directory Signed-off-by: lixiaobing10051267 --- docs/extend/plugins_network.md | 2 +- docs/reference/builder.md | 10 +++++----- docs/reference/commandline/network_prune.md | 2 +- docs/reference/run.md | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index 9546195bbd..095c143f74 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -73,5 +73,5 @@ documented as part of libnetwork: To interact with the Docker maintainers and other interested users, see the IRC channel `#docker-network`. -- [Docker networks feature overview](../userguide/networking/index.md) +- [Docker networks feature overview](https://docs.docker.com/engine/userguide/networking/) - The [LibNetwork](https://github.com/docker/libnetwork) project diff --git a/docs/reference/builder.md b/docs/reference/builder.md index a242a4af1d..9563fe21e4 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -23,7 +23,7 @@ instructions in succession. This page describes the commands you can use in a `Dockerfile`. When you are done reading this page, refer to the [`Dockerfile` Best -Practices](../userguide/eng-image/dockerfile_best-practices.md) for a tip-oriented guide. +Practices](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/) for a tip-oriented guide. ## Usage @@ -92,7 +92,7 @@ instructions. Whenever possible, Docker will re-use the intermediate images (cache), to accelerate the `docker build` process significantly. This is indicated by the `Using cache` message in the console output. -(For more information, see the [Build cache section](../userguide/eng-image/dockerfile_best-practices.md#build-cache)) in the +(For more information, see the [Build cache section](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache)) in the `Dockerfile` best practices guide: $ docker build -t svendowideit/ambassador . @@ -573,7 +573,7 @@ cache for `RUN` instructions can be invalidated by using the `--no-cache` flag, for example `docker build --no-cache`. See the [`Dockerfile` Best Practices -guide](../userguide/eng-image/dockerfile_best-practices.md#build-cache) for more information. +guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache) for more information. The cache for `RUN` instructions can be invalidated by `ADD` instructions. See [below](#add) for details. @@ -728,7 +728,7 @@ To set up port redirection on the host system, see [using the -P flag](run.md#expose-incoming-ports). The Docker network feature supports creating networks without the need to expose ports within the network, for detailed information see the [overview of this -feature](../userguide/networking/index.md)). +feature](https://docs.docker.com/engine/userguide/networking/)). ## ENV @@ -829,7 +829,7 @@ of whether or not the file has changed and the cache should be updated. > following instructions from the Dockerfile if the contents of `` have > changed. This includes invalidating the cache for `RUN` instructions. > See the [`Dockerfile` Best Practices -guide](../userguide/eng-image/dockerfile_best-practices.md#build-cache) for more information. +guide](https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#/build-cache) for more information. `ADD` obeys the following rules: diff --git a/docs/reference/commandline/network_prune.md b/docs/reference/commandline/network_prune.md index 82da94e31c..f0db94724a 100644 --- a/docs/reference/commandline/network_prune.md +++ b/docs/reference/commandline/network_prune.md @@ -37,7 +37,7 @@ n2 * [network ls](network_ls.md) * [network inspect](network_inspect.md) * [network rm](network_rm.md) -* [Understand Docker container networks](../../userguide/networking/index.md) +* [Understand Docker container networks](https://docs.docker.com/engine/userguide/networking/) * [system df](system_df.md) * [container prune](container_prune.md) * [image prune](image_prune.md) diff --git a/docs/reference/run.md b/docs/reference/run.md index a48b44d4bf..b1fef2b12e 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1376,7 +1376,7 @@ If the operator uses `--link` when starting a new client container in the default bridge network, then the client container can access the exposed port via a private networking interface. If `--link` is used when starting a container in a user-defined network as -described in [*Docker network overview*](../userguide/networking/index.md), +described in [*Docker network overview*](https://docs.docker.com/engine/userguide/networking/), it will provide a named alias for the container being linked to. ### ENV (environment variables) From 9b109cd9a75e2dcfcdfdaa14c2836383126a3d62 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Thu, 27 Oct 2016 16:47:28 +0800 Subject: [PATCH 1917/2538] fill all the rest invalid address because no related directory Signed-off-by: lixiaobing10051267 --- docs/extend/plugins_authorization.md | 2 +- docs/extend/plugins_network.md | 2 +- docs/reference/builder.md | 8 ++++---- docs/reference/glossary.md | 14 +++++++------- docs/reference/run.md | 4 ++-- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 1b0f83b510..4c87cf5d68 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -58,7 +58,7 @@ respectively. ## Default user authorization mechanism -If TLS is enabled in the [Docker daemon](../security/https.md), the default user authorization flow extracts the user details from the certificate subject name. +If TLS is enabled in the [Docker daemon](https://docs.docker.com/engine/security/https/), the default user authorization flow extracts the user details from the certificate subject name. That is, the `User` field is set to the client certificate subject common name, and the `AuthenticationMethod` field is set to `TLS`. ## Basic architecture diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index 095c143f74..ade580a04c 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -30,7 +30,7 @@ kind of protocol. ## Network driver plugins and swarm mode Docker 1.12 adds support for cluster management and orchestration called -[swarm mode](../swarm/index.md). Docker Engine running in swarm mode currently +[swarm mode](https://docs.docker.com/engine/swarm/). Docker Engine running in swarm mode currently only supports the built-in overlay driver for networking. Therefore existing networking plugins will not work in swarm mode. diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 9563fe21e4..ffe010ddb6 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -118,7 +118,7 @@ image you can specify it with `--cache-from` option. Images specified with registries. When you're done with your build, you're ready to look into [*Pushing a -repository to its registry*](../tutorials/dockerrepos.md#contributing-to-docker-hub). +repository to its registry*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub). ## Format @@ -491,7 +491,7 @@ Or The `FROM` instruction sets the [*Base Image*](glossary.md#base-image) for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as its first instruction. The image can be any valid image – it is especially easy -to start by **pulling an image** from the [*Public Repositories*](../tutorials/dockerrepos.md). +to start by **pulling an image** from the [*Public Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/). - `FROM` must be the first non-comment instruction in the `Dockerfile`. @@ -1204,7 +1204,7 @@ containers. The value can be a JSON array, `VOLUME ["/var/log/"]`, or a plain string with multiple arguments, such as `VOLUME /var/log` or `VOLUME /var/log /var/db`. For more information/examples and mounting instructions via the Docker client, refer to -[*Share Directories via Volumes*](../tutorials/dockervolumes.md#mount-a-host-directory-as-a-data-volume) +[*Share Directories via Volumes*](https://docs.docker.com/engine/tutorials/dockervolumes/#/mount-a-host-directory-as-a-data-volume) documentation. The `docker run` command initializes the newly created volume with any data @@ -1697,7 +1697,7 @@ The `SHELL` feature was added in Docker 1.12. ## Dockerfile examples Below you can see some examples of Dockerfile syntax. If you're interested in -something more realistic, take a look at the list of [Dockerization examples](../examples/index.md). +something more realistic, take a look at the list of [Dockerization examples](https://docs.docker.com/engine/examples/). ``` # Nginx diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index c99f18b3f4..1644600739 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -159,7 +159,7 @@ installs Docker on them, then configures the Docker client to talk to them. ## node -A [node](../swarm/how-swarm-mode-works/nodes.md) is a physical or virtual +A [node](https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/) is a physical or virtual machine running an instance of the Docker Engine in swarm mode. **Manager nodes** perform swarm management and orchestration duties. By default @@ -198,7 +198,7 @@ and its [tags](https://hub.docker.com/r/library/nginx/tags/) ## service -A [service](../swarm/how-swarm-mode-works/services.md) is the definition of how +A [service](https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/) is the definition of how you want to run your application containers in a swarm. At the most basic level a service defines which container image to run in the swarm and which commands to run in the container. For orchestration purposes, the service defines the @@ -212,7 +212,7 @@ environment. ## service discovery -Swarm mode [service discovery](../swarm/networking.md) is a DNS component +Swarm mode [service discovery](https://docs.docker.com/engine/swarm/networking/) is a DNS component internal to the swarm that automatically assigns each service on an overlay network in the swarm a VIP and DNS entry. Containers on the network share DNS mappings for the service via gossip so any container on the network can access @@ -224,7 +224,7 @@ automatically distributes requests to the service VIP among the active tasks. ## swarm -A [swarm](../swarm/index.md) is a cluster of one or more Docker Engines running in [swarm mode](#swarm-mode). +A [swarm](https://docs.docker.com/engine/swarm/) is a cluster of one or more Docker Engines running in [swarm mode](#swarm-mode). ## Swarm @@ -239,7 +239,7 @@ works with Docker can now transparently scale up to multiple hosts. ## swarm mode -[Swarm mode](../swarm/index.md) refers to cluster management and orchestration +[Swarm mode](https://docs.docker.com/engine/swarm/) refers to cluster management and orchestration features embedded in Docker Engine. When you initialize a new swarm (cluster) or join nodes to a swarm, the Docker Engine runs in swarm mode. @@ -252,7 +252,7 @@ tags are how various images in a repository are distinguished from each other. ## task -A [task](../swarm/how-swarm-mode-works/services.md#tasks-and-scheduling) is the +A [task](https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/#/tasks-and-scheduling) is the atomic unit of scheduling within a swarm. A task carries a Docker container and the commands to run inside the container. Manager nodes assign tasks to worker nodes according to the number of replicas set in the service scale. @@ -260,7 +260,7 @@ nodes according to the number of replicas set in the service scale. The diagram below illustrates the relationship of services to tasks and containers. -![services diagram](../swarm/images/services-diagram.png) +![services diagram](https://docs.docker.com/engine/swarm/images/services-diagram.png) ## Toolbox diff --git a/docs/reference/run.md b/docs/reference/run.md index b1fef2b12e..f027d96fed 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1253,7 +1253,7 @@ container's logging driver. The following options are supported: The `docker logs` command is available only for the `json-file` and `journald` logging drivers. For detailed information on working with logging drivers, see -[Configure a logging driver](../admin/logging/overview.md). +[Configure a logging driver](https://docs.docker.com/engine/admin/logging/overview/). ## Overriding Dockerfile image defaults @@ -1507,7 +1507,7 @@ The example below mounts an empty tmpfs into the container with the `rw`, The volumes commands are complex enough to have their own documentation in section [*Manage data in -containers*](../tutorials/dockervolumes.md). A developer can define +containers*](https://docs.docker.com/engine/tutorials/dockervolumes/). A developer can define one or more `VOLUME`'s associated with an image, but only the operator can give access from one container to another (or from a container to a volume mounted on the host). From 0e1a3f6bbbe2d9295aefad7822989a8162f7d9be Mon Sep 17 00:00:00 2001 From: Lily Guo Date: Wed, 26 Oct 2016 12:46:40 -0700 Subject: [PATCH 1918/2538] Service create --group param --group-add was used for specifying groups for both service create and service update. For create it was confusing since we don't have an existing set of groups. Instead I added --group to create, and moved --group-add to service update only, like --group-rm This deals with issue 27646 Signed-off-by: Lily Guo Update flag documentation Specify that --group, --group-add and --groupd-rm refers to supplementary user groups Signed-off-by: Lily Guo Fix docs for groups and update completion scripts Signed-off-by: Lily Guo --- contrib/completion/bash/docker | 15 ++++++++++----- contrib/completion/zsh/_docker | 6 +++--- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 4 ++-- 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index e1fa2aa5eb..d8365af57d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2573,7 +2573,6 @@ _docker_service_update() { --endpoint-mode --env -e --force - --group-add --health-cmd --health-interval --health-retries @@ -2616,6 +2615,7 @@ _docker_service_update() { options_with_args="$options_with_args --container-label --env-file + --group --mode --name " @@ -2629,6 +2629,10 @@ _docker_service_update() { COMPREPLY=( $( compgen -W "global replicated" -- "$cur" ) ) return ;; + --group) + COMPREPLY=( $(compgen -g -- "$cur") ) + return + ;; esac fi if [ "$subcommand" = "update" ] ; then @@ -2636,11 +2640,16 @@ _docker_service_update() { --arg --container-label-add --container-label-rm + --group-add --group-rm --image " case "$prev" in + --group-add) + COMPREPLY=( $(compgen -g -- "$cur") ) + return + ;; --group-rm) COMPREPLY=( $(compgen -g -- "$cur") ) return @@ -2663,10 +2672,6 @@ _docker_service_update() { __docker_nospace return ;; - --group-add) - COMPREPLY=( $(compgen -g -- "$cur") ) - return - ;; --log-driver) __docker_complete_log_drivers return diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index cb54e8dfc7..a795d1670e 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1088,7 +1088,6 @@ __docker_service_subcommand() { "($help)*--constraint=[Placement constraints]:constraint: " "($help)--endpoint-mode=[Placement constraints]:mode:(dnsrr vip)" "($help)*"{-e=,--env=}"[Set environment variables]:env: " - "($help)*--group-add=[Add additional user groups to the container]:group:_groups" "($help)--health-cmd=[Command to run to check health]:command: " "($help)--health-interval=[Time between running the check]:time: " "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" @@ -1192,7 +1191,8 @@ __docker_service_subcommand() { "($help)*--container-label-add=[Add or update container labels]:label: " \ "($help)*--container-label-rm=[Remove a container label by its key]:label: " \ "($help)--force[Force update]" \ - "($help)*--group-rm=[Remove previously added user groups from the container]:group:_groups" \ + "($help)*--group-add=[Add additional supplementary user groups to the container]:group:_groups" \ + "($help)*--group-rm=[Remove previously added supplementary user groups from the container]:group:_groups" \ "($help)--image=[Service image tag]:image:__docker_repositories" \ "($help)--rollback[Rollback to previous specification]" \ "($help -)1:service:__docker_complete_services" && ret=0 @@ -1465,7 +1465,7 @@ __docker_subcommand() { "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: " "($help)*--env-file=[Read environment variables from a file]:environment file:_files" "($help)*--expose=[Expose a port from the container without publishing it]: " - "($help)*--group-add=[Add additional groups to run as]:group:_groups" + "($help)*--group=[Set one or more supplementary user groups for the container]:group:_groups" "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" "($help)--ip=[Container IPv4 address]:IPv4: " diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 2c023f0c51..3406ad68a0 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -26,7 +26,7 @@ Options: --endpoint-mode string Endpoint mode (vip or dnsrr) -e, --env value Set environment variables (default []) --env-file value Read in a file of environment variables (default []) - --group-add value Add additional user groups to the container (default []) + --group value Set one or more supplementary user groups for the container (default []) --health-cmd string Command to run to check health --health-interval duration Time between running the check --health-retries int Consecutive failures needed to report unhealthy diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 58ffe6e442..cf7dc9bdec 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -30,8 +30,8 @@ Options: --env-add value Add or update environment variables (default []) --env-rm value Remove an environment variable (default []) --force Force update even if no changes require it - --group-add value Add additional user groups to the container (default []) - --group-rm value Remove previously added user groups from the container (default []) + --group-add value Add additional supplementary user groups to the container (default []) + --group-rm value Remove previously added supplementary user groups from the container (default []) --health-cmd string Command to run to check health --health-interval duration Time between running the check --health-retries int Consecutive failures needed to report unhealthy From 65bc3e9b3ba841e32df1e115b6414620c48d94cb Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 28 Oct 2016 10:28:38 -0700 Subject: [PATCH 1919/2538] Windows: Clarify WORKDIR in docs Signed-off-by: John Howard --- docs/reference/builder.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index ffe010ddb6..3c7a2b8b62 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1268,6 +1268,19 @@ For example: The output of the final `pwd` command in this `Dockerfile` would be `/path/$DIRNAME` +On Windows, `WORKDIR` behaves differently depending on whether using Windows +Server containers or Hyper-V containers. For Hyper-V containers, the engine +is, for architectural reasons, unable to create the directory if it does not +previously exist. For Windows Server containers, the directory is created +if it does not exist. Hence, for consistency between Windows Server and +Hyper-V containers, it is strongly recommended to include an explict instruction +to create the directory in the Dockerfile. For example: + + # escape=` + FROM microsoft/nanoserver + RUN mkdir c:\myapp + WORKDIR c:\myapp + ## ARG ARG [=] From 86c99be0c968e6f017e14ba383cf8d9c031583b8 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 28 Oct 2016 13:07:00 -0700 Subject: [PATCH 1920/2538] =?UTF-8?q?Complete=20docker-events=20man=20page?= =?UTF-8?q?=20with=20filter=20list=E2=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit … and examples. Signed-off-by: Vincent Demeester --- man/docker-events.1.md | 49 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/man/docker-events.1.md b/man/docker-events.1.md index 11b3e98e5a..c0909c6817 100644 --- a/man/docker-events.1.md +++ b/man/docker-events.1.md @@ -38,7 +38,16 @@ Docker networks report the following events: Print usage statement **-f**, **--filter**=[] - Provide filter values (i.e., 'event=stop') + Filter output based on these conditions + - container (`container=`) + - event (`event=`) + - image (`image=`) + - plugin (experimental) (`plugin=`) + - label (`label=` or `label==`) + - type (`type=`) + - volume (`volume=`) + - network (`network=`) + - daemon (`daemon=`) **--since**="" Show all events created since timestamp @@ -124,6 +133,44 @@ Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. +## Filters + + $ docker events --filter 'event=stop' + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2014-09-03T17:42:14.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + + $ docker events --filter 'image=ubuntu-1:14.04' + 2014-05-10T17:42:14.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + + $ docker events --filter 'container=7805c1d35632' + 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image= redis:2.8) + + $ docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d' + 2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + + $ docker events --filter 'container=7805c1d35632' --filter 'event=stop' + 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + + $ docker events --filter 'type=volume' + 2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) + 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) + 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) + 2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) + + $ docker events --filter 'type=network' + 2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) + 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) + + $ docker events --filter 'type=plugin' (experimental) + 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) + 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) + # HISTORY April 2014, Originally compiled by William Henry (whenry at redhat dot com) From 7b22b129b90614b3214d7031b83d663fdc94080a Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 28 Oct 2016 14:11:18 -0700 Subject: [PATCH 1921/2538] Update docs for dockerd.md about `max-concurrent-downloads/max-concurrent-uploads` It seems that `max-concurrent-downloads` and `max-concurrent-uploads` are supported in Windows for `config.json`. Though that was not mentioned in the docs for dockerd.md. This fix adds the following to the example `config.json` file for Windows: ``` "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, ``` Signed-off-by: Yong Tang --- docs/reference/commandline/dockerd.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index b894af4d20..5aad8b3826 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1208,6 +1208,8 @@ This is a full example of the allowed configuration options on Windows: "graph": "", "cluster-store": "", "cluster-advertise": "", + "max-concurrent-downloads": 3, + "max-concurrent-uploads": 5, "shutdown-timeout": 15, "debug": true, "hosts": [], From baed1a070e14410a4327a9153f61f6143e0c6126 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Fri, 28 Oct 2016 22:31:20 +0800 Subject: [PATCH 1922/2538] Add --format to man and fix some typos Signed-off-by: yuexiao-wang --- docs/reference/commandline/images.md | 10 +++++----- man/docker-images.1.md | 9 +++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index a8c75f6775..75dd1d6f19 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -134,8 +134,8 @@ The currently supported filters are: * dangling (boolean - true or false) * label (`label=` or `label==`) -* before (`[:]`, `` or ``) - filters images created before given id or references -* since (`[:]`, `` or ``) - filters images created since given id or references +* before (`[:]`, `` or ``) - filter images created before given id or references +* since (`[:]`, `` or ``) - filter images created since given id or references ##### Untagged images (dangling) @@ -243,9 +243,9 @@ Placeholder | Description `.Repository` | Image repository `.Tag` | Image tag `.Digest` | Image digest -`.CreatedSince` | Elapsed time since the image was created. -`.CreatedAt` | Time when the image was created. -`.Size` | Image disk size. +`.CreatedSince` | Elapsed time since the image was created +`.CreatedAt` | Time when the image was created +`.Size` | Image disk size When using the `--format` option, the `image` command will either output the data exactly as the template declares or, when using the diff --git a/man/docker-images.1.md b/man/docker-images.1.md index d8a4ac4b03..bfe31316dc 100644 --- a/man/docker-images.1.md +++ b/man/docker-images.1.md @@ -10,6 +10,7 @@ docker-images - List images [**-a**|**--all**] [**--digests**] [**-f**|**--filter**[=*[]*]] +[**--format**=*"TEMPLATE"*] [**--no-trunc**] [**-q**|**--quiet**] [REPOSITORY[:TAG]] @@ -39,7 +40,7 @@ versions. **-f**, **--filter**=[] Filters the output based on these conditions: - - dangling=(true|false) - finds unused images. + - dangling=(true|false) - find unused images - label= or label== - before=([:tag]||) - since=([:tag]||) @@ -51,9 +52,9 @@ versions. .Repository - Image repository .Tag - Image tag .Digest - Image digest - .CreatedSince - Elapsed time since the image was created. - .CreatedAt - Time when the image was created.. - .Size - Image disk size. + .CreatedSince - Elapsed time since the image was created + .CreatedAt - Time when the image was created + .Size - Image disk size **--help** Print usage statement From c6c5d2882834c37bb2a767a3e69fad30205308e7 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Fri, 28 Oct 2016 00:35:51 +0200 Subject: [PATCH 1923/2538] Add "userns" to `docker info` security options output If user namespaces is enabled on the daemon, reveal that via docker info by adding "userns" to the list of security options reported by the info endpoint. Signed-off-by: Phil Estes --- docs/reference/commandline/dockerd.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 5aad8b3826..f7bde37c15 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -986,6 +986,11 @@ If you have a group that doesn't match the username, you may provide the `gid` or group name as well; otherwise the username will be used as the group name when querying the system for the subordinate group ID range. +The output of `docker info` can be used to determine if the daemon is running +with user namespaces enabled or not. If the daemon is configured with user +namespaces, the Security Options entry in the response will list "userns" as +one of the enabled security features. + ### Detailed information on `subuid`/`subgid` ranges Given potential advanced use of the subordinate ID ranges by power users, the From dfcd777cbc76caf866ab44fe4fbd763184088516 Mon Sep 17 00:00:00 2001 From: Josh Horwitz Date: Fri, 15 Jul 2016 14:21:19 -0400 Subject: [PATCH 1924/2538] Adds container health support to docker ps filter Signed-off-by: Josh Horwitz --- docs/reference/commandline/ps.md | 2 ++ man/docker-ps.1.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index b772ad1daf..6a7d6eaad4 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -33,6 +33,7 @@ Options: - ancestor=([:tag]||) containers created from an image or a descendant. - is-task=(true|false) + - health=(starting|healthy|unhealthy|none) --format string Pretty-print containers using a Go template --help Print usage -n, --last int Show n last created containers (includes all states) (default -1) @@ -81,6 +82,7 @@ The currently supported filters are: * isolation (default|process|hyperv) (Windows daemon only) * volume (volume name or mount point) - filters containers that mount volumes. * network (network id or name) - filters containers connected to the provided network +* health (starting|healthy|unhealthy|none) - filters containers based on healthcheck status #### Label diff --git a/man/docker-ps.1.md b/man/docker-ps.1.md index fd6c4e78fa..d9aa39f8fd 100644 --- a/man/docker-ps.1.md +++ b/man/docker-ps.1.md @@ -38,6 +38,7 @@ the running containers. - ancestor=([:tag]||) - containers created from an image or a descendant. - volume=(|) - network=(|) - containers connected to the provided network + - health=(starting|healthy|unhealthy|none) - filters containers based on healthcheck status **--format**="*TEMPLATE*" Pretty-print containers using a Go template. @@ -141,3 +142,4 @@ June 2014, updated by Sven Dowideit August 2014, updated by Sven Dowideit November 2014, updated by Sven Dowideit February 2015, updated by André Martins +October 2016, updated by Josh Horwitz From a17a06204dce11b62b9607e49edc3f65dc70e02c Mon Sep 17 00:00:00 2001 From: Qiang Huang Date: Sat, 29 Oct 2016 15:03:26 +0800 Subject: [PATCH 1925/2538] Fix bunch of typos Signed-off-by: Qiang Huang --- docs/reference/builder.md | 2 +- docs/reference/commandline/swarm_join_token.md | 2 +- man/docker-create.1.md | 2 +- man/docker-run.1.md | 2 +- man/docker-update.1.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 3c7a2b8b62..b3010a47d4 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1273,7 +1273,7 @@ Server containers or Hyper-V containers. For Hyper-V containers, the engine is, for architectural reasons, unable to create the directory if it does not previously exist. For Windows Server containers, the directory is created if it does not exist. Hence, for consistency between Windows Server and -Hyper-V containers, it is strongly recommended to include an explict instruction +Hyper-V containers, it is strongly recommended to include an explicit instruction to create the directory in the Dockerfile. For example: # escape=` diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index 189687d955..65607c18e2 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -58,7 +58,7 @@ Use the `--rotate` flag to generate a new join token for the specified role: ```bash $ docker swarm join-token --rotate worker -Succesfully rotated worker join token. +Successfully rotated worker join token. To add a worker to this swarm, run the following command: diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 08e8665903..21cbd9f9d6 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -151,7 +151,7 @@ two memory nodes. Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - The sum of all runtimes across containers cannot exceed the amount alotted to the parent cgroup. + The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. **--device**=[] Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 8cbd26242c..0a46f29110 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -205,7 +205,7 @@ to the quota you specify. Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - The sum of all runtimes across containers cannot exceed the amount alotted to the parent cgroup. + The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. **-d**, **--detach**=*true*|*false* Detached mode: run the container in the background and print the new container ID. The default is *false*. diff --git a/man/docker-update.1.md b/man/docker-update.1.md index 7ae7099344..85f3dd07c1 100644 --- a/man/docker-update.1.md +++ b/man/docker-update.1.md @@ -62,7 +62,7 @@ a running container with kernel memory initialized. Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - The sum of all runtimes across containers cannot exceed the amount alotted to the parent cgroup. + The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. **--cpuset-cpus**="" CPUs in which to allow execution (0-3, 0,1) From 7cb11128f79983a267f9a2f232c4828ea54c7d97 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 29 Oct 2016 04:26:08 -0700 Subject: [PATCH 1926/2538] Add bash completion for `docker ps --filter health` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d8365af57d..ebd108d7c1 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1089,6 +1089,10 @@ _docker_container_ls() { __docker_complete_containers_all --cur "${cur##*=}" --id return ;; + health) + COMPREPLY=( $( compgen -W "healthy starting none unhealthy" -- "${cur##*=}" ) ) + return + ;; is-task) COMPREPLY=( $( compgen -W "true false" -- "${cur##*=}" ) ) return @@ -1117,7 +1121,7 @@ _docker_container_ls() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "ancestor before exited id label name network since status volume" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "ancestor before exited health id label name network since status volume" -- "$cur" ) ) __docker_nospace return ;; From 33964db9d0a545f2402ef2d786a06dca72ecd3af Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 12:13:29 +0200 Subject: [PATCH 1927/2538] Add zsh completion for 'docker ps --filter health=' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a795d1670e..06997ffadd 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -332,6 +332,10 @@ __docker_complete_ps_filters() { (before|since) __docker_containers && ret=0 ;; + (health) + health_opts=('healthy' 'none' 'starting' 'unhealthy') + _describe -t health-filter-opts "health filter options" health_opts && ret=0 + ;; (id) __docker_containers_ids && ret=0 ;; @@ -346,7 +350,7 @@ __docker_complete_ps_filters() { ;; (status) status_opts=('created' 'dead' 'exited' 'paused' 'restarting' 'running' 'removing') - _describe -t status-filter-opts "Status Filter Options" status_opts && ret=0 + _describe -t status-filter-opts "status filter options" status_opts && ret=0 ;; (volume) __docker_volumes && ret=0 @@ -356,7 +360,7 @@ __docker_complete_ps_filters() { ;; esac else - opts=('ancestor' 'before' 'exited' 'id' 'label' 'name' 'network' 'since' 'status' 'volume') + opts=('ancestor' 'before' 'exited' 'health' 'id' 'label' 'name' 'network' 'since' 'status' 'volume') _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 fi From 49a282eb1cba29b452512fd1228ea75fd396e48a Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Sun, 18 Sep 2016 13:11:02 +0800 Subject: [PATCH 1928/2538] Modify short and flags for docker inspect Signed-off-by: yuexiao-wang --- docs/reference/commandline/inspect.md | 5 ++--- man/docker-inspect.1.md | 10 +++++----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index f169f42b45..bb79dede16 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -18,14 +18,13 @@ keywords: ["inspect, container, json"] ```markdown Usage: docker inspect [OPTIONS] NAME|ID [NAME|ID...] -Return low-level information on one or multiple containers, images, volumes, -networks, nodes, services, or tasks identified by name or ID. +Return low-level information on Docker object(s) (e.g. container, image, volume, +network, node, service, or task) identified by name or ID Options: -f, --format Format the output using the given Go template --help Print usage -s, --size Display total file sizes if the type is container - values are "image" or "container" or "task --type Return JSON for specified type ``` diff --git a/man/docker-inspect.1.md b/man/docker-inspect.1.md index 3dbf600fde..21d7ba678a 100644 --- a/man/docker-inspect.1.md +++ b/man/docker-inspect.1.md @@ -14,8 +14,8 @@ NAME|ID [NAME|ID...] # DESCRIPTION -This displays all the information available in Docker for one or multiple given -containers, images, volumes, networks, nodes, services, or tasks. By default, +This displays the low-level information on Docker object(s) (e.g. container, +image, volume,network, node, service, or task) identified by name or ID. By default, this will render all results in a JSON array. If the container and image have the same name, this will return container JSON for unspecified type. If a format is specified, the given template will be executed for each result. @@ -25,14 +25,14 @@ is specified, the given template will be executed for each result. Print usage statement **-f**, **--format**="" - Format the output using the given Go template. + Format the output using the given Go template **-s**, **--size** - Display total file sizes if the type is container. + Display total file sizes if the type is container **--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume* Return JSON for specified type, permissible values are "image", "container", - "network", "node", "service", "task", and "volume". + "network", "node", "service", "task", and "volume" # EXAMPLES From 44edbbdbc29a3ebf8a3e0f50444d53dc3d473294 Mon Sep 17 00:00:00 2001 From: Addam Hardy Date: Sat, 15 Oct 2016 22:37:15 -0500 Subject: [PATCH 1929/2538] Convert Unused ARG error to warning Signed-off-by: Addam Hardy --- docs/reference/builder.md | 8 ++++---- man/Dockerfile.5.md | 27 ++++++++++++++------------- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index b3010a47d4..68b2db1f63 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1286,12 +1286,12 @@ to create the directory in the Dockerfile. For example: ARG [=] The `ARG` instruction defines a variable that users can pass at build-time to -the builder with the `docker build` command using the -`--build-arg =` flag. If a user specifies a build argument -that was not defined in the Dockerfile, the build outputs an error. +the builder with the `docker build` command using the `--build-arg +=` flag. If a user specifies a build argument that was not +defined in the Dockerfile, the build outputs a warning. ``` -One or more build-args were not consumed, failing build. +[Warning] One or more build-args [foo] were not consumed. ``` The Dockerfile author can define a single variable by specifying `ARG` once or many diff --git a/man/Dockerfile.5.md b/man/Dockerfile.5.md index df69935397..5191b1930a 100644 --- a/man/Dockerfile.5.md +++ b/man/Dockerfile.5.md @@ -26,7 +26,7 @@ For example: # DESCRIPTION -A Dockerfile is a file that automates the steps of creating a Docker image. +A Dockerfile is a file that automates the steps of creating a Docker image. A Dockerfile is similar to a Makefile. # USAGE @@ -71,10 +71,10 @@ A Dockerfile is similar to a Makefile. multiple images. Make a note of the last image ID output by the commit before each new **FROM** command. - -- If no tag is given to the **FROM** instruction, Docker applies the + -- If no tag is given to the **FROM** instruction, Docker applies the `latest` tag. If the used tag does not exist, an error is returned. - -- If no digest is given to the **FROM** instruction, Docker applies the + -- If no digest is given to the **FROM** instruction, Docker applies the `latest` tag. If the used tag does not exist, an error is returned. **MAINTAINER** @@ -148,7 +148,7 @@ A Dockerfile is similar to a Makefile. ``` -- To make the container run the same executable every time, use **ENTRYPOINT** in - combination with **CMD**. + combination with **CMD**. If the user specifies arguments to `docker run`, the specified commands override the default in **CMD**. Do not confuse **RUN** with **CMD**. **RUN** runs a command and commits the result. @@ -156,7 +156,7 @@ A Dockerfile is similar to a Makefile. the image. **LABEL** - -- `LABEL = [= ...]`or + -- `LABEL = [= ...]`or ``` LABEL [ ] LABEL [ ] @@ -176,8 +176,8 @@ A Dockerfile is similar to a Makefile. ``` An image can have more than one label. To specify multiple labels, separate - each key-value pair by a space. - + each key-value pair by a space. + Labels are additive including `LABEL`s in `FROM` images. As the system encounters and then applies a new label, new `key`s override any previous labels with identical keys. @@ -194,7 +194,7 @@ A Dockerfile is similar to a Makefile. **ENV** -- `ENV ` The **ENV** instruction sets the environment variable to - the value ``. This value is passed to all future + the value ``. This value is passed to all future **RUN**, **ENTRYPOINT**, and **CMD** instructions. This is functionally equivalent to prefixing the command with `=`. The environment variables that are set with **ENV** persist when a container is run @@ -243,7 +243,7 @@ A Dockerfile is similar to a Makefile. being built (the context of the build) or a remote file URL. The `` is an absolute path, or a path relative to **WORKDIR**, into which the source will be copied inside the target container. If you **COPY** an archive file it will - land in the container exactly as it appears in the build context without any + land in the container exactly as it appears in the build context without any attempt to unpack it. All new files and directories are created with mode **0755** and with the uid and gid of **0**. @@ -326,10 +326,10 @@ A Dockerfile is similar to a Makefile. The `ARG` instruction defines a variable that users can pass at build-time to the builder with the `docker build` command using the `--build-arg =` flag. If a user specifies a build argument that was not - defined in the Dockerfile, the build outputs an error. + defined in the Dockerfile, the build outputs a warning. ``` - One or more build-args were not consumed, failing build. + [Warning] One or more build-args [foo] were not consumed ``` The Dockerfile author can define a single variable by specifying `ARG` once or many @@ -454,7 +454,7 @@ A Dockerfile is similar to a Makefile. you are defining an image to use as a base for building other images. For example, if you are defining an application build environment or a daemon that is customized with a user-specific configuration. - + Consider an image intended as a reusable python application builder. It must add application source code to a particular directory, and might need a build script called after that. You can't just call **ADD** and **RUN** now, because @@ -470,4 +470,5 @@ A Dockerfile is similar to a Makefile. # HISTORY *May 2014, Compiled by Zac Dover (zdover at redhat dot com) based on docker.com Dockerfile documentation. *Feb 2015, updated by Brian Goff (cpuguy83@gmail.com) for readability -*Sept 2015, updated by Sally O'Malley (somalley@redhat.com) +*Sept 2015, updated by Sally O'Malley (somalley@redhat.com) +*Oct 2016, updated by Addam Hardy (addam.hardy@gmail.com) From e34679982ffbe9e89fea10f74dadf49caa49c742 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 21 Apr 2016 12:08:37 -0400 Subject: [PATCH 1930/2538] Adds ability to squash image after build Allow built images to be squash to scratch. Squashing does not destroy any images or layers, and preserves the build cache. Introduce a new CLI argument --squash to docker build Introduce a new param to the build API endpoint `squash` Once the build is complete, docker creates a new image loading the diffs from each layer into a single new layer and references all the parent's layers. Signed-off-by: Brian Goff --- docs/reference/commandline/build.md | 18 ++++++++++++++++++ man/docker-build.1.md | 17 +++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 6c162a0710..d5c08fec48 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -54,6 +54,7 @@ Options: The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. + --squash Squash newly built layers into a single new layer (**Experimental Only**) -t, --tag value Name and optionally a tag in the 'name:tag' format (default []) --ulimit value Ulimit options (default []) ``` @@ -432,3 +433,20 @@ Linux namespaces. On Microsoft Windows, you can specify these values: | `hyperv` | Hyper-V hypervisor partition-based isolation. | Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. + + +### Squash an image's layers (--squash) **Experimental Only** + +Once the image is built, squash the new layers into a new image with a single +new layer. Squashing does not destroy any existing image, rather it creates a new +image with the content of the squshed layers. This effectively makes it look +like all `Dockerfile` commands were created with a single layer. The build +cache is preserved with this method. + +**Note**: using this option means the new image will not be able to take +advantage of layer sharing with other images and may use significantly more +space. + +**Note**: using this option you may see significantly more space used due to +storing two copies of the image, one for the build cache with all the cache +layers in tact, and one for the squashed version. diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 9dfa496f5b..32caaafc74 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -11,6 +11,7 @@ docker-build - Build a new image from the source code at PATH [**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] [**-f**|**--file**[=*PATH/Dockerfile*]] +[**-squash**] *Experimental* [**--force-rm**] [**--isolation**[=*default*]] [**--label**[=*[]*]] @@ -57,6 +58,22 @@ set as the **URL**, the repository is cloned locally and then sent as the contex the remote context. In all cases, the file must be within the build context. The default is *Dockerfile*. +**--squash**=*true*|*false* + **Experimental Only** + Once the image is built, squash the new layers into a new image with a single + new layer. Squashing does not destroy any existing image, rather it creates a new + image with the content of the squshed layers. This effectively makes it look + like all `Dockerfile` commands were created with a single layer. The build + cache is preserved with this method. + + **Note**: using this option means the new image will not be able to take + advantage of layer sharing with other images and may use significantly more + space. + + **Note**: using this option you may see significantly more space used due to + storing two copies of the image, one for the build cache with all the cache + layers in tact, and one for the squashed version. + **--build-arg**=*variable* name and value of a **buildarg**. From ec318edf12f9eae2fa9ed3efcae04ae031ad2b8b Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 28 Oct 2016 11:48:25 -0700 Subject: [PATCH 1931/2538] Add StatsFormat to the config.json file As for `ps`, `images`, `network ls` and `volume ls`, this makes it possible to define a custom default format. Signed-off-by: Vincent Demeester --- docs/reference/commandline/cli.md | 34 +++++++++++++++++++------------ 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 34001ae044..8cb6139f3a 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -123,6 +123,26 @@ falls back to the default table format. For a list of supported formatting directives, see the [**Formatting** section in the `docker ps` documentation](ps.md) +The property `imagesFormat` specifies the default format for `docker images` output. +When the `--format` flag is not provided with the `docker images` command, +Docker's client uses this property. If this property is not set, the client +falls back to the default table format. For a list of supported formatting +directives, see the [**Formatting** section in the `docker images` documentation](images.md) + +The property `serviceInspectFormat` specifies the default format for `docker +service inspect` output. When the `--format` flag is not provided with the +`docker service inspect` command, Docker's client uses this property. If this +property is not set, the client falls back to the default json format. For a +list of supported formatting directives, see the +[**Formatting** section in the `docker service inspect` documentation](service_inspect.md) + +The property `statsFormat` specifies the default format for `docker +stats` output. When the `--format` flag is not provided with the +`docker stats` command, Docker's client uses this property. If this +property is not set, the client falls back to the default table +format. For a list of supported formatting directives, see +[**Formatting** section in the `docker stats` documentation](stats.md) + Once attached to a container, users detach from it and leave it running using the using `CTRL-p CTRL-q` key sequence. This detach key sequence is customizable using the `detachKeys` property. Specify a `` value for the @@ -141,19 +161,6 @@ Users can override your custom or the default key sequence on a per-container basis. To do this, the user specifies the `--detach-keys` flag with the `docker attach`, `docker exec`, `docker run` or `docker start` command. -The property `imagesFormat` specifies the default format for `docker images` output. -When the `--format` flag is not provided with the `docker images` command, -Docker's client uses this property. If this property is not set, the client -falls back to the default table format. For a list of supported formatting -directives, see the [**Formatting** section in the `docker images` documentation](images.md) - -The property `serviceInspectFormat` specifies the default format for `docker -service inspect` output. When the `--format` flag is not provided with the -`docker service inspect` command, Docker's client uses this property. If this -property is not set, the client falls back to the default json format. For a -list of supported formatting directives, see the -[**Formatting** section in the `docker service inspect` documentation](service_inspect.md) - Following is a sample `config.json` file: {% raw %} @@ -163,6 +170,7 @@ Following is a sample `config.json` file: }, "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}", "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", + "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}", "serviceInspectFormat": "pretty", "detachKeys": "ctrl-e,e" } From 8cb80e77d18d9ff3418e024049c4f44488979376 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 2 Nov 2016 03:11:38 +0800 Subject: [PATCH 1932/2538] Remove some redundant consts Signed-off-by: yuexiao-wang --- docs/reference/commandline/swarm_init.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 4c15aafb92..eb021fbe7b 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -25,7 +25,7 @@ Options: --cert-expiry duration Validity period for node certificates (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --external-ca value Specifications of one or more certificate signing endpoints - --force-new-cluster Force create a new cluster from current state. + --force-new-cluster Force create a new cluster from current state --help Print usage --listen-addr value Listen address (format: [:port]) --task-history-limit int Task history retention limit (default 5) From 94bc15016e79758d4f9210eb6078c47c8ff91b6f Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Fri, 28 Oct 2016 10:28:39 -0700 Subject: [PATCH 1933/2538] Add metrics docs to cli reference Fixes #27843 Signed-off-by: Michael Crosby --- docs/reference/commandline/dockerd.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index f7bde37c15..8522a0624c 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -68,6 +68,7 @@ Options: --log-opt value Default log driver options for containers (default map[]) --max-concurrent-downloads int Set the max concurrent downloads for each pull (default 3) --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) + --metrics-addr string Set address and port to serve the metrics api (default "") --mtu int Set the containers network MTU --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") @@ -1089,6 +1090,31 @@ This setting can also be set per container, using the `--cgroup-parent` option on `docker create` and `docker run`, and takes precedence over the `--cgroup-parent` option on the daemon. +## Daemon Metrics + +The `--metrics-addr` option takes a tcp address to serve the metrics API. +This feature is still experimental, therefore, the daemon must be running in experimental +mode for this feature to work. + +To serve the metrics API on localhost:1337 you would specify `--metrics-addr 127.0.0.1:1337` +allowing you to make requests on the API at `127.0.0.1:1337/metrics` to receive metrics in the +[prometheus](https://prometheus.io/docs/instrumenting/exposition_formats/) format. + +If you are running a prometheus server you can add this address to your scrape configs +to have prometheus collect metrics on Docker. For more information +on prometheus you can view the website [here](https://prometheus.io/). + +```yml +scrape_configs: + - job_name: 'docker' + static_configs: + - targets: ['127.0.0.1:1337'] +``` + +Please note that this feature is still marked as experimental as metrics and metric +names could change while this feature is still in experimental. Please provide +feedback on what you would like to see collected in the API. + ## Daemon configuration file The `--config-file` option allows you to set any configuration option From 6cf22343776e804e350b9cd271bc40859a8c1465 Mon Sep 17 00:00:00 2001 From: allencloud Date: Wed, 2 Nov 2016 17:22:04 +0800 Subject: [PATCH 1934/2538] node rm can be applied on not only active node Signed-off-by: allencloud --- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/node_rm.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 06997ffadd..33dbdb265e 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -818,7 +818,7 @@ __docker_node_subcommand() { (rm|remove) _arguments $(__docker_arguments) \ $opts_help \ - "($help)--force[Force remove an active node]" \ + "($help)--force[Force remove a node from the swarm]" \ "($help -)*:node:__docker_complete_pending_nodes" && ret=0 ;; (demote) diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index 7cb512def4..c3046dbceb 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -24,7 +24,7 @@ Aliases: rm, remove Options: - --force Force remove an active node + --force Force remove a node from the swarm --help Print usage ``` From 1814d5121e2343eb8f9831855906816167bfff13 Mon Sep 17 00:00:00 2001 From: Gaetan de Villele Date: Wed, 2 Nov 2016 14:23:27 -0700 Subject: [PATCH 1935/2538] fix frontmatter in reference md files Signed-off-by: Gaetan de Villele --- docs/reference/commandline/node_ps.md | 2 +- docs/reference/commandline/service_ps.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 1327cc69e5..0c54c9cfb0 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -1,7 +1,7 @@ --- title: "node ps" description: "The node ps command description and usage" -keywords: ["node, tasks", "ps"] +keywords: node, tasks, ps aliases: ["/engine/reference/commandline/node_tasks/"] --- diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index f4cba82793..d1d14633ed 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -1,7 +1,7 @@ --- title: "service ps" description: "The service ps command description and usage" -keywords: ["service, tasks", "ps"] +keywords: service, tasks, ps aliases: ["/engine/reference/commandline/service_tasks/"] --- From ef09aafc3e44b709d2c4bf01ea7c739856535f88 Mon Sep 17 00:00:00 2001 From: allencloud Date: Wed, 2 Nov 2016 15:53:18 +0800 Subject: [PATCH 1936/2538] add replicated in service scale command description Signed-off-by: allencloud --- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/service_scale.md | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 33dbdb265e..be3c854b78 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1075,7 +1075,7 @@ __docker_service_commands() { "inspect:Display detailed information on one or more services" "ls:List services" "rm:Remove one or more services" - "scale:Scale one or multiple services" + "scale:Scale one or multiple replicated services" "ps:List the tasks of a service" "update:Update a service" ) diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index 3b71ce3ae2..68dfa68c91 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -18,7 +18,7 @@ keywords: ["service, scale"] ```markdown Usage: docker service scale SERVICE=REPLICAS [SERVICE=REPLICAS...] -Scale one or multiple services +Scale one or multiple replicated services Options: --help Print usage @@ -28,8 +28,9 @@ Options: ### Scale a service -The scale command enables you to scale one or more services either up or down to -the desired number of replicas. The command will return immediately, but the +The scale command enables you to scale one or more replicated services either up +or down to the desired number of replicas. This command cannot be applied on +services which are global mode. The command will return immediately, but the actual scaling of the service may take some time. To stop all replicas of a service while keeping the service active in the swarm you can set the scale to 0. @@ -40,6 +41,15 @@ $ docker service scale frontend=50 frontend scaled to 50 ``` +The following command tries to scale a global service to 10 tasks and returns an error. + +``` +$ docker service create --mode global --name backend backend:latest +b4g08uwuairexjub6ome6usqh +$ docker service scale backend=10 +backend: scale can only be used with replicated mode +``` + Directly afterwards, run `docker service ls`, to see the actual number of replicas. From 8da2e039e5e3fceec2867408f9eaad2556949b37 Mon Sep 17 00:00:00 2001 From: John Howard Date: Tue, 25 Oct 2016 09:48:53 -0700 Subject: [PATCH 1937/2538] Redirect powershell completion Signed-off-by: John Howard --- .../completion/powershell/posh-docker.psm1 | 179 ------------------ contrib/completion/powershell/readme.txt | 1 + 2 files changed, 1 insertion(+), 179 deletions(-) delete mode 100644 contrib/completion/powershell/posh-docker.psm1 create mode 100644 contrib/completion/powershell/readme.txt diff --git a/contrib/completion/powershell/posh-docker.psm1 b/contrib/completion/powershell/posh-docker.psm1 deleted file mode 100644 index c0d6cc6b22..0000000000 --- a/contrib/completion/powershell/posh-docker.psm1 +++ /dev/null @@ -1,179 +0,0 @@ -# Powershell completion for docker - -### Prerequisite -# Docker.exe needs to be in your PATH. -# If the command is not found, you will need to add a docker alias or add the docker installation folder (e.g. `%ProgramFiles%\Docker Toolbox`) to your PATH environment variable. - -### Installation (Latest stable) -# Windows 10 / Windows Server 2016: -# 1. Open a powershell prompt -# 2. Run `Install-Module -Scope CurrentUser posh-docker` -# -# Earlier Windows versions: -# 1. Install [PackageManagement PowerShell Modules Preview](https://www.microsoft.com/en-us/download/details.aspx?id=49186) -# 2. Open a powershell prompt -# 3. Run `Install-Module -Scope CurrentUser posh-docker` - -### Installation (From source) -# Copy this file to the %userprofile%\Documents\WindowsPowerShell\Modules\posh-docker directory (create directories as needed) - -### Usage -# After installation, execute the following line to enable autocompletion for the current powershell session: -# -# Import-Module posh-docker -# -# To make it persistent, add the above line to your profile. For example, run `notepad $PROFILE` and insert the line above. - -$global:DockerCompletion = @{} - -$script:flagRegex = "^ (-[^, =]+),? ?(--[^= ]+)?" - -function script:Get-Containers($filter) -{ - if ($filter -eq $null) - { - docker ps -a --no-trunc --format "{{.Names}}" - } else { - docker ps -a --no-trunc --format "{{.Names}}" --filter $filter - } -} - -function script:Get-AutoCompleteResult -{ - param([Parameter(ValueFromPipeline=$true)] $value) - - Process - { - New-Object System.Management.Automation.CompletionResult $value - } -} - -filter script:MatchingCommand($commandName) -{ - if ($_.StartsWith($commandName)) - { - $_ - } -} - -$completion_Docker = { - param($commandName, $commandAst, $cursorPosition) - - $command = $null - $commandParameters = @{} - $state = "Unknown" - $wordToComplete = $commandAst.CommandElements | Where-Object { $_.ToString() -eq $commandName } | Foreach-Object { $commandAst.CommandElements.IndexOf($_) } - - for ($i=1; $i -lt $commandAst.CommandElements.Count; $i++) - { - $p = $commandAst.CommandElements[$i].ToString() - - if ($p.StartsWith("-")) - { - if ($state -eq "Unknown" -or $state -eq "Options") - { - $commandParameters[$i] = "Option" - $state = "Options" - } - else - { - $commandParameters[$i] = "CommandOption" - $state = "CommandOptions" - } - } - else - { - if ($state -ne "CommandOptions") - { - $commandParameters[$i] = "Command" - $command = $p - $state = "CommandOptions" - } - else - { - $commandParameters[$i] = "CommandOther" - } - } - } - - if ($global:DockerCompletion.Count -eq 0) - { - $global:DockerCompletion["commands"] = @{} - $global:DockerCompletion["options"] = @() - - docker --help | ForEach-Object { - Write-Output $_ - if ($_ -match "^ (\w+)\s+(.+)") - { - $global:DockerCompletion["commands"][$Matches[1]] = @{} - - $currentCommand = $global:DockerCompletion["commands"][$Matches[1]] - $currentCommand["options"] = @() - } - elseif ($_ -match $flagRegex) - { - $global:DockerCompletion["options"] += $Matches[1] - if ($Matches[2] -ne $null) - { - $global:DockerCompletion["options"] += $Matches[2] - } - } - } - - } - - if ($wordToComplete -eq $null) - { - $commandToComplete = "Command" - if ($commandParameters.Count -gt 0) - { - if ($commandParameters[$commandParameters.Count] -eq "Command") - { - $commandToComplete = "CommandOther" - } - } - } else { - $commandToComplete = $commandParameters[$wordToComplete] - } - - switch ($commandToComplete) - { - "Command" { $global:DockerCompletion["commands"].Keys | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult } - "Option" { $global:DockerCompletion["options"] | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult } - "CommandOption" { - $options = $global:DockerCompletion["commands"][$command]["options"] - if ($options.Count -eq 0) - { - docker $command --help | % { - if ($_ -match $flagRegex) - { - $options += $Matches[1] - if ($Matches[2] -ne $null) - { - $options += $Matches[2] - } - } - } - } - - $global:DockerCompletion["commands"][$command]["options"] = $options - $options | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult - } - "CommandOther" { - $filter = $null - switch ($command) - { - "start" { $filter = "status=exited" } - "stop" { $filter = "status=running" } - } - Get-Containers $filter | MatchingCommand -Command $commandName | Sort-Object | Get-AutoCompleteResult - } - default { $global:DockerCompletion["commands"].Keys | MatchingCommand -Command $commandName } - } -} - -# Register the TabExpension2 function -if (-not $global:options) { $global:options = @{CustomArgumentCompleters = @{};NativeArgumentCompleters = @{}}} -$global:options['NativeArgumentCompleters']['docker'] = $Completion_Docker - -$function:tabexpansion2 = $function:tabexpansion2 -replace 'End\r\n{','End { if ($null -ne $options) { $options += $global:options} else {$options = $global:options}' \ No newline at end of file diff --git a/contrib/completion/powershell/readme.txt b/contrib/completion/powershell/readme.txt new file mode 100644 index 0000000000..18e1b53c13 --- /dev/null +++ b/contrib/completion/powershell/readme.txt @@ -0,0 +1 @@ +See https://github.com/samneirinck/posh-docker \ No newline at end of file From d74d024775f706893e975fa7e67931d751880a9a Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 2 Nov 2016 17:46:02 +0800 Subject: [PATCH 1938/2538] Add stack service and fix typos Signed-off-by: yuexiao-wang --- docs/reference/commandline/attach.md | 9 ++++----- docs/reference/commandline/stack_ls.md | 1 + 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 3ce0b3b4c3..25cdfe5f9b 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -27,11 +27,10 @@ Options: --sig-proxy Proxy all received signals to the process (default true) ``` -The `docker attach` command allows you to attach to a running container using -the container's ID or name, either to view its ongoing output or to control it -interactively. You can attach to the same contained process multiple times -simultaneously, screen sharing style, or quickly view the progress of your -detached process. +Use `docker attach` to attach to a running container using the container's ID +or name, either to view its ongoing output or to control it interactively. +You can attach to the same contained process multiple times simultaneously, +screen sharing style, or quickly view the progress of your detached process. To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the container. If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md index 156a5f5dd9..e9877ca4ec 100644 --- a/docs/reference/commandline/stack_ls.md +++ b/docs/reference/commandline/stack_ls.md @@ -40,3 +40,4 @@ myapp 2 * [stack deploy](stack_deploy.md) * [stack rm](stack_rm.md) * [stack ps](stack_ps.md) +* [stack services](stack_services.md) From 0e7bbb55c8024cd6cdec9ef5eb9a8483536f0058 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 25 Oct 2016 03:26:54 +0000 Subject: [PATCH 1939/2538] cli: add `--mount` to `docker run` Signed-off-by: Akihiro Suda --- contrib/completion/bash/docker | 1 + contrib/completion/fish/docker.fish | 2 ++ contrib/completion/zsh/_docker | 3 ++- docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 16 ++++++++++++++++ docs/reference/commandline/service_create.md | 2 +- man/docker-create.1.md | 1 + man/docker-run.1.md | 1 + 8 files changed, 25 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ebd108d7c1..973684a82f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1268,6 +1268,7 @@ _docker_container_run() { --memory-swap --memory-swappiness --memory-reservation + --mount --name --network --network-alias diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index e72fb4e012..80741042dc 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -137,6 +137,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mount -d 'Attach a filesystem mount to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' @@ -328,6 +329,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add li complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mount -d 'Attach a filesystem mount to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index be3c854b78..1e1e211de9 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1101,7 +1101,7 @@ __docker_service_subcommand() { "($help)--limit-memory=[Limit Memory]:value: " "($help)--log-driver=[Logging driver for service]:logging driver:__docker_log_drivers" "($help)*--log-opt=[Logging driver options]:log driver options:__docker_log_options" - "($help)*--mount=[Attach a mount to the service]:mount: " + "($help)*--mount=[Attach a filesystem mount to the service]:mount: " "($help)*--network=[Network attachments]:network: " "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: " @@ -1481,6 +1481,7 @@ __docker_subcommand() { "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_log_drivers" "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" "($help)--mac-address=[Container MAC address]:MAC address: " + "($help)*--mount=[Attach a filesystem mount to the container]:mount: " "($help)--name=[Container name]:name: " "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" "($help)*--network-alias=[Add network-scoped alias for the container]:alias: " diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 784b4940e1..e621efeb1f 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -78,6 +78,7 @@ Options: --memory-reservation string Memory soft limit --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) + --mount value Attach a filesytem mount to the container (default []) --name string Assign a name to the container --network-alias value Add network-scoped alias for the container (default []) --network string Connect a container to a network (default "default") diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index ec6a412009..49009b94b3 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -84,6 +84,7 @@ Options: --memory-reservation string Memory soft limit --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) + --mount value Attach a filesystem mount to the container (default []) --name string Assign a name to the container --network-alias value Add network-scoped alias for the container (default []) --network string Connect a container to a network @@ -255,6 +256,21 @@ Docker daemon. For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/) +### Add bin-mounts or volumes using the --mounts flag + +The `--mounts` flag allows you to mount volumes, host-directories and `tmpfs` +mounts in a container. + +The `--mount` flag supports most options that are supported by the `-v` or the +`--volume` flag, but uses a different syntax. For in-depth information on the +`--mount` flag, and a comparison between `--volume` and `--mount`, refer to +the [service create command reference](service_create.md#add-bind-mounts-or-volumes). + +Examples: + + $ docker run --read-only --mount type=volume,target=/icanwrite busybox touch /icanwrite/here + $ docker run -t -i --mount type=bind,src=/data,dst=/data busybox sh + ### Publish or expose port (-p, --expose) $ docker run -p 127.0.0.1:80:8080 ubuntu bash diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 3406ad68a0..b16f4c654f 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -38,7 +38,7 @@ Options: --log-driver string Logging driver for service --log-opt value Logging driver options (default []) --mode string Service mode (replicated or global) (default "replicated") - --mount value Attach a mount to the service + --mount value Attach a filesystem mount to the service --name string Service name --network value Network attachments (default []) --no-healthcheck Disable any container-specified HEALTHCHECK diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 21cbd9f9d6..fd19ee45c6 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -53,6 +53,7 @@ docker-create - Create a new container [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] +[**--mount**[=*MOUNT*]] [**--name**[=*NAME*]] [**--network-alias**[=*[]*]] [**--network**[=*"bridge"*]] diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 0a46f29110..d430ff58a5 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -55,6 +55,7 @@ docker-run - Run a command in a new container [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] +[**--mount**[=*MOUNT*]] [**--name**[=*NAME*]] [**--network-alias**[=*[]*]] [**--network**[=*"bridge"*]] From 194bb052dc1ff6c058b24220f948874e1ae1a62f Mon Sep 17 00:00:00 2001 From: Drew Erny Date: Mon, 24 Oct 2016 16:11:25 -0700 Subject: [PATCH 1940/2538] added node ip autodetection Manager now auto-detects the address that an agent connects to the cluster from and stores it. This is useful for many kinds of internal cluster management tools. Signed-off-by: Drew Erny --- docs/reference/commandline/node_inspect.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index f5e644073a..752951c6f5 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -88,7 +88,8 @@ Example output: } }, "Status": { - "State": "ready" + "State": "ready", + "Addr": "168.0.32.137" }, "ManagerStatus": { "Leader": true, @@ -110,6 +111,7 @@ Example output: Status: State: Ready Availability: Active + Address: 172.17.0.2 Manager Status: Address: 172.17.0.2:2377 Raft Status: Reachable From af5af201febad5e69323325b7f63d9a8c36c1aab Mon Sep 17 00:00:00 2001 From: yupeng Date: Thu, 3 Nov 2016 15:47:58 +0800 Subject: [PATCH 1941/2538] Add for String Signed-off-by: yupeng --- contrib/completion/fish/docker.fish | 2 +- docs/reference/commandline/cli.md | 2 +- docs/reference/commandline/dockerd.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 80741042dc..9e47696fb5 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -65,7 +65,7 @@ complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-forward -d 'Enable complete -c docker -f -n '__fish_docker_no_subcommand' -l ip-masq -d "Enable IP masquerading for bridge's IP range" complete -c docker -f -n '__fish_docker_no_subcommand' -l iptables -d "Enable Docker's addition of iptables rules" complete -c docker -f -n '__fish_docker_no_subcommand' -l ipv6 -d 'Enable IPv6 networking' -complete -c docker -f -n '__fish_docker_no_subcommand' -s l -l log-level -d 'Set the logging level (debug, info, warn, error, fatal)' +complete -c docker -f -n '__fish_docker_no_subcommand' -s l -l log-level -d 'Set the logging level ("debug", "info", "warn", "error", "fatal")' complete -c docker -f -n '__fish_docker_no_subcommand' -l label -d 'Set key=value labels to the daemon (displayed in `docker info`)' complete -c docker -f -n '__fish_docker_no_subcommand' -l mtu -d 'Set the containers network MTU' complete -c docker -f -n '__fish_docker_no_subcommand' -s p -l pidfile -d 'Path to use for daemon PID file' diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 8cb6139f3a..9ca919892c 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -31,7 +31,7 @@ Options: -D, --debug Enable debug mode --help Print usage -H, --host value Daemon socket(s) to connect to (default []) - -l, --log-level string Set the logging level (debug, info, warn, error, fatal) (default "info") + -l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 8522a0624c..31cff29f17 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -64,7 +64,7 @@ Options: --label value Set key=value labels to the daemon (default []) --live-restore Enable live restore of docker when containers are still running --log-driver string Default driver for container logs (default "json-file") - -l, --log-level string Set the logging level (debug, info, warn, error, fatal) (default "info") + -l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info") --log-opt value Default log driver options for containers (default map[]) --max-concurrent-downloads int Set the max concurrent downloads for each pull (default 3) --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) From 4126b5526c194ba443b2ad80cf50e8e09c9b6f1d Mon Sep 17 00:00:00 2001 From: Gaetan de Villele Date: Thu, 3 Nov 2016 14:21:33 -0700 Subject: [PATCH 1942/2538] fix frontmatter keywords value type (string, instead of []string) Signed-off-by: Gaetan de Villele --- docs/deprecated.md | 2 +- docs/extend/index.md | 3 +-- docs/extend/legacy_plugins.md | 2 +- docs/extend/manifest.md | 2 +- docs/extend/plugin_api.md | 2 +- docs/extend/plugins_authorization.md | 2 +- docs/extend/plugins_network.md | 2 +- docs/extend/plugins_volume.md | 2 +- 8 files changed, 8 insertions(+), 9 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index cd076dd8ec..90a8909c11 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -2,7 +2,7 @@ aliases: ["/engine/misc/deprecated/"] title: "Deprecated Engine Features" description: "Deprecated Features." -keywords: ["docker, documentation, about, technology, deprecate"] +keywords: "docker, documentation, about, technology, deprecate" --- 31f630c65071 - Step 2 : MAINTAINER SvenDowideit@home.org.au + Step 2/4 : MAINTAINER SvenDowideit@home.org.au ---> Using cache ---> 2a1c91448f5f - Step 3 : RUN apk update && apk add socat && rm -r /var/cache/ + Step 3/4 : RUN apk update && apk add socat && rm -r /var/cache/ ---> Using cache ---> 21ed6e7fbb73 - Step 4 : CMD env | grep _TCP= | (sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' && echo wait) | sh + Step 4/4 : CMD env | grep _TCP= | (sed 's/.*_PORT_\([0-9]*\)_TCP=tcp:\/\/\(.*\):\(.*\)/socat -t 100000000 TCP4-LISTEN:\1,fork,reuseaddr TCP4:\2:\3 \&/' && echo wait) | sh ---> Using cache ---> 7ea8aef582cc Successfully built 7ea8aef582cc diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index beca9fa61a..e96ebe5e10 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -174,9 +174,9 @@ $ docker build -t fail . Sending build context to Docker daemon 2.048 kB Sending build context to Docker daemon -Step 1 : FROM busybox +Step 1/3 : FROM busybox ---> 4986bf8c1536 -Step 2 : RUN exit 13 +Step 2/3 : RUN exit 13 ---> Running in e26670ec7a0a INFO[0000] The command [/bin/sh -c exit 13] returned a non-zero code: 13 $ echo $? @@ -195,10 +195,10 @@ See also: $ docker build . Uploading context 10240 bytes -Step 1 : FROM busybox +Step 1/3 : FROM busybox Pulling repository busybox ---> e9aa60c60128MB/2.284 MB (100%) endpoint: https://cdn-registry-1.docker.io/v1/ -Step 2 : RUN ls -lh / +Step 2/3 : RUN ls -lh / ---> Running in 9c9e81692ae9 total 24 drwxr-xr-x 2 root root 4.0K Mar 12 2013 bin @@ -212,7 +212,7 @@ dr-xr-xr-x 13 root root 0 Nov 15 23:34 sys drwxr-xr-x 2 root root 4.0K Mar 12 2013 tmp drwxr-xr-x 2 root root 4.0K Nov 15 23:34 usr ---> b35f4035db3f -Step 3 : CMD echo Hello world +Step 3/3 : CMD echo Hello world ---> Running in 02071fceb21b ---> f52f38b7823e Successfully built f52f38b7823e @@ -248,12 +248,12 @@ specify an arbitrary Git repository by using the `git://` or `git@` scheme. $ docker build -f ctx/Dockerfile http://server/ctx.tar.gz Downloading context: http://server/ctx.tar.gz [===================>] 240 B/240 B -Step 1 : FROM busybox +Step 1/3 : FROM busybox ---> 8c2e06607696 -Step 2 : ADD ctx/container.cfg / +Step 2/3 : ADD ctx/container.cfg / ---> e7829950cee3 Removing intermediate container b35224abf821 -Step 3 : CMD /bin/ls +Step 3/3 : CMD /bin/ls ---> Running in fbc63d321d73 ---> 3286931702ad Removing intermediate container fbc63d321d73 @@ -293,9 +293,9 @@ $ docker build . Uploading context 18.829 MB Uploading context -Step 1 : FROM busybox +Step 1/2 : FROM busybox ---> 769b9341d937 -Step 2 : CMD echo Hello world +Step 2/2 : CMD echo Hello world ---> Using cache ---> 99cc1ad10469 Successfully built 99cc1ad10469 @@ -303,9 +303,9 @@ $ echo ".git" > .dockerignore $ docker build . Uploading context 6.76 MB Uploading context -Step 1 : FROM busybox +Step 1/2 : FROM busybox ---> 769b9341d937 -Step 2 : CMD echo Hello world +Step 2/2 : CMD echo Hello world ---> Using cache ---> 99cc1ad10469 Successfully built 99cc1ad10469 From 2bf6e4c76989220079aee258d7be6165fc932c59 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 5 Nov 2016 11:22:47 -0700 Subject: [PATCH 1953/2538] Fix bash completion for `docker inspect --type` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f262559801..58595be2aa 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2184,9 +2184,11 @@ _docker_info() { } _docker_inspect() { + local preselected_type local type if [ "$1" = "--type" ] ; then + preselected_type=yes type="$2" else type=$(__docker_value_of_option --type) @@ -2197,17 +2199,17 @@ _docker_inspect() { return ;; --type) - if [ -z "$type" ] ; then + if [ -z "$preselected_type" ] ; then COMPREPLY=( $( compgen -W "image container" -- "$cur" ) ) + return fi - return ;; esac case "$cur" in -*) local options="--format -f --help --size -s" - if [ -z "$type" ] ; then + if [ -z "$preselected_type" ] ; then options+=" --type" fi COMPREPLY=( $( compgen -W "$options" -- "$cur" ) ) From 8b4362795cfead306f5627a03d0ec42c1225ad70 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 5 Nov 2016 10:19:00 -0700 Subject: [PATCH 1954/2538] Add bash completion for new prune commands Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 39 ++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 58595be2aa..10cf2de54a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1162,9 +1162,12 @@ _docker_container_port() { esac } -# TODO new command _docker_container_prune() { - : + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) + ;; + esac } _docker_container_ps() { @@ -2070,9 +2073,12 @@ _docker_image_ls() { esac } -# TODO new command _docker_image_prune() { - : + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--all -a --force -f --help" -- "$cur" ) ) + ;; + esac } _docker_image_pull() { @@ -2406,6 +2412,14 @@ _docker_network_ls() { esac } +_docker_network_prune() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) + ;; + esac +} + _docker_network_rm() { case "$cur" in -*) @@ -2423,6 +2437,7 @@ _docker_network() { disconnect inspect ls + prune rm " __docker_subcommands "$subcommands" && return @@ -3211,9 +3226,12 @@ _docker_system_info() { esac } -# TODO new command _docker_system_prune() { - : + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--all -a --force -f --help" -- "$cur" ) ) + ;; + esac } @@ -3311,6 +3329,14 @@ _docker_volume_ls() { esac } +_docker_volume_prune() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) + ;; + esac +} + _docker_volume_rm() { case "$cur" in -*) @@ -3327,6 +3353,7 @@ _docker_volume() { create inspect ls + prune rm " __docker_subcommands "$subcommands" && return From fcf085a9f561207025ee27440eb06ac5c54e4b44 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 5 Nov 2016 10:12:35 -0700 Subject: [PATCH 1955/2538] Add bash completion for `docker system df` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 10cf2de54a..9ce3f76233 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3117,9 +3117,12 @@ _docker_system() { esac } -# TODO new command _docker_system_df() { - : + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --verbose -v" -- "$cur" ) ) + ;; + esac } _docker_system_events() { From 11943698872a9c0ee5e054ada2e3df3a825b481f Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 5 Nov 2016 09:59:55 -0700 Subject: [PATCH 1956/2538] Add bash completion for `docker {run,create} --cpus` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9ce3f76233..2fe4c814c9 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1239,6 +1239,7 @@ _docker_container_run() { --cpu-rt-period --cpu-rt-runtime --cpuset-cpus + --cpus --cpuset-mems --cpu-shares -c --device From 55d4ce14dd662a7b3cdaaa40d1eb3f79c32babd2 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Fri, 4 Nov 2016 13:04:20 +0800 Subject: [PATCH 1957/2538] Rectify Images display information for docker 1.10.3 Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/info.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 7a5833d7c2..10f98e648e 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -111,7 +111,7 @@ information about the devicemapper storage driver is shown: Running: 3 Paused: 1 Stopped: 10 - Untagged Images: 52 + Images: 52 Server Version: 1.10.3 Storage Driver: devicemapper Pool Name: docker-202:2-25583803-pool From b7c6c84fdd66ddca4538bee6bf8b9439c85ae28d Mon Sep 17 00:00:00 2001 From: Josh Horwitz Date: Thu, 3 Nov 2016 09:58:45 -0400 Subject: [PATCH 1958/2538] Add -a option to service/node ps Signed-off-by: Josh Horwitz --- docs/reference/commandline/node_ps.md | 2 +- docs/reference/commandline/service_ps.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 0c54c9cfb0..7a4054bebe 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -22,7 +22,7 @@ Usage: docker node ps [OPTIONS] [NODE...] List tasks running on one or more nodes, defaults to current node. Options: - -a, --all Display all instances + -a, --all Show all tasks (default shows tasks that are or will be running) -f, --filter value Filter output based on conditions provided --help Print usage --no-resolve Do not map IDs to Names diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 87c06cd762..b12c5a4add 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -22,6 +22,7 @@ Usage: docker service ps [OPTIONS] SERVICE List the tasks of a service Options: + -a, --all Show all tasks (default shows tasks that are or will be running) -f, --filter filter Filter output based on conditions provided --help Print usage --no-resolve Do not map IDs to Names From 5ad8af8fd19abe5a6886ea39344d2f18f6a88eff Mon Sep 17 00:00:00 2001 From: Alicia Lauerman Date: Thu, 3 Nov 2016 14:20:53 -0400 Subject: [PATCH 1959/2538] remove COMMAND column from service ls output. closes #27994 Signed-off-by: Alicia Lauerman --- docs/reference/commandline/service_create.md | 6 +++--- docs/reference/commandline/service_inspect.md | 2 +- docs/reference/commandline/service_ls.md | 10 +++++----- docs/reference/commandline/service_rm.md | 2 +- docs/reference/commandline/service_scale.md | 8 ++++---- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 0ebbdac6bb..f5f203d5cc 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -74,7 +74,7 @@ $ docker service create --name redis redis:3.0.6 dmu1ept4cxcfe8k8lhtux3ro3 $ docker service ls -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE dmu1ept4cxcf redis 1/1 redis:3.0.6 ``` @@ -98,7 +98,7 @@ number of `RUNNING` tasks is `3`: ```bash $ docker service ls -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE 4cdgfyky7ozw redis 3/5 redis:3.0.7 ``` @@ -107,7 +107,7 @@ equal to the desired number: ```bash $ docker service ls -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE 4cdgfyky7ozw redis 5/5 redis:3.0.7 ``` diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index cf74f4f57d..7eca7d0ebe 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -46,7 +46,7 @@ For example, given the following service; ```bash $ docker service ls -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE dmu1ept4cxcf redis 3/3 redis:3.0.6 ``` diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index bcdafc91c6..9986020ba8 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -34,7 +34,7 @@ swarm. On a manager node: ```bash -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE c8wgl7q4ndfd frontend 5/5 nginx:alpine dmu1ept4cxcf redis 3/3 redis:3.0.6 ``` @@ -60,7 +60,7 @@ The `id` filter matches all or part of a service's id. ```bash $ docker service ls -f "id=0bcjw" -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE 0bcjwfh8ychr redis 1/1 redis:3.0.6 ``` @@ -74,7 +74,7 @@ its value: ```bash $ docker service ls --filter label=project -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE 01sl1rp6nj5u frontend2 1/1 nginx:alpine 36xvvwwauej0 frontend 5/5 nginx:alpine 74nzcxxjv6fq backend 3/3 redis:3.0.6 @@ -85,7 +85,7 @@ The following filter matches only services with the `project` label with the ```bash $ docker service ls --filter label=project=project-a -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE 36xvvwwauej0 frontend 5/5 nginx:alpine 74nzcxxjv6fq backend 3/3 redis:3.0.6 ``` @@ -99,7 +99,7 @@ The following filter matches services with a name containing `redis`. ```bash $ docker service ls --filter name=redis -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE 0bcjwfh8ychr redis 1/1 redis:3.0.6 ``` diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index 363b0e3e5b..ccaef09860 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -36,7 +36,7 @@ For example, to remove the redis service: $ docker service rm redis redis $ docker service ls -ID NAME SCALE IMAGE COMMAND +ID NAME SCALE IMAGE ``` > **Warning**: Unlike `docker rm`, this command does not ask for confirmation diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index 4440140363..783d8f3400 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -28,8 +28,8 @@ Options: ### Scale a service -The scale command enables you to scale one or more replicated services either up -or down to the desired number of replicas. This command cannot be applied on +The scale command enables you to scale one or more replicated services either up +or down to the desired number of replicas. This command cannot be applied on services which are global mode. The command will return immediately, but the actual scaling of the service may take some time. To stop all replicas of a service while keeping the service active in the swarm you can set the scale to 0. @@ -56,7 +56,7 @@ replicas. ```bash $ docker service ls --filter name=frontend -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE 3pr5mlvu3fh9 frontend 15/50 nginx:alpine ``` @@ -80,7 +80,7 @@ backend scaled to 3 frontend scaled to 5 $ docker service ls -ID NAME REPLICAS IMAGE COMMAND +ID NAME REPLICAS IMAGE 3pr5mlvu3fh9 frontend 5/5 nginx:alpine 74nzcxxjv6fq backend 3/3 redis:3.0.6 ``` From 809dee7e20c65dad6be4fc68fde80b2fb23eaccf Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Mon, 31 Oct 2016 17:07:05 -0700 Subject: [PATCH 1960/2538] support env for docker plugin set Signed-off-by: Victor Vieux --- docs/reference/commandline/plugin_disable.md | 1 + docs/reference/commandline/plugin_enable.md | 1 + docs/reference/commandline/plugin_inspect.md | 1 + docs/reference/commandline/plugin_install.md | 1 + docs/reference/commandline/plugin_ls.md | 1 + docs/reference/commandline/plugin_rm.md | 1 + docs/reference/commandline/plugin_set.md | 51 ++++++++++++++++++++ 7 files changed, 57 insertions(+) create mode 100644 docs/reference/commandline/plugin_set.md diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index b08509363a..580d4b93d0 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -59,3 +59,4 @@ tiborvass/no-remove latest A test plugin for Docker false * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) * [plugin rm](plugin_rm.md) +* [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index f9635d9cec..edb2e0bf1f 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -59,3 +59,4 @@ tiborvass/no-remove latest A test plugin for Docker true * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) * [plugin rm](plugin_rm.md) +* [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 5aea7cce40..3fa55405a1 100755 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -159,3 +159,4 @@ $ docker plugin inspect -f '{{.Id}}' tiborvass/no-remove:latest * [plugin disable](plugin_disable.md) * [plugin install](plugin_install.md) * [plugin rm](plugin_rm.md) +* [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index ce0ac17dff..524b4d8d5c 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -64,3 +64,4 @@ tiborvass/no-remove latest A test plugin for Docker true * [plugin disable](plugin_disable.md) * [plugin inspect](plugin_inspect.md) * [plugin rm](plugin_rm.md) +* [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index baa0db7a53..12de328142 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -48,3 +48,4 @@ tiborvass/no-remove latest A test plugin for Docker true * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) * [plugin rm](plugin_rm.md) +* [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 57dbfc9af1..4a86bc5c2b 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -51,3 +51,4 @@ tiborvass/no-remove * [plugin disable](plugin_disable.md) * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) +* [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md new file mode 100644 index 0000000000..8c9eb74e1c --- /dev/null +++ b/docs/reference/commandline/plugin_set.md @@ -0,0 +1,51 @@ +--- +title: "plugin set" +description: "the plugin set command description and usage" +keywords: "plugin, set" +advisory: "experimental" +--- + + + +# plugin set (experimental) + +```markdown +Usage: docker plugin set PLUGIN key1=value1 [key2=value2...] + +Change settings for a plugin + +Options: + --help Print usage +``` + +Change settings for a plugin. The plugin must be disabled. + + +The following example installs change the env variable `DEBUG` of the +`no-remove` plugin. + +```bash +$ docker plugin inspect -f {{.Config.Env}} tiborvass/no-remove +[DEBUG=0] + +$ docker plugin set DEBUG=1 tiborvass/no-remove + +$ docker plugin inspect -f {{.Config.Env}} tiborvass/no-remove +[DEBUG=1] +``` + +## Related information + +* [plugin ls](plugin_ls.md) +* [plugin enable](plugin_enable.md) +* [plugin disable](plugin_disable.md) +* [plugin inspect](plugin_inspect.md) +* [plugin install](plugin_install.md) +* [plugin rm](plugin_rm.md) From 7443d74e2df7ddfd833bf1be4820762385eab2bf Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 4 Nov 2016 11:31:44 -0700 Subject: [PATCH 1961/2538] Add `--tty` to `docker service create/update` This fix tries to add `--tty` to `docker service create/update`. As was specified in 25644, `TTY` flag has been added to SwarmKit and is already vendored. This fix add `--tty` to `docker service create/update`. Related document has been updated. Additional integration tests has been added. This fix fixes 25644. Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 1 + docs/reference/commandline/service_update.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index f5f203d5cc..17bb27d71b 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -52,6 +52,7 @@ Options: --restart-max-attempts value Maximum number of restarts before giving up (default none) --restart-window value Window used to evaluate the restart policy (default none) --stop-grace-period value Time to wait before force killing a container (default none) + -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates --update-failure-action string Action on update failure (pause|continue) (default "pause") --update-max-failure-ratio value Failure rate to tolerate during an update diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index f938a9efc3..143e435157 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -58,6 +58,7 @@ Options: --restart-window value Window used to evaluate the restart policy (default none) --rollback Rollback to previous specification --stop-grace-period value Time to wait before force killing a container (default none) + -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates --update-failure-action string Action on update failure (pause|continue) (default "pause") --update-max-failure-ratio value Failure rate to tolerate during an update From 308b0edef881d8a0e4578a90821ca9d80a9d9e36 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 8 Nov 2016 09:13:23 +0100 Subject: [PATCH 1962/2538] Add bash completion for `docker service {create,update} --tty` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2fe4c814c9..11fe924d51 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2629,6 +2629,7 @@ _docker_service_update() { local boolean_options=" --help + --tty -t --with-registry-auth " From b5721467b264206e3c788de26c82a290e71c69c1 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 12:30:14 +0200 Subject: [PATCH 1963/2538] Rename containers complete function in zsh completion Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 80 +++++++++++++++++----------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1e1e211de9..ac1f7fa3f3 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -113,27 +113,27 @@ __docker_get_containers() { return ret } -__docker_stoppedcontainers() { +__docker_complete_stopped_containers() { [[ $PREFIX = -* ]] && return 1 __docker_get_containers stopped all "$@" } -__docker_runningcontainers() { +__docker_complete_running_containers() { [[ $PREFIX = -* ]] && return 1 __docker_get_containers running all "$@" } -__docker_containers() { +__docker_complete_containers() { [[ $PREFIX = -* ]] && return 1 __docker_get_containers all all "$@" } -__docker_containers_ids() { +__docker_complete_containers_ids() { [[ $PREFIX = -* ]] && return 1 __docker_get_containers all ids "$@" } -__docker_containers_names() { +__docker_complete_containers_names() { [[ $PREFIX = -* ]] && return 1 __docker_get_containers all names "$@" } @@ -295,7 +295,7 @@ __docker_complete_pid() { if compset -P '*:'; then case "${${words[-1]%:*}#*=}" in (container) - __docker_runningcontainers && ret=0 + __docker_complete_running_containers && ret=0 ;; *) _message 'value' && ret=0 @@ -330,20 +330,20 @@ __docker_complete_ps_filters() { __docker_images && ret=0 ;; (before|since) - __docker_containers && ret=0 + __docker_complete_containers && ret=0 ;; (health) health_opts=('healthy' 'none' 'starting' 'unhealthy') _describe -t health-filter-opts "health filter options" health_opts && ret=0 ;; (id) - __docker_containers_ids && ret=0 + __docker_complete_containers_ids && ret=0 ;; (is-task) _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0 ;; (name) - __docker_containers_names && ret=0 + __docker_complete_containers_names && ret=0 ;; (network) __docker_networks && ret=0 @@ -428,7 +428,7 @@ __docker_complete_events_filter() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in (container) - __docker_containers && ret=0 + __docker_complete_containers && ret=0 ;; (daemon) emulate -L zsh @@ -595,14 +595,14 @@ __docker_network_subcommand() { "($help)*--link=[Add a link to another container]:link:->link" \ "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " \ "($help -)1:network:__docker_networks" \ - "($help -)2:containers:__docker_containers" && ret=0 + "($help -)2:containers:__docker_complete_containers" && ret=0 case $state in (link) if compset -P "*:"; then _wanted alias expl "Alias" compadd -E "" && ret=0 else - __docker_runningcontainers -qS ":" && ret=0 + __docker_complete_running_containers -qS ":" && ret=0 fi ;; esac @@ -627,7 +627,7 @@ __docker_network_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -)1:network:__docker_networks" \ - "($help -)2:containers:__docker_containers" && ret=0 + "($help -)2:containers:__docker_complete_containers" && ret=0 ;; (inspect) _arguments $(__docker_arguments) \ @@ -1521,7 +1521,7 @@ __docker_subcommand() { $opts_attach_exec_run_start \ "($help)--no-stdin[Do not attach stdin]" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ - "($help -):containers:__docker_runningcontainers" && ret=0 + "($help -):containers:__docker_complete_running_containers" && ret=0 ;; (build) _arguments $(__docker_arguments) \ @@ -1547,7 +1547,7 @@ __docker_subcommand() { "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ "($help -m --message)"{-m=,--message=}"[Commit message]:message: " \ "($help -p --pause)"{-p,--pause}"[Pause container during commit]" \ - "($help -):container:__docker_containers" \ + "($help -):container:__docker_complete_containers" \ "($help -): :__docker_repositories_with_tags" && ret=0 ;; (cp) @@ -1561,7 +1561,7 @@ __docker_subcommand() { if compset -P "*:"; then _files && ret=0 else - __docker_containers -qS ":" && ret=0 + __docker_complete_containers -qS ":" && ret=0 fi ;; esac @@ -1582,7 +1582,7 @@ __docker_subcommand() { if compset -P "*:"; then _wanted alias expl "Alias" compadd -E "" && ret=0 else - __docker_runningcontainers -qS ":" && ret=0 + __docker_complete_running_containers -qS ":" && ret=0 fi ;; esac @@ -1680,7 +1680,7 @@ __docker_subcommand() { (diff) _arguments $(__docker_arguments) \ $opts_help \ - "($help -)*:containers:__docker_containers" && ret=0 + "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (events) _arguments $(__docker_arguments) \ @@ -1701,7 +1701,7 @@ __docker_subcommand() { "($help)--privileged[Give extended Linux capabilities to the command]" \ "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" \ "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" \ - "($help -):containers:__docker_runningcontainers" \ + "($help -):containers:__docker_complete_running_containers" \ "($help -)*::command:->anycommand" && ret=0 case $state in @@ -1716,7 +1716,7 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -o --output)"{-o=,--output=}"[Write to a file, instead of stdout]:output file:_files" \ - "($help -)*:containers:__docker_containers" && ret=0 + "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (history) _arguments $(__docker_arguments) \ @@ -1768,11 +1768,11 @@ __docker_subcommand() { case $state in (values) if [[ ${words[(r)--type=container]} == --type=container ]]; then - __docker_containers && ret=0 + __docker_complete_containers && ret=0 elif [[ ${words[(r)--type=image]} == --type=image ]]; then __docker_images && ret=0 else - __docker_images && __docker_containers && ret=0 + __docker_images && __docker_complete_containers && ret=0 fi ;; esac @@ -1781,7 +1781,7 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -s --signal)"{-s=,--signal=}"[Signal to send]:signal:_signals" \ - "($help -)*:containers:__docker_runningcontainers" && ret=0 + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (load) _arguments $(__docker_arguments) \ @@ -1809,7 +1809,7 @@ __docker_subcommand() { "($help -s --since)"{-s=,--since=}"[Show logs since this timestamp]:timestamp: " \ "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \ "($help)--tail=[Output the last K lines]:lines:(1 10 20 50 all)" \ - "($help -)*:containers:__docker_containers" && ret=0 + "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (network) local curcontext="$curcontext" state @@ -1848,7 +1848,7 @@ __docker_subcommand() { (pause|unpause) _arguments $(__docker_arguments) \ $opts_help \ - "($help -)*:containers:__docker_runningcontainers" && ret=0 + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (plugin) local curcontext="$curcontext" state @@ -1870,14 +1870,14 @@ __docker_subcommand() { (port) _arguments $(__docker_arguments) \ $opts_help \ - "($help -)1:containers:__docker_runningcontainers" \ + "($help -)1:containers:__docker_complete_running_containers" \ "($help -)2:port:_ports" && ret=0 ;; (ps) _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Show all containers]" \ - "($help)--before=[Show only container created before...]:containers:__docker_containers" \ + "($help)--before=[Show only container created before...]:containers:__docker_complete_containers" \ "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \ "($help)--format=[Pretty-print containers using a Go template]:template: " \ "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ @@ -1885,7 +1885,7 @@ __docker_subcommand() { "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -s --size)"{-s,--size}"[Display total file sizes]" \ - "($help)--since=[Show only containers created since...]:containers:__docker_containers" && ret=0 + "($help)--since=[Show only containers created since...]:containers:__docker_complete_containers" && ret=0 ;; (pull) _arguments $(__docker_arguments) \ @@ -1903,20 +1903,20 @@ __docker_subcommand() { (rename) _arguments $(__docker_arguments) \ $opts_help \ - "($help -):old name:__docker_containers" \ + "($help -):old name:__docker_complete_containers" \ "($help -):new name: " && ret=0 ;; (stop) _arguments $(__docker_arguments) \ $opts_help \ "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ - "($help -)*:containers:__docker_runningcontainers" && ret=0 + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (restart) _arguments $(__docker_arguments) \ $opts_help \ "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ - "($help -)*:containers:__docker_containers_ids" && ret=0 + "($help -)*:containers:__docker_complete_containers_ids" && ret=0 ;; (rm) _arguments $(__docker_arguments) \ @@ -1928,9 +1928,9 @@ __docker_subcommand() { case $state in (values) if [[ ${words[(r)-f]} == -f || ${words[(r)--force]} == --force ]]; then - __docker_containers && ret=0 + __docker_complete_containers && ret=0 else - __docker_stoppedcontainers && ret=0 + __docker_complete_stopped_containers && ret=0 fi ;; esac @@ -1970,7 +1970,7 @@ __docker_subcommand() { if compset -P "*:"; then _wanted alias expl "Alias" compadd -E "" && ret=0 else - __docker_runningcontainers -qS ":" && ret=0 + __docker_complete_running_containers -qS ":" && ret=0 fi ;; (storage-opt) @@ -2027,7 +2027,7 @@ __docker_subcommand() { $opts_attach_exec_run_start \ "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \ "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \ - "($help -)*:containers:__docker_stoppedcontainers" && ret=0 + "($help -)*:containers:__docker_complete_stopped_containers" && ret=0 ;; (stats) _arguments $(__docker_arguments) \ @@ -2035,7 +2035,7 @@ __docker_subcommand() { "($help -a --all)"{-a,--all}"[Show all containers (default shows just running)]" \ "($help)--format=[Pretty-print images using a Go template]:template: " \ "($help)--no-stream[Disable streaming stats and only pull the first result]" \ - "($help -)*:containers:__docker_runningcontainers" && ret=0 + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (swarm) local curcontext="$curcontext" state @@ -2063,7 +2063,7 @@ __docker_subcommand() { (top) _arguments $(__docker_arguments) \ $opts_help \ - "($help -)1:containers:__docker_runningcontainers" \ + "($help -)1:containers:__docker_complete_running_containers" \ "($help -)*:: :->ps-arguments" && ret=0 case $state in (ps-arguments) @@ -2082,9 +2082,9 @@ __docker_subcommand() { case $state in (values) if [[ ${words[(r)--kernel-memory*]} = (--kernel-memory*) ]]; then - __docker_stoppedcontainers && ret=0 + __docker_complete_stopped_containers && ret=0 else - __docker_containers && ret=0 + __docker_complete_containers && ret=0 fi ;; esac @@ -2109,7 +2109,7 @@ __docker_subcommand() { (wait) _arguments $(__docker_arguments) \ $opts_help \ - "($help -)*:containers:__docker_runningcontainers" && ret=0 + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (help) _arguments $(__docker_arguments) ":subcommand:__docker_commands" && ret=0 From cfb9ce16839d0ca0a0d3061b19fb0252c016bab8 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 15:27:41 +0200 Subject: [PATCH 1964/2538] Add zsh completion for 'docker container' subcommands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 147 ++++++++++++++++++++++++++++++++- 1 file changed, 146 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ac1f7fa3f3..40aba4f137 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -472,6 +472,134 @@ __docker_complete_events_filter() { return ret } +# BO container + +__docker_container_commands() { + local -a _docker_container_subcommands + _docker_container_subcommands=( + "attach:Attach to a running container" + "commit:Create a new image from a container's changes" + "cp:Copy files/folders between a container and the local filesystem" + "create:Create a new container" + "diff:Inspect changes on a container's filesystem" + "exec:Run a command in a running container" + "export:Export a container's filesystem as a tar archive" + "inspect:Display detailed information on one or more containers" + "kill:Kill one or more running containers" + "logs:Fetch the logs of a container" + "ls:List containers" + "pause:Pause all processes within one or more containers" + "port:List port mappings or a specific mapping for the container" + "prune:Remove all stopped containers" + "rename:Rename a container" + "restart:Restart one or more containers" + "rm:Remove one or more containers" + "run:Run a command in a new container" + "start:Start one or more stopped containers" + "stats:Display a live stream of container(s) resource usage statistics" + "stop:Stop one or more running containers" + "top:Display the running processes of a container" + "unpause:Unpause all processes within one or more containers" + "update:Update configuration of one or more containers" + "wait:Block until one or more containers stop, then print their exit codes" + ) + _describe -t docker-container-commands "docker container command" _docker_container_subcommands +} + +__docker_container_subcommand() { + local -a _command_args opts_help + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + + case "$words[1]" in + (attach) + __docker_subcommand && ret=0 + ;; + (commit) + __docker_subcommand && ret=0 + ;; + (cp) + __docker_subcommand && ret=0 + ;; + (create) + __docker_subcommand && ret=0 + ;; + (diff) + __docker_subcommand && ret=0 + ;; + (exec) + __docker_subcommand && ret=0 + ;; + (export) + __docker_subcommand && ret=0 + ;; + (inspect) + __docker_subcommand && ret=0 + ;; + (kill) + __docker_subcommand && ret=0 + ;; + (logs) + __docker_subcommand && ret=0 + ;; + (ls|list) + words[1]="ps" + __docker_subcommand && ret=0 + ;; + (pause) + __docker_subcommand && ret=0 + ;; + (port) + __docker_subcommand && ret=0 + ;; + (prune) + # @TODO + ;; + (rename) + __docker_subcommand && ret=0 + ;; + (restart) + __docker_subcommand && ret=0 + ;; + (rm) + __docker_subcommand && ret=0 + ;; + (run) + __docker_subcommand && ret=0 + ;; + (start) + __docker_subcommand && ret=0 + ;; + (stats) + __docker_subcommand && ret=0 + ;; + (stop) + __docker_subcommand && ret=0 + ;; + (top) + __docker_subcommand && ret=0 + ;; + (unpause) + __docker_subcommand && ret=0 + ;; + (update) + __docker_subcommand && ret=0 + ;; + (wait) + __docker_subcommand && ret=0 + ;; + (help) + _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0 + ;; + esac + + return ret +} + +# EO container + # BO network __docker_network_complete_ls_filters() { @@ -1418,7 +1546,7 @@ __docker_commands() { then local -a lines lines=(${(f)"$(_call_program commands docker 2>&1)"}) - _docker_subcommands=(${${${lines[$((${lines[(i)Commands:]} + 1)),${lines[(I) *]}]}## #}/ ##/:}) + _docker_subcommands=(${${${(M)${lines[$((${lines[(i)*Commands:]} + 1)),-1]}:# *}## #}/ ##/:}) _docker_subcommands=($_docker_subcommands 'daemon:Enable daemon mode' 'help:Show help for a command') (( $#_docker_subcommands > 2 )) && _store_cache docker_subcommands _docker_subcommands fi @@ -1550,6 +1678,23 @@ __docker_subcommand() { "($help -):container:__docker_complete_containers" \ "($help -): :__docker_repositories_with_tags" && ret=0 ;; + (container) + local curcontext="$curcontext" state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_container_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-${words[-1]}: + __docker_container_subcommand && ret=0 + ;; + esac + ;; (cp) _arguments $(__docker_arguments) \ $opts_help \ From f80a33998f261002917c0d6192bc297e97d7de78 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 15:39:59 +0200 Subject: [PATCH 1965/2538] Move zsh completion logic to new subcommand: attach Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 40aba4f137..2e87c483a8 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -507,15 +507,23 @@ __docker_container_commands() { } __docker_container_subcommand() { - local -a _command_args opts_help + local -a _command_args opts_help opts_attach_exec_run_start local expl help="--help" integer ret=1 + opts_attach_exec_run_start=( + "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" + ) opts_help=("(: -)--help[Print usage]") case "$words[1]" in (attach) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + $opts_attach_exec_run_start \ + "($help)--no-stdin[Do not attach stdin]" \ + "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ + "($help -):containers:__docker_complete_running_containers" && ret=0 ;; (commit) __docker_subcommand && ret=0 @@ -1644,12 +1652,7 @@ __docker_subcommand() { case "$words[1]" in (attach) - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_attach_exec_run_start \ - "($help)--no-stdin[Do not attach stdin]" \ - "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ - "($help -):containers:__docker_complete_running_containers" && ret=0 + __docker_container_subcommand && ret=0 ;; (build) _arguments $(__docker_arguments) \ From aee4d2e078eb50c2a43491963a1c053dc2eb2365 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 15:41:57 +0200 Subject: [PATCH 1966/2538] Move zsh completion logic to new subcommand: commit Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2e87c483a8..d432abdb1d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -526,7 +526,14 @@ __docker_container_subcommand() { "($help -):containers:__docker_complete_running_containers" && ret=0 ;; (commit) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -a --author)"{-a=,--author=}"[Author]:author: " \ + "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ + "($help -m --message)"{-m=,--message=}"[Commit message]:message: " \ + "($help -p --pause)"{-p,--pause}"[Pause container during commit]" \ + "($help -):container:__docker_complete_containers" \ + "($help -): :__docker_repositories_with_tags" && ret=0 ;; (cp) __docker_subcommand && ret=0 @@ -1672,14 +1679,7 @@ __docker_subcommand() { "($help -):path or URL:_directories" && ret=0 ;; (commit) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --author)"{-a=,--author=}"[Author]:author: " \ - "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ - "($help -m --message)"{-m=,--message=}"[Commit message]:message: " \ - "($help -p --pause)"{-p,--pause}"[Pause container during commit]" \ - "($help -):container:__docker_complete_containers" \ - "($help -): :__docker_repositories_with_tags" && ret=0 + __docker_container_subcommand && ret=0 ;; (container) local curcontext="$curcontext" state From 2d250dcaf14cfb37442be6185910c4469d642658 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 15:43:07 +0200 Subject: [PATCH 1967/2538] Move zsh completion logic to new subcommand: cp Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d432abdb1d..258662ece1 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -536,7 +536,20 @@ __docker_container_subcommand() { "($help -): :__docker_repositories_with_tags" && ret=0 ;; (cp) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -L --follow-link)"{-L,--follow-link}"[Always follow symbol link]" \ + "($help -)1:container:->container" \ + "($help -)2:hostpath:_files" && ret=0 + case $state in + (container) + if compset -P "*:"; then + _files && ret=0 + else + __docker_complete_containers -qS ":" && ret=0 + fi + ;; + esac ;; (create) __docker_subcommand && ret=0 @@ -1699,20 +1712,7 @@ __docker_subcommand() { esac ;; (cp) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -L --follow-link)"{-L,--follow-link}"[Always follow symbol link]" \ - "($help -)1:container:->container" \ - "($help -)2:hostpath:_files" && ret=0 - case $state in - (container) - if compset -P "*:"; then - _files && ret=0 - else - __docker_complete_containers -qS ":" && ret=0 - fi - ;; - esac + __docker_container_subcommand && ret=0 ;; (create) _arguments $(__docker_arguments) \ From 6e850a9613c59a81fa050b60e1e4f6a4a7fa87ea Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 15:45:46 +0200 Subject: [PATCH 1968/2538] Move zsh completion logic to new subcommand: create Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 150 ++++++++++++++++++++++++--------- 1 file changed, 110 insertions(+), 40 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 258662ece1..c466653733 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -507,13 +507,87 @@ __docker_container_commands() { } __docker_container_subcommand() { - local -a _command_args opts_help opts_attach_exec_run_start + local -a _command_args opts_help opts_attach_exec_run_start opts_create_run opts_create_run_update local expl help="--help" integer ret=1 opts_attach_exec_run_start=( "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" ) + opts_create_run=( + "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" + "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " + "($help)*--blkio-weight-device=[Block IO (relative device weight)]:device:Block IO weight: " + "($help)*--cap-add=[Add Linux capabilities]:capability: " + "($help)*--cap-drop=[Drop Linux capabilities]:capability: " + "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " + "($help)--cidfile=[Write the container ID to the file]:CID file:_files" + "($help)*--device=[Add a host device to the container]:device:_files" + "($help)*--device-read-bps=[Limit the read rate (bytes per second) from a device]:device:IO rate: " + "($help)*--device-read-iops=[Limit the read rate (IO per second) from a device]:device:IO rate: " + "($help)*--device-write-bps=[Limit the write rate (bytes per second) to a device]:device:IO rate: " + "($help)*--device-write-iops=[Limit the write rate (IO per second) to a device]:device:IO rate: " + "($help)--disable-content-trust[Skip image verification]" + "($help)*--dns=[Custom DNS servers]:DNS server: " + "($help)*--dns-opt=[Custom DNS options]:DNS option: " + "($help)*--dns-search=[Custom DNS search domains]:DNS domains: " + "($help)*"{-e=,--env=}"[Environment variables]:environment variable: " + "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: " + "($help)*--env-file=[Read environment variables from a file]:environment file:_files" + "($help)*--expose=[Expose a port from the container without publishing it]: " + "($help)*--group=[Set one or more supplementary user groups for the container]:group:_groups" + "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" + "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" + "($help)--ip=[Container IPv4 address]:IPv4: " + "($help)--ip6=[Container IPv6 address]:IPv6: " + "($help)--ipc=[IPC namespace to use]:IPC namespace: " + "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" + "($help)*--link=[Add link to another container]:link:->link" + "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " + "($help)*"{-l=,--label=}"[Container metadata]:label: " + "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_log_drivers" + "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" + "($help)--mac-address=[Container MAC address]:MAC address: " + "($help)--name=[Container name]:name: " + "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" + "($help)*--network-alias=[Add network-scoped alias for the container]:alias: " + "($help)--oom-kill-disable[Disable OOM Killer]" + "($help)--oom-score-adj[Tune the host's OOM preferences for containers (accepts -1000 to 1000)]" + "($help)--pids-limit[Tune container pids limit (set -1 for unlimited)]" + "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]" + "($help)*"{-p=,--publish=}"[Expose a container's port to the host]:port:_ports" + "($help)--pid=[PID namespace to use]:PID namespace:__docker_complete_pid" + "($help)--privileged[Give extended privileges to this container]" + "($help)--read-only[Mount the container's root filesystem as read only]" + "($help)*--security-opt=[Security options]:security option: " + "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " + "($help)--stop-timeout=[Timeout (in seconds) to stop a container]:time: " + "($help)*--sysctl=-[sysctl options]:sysctl: " + "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" + "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" + "($help)*--ulimit=[ulimit options]:ulimit: " + "($help)--userns=[Container user namespace]:user namespace:(host)" + "($help)--tmpfs[mount tmpfs]" + "($help)*-v[Bind mount a volume]:volume: " + "($help)--volume-driver=[Optional volume driver for the container]:volume driver:(local)" + "($help)*--volumes-from=[Mount volumes from the specified container]:volume: " + "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" + ) + opts_create_run_update=( + "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" + "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" + "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " + "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " + "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " + "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " + "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " + "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " + "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: " + "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " + "($help)--memory-reservation=[Memory soft limit]:Memory limit: " + "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " + "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)" + ) opts_help=("(: -)--help[Print usage]") case "$words[1]" in @@ -552,7 +626,22 @@ __docker_container_subcommand() { esac ;; (create) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + $opts_create_run \ + $opts_create_run_update \ + "($help -): :__docker_images" \ + "($help -):command: _command_names -e" \ + "($help -)*::arguments: _normal" && ret=0 + case $state in + (link) + if compset -P "*:"; then + _wanted alias expl "Alias" compadd -E "" && ret=0 + else + __docker_complete_running_containers -qS ":" && ret=0 + fi + ;; + esac ;; (diff) __docker_subcommand && ret=0 @@ -1582,12 +1671,12 @@ __docker_commands() { } __docker_subcommand() { - local -a _command_args opts_help opts_build_create_run opts_build_create_run_update opts_create_run opts_create_run_update + local -a _command_args opts_help opts_build_run opts_build_run_update opts_run opts_run_update opts_exec_run_start local expl help="--help" integer ret=1 opts_help=("(: -)--help[Print usage]") - opts_build_create_run=( + opts_build_run=( "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" "($help)--disable-content-trust[Skip image verification]" @@ -1595,7 +1684,7 @@ __docker_subcommand() { "($help)*--ulimit=[ulimit options]:ulimit: " "($help)--userns=[Container user namespace]:user namespace:(host)" ) - opts_build_create_run_update=( + opts_build_run_update=( "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " @@ -1606,7 +1695,10 @@ __docker_subcommand() { "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " ) - opts_create_run=( + opts_exec_run_start=( + "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" + ) + opts_run=( "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " "($help)*--blkio-weight-device=[Block IO (relative device weight)]:device:Block IO weight: " @@ -1660,15 +1752,12 @@ __docker_subcommand() { "($help)*--volumes-from=[Mount volumes from the specified container]:volume: " "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" ) - opts_create_run_update=( + opts_run_update=( "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: " "($help)--memory-reservation=[Memory soft limit]:Memory limit: " "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)" ) - opts_attach_exec_run_start=( - "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" - ) case "$words[1]" in (attach) @@ -1677,8 +1766,8 @@ __docker_subcommand() { (build) _arguments $(__docker_arguments) \ $opts_help \ - $opts_build_create_run \ - $opts_build_create_run_update \ + $opts_build_run \ + $opts_build_run_update \ "($help)*--build-arg[Build-time variables]:=: " \ "($help)--compress[Compress the build context using gzip]" \ "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ @@ -1715,26 +1804,7 @@ __docker_subcommand() { __docker_container_subcommand && ret=0 ;; (create) - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_build_create_run \ - $opts_build_create_run_update \ - $opts_create_run \ - $opts_create_run_update \ - "($help -): :__docker_images" \ - "($help -):command: _command_names -e" \ - "($help -)*::arguments: _normal" && ret=0 - - case $state in - (link) - if compset -P "*:"; then - _wanted alias expl "Alias" compadd -E "" && ret=0 - else - __docker_complete_running_containers -qS ":" && ret=0 - fi - ;; - esac - + __docker_container_subcommand && ret=0 ;; (daemon) _arguments $(__docker_arguments) \ @@ -2093,11 +2163,11 @@ __docker_subcommand() { (run) _arguments $(__docker_arguments) \ $opts_help \ - $opts_build_create_run \ - $opts_build_create_run_update \ - $opts_create_run \ - $opts_create_run_update \ - $opts_attach_exec_run_start \ + $opts_build_run \ + $opts_build_run_update \ + $opts_run \ + $opts_run_update \ + $opts_exec_run_start \ "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ "($help)--health-cmd=[Command to run to check health]:command: " \ "($help)--health-interval=[Time between running the check]:time: " \ @@ -2172,7 +2242,7 @@ __docker_subcommand() { (start) _arguments $(__docker_arguments) \ $opts_help \ - $opts_attach_exec_run_start \ + $opts_exec_run_start \ "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \ "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \ "($help -)*:containers:__docker_complete_stopped_containers" && ret=0 @@ -2223,8 +2293,8 @@ __docker_subcommand() { (update) _arguments $(__docker_arguments) \ $opts_help \ - $opts_create_run_update \ - $opts_build_create_run_update \ + $opts_run_update \ + $opts_build_run_update \ "($help -)*: :->values" && ret=0 case $state in From 978fbdd9dce77e7c81dc85ac78e52cba60787a6c Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 15:46:56 +0200 Subject: [PATCH 1969/2538] Move zsh completion logic to new subcommand: diff Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index c466653733..4a06985839 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -644,7 +644,9 @@ __docker_container_subcommand() { esac ;; (diff) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (exec) __docker_subcommand && ret=0 @@ -1896,9 +1898,7 @@ __docker_subcommand() { esac ;; (diff) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:containers:__docker_complete_containers" && ret=0 + __docker_container_subcommand && ret=0 ;; (events) _arguments $(__docker_arguments) \ From f2cebb1b32e65db14c44314549230f8e978fcb69 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 15:48:25 +0200 Subject: [PATCH 1970/2538] Move zsh completion logic to new subcommand: exec Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 47 +++++++++++++++++----------------- 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4a06985839..81265de9f4 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -649,7 +649,25 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (exec) - __docker_subcommand && ret=0 + local state + _arguments $(__docker_arguments) \ + $opts_help \ + $opts_attach_exec_run_start \ + "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ + "($help)*"{-e=,--env=}"[Set environment variables]:environment variable: " \ + "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \ + "($help)--privileged[Give extended Linux capabilities to the command]" \ + "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" \ + "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" \ + "($help -):containers:__docker_complete_running_containers" \ + "($help -)*::command:->anycommand" && ret=0 + case $state in + (anycommand) + shift 1 words + (( CURRENT-- )) + _normal && ret=0 + ;; + esac ;; (export) __docker_subcommand && ret=0 @@ -1673,7 +1691,7 @@ __docker_commands() { } __docker_subcommand() { - local -a _command_args opts_help opts_build_run opts_build_run_update opts_run opts_run_update opts_exec_run_start + local -a _command_args opts_help opts_build_run opts_build_run_update opts_run opts_run_update opts_run_start local expl help="--help" integer ret=1 @@ -1697,7 +1715,7 @@ __docker_subcommand() { "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " ) - opts_exec_run_start=( + opts_run_start=( "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" ) opts_run=( @@ -1909,26 +1927,7 @@ __docker_subcommand() { "($help)--format=[Format the output using the given go template]:template: " && ret=0 ;; (exec) - local state - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_attach_exec_run_start \ - "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ - "($help)*"{-e=,--env=}"[Set environment variables]:environment variable: " \ - "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" \ - "($help)--privileged[Give extended Linux capabilities to the command]" \ - "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" \ - "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" \ - "($help -):containers:__docker_complete_running_containers" \ - "($help -)*::command:->anycommand" && ret=0 - - case $state in - (anycommand) - shift 1 words - (( CURRENT-- )) - _normal && ret=0 - ;; - esac + __docker_container_subcommand && ret=0 ;; (export) _arguments $(__docker_arguments) \ @@ -2242,7 +2241,7 @@ __docker_subcommand() { (start) _arguments $(__docker_arguments) \ $opts_help \ - $opts_exec_run_start \ + $opts_run_start \ "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \ "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \ "($help -)*:containers:__docker_complete_stopped_containers" && ret=0 From 13a60cfa381c988735777cc644cecf99dfa6c508 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 29 Oct 2016 16:05:57 +0200 Subject: [PATCH 1971/2538] Move zsh completion logic to new subcommand: export Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 81265de9f4..5eebd74719 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -670,7 +670,10 @@ __docker_container_subcommand() { esac ;; (export) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -o --output)"{-o=,--output=}"[Write to a file, instead of stdout]:output file:_files" \ + "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (inspect) __docker_subcommand && ret=0 @@ -1930,10 +1933,7 @@ __docker_subcommand() { __docker_container_subcommand && ret=0 ;; (export) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -o --output)"{-o=,--output=}"[Write to a file, instead of stdout]:output file:_files" \ - "($help -)*:containers:__docker_complete_containers" && ret=0 + __docker_container_subcommand && ret=0 ;; (history) _arguments $(__docker_arguments) \ From 61507603fb008c5795ca5e48f0bda5ca4084bb8f Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 16:45:02 +0100 Subject: [PATCH 1972/2538] Add zsh completion logic to new subcommand: inspect Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 5eebd74719..50ddac87a4 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -676,7 +676,11 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (inspect) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ + "($help -s --size)"{-s,--size}"[Display total file sizes]" \ + "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (kill) __docker_subcommand && ret=0 From ca352f2941de9a4bf5dfae7e7d47882f012d5539 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 16:46:04 +0100 Subject: [PATCH 1973/2538] Move zsh completion logic to new subcommand: kill Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 50ddac87a4..45f29abc36 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -683,7 +683,10 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (kill) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -s --signal)"{-s=,--signal=}"[Signal to send]:signal:_signals" \ + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (logs) __docker_subcommand && ret=0 @@ -1999,10 +2002,7 @@ __docker_subcommand() { esac ;; (kill) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -s --signal)"{-s=,--signal=}"[Signal to send]:signal:_signals" \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 + __docker_container_subcommand && ret=0 ;; (load) _arguments $(__docker_arguments) \ From a01c52a1a6634f4e33c8815a64e1e56778413cc7 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 16:46:59 +0100 Subject: [PATCH 1974/2538] Move zsh completion logic to new subcommand: logs Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 45f29abc36..474008f3d8 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -689,7 +689,14 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (logs) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--details[Show extra details provided to logs]" \ + "($help -f --follow)"{-f,--follow}"[Follow log output]" \ + "($help -s --since)"{-s=,--since=}"[Show logs since this timestamp]:timestamp: " \ + "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \ + "($help)--tail=[Output the last K lines]:lines:(1 10 20 50 all)" \ + "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (ls|list) words[1]="ps" @@ -2023,14 +2030,7 @@ __docker_subcommand() { "($help -)1:server: " && ret=0 ;; (logs) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--details[Show extra details provided to logs]" \ - "($help -f --follow)"{-f,--follow}"[Follow log output]" \ - "($help -s --since)"{-s=,--since=}"[Show logs since this timestamp]:timestamp: " \ - "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \ - "($help)--tail=[Output the last K lines]:lines:(1 10 20 50 all)" \ - "($help -)*:containers:__docker_complete_containers" && ret=0 + __docker_container_subcommand && ret=0 ;; (network) local curcontext="$curcontext" state From f7dba85a99c6ac8b97dc19b4c6cc747782a9adbe Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 16:49:16 +0100 Subject: [PATCH 1975/2538] Move zsh completion logic to new subcommand: ps Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 474008f3d8..41b6ad7f9a 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -699,8 +699,18 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_containers" && ret=0 ;; (ls|list) - words[1]="ps" - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -a --all)"{-a,--all}"[Show all containers]" \ + "($help)--before=[Show only container created before...]:containers:__docker_complete_containers" \ + "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \ + "($help)--format=[Pretty-print containers using a Go template]:template: " \ + "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ + "($help -n --last)"{-n=,--last=}"[Show n last created containers (includes all states)]:n:(1 5 10 25 50)" \ + "($help)--no-trunc[Do not truncate output]" \ + "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ + "($help -s --size)"{-s,--size}"[Display total file sizes]" \ + "($help)--since=[Show only containers created since...]:containers:__docker_complete_containers" && ret=0 ;; (pause) __docker_subcommand && ret=0 @@ -2095,18 +2105,8 @@ __docker_subcommand() { "($help -)2:port:_ports" && ret=0 ;; (ps) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Show all containers]" \ - "($help)--before=[Show only container created before...]:containers:__docker_complete_containers" \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_ps_filters" \ - "($help)--format=[Pretty-print containers using a Go template]:template: " \ - "($help -l --latest)"{-l,--latest}"[Show only the latest created container]" \ - "($help -n --last)"{-n=,--last=}"[Show n last created containers (includes all states)]:n:(1 5 10 25 50)" \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ - "($help -s --size)"{-s,--size}"[Display total file sizes]" \ - "($help)--since=[Show only containers created since...]:containers:__docker_complete_containers" && ret=0 + words[1]='ls' + __docker_container_subcommand && ret=0 ;; (pull) _arguments $(__docker_arguments) \ From 67a2df2d80dd2a5d4403f33ee8b16adc45ae1fdc Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 16:51:26 +0100 Subject: [PATCH 1976/2538] Move zsh completion logic to new subcommand: pause, unpause Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 41b6ad7f9a..361ade355a 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -712,8 +712,10 @@ __docker_container_subcommand() { "($help -s --size)"{-s,--size}"[Display total file sizes]" \ "($help)--since=[Show only containers created since...]:containers:__docker_complete_containers" && ret=0 ;; - (pause) - __docker_subcommand && ret=0 + (pause|unpause) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (port) __docker_subcommand && ret=0 @@ -745,9 +747,6 @@ __docker_container_subcommand() { (top) __docker_subcommand && ret=0 ;; - (unpause) - __docker_subcommand && ret=0 - ;; (update) __docker_subcommand && ret=0 ;; @@ -2077,9 +2076,7 @@ __docker_subcommand() { esac ;; (pause|unpause) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 + __docker_container_subcommand && ret=0 ;; (plugin) local curcontext="$curcontext" state From 64ea2f57e8b321155f6f7d09edff3e0e0f31f30d Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 16:51:53 +0100 Subject: [PATCH 1977/2538] Move zsh completion logic to new subcommand: port Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 361ade355a..a65e5f786f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -718,7 +718,10 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (port) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)1:containers:__docker_complete_running_containers" \ + "($help -)2:port:_ports" && ret=0 ;; (prune) # @TODO @@ -2096,10 +2099,7 @@ __docker_subcommand() { esac ;; (port) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)1:containers:__docker_complete_running_containers" \ - "($help -)2:port:_ports" && ret=0 + __docker_container_subcommand && ret=0 ;; (ps) words[1]='ls' From 25fc254d3a0ca402ffcbbf2958bd936c648981b6 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 16:52:41 +0100 Subject: [PATCH 1978/2538] Move zsh completion logic to new subcommand: rename Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a65e5f786f..659b4bbf6d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -727,7 +727,10 @@ __docker_container_subcommand() { # @TODO ;; (rename) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -):old name:__docker_complete_containers" \ + "($help -):new name: " && ret=0 ;; (restart) __docker_subcommand && ret=0 @@ -2119,10 +2122,7 @@ __docker_subcommand() { "($help -): :__docker_images" && ret=0 ;; (rename) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -):old name:__docker_complete_containers" \ - "($help -):new name: " && ret=0 + __docker_container_subcommand && ret=0 ;; (stop) _arguments $(__docker_arguments) \ From b3b41803ed931f16d78085d01fefc2ac2705fd42 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 18:21:16 +0100 Subject: [PATCH 1979/2538] Move zsh completion logic to new subcommand: restart Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 659b4bbf6d..12badf0c85 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -733,7 +733,10 @@ __docker_container_subcommand() { "($help -):new name: " && ret=0 ;; (restart) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ + "($help -)*:containers:__docker_complete_containers_ids" && ret=0 ;; (rm) __docker_subcommand && ret=0 @@ -2131,10 +2134,7 @@ __docker_subcommand() { "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (restart) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ - "($help -)*:containers:__docker_complete_containers_ids" && ret=0 + __docker_container_subcommand && ret=0 ;; (rm) _arguments $(__docker_arguments) \ From 4149666da1fece610d0aa66511c04412e848691a Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 18:22:26 +0100 Subject: [PATCH 1980/2538] Move zsh completion logic to new subcommand: rm Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 12badf0c85..ecb6bbe260 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -739,7 +739,22 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_containers_ids" && ret=0 ;; (rm) - __docker_subcommand && ret=0 + local state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --force)"{-f,--force}"[Force removal]" \ + "($help -l --link)"{-l,--link}"[Remove the specified link and not the underlying container]" \ + "($help -v --volumes)"{-v,--volumes}"[Remove the volumes associated to the container]" \ + "($help -)*:containers:->values" && ret=0 + case $state in + (values) + if [[ ${words[(r)-f]} == -f || ${words[(r)--force]} == --force ]]; then + __docker_complete_containers && ret=0 + else + __docker_complete_stopped_containers && ret=0 + fi + ;; + esac ;; (run) __docker_subcommand && ret=0 @@ -2137,21 +2152,7 @@ __docker_subcommand() { __docker_container_subcommand && ret=0 ;; (rm) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Force removal]" \ - "($help -l --link)"{-l,--link}"[Remove the specified link and not the underlying container]" \ - "($help -v --volumes)"{-v,--volumes}"[Remove the volumes associated to the container]" \ - "($help -)*:containers:->values" && ret=0 - case $state in - (values) - if [[ ${words[(r)-f]} == -f || ${words[(r)--force]} == --force ]]; then - __docker_complete_containers && ret=0 - else - __docker_complete_stopped_containers && ret=0 - fi - ;; - esac + __docker_container_subcommand && ret=0 ;; (rmi) _arguments $(__docker_arguments) \ From 15a2f1f74f26e5c277746b14a50ef13cffab859a Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 18:29:03 +0100 Subject: [PATCH 1981/2538] Move zsh completion logic to new subcommand: run Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 154 +++++++++++---------------------- 1 file changed, 49 insertions(+), 105 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ecb6bbe260..7f1d985d04 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -548,6 +548,7 @@ __docker_container_subcommand() { "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_log_drivers" "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" "($help)--mac-address=[Container MAC address]:MAC address: " + "($help)*--mount=[Attach a filesystem mount to the container]:mount: " "($help)--name=[Container name]:name: " "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" "($help)*--network-alias=[Add network-scoped alias for the container]:alias: " @@ -757,7 +758,43 @@ __docker_container_subcommand() { esac ;; (run) - __docker_subcommand && ret=0 + local state + _arguments $(__docker_arguments) \ + $opts_help \ + $opts_create_run \ + $opts_create_run_update \ + $opts_attach_exec_run_start \ + "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ + "($help)--health-cmd=[Command to run to check health]:command: " \ + "($help)--health-interval=[Time between running the check]:time: " \ + "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" \ + "($help)--health-timeout=[Maximum time to allow one check to run]:time: " \ + "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" \ + "($help)--rm[Remove intermediate containers when it exits]" \ + "($help)--runtime=[Name of the runtime to be used for that container]:runtime:__docker_complete_runtimes" \ + "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ + "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \ + "($help)--storage-opt=[Storage driver options for the container]:storage options:->storage-opt" \ + "($help -): :__docker_images" \ + "($help -):command: _command_names -e" \ + "($help -)*::arguments: _normal" && ret=0 + case $state in + (link) + if compset -P "*:"; then + _wanted alias expl "Alias" compadd -E "" && ret=0 + else + __docker_complete_running_containers -qS ":" && ret=0 + fi + ;; + (storage-opt) + if compset -P "*="; then + _message "value" && ret=0 + else + opts=('size') + _describe -t filter-opts "storage options" opts -qS "=" && ret=0 + fi + ;; + esac ;; (start) __docker_subcommand && ret=0 @@ -1741,12 +1778,12 @@ __docker_commands() { } __docker_subcommand() { - local -a _command_args opts_help opts_build_run opts_build_run_update opts_run opts_run_update opts_run_start + local -a _command_args opts_help opts_build opts_build_update opts_update local expl help="--help" integer ret=1 opts_help=("(: -)--help[Print usage]") - opts_build_run=( + opts_build=( "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" "($help)--disable-content-trust[Skip image verification]" @@ -1754,7 +1791,7 @@ __docker_subcommand() { "($help)*--ulimit=[ulimit options]:ulimit: " "($help)--userns=[Container user namespace]:user namespace:(host)" ) - opts_build_run_update=( + opts_build_update=( "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " @@ -1765,64 +1802,10 @@ __docker_subcommand() { "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " ) - opts_run_start=( + opts_start=( "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" ) - opts_run=( - "($help -a --attach)"{-a=,--attach=}"[Attach to stdin, stdout or stderr]:device:(STDIN STDOUT STDERR)" - "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " - "($help)*--blkio-weight-device=[Block IO (relative device weight)]:device:Block IO weight: " - "($help)*--cap-add=[Add Linux capabilities]:capability: " - "($help)*--cap-drop=[Drop Linux capabilities]:capability: " - "($help)--cidfile=[Write the container ID to the file]:CID file:_files" - "($help)*--device=[Add a host device to the container]:device:_files" - "($help)*--device-read-bps=[Limit the read rate (bytes per second) from a device]:device:IO rate: " - "($help)*--device-read-iops=[Limit the read rate (IO per second) from a device]:device:IO rate: " - "($help)*--device-write-bps=[Limit the write rate (bytes per second) to a device]:device:IO rate: " - "($help)*--device-write-iops=[Limit the write rate (IO per second) to a device]:device:IO rate: " - "($help)*--dns=[Custom DNS servers]:DNS server: " - "($help)*--dns-opt=[Custom DNS options]:DNS option: " - "($help)*--dns-search=[Custom DNS search domains]:DNS domains: " - "($help)*"{-e=,--env=}"[Environment variables]:environment variable: " - "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: " - "($help)*--env-file=[Read environment variables from a file]:environment file:_files" - "($help)*--expose=[Expose a port from the container without publishing it]: " - "($help)*--group=[Set one or more supplementary user groups for the container]:group:_groups" - "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" - "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" - "($help)--ip=[Container IPv4 address]:IPv4: " - "($help)--ip6=[Container IPv6 address]:IPv6: " - "($help)--ipc=[IPC namespace to use]:IPC namespace: " - "($help)*--link=[Add link to another container]:link:->link" - "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " - "($help)*"{-l=,--label=}"[Container metadata]:label: " - "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_log_drivers" - "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" - "($help)--mac-address=[Container MAC address]:MAC address: " - "($help)*--mount=[Attach a filesystem mount to the container]:mount: " - "($help)--name=[Container name]:name: " - "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" - "($help)*--network-alias=[Add network-scoped alias for the container]:alias: " - "($help)--oom-kill-disable[Disable OOM Killer]" - "($help)--oom-score-adj[Tune the host's OOM preferences for containers (accepts -1000 to 1000)]" - "($help)--pids-limit[Tune container pids limit (set -1 for unlimited)]" - "($help -P --publish-all)"{-P,--publish-all}"[Publish all exposed ports]" - "($help)*"{-p=,--publish=}"[Expose a container's port to the host]:port:_ports" - "($help)--pid=[PID namespace to use]:PID namespace:__docker_complete_pid" - "($help)--privileged[Give extended privileges to this container]" - "($help)--read-only[Mount the container's root filesystem as read only]" - "($help)*--security-opt=[Security options]:security option: " - "($help)--stop-timeout=[Timeout (in seconds) to stop a container]:time: " - "($help)*--sysctl=-[sysctl options]:sysctl: " - "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" - "($help -u --user)"{-u=,--user=}"[Username or UID]:user:_users" - "($help)--tmpfs[mount tmpfs]" - "($help)*-v[Bind mount a volume]:volume: " - "($help)--volume-driver=[Optional volume driver for the container]:volume driver:(local)" - "($help)*--volumes-from=[Mount volumes from the specified container]:volume: " - "($help -w --workdir)"{-w=,--workdir=}"[Working directory inside the container]:directory:_directories" - ) - opts_run_update=( + opts_update=( "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: " "($help)--memory-reservation=[Memory soft limit]:Memory limit: " @@ -1836,8 +1819,8 @@ __docker_subcommand() { (build) _arguments $(__docker_arguments) \ $opts_help \ - $opts_build_run \ - $opts_build_run_update \ + $opts_build \ + $opts_build_update \ "($help)*--build-arg[Build-time variables]:=: " \ "($help)--compress[Compress the build context using gzip]" \ "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ @@ -2162,46 +2145,7 @@ __docker_subcommand() { "($help -)*: :__docker_images" && ret=0 ;; (run) - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_build_run \ - $opts_build_run_update \ - $opts_run \ - $opts_run_update \ - $opts_exec_run_start \ - "($help -d --detach)"{-d,--detach}"[Detached mode: leave the container running in the background]" \ - "($help)--health-cmd=[Command to run to check health]:command: " \ - "($help)--health-interval=[Time between running the check]:time: " \ - "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" \ - "($help)--health-timeout=[Maximum time to allow one check to run]:time: " \ - "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" \ - "($help)--rm[Remove intermediate containers when it exits]" \ - "($help)--runtime=[Name of the runtime to be used for that container]:runtime:__docker_complete_runtimes" \ - "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ - "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \ - "($help)--storage-opt=[Storage driver options for the container]:storage options:->storage-opt" \ - "($help -): :__docker_images" \ - "($help -):command: _command_names -e" \ - "($help -)*::arguments: _normal" && ret=0 - - case $state in - (link) - if compset -P "*:"; then - _wanted alias expl "Alias" compadd -E "" && ret=0 - else - __docker_complete_running_containers -qS ":" && ret=0 - fi - ;; - (storage-opt) - if compset -P "*="; then - _message "value" && ret=0 - else - opts=('size') - _describe -t filter-opts "storage options" opts -qS "=" && ret=0 - fi - ;; - esac - + __docker_container_subcommand && ret=0 ;; (save) _arguments $(__docker_arguments) \ @@ -2243,7 +2187,7 @@ __docker_subcommand() { (start) _arguments $(__docker_arguments) \ $opts_help \ - $opts_run_start \ + $opts_start \ "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \ "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \ "($help -)*:containers:__docker_complete_stopped_containers" && ret=0 @@ -2294,8 +2238,8 @@ __docker_subcommand() { (update) _arguments $(__docker_arguments) \ $opts_help \ - $opts_run_update \ - $opts_build_run_update \ + $opts_update \ + $opts_build_update \ "($help -)*: :->values" && ret=0 case $state in From 2fd33da75fe52637fc1610c9e49b90076edbb759 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 18:40:53 +0100 Subject: [PATCH 1982/2538] Move zsh completion logic to new subcommand: start Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 7f1d985d04..1318bcba9c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -797,7 +797,12 @@ __docker_container_subcommand() { esac ;; (start) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + $opts_attach_exec_run_start \ + "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \ + "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \ + "($help -)*:containers:__docker_complete_stopped_containers" && ret=0 ;; (stats) __docker_subcommand && ret=0 @@ -1802,9 +1807,6 @@ __docker_subcommand() { "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " ) - opts_start=( - "($help)--detach-keys=[Escape key sequence used to detach a container]:sequence:__docker_complete_detach_keys" - ) opts_update=( "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: " @@ -2185,12 +2187,7 @@ __docker_subcommand() { esac ;; (start) - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_start \ - "($help -a --attach)"{-a,--attach}"[Attach container's stdout/stderr and forward all signals]" \ - "($help -i --interactive)"{-i,--interactive}"[Attach container's stding]" \ - "($help -)*:containers:__docker_complete_stopped_containers" && ret=0 + __docker_container_subcommand && ret=0 ;; (stats) _arguments $(__docker_arguments) \ From 5323c46677ea7dda5e0b6d404fe26c26a1d45562 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 18:41:39 +0100 Subject: [PATCH 1983/2538] Move zsh completion logic to new subcommand: stats Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1318bcba9c..0707de449f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -805,7 +805,12 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_stopped_containers" && ret=0 ;; (stats) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -a --all)"{-a,--all}"[Show all containers (default shows just running)]" \ + "($help)--format=[Pretty-print images using a Go template]:template: " \ + "($help)--no-stream[Disable streaming stats and only pull the first result]" \ + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (stop) __docker_subcommand && ret=0 @@ -2190,12 +2195,7 @@ __docker_subcommand() { __docker_container_subcommand && ret=0 ;; (stats) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Show all containers (default shows just running)]" \ - "($help)--format=[Pretty-print images using a Go template]:template: " \ - "($help)--no-stream[Disable streaming stats and only pull the first result]" \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 + __docker_container_subcommand && ret=0 ;; (swarm) local curcontext="$curcontext" state From 8361fc40e7da4ab8140464e062611d764fc071c3 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 18:42:49 +0100 Subject: [PATCH 1984/2538] Move zsh completion logic to new subcommand: stop Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 0707de449f..4c06b28b50 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -813,7 +813,10 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (stop) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (top) __docker_subcommand && ret=0 @@ -2132,12 +2135,6 @@ __docker_subcommand() { (rename) __docker_container_subcommand && ret=0 ;; - (stop) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -t --time)"{-t=,--time=}"[Number of seconds to try to stop for before killing the container]:seconds to before killing:(1 5 10 30 60)" \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 - ;; (restart) __docker_container_subcommand && ret=0 ;; @@ -2197,6 +2194,9 @@ __docker_subcommand() { (stats) __docker_container_subcommand && ret=0 ;; + (stop) + __docker_container_subcommand && ret=0 + ;; (swarm) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ From fe0cfed70c5ddf3e62ebbb80e0a0602b38a69797 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 18:44:48 +0100 Subject: [PATCH 1985/2538] Move zsh completion logic to new subcommand: top Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4c06b28b50..0f5d8e2a88 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -819,7 +819,16 @@ __docker_container_subcommand() { "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (top) - __docker_subcommand && ret=0 + local state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)1:containers:__docker_complete_running_containers" \ + "($help -)*:: :->ps-arguments" && ret=0 + case $state in + (ps-arguments) + _ps && ret=0 + ;; + esac ;; (update) __docker_subcommand && ret=0 @@ -2221,16 +2230,7 @@ __docker_subcommand() { "($help -):destination:__docker_repositories_with_tags" && ret=0 ;; (top) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)1:containers:__docker_complete_running_containers" \ - "($help -)*:: :->ps-arguments" && ret=0 - case $state in - (ps-arguments) - _ps && ret=0 - ;; - esac - + __docker_container_subcommand && ret=0 ;; (update) _arguments $(__docker_arguments) \ From 643725b6a83ea7da54fde514b846650928d6f129 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 18:49:35 +0100 Subject: [PATCH 1986/2538] Move zsh completion logic to new subcommand: update Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 54 ++++++++++++++-------------------- 1 file changed, 22 insertions(+), 32 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 0f5d8e2a88..8fa2dc2216 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -831,7 +831,20 @@ __docker_container_subcommand() { esac ;; (update) - __docker_subcommand && ret=0 + local state + _arguments $(__docker_arguments) \ + $opts_help \ + opts_create_run_update \ + "($help -)*: :->values" && ret=0 + case $state in + (values) + if [[ ${words[(r)--kernel-memory*]} = (--kernel-memory*) ]]; then + __docker_complete_stopped_containers && ret=0 + else + __docker_complete_containers && ret=0 + fi + ;; + esac ;; (wait) __docker_subcommand && ret=0 @@ -1800,35 +1813,27 @@ __docker_commands() { } __docker_subcommand() { - local -a _command_args opts_help opts_build opts_build_update opts_update + local -a _command_args opts_help opts_build local expl help="--help" integer ret=1 opts_help=("(: -)--help[Print usage]") opts_build=( - "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " - "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" - "($help)--disable-content-trust[Skip image verification]" - "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " - "($help)*--ulimit=[ulimit options]:ulimit: " - "($help)--userns=[Container user namespace]:user namespace:(host)" - ) - opts_build_update=( "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" + "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " + "($help)--disable-content-trust[Skip image verification]" + "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " - ) - opts_update=( - "($help)--blkio-weight=[Block IO (relative weight), between 10 and 1000]:Block IO weight:(10 100 500 1000)" - "($help)--kernel-memory=[Kernel memory limit in bytes]:Memory limit: " - "($help)--memory-reservation=[Memory soft limit]:Memory limit: " - "($help)--restart=[Restart policy]:restart policy:(no on-failure always unless-stopped)" + "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " + "($help)*--ulimit=[ulimit options]:ulimit: " + "($help)--userns=[Container user namespace]:user namespace:(host)" ) case "$words[1]" in @@ -1839,7 +1844,6 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ $opts_build \ - $opts_build_update \ "($help)*--build-arg[Build-time variables]:=: " \ "($help)--compress[Compress the build context using gzip]" \ "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ @@ -2233,21 +2237,7 @@ __docker_subcommand() { __docker_container_subcommand && ret=0 ;; (update) - _arguments $(__docker_arguments) \ - $opts_help \ - $opts_update \ - $opts_build_update \ - "($help -)*: :->values" && ret=0 - - case $state in - (values) - if [[ ${words[(r)--kernel-memory*]} = (--kernel-memory*) ]]; then - __docker_complete_stopped_containers && ret=0 - else - __docker_complete_containers && ret=0 - fi - ;; - esac + __docker_container_subcommand && ret=0 ;; (volume) local curcontext="$curcontext" state From dab417618044ee0f3790ddff0a64099fa6b77210 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 18:50:36 +0100 Subject: [PATCH 1987/2538] Move zsh completion logic to new subcommand: wait Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8fa2dc2216..3c50ba862c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -847,7 +847,9 @@ __docker_container_subcommand() { esac ;; (wait) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:containers:__docker_complete_running_containers" && ret=0 ;; (help) _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0 @@ -2257,9 +2259,7 @@ __docker_subcommand() { esac ;; (wait) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -)*:containers:__docker_complete_running_containers" && ret=0 + __docker_container_subcommand && ret=0 ;; (help) _arguments $(__docker_arguments) ":subcommand:__docker_commands" && ret=0 From 53846847ba07a160b2fe29defe9c87c0c22fb7e1 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 19:43:22 +0100 Subject: [PATCH 1988/2538] Cleanup after moving all zsh completion logics for the new container command Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 99 +++++++--------------------------- 1 file changed, 19 insertions(+), 80 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3c50ba862c..d113abe019 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -611,6 +611,7 @@ __docker_container_subcommand() { "($help -): :__docker_repositories_with_tags" && ret=0 ;; (cp) + local state _arguments $(__docker_arguments) \ $opts_help \ "($help -L --follow-link)"{-L,--follow-link}"[Always follow symbol link]" \ @@ -627,6 +628,7 @@ __docker_container_subcommand() { esac ;; (create) + local state _arguments $(__docker_arguments) \ $opts_help \ $opts_create_run \ @@ -1815,52 +1817,46 @@ __docker_commands() { } __docker_subcommand() { - local -a _command_args opts_help opts_build + local -a _command_args opts_help local expl help="--help" integer ret=1 opts_help=("(: -)--help[Print usage]") - opts_build=( - "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" - "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " - "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " - "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " - "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " - "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " - "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " - "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " - "($help)--disable-content-trust[Skip image verification]" - "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" - "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " - "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " - "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " - "($help)*--ulimit=[ulimit options]:ulimit: " - "($help)--userns=[Container user namespace]:user namespace:(host)" - ) case "$words[1]" in - (attach) + (attach|commit|cp|create|diff|exec|export|kill|logs|pause|unpause|port|rename|restart|rm|run|start|stats|stop|top|update|wait) __docker_container_subcommand && ret=0 ;; (build) _arguments $(__docker_arguments) \ $opts_help \ - $opts_build \ "($help)*--build-arg[Build-time variables]:=: " \ + "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" \ + "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " \ "($help)--compress[Compress the build context using gzip]" \ + "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " \ + "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " \ + "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " \ + "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " \ + "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " \ + "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " \ + "($help)--disable-content-trust[Skip image verification]" \ "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ "($help)--force-rm[Always remove intermediate containers]" \ + "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" \ "($help)*--label=[Set metadata for an image]:label=value: " \ + "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " \ + "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " \ "($help)--no-cache[Do not use cache when building the image]" \ "($help)--pull[Attempt to pull a newer version of the image]" \ "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ "($help)--rm[Remove intermediate containers after a successful build]" \ + "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " \ "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_repositories_with_tags" \ + "($help)*--ulimit=[ulimit options]:ulimit: " \ + "($help)--userns=[Container user namespace]:user namespace:(host)" \ "($help -):path or URL:_directories" && ret=0 ;; - (commit) - __docker_container_subcommand && ret=0 - ;; (container) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ @@ -1878,12 +1874,6 @@ __docker_subcommand() { ;; esac ;; - (cp) - __docker_container_subcommand && ret=0 - ;; - (create) - __docker_container_subcommand && ret=0 - ;; (daemon) _arguments $(__docker_arguments) \ $opts_help \ @@ -1973,9 +1963,6 @@ __docker_subcommand() { ;; esac ;; - (diff) - __docker_container_subcommand && ret=0 - ;; (events) _arguments $(__docker_arguments) \ $opts_help \ @@ -1984,12 +1971,6 @@ __docker_subcommand() { "($help)--until=[Events created until this timestamp]:timestamp: " \ "($help)--format=[Format the output using the given go template]:template: " && ret=0 ;; - (exec) - __docker_container_subcommand && ret=0 - ;; - (export) - __docker_container_subcommand && ret=0 - ;; (history) _arguments $(__docker_arguments) \ $opts_help \ @@ -2049,9 +2030,6 @@ __docker_subcommand() { ;; esac ;; - (kill) - __docker_container_subcommand && ret=0 - ;; (load) _arguments $(__docker_arguments) \ $opts_help \ @@ -2070,9 +2048,6 @@ __docker_subcommand() { $opts_help \ "($help -)1:server: " && ret=0 ;; - (logs) - __docker_container_subcommand && ret=0 - ;; (network) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ @@ -2107,9 +2082,6 @@ __docker_subcommand() { ;; esac ;; - (pause|unpause) - __docker_container_subcommand && ret=0 - ;; (plugin) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ @@ -2127,9 +2099,6 @@ __docker_subcommand() { ;; esac ;; - (port) - __docker_container_subcommand && ret=0 - ;; (ps) words[1]='ls' __docker_container_subcommand && ret=0 @@ -2147,15 +2116,6 @@ __docker_subcommand() { "($help)--disable-content-trust[Skip image signing]" \ "($help -): :__docker_images" && ret=0 ;; - (rename) - __docker_container_subcommand && ret=0 - ;; - (restart) - __docker_container_subcommand && ret=0 - ;; - (rm) - __docker_container_subcommand && ret=0 - ;; (rmi) _arguments $(__docker_arguments) \ $opts_help \ @@ -2163,9 +2123,6 @@ __docker_subcommand() { "($help)--no-prune[Do not delete untagged parents]" \ "($help -)*: :__docker_images" && ret=0 ;; - (run) - __docker_container_subcommand && ret=0 - ;; (save) _arguments $(__docker_arguments) \ $opts_help \ @@ -2203,15 +2160,6 @@ __docker_subcommand() { ;; esac ;; - (start) - __docker_container_subcommand && ret=0 - ;; - (stats) - __docker_container_subcommand && ret=0 - ;; - (stop) - __docker_container_subcommand && ret=0 - ;; (swarm) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ @@ -2235,12 +2183,6 @@ __docker_subcommand() { "($help -):source:__docker_images"\ "($help -):destination:__docker_repositories_with_tags" && ret=0 ;; - (top) - __docker_container_subcommand && ret=0 - ;; - (update) - __docker_container_subcommand && ret=0 - ;; (volume) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ @@ -2258,9 +2200,6 @@ __docker_subcommand() { ;; esac ;; - (wait) - __docker_container_subcommand && ret=0 - ;; (help) _arguments $(__docker_arguments) ":subcommand:__docker_commands" && ret=0 ;; From 010340e304bdb11ca393606b6d50e7b6bd5e7010 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 8 Nov 2016 16:15:09 +0800 Subject: [PATCH 1989/2538] Update for docker checkpoint Signed-off-by: yuexiao-wang --- experimental/checkpoint-restore.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/experimental/checkpoint-restore.md b/experimental/checkpoint-restore.md index dc1f9cfb19..7e609b60ec 100644 --- a/experimental/checkpoint-restore.md +++ b/experimental/checkpoint-restore.md @@ -33,7 +33,7 @@ migration of a server from one machine to another. This is possible with the current implementation, but not currently a priority (and so the workflow is not optimized for the task). -## Using Checkpoint & Restore +## Using checkpoint & restore A new top level command `docker checkpoint` is introduced, with three subcommands: - `create` (creates a new checkpoint) @@ -48,7 +48,8 @@ The options for checkpoint create: Create a checkpoint from a running container - --leave-running=false leave the container running after checkpoint + --leave-running=false Leave the container running after checkpoint + --checkpoint-dir Use a custom checkpoint storage directory And to restore a container: @@ -71,7 +72,7 @@ in between running/checkpoint/restoring you should see that the counter increases while the process is running, stops while it's checkpointed, and resumes from the point it left off once you restore. -## Current Limitation +## Current limitation seccomp is only supported by CRIU in very up to date kernels. From 5af84edf263820fd88e65d714bc905569a0c8743 Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 25 Oct 2016 11:39:53 +0800 Subject: [PATCH 1990/2538] support show numbers of global service in service ls command Signed-off-by: allencloud --- docs/reference/commandline/deploy.md | 15 ++++----- docs/reference/commandline/service_create.md | 16 ++++++---- docs/reference/commandline/service_inspect.md | 4 +-- docs/reference/commandline/service_ls.md | 32 +++++++++---------- docs/reference/commandline/service_rm.md | 2 +- docs/reference/commandline/service_scale.md | 10 +++--- docs/reference/commandline/stack_deploy.md | 15 ++++----- experimental/docker-stacks-and-bundles.md | 17 +++++----- 8 files changed, 56 insertions(+), 55 deletions(-) diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index bafd9c497f..1376f489e1 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -45,14 +45,13 @@ You can verify that the services were correctly created: ```bash $ docker service ls -ID NAME REPLICAS IMAGE -COMMAND -29bv0vnlm903 vossibility-stack_lookupd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqlookupd -4awt47624qwh vossibility-stack_nsqd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqd --data-path=/data --lookupd-tcp-address=lookupd:4160 -4tjx9biia6fs vossibility-stack_elasticsearch 1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa -7563uuzr9eys vossibility-stack_kibana 1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 -9gc5m4met4he vossibility-stack_logstash 1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe logstash -f /etc/logstash/conf.d/logstash.conf -axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba --config /config/config.toml --debug +ID NAME MODE REPLICAS IMAGE +29bv0vnlm903 vossibility-stack_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4awt47624qwh vossibility-stack_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4tjx9biia6fs vossibility-stack_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility-stack_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility-stack_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe +axqh55ipl40h vossibility-stack_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba ``` ## Related information diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 17bb27d71b..3156e41064 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -74,9 +74,13 @@ command on a manager node. $ docker service create --name redis redis:3.0.6 dmu1ept4cxcfe8k8lhtux3ro3 +$ docker service create --mode global --name redis2 redis:3.0.6 +a8q9dasaafudfs8q8w32udass + $ docker service ls -ID NAME REPLICAS IMAGE -dmu1ept4cxcf redis 1/1 redis:3.0.6 +ID NAME MODE REPLICAS IMAGE +dmu1ept4cxcf redis replicated 1/1 redis:3.0.6 +a8q9dasaafud redis2 global 1/1 redis:3.0.6 ``` ### Create a service with 5 replica tasks (--replicas) @@ -99,8 +103,8 @@ number of `RUNNING` tasks is `3`: ```bash $ docker service ls -ID NAME REPLICAS IMAGE -4cdgfyky7ozw redis 3/5 redis:3.0.7 +ID NAME MODE REPLICAS IMAGE +4cdgfyky7ozw redis replicated 3/5 redis:3.0.7 ``` Once all the tasks are created and `RUNNING`, the actual number of tasks is @@ -108,8 +112,8 @@ equal to the desired number: ```bash $ docker service ls -ID NAME REPLICAS IMAGE -4cdgfyky7ozw redis 5/5 redis:3.0.7 +ID NAME MODE REPLICAS IMAGE +4cdgfyky7ozw redis replicated 5/5 redis:3.0.7 ``` ### Create a service with a rolling update policy diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 7eca7d0ebe..13550db82a 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -46,8 +46,8 @@ For example, given the following service; ```bash $ docker service ls -ID NAME REPLICAS IMAGE -dmu1ept4cxcf redis 3/3 redis:3.0.6 +ID NAME MODE REPLICAS IMAGE +dmu1ept4cxcf redis replicated 3/3 redis:3.0.6 ``` Both `docker service inspect redis`, and `docker service inspect dmu1ept4cxcf` diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 9986020ba8..40a98e076f 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -34,15 +34,16 @@ swarm. On a manager node: ```bash -ID NAME REPLICAS IMAGE -c8wgl7q4ndfd frontend 5/5 nginx:alpine -dmu1ept4cxcf redis 3/3 redis:3.0.6 +$ docker service ls +ID NAME MODE REPLICAS IMAGE +c8wgl7q4ndfd frontend replicated 5/5 nginx:alpine +dmu1ept4cxcf redis replicated 3/3 redis:3.0.6 +iwe3278osahj mongo global 7/7 mongo:3.3 ``` The `REPLICAS` column shows both the *actual* and *desired* number of tasks for the service. - ## Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more @@ -60,8 +61,8 @@ The `id` filter matches all or part of a service's id. ```bash $ docker service ls -f "id=0bcjw" -ID NAME REPLICAS IMAGE -0bcjwfh8ychr redis 1/1 redis:3.0.6 +ID NAME MODE REPLICAS IMAGE +0bcjwfh8ychr redis replicated 1/1 redis:3.0.6 ``` #### Label @@ -74,10 +75,10 @@ its value: ```bash $ docker service ls --filter label=project -ID NAME REPLICAS IMAGE -01sl1rp6nj5u frontend2 1/1 nginx:alpine -36xvvwwauej0 frontend 5/5 nginx:alpine -74nzcxxjv6fq backend 3/3 redis:3.0.6 +ID NAME MODE REPLICAS IMAGE +01sl1rp6nj5u frontend2 replicated 1/1 nginx:alpine +36xvvwwauej0 frontend replicated 5/5 nginx:alpine +74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 ``` The following filter matches only services with the `project` label with the @@ -85,12 +86,11 @@ The following filter matches only services with the `project` label with the ```bash $ docker service ls --filter label=project=project-a -ID NAME REPLICAS IMAGE -36xvvwwauej0 frontend 5/5 nginx:alpine -74nzcxxjv6fq backend 3/3 redis:3.0.6 +ID NAME MODE REPLICAS IMAGE +36xvvwwauej0 frontend replicated 5/5 nginx:alpine +74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 ``` - #### Name The `name` filter matches on all or part of a tasks's name. @@ -99,8 +99,8 @@ The following filter matches services with a name containing `redis`. ```bash $ docker service ls --filter name=redis -ID NAME REPLICAS IMAGE -0bcjwfh8ychr redis 1/1 redis:3.0.6 +ID NAME MODE REPLICAS IMAGE +0bcjwfh8ychr redis replicated 1/1 redis:3.0.6 ``` ## Related information diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index ccaef09860..6cfb44c12b 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -36,7 +36,7 @@ For example, to remove the redis service: $ docker service rm redis redis $ docker service ls -ID NAME SCALE IMAGE +ID NAME MODE REPLICAS IMAGE ``` > **Warning**: Unlike `docker rm`, this command does not ask for confirmation diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index 783d8f3400..4ed4652a5b 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -56,8 +56,8 @@ replicas. ```bash $ docker service ls --filter name=frontend -ID NAME REPLICAS IMAGE -3pr5mlvu3fh9 frontend 15/50 nginx:alpine +ID NAME MODE REPLICAS IMAGE +3pr5mlvu3fh9 frontend replicated 15/50 nginx:alpine ``` You can also scale a service using the [`docker service update`](service_update.md) @@ -80,9 +80,9 @@ backend scaled to 3 frontend scaled to 5 $ docker service ls -ID NAME REPLICAS IMAGE -3pr5mlvu3fh9 frontend 5/5 nginx:alpine -74nzcxxjv6fq backend 3/3 redis:3.0.6 +ID NAME MODE REPLICAS IMAGE +3pr5mlvu3fh9 frontend replicated 5/5 nginx:alpine +74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 ``` ## Related information diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 168f955681..8b0a4dba5f 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -47,14 +47,13 @@ You can verify that the services were correctly created: ```bash $ docker service ls -ID NAME REPLICAS IMAGE -COMMAND -29bv0vnlm903 vossibility-stack_lookupd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqlookupd -4awt47624qwh vossibility-stack_nsqd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqd --data-path=/data --lookupd-tcp-address=lookupd:4160 -4tjx9biia6fs vossibility-stack_elasticsearch 1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa -7563uuzr9eys vossibility-stack_kibana 1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 -9gc5m4met4he vossibility-stack_logstash 1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe logstash -f /etc/logstash/conf.d/logstash.conf -axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba --config /config/config.toml --debug +ID NAME MODE REPLICAS IMAGE +29bv0vnlm903 vossibility-stack_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4awt47624qwh vossibility-stack_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4tjx9biia6fs vossibility-stack_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility-stack_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility-stack_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe +axqh55ipl40h vossibility-stack_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba ``` ## Related information diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 8902a19ea1..b777c3919c 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -65,15 +65,14 @@ Creating service vossibility-stack_vossibility-collector We can verify that services were correctly created: ```bash -# docker service ls -ID NAME REPLICAS IMAGE -COMMAND -29bv0vnlm903 vossibility-stack_lookupd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqlookupd -4awt47624qwh vossibility-stack_nsqd 1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 /nsqd --data-path=/data --lookupd-tcp-address=lookupd:4160 -4tjx9biia6fs vossibility-stack_elasticsearch 1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa -7563uuzr9eys vossibility-stack_kibana 1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 -9gc5m4met4he vossibility-stack_logstash 1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe logstash -f /etc/logstash/conf.d/logstash.conf -axqh55ipl40h vossibility-stack_vossibility-collector 1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba --config /config/config.toml --debug +$ docker service ls +ID NAME MODE REPLICAS IMAGE +29bv0vnlm903 vossibility-stack_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4awt47624qwh vossibility-stack_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4tjx9biia6fs vossibility-stack_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility-stack_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility-stack_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe +axqh55ipl40h vossibility-stack_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba ``` ## Managing stacks From e2f650360918aa0573dac59598a92aa2e1cd5887 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 7 Nov 2016 18:40:47 -0800 Subject: [PATCH 1991/2538] Change to plural forms for help output of `docker service update` This fix is based on the comment in https://github.com/docker/docker/pull/27567#discussion_r86910604 Basically, in the help output of `docker service update`, the `--xxx-add` flags typically have plural forms while `--xxx-rm` flags have singular forms. This fix updates the help output for consistency. This fix also updates the related docs in `service_update.md`. The help output in `service_update.md` has been quite out-of-sync with the actual output so this fix replaces the output with the most up-to-date output. This fix is related to #27567. Signed-off-by: Yong Tang --- docs/reference/commandline/service_update.md | 92 ++++++++++---------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 143e435157..212b427f03 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -21,52 +21,52 @@ Usage: docker service update [OPTIONS] SERVICE Update a service Options: - --args string Service command args - --constraint-add value Add or update placement constraints (default []) - --constraint-rm value Remove a constraint (default []) - --container-label-add value Add or update container labels (default []) - --container-label-rm value Remove a container label by its key (default []) - --endpoint-mode string Endpoint mode (vip or dnsrr) - --env-add value Add or update environment variables (default []) - --env-rm value Remove an environment variable (default []) - --force Force update even if no changes require it - --group-add value Add additional supplementary user groups to the container (default []) - --group-rm value Remove previously added supplementary user groups from the container (default []) - --health-cmd string Command to run to check health - --health-interval duration Time between running the check - --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run - --help Print usage - --image string Service image tag - --label-add value Add or update service labels (default []) - --label-rm value Remove a label by its key (default []) - --limit-cpu value Limit CPUs (default 0.000) - --limit-memory value Limit Memory (default 0 B) - --log-driver string Logging driver for service - --log-opt value Logging driver options (default []) - --mount-add value Add or update a mount on a service - --mount-rm value Remove a mount by its target path (default []) - --no-healthcheck Disable any container-specified HEALTHCHECK - --publish-add value Add or update a published port (default []) - --publish-rm value Remove a published port by its target port (default []) - --replicas value Number of tasks (default none) - --reserve-cpu value Reserve CPUs (default 0.000) - --reserve-memory value Reserve Memory (default 0 B) - --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay value Delay between restart attempts (default none) - --restart-max-attempts value Maximum number of restarts before giving up (default none) - --restart-window value Window used to evaluate the restart policy (default none) - --rollback Rollback to previous specification - --stop-grace-period value Time to wait before force killing a container (default none) - -t, --tty Allocate a pseudo-TTY - --update-delay duration Delay between updates - --update-failure-action string Action on update failure (pause|continue) (default "pause") - --update-max-failure-ratio value Failure rate to tolerate during an update - --update-monitor duration Duration after each task update to monitor for failure (default 0s) - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID (format: [:]) - --with-registry-auth Send registry authentication details to Swarm agents - -w, --workdir string Working directory inside the container + --args string Service command args + --constraint-add stringSlice Add or update a placement constraint + --constraint-rm list Remove a constraint (default []) + --container-label-add list Add or update a container label (default []) + --container-label-rm list Remove a container label by its key (default []) + --endpoint-mode string Endpoint mode (vip or dnsrr) + --env-add list Add or update an environment variable (default []) + --env-rm list Remove an environment variable (default []) + --force Force update even if no changes require it + --group-add stringSlice Add an additional supplementary user group to the container + --group-rm list Remove a previously added supplementary user group from the container (default []) + --health-cmd string Command to run to check health + --health-interval duration-ptr Time between running the check (default none) + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration-ptr Maximum time to allow one check to run (default none) + --help Print usage + --image string Service image tag + --label-add list Add or update a service label (default []) + --label-rm list Remove a label by its key (default []) + --limit-cpu NanoCPUs Limit CPUs (default 0.000) + --limit-memory MemoryBytes Limit Memory (default 0 B) + --log-driver string Logging driver for service + --log-opt list Logging driver options (default []) + --mount-add mount Add or update a mount on a service + --mount-rm list Remove a mount by its target path (default []) + --no-healthcheck Disable any container-specified HEALTHCHECK + --publish-add list Add or update a published port (default []) + --publish-rm list Remove a published port by its target port (default []) + --replicas uint64-ptr Number of tasks (default none) + --reserve-cpu NanoCPUs Reserve CPUs (default 0.000) + --reserve-memory MemoryBytes Reserve Memory (default 0 B) + --restart-condition string Restart when condition is met (none, on-failure, or any) + --restart-delay duration-ptr Delay between restart attempts (default none) + --restart-max-attempts uint64-ptr Maximum number of restarts before giving up (default none) + --restart-window duration-ptr Window used to evaluate the restart policy (default none) + --rollback Rollback to previous specification + --stop-grace-period duration-ptr Time to wait before force killing a container (default none) + -t, --tty Allocate a pseudo-TTY + --update-delay duration Delay between updates + --update-failure-action string Action on update failure (pause|continue) (default "pause") + --update-max-failure-ratio float32 Failure rate to tolerate during an update + --update-monitor duration Duration after each task update to monitor for failure + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) + -u, --user string Username or UID (format: [:]) + --with-registry-auth Send registry authentication details to swarm agents + -w, --workdir string Working directory inside the container ``` Updates a service as described by the specified parameters. This command has to be run targeting a manager node. From d1ed73508a824f6abac29bdbe2fd3488148f7ec2 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Mon, 7 Nov 2016 17:43:11 -0800 Subject: [PATCH 1992/2538] support settings in docker plugins install Signed-off-by: Victor Vieux --- docs/reference/commandline/plugin_install.md | 11 ++++++----- docs/reference/commandline/plugin_set.md | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 524b4d8d5c..24155a3ea4 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -17,7 +17,7 @@ advisory: "experimental" # plugin install (experimental) ```markdown -Usage: docker plugin install [OPTIONS] PLUGIN +Usage: docker plugin install [OPTIONS] PLUGIN [KEY=VALUE...] Install a plugin @@ -33,12 +33,13 @@ the registry. Note that the minimum required registry version to distribute plugins is 2.3.0 -The following example installs `no-remove` plugin. Install consists of pulling the -plugin from Docker Hub, prompting the user to accept the list of privileges that -the plugin needs and enabling the plugin. +The following example installs `no-remove` plugin and [set](plugin_set.md) it's env variable +`DEBUG` to 1. Install consists of pulling the plugin from Docker Hub, prompting +the user to accept the list of privileges that the plugin needs, settings parameters + and enabling the plugin. ```bash -$ docker plugin install tiborvass/no-remove +$ docker plugin install tiborvass/no-remove DEBUG=1 Plugin "tiborvass/no-remove" is requesting the following privileges: - network: [host] diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md index 8c9eb74e1c..9a07f5d8eb 100644 --- a/docs/reference/commandline/plugin_set.md +++ b/docs/reference/commandline/plugin_set.md @@ -17,7 +17,7 @@ advisory: "experimental" # plugin set (experimental) ```markdown -Usage: docker plugin set PLUGIN key1=value1 [key2=value2...] +Usage: docker plugin set PLUGIN KEY=VALUE [KEY=VALUE...] Change settings for a plugin From 80fb5e93ee90c2428c2551c515685ee113a94855 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 19 Oct 2016 17:07:44 -0700 Subject: [PATCH 1993/2538] Add custom DNS settings to service definition This fix tries to fix the issue raised in 24391 about allowing custom DNS settings to service definition. This fix adds `DNSConfig` (`Nameservers`, `Options`, `Search`) to service definition, as well as `--dns`, `--dns-opt`, and `dns-search` to `service create`. An integration test has been added to cover the changes in this fix. This fix fixes 24391. A PR in swarmkit will be created separately. Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 3156e41064..b355e55d04 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -23,6 +23,9 @@ Create a new service Options: --constraint value Placement constraints (default []) --container-label value Service container labels (default []) + --dns list Set custom DNS servers (default []) + --dns-opt list Set DNS options (default []) + --dns-search list Set custom DNS search domains (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) -e, --env value Set environment variables (default []) --env-file value Read in a file of environment variables (default []) From 6355071b1706e1e772851bdf4a7e46d0a62614d7 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 26 Oct 2016 20:05:39 -0700 Subject: [PATCH 1994/2538] Add custom DNS settings to service update This fix adds `--dns-add`, `--dns-rm`, `--dns-opt-add`, `--dns-opt-rm`, `--dns-search-add` and `--dns-search-rm` to `service update`. An integration test and a unit test have been added to cover the changes in this fix. Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index b355e55d04..4d95ce96a2 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -24,7 +24,7 @@ Options: --constraint value Placement constraints (default []) --container-label value Service container labels (default []) --dns list Set custom DNS servers (default []) - --dns-opt list Set DNS options (default []) + --dns-options list Set DNS options (default []) --dns-search list Set custom DNS search domains (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) -e, --env value Set environment variables (default []) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 212b427f03..531c0009dc 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -26,6 +26,12 @@ Options: --constraint-rm list Remove a constraint (default []) --container-label-add list Add or update a container label (default []) --container-label-rm list Remove a container label by its key (default []) + --dns-add list Add or update custom DNS servers (default []) + --dns-options-add list Add or update DNS options (default []) + --dns-options-rm list Remove DNS options (default []) + --dns-rm list Remove custom DNS servers (default []) + --dns-search-add list Add or update custom DNS search domains (default []) + --dns-search-rm list Remove DNS search domains (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) --env-add list Add or update an environment variable (default []) --env-rm list Remove an environment variable (default []) From 49b6be893cf242da7183ba60c1d11e1ada49c63c Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 2 Nov 2016 12:29:51 -0700 Subject: [PATCH 1995/2538] cli: Add options for Raft snapshotting Add the following options to "swarm init" and "swarm update": - --max-snapshots: Retain this many old Raft snapshots in addition to the latest one - --snapshot-interval: Number of log entries between Raft snapshots These options already existed in SwarmKit and the Docker API but were never exposed in the CLI. I'm adding them here to fix this oversight. --max-snapshots may be useful for debugging purposes and more conservative users who want to store rolling backups of old versions of the Raft state. --snapshot-interval is most useful for performance tuning. The default value of 10000 may not be ideal for some setups. There is also a LogEntriesForSlowFollowers option that is not exposed. I decided not to expose it along with these others because I don't think it's generally useful (and I'm not sure what I would call the CLI flag). But if people want, I can expose it for the sake of completeness. Signed-off-by: Aaron Lehmann --- contrib/completion/bash/docker | 4 ++-- contrib/completion/zsh/_docker | 8 +++++++- docs/reference/commandline/swarm_init.md | 23 +++++++++++++++++++--- docs/reference/commandline/swarm_update.md | 2 ++ 4 files changed, 31 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 11fe924d51..786bcd3a25 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2841,14 +2841,14 @@ _docker_swarm_leave() { _docker_swarm_update() { case "$prev" in - --cert-expiry|--dispatcher-heartbeat|--task-history-limit) + --cert-expiry|--dispatcher-heartbeat|--max-snapshots|--snapshot-interval|--task-history-limit) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--cert-expiry --dispatcher-heartbeat --help --task-history-limit" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--cert-expiry --dispatcher-heartbeat --help --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) ) ;; esac } diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d113abe019..88a8f4fb52 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1630,7 +1630,10 @@ __docker_swarm_subcommand() { "($help)--advertise-addr[Advertised address]:ip\:port: " \ "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ "($help)--force-new-cluster[Force create a new cluster from current state]" \ - "($help)--listen-addr=[Listen address]:ip\:port: " && ret=0 + "($help)--listen-addr=[Listen address]:ip\:port: " \ + "($help)--max-snapshots[Number of additional Raft snapshots to retain]" \ + "($help)--snapshot-interval[Number of log entries between Raft snapshots]" \ + "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0 ;; (join) _arguments $(__docker_arguments) \ @@ -1655,7 +1658,10 @@ __docker_swarm_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)--cert-expiry=[Validity period for node certificates]:duration: " \ + "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ "($help)--dispatcher-heartbeat=[Dispatcher heartbeat period]:duration: " \ + "($help)--max-snapshots[Number of additional Raft snapshots to retain]" \ + "($help)--snapshot-interval[Number of log entries between Raft snapshots]" \ "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0 ;; (help) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index bc1ce27ddb..6c2ab81a55 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -28,6 +28,8 @@ Options: --force-new-cluster Force create a new cluster from current state --help Print usage --listen-addr value Listen address (format: [:port]) + --max-snapshots int Number of additional Raft snapshots to retain + --snapshot-interval int Number of log entries between Raft snapshots --task-history-limit int Task history retention limit (default 5) ``` @@ -64,7 +66,7 @@ This flag sets the validity period for node certificates. This flags sets the frequency with which nodes are told to use as a period to report their health. -### `--external-ca value` +### `--external-ca` This flag sets up the swarm to use an external CA to issue node certificates. The value takes the form `protocol=X,url=Y`. The value for `protocol` specifies what protocol should be used @@ -75,7 +77,7 @@ The URL specifies the endpoint where signing requests should be submitted. This flag forces an existing node that was part of a quorum that was lost to restart as a single node Manager without losing its data. -### `--listen-addr value` +### `--listen-addr` The node listens for inbound swarm manager traffic on this address. The default is to listen on 0.0.0.0:2377. It is also possible to specify a network interface to listen on that interface's @@ -84,7 +86,7 @@ address; for example `--listen-addr eth0:2377`. Specifying a port is optional. If the value is a bare IP address or interface name, the default port 2377 will be used. -### `--advertise-addr value` +### `--advertise-addr` This flag specifies the address that will be advertised to other members of the swarm for API access and overlay networking. If unspecified, Docker will check @@ -103,6 +105,21 @@ name, the default port 2377 will be used. This flag sets up task history retention limit. +### `--max-snapshots` + +This flag sets the number of old Raft snapshots to retain in addition to the +current Raft snapshots. By default, no old snapshots are retained. This option +may be used for debugging, or to store old snapshots of the swarm state for +disaster recovery purposes. + +### `--snapshot-interval` + +This flag specifies how many log entries to allow in between Raft snapshots. +Setting this to a higher number will trigger snapshots less frequently. +Snapshots compact the Raft log and allow for more efficient transfer of the +state to new managers. However, there is a performance cost to taking snapshots +frequently. + ## Related information * [swarm join](swarm_join.md) diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 7d49c83d36..46395cf421 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -25,6 +25,8 @@ Options: --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) --external-ca value Specifications of one or more certificate signing endpoints --help Print usage + --max-snapshots int Number of additional Raft snapshots to retain + --snapshot-interval int Number of log entries between Raft snapshots --task-history-limit int Task history retention limit (default 5) ``` From 0192ac02651ad93cabc865ff66ce1e8b0f2c06ee Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 9 Nov 2016 13:50:14 +0800 Subject: [PATCH 1996/2538] Fix the link for plugin documentation Signed-off-by: yuexiao-wang --- experimental/plugins_graphdriver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/plugins_graphdriver.md b/experimental/plugins_graphdriver.md index 1a291e0d52..e94fbb63f1 100644 --- a/experimental/plugins_graphdriver.md +++ b/experimental/plugins_graphdriver.md @@ -10,7 +10,7 @@ being started. # Write a graph driver plugin -See the [plugin documentation](/docs/extend/plugins.md) for detailed information +See the [plugin documentation](/docs/extend/index.md) for detailed information on the underlying plugin protocol. From 7d90a0641739c1bfa42b12ae155120362ba06b8f Mon Sep 17 00:00:00 2001 From: milindchawre Date: Tue, 25 Oct 2016 12:22:07 +0000 Subject: [PATCH 1997/2538] Fixes #24083 : Improving cli help for flags with duration option Signed-off-by: milindchawre --- docs/reference/commandline/create.md | 4 ++-- docs/reference/commandline/run.md | 4 ++-- docs/reference/commandline/service_create.md | 8 ++++---- docs/reference/commandline/service_update.md | 8 ++++---- docs/reference/commandline/swarm_init.md | 4 ++-- docs/reference/commandline/swarm_update.md | 4 ++-- 6 files changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 034b9dd9d6..e662132092 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -58,9 +58,9 @@ Options: --expose value Expose a port or a range of ports (default []) --group-add value Add additional groups to join (default []) --health-cmd string Command to run to check health - --health-interval duration Time between running the check + --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) --help Print usage -h, --hostname string Container host name -i, --interactive Keep STDIN open even if not attached diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index fc4a9e5a3a..e89e771051 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -62,9 +62,9 @@ Options: --expose value Expose a port or a range of ports (default []) --group-add value Add additional groups to join (default []) --health-cmd string Command to run to check health - --health-interval duration Time between running the check + --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) --help Print usage -h, --hostname string Container host name -i, --interactive Keep STDIN open even if not attached diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 4d95ce96a2..c058616a07 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -31,9 +31,9 @@ Options: --env-file value Read in a file of environment variables (default []) --group value Set one or more supplementary user groups for the container (default []) --health-cmd string Command to run to check health - --health-interval duration Time between running the check + --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) --help Print usage --hostname Service containers hostname -l, --label value Service labels (default []) @@ -56,10 +56,10 @@ Options: --restart-window value Window used to evaluate the restart policy (default none) --stop-grace-period value Time to wait before force killing a container (default none) -t, --tty Allocate a pseudo-TTY - --update-delay duration Delay between updates + --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure (pause|continue) (default "pause") --update-max-failure-ratio value Failure rate to tolerate during an update - --update-monitor duration Duration after each task update to monitor for failure (default 0s) + --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) -u, --user string Username or UID (format: [:]) --with-registry-auth Send registry authentication details to Swarm agents diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 531c0009dc..bf40aa4446 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -39,9 +39,9 @@ Options: --group-add stringSlice Add an additional supplementary user group to the container --group-rm list Remove a previously added supplementary user group from the container (default []) --health-cmd string Command to run to check health - --health-interval duration-ptr Time between running the check (default none) + --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration-ptr Maximum time to allow one check to run (default none) + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) --help Print usage --image string Service image tag --label-add list Add or update a service label (default []) @@ -65,10 +65,10 @@ Options: --rollback Rollback to previous specification --stop-grace-period duration-ptr Time to wait before force killing a container (default none) -t, --tty Allocate a pseudo-TTY - --update-delay duration Delay between updates + --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure (pause|continue) (default "pause") --update-max-failure-ratio float32 Failure rate to tolerate during an update - --update-monitor duration Duration after each task update to monitor for failure + --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) -u, --user string Username or UID (format: [:]) --with-registry-auth Send registry authentication details to swarm agents diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 6c2ab81a55..36c07f72f9 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -22,8 +22,8 @@ Initialize a swarm Options: --advertise-addr value Advertised address (format: [:port]) - --cert-expiry duration Validity period for node certificates (default 2160h0m0s) - --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) + --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) + --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) --external-ca value Specifications of one or more certificate signing endpoints --force-new-cluster Force create a new cluster from current state --help Print usage diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 46395cf421..e9c30b6d44 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -21,8 +21,8 @@ Usage: docker swarm update [OPTIONS] Update the swarm Options: - --cert-expiry duration Validity period for node certificates (default 2160h0m0s) - --dispatcher-heartbeat duration Dispatcher heartbeat period (default 5s) + --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) + --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) --external-ca value Specifications of one or more certificate signing endpoints --help Print usage --max-snapshots int Number of additional Raft snapshots to retain From e8388b10d6b8022e1359ac3ae411d9e21fcefb5b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:15:23 +0100 Subject: [PATCH 1998/2538] Rename zsh images & log complete functions Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 66 +++++++++++++++++----------------- 1 file changed, 34 insertions(+), 32 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 88a8f4fb52..a34a7eb9c8 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -149,25 +149,27 @@ __docker_complete_info_plugins() { return ret } -__docker_images() { +__docker_complete_images() { [[ $PREFIX = -* ]] && return 1 integer ret=1 declare -a images images=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}[2,-1]}/(#b)([^ ]##) ##([^ ]##) ##([^ ]##)*/${match[3]}:${(r:15:: :::)match[2]} in ${match[1]}}) _describe -t docker-images "images" images && ret=0 - __docker_repositories_with_tags && ret=0 + __docker_complete_repositories_with_tags && ret=0 return ret } -__docker_repositories() { +__docker_complete_repositories() { [[ $PREFIX = -* ]] && return 1 + integer ret=1 declare -a repos repos=(${${${(f)${:-"$(_call_program commands docker $docker_options images)"$'\n'}}%% *}[2,-1]}) repos=(${repos#}) - _describe -t docker-repos "repositories" repos + _describe -t docker-repos "repositories" repos && ret=0 + return ret } -__docker_repositories_with_tags() { +__docker_complete_repositories_with_tags() { [[ $PREFIX = -* ]] && return 1 integer ret=1 declare -a repos onlyrepos matched @@ -244,7 +246,7 @@ __docker_get_log_options() { return ret } -__docker_log_drivers() { +__docker_complete_log_drivers() { [[ $PREFIX = -* ]] && return 1 integer ret=1 drivers=(awslogs etwlogs fluentd gcplogs gelf journald json-file none splunk syslog) @@ -252,7 +254,7 @@ __docker_log_drivers() { return ret } -__docker_log_options() { +__docker_complete_log_options() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -327,7 +329,7 @@ __docker_complete_ps_filters() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in (ancestor) - __docker_images && ret=0 + __docker_complete_images && ret=0 ;; (before|since) __docker_complete_containers && ret=0 @@ -402,7 +404,7 @@ __docker_complete_images_filters() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in (before|since) - __docker_images && ret=0 + __docker_complete_images && ret=0 ;; (dangling) _describe -t boolean-filter-opts "filter options" boolean_opts && ret=0 @@ -448,7 +450,7 @@ __docker_complete_events_filter() { _describe -t event-filter-opts "event filter options" event_opts && ret=0 ;; (image) - __docker_images && ret=0 + __docker_complete_images && ret=0 ;; (network) __docker_networks && ret=0 @@ -545,8 +547,8 @@ __docker_container_subcommand() { "($help)*--link=[Add link to another container]:link:->link" "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " "($help)*"{-l=,--label=}"[Container metadata]:label: " - "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_log_drivers" - "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_log_options" + "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers" + "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_complete_log_options" "($help)--mac-address=[Container MAC address]:MAC address: " "($help)*--mount=[Attach a filesystem mount to the container]:mount: " "($help)--name=[Container name]:name: " @@ -608,7 +610,7 @@ __docker_container_subcommand() { "($help -m --message)"{-m=,--message=}"[Commit message]:message: " \ "($help -p --pause)"{-p,--pause}"[Pause container during commit]" \ "($help -):container:__docker_complete_containers" \ - "($help -): :__docker_repositories_with_tags" && ret=0 + "($help -): :__docker_complete_repositories_with_tags" && ret=0 ;; (cp) local state @@ -633,7 +635,7 @@ __docker_container_subcommand() { $opts_help \ $opts_create_run \ $opts_create_run_update \ - "($help -): :__docker_images" \ + "($help -): :__docker_complete_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 case $state in @@ -777,7 +779,7 @@ __docker_container_subcommand() { "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \ "($help)--storage-opt=[Storage driver options for the container]:storage options:->storage-opt" \ - "($help -): :__docker_images" \ + "($help -): :__docker_complete_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 case $state in @@ -1490,8 +1492,8 @@ __docker_service_subcommand() { "($help)*--label=[Service labels]:label: " "($help)--limit-cpu=[Limit CPUs]:value: " "($help)--limit-memory=[Limit Memory]:value: " - "($help)--log-driver=[Logging driver for service]:logging driver:__docker_log_drivers" - "($help)*--log-opt=[Logging driver options]:log driver options:__docker_log_options" + "($help)--log-driver=[Logging driver for service]:logging driver:__docker_complete_log_drivers" + "($help)*--log-opt=[Logging driver options]:log driver options:__docker_complete_log_options" "($help)*--mount=[Attach a filesystem mount to the service]:mount: " "($help)*--network=[Network attachments]:network: " "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" @@ -1523,7 +1525,7 @@ __docker_service_subcommand() { "($help)*--env-file=[Read environment variables from a file]:environment file:_files" \ "($help)--mode=[Service Mode]:mode:(global replicated)" \ "($help)--name=[Service name]:name: " \ - "($help -): :__docker_images" \ + "($help -): :__docker_complete_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 ;; @@ -1588,7 +1590,7 @@ __docker_service_subcommand() { "($help)--force[Force update]" \ "($help)*--group-add=[Add additional supplementary user groups to the container]:group:_groups" \ "($help)*--group-rm=[Remove previously added supplementary user groups from the container]:group:_groups" \ - "($help)--image=[Service image tag]:image:__docker_repositories" \ + "($help)--image=[Service image tag]:image:__docker_complete_repositories" \ "($help)--rollback[Rollback to previous specification]" \ "($help -)1:service:__docker_complete_services" && ret=0 ;; @@ -1858,7 +1860,7 @@ __docker_subcommand() { "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ "($help)--rm[Remove intermediate containers after a successful build]" \ "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " \ - "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_repositories_with_tags" \ + "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_complete_repositories_with_tags" \ "($help)*--ulimit=[ulimit options]:ulimit: " \ "($help)--userns=[Container user namespace]:user namespace:(host)" \ "($help -):path or URL:_directories" && ret=0 @@ -1921,8 +1923,8 @@ __docker_subcommand() { "($help -l --log-level)"{-l=,--log-level=}"[Logging level]:level:(debug info warn error fatal)" \ "($help)*--label=[Key=value labels]:label: " \ "($help)--live-restore[Enable live restore of docker when containers are still running]" \ - "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_log_drivers" \ - "($help)*--log-opt=[Default log driver options for containers]:log driver options:__docker_log_options" \ + "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers" \ + "($help)*--log-opt=[Default log driver options for containers]:log driver options:__docker_complete_log_options" \ "($help)--max-concurrent-downloads[Set the max concurrent downloads for each pull]" \ "($help)--max-concurrent-uploads[Set the max concurrent uploads for each push]" \ "($help)--mtu=[Network MTU]:mtu:(0 576 1420 1500 9000)" \ @@ -1983,7 +1985,7 @@ __docker_subcommand() { "($help -H --human)"{-H,--human}"[Print sizes and dates in human readable format]" \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ - "($help -)*: :__docker_images" && ret=0 + "($help -)*: :__docker_complete_images" && ret=0 ;; (images) _arguments $(__docker_arguments) \ @@ -1994,7 +1996,7 @@ __docker_subcommand() { "($help)--format=[Pretty-print images using a Go template]:template: " \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ - "($help -): :__docker_repositories" && ret=0 + "($help -): :__docker_complete_repositories" && ret=0 case $state in (filter-options) @@ -2008,7 +2010,7 @@ __docker_subcommand() { "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ "($help -m --message)"{-m=,--message=}"[Commit message for imported image]:message: " \ "($help -):URL:(- http:// file://)" \ - "($help -): :__docker_repositories_with_tags" && ret=0 + "($help -): :__docker_complete_repositories_with_tags" && ret=0 ;; (info|version) _arguments $(__docker_arguments) \ @@ -2029,9 +2031,9 @@ __docker_subcommand() { if [[ ${words[(r)--type=container]} == --type=container ]]; then __docker_complete_containers && ret=0 elif [[ ${words[(r)--type=image]} == --type=image ]]; then - __docker_images && ret=0 + __docker_complete_images && ret=0 else - __docker_images && __docker_complete_containers && ret=0 + __docker_complete_images && __docker_complete_containers && ret=0 fi ;; esac @@ -2120,20 +2122,20 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)--disable-content-trust[Skip image signing]" \ - "($help -): :__docker_images" && ret=0 + "($help -): :__docker_complete_images" && ret=0 ;; (rmi) _arguments $(__docker_arguments) \ $opts_help \ "($help -f --force)"{-f,--force}"[Force removal]" \ "($help)--no-prune[Do not delete untagged parents]" \ - "($help -)*: :__docker_images" && ret=0 + "($help -)*: :__docker_complete_images" && ret=0 ;; (save) _arguments $(__docker_arguments) \ $opts_help \ "($help -o --output)"{-o=,--output=}"[Write to file]:file:_files" \ - "($help -)*: :__docker_images" && ret=0 + "($help -)*: :__docker_complete_images" && ret=0 ;; (search) _arguments $(__docker_arguments) \ @@ -2186,8 +2188,8 @@ __docker_subcommand() { (tag) _arguments $(__docker_arguments) \ $opts_help \ - "($help -):source:__docker_images"\ - "($help -):destination:__docker_repositories_with_tags" && ret=0 + "($help -):source:__docker_complete_images"\ + "($help -):destination:__docker_complete_repositories_with_tags" && ret=0 ;; (volume) local curcontext="$curcontext" state From fafe5a16f337f115e902d8dd82dc51ee23cd0521 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:37:26 +0100 Subject: [PATCH 1999/2538] Add zsh completion for 'docker image' subcommands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 94 ++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a34a7eb9c8..08f1ca5f48 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -865,6 +865,83 @@ __docker_container_subcommand() { # EO container +# BO image + +__docker_image_commands() { + local -a _docker_image_subcommands + _docker_image_subcommands=( + "build:Build an image from a Dockerfile" + "history:Show the history of an image" + "import:Import the contents from a tarball to create a filesystem image" + "inspect:Display detailed information on one or more images" + "load:Load an image from a tar archive or STDIN" + "ls:List images" + "prune:Remove unused images" + "pull:Pull an image or a repository from a registry" + "push:Push an image or a repository to a registry" + "rm:Remove one or more images" + "save:Save one or more images to a tar archive (streamed to STDOUT by default)" + "tag:Tag an image into a repository" + ) + _describe -t docker-image-commands "docker image command" _docker_image_subcommands +} + +__docker_image_subcommand() { + local -a _command_args opts_help + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + + case "$words[1]" in + (build) + __docker_subcommand && ret=0 + ;; + (history) + __docker_subcommand && ret=0 + ;; + (import) + __docker_subcommand && ret=0 + ;; + (inspect) + __docker_subcommand && ret=0 + ;; + (load) + __docker_subcommand && ret=0 + ;; + (ls|list) + words[1]='images' + __docker_subcommand && ret=0 + ;; + (prune) + # @TODO + ;; + (pull) + __docker_subcommand && ret=0 + ;; + (push) + __docker_subcommand && ret=0 + ;; + (rm) + words[1]='rmi' + __docker_subcommand && ret=0 + ;; + (save) + __docker_subcommand && ret=0 + ;; + (tag) + __docker_subcommand && ret=0 + ;; + (help) + _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0 + ;; + esac + + return ret +} + +# EO image + # BO network __docker_network_complete_ls_filters() { @@ -1987,6 +2064,23 @@ __docker_subcommand() { "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -)*: :__docker_complete_images" && ret=0 ;; + (image) + local curcontext="$curcontext" state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_image_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-${words[-1]}: + __docker_image_subcommand && ret=0 + ;; + esac + ;; (images) _arguments $(__docker_arguments) \ $opts_help \ From 9d35c2f68bad71f4b86285e389db4c7f1902b04b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:41:28 +0100 Subject: [PATCH 2000/2538] Move zsh completion logic to new subcommand: build Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 58 +++++++++++++++++----------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 08f1ca5f48..2419219524 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -895,7 +895,34 @@ __docker_image_subcommand() { case "$words[1]" in (build) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)*--build-arg[Build-time variables]:=: " \ + "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" \ + "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " \ + "($help)--compress[Compress the build context using gzip]" \ + "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " \ + "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " \ + "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " \ + "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " \ + "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " \ + "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " \ + "($help)--disable-content-trust[Skip image verification]" \ + "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ + "($help)--force-rm[Always remove intermediate containers]" \ + "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" \ + "($help)*--label=[Set metadata for an image]:label=value: " \ + "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " \ + "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " \ + "($help)--no-cache[Do not use cache when building the image]" \ + "($help)--pull[Attempt to pull a newer version of the image]" \ + "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ + "($help)--rm[Remove intermediate containers after a successful build]" \ + "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " \ + "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_complete_repositories_with_tags" \ + "($help)*--ulimit=[ulimit options]:ulimit: " \ + "($help)--userns=[Container user namespace]:user namespace:(host)" \ + "($help -):path or URL:_directories" && ret=0 ;; (history) __docker_subcommand && ret=0 @@ -1913,34 +1940,7 @@ __docker_subcommand() { __docker_container_subcommand && ret=0 ;; (build) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*--build-arg[Build-time variables]:=: " \ - "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" \ - "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " \ - "($help)--compress[Compress the build context using gzip]" \ - "($help)--cpu-period=[Limit the CPU CFS (Completely Fair Scheduler) period]:CPU period: " \ - "($help)--cpu-quota=[Limit the CPU CFS (Completely Fair Scheduler) quota]:CPU quota: " \ - "($help)--cpu-rt-period=[Limit the CPU real-time period]:CPU real-time period in microseconds: " \ - "($help)--cpu-rt-runtime=[Limit the CPU real-time runtime]:CPU real-time runtime in microseconds: " \ - "($help)--cpuset-cpus=[CPUs in which to allow execution]:CPUs: " \ - "($help)--cpuset-mems=[MEMs in which to allow execution]:MEMs: " \ - "($help)--disable-content-trust[Skip image verification]" \ - "($help -f --file)"{-f=,--file=}"[Name of the Dockerfile]:Dockerfile:_files" \ - "($help)--force-rm[Always remove intermediate containers]" \ - "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" \ - "($help)*--label=[Set metadata for an image]:label=value: " \ - "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " \ - "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " \ - "($help)--no-cache[Do not use cache when building the image]" \ - "($help)--pull[Attempt to pull a newer version of the image]" \ - "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ - "($help)--rm[Remove intermediate containers after a successful build]" \ - "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " \ - "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_complete_repositories_with_tags" \ - "($help)*--ulimit=[ulimit options]:ulimit: " \ - "($help)--userns=[Container user namespace]:user namespace:(host)" \ - "($help -):path or URL:_directories" && ret=0 + __docker_image_subcommand && ret=0 ;; (container) local curcontext="$curcontext" state From 4d4d5b199e83d13ed658cd6014f617913d410829 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:43:20 +0100 Subject: [PATCH 2001/2538] Move zsh completion logic to new subcommand: history Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2419219524..a9aeba6e33 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -925,7 +925,12 @@ __docker_image_subcommand() { "($help -):path or URL:_directories" && ret=0 ;; (history) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -H --human)"{-H,--human}"[Print sizes and dates in human readable format]" \ + "($help)--no-trunc[Do not truncate output]" \ + "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ + "($help -)*: :__docker_complete_images" && ret=0 ;; (import) __docker_subcommand && ret=0 @@ -2057,12 +2062,7 @@ __docker_subcommand() { "($help)--format=[Format the output using the given go template]:template: " && ret=0 ;; (history) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -H --human)"{-H,--human}"[Print sizes and dates in human readable format]" \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ - "($help -)*: :__docker_complete_images" && ret=0 + __docker_image_subcommand && ret=0 ;; (image) local curcontext="$curcontext" state From f8829f20b4cd50f9d1e602462b24be5b453a8376 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:44:37 +0100 Subject: [PATCH 2002/2538] Move zsh completion logic to new subcommand: import Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a9aeba6e33..d0069539be 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -933,7 +933,12 @@ __docker_image_subcommand() { "($help -)*: :__docker_complete_images" && ret=0 ;; (import) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ + "($help -m --message)"{-m=,--message=}"[Commit message for imported image]:message: " \ + "($help -):URL:(- http:// file://)" \ + "($help -): :__docker_complete_repositories_with_tags" && ret=0 ;; (inspect) __docker_subcommand && ret=0 @@ -2099,12 +2104,7 @@ __docker_subcommand() { esac ;; (import) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-c=,--change=}"[Apply Dockerfile instruction to the created image]:Dockerfile:_files" \ - "($help -m --message)"{-m=,--message=}"[Commit message for imported image]:message: " \ - "($help -):URL:(- http:// file://)" \ - "($help -): :__docker_complete_repositories_with_tags" && ret=0 + __docker_image_subcommand && ret=0 ;; (info|version) _arguments $(__docker_arguments) \ From 8fa658335bacaf8fb70b0d642fe19e1ef4116a8b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:52:45 +0100 Subject: [PATCH 2003/2538] Add zsh completion logic to new subcommand: inspect Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d0069539be..7a7b6f475f 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -941,7 +941,10 @@ __docker_image_subcommand() { "($help -): :__docker_complete_repositories_with_tags" && ret=0 ;; (inspect) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ + "($help -)*:images:__docker_complete_images" && ret=0 ;; (load) __docker_subcommand && ret=0 From e21d331b1ed9abf6b92467cd70a26d0ce79e7349 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:53:53 +0100 Subject: [PATCH 2004/2538] Move zsh completion logic to new subcommand: load Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 7a7b6f475f..036be74a62 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -947,7 +947,10 @@ __docker_image_subcommand() { "($help -)*:images:__docker_complete_images" && ret=0 ;; (load) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g \"*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)\"" \ + "($help -q --quiet)"{-q,--quiet}"[Suppress the load output]" && ret=0 ;; (ls|list) words[1]='images' @@ -2136,10 +2139,7 @@ __docker_subcommand() { esac ;; (load) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -i --input)"{-i=,--input=}"[Read from tar archive file]:archive file:_files -g \"*.((tar|TAR)(.gz|.GZ|.Z|.bz2|.lzma|.xz|)|(tbz|tgz|txz))(-.)\"" \ - "($help -q --quiet)"{-q,--quiet}"[Suppress the load output]" && ret=0 + __docker_image_subcommand && ret=0 ;; (login) _arguments $(__docker_arguments) \ From 47364fcb71b50cabb127c0bb60c17cd3fcdc444d Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:55:27 +0100 Subject: [PATCH 2005/2538] Move zsh completion logic to new subcommand: ls Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 036be74a62..fa094227d9 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -953,8 +953,21 @@ __docker_image_subcommand() { "($help -q --quiet)"{-q,--quiet}"[Suppress the load output]" && ret=0 ;; (ls|list) - words[1]='images' - __docker_subcommand && ret=0 + local state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -a --all)"{-a,--all}"[Show all images]" \ + "($help)--digests[Show digests]" \ + "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ + "($help)--format=[Pretty-print images using a Go template]:template: " \ + "($help)--no-trunc[Do not truncate output]" \ + "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ + "($help -): :__docker_complete_repositories" && ret=0 + case $state in + (filter-options) + __docker_complete_images_filters && ret=0 + ;; + esac ;; (prune) # @TODO @@ -2093,21 +2106,8 @@ __docker_subcommand() { esac ;; (images) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all)"{-a,--all}"[Show all images]" \ - "($help)--digests[Show digests]" \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ - "($help)--format=[Pretty-print images using a Go template]:template: " \ - "($help)--no-trunc[Do not truncate output]" \ - "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ - "($help -): :__docker_complete_repositories" && ret=0 - - case $state in - (filter-options) - __docker_complete_images_filters && ret=0 - ;; - esac + words[1]='ls' + __docker_image_subcommand && ret=0 ;; (import) __docker_image_subcommand && ret=0 From e3d224e5205d872ab5245bb9939ca8b29d24e7ef Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:56:38 +0100 Subject: [PATCH 2006/2538] Move zsh completion logic to new subcommand: pull Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index fa094227d9..d60e6529fb 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -973,7 +973,11 @@ __docker_image_subcommand() { # @TODO ;; (pull) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -a --all-tags)"{-a,--all-tags}"[Download all tagged images]" \ + "($help)--disable-content-trust[Skip image verification]" \ + "($help -):name:__docker_search" && ret=0 ;; (push) __docker_subcommand && ret=0 @@ -2209,11 +2213,7 @@ __docker_subcommand() { __docker_container_subcommand && ret=0 ;; (pull) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -a --all-tags)"{-a,--all-tags}"[Download all tagged images]" \ - "($help)--disable-content-trust[Skip image verification]" \ - "($help -):name:__docker_search" && ret=0 + __docker_image_subcommand && ret=0 ;; (push) _arguments $(__docker_arguments) \ From 82dfd60819800fe9000e318c684a85706226cec4 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 21:58:28 +0100 Subject: [PATCH 2007/2538] Move zsh completion logic to new subcommand: push Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d60e6529fb..d17e6c5fed 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -980,7 +980,10 @@ __docker_image_subcommand() { "($help -):name:__docker_search" && ret=0 ;; (push) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--disable-content-trust[Skip image signing]" \ + "($help -): :__docker_complete_images" && ret=0 ;; (rm) words[1]='rmi' @@ -2216,10 +2219,7 @@ __docker_subcommand() { __docker_image_subcommand && ret=0 ;; (push) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)--disable-content-trust[Skip image signing]" \ - "($help -): :__docker_complete_images" && ret=0 + __docker_image_subcommand && ret=0 ;; (rmi) _arguments $(__docker_arguments) \ From f812608ff4ceb5795a7a937aa4be06a58ab305d2 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 22:02:32 +0100 Subject: [PATCH 2008/2538] Move zsh completion logic to new subcommand: rm Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d17e6c5fed..492d6dbda9 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -986,8 +986,11 @@ __docker_image_subcommand() { "($help -): :__docker_complete_images" && ret=0 ;; (rm) - words[1]='rmi' - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --force)"{-f,--force}"[Force removal]" \ + "($help)--no-prune[Do not delete untagged parents]" \ + "($help -)*: :__docker_complete_images" && ret=0 ;; (save) __docker_subcommand && ret=0 @@ -2222,11 +2225,8 @@ __docker_subcommand() { __docker_image_subcommand && ret=0 ;; (rmi) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --force)"{-f,--force}"[Force removal]" \ - "($help)--no-prune[Do not delete untagged parents]" \ - "($help -)*: :__docker_complete_images" && ret=0 + words[1]='rm' + __docker_image_subcommand && ret=0 ;; (save) _arguments $(__docker_arguments) \ From a3e4ac1d2fd56a401dc0d0aaa3286595ae24380e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 22:03:55 +0100 Subject: [PATCH 2009/2538] Move zsh completion logic to new subcommand: save Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 492d6dbda9..b31e9f23b1 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -993,7 +993,10 @@ __docker_image_subcommand() { "($help -)*: :__docker_complete_images" && ret=0 ;; (save) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -o --output)"{-o=,--output=}"[Write to file]:file:_files" \ + "($help -)*: :__docker_complete_images" && ret=0 ;; (tag) __docker_subcommand && ret=0 @@ -2229,10 +2232,7 @@ __docker_subcommand() { __docker_image_subcommand && ret=0 ;; (save) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -o --output)"{-o=,--output=}"[Write to file]:file:_files" \ - "($help -)*: :__docker_complete_images" && ret=0 + __docker_image_subcommand && ret=0 ;; (search) _arguments $(__docker_arguments) \ From e3711a11f2ec9598621f60734a97250d7306eed7 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 22:07:25 +0100 Subject: [PATCH 2010/2538] Move zsh completion logic to new subcommand: tag Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index b31e9f23b1..38453e96d3 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -999,7 +999,10 @@ __docker_image_subcommand() { "($help -)*: :__docker_complete_images" && ret=0 ;; (tag) - __docker_subcommand && ret=0 + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -):source:__docker_complete_images"\ + "($help -):destination:__docker_complete_repositories_with_tags" && ret=0 ;; (help) _arguments $(__docker_arguments) ":subcommand:__docker_container_commands" && ret=0 @@ -2283,10 +2286,7 @@ __docker_subcommand() { esac ;; (tag) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -):source:__docker_complete_images"\ - "($help -):destination:__docker_complete_repositories_with_tags" && ret=0 + __docker_image_subcommand && ret=0 ;; (volume) local curcontext="$curcontext" state From cd0ef2a33795465d4f2862cb8f615d3e52deb04d Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 22:11:59 +0100 Subject: [PATCH 2011/2538] Cleanup after moving all zsh completion logics for the new image command Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 38453e96d3..615ebfbf8c 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1984,7 +1984,7 @@ __docker_subcommand() { (attach|commit|cp|create|diff|exec|export|kill|logs|pause|unpause|port|rename|restart|rm|run|start|stats|stop|top|update|wait) __docker_container_subcommand && ret=0 ;; - (build) + (build|history|import|load|pull|push|save|tag) __docker_image_subcommand && ret=0 ;; (container) @@ -2101,9 +2101,6 @@ __docker_subcommand() { "($help)--until=[Events created until this timestamp]:timestamp: " \ "($help)--format=[Format the output using the given go template]:template: " && ret=0 ;; - (history) - __docker_image_subcommand && ret=0 - ;; (image) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ @@ -2125,9 +2122,6 @@ __docker_subcommand() { words[1]='ls' __docker_image_subcommand && ret=0 ;; - (import) - __docker_image_subcommand && ret=0 - ;; (info|version) _arguments $(__docker_arguments) \ $opts_help \ @@ -2154,9 +2148,6 @@ __docker_subcommand() { ;; esac ;; - (load) - __docker_image_subcommand && ret=0 - ;; (login) _arguments $(__docker_arguments) \ $opts_help \ @@ -2224,19 +2215,10 @@ __docker_subcommand() { words[1]='ls' __docker_container_subcommand && ret=0 ;; - (pull) - __docker_image_subcommand && ret=0 - ;; - (push) - __docker_image_subcommand && ret=0 - ;; (rmi) words[1]='rm' __docker_image_subcommand && ret=0 ;; - (save) - __docker_image_subcommand && ret=0 - ;; (search) _arguments $(__docker_arguments) \ $opts_help \ @@ -2285,9 +2267,6 @@ __docker_subcommand() { ;; esac ;; - (tag) - __docker_image_subcommand && ret=0 - ;; (volume) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ From fc50bad3c208718cc62ae5859c362497a39d30f7 Mon Sep 17 00:00:00 2001 From: Ben Firshman Date: Thu, 27 Oct 2016 17:59:59 +0100 Subject: [PATCH 2012/2538] Deprecate API calls without a version See #21157 for more details. In a future version of Docker, providing a version to API calls will be mandatory. An implementation of this is in #27801. Signed-off-by: Ben Firshman --- docs/deprecated.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index 90a8909c11..c7d3611804 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -226,3 +226,12 @@ Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the **Deprecated In Release: v1.13.0** `MAINTAINER` was an early very limited form of `LABEL` which should be used instead. + +### API calls without a version +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** + +**Target For Removal In Release: v1.16** + +API versions should be supplied to all API calls to ensure compatibility with +future Engine versions. Instead of just requesting, for example, the URL +`/containers/json`, you must now request `/v1.25/containers/json`. From ac4b6e35056b8a99993919411421e5a5fb2f30e9 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 8 Nov 2016 07:06:07 -0800 Subject: [PATCH 2013/2538] Remove `-ptr` from the help output of `service create` This fix is based on the comment: https://github.com/docker/docker/pull/28147#discussion_r86996347 Previously the output string of the `DurationOpt` is `duration-ptr` and `Uint64Opt` is `uint64-ptr`. While it is clear to developers, for a normal user `-ptr` might not be very informative. On the other hand, the default value of `DurationOpt` and `Uint64Opt` has already been quite informative: `none`. That means if no flag provided, the value will be treated as none. (like a ptr with nil as the default) For that reason this fix removes the `-ptr`. Also, the output in the docs of `service create` has been quite out-of-sync with the true output. So this fix updates the docs to have the most up-to-date help output of `service create --help`. This fix is related to #28147. Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 48 ++++----- docs/reference/commandline/service_update.md | 104 +++++++++---------- 2 files changed, 76 insertions(+), 76 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index c058616a07..d659a60d19 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -21,48 +21,48 @@ Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] Create a new service Options: - --constraint value Placement constraints (default []) - --container-label value Service container labels (default []) + --constraint list Placement constraints (default []) + --container-label list Container labels (default []) --dns list Set custom DNS servers (default []) --dns-options list Set DNS options (default []) --dns-search list Set custom DNS search domains (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) - -e, --env value Set environment variables (default []) - --env-file value Read in a file of environment variables (default []) - --group value Set one or more supplementary user groups for the container (default []) + -e, --env list Set environment variables (default []) + --env-file list Read in a file of environment variables (default []) + --group list Set one or more supplementary user groups for the container (default []) --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) + --health-interval duration Time between running the check (default none) --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) + --health-timeout duration Maximum time to allow one check to run (default none) --help Print usage - --hostname Service containers hostname - -l, --label value Service labels (default []) - --limit-cpu value Limit CPUs (default 0.000) - --limit-memory value Limit Memory (default 0 B) + --hostname string Container hostname + -l, --label list Service labels (default []) + --limit-cpu decimal Limit CPUs (default 0.000) + --limit-memory bytes Limit Memory (default 0 B) --log-driver string Logging driver for service - --log-opt value Logging driver options (default []) + --log-opt list Logging driver options (default []) --mode string Service mode (replicated or global) (default "replicated") - --mount value Attach a filesystem mount to the service + --mount mount Attach a filesystem mount to the service --name string Service name - --network value Network attachments (default []) + --network list Network attachments (default []) --no-healthcheck Disable any container-specified HEALTHCHECK - -p, --publish value Publish a port as a node port (default []) - --replicas value Number of tasks (default none) - --reserve-cpu value Reserve CPUs (default 0.000) - --reserve-memory value Reserve Memory (default 0 B) + -p, --publish list Publish a port as a node port (default []) + --replicas uint Number of tasks (default none) + --reserve-cpu decimal Reserve CPUs (default 0.000) + --reserve-memory bytes Reserve Memory (default 0 B) --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay value Delay between restart attempts (default none) - --restart-max-attempts value Maximum number of restarts before giving up (default none) - --restart-window value Window used to evaluate the restart policy (default none) - --stop-grace-period value Time to wait before force killing a container (default none) + --restart-delay duration Delay between restart attempts (default none) + --restart-max-attempts uint Maximum number of restarts before giving up (default none) + --restart-window duration Window used to evaluate the restart policy (default none) + --stop-grace-period duration Time to wait before force killing a container (default none) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure (pause|continue) (default "pause") - --update-max-failure-ratio value Failure rate to tolerate during an update + --update-max-failure-ratio float Failure rate to tolerate during an update --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) -u, --user string Username or UID (format: [:]) - --with-registry-auth Send registry authentication details to Swarm agents + --with-registry-auth Send registry authentication details to swarm agents -w, --workdir string Working directory inside the container ``` diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index bf40aa4446..f321b31ddc 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -21,58 +21,58 @@ Usage: docker service update [OPTIONS] SERVICE Update a service Options: - --args string Service command args - --constraint-add stringSlice Add or update a placement constraint - --constraint-rm list Remove a constraint (default []) - --container-label-add list Add or update a container label (default []) - --container-label-rm list Remove a container label by its key (default []) - --dns-add list Add or update custom DNS servers (default []) - --dns-options-add list Add or update DNS options (default []) - --dns-options-rm list Remove DNS options (default []) - --dns-rm list Remove custom DNS servers (default []) - --dns-search-add list Add or update custom DNS search domains (default []) - --dns-search-rm list Remove DNS search domains (default []) - --endpoint-mode string Endpoint mode (vip or dnsrr) - --env-add list Add or update an environment variable (default []) - --env-rm list Remove an environment variable (default []) - --force Force update even if no changes require it - --group-add stringSlice Add an additional supplementary user group to the container - --group-rm list Remove a previously added supplementary user group from the container (default []) - --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) - --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) - --help Print usage - --image string Service image tag - --label-add list Add or update a service label (default []) - --label-rm list Remove a label by its key (default []) - --limit-cpu NanoCPUs Limit CPUs (default 0.000) - --limit-memory MemoryBytes Limit Memory (default 0 B) - --log-driver string Logging driver for service - --log-opt list Logging driver options (default []) - --mount-add mount Add or update a mount on a service - --mount-rm list Remove a mount by its target path (default []) - --no-healthcheck Disable any container-specified HEALTHCHECK - --publish-add list Add or update a published port (default []) - --publish-rm list Remove a published port by its target port (default []) - --replicas uint64-ptr Number of tasks (default none) - --reserve-cpu NanoCPUs Reserve CPUs (default 0.000) - --reserve-memory MemoryBytes Reserve Memory (default 0 B) - --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay duration-ptr Delay between restart attempts (default none) - --restart-max-attempts uint64-ptr Maximum number of restarts before giving up (default none) - --restart-window duration-ptr Window used to evaluate the restart policy (default none) - --rollback Rollback to previous specification - --stop-grace-period duration-ptr Time to wait before force killing a container (default none) - -t, --tty Allocate a pseudo-TTY - --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) - --update-failure-action string Action on update failure (pause|continue) (default "pause") - --update-max-failure-ratio float32 Failure rate to tolerate during an update - --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID (format: [:]) - --with-registry-auth Send registry authentication details to swarm agents - -w, --workdir string Working directory inside the container + --args string Service command args + --constraint-add list Add or update a placement constraint (default []) + --constraint-rm list Remove a constraint (default []) + --container-label-add list Add or update a container label (default []) + --container-label-rm list Remove a container label by its key (default []) + --dns-add list Add or update custom DNS servers (default []) + --dns-options-add list Add or update DNS options (default []) + --dns-options-rm list Remove DNS options (default []) + --dns-rm list Remove custom DNS servers (default []) + --dns-search-add list Add or update custom DNS search domains (default []) + --dns-search-rm list Remove DNS search domains (default []) + --endpoint-mode string Endpoint mode (vip or dnsrr) + --env-add list Add or update an environment variable (default []) + --env-rm list Remove an environment variable (default []) + --force Force update even if no changes require it + --group-add list Add an additional supplementary user group to the container (default []) + --group-rm list Remove a previously added supplementary user group from the container (default []) + --health-cmd string Command to run to check health + --health-interval duration Time between running the check (default none) + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration Maximum time to allow one check to run (default none) + --help Print usage + --image string Service image tag + --label-add list Add or update a service label (default []) + --label-rm list Remove a label by its key (default []) + --limit-cpu decimal Limit CPUs (default 0.000) + --limit-memory bytes Limit Memory (default 0 B) + --log-driver string Logging driver for service + --log-opt list Logging driver options (default []) + --mount-add mount Add or update a mount on a service + --mount-rm list Remove a mount by its target path (default []) + --no-healthcheck Disable any container-specified HEALTHCHECK + --publish-add list Add or update a published port (default []) + --publish-rm list Remove a published port by its target port (default []) + --replicas uint Number of tasks (default none) + --reserve-cpu decimal Reserve CPUs (default 0.000) + --reserve-memory bytes Reserve Memory (default 0 B) + --restart-condition string Restart when condition is met (none, on-failure, or any) + --restart-delay duration Delay between restart attempts (default none) + --restart-max-attempts uint Maximum number of restarts before giving up (default none) + --restart-window duration Window used to evaluate the restart policy (default none) + --rollback Rollback to previous specification + --stop-grace-period duration Time to wait before force killing a container (default none) + -t, --tty Allocate a pseudo-TTY + --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) + --update-failure-action string Action on update failure (pause|continue) (default "pause") + --update-max-failure-ratio float Failure rate to tolerate during an update + --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) + -u, --user string Username or UID (format: [:]) + --with-registry-auth Send registry authentication details to swarm agents + -w, --workdir string Working directory inside the container ``` Updates a service as described by the specified parameters. This command has to be run targeting a manager node. From 9c9e10b0caaf5a0e51b6dff54c6817375e6623cb Mon Sep 17 00:00:00 2001 From: allencloud Date: Wed, 9 Nov 2016 14:22:06 +0800 Subject: [PATCH 2014/2538] add short flag for force Signed-off-by: allencloud --- docs/reference/commandline/node_rm.md | 6 +++--- docs/reference/commandline/swarm_leave.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index 1b1e4ba023..616be0a99b 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -16,7 +16,7 @@ keywords: "node, remove" # node rm ```markdown -Usage: docker node rm [OPTIONS] NODE [NODE...] +Usage: docker node rm [OPTIONS] NODE [NODE...] Remove one or more nodes from the swarm @@ -24,8 +24,8 @@ Aliases: rm, remove Options: - --force Force remove a node from the swarm - --help Print usage + -f, --force Force remove a node from the swarm + --help Print usage ``` When run from a manager node, removes the specified nodes from a swarm. diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index f0f31ee239..4dcccc6988 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -16,12 +16,12 @@ keywords: "swarm, leave" # swarm leave ```markdown -Usage: docker swarm leave [OPTIONS] +Usage: docker swarm leave [OPTIONS] -Leave the swarm (workers only). +Leave the swarm (workers only) Options: - --force Force this node to leave the swarm, ignoring warnings + -f, --force Force this node to leave the swarm, ignoring warnings --help Print usage ``` From 2161bbf176d250ef800568387b6a312ef3674c18 Mon Sep 17 00:00:00 2001 From: Evan Hazlett Date: Thu, 27 Oct 2016 17:30:32 -0700 Subject: [PATCH 2015/2538] docs: update cli reference for secret usage Signed-off-by: Evan Hazlett docs: minor update to service create usage Signed-off-by: Evan Hazlett --- docs/reference/commandline/secret_create.md | 46 ++++++++++ docs/reference/commandline/secret_inspect.md | 88 ++++++++++++++++++++ docs/reference/commandline/secret_ls.md | 44 ++++++++++ docs/reference/commandline/secret_rm.md | 48 +++++++++++ docs/reference/commandline/service_create.md | 16 ++++ docs/reference/commandline/service_update.md | 16 ++++ 6 files changed, 258 insertions(+) create mode 100644 docs/reference/commandline/secret_create.md create mode 100644 docs/reference/commandline/secret_inspect.md create mode 100644 docs/reference/commandline/secret_ls.md create mode 100644 docs/reference/commandline/secret_rm.md diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md new file mode 100644 index 0000000000..92cee6cde7 --- /dev/null +++ b/docs/reference/commandline/secret_create.md @@ -0,0 +1,46 @@ +--- +title: "secret create" +description: "The secret create command description and usage" +keywords: ["secret, create"] +--- + + + +# secret create + +```Markdown +Usage: docker secret create [NAME] + +Create a secret using stdin as content +``` + +Creates a secret using standard input for the secret content. You must run this +command on a manager node. + +## Examples + +### Create a secret + +```bash +$ cat ssh-dev | docker secret create ssh-dev +mhv17xfe3gh6xc4rij5orpfds + +$ docker secret ls +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds ssh-dev 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +``` + +## Related information + +* [secret inspect](secret_inspect.md) +* [secret ls](secret_ls.md) +* [secret rm](secret_rm.md) + + diff --git a/docs/reference/commandline/secret_inspect.md b/docs/reference/commandline/secret_inspect.md new file mode 100644 index 0000000000..1572a87b16 --- /dev/null +++ b/docs/reference/commandline/secret_inspect.md @@ -0,0 +1,88 @@ +--- +title: "secret inspect" +description: "The secret inspect command description and usage" +keywords: ["secret, inspect"] +--- + + + +# secret inspect + +```Markdown +Usage: docker secret inspect [OPTIONS] SECRET [SECRET...] + +Display detailed information on one or more secrets + +Options: + -f, --format string Format the output using the given Go template + --help Print usage +``` + + +Inspects the specified secret. This command has to be run targeting a manager +node. + +By default, this renders all results in a JSON array. If a format is specified, +the given template will be executed for each result. + +Go's [text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. + +## Examples + +### Inspecting a secret by name or ID + +You can inspect a secret, either by its *name*, or *ID* + +For example, given the following secret: + +```bash +$ docker secret ls +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds ssh-dev 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +``` + +```bash +$ docker secret inspect mhv17xfe3gh6xc4rij5orpfds +[ + { + "ID": "mhv17xfe3gh6xc4rij5orpfds", + "Version": { + "Index": 1198 + }, + "CreatedAt": "2016-10-27T23:25:43.909181089Z", + "UpdatedAt": "2016-10-27T23:25:43.909181089Z", + "Spec": { + "Name": "ssh-dev", + "Data": null + }, + "Digest": "sha256:8281c6d924520986e3c6af23ed8926710a611c90339db582c2a9ac480ba622b7", + "SecretSize": 1679 + } +] +``` + +### Formatting secret output + +The `--format` option can be used to obtain specific information about a +secret. For example, the following command outputs the digest of the +secret. + +```bash{% raw %} +$ docker secret inspect --format='{{.Digest}}' mhv17xfe3gh6xc4rij5orpfds +sha256:8281c6d924520986e3c6af23ed8926710a611c90339db582c2a9ac480ba622b7 +{% endraw %}``` + + +## Related information + +* [secret create](secret_create.md) +* [secret ls](secret_ls.md) +* [secret rm](secret_rm.md) diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md new file mode 100644 index 0000000000..13a8e60454 --- /dev/null +++ b/docs/reference/commandline/secret_ls.md @@ -0,0 +1,44 @@ +--- +title: "secret ls" +description: "The secret ls command description and usage" +keywords: ["secret, ls"] +--- + + + +# secret ls + +```Markdown +Usage: docker secret ls [OPTIONS] + +List secrets + +Aliases: + ls, list + +Options: + -q, --quiet Only display IDs +``` + +This command when run targeting a manager, lists secrets in the +swarm. + +On a manager node: + +```bash +$ docker secret ls +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds ssh-dev 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +``` +## Related information + +* [secret create](secret_create.md) +* [secret inspect](secret_inspect.md) +* [secret rm](secret_rm.md) diff --git a/docs/reference/commandline/secret_rm.md b/docs/reference/commandline/secret_rm.md new file mode 100644 index 0000000000..5f9ba5f69b --- /dev/null +++ b/docs/reference/commandline/secret_rm.md @@ -0,0 +1,48 @@ +--- +title: "secret rm" +description: "The secret rm command description and usage" +keywords: ["secret, rm"] +--- + + + +# secret rm + +```Markdown +Usage: docker secret rm SECRET [SECRET...] + +Remove one or more secrets + +Aliases: + rm, remove + +Options: + --help Print usage +``` + +Removes the specified secrets from the swarm. This command has to be run +targeting a manager node. + +For example, to remove secret: + +```bash +$ docker secret rm sapth4csdo5b6wz2p5uimh5xg +sapth4csdo5b6wz2p5uimh5xg +``` + +> **Warning**: Unlike `docker rm`, this command does not ask for confirmation +> before removing a secret. + + +## Related information + +* [secret create](secret_create.md) +* [secret inspect](secret_inspect.md) +* [secret ls](secret_ls.md) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index d659a60d19..9d98600043 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -54,6 +54,7 @@ Options: --restart-delay duration Delay between restart attempts (default none) --restart-max-attempts uint Maximum number of restarts before giving up (default none) --restart-window duration Window used to evaluate the restart policy (default none) + --secret value Specify secrets to expose to the service (default []) --stop-grace-period duration Time to wait before force killing a container (default none) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) @@ -119,6 +120,21 @@ ID NAME MODE REPLICAS IMAGE 4cdgfyky7ozw redis replicated 5/5 redis:3.0.7 ``` +### Create a service with secrets +Use the `--secret` flag to use a [secret](secret_create.md). The following +command will create a service with two secrets named `ssh-key` and `app-key`: + +```bash +$ docker service create --name redis --secret ssh-key:ssh --secret app-key:app redis:3.0.6 +4cdgfyky7ozwh3htjfw0d12qv +``` + +Secrets are located in `/run/secrets` in the container. If no target is +specified, the name of the secret will be used as the in memory file in the +container. If a target is specified, that will be the filename. In the +example above, two files will be created: `/run/secrets/ssh` and +`/run/secrets/app` for each of the secret targets specified. + ### Create a service with a rolling update policy ```bash diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index f321b31ddc..2cc67996e6 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -63,6 +63,8 @@ Options: --restart-max-attempts uint Maximum number of restarts before giving up (default none) --restart-window duration Window used to evaluate the restart policy (default none) --rollback Rollback to previous specification + --secret-add list Add a secret (default []) + --secret-rm list Remove a secret (default []) --stop-grace-period duration Time to wait before force killing a container (default none) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) @@ -146,6 +148,20 @@ $ docker service update --mount-rm /somewhere myservice myservice ``` +### Adding and removing secrets + +Use the `--secret-add` or `--secret-rm` options add or remove a service's +secrets. + +The following example adds a secret named `ssh-2` and removes `ssh-1`: + +```bash +$ docker service update \ + --secret-add ssh-2 \ + --secret-rm ssh-1 \ + myservice +``` + ## Related information * [service create](service_create.md) From f0026b6e12eee3571fa0390ad888b4306e986445 Mon Sep 17 00:00:00 2001 From: Evan Hazlett Date: Mon, 31 Oct 2016 11:02:10 -0400 Subject: [PATCH 2016/2538] doc review updates Signed-off-by: Evan Hazlett --- docs/reference/commandline/secret_inspect.md | 4 ++-- docs/reference/commandline/secret_ls.md | 3 +-- docs/reference/commandline/secret_rm.md | 2 +- docs/reference/commandline/service_create.md | 5 +++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/secret_inspect.md b/docs/reference/commandline/secret_inspect.md index 1572a87b16..0b75bfe385 100644 --- a/docs/reference/commandline/secret_inspect.md +++ b/docs/reference/commandline/secret_inspect.md @@ -71,8 +71,8 @@ $ docker secret inspect mhv17xfe3gh6xc4rij5orpfds ### Formatting secret output -The `--format` option can be used to obtain specific information about a -secret. For example, the following command outputs the digest of the +You can use the --format option to obtain specific information about a +secret. The following example command outputs the digest of the secret. ```bash{% raw %} diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md index 13a8e60454..aa1f31d615 100644 --- a/docs/reference/commandline/secret_ls.md +++ b/docs/reference/commandline/secret_ls.md @@ -27,8 +27,7 @@ Options: -q, --quiet Only display IDs ``` -This command when run targeting a manager, lists secrets in the -swarm. +Run this command from a manager to list the secrets in the Swarm. On a manager node: diff --git a/docs/reference/commandline/secret_rm.md b/docs/reference/commandline/secret_rm.md index 5f9ba5f69b..86f2df9a5a 100644 --- a/docs/reference/commandline/secret_rm.md +++ b/docs/reference/commandline/secret_rm.md @@ -30,7 +30,7 @@ Options: Removes the specified secrets from the swarm. This command has to be run targeting a manager node. -For example, to remove secret: +This example removes a secret: ```bash $ docker secret rm sapth4csdo5b6wz2p5uimh5xg diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 9d98600043..8e12a88d85 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -121,8 +121,9 @@ ID NAME MODE REPLICAS IMAGE ``` ### Create a service with secrets -Use the `--secret` flag to use a [secret](secret_create.md). The following -command will create a service with two secrets named `ssh-key` and `app-key`: +Use the `--secret` flag to give a container access to a +[secret](secret_create.md). The following command will create a service +with two secrets named `ssh-key` and `app-key`: ```bash $ docker service create --name redis --secret ssh-key:ssh --secret app-key:app redis:3.0.6 From 32a96e4fa4a72837e14b1838096617cea4d2e0a3 Mon Sep 17 00:00:00 2001 From: Evan Hazlett Date: Tue, 1 Nov 2016 22:28:32 -0400 Subject: [PATCH 2017/2538] secrets: use explicit format when using secrets Signed-off-by: Evan Hazlett --- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 8e12a88d85..e98c2cc8ae 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -126,7 +126,7 @@ Use the `--secret` flag to give a container access to a with two secrets named `ssh-key` and `app-key`: ```bash -$ docker service create --name redis --secret ssh-key:ssh --secret app-key:app redis:3.0.6 +$ docker service create --name redis --secret source=ssh-key,target=ssh --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 redis:3.0.6 4cdgfyky7ozwh3htjfw0d12qv ``` diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 2cc67996e6..261f1c3518 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -157,7 +157,7 @@ The following example adds a secret named `ssh-2` and removes `ssh-1`: ```bash $ docker service update \ - --secret-add ssh-2 \ + --secret-add source=ssh-2,target=ssh-2 \ --secret-rm ssh-1 \ myservice ``` From a5875e1a5659beb9e66a50dea2aa2b11227509cc Mon Sep 17 00:00:00 2001 From: Evan Hazlett Date: Thu, 3 Nov 2016 15:56:05 -0400 Subject: [PATCH 2018/2538] secrets: support simple syntax --secret foo Signed-off-by: Evan Hazlett --- docs/reference/commandline/service_create.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index e98c2cc8ae..8f33bf8c33 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -122,11 +122,22 @@ ID NAME MODE REPLICAS IMAGE ### Create a service with secrets Use the `--secret` flag to give a container access to a -[secret](secret_create.md). The following command will create a service -with two secrets named `ssh-key` and `app-key`: +[secret](secret_create.md). + +Create a service specifying a secret: ```bash -$ docker service create --name redis --secret source=ssh-key,target=ssh --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 redis:3.0.6 +$ docker service create --name redis --secret secret.json redis:3.0.6 +4cdgfyky7ozwh3htjfw0d12qv +``` + +Create a service specifying the secret, target, user/group ID and mode: + +```bash +$ docker service create --name redis \ + --secret source=ssh-key,target=ssh \ + --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 \ + redis:3.0.6 4cdgfyky7ozwh3htjfw0d12qv ``` From 6231e4899c47773036ace7888e3ef9ac7bc93599 Mon Sep 17 00:00:00 2001 From: Evan Hazlett Date: Thu, 3 Nov 2016 17:01:54 -0400 Subject: [PATCH 2019/2538] support labels for secrets upon creation; review updates Signed-off-by: Evan Hazlett --- docs/reference/commandline/secret_create.md | 40 ++++++++++++++++++-- docs/reference/commandline/secret_inspect.md | 10 ++--- docs/reference/commandline/secret_ls.md | 4 +- docs/reference/commandline/secret_rm.md | 2 +- 4 files changed, 45 insertions(+), 11 deletions(-) diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md index 92cee6cde7..6a124d5383 100644 --- a/docs/reference/commandline/secret_create.md +++ b/docs/reference/commandline/secret_create.md @@ -19,6 +19,9 @@ keywords: ["secret, create"] Usage: docker secret create [NAME] Create a secret using stdin as content +Options: + --help Print usage + -l, --label list Secret labels (default []) ``` Creates a secret using standard input for the secret content. You must run this @@ -29,14 +32,45 @@ command on a manager node. ### Create a secret ```bash -$ cat ssh-dev | docker secret create ssh-dev +$ cat secret.json | docker secret create secret.json mhv17xfe3gh6xc4rij5orpfds $ docker secret ls -ID NAME CREATED UPDATED SIZE -mhv17xfe3gh6xc4rij5orpfds ssh-dev 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 ``` +### Create a secret with labels + +```bash +$ cat secret.json | docker secret create secret.json --label env=dev --label rev=20161102 +jtn7g6aukl5ky7nr9gvwafoxh + +$ docker secret inspect secret.json +[ + { + "ID": "jtn7g6aukl5ky7nr9gvwafoxh", + "Version": { + "Index": 541 + }, + "CreatedAt": "2016-11-03T20:54:12.924766548Z", + "UpdatedAt": "2016-11-03T20:54:12.924766548Z", + "Spec": { + "Name": "secret.json", + "Labels": { + "env": "dev", + "rev": "20161102" + }, + "Data": null + }, + "Digest": "sha256:4212a44b14e94154359569333d3fc6a80f6b9959dfdaff26412f4b2796b1f387", + "SecretSize": 1679 + } +] + +``` + + ## Related information * [secret inspect](secret_inspect.md) diff --git a/docs/reference/commandline/secret_inspect.md b/docs/reference/commandline/secret_inspect.md index 0b75bfe385..0d427464af 100644 --- a/docs/reference/commandline/secret_inspect.md +++ b/docs/reference/commandline/secret_inspect.md @@ -37,7 +37,7 @@ describes all the details of the format. ## Examples -### Inspecting a secret by name or ID +### Inspecting a secret by name or ID You can inspect a secret, either by its *name*, or *ID* @@ -45,12 +45,12 @@ For example, given the following secret: ```bash $ docker secret ls -ID NAME CREATED UPDATED SIZE -mhv17xfe3gh6xc4rij5orpfds ssh-dev 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 ``` ```bash -$ docker secret inspect mhv17xfe3gh6xc4rij5orpfds +$ docker secret inspect secret.json [ { "ID": "mhv17xfe3gh6xc4rij5orpfds", @@ -60,7 +60,7 @@ $ docker secret inspect mhv17xfe3gh6xc4rij5orpfds "CreatedAt": "2016-10-27T23:25:43.909181089Z", "UpdatedAt": "2016-10-27T23:25:43.909181089Z", "Spec": { - "Name": "ssh-dev", + "Name": "secret.json", "Data": null }, "Digest": "sha256:8281c6d924520986e3c6af23ed8926710a611c90339db582c2a9ac480ba622b7", diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md index aa1f31d615..fa78e66427 100644 --- a/docs/reference/commandline/secret_ls.md +++ b/docs/reference/commandline/secret_ls.md @@ -33,8 +33,8 @@ On a manager node: ```bash $ docker secret ls -ID NAME CREATED UPDATED SIZE -mhv17xfe3gh6xc4rij5orpfds ssh-dev 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 ``` ## Related information diff --git a/docs/reference/commandline/secret_rm.md b/docs/reference/commandline/secret_rm.md index 86f2df9a5a..f504b1ba4f 100644 --- a/docs/reference/commandline/secret_rm.md +++ b/docs/reference/commandline/secret_rm.md @@ -33,7 +33,7 @@ targeting a manager node. This example removes a secret: ```bash -$ docker secret rm sapth4csdo5b6wz2p5uimh5xg +$ docker secret rm secret.json sapth4csdo5b6wz2p5uimh5xg ``` From e64c21b045096d27793c66dd0cd9b9a5be3ac69d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 9 Nov 2016 11:42:18 -0800 Subject: [PATCH 2020/2538] Add bash completion for `docker {node rm,swarm leave} -f` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 786bcd3a25..2b363ab3bc 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2834,7 +2834,7 @@ _docker_swarm_join-token() { _docker_swarm_leave() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--force --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) ;; esac } @@ -2950,7 +2950,7 @@ _docker_node_remove() { _docker_node_rm() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--force --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) ;; *) __docker_complete_nodes From 44cf7338270237ae0fac33e6329a6ad7b0e3bf17 Mon Sep 17 00:00:00 2001 From: Santhosh Manohar Date: Fri, 4 Nov 2016 12:27:36 -0700 Subject: [PATCH 2021/2538] Show peer nodes in network inspect for swarm overlay networks Signed-off-by: Santhosh Manohar --- docs/reference/commandline/network_inspect.md | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 9f4a3203a5..bc0005e38e 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -124,6 +124,63 @@ $ docker network inspect simple-network ] ``` +For swarm mode overlay networks `network inspect` also shows the IP address and node name +of the peers. Peers are the nodes in the swarm cluster which have at least one task attached +to the network. Node name is of the format `-`. + +```bash +$ docker network inspect ingress +[ + { + "Name": "ingress", + "Id": "j0izitrut30h975vk4m1u5kk3", + "Created": "2016-11-08T06:49:59.803387552Z", + "Scope": "swarm", + "Driver": "overlay", + "EnableIPv6": false, + "IPAM": { + "Driver": "default", + "Options": null, + "Config": [ + { + "Subnet": "10.255.0.0/16", + "Gateway": "10.255.0.1" + } + ] + }, + "Internal": false, + "Attachable": false, + "Containers": { + "ingress-sbox": { + "Name": "ingress-endpoint", + "EndpointID": "40e002d27b7e5d75f60bc72199d8cae3344e1896abec5eddae9743755fe09115", + "MacAddress": "02:42:0a:ff:00:03", + "IPv4Address": "10.255.0.3/16", + "IPv6Address": "" + } + }, + "Options": { + "com.docker.network.driver.overlay.vxlanid_list": "256" + }, + "Labels": {}, + "Peers": [ + { + "Name": "net-1-1d22adfe4d5c", + "IP": "192.168.33.11" + }, + { + "Name": "net-2-d55d838b34af", + "IP": "192.168.33.12" + }, + { + "Name": "net-3-8473f8140bd9", + "IP": "192.168.33.13" + } + ] + } +] +``` + ## Related information * [network disconnect ](network_disconnect.md) From d9b0fa75c1c3e0e0ab5541aaae97e1371c86b260 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 9 Nov 2016 14:35:58 -0800 Subject: [PATCH 2022/2538] Document autolock/unlock/unlock-key Signed-off-by: Aaron Lehmann --- docs/reference/commandline/swarm_init.md | 13 +++ docs/reference/commandline/swarm_unlock.md | 41 +++++++++ .../reference/commandline/swarm_unlock_key.md | 84 +++++++++++++++++++ docs/reference/commandline/swarm_update.md | 1 + 4 files changed, 139 insertions(+) create mode 100644 docs/reference/commandline/swarm_unlock.md create mode 100644 docs/reference/commandline/swarm_unlock_key.md diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 36c07f72f9..d2a8846f2b 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -22,6 +22,7 @@ Initialize a swarm Options: --advertise-addr value Advertised address (format: [:port]) + --autolock Enable or disable manager autolocking (requiring an unlock key to start a stopped manager) --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) --external-ca value Specifications of one or more certificate signing endpoints @@ -57,6 +58,18 @@ to [swarm join](swarm_join.md). After you create the swarm, you can display or rotate the token using [swarm join-token](swarm_join_token.md). +### `--autolock` + +This flag enables automatic locking of managers with an encryption key. The +private keys and data stored by all managers will be protected by the +encryption key printed in the output, and will not be accessible without it. +Thus, it is very important to store this key in order to activate a manager +after it restarts. The key can be passed to `docker swarm unlock` to reactivate +the manager. Autolock can be disabled by running +`docker swarm update --autolock=false`. After disabling it, the encryption key +is no longer required to start the manager, and it will start up on its own +without user intervention. + ### `--cert-expiry` This flag sets the validity period for node certificates. diff --git a/docs/reference/commandline/swarm_unlock.md b/docs/reference/commandline/swarm_unlock.md new file mode 100644 index 0000000000..164b7d35a4 --- /dev/null +++ b/docs/reference/commandline/swarm_unlock.md @@ -0,0 +1,41 @@ +--- +title: "swarm unlock" +description: "The swarm unlock command description and usage" +keywords: "swarm, unlock" +--- + + + +# swarm unlock + +```markdown +Usage: docker swarm unlock + +Unlock swarm + +Options: + --help Print usage +``` + +Unlocks a locked manager using a user-supplied unlock key. This command must be +used to reactivate a manager after its Docker daemon restarts if the autolock +setting is turned on. The unlock key is printed at the time when autolock is +enabled, and is also available from the `docker swarm unlock-key` command. + + +```bash +$ docker swarm unlock +Please enter unlock key: +``` + +## Related information + +* [swarm init](swarm_init.md) +* [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_unlock_key.md b/docs/reference/commandline/swarm_unlock_key.md new file mode 100644 index 0000000000..a2597fe9ab --- /dev/null +++ b/docs/reference/commandline/swarm_unlock_key.md @@ -0,0 +1,84 @@ +--- +title: "swarm unlock-key" +description: "The swarm unlock-keycommand description and usage" +keywords: "swarm, unlock-key" +--- + + + +# swarm unlock-key + +```markdown +Usage: docker swarm unlock-key [OPTIONS] + +Manage the unlock key + +Options: + --help Print usage + -q, --quiet Only display token + --rotate Rotate unlock key +``` + +An unlock key is a secret key needed to unlock a manager after its Docker daemon +restarts. These keys are only used when the autolock feature is enabled for the +swarm. + +You can view or rotate the unlock key using `swarm unlock-key`. To view the key, +run the `docker swarm unlock-key` command without any arguments: + + +```bash +$ docker swarm unlock-key +To unlock a swarm manager after it restarts, run the `docker swarm unlock` +command and provide the following key: + + SWMKEY-1-fySn8TY4w5lKcWcJPIpKufejh9hxx5KYwx6XZigx3Q4 + +Please remember to store this key in a password manager, since without it you +will not be able to restart the manager. +``` + +Use the `--rotate` flag to rotate the unlock key to a new, randomly-generated +key: + +```bash +$ docker swarm unlock-key --rotate +Successfully rotated manager unlock key. + +To unlock a swarm manager after it restarts, run the `docker swarm unlock` +command and provide the following key: + + SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8 + +Please remember to store this key in a password manager, since without it you +will not be able to restart the manager. +``` + +The `-q` (or `--quiet`) flag only prints the key: + +```bash +$ docker swarm unlock-key -q +SWMKEY-1-7c37Cc8654o6p38HnroywCi19pllOnGtbdZEgtKxZu8 +``` + +### `--rotate` + +This flag rotates the unlock key, replacing it with a new randomly-generated +key. The old unlock key will no longer be accepted. + +### `--quiet` + +Only print the unlock key, without instructions. + +## Related information + +* [swarm unlock](swarm_unlock.md) +* [swarm init](swarm_init.md) +* [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index e9c30b6d44..78d4ba8969 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -21,6 +21,7 @@ Usage: docker swarm update [OPTIONS] Update the swarm Options: + --autolock Enable or disable manager autolocking (requiring an unlock key to start a stopped manager) --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) --external-ca value Specifications of one or more certificate signing endpoints From c55cadb8cedd9fc8a0f38a0aa0ff1f13919a2f9a Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Tue, 4 Oct 2016 12:01:19 -0700 Subject: [PATCH 2023/2538] Add plugin create functionality. Signed-off-by: Anusha Ragunathan --- docs/reference/commandline/plugin_create.md | 57 ++++++++++++++++++++ docs/reference/commandline/plugin_disable.md | 1 + docs/reference/commandline/plugin_enable.md | 1 + docs/reference/commandline/plugin_inspect.md | 1 + docs/reference/commandline/plugin_install.md | 1 + docs/reference/commandline/plugin_ls.md | 1 + docs/reference/commandline/plugin_rm.md | 1 + docs/reference/commandline/plugin_set.md | 1 + 8 files changed, 64 insertions(+) create mode 100644 docs/reference/commandline/plugin_create.md mode change 100755 => 100644 docs/reference/commandline/plugin_inspect.md diff --git a/docs/reference/commandline/plugin_create.md b/docs/reference/commandline/plugin_create.md new file mode 100644 index 0000000000..3eff033216 --- /dev/null +++ b/docs/reference/commandline/plugin_create.md @@ -0,0 +1,57 @@ +--- +title: "plugin create (experimental)" +description: "the plugin create command description and usage" +keywords: "plugin, create" +advisory: "experimental" +--- + + + +```markdown +Usage: docker plugin create [OPTIONS] reponame[:tag] PATH-TO-ROOTFS + +create a plugin from the given PATH-TO-ROOTFS, which contains the plugin's root filesystem and the manifest file, manifest.json + +Options: + --compress Compress the context using gzip + --help Print usage +``` + +Creates a plugin. Before creating the plugin, prepare the plugin's root filesystem as well as +the manifest.json (https://github.com/docker/docker/blob/master/docs/extend/manifest.md) + + +The following example shows how to create a sample `plugin`. + +```bash + +$ ls -ls /home/pluginDir + +4 -rw-r--r-- 1 root root 431 Nov 7 01:40 manifest.json +0 drwxr-xr-x 19 root root 420 Nov 7 01:40 rootfs + +$ docker plugin create plugin /home/pluginDir +plugin + +NAME TAG DESCRIPTION ENABLED +plugin latest A sample plugin for Docker true +``` + +The plugin can subsequently be enabled for local use or pushed to the public registry. + +## Related information + +* [plugin ls](plugin_ls.md) +* [plugin enable](plugin_enable.md) +* [plugin disable](plugin_disable.md) +* [plugin inspect](plugin_inspect.md) +* [plugin install](plugin_install.md) +* [plugin rm](plugin_rm.md) +* [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index 580d4b93d0..515fdec5cd 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -55,6 +55,7 @@ tiborvass/no-remove latest A test plugin for Docker false ## Related information * [plugin ls](plugin_ls.md) +* [plugin create](plugin_create.md) * [plugin enable](plugin_enable.md) * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index edb2e0bf1f..d23a6661c6 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -54,6 +54,7 @@ tiborvass/no-remove latest A test plugin for Docker true ## Related information +* [plugin create](plugin_create.md) * [plugin ls](plugin_ls.md) * [plugin disable](plugin_disable.md) * [plugin inspect](plugin_inspect.md) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md old mode 100755 new mode 100644 index 3fa55405a1..4c81a65142 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -154,6 +154,7 @@ $ docker plugin inspect -f '{{.Id}}' tiborvass/no-remove:latest ## Related information +* [plugin create](plugin_create.md) * [plugin ls](plugin_ls.md) * [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 24155a3ea4..d3be530f1f 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -60,6 +60,7 @@ tiborvass/no-remove latest A test plugin for Docker true ## Related information +* [plugin create](plugin_create.md) * [plugin ls](plugin_ls.md) * [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index 12de328142..3afae4f2de 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -43,6 +43,7 @@ tiborvass/no-remove latest A test plugin for Docker true ## Related information +* [plugin create](plugin_create.md) * [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) * [plugin inspect](plugin_inspect.md) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 4a86bc5c2b..ff56ab8d57 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -46,6 +46,7 @@ tiborvass/no-remove ## Related information +* [plugin create](plugin_create.md) * [plugin ls](plugin_ls.md) * [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md index 9a07f5d8eb..6dbd6ec389 100644 --- a/docs/reference/commandline/plugin_set.md +++ b/docs/reference/commandline/plugin_set.md @@ -43,6 +43,7 @@ $ docker plugin inspect -f {{.Config.Env}} tiborvass/no-remove ## Related information +* [plugin create](plugin_create.md) * [plugin ls](plugin_ls.md) * [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) From ad1fe309ec0e75273ecabef37dce4af71cc67828 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 8 Nov 2016 05:32:21 +0000 Subject: [PATCH 2024/2538] opts/mount: add tmpfs-specific options added following options: * tmpfs-size * tmpfs-mode Signed-off-by: Akihiro Suda --- docs/reference/commandline/run.md | 4 ++-- docs/reference/commandline/service_create.md | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index e89e771051..0f21ca76be 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -264,9 +264,9 @@ Docker daemon. For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/) -### Add bin-mounts or volumes using the --mounts flag +### Add bin-mounts or volumes using the --mount flag -The `--mounts` flag allows you to mount volumes, host-directories and `tmpfs` +The `--mount` flag allows you to mount volumes, host-directories and `tmpfs` mounts in a container. The `--mount` flag supports most options that are supported by the `-v` or the diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 8f33bf8c33..f68ebb7b40 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -200,6 +200,8 @@ or write from files or directories on other containers or the host operating system. These types are _data volumes_ (often referred to simply as volumes) and _bind-mounts_. +Additionally, Docker also supports tmpfs mounts. + A **bind-mount** makes a file or directory on the host available to the container it is mounted within. A bind-mount may be either read-only or read-write. For example, a container might share its host's DNS information by @@ -216,6 +218,8 @@ shared between a container and the host machine, as well as between multiple containers. Docker uses a _volume driver_ to create, manage, and mount volumes. You can back up or restore volumes using Docker commands. +A **tmpfs** mounts a tmpfs inside a container for volatile data. + Consider a situation where your image starts a lightweight web server. You could use that image as a base image, copy in your website's HTML files, and package that into another image. Each time your website changed, you'd need to update @@ -232,8 +236,8 @@ volumes in a service: | Option | Required | Description |:-----------------------------------------|:--------------------------|:----------------------------------------------------------------------------------------- -| **type** | | The type of mount, can be either `volume`, or `bind`. Defaults to `volume` if no type is specified.
  • `volume`: mounts a [managed volume](volume_create.md) into the container.
  • `bind`: bind-mounts a directory or file from the host into the container.
-| **src** or **source** | for `type=bind` only |
  • `type=volume`: `src` is an optional way to specify the name of the volume (for example, `src=my-volume`). If the named volume does not exist, it is automatically created. If no `src` is specified, the volume is assigned a random name which is guaranteed to be unique on the host, but may not be unique cluster-wide. A randomly-named volume has the same lifecycle as its container and is destroyed when the *container* is destroyed (which is upon `service update`, or when scaling or re-balancing the service).
  • `type=bind`: `src` is required, and specifies an absolute path to the file or directory to bind-mount (for example, `src=/path/on/host/`). An error is produced if the file or directory does not exist.
+| **type** | | The type of mount, can be either `volume`, `bind`, or `tmpfs`. Defaults to `volume` if no type is specified.
  • `volume`: mounts a [managed volume](volume_create.md) into the container.
  • `bind`: bind-mounts a directory or file from the host into the container.
  • `tmpfs`: mount a tmpfs in the container
+| **src** or **source** | for `type=bind` only |
  • `type=volume`: `src` is an optional way to specify the name of the volume (for example, `src=my-volume`). If the named volume does not exist, it is automatically created. If no `src` is specified, the volume is assigned a random name which is guaranteed to be unique on the host, but may not be unique cluster-wide. A randomly-named volume has the same lifecycle as its container and is destroyed when the *container* is destroyed (which is upon `service update`, or when scaling or re-balancing the service).
  • `type=bind`: `src` is required, and specifies an absolute path to the file or directory to bind-mount (for example, `src=/path/on/host/`). An error is produced if the file or directory does not exist.
  • `type=tmpfs`: `src` is not supported.
| **dst** or **destination** or **target** | yes | Mount path inside the container, for example `/some/path/in/container/`. If the path does not exist in the container's filesystem, the Engine creates a directory at the specified location before mounting the volume or bind-mount. | **readonly** or **ro** | | The Engine mounts binds and volumes `read-write` unless `readonly` option is given when mounting the bind or volume.

  • `true` or `1` or no value: Mounts the bind or volume read-only.
  • `false` or `0`: Mounts the bind or volume read-write.
@@ -284,6 +288,14 @@ The following options can only be used for named volumes (`type=volume`); | **volume-nocopy** | By default, if you attach an empty volume to a container, and files or directories already existed at the mount-path in the container (`dst`), the Engine copies those files and directories into the volume, allowing the host to access them. Set `volume-nocopy` to disables copying files from the container's filesystem to the volume and mount the empty volume.

A value is optional:
  • `true` or `1`: Default if you do not provide a value. Disables copying.
  • `false` or `0`: Enables copying.
| **volume-opt** | Options specific to a given volume driver, which will be passed to the driver when creating the volume. Options are provided as a comma-separated list of key/value pairs, for example, `volume-opt=some-option=some-value,some-other-option=some-other-value`. For available options for a given driver, refer to that driver's documentation. +#### Options for tmpfs +The following options can only be used for tmpfs mounts (`type=tmpfs`); + +| Option | Description +|:----------------------|:-------------------------------------------------------------------------------------------------------------------- +| **tmpfs-size** | Size of the tmpfs mount in bytes. Unlimited by default in Linux. +| **tmpfs-mode** | File mode of the tmpfs in octal. (e.g. `"700"` or `"0700"`.) Defaults to ``"1777"`` in Linux. + #### Differences between "--mount" and "--volume" The `--mount` flag supports most options that are supported by the `-v` From bf622eddc106363d85fe63651de6214e2fcfc5b6 Mon Sep 17 00:00:00 2001 From: erxian Date: Thu, 10 Nov 2016 12:08:15 +0800 Subject: [PATCH 2025/2538] update network ls docs to add SCOPE Signed-off-by: erxian --- docs/reference/commandline/network_ls.md | 70 ++++++++++++------------ 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index bd47da751a..ce5fb1d618 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -35,24 +35,24 @@ Lists all the networks the Engine `daemon` knows about. This includes the networks that span across multiple hosts in a cluster, for example: ```bash - $ sudo docker network ls - NETWORK ID NAME DRIVER - 7fca4eb8c647 bridge bridge - 9f904ee27bf5 none null - cf03ee007fb4 host host - 78b03ee04fc4 multi-host overlay +$ sudo docker network ls +NETWORK ID NAME DRIVER SCOPE +7fca4eb8c647 bridge bridge local +9f904ee27bf5 none null local +cf03ee007fb4 host host local +78b03ee04fc4 multi-host overlay local ``` Use the `--no-trunc` option to display the full network id: ```bash -docker network ls --no-trunc -NETWORK ID NAME DRIVER -18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null -c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host -7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge -95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge -63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 dev bridge +$ docker network ls --no-trunc +NETWORK ID NAME DRIVER SCOPE +18a2866682b85619a026c81b98a5e375bd33e1b0936a26cc497c283d27bae9b3 none null local +c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host host local +7b369448dccbf865d397c8d2be0cda7cf7edc6b0945f77d2529912ae917a0185 bridge bridge local +95e74588f40db048e86320c6526440c504650a1ff3e9f7d60a497c4d2163e5bd foo bridge local +63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 dev bridge local ``` ## Filtering @@ -78,9 +78,9 @@ The following example matches networks with the `bridge` driver: ```bash $ docker network ls --filter driver=bridge -NETWORK ID NAME DRIVER -db9db329f835 test1 bridge -f6e212da9dfd test2 bridge +NETWORK ID NAME DRIVER SCOPE +db9db329f835 test1 bridge local +f6e212da9dfd test2 bridge local ``` #### ID @@ -92,20 +92,20 @@ The following filter matches all networks with an ID containing the ```bash $ docker network ls --filter id=63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 -NETWORK ID NAME DRIVER -63d1ff1f77b0 dev bridge +NETWORK ID NAME DRIVER SCOPE +63d1ff1f77b0 dev bridge local ``` You can also filter for a substring in an ID as this shows: ```bash $ docker network ls --filter id=95e74588f40d -NETWORK ID NAME DRIVER -95e74588f40d foo bridge +NETWORK ID NAME DRIVER SCOPE +95e74588f40d foo bridge local $ docker network ls --filter id=95e -NETWORK ID NAME DRIVER -95e74588f40d foo bridge +NETWORK ID NAME DRIVER SCOPE +95e74588f40d foo bridge local ``` #### Label @@ -117,17 +117,17 @@ The following filter matches networks with the `usage` label regardless of its v ```bash $ docker network ls -f "label=usage" -NETWORK ID NAME DRIVER -db9db329f835 test1 bridge -f6e212da9dfd test2 bridge +NETWORK ID NAME DRIVER SCOPE +db9db329f835 test1 bridge local +f6e212da9dfd test2 bridge local ``` The following filter matches networks with the `usage` label with the `prod` value. ```bash $ docker network ls -f "label=usage=prod" -NETWORK ID NAME DRIVER -f6e212da9dfd test2 bridge +NETWORK ID NAME DRIVER SCOPE +f6e212da9dfd test2 bridge local ``` #### Name @@ -138,17 +138,17 @@ The following filter matches all networks with a name containing the `foobar` st ```bash $ docker network ls --filter name=foobar -NETWORK ID NAME DRIVER -06e7eef0a170 foobar bridge +NETWORK ID NAME DRIVER SCOPE +06e7eef0a170 foobar bridge local ``` You can also filter for a substring in a name as this shows: ```bash $ docker network ls --filter name=foo -NETWORK ID NAME DRIVER -95e74588f40d foo bridge -06e7eef0a170 foobar bridge +NETWORK ID NAME DRIVER SCOPE +95e74588f40d foo bridge local +06e7eef0a170 foobar bridge local ``` #### Type @@ -160,9 +160,9 @@ The following filter matches all user defined networks: ```bash $ docker network ls --filter type=custom -NETWORK ID NAME DRIVER -95e74588f40d foo bridge -63d1ff1f77b0 dev bridge +NETWORK ID NAME DRIVER SCOPE +95e74588f40d foo bridge local +63d1ff1f77b0 dev bridge local ``` By having this flag it allows for batch cleanup. For example, use this filter From ebacbb50aec7281467daf59980ccb6d81724c050 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 8 Nov 2016 18:29:10 -0800 Subject: [PATCH 2026/2538] Add `--dns-option` to `docker run` and hide `--dns-opt` This fix is a follow up to #27567 based on: https://github.com/docker/docker/pull/27567#issuecomment-259295055 In #27567, `--dns-options` has been added to `service create/update`, together with `--dns` and `--dns-search`. The `--dns-opt` was used in `docker run`. This fix add `--dns-option` (not `--dns-options`) to `docker run/create`, and hide `--dns-opt`. It is still possible to use `--dns-opt` with `docker run/create`, though it will not show up in help output. This fix change `--dns-options`to --dns-option` for `docker service create` and `docker service update`. This fix also updates the docs and bash/zsh completion scripts. Signed-off-by: Yong Tang --- contrib/completion/bash/docker | 2 +- contrib/completion/zsh/_docker | 2 +- docs/reference/commandline/create.md | 2 +- docs/reference/commandline/run.md | 2 +- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 12 ++++++------ docs/reference/run.md | 4 ++-- man/docker-create.1.md | 4 ++-- man/docker-run.1.md | 4 ++-- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2b363ab3bc..46edab76d6 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1248,7 +1248,7 @@ _docker_container_run() { --device-write-bps --device-write-iops --dns - --dns-opt + --dns-option --dns-search --entrypoint --env -e diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 615ebfbf8c..1537e76b8e 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -531,7 +531,7 @@ __docker_container_subcommand() { "($help)*--device-write-iops=[Limit the write rate (IO per second) to a device]:device:IO rate: " "($help)--disable-content-trust[Skip image verification]" "($help)*--dns=[Custom DNS servers]:DNS server: " - "($help)*--dns-opt=[Custom DNS options]:DNS option: " + "($help)*--dns-option=[Custom DNS options]:DNS option: " "($help)*--dns-search=[Custom DNS search domains]:DNS domains: " "($help)*"{-e=,--env=}"[Environment variables]:environment variable: " "($help)--entrypoint=[Overwrite the default entrypoint of the image]:entry point: " diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index e662132092..9fdfd4c205 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -50,7 +50,7 @@ Options: --device-write-iops value Limit write rate (IO per second) to a device (default []) --disable-content-trust Skip image verification (default true) --dns value Set custom DNS servers (default []) - --dns-opt value Set DNS options (default []) + --dns-option value Set DNS options (default []) --dns-search value Set custom DNS search domains (default []) --entrypoint string Overwrite the default ENTRYPOINT of the image -e, --env value Set environment variables (default []) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 0f21ca76be..d744c23a4d 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -54,7 +54,7 @@ Options: --device-write-iops value Limit write rate (IO per second) to a device (default []) --disable-content-trust Skip image verification (default true) --dns value Set custom DNS servers (default []) - --dns-opt value Set DNS options (default []) + --dns-option value Set DNS options (default []) --dns-search value Set custom DNS search domains (default []) --entrypoint string Overwrite the default ENTRYPOINT of the image -e, --env value Set environment variables (default []) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index f68ebb7b40..2893c84252 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -24,7 +24,7 @@ Options: --constraint list Placement constraints (default []) --container-label list Container labels (default []) --dns list Set custom DNS servers (default []) - --dns-options list Set DNS options (default []) + --dns-option list Set DNS options (default []) --dns-search list Set custom DNS search domains (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) -e, --env list Set environment variables (default []) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 261f1c3518..c5104103cc 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -26,12 +26,12 @@ Options: --constraint-rm list Remove a constraint (default []) --container-label-add list Add or update a container label (default []) --container-label-rm list Remove a container label by its key (default []) - --dns-add list Add or update custom DNS servers (default []) - --dns-options-add list Add or update DNS options (default []) - --dns-options-rm list Remove DNS options (default []) - --dns-rm list Remove custom DNS servers (default []) - --dns-search-add list Add or update custom DNS search domains (default []) - --dns-search-rm list Remove DNS search domains (default []) + --dns-add list Add or update a custom DNS server (default []) + --dns-option-add list Add or update a DNS option (default []) + --dns-option-rm list Remove a DNS option (default []) + --dns-rm list Remove a custom DNS server (default []) + --dns-search-add list Add or update a custom DNS search domain (default []) + --dns-search-rm list Remove a DNS search domain (default []) --endpoint-mode string Endpoint mode (vip or dnsrr) --env-add list Add or update an environment variable (default []) --env-rm list Remove an environment variable (default []) diff --git a/docs/reference/run.md b/docs/reference/run.md index 9bb6cfc11e..cda3957570 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -388,7 +388,7 @@ network mode a container has its own UTS namespace by default. As such `--hostname` is allowed in `host` network mode and will only change the hostname inside the container. Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and -`--dns-opt` options can be used in `host` network mode. These options update +`--dns-option` options can be used in `host` network mode. These options update `/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to `/etc/hosts` and `/etc/resolv.conf` on the host. @@ -407,7 +407,7 @@ or a High Performance Web Server. With the network set to `container` a container will share the network stack of another container. The other container's name must be provided in the format of `--network container:`. Note that `--add-host` -`--hostname` `--dns` `--dns-search` `--dns-opt` and `--mac-address` are +`--hostname` `--dns` `--dns-search` `--dns-option` and `--mac-address` are invalid in `container` netmode, and `--publish` `--publish-all` `--expose` are also invalid in `container` netmode. diff --git a/man/docker-create.1.md b/man/docker-create.1.md index 767a7fc307..8bb162c2c3 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -31,7 +31,7 @@ docker-create - Create a new container [**--device-write-iops**[=*[]*]] [**--dns**[=*[]*]] [**--dns-search**[=*[]*]] -[**--dns-opt**[=*[]*]] +[**--dns-option**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] [**--env-file**[=*[]*]] @@ -190,7 +190,7 @@ two memory nodes. **--dns**=[] Set custom DNS servers -**--dns-opt**=[] +**--dns-option**=[] Set custom DNS options **--dns-search**=[] diff --git a/man/docker-run.1.md b/man/docker-run.1.md index ebede9a64f..5224895c91 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -32,7 +32,7 @@ docker-run - Run a command in a new container [**--device-write-bps**[=*[]*]] [**--device-write-iops**[=*[]*]] [**--dns**[=*[]*]] -[**--dns-opt**[=*[]*]] +[**--dns-option**[=*[]*]] [**--dns-search**[=*[]*]] [**-e**|**--env**[=*[]*]] [**--entrypoint**[=*ENTRYPOINT*]] @@ -260,7 +260,7 @@ See **config-json(5)** for documentation on using a configuration file. **--dns-search**=[] Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) -**--dns-opt**=[] +**--dns-option**=[] Set custom DNS options **--dns**=[] From fdfcbe778a4f6cfd2a7bf398eec4525249cdd78e Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Mon, 7 Nov 2016 18:51:47 -0800 Subject: [PATCH 2027/2538] rename plugin manifest Signed-off-by: Victor Vieux --- docs/extend/{manifest.md => config.md} | 30 +++++++++------------ docs/extend/index.md | 26 +++++++++--------- docs/reference/commandline/plugin_create.md | 6 ++--- 3 files changed, 28 insertions(+), 34 deletions(-) rename docs/extend/{manifest.md => config.md} (85%) diff --git a/docs/extend/manifest.md b/docs/extend/config.md similarity index 85% rename from docs/extend/manifest.md rename to docs/extend/config.md index 7cc7b47798..91dd281475 100644 --- a/docs/extend/manifest.md +++ b/docs/extend/config.md @@ -2,7 +2,7 @@ aliases: [ "/engine/extend/" ] -title: "Plugin manifest" +title: "Plugin config" description: "How develop and use a plugin with the managed plugin system" keywords: "API, Usage, plugins, documentation, developer" advisory: "experimental" @@ -17,29 +17,25 @@ advisory: "experimental" will be rejected. --> -# Plugin Manifest Version 0 of Plugin V2 +# Plugin Config Version 0 of Plugin V2 -This document outlines the format of the V0 plugin manifest. The plugin -manifest described herein was introduced in the Docker daemon (experimental version) in the [v1.12.0 +This document outlines the format of the V0 plugin config. The plugin +config described herein was introduced in the Docker daemon (experimental version) in the [v1.12.0 release](https://github.com/docker/docker/commit/f37117045c5398fd3dca8016ea8ca0cb47e7312b). -Plugin manifests describe the various constituents of a docker plugin. Plugin -manifests can be serialized to JSON format with the following media types: +Plugin configs describe the various constituents of a docker plugin. Plugin +configs can be serialized to JSON format with the following media types: -Manifest Type | Media Type +Config Type | Media Type ------------- | ------------- -manifest | "application/vnd.docker.plugin.v0+json" +config | "application/vnd.docker.plugin.v0+json" -## *Manifest* Field Descriptions +## *Config* Field Descriptions -Manifest provides the base accessible fields for working with V0 plugin format +Config provides the base accessible fields for working with V0 plugin format in the registry. -- **`manifestVersion`** *string* - - version of the plugin manifest (This version uses V0) - - **`description`** *string* description of the plugin @@ -169,13 +165,13 @@ Manifest provides the base accessible fields for working with V0 plugin format values of the args. -## Example Manifest +## Example Config -*Example showing the 'tiborvass/no-remove' plugin manifest.* +*Example showing the 'tiborvass/no-remove' plugin config.* ``` { - "manifestVersion": "v0", + "configVersion": "v0", "description": "A test plugin for Docker", "documentation": "https://docs.docker.com/engine/extend/plugins/", "entrypoint": ["plugin-no-remove", "/data"], diff --git a/docs/extend/index.md b/docs/extend/index.md index 736e225520..7c82d56928 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -141,7 +141,7 @@ a `plugins.json` with a single plugin installed. { "cd851ce43a403": { "plugin": { - "Manifest": { + "Config": { "Args": { "Value": null, "Settable": null, @@ -154,7 +154,6 @@ a `plugins.json` with a single plugin installed. "Capabilities": [ "CAP_SYS_ADMIN" ], - "ManifestVersion": "v0", "Description": "sshFS plugin for Docker", "Documentation": "https://docs.docker.com/engine/extend/plugins/", "Interface": { @@ -196,8 +195,8 @@ and two JSON files. # ls -la /var/lib/docker/plugins/cd851ce43a403 total 12 drwx------ 19 root root 4096 Aug 8 17:56 rootfs --rw-r--r-- 1 root root 50 Aug 8 17:56 plugin-config.json --rw------- 1 root root 347 Aug 8 17:56 manifest.json +-rw-r--r-- 1 root root 50 Aug 8 17:56 plugin-settings.json +-rw------- 1 root root 347 Aug 8 17:56 config.json ``` #### The rootfs directory @@ -219,17 +218,16 @@ $ docker rm -vf "$id" $ docker rmi rootfs ``` -#### The manifest.json and plugin-config.json files +#### The config.json and plugin-settings.json files -The `manifest.json` file describes the plugin. The `plugin-config.json` file +The `config.json` file describes the plugin. The `plugin-settings.json` file contains runtime parameters and is only required if your plugin has runtime -parameters. [See the Plugins Manifest reference](manifest.md). +parameters. [See the Plugins Config reference](config.md). -Consider the following `manifest.json` file. +Consider the following `config.json` file. ```json { - "manifestVersion": "v0", "description": "sshFS plugin for Docker", "documentation": "https://docs.docker.com/engine/extend/plugins/", "entrypoint": ["/go/bin/docker-volume-sshfs"], @@ -250,7 +248,7 @@ entrypoint and uses the `/run/docker/plugins/sshfs.sock` socket to communicate with Docker Engine. -Consider the following `plugin-config.json` file. +Consider the following `plugin-settings.json` file. ```json { @@ -264,8 +262,8 @@ Consider the following `plugin-config.json` file. This plugin has no runtime parameters. Each of these JSON files is included as part of `plugins.json`, as you can see -by looking back at the example above. After a plugin is installed, `manifest.json` -is read-only, but `plugin-config.json` is read-write, and includes all runtime +by looking back at the example above. After a plugin is installed, `config.json` +is read-only, but `plugin-settings.json` is read-write, and includes all runtime configuration options for the plugin. ### Creating the plugin @@ -279,9 +277,9 @@ Follow these steps to create a plugin: using `docker export`. See [The rootfs directory](#the-rootfs-directory) for an example of creating a `rootfs`. -3. Create a `manifest.json` file in `/var/lib/docker/plugins/$id/`. +3. Create a `config.json` file in `/var/lib/docker/plugins/$id/`. -4. Create a `plugin-config.json` file if needed. +4. Create a `plugin-settings.json` file if needed. 5. Create or add a section to `/var/lib/docker/plugins/plugins.json`. Use `/` as “Name” and `$id` as “Id”. diff --git a/docs/reference/commandline/plugin_create.md b/docs/reference/commandline/plugin_create.md index 3eff033216..3246e41395 100644 --- a/docs/reference/commandline/plugin_create.md +++ b/docs/reference/commandline/plugin_create.md @@ -17,7 +17,7 @@ advisory: "experimental" ```markdown Usage: docker plugin create [OPTIONS] reponame[:tag] PATH-TO-ROOTFS -create a plugin from the given PATH-TO-ROOTFS, which contains the plugin's root filesystem and the manifest file, manifest.json +create a plugin from the given PATH-TO-ROOTFS, which contains the plugin's root filesystem and the config file, config.json Options: --compress Compress the context using gzip @@ -25,7 +25,7 @@ Options: ``` Creates a plugin. Before creating the plugin, prepare the plugin's root filesystem as well as -the manifest.json (https://github.com/docker/docker/blob/master/docs/extend/manifest.md) +the config.json (https://github.com/docker/docker/blob/master/docs/extend/config.md) The following example shows how to create a sample `plugin`. @@ -34,7 +34,7 @@ The following example shows how to create a sample `plugin`. $ ls -ls /home/pluginDir -4 -rw-r--r-- 1 root root 431 Nov 7 01:40 manifest.json +4 -rw-r--r-- 1 root root 431 Nov 7 01:40 config.json 0 drwxr-xr-x 19 root root 420 Nov 7 01:40 rootfs $ docker plugin create plugin /home/pluginDir From 9af599ffc5e7c6024392c55e9ff1b7af6a24a93e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 30 Oct 2016 22:46:21 +0100 Subject: [PATCH 2028/2538] Add zsh completion for 'docker system' subcommands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 86 +++++++++++++++++++++++++++++----- 1 file changed, 74 insertions(+), 12 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1537e76b8e..16edfd2ced 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1825,6 +1825,56 @@ __docker_swarm_subcommand() { # EO swarm +# BO system + +__docker_system_commands() { + local -a _docker_system_subcommands + _docker_system_subcommands=( + "df:Show docker disk usage" + "events:Get real time events from the server" + "info:Display system-wide information" + "prune:Remove unused data" + ) + _describe -t docker-system-commands "docker system command" _docker_system_subcommands +} + +__docker_system_subcommand() { + local -a _command_args opts_help + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + + case "$words[1]" in + (df) + # @TODO + ;; + (events) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_events_filter" \ + "($help)--since=[Events created since this timestamp]:timestamp: " \ + "($help)--until=[Events created until this timestamp]:timestamp: " \ + "($help)--format=[Format the output using the given go template]:template: " && ret=0 + ;; + (info) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 + ;; + (prune) + # @TODO + ;; + (help) + _arguments $(__docker_arguments) ":subcommand:__docker_volume_commands" && ret=0 + ;; + esac + + return ret +} + +# EO system + # BO volume __docker_volume_complete_ls_filters() { @@ -2093,13 +2143,8 @@ __docker_subcommand() { ;; esac ;; - (events) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_events_filter" \ - "($help)--since=[Events created since this timestamp]:timestamp: " \ - "($help)--until=[Events created until this timestamp]:timestamp: " \ - "($help)--format=[Format the output using the given go template]:template: " && ret=0 + (events|info) + __docker_system_subcommand && ret=0 ;; (image) local curcontext="$curcontext" state @@ -2122,11 +2167,6 @@ __docker_subcommand() { words[1]='ls' __docker_image_subcommand && ret=0 ;; - (info|version) - _arguments $(__docker_arguments) \ - $opts_help \ - "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 - ;; (inspect) local state _arguments $(__docker_arguments) \ @@ -2267,6 +2307,28 @@ __docker_subcommand() { ;; esac ;; + (system) + local curcontext="$curcontext" state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_system_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-${words[-1]}: + __docker_system_subcommand && ret=0 + ;; + esac + ;; + (version) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 + ;; (volume) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ From f2e2ba5d43da96afa68a2900fd02669f6e7d5a27 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 10 Nov 2016 20:51:44 +0100 Subject: [PATCH 2029/2538] Add zsh completion for new prune commands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 26 +++++++++++++++++++--- docs/reference/commandline/system_prune.md | 2 +- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 16edfd2ced..b206bc555d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -729,7 +729,9 @@ __docker_container_subcommand() { "($help -)2:port:_ports" && ret=0 ;; (prune) - # @TODO + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 ;; (rename) _arguments $(__docker_arguments) \ @@ -970,7 +972,10 @@ __docker_image_subcommand() { esac ;; (prune) - # @TODO + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -a --all)"{-a,--all}"[Remove all unused images, not just dangling ones]" \ + "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 ;; (pull) _arguments $(__docker_arguments) \ @@ -1115,6 +1120,7 @@ __docker_network_commands() { "disconnect:Disconnects a container from a network" "inspect:Displays detailed information on a network" "ls:Lists all the networks created by the user" + "prune:Remove all unused networks" "rm:Deletes one or more networks" ) _describe -t docker-network-commands "docker network command" _docker_network_subcommands @@ -1190,6 +1196,11 @@ __docker_network_subcommand() { ;; esac ;; + (prune) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 + ;; (rm) _arguments $(__docker_arguments) \ $opts_help \ @@ -1863,7 +1874,10 @@ __docker_system_subcommand() { "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " && ret=0 ;; (prune) - # @TODO + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -a --all)"{-a,--all}"[Remove all unused data, not just dangling ones]" \ + "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 ;; (help) _arguments $(__docker_arguments) ":subcommand:__docker_volume_commands" && ret=0 @@ -1943,6 +1957,7 @@ __docker_volume_commands() { "create:Create a volume" "inspect:Display detailed information on one or more volumes" "ls:List volumes" + "prune:Remove all unused volumes" "rm:Remove one or more volumes" ) _describe -t docker-volume-commands "docker volume command" _docker_volume_subcommands @@ -1982,6 +1997,11 @@ __docker_volume_subcommand() { ;; esac ;; + (prune) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 + ;; (rm) _arguments $(__docker_arguments) \ $opts_help \ diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index 25a3d0a4bb..46f8c4364a 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -21,7 +21,7 @@ Usage: docker system prune [OPTIONS] Delete unused data Options: - -a, --all Remove all unused images not just dangling ones + -a, --all Remove all unused data not just dangling ones -f, --force Do not prompt for confirmation --help Print usage ``` From 09cb462754a0d05041267415388632a8b5440f9e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 10 Nov 2016 21:10:22 +0100 Subject: [PATCH 2030/2538] Add zsh completion for 'docker {run,create} --cpus' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index b206bc555d..2a4e149782 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -524,6 +524,7 @@ __docker_container_subcommand() { "($help)*--cap-drop=[Drop Linux capabilities]:capability: " "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " "($help)--cidfile=[Write the container ID to the file]:CID file:_files" + "($help)--cpus=[Number of CPUs (default 0.000)]:cpus: " "($help)*--device=[Add a host device to the container]:device:_files" "($help)*--device-read-bps=[Limit the read rate (bytes per second) from a device]:device:IO rate: " "($help)*--device-read-iops=[Limit the read rate (IO per second) from a device]:device:IO rate: " From 6073e433cdfef0ef1d4689ab9b038d20017036d3 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 10 Nov 2016 21:00:17 +0100 Subject: [PATCH 2031/2538] Add zsh completion for 'docker service create --hostname' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2a4e149782..2ee7eaf64d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1684,6 +1684,7 @@ __docker_service_subcommand() { $opts_create_update \ "($help)*--container-label=[Container labels]:label: " \ "($help)*--env-file=[Read environment variables from a file]:environment file:_files" \ + "($help)--hostname=[Service containers hostname]:hostname: " \ "($help)--mode=[Service Mode]:mode:(global replicated)" \ "($help)--name=[Service name]:name: " \ "($help -): :__docker_complete_images" \ From e3f47c4a55546a25ef09cbf351c92814d8c8766f Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 10 Nov 2016 21:25:24 +0100 Subject: [PATCH 2032/2538] Add zsh completion for 'docker service {create,update} --tty' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2ee7eaf64d..8215478384 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1667,6 +1667,7 @@ __docker_service_subcommand() { "($help)--restart-max-attempts=[Maximum number of restarts before giving up]:max-attempts: " "($help)--restart-window=[Window used to evaluate the restart policy]:window: " "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: " + "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-TTY]" "($help)--update-delay=[Delay between updates]:delay: " "($help)--update-failure-action=[Action on update failure]:mode:(pause continue)" "($help)--update-max-failure-ratio=[Failure rate to tolerate during an update]:fraction: " From 071348d3929fc94bd67e7412f754cda46ff3f435 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 10 Nov 2016 21:21:25 +0100 Subject: [PATCH 2033/2538] Add zsh completion for 'docker daemon --seccomp-profile' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8215478384..ac3c31a049 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2127,6 +2127,7 @@ __docker_subcommand() { "($help -p --pidfile)"{-p=,--pidfile=}"[Path to use for daemon PID file]:PID file:_files" \ "($help)--raw-logs[Full timestamps without ANSI coloring]" \ "($help)*--registry-mirror=[Preferred Docker registry mirror]:registry mirror: " \ + "($help)--seccomp-profile=[Path to seccomp profile]:path:_files -g \"*.json\"" \ "($help -s --storage-driver)"{-s=,--storage-driver=}"[Storage driver to use]:driver:(aufs btrfs devicemapper overlay overlay2 vfs zfs)" \ "($help)--selinux-enabled[Enable selinux support]" \ "($help)--shutdown-timeout=[Set the shutdown timeout value in seconds]:time: " \ From 63545ecf95e1c4fe92818cd2939ce0eb8582d99e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 10 Nov 2016 21:31:34 +0100 Subject: [PATCH 2034/2538] Add zsh completion for 'docker {node rm,swarm leave} -f' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ac3c31a049..ede1045690 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1372,7 +1372,7 @@ __docker_node_subcommand() { (rm|remove) _arguments $(__docker_arguments) \ $opts_help \ - "($help)--force[Force remove a node from the swarm]" \ + "($help -f --force)"{-f,--force}"[Force remove a node from the swarm]" \ "($help -)*:node:__docker_complete_pending_nodes" && ret=0 ;; (demote) @@ -1817,7 +1817,8 @@ __docker_swarm_subcommand() { ;; (leave) _arguments $(__docker_arguments) \ - $opts_help && ret=0 + $opts_help \ + "($help -f --force)"{-f,--force}"[Force this node to leave the swarm, ignoring warnings]" && ret=0 ;; (update) _arguments $(__docker_arguments) \ From 8342baa829a7a63fc6cedfd2d1b9a7c22874195b Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Thu, 10 Nov 2016 10:15:16 -0800 Subject: [PATCH 2035/2538] update swagger and docs Signed-off-by: Victor Vieux --- docs/reference/commandline/plugin_set.md | 55 ++++++++++++++++++++++-- 1 file changed, 51 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md index 6dbd6ec389..36a24f2061 100644 --- a/docs/reference/commandline/plugin_set.md +++ b/docs/reference/commandline/plugin_set.md @@ -27,20 +27,67 @@ Options: Change settings for a plugin. The plugin must be disabled. +The settings currently supported are: + * env variables + * source of mounts + * path of devices + * args -The following example installs change the env variable `DEBUG` of the +The following example change the env variable `DEBUG` on the `no-remove` plugin. ```bash -$ docker plugin inspect -f {{.Config.Env}} tiborvass/no-remove +$ docker plugin inspect -f {{.Settings.Env}} tiborvass/no-remove [DEBUG=0] -$ docker plugin set DEBUG=1 tiborvass/no-remove +$ docker plugin set tiborvass/no-remove DEBUG=1 -$ docker plugin inspect -f {{.Config.Env}} tiborvass/no-remove +$ docker plugin inspect -f {{.Settings.Env}} tiborvass/no-remove [DEBUG=1] ``` +The following example change the source of the `mymount` mount on +the `myplugin` plugin. + +```bash +$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin +/foo + +$ docker plugins set myplugin mymount.source=/bar + +$ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin +/bar +``` + +Note: since only `source` is settable in `mymount`, `docker plugins set mymount=/bar myplugin` would work too. + +The following example change the path of the `mydevice` device on +the `myplugin` plugin. + +```bash +$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin +/dev/foo + +$ docker plugins set myplugin mydevice.path=/dev/bar + +$ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin +/dev/bar +``` + +Note: since only `path` is settable in `mydevice`, `docker plugins set mydevice=/dev/bar myplugin` would work too. + +The following example change the source of the args on the `myplugin` plugin. + +```bash +$ docker plugin inspect -f '{{.Settings.Args}}' myplugin +["foo", "bar"] + +$ docker plugins set myplugin args="foo bar baz" + +$ docker plugin inspect -f '{{.Settings.Args}}' myplugin +["foo", "bar", "baz"] +``` + ## Related information * [plugin create](plugin_create.md) From c6ea37860f15af1c747660bf930f9ecaebc2f5df Mon Sep 17 00:00:00 2001 From: allencloud Date: Wed, 9 Nov 2016 12:06:00 +0800 Subject: [PATCH 2036/2538] change node ls and service ls api and docs Signed-off-by: allencloud --- docs/reference/commandline/node_ls.md | 70 +++++++++++++++++------- docs/reference/commandline/service_ls.md | 8 +-- 2 files changed, 53 insertions(+), 25 deletions(-) diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 1bc9998f67..cdcae4e48e 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -49,24 +49,13 @@ than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "b The currently supported filters are: -* name -* id -* label +* [id](node_ls.md#id) +* [label](node_ls.md#label) +* [membership](node_ls.md#membership) +* [name](node_ls.md#name) +* [role](node_ls.md#role) -### name - -The `name` filter matches on all or part of a node name. - -The following filter matches the node with a name equal to `swarm-master` string. - -```bash -$ docker node ls -f name=swarm-manager1 - -ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS -e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader -``` - -### id +#### ID The `id` filter matches all or part of a node's id. @@ -77,12 +66,11 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active ``` -#### label +#### Label -The `label` filter matches tasks based on the presence of a `label` alone or a `label` and a -value. +The `label` filter matches nodes based on engine labels and on the presence of a `label` alone or a `label` and a value. Node labels are currently not used for filtering. -The following filter matches nodes with the `usage` label regardless of its value. +The following filter matches nodes with the `foo` label regardless of its value. ```bash $ docker node ls -f "label=foo" @@ -91,6 +79,46 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active ``` +#### Membership + +The `membership` filter matches nodes based on the presence of a `membership` and a value +`accepted` or `pending`. + +The following filter matches nodes with the `membership` of `accepted`. + +```bash +$ docker node ls -f "membership=accepted" + +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active +38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active +``` + +#### Name + +The `name` filter matches on all or part of a node hostname. + +The following filter matches the nodes with a name equal to `swarm-master` string. + +```bash +$ docker node ls -f name=swarm-manager1 + +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader +``` + +#### Role + +The `role` filter matches nodes based on the presence of a `role` and a value `worker` or `manager`. + +The following filter matches nodes with the `manager` role. + +```bash +$ docker node ls -f "role=manager" + +ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS +e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader +``` ## Related information diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 40a98e076f..28378dde06 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -51,9 +51,9 @@ than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "b The currently supported filters are: -* [id](#id) -* [label](#label) -* [name](#name) +* [id](service_ls.md#id) +* [label](service_ls.md#label) +* [name](service_ls.md#name) #### ID @@ -93,7 +93,7 @@ ID NAME MODE REPLICAS IMAGE #### Name -The `name` filter matches on all or part of a tasks's name. +The `name` filter matches on all or part of a service's name. The following filter matches services with a name containing `redis`. From 0e93a16289b952e220b96b5fd74c737ee3251e5c Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 10 Nov 2016 12:05:19 -0800 Subject: [PATCH 2037/2538] cli: Change autolock flag description This change incorporates feedback from @thaJeztah in the PR that added the autolock flag. It changes the descriptions to be different for "swarm init" and "swarm update" so that the boolean nature so that the purpose of the flag in both contexts is clearer. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/swarm_init.md | 2 +- docs/reference/commandline/swarm_update.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index d2a8846f2b..3a98ee9dad 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -22,7 +22,7 @@ Initialize a swarm Options: --advertise-addr value Advertised address (format: [:port]) - --autolock Enable or disable manager autolocking (requiring an unlock key to start a stopped manager) + --autolock Enable manager autolocking (requiring an unlock key to start a stopped manager) --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) --external-ca value Specifications of one or more certificate signing endpoints diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 78d4ba8969..84b79135a3 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -21,7 +21,7 @@ Usage: docker swarm update [OPTIONS] Update the swarm Options: - --autolock Enable or disable manager autolocking (requiring an unlock key to start a stopped manager) + --autolock Change manager autolocking setting (true|false) --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) --external-ca value Specifications of one or more certificate signing endpoints From 2d85970a8c04465ccec4361e2464db30714309ca Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Wed, 9 Nov 2016 16:59:01 -0800 Subject: [PATCH 2038/2538] service logs reference documentation Signed-off-by: Andrea Luzzardi --- docs/reference/commandline/service_logs.md | 67 ++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 docs/reference/commandline/service_logs.md diff --git a/docs/reference/commandline/service_logs.md b/docs/reference/commandline/service_logs.md new file mode 100644 index 0000000000..eb319141e5 --- /dev/null +++ b/docs/reference/commandline/service_logs.md @@ -0,0 +1,67 @@ +--- +title: "service logs (experimental)" +description: "The service logs command description and usage" +keywords: "service, logs" +advisory: "experimental" +--- + + + +# service logs + +```Markdown +Usage: docker service logs [OPTIONS] SERVICE + +Fetch the logs of a service + +Options: + --details Show extra details provided to logs + -f, --follow Follow log output + --help Print usage + --since string Show logs since timestamp + --tail string Number of lines to show from the end of the logs (default "all") + -t, --timestamps Show timestamps +``` + +The `docker service logs` command batch-retrieves logs present at the time of execution. + +> **Note**: this command is only functional for services that are started with +> the `json-file` or `journald` logging driver. + +For more information about selecting and configuring login-drivers, refer to +[Configure logging drivers](https://docs.docker.com/engine/admin/logging/overview/). + +The `docker service logs --follow` command will continue streaming the new output from +the service's `STDOUT` and `STDERR`. + +Passing a negative number or a non-integer to `--tail` is invalid and the +value is set to `all` in that case. + +The `docker service logs --timestamps` command will add an [RFC3339Nano timestamp](https://golang.org/pkg/time/#pkg-constants) +, for example `2014-09-16T06:17:46.000000000Z`, to each +log entry. To ensure that the timestamps are aligned the +nano-second part of the timestamp will be padded with zero when necessary. + +The `docker service logs --details` command will add on extra attributes, such as +environment variables and labels, provided to `--log-opt` when creating the +service. + +The `--since` option shows only the service logs generated after +a given date. You can specify the date as an RFC 3339 date, a UNIX +timestamp, or a Go duration string (e.g. `1m30s`, `3h`). Besides RFC3339 date +format you may also use RFC3339Nano, `2006-01-02T15:04:05`, +`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local +timezone on the client will be used if you do not provide either a `Z` or a +`+-00:00` timezone offset at the end of the timestamp. When providing Unix +timestamps enter seconds[.nanoseconds], where seconds is the number of seconds +that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap +seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a +fraction of a second no more than nine digits long. You can combine the +`--since` option with either or both of the `--follow` or `--tail` options. From 9cda7c331e9b87186a8bf0ab933a56160b6b80b6 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 3 Nov 2016 08:05:00 -0700 Subject: [PATCH 2039/2538] Add flag `--host` to `service create` and `--host-add/--host-rm` to `service update` This fix tries to address 27902 by adding a flag `--host` to `docker service create` and `--host-add/--host-rm` to `docker service update`, so that it is possible to specify extra `host:ip` settings in `/etc/hosts`. This fix adds `Hosts` in swarmkit's `ContainerSpec` so that it is possible to specify extra hosts during service creation. Related docs has been updated. An integration test has been added. This fix fixes 27902. Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 1 + docs/reference/commandline/service_update.md | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 2893c84252..9f441c05fe 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -35,6 +35,7 @@ Options: --health-retries int Consecutive failures needed to report unhealthy --health-timeout duration Maximum time to allow one check to run (default none) --help Print usage + --host list Set one or more custom host-to-IP mappings (host:ip) (default []) --hostname string Container hostname -l, --label list Service labels (default []) --limit-cpu decimal Limit CPUs (default 0.000) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index c5104103cc..51a9dd3dda 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -43,6 +43,8 @@ Options: --health-retries int Consecutive failures needed to report unhealthy --health-timeout duration Maximum time to allow one check to run (default none) --help Print usage + --host-add list Add or update a custom host-to-IP mapping (host:ip) (default []) + --host-rm list Remove a custom host-to-IP mapping (host:ip) (default []) --image string Service image tag --label-add list Add or update a service label (default []) --label-rm list Remove a label by its key (default []) From 410d4ce7ae3b1bfc2f28ad6a7cfd9b3177c0dd1b Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 9 Nov 2016 17:49:09 -0800 Subject: [PATCH 2040/2538] move plugins out of experimental Signed-off-by: Victor Vieux --- docs/extend/config.md | 6 ++---- docs/extend/index.md | 4 ---- docs/extend/legacy_plugins.md | 4 ++-- docs/extend/plugin_api.md | 3 +-- docs/extend/plugins_authorization.md | 4 ++-- docs/reference/commandline/plugin_create.md | 7 ++++--- docs/reference/commandline/plugin_disable.md | 3 +-- docs/reference/commandline/plugin_enable.md | 3 +-- docs/reference/commandline/plugin_inspect.md | 3 +-- docs/reference/commandline/plugin_install.md | 3 +-- docs/reference/commandline/plugin_ls.md | 3 +-- docs/reference/commandline/plugin_rm.md | 3 +-- docs/reference/commandline/plugin_set.md | 3 +-- 13 files changed, 18 insertions(+), 31 deletions(-) diff --git a/docs/extend/config.md b/docs/extend/config.md index 91dd281475..31c785c8e5 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -5,7 +5,6 @@ aliases: [ title: "Plugin config" description: "How develop and use a plugin with the managed plugin system" keywords: "API, Usage, plugins, documentation, developer" -advisory: "experimental" --- +# plugin create + ```markdown Usage: docker plugin create [OPTIONS] reponame[:tag] PATH-TO-ROOTFS -create a plugin from the given PATH-TO-ROOTFS, which contains the plugin's root filesystem and the config file, config.json +Create a plugin from a rootfs and configuration Options: --compress Compress the context using gzip diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index 515fdec5cd..4e4412c01a 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -2,7 +2,6 @@ title: "plugin disable" description: "the plugin disable command description and usage" keywords: "plugin, disable" -advisory: "experimental" --- -# plugin disable (experimental) +# plugin disable ```markdown Usage: docker plugin disable PLUGIN diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index d23a6661c6..fdebf5b276 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -2,7 +2,6 @@ title: "plugin enable" description: "the plugin enable command description and usage" keywords: "plugin, enable" -advisory: "experimental" --- -# plugin enable (experimental) +# plugin enable ```markdown Usage: docker plugin enable PLUGIN diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 4c81a65142..4ba484b513 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -2,7 +2,6 @@ title: "plugin inspect" description: "The plugin inspect command description and usage" keywords: "plugin, inspect" -advisory: "experimental" --- -# plugin inspect (experimental) +# plugin inspect ```markdown Usage: docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...] diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index d3be530f1f..259a1d4444 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -2,7 +2,6 @@ title: "plugin install" description: "the plugin install command description and usage" keywords: "plugin, install" -advisory: "experimental" --- -# plugin install (experimental) +# plugin install ```markdown Usage: docker plugin install [OPTIONS] PLUGIN [KEY=VALUE...] diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index 3afae4f2de..bb2e0bbe53 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -2,7 +2,6 @@ title: "plugin ls" description: "The plugin ls command description and usage" keywords: "plugin, list" -advisory: "experimental" --- -# plugin ls (experimental) +# plugin ls ```markdown Usage: docker plugin ls [OPTIONS] diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index ff56ab8d57..29840455a9 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -2,7 +2,6 @@ title: "plugin rm" description: "the plugin rm command description and usage" keywords: "plugin, rm" -advisory: "experimental" --- -# plugin rm (experimental) +# plugin rm ```markdown Usage: docker plugin rm [OPTIONS] PLUGIN [PLUGIN...] diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md index 36a24f2061..3873f47c76 100644 --- a/docs/reference/commandline/plugin_set.md +++ b/docs/reference/commandline/plugin_set.md @@ -2,7 +2,6 @@ title: "plugin set" description: "the plugin set command description and usage" keywords: "plugin, set" -advisory: "experimental" --- -# plugin set (experimental) +# plugin set ```markdown Usage: docker plugin set PLUGIN KEY=VALUE [KEY=VALUE...] From 0b24403d99acae20ce2a472a091a94147c3a02fc Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 10 Nov 2016 10:39:23 +0800 Subject: [PATCH 2041/2538] Remove redundant parameter and fix typos Signed-off-by: yuexiao-wang --- docs/reference/commandline/diff.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/diff.md b/docs/reference/commandline/diff.md index ac47e33d3c..be27678dcd 100644 --- a/docs/reference/commandline/diff.md +++ b/docs/reference/commandline/diff.md @@ -24,7 +24,7 @@ Options: --help Print usage ``` -List the changed files and directories in a container᾿s filesystem +List the changed files and directories in a container᾿s filesystem. There are 3 events that are listed in the `diff`: 1. `A` - Add From 13fe886540e915819cccddf37bac664976abe724 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Fri, 11 Nov 2016 11:01:31 +0800 Subject: [PATCH 2042/2538] Add --with-registry-auth for stack deploy Signed-off-by: yuexiao-wang --- docs/reference/commandline/stack_deploy.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 8b0a4dba5f..93784a3b00 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -25,8 +25,9 @@ Aliases: deploy, up Options: - --file string Path to a Distributed Application Bundle file (Default: STACK.dab) - --help Print usage + --file string Path to a Distributed Application Bundle file (Default: STACK.dab) + --help Print usage + --with-registry-auth Send registry authentication details to swarm agents ``` Create and update a stack from a `dab` file on the swarm. This command From b70107a95155b29d384fa36e385ad596ad3ccfc1 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 11 Nov 2016 09:23:02 +0000 Subject: [PATCH 2043/2538] Update docs/deprecated.md for 1.13 Signed-off-by: Akihiro Suda --- docs/deprecated.md | 40 ++++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index c7d3611804..95272742e5 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -43,6 +43,32 @@ The daemon is moved to a separate binary (`dockerd`), and should be used instead Duplicate keys with conflicting values have been deprecated. A warning is displayed in the output, and an error will be returned in the future. +### `MAINTAINER` in Dockerfile +**Deprecated In Release: v1.13.0** + +`MAINTAINER` was an early very limited form of `LABEL` which should be used instead. + +### API calls without a version +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** + +**Target For Removal In Release: v1.16** + +API versions should be supplied to all API calls to ensure compatibility with +future Engine versions. Instead of just requesting, for example, the URL +`/containers/json`, you must now request `/v1.25/containers/json`. + +### Backing filesystem without `d_type` support for overlay/overlay2 +**Deprecated In Release: v1.13.0** + +**Target For Removal In Release: v1.16** + +The overlay and overlay2 storage driver does not work as expected if the backing +filesystem does not support `d_type`. For example, XFS does not support `d_type` +if it is formatted with the `ftype=0` option. + +Please also refer to [#27358](https://github.com/docker/docker/issues/27358) for +futher information. + ### Three argument form in `docker import` **Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** @@ -221,17 +247,3 @@ Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the - DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE - DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE - -### `MAINTAINER` in Dockerfile -**Deprecated In Release: v1.13.0** - -`MAINTAINER` was an early very limited form of `LABEL` which should be used instead. - -### API calls without a version -**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** - -**Target For Removal In Release: v1.16** - -API versions should be supplied to all API calls to ensure compatibility with -future Engine versions. Instead of just requesting, for example, the URL -`/containers/json`, you must now request `/v1.25/containers/json`. From e17ee80404f66968e8d72f57a5794dfc76d5c6ad Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 11 Nov 2016 15:34:01 +0100 Subject: [PATCH 2044/2538] =?UTF-8?q?Add=20reference=20filter=20and=20depr?= =?UTF-8?q?ecated=20filter=20param=E2=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit … for `docker images`. This deprecates the `filter` param for the `/images` endpoint and make a new filter called `reference` to replace it. It does change the CLI side (still possible to do `docker images busybox:musl`) but changes the cli code to use the filter instead (so that `docker images --filter busybox:musl` and `docker images busybox:musl` act the same). Signed-off-by: Vincent Demeester --- docs/deprecated.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 95272742e5..3386b46eae 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -20,23 +20,29 @@ The following list of features are deprecated in Engine. To learn more about Docker Engine's deprecation policy, see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-deprecation-policy). +## `filter` param for `/images/json` endpoint +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/tag/v1.13.0)** + +**Target For Removal In Release: v1.16** + +The `filter` param to filter the list of image by reference (name or name:tag) is now implemented as a regular filter, named `reference`. ### `repository:shortid` image references -**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/tag/v1.13.0)** **Target For Removal In Release: v1.16** `repository:shortid` syntax for referencing images is very little used, collides with with tag references can be confused with digest references. ### `docker daemon` subcommand -**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/tag/v1.13.0)** **Target For Removal In Release: v1.16** The daemon is moved to a separate binary (`dockerd`), and should be used instead. ### Duplicate keys with conflicting values in engine labels -**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/)** +**Deprecated In Release: [v1.13](https://github.com/docker/docker/releases/tag/v1.13.0)** **Target For Removal In Release: v1.16** From 7fd207836d3c0bd574f46e447eb8b8b3c598e365 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 11 Nov 2016 16:12:17 +0100 Subject: [PATCH 2045/2538] Add bash completion for `docker daemon --seccomp-profile` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 46edab76d6..1ff570abf2 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1704,6 +1704,7 @@ _docker_daemon() { --oom-score-adjust --pidfile -p --registry-mirror + --seccomp-profile --shutdown-timeout --storage-driver -s --storage-opt @@ -1816,6 +1817,10 @@ _docker_daemon() { __docker_complete_log_options return ;; + --seccomp-profile) + _filedir json + return + ;; --userns-remap) __docker_complete_user_group return From 5890dd64eb4ce26f503f7e78d0515f6540871191 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 13 Nov 2016 04:54:54 -0800 Subject: [PATCH 2046/2538] Fix bash completion for `docker ps --filter is-task` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1ff570abf2..4e0314431e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1121,7 +1121,7 @@ _docker_container_ls() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "ancestor before exited health id label name network since status volume" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "ancestor before exited health id is-task label name network since status volume" -- "$cur" ) ) __docker_nospace return ;; From 7c22a4d86c917bf063f878c3130933892e8b83a5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 12 Nov 2016 10:12:47 -0800 Subject: [PATCH 2047/2538] Add bash completion for `docker build --cache-from` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4e0314431e..fe852a99c6 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1901,6 +1901,7 @@ _docker_image() { _docker_image_build() { local options_with_args=" --build-arg + --cache-from --cgroup-parent --cpuset-cpus --cpuset-mems @@ -1936,6 +1937,10 @@ _docker_image_build() { __docker_nospace return ;; + --cache-from) + __docker_complete_image_repos_and_tags + return + ;; --file|-f) _filedir return From fd70b3c2835b84a6176be7168e7f4b77756d5d15 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 13 Nov 2016 13:50:54 +0100 Subject: [PATCH 2048/2538] Add zsh completion for 'docker image build --cache-from' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ede1045690..58324fa5c2 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -900,7 +900,8 @@ __docker_image_subcommand() { (build) _arguments $(__docker_arguments) \ $opts_help \ - "($help)*--build-arg[Build-time variables]:=: " \ + "($help)*--build-arg=[Build-time variables]:=: " \ + "($help)*--cache-from=[Images to consider as cache sources]: :__docker_complete_repositories_with_tags" \ "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" \ "($help)--cgroup-parent=[Parent cgroup for the container]:cgroup: " \ "($help)--compress[Compress the build context using gzip]" \ From 4b3dd70b54ab2b151f60cae239f21d5f2f9b3e11 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 13 Nov 2016 14:21:13 +0100 Subject: [PATCH 2049/2538] Add zsh completion for 'docker service {create --port, update --port-{add,rm}}' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 58324fa5c2..5689a19543 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1689,6 +1689,7 @@ __docker_service_subcommand() { "($help)--hostname=[Service containers hostname]:hostname: " \ "($help)--mode=[Service Mode]:mode:(global replicated)" \ "($help)--name=[Service name]:name: " \ + "($help)*--port=[Publish a port]:port: " \ "($help -): :__docker_complete_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 @@ -1755,6 +1756,8 @@ __docker_service_subcommand() { "($help)*--group-add=[Add additional supplementary user groups to the container]:group:_groups" \ "($help)*--group-rm=[Remove previously added supplementary user groups from the container]:group:_groups" \ "($help)--image=[Service image tag]:image:__docker_complete_repositories" \ + "($help)*--port-add=[Add or update a port]:port: " \ + "($help)*--port-rm=[Remove a port(target-port mandatory)]:port: " \ "($help)--rollback[Rollback to previous specification]" \ "($help -)1:service:__docker_complete_services" && ret=0 ;; From fc7c7b13584c2846dddde552c4ef33073b78a427 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 13 Nov 2016 09:32:53 -0800 Subject: [PATCH 2050/2538] Add bash completion for `docker service ps --all` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index fe852a99c6..3f3e86c6c0 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2587,7 +2587,7 @@ _docker_service_ps() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--filter|-f') From 5e47e48ff8da5db18d910430f31c24b80d11fe3d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 13 Nov 2016 11:17:18 -0800 Subject: [PATCH 2051/2538] Add bash completion for DNS settings in services Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 3f3e86c6c0..1e6846f6a5 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2648,6 +2648,9 @@ _docker_service_update() { if [ "$subcommand" = "create" ] ; then options_with_args="$options_with_args --container-label + --dns + --dns-option + --dns-search --env-file --group --hostname @@ -2675,6 +2678,12 @@ _docker_service_update() { --arg --container-label-add --container-label-rm + --dns-add + --dns-options-add + --dns-options-rm + --dns-rm + --dns-search-add + --dns-search-rm --group-add --group-rm --image From a4abb8d39f69c053dd371702eb441ad1df212911 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 13 Nov 2016 20:04:25 -0800 Subject: [PATCH 2052/2538] Fix a small typo in `docs/deprecated.md` A small typo in `docs/deprecated.md`. Signed-off-by: Yong Tang --- docs/deprecated.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 3386b46eae..83aa2344cc 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -73,7 +73,7 @@ filesystem does not support `d_type`. For example, XFS does not support `d_type` if it is formatted with the `ftype=0` option. Please also refer to [#27358](https://github.com/docker/docker/issues/27358) for -futher information. +further information. ### Three argument form in `docker import` **Deprecated In Release: [v0.6.7](https://github.com/docker/docker/releases/tag/v0.6.7)** From 653c6d8467812e3bb7760c3392c5e569e73a0cf0 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 13 Nov 2016 19:12:01 -0800 Subject: [PATCH 2053/2538] Update bash completion `dns-options-add/rm` -> `dns-option-add/rm` In 28186, `dns-options-add/rm` has been changed to `dns-option-add/rm` in `docker service create/update`, for the purpose of consistency. This fix updates bash completion to remove extra `s`. Signed-off-by: Yong Tang --- contrib/completion/bash/docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1e6846f6a5..a971033b5f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2679,8 +2679,8 @@ _docker_service_update() { --container-label-add --container-label-rm --dns-add - --dns-options-add - --dns-options-rm + --dns-option-add + --dns-option-rm --dns-rm --dns-search-add --dns-search-rm From 0f6fa225d1cb43a582c811622f166c8eba6b9e26 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 13 Nov 2016 15:43:49 +0100 Subject: [PATCH 2054/2538] Add zsh completion for the new 'docker secret' command Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 118 +++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 5689a19543..3f48676a39 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1515,6 +1515,107 @@ __docker_plugin_subcommand() { # EO plugin +# BO secret + +__docker_secrets() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + local line s + declare -a lines secrets + + type=$1; shift + + lines=(${(f)${:-"$(_call_program commands docker $docker_options secret ls)"$'\n'}}) + + # Parse header line to find columns + local i=1 j=1 k header=${lines[1]} + declare -A begin end + while (( j < ${#header} - 1 )); do + i=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 1 )) + j=$(( i + ${${header[$i,-1]}[(i) ]} - 1 )) + k=$(( j + ${${header[$j,-1]}[(i)[^ ]]} - 2 )) + begin[${header[$i,$((j-1))]}]=$i + end[${header[$i,$((j-1))]}]=$k + done + end[${header[$i,$((j-1))]}]=-1 + lines=(${lines[2,-1]}) + + # ID + if [[ $type = (ids|all) ]]; then + for line in $lines; do + s="${line[${begin[ID]},${end[ID]}]%% ##}" + secrets=($secrets $s) + done + fi + + # Names + if [[ $type = (names|all) ]]; then + for line in $lines; do + s="${line[${begin[NAME]},${end[NAME]}]%% ##}" + secrets=($secrets $s) + done + fi + + _describe -t secrets-list "secrets" secrets "$@" && ret=0 + return ret +} + +__docker_complete_secrets() { + [[ $PREFIX = -* ]] && return 1 + __docker_secrets all "$@" +} + +__docker_secret_commands() { + local -a _docker_secret_subcommands + _docker_secret_subcommands=( + "create:Create a secret using stdin as content" + "inspect:Display detailed information on one or more secrets" + "ls:List secrets" + "rm:Remove one or more secrets" + ) + _describe -t docker-secret-commands "docker secret command" _docker_secret_subcommands +} + +__docker_secret_subcommand() { + local -a _command_args opts_help + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + + case "$words[1]" in + (create) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)*"{-l=,--label=}"[Secret labels]:label: " \ + "($help -):secret: " && ret=0 + ;; + (inspect) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given Go template]:template: " \ + "($help -)*:secret:__docker_complete_secrets" && ret=0 + ;; + (ls|list) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 + ;; + (rm|remove) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -)*:secret:__docker_complete_secrets" && ret=0 + ;; + (help) + _arguments $(__docker_arguments) ":subcommand:__docker_secret_commands" && ret=0 + ;; + esac + + return ret +} + +# EO secret + # BO service __docker_service_complete_ls_filters() { @@ -2302,6 +2403,23 @@ __docker_subcommand() { ;; esac ;; + (secret) + local curcontext="$curcontext" state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_secret_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-${words[-1]}: + __docker_secret_subcommand && ret=0 + ;; + esac + ;; (service) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ From c9afee3afa14263aecb2796dd0a1ad42de857270 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 12 Nov 2016 10:49:48 -0800 Subject: [PATCH 2055/2538] Add bash completion for managing ports in services Bash completion for - `docker service create --port` - `docker service update --port-{add,rm}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a971033b5f..7b16406462 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2656,6 +2656,7 @@ _docker_service_update() { --hostname --mode --name + --port " case "$prev" in @@ -2687,6 +2688,8 @@ _docker_service_update() { --group-add --group-rm --image + --port-add + --port-rm " case "$prev" in From d9de308caa068c02232ae2a9868adfee77680f51 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 14 Nov 2016 13:38:48 +0100 Subject: [PATCH 2056/2538] Add zsh completion for 'docker service {create,update} --secret' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3f48676a39..02491b1095 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1768,6 +1768,7 @@ __docker_service_subcommand() { "($help)--restart-delay=[Delay between restart attempts]:delay: " "($help)--restart-max-attempts=[Maximum number of restarts before giving up]:max-attempts: " "($help)--restart-window=[Window used to evaluate the restart policy]:window: " + "($help)*--secret=[Specify secrets to expose to the service]:secret:__docker_complete_secrets" "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: " "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-TTY]" "($help)--update-delay=[Delay between updates]:delay: " From 937c0e3fb6645bc16f8ffefec0cf8452050ee94a Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 14 Nov 2016 08:13:12 +0100 Subject: [PATCH 2057/2538] Add zsh completion for 'docker service' DNS settings Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 02491b1095..6f3cb8a945 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1787,6 +1787,9 @@ __docker_service_subcommand() { $opts_help \ $opts_create_update \ "($help)*--container-label=[Container labels]:label: " \ + "($help)*--dns=[Set custom DNS servers]:DNS: " \ + "($help)*--dns-option=[Set DNS options]:DNS option: " \ + "($help)*--dns-search=[Set custom DNS search domains]:DNS search: " \ "($help)*--env-file=[Read environment variables from a file]:environment file:_files" \ "($help)--hostname=[Service containers hostname]:hostname: " \ "($help)--mode=[Service Mode]:mode:(global replicated)" \ @@ -1854,6 +1857,12 @@ __docker_service_subcommand() { "($help)--arg=[Service command args]:arguments: _normal" \ "($help)*--container-label-add=[Add or update container labels]:label: " \ "($help)*--container-label-rm=[Remove a container label by its key]:label: " \ + "($help)*--dns-add=[Add or update custom DNS servers]:DNS: " \ + "($help)*--dns-rm=[Remove custom DNS servers]:DNS: " \ + "($help)*--dns-option-add=[Add or update DNS options]:DNS option: " \ + "($help)*--dns-option-rm=[Remove DNS options]:DNS option: " \ + "($help)*--dns-search-add=[Add or update custom DNS search domains]:DNS search: " \ + "($help)*--dns-search-rm=[Remove DNS search domains]:DNS search: " \ "($help)--force[Force update]" \ "($help)*--group-add=[Add additional supplementary user groups to the container]:group:_groups" \ "($help)*--group-rm=[Remove previously added supplementary user groups from the container]:group:_groups" \ From 75aeaad2414162fba18011d76ebf162c567e1604 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Fri, 11 Nov 2016 11:10:08 +0800 Subject: [PATCH 2058/2538] Remove duplicated document Signed-off-by: yuexiao-wang --- docs/reference/commandline/deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index 1376f489e1..bc9dd2a7f4 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -14,7 +14,7 @@ advisory: "experimental" will be rejected. --> -# stack deploy (experimental) +# deploy (alias for stack deploy) (experimental) ```markdown Usage: docker deploy [OPTIONS] STACK From 8a7b4d591a332994bd04802a1c3236e892027af1 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Mon, 14 Nov 2016 08:38:06 -0800 Subject: [PATCH 2059/2538] Add docs for plugin push Signed-off-by: Anusha Ragunathan --- docs/reference/commandline/plugin_create.md | 5 +- docs/reference/commandline/plugin_disable.md | 3 +- docs/reference/commandline/plugin_enable.md | 3 +- docs/reference/commandline/plugin_inspect.md | 3 +- docs/reference/commandline/plugin_install.md | 5 +- docs/reference/commandline/plugin_ls.md | 3 +- docs/reference/commandline/plugin_push.md | 50 ++++++++++++++++++++ docs/reference/commandline/plugin_rm.md | 5 +- docs/reference/commandline/plugin_set.md | 5 +- 9 files changed, 70 insertions(+), 12 deletions(-) create mode 100644 docs/reference/commandline/plugin_push.md diff --git a/docs/reference/commandline/plugin_create.md b/docs/reference/commandline/plugin_create.md index 10b3e12138..f35d73c605 100644 --- a/docs/reference/commandline/plugin_create.md +++ b/docs/reference/commandline/plugin_create.md @@ -49,10 +49,11 @@ The plugin can subsequently be enabled for local use or pushed to the public reg ## Related information -* [plugin ls](plugin_ls.md) -* [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) +* [plugin enable](plugin_enable.md) * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) +* [plugin ls](plugin_ls.md) +* [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index 4e4412c01a..4bffb2cecf 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -53,10 +53,11 @@ tiborvass/no-remove latest A test plugin for Docker false ## Related information -* [plugin ls](plugin_ls.md) * [plugin create](plugin_create.md) * [plugin enable](plugin_enable.md) * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) +* [plugin ls](plugin_ls.md) +* [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index fdebf5b276..15a07e6f70 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -54,9 +54,10 @@ tiborvass/no-remove latest A test plugin for Docker true ## Related information * [plugin create](plugin_create.md) -* [plugin ls](plugin_ls.md) * [plugin disable](plugin_disable.md) * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) +* [plugin ls](plugin_ls.md) +* [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 4ba484b513..80b8e8c881 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -154,9 +154,10 @@ $ docker plugin inspect -f '{{.Id}}' tiborvass/no-remove:latest ## Related information * [plugin create](plugin_create.md) -* [plugin ls](plugin_ls.md) * [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) * [plugin install](plugin_install.md) +* [plugin ls](plugin_ls.md) +* [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 259a1d4444..f33fc55a56 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -60,9 +60,10 @@ tiborvass/no-remove latest A test plugin for Docker true ## Related information * [plugin create](plugin_create.md) -* [plugin ls](plugin_ls.md) -* [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) +* [plugin enable](plugin_enable.md) * [plugin inspect](plugin_inspect.md) +* [plugin ls](plugin_ls.md) +* [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index bb2e0bbe53..3ea4c2585c 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -43,9 +43,10 @@ tiborvass/no-remove latest A test plugin for Docker true ## Related information * [plugin create](plugin_create.md) -* [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) +* [plugin enable](plugin_enable.md) * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) +* [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_push.md b/docs/reference/commandline/plugin_push.md new file mode 100644 index 0000000000..54022dcee1 --- /dev/null +++ b/docs/reference/commandline/plugin_push.md @@ -0,0 +1,50 @@ +--- +title: "plugin push" +description: "the plugin push command description and usage" +keywords: "plugin, push" +--- + + + +```markdown +Usage: docker plugin push NAME[:TAG] + +Push a plugin to a registry + +Options: + --help Print usage +``` + +Use `docker plugin create` to create the plugin. Once the plugin is ready for distribution, +use `docker plugin push` to share your images to the Docker Hub registry or to a self-hosted one. + +Registry credentials are managed by [docker login](login.md). + +The following example shows how to push a sample `user/plugin`. + +```bash + +$ docker plugin ls +NAME TAG DESCRIPTION ENABLED +user/plugin latest A sample plugin for Docker false + +$ docker plugin push user/plugin +``` + +## Related information + +* [plugin create](plugin_create.md) +* [plugin disable](plugin_disable.md) +* [plugin enable](plugin_enable.md) +* [plugin inspect](plugin_inspect.md) +* [plugin install](plugin_install.md) +* [plugin ls](plugin_ls.md) +* [plugin rm](plugin_rm.md) +* [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 29840455a9..5a01dcaa1e 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -46,9 +46,10 @@ tiborvass/no-remove ## Related information * [plugin create](plugin_create.md) -* [plugin ls](plugin_ls.md) -* [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) +* [plugin enable](plugin_enable.md) * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) +* [plugin ls](plugin_ls.md) +* [plugin push](plugin_push.md) * [plugin set](plugin_set.md) diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md index 3873f47c76..9ea93aecf9 100644 --- a/docs/reference/commandline/plugin_set.md +++ b/docs/reference/commandline/plugin_set.md @@ -90,9 +90,10 @@ $ docker plugin inspect -f '{{.Settings.Args}}' myplugin ## Related information * [plugin create](plugin_create.md) -* [plugin ls](plugin_ls.md) -* [plugin enable](plugin_enable.md) * [plugin disable](plugin_disable.md) +* [plugin enable](plugin_enable.md) * [plugin inspect](plugin_inspect.md) * [plugin install](plugin_install.md) +* [plugin ls](plugin_ls.md) +* [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) From 4225bbc8b12e464d8d7e7fb02910ee1f5e8f839f Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Mon, 14 Nov 2016 08:22:09 +0100 Subject: [PATCH 2060/2538] Add zsh completion for 'docker image build --network' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 6f3cb8a945..44140013de 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -918,6 +918,7 @@ __docker_image_subcommand() { "($help)*--label=[Set metadata for an image]:label=value: " \ "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " \ "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " \ + "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" "($help)--no-cache[Do not use cache when building the image]" \ "($help)--pull[Attempt to pull a newer version of the image]" \ "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ From 4e56bb4f48855f48edd8579a1fe76be439ad9291 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Fri, 11 Nov 2016 17:44:00 +0800 Subject: [PATCH 2061/2538] fix the wrong title with docker swarm Signed-off-by: lixiaobing10051267 --- docs/reference/glossary.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index 5c3ef33f8a..94bd1ceec5 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -212,7 +212,7 @@ environment. ## service discovery -Swarm mode [service discovery](https://docs.docker.com/engine/swarm/networking/) is a DNS component +Swarm mode [service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery) is a DNS component internal to the swarm that automatically assigns each service on an overlay network in the swarm a VIP and DNS entry. Containers on the network share DNS mappings for the service via gossip so any container on the network can access @@ -226,7 +226,7 @@ automatically distributes requests to the service VIP among the active tasks. A [swarm](https://docs.docker.com/engine/swarm/) is a cluster of one or more Docker Engines running in [swarm mode](#swarm-mode). -## Swarm +## Docker Swarm Do not confuse [Docker Swarm](https://github.com/docker/swarm) with the [swarm mode](#swarm-mode) features in Docker Engine. From 0ceda7965d4ae294d89c2664e2be3899a99ece14 Mon Sep 17 00:00:00 2001 From: Jonathan Boulle Date: Tue, 15 Nov 2016 14:59:47 +0900 Subject: [PATCH 2062/2538] man page: consistent indents for flag descriptions Signed-off-by: Jonathan Boulle --- man/dockerd.8.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/man/dockerd.8.md b/man/dockerd.8.md index f7fd231149..3403f12121 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -176,10 +176,10 @@ unix://[/path/to/socket] to use. Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true. **--init** -Run an init process inside containers for signal forwarding and process reaping. + Run an init process inside containers for signal forwarding and process reaping. **--init-path** -Path to the docker-init binary. + Path to the docker-init binary. **--insecure-registry**=[] Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. @@ -239,7 +239,7 @@ is `hyperv`. Linux only supports `default`. Path to use for daemon PID file. Default is `/var/run/docker.pid` **--raw-logs** -Output daemon logs in full timestamp format without ANSI coloring. If this flag is not set, + Output daemon logs in full timestamp format without ANSI coloring. If this flag is not set, the daemon outputs condensed, colorized logs if a terminal is detected, or full ("raw") output otherwise. @@ -283,13 +283,13 @@ output otherwise. Default is false. **--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. **--userland-proxy-path**="" Path to the userland proxy binary. **--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid* - Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. + Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. # STORAGE DRIVER OPTIONS From 00f00e726ef567a9e6e82f627a2f900214b9655a Mon Sep 17 00:00:00 2001 From: bbayani Date: Mon, 14 Nov 2016 09:56:03 +0000 Subject: [PATCH 2063/2538] Updated daemon documentation to clarify that live-restore is not suppoted on windows Review comment implementation Signed-off-by: bbayani --- docs/reference/commandline/dockerd.md | 3 +-- man/dockerd.8.md | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index e40c98bb59..11098b40ef 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -62,7 +62,7 @@ Options: --iptables Enable addition of iptables rules (default true) --ipv6 Enable IPv6 networking --label value Set key=value labels to the daemon (default []) - --live-restore Enable live restore of docker when containers are still running + --live-restore Enable live restore of docker when containers are still running (Linux only) --log-driver string Default driver for container logs (default "json-file") -l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info") --log-opt value Default log driver options for containers (default map[]) @@ -1234,7 +1234,6 @@ This is a full example of the allowed configuration options on Windows: "storage-driver": "", "storage-opts": [], "labels": [], - "live-restore": true, "log-driver": "", "mtu": 0, "pidfile": "", diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 3403f12121..2b464abc6b 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -217,7 +217,7 @@ is `hyperv`. Linux only supports `default`. Set key=value labels to the daemon (displayed in `docker info`) **--live-restore**=*false* - Enable live restore of running containers when the daemon starts so that they are not restarted. + Enable live restore of running containers when the daemon starts so that they are not restarted. This option is applicable only for docker daemon running on Linux host. **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Default driver for container logs. Default is `json-file`. From 1256e6743b9e7463ec6b73594e74e39abc70ec96 Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 23 Sep 2016 11:52:57 -0700 Subject: [PATCH 2064/2538] Planned 1.13 deprecation: email from login Signed-off-by: John Howard --- docs/deprecated.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 83aa2344cc..5a064a5afe 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -96,7 +96,7 @@ on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on ### `-e` and `--email` flags on `docker login` **Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** -**Target For Removal In Release: v1.14** +**Removed In Release: [v1.14.0](https://github.com/docker/docker/releases/)** The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. From d3cc65298afc3344f132f7748d77e37f8beee368 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 15 Nov 2016 09:40:44 +0800 Subject: [PATCH 2065/2538] Remove inexistent link and add related links Signed-off-by: yuexiao-wang --- docs/reference/commandline/deploy.md | 4 +++- docs/reference/commandline/stack_deploy.md | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index bc9dd2a7f4..87491efe3b 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -58,5 +58,7 @@ axqh55ipl40h vossibility-stack_vossibility-collector replicated 1/1 * [stack config](stack_config.md) * [stack deploy](stack_deploy.md) +* [stack ls](stack_ls.md) +* [stack ps](stack_ps.md) * [stack rm](stack_rm.md) -* [stack tasks](stack_tasks.md) +* [stack services](stack_services.md) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 93784a3b00..406b105caa 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -60,7 +60,8 @@ axqh55ipl40h vossibility-stack_vossibility-collector replicated 1/1 ice ## Related information * [stack config](stack_config.md) +* [stack ls](stack_ls.md) +* [stack ps](stack_ps.md) * [stack rm](stack_rm.md) * [stack services](stack_services.md) -* [stack ps](stack_ps.md) -* [stack ls](stack_ls.md) +* [deploy](deploy.md) \ No newline at end of file From 0524cec07b583548a7544d11d259c86f8195e609 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 15 Nov 2016 17:15:26 +0800 Subject: [PATCH 2066/2538] Modify serial number and fix some typos Signed-off-by: yuexiao-wang --- experimental/plugins_graphdriver.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/experimental/plugins_graphdriver.md b/experimental/plugins_graphdriver.md index e94fbb63f1..de244c41a9 100644 --- a/experimental/plugins_graphdriver.md +++ b/experimental/plugins_graphdriver.md @@ -4,7 +4,7 @@ Docker graph driver plugins enable admins to use an external/out-of-process graph driver for use with Docker engine. This is an alternative to using the built-in storage drivers, such as aufs/overlay/devicemapper/btrfs. -A graph driver plugin is used for image and container fs storage, as such +A graph driver plugin is used for image and container filesystem storage, as such the plugin must be started and available for connections prior to Docker Engine being started. @@ -269,7 +269,7 @@ Get a list of changes between the filesystem layers specified by the `ID` and } ``` -Responds with a list of changes. The structure of a change is: +Respond with a list of changes. The structure of a change is: ``` "Path": "/some/path", "Kind": 0, From 87b3ad76c99e9cc79eb20f8d52792f14fad27ceb Mon Sep 17 00:00:00 2001 From: Jonathan Boulle Date: Tue, 15 Nov 2016 22:46:25 +0900 Subject: [PATCH 2067/2538] man/docker: wrap lines consistently Quite a few changes, as it seems like previous wrapping was done manually, so it's all over the place. As noted in #28424 Signed-off-by: Jonathan Boulle --- man/dockerd.8.md | 254 +++++++++++++++++++++++++++-------------------- 1 file changed, 144 insertions(+), 110 deletions(-) diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 2b464abc6b..dbd68e5f64 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -71,13 +71,13 @@ dockerd - Enable daemon mode [**--userns-remap**[=*default*]] # DESCRIPTION -**dockerd** is used for starting the Docker daemon(i.e., to command the daemon to manage images, -containers etc.) So **dockerd** is a server, as a daemon. +**dockerd** is used for starting the Docker daemon (i.e., to command the daemon +to manage images, containers etc). So **dockerd** is a server, as a daemon. To run the Docker daemon you can specify **dockerd**. You can check the daemon options using **dockerd --help**. -Daemon options should be specified after the **dockerd** keyword in the following -format. +Daemon options should be specified after the **dockerd** keyword in the +following format. **dockerd [OPTIONS]** @@ -87,27 +87,31 @@ format. Set additional OCI compatible runtime. **--api-cors-header**="" - Set CORS headers in the remote API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. + Set CORS headers in the remote API. Default is cors disabled. Give urls like + "http://foo, http://bar, ...". Give "*" to allow all. **--authorization-plugin**="" Set authorization plugins to load **-b**, **--bridge**="" - Attach containers to a pre\-existing network bridge; use 'none' to disable container networking + Attach containers to a pre\-existing network bridge; use 'none' to disable + container networking **--bip**="" - Use the provided CIDR notation address for the dynamically created bridge (docker0); Mutually exclusive of \-b + Use the provided CIDR notation address for the dynamically created bridge + (docker0); Mutually exclusive of \-b **--cgroup-parent**="" - Set parent cgroup for all containers. Default is "/docker" for fs cgroup driver and "system.slice" for systemd cgroup driver. + Set parent cgroup for all containers. Default is "/docker" for fs cgroup + driver and "system.slice" for systemd cgroup driver. **--cluster-store**="" URL of the distributed storage backend **--cluster-advertise**="" - Specifies the 'host:port' or `interface:port` combination that this particular - daemon instance should use when advertising itself to the cluster. The daemon - is reached through this value. + Specifies the 'host:port' or `interface:port` combination that this + particular daemon instance should use when advertising itself to the cluster. + The daemon is reached through this value. **--cluster-store-opt**="" Specifies options for the Key/Value store. @@ -122,7 +126,8 @@ format. Enable debug mode. Default is false. **--default-gateway**="" - IPv4 address of the container default gateway; this address must be part of the bridge subnet (which is defined by \-b or \--bip) + IPv4 address of the container default gateway; this address must be part of + the bridge subnet (which is defined by \-b or \--bip) **--default-gateway-v6**="" IPv6 address of the container default gateway @@ -146,13 +151,15 @@ format. Set runtime execution options. See RUNTIME EXECUTION OPTIONS. **--exec-root**="" - Path to use as the root of the Docker execution state files. Default is `/var/run/docker`. + Path to use as the root of the Docker execution state files. Default is + `/var/run/docker`. **--experimental**="" Enable the daemon experimental features. **--fixed-cidr**="" - IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in the bridge subnet (which is defined by \-b or \-\-bip) + IPv4 subnet for fixed IPs (e.g., 10.20.0.0/16); this subnet must be nested in + the bridge subnet (which is defined by \-b or \-\-bip). **--fixed-cidr-v6**="" IPv6 subnet for global IPv6 addresses (e.g., 2a00:1450::/64) @@ -173,28 +180,46 @@ unix://[/path/to/socket] to use. Print usage statement **--icc**=*true*|*false* - Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option (see **docker-run(1)**). Default is true. + Allow unrestricted inter\-container and Docker daemon host communication. If + disabled, containers can still be linked together using the **--link** option + (see **docker-run(1)**). Default is true. **--init** - Run an init process inside containers for signal forwarding and process reaping. + Run an init process inside containers for signal forwarding and process + reaping. **--init-path** Path to the docker-init binary. **--insecure-registry**=[] - Enable insecure registry communication, i.e., enable un-encrypted and/or untrusted communication. + Enable insecure registry communication, i.e., enable un-encrypted and/or + untrusted communication. - List of insecure registries can contain an element with CIDR notation to specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. + List of insecure registries can contain an element with CIDR notation to + specify a whole subnet. Insecure registries accept HTTP and/or accept HTTPS + with certificates from unknown CAs. - Enabling `--insecure-registry` is useful when running a local registry. However, because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of using `--insecure-registry`. + Enabling `--insecure-registry` is useful when running a local registry. + However, because its use creates security vulnerabilities it should ONLY be + enabled for testing purposes. For increased security, users should add their + CA to their system's list of trusted CAs instead of using + `--insecure-registry`. **--ip**="" Default IP address to use when binding container ports. Default is `0.0.0.0`. **--ip-forward**=*true*|*false* - Enables IP forwarding on the Docker host. The default is `true`. This flag interacts with the IP forwarding setting on your host system's kernel. If your system has IP forwarding disabled, this setting enables it. If your system has IP forwarding enabled, setting this flag to `--ip-forward=false` has no effect. + Enables IP forwarding on the Docker host. The default is `true`. This flag + interacts with the IP forwarding setting on your host system's kernel. If + your system has IP forwarding disabled, this setting enables it. If your + system has IP forwarding enabled, setting this flag to `--ip-forward=false` + has no effect. - This setting will also enable IPv6 forwarding if you have both `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject Router Advertisements and interfere with the host's existing IPv6 configuration. For more information, please consult the documentation about "Advanced Networking - IPv6". + This setting will also enable IPv6 forwarding if you have both + `--ip-forward=true` and `--fixed-cidr-v6` set. Note that this may reject + Router Advertisements and interfere with the host's existing IPv6 + configuration. For more information, please consult the documentation about + "Advanced Networking - IPv6". **--ip-masq**=*true*|*false* Enable IP masquerading for bridge's IP range. Default is true. @@ -203,12 +228,18 @@ unix://[/path/to/socket] to use. Enable Docker's addition of iptables rules. Default is true. **--ipv6**=*true*|*false* - Enable IPv6 support. Default is false. Docker will create an IPv6-enabled bridge with address fe80::1 which will allow you to create IPv6-enabled containers. Use together with `--fixed-cidr-v6` to provide globally routable IPv6 addresses. IPv6 forwarding will be enabled if not used with `--ip-forward=false`. This may collide with your host's current IPv6 settings. For more information please consult the documentation about "Advanced Networking - IPv6". + Enable IPv6 support. Default is false. Docker will create an IPv6-enabled + bridge with address fe80::1 which will allow you to create IPv6-enabled + containers. Use together with `--fixed-cidr-v6` to provide globally routable + IPv6 addresses. IPv6 forwarding will be enabled if not used with + `--ip-forward=false`. This may collide with your host's current IPv6 + settings. For more information please consult the documentation about + "Advanced Networking - IPv6". **--isolation**="*default*" - Isolation specifies the type of isolation technology used by containers. Note -that the default on Windows server is `process`, and the default on Windows client -is `hyperv`. Linux only supports `default`. + Isolation specifies the type of isolation technology used by containers. + Note that the default on Windows server is `process`, and the default on + Windows client is `hyperv`. Linux only supports `default`. **-l**, **--log-level**="*debug*|*info*|*warn*|*error*|*fatal*" Set the logging level. Default is `info`. @@ -217,7 +248,9 @@ is `hyperv`. Linux only supports `default`. Set key=value labels to the daemon (displayed in `docker info`) **--live-restore**=*false* - Enable live restore of running containers when the daemon starts so that they are not restarted. This option is applicable only for docker daemon running on Linux host. + Enable live restore of running containers when the daemon starts so that they + are not restarted. This option is applicable only for docker daemon running + on Linux host. **--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" Default driver for container logs. Default is `json-file`. @@ -239,12 +272,13 @@ is `hyperv`. Linux only supports `default`. Path to use for daemon PID file. Default is `/var/run/docker.pid` **--raw-logs** - Output daemon logs in full timestamp format without ANSI coloring. If this flag is not set, -the daemon outputs condensed, colorized logs if a terminal is detected, or full ("raw") -output otherwise. + Output daemon logs in full timestamp format without ANSI coloring. If this + flag is not set, the daemon outputs condensed, colorized logs if a terminal + is detected, or full ("raw") output otherwise. **--registry-mirror**=*://* - Prepend a registry mirror to be used for image pulls. May be specified multiple times. + Prepend a registry mirror to be used for image pulls. May be specified + multiple times. **-s**, **--storage-driver**="" Force the Docker runtime to use a specific storage driver. @@ -262,9 +296,10 @@ output otherwise. Set storage driver options. See STORAGE DRIVER OPTIONS. **--swarm-default-advertise-addr**=*IP|INTERFACE* - Set default address or interface for swarm to advertise as its externally-reachable address to other cluster - members. This can be a hostname, an IP address, or an interface such as `eth0`. A port cannot be specified with - this option. + Set default address or interface for swarm to advertise as its + externally-reachable address to other cluster members. This can be a + hostname, an IP address, or an interface such as `eth0`. A port cannot be + specified with this option. **--tls**=*true*|*false* Use TLS; implied by --tlsverify. Default is false. @@ -283,13 +318,19 @@ output otherwise. Default is false. **--userland-proxy**=*true*|*false* - Rely on a userland proxy implementation for inter-container and outside-to-container loopback communications. Default is true. + Rely on a userland proxy implementation for inter-container and + outside-to-container loopback communications. Default is true. **--userland-proxy-path**="" Path to the userland proxy binary. **--userns-remap**=*default*|*uid:gid*|*user:group*|*user*|*uid* - Enable user namespaces for containers on the daemon. Specifying "default" will cause a new user and group to be created to handle UID and GID range remapping for the user namespace mappings used for contained processes. Specifying a user (or uid) and optionally a group (or gid) will cause the daemon to lookup the user and group's subordinate ID ranges for use as the user namespace mappings for contained processes. + Enable user namespaces for containers on the daemon. Specifying "default" + will cause a new user and group to be created to handle UID and GID range + remapping for the user namespace mappings used for contained processes. + Specifying a user (or uid) and optionally a group (or gid) will cause the + daemon to lookup the user and group's subordinate ID ranges for use as the + user namespace mappings for contained processes. # STORAGE DRIVER OPTIONS @@ -402,8 +443,8 @@ exits. For example, when a container exits, its associated thin device is removed. If that device has leaked into some other mount namespace and can't be removed, the container exit still succeeds and this option causes the system to schedule -the device for deferred removal. It does not wait in a loop trying to remove a busy -device. +the device for deferred removal. It does not wait in a loop trying to remove a +busy device. Example use: `dockerd --storage-opt dm.use_deferred_removal=true` @@ -431,23 +472,23 @@ namespaces. #### dm.loopdatasize -**Note**: This option configures devicemapper loopback, which should not be used in production. +**Note**: This option configures devicemapper loopback, which should not be +used in production. -Specifies the size to use when creating the loopback file for the -"data" device which is used for the thin pool. The default size is -100G. The file is sparse, so it will not initially take up -this much space. +Specifies the size to use when creating the loopback file for the "data" device +which is used for the thin pool. The default size is 100G. The file is sparse, +so it will not initially take up this much space. Example use: `dockerd --storage-opt dm.loopdatasize=200G` #### dm.loopmetadatasize -**Note**: This option configures devicemapper loopback, which should not be used in production. +**Note**: This option configures devicemapper loopback, which should not be +used in production. -Specifies the size to use when creating the loopback file for the -"metadata" device which is used for the thin pool. The default size -is 2G. The file is sparse, so it will not initially take up -this much space. +Specifies the size to use when creating the loopback file for the "metadata" +device which is used for the thin pool. The default size is 2G. The file is +sparse, so it will not initially take up this much space. Example use: `dockerd --storage-opt dm.loopmetadatasize=4G` @@ -455,17 +496,16 @@ Example use: `dockerd --storage-opt dm.loopmetadatasize=4G` (Deprecated, use `dm.thinpooldev`) -Specifies a custom blockdevice to use for data for a -Docker-managed thin pool. It is better to use `dm.thinpooldev` - see -the documentation for it above for discussion of the advantages. +Specifies a custom blockdevice to use for data for a Docker-managed thin pool. +It is better to use `dm.thinpooldev` - see the documentation for it above for +discussion of the advantages. #### dm.metadatadev (Deprecated, use `dm.thinpooldev`) -Specifies a custom blockdevice to use for metadata for a -Docker-managed thin pool. See `dm.datadev` for why this is -deprecated. +Specifies a custom blockdevice to use for metadata for a Docker-managed thin +pool. See `dm.datadev` for why this is deprecated. #### dm.blocksize @@ -476,24 +516,22 @@ Example use: `dockerd --storage-opt dm.blocksize=512K` #### dm.blkdiscard -Enables or disables the use of `blkdiscard` when removing devicemapper -devices. This is disabled by default due to the additional latency, -but as a special case with loopback devices it will be enabled, in -order to re-sparsify the loopback file on image/container removal. +Enables or disables the use of `blkdiscard` when removing devicemapper devices. +This is disabled by default due to the additional latency, but as a special +case with loopback devices it will be enabled, in order to re-sparsify the +loopback file on image/container removal. -Disabling this on loopback can lead to *much* faster container removal -times, but it also prevents the space used in `/var/lib/docker` directory -from being returned to the system for other use when containers are -removed. +Disabling this on loopback can lead to *much* faster container removal times, +but it also prevents the space used in `/var/lib/docker` directory from being +returned to the system for other use when containers are removed. Example use: `dockerd --storage-opt dm.blkdiscard=false` #### dm.override_udev_sync_check -By default, the devicemapper backend attempts to synchronize with the -`udev` device manager for the Linux kernel. This option allows -disabling that synchronization, to continue even though the -configuration may be buggy. +By default, the devicemapper backend attempts to synchronize with the `udev` +device manager for the Linux kernel. This option allows disabling that +synchronization, to continue even though the configuration may be buggy. To view the `udev` sync support of a Docker daemon that is using the `devicemapper` driver, run: @@ -506,10 +544,9 @@ To view the `udev` sync support of a Docker daemon that is using the When `udev` sync support is `true`, then `devicemapper` and `udev` can coordinate the activation and deactivation of devices for containers. -When `udev` sync support is `false`, a race condition occurs between -the `devicemapper` and `udev` during create and cleanup. The race -condition results in errors and failures. (For information on these -failures, see +When `udev` sync support is `false`, a race condition occurs between the +`devicemapper` and `udev` during create and cleanup. The race condition results +in errors and failures. (For information on these failures, see [docker#4036](https://github.com/docker/docker/issues/4036)) To allow the `docker` daemon to start, regardless of whether `udev` sync is @@ -517,15 +554,14 @@ To allow the `docker` daemon to start, regardless of whether `udev` sync is $ dockerd --storage-opt dm.override_udev_sync_check=true -When this value is `true`, the driver continues and simply warns you -the errors are happening. +When this value is `true`, the driver continues and simply warns you the errors +are happening. -**Note**: The ideal is to pursue a `docker` daemon and environment -that does support synchronizing with `udev`. For further discussion on -this topic, see +**Note**: The ideal is to pursue a `docker` daemon and environment that does +support synchronizing with `udev`. For further discussion on this topic, see [docker#4036](https://github.com/docker/docker/issues/4036). -Otherwise, set this flag for migrating existing Docker daemons to a -daemon with a supported environment. +Otherwise, set this flag for migrating existing Docker daemons to a daemon with +a supported environment. #### dm.min_free_space @@ -536,14 +572,13 @@ free space checking logic. If user does not specify a value for this option, the Engine uses a default value of 10%. Whenever a new a thin pool device is created (during `docker pull` or during -container creation), the Engine checks if the minimum free space is -available. If the space is unavailable, then device creation fails and any -relevant `docker` operation fails. +container creation), the Engine checks if the minimum free space is available. +If the space is unavailable, then device creation fails and any relevant +`docker` operation fails. To recover from this error, you must create more free space in the thin pool to -recover from the error. You can create free space by deleting some images -and containers from tge thin pool. You can also add -more storage to the thin pool. +recover from the error. You can create free space by deleting some images and +containers from tge thin pool. You can also add more storage to the thin pool. To add more space to an LVM (logical volume management) thin pool, just add more storage to the group container thin pool; this should automatically @@ -555,13 +590,13 @@ Example use:: `dockerd --storage-opt dm.min_free_space=10%` #### dm.xfs_nospace_max_retries -Specifies the maximum number of retries XFS should attempt to complete -IO when ENOSPC (no space) error is returned by underlying storage device. +Specifies the maximum number of retries XFS should attempt to complete IO when +ENOSPC (no space) error is returned by underlying storage device. -By default XFS retries infinitely for IO to finish and this can result -in unkillable process. To change this behavior one can set -xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting -ENOSPC and will shutdown filesystem. +By default XFS retries infinitely for IO to finish and this can result in +unkillable process. To change this behavior one can set xfs_nospace_max_retries +to say 0 and XFS will not retry IO after getting ENOSPC and will shutdown +filesystem. Example use: @@ -572,9 +607,9 @@ Example use: #### zfs.fsname -Set zfs filesystem under which docker will create its own datasets. -By default docker will pick up the zfs filesystem where docker graph -(`/var/lib/docker`) is located. +Set zfs filesystem under which docker will create its own datasets. By default +docker will pick up the zfs filesystem where docker graph (`/var/lib/docker`) +is located. Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker` @@ -582,20 +617,19 @@ Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker` #### btrfs.min_space -Specifies the mininum size to use when creating the subvolume which is used -for containers. If user uses disk quota for btrfs when creating or running -a container with **--storage-opt size** option, docker should ensure the -**size** cannot be smaller than **btrfs.min_space**. +Specifies the mininum size to use when creating the subvolume which is used for +containers. If user uses disk quota for btrfs when creating or running a +container with **--storage-opt size** option, docker should ensure the **size** +cannot be smaller than **btrfs.min_space**. Example use: `docker daemon -s btrfs --storage-opt btrfs.min_space=10G` # CLUSTER STORE OPTIONS -The daemon uses libkv to advertise -the node within the cluster. Some Key/Value backends support mutual -TLS, and the client TLS settings used by the daemon can be configured -using the **--cluster-store-opt** flag, specifying the paths to PEM encoded -files. +The daemon uses libkv to advertise the node within the cluster. Some Key/Value +backends support mutual TLS, and the client TLS settings used by the daemon can +be configured using the **--cluster-store-opt** flag, specifying the paths to +PEM encoded files. #### kv.cacertfile @@ -604,19 +638,19 @@ Specifies the path to a local file with PEM encoded CA certificates to trust #### kv.certfile Specifies the path to a local file with a PEM encoded certificate. This -certificate is used as the client cert for communication with the -Key/Value store. +certificate is used as the client cert for communication with the Key/Value +store. #### kv.keyfile Specifies the path to a local file with a PEM encoded private key. This -private key is used as the client key for communication with the -Key/Value store. +private key is used as the client key for communication with the Key/Value +store. # Access authorization -Docker's access authorization can be extended by authorization plugins that your -organization can purchase or build themselves. You can install one or more +Docker's access authorization can be extended by authorization plugins that +your organization can purchase or build themselves. You can install one or more authorization plugins when you start the Docker `daemon` using the `--authorization-plugin=PLUGIN_ID` option. @@ -624,10 +658,10 @@ authorization plugins when you start the Docker `daemon` using the dockerd --authorization-plugin=plugin1 --authorization-plugin=plugin2,... ``` -The `PLUGIN_ID` value is either the plugin's name or a path to its specification -file. The plugin's implementation determines whether you can specify a name or -path. Consult with your Docker administrator to get information about the -plugins available to you. +The `PLUGIN_ID` value is either the plugin's name or a path to its +specification file. The plugin's implementation determines whether you can +specify a name or path. Consult with your Docker administrator to get +information about the plugins available to you. Once a plugin is installed, requests made to the `daemon` through the command line or Docker's remote API are allowed or denied by the plugin. If you have From f2573a87ed846d914af02c854591d0d342fa51c2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 15 Nov 2016 21:59:21 +0100 Subject: [PATCH 2068/2538] Revert reference docs for ambient capabilities This feature was reverted for docker 1.13 in c5251f7116e3d9095a7169fc31bd170dff997c2e, so removing the documentation as well. Signed-off-by: Sebastiaan van Stijn --- docs/reference/run.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index cda3957570..6ddab7550d 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1238,10 +1238,6 @@ since Docker 1.12. In Docker 1.10 and 1.11 this did not happen and it may be nec to use a custom seccomp profile or use `--security-opt seccomp=unconfined` when adding capabilities. -It is only possible to grant capabilities to a container running as a user other than `root` -on a system with a Linux kernel version of 4.3 or later, as this requires "ambient capabilities" -to be granted. These will be added if the kernel allows it from Docker version 1.13. - ## Logging drivers (--log-driver) The container can have a different logging driver than the Docker daemon. Use From b1948be830705b5e4a88a5fcbfd488371a58d37e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 16 Nov 2016 08:35:19 +0100 Subject: [PATCH 2069/2538] Add zsh completion for 'docker system df' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 44140013de..0b89dc63d3 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1961,7 +1961,7 @@ __docker_swarm_subcommand() { __docker_system_commands() { local -a _docker_system_subcommands _docker_system_subcommands=( - "df:Show docker disk usage" + "df:Show docker filesystem usage" "events:Get real time events from the server" "info:Display system-wide information" "prune:Remove unused data" @@ -1978,7 +1978,9 @@ __docker_system_subcommand() { case "$words[1]" in (df) - # @TODO + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -v --verbose)"{-v,--verbose}"[Show detailed information on space usage]" && ret=0 ;; (events) _arguments $(__docker_arguments) \ From 241694402ffaa68e1232f92b7450b1228c412d6a Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 11 Nov 2016 09:01:57 -0800 Subject: [PATCH 2070/2538] Update docs for `docker info` for most recent changes. This fix updates docs for `docker info` for most recent changes. It also made several chagnes: 1. Replace 0.12.0-dev to 0.13.0 for api docs v1.24. 2. Replace 0.13.0-dev to 0.13.0 for api docs v1.25 Signed-off-by: Yong Tang --- docs/reference/commandline/info.md | 77 +++++++++++++++++++---------- man/docker-info.1.md | 79 ++++++++++++++++++++---------- 2 files changed, 102 insertions(+), 54 deletions(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 10f98e648e..70a5952e55 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -47,7 +47,7 @@ available on the volume where `/var/lib/docker` is mounted. ## Display Docker system information -Here is a sample output for a daemon running on Ubuntu, using the overlay +Here is a sample output for a daemon running on Ubuntu, using the overlay2 storage driver and a node that is part of a 2-node swarm: $ docker -D info @@ -56,49 +56,72 @@ storage driver and a node that is part of a 2-node swarm: Paused: 1 Stopped: 10 Images: 52 - Server Version: 1.12.0-dev - Storage Driver: overlay + Server Version: 1.13.0 + Storage Driver: overlay2 Backing Filesystem: extfs + Supports d_type: true + Native Overlay Diff: false Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local - Network: bridge null host overlay - Swarm: - NodeID: 0gac67oclbxq7 + Network: bridge host macvlan null overlay + Swarm: active + NodeID: rdjq45w1op418waxlairloqbm Is Manager: true - Managers: 2 + ClusterID: te8kdyw33n36fqiz74bfjeixd + Managers: 1 Nodes: 2 - Runtimes: default - Default Runtime: default - Security Options: apparmor seccomp - Kernel Version: 4.4.0-21-generic - Operating System: Ubuntu 16.04 LTS + Orchestration: + Task History Retention Limit: 5 + Raft: + Snapshot Interval: 10000 + Number of Old Snapshots to Retain: 0 + Heartbeat Tick: 1 + Election Tick: 3 + Dispatcher: + Heartbeat Period: 5 seconds + CA Configuration: + Expiry Duration: 3 months + Node Address: 172.16.66.128 172.16.66.129 + Manager Addresses: + 172.16.66.128:2477 + Runtimes: runc + Default Runtime: runc + Init Binary: docker-init + containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531 + runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2 + init version: N/A (expected: v0.13.0) + Security Options: + apparmor + seccomp + Profile: default + Kernel Version: 4.4.0-31-generic + Operating System: Ubuntu 16.04.1 LTS OSType: linux Architecture: x86_64 - CPUs: 24 - Total Memory: 62.86 GiB - Name: docker - ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S + CPUs: 2 + Total Memory: 1.937 GiB + Name: ubuntu + ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326 Docker Root Dir: /var/lib/docker - Debug mode (client): true - Debug mode (server): true - File Descriptors: 59 - Goroutines: 159 - System Time: 2016-04-26T10:04:06.14689342-04:00 + Debug Mode (client): true + Debug Mode (server): true + File Descriptors: 30 + Goroutines: 123 + System Time: 2016-11-12T17:24:37.955404361-08:00 EventsListeners: 0 - Http Proxy: http://test:test@localhost:8080 - Https Proxy: https://test:test@localhost:8080 + Http Proxy: http://proxy.example.com:80/ No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com - Username: svendowideit Registry: https://index.docker.io/v1/ WARNING: No swap limit support Labels: storage=ssd staging=true - Insecure registries: - myinsecurehost:5000 + Experimental: false + Insecure Registries: 127.0.0.0/8 + Live Restore Enabled: false The global `-D` option tells all `docker` commands to output debug information. @@ -168,7 +191,7 @@ Here is a sample output for a daemon running on Windows Server 2016: Paused: 0 Stopped: 1 Images: 17 - Server Version: 1.13.0-dev + Server Version: 1.13.0 Storage Driver: windowsfilter Windows: Logging Driver: json-file diff --git a/man/docker-info.1.md b/man/docker-info.1.md index 42f1efe863..5ac54848e4 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -39,7 +39,7 @@ available on the volume where `/var/lib/docker` is mounted. ## Display Docker system information -Here is a sample output for a daemon running on Ubuntu, using the overlay +Here is a sample output for a daemon running on Ubuntu, using the overlay2 storage driver: $ docker -D info @@ -48,49 +48,74 @@ storage driver: Paused: 1 Stopped: 10 Images: 52 - Server Version: 1.12.0-dev - Storage Driver: overlay + Server Version: 1.13.0 + Storage Driver: overlay2 Backing Filesystem: extfs + Supports d_type: true + Native Overlay Diff: false Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local - Network: bridge null host overlay - Swarm: - NodeID: 0gac67oclbxq7 - IsManager: YES - Managers: 2 + Network: bridge host macvlan null overlay + Swarm: active + NodeID: rdjq45w1op418waxlairloqbm + Is Manager: true + ClusterID: te8kdyw33n36fqiz74bfjeixd + Managers: 1 Nodes: 2 - Runtimes: default - Default Runtime: default - Security Options: apparmor seccomp - Kernel Version: 4.4.0-21-generic - Operating System: Ubuntu 16.04 LTS + Orchestration: + Task History Retention Limit: 5 + Raft: + Snapshot Interval: 10000 + Number of Old Snapshots to Retain: 0 + Heartbeat Tick: 1 + Election Tick: 3 + Dispatcher: + Heartbeat Period: 5 seconds + CA Configuration: + Expiry Duration: 3 months + Node Address: 172.16.66.128 172.16.66.129 + Manager Addresses: + 172.16.66.128:2477 + Runtimes: runc + Default Runtime: runc + Init Binary: docker-init + containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531 + runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2 + init version: N/A (expected: v0.13.0) + Security Options: + apparmor + seccomp + Profile: default + Kernel Version: 4.4.0-31-generic + Operating System: Ubuntu 16.04.1 LTS OSType: linux Architecture: x86_64 - CPUs: 24 - Total Memory: 62.86 GiB - Name: docker - ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S + CPUs: 2 + Total Memory: 1.937 GiB + Name: ubuntu + ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326 Docker Root Dir: /var/lib/docker - Debug mode (client): true - Debug mode (server): true - File Descriptors: 59 - Goroutines: 159 - System Time: 2016-04-26T10:04:06.14689342-04:00 + Debug Mode (client): true + Debug Mode (server): true + File Descriptors: 30 + Goroutines: 123 + System Time: 2016-11-12T17:24:37.955404361-08:00 EventsListeners: 0 - Http Proxy: http://test:test@localhost:8080 - Https Proxy: https://test:test@localhost:8080 + Http Proxy: http://proxy.example.com:80/ No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com - Username: svendowideit Registry: https://index.docker.io/v1/ WARNING: No swap limit support Labels: storage=ssd staging=true - Insecure registries: - myinsecurehost:5000 + Experimental: false + Insecure Registries: 127.0.0.0/8 + Live Restore Enabled: false + + The global `-D` option tells all `docker` commands to output debug information. From d22558eb16be29696030e64a77b455e7e2acae1e Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 16 Nov 2016 15:26:29 +0100 Subject: [PATCH 2071/2538] Update stats cli reference documentation Signed-off-by: Vincent Demeester --- docs/reference/commandline/stats.md | 11 +++++++---- man/docker-stats.1.md | 2 ++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index e97390317f..f5d0d54f35 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -21,9 +21,10 @@ Usage: docker stats [OPTIONS] [CONTAINER...] Display a live stream of container(s) resource usage statistics Options: - -a, --all Show all containers (default shows just running) - --help Print usage - --no-stream Disable streaming stats and only pull the first result + -a, --all Show all containers (default shows just running) + --format string Pretty-print images using a Go template + --help Print usage + --no-stream Disable streaming stats and only pull the first result ``` The `docker stats` command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data. @@ -77,7 +78,9 @@ Valid placeholders for the Go template are listed below: Placeholder | Description ------------ | -------------------------------------------- -`.Container` | Container name or ID +`.Container` | Container name or ID (user input) +`.Name` | Container name +`.ID` | Container ID `.CPUPerc` | CPU percentage `.MemUsage` | Memory usage `.NetIO` | Network IO diff --git a/man/docker-stats.1.md b/man/docker-stats.1.md index 6c1c7bb365..0f022cd412 100644 --- a/man/docker-stats.1.md +++ b/man/docker-stats.1.md @@ -30,6 +30,8 @@ Display a live stream of one or more containers' resource usage statistics Pretty-print containers statistics using a Go template. Valid placeholders: .Container - Container name or ID. + .Name - Container name. + .ID - Container ID. .CPUPerc - CPU percentage. .MemUsage - Memory usage. .NetIO - Network IO. From 6393eac0112754d939411385c78244ef3ca962b9 Mon Sep 17 00:00:00 2001 From: Riyaz Faizullabhoy Date: Tue, 25 Oct 2016 13:39:04 -0700 Subject: [PATCH 2072/2538] Edits to plugin docs after building authz plugin Signed-off-by: Riyaz Faizullabhoy --- docs/extend/config.md | 2 ++ docs/extend/index.md | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/extend/config.md b/docs/extend/config.md index 31c785c8e5..329af250eb 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -55,6 +55,8 @@ Config provides the base accessible fields for working with V0 plugin format - **docker.volumedriver/1.0** + - **docker.authz/1.0** + - **`socket`** *string* socket is the name of the socket the engine should use to communicate with the plugins. diff --git a/docs/extend/index.md b/docs/extend/index.md index be86d862dc..71a5f4a3c7 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -199,8 +199,8 @@ drwx------ 19 root root 4096 Aug 8 17:56 rootfs The `rootfs` directory represents the root filesystem of the plugin. In this example, it was created from a Dockerfile: ->**Note:** The `/run/docker/plugins` directory is mandatory for docker to communicate with -the plugin. +>**Note:** The `/run/docker/plugins` directory is mandatory inside of the +plugin's filesystem for docker to communicate with the plugin. ```bash $ git clone https://github.com/vieux/docker-volume-sshfs From f28c79766c279e67d475b5da60561507a9680baa Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 17 Nov 2016 15:34:17 +0100 Subject: [PATCH 2073/2538] Update `images` cli reference with reference filter Signed-off-by: Vincent Demeester --- docs/reference/commandline/images.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index e6d2da52d9..3b9ea1fe17 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -28,6 +28,7 @@ Options: - label= or label== - before=([:tag]||) - since=([:tag]||) + - reference=(pattern of an image reference) --format string Pretty-print images using a Go template --help Print usage --no-trunc Don't truncate output @@ -229,6 +230,24 @@ Filtering with `since` would give: image1 latest eeae25ada2aa 4 minutes ago 188.3 MB image2 latest dea752e4e117 9 minutes ago 188.3 MB +#### Reference + +The `reference` filter shows only images whose reference matches +the specified pattern. + + $ docker images + REPOSITORY TAG IMAGE ID CREATED SIZE + busybox latest e02e811dd08f 5 weeks ago 1.09 MB + busybox uclibc e02e811dd08f 5 weeks ago 1.09 MB + busybox musl 733eb3059dce 5 weeks ago 1.21 MB + busybox glibc 21c16b6787c6 5 weeks ago 4.19 MB + +Filtering with `reference` would give: + + $ docker images --filter=reference='busy*:*libc' + REPOSITORY TAG IMAGE ID CREATED SIZE + busybox uclibc e02e811dd08f 5 weeks ago 1.09 MB + busybox glibc 21c16b6787c6 5 weeks ago 4.19 MB ## Formatting From c4776804f42ef9fda80b382fca17626fb294d4fd Mon Sep 17 00:00:00 2001 From: Boaz Shuster Date: Sun, 13 Nov 2016 10:28:25 +0200 Subject: [PATCH 2074/2538] Change the docker-tag usage text to be clearer Signed-off-by: Boaz Shuster --- docs/reference/commandline/tag.md | 4 ++-- man/docker-tag.1.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 131d375193..983bfe27b2 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -16,9 +16,9 @@ keywords: "tag, name, image" # tag ```markdown -Usage: docker tag IMAGE[:TAG] IMAGE[:TAG] +Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] -Tag an image into a repository +Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE Options: --help Print usage diff --git a/man/docker-tag.1.md b/man/docker-tag.1.md index 9bb252aef0..7f27e1b0e1 100644 --- a/man/docker-tag.1.md +++ b/man/docker-tag.1.md @@ -2,12 +2,12 @@ % Docker Community % JUNE 2014 # NAME -docker-tag - Tag an image into a repository +docker-tag - Create a tag `TARGET_IMAGE` that refers to `SOURCE_IMAGE` # SYNOPSIS **docker tag** [**--help**] -NAME[:TAG] NAME[:TAG] +SOURCE_NAME[:TAG] TARGET_NAME[:TAG] # DESCRIPTION Assigns a new alias to an image in a registry. An alias refers to the From 1ce4af20385aceac068c0c0526ff50a3e0dc5226 Mon Sep 17 00:00:00 2001 From: allencloud Date: Fri, 18 Nov 2016 15:51:36 +0800 Subject: [PATCH 2075/2538] fix typo Signed-off-by: allencloud --- man/docker-run.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 5224895c91..061f509c27 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -907,7 +907,7 @@ should fix the problem. ## Mapping Ports for External Usage The exposed port of an application can be mapped to a host port using the **-p** -flag. For example, a httpd port 80 can be mapped to the host port 8080 using the +flag. For example, an httpd port 80 can be mapped to the host port 8080 using the following: # docker run -p 8080:80 -d -i -t fedora/httpd From d6d3f5144c6a61d73a122d760044a95e34ac2ac4 Mon Sep 17 00:00:00 2001 From: bbayani Date: Fri, 18 Nov 2016 14:22:49 -0800 Subject: [PATCH 2076/2538] Clarify that ipmasq rules are not added when iptables is false Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/dockerd.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 11098b40ef..8d0a64fb92 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1336,10 +1336,14 @@ set this parameter separately for each daemon. - `-p, --pidfile=/var/run/docker.pid` is the path where the process ID of the daemon is stored. Specify the path for your pid file here. - `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`. -- `--iptables=false` prevents the Docker daemon from adding iptables rules. If - multiple daemons manage iptables rules, they may overwrite rules set by - another daemon. Be aware that disabling this option requires you to manually - add iptables rules to expose container ports. +- `--iptables=false` prevents the Docker daemon from adding iptables rules. If +multiple daemons manage iptables rules, they may overwrite rules set by another +daemon. Be aware that disabling this option requires you to manually add +iptables rules to expose container ports. If you prevent Docker from adding +iptables rules, Docker will also not add IP masquerading rules, even if you set +`--ip-masq` to `true`. Without IP masquerading rules, Docker containers will not be +able to connect to external hosts or the internet when using network other than +default bridge. - `--config-file=/etc/docker/daemon.json` is the path where configuration file is stored. You can use it instead of daemon flags. Specify the path for each daemon. - `--tls*` Docker daemon supports `--tlsverify` mode that enforces encrypted and authenticated remote connections. From d1071533a6ce29d0e4676c8b863654521913d953 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 20 Nov 2016 09:58:39 -0800 Subject: [PATCH 2077/2538] Add bash completion for `dockerd --userland-proxy-path` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7b16406462..74eff31492 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1708,6 +1708,7 @@ _docker_daemon() { --shutdown-timeout --storage-driver -s --storage-opt + --userland-proxy-path --userns-remap " @@ -1754,7 +1755,7 @@ _docker_daemon() { __docker_nospace return ;; - --config-file|--containerd|--init-path|--pidfile|-p|--tlscacert|--tlscert|--tlskey) + --config-file|--containerd|--init-path|--pidfile|-p|--tlscacert|--tlscert|--tlskey|--userland-proxy-path) _filedir return ;; From 17398ca0c365ed53a81274234a40f0b0cc7565ca Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Mon, 21 Nov 2016 12:36:31 +0100 Subject: [PATCH 2078/2538] Update cli reference for docker {,stack} deploy Signed-off-by: Vincent Demeester --- docs/reference/commandline/deploy.md | 77 ++++++++++++++++------ docs/reference/commandline/stack_deploy.md | 72 ++++++++++++++------ 2 files changed, 110 insertions(+), 39 deletions(-) diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index 87491efe3b..3455bb9e14 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -19,39 +19,76 @@ advisory: "experimental" ```markdown Usage: docker deploy [OPTIONS] STACK -Create and update a stack from a Distributed Application Bundle (DAB) +Deploy a new stack or update an existing stack + +Aliases: + deploy, up Options: - --file string Path to a Distributed Application Bundle file (Default: STACK.dab) - --help Print usage - --with-registry-auth Send registry authentication details to swarm agents + --bundle-file string Path to a Distributed Application Bundle file + --compose-file string Path to a Compose file + --help Print usage + --with-registry-auth Send registry authentication details to Swarm agents ``` -Create and update a stack from a `dab` file. This command has to be -run targeting a manager node. +Create and update a stack from a `compose` or a `dab` file on the swarm. This command +has to be run targeting a manager node. + +## Copmose file + +The `deploy` command supports compose file version `3.0` and above. ```bash -$ docker deploy vossibility-stack +$ docker stack deploy --compose-file docker-compose.yml vossibility +Ignoring unsupported options: links + +Creating network vossibility_vossibility +Creating network vossibility_default +Creating service vossibility_nsqd +Creating service vossibility_logstash +Creating service vossibility_elasticsearch +Creating service vossibility_kibana +Creating service vossibility_ghollector +Creating service vossibility_lookupd +``` + +You can verify that the services were correctly created + +``` +$ docker service ls +ID NAME MODE REPLICAS IMAGE +29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe +axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba +``` + +## DAB file + +```bash +$ docker stack deploy --bundle-file vossibility-stack.dab vossibility Loading bundle from vossibility-stack.dab -Creating service vossibility-stack_elasticsearch -Creating service vossibility-stack_kibana -Creating service vossibility-stack_logstash -Creating service vossibility-stack_lookupd -Creating service vossibility-stack_nsqd -Creating service vossibility-stack_vossibility-collector +Creating service vossibility_elasticsearch +Creating service vossibility_kibana +Creating service vossibility_logstash +Creating service vossibility_lookupd +Creating service vossibility_nsqd +Creating service vossibility_vossibility-collector ``` You can verify that the services were correctly created: ```bash $ docker service ls -ID NAME MODE REPLICAS IMAGE -29bv0vnlm903 vossibility-stack_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4awt47624qwh vossibility-stack_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4tjx9biia6fs vossibility-stack_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa -7563uuzr9eys vossibility-stack_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 -9gc5m4met4he vossibility-stack_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe -axqh55ipl40h vossibility-stack_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba +ID NAME MODE REPLICAS IMAGE +29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe +axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba ``` ## Related information diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 406b105caa..c3eb6bf9a2 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -19,42 +19,76 @@ advisory: "experimental" ```markdown Usage: docker stack deploy [OPTIONS] STACK -Create and update a stack from a Distributed Application Bundle (DAB) +Deploy a new stack or update an existing stack Aliases: deploy, up Options: - --file string Path to a Distributed Application Bundle file (Default: STACK.dab) - --help Print usage - --with-registry-auth Send registry authentication details to swarm agents + --bundle-file string Path to a Distributed Application Bundle file + --compose-file string Path to a Compose file + --help Print usage + --with-registry-auth Send registry authentication details to Swarm agents ``` -Create and update a stack from a `dab` file on the swarm. This command +Create and update a stack from a `compose` or a `dab` file on the swarm. This command has to be run targeting a manager node. +## Copmose file + +The `deploy` command supports compose file version `3.0` and above." + ```bash -$ docker stack deploy vossibility-stack +$ docker stack deploy --compose-file docker-compose.yml vossibility +Ignoring unsupported options: links + +Creating network vossibility_vossibility +Creating network vossibility_default +Creating service vossibility_nsqd +Creating service vossibility_logstash +Creating service vossibility_elasticsearch +Creating service vossibility_kibana +Creating service vossibility_ghollector +Creating service vossibility_lookupd +``` + +You can verify that the services were correctly created + +``` +$ docker service ls +ID NAME MODE REPLICAS IMAGE +29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe +axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba +``` + +## DAB file + +```bash +$ docker stack deploy --bundle-file vossibility-stack.dab vossibility Loading bundle from vossibility-stack.dab -Creating service vossibility-stack_elasticsearch -Creating service vossibility-stack_kibana -Creating service vossibility-stack_logstash -Creating service vossibility-stack_lookupd -Creating service vossibility-stack_nsqd -Creating service vossibility-stack_vossibility-collector +Creating service vossibility_elasticsearch +Creating service vossibility_kibana +Creating service vossibility_logstash +Creating service vossibility_lookupd +Creating service vossibility_nsqd +Creating service vossibility_vossibility-collector ``` You can verify that the services were correctly created: ```bash $ docker service ls -ID NAME MODE REPLICAS IMAGE -29bv0vnlm903 vossibility-stack_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4awt47624qwh vossibility-stack_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 -4tjx9biia6fs vossibility-stack_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa -7563uuzr9eys vossibility-stack_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 -9gc5m4met4he vossibility-stack_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe -axqh55ipl40h vossibility-stack_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba +ID NAME MODE REPLICAS IMAGE +29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 +4tjx9biia6fs vossibility_elasticsearch replicated 1/1 elasticsearch@sha256:12ac7c6af55d001f71800b83ba91a04f716e58d82e748fa6e5a7359eed2301aa +7563uuzr9eys vossibility_kibana replicated 1/1 kibana@sha256:6995a2d25709a62694a937b8a529ff36da92ebee74bafd7bf00e6caf6db2eb03 +9gc5m4met4he vossibility_logstash replicated 1/1 logstash@sha256:2dc8bddd1bb4a5a34e8ebaf73749f6413c101b2edef6617f2f7713926d2141fe +axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba ``` ## Related information From 672d8cf4e909545328675338f14c3305f3ccd95c Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Mon, 21 Nov 2016 09:39:48 -0800 Subject: [PATCH 2079/2538] Update deprecation notes about v1 registry Adds section about the hub deprecating the v1 protocol. Adds note about intent to disable by default and remove support. Signed-off-by: Derek McGowan (github: dmcgowan) --- docs/deprecated.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 5a064a5afe..88ca44097d 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -242,7 +242,18 @@ of the `--changes` flag that allows to pass `Dockerfile` commands. ### Interacting with V1 registries -Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 registries. Though disabled by default, this signals the intent to deprecate the v1 protocol. +**Disabled By Default In Release: v1.14** + +**Target For Removal In Release: v1.17** + +Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the +docker daemon from `pull`, `push`, and `login` operations against v1 +registries. Though enabled by default, this signals the intent to deprecate +the v1 protocol. + +Support for the v1 protocol to the public registry was removed in 1.13. Any +mirror configurations using v1 should be updated to use a +[v2 registry mirror](https://docs.docker.com/registry/recipes/mirror/). ### Docker Content Trust ENV passphrase variables name change **Deprecated In Release: [v1.9.0](https://github.com/docker/docker/releases/tag/v1.9.0)** From 53ef5c34c0402d14efaf057bcd462a01d65543e3 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Fri, 11 Nov 2016 17:44:42 -0800 Subject: [PATCH 2080/2538] cli: Add valid suffixes for remaining duration options A recent PR added `(ns|us|ms|s|m|h)` to the descriptions of some duration options, but not all. Add it to the remaining options for consistency. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/service_create.md | 10 +++++----- docs/reference/commandline/service_update.md | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 9f441c05fe..d803ddb197 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -31,9 +31,9 @@ Options: --env-file list Read in a file of environment variables (default []) --group list Set one or more supplementary user groups for the container (default []) --health-cmd string Command to run to check health - --health-interval duration Time between running the check (default none) + --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default none) --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (default none) + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default none) --help Print usage --host list Set one or more custom host-to-IP mappings (host:ip) (default []) --hostname string Container hostname @@ -52,11 +52,11 @@ Options: --reserve-cpu decimal Reserve CPUs (default 0.000) --reserve-memory bytes Reserve Memory (default 0 B) --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay duration Delay between restart attempts (default none) + --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) (default none) --restart-max-attempts uint Maximum number of restarts before giving up (default none) - --restart-window duration Window used to evaluate the restart policy (default none) + --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) (default none) --secret value Specify secrets to expose to the service (default []) - --stop-grace-period duration Time to wait before force killing a container (default none) + --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) (default none) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure (pause|continue) (default "pause") diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 51a9dd3dda..305d79fb3b 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -39,9 +39,9 @@ Options: --group-add list Add an additional supplementary user group to the container (default []) --group-rm list Remove a previously added supplementary user group from the container (default []) --health-cmd string Command to run to check health - --health-interval duration Time between running the check (default none) + --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default none) --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (default none) + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default none) --help Print usage --host-add list Add or update a custom host-to-IP mapping (host:ip) (default []) --host-rm list Remove a custom host-to-IP mapping (host:ip) (default []) @@ -61,13 +61,13 @@ Options: --reserve-cpu decimal Reserve CPUs (default 0.000) --reserve-memory bytes Reserve Memory (default 0 B) --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay duration Delay between restart attempts (default none) + --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) (default none) --restart-max-attempts uint Maximum number of restarts before giving up (default none) - --restart-window duration Window used to evaluate the restart policy (default none) + --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) (default none) --rollback Rollback to previous specification --secret-add list Add a secret (default []) --secret-rm list Remove a secret (default []) - --stop-grace-period duration Time to wait before force killing a container (default none) + --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) (default none) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure (pause|continue) (default "pause") From 3e4a6ba39b64c6d2ca7b682e256e134a1ba63699 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 21 Nov 2016 17:39:58 +0100 Subject: [PATCH 2081/2538] Update service ps reference for "--no-trunc" The "--no-trunc" option toggles between showing/hiding digests. This updates the reference to show this difference. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/service_ps.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index b12c5a4add..2554267f39 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -54,6 +54,24 @@ redis.9.3w1wu13yuplna8ri3fx47iwad redis:3.0.6 manager1 Running Runnin redis.10.8eaxrb2fqpbnv9x30vr06i6vt redis:3.0.6 manager1 Running Running 8 seconds ``` +When deploying a service, docker resolves the digest for the service's +image, and pins the service to that digest. The digest is not shown by +default, but is printed if `--no-trunc` is used; + +```bash +$ docker service ps --no-trunc redis +NAME IMAGE NODE DESIRED STATE CURRENT STATE +redis.1.0qihejybwf1x5vqi8lgzlgnpq redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 28 seconds +redis.2.bk658fpbex0d57cqcwoe3jthu redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Running Running 29 seconds +redis.3.5ls5s5fldaqg37s9pwayjecrf redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker1 Running Running 29 seconds +redis.4.8ryt076polmclyihzx67zsssj redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker1 Running Running 29 seconds +redis.5.1x0v8yomsncd6sbvfn0ph6ogc redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 28 seconds +redis.6.71v7je3el7rrw0osfywzs0lko redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Running Running 29 seconds +redis.7.4l3zm9b7tfr7cedaik8roxq6r redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Running Running 29 seconds +redis.8.9tfpyixiy2i74ad9uqmzp1q6o redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker1 Running Running 29 seconds +redis.9.3w1wu13yuplna8ri3fx47iwad redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 28 seconds +redis.10.8eaxrb2fqpbnv9x30vr06i6vt redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 28 seconds +``` ## Filtering From 594b69d1ffa1ae16e15dfdefe30f2ed5a932d271 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Fri, 18 Nov 2016 15:28:01 +0100 Subject: [PATCH 2082/2538] =?UTF-8?q?Add=20documentation=20about=20templat?= =?UTF-8?q?ing=20support=20on=E2=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit … services creation/update. Signed-off-by: Vincent Demeester --- docs/reference/commandline/service_create.md | 38 ++++++++++++++++++++ docs/reference/commandline/service_update.md | 5 +++ 2 files changed, 43 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index d803ddb197..f514efe7f5 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -474,6 +474,44 @@ accessible at the target port on every node regardless if there is a task for the service running on the node. For more information refer to [Use swarm mode routing mesh](https://docs.docker.com/engine/swarm/ingress/). +### Create services using templates + +You can use templates for some flags of `service create`, using the syntax +provided by the Go's [text/template](http://golange.org/pkg/text/template/) package. + +The supported flags are the following : + +- `--hostname` +- `--mount` +- `--env` + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +----------------- | -------------------------------------------- +`.Service.ID` | Service ID +`.Service.Name` | Service name +`.Service.Labels` | Service labels +`.Node.ID` | Node ID +`.Task.ID` | Task ID +`.Task.Name` | Task name +`.Task.Slot` | Task slot + +#### Template example + +In this example, we are going to set the template of the created containers based on the +service's name and the node's ID where it sits. + +```bash +$ docker service create --name hosttempl --hostname={% raw %}"{{.Node.ID}}-{{.Service.Name}}"{% endraw %} busybox top +va8ew30grofhjoychbr6iot8c +$ docker service ps va8ew30grofhjoychbr6iot8c +NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +hosttempl.1.wo41w8hg8qan busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 2e7a8a9c4da2 Running Running about a minute ago +$ docker inspect --format={% raw %}"{{.Config.Hostname}}"{% endraw %} hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj +x3ti0erg11rjpg64m75kej2mz-hosttempl +``` + ## Related information * [service inspect](service_inspect.md) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 305d79fb3b..21a727f719 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -164,6 +164,11 @@ $ docker service update \ myservice ``` +### Update services using templates + +Some flags of `service update` support the use of templating. +See [`service create`](./service_create.md#templating) for the reference. + ## Related information * [service create](service_create.md) From cb0862f411abb86b12df9fdb694722466bf8bef9 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 19 Nov 2016 13:05:51 -0800 Subject: [PATCH 2083/2538] Add bash completion for `docker images --filter reference` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 74eff31492..25779590f5 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2042,7 +2042,7 @@ _docker_image_list() { _docker_image_ls() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in - before) + before|since|reference) cur="${cur##*=}" __docker_complete_images return @@ -2054,16 +2054,11 @@ _docker_image_ls() { label) return ;; - since) - cur="${cur##*=}" - __docker_complete_images - return - ;; esac case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "before dangling label since" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "before dangling label reference since" -- "$cur" ) ) __docker_nospace return ;; From 5b6fdb11a8ae8cb7e331ed2b2dd9a672cc284da0 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 12 Nov 2016 10:32:08 -0800 Subject: [PATCH 2084/2538] Add bash completion for `docker build --network` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 25779590f5..1d8345595d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1914,6 +1914,7 @@ _docker_image_build() { --label --memory -m --memory-swap + --network --shm-size --tag -t --ulimit @@ -1950,6 +1951,20 @@ _docker_image_build() { __docker_complete_isolation return ;; + --network) + case "$cur" in + container:*) + __docker_complete_containers_all --cur "${cur#*:}" + ;; + *) + COMPREPLY=( $( compgen -W "$(__docker_plugins --type Network) $(__docker_networks) container:" -- "$cur") ) + if [ "${COMPREPLY[*]}" = "container:" ] ; then + __docker_nospace + fi + ;; + esac + return + ;; --tag|-t) __docker_complete_image_repos_and_tags return From b47e3d3adf10a9d317de6bf70aa7e84a67ddaf57 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 22 Nov 2016 07:57:31 +0100 Subject: [PATCH 2085/2538] Add zsh completion for 'dockerd --userland-proxy-path' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 0b89dc63d3..0619618534 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2257,7 +2257,8 @@ __docker_subcommand() { "($help)--tlskey=[Path to TLS key file]:Key file:_files -g \"*.(pem|key)\"" \ "($help)--tlsverify[Use TLS and verify the remote]" \ "($help)--userns-remap=[User/Group setting for user namespaces]:user\:group:->users-groups" \ - "($help)--userland-proxy[Use userland proxy for loopback traffic]" && ret=0 + "($help)--userland-proxy[Use userland proxy for loopback traffic]" \ + "($help)--userland-proxy-path=[Path to the userland proxy binary]:binary:_files" && ret=0 case $state in (cluster-store) From f3c9cdadd3a96e0e67d512de25c18a5c91b5fc57 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 22 Nov 2016 08:01:45 +0100 Subject: [PATCH 2086/2538] Add zsh completion for 'docker image ls --filter reference' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 0619618534..dd72b2d61d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -399,11 +399,11 @@ __docker_complete_images_filters() { declare -a boolean_opts opts boolean_opts=('true' 'false') - opts=('before' 'dangling' 'label' 'since') + opts=('before' 'dangling' 'label' 'reference' 'since') if compset -P '*='; then case "${${words[-1]%=*}#*=}" in - (before|since) + (before|reference|since) __docker_complete_images && ret=0 ;; (dangling) From 6b8588ab94591876f8ba5ffd78c368138acdda57 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 22 Nov 2016 19:09:30 +0100 Subject: [PATCH 2087/2538] Fix typo in docs (Copmose) Signed-off-by: Harald Albers --- docs/reference/commandline/deploy.md | 2 +- docs/reference/commandline/stack_deploy.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index 3455bb9e14..53074b2fd4 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -34,7 +34,7 @@ Options: Create and update a stack from a `compose` or a `dab` file on the swarm. This command has to be run targeting a manager node. -## Copmose file +## Compose file The `deploy` command supports compose file version `3.0` and above. diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index c3eb6bf9a2..f2e089dc62 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -34,7 +34,7 @@ Options: Create and update a stack from a `compose` or a `dab` file on the swarm. This command has to be run targeting a manager node. -## Copmose file +## Compose file The `deploy` command supports compose file version `3.0` and above." @@ -98,4 +98,4 @@ axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/ * [stack ps](stack_ps.md) * [stack rm](stack_rm.md) * [stack services](stack_services.md) -* [deploy](deploy.md) \ No newline at end of file +* [deploy](deploy.md) From e0ce0361ba4d37e541f29fe934520562a6ef96dc Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 22 Nov 2016 16:01:14 +0100 Subject: [PATCH 2088/2538] add note that windows does not support managed plugins Signed-off-by: Sebastiaan van Stijn --- docs/extend/index.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/extend/index.md b/docs/extend/index.md index 71a5f4a3c7..66a0f07f3b 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -27,6 +27,9 @@ volume drivers, but more plugin driver types will be available in future release For information about the legacy plugin system available in Docker Engine 1.12 and earlier, see [Understand legacy Docker Engine plugins](legacy_plugins.md). +> **Note**: Docker Engine managed plugins are currently not supported +on Windows daemons. + ## Installing and using a plugin Plugins are distributed as Docker images and can be hosted on Docker Hub or on From 2cfcc8a8fadd6fef69fd9c8770ab0436bd202c5f Mon Sep 17 00:00:00 2001 From: Ben Firshman Date: Tue, 15 Nov 2016 19:45:20 +0000 Subject: [PATCH 2089/2538] Rename Remote API to Engine API Implementation of https://github.com/docker/docker/issues/28319 Signed-off-by: Ben Firshman --- contrib/completion/fish/docker.fish | 2 +- contrib/completion/zsh/_docker | 2 +- docs/extend/plugins_authorization.md | 4 ++-- docs/reference/commandline/dockerd.md | 12 ++++++------ man/dockerd.8.md | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 9e47696fb5..6630331b7b 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -43,7 +43,7 @@ function __fish_print_docker_repositories --description 'Print a list of docker end # common options -complete -c docker -f -n '__fish_docker_no_subcommand' -l api-cors-header -d "Set CORS headers in the remote API. Default is cors disabled" +complete -c docker -f -n '__fish_docker_no_subcommand' -l api-cors-header -d "Set CORS headers in the Engine API. Default is cors disabled" complete -c docker -f -n '__fish_docker_no_subcommand' -s b -l bridge -d 'Attach containers to a pre-existing network bridge' complete -c docker -f -n '__fish_docker_no_subcommand' -l bip -d "Use this CIDR notation address for the network bridge's IP, not compatible with -b" complete -c docker -f -n '__fish_docker_no_subcommand' -s D -l debug -d 'Enable debug mode' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index dd72b2d61d..d361c325c9 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2200,7 +2200,7 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*--add-runtime=[Register an additional OCI compatible runtime]:runtime:__docker_complete_runtimes" \ - "($help)--api-cors-header=[CORS headers in the remote API]:CORS headers: " \ + "($help)--api-cors-header=[CORS headers in the Engine API]:CORS headers: " \ "($help)*--authorization-plugin=[Authorization plugins to load]" \ "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ "($help)--bip=[Network bridge IP]:IP address: " \ diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index edf5799494..2f2328bb0f 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -22,7 +22,7 @@ refer to [Docker Engine plugin system](index.md). Docker's out-of-the-box authorization model is all or nothing. Any user with permission to access the Docker daemon can run any Docker client command. The -same is true for callers using Docker's remote API to contact the daemon. If you +same is true for callers using Docker's Engine API to contact the daemon. If you require greater access control, you can create authorization plugins and add them to your Docker daemon configuration. Using an authorization plugin, a Docker administrator can configure granular access policies for managing access @@ -69,7 +69,7 @@ can be ordered. Each request to the daemon passes in order through the chain. Only when all the plugins grant access to the resource, is the access granted. When an HTTP request is made to the Docker daemon through the CLI or via the -remote API, the authentication subsystem passes the request to the installed +Engine API, the authentication subsystem passes the request to the installed authentication plugin(s). The request contains the user (caller) and command context. The plugin is responsible for deciding whether to allow or deny the request. diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 8d0a64fb92..0c7a2f0019 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -24,7 +24,7 @@ A self-sufficient runtime for containers. Options: --add-runtime value Register an additional OCI compatible runtime (default []) - --api-cors-header string Set CORS headers in the remote API + --api-cors-header string Set CORS headers in the Engine API --authorization-plugin value Authorization plugins to load (default []) --bip string Specify network bridge IP -b, --bridge string Attach containers to a network bridge @@ -101,7 +101,7 @@ To run the daemon with debug output, use `dockerd -D`. ## Daemon socket option -The Docker daemon can listen for [Docker Remote API](../api/docker_remote_api.md) +The Docker daemon can listen for [Docker Engine API](../api/) requests via three different types of Socket: `unix`, `tcp`, and `fd`. By default, a `unix` domain socket (or IPC socket) is created at @@ -905,7 +905,7 @@ path. Consult with your Docker administrator to get information about the plugins available to you. Once a plugin is installed, requests made to the `daemon` through the command -line or Docker's remote API are allowed or denied by the plugin. If you have +line or Docker's Engine API are allowed or denied by the plugin. If you have multiple plugins installed, at least one must allow the request for it to complete. @@ -1094,11 +1094,11 @@ the `--cgroup-parent` option on the daemon. ## Daemon Metrics The `--metrics-addr` option takes a tcp address to serve the metrics API. -This feature is still experimental, therefore, the daemon must be running in experimental +This feature is still experimental, therefore, the daemon must be running in experimental mode for this feature to work. To serve the metrics API on localhost:1337 you would specify `--metrics-addr 127.0.0.1:1337` -allowing you to make requests on the API at `127.0.0.1:1337/metrics` to receive metrics in the +allowing you to make requests on the API at `127.0.0.1:1337/metrics` to receive metrics in the [prometheus](https://prometheus.io/docs/instrumenting/exposition_formats/) format. If you are running a prometheus server you can add this address to your scrape configs @@ -1113,7 +1113,7 @@ scrape_configs: ``` Please note that this feature is still marked as experimental as metrics and metric -names could change while this feature is still in experimental. Please provide +names could change while this feature is still in experimental. Please provide feedback on what you would like to see collected in the API. ## Daemon configuration file diff --git a/man/dockerd.8.md b/man/dockerd.8.md index dbd68e5f64..f99e7a7cab 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -87,7 +87,7 @@ following format. Set additional OCI compatible runtime. **--api-cors-header**="" - Set CORS headers in the remote API. Default is cors disabled. Give urls like + Set CORS headers in the Engine API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. **--authorization-plugin**="" @@ -664,7 +664,7 @@ specify a name or path. Consult with your Docker administrator to get information about the plugins available to you. Once a plugin is installed, requests made to the `daemon` through the command -line or Docker's remote API are allowed or denied by the plugin. If you have +line or Docker's Engine API are allowed or denied by the plugin. If you have multiple plugins installed, at least one must allow the request for it to complete. From ddf22952a0018ace7cfd055a00b0d711958595a3 Mon Sep 17 00:00:00 2001 From: Jacob Tomlinson Date: Tue, 22 Nov 2016 21:24:37 +0000 Subject: [PATCH 2090/2538] Add concurrent uploads/downloads section Document and link to the concurrent uploads/downloads daemon option. Signed-off-by: Jacob Tomlinson --- docs/reference/commandline/pull.md | 7 +++++++ docs/reference/commandline/push.md | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 459d7d4950..0c960b404a 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -44,6 +44,13 @@ environment variables. To set these environment variables on a host using `systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/engine/admin/systemd/#http-proxy) for variables configuration. +## Concurrent downloads + +By default the Docker daemon will pull three layers of an image at a time. +If you are on a low bandwidth connection this may cause timeout issues and you may want to lower +this via the `--max-concurrent-downloads` daemon option. See the +[daemon documentation](dockerd.md) for more details. + ## Examples ### Pull an image from Docker Hub diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 93230db6f9..e36fd026d1 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -36,6 +36,13 @@ running in a terminal, terminates the push operation. Registry credentials are managed by [docker login](login.md). +## Concurrent uploads + +By default the Docker daemon will push five layers of an image at a time. +If you are on a low bandwidth connection this may cause timeout issues and you may want to lower +this via the `--max-concurrent-uploads` daemon option. See the +[daemon documentation](dockerd.md) for more details. + ## Examples ### Pushing a new image to a registry From b70edf410db71db8bfae3a26b72548ebb964c02a Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 22 Nov 2016 13:42:11 -0800 Subject: [PATCH 2091/2538] plugins: misc fixes Rename variable to reflect manifest -> config renaming Populate Description fields when computing privileges. Refactor/reuse code from daemon/oci_linux.go Signed-off-by: Tibor Vass --- docs/extend/config.md | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/docs/extend/config.md b/docs/extend/config.md index 329af250eb..53f52f7b66 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -16,6 +16,7 @@ keywords: "API, Usage, plugins, documentation, developer" will be rejected. --> + # Plugin Config Version 0 of Plugin V2 This document outlines the format of the V0 plugin configuration. The plugin @@ -85,10 +86,6 @@ Config provides the base accessible fields for working with V0 plugin format - **host** - **none** -- **`capabilities`** *array* - - capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security) - - **`mounts`** *PluginMount array* mount of the plugin, struct consisting of the following fields, see [`MOUNTS`](https://github.com/opencontainers/runtime-spec/blob/master/config.md#mounts) @@ -117,22 +114,6 @@ Config provides the base accessible fields for working with V0 plugin format options of the mount. -- **`devices`** *PluginDevice array* - - device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices) - - - **`name`** *string* - - name of the device. - - - **`description`** *string* - - description of the device. - - - **`path`** *string* - - path of the device. - - **`env`** *PluginEnv array* env of the plugin, struct consisting of the following fields @@ -165,6 +146,27 @@ Config provides the base accessible fields for working with V0 plugin format values of the args. +- **`linux`** *PluginLinux* + + - **`capabilities`** *string array* + + capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security) + + - **`devices`** *PluginDevice array* + + device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices) + + - **`name`** *string* + + name of the device. + + - **`description`** *string* + + description of the device. + + - **`path`** *string* + + path of the device. ## Example Config From 50674ba5f6daee4a3213b9d8b92b7012ece1a30a Mon Sep 17 00:00:00 2001 From: cyli Date: Tue, 22 Nov 2016 18:18:50 -0500 Subject: [PATCH 2092/2538] Update docs to reflect no longer displaying secret digest or size. Signed-off-by: cyli --- docs/reference/commandline/secret_inspect.md | 17 +++++++---------- docs/reference/commandline/secret_ls.md | 4 ++-- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/docs/reference/commandline/secret_inspect.md b/docs/reference/commandline/secret_inspect.md index 0d427464af..de878f74e4 100644 --- a/docs/reference/commandline/secret_inspect.md +++ b/docs/reference/commandline/secret_inspect.md @@ -45,8 +45,8 @@ For example, given the following secret: ```bash $ docker secret ls -ID NAME CREATED UPDATED SIZE -mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +ID NAME CREATED UPDATED +mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC ``` ```bash @@ -60,11 +60,8 @@ $ docker secret inspect secret.json "CreatedAt": "2016-10-27T23:25:43.909181089Z", "UpdatedAt": "2016-10-27T23:25:43.909181089Z", "Spec": { - "Name": "secret.json", - "Data": null - }, - "Digest": "sha256:8281c6d924520986e3c6af23ed8926710a611c90339db582c2a9ac480ba622b7", - "SecretSize": 1679 + "Name": "secret.json" + } } ] ``` @@ -72,12 +69,12 @@ $ docker secret inspect secret.json ### Formatting secret output You can use the --format option to obtain specific information about a -secret. The following example command outputs the digest of the +secret. The following example command outputs the creation time of the secret. ```bash{% raw %} -$ docker secret inspect --format='{{.Digest}}' mhv17xfe3gh6xc4rij5orpfds -sha256:8281c6d924520986e3c6af23ed8926710a611c90339db582c2a9ac480ba622b7 +$ docker secret inspect --format='{{.CreatedAt}}' mhv17xfe3gh6xc4rij5orpfds +2016-10-27 23:25:43.909181089 +0000 UTC {% endraw %}``` diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md index fa78e66427..31659e72e6 100644 --- a/docs/reference/commandline/secret_ls.md +++ b/docs/reference/commandline/secret_ls.md @@ -33,8 +33,8 @@ On a manager node: ```bash $ docker secret ls -ID NAME CREATED UPDATED SIZE -mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +ID NAME CREATED UPDATED +mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC ``` ## Related information From d16010d737949ce2309976e28885407c713544fb Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 23 Nov 2016 11:14:38 +0100 Subject: [PATCH 2093/2538] Move `docker stack` docs out of experimental Signed-off-by: Harald Albers --- docs/reference/commandline/stack_deploy.md | 3 +-- docs/reference/commandline/stack_ls.md | 3 +-- docs/reference/commandline/stack_ps.md | 3 +-- docs/reference/commandline/stack_rm.md | 3 +-- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index f2e089dc62..eb7f005e95 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -2,7 +2,6 @@ title: "stack deploy" description: "The stack deploy command description and usage" keywords: "stack, deploy, up" -advisory: "experimental" --- -# stack deploy (experimental) +# stack deploy ```markdown Usage: docker stack deploy [OPTIONS] STACK diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md index f3668142ac..a9a0ab070a 100644 --- a/docs/reference/commandline/stack_ls.md +++ b/docs/reference/commandline/stack_ls.md @@ -2,7 +2,6 @@ title: "stack ls" description: "The stack ls command description and usage" keywords: "stack, ls" -advisory: "experimental" --- -# stack ls (experimental) +# stack ls ```markdown Usage: docker stack ls diff --git a/docs/reference/commandline/stack_ps.md b/docs/reference/commandline/stack_ps.md index ae1d15b5e1..951c694e4e 100644 --- a/docs/reference/commandline/stack_ps.md +++ b/docs/reference/commandline/stack_ps.md @@ -2,7 +2,6 @@ title: "stack ps" description: "The stack ps command description and usage" keywords: "stack, ps" -advisory: "experimental" --- -# stack ps (experimental) +# stack ps ```markdown Usage: docker stack ps [OPTIONS] STACK diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md index 2e2a4166a2..a74b3ac817 100644 --- a/docs/reference/commandline/stack_rm.md +++ b/docs/reference/commandline/stack_rm.md @@ -2,7 +2,6 @@ title: "stack rm" description: "The stack rm command description and usage" keywords: "stack, rm, remove, down" -advisory: "experimental" --- -# stack rm (experimental) +# stack rm ```markdown Usage: docker stack rm STACK From 7792b0d382c351627402151389e1e7b12c8a38cd Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 23 Nov 2016 15:42:40 +0100 Subject: [PATCH 2094/2538] Update plugin enable cli reference documentation Signed-off-by: Vincent Demeester --- docs/reference/commandline/plugin_enable.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index 15a07e6f70..6b9ed76407 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -21,7 +21,8 @@ Usage: docker plugin enable PLUGIN Enable a plugin Options: - --help Print usage + --help Print usage + --timeout int HTTP client timeout (in seconds) ``` Enables a plugin. The plugin must be installed before it can be enabled, From 0202ece8e1198e1bdc57fb27391b1e3c0507b99d Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Wed, 23 Nov 2016 17:20:12 +0100 Subject: [PATCH 2095/2538] Update docker info cli reference documentation Signed-off-by: Vincent Demeester --- docs/reference/commandline/info.md | 11 +++++++++-- man/docker-info.1.md | 8 ++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 70a5952e55..50a084fcb2 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -111,7 +111,8 @@ storage driver and a node that is part of a 2-node swarm: Goroutines: 123 System Time: 2016-11-12T17:24:37.955404361-08:00 EventsListeners: 0 - Http Proxy: http://proxy.example.com:80/ + Http Proxy: http://test:test@proxy.example.com:8080 + Https Proxy: https://test:test@proxy.example.com:8080 No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com Registry: https://index.docker.io/v1/ WARNING: No swap limit support @@ -121,6 +122,9 @@ storage driver and a node that is part of a 2-node swarm: Experimental: false Insecure Registries: 127.0.0.0/8 + Registry Mirrors: + http://192.168.1.2/ + http://registry-mirror.example.com:5000/ Live Restore Enabled: false The global `-D` option tells all `docker` commands to output debug information. @@ -172,7 +176,7 @@ information about the devicemapper storage driver is shown: Docker Root Dir: /var/lib/docker Debug mode (client): false Debug mode (server): false - Username: xyz + Username: gordontheturtle Registry: https://index.docker.io/v1/ Insecure registries: myinsecurehost:5000 @@ -214,4 +218,7 @@ Here is a sample output for a daemon running on Windows Server 2016: Registry: https://index.docker.io/v1/ Insecure Registries: 127.0.0.0/8 + Registry Mirrors: + http://192.168.1.2/ + http://registry-mirror.example.com:5000/ Live Restore Enabled: false diff --git a/man/docker-info.1.md b/man/docker-info.1.md index 5ac54848e4..bb7a8fb4c2 100644 --- a/man/docker-info.1.md +++ b/man/docker-info.1.md @@ -103,7 +103,8 @@ storage driver: Goroutines: 123 System Time: 2016-11-12T17:24:37.955404361-08:00 EventsListeners: 0 - Http Proxy: http://proxy.example.com:80/ + Http Proxy: http://test:test@proxy.example.com:8080 + Https Proxy: https://test:test@proxy.example.com:8080 No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com Registry: https://index.docker.io/v1/ WARNING: No swap limit support @@ -113,6 +114,9 @@ storage driver: Experimental: false Insecure Registries: 127.0.0.0/8 + Registry Mirrors: + http://192.168.1.2/ + http://registry-mirror.example.com:5000/ Live Restore Enabled: false @@ -166,7 +170,7 @@ information about the devicemapper storage driver is shown: Docker Root Dir: /var/lib/docker Debug mode (client): false Debug mode (server): false - Username: xyz + Username: gordontheturtle Registry: https://index.docker.io/v1/ Insecure registries: myinsecurehost:5000 From afe0b2988cc09b0c724ce7a243e1c9de8624b38f Mon Sep 17 00:00:00 2001 From: erxian Date: Fri, 18 Nov 2016 14:28:21 +0800 Subject: [PATCH 2096/2538] update secret command Signed-off-by: erxian --- docs/reference/commandline/secret_create.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md index 6a124d5383..952ad26b2c 100644 --- a/docs/reference/commandline/secret_create.md +++ b/docs/reference/commandline/secret_create.md @@ -16,7 +16,7 @@ keywords: ["secret, create"] # secret create ```Markdown -Usage: docker secret create [NAME] +Usage: docker secret create [OPTIONS] SECRET Create a secret using stdin as content Options: @@ -76,5 +76,3 @@ $ docker secret inspect secret.json * [secret inspect](secret_inspect.md) * [secret ls](secret_ls.md) * [secret rm](secret_rm.md) - - From 22478663c27ecff66efc957b7d13457f4eaa9fb6 Mon Sep 17 00:00:00 2001 From: John Howard Date: Wed, 23 Nov 2016 14:01:57 -0800 Subject: [PATCH 2097/2538] Fixes typo 'bin-mounts' Signed-off-by: John Howard --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index d744c23a4d..ece12a6462 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -264,7 +264,7 @@ Docker daemon. For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/) -### Add bin-mounts or volumes using the --mount flag +### Add bind-mounts or volumes using the --mount flag The `--mount` flag allows you to mount volumes, host-directories and `tmpfs` mounts in a container. From 1f2128a8c5be0254f4297de5b18ffe32beda9ec8 Mon Sep 17 00:00:00 2001 From: dattatrayakumbhar04 Date: Fri, 18 Nov 2016 20:46:10 +0000 Subject: [PATCH 2098/2538] 28600: Docs: network connect for container in Created/Stopped state Signed-off-by: dattatrayakumbhar04 --- docs/reference/commandline/network_connect.md | 5 +---- man/docker-network-connect.1.md | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index 9748d249c8..52459a5d5f 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -61,11 +61,8 @@ being connected to. ```bash $ docker network connect --alias db --alias mysql multi-host-network container2 ``` - You can pause, restart, and stop containers that are connected to a network. -Paused containers remain connected and can be revealed by a `network inspect`. -When the container is stopped, it does not appear on the network until you restart -it. +A container connects to its configured networks when it runs. If specified, the container's IP address(es) is reapplied when a stopped container is restarted. If the IP address is no longer available, the container diff --git a/man/docker-network-connect.1.md b/man/docker-network-connect.1.md index d6ee159391..9cc012ea4f 100644 --- a/man/docker-network-connect.1.md +++ b/man/docker-network-connect.1.md @@ -24,11 +24,8 @@ You can also use the `docker run --net=` option to start a contain ```bash $ docker run -itd --net=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox ``` - You can pause, restart, and stop containers that are connected to a network. -Paused containers remain connected and can be revealed by a `network inspect`. -When the container is stopped, it does not appear on the network until you restart -it. +A container connects to its configured networks when it runs. If specified, the container's IP address(es) is reapplied when a stopped container is restarted. If the IP address is no longer available, the container From eff40eda3841a7be9d3f14ba5ffd93df3e50d967 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Fri, 25 Nov 2016 04:07:06 +0800 Subject: [PATCH 2099/2538] Add options for docker plugin enable and fix some typos Signed-off-by: yuexiao-wang --- docs/reference/commandline/cli.md | 5 ++--- docs/reference/commandline/dockerd.md | 1 - docs/reference/commandline/plugin_enable.md | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 19e37f1d97..4128baf6a9 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -26,7 +26,6 @@ Usage: docker [OPTIONS] COMMAND [ARG...] A self-sufficient runtime for containers. Options: - --config string Location of client config files (default "/root/.docker") -D, --debug Enable debug mode --help Print usage @@ -72,8 +71,8 @@ by the `docker` command line: to the same URL as the registry. * `DOCKER_TMPDIR` Location for temporary Docker files. -Because Docker is developed using 'Go', you can also use any environment -variables used by the 'Go' runtime. In particular, you may find these useful: +Because Docker is developed using Go, you can also use any environment +variables used by the Go runtime. In particular, you may find these useful: * `HTTP_PROXY` * `HTTPS_PROXY` diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 0c7a2f0019..b8bc8b712c 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -22,7 +22,6 @@ Usage: dockerd [OPTIONS] A self-sufficient runtime for containers. Options: - --add-runtime value Register an additional OCI compatible runtime (default []) --api-cors-header string Set CORS headers in the Engine API --authorization-plugin value Authorization plugins to load (default []) diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index 6b9ed76407..a1f94df051 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -16,7 +16,7 @@ keywords: "plugin, enable" # plugin enable ```markdown -Usage: docker plugin enable PLUGIN +Usage: docker plugin enable [OPTIONS] PLUGIN Enable a plugin From 405fe721cc301fc5cd6e17a5957ea8c1850bbbcf Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 23 Nov 2016 23:39:14 -0800 Subject: [PATCH 2100/2538] Update docs of `docker network ls --filter` Currently the help output of `docker network ls --filter` is: ``` Options: -f, --filter value Provide filter values (i.e. 'dangling=true') (default []) ... ``` This caused confusion as only the following filters are supported at the moment: - `driver` - `type` - `name` - `id` - `label` This fix update the help output of `docker network ls --filter` and `network_ls.md`. The `dangling=true` description has been replace to: ``` Options: -f, --filter filter Provide filter values (i.e. 'driver=bridge') ... ``` This fix fixes 28786. Signed-off-by: Yong Tang --- docs/reference/commandline/network_ls.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index ce5fb1d618..42bde111c4 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -24,11 +24,11 @@ Aliases: ls, list Options: - -f, --filter value Provide filter values (i.e. 'dangling=true') (default []) - --format string Pretty-print networks using a Go template - --help Print usage - --no-trunc Do not truncate the output - -q, --quiet Only display network IDs + -f, --filter filter Provide filter values (e.g. 'driver=bridge') + --format string Pretty-print networks using a Go template + --help Print usage + --no-trunc Do not truncate the output + -q, --quiet Only display network IDs ``` Lists all the networks the Engine `daemon` knows about. This includes the From 4b3c9059a910c4a75f77c9b8d825e7d21f036179 Mon Sep 17 00:00:00 2001 From: Yanqiang Miao Date: Fri, 25 Nov 2016 10:03:28 +0800 Subject: [PATCH 2101/2538] Fix some syntax error Signed-off-by: Yanqiang Miao --- docs/reference/commandline/swarm_init.md | 4 ++-- docs/reference/commandline/swarm_join.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 3a98ee9dad..84d3f4ba48 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -76,7 +76,7 @@ This flag sets the validity period for node certificates. ### `--dispatcher-heartbeat` -This flags sets the frequency with which nodes are told to use as a +This flag sets the frequency with which nodes are told to use as a period to report their health. ### `--external-ca` @@ -103,7 +103,7 @@ name, the default port 2377 will be used. This flag specifies the address that will be advertised to other members of the swarm for API access and overlay networking. If unspecified, Docker will check -if the system has a single IP address, and use that IP address with with the +if the system has a single IP address, and use that IP address with the listening port (see `--listen-addr`). If the system has multiple IP addresses, `--advertise-addr` must be specified so that the correct address is chosen for inter-manager communication and overlay networking. diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 9b7be1c553..7753a48731 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -77,7 +77,7 @@ This flag is generally not necessary when joining an existing swarm. This flag specifies the address that will be advertised to other members of the swarm for API access. If unspecified, Docker will check if the system has a -single IP address, and use that IP address with with the listening port (see +single IP address, and use that IP address with the listening port (see `--listen-addr`). If the system has multiple IP addresses, `--advertise-addr` must be specified so that the correct address is chosen for inter-manager communication and overlay networking. From f31ed0b12510154dd7b1a2181dc125ff7ca5e421 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 23 Nov 2016 14:42:56 -0500 Subject: [PATCH 2102/2538] Allow hostname to be updated on service. Signed-off-by: Daniel Nephin --- docs/reference/commandline/service_update.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 21a727f719..d40443344d 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -45,6 +45,7 @@ Options: --help Print usage --host-add list Add or update a custom host-to-IP mapping (host:ip) (default []) --host-rm list Remove a custom host-to-IP mapping (host:ip) (default []) + --hostname string Container hostname --image string Service image tag --label-add list Add or update a service label (default []) --label-rm list Remove a label by its key (default []) From 12858eb8d4f022bb64f15f87b18ed0339401ab66 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 25 Nov 2016 12:42:30 +0100 Subject: [PATCH 2103/2538] Add bash completion for `docker service update --hostname` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1d8345595d..12c053e8ac 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2621,6 +2621,7 @@ _docker_service_update() { --health-interval --health-retries --health-timeout + --hostname --label -l --limit-cpu --limit-memory @@ -2664,7 +2665,6 @@ _docker_service_update() { --dns-search --env-file --group - --hostname --mode --name --port From c41fa83e4de2b1ca457763742816f66609aefd67 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 24 Nov 2016 16:11:38 -0500 Subject: [PATCH 2104/2538] Add a short flag for docker stack deploy Signed-off-by: Daniel Nephin --- docs/reference/commandline/stack_deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index eb7f005e95..54af3e4a59 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -25,7 +25,7 @@ Aliases: Options: --bundle-file string Path to a Distributed Application Bundle file - --compose-file string Path to a Compose file + -c, --compose-file string Path to a Compose file --help Print usage --with-registry-auth Send registry authentication details to Swarm agents ``` From 2d48b3f9ac87c08634158800d66714580fc9ca37 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sat, 26 Nov 2016 14:13:00 +0100 Subject: [PATCH 2105/2538] Add zsh completion for 'docker service update --hostname' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d361c325c9..a65b7d9ffe 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1753,6 +1753,7 @@ __docker_service_subcommand() { "($help)--health-interval=[Time between running the check]:time: " "($help)--health-retries=[Consecutive failures needed to report unhealthy]:retries:(1 2 3 4 5)" "($help)--health-timeout=[Maximum time to allow one check to run]:time: " + "($help)--hostname=[Service container hostname]:hostname: " \ "($help)*--label=[Service labels]:label: " "($help)--limit-cpu=[Limit CPUs]:value: " "($help)--limit-memory=[Limit Memory]:value: " @@ -1792,7 +1793,6 @@ __docker_service_subcommand() { "($help)*--dns-option=[Set DNS options]:DNS option: " \ "($help)*--dns-search=[Set custom DNS search domains]:DNS search: " \ "($help)*--env-file=[Read environment variables from a file]:environment file:_files" \ - "($help)--hostname=[Service containers hostname]:hostname: " \ "($help)--mode=[Service Mode]:mode:(global replicated)" \ "($help)--name=[Service name]:name: " \ "($help)*--port=[Publish a port]:port: " \ From 4b2c41c1b883afbcc15bf1b9fe6ea7858dee8b98 Mon Sep 17 00:00:00 2001 From: yupeng Date: Sat, 26 Nov 2016 17:11:19 +0800 Subject: [PATCH 2106/2538] fix the mistake of present Signed-off-by: yupeng --- man/docker-run.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 061f509c27..721b5ea751 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -989,7 +989,7 @@ You would have to write policy defining a `svirt_apache_t` type. If you want to set `/dev/sda` device weight to `200`, you can specify the device weight by `--blkio-weight-device` flag. Use the following command: - # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu + # docker run -it --blkio-weight-device "/dev/sda:200" ubuntu ## Specify isolation technology for container (--isolation) From 8628703ce6a08b3621f5a21d17a6432622d61af6 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 23 Nov 2016 14:30:57 -0800 Subject: [PATCH 2107/2538] support src in --secret Signed-off-by: Victor Vieux --- docs/reference/commandline/service_create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index f514efe7f5..23177f9f14 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -137,7 +137,7 @@ Create a service specifying the secret, target, user/group ID and mode: ```bash $ docker service create --name redis \ --secret source=ssh-key,target=ssh \ - --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 \ + --secret src=app-key,target=app,uid=1000,gid=1001,mode=0400 \ redis:3.0.6 4cdgfyky7ozwh3htjfw0d12qv ``` From be6e3311f20aa77648c325c514adac8034326378 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Fri, 25 Nov 2016 15:23:48 +0800 Subject: [PATCH 2108/2538] modify invalid url in plugins_network.md Signed-off-by: lixiaobing10051267 --- docs/extend/plugins_network.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugins_network.md b/docs/extend/plugins_network.md index e551fc9d66..a974862fa6 100644 --- a/docs/extend/plugins_network.md +++ b/docs/extend/plugins_network.md @@ -61,7 +61,7 @@ referring to that network will be sent to the plugin, ## Write a network plugin Network plugins implement the [Docker plugin -API](https://docs.docker.com/extend/plugin_api/) and the network plugin protocol +API](plugin_api.md) and the network plugin protocol ## Network plugin protocol From 78bada43a2c523213a8550853229f0ae396cafd9 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 27 Nov 2016 05:08:35 -0800 Subject: [PATCH 2109/2538] Add bash completion for `docker service {create,update}` host options Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 12c053e8ac..a3acea51c3 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2665,6 +2665,7 @@ _docker_service_update() { --dns-search --env-file --group + --host --mode --name --port @@ -2675,6 +2676,14 @@ _docker_service_update() { _filedir return ;; + --host) + case "$cur" in + *:) + __docker_complete_resolved_hostname + return + ;; + esac + ;; --mode) COMPREPLY=( $( compgen -W "global replicated" -- "$cur" ) ) return @@ -2698,6 +2707,8 @@ _docker_service_update() { --dns-search-rm --group-add --group-rm + --host-add + --host-rm --image --port-add --port-rm @@ -2712,6 +2723,14 @@ _docker_service_update() { COMPREPLY=( $(compgen -g -- "$cur") ) return ;; + --host-add|--host-rm) + case "$cur" in + *:) + __docker_complete_resolved_hostname + return + ;; + esac + ;; --image) __docker_complete_image_repos_and_tags return From 43a8f3b02881639d5cefa234ad1464cf15b67c96 Mon Sep 17 00:00:00 2001 From: Yanqiang Miao Date: Sat, 26 Nov 2016 22:56:29 +0800 Subject: [PATCH 2110/2538] Fix a description of 'docker run [-a]' Signed-off-by: Yanqiang Miao --- docs/reference/run.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 6ddab7550d..64725e8f26 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -123,8 +123,8 @@ and pass along signals. All of that is configurable: --sig-proxy=true: Proxy all received signals to the process (non-TTY mode only) -i : Keep STDIN open even if not attached -If you do not specify `-a` then Docker will [attach all standard -streams]( https://github.com/docker/docker/blob/75a7f4d90cde0295bcfb7213004abce8d4779b75/commands.go#L1797). +If you do not specify `-a` then Docker will [attach to both stdout and stderr +]( https://github.com/docker/docker/blob/4118e0c9eebda2412a09ae66e90c34b85fae3275/runconfig/opts/parse.go#L267). You can specify to which of the three standard streams (`STDIN`, `STDOUT`, `STDERR`) you'd like to connect instead, as in: From 2e2b706917b675ed454d8ab75e6b8036de1e93ed Mon Sep 17 00:00:00 2001 From: Kei Ohmura Date: Mon, 28 Nov 2016 13:24:02 +0900 Subject: [PATCH 2111/2538] fix description of 'docker swarm init' Signed-off-by: Kei Ohmura --- docs/reference/commandline/swarm_init.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 84d3f4ba48..b10e3afed8 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -21,7 +21,7 @@ Usage: docker swarm init [OPTIONS] Initialize a swarm Options: - --advertise-addr value Advertised address (format: [:port]) + --advertise-addr string Advertised address (format: [:port]) --autolock Enable manager autolocking (requiring an unlock key to start a stopped manager) --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) From bd6d56c796718d2a9bd45b4d1fb43ba78bd025cb Mon Sep 17 00:00:00 2001 From: Kei Ohmura Date: Mon, 28 Nov 2016 18:40:11 +0900 Subject: [PATCH 2112/2538] fix more according to the actual output of 'docker swarm init --help' Signed-off-by: Kei Ohmura --- docs/reference/commandline/swarm_init.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index b10e3afed8..44afc27476 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -25,12 +25,12 @@ Options: --autolock Enable manager autolocking (requiring an unlock key to start a stopped manager) --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) - --external-ca value Specifications of one or more certificate signing endpoints + --external-ca external-ca Specifications of one or more certificate signing endpoints --force-new-cluster Force create a new cluster from current state --help Print usage - --listen-addr value Listen address (format: [:port]) - --max-snapshots int Number of additional Raft snapshots to retain - --snapshot-interval int Number of log entries between Raft snapshots + --listen-addr node-addr Listen address (format: [:port]) (default 0.0.0.0:2377) + --max-snapshots uint Number of additional Raft snapshots to retain + --snapshot-interval uint Number of log entries between Raft snapshots (default 10000) --task-history-limit int Task history retention limit (default 5) ``` From 7e37dd4329b0f4c0524df7b113cc042def089e77 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 27 Nov 2016 04:38:49 -0800 Subject: [PATCH 2113/2538] Add aliases and options to `docker stack ls` docs Signed-off-by: Harald Albers --- docs/reference/commandline/stack_ls.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md index a9a0ab070a..4cf6d68d67 100644 --- a/docs/reference/commandline/stack_ls.md +++ b/docs/reference/commandline/stack_ls.md @@ -19,6 +19,12 @@ keywords: "stack, ls" Usage: docker stack ls List stacks + +Aliases: + ls, list + +Options: + --help Print usage ``` Lists the stacks. From 30f5338c8e28926b010f910f2de7c786873f6c95 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Mon, 28 Nov 2016 15:25:52 +0100 Subject: [PATCH 2114/2538] Remove docker stack config commandline reference doc `docker stack config` command does not exists anymore, removing it from the command reference documentation. Signed-off-by: Vincent Demeester --- docs/reference/commandline/stack_config.md | 37 ---------------------- 1 file changed, 37 deletions(-) delete mode 100644 docs/reference/commandline/stack_config.md diff --git a/docs/reference/commandline/stack_config.md b/docs/reference/commandline/stack_config.md deleted file mode 100644 index d8d8bf2f74..0000000000 --- a/docs/reference/commandline/stack_config.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: "stack config" -description: "The stack config command description and usage" -keywords: "stack, config" -advisory: "experimental" ---- - - - -# stack config (experimental) - -```markdown -Usage: docker stack config [OPTIONS] STACK - -Print the stack configuration - -Options: - --file string Path to a Distributed Application Bundle file (Default: STACK.dab) - --help Print usage -``` - -Displays the configuration of a stack. - -## Related information - -* [stack deploy](stack_deploy.md) -* [stack rm](stack_rm.md) -* [stack services](stack_services.md) -* [stack ps](stack_ps.md) -* [stack ls](stack_ls.md) From f93df409b4b773a4a67aed0057e6dd52586d4c09 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Fri, 25 Nov 2016 19:46:24 +0800 Subject: [PATCH 2115/2538] Modify reponame to PLUGIN and fix some typos Signed-off-by: yuexiao-wang --- docs/reference/commandline/plugin_create.md | 2 +- docs/reference/commandline/plugin_push.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/plugin_create.md b/docs/reference/commandline/plugin_create.md index f35d73c605..83111ea723 100644 --- a/docs/reference/commandline/plugin_create.md +++ b/docs/reference/commandline/plugin_create.md @@ -16,7 +16,7 @@ keywords: "plugin, create" # plugin create ```markdown -Usage: docker plugin create [OPTIONS] reponame[:tag] PATH-TO-ROOTFS +Usage: docker plugin create [OPTIONS] PLUGIN[:tag] PATH-TO-ROOTFS(rootfs + config.json) Create a plugin from a rootfs and configuration diff --git a/docs/reference/commandline/plugin_push.md b/docs/reference/commandline/plugin_push.md index 54022dcee1..07f2a66a37 100644 --- a/docs/reference/commandline/plugin_push.md +++ b/docs/reference/commandline/plugin_push.md @@ -14,7 +14,7 @@ keywords: "plugin, push" --> ```markdown -Usage: docker plugin push NAME[:TAG] +Usage: docker plugin push PLUGIN[:TAG] Push a plugin to a registry From 174194cbe3362a2cb3eed473108794e6231ad287 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 19 Nov 2016 07:35:52 -0800 Subject: [PATCH 2116/2538] Add bash completion for plugin API Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 204 +++++++++++++++++++++++++++++++-- 1 file changed, 192 insertions(+), 12 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a3acea51c3..5f1a398aa7 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -237,11 +237,13 @@ __docker_complete_volumes() { COMPREPLY=( $(compgen -W "$(__docker_volumes "$@")" -- "$current") ) } -# __docker_plugins returns a list of all plugins of a given type. +# __docker_plugins_bundled returns a list of all plugins of a given type. # The type has to be specified with the mandatory option `--type`. # Valid types are: Network, Volume, Authorization. # Completions may be added or removed with `--add` and `--remove` -__docker_plugins() { +# This function only deals with plugins that come bundled with Docker. +# For plugins managed by `docker plugin`, see `__docker_plugins_installed`. +__docker_plugins_bundled() { local type add=() remove=() while true ; do case "$1" in @@ -270,16 +272,39 @@ __docker_plugins() { echo "${plugins[@]} ${add[@]}" } -# __docker_complete_plugins applies completion of plugins based on the current +# __docker_complete_plugins_bundled applies completion of plugins based on the current # value of `$cur` or the value of the optional first option `--cur`, if given. # The plugin type has to be specified with the next option `--type`. -__docker_complete_plugins() { +# This function only deals with plugins that come bundled with Docker. +# For completion of plugins managed by `docker plugin`, see +# `__docker_complete_plugins_installed`. +__docker_complete_plugins_bundled() { local current="$cur" if [ "$1" = "--cur" ] ; then current="$2" shift 2 fi - COMPREPLY=( $(compgen -W "$(__docker_plugins "$@")" -- "$current") ) + COMPREPLY=( $(compgen -W "$(__docker_plugins_bundled "$@")" -- "$current") ) +} + +# __docker_plugins_installed returns a list of all plugins that were installed with +# the Docker plugin API. +# For built-in pugins, see `__docker_plugins_bundled`. +__docker_plugins_installed() { + __docker_q plugin ls | awk 'NR>1 {print $1}' +} + +# __docker_complete_plugins_installed applies completion of plugins that were installed +# with the Docker plugin API, based on the current value of `$cur` or the value of +# the optional first option `--cur`, if given. +# For completion of built-in pugins, see `__docker_complete_plugins_bundled`. +__docker_complete_plugins_installed() { + local current="$cur" + if [ "$1" = "--cur" ] ; then + current="$2" + shift 2 + fi + COMPREPLY=( $(compgen -W "$(__docker_plugins_installed "$@")" -- "$current") ) } __docker_runtimes() { @@ -1439,7 +1464,7 @@ _docker_container_run() { __docker_complete_containers_all --cur "${cur#*:}" ;; *) - COMPREPLY=( $( compgen -W "$(__docker_plugins --type Network) $(__docker_networks) container:" -- "$cur") ) + COMPREPLY=( $( compgen -W "$(__docker_plugins_bundled --type Network) $(__docker_networks) container:" -- "$cur") ) if [ "${COMPREPLY[*]}" = "container:" ] ; then __docker_nospace fi @@ -1486,7 +1511,7 @@ _docker_container_run() { return ;; --volume-driver) - __docker_complete_plugins --type Volume + __docker_complete_plugins_bundled --type Volume return ;; --volumes-from) @@ -1742,7 +1767,7 @@ _docker_daemon() { case "$prev" in --authorization-plugin) - __docker_complete_plugins --type Authorization + __docker_complete_plugins_bundled --type Authorization return ;; --cluster-store) @@ -2348,7 +2373,7 @@ _docker_network_create() { ;; --driver|-d) # remove drivers that allow one instance only, add drivers missing in `docker info` - __docker_complete_plugins --type Network --remove host --remove null --add macvlan + __docker_complete_plugins_bundled --type Network --remove host --remove null --add macvlan return ;; --label) @@ -2399,7 +2424,7 @@ _docker_network_ls() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in driver) - __docker_complete_plugins --cur "${cur##*=}" --type Network --add macvlan + __docker_complete_plugins_bundled --cur "${cur##*=}" --type Network --add macvlan return ;; id) @@ -3068,6 +3093,160 @@ _docker_pause() { _docker_container_pause } +_docker_plugin() { + local subcommands=" + create + disable + enable + inspect + install + ls + push + rm + set + " + local aliases=" + list + remove + " + __docker_subcommands "$subcommands $aliases" && return + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) + ;; + esac +} + +_docker_plugin_create() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--compress --help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + # reponame + return + elif [ $cword -eq $((counter + 1)) ]; then + _filedir -d + fi + ;; + esac +} + +_docker_plugin_disable() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + __docker_complete_plugins_installed + ;; + esac +} + +_docker_plugin_enable() { + case "$prev" in + --timeout) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --timeout" -- "$cur" ) ) + ;; + *) + __docker_complete_plugins_installed + ;; + esac +} + +_docker_plugin_inspect() { + case "$prev" in + --format|f) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) + ;; + *) + __docker_complete_plugins_installed + ;; + esac +} + +_docker_plugin_install() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--disable --grant-all-permissions--help" -- "$cur" ) ) + ;; + esac +} + +_docker_plugin_list() { + _docker_plugin_ls +} + +_docker_plugin_ls() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --no-trunc" -- "$cur" ) ) + ;; + esac +} + +_docker_plugin_push() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_complete_plugins_installed + fi + ;; + esac +} + +_docker_plugin_remove() { + _docker_plugin_rm +} + +_docker_plugin_rm() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) + ;; + *) + __docker_complete_plugins_installed + ;; + esac +} + +_docker_plugin_set() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_complete_plugins_installed + fi + ;; + esac +} + + _docker_port() { _docker_container_port } @@ -3319,7 +3498,7 @@ _docker_version() { _docker_volume_create() { case "$prev" in --driver|-d) - __docker_complete_plugins --type Volume + __docker_complete_plugins_bundled --type Volume return ;; --label|--opt|-o) @@ -3359,7 +3538,7 @@ _docker_volume_ls() { return ;; driver) - __docker_complete_plugins --cur "${cur##*=}" --type Volume + __docker_complete_plugins_bundled --cur "${cur##*=}" --type Volume return ;; name) @@ -3459,6 +3638,7 @@ _docker() { network node pause + plugin port ps pull From d5b3df0c2f640a3ca98dc61fb129719cce96bb4e Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Mon, 28 Nov 2016 09:45:00 -0800 Subject: [PATCH 2117/2538] Fix some redirect loops and problems Signed-off-by: Misty Stanley-Jones --- docs/extend/config.md | 3 --- docs/extend/index.md | 2 -- docs/extend/legacy_plugins.md | 3 ++- docs/extend/menu.md | 18 ------------------ docs/extend/plugins_authorization.md | 3 ++- 5 files changed, 4 insertions(+), 25 deletions(-) delete mode 100644 docs/extend/menu.md diff --git a/docs/extend/config.md b/docs/extend/config.md index 53f52f7b66..4aa4173e1a 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -1,7 +1,4 @@ --- -aliases: [ -"/engine/extend/" -] title: "Plugin config" description: "How develop and use a plugin with the managed plugin system" keywords: "API, Usage, plugins, documentation, developer" diff --git a/docs/extend/index.md b/docs/extend/index.md index 66a0f07f3b..e00081bffa 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -1,6 +1,4 @@ --- -aliases: -- /engine/extend/ description: Develop and use a plugin with the managed plugin system keywords: "API, Usage, plugins, documentation, developer" title: Managed plugin system diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index d8dd4d2e48..6ac914e366 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -1,5 +1,6 @@ --- -aliases: "/engine/extend/plugins/" +redirect_from: +- "/engine/extend/plugins/" title: "Use Docker Engine plugins" description: "How to add additional functionality to Docker with plugins extensions" keywords: "Examples, Usage, plugins, docker, documentation, user guide" diff --git a/docs/extend/menu.md b/docs/extend/menu.md deleted file mode 100644 index 756f371b70..0000000000 --- a/docs/extend/menu.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -title: "Implement plugins" -description: "Develop plugins and use existing plugins for Docker Engine" -keywords: ["extend, plugins, docker, documentation, developer"] -type: "menu" -identifier: "engine_extend" ---- - - - - diff --git a/docs/extend/plugins_authorization.md b/docs/extend/plugins_authorization.md index 2f2328bb0f..ac1837f754 100644 --- a/docs/extend/plugins_authorization.md +++ b/docs/extend/plugins_authorization.md @@ -2,7 +2,8 @@ title: "Access authorization plugin" description: "How to create authorization plugins to manage access control to your Docker daemon." keywords: "security, authorization, authentication, docker, documentation, plugin, extend" -aliases: ["/engine/extend/authorization/"] +redirect_from: +- "/engine/extend/authorization/" --- -# Plugin Config Version 0 of Plugin V2 +# Plugin Config Version 1 of Plugin V2 This document outlines the format of the V0 plugin configuration. The plugin config described herein was introduced in the Docker daemon in the [v1.12.0 @@ -25,7 +25,7 @@ configs can be serialized to JSON format with the following media types: Config Type | Media Type ------------- | ------------- -config | "application/vnd.docker.plugin.v0+json" +config | "application/vnd.docker.plugin.v1+json" ## *Config* Field Descriptions From 378a9d816be427d6d5521d45d3eeaceb9dea952f Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Fri, 9 Dec 2016 23:15:26 +0800 Subject: [PATCH 2157/2538] Update the option 'network' for docker build Signed-off-by: yuexiao-wang --- docs/reference/commandline/build.md | 5 ++--- man/docker-build.1.md | 6 ++++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index e96ebe5e10..42c3ecf65f 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -38,8 +38,7 @@ Options: --label value Set metadata for an image (default []) -m, --memory string Memory limit --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap - --network string Set the networking mode for the run commands - during build. + --network string Set the networking mode for the RUN instructions during build 'bridge': use default Docker bridge 'none': no networking 'container:': reuse another container's network stack @@ -54,7 +53,7 @@ Options: The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. - --squash Squash newly built layers into a single new layer (**Experimental Only**) + --squash Squash newly built layers into a single new layer (**Experimental Only**) -t, --tag value Name and optionally a tag in the 'name:tag' format (default []) --ulimit value Ulimit options (default []) ``` diff --git a/man/docker-build.1.md b/man/docker-build.1.md index aef3414879..e41e378cb2 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-build - Build a new image from the source code at PATH +docker-build - Build an image from a Dockerfile # SYNOPSIS **docker build** @@ -130,7 +130,9 @@ set as the **URL**, the repository is cloned locally and then sent as the contex unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--network**=*NETWORK* - + Set the networking mode for the RUN instructions during build. Supported standard + values are: `bridge`, `host`, `none` and `container:`. Any other value + is taken as a custom network's name or ID which this container should connect to. **--shm-size**=*SHM-SIZE* Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. From 96d5009f10860bb8d58b1cf80d239f2288c0784e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 15 Nov 2016 15:41:52 +0100 Subject: [PATCH 2158/2538] deprecate "top-level" network information in NetworkSettings When inspecting a container, `NetworkSettings` contains top-level information about the default ("bridge") network; `EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`, `IPAddress`, `IPPrefixLen`, `IPv6Gateway`, and `MacAddress`. These properties are deprecated in favor of per-network properties in `NetworkSettings.Networks`. These properties were already "deprecated" in docker 1.9, but kept around for backward compatibility. Refer to [#17538](https://github.com/docker/docker/pull/17538) for further information. This officially deprecates these properties, and marks them for removal in 1.16 Signed-off-by: Sebastiaan van Stijn --- docs/deprecated.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index b8e6af1116..1298370ba9 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -20,6 +20,26 @@ The following list of features are deprecated in Engine. To learn more about Docker Engine's deprecation policy, see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-deprecation-policy). + +### Top-level network properties in NetworkSettings + +**Deprecated In Release: v1.13.0** + +**Target For Removal In Release: v1.16** + +When inspecting a container, `NetworkSettings` contains top-level information +about the default ("bridge") network; + +`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`, `IPAddress`, +`IPPrefixLen`, `IPv6Gateway`, and `MacAddress`. + +These properties are deprecated in favor of per-network properties in +`NetworkSettings.Networks`. These properties were already "deprecated" in +docker 1.9, but kept around for backward compatibility. + +Refer to [#17538](https://github.com/docker/docker/pull/17538) for further +information. + ## `filter` param for `/images/json` endpoint **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** From d408f74d075fd16dc3d9b756975863174f9c7944 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Tue, 13 Dec 2016 18:06:18 +0800 Subject: [PATCH 2159/2538] stack_config.md not exist and delete it Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/stack_deploy.md | 1 - docs/reference/commandline/stack_ls.md | 3 +-- docs/reference/commandline/stack_ps.md | 3 +-- docs/reference/commandline/stack_rm.md | 5 ++--- docs/reference/commandline/stack_services.md | 5 ++--- 5 files changed, 6 insertions(+), 11 deletions(-) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 54af3e4a59..28b7604105 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -92,7 +92,6 @@ axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/ ## Related information -* [stack config](stack_config.md) * [stack ls](stack_ls.md) * [stack ps](stack_ps.md) * [stack rm](stack_rm.md) diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md index 4cf6d68d67..05c7215492 100644 --- a/docs/reference/commandline/stack_ls.md +++ b/docs/reference/commandline/stack_ls.md @@ -41,8 +41,7 @@ myapp 2 ## Related information -* [stack config](stack_config.md) * [stack deploy](stack_deploy.md) -* [stack rm](stack_rm.md) * [stack ps](stack_ps.md) +* [stack rm](stack_rm.md) * [stack services](stack_services.md) diff --git a/docs/reference/commandline/stack_ps.md b/docs/reference/commandline/stack_ps.md index 951c694e4e..75223e07d9 100644 --- a/docs/reference/commandline/stack_ps.md +++ b/docs/reference/commandline/stack_ps.md @@ -45,8 +45,7 @@ The currently supported filters are: ## Related information -* [stack config](stack_config.md) * [stack deploy](stack_deploy.md) +* [stack rm](stack_ls.md) * [stack rm](stack_rm.md) * [stack services](stack_services.md) -* [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md index a74b3ac817..fd639978ec 100644 --- a/docs/reference/commandline/stack_rm.md +++ b/docs/reference/commandline/stack_rm.md @@ -32,8 +32,7 @@ a manager node. ## Related information -* [stack config](stack_config.md) * [stack deploy](stack_deploy.md) -* [stack services](stack_services.md) -* [stack ps](stack_ps.md) * [stack ls](stack_ls.md) +* [stack ps](stack_ps.md) +* [stack services](stack_services.md) diff --git a/docs/reference/commandline/stack_services.md b/docs/reference/commandline/stack_services.md index 0d809fb370..62779b4aa1 100644 --- a/docs/reference/commandline/stack_services.md +++ b/docs/reference/commandline/stack_services.md @@ -64,8 +64,7 @@ The currently supported filters are: ## Related information -* [stack config](stack_config.md) * [stack deploy](stack_deploy.md) -* [stack rm](stack_rm.md) -* [stack ps](stack_ps.md) * [stack ls](stack_ls.md) +* [stack ps](stack_ps.md) +* [stack rm](stack_rm.md) From 4df2866d4e513adc56464f1129fdc34aef3346a4 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 14 Dec 2016 03:58:02 +0800 Subject: [PATCH 2160/2538] Fix the incorrect option name Signed-off-by: yuexiao-wang --- man/docker-build.1.md | 2 +- man/docker-create.1.md | 8 ++++---- man/docker-network-connect.1.md | 4 ++-- man/docker-network-create.1.md | 4 ++-- man/docker-run.1.md | 6 +++--- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/man/docker-build.1.md b/man/docker-build.1.md index e41e378cb2..4beee88e4a 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -129,7 +129,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. -**--network**=*NETWORK* +**--network**=*bridge* Set the networking mode for the RUN instructions during build. Supported standard values are: `bridge`, `host`, `none` and `container:`. Any other value is taken as a custom network's name or ID which this container should connect to. diff --git a/man/docker-create.1.md b/man/docker-create.1.md index a819904efa..3f8a076374 100644 --- a/man/docker-create.1.md +++ b/man/docker-create.1.md @@ -222,12 +222,12 @@ two memory nodes. **--ip**="" Sets the container's interface IPv4 address (e.g. 172.23.0.9) - It can only be used in conjunction with **--net** for user-defined networks + It can only be used in conjunction with **--network** for user-defined networks **--ip6**="" Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) - It can only be used in conjunction with **--net** for user-defined networks + It can only be used in conjunction with **--network** for user-defined networks **--ipc**="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container @@ -305,7 +305,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--name**="" Assign a name to the container -**--net**="*bridge*" +**--network**="*bridge*" Set the Network mode for the container 'bridge': create a network stack on the default Docker bridge 'none': no networking @@ -404,7 +404,7 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. Network Namespace - current sysctls allowed: Sysctls beginning with net.* - Note: if you use --net=host using these sysctls will not be allowed. + Note: if you use --network=host using these sysctls will not be allowed. **-t**, **--tty**=*true*|*false* Allocate a pseudo-TTY. The default is *false*. diff --git a/man/docker-network-connect.1.md b/man/docker-network-connect.1.md index 9cc012ea4f..096ec77a4d 100644 --- a/man/docker-network-connect.1.md +++ b/man/docker-network-connect.1.md @@ -19,10 +19,10 @@ the same network. $ docker network connect multi-host-network container1 ``` -You can also use the `docker run --net=` option to start a container and immediately connect it to a network. +You can also use the `docker run --network=` option to start a container and immediately connect it to a network. ```bash -$ docker run -itd --net=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox +$ docker run -itd --network=multi-host-network --ip 172.20.88.22 --ip6 2001:db8::8822 busybox ``` You can pause, restart, and stop containers that are connected to a network. A container connects to its configured networks when it runs. diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index 3000bb2135..bea6fb44e4 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -73,11 +73,11 @@ name conflicts. ## Connect containers -When you start a container use the `--net` flag to connect it to a network. +When you start a container use the `--network` flag to connect it to a network. This adds the `busybox` container to the `mynet` network. ```bash -$ docker run -itd --net=mynet busybox +$ docker run -itd --network=mynet busybox ``` If you want to add a container to a network after the container is already diff --git a/man/docker-run.1.md b/man/docker-run.1.md index eb5eb9dea0..be3df0be35 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -319,12 +319,12 @@ redirection on the host system. **--ip**="" Sets the container's interface IPv4 address (e.g. 172.23.0.9) - It can only be used in conjunction with **--net** for user-defined networks + It can only be used in conjunction with **--network** for user-defined networks **--ip6**="" Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) - It can only be used in conjunction with **--net** for user-defined networks + It can only be used in conjunction with **--network** for user-defined networks **--ipc**="" Default is to create a private IPC namespace (POSIX SysV IPC) for the container @@ -557,7 +557,7 @@ incompatible with any restart policy other than `none`. Network Namespace - current sysctls allowed: Sysctls beginning with net.* - If you use the `--net=host` option these sysctls will not be allowed. + If you use the `--network=host` option these sysctls will not be allowed. **--sig-proxy**=*true*|*false* Proxy received signals to the process (non-TTY mode only). SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is *true*. From baea245377af24dd271e21f6217f0c2b15633008 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 13 Dec 2016 13:30:58 +0100 Subject: [PATCH 2161/2538] Update reference docs for service ps commit bbd2018ee19eff5594ae3986bf56fbcd0044699d changed the output format of `docker service ps`. this patch updates the reference docs to match the updated output format. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/service_create.md | 6 +- docs/reference/commandline/service_ps.md | 88 ++++++++++++-------- 2 files changed, 59 insertions(+), 35 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 64d595ac7a..76f11c0a71 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -534,9 +534,11 @@ service's name and the node's ID where it sits. ```bash $ docker service create --name hosttempl --hostname={% raw %}"{{.Node.ID}}-{{.Service.Name}}"{% endraw %} busybox top va8ew30grofhjoychbr6iot8c + $ docker service ps va8ew30grofhjoychbr6iot8c -NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS -hosttempl.1.wo41w8hg8qan busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 2e7a8a9c4da2 Running Running about a minute ago +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +wo41w8hg8qan hosttempl.1 busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 2e7a8a9c4da2 Running Running about a minute ago + $ docker inspect --format={% raw %}"{{.Config.Hostname}}"{% endraw %} hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj x3ti0erg11rjpg64m75kej2mz-hosttempl ``` diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index b824f53dab..830504ac17 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -40,36 +40,57 @@ The following command shows all the tasks that are part of the `redis` service: ```bash $ docker service ps redis -NAME IMAGE NODE DESIRED STATE CURRENT STATE -redis.1.0qihejybwf1x5vqi8lgzlgnpq redis:3.0.6 manager1 Running Running 8 seconds -redis.2.bk658fpbex0d57cqcwoe3jthu redis:3.0.6 worker2 Running Running 9 seconds -redis.3.5ls5s5fldaqg37s9pwayjecrf redis:3.0.6 worker1 Running Running 9 seconds -redis.4.8ryt076polmclyihzx67zsssj redis:3.0.6 worker1 Running Running 9 seconds -redis.5.1x0v8yomsncd6sbvfn0ph6ogc redis:3.0.6 manager1 Running Running 8 seconds -redis.6.71v7je3el7rrw0osfywzs0lko redis:3.0.6 worker2 Running Running 9 seconds -redis.7.4l3zm9b7tfr7cedaik8roxq6r redis:3.0.6 worker2 Running Running 9 seconds -redis.8.9tfpyixiy2i74ad9uqmzp1q6o redis:3.0.6 worker1 Running Running 9 seconds -redis.9.3w1wu13yuplna8ri3fx47iwad redis:3.0.6 manager1 Running Running 8 seconds -redis.10.8eaxrb2fqpbnv9x30vr06i6vt redis:3.0.6 manager1 Running Running 8 seconds + +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +0qihejybwf1x redis.1 redis:3.0.5 manager1 Running Running 8 seconds +bk658fpbex0d redis.2 redis:3.0.5 worker2 Running Running 9 seconds +5ls5s5fldaqg redis.3 redis:3.0.5 worker1 Running Running 9 seconds +8ryt076polmc redis.4 redis:3.0.5 worker1 Running Running 9 seconds +1x0v8yomsncd redis.5 redis:3.0.5 manager1 Running Running 8 seconds +71v7je3el7rr redis.6 redis:3.0.5 worker2 Running Running 9 seconds +4l3zm9b7tfr7 redis.7 redis:3.0.5 worker2 Running Running 9 seconds +9tfpyixiy2i7 redis.8 redis:3.0.5 worker1 Running Running 9 seconds +3w1wu13yupln redis.9 redis:3.0.5 manager1 Running Running 8 seconds +8eaxrb2fqpbn redis.10 redis:3.0.5 manager1 Running Running 8 seconds ``` +In addition to _running_ tasks, the output also shows the task history. For +example, after updating the service to use the `redis:3.0.6` image, the output +may look like this: + +```bash +$ docker service ps redis + +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +50qe8lfnxaxk redis.1 redis:3.0.6 manager1 Running Running 6 seconds ago +ky2re9oz86r9 \_ redis.1 redis:3.0.5 manager1 Shutdown Shutdown 8 seconds ago +3s46te2nzl4i redis.2 redis:3.0.6 worker2 Running Running less than a second ago +nvjljf7rmor4 \_ redis.2 redis:3.0.6 worker2 Shutdown Rejected 23 seconds ago "No such image: redis@sha256:6…" +vtiuz2fpc0yb \_ redis.2 redis:3.0.5 worker2 Shutdown Shutdown 1 second ago +jnarweeha8x4 redis.3 redis:3.0.6 worker1 Running Running 3 seconds ago +vs448yca2nz4 \_ redis.3 redis:3.0.5 worker1 Shutdown Shutdown 4 seconds ago +jf1i992619ir redis.4 redis:3.0.6 worker1 Running Running 10 seconds ago +blkttv7zs8ee \_ redis.4 redis:3.0.5 worker1 Shutdown Shutdown 11 seconds ago +``` + +The number of items in the task history is determined by the +`--task-history-limit` option that was set when initializing the swarm. You can +change the task history retention limit using the +[`docker swarm update`](swarm_update.md) command. + When deploying a service, docker resolves the digest for the service's image, and pins the service to that digest. The digest is not shown by -default, but is printed if `--no-trunc` is used; +default, but is printed if `--no-trunc` is used. The `--no-trunc` option +also shows the non-truncated task ID, and error-messages, as can be seen below; ```bash $ docker service ps --no-trunc redis -NAME IMAGE NODE DESIRED STATE CURRENT STATE -redis.1.0qihejybwf1x5vqi8lgzlgnpq redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 28 seconds -redis.2.bk658fpbex0d57cqcwoe3jthu redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Running Running 29 seconds -redis.3.5ls5s5fldaqg37s9pwayjecrf redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker1 Running Running 29 seconds -redis.4.8ryt076polmclyihzx67zsssj redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker1 Running Running 29 seconds -redis.5.1x0v8yomsncd6sbvfn0ph6ogc redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 28 seconds -redis.6.71v7je3el7rrw0osfywzs0lko redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Running Running 29 seconds -redis.7.4l3zm9b7tfr7cedaik8roxq6r redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Running Running 29 seconds -redis.8.9tfpyixiy2i74ad9uqmzp1q6o redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker1 Running Running 29 seconds -redis.9.3w1wu13yuplna8ri3fx47iwad redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 28 seconds -redis.10.8eaxrb2fqpbnv9x30vr06i6vt redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 28 seconds + +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +50qe8lfnxaxksi9w2a704wkp7 redis.1 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 manager1 Running Running 5 minutes ago +ky2re9oz86r9556i2szb8a8af \_ redis.1 redis:3.0.5@sha256:f8829e00d95672c48c60f468329d6693c4bdd28d1f057e755f8ba8b40008682e worker2 Shutdown Shutdown 5 minutes ago +bk658fpbex0d57cqcwoe3jthu redis.2 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Running Running 5 seconds +nvjljf7rmor4htv7l8rwcx7i7 \_ redis.2 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Shutdown Rejected 5 minutes ago "No such image: redis@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842" ``` ## Filtering @@ -93,9 +114,10 @@ The `id` filter matches on all or a prefix of a task's ID. ```bash $ docker service ps -f "id=8" redis -NAME IMAGE NODE DESIRED STATE CURRENT STATE -redis.4.8ryt076polmclyihzx67zsssj redis:3.0.6 worker1 Running Running 9 seconds -redis.10.8eaxrb2fqpbnv9x30vr06i6vt redis:3.0.6 manager1 Running Running 8 seconds + +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +8ryt076polmc redis.4 redis:3.0.6 worker1 Running Running 9 seconds +8eaxrb2fqpbn redis.10 redis:3.0.6 manager1 Running Running 8 seconds ``` #### Name @@ -104,8 +126,8 @@ The `name` filter matches on task names. ```bash $ docker service ps -f "name=redis.1" redis -NAME IMAGE NODE DESIRED STATE CURRENT STATE -redis.1.0qihejybwf1x5vqi8lgzlgnpq redis:3.0.6 manager1 Running Running 8 seconds +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +qihejybwf1x5 redis.1 redis:3.0.6 manager1 Running Running 8 seconds ``` @@ -115,11 +137,11 @@ The `node` filter matches on a node name or a node ID. ```bash $ docker service ps -f "node=manager1" redis -NAME IMAGE NODE DESIRED STATE CURRENT STATE -redis.1.0qihejybwf1x5vqi8lgzlgnpq redis:3.0.6 manager1 Running Running 8 seconds -redis.5.1x0v8yomsncd6sbvfn0ph6ogc redis:3.0.6 manager1 Running Running 8 seconds -redis.9.3w1wu13yuplna8ri3fx47iwad redis:3.0.6 manager1 Running Running 8 seconds -redis.10.8eaxrb2fqpbnv9x30vr06i6vt redis:3.0.6 manager1 Running Running 8 seconds +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +0qihejybwf1x redis.1 redis:3.0.6 manager1 Running Running 8 seconds +1x0v8yomsncd redis.5 redis:3.0.6 manager1 Running Running 8 seconds +3w1wu13yupln redis.9 redis:3.0.6 manager1 Running Running 8 seconds +8eaxrb2fqpbn redis.10 redis:3.0.6 manager1 Running Running 8 seconds ``` From fe9be95dec2b542945692309f3e2faf53a0e4c24 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 14 Dec 2016 18:22:59 +0800 Subject: [PATCH 2162/2538] Update the manual for docker wait Signed-off-by: yuexiao-wang --- man/docker-wait.1.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/docker-wait.1.md b/man/docker-wait.1.md index 5f07bacc0e..678800966b 100644 --- a/man/docker-wait.1.md +++ b/man/docker-wait.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-wait - Block until a container stops, then print its exit code. +docker-wait - Block until one or more containers stop, then print their exit codes # SYNOPSIS **docker wait** @@ -11,7 +11,7 @@ CONTAINER [CONTAINER...] # DESCRIPTION -Block until a container stops, then print its exit code. +Block until one or more containers stop, then print their exit codes. # OPTIONS **--help** From b837f7456d4c29941c766defc4e8b2fade0806e6 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 8 Dec 2016 22:32:10 +0100 Subject: [PATCH 2163/2538] Remove --port and update --publish for services to support syntaxes Add support for simple and complex syntax to `--publish` through the use of `PortOpt`. Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 6 +++--- contrib/completion/zsh/_docker | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7f9a13f710..82d5ef1ead 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2756,7 +2756,7 @@ _docker_service_update() { --host --mode --name - --port + --publish --secret " @@ -2803,8 +2803,8 @@ _docker_service_update() { --host-add --host-rm --image - --port-add - --port-rm + --publish-add + --publish-rm --secret-add --secret-rm " diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 229a0edb7f..8d00b13e6d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1797,7 +1797,7 @@ __docker_service_subcommand() { "($help)*--env-file=[Read environment variables from a file]:environment file:_files" \ "($help)--mode=[Service Mode]:mode:(global replicated)" \ "($help)--name=[Service name]:name: " \ - "($help)*--port=[Publish a port]:port: " \ + "($help)*--publish=[Publish a port]:port: " \ "($help -): :__docker_complete_images" \ "($help -):command: _command_names -e" \ "($help -)*::arguments: _normal" && ret=0 @@ -1870,8 +1870,8 @@ __docker_service_subcommand() { "($help)*--group-add=[Add additional supplementary user groups to the container]:group:_groups" \ "($help)*--group-rm=[Remove previously added supplementary user groups from the container]:group:_groups" \ "($help)--image=[Service image tag]:image:__docker_complete_repositories" \ - "($help)*--port-add=[Add or update a port]:port: " \ - "($help)*--port-rm=[Remove a port(target-port mandatory)]:port: " \ + "($help)*--publish-add=[Add or update a port]:port: " \ + "($help)*--publish-rm=[Remove a port(target-port mandatory)]:port: " \ "($help)--rollback[Rollback to previous specification]" \ "($help -)1:service:__docker_complete_services" && ret=0 ;; From ea5be8f75f46c3a0c1951662f369f70c902e642d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 14 Dec 2016 08:52:07 -0800 Subject: [PATCH 2164/2538] Make bash completion for `docker stack deploy --bundle-file` experimental Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 82d5ef1ead..e04bb231ee 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3514,8 +3514,10 @@ _docker_stack() { _docker_stack_deploy() { case "$prev" in --bundle-file) - _filedir dab - return + if __docker_is_experimental ; then + _filedir dab + return + fi ;; --compose-file|-c) _filedir yml @@ -3525,7 +3527,9 @@ _docker_stack_deploy() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--bundle-file --compose-file -c --help --with-registry-auth" -- "$cur" ) ) + local options="--compose-file -c --help --with-registry-auth" + __docker_is_experimental && options+=" --bundle-file" + COMPREPLY=( $( compgen -W "$options" -- "$cur" ) ) ;; esac } From a325d3ea2a03d580d06a4c49564f19323e586b2a Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 14 Dec 2016 08:39:10 -0800 Subject: [PATCH 2165/2538] Add docs for `docker network create --attachable` Signed-off-by: Harald Albers --- docs/reference/commandline/network_create.md | 1 + man/docker-network-create.1.md | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 4673887242..e238217d41 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -21,6 +21,7 @@ Usage: docker network create [OPTIONS] NETWORK Create a network Options: + --attachable Enable manual container attachment --aux-address value Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[]) -d, --driver string Driver to manage the Network (default "bridge") diff --git a/man/docker-network-create.1.md b/man/docker-network-create.1.md index bea6fb44e4..44ce8e15c2 100644 --- a/man/docker-network-create.1.md +++ b/man/docker-network-create.1.md @@ -6,6 +6,7 @@ docker-network-create - create a new network # SYNOPSIS **docker network create** +[**--attachable**] [**--aux-address**=*map[]*] [**-d**|**--driver**=*DRIVER*] [**--gateway**=*[]*] @@ -143,6 +144,9 @@ to create an externally isolated `overlay` network, you can specify the `--internal` option. # OPTIONS +**--attachable** + Enable manual container attachment + **--aux-address**=map[] Auxiliary IPv4 or IPv6 addresses used by network driver From e1eea7b951565d9318047caa8cbee9806a60ef83 Mon Sep 17 00:00:00 2001 From: Trapier Marshall Date: Wed, 14 Dec 2016 14:00:41 -0500 Subject: [PATCH 2166/2538] fix typo in reference for service create Signed-off-by: Trapier Marshall --- docs/reference/commandline/service_create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 76f11c0a71..b8d38a8d00 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -474,7 +474,7 @@ accessible at the target port on every node regardless if there is a task for the service running on the node. For more information refer to [Use swarm mode routing mesh](https://docs.docker.com/engine/swarm/ingress/). -### Publish a port for TCP only or UCP only +### Publish a port for TCP only or UDP only By default, when you publish a port, it is a TCP port. You can specifically publish a UDP port instead of or in addition to a TCP port. When From 932211ddc78e7eb0b16448e29bfd831886da9f82 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 14 Dec 2016 19:30:09 +0800 Subject: [PATCH 2167/2538] Add the link for service logs Signed-off-by: yuexiao-wang --- docs/reference/commandline/service_create.md | 1 + docs/reference/commandline/service_inspect.md | 1 + docs/reference/commandline/service_logs.md | 10 ++++++++++ docs/reference/commandline/service_ls.md | 1 + docs/reference/commandline/service_ps.md | 1 + docs/reference/commandline/service_rm.md | 1 + docs/reference/commandline/service_scale.md | 3 ++- docs/reference/commandline/service_update.md | 4 +++- 8 files changed, 20 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index b8d38a8d00..5cc8f90da9 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -546,6 +546,7 @@ x3ti0erg11rjpg64m75kej2mz-hosttempl ## Related information * [service inspect](service_inspect.md) +* [service logs](service_logs.md) * [service ls](service_ls.md) * [service rm](service_rm.md) * [service scale](service_scale.md) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 13550db82a..8b4ab62d89 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -154,6 +154,7 @@ $ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis ## Related information * [service create](service_create.md) +* [service logs](service_logs.md) * [service ls](service_ls.md) * [service rm](service_rm.md) * [service scale](service_scale.md) diff --git a/docs/reference/commandline/service_logs.md b/docs/reference/commandline/service_logs.md index e10018636b..fdf6a3a245 100644 --- a/docs/reference/commandline/service_logs.md +++ b/docs/reference/commandline/service_logs.md @@ -65,3 +65,13 @@ that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. You can combine the `--since` option with either or both of the `--follow` or `--tail` options. + +## Related information + +* [service create](service_create.md) +* [service inspect](service_inspect.md) +* [service ls](service_ls.md) +* [service rm](service_rm.md) +* [service scale](service_scale.md) +* [service ps](service_ps.md) +* [service update](service_update.md) diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 28378dde06..ccd68af750 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -107,6 +107,7 @@ ID NAME MODE REPLICAS IMAGE * [service create](service_create.md) * [service inspect](service_inspect.md) +* [service logs](service_logs.md) * [service rm](service_rm.md) * [service scale](service_scale.md) * [service ps](service_ps.md) diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 830504ac17..61abb15f67 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -154,6 +154,7 @@ The `desired-state` filter can take the values `running`, `shutdown`, and `accep * [service create](service_create.md) * [service inspect](service_inspect.md) +* [service logs](service_logs.md) * [service ls](service_ls.md) * [service rm](service_rm.md) * [service scale](service_scale.md) diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index 6cfb44c12b..d0ba90b26d 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -48,6 +48,7 @@ ID NAME MODE REPLICAS IMAGE * [service create](service_create.md) * [service inspect](service_inspect.md) +* [service logs](service_logs.md) * [service ls](service_ls.md) * [service scale](service_scale.md) * [service ps](service_ps.md) diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index 4ed4652a5b..64075ed092 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -29,7 +29,7 @@ Options: ### Scale a service The scale command enables you to scale one or more replicated services either up -or down to the desired number of replicas. This command cannot be applied on +or down to the desired number of replicas. This command cannot be applied on services which are global mode. The command will return immediately, but the actual scaling of the service may take some time. To stop all replicas of a service while keeping the service active in the swarm you can set the scale to 0. @@ -89,6 +89,7 @@ ID NAME MODE REPLICAS IMAGE * [service create](service_create.md) * [service inspect](service_inspect.md) +* [service logs](service_logs.md) * [service ls](service_ls.md) * [service rm](service_rm.md) * [service ps](service_ps.md) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index d40443344d..f6bd0c34c7 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -174,6 +174,8 @@ See [`service create`](./service_create.md#templating) for the reference. * [service create](service_create.md) * [service inspect](service_inspect.md) -* [service ps](service_ps.md) +* [service logs](service_logs.md) * [service ls](service_ls.md) +* [service ps](service_ps.md) * [service rm](service_rm.md) +* [service scale](service_scale.md) From a3246c7c3d65a93da130b7ae60b4d04320bf393f Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 13 Dec 2016 22:15:08 +0800 Subject: [PATCH 2168/2538] Add the whole related information for node Signed-off-by: yuexiao-wang --- docs/reference/commandline/node_demote.md | 5 +++++ docs/reference/commandline/node_inspect.md | 6 ++++-- docs/reference/commandline/node_ls.md | 4 +++- docs/reference/commandline/node_promote.md | 5 +++++ docs/reference/commandline/node_ps.md | 4 +++- docs/reference/commandline/node_rm.md | 7 ++++--- docs/reference/commandline/node_update.md | 4 +++- 7 files changed, 27 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index 6885e62192..9a81bb9c04 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -34,4 +34,9 @@ $ docker node demote ## Related information +* [node inspect](node_inspect.md) +* [node ls](node_ls.md) * [node promote](node_promote.md) +* [node ps](node_ps.md) +* [node rm](node_rm.md) +* [node update](node_update.md) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 3659814139..fac688fe40 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -129,7 +129,9 @@ Example output: ## Related information -* [node update](node_update.md) -* [node ps](node_ps.md) +* [node demote](node_demote.md) * [node ls](node_ls.md) +* [node promote](node_promote.md) +* [node ps](node_ps.md) * [node rm](node_rm.md) +* [node update](node_update.md) diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index cdcae4e48e..5f61713c2e 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -122,7 +122,9 @@ e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader ## Related information +* [node demote](node_demote.md) * [node inspect](node_inspect.md) -* [node update](node_update.md) +* [node promote](node_promote.md) * [node ps](node_ps.md) * [node rm](node_rm.md) +* [node update](node_update.md) diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md index 9771bbdffe..92092a8935 100644 --- a/docs/reference/commandline/node_promote.md +++ b/docs/reference/commandline/node_promote.md @@ -34,3 +34,8 @@ $ docker node promote ## Related information * [node demote](node_demote.md) +* [node inspect](node_inspect.md) +* [node ls](node_ls.md) +* [node ps](node_ps.md) +* [node rm](node_rm.md) +* [node update](node_update.md) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 0c54c9cfb0..48c3abd6a0 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -100,7 +100,9 @@ The `desired-state` filter can take the values `running`, `shutdown`, and `accep ## Related information +* [node demote](node_demote.md) * [node inspect](node_inspect.md) -* [node update](node_update.md) * [node ls](node_ls.md) +* [node promote](node_promote.md) * [node rm](node_rm.md) +* [node update](node_update.md) diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index 616be0a99b..b245d636cc 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -65,8 +65,9 @@ before you can remove it from the swarm. ## Related information -* [node inspect](node_inspect.md) -* [node update](node_update.md) * [node demote](node_demote.md) -* [node ps](node_ps.md) +* [node inspect](node_inspect.md) * [node ls](node_ls.md) +* [node promote](node_promote.md) +* [node ps](node_ps.md) +* [node update](node_update.md) diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index bb13e0b127..aa65d0309e 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -63,7 +63,9 @@ metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/). ## Related information +* [node demote](node_demote.md) * [node inspect](node_inspect.md) -* [node ps](node_ps.md) * [node ls](node_ls.md) +* [node promote](node_promote.md) +* [node ps](node_ps.md) * [node rm](node_rm.md) From dd1e172adb3a8b373fae3e825ee4425626c27bd1 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 15 Dec 2016 18:47:57 +0800 Subject: [PATCH 2169/2538] Fix inconsistency for pause and unpause Signed-off-by: yuexiao-wang --- docs/reference/commandline/pause.md | 10 +++++++--- docs/reference/commandline/unpause.md | 6 +++++- man/docker-pause.1.md | 13 +++++++------ man/docker-unpause.1.md | 9 +++++---- 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index cc4794920d..e2dd800d5f 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -24,9 +24,9 @@ Options: --help Print usage ``` -The `docker pause` command suspends all processes in a container. On Linux, -this uses the cgroups freezer. Traditionally, when suspending a process the -`SIGSTOP` signal is used, which is observable by the process being suspended. +The `docker pause` command suspends all processes in the specified containers. +On Linux, this uses the cgroups freezer. Traditionally, when suspending a process +the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed. On Windows, only Hyper-V containers can be paused. @@ -34,3 +34,7 @@ containers can be paused. See the [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. + +## Related information + +* [unpause](unpause.md) diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index 17cc57e409..aa2326fefc 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -24,9 +24,13 @@ Options: --help Print usage ``` -The `docker unpause` command un-suspends all processes in a container. +The `docker unpause` command un-suspends all processes in the specified containers. On Linux, it does this using the cgroups freezer. See the [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. + +## Related information + +* [pause](pause.md) diff --git a/man/docker-pause.1.md b/man/docker-pause.1.md index 1f7d81e749..11eef5321f 100644 --- a/man/docker-pause.1.md +++ b/man/docker-pause.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-pause - Pause all processes within a container +docker-pause - Pause all processes within one or more containers # SYNOPSIS **docker pause** @@ -10,9 +10,9 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker pause` command suspends all processes in a container. On Linux, -this uses the cgroups freezer. Traditionally, when suspending a process the -`SIGSTOP` signal is used, which is observable by the process being suspended. +The `docker pause` command suspends all processes in the specified containers. +On Linux, this uses the cgroups freezer. Traditionally, when suspending a process +the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed. On Windows, only Hyper-V containers can be paused. @@ -22,10 +22,11 @@ See the [cgroups freezer documentation] further details. # OPTIONS -There are no available options. +**--help** + Print usage statement # See also -**docker-unpause(1)** to unpause all processes within a container. +**docker-unpause(1)** to unpause all processes within one or more containers. # HISTORY June 2014, updated by Sven Dowideit diff --git a/man/docker-unpause.1.md b/man/docker-unpause.1.md index f1ea14bbe2..e6fd3c4e01 100644 --- a/man/docker-unpause.1.md +++ b/man/docker-unpause.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-unpause - Unpause all processes within a container +docker-unpause - Unpause all processes within one or more containers # SYNOPSIS **docker unpause** @@ -10,7 +10,7 @@ CONTAINER [CONTAINER...] # DESCRIPTION -The `docker unpause` command un-suspends all processes in a container. +The `docker unpause` command un-suspends all processes in the specified containers. On Linux, it does this using the cgroups freezer. See the [cgroups freezer documentation] @@ -18,10 +18,11 @@ See the [cgroups freezer documentation] further details. # OPTIONS -There are no available options. +**--help** + Print usage statement # See also -**docker-pause(1)** to pause all processes within a container. +**docker-pause(1)** to pause all processes within one or more containers. # HISTORY June 2014, updated by Sven Dowideit From 0d964441e92a15482fc7ee8afcad377763fffdfb Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 16 Dec 2016 15:10:20 +0100 Subject: [PATCH 2170/2538] swarm leave is not only for workers the "docker swarm leave" command description mentioned that the command can only be used for workers, however, the command can also be used for managers (using the `-f` / `--force` option). this patch removes the "(workers only)" part of the command description. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/swarm_leave.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 4dcccc6988..c0d9437818 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -18,7 +18,7 @@ keywords: "swarm, leave" ```markdown Usage: docker swarm leave [OPTIONS] -Leave the swarm (workers only) +Leave the swarm Options: -f, --force Force this node to leave the swarm, ignoring warnings From fd0957a4071fe2b427f68a99a8b0dfe8300709ad Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 8 Nov 2016 10:31:09 +0000 Subject: [PATCH 2171/2538] update experimental/README.md Signed-off-by: Akihiro Suda --- experimental/README.md | 71 ++++++++++-------------------------------- 1 file changed, 16 insertions(+), 55 deletions(-) diff --git a/experimental/README.md b/experimental/README.md index 0ee893deaf..796080cca5 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -9,65 +9,26 @@ issues associated with it. If necessary, links are provided to additional documentation on an issue. As an active Docker user and community member, please feel free to provide any feedback on these features you wish. -## Install Docker experimental +## Use Docker experimental -Unlike the regular Docker binary, the experimental channels is built and -updated nightly on https://experimental.docker.com. From one day to the -next, new features may appear, while existing experimental features may be -refined or entirely removed. +Experimental features are now included in the standard Docker binaries as of +version 1.13.0. +For enabling experimental features, you need to start the Docker daemon with +`--experimental` flag. +You can also enable the daemon flag via `/etc/docker/daemon.json`. e.g. -1. Verify that you have `curl` installed. +```json +{ + "experimental": true +} +``` - $ which curl +Then make sure the experimental flag is enabled: - If `curl` isn't installed, install it after updating your manager: - - $ sudo apt-get update - $ sudo apt-get install curl - -2. Get the latest Docker package. - - $ curl -sSL https://experimental.docker.com/ | sh - - The system prompts you for your `sudo` password. Then, it downloads and - installs Docker and its dependencies. - - >**Note**: If your company is behind a filtering proxy, you may find that the - >`apt-key` - >command fails for the Docker repo during installation. To work around this, - >add the key directly using the following: - > - > $ curl -sSL https://experimental.docker.com/gpg | sudo apt-key add - - -3. Verify `docker` is installed correctly. - - $ sudo docker run hello-world - - This command downloads a test image and runs it in a container. - -### Get the Linux binary -To download the latest experimental `docker` binary for Linux, -use the following URLs: - - https://experimental.docker.com/builds/Linux/i386/docker-latest.tgz - - https://experimental.docker.com/builds/Linux/x86_64/docker-latest.tgz - -After downloading the appropriate binary, you can follow the instructions -[here](https://docs.docker.com/engine/installation/binaries/#/get-the-docker-engine-binaries) to run the `docker` daemon. - -> **Note** -> -> 1) You can get the MD5 and SHA256 hashes by appending .md5 and .sha256 to the URLs respectively -> -> 2) You can get the compressed binaries by appending .tgz to the URLs - -### Build an experimental binary -You can also build the experimental binary from the standard development environment by adding -`DOCKER_EXPERIMENTAL=1` to the environment where you run `make` to build Docker binaries. For example, -to build a Docker binary with the experimental features enabled: - - $ DOCKER_EXPERIMENTAL=1 make binary +```bash +$ docker version -f '{{.Server.Experimental}}' +true +``` ## Current experimental features From c8f99f00d2fb9d0677d09fe606de1f876f7073b9 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sat, 19 Nov 2016 17:41:11 -0800 Subject: [PATCH 2172/2538] Add `--file` flag for `docker secret create` command This fix tries to address the issue raised in 28581 and 28927 where it is not possible to create a secret from a file (only through STDIN). This fix add a flag `--file` to `docker secret create` so that it is possible to create a secret from a file with: ``` docker secret create --file secret.in secret.name ``` or ``` echo TEST | docker secret create --file - secret.name ``` Related docs has been updated. An integration test has been added to cover the changes. This fix fixes 28581. This fix is related to 28927. Signed-off-by: Yong Tang --- docs/reference/commandline/secret_create.md | 27 +++++++++++++++------ 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md index 952ad26b2c..ef2641a91c 100644 --- a/docs/reference/commandline/secret_create.md +++ b/docs/reference/commandline/secret_create.md @@ -16,15 +16,17 @@ keywords: ["secret, create"] # secret create ```Markdown -Usage: docker secret create [OPTIONS] SECRET +Usage: docker secret create [OPTIONS] SECRET + +Create a secret from a file or STDIN as content -Create a secret using stdin as content Options: - --help Print usage - -l, --label list Secret labels (default []) + -f, --file string Read from a file or STDIN ('-') + --help Print usage + -l, --label list Secret labels (default []) ``` -Creates a secret using standard input for the secret content. You must run this +Creates a secret using standard input or from a file for the secret content. You must run this command on a manager node. ## Examples @@ -32,7 +34,18 @@ command on a manager node. ### Create a secret ```bash -$ cat secret.json | docker secret create secret.json +$ cat secret.json | docker secret create -f - secret.json +mhv17xfe3gh6xc4rij5orpfds + +$ docker secret ls +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +``` + +### Create a secret with a file + +```bash +$ docker secret create --file secret.in secret.json mhv17xfe3gh6xc4rij5orpfds $ docker secret ls @@ -43,7 +56,7 @@ mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.90918108 ### Create a secret with labels ```bash -$ cat secret.json | docker secret create secret.json --label env=dev --label rev=20161102 +$ cat secret.json | docker secret create secret.json -f - --label env=dev --label rev=20161102 jtn7g6aukl5ky7nr9gvwafoxh $ docker secret inspect secret.json From 8e575647082a929718b1ecc5acfabf63ed495696 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 18 Dec 2016 06:31:25 -0800 Subject: [PATCH 2173/2538] Remove bash completion for `docker node ps --all|-a` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index e04bb231ee..dddee35195 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3139,7 +3139,7 @@ _docker_node_ps() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve --no-trunc" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc" -- "$cur" ) ) ;; *) __docker_complete_nodes_plus_self From b9c6e9ef216053cea147be5dc1ca75bd5a5ca0a7 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 19 Dec 2016 01:55:09 +0100 Subject: [PATCH 2174/2538] [docs,man] Fixed typo (#29516) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Käufl --- docs/reference/commandline/build.md | 2 +- man/docker-build.1.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 42c3ecf65f..9c2c71b489 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -438,7 +438,7 @@ Specifying the `--isolation` flag without a value is the same as setting `--isol Once the image is built, squash the new layers into a new image with a single new layer. Squashing does not destroy any existing image, rather it creates a new -image with the content of the squshed layers. This effectively makes it look +image with the content of the squashed layers. This effectively makes it look like all `Dockerfile` commands were created with a single layer. The build cache is preserved with this method. diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 4beee88e4a..5676cb80bd 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -62,7 +62,7 @@ set as the **URL**, the repository is cloned locally and then sent as the contex **Experimental Only** Once the image is built, squash the new layers into a new image with a single new layer. Squashing does not destroy any existing image, rather it creates a new - image with the content of the squshed layers. This effectively makes it look + image with the content of the squashed layers. This effectively makes it look like all `Dockerfile` commands were created with a single layer. The build cache is preserved with this method. From 7a9de26c6e3771b3fbe7961bff3442fa8566ea42 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 18 Dec 2016 06:47:54 -0800 Subject: [PATCH 2175/2538] Remove `--all|-a` from `docker node ps` reference Signed-off-by: Harald Albers --- docs/reference/commandline/node_ps.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 48c3abd6a0..7f07c5ea64 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -22,7 +22,6 @@ Usage: docker node ps [OPTIONS] [NODE...] List tasks running on one or more nodes, defaults to current node. Options: - -a, --all Display all instances -f, --filter value Filter output based on conditions provided --help Print usage --no-resolve Do not map IDs to Names From f03fd566f6c08701eb603ba93ac6b1da4ba80ce6 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Wed, 14 Dec 2016 16:42:31 +0800 Subject: [PATCH 2176/2538] Add docker-update description ommited in docker.1.md Signed-off-by: lixiaobing10051267 --- man/docker.1.md | 157 +----------------------------------------------- 1 file changed, 1 insertion(+), 156 deletions(-) diff --git a/man/docker.1.md b/man/docker.1.md index 2a96184439..84b470ee41 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -59,163 +59,8 @@ unix://[/path/to/socket] to use. Print version information and quit. Default is false. # COMMANDS -**attach** - Attach to a running container - See **docker-attach(1)** for full documentation on the **attach** command. - -**build** - Build an image from a Dockerfile - See **docker-build(1)** for full documentation on the **build** command. - -**commit** - Create a new image from a container's changes - See **docker-commit(1)** for full documentation on the **commit** command. - -**cp** - Copy files/folders between a container and the local filesystem - See **docker-cp(1)** for full documentation on the **cp** command. - -**create** - Create a new container - See **docker-create(1)** for full documentation on the **create** command. - -**diff** - Inspect changes on a container's filesystem - See **docker-diff(1)** for full documentation on the **diff** command. - -**events** - Get real time events from the server - See **docker-events(1)** for full documentation on the **events** command. - -**exec** - Run a command in a running container - See **docker-exec(1)** for full documentation on the **exec** command. - -**export** - Stream the contents of a container as a tar archive - See **docker-export(1)** for full documentation on the **export** command. - -**history** - Show the history of an image - See **docker-history(1)** for full documentation on the **history** command. - -**images** - List images - See **docker-images(1)** for full documentation on the **images** command. - -**import** - Create a new filesystem image from the contents of a tarball - See **docker-import(1)** for full documentation on the **import** command. - -**info** - Display system-wide information - See **docker-info(1)** for full documentation on the **info** command. - -**inspect** - Return low-level information on a container or image - See **docker-inspect(1)** for full documentation on the **inspect** command. - -**kill** - Kill a running container (which includes the wrapper process and everything -inside it) - See **docker-kill(1)** for full documentation on the **kill** command. - -**load** - Load an image from a tar archive - See **docker-load(1)** for full documentation on the **load** command. - -**login** - Log in to a Docker Registry - See **docker-login(1)** for full documentation on the **login** command. - -**logout** - Log the user out of a Docker Registry - See **docker-logout(1)** for full documentation on the **logout** command. - -**logs** - Fetch the logs of a container - See **docker-logs(1)** for full documentation on the **logs** command. - -**pause** - Pause all processes within a container - See **docker-pause(1)** for full documentation on the **pause** command. - -**port** - Lookup the public-facing port which is NAT-ed to PRIVATE_PORT - See **docker-port(1)** for full documentation on the **port** command. - -**ps** - List containers - See **docker-ps(1)** for full documentation on the **ps** command. - -**pull** - Pull an image or a repository from a Docker Registry - See **docker-pull(1)** for full documentation on the **pull** command. - -**push** - Push an image or a repository to a Docker Registry - See **docker-push(1)** for full documentation on the **push** command. - -**rename** - Rename a container. - See **docker-rename(1)** for full documentation on the **rename** command. - -**restart** - Restart one or more containers - See **docker-restart(1)** for full documentation on the **restart** command. - -**rm** - Remove one or more containers - See **docker-rm(1)** for full documentation on the **rm** command. - -**rmi** - Remove one or more images - See **docker-rmi(1)** for full documentation on the **rmi** command. - -**run** - Run a command in a new container - See **docker-run(1)** for full documentation on the **run** command. - -**save** - Save an image to a tar archive - See **docker-save(1)** for full documentation on the **save** command. - -**search** - Search for an image in the Docker index - See **docker-search(1)** for full documentation on the **search** command. - -**start** - Start a container - See **docker-start(1)** for full documentation on the **start** command. - -**stats** - Display a live stream of one or more containers' resource usage statistics - See **docker-stats(1)** for full documentation on the **stats** command. - -**stop** - Stop a container - See **docker-stop(1)** for full documentation on the **stop** command. - -**tag** - Tag an image into a repository - See **docker-tag(1)** for full documentation on the **tag** command. - -**top** - Lookup the running processes of a container - See **docker-top(1)** for full documentation on the **top** command. - -**unpause** - Unpause all processes within a container - See **docker-unpause(1)** for full documentation on the **unpause** command. - -**version** - Show the Docker version information - See **docker-version(1)** for full documentation on the **version** command. - -**wait** - Block until a container stops, then print its exit code - See **docker-wait(1)** for full documentation on the **wait** command. +Use "docker help" or "docker --help" to get an overview of available commands. # RUNTIME EXECUTION OPTIONS From 5997147397a2a19e33671ed479f37eb7a19e1c2e Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 19 Dec 2016 11:40:59 -0800 Subject: [PATCH 2177/2538] Remove bash completion for deprecated `docker daemon` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index dddee35195..246cd5f62e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3955,7 +3955,6 @@ _docker() { container cp create - daemon diff events exec From 175d21838aab7a7036bc7f9c9ad3ecd059d1c1b8 Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 20 Dec 2016 11:14:39 +0800 Subject: [PATCH 2178/2538] update docs about --oom-score-adj Signed-off-by: allencloud --- docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 73769ed610..e0b233752f 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -836,7 +836,7 @@ The container has unlimited memory which can cause the host to run out memory and require killing system processes to free memory. The `--oom-score-adj` parameter can be changed to select the priority of which containers will be killed when the system is out of memory, with negative scores making them -less likely to be killed an positive more likely. +less likely to be killed, and positive scores more likely. ### Kernel memory constraints From 41d0180f2ad249ab49517fe2196d50166e2dc962 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Tue, 20 Dec 2016 20:34:09 +0800 Subject: [PATCH 2179/2538] field NAMES ommitted after docker ps in commit.md Signed-off-by: lixiaobing10051267 --- docs/reference/commandline/commit.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index 8f971a5d95..e9a8717012 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -49,9 +49,9 @@ created. Supported `Dockerfile` instructions: ## Commit a container $ docker ps - ID IMAGE COMMAND CREATED STATUS PORTS - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + ID IMAGE COMMAND CREATED STATUS PORTS NAMES + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton $ docker commit c3f279d17e0a svendowideit/testimage:version3 f5283438590d $ docker images @@ -62,9 +62,9 @@ created. Supported `Dockerfile` instructions: {% raw %} $ docker ps - ID IMAGE COMMAND CREATED STATUS PORTS - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + ID IMAGE COMMAND CREATED STATUS PORTS NAMES + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton $ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] $ docker commit --change "ENV DEBUG true" c3f279d17e0a svendowideit/testimage:version3 @@ -76,9 +76,9 @@ created. Supported `Dockerfile` instructions: ## Commit a container with new `CMD` and `EXPOSE` instructions $ docker ps - ID IMAGE COMMAND CREATED STATUS PORTS - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + ID IMAGE COMMAND CREATED STATUS PORTS NAMES + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton $ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a svendowideit/testimage:version4 f5283438590d @@ -87,7 +87,7 @@ created. Supported `Dockerfile` instructions: 89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0 $ docker ps - ID IMAGE COMMAND CREATED STATUS PORTS - 89373736e2e7 testimage:version4 "apachectl -DFOREGROU" 3 seconds ago Up 2 seconds 80/tcp - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours + ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 89373736e2e7 testimage:version4 "apachectl -DFOREGROU" 3 seconds ago Up 2 seconds 80/tcp distracted_fermat + c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky + 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton From 1b85eea07da0bf78ea303d3c6b897acd6a09dc76 Mon Sep 17 00:00:00 2001 From: liwenqi Date: Tue, 20 Dec 2016 16:44:17 +0800 Subject: [PATCH 2180/2538] correct some words Signed-off-by: liwenqi Update ISSUE-TRIAGE.md Signed-off-by: vicky <395658237@qq.com> --- docs/reference/builder.md | 2 +- docs/reference/commandline/build.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 3e28b54f58..a95385f90f 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1754,6 +1754,6 @@ FROM ubuntu RUN echo moo > oink # Will output something like ===> 695d7793cbe4 -# You᾿ll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with +# You'll now have two images, 907ad6c2736f with /bar, and 695d7793cbe4 with # /oink. ``` diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 9c2c71b489..2f8c59c387 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -262,7 +262,7 @@ Successfully built 377c409b35e4 This sends the URL `http://server/ctx.tar.gz` to the Docker daemon, which downloads and extracts the referenced tarball. The `-f ctx/Dockerfile` parameter specifies a path inside `ctx.tar.gz` to the `Dockerfile` that is used -to build the image. Any `ADD` commands in that `Dockerfile` that refer to local +to build the image. Any `ADD` commands in that `Dockerfile` that refers to local paths must be relative to the root of the contents inside `ctx.tar.gz`. In the example above, the tarball contains a directory `ctx/`, so the `ADD ctx/container.cfg /` operation works as expected. From 87b4281f628e1c66e0586928645434843997d7e6 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Thu, 15 Dec 2016 06:12:33 -0800 Subject: [PATCH 2181/2538] Fix misleading default for `--replicas` This fix tries to address the issue raised in 29291 where the output of `--replicas` in `service create/update`: ``` --replicas uint Number of tasks (default none) ``` is misleading. User might incorrectly assume the number of replicas would be `0` (`none`) by default, while the actual default is `1`. The issue comes from the fact that some of the default values are from daemon and it is not possible for client to find out the default value. In this case, it might be better to just simply not displaying `(default none)`. This fix returns "" for `Uint64Opt` so that `(default none)` is hidden. In addition to `--replicas`, this fix also changes `--restart-delay`, `--restart-max-attempts`, `--stop-grace-period`, `--health-interval`, `--health-timeout`, and `--restart-window` in a similiar fashion. New Output: ``` --health-interval duration Time between running the check (ns|us|ms|s|m|h) --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) ... --replicas uint Number of tasks ... --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) --restart-max-attempts uint Maximum number of restarts before giving up --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) ... --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) ``` The docs has been updated. Note the docs for help output of `service create/update` is out of sync with the current master. This fix replace with the update-to-date help output. This fix fixes 29291. Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 18 +++++++++--------- docs/reference/commandline/service_update.md | 20 ++++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 5cc8f90da9..c1f827984b 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -31,9 +31,9 @@ Options: --env-file list Read in a file of environment variables (default []) --group list Set one or more supplementary user groups for the container (default []) --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default none) + --health-interval duration Time between running the check (ns|us|ms|s|m|h) --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default none) + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) --help Print usage --host list Set one or more custom host-to-IP mappings (host:ip) (default []) --hostname string Container hostname @@ -47,16 +47,16 @@ Options: --name string Service name --network list Network attachments (default []) --no-healthcheck Disable any container-specified HEALTHCHECK - -p, --publish list Publish a port as a node port (default []) - --replicas uint Number of tasks (default none) + -p, --publish port Publish a port as a node port + --replicas uint Number of tasks --reserve-cpu decimal Reserve CPUs (default 0.000) --reserve-memory bytes Reserve Memory (default 0 B) --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) (default none) - --restart-max-attempts uint Maximum number of restarts before giving up (default none) - --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) (default none) - --secret value Specify secrets to expose to the service (default []) - --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) (default none) + --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) + --restart-max-attempts uint Maximum number of restarts before giving up + --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) + --secret secret Specify secrets to expose to the service + --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure (pause|continue) (default "pause") diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index f6bd0c34c7..301a0eabe8 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -39,9 +39,9 @@ Options: --group-add list Add an additional supplementary user group to the container (default []) --group-rm list Remove a previously added supplementary user group from the container (default []) --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default none) + --health-interval duration Time between running the check (ns|us|ms|s|m|h) --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default none) + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) --help Print usage --host-add list Add or update a custom host-to-IP mapping (host:ip) (default []) --host-rm list Remove a custom host-to-IP mapping (host:ip) (default []) @@ -56,19 +56,19 @@ Options: --mount-add mount Add or update a mount on a service --mount-rm list Remove a mount by its target path (default []) --no-healthcheck Disable any container-specified HEALTHCHECK - --publish-add list Add or update a published port (default []) - --publish-rm list Remove a published port by its target port (default []) - --replicas uint Number of tasks (default none) + --publish-add port Add or update a published port + --publish-rm port Remove a published port by its target port + --replicas uint Number of tasks --reserve-cpu decimal Reserve CPUs (default 0.000) --reserve-memory bytes Reserve Memory (default 0 B) --restart-condition string Restart when condition is met (none, on-failure, or any) - --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) (default none) - --restart-max-attempts uint Maximum number of restarts before giving up (default none) - --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) (default none) + --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) + --restart-max-attempts uint Maximum number of restarts before giving up + --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) --rollback Rollback to previous specification - --secret-add list Add a secret (default []) + --secret-add secret Add or update a secret on a service --secret-rm list Remove a secret (default []) - --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) (default none) + --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure (pause|continue) (default "pause") From 205d49dfa062fe75e3994ff14de1ffb6777ebfa6 Mon Sep 17 00:00:00 2001 From: Victoria Bialas Date: Mon, 19 Dec 2016 17:25:04 -0800 Subject: [PATCH 2182/2538] updates to glossary re: d4mac, d4win, toolbox per user request Signed-off-by: Victoria Bialas --- docs/reference/glossary.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index 0bc39a2023..7d87882fa3 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -93,6 +93,14 @@ develop, ship, and run applications - The docker daemon process running on the host which manages images and containers +## Docker for Mac + +[Docker for Mac](https://docs.docker.com/docker-for-mac/) is an easy-to-install, lightweight Docker development environment designed specifically for the Mac. A native Mac application, Docker for Mac uses the macOS Hypervisor framework, networking, and filesystem. It's the best solution if you want to build, debug, test, package, and ship Dockerized applications on a Mac. Docker for Mac supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker for macOS. + +## Docker for Windows + +[Docker for Windows](https://docs.docker.com/docker-for-windows/) is an easy-to-install, lightweight Docker development environment designed specifically for Windows systems. Docker for Windows uses Microsoft Hyper-V, and runs as a native Windows app. It works with Windows Server 2016, and gives you the ability to set up and run Windows containers as well as the standard Linux containers (with an option to switch between the two). Docker for Windows is the best solution if you want to build, debug, test, package, and ship Dockerized applications on Windows machines. It supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker on Windows. + ## Docker Hub The [Docker Hub](https://hub.docker.com/) is a centralized resource for working with @@ -264,7 +272,11 @@ containers. ## Toolbox -Docker Toolbox is the installer for Mac and Windows users. +[Docker Toolbox](https://docs.docker.com/toolbox/overview/) is a legacy installer for Mac and Windows users. It uses Oracle VirtualBox for virtualization. + +For Macs running OS X El Capitan 10.11 and newer macOS releases, [Docker for Mac](https://docs.docker.com/docker-for-mac/) is the better solution. + +For Windows systems running Windows 10 Pro and Microsoft Hyper-V, [Docker for Windows](https://docs.docker.com/docker-for-windows/) is the better solution. ## Union file system From 0be1dede6260d8ead59b2db21757dc510652834b Mon Sep 17 00:00:00 2001 From: Victoria Bialas Date: Mon, 19 Dec 2016 17:41:51 -0800 Subject: [PATCH 2183/2538] updates to d4win description per review comments Signed-off-by: Victoria Bialas --- docs/reference/glossary.md | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index 7d87882fa3..6404b8ef2f 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -95,11 +95,24 @@ develop, ship, and run applications ## Docker for Mac -[Docker for Mac](https://docs.docker.com/docker-for-mac/) is an easy-to-install, lightweight Docker development environment designed specifically for the Mac. A native Mac application, Docker for Mac uses the macOS Hypervisor framework, networking, and filesystem. It's the best solution if you want to build, debug, test, package, and ship Dockerized applications on a Mac. Docker for Mac supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker for macOS. +[Docker for Mac](https://docs.docker.com/docker-for-mac/) is an easy-to-install, +lightweight Docker development environment designed specifically for the Mac. A +native Mac application, Docker for Mac uses the macOS Hypervisor framework, +networking, and filesystem. It's the best solution if you want to build, debug, +test, package, and ship Dockerized applications on a Mac. Docker for Mac +supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker for macOS. ## Docker for Windows -[Docker for Windows](https://docs.docker.com/docker-for-windows/) is an easy-to-install, lightweight Docker development environment designed specifically for Windows systems. Docker for Windows uses Microsoft Hyper-V, and runs as a native Windows app. It works with Windows Server 2016, and gives you the ability to set up and run Windows containers as well as the standard Linux containers (with an option to switch between the two). Docker for Windows is the best solution if you want to build, debug, test, package, and ship Dockerized applications on Windows machines. It supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker on Windows. +[Docker for Windows](https://docs.docker.com/docker-for-windows/) is an +easy-to-install, lightweight Docker development environment designed +specifically for Windows systems. Docker for Windows uses Microsoft Hyper-V, and +runs as a native Windows app. It works with Windows Server 2016, and gives you +the ability to set up and run Windows containers as well as the standard Linux +containers (with an option to switch between the two). Docker for Windows is the +best solution if you want to build, debug, test, package, and ship Dockerized +applications on Windows machines. It supersedes [Docker Toolbox](#toolbox) as +state-of-the-art Docker on Windows. ## Docker Hub @@ -272,18 +285,23 @@ containers. ## Toolbox -[Docker Toolbox](https://docs.docker.com/toolbox/overview/) is a legacy installer for Mac and Windows users. It uses Oracle VirtualBox for virtualization. +[Docker Toolbox](https://docs.docker.com/toolbox/overview/) is a legacy +installer for Mac and Windows users. It uses Oracle VirtualBox for +virtualization. -For Macs running OS X El Capitan 10.11 and newer macOS releases, [Docker for Mac](https://docs.docker.com/docker-for-mac/) is the better solution. +For Macs running OS X El Capitan 10.11 and newer macOS releases, [Docker for +Mac](https://docs.docker.com/docker-for-mac/) is the better solution. -For Windows systems running Windows 10 Pro and Microsoft Hyper-V, [Docker for Windows](https://docs.docker.com/docker-for-windows/) is the better solution. +For Windows 10 systems that support Microsoft Hyper-V (Professional, Enterprise +and Education), [Docker for +Windows](https://docs.docker.com/docker-for-windows/) is the better solution. ## Union file system -Union file systems, or UnionFS, are file systems that operate by creating layers, making them -very lightweight and fast. Docker uses union file systems to provide the building -blocks for containers. +Union file systems, or UnionFS, are file systems that operate by creating +layers, making them very lightweight and fast. Docker uses union file systems to +provide the building blocks for containers. ## virtual machine From 22b1d28bde1c1150d4b2d749c20d50b9fcfc784f Mon Sep 17 00:00:00 2001 From: Jie Luo Date: Wed, 21 Dec 2016 11:03:39 +0800 Subject: [PATCH 2184/2538] duplicated the Signed-off-by: Jie Luo typo Signed-off-by: Jie Luo fix some typos Signed-off-by: Jie Luo --- experimental/vlan-networks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index caec6d6c6b..c2bddef320 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -216,7 +216,7 @@ ip a show eth0 inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0 ``` --A traditional gateway doesn't mean much to an L3 mode Ipvlan interface since there is no broadcast traffic allowed. Because of that, the container default gateway simply point the the containers `eth0` device. See below for CLI output of `ip route` or `ip -6 route` from inside an L3 container for details. +-A traditional gateway doesn't mean much to an L3 mode Ipvlan interface since there is no broadcast traffic allowed. Because of that, the container default gateway simply points to the containers `eth0` device. See below for CLI output of `ip route` or `ip -6 route` from inside an L3 container for details. The mode ` -o ipvlan_mode=l3` must be explicitly specified since the default ipvlan mode is `l2`. From e3d6fbd44f62c3ef1a7614a88bfc78e8da9c2fca Mon Sep 17 00:00:00 2001 From: Xinbo Weng Date: Wed, 21 Dec 2016 20:05:19 +0800 Subject: [PATCH 2185/2538] some punctuation errors and a verb form error Signed-off-by: Xinbo Weng --- experimental/docker-stacks-and-bundles.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index b777c3919c..573c1bc5ae 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -12,7 +12,7 @@ application bundle**, and **stacks** can be created from that bundle. In that sense, the bundle is a multi-services distributable image format. As of Docker 1.12 and Compose 1.8, the features are experimental. Neither -Docker Engine nor the Docker Registry support distribution of bundles. +Docker Engine nor the Docker Registry supports distribution of bundles. ## Producing a bundle From 08ba19c291ab1dd835c9ca0804c7bdfcbe6b0d88 Mon Sep 17 00:00:00 2001 From: Hongbin Lu Date: Thu, 15 Dec 2016 20:00:34 -0600 Subject: [PATCH 2186/2538] Add Fuxi Volume Plugin to the docs Signed-off-by: Hongbin Lu --- docs/extend/legacy_plugins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index 6ac914e366..e9ab6f40be 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -65,6 +65,7 @@ Plugin [Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. [DRBD plugin](https://www.drbd.org/en/supported-projects/docker) | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes. [Flocker plugin](https://clusterhq.com/docker-plugin/) | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines. +[Fuxi Volume Plugin](https://github.com/openstack/fuxi) | A volume plugin that is developed as part of the OpenStack Kuryr project and implements the Docker volume plugin API by utilizing Cinder, the OpenStack block storage service. [gce-docker plugin](https://github.com/mcuadros/gce-docker) | A volume plugin able to attach, format and mount Google Compute [persistent-disks](https://cloud.google.com/compute/docs/disks/persistent-disks). [GlusterFS plugin](https://github.com/calavera/docker-volume-glusterfs) | A volume plugin that provides multi-host volumes management for Docker using GlusterFS. [Horcrux Volume Plugin](https://github.com/muthu-r/horcrux) | A volume plugin that allows on-demand, version controlled access to your data. Horcrux is an open-source plugin, written in Go, and supports SCP, [Minio](https://www.minio.io) and Amazon S3. From 388c8f8a30522a85030a3e6f3bfad2d2d3d3efba Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 20 Dec 2016 13:28:46 -0800 Subject: [PATCH 2187/2538] Improve bash completion for bundled plugins Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 246cd5f62e..55b52c0bac 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -262,7 +262,7 @@ __docker_plugins_bundled() { esac done - local plugins=($(__docker_q info | sed -n "/^Plugins/,/^[^ ]/s/ $type: //p")) + local plugins=($(__docker_q info --format "{{range \$i, \$p := .Plugins.$type}}{{.}} {{end}}")) for del in "${remove[@]}" ; do plugins=(${plugins[@]/$del/}) done From 0a6612f03f71ef95a2847d2a69d5c621c29d3d42 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 20 Dec 2016 19:14:41 +0800 Subject: [PATCH 2188/2538] Change tls to TLS Signed-off-by: yuexiao-wang --- docs/reference/commandline/secret_ls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md index 6b34fc2146..c7b7f2a352 100644 --- a/docs/reference/commandline/secret_ls.md +++ b/docs/reference/commandline/secret_ls.md @@ -27,7 +27,7 @@ Options: -q, --quiet Only display IDs ``` -Run this command on a manager node to list the secrets in the Swarm. +Run this command on a manager node to list the secrets in the swarm. ## Examples From 9d27f13dd84baeed7d8309c9b928df1cc51635ee Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 20 Dec 2016 01:55:51 +0800 Subject: [PATCH 2189/2538] Add the link for swarm reference document Signed-off-by: yuexiao-wang --- docs/reference/commandline/swarm_init.md | 7 ++++--- docs/reference/commandline/swarm_join.md | 3 +++ docs/reference/commandline/swarm_join_token.md | 5 +++++ docs/reference/commandline/swarm_leave.md | 3 +++ docs/reference/commandline/swarm_unlock.md | 4 ++++ docs/reference/commandline/swarm_unlock_key.md | 5 ++++- docs/reference/commandline/swarm_update.md | 3 +++ 7 files changed, 26 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 44afc27476..748454c638 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -136,7 +136,8 @@ frequently. ## Related information * [swarm join](swarm_join.md) -* [swarm leave](swarm_leave.md) -* [swarm update](swarm_update.md) * [swarm join-token](swarm_join_token.md) -* [node rm](node_rm.md) +* [swarm leave](swarm_leave.md) +* [swarm unlock](swarm_unlock.md) +* [swarm unlock-key](swarm_unlock_key.md) +* [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 0cde0d7bcd..0e6dadb6cb 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -98,5 +98,8 @@ Secret value required for nodes to join the swarm ## Related information * [swarm init](swarm_init.md) +* [swarm join-token](swarm_join_token.md) * [swarm leave](swarm_leave.md) +* [swarm unlock](swarm_unlock.md) +* [swarm unlock-key](swarm_unlock_key.md) * [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index d731f028ba..3603640d13 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -102,4 +102,9 @@ Only print the token. Do not print a complete command for joining. ## Related information +* [swarm init](swarm_init.md) * [swarm join](swarm_join.md) +* [swarm leave](swarm_leave.md) +* [swarm unlock](swarm_unlock.md) +* [swarm unlock-key](swarm_unlock_key.md) +* [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index c0d9437818..b2211c1682 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -55,4 +55,7 @@ To remove an inactive node, use the [`node rm`](node_rm.md) command instead. * [node rm](node_rm.md) * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) +* [swarm join-token](swarm_join_token.md) +* [swarm unlock](swarm_unlock.md) +* [swarm unlock-key](swarm_unlock_key.md) * [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_unlock.md b/docs/reference/commandline/swarm_unlock.md index 164b7d35a4..fa6cfdf29e 100644 --- a/docs/reference/commandline/swarm_unlock.md +++ b/docs/reference/commandline/swarm_unlock.md @@ -38,4 +38,8 @@ Please enter unlock key: ## Related information * [swarm init](swarm_init.md) +* [swarm join](swarm_join.md) +* [swarm join-token](swarm_join_token.md) +* [swarm leave](swarm_leave.md) +* [swarm unlock-key](swarm_unlock_key.md) * [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_unlock_key.md b/docs/reference/commandline/swarm_unlock_key.md index a2597fe9ab..d3dae27adb 100644 --- a/docs/reference/commandline/swarm_unlock_key.md +++ b/docs/reference/commandline/swarm_unlock_key.md @@ -79,6 +79,9 @@ Only print the unlock key, without instructions. ## Related information -* [swarm unlock](swarm_unlock.md) * [swarm init](swarm_init.md) +* [swarm join](swarm_join.md) +* [swarm join-token](swarm_join_token.md) +* [swarm leave](swarm_leave.md) +* [swarm unlock](swarm_unlock.md) * [swarm update](swarm_update.md) diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 0af63fe3e0..04982574de 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -42,4 +42,7 @@ $ docker swarm update --cert-expiry 720h * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) +* [swarm join-token](swarm_join_token.md) * [swarm leave](swarm_leave.md) +* [swarm unlock](swarm_unlock.md) +* [swarm unlock-key](swarm_unlock_key.md) From fbb21b0191778baef840627efddafbc3222668b1 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Tue, 20 Dec 2016 11:47:54 -0800 Subject: [PATCH 2190/2538] Clarify what docker diff shows Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/diff.md | 57 ++++++++++++++++++---------- man/docker-diff.1.md | 60 ++++++++++++++++++------------ 2 files changed, 73 insertions(+), 44 deletions(-) diff --git a/docs/reference/commandline/diff.md b/docs/reference/commandline/diff.md index be27678dcd..085c35d48f 100644 --- a/docs/reference/commandline/diff.md +++ b/docs/reference/commandline/diff.md @@ -13,36 +13,53 @@ keywords: "list, changed, files, container" will be rejected. --> -# diff +## diff ```markdown Usage: docker diff CONTAINER -Inspect changes on a container's filesystem +Inspect changes to files or directories on a container's filesystem Options: --help Print usage ``` -List the changed files and directories in a container᾿s filesystem. - There are 3 events that are listed in the `diff`: +List the changed files and directories in a container᾿s filesystem since the +container was created. Three different types of change are tracked: -1. `A` - Add -2. `D` - Delete -3. `C` - Change +| Symbol | Description | +|--------|---------------------------------| +| `A` | A file or directory was added | +| `D` | A file or directory was deleted | +| `C` | A file or directory was changed | -For example: +You can use the full or shortened container ID or the container name set using +`docker run --name` option. - $ docker diff 7bb0e258aefe +## Examples - C /dev - A /dev/kmsg - C /etc - A /etc/mtab - A /go - A /go/src - A /go/src/github.com - A /go/src/github.com/docker - A /go/src/github.com/docker/docker - A /go/src/github.com/docker/docker/.git - .... +Inspect the changes to an `nginx` container: + +```bash +$ docker diff 1fdfd1f54c1b + +C /dev +C /dev/console +C /dev/core +C /dev/stdout +C /dev/fd +C /dev/ptmx +C /dev/stderr +C /dev/stdin +C /run +A /run/nginx.pid +C /var/lib/nginx/tmp +A /var/lib/nginx/tmp/client_body +A /var/lib/nginx/tmp/fastcgi +A /var/lib/nginx/tmp/proxy +A /var/lib/nginx/tmp/scgi +A /var/lib/nginx/tmp/uwsgi +C /var/log/nginx +A /var/log/nginx/access.log +A /var/log/nginx/error.log +``` diff --git a/man/docker-diff.1.md b/man/docker-diff.1.md index 6c6c502533..3342ad1af5 100644 --- a/man/docker-diff.1.md +++ b/man/docker-diff.1.md @@ -2,7 +2,7 @@ % Docker Community % JUNE 2014 # NAME -docker-diff - Inspect changes on a container's filesystem +docker-diff - Inspect changes to files or directories on a container's filesystem # SYNOPSIS **docker diff** @@ -10,8 +10,16 @@ docker-diff - Inspect changes on a container's filesystem CONTAINER # DESCRIPTION -Inspect changes on a container's filesystem. You can use the full or -shortened container ID or the container name set using +List the changed files and directories in a container᾿s filesystem since the +container was created. Three different types of change are tracked: + +| Symbol | Description | +|--------|---------------------------------| +| `A` | A file or directory was added | +| `D` | A file or directory was deleted | +| `C` | A file or directory was changed | + +You can use the full or shortened container ID or the container name set using **docker run --name** option. # OPTIONS @@ -19,28 +27,32 @@ shortened container ID or the container name set using Print usage statement # EXAMPLES -Inspect the changes to on a nginx container: - # docker diff 1fdfd1f54c1b - C /dev - C /dev/console - C /dev/core - C /dev/stdout - C /dev/fd - C /dev/ptmx - C /dev/stderr - C /dev/stdin - C /run - A /run/nginx.pid - C /var/lib/nginx/tmp - A /var/lib/nginx/tmp/client_body - A /var/lib/nginx/tmp/fastcgi - A /var/lib/nginx/tmp/proxy - A /var/lib/nginx/tmp/scgi - A /var/lib/nginx/tmp/uwsgi - C /var/log/nginx - A /var/log/nginx/access.log - A /var/log/nginx/error.log +Inspect the changes to an `nginx` container: + +```bash +$ docker diff 1fdfd1f54c1b + +C /dev +C /dev/console +C /dev/core +C /dev/stdout +C /dev/fd +C /dev/ptmx +C /dev/stderr +C /dev/stdin +C /run +A /run/nginx.pid +C /var/lib/nginx/tmp +A /var/lib/nginx/tmp/client_body +A /var/lib/nginx/tmp/fastcgi +A /var/lib/nginx/tmp/proxy +A /var/lib/nginx/tmp/scgi +A /var/lib/nginx/tmp/uwsgi +C /var/log/nginx +A /var/log/nginx/access.log +A /var/log/nginx/error.log +``` # HISTORY From ef5fb30f61b7a996f29c305b04efe00ed0388211 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Sat, 17 Dec 2016 22:01:59 +0800 Subject: [PATCH 2191/2538] Add missing "--default-runtime" flag in manpage Add missing flag and more descriptions in manpage. Signed-off-by: Zhang Wei --- docs/reference/commandline/dockerd.md | 22 +++++++++-------- man/dockerd.8.md | 34 ++++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 11 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index b8bc8b712c..24ac77611d 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -684,16 +684,18 @@ configuration file or using the `--add-runtime` command line argument. The following is an example adding 2 runtimes via the configuration: ```json -"default-runtime": "runc", -"runtimes": { - "runc": { - "path": "runc" - }, - "custom": { - "path": "/usr/local/bin/my-runc-replacement", - "runtimeArgs": [ - "--debug" - ] +{ + "default-runtime": "runc", + "runtimes": { + "runc": { + "path": "runc" + }, + "custom": { + "path": "/usr/local/bin/my-runc-replacement", + "runtimeArgs": [ + "--debug" + ] + } } } ``` diff --git a/man/dockerd.8.md b/man/dockerd.8.md index f99e7a7cab..761dc6b9be 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -20,6 +20,7 @@ dockerd - Enable daemon mode [**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] +[**--default-runtime**[=*runc*]] [**--default-ulimit**[=*[]*]] [**--disable-legacy-registry**] [**--dns**[=*[]*]] @@ -84,7 +85,35 @@ following format. # OPTIONS **--add-runtime**=[] - Set additional OCI compatible runtime. + Runtimes can be registered with the daemon either via the +configuration file or using the `--add-runtime` command line argument. + + The following is an example adding 2 runtimes via the configuration: + +```json +{ + "default-runtime": "runc", + "runtimes": { + "runc": { + "path": "runc" + }, + "custom": { + "path": "/usr/local/bin/my-runc-replacement", + "runtimeArgs": [ + "--debug" + ] + } + } +} +``` + + This is the same example via the command line: + +```bash +$ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement +``` + + **Note**: defining runtime arguments via the command line is not supported. **--api-cors-header**="" Set CORS headers in the Engine API. Default is cors disabled. Give urls like @@ -132,6 +161,9 @@ following format. **--default-gateway-v6**="" IPv6 address of the container default gateway +**--default-runtime**="runc" + Set default runtime if there're more than one specified by `--add-runtime`. + **--default-ulimit**=[] Default ulimits for containers. From 40f445d60578eff6396cd187a7caa3bf173849bc Mon Sep 17 00:00:00 2001 From: Victoria Bialas Date: Tue, 20 Dec 2016 17:45:32 -0800 Subject: [PATCH 2192/2538] followup to incorporate review comments per previous reviews on PR#29561 incorporated review comments Signed-off-by: Victoria Bialas --- docs/reference/glossary.md | 60 ++++++++++++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 12 deletions(-) diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index 6404b8ef2f..faaa0ea070 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -62,6 +62,28 @@ be done to get it running. *Also known as : docker-compose, fig* +## copy-on-write + +Docker uses a +[copy-on-write](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/#/the-copy-on-write-strategy) +technique and a [union file system](#union-file-system) for both images and +containers to optimize resources and speed performance. Multiple copies of an +entity share the same instance and each one makes only specific changes to its +unique layer. + +Multiple containers can share access to the same image, and make +container-specific changes on a writable layer which is deleted when +the container is removed. This speeds up container start times and performance. + +Images are essentially layers of filesystems typically predicated on a base +image under a writable layer, and built up with layers of differences from the +base image. This minimizes the footprint of the image and enables shared +development. + +For more about copy-on-write in the context of Docker, see [Understand images, +containers, and storage +drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/). + ## container A container is a runtime instance of a [docker image](#image). @@ -100,19 +122,21 @@ lightweight Docker development environment designed specifically for the Mac. A native Mac application, Docker for Mac uses the macOS Hypervisor framework, networking, and filesystem. It's the best solution if you want to build, debug, test, package, and ship Dockerized applications on a Mac. Docker for Mac -supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker for macOS. +supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker on macOS. + ## Docker for Windows [Docker for Windows](https://docs.docker.com/docker-for-windows/) is an easy-to-install, lightweight Docker development environment designed -specifically for Windows systems. Docker for Windows uses Microsoft Hyper-V, and -runs as a native Windows app. It works with Windows Server 2016, and gives you -the ability to set up and run Windows containers as well as the standard Linux -containers (with an option to switch between the two). Docker for Windows is the -best solution if you want to build, debug, test, package, and ship Dockerized -applications on Windows machines. It supersedes [Docker Toolbox](#toolbox) as -state-of-the-art Docker on Windows. +specifically for Windows 10 systems that support Microsoft Hyper-V +(Professional, Enterprise and Education). Docker for Windows uses Hyper-V for +virtualization, and runs as a native Windows app. It works with Windows Server +2016, and gives you the ability to set up and run Windows containers as well as +the standard Linux containers, with an option to switch between the two. Docker +for Windows is the best solution if you want to build, debug, test, package, and +ship Dockerized applications from Windows machines. Docker for Windows +supersedes [Docker Toolbox](#toolbox) as state-of-the-art Docker on Windows. ## Docker Hub @@ -296,13 +320,25 @@ For Windows 10 systems that support Microsoft Hyper-V (Professional, Enterprise and Education), [Docker for Windows](https://docs.docker.com/docker-for-windows/) is the better solution. - ## Union file system -Union file systems, or UnionFS, are file systems that operate by creating -layers, making them very lightweight and fast. Docker uses union file systems to -provide the building blocks for containers. +Union file systems implement a [union +mount](https://en.wikipedia.org/wiki/Union_mount) and operate by creating +layers. Docker uses union file systems in conjunction with +[copy-on-write](#copy-on-write) techniques to provide the building blocks for +containers, making them very lightweight and fast. +For more on Docker and union file systems, see [Docker and AUFS in +practice](https://docs.docker.com/engine/userguide/storagedriver/aufs-driver/), +[Docker and Btrfs in +practice](https://docs.docker.com/engine/userguide/storagedriver/btrfs-driver/), +and [Docker and OverlayFS in +practice](https://docs.docker.com/engine/userguide/storagedriver/overlayfs-driver/) + +Example implementations of union file systems are +[UnionFS](https://en.wikipedia.org/wiki/UnionFS), +[AUFS](https://en.wikipedia.org/wiki/Aufs), and +[Btrfs](https://btrfs.wiki.kernel.org/index.php/Main_Page). ## virtual machine From e31e2d5bd4c008cc624ee6e3cf9eb9afe0924dd7 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Tue, 20 Dec 2016 08:26:58 -0800 Subject: [PATCH 2193/2538] Enforce zero plugin refcount during disable. When plugins have a positive refcount, they were not allowed to be removed. However, plugins could still be disabled when volumes referenced it and containers using them were running. This change fixes that by enforcing plugin refcount during disable. A "force" disable option is also added to ignore reference refcounting. Signed-off-by: Anusha Ragunathan --- docs/reference/commandline/plugin_disable.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index 4bffb2cecf..0d4ab7d308 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -21,11 +21,13 @@ Usage: docker plugin disable PLUGIN Disable a plugin Options: - --help Print usage + -f, --force Force the disable of an active plugin + --help Print usage ``` Disables a plugin. The plugin must be installed before it can be disabled, -see [`docker plugin install`](plugin_install.md). +see [`docker plugin install`](plugin_install.md). Without the `-f` option, +a plugin that has references (eg, volumes, networks) cannot be disabled. The following example shows that the `no-remove` plugin is installed From b5b3dd4c6b53e7ecb45b72f721b66e281a6a15a5 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 12 Dec 2016 15:05:53 -0800 Subject: [PATCH 2194/2538] Implement content addressability for plugins Move plugins to shared distribution stack with images. Create immutable plugin config that matches schema2 requirements. Ensure data being pushed is same as pulled/created. Store distribution artifacts in a blobstore. Run init layer setup for every plugin start. Fix breakouts from unsafe file accesses. Add support for `docker plugin install --alias` Uses normalized references for default names to avoid collisions when using default hosts/tags. Some refactoring of the plugin manager to support the change, like removing the singleton manager and adding manager config struct. Signed-off-by: Tonis Tiigi Signed-off-by: Derek McGowan --- docs/extend/index.md | 161 ++----------------- docs/reference/commandline/plugin_create.md | 4 +- docs/reference/commandline/plugin_inspect.md | 3 +- docs/reference/commandline/plugin_install.md | 1 + 4 files changed, 19 insertions(+), 150 deletions(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index e00081bffa..fc31e74ce4 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -109,93 +109,6 @@ commands and options, see the ## Developing a plugin -Currently, there are no CLI commands available to help you develop a plugin. -This is expected to change in a future release. The manual process for creating -plugins is described in this section. - -### Plugin location and files - -Plugins are stored in `/var/lib/docker/plugins`. The `plugins.json` file lists -each plugin's configuration, and each plugin is stored in a directory with a -unique identifier. - -```bash -# ls -la /var/lib/docker/plugins -total 20 -drwx------ 4 root root 4096 Aug 8 18:03 . -drwx--x--x 12 root root 4096 Aug 8 17:53 .. -drwxr-xr-x 3 root root 4096 Aug 8 17:56 cd851ce43a403 --rw------- 1 root root 2107 Aug 8 18:03 plugins.json -``` - -### Format of plugins.json - -The `plugins.json` is an inventory of all installed plugins. This example shows -a `plugins.json` with a single plugin installed. - -```json -# cat plugins.json -{ - "cd851ce43a403": { - "plugin": { - "Config": { - "Args": { - "Value": null, - "Settable": null, - "Description": "", - "Name": "" - }, - "Env": null, - "Devices": null, - "Mounts": null, - "Capabilities": [ - "CAP_SYS_ADMIN" - ], - "Description": "sshFS plugin for Docker", - "Documentation": "https://docs.docker.com/engine/extend/plugins/", - "Interface": { - "Socket": "sshfs.sock", - "Types": [ - "docker.volumedriver/1.0" - ] - }, - "Entrypoint": [ - "/go/bin/docker-volume-sshfs" - ], - "Workdir": "", - "User": {}, - "Network": { - "Type": "host" - } - }, - "Config": { - "Devices": null, - "Args": null, - "Env": [], - "Mounts": [] - }, - "Active": true, - "Tag": "latest", - "Name": "vieux/sshfs", - "Id": "cd851ce43a403" - } - } -} -``` - -### Contents of a plugin directory - -Each directory within `/var/lib/docker/plugins/` contains a `rootfs` directory -and two JSON files. - -```bash -# ls -la /var/lib/docker/plugins/cd851ce43a403 -total 12 -drwx------ 19 root root 4096 Aug 8 17:56 rootfs --rw-r--r-- 1 root root 50 Aug 8 17:56 plugin-settings.json --rw------- 1 root root 347 Aug 8 17:56 config.json -``` - #### The rootfs directory The `rootfs` directory represents the root filesystem of the plugin. In this example, it was created from a Dockerfile: @@ -206,20 +119,17 @@ plugin's filesystem for docker to communicate with the plugin. ```bash $ git clone https://github.com/vieux/docker-volume-sshfs $ cd docker-volume-sshfs -$ docker build -t rootfs . -$ id=$(docker create rootfs true) # id was cd851ce43a403 when the image was created -$ sudo mkdir -p /var/lib/docker/plugins/$id/rootfs -$ sudo docker export "$id" | sudo tar -x -C /var/lib/docker/plugins/$id/rootfs -$ sudo chgrp -R docker /var/lib/docker/plugins/ +$ docker build -t rootfsimage . +$ id=$(docker create rootfsimage true) # id was cd851ce43a403 when the image was created +$ sudo mkdir -p myplugin/rootfs +$ sudo docker export "$id" | sudo tar -x -C myplugin/rootfs $ docker rm -vf "$id" -$ docker rmi rootfs +$ docker rmi rootfsimage ``` -#### The config.json and plugin-settings.json files +#### The config.json file -The `config.json` file describes the plugin. The `plugin-settings.json` file -contains runtime parameters and is only required if your plugin has runtime -parameters. [See the Plugins Config reference](config.md). +The `config.json` file describes the plugin. See the [plugins config reference](config.md). Consider the following `config.json` file. @@ -242,56 +152,15 @@ Consider the following `config.json` file. This plugin is a volume driver. It requires a `host` network and the `CAP_SYS_ADMIN` capability. It depends upon the `/go/bin/docker-volume-sshfs` entrypoint and uses the `/run/docker/plugins/sshfs.sock` socket to communicate -with Docker Engine. - - -Consider the following `plugin-settings.json` file. - -```json -{ - "Devices": null, - "Args": null, - "Env": [], - "Mounts": [] -} -``` - -This plugin has no runtime parameters. - -Each of these JSON files is included as part of `plugins.json`, as you can see -by looking back at the example above. After a plugin is installed, `config.json` -is read-only, but `plugin-settings.json` is read-write, and includes all runtime -configuration options for the plugin. +with Docker Engine. This plugin has no runtime parameters. ### Creating the plugin -Follow these steps to create a plugin: +A new plugin can be created by running +`docker plugin create ./path/to/plugin/data` where the plugin +data contains a plugin configuration file `config.json` and a root filesystem +in subdirectory `rootfs`. -1. Choose a name for the plugin. Plugin name uses the same format as images, - for example: `/`. - -2. Create a `rootfs` and export it to `/var/lib/docker/plugins/$id/rootfs` - using `docker export`. See [The rootfs directory](#the-rootfs-directory) for - an example of creating a `rootfs`. - -3. Create a `config.json` file in `/var/lib/docker/plugins/$id/`. - -4. Create a `plugin-settings.json` file if needed. - -5. Create or add a section to `/var/lib/docker/plugins/plugins.json`. Use - `/` as “Name” and `$id` as “Id”. - -6. Restart the Docker Engine service. - -7. Run `docker plugin ls`. - * If your plugin is enabled, you can push it to the - registry. - * If the plugin is not listed or is disabled, something went wrong. - Check the daemon logs for errors. - -8. If you are not already logged in, use `docker login` to authenticate against - the registry so that you can push to it. - -9. Run `docker plugin push /` to push the plugin. - -The plugin can now be used by any user with access to your registry. +After that the plugin `` will show up in `docker plugin ls`. +Plugins can be pushed to remote registries with +`docker plugin push `. \ No newline at end of file diff --git a/docs/reference/commandline/plugin_create.md b/docs/reference/commandline/plugin_create.md index a778fb197f..f1593f05f4 100644 --- a/docs/reference/commandline/plugin_create.md +++ b/docs/reference/commandline/plugin_create.md @@ -16,9 +16,9 @@ keywords: "plugin, create" # plugin create ```markdown -Usage: docker plugin create [OPTIONS] PLUGIN[:tag] PATH-TO-ROOTFS(rootfs + config.json) +Usage: docker plugin create [OPTIONS] PLUGIN PLUGIN-DATA-DIR -Create a plugin from a rootfs and configuration +Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory. Options: --compress Compress the context using gzip diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 9e09e0c587..ded6bd2ee2 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -36,8 +36,7 @@ $ docker plugin inspect tiborvass/no-remove:latest ```JSON { "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21", - "Name": "tiborvass/no-remove", - "Tag": "latest", + "Name": "tiborvass/no-remove:latest", "Enabled": true, "Config": { "Mounts": [ diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index f33fc55a56..3a48aef209 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -21,6 +21,7 @@ Usage: docker plugin install [OPTIONS] PLUGIN [KEY=VALUE...] Install a plugin Options: + --alias string Local name for plugin --disable Do not enable the plugin on install --grant-all-permissions Grant all permissions necessary to run the plugin --help Print usage From a59544ff3d5858e105130a5bd14e38d437abb845 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Sat, 19 Nov 2016 11:41:07 -0500 Subject: [PATCH 2195/2538] Moves graphdriver plugn docs out of experimental Also updates some of the structures being sent so plugins are getting all the new options. Signed-off-by: Brian Goff --- .../extend}/plugins_graphdriver.md | 128 ++++++++++++------ 1 file changed, 85 insertions(+), 43 deletions(-) rename {experimental => docs/extend}/plugins_graphdriver.md (75%) diff --git a/experimental/plugins_graphdriver.md b/docs/extend/plugins_graphdriver.md similarity index 75% rename from experimental/plugins_graphdriver.md rename to docs/extend/plugins_graphdriver.md index 2589ba38be..fdcb34d7b6 100644 --- a/experimental/plugins_graphdriver.md +++ b/docs/extend/plugins_graphdriver.md @@ -1,12 +1,42 @@ -# Experimental: Docker graph driver plugins +--- +title: "Graphdriver plugins" +description: "How to manage image and container filesystems with external plugins" +keywords: "Examples, Usage, storage, image, docker, data, graph, plugin, api" +advisory: experimental +--- + + + + +## Changelog + +### 1.13.0 + +- Support v2 plugins + +# Docker graph driver plugins Docker graph driver plugins enable admins to use an external/out-of-process graph driver for use with Docker engine. This is an alternative to using the built-in storage drivers, such as aufs/overlay/devicemapper/btrfs. -A graph driver plugin is used for image and container filesystem storage, as such -the plugin must be started and available for connections prior to Docker Engine -being started. +You need to install and enable the plugin and then restart the Docker daemon +before using the plugin. See the following example for the correct ordering +of steps. + +``` +$ docker plugin install cpuguy83/docker-overlay2-graphdriver-plugin # this command also enables the driver + +$ pkill dockerd +$ dockerd --experimental -s cpuguy83/docker-overlay2-graphdriver-plugin +``` # Write a graph driver plugin @@ -22,20 +52,30 @@ expected to provide the rootfs for containers as well as image layer storage. ### /GraphDriver.Init **Request**: -``` +```json { "Home": "/graph/home/path", - "Opts": [] + "Opts": [], + "UIDMaps": [], + "GIDMaps": [] } ``` Initialize the graph driver plugin with a home directory and array of options. -Plugins are not required to accept these options as the Docker Engine does not -require that the plugin use this path or options, they are only being passed -through from the user. +These are passed through from the user, but the plugin is not required to parse +or honor them. + +The request also includes a list of UID and GID mappings, structed as follows: +```json +{ + "ContainerID": 0, + "HostID": 0, + "Size": 0 +} +``` **Response**: -``` +```json { "Err": "" } @@ -47,20 +87,21 @@ Respond with a non-empty string error if an error occurred. ### /GraphDriver.Create **Request**: -``` +```json { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", - "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" - "MountLabel": "" + "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142", + "MountLabel": "", + "StorageOpt": {} } ``` Create a new, empty, read-only filesystem layer with the specified -`ID`, `Parent` and `MountLabel`. `Parent` may be an empty string, -which would indicate that there is no parent layer. +`ID`, `Parent` and `MountLabel`. If `Parent` is an empty string, there is no +parent layer. `StorageOpt` is map of strings which indicate storage options. **Response**: -``` +```json { "Err": "" } @@ -71,11 +112,12 @@ Respond with a non-empty string error if an error occurred. ### /GraphDriver.CreateReadWrite **Request**: -``` +```json { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", - "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" - "MountLabel": "" + "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142", + "MountLabel": "", + "StorageOpt": {} } ``` @@ -84,7 +126,7 @@ Similar to `/GraphDriver.Create` but creates a read-write filesystem layer. ### /GraphDriver.Remove **Request**: -``` +```json { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" } @@ -93,7 +135,7 @@ Similar to `/GraphDriver.Create` but creates a read-write filesystem layer. Remove the filesystem layer with this given `ID`. **Response**: -``` +```json { "Err": "" } @@ -104,9 +146,9 @@ Respond with a non-empty string error if an error occurred. ### /GraphDriver.Get **Request**: -``` +```json { - "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" + "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", "MountLabel": "" } ``` @@ -114,7 +156,7 @@ Respond with a non-empty string error if an error occurred. Get the mountpoint for the layered filesystem referred to by the given `ID`. **Response**: -``` +```json { "Dir": "/var/mygraph/46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", "Err": "" @@ -127,7 +169,7 @@ Respond with a non-empty string error if an error occurred. ### /GraphDriver.Put **Request**: -``` +```json { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" } @@ -137,7 +179,7 @@ Release the system resources for the specified `ID`, such as unmounting the filesystem layer. **Response**: -``` +```json { "Err": "" } @@ -148,7 +190,7 @@ Respond with a non-empty string error if an error occurred. ### /GraphDriver.Exists **Request**: -``` +```json { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" } @@ -157,7 +199,7 @@ Respond with a non-empty string error if an error occurred. Determine if a filesystem layer with the specified `ID` exists. **Response**: -``` +```json { "Exists": true } @@ -169,14 +211,14 @@ Respond with a boolean for whether or not the filesystem layer with the specifie ### /GraphDriver.Status **Request**: -``` +```json {} ``` Get low-level diagnostic information about the graph driver. **Response**: -``` +```json { "Status": [[]] } @@ -189,7 +231,7 @@ information. ### /GraphDriver.GetMetadata **Request**: -``` +```json { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187" } @@ -199,7 +241,7 @@ Get low-level diagnostic information about the layered filesystem with the with the specified `ID` **Response**: -``` +```json { "Metadata": {}, "Err": "" @@ -213,15 +255,15 @@ Respond with a non-empty string error if an error occurred. ### /GraphDriver.Cleanup **Request**: -``` +```json {} ``` -Perform necessary tasks to release resources help by the plugin, for example +Perform necessary tasks to release resources help by the plugin, such as unmounting all the layered file systems. **Response**: -``` +```json { "Err": "" } @@ -233,7 +275,7 @@ Respond with a non-empty string error if an error occurred. ### /GraphDriver.Diff **Request**: -``` +```json { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" @@ -251,7 +293,7 @@ and `Parent`. `Parent` may be an empty string, in which case there is no parent. ### /GraphDriver.Changes **Request**: -``` +```json { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" @@ -259,10 +301,10 @@ and `Parent`. `Parent` may be an empty string, in which case there is no parent. ``` Get a list of changes between the filesystem layers specified by the `ID` and -`Parent`. `Parent` may be an empty string, in which case there is no parent. +`Parent`. If `Parent` is an empty string, there is no parent. **Response**: -``` +```json { "Changes": [{}], "Err": "" @@ -270,7 +312,7 @@ Get a list of changes between the filesystem layers specified by the `ID` and ``` Respond with a list of changes. The structure of a change is: -``` +```json "Path": "/some/path", "Kind": 0, ``` @@ -300,7 +342,7 @@ and `Parent` - parent (required)- the `Parent` of the given `ID` **Response**: -``` +```json { "Size": 512366, "Err": "" @@ -313,7 +355,7 @@ Respond with a non-empty string error if an error occurred. ### /GraphDriver.DiffSize **Request**: -``` +```json { "ID": "46fe8644f2572fd1e505364f7581e0c9dbc7f14640bd1fb6ce97714fb6fc5187", "Parent": "2cd9c322cb78a55e8212aa3ea8425a4180236d7106938ec921d0935a4b8ca142" @@ -323,7 +365,7 @@ Respond with a non-empty string error if an error occurred. Calculate the changes between the specified `ID` **Response**: -``` +```json { "Size": 512366, "Err": "" From 93ca1a3122bda06591831317c667cb690f51fc22 Mon Sep 17 00:00:00 2001 From: Yanqiang Miao Date: Sat, 24 Dec 2016 15:03:38 +0800 Subject: [PATCH 2196/2538] Add 'volume prune' to the volume commands index Signed-off-by: Yanqiang Miao --- docs/reference/commandline/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 3402f24190..0374645708 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -106,6 +106,7 @@ read the [`dockerd`](dockerd.md) reference page. | [volume create](volume_create.md) | Creates a new volume where containers can consume and store data | | [volume inspect](volume_inspect.md) | Display information about a volume | | [volume ls](volume_ls.md) | Lists all the volumes Docker knows about | +| [volume prune](volume_prune.md) | Remove all unused volumes | | [volume rm](volume_rm.md) | Remove one or more volumes | From 73a5149c500cbe84347dbe52c28665443c494eeb Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 25 Dec 2016 06:04:43 -0800 Subject: [PATCH 2197/2538] Cleanup bash completion for `service create|update` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 55b52c0bac..8a1b4d9b6f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2765,6 +2765,10 @@ _docker_service_update() { _filedir return ;; + --group) + COMPREPLY=( $(compgen -g -- "$cur") ) + return + ;; --host) case "$cur" in *:) @@ -2781,10 +2785,6 @@ _docker_service_update() { __docker_complete_secrets return ;; - --group) - COMPREPLY=( $(compgen -g -- "$cur") ) - return - ;; esac fi if [ "$subcommand" = "update" ] ; then @@ -2810,11 +2810,7 @@ _docker_service_update() { " case "$prev" in - --group-add) - COMPREPLY=( $(compgen -g -- "$cur") ) - return - ;; - --group-rm) + --group-add|--group-rm) COMPREPLY=( $(compgen -g -- "$cur") ) return ;; From b78f47ca4a4b44290a071eac6b7243b6ecbd1bc6 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 25 Dec 2016 05:32:50 -0800 Subject: [PATCH 2198/2538] Add bash completion for `plugin install --alias` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8a1b4d9b6f..1b87a18e08 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3262,9 +3262,15 @@ _docker_plugin_inspect() { } _docker_plugin_install() { + case "$prev" in + --alias) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--disable --grant-all-permissions--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--alias --disable --grant-all-permissions --help" -- "$cur" ) ) ;; esac } From 348a7520c98d1228442bfa4bb01db9da48b07539 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 27 Dec 2016 00:27:32 +0800 Subject: [PATCH 2199/2538] Update the index of docker command line Signed-off-by: yuexiao-wang --- docs/reference/commandline/index.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 0374645708..2345406c4f 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -45,6 +45,7 @@ read the [`dockerd`](dockerd.md) reference page. | [images](images.md) | List images | | [import](import.md) | Import the contents from a tarball to create a filesystem image | | [load](load.md) | Load an image from a tar archive or STDIN | +| [image prune](image_prune.md) | Remove unused images | | [rmi](rmi.md) | Remove one or more images | | [save](save.md) | Save images to a tar archive | | [tag](tag.md) | Tag an image into a repository | @@ -54,6 +55,7 @@ read the [`dockerd`](dockerd.md) reference page. | Command | Description | |:--------|:-------------------------------------------------------------------| | [attach](attach.md) | Attach to a running container | +| [container prune](container_prune.md) | Remove all stopped containers | | [cp](cp.md) | Copy files/folders from a container to a HOSTDIR or to STDOUT | | [create](create.md) | Create a new container | | [diff](diff.md) | Inspect changes on a container's filesystem | @@ -96,9 +98,9 @@ read the [`dockerd`](dockerd.md) reference page. | [network disconnect](network_disconnect.md) | Disconnect a container from a network | | [network inspect](network_inspect.md) | Display information about a network | | [network ls](network_ls.md) | Lists all the networks the Engine `daemon` knows about | +| [network prune](network_prune.md) | Remove all unused networks | | [network rm](network_rm.md) | Removes one or more networks | - ### Shared data volume commands | Command | Description | @@ -109,18 +111,17 @@ read the [`dockerd`](dockerd.md) reference page. | [volume prune](volume_prune.md) | Remove all unused volumes | | [volume rm](volume_rm.md) | Remove one or more volumes | - ### Swarm node commands | Command | Description | |:--------|:-------------------------------------------------------------------| -| [node promote](node_promote.md) | Promote a node that is pending a promotion to manager | | [node demote](node_demote.md) | Demotes an existing manager so that it is no longer a manager | | [node inspect](node_inspect.md) | Inspect a node in the swarm | -| [node update](node_update.md) | Update attributes for a node | -| [node ps](node_ps.md) | List tasks running on one or more nodes | | [node ls](node_ls.md) | List nodes in the swarm | +| [node promote](node_promote.md) | Promote a node that is pending a promotion to manager | +| [node ps](node_ps.md) | List tasks running on one or more nodes | | [node rm](node_rm.md) | Remove one or more nodes from the swarm | +| [node update](node_update.md) | Update attributes for a node | ### Swarm swarm commands @@ -129,8 +130,10 @@ read the [`dockerd`](dockerd.md) reference page. | [swarm init](swarm_init.md) | Initialize a swarm | | [swarm join](swarm_join.md) | Join a swarm as a manager node or worker node | | [swarm leave](swarm_leave.md) | Remove the current node from the swarm | -| [swarm update](swarm_update.md) | Update attributes of a swarm | | [swarm join-token](swarm_join_token.md) | Display or rotate join tokens | +| [swarm unlock](swarm_unlock.md) | Unlock swarm | +| [swarm unlock-key](swarm_unlock_key.md) | Manage the unlock key | +| [swarm update](swarm_update.md) | Update attributes of a swarm | ### Swarm service commands @@ -138,8 +141,9 @@ read the [`dockerd`](dockerd.md) reference page. |:--------|:-------------------------------------------------------------------| | [service create](service_create.md) | Create a new service | | [service inspect](service_inspect.md) | Inspect a service | +| [service logs](service_logs.md) | Fetch the logs of a service | | [service ls](service_ls.md) | List services in the swarm | +| [service ps](service_ps.md) | List the tasks of a service | | [service rm](service_rm.md) | Remove a service from the swarm | | [service scale](service_scale.md) | Set the number of replicas for the desired state of the service | -| [service ps](service_ps.md) | List the tasks of a service | | [service update](service_update.md) | Update the attributes of a service | From b193004923f1b118154951f8fbe234c1c206031b Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 22 Dec 2016 19:27:40 +0800 Subject: [PATCH 2200/2538] Update the manuals of docker and dockerd Signed-off-by: yuexiao-wang --- man/docker.1.md | 16 ++-------------- man/dockerd.8.md | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/man/docker.1.md b/man/docker.1.md index 84b470ee41..abedb45ca9 100644 --- a/man/docker.1.md +++ b/man/docker.1.md @@ -7,12 +7,10 @@ docker \- Docker image and container command line interface # SYNOPSIS **docker** [OPTIONS] COMMAND [ARG...] -**docker** daemon [--help|...] - **docker** [--help|-v|--version] # DESCRIPTION -is a client for interacting with the daemon (see **dockerd(8)**) through the CLI. +**docker** is a client for interacting with the daemon (see **dockerd(8)**) through the CLI. The Docker CLI has over 30 commands. The commands are listed below and each has its own man page which explain usage and arguments. @@ -62,17 +60,7 @@ unix://[/path/to/socket] to use. Use "docker help" or "docker --help" to get an overview of available commands. -# RUNTIME EXECUTION OPTIONS - -Use the **--exec-opt** flags to specify options to the execution driver. -The following options are available: - -#### native.cgroupdriver -Specifies the management of the container's `cgroups`. You can specify `cgroupfs` -or `systemd`. If you specify `systemd` and it is not available, the system errors -out. - -#### Client +# EXAMPLES For specific client examples please see the man page for the specific Docker command. For example: diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 761dc6b9be..d64fe1f21e 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -704,6 +704,24 @@ For information about how to create an authorization plugin, see [authorization plugin](https://docs.docker.com/engine/extend/authorization/) section in the Docker extend section of this documentation. +# RUNTIME EXECUTION OPTIONS + +You can configure the runtime using options specified with the `--exec-opt` flag. +All the flag's options have the `native` prefix. A single `native.cgroupdriver` +option is available. + +The `native.cgroupdriver` option specifies the management of the container's +cgroups. You can only specify `cgroupfs` or `systemd`. If you specify +`systemd` and it is not available, the system errors out. If you omit the +`native.cgroupdriver` option,` cgroupfs` is used. + +This example sets the `cgroupdriver` to `systemd`: + +```bash +$ sudo dockerd --exec-opt native.cgroupdriver=systemd +``` + +Setting this option applies to all containers the daemon launches. # HISTORY Sept 2015, Originally compiled by Shishir Mahajan From 7e5ce47599c33b97117b6acfb9a5d93371f1efc4 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 26 Dec 2016 13:47:43 -0800 Subject: [PATCH 2201/2538] Remove `docker stack ps -a` to match removal of `docker service/node ps -a` In #28507 and #28885, `docker service/node ps -a` has been removed so that information about slots are show up even without `-a` flag. The output of `docker stack ps` reused the same output as `docker service/node ps`. However, the `-a` was still there. It might make sense to remove `docker stack ps -a` as well to bring consistency with `docker service/node ps`. This fix is related to #28507, #28885, and #25983. Signed-off-by: Yong Tang --- docs/reference/commandline/stack_ps.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/stack_ps.md b/docs/reference/commandline/stack_ps.md index 75223e07d9..01dc63b7d9 100644 --- a/docs/reference/commandline/stack_ps.md +++ b/docs/reference/commandline/stack_ps.md @@ -21,10 +21,10 @@ Usage: docker stack ps [OPTIONS] STACK List the tasks in the stack Options: - -a, --all Display all tasks - -f, --filter value Filter output based on conditions provided - --no-resolve Do not map IDs to Names - --no-trunc Do not truncate output + -f, --filter filter Filter output based on conditions provided + --help Print usage + --no-resolve Do not map IDs to Names + --no-trunc Do not truncate output ``` Lists the tasks that are running as part of the specified stack. This From fcb3a0e88bf8932dc64414a7f09d43b5b613b775 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Tue, 27 Dec 2016 02:17:35 +0800 Subject: [PATCH 2202/2538] Update 'ID' field for 'docker plugin ls' Signed-off-by: yuexiao-wang --- docs/extend/index.md | 4 ++-- docs/reference/commandline/plugin_disable.md | 8 ++++---- docs/reference/commandline/plugin_enable.md | 8 ++++---- docs/reference/commandline/plugin_install.md | 4 ++-- docs/reference/commandline/plugin_push.md | 5 ++--- 5 files changed, 14 insertions(+), 15 deletions(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index fc31e74ce4..e7a62ba758 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -69,8 +69,8 @@ enabled, and use it to create a volume. ```bash $ docker plugin ls - NAME TAG ENABLED - vieux/sshfs latest true + ID NAME TAG DESCRIPTION ENABLED + 69553ca1d789 vieux/sshfs latest the `sshfs` plugin true ``` 3. Create a volume using the plugin. diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index 0d4ab7d308..66b0ca9466 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -36,8 +36,8 @@ and enabled: ```bash $ docker plugin ls -NAME TAG DESCRIPTION ENABLED -tiborvass/no-remove latest A test plugin for Docker true +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/no-remove latest A test plugin for Docker true ``` To disable the plugin, use the following command: @@ -49,8 +49,8 @@ tiborvass/no-remove $ docker plugin ls -NAME TAG DESCRIPTION ENABLED -tiborvass/no-remove latest A test plugin for Docker false +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/no-remove latest A test plugin for Docker false ``` ## Related information diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index a1f94df051..36fb7640ac 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -35,8 +35,8 @@ but disabled: ```bash $ docker plugin ls -NAME TAG DESCRIPTION ENABLED -tiborvass/no-remove latest A test plugin for Docker false +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/no-remove latest A test plugin for Docker false ``` To enable the plugin, use the following command: @@ -48,8 +48,8 @@ tiborvass/no-remove $ docker plugin ls -NAME TAG DESCRIPTION ENABLED -tiborvass/no-remove latest A test plugin for Docker true +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/no-remove latest A test plugin for Docker true ``` ## Related information diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 3a48aef209..502eb441bf 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -54,8 +54,8 @@ After the plugin is installed, it appears in the list of plugins: ```bash $ docker plugin ls -NAME TAG DESCRIPTION ENABLED -tiborvass/no-remove latest A test plugin for Docker true +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/no-remove latest A test plugin for Docker true ``` ## Related information diff --git a/docs/reference/commandline/plugin_push.md b/docs/reference/commandline/plugin_push.md index 07f2a66a37..2747f4c4a9 100644 --- a/docs/reference/commandline/plugin_push.md +++ b/docs/reference/commandline/plugin_push.md @@ -32,9 +32,8 @@ The following example shows how to push a sample `user/plugin`. ```bash $ docker plugin ls -NAME TAG DESCRIPTION ENABLED -user/plugin latest A sample plugin for Docker false - +ID NAME TAG DESCRIPTION ENABLED +69553ca1d456 user/plugin latest A sample plugin for Docker false $ docker plugin push user/plugin ``` From a724a5d8c9d6dd828c5e7deea3815b3ed4c0b621 Mon Sep 17 00:00:00 2001 From: zhenghenghuo Date: Mon, 26 Dec 2016 12:49:37 +0800 Subject: [PATCH 2203/2538] fix some typos Signed-off-by: zhenghenghuo try to pass test Signed-off-by: zhenghenghuo try to pass the test Signed-off-by: zhenghenghuo --- docs/extend/plugins_volume.md | 4 ++-- docs/reference/commandline/dockerd.md | 4 ++-- experimental/vlan-networks.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index c060bf39b1..0a79efa022 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -169,7 +169,7 @@ Docker needs reminding of the path to the volume on the host. Respond with the path on the host filesystem where the volume has been made available, and/or a string error if an error occurred. `Mountpoint` is optional, -however the plugin may be queried again later if one is not provided. +however, the plugin may be queried again later if one is not provided. ### /VolumeDriver.Unmount @@ -257,7 +257,7 @@ Respond with a string error if an error occurred. `Mountpoint` is optional. ``` Get the list of capabilities the driver supports. -The driver is not required to implement this endpoint, however in such cases +The driver is not required to implement this endpoint, however, in such cases the default values will be taken. **Response**: diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 24ac77611d..8d4423e3a4 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -237,7 +237,7 @@ drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay` and `overlay2`. The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that is unlikely to be merged into the main kernel. These are also known to cause -some serious kernel crashes. However, `aufs` allows containers to share +some serious kernel crashes. However `aufs` allows containers to share executable and shared library memory, so is a useful choice when running thousands of containers with the same program or libraries. @@ -658,7 +658,7 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. Overrides the Linux kernel version check allowing overlay2. Support for specifying multiple lower directories needed by overlay2 was added to the - Linux kernel in 4.0.0. However some older kernel versions may be patched + Linux kernel in 4.0.0. However, some older kernel versions may be patched to add multiple lower directory support for OverlayFS. This option should only be used after verifying this support exists in the kernel. Applying this option on a kernel without this support will cause failures on mount. diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index c2bddef320..babb2ca6da 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -166,7 +166,7 @@ $ ip route Example: Multi-Subnet Ipvlan L2 Mode starting two containers on the same subnet and pinging one another. In order for the `192.168.114.0/24` to reach `192.168.116.0/24` it requires an external router in L2 mode. L3 mode can route between subnets that share a common `-o parent=`. -Secondary addresses on network routers are common as an address space becomes exhausted to add another secondary to a L3 vlan interface or commonly referred to as a "switched virtual interface" (SVI). +Secondary addresses on network routers are common as an address space becomes exhausted to add another secondary to an L3 vlan interface or commonly referred to as a "switched virtual interface" (SVI). ``` docker network create -d ipvlan \ From 6f6cd51db6ae7fb3c455ce27ccb52a70f5c1a386 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 28 Dec 2016 23:00:38 +0800 Subject: [PATCH 2204/2538] Update the field 'CONTAINER ID' for docker ps Signed-off-by: yuexiao-wang --- docs/reference/commandline/commit.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index e9a8717012..9ca3ec5a90 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -49,7 +49,7 @@ created. Supported `Dockerfile` instructions: ## Commit a container $ docker ps - ID IMAGE COMMAND CREATED STATUS PORTS NAMES + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton $ docker commit c3f279d17e0a svendowideit/testimage:version3 @@ -62,7 +62,7 @@ created. Supported `Dockerfile` instructions: {% raw %} $ docker ps - ID IMAGE COMMAND CREATED STATUS PORTS NAMES + ICONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton $ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a @@ -76,7 +76,7 @@ created. Supported `Dockerfile` instructions: ## Commit a container with new `CMD` and `EXPOSE` instructions $ docker ps - ID IMAGE COMMAND CREATED STATUS PORTS NAMES + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton @@ -87,7 +87,7 @@ created. Supported `Dockerfile` instructions: 89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0 $ docker ps - ID IMAGE COMMAND CREATED STATUS PORTS NAMES + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 89373736e2e7 testimage:version4 "apachectl -DFOREGROU" 3 seconds ago Up 2 seconds 80/tcp distracted_fermat c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton From b839363db97a67f2538db1ebb269edfeffda44fa Mon Sep 17 00:00:00 2001 From: Ovidio Mallo Date: Wed, 28 Dec 2016 23:13:17 +0100 Subject: [PATCH 2205/2538] Reference new DigitalOcean plugin (Closes #29729) Signed-off-by: Ovidio Mallo --- docs/extend/legacy_plugins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index e9ab6f40be..0de2ad0633 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -63,6 +63,7 @@ Plugin [Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. [Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption. It has support for Ceph and NFS. [Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. +[DigitalOcean Block Storage plugin](https://github.com/omallo/docker-volume-plugin-dostorage) | Integrates DigitalOcean's [block storage solution](https://www.digitalocean.com/products/storage/) into the Docker ecosystem by automatically attaching a given block storage volume to a DigitalOcean droplet and making the contents of the volume available to Docker containers running on that droplet. [DRBD plugin](https://www.drbd.org/en/supported-projects/docker) | A volume plugin that provides highly available storage replicated by [DRBD](https://www.drbd.org). Data written to the docker volume is replicated in a cluster of DRBD nodes. [Flocker plugin](https://clusterhq.com/docker-plugin/) | A volume plugin that provides multi-host portable volumes for Docker, enabling you to run databases and other stateful containers and move them around across a cluster of machines. [Fuxi Volume Plugin](https://github.com/openstack/fuxi) | A volume plugin that is developed as part of the OpenStack Kuryr project and implements the Docker volume plugin API by utilizing Cinder, the OpenStack block storage service. From aba799a9968fa10164e8bfffb95bb9c5ed7c5082 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Wed, 28 Dec 2016 10:44:44 +0800 Subject: [PATCH 2206/2538] update URL of plugins_graphdriver.md in experimental/README.md Signed-off-by: lixiaobing10051267 --- experimental/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/experimental/README.md b/experimental/README.md index 796080cca5..b57a5d1294 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -32,7 +32,7 @@ true ## Current experimental features - * [External graphdriver plugins](plugins_graphdriver.md) + * [External graphdriver plugins](../docs/extend/plugins_graphdriver.md) * [Ipvlan Network Drivers](vlan-networks.md) * [Docker Stacks and Distributed Application Bundles](docker-stacks-and-bundles.md) * [Checkpoint & Restore](checkpoint-restore.md) @@ -41,4 +41,4 @@ true Each feature's documentation includes a list of proposal pull requests or PRs associated with the feature. If you want to comment on or suggest a change to a feature, please add it to the existing feature PR. -Issues or problems with a feature? Inquire for help on the `#docker` IRC channel or in on the [Docker Google group](https://groups.google.com/forum/#!forum/docker-user). +Issues or problems with a feature? Inquire for help on the `#docker` IRC channel or on the [Docker Google group](https://groups.google.com/forum/#!forum/docker-user). From 7957741105b920649373a0b1a7aad32be726295a Mon Sep 17 00:00:00 2001 From: Yanqiang Miao Date: Thu, 29 Dec 2016 17:35:47 +0800 Subject: [PATCH 2207/2538] Complete the document content Signed-off-by: Yanqiang Miao update Signed-off-by: Yanqiang Miao --- docs/reference/commandline/plugin_create.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/plugin_create.md b/docs/reference/commandline/plugin_create.md index f1593f05f4..df3b2cccc8 100644 --- a/docs/reference/commandline/plugin_create.md +++ b/docs/reference/commandline/plugin_create.md @@ -41,8 +41,9 @@ $ ls -ls /home/pluginDir $ docker plugin create plugin /home/pluginDir plugin -NAME TAG DESCRIPTION ENABLED -plugin latest A sample plugin for Docker true +$ docker plugin ls +ID NAME TAG DESCRIPTION ENABLED +672d8144ec02 plugin latest A sample plugin for Docker false ``` The plugin can subsequently be enabled for local use or pushed to the public registry. From 8d4ea9f2cf363f3fdb3cb89e2d20129570ea5ac5 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 31 Dec 2016 14:17:34 +0100 Subject: [PATCH 2208/2538] document DOCKER_HIDE_LEGACY_COMMANDS env-var The `DOCKER_HIDE_LEGACY_COMMANDS` environment variable was added in a7c8bcac2ba60d6dd25a1157085d9245bed556ce but not documented. This adds the variable to the documentation. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/cli.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 5343c65758..798fa5858d 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -69,6 +69,9 @@ by the `docker` command line: Equates to `--disable-content-trust=false` for build, create, pull, push, run. * `DOCKER_CONTENT_TRUST_SERVER` The URL of the Notary server to use. This defaults to the same URL as the registry. +* `DOCKER_HIDE_LEGACY_COMMANDS` When set, Docker hides "legacy" top-level commands (such as `docker rm`, and + `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are + printed. This may become the default in a future release, at which point this environment-variable is removed. * `DOCKER_TMPDIR` Location for temporary Docker files. Because Docker is developed using Go, you can also use any environment From 70d8efd00120f8be9cef95764a6c80c38a3af285 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 31 Dec 2016 09:23:27 -0800 Subject: [PATCH 2209/2538] Fix bash completion for `plugin enable|disable` `docker plugin enable` and `docker plugin disable` only accept one plugin. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1b87a18e08..2c4e2792f2 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3222,7 +3222,10 @@ _docker_plugin_disable() { COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) ;; *) - __docker_complete_plugins_installed + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_complete_plugins_installed + fi ;; esac } @@ -3239,7 +3242,10 @@ _docker_plugin_enable() { COMPREPLY=( $( compgen -W "--help --timeout" -- "$cur" ) ) ;; *) - __docker_complete_plugins_installed + local counter=$(__docker_pos_first_nonflag '--timeout') + if [ $cword -eq $counter ]; then + __docker_complete_plugins_installed + fi ;; esac } From 0e0cb6498c0ba1a041a6bf90a1ec35bc124c0d84 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 31 Dec 2016 09:28:03 -0800 Subject: [PATCH 2210/2538] Add bash completion for `plugin disable --force` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 2c4e2792f2..5469c6c2be 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3219,7 +3219,7 @@ _docker_plugin_create() { _docker_plugin_disable() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag) From 6c5145d0742f7879a7a3ca524d581537b8a34788 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 31 Dec 2016 09:55:04 -0800 Subject: [PATCH 2211/2538] Fix usage message of `plugin inspect` Signed-off-by: Harald Albers --- docs/reference/commandline/plugin_inspect.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index ded6bd2ee2..01e231bf06 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -16,7 +16,7 @@ keywords: "plugin, inspect" # plugin inspect ```markdown -Usage: docker plugin inspect [OPTIONS] PLUGIN|ID [PLUGIN|ID...] +Usage: docker plugin inspect [OPTIONS] PLUGIN [PLUGIN...] Display detailed information on one or more plugins From 1471f8013b198ea65b5bb4713787d0292cfc2f6b Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Sat, 31 Dec 2016 00:09:49 +0800 Subject: [PATCH 2212/2538] Update reference document for secret and stack Signed-off-by: yuexiao-wang --- docs/reference/commandline/index.md | 19 +++++++++++++++++++ docs/reference/commandline/stack_deploy.md | 1 - docs/reference/commandline/stack_ps.md | 2 +- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 2345406c4f..f7e6d3c908 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -147,3 +147,22 @@ read the [`dockerd`](dockerd.md) reference page. | [service rm](service_rm.md) | Remove a service from the swarm | | [service scale](service_scale.md) | Set the number of replicas for the desired state of the service | | [service update](service_update.md) | Update the attributes of a service | + +### Swarm secret commands + +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [secret create](secret_create.md) | Create a secret from a file or STDIN as content | +| [secret inspect](service_inspect.md) | Inspect the specified secret | +| [secret ls](secret_ls.md) | List secrets in the swarm | +| [secret rm](secret_rm.md) | Remove the specified secrets from the swarm | + +### Swarm stack commands + +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [stack deploy](stack_deploy.md) | Deploy a new stack or update an existing stack | +| [stack ls](stack_ls.md) | List stacks in the swarm | +| [stack ps](stack_ps.md) | List the tasks in the stack | +| [stack rm](stack_rm.md) | Remove the stack from the swarm | +| [stack services](stack_services.md) | List the services in the stack | \ No newline at end of file diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 28b7604105..037feaebd7 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -96,4 +96,3 @@ axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/ * [stack ps](stack_ps.md) * [stack rm](stack_rm.md) * [stack services](stack_services.md) -* [deploy](deploy.md) diff --git a/docs/reference/commandline/stack_ps.md b/docs/reference/commandline/stack_ps.md index 01dc63b7d9..101e9feb11 100644 --- a/docs/reference/commandline/stack_ps.md +++ b/docs/reference/commandline/stack_ps.md @@ -46,6 +46,6 @@ The currently supported filters are: ## Related information * [stack deploy](stack_deploy.md) -* [stack rm](stack_ls.md) +* [stack ls](stack_ls.md) * [stack rm](stack_rm.md) * [stack services](stack_services.md) From 0645bd841e2650af1527e43b8f70b321aeb70465 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 29 Jul 2016 08:20:03 -0700 Subject: [PATCH 2213/2538] Support multiple service IDs on "docker service ps" This fix tries to address issue raised in 25228 to support multiple service IDs on `docker service ps`. Multiple IDs are allowed with `docker service ps ...`, and related documentation has been updated. A test has been added to cover the changes. This fix fixes 25228. Signed-off-by: Yong Tang --- docs/reference/commandline/service_ps.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 61abb15f67..15ac59acaa 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -19,7 +19,7 @@ aliases: ["/engine/reference/commandline/service_tasks/"] ```Markdown Usage: docker service ps [OPTIONS] SERVICE -List the tasks of a service +List the tasks of one or more services Options: -f, --filter filter Filter output based on conditions provided @@ -29,7 +29,7 @@ Options: -q, --quiet Only display task IDs ``` -Lists the tasks that are running as part of the specified service. This command +Lists the tasks that are running as part of the specified services. This command has to be run targeting a manager node. ## Examples From a004c15df00febe70d7023dcd51e7c9f708a38cd Mon Sep 17 00:00:00 2001 From: allencloud Date: Thu, 29 Dec 2016 18:46:51 +0800 Subject: [PATCH 2214/2538] update plugins in docs and correct things in index.md Signed-off-by: allencloud --- docs/reference/commandline/events.md | 2 +- docs/reference/commandline/index.md | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 24af2ab482..82cac92aac 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -36,7 +36,7 @@ Docker images report the following events: delete, import, load, pull, push, save, tag, untag -Docker plugins(experimental) report the following events: +Docker plugins report the following events: install, enable, disable, remove diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index f7e6d3c908..87c7b4775f 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -165,4 +165,18 @@ read the [`dockerd`](dockerd.md) reference page. | [stack ls](stack_ls.md) | List stacks in the swarm | | [stack ps](stack_ps.md) | List the tasks in the stack | | [stack rm](stack_rm.md) | Remove the stack from the swarm | -| [stack services](stack_services.md) | List the services in the stack | \ No newline at end of file +| [stack services](stack_services.md) | List the services in the stack | + +### Plugin commands + +| Command | Description | +|:--------|:-------------------------------------------------------------------| +| [plugin create](plugin_create.md) | Create a plugin from a rootfs and configuration | +| [plugin disable](plugin_disable.md) | Disable a plugin | +| [plugin enbale](plugin_enable.md) | Enable a plugin | +| [plugin inspect](plugin_inspect.md) | Display detailed information on a plugin | +| [plugin install](plugin_install.md) | Install a plugin | +| [plugin ls](plugin_ls.md) | List plugins | +| [plugin push](plugin_push.md) | Push a plugin to a registry | +| [plugin rm](plugin_rm.md) | Remove a plugin | +| [plugin set](plugin_set.md) | Change settings for a plugin | From ce569fd8363672d31d36bcad51f9cbd67808956c Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 3 Jan 2017 05:58:13 -0800 Subject: [PATCH 2215/2538] Support multiple services on bash completion for `docker service ps` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5469c6c2be..ab662c382a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2689,10 +2689,7 @@ _docker_service_ps() { COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--filter|-f') - if [ $cword -eq $counter ]; then - __docker_complete_services - fi + __docker_complete_services ;; esac } From 5bd015e2d958b6c062ac7483b2db75654883ba6d Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Thu, 22 Sep 2016 14:11:08 -0400 Subject: [PATCH 2216/2538] Read long description from a file. Signed-off-by: Daniel Nephin --- man/docker-commit.1.md | 71 --- man/docker-create.1.md | 553 ------------------ man/docker-exec.1.md | 71 --- man/docker-import.1.md | 72 --- man/docker-kill.1.md | 28 - man/docker-logs.1.md | 71 --- man/docker-network-disconnect.1.md | 36 -- man/docker-pause.1.md | 32 - man/docker-push.1.md | 63 -- man/docker-rename.1.md | 15 - man/docker-restart.1.md | 26 - man/docker-rm.1.md | 72 --- man/docker-rmi.1.md | 42 -- man/docker-save.1.md | 45 -- man/docker-start.1.md | 39 -- man/docker-stop.1.md | 30 - man/docker-top.1.md | 36 -- man/docker-unpause.1.md | 28 - man/docker-update.1.md | 171 ------ man/docker-wait.1.md | 30 - man/generate.go | 67 ++- man/generate.sh | 2 +- man/src/attach.md | 2 + man/src/commit.md | 1 + .../container/attach.md} | 33 -- man/src/container/commit.md | 30 + man/{docker-cp.1.md => src/container/cp.md} | 58 +- man/src/container/create.md | 99 ++++ .../container/diff.md} | 22 - man/src/container/exec.md | 25 + .../container/export.md} | 26 - man/src/container/kill.md | 2 + man/src/container/logs.md | 28 + man/{docker-ps.1.md => src/container/ls.md} | 73 +-- man/src/container/pause.md | 12 + .../container/port.md} | 29 +- man/src/container/rename.md | 1 + man/src/container/restart.md | 1 + man/src/container/rm.md | 37 ++ man/src/container/run.md | 1 + man/src/container/start.md | 1 + .../container/stats.md} | 35 +- man/src/container/stop.md | 1 + man/src/container/top.md | 11 + man/src/container/unpause.md | 6 + man/src/container/update.md | 102 ++++ man/src/container/wait.md | 8 + man/src/cp.md | 1 + man/src/create.md | 1 + man/src/diff.md | 1 + man/src/events.md | 1 + man/src/exec.md | 1 + man/src/export.md | 1 + man/src/history.md | 1 + man/src/image/build.md | 1 + .../image/history.md} | 34 -- man/src/image/import.md | 42 ++ man/{docker-load.1.md => src/image/load.md} | 33 +- man/{docker-images.1.md => src/image/ls.md} | 62 +- man/{docker-pull.1.md => src/image/pull.md} | 59 +- man/src/image/push.md | 34 ++ man/src/image/rm.md | 11 + man/src/image/save.md | 19 + man/{docker-tag.1.md => src/image/tag.md} | 33 +- man/src/images.md | 1 + man/src/import.md | 1 + man/src/info.md | 1 + man/{docker-inspect.1.md => src/inspect.md} | 37 -- man/src/kill.md | 1 + man/src/load.md | 1 + man/{docker-login.1.md => src/login.md} | 31 - man/{docker-logout.1.md => src/logout.md} | 19 - man/src/logs.md | 1 + .../network/connect.md} | 27 - .../network/create.md} | 68 --- man/src/network/disconnect.md | 5 + .../network/inspect.md} | 24 - .../network/ls.md} | 53 +- .../network/rm.md} | 23 - man/src/pause.md | 1 + man/src/port.md | 1 + man/src/ps.md | 1 + man/src/pull.md | 1 + man/src/push.md | 1 + man/src/rename.md | 1 + man/src/restart.md | 1 + man/src/rm.md | 1 + man/src/rmi.md | 1 + man/src/save.md | 1 + man/{docker-search.1.md => src/search.md} | 36 +- man/src/start.md | 1 + man/src/stats.md | 1 + man/src/stop.md | 1 + .../system/events.md} | 46 -- man/{docker-info.1.md => src/system/info.md} | 24 - man/src/tag.md | 1 + man/src/top.md | 1 + man/src/unpause.md | 1 + man/src/update.md | 1 + man/{docker-version.1.md => src/version.md} | 25 - man/src/volume.md | 14 + man/src/volume/create.md | 35 ++ man/src/volume/inspect.md | 4 + man/src/volume/ls.md | 11 + man/src/wait.md | 1 + 105 files changed, 715 insertions(+), 2370 deletions(-) delete mode 100644 man/docker-commit.1.md delete mode 100644 man/docker-create.1.md delete mode 100644 man/docker-exec.1.md delete mode 100644 man/docker-import.1.md delete mode 100644 man/docker-kill.1.md delete mode 100644 man/docker-logs.1.md delete mode 100644 man/docker-network-disconnect.1.md delete mode 100644 man/docker-pause.1.md delete mode 100644 man/docker-push.1.md delete mode 100644 man/docker-rename.1.md delete mode 100644 man/docker-restart.1.md delete mode 100644 man/docker-rm.1.md delete mode 100644 man/docker-rmi.1.md delete mode 100644 man/docker-save.1.md delete mode 100644 man/docker-start.1.md delete mode 100644 man/docker-stop.1.md delete mode 100644 man/docker-top.1.md delete mode 100644 man/docker-unpause.1.md delete mode 100644 man/docker-update.1.md delete mode 100644 man/docker-wait.1.md create mode 100644 man/src/attach.md create mode 100644 man/src/commit.md rename man/{docker-attach.1.md => src/container/attach.md} (76%) create mode 100644 man/src/container/commit.md rename man/{docker-cp.1.md => src/container/cp.md} (81%) create mode 100644 man/src/container/create.md rename man/{docker-diff.1.md => src/container/diff.md} (66%) create mode 100644 man/src/container/exec.md rename man/{docker-export.1.md => src/container/export.md} (52%) create mode 100644 man/src/container/kill.md create mode 100644 man/src/container/logs.md rename man/{docker-ps.1.md => src/container/ls.md} (63%) create mode 100644 man/src/container/pause.md rename man/{docker-port.1.md => src/container/port.md} (53%) create mode 100644 man/src/container/rename.md create mode 100644 man/src/container/restart.md create mode 100644 man/src/container/rm.md create mode 100644 man/src/container/run.md create mode 100644 man/src/container/start.md rename man/{docker-stats.1.md => src/container/stats.md} (61%) create mode 100644 man/src/container/stop.md create mode 100644 man/src/container/top.md create mode 100644 man/src/container/unpause.md create mode 100644 man/src/container/update.md create mode 100644 man/src/container/wait.md create mode 100644 man/src/cp.md create mode 100644 man/src/create.md create mode 100644 man/src/diff.md create mode 100644 man/src/events.md create mode 100644 man/src/exec.md create mode 100644 man/src/export.md create mode 100644 man/src/history.md create mode 100644 man/src/image/build.md rename man/{docker-history.1.md => src/image/history.md} (63%) create mode 100644 man/src/image/import.md rename man/{docker-load.1.md => src/image/load.md} (54%) rename man/{docker-images.1.md => src/image/ls.md} (73%) rename man/{docker-pull.1.md => src/image/pull.md} (81%) create mode 100644 man/src/image/push.md create mode 100644 man/src/image/rm.md create mode 100644 man/src/image/save.md rename man/{docker-tag.1.md => src/image/tag.md} (67%) create mode 100644 man/src/images.md create mode 100644 man/src/import.md create mode 100644 man/src/info.md rename man/{docker-inspect.1.md => src/inspect.md} (89%) create mode 100644 man/src/kill.md create mode 100644 man/src/load.md rename man/{docker-login.1.md => src/login.md} (62%) rename man/{docker-logout.1.md => src/logout.md} (50%) create mode 100644 man/src/logs.md rename man/{docker-network-connect.1.md => src/network/connect.md} (82%) rename man/{docker-network-create.1.md => src/network/create.md} (78%) create mode 100644 man/src/network/disconnect.md rename man/{docker-network-inspect.1.md => src/network/inspect.md} (87%) rename man/{docker-network-ls.1.md => src/network/ls.md} (81%) rename man/{docker-network-rm.1.md => src/network/rm.md} (67%) create mode 100644 man/src/pause.md create mode 100644 man/src/port.md create mode 100644 man/src/ps.md create mode 100644 man/src/pull.md create mode 100644 man/src/push.md create mode 100644 man/src/rename.md create mode 100644 man/src/restart.md create mode 100644 man/src/rm.md create mode 100644 man/src/rmi.md create mode 100644 man/src/save.md rename man/{docker-search.1.md => src/search.md} (65%) create mode 100644 man/src/start.md create mode 100644 man/src/stats.md create mode 100644 man/src/stop.md rename man/{docker-events.1.md => src/system/events.md} (86%) rename man/{docker-info.1.md => src/system/info.md} (91%) create mode 100644 man/src/tag.md create mode 100644 man/src/top.md create mode 100644 man/src/unpause.md create mode 100644 man/src/update.md rename man/{docker-version.1.md => src/version.md} (67%) create mode 100644 man/src/volume.md create mode 100644 man/src/volume/create.md create mode 100644 man/src/volume/inspect.md create mode 100644 man/src/volume/ls.md create mode 100644 man/src/wait.md diff --git a/man/docker-commit.1.md b/man/docker-commit.1.md deleted file mode 100644 index d8a4cf8387..0000000000 --- a/man/docker-commit.1.md +++ /dev/null @@ -1,71 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-commit - Create a new image from a container's changes - -# SYNOPSIS -**docker commit** -[**-a**|**--author**[=*AUTHOR*]] -[**-c**|**--change**[=\[*DOCKERFILE INSTRUCTIONS*\]]] -[**--help**] -[**-m**|**--message**[=*MESSAGE*]] -[**-p**|**--pause**[=*true*]] -CONTAINER [REPOSITORY[:TAG]] - -# DESCRIPTION -Create a new image from an existing container specified by name or -container ID. The new image will contain the contents of the -container filesystem, *excluding* any data volumes. Refer to **docker-tag(1)** -for more information about valid image and tag names. - -While the `docker commit` command is a convenient way of extending an -existing image, you should prefer the use of a Dockerfile and `docker -build` for generating images that you intend to share with other -people. - -# OPTIONS -**-a**, **--author**="" - Author (e.g., "John Hannibal Smith ") - -**-c** , **--change**=[] - Apply specified Dockerfile instructions while committing the image - Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` - -**--help** - Print usage statement - -**-m**, **--message**="" - Commit message - -**-p**, **--pause**=*true*|*false* - Pause container during commit. The default is *true*. - -# EXAMPLES - -## Creating a new image from an existing container -An existing Fedora based container has had Apache installed while running -in interactive mode with the bash shell. Apache is also running. To -create a new image run `docker ps` to find the container's ID and then run: - - # docker commit -m="Added Apache to Fedora base image" \ - -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20 - -Note that only a-z0-9-_. are allowed when naming images from an -existing container. - -## Apply specified Dockerfile instructions while committing the image -If an existing container was created without the DEBUG environment -variable set to "true", you can create a new image based on that -container by first getting the container's ID with `docker ps` and -then running: - - # docker commit -c="ENV DEBUG true" 98bd7fc99854 debug-image - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and in -June 2014, updated by Sven Dowideit -July 2014, updated by Sven Dowideit -Oct 2014, updated by Daniel, Dao Quang Minh -June 2015, updated by Sally O'Malley diff --git a/man/docker-create.1.md b/man/docker-create.1.md deleted file mode 100644 index 3f8a076374..0000000000 --- a/man/docker-create.1.md +++ /dev/null @@ -1,553 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-create - Create a new container - -# SYNOPSIS -**docker create** -[**-a**|**--attach**[=*[]*]] -[**--add-host**[=*[]*]] -[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] -[**--blkio-weight-device**[=*[]*]] -[**--cpu-shares**[=*0*]] -[**--cap-add**[=*[]*]] -[**--cap-drop**[=*[]*]] -[**--cgroup-parent**[=*CGROUP-PATH*]] -[**--cidfile**[=*CIDFILE*]] -[**--cpu-count**[=*0*]] -[**--cpu-percent**[=*0*]] -[**--cpu-period**[=*0*]] -[**--cpu-quota**[=*0*]] -[**--cpu-rt-period**[=*0*]] -[**--cpu-rt-runtime**[=*0*]] -[**--cpus**[=*0.0*]] -[**--cpuset-cpus**[=*CPUSET-CPUS*]] -[**--cpuset-mems**[=*CPUSET-MEMS*]] -[**--device**[=*[]*]] -[**--device-read-bps**[=*[]*]] -[**--device-read-iops**[=*[]*]] -[**--device-write-bps**[=*[]*]] -[**--device-write-iops**[=*[]*]] -[**--dns**[=*[]*]] -[**--dns-search**[=*[]*]] -[**--dns-option**[=*[]*]] -[**-e**|**--env**[=*[]*]] -[**--entrypoint**[=*ENTRYPOINT*]] -[**--env-file**[=*[]*]] -[**--expose**[=*[]*]] -[**--group-add**[=*[]*]] -[**-h**|**--hostname**[=*HOSTNAME*]] -[**--help**] -[**-i**|**--interactive**] -[**--ip**[=*IPv4-ADDRESS*]] -[**--ip6**[=*IPv6-ADDRESS*]] -[**--ipc**[=*IPC*]] -[**--isolation**[=*default*]] -[**--kernel-memory**[=*KERNEL-MEMORY*]] -[**-l**|**--label**[=*[]*]] -[**--label-file**[=*[]*]] -[**--link**[=*[]*]] -[**--link-local-ip**[=*[]*]] -[**--log-driver**[=*[]*]] -[**--log-opt**[=*[]*]] -[**-m**|**--memory**[=*MEMORY*]] -[**--mac-address**[=*MAC-ADDRESS*]] -[**--memory-reservation**[=*MEMORY-RESERVATION*]] -[**--memory-swap**[=*LIMIT*]] -[**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] -[**--name**[=*NAME*]] -[**--network-alias**[=*[]*]] -[**--network**[=*"bridge"*]] -[**--oom-kill-disable**] -[**--oom-score-adj**[=*0*]] -[**-P**|**--publish-all**] -[**-p**|**--publish**[=*[]*]] -[**--pid**[=*[PID]*]] -[**--userns**[=*[]*]] -[**--pids-limit**[=*PIDS_LIMIT*]] -[**--privileged**] -[**--read-only**] -[**--restart**[=*RESTART*]] -[**--rm**] -[**--security-opt**[=*[]*]] -[**--storage-opt**[=*[]*]] -[**--stop-signal**[=*SIGNAL*]] -[**--stop-timeout**[=*TIMEOUT*]] -[**--shm-size**[=*[]*]] -[**--sysctl**[=*[]*]] -[**-t**|**--tty**] -[**--tmpfs**[=*[CONTAINER-DIR[:]*]] -[**-u**|**--user**[=*USER*]] -[**--ulimit**[=*[]*]] -[**--uts**[=*[]*]] -[**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*]] -[**--volume-driver**[=*DRIVER*]] -[**--volumes-from**[=*[]*]] -[**-w**|**--workdir**[=*WORKDIR*]] -IMAGE [COMMAND] [ARG...] - -# DESCRIPTION - -Creates a writeable container layer over the specified image and prepares it for -running the specified command. The container ID is then printed to STDOUT. This -is similar to **docker run -d** except the container is never started. You can -then use the **docker start ** command to start the container at -any point. - -The initial status of the container created with **docker create** is 'created'. - -# OPTIONS -**-a**, **--attach**=[] - Attach to STDIN, STDOUT or STDERR. - -**--add-host**=[] - Add a custom host-to-IP mapping (host:ip) - -**--blkio-weight**=*0* - Block IO weight (relative weight) accepts a weight value between 10 and 1000. - -**--blkio-weight-device**=[] - Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`). - -**--cpu-shares**=*0* - CPU shares (relative weight) - -**--cap-add**=[] - Add Linux capabilities - -**--cap-drop**=[] - Drop Linux capabilities - -**--cgroup-parent**="" - Path to cgroups under which the cgroup for the container will be created. If the path is not absolute, the path is considered to be relative to the cgroups path of the init process. Cgroups will be created if they do not already exist. - -**--cidfile**="" - Write the container ID to the file - -**--cpu-count**=*0* - Limit the number of CPUs available for execution by the container. - - On Windows Server containers, this is approximated as a percentage of total CPU usage. - - On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last. - -**--cpu-percent**=*0* - Limit the percentage of CPU available for execution by a container running on a Windows daemon. - - On Windows Server containers, the processor resource controls are mutually exclusive, the order of precedence is CPUCount first, then CPUShares, and CPUPercent last. - -**--cpu-period**=*0* - Limit the CPU CFS (Completely Fair Scheduler) period - - Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify. - -**--cpuset-cpus**="" - CPUs in which to allow execution (0-3, 0,1) - -**--cpuset-mems**="" - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. - - If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1` -then processes in your Docker container will only use memory from the first -two memory nodes. - -**--cpu-quota**=*0* - Limit the CPU CFS (Completely Fair Scheduler) quota - -**--cpu-rt-period**=0 - Limit the CPU real-time period in microseconds - - Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify. - -**--cpu-rt-runtime**=0 - Limit the CPU real-time runtime in microseconds - - Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: - Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - - The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. - -**--cpus**=0.0 - Number of CPUs. The default is *0.0*. - -**--device**=[] - Add a host device to the container (e.g. --device=/dev/sdc:/dev/xvdc:rwm) - -**--device-read-bps**=[] - Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb) - -**--device-read-iops**=[] - Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000) - -**--device-write-bps**=[] - Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb) - -**--device-write-iops**=[] - Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000) - -**--dns**=[] - Set custom DNS servers - -**--dns-option**=[] - Set custom DNS options - -**--dns-search**=[] - Set custom DNS search domains (Use --dns-search=. if you don't wish to set the search domain) - -**-e**, **--env**=[] - Set environment variables - -**--entrypoint**="" - Overwrite the default ENTRYPOINT of the image - -**--env-file**=[] - Read in a line-delimited file of environment variables - -**--expose**=[] - Expose a port or a range of ports (e.g. --expose=3300-3310) from the container without publishing it to your host - -**--group-add**=[] - Add additional groups to run as - -**-h**, **--hostname**="" - Container host name - -**--help** - Print usage statement - -**-i**, **--interactive**=*true*|*false* - Keep STDIN open even if not attached. The default is *false*. - -**--ip**="" - Sets the container's interface IPv4 address (e.g. 172.23.0.9) - - It can only be used in conjunction with **--network** for user-defined networks - -**--ip6**="" - Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) - - It can only be used in conjunction with **--network** for user-defined networks - -**--ipc**="" - Default is to create a private IPC namespace (POSIX SysV IPC) for the container - 'container:': reuses another container shared memory, semaphores and message queues - 'host': use the host shared memory,semaphores and message queues inside the container. Note: the host mode gives the container full access to local shared memory and is therefore considered insecure. - -**--isolation**="*default*" - Isolation specifies the type of isolation technology used by containers. Note -that the default on Windows server is `process`, and the default on Windows client -is `hyperv`. Linux only supports `default`. - -**--kernel-memory**="" - Kernel memory limit (format: `[]`, where unit = b, k, m or g) - - Constrains the kernel memory available to a container. If a limit of 0 -is specified (not using `--kernel-memory`), the container's kernel memory -is not limited. If you specify a limit, it may be rounded up to a multiple -of the operating system's page size and the value can be very large, -millions of trillions. - -**-l**, **--label**=[] - Adds metadata to a container (e.g., --label=com.example.key=value) - -**--label-file**=[] - Read labels from a file. Delimit each label with an EOL. - -**--link**=[] - Add link to another container in the form of :alias or just - in which case the alias will match the name. - -**--link-local-ip**=[] - Add one or more link-local IPv4/IPv6 addresses to the container's interface - -**--log-driver**="*json-file*|*syslog*|*journald*|*gelf*|*fluentd*|*awslogs*|*splunk*|*etwlogs*|*gcplogs*|*none*" - Logging driver for the container. Default is defined by daemon `--log-driver` flag. - **Warning**: the `docker logs` command works only for the `json-file` and - `journald` logging drivers. - -**--log-opt**=[] - Logging driver specific options. - -**-m**, **--memory**="" - Memory limit (format: [], where unit = b, k, m or g) - - Allows you to constrain the memory available to a container. If the host -supports swap memory, then the **-m** memory setting can be larger than physical -RAM. If a limit of 0 is specified (not using **-m**), the container's memory is -not limited. The actual limit may be rounded up to a multiple of the operating -system's page size (the value would be very large, that's millions of trillions). - -**--mac-address**="" - Container MAC address (e.g. 92:d0:c6:0a:29:33) - -**--memory-reservation**="" - Memory soft limit (format: [], where unit = b, k, m or g) - - After setting memory reservation, when the system detects memory contention -or low memory, containers are forced to restrict their consumption to their -reservation. So you should always set the value below **--memory**, otherwise the -hard limit will take precedence. By default, memory reservation will be the same -as memory limit. - -**--memory-swap**="LIMIT" - A limit value equal to memory plus swap. Must be used with the **-m** -(**--memory**) flag. The swap `LIMIT` should always be larger than **-m** -(**--memory**) value. - - The format of `LIMIT` is `[]`. Unit can be `b` (bytes), -`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a -unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. - -**--memory-swappiness**="" - Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100. - -**--name**="" - Assign a name to the container - -**--network**="*bridge*" - Set the Network mode for the container - 'bridge': create a network stack on the default Docker bridge - 'none': no networking - 'container:': reuse another container's network stack - 'host': use the Docker host network stack. Note: the host mode gives the container full access to local system services such as D-bus and is therefore considered insecure. - '|': connect to a user-defined network - -**--network-alias**=[] - Add network-scoped alias for the container - -**--oom-kill-disable**=*true*|*false* - Whether to disable OOM Killer for the container or not. - -**--oom-score-adj**="" - Tune the host's OOM preferences for containers (accepts -1000 to 1000) - -**-P**, **--publish-all**=*true*|*false* - Publish all exposed ports to random ports on the host interfaces. The default is *false*. - -**-p**, **--publish**=[] - Publish a container's port, or a range of ports, to the host - format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort - Both hostPort and containerPort can be specified as a range of ports. - When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `-p 1234-1236:1234-1236/tcp`) - (use 'docker port' to see the actual mapping) - -**--pid**="" - Set the PID mode for the container - Default is to create a private PID namespace for the container - 'container:': join another container's PID namespace - 'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. - -**--userns**="" - Set the usernamespace mode for the container when `userns-remap` option is enabled. - **host**: use the host usernamespace and enable all privileged options (e.g., `pid=host` or `--privileged`). - -**--pids-limit**="" - Tune the container's pids limit. Set `-1` to have unlimited pids for the container. - -**--privileged**=*true*|*false* - Give extended privileges to this container. The default is *false*. - -**--read-only**=*true*|*false* - Mount the container's root filesystem as read only. - -**--restart**="*no*" - Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). - -**--rm**=*true*|*false* - Automatically remove the container when it exits. The default is *false*. - -**--shm-size**="" - Size of `/dev/shm`. The format is ``. `number` must be greater than `0`. - Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. - If you omit the size entirely, the system uses `64m`. - -**--security-opt**=[] - Security Options - - "label:user:USER" : Set the label user for the container - "label:role:ROLE" : Set the label role for the container - "label:type:TYPE" : Set the label type for the container - "label:level:LEVEL" : Set the label level for the container - "label:disable" : Turn off label confinement for the container - "no-new-privileges" : Disable container processes from gaining additional privileges - "seccomp:unconfined" : Turn off seccomp confinement for the container - "seccomp:profile.json : White listed syscalls seccomp Json file to be used as a seccomp filter - -**--storage-opt**=[] - Storage driver options per container - - $ docker create -it --storage-opt size=120G fedora /bin/bash - - This (size) will allow to set the container rootfs size to 120G at creation time. - This option is only available for the `devicemapper`, `btrfs`, `overlay2` and `zfs` graph drivers. - For the `devicemapper`, `btrfs` and `zfs` storage drivers, user cannot pass a size less than the Default BaseFS Size. - For the `overlay2` storage driver, the size option is only available if the backing fs is `xfs` and mounted with the `pquota` mount option. - Under these conditions, user can pass any size less then the backing fs size. - -**--stop-signal**=*SIGTERM* - Signal to stop a container. Default is SIGTERM. - -**--stop-timeout**=*10* - Timeout (in seconds) to stop a container. Default is 10. - -**--sysctl**=SYSCTL - Configure namespaced kernel parameters at runtime - - IPC Namespace - current sysctls allowed: - - kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced - Sysctls beginning with fs.mqueue.* - - Note: if you use --ipc=host using these sysctls will not be allowed. - - Network Namespace - current sysctls allowed: - Sysctls beginning with net.* - - Note: if you use --network=host using these sysctls will not be allowed. - -**-t**, **--tty**=*true*|*false* - Allocate a pseudo-TTY. The default is *false*. - -**--tmpfs**=[] Create a tmpfs mount - - Mount a temporary filesystem (`tmpfs`) mount into a container, for example: - - $ docker run -d --tmpfs /tmp:rw,size=787448k,mode=1777 my_image - - This command mounts a `tmpfs` at `/tmp` within the container. The supported mount -options are the same as the Linux default `mount` flags. If you do not specify -any options, the systems uses the following options: -`rw,noexec,nosuid,nodev,size=65536k`. - -**-u**, **--user**="" - Sets the username or UID used and optionally the groupname or GID for the specified command. - - The followings examples are all valid: - --user [user | user:group | uid | uid:gid | user:gid | uid:group ] - - Without this argument root user will be used in the container by default. - -**--ulimit**=[] - Ulimit options - -**--uts**=*host* - Set the UTS mode for the container - **host**: use the host's UTS namespace inside the container. - Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. - -**-v**|**--volume**[=*[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] - Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Docker - bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Docker - container. If 'HOST-DIR' is omitted, Docker automatically creates the new - volume on the host. The `OPTIONS` are a comma delimited list and can be: - - * [rw|ro] - * [z|Z] - * [`[r]shared`|`[r]slave`|`[r]private`] - -The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` -can be an absolute path or a `name` value. A `name` value must start with an -alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or -`-` (hyphen). An absolute path starts with a `/` (forward slash). - -If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the -path you specify. If you supply a `name`, Docker creates a named volume by that -`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR` -value. If you supply the `/foo` value, Docker creates a bind-mount. If you -supply the `foo` specification, Docker creates a named volume. - -You can specify multiple **-v** options to mount one or more mounts to a -container. To use these same mounts in other containers, specify the -**--volumes-from** option also. - -You can add `:ro` or `:rw` suffix to a volume to mount it read-only or -read-write mode, respectively. By default, the volumes are mounted read-write. -See examples. - -Labeling systems like SELinux require that proper labels are placed on volume -content mounted into a container. Without a label, the security system might -prevent the processes running inside the container from using the content. By -default, Docker does not change the labels set by the OS. - -To change a label in the container context, you can add either of two suffixes -`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file -objects on the shared volumes. The `z` option tells Docker that two containers -share the volume content. As a result, Docker labels the content with a shared -content label. Shared volume labels allow all containers to read/write content. -The `Z` option tells Docker to label the content with a private unshared label. -Only the current container can use a private volume. - -By default bind mounted volumes are `private`. That means any mounts done -inside container will not be visible on host and vice-a-versa. One can change -this behavior by specifying a volume mount propagation property. Making a -volume `shared` mounts done under that volume inside container will be -visible on host and vice-a-versa. Making a volume `slave` enables only one -way mount propagation and that is mounts done on host under that volume -will be visible inside container but not the other way around. - -To control mount propagation property of volume one can use `:[r]shared`, -`:[r]slave` or `:[r]private` propagation flag. Propagation property can -be specified only for bind mounted volumes and not for internal volumes or -named volumes. For mount propagation to work source mount point (mount point -where source dir is mounted on) has to have right propagation properties. For -shared volumes, source mount point has to be shared. And for slave volumes, -source mount has to be either shared or slave. - -Use `df ` to figure out the source mount and then use -`findmnt -o TARGET,PROPAGATION ` to figure out propagation -properties of source mount. If `findmnt` utility is not available, then one -can look at mount entry for source mount point in `/proc/self/mountinfo`. Look -at `optional fields` and see if any propagaion properties are specified. -`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if -nothing is there that means mount is `private`. - -To change propagation properties of a mount point use `mount` command. For -example, if one wants to bind mount source directory `/foo` one can do -`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This -will convert /foo into a `shared` mount point. Alternatively one can directly -change propagation properties of source mount. Say `/` is source mount for -`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. - -> **Note**: -> When using systemd to manage the Docker daemon's start and stop, in the systemd -> unit file there is an option to control mount propagation for the Docker daemon -> itself, called `MountFlags`. The value of this setting may cause Docker to not -> see mount propagation changes made on the mount point. For example, if this value -> is `slave`, you may not be able to use the `shared` or `rshared` propagation on -> a volume. - - -To disable automatic copying of data from the container path to the volume, use -the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. - -**--volume-driver**="" - Container's volume driver. This driver creates volumes specified either from - a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. - See **docker-volume-create(1)** for full details. - -**--volumes-from**=[] - Mount volumes from the specified container(s) - -**-w**, **--workdir**="" - Working directory inside the container - -# EXAMPLES - -## Specify isolation technology for container (--isolation) - -This option is useful in situations where you are running Docker containers on -Windows. The `--isolation=` option sets a container's isolation -technology. On Linux, the only supported is the `default` option which uses -Linux namespaces. On Microsoft Windows, you can specify these values: - -* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. -* `process`: Namespace isolation only. -* `hyperv`: Hyper-V hypervisor partition-based isolation. - -Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. - -# HISTORY -August 2014, updated by Sven Dowideit -September 2014, updated by Sven Dowideit -November 2014, updated by Sven Dowideit diff --git a/man/docker-exec.1.md b/man/docker-exec.1.md deleted file mode 100644 index fe9c279e7e..0000000000 --- a/man/docker-exec.1.md +++ /dev/null @@ -1,71 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-exec - Run a command in a running container - -# SYNOPSIS -**docker exec** -[**-d**|**--detach**] -[**--detach-keys**[=*[]*]] -[**-e**|**--env**[=*[]*]] -[**--help**] -[**-i**|**--interactive**] -[**--privileged**] -[**-t**|**--tty**] -[**-u**|**--user**[=*USER*]] -CONTAINER COMMAND [ARG...] - -# DESCRIPTION - -Run a process in a running container. - -The command started using `docker exec` will only run while the container's primary -process (`PID 1`) is running, and will not be restarted if the container is restarted. - -If the container is paused, then the `docker exec` command will wait until the -container is unpaused, and then run - -# OPTIONS -**-d**, **--detach**=*true*|*false* - Detached mode: run command in the background. The default is *false*. - -**--detach-keys**="" - Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. - -**-e**, **--env**=[] - Set environment variables - - This option allows you to specify arbitrary environment variables that are -available for the command to be executed. - -**--help** - Print usage statement - -**-i**, **--interactive**=*true*|*false* - Keep STDIN open even if not attached. The default is *false*. - -**--privileged**=*true*|*false* - Give the process extended [Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html) -when running in a container. The default is *false*. - - Without this flag, the process run by `docker exec` in a running container has -the same capabilities as the container, which may be limited. Set -`--privileged` to give all capabilities to the process. - -**-t**, **--tty**=*true*|*false* - Allocate a pseudo-TTY. The default is *false*. - -**-u**, **--user**="" - Sets the username or UID used and optionally the groupname or GID for the specified command. - - The followings examples are all valid: - --user [user | user:group | uid | uid:gid | user:gid | uid:group ] - - Without this argument the command will be run as root in the container. - -The **-t** option is incompatible with a redirection of the docker client -standard input. - -# HISTORY -November 2014, updated by Sven Dowideit diff --git a/man/docker-import.1.md b/man/docker-import.1.md deleted file mode 100644 index 43d65efe6a..0000000000 --- a/man/docker-import.1.md +++ /dev/null @@ -1,72 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-import - Create an empty filesystem image and import the contents of the tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) into it, then optionally tag it. - -# SYNOPSIS -**docker import** -[**-c**|**--change**[=*[]*]] -[**-m**|**--message**[=*MESSAGE*]] -[**--help**] -file|URL|**-**[REPOSITORY[:TAG]] - -# OPTIONS -**-c**, **--change**=[] - Apply specified Dockerfile instructions while importing the image - Supported Dockerfile instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` - -**--help** - Print usage statement - -**-m**, **--message**="" - Set commit message for imported image - -# DESCRIPTION -Create a new filesystem image from the contents of a tarball (`.tar`, -`.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it. - - -# EXAMPLES - -## Import from a remote location - - # docker import http://example.com/exampleimage.tgz example/imagerepo - -## Import from a local file - -Import to docker via pipe and stdin: - - # cat exampleimage.tgz | docker import - example/imagelocal - -Import with a commit message. - - # cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new - -Import to a Docker image from a local file. - - # docker import /path/to/exampleimage.tgz - - -## Import from a local file and tag - -Import to docker via pipe and stdin: - - # cat exampleimageV2.tgz | docker import - example/imagelocal:V-2.0 - -## Import from a local directory - - # tar -c . | docker import - exampleimagedir - -## Apply specified Dockerfile instructions while importing the image -This example sets the docker image ENV variable DEBUG to true by default. - - # tar -c . | docker import -c="ENV DEBUG true" - exampleimagedir - -# See also -**docker-export(1)** to export the contents of a filesystem as a tar archive to STDOUT. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/docker-kill.1.md b/man/docker-kill.1.md deleted file mode 100644 index 36cbdb90ea..0000000000 --- a/man/docker-kill.1.md +++ /dev/null @@ -1,28 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-kill - Kill a running container using SIGKILL or a specified signal - -# SYNOPSIS -**docker kill** -[**--help**] -[**-s**|**--signal**[=*"KILL"*]] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -The main process inside each container specified will be sent SIGKILL, - or any signal specified with option --signal. - -# OPTIONS -**--help** - Print usage statement - -**-s**, **--signal**="*KILL*" - Signal to send to the container - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) - based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/docker-logs.1.md b/man/docker-logs.1.md deleted file mode 100644 index e70f796e28..0000000000 --- a/man/docker-logs.1.md +++ /dev/null @@ -1,71 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-logs - Fetch the logs of a container - -# SYNOPSIS -**docker logs** -[**-f**|**--follow**] -[**--help**] -[**--since**[=*SINCE*]] -[**-t**|**--timestamps**] -[**--tail**[=*"all"*]] -CONTAINER - -# DESCRIPTION -The **docker logs** command batch-retrieves whatever logs are present for -a container at the time of execution. This does not guarantee execution -order when combined with a docker run (i.e., your run may not have generated -any logs at the time you execute docker logs). - -The **docker logs --follow** command combines commands **docker logs** and -**docker attach**. It will first return all logs from the beginning and -then continue streaming new output from the container's stdout and stderr. - -**Warning**: This command works only for the **json-file** or **journald** -logging drivers. - -# OPTIONS -**--help** - Print usage statement - -**--details**=*true*|*false* - Show extra details provided to logs - -**-f**, **--follow**=*true*|*false* - Follow log output. The default is *false*. - -**--since**="" - Show logs since timestamp - -**-t**, **--timestamps**=*true*|*false* - Show timestamps. The default is *false*. - -**--tail**="*all*" - Output the specified number of lines at the end of logs (defaults to all logs) - -The `--since` option can be Unix timestamps, date formatted timestamps, or Go -duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine's -time. Supported formats for date formatted time stamps include RFC3339Nano, -RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, -`2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be -used if you do not provide either a `Z` or a `+-00:00` timezone offset at the -end of the timestamp. When providing Unix timestamps enter -seconds[.nanoseconds], where seconds is the number of seconds that have elapsed -since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix -epoch or Unix time), and the optional .nanoseconds field is a fraction of a -second no more than nine digits long. You can combine the `--since` option with -either or both of the `--follow` or `--tail` options. - -The `docker logs --details` command will add on extra attributes, such as -environment variables and labels, provided to `--log-opt` when creating the -container. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -July 2014, updated by Sven Dowideit -April 2015, updated by Ahmet Alp Balkan -October 2015, updated by Mike Brown diff --git a/man/docker-network-disconnect.1.md b/man/docker-network-disconnect.1.md deleted file mode 100644 index 09bcac51b0..0000000000 --- a/man/docker-network-disconnect.1.md +++ /dev/null @@ -1,36 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-disconnect - disconnect a container from a network - -# SYNOPSIS -**docker network disconnect** -[**--help**] -[**--force**] -NETWORK CONTAINER - -# DESCRIPTION - -Disconnects a container from a network. - -```bash - $ docker network disconnect multi-host-network container1 -``` - - -# OPTIONS -**NETWORK** - Specify network name - -**CONTAINER** - Specify container name - -**--force** - Force the container to disconnect from a network - -**--help** - Print usage statement - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/man/docker-pause.1.md b/man/docker-pause.1.md deleted file mode 100644 index 11eef5321f..0000000000 --- a/man/docker-pause.1.md +++ /dev/null @@ -1,32 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-pause - Pause all processes within one or more containers - -# SYNOPSIS -**docker pause** -CONTAINER [CONTAINER...] - -# DESCRIPTION - -The `docker pause` command suspends all processes in the specified containers. -On Linux, this uses the cgroups freezer. Traditionally, when suspending a process -the `SIGSTOP` signal is used, which is observable by the process being suspended. -With the cgroups freezer the process is unaware, and unable to capture, -that it is being suspended, and subsequently resumed. On Windows, only Hyper-V -containers can be paused. - -See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for -further details. - -# OPTIONS -**--help** - Print usage statement - -# See also -**docker-unpause(1)** to unpause all processes within one or more containers. - -# HISTORY -June 2014, updated by Sven Dowideit diff --git a/man/docker-push.1.md b/man/docker-push.1.md deleted file mode 100644 index 847e66d2e4..0000000000 --- a/man/docker-push.1.md +++ /dev/null @@ -1,63 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-push - Push an image or a repository to a registry - -# SYNOPSIS -**docker push** -[**--help**] -NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] - -# DESCRIPTION - -Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) -registry or to a self-hosted one. - -Refer to **docker-tag(1)** for more information about valid image and tag names. - -Killing the **docker push** process, for example by pressing **CTRL-c** while it -is running in a terminal, terminates the push operation. - -Registry credentials are managed by **docker-login(1)**. - - -# OPTIONS - -**--disable-content-trust** - Skip image verification (default true) - -**--help** - Print usage statement - -# EXAMPLES - -## Pushing a new image to a registry - -First save the new image by finding the container ID (using **docker ps**) -and then committing it to a new image name. Note that only a-z0-9-_. are -allowed when naming images: - - # docker commit c16378f943fe rhel-httpd - -Now, push the image to the registry using the image ID. In this example the -registry is on host named `registry-host` and listening on port `5000`. To do -this, tag the image with the host name or IP address, and the port of the -registry: - - # docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd - # docker push registry-host:5000/myadmin/rhel-httpd - -Check that this worked by running: - - # docker images - -You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` -listed. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 -June 2015, updated by Sally O'Malley diff --git a/man/docker-rename.1.md b/man/docker-rename.1.md deleted file mode 100644 index eaeea5c6e0..0000000000 --- a/man/docker-rename.1.md +++ /dev/null @@ -1,15 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCTOBER 2014 -# NAME -docker-rename - Rename a container - -# SYNOPSIS -**docker rename** -CONTAINER NEW_NAME - -# OPTIONS -There are no available options. - -# DESCRIPTION -Rename a container. Container may be running, paused or stopped. diff --git a/man/docker-restart.1.md b/man/docker-restart.1.md deleted file mode 100644 index 271c4eee1b..0000000000 --- a/man/docker-restart.1.md +++ /dev/null @@ -1,26 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-restart - Restart one or more containers - -# SYNOPSIS -**docker restart** -[**--help**] -[**-t**|**--time**[=*10*]] -CONTAINER [CONTAINER...] - -# DESCRIPTION -Restart each container listed. - -# OPTIONS -**--help** - Print usage statement - -**-t**, **--time**=*10* - Number of seconds to try to stop for before killing the container. Once killed it will then be restarted. Default is 10 seconds. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/docker-rm.1.md b/man/docker-rm.1.md deleted file mode 100644 index 2105288d0d..0000000000 --- a/man/docker-rm.1.md +++ /dev/null @@ -1,72 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-rm - Remove one or more containers - -# SYNOPSIS -**docker rm** -[**-f**|**--force**] -[**-l**|**--link**] -[**-v**|**--volumes**] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -**docker rm** will remove one or more containers from the host node. The -container name or ID can be used. This does not remove images. You cannot -remove a running container unless you use the **-f** option. To see all -containers on a host use the **docker ps -a** command. - -# OPTIONS -**--help** - Print usage statement - -**-f**, **--force**=*true*|*false* - Force the removal of a running container (uses SIGKILL). The default is *false*. - -**-l**, **--link**=*true*|*false* - Remove the specified link and not the underlying container. The default is *false*. - -**-v**, **--volumes**=*true*|*false* - Remove the volumes associated with the container. The default is *false*. - -# EXAMPLES - -## Removing a container using its ID - -To remove a container using its ID, find either from a **docker ps -a** -command, or use the ID returned from the **docker run** command, or retrieve -it from a file used to store it using the **docker run --cidfile**: - - docker rm abebf7571666 - -## Removing a container using the container name - -The name of the container can be found using the **docker ps -a** -command. The use that name as follows: - - docker rm hopeful_morse - -## Removing a container and all associated volumes - - $ docker rm -v redis - redis - -This command will remove the container and any volumes associated with it. -Note that if a volume was specified with a name, it will not be removed. - - $ docker create -v awesome:/foo -v /bar --name hello redis - hello - $ docker rm -v hello - -In this example, the volume for `/foo` will remain in tact, but the volume for -`/bar` will be removed. The same behavior holds for volumes inherited with -`--volumes-from`. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -July 2014, updated by Sven Dowideit -August 2014, updated by Sven Dowideit diff --git a/man/docker-rmi.1.md b/man/docker-rmi.1.md deleted file mode 100644 index 35bf8aac6a..0000000000 --- a/man/docker-rmi.1.md +++ /dev/null @@ -1,42 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-rmi - Remove one or more images - -# SYNOPSIS -**docker rmi** -[**-f**|**--force**] -[**--help**] -[**--no-prune**] -IMAGE [IMAGE...] - -# DESCRIPTION - -Removes one or more images from the host node. This does not remove images from -a registry. You cannot remove an image of a running container unless you use the -**-f** option. To see all images on a host use the **docker images** command. - -# OPTIONS -**-f**, **--force**=*true*|*false* - Force removal of the image. The default is *false*. - -**--help** - Print usage statement - -**--no-prune**=*true*|*false* - Do not delete untagged parents. The default is *false*. - -# EXAMPLES - -## Removing an image - -Here is an example of removing an image: - - docker rmi fedora/httpd - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 diff --git a/man/docker-save.1.md b/man/docker-save.1.md deleted file mode 100644 index 1d1de8a1df..0000000000 --- a/man/docker-save.1.md +++ /dev/null @@ -1,45 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-save - Save one or more images to a tar archive (streamed to STDOUT by default) - -# SYNOPSIS -**docker save** -[**--help**] -[**-o**|**--output**[=*OUTPUT*]] -IMAGE [IMAGE...] - -# DESCRIPTION -Produces a tarred repository to the standard output stream. Contains all -parent layers, and all tags + versions, or specified repo:tag. - -Stream to a file instead of STDOUT by using **-o**. - -# OPTIONS -**--help** - Print usage statement - -**-o**, **--output**="" - Write to a file, instead of STDOUT - -# EXAMPLES - -Save all fedora repository images to a fedora-all.tar and save the latest -fedora image to a fedora-latest.tar: - - $ docker save fedora > fedora-all.tar - $ docker save --output=fedora-latest.tar fedora:latest - $ ls -sh fedora-all.tar - 721M fedora-all.tar - $ ls -sh fedora-latest.tar - 367M fedora-latest.tar - -# See also -**docker-load(1)** to load an image from a tar archive on STDIN. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -November 2014, updated by Sven Dowideit diff --git a/man/docker-start.1.md b/man/docker-start.1.md deleted file mode 100644 index c00b0a1668..0000000000 --- a/man/docker-start.1.md +++ /dev/null @@ -1,39 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-start - Start one or more containers - -# SYNOPSIS -**docker start** -[**-a**|**--attach**] -[**--detach-keys**[=*[]*]] -[**--help**] -[**-i**|**--interactive**] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -Start one or more containers. - -# OPTIONS -**-a**, **--attach**=*true*|*false* - Attach container's STDOUT and STDERR and forward all signals to the - process. The default is *false*. - -**--detach-keys**="" - Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. - -**--help** - Print usage statement - -**-i**, **--interactive**=*true*|*false* - Attach container's STDIN. The default is *false*. - -# See also -**docker-stop(1)** to stop a container. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/docker-stop.1.md b/man/docker-stop.1.md deleted file mode 100644 index fa377c92c4..0000000000 --- a/man/docker-stop.1.md +++ /dev/null @@ -1,30 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-stop - Stop a container by sending SIGTERM and then SIGKILL after a grace period - -# SYNOPSIS -**docker stop** -[**--help**] -[**-t**|**--time**[=*10*]] -CONTAINER [CONTAINER...] - -# DESCRIPTION -Stop a container (Send SIGTERM, and then SIGKILL after - grace period) - -# OPTIONS -**--help** - Print usage statement - -**-t**, **--time**=*10* - Number of seconds to wait for the container to stop before killing it. Default is 10 seconds. - -#See also -**docker-start(1)** to restart a stopped container. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/docker-top.1.md b/man/docker-top.1.md deleted file mode 100644 index a666f7cd37..0000000000 --- a/man/docker-top.1.md +++ /dev/null @@ -1,36 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-top - Display the running processes of a container - -# SYNOPSIS -**docker top** -[**--help**] -CONTAINER [ps OPTIONS] - -# DESCRIPTION - -Display the running process of the container. ps-OPTION can be any of the options you would pass to a Linux ps command. - -All displayed information is from host's point of view. - -# OPTIONS -**--help** - Print usage statement - -# EXAMPLES - -Run **docker top** with the ps option of -x: - - $ docker top 8601afda2b -x - PID TTY STAT TIME COMMAND - 16623 ? Ss 0:00 sleep 99999 - - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -June 2015, updated by Ma Shimiao -December 2015, updated by Pavel Pospisil diff --git a/man/docker-unpause.1.md b/man/docker-unpause.1.md deleted file mode 100644 index e6fd3c4e01..0000000000 --- a/man/docker-unpause.1.md +++ /dev/null @@ -1,28 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-unpause - Unpause all processes within one or more containers - -# SYNOPSIS -**docker unpause** -CONTAINER [CONTAINER...] - -# DESCRIPTION - -The `docker unpause` command un-suspends all processes in the specified containers. -On Linux, it does this using the cgroups freezer. - -See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for -further details. - -# OPTIONS -**--help** - Print usage statement - -# See also -**docker-pause(1)** to pause all processes within one or more containers. - -# HISTORY -June 2014, updated by Sven Dowideit diff --git a/man/docker-update.1.md b/man/docker-update.1.md deleted file mode 100644 index 85f3dd07c1..0000000000 --- a/man/docker-update.1.md +++ /dev/null @@ -1,171 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-update - Update configuration of one or more containers - -# SYNOPSIS -**docker update** -[**--blkio-weight**[=*[BLKIO-WEIGHT]*]] -[**--cpu-shares**[=*0*]] -[**--cpu-period**[=*0*]] -[**--cpu-quota**[=*0*]] -[**--cpu-rt-period**[=*0*]] -[**--cpu-rt-runtime**[=*0*]] -[**--cpuset-cpus**[=*CPUSET-CPUS*]] -[**--cpuset-mems**[=*CPUSET-MEMS*]] -[**--help**] -[**--kernel-memory**[=*KERNEL-MEMORY*]] -[**-m**|**--memory**[=*MEMORY*]] -[**--memory-reservation**[=*MEMORY-RESERVATION*]] -[**--memory-swap**[=*MEMORY-SWAP*]] -[**--restart**[=*""*]] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -The **docker update** command dynamically updates container configuration. -You can use this command to prevent containers from consuming too many -resources from their Docker host. With a single command, you can place -limits on a single container or on many. To specify more than one container, -provide space-separated list of container names or IDs. - -With the exception of the **--kernel-memory** option, you can specify these -options on a running or a stopped container. On kernel version older than -4.6, You can only update **--kernel-memory** on a stopped container or on -a running container with kernel memory initialized. - -# OPTIONS - -**--blkio-weight**=0 - Block IO weight (relative weight) accepts a weight value between 10 and 1000. - -**--cpu-shares**=0 - CPU shares (relative weight) - -**--cpu-period**=0 - Limit the CPU CFS (Completely Fair Scheduler) period - - Limit the container's CPU usage. This flag tell the kernel to restrict the container's CPU usage to the period you specify. - -**--cpu-quota**=0 - Limit the CPU CFS (Completely Fair Scheduler) quota - -**--cpu-rt-period**=0 - Limit the CPU real-time period in microseconds - - Limit the container's Real Time CPU usage. This flag tell the kernel to restrict the container's Real Time CPU usage to the period you specify. - -**--cpu-rt-runtime**=0 - Limit the CPU real-time runtime in microseconds - - Limit the containers Real Time CPU usage. This flag tells the kernel to limit the amount of time in a given CPU period Real Time tasks may consume. Ex: - Period of 1,000,000us and Runtime of 950,000us means that this container could consume 95% of available CPU and leave the remaining 5% to normal priority tasks. - - The sum of all runtimes across containers cannot exceed the amount allotted to the parent cgroup. - -**--cpuset-cpus**="" - CPUs in which to allow execution (0-3, 0,1) - -**--cpuset-mems**="" - Memory nodes(MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. - -**--help** - Print usage statement - -**--kernel-memory**="" - Kernel memory limit (format: `[]`, where unit = b, k, m or g) - - Note that on kernel version older than 4.6, you can not update kernel memory on - a running container if the container is started without kernel memory initialized, - in this case, it can only be updated after it's stopped. The new setting takes - effect when the container is started. - -**-m**, **--memory**="" - Memory limit (format: , where unit = b, k, m or g) - - Note that the memory should be smaller than the already set swap memory limit. - If you want update a memory limit bigger than the already set swap memory limit, - you should update swap memory limit at the same time. If you don't set swap memory - limit on docker create/run but only memory limit, the swap memory is double - the memory limit. - -**--memory-reservation**="" - Memory soft limit (format: [], where unit = b, k, m or g) - -**--memory-swap**="" - Total memory limit (memory + swap) - -**--restart**="" - Restart policy to apply when a container exits (no, on-failure[:max-retry], always, unless-stopped). - -# EXAMPLES - -The following sections illustrate ways to use this command. - -### Update a container's cpu-shares - -To limit a container's cpu-shares to 512, first identify the container -name or ID. You can use **docker ps** to find these values. You can also -use the ID returned from the **docker run** command. Then, do the following: - -```bash -$ docker update --cpu-shares 512 abebf7571666 -``` - -### Update a container with cpu-shares and memory - -To update multiple resource configurations for multiple containers: - -```bash -$ docker update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse -``` - -### Update a container's kernel memory constraints - -You can update a container's kernel memory limit using the **--kernel-memory** -option. On kernel version older than 4.6, this option can be updated on a -running container only if the container was started with **--kernel-memory**. -If the container was started *without* **--kernel-memory** you need to stop -the container before updating kernel memory. - -For example, if you started a container with this command: - -```bash -$ docker run -dit --name test --kernel-memory 50M ubuntu bash -``` - -You can update kernel memory while the container is running: - -```bash -$ docker update --kernel-memory 80M test -``` - -If you started a container *without* kernel memory initialized: - -```bash -$ docker run -dit --name test2 --memory 300M ubuntu bash -``` - -Update kernel memory of running container `test2` will fail. You need to stop -the container before updating the **--kernel-memory** setting. The next time you -start it, the container uses the new value. - -Kernel version newer than (include) 4.6 does not have this limitation, you -can use `--kernel-memory` the same way as other options. - -### Update a container's restart policy - -You can change a container's restart policy on a running container. The new -restart policy takes effect instantly after you run `docker update` on a -container. - -To update restart policy for one or more containers: - -```bash -$ docker update --restart=on-failure:3 abebf7571666 hopeful_morse -``` - -Note that if the container is started with "--rm" flag, you cannot update the restart -policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the -container. diff --git a/man/docker-wait.1.md b/man/docker-wait.1.md deleted file mode 100644 index 678800966b..0000000000 --- a/man/docker-wait.1.md +++ /dev/null @@ -1,30 +0,0 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-wait - Block until one or more containers stop, then print their exit codes - -# SYNOPSIS -**docker wait** -[**--help**] -CONTAINER [CONTAINER...] - -# DESCRIPTION - -Block until one or more containers stop, then print their exit codes. - -# OPTIONS -**--help** - Print usage statement - -# EXAMPLES - - $ docker run -d fedora sleep 99 - 079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622 - $ docker wait 079b83f558a2bc - 0 - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/generate.go b/man/generate.go index f21614d94a..1516158f7c 100644 --- a/man/generate.go +++ b/man/generate.go @@ -2,16 +2,22 @@ package main import ( "fmt" + "io/ioutil" + "log" "os" + "path/filepath" "github.com/docker/docker/cli/command" "github.com/docker/docker/cli/command/commands" "github.com/docker/docker/pkg/term" "github.com/spf13/cobra" "github.com/spf13/cobra/doc" + "github.com/spf13/pflag" ) -func generateManPages(path string) error { +const descriptionSourcePath = "man/src/" + +func generateManPages(opts *options) error { header := &doc.GenManHeader{ Title: "DOCKER", Section: "1", @@ -22,22 +28,67 @@ func generateManPages(path string) error { dockerCli := command.NewDockerCli(stdin, stdout, stderr) cmd := &cobra.Command{Use: "docker"} commands.AddCommands(cmd, dockerCli) + source := filepath.Join(opts.source, descriptionSourcePath) + if err := loadLongDescription(cmd, source); err != nil { + return err + } cmd.DisableAutoGenTag = true return doc.GenManTreeFromOpts(cmd, doc.GenManTreeOptions{ Header: header, - Path: path, + Path: opts.target, CommandSeparator: "-", }) } -func main() { - path := "/tmp" - if len(os.Args) > 1 { - path = os.Args[1] +func loadLongDescription(cmd *cobra.Command, path string) error { + for _, cmd := range cmd.Commands() { + if cmd.Name() == "" { + continue + } + fullpath := filepath.Join(path, cmd.Name()+".md") + + if cmd.HasSubCommands() { + loadLongDescription(cmd, filepath.Join(path, cmd.Name())) + } + + if _, err := os.Stat(fullpath); err != nil { + log.Printf("WARN: %s does not exist, skipping\n", fullpath) + continue + } + + content, err := ioutil.ReadFile(fullpath) + if err != nil { + return err + } + cmd.Long = string(content) } - fmt.Printf("Generating man pages into %s\n", path) - if err := generateManPages(path); err != nil { + return nil +} + +type options struct { + source string + target string +} + +func parseArgs() (*options, error) { + opts := &options{} + cwd, _ := os.Getwd() + flags := pflag.NewFlagSet(os.Args[0], pflag.ContinueOnError) + flags.StringVar(&opts.source, "root", cwd, "Path to project root") + flags.StringVar(&opts.target, "target", "/tmp", "Target path for generated man pages") + err := flags.Parse(os.Args[1:]) + return opts, err +} + +func main() { + opts, err := parseArgs() + if err != nil { + fmt.Fprintln(os.Stderr, err.Error()) + } + fmt.Printf("Project root: %s\n", opts.source) + fmt.Printf("Generating man pages into %s\n", opts.target) + if err := generateManPages(opts); err != nil { fmt.Fprintf(os.Stderr, "Failed to generate man pages: %s\n", err.Error()) } } diff --git a/man/generate.sh b/man/generate.sh index e4126ba4ac..c97edb440d 100755 --- a/man/generate.sh +++ b/man/generate.sh @@ -9,7 +9,7 @@ mkdir -p ./man/man1 # Generate man pages from cobra commands go build -o /tmp/gen-manpages ./man -/tmp/gen-manpages ./man/man1 +/tmp/gen-manpages --root . --target ./man/man1 # Generate legacy pages from markdown ./man/md2man-all.sh -q diff --git a/man/src/attach.md b/man/src/attach.md new file mode 100644 index 0000000000..ff1102e104 --- /dev/null +++ b/man/src/attach.md @@ -0,0 +1,2 @@ + +Alias for `docker container attach`. diff --git a/man/src/commit.md b/man/src/commit.md new file mode 100644 index 0000000000..3deb25bb55 --- /dev/null +++ b/man/src/commit.md @@ -0,0 +1 @@ +Alias for `docker container commit`. diff --git a/man/docker-attach.1.md b/man/src/container/attach.md similarity index 76% rename from man/docker-attach.1.md rename to man/src/container/attach.md index c39d1c9290..fff713bcf0 100644 --- a/man/docker-attach.1.md +++ b/man/src/container/attach.md @@ -1,18 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-attach - Attach to a running container - -# SYNOPSIS -**docker attach** -[**--detach-keys**[=*[]*]] -[**--help**] -[**--no-stdin**] -[**--sig-proxy**[=*true*]] -CONTAINER - -# DESCRIPTION The **docker attach** command allows you to attach to a running container using the container's ID or name, either to view its ongoing output or to control it interactively. You can attach to the same contained process multiple times @@ -28,19 +13,6 @@ file. See **config-json(5)** for documentation on using a configuration file. It is forbidden to redirect the standard input of a `docker attach` command while attaching to a tty-enabled container (i.e.: launched with `-t`). -# OPTIONS -**--detach-keys**="" - Override the key sequence for detaching a container. Format is a single character `[a-Z]` or `ctrl-` where `` is one of: `a-z`, `@`, `^`, `[`, `,` or `_`. - -**--help** - Print usage statement - -**--no-stdin**=*true*|*false* - Do not attach STDIN. The default is *false*. - -**--sig-proxy**=*true*|*false* - Proxy all received signals to the process (non-TTY mode only). SIGCHLD, SIGKILL, and SIGSTOP are not proxied. The default is *true*. - # Override the detach sequence If you want, you can configure an override the Docker key sequence for detach. @@ -92,8 +64,3 @@ attach** command: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/src/container/commit.md b/man/src/container/commit.md new file mode 100644 index 0000000000..6d619baed8 --- /dev/null +++ b/man/src/container/commit.md @@ -0,0 +1,30 @@ +Create a new image from an existing container specified by name or +container ID. The new image will contain the contents of the +container filesystem, *excluding* any data volumes. Refer to **docker-tag(1)** +for more information about valid image and tag names. + +While the `docker commit` command is a convenient way of extending an +existing image, you should prefer the use of a Dockerfile and `docker +build` for generating images that you intend to share with other +people. + +# EXAMPLES + +## Creating a new image from an existing container +An existing Fedora based container has had Apache installed while running +in interactive mode with the bash shell. Apache is also running. To +create a new image run `docker ps` to find the container's ID and then run: + + # docker commit -m="Added Apache to Fedora base image" \ + -a="A D Ministrator" 98bd7fc99854 fedora/fedora_httpd:20 + +Note that only a-z0-9-_. are allowed when naming images from an +existing container. + +## Apply specified Dockerfile instructions while committing the image +If an existing container was created without the DEBUG environment +variable set to "true", you can create a new image based on that +container by first getting the container's ID with `docker ps` and +then running: + + # docker container commit -c="ENV DEBUG true" 98bd7fc99854 debug-image diff --git a/man/docker-cp.1.md b/man/src/container/cp.md similarity index 81% rename from man/docker-cp.1.md rename to man/src/container/cp.md index 949d60bb8b..29b3c0ef2e 100644 --- a/man/docker-cp.1.md +++ b/man/src/container/cp.md @@ -1,42 +1,25 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-cp - Copy files/folders between a container and the local filesystem. - -# SYNOPSIS -**docker cp** -[**--help**] -CONTAINER:SRC_PATH DEST_PATH|- - -**docker cp** -[**--help**] -SRC_PATH|- CONTAINER:DEST_PATH - -# DESCRIPTION - -The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. +The `docker container cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. You can copy from the container's file system to the local machine or the reverse, from the local filesystem to the container. If `-` is specified for either the `SRC_PATH` or `DEST_PATH`, you can also stream a tar archive from `STDIN` or to `STDOUT`. The `CONTAINER` can be a running or stopped container. The `SRC_PATH` or `DEST_PATH` can be a file or directory. -The `docker cp` command assumes container paths are relative to the container's +The `docker container cp` command assumes container paths are relative to the container's `/` (root) directory. This means supplying the initial forward slash is optional; The command sees `compassionate_darwin:/tmp/foo/myfile.txt` and `compassionate_darwin:tmp/foo/myfile.txt` as identical. Local machine paths can be an absolute or relative value. The command interprets a local machine's -relative paths as relative to the current working directory where `docker cp` is +relative paths as relative to the current working directory where `docker container cp` is run. The `cp` command behaves like the Unix `cp -a` command in that directories are copied recursively with permissions preserved if possible. Ownership is set to the user and primary group at the destination. For example, files copied to a container are created with `UID:GID` of the root user. Files copied to the local -machine are created with the `UID:GID` of the user which invoked the `docker cp` -command. If you specify the `-L` option, `docker cp` follows any symbolic link -in the `SRC_PATH`. `docker cp` does *not* create parent directories for +machine are created with the `UID:GID` of the user which invoked the `docker container cp` +command. If you specify the `-L` option, `docker container cp` follows any symbolic link +in the `SRC_PATH`. `docker container cp` does *not* create parent directories for `DEST_PATH` if they do not exist. Assuming a path separator of `/`, a first argument of `SRC_PATH` and second @@ -94,13 +77,6 @@ The command extracts the content of the tar to the `DEST_PATH` in container's filesystem. In this case, `DEST_PATH` must specify a directory. Using `-` as the `DEST_PATH` streams the contents of the resource as a tar archive to `STDOUT`. -# OPTIONS -**-L**, **--follow-link**=*true*|*false* - Follow symbol link in SRC_PATH - -**--help** - Print usage statement - # EXAMPLES Suppose a container has finished producing some output as a file it saves @@ -109,28 +85,28 @@ some other computation. You can copy these outputs from the container to a location on your local host. If you want to copy the `/tmp/foo` directory from a container to the -existing `/tmp` directory on your host. If you run `docker cp` in your `~` +existing `/tmp` directory on your host. If you run `docker container cp` in your `~` (home) directory on the local host: - $ docker cp compassionate_darwin:tmp/foo /tmp + $ docker container cp compassionate_darwin:tmp/foo /tmp Docker creates a `/tmp/foo` directory on your host. Alternatively, you can omit the leading slash in the command. If you execute this command from your home directory: - $ docker cp compassionate_darwin:tmp/foo tmp + $ docker container cp compassionate_darwin:tmp/foo tmp If `~/tmp` does not exist, Docker will create it and copy the contents of `/tmp/foo` from the container into this new directory. If `~/tmp` already exists as a directory, then Docker will copy the contents of `/tmp/foo` from the container into a directory at `~/tmp/foo`. -When copying a single file to an existing `LOCALPATH`, the `docker cp` command +When copying a single file to an existing `LOCALPATH`, the `docker container cp` command will either overwrite the contents of `LOCALPATH` if it is a file or place it into `LOCALPATH` if it is a directory, overwriting an existing file of the same name if one exists. For example, this command: - $ docker cp sharp_ptolemy:/tmp/foo/myfile.txt /test + $ docker container cp sharp_ptolemy:/tmp/foo/myfile.txt /test If `/test` does not exist on the local machine, it will be created as a file with the contents of `/tmp/foo/myfile.txt` from the container. If `/test` @@ -147,12 +123,12 @@ If you have a file, `config.yml`, in the current directory on your local host and wish to copy it to an existing directory at `/etc/my-app.d` in a container, this command can be used: - $ docker cp config.yml myappcontainer:/etc/my-app.d + $ docker container cp config.yml myappcontainer:/etc/my-app.d If you have several files in a local directory `/config` which you need to copy to a directory `/etc/my-app.d` in a container: - $ docker cp /config/. myappcontainer:/etc/my-app.d + $ docker container cp /config/. myappcontainer:/etc/my-app.d The above command will copy the contents of the local `/config` directory into the directory `/etc/my-app.d` in the container. @@ -162,14 +138,8 @@ want to copy the linked target and not the link itself. To copy the target, use the `-L` option, for example: $ ln -s /tmp/somefile /tmp/somefile.ln - $ docker cp -L /tmp/somefile.ln myappcontainer:/tmp/ + $ docker container cp -L /tmp/somefile.ln myappcontainer:/tmp/ This command copies content of the local `/tmp/somefile` into the file `/tmp/somefile.ln` in the container. Without `-L` option, the `/tmp/somefile.ln` preserves its symbolic link but not its content. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -May 2015, updated by Josh Hawn diff --git a/man/src/container/create.md b/man/src/container/create.md new file mode 100644 index 0000000000..eeeda373eb --- /dev/null +++ b/man/src/container/create.md @@ -0,0 +1,99 @@ +Creates a writeable container layer over the specified image and prepares it for +running the specified command. The container ID is then printed to STDOUT. This +is similar to **docker run -d** except the container is never started. You can +then use the **docker start ** command to start the container at +any point. + +The initial status of the container created with **docker create** is 'created'. + +# OPTIONS + +The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` +can be an absolute path or a `name` value. A `name` value must start with an +alphanumeric character, followed by `a-z0-9`, `_` (underscore), `.` (period) or +`-` (hyphen). An absolute path starts with a `/` (forward slash). + +If you supply a `HOST-DIR` that is an absolute path, Docker bind-mounts to the +path you specify. If you supply a `name`, Docker creates a named volume by that +`name`. For example, you can specify either `/foo` or `foo` for a `HOST-DIR` +value. If you supply the `/foo` value, Docker creates a bind-mount. If you +supply the `foo` specification, Docker creates a named volume. + +You can specify multiple **-v** options to mount one or more mounts to a +container. To use these same mounts in other containers, specify the +**--volumes-from** option also. + +You can add `:ro` or `:rw` suffix to a volume to mount it read-only or +read-write mode, respectively. By default, the volumes are mounted read-write. +See examples. + +Labeling systems like SELinux require that proper labels are placed on volume +content mounted into a container. Without a label, the security system might +prevent the processes running inside the container from using the content. By +default, Docker does not change the labels set by the OS. + +To change a label in the container context, you can add either of two suffixes +`:z` or `:Z` to the volume mount. These suffixes tell Docker to relabel file +objects on the shared volumes. The `z` option tells Docker that two containers +share the volume content. As a result, Docker labels the content with a shared +content label. Shared volume labels allow all containers to read/write content. +The `Z` option tells Docker to label the content with a private unshared label. +Only the current container can use a private volume. + +By default bind mounted volumes are `private`. That means any mounts done +inside container will not be visible on host and vice-a-versa. One can change +this behavior by specifying a volume mount propagation property. Making a +volume `shared` mounts done under that volume inside container will be +visible on host and vice-a-versa. Making a volume `slave` enables only one +way mount propagation and that is mounts done on host under that volume +will be visible inside container but not the other way around. + +To control mount propagation property of volume one can use `:[r]shared`, +`:[r]slave` or `:[r]private` propagation flag. Propagation property can +be specified only for bind mounted volumes and not for internal volumes or +named volumes. For mount propagation to work source mount point (mount point +where source dir is mounted on) has to have right propagation properties. For +shared volumes, source mount point has to be shared. And for slave volumes, +source mount has to be either shared or slave. + +Use `df ` to figure out the source mount and then use +`findmnt -o TARGET,PROPAGATION ` to figure out propagation +properties of source mount. If `findmnt` utility is not available, then one +can look at mount entry for source mount point in `/proc/self/mountinfo`. Look +at `optional fields` and see if any propagaion properties are specified. +`shared:X` means mount is `shared`, `master:X` means mount is `slave` and if +nothing is there that means mount is `private`. + +To change propagation properties of a mount point use `mount` command. For +example, if one wants to bind mount source directory `/foo` one can do +`mount --bind /foo /foo` and `mount --make-private --make-shared /foo`. This +will convert /foo into a `shared` mount point. Alternatively one can directly +change propagation properties of source mount. Say `/` is source mount for +`/foo`, then use `mount --make-shared /` to convert `/` into a `shared` mount. + +> **Note**: +> When using systemd to manage the Docker daemon's start and stop, in the systemd +> unit file there is an option to control mount propagation for the Docker daemon +> itself, called `MountFlags`. The value of this setting may cause Docker to not +> see mount propagation changes made on the mount point. For example, if this value +> is `slave`, you may not be able to use the `shared` or `rshared` propagation on +> a volume. + + +To disable automatic copying of data from the container path to the volume, use +the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. + +# EXAMPLES + +## Specify isolation technology for container (--isolation) + +This option is useful in situations where you are running Docker containers on +Windows. The `--isolation=` option sets a container's isolation +technology. On Linux, the only supported is the `default` option which uses +Linux namespaces. On Microsoft Windows, you can specify these values: + +* `default`: Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. +* `process`: Namespace isolation only. +* `hyperv`: Hyper-V hypervisor partition-based isolation. + +Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. diff --git a/man/docker-diff.1.md b/man/src/container/diff.md similarity index 66% rename from man/docker-diff.1.md rename to man/src/container/diff.md index 3342ad1af5..eb485e364e 100644 --- a/man/docker-diff.1.md +++ b/man/src/container/diff.md @@ -1,15 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-diff - Inspect changes to files or directories on a container's filesystem - -# SYNOPSIS -**docker diff** -[**--help**] -CONTAINER - -# DESCRIPTION List the changed files and directories in a container᾿s filesystem since the container was created. Three different types of change are tracked: @@ -22,10 +10,6 @@ container was created. Three different types of change are tracked: You can use the full or shortened container ID or the container name set using **docker run --name** option. -# OPTIONS -**--help** - Print usage statement - # EXAMPLES Inspect the changes to an `nginx` container: @@ -53,9 +37,3 @@ C /var/log/nginx A /var/log/nginx/access.log A /var/log/nginx/error.log ``` - - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/src/container/exec.md b/man/src/container/exec.md new file mode 100644 index 0000000000..033db426b8 --- /dev/null +++ b/man/src/container/exec.md @@ -0,0 +1,25 @@ +Run a process in a running container. + +The command started using `docker exec` will only run while the container's primary +process (`PID 1`) is running, and will not be restarted if the container is restarted. + +If the container is paused, then the `docker exec` command will wait until the +container is unpaused, and then run + +# CAPABILITIES + +`privileged` gives the process extended +[Linux capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html) +when running in a container. + +Without this flag, the process run by `docker exec` in a running container has +the same capabilities as the container, which may be limited. Set +`--privileged` to give all capabilities to the process. + +# USER +`user` sets the username or UID used and optionally the groupname or GID for the specified command. + + The followings examples are all valid: + --user [user | user:group | uid | uid:gid | user:gid | uid:group ] + + Without this argument the command will be run as root in the container. diff --git a/man/docker-export.1.md b/man/src/container/export.md similarity index 52% rename from man/docker-export.1.md rename to man/src/container/export.md index 3d59e4788e..8c9a95a36e 100644 --- a/man/docker-export.1.md +++ b/man/src/container/export.md @@ -1,29 +1,9 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-export - Export the contents of a container's filesystem as a tar archive - -# SYNOPSIS -**docker export** -[**--help**] -[**-o**|**--output**[=*""*]] -CONTAINER - -# DESCRIPTION Export the contents of a container's filesystem using the full or shortened container ID or container name. The output is exported to STDOUT and can be redirected to a tar file. Stream to a file instead of STDOUT by using **-o**. -# OPTIONS -**--help** - Print usage statement - -**-o**, **--output**="" - Write to a file, instead of STDOUT - # EXAMPLES Export the contents of the container called angry_bell to a tar file called angry_bell.tar: @@ -38,9 +18,3 @@ called angry_bell.tar: # See also **docker-import(1)** to create an empty filesystem image and import the contents of the tarball into it, then optionally tag it. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -January 2015, updated by Joseph Kern (josephakern at gmail dot com) diff --git a/man/src/container/kill.md b/man/src/container/kill.md new file mode 100644 index 0000000000..b8b94e528c --- /dev/null +++ b/man/src/container/kill.md @@ -0,0 +1,2 @@ +The main process inside each container specified will be sent SIGKILL, + or any signal specified with option --signal. diff --git a/man/src/container/logs.md b/man/src/container/logs.md new file mode 100644 index 0000000000..c053f85758 --- /dev/null +++ b/man/src/container/logs.md @@ -0,0 +1,28 @@ +The **docker container logs** command batch-retrieves whatever logs are present for +a container at the time of execution. This does not guarantee execution +order when combined with a docker run (i.e., your run may not have generated +any logs at the time you execute docker container logs). + +The **docker container logs --follow** command combines commands **docker container logs** and +**docker attach**. It will first return all logs from the beginning and +then continue streaming new output from the container's stdout and stderr. + +**Warning**: This command works only for the **json-file** or **journald** +logging drivers. + +The `--since` option can be Unix timestamps, date formatted timestamps, or Go +duration strings (e.g. `10m`, `1h30m`) computed relative to the client machine's +time. Supported formats for date formatted time stamps include RFC3339Nano, +RFC3339, `2006-01-02T15:04:05`, `2006-01-02T15:04:05.999999999`, +`2006-01-02Z07:00`, and `2006-01-02`. The local timezone on the client will be +used if you do not provide either a `Z` or a `+-00:00` timezone offset at the +end of the timestamp. When providing Unix timestamps enter +seconds[.nanoseconds], where seconds is the number of seconds that have elapsed +since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix +epoch or Unix time), and the optional .nanoseconds field is a fraction of a +second no more than nine digits long. You can combine the `--since` option with +either or both of the `--follow` or `--tail` options. + +The `docker container logs --details` command will add on extra attributes, such as +environment variables and labels, provided to `--log-opt` when creating the +container. diff --git a/man/docker-ps.1.md b/man/src/container/ls.md similarity index 63% rename from man/docker-ps.1.md rename to man/src/container/ls.md index d9aa39f8fd..193ebd96c4 100644 --- a/man/docker-ps.1.md +++ b/man/src/container/ls.md @@ -1,32 +1,9 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% FEBRUARY 2015 -# NAME -docker-ps - List containers - -# SYNOPSIS -**docker ps** -[**-a**|**--all**] -[**-f**|**--filter**[=*[]*]] -[**--format**=*"TEMPLATE"*] -[**--help**] -[**-l**|**--latest**] -[**-n**[=*-1*]] -[**--no-trunc**] -[**-q**|**--quiet**] -[**-s**|**--size**] - -# DESCRIPTION - List the containers in the local repository. By default this shows only the running containers. -# OPTIONS -**-a**, **--all**=*true*|*false* - Show all containers. Only running containers are shown by default. The default is *false*. +## Filters -**-f**, **--filter**=[] - Filter output based on these conditions: +Filter output based on these conditions: - exited= an exit code of - label= or label== - status=(created|restarting|running|paused|exited|dead) @@ -40,7 +17,8 @@ the running containers. - network=(|) - containers connected to the provided network - health=(starting|healthy|unhealthy|none) - filters containers based on healthcheck status -**--format**="*TEMPLATE*" +## Format + Pretty-print containers using a Go template. Valid placeholders: .ID - Container ID @@ -56,28 +34,10 @@ the running containers. .Label - Value of a specific label for this container. For example `{{.Label "com.docker.swarm.cpu"}}` .Mounts - Names of the volumes mounted in this container. -**--help** - Print usage statement - -**-l**, **--latest**=*true*|*false* - Show only the latest created container (includes all states). The default is *false*. - -**-n**=*-1* - Show n last created containers (includes all states). - -**--no-trunc**=*true*|*false* - Don't truncate output. The default is *false*. - -**-q**, **--quiet**=*true*|*false* - Only display numeric IDs. The default is *false*. - -**-s**, **--size**=*true*|*false* - Display total file sizes. The default is *false*. - # EXAMPLES # Display all containers, including non-running - # docker ps -a + # docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES a87ecb4f327c fedora:20 /bin/sh -c #(nop) MA 20 minutes ago Exit 0 desperate_brattain 01946d9d34d8 vpavlin/rhel7:latest /bin/sh -c #(nop) MA 33 minutes ago Exit 0 thirsty_bell @@ -86,7 +46,7 @@ the running containers. # Display only IDs of all containers, including non-running - # docker ps -a -q + # docker container ls -a -q a87ecb4f327c 01946d9d34d8 c1d3b0166030 @@ -94,12 +54,12 @@ the running containers. # Display only IDs of all containers that have the name `determined_torvalds` - # docker ps -a -q --filter=name=determined_torvalds + # docker container ls -a -q --filter=name=determined_torvalds c1d3b0166030 # Display containers with their commands - # docker ps --format "{{.ID}}: {{.Command}}" + # docker container ls --format "{{.ID}}: {{.Command}}" a87ecb4f327c: /bin/sh -c #(nop) MA 01946d9d34d8: /bin/sh -c #(nop) MA c1d3b0166030: /bin/sh -c yum -y up @@ -107,7 +67,7 @@ the running containers. # Display containers with their labels in a table - # docker ps --format "table {{.ID}}\t{{.Labels}}" + # docker container ls --format "table {{.ID}}\t{{.Labels}}" CONTAINER ID LABELS a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd 01946d9d34d8 @@ -116,7 +76,7 @@ the running containers. # Display containers with their node label in a table - # docker ps --format 'table {{.ID}}\t{{(.Label "com.docker.swarm.node")}}' + # docker container ls --format 'table {{.ID}}\t{{(.Label "com.docker.swarm.node")}}' CONTAINER ID NODE a87ecb4f327c ubuntu 01946d9d34d8 @@ -125,21 +85,12 @@ the running containers. # Display containers with `remote-volume` mounted - $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" + $ docker container ls --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume # Display containers with a volume mounted in `/data` - $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" + $ docker container ls --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -August 2014, updated by Sven Dowideit -November 2014, updated by Sven Dowideit -February 2015, updated by André Martins -October 2016, updated by Josh Horwitz diff --git a/man/src/container/pause.md b/man/src/container/pause.md new file mode 100644 index 0000000000..09ea5b93d2 --- /dev/null +++ b/man/src/container/pause.md @@ -0,0 +1,12 @@ +The `docker container pause` command suspends all processes in the specified containers. +On Linux, this uses the cgroups freezer. Traditionally, when suspending a process +the `SIGSTOP` signal is used, which is observable by the process being suspended. +With the cgroups freezer the process is unaware, and unable to capture, +that it is being suspended, and subsequently resumed. On Windows, only Hyper-V +containers can be paused. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for +further details. + +**docker-container-unpause(1)** to unpause all processes within a container. diff --git a/man/docker-port.1.md b/man/src/container/port.md similarity index 53% rename from man/docker-port.1.md rename to man/src/container/port.md index 83e9cf93b6..264f43e613 100644 --- a/man/docker-port.1.md +++ b/man/src/container/port.md @@ -1,21 +1,5 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-port - List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT - -# SYNOPSIS -**docker port** -[**--help**] -CONTAINER [PRIVATE_PORT[/PROTO]] - -# DESCRIPTION List port mappings for the CONTAINER, or lookup the public-facing port that is NAT-ed to the PRIVATE_PORT -# OPTIONS -**--help** - Print usage statement - # EXAMPLES # docker ps @@ -24,24 +8,19 @@ List port mappings for the CONTAINER, or lookup the public-facing port that is N ## Find out all the ports mapped - # docker port test + # docker container port test 7890/tcp -> 0.0.0.0:4321 9876/tcp -> 0.0.0.0:1234 ## Find out a specific mapping - # docker port test 7890/tcp + # docker container port test 7890/tcp 0.0.0.0:4321 - # docker port test 7890 + # docker container port test 7890 0.0.0.0:4321 ## An example showing error for non-existent mapping - # docker port test 7890/udp + # docker container port test 7890/udp 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -June 2014, updated by Sven Dowideit -November 2014, updated by Sven Dowideit diff --git a/man/src/container/rename.md b/man/src/container/rename.md new file mode 100644 index 0000000000..e6f49a0ebd --- /dev/null +++ b/man/src/container/rename.md @@ -0,0 +1 @@ +Rename a container. Container may be running, paused or stopped. diff --git a/man/src/container/restart.md b/man/src/container/restart.md new file mode 100644 index 0000000000..66ef6688ea --- /dev/null +++ b/man/src/container/restart.md @@ -0,0 +1 @@ +Restart each container listed. diff --git a/man/src/container/rm.md b/man/src/container/rm.md new file mode 100644 index 0000000000..561f0e9135 --- /dev/null +++ b/man/src/container/rm.md @@ -0,0 +1,37 @@ +**docker container rm** will remove one or more containers from the host node. The +container name or ID can be used. This does not remove images. You cannot +remove a running container unless you use the **-f** option. To see all +containers on a host use the **docker container ls -a** command. + +# EXAMPLES + +## Removing a container using its ID + +To remove a container using its ID, find either from a **docker ps -a** +command, or use the ID returned from the **docker run** command, or retrieve +it from a file used to store it using the **docker run --cidfile**: + + docker container rm abebf7571666 + +## Removing a container using the container name + +The name of the container can be found using the **docker ps -a** +command. The use that name as follows: + + docker container rm hopeful_morse + +## Removing a container and all associated volumes + + $ docker container rm -v redis + redis + +This command will remove the container and any volumes associated with it. +Note that if a volume was specified with a name, it will not be removed. + + $ docker create -v awesome:/foo -v /bar --name hello redis + hello + $ docker container rm -v hello + +In this example, the volume for `/foo` will remain in tact, but the volume for +`/bar` will be removed. The same behavior holds for volumes inherited with +`--volumes-from`. diff --git a/man/src/container/run.md b/man/src/container/run.md new file mode 100644 index 0000000000..5e20273e68 --- /dev/null +++ b/man/src/container/run.md @@ -0,0 +1 @@ +Alias for `docker run`. diff --git a/man/src/container/start.md b/man/src/container/start.md new file mode 100644 index 0000000000..48d8592c61 --- /dev/null +++ b/man/src/container/start.md @@ -0,0 +1 @@ +Start one or more containers. diff --git a/man/docker-stats.1.md b/man/src/container/stats.md similarity index 61% rename from man/docker-stats.1.md rename to man/src/container/stats.md index 0f022cd412..2904482e86 100644 --- a/man/docker-stats.1.md +++ b/man/src/container/stats.md @@ -1,32 +1,7 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-stats - Display a live stream of one or more containers' resource usage statistics - -# SYNOPSIS -**docker stats** -[**-a**|**--all**] -[**--help**] -[**--no-stream**] -[**--format[="*TEMPLATE*"]**] -[CONTAINER...] - -# DESCRIPTION - Display a live stream of one or more containers' resource usage statistics -# OPTIONS -**-a**, **--all**=*true*|*false* - Show all containers. Only running containers are shown by default. The default is *false*. +# Format -**--help** - Print usage statement - -**--no-stream**=*true*|*false* - Disable streaming stats and only pull the first result, default setting is false. - -**--format**="*TEMPLATE*" Pretty-print containers statistics using a Go template. Valid placeholders: .Container - Container name or ID. @@ -41,17 +16,17 @@ Display a live stream of one or more containers' resource usage statistics # EXAMPLES -Running `docker stats` on all running containers +Running `docker container stats` on all running containers - $ docker stats + $ docker container stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O 1285939c1fd3 0.07% 796 KiB / 64 MiB 1.21% 788 B / 648 B 3.568 MB / 512 KB 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B -Running `docker stats` on multiple containers by name and id. +Running `docker container stats` on multiple containers by name and id. - $ docker stats fervent_panini 5acfcb1b4fd1 + $ docker container stats fervent_panini 5acfcb1b4fd1 CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B diff --git a/man/src/container/stop.md b/man/src/container/stop.md new file mode 100644 index 0000000000..e3142481b8 --- /dev/null +++ b/man/src/container/stop.md @@ -0,0 +1 @@ +Stop a container (Send SIGTERM, and then SIGKILL after grace period) diff --git a/man/src/container/top.md b/man/src/container/top.md new file mode 100644 index 0000000000..5524494194 --- /dev/null +++ b/man/src/container/top.md @@ -0,0 +1,11 @@ +Display the running process of the container. ps-OPTION can be any of the options you would pass to a Linux ps command. + +All displayed information is from host's point of view. + +# EXAMPLES + +Run **docker container top** with the ps option of -x: + + $ docker top 8601afda2b -x + PID TTY STAT TIME COMMAND + 16623 ? Ss 0:00 sleep 99999 diff --git a/man/src/container/unpause.md b/man/src/container/unpause.md new file mode 100644 index 0000000000..d318bb2b6a --- /dev/null +++ b/man/src/container/unpause.md @@ -0,0 +1,6 @@ +The `docker container unpause` command un-suspends all processes in a container. +On Linux, it does this using the cgroups freezer. + +See the [cgroups freezer documentation] +(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +further details. diff --git a/man/src/container/update.md b/man/src/container/update.md new file mode 100644 index 0000000000..26ee4e3216 --- /dev/null +++ b/man/src/container/update.md @@ -0,0 +1,102 @@ +The **docker container update** command dynamically updates container configuration. +You can use this command to prevent containers from consuming too many +resources from their Docker host. With a single command, you can place +limits on a single container or on many. To specify more than one container, +provide space-separated list of container names or IDs. + +With the exception of the **--kernel-memory** option, you can specify these +options on a running or a stopped container. On kernel version older than +4.6, You can only update **--kernel-memory** on a stopped container or on +a running container with kernel memory initialized. + +# OPTIONS + +## kernel-memory + +Kernel memory limit (format: `[]`, where unit = b, k, m or g) + +Note that on kernel version older than 4.6, you can not update kernel memory on +a running container if the container is started without kernel memory initialized, +in this case, it can only be updated after it's stopped. The new setting takes +effect when the container is started. + +## memory + +Memory limit (format: , where unit = b, k, m or g) + +Note that the memory should be smaller than the already set swap memory limit. +If you want update a memory limit bigger than the already set swap memory limit, +you should update swap memory limit at the same time. If you don't set swap memory +limit on docker create/run but only memory limit, the swap memory is double +the memory limit. + +# EXAMPLES + +The following sections illustrate ways to use this command. + +### Update a container's cpu-shares + +To limit a container's cpu-shares to 512, first identify the container +name or ID. You can use **docker ps** to find these values. You can also +use the ID returned from the **docker run** command. Then, do the following: + +```bash +$ docker container update --cpu-shares 512 abebf7571666 +``` + +### Update a container with cpu-shares and memory + +To update multiple resource configurations for multiple containers: + +```bash +$ docker container update --cpu-shares 512 -m 300M abebf7571666 hopeful_morse +``` + +### Update a container's kernel memory constraints + +You can update a container's kernel memory limit using the **--kernel-memory** +option. On kernel version older than 4.6, this option can be updated on a +running container only if the container was started with **--kernel-memory**. +If the container was started *without* **--kernel-memory** you need to stop +the container before updating kernel memory. + +For example, if you started a container with this command: + +```bash +$ docker run -dit --name test --kernel-memory 50M ubuntu bash +``` + +You can update kernel memory while the container is running: + +```bash +$ docker container update --kernel-memory 80M test +``` + +If you started a container *without* kernel memory initialized: + +```bash +$ docker run -dit --name test2 --memory 300M ubuntu bash +``` + +Update kernel memory of running container `test2` will fail. You need to stop +the container before updating the **--kernel-memory** setting. The next time you +start it, the container uses the new value. + +Kernel version newer than (include) 4.6 does not have this limitation, you +can use `--kernel-memory` the same way as other options. + +### Update a container's restart policy + +You can change a container's restart policy on a running container. The new +restart policy takes effect instantly after you run `docker container update` on a +container. + +To update restart policy for one or more containers: + +```bash +$ docker container update --restart=on-failure:3 abebf7571666 hopeful_morse +``` + +Note that if the container is started with "--rm" flag, you cannot update the restart +policy for it. The `AutoRemove` and `RestartPolicy` are mutually exclusive for the +container. diff --git a/man/src/container/wait.md b/man/src/container/wait.md new file mode 100644 index 0000000000..63dcc5a48d --- /dev/null +++ b/man/src/container/wait.md @@ -0,0 +1,8 @@ +Block until a container stops, then print its exit code. + +# EXAMPLES + + $ docker run -d fedora sleep 99 + 079b83f558a2bc52ecad6b2a5de13622d584e6bb1aea058c11b36511e85e7622 + $ docker container wait 079b83f558a2bc + 0 diff --git a/man/src/cp.md b/man/src/cp.md new file mode 100644 index 0000000000..b1898ffc7c --- /dev/null +++ b/man/src/cp.md @@ -0,0 +1 @@ +Alias for `docker container cp`. diff --git a/man/src/create.md b/man/src/create.md new file mode 100644 index 0000000000..f600d7d535 --- /dev/null +++ b/man/src/create.md @@ -0,0 +1 @@ +Alias for `docker container create`. diff --git a/man/src/diff.md b/man/src/diff.md new file mode 100644 index 0000000000..29a639efa5 --- /dev/null +++ b/man/src/diff.md @@ -0,0 +1 @@ +Alias for `docker container diff`. diff --git a/man/src/events.md b/man/src/events.md new file mode 100644 index 0000000000..05fa614b7d --- /dev/null +++ b/man/src/events.md @@ -0,0 +1 @@ +Alias for `docker system events`. diff --git a/man/src/exec.md b/man/src/exec.md new file mode 100644 index 0000000000..21d2ce31ee --- /dev/null +++ b/man/src/exec.md @@ -0,0 +1 @@ +Alias for `docker container exec`. diff --git a/man/src/export.md b/man/src/export.md new file mode 100644 index 0000000000..1cc9799799 --- /dev/null +++ b/man/src/export.md @@ -0,0 +1 @@ +Alias for `docker container export`. diff --git a/man/src/history.md b/man/src/history.md new file mode 100644 index 0000000000..8b5f3e871a --- /dev/null +++ b/man/src/history.md @@ -0,0 +1 @@ +Alias for `docker image history`. diff --git a/man/src/image/build.md b/man/src/image/build.md new file mode 100644 index 0000000000..9dc897584a --- /dev/null +++ b/man/src/image/build.md @@ -0,0 +1 @@ +Alias for `docker build`. diff --git a/man/docker-history.1.md b/man/src/image/history.md similarity index 63% rename from man/docker-history.1.md rename to man/src/image/history.md index 91edefe25f..da7e5d64a5 100644 --- a/man/docker-history.1.md +++ b/man/src/image/history.md @@ -1,34 +1,5 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-history - Show the history of an image - -# SYNOPSIS -**docker history** -[**--help**] -[**-H**|**--human**[=*true*]] -[**--no-trunc**] -[**-q**|**--quiet**] -IMAGE - -# DESCRIPTION - Show the history of when and how an image was created. -# OPTIONS -**--help** - Print usage statement - -**-H**, **--human**=*true*|*false* - Print sizes and dates in human readable format. The default is *true*. - -**--no-trunc**=*true*|*false* - Don't truncate output. The default is *false*. - -**-q**, **--quiet**=*true*|*false* - Only show numeric IDs. The default is *false*. - # EXAMPLES $ docker history fedora IMAGE CREATED CREATED BY SIZE COMMENT @@ -45,8 +16,3 @@ The `docker commit` command has a **-m** flag for adding comments to the image. 88b42ffd1f7c 5 months ago /bin/sh -c #(nop) ADD file:1fd8d7f9f6557cafc7 373.7 MB c69cab00d6ef 5 months ago /bin/sh -c #(nop) MAINTAINER Lokesh Mandvekar 0 B 511136ea3c5a 19 months ago 0 B Imported from - - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/src/image/import.md b/man/src/image/import.md new file mode 100644 index 0000000000..2814a71e43 --- /dev/null +++ b/man/src/image/import.md @@ -0,0 +1,42 @@ +Create a new filesystem image from the contents of a tarball (`.tar`, +`.tar.gz`, `.tgz`, `.bzip`, `.tar.xz`, `.txz`) into it, then optionally tag it. + + +# EXAMPLES + +## Import from a remote location + + # docker image import http://example.com/exampleimage.tgz example/imagerepo + +## Import from a local file + +Import to docker via pipe and stdin: + + # cat exampleimage.tgz | docker image import - example/imagelocal + +Import with a commit message. + + # cat exampleimage.tgz | docker image import --message "New image imported from tarball" - exampleimagelocal:new + +Import to a Docker image from a local file. + + # docker image import /path/to/exampleimage.tgz + + +## Import from a local file and tag + +Import to docker via pipe and stdin: + + # cat exampleimageV2.tgz | docker image import - example/imagelocal:V-2.0 + +## Import from a local directory + + # tar -c . | docker image import - exampleimagedir + +## Apply specified Dockerfile instructions while importing the image +This example sets the docker image ENV variable DEBUG to true by default. + + # tar -c . | docker image import -c="ENV DEBUG true" - exampleimagedir + +# See also +**docker-export(1)** to export the contents of a filesystem as a tar archive to STDOUT. diff --git a/man/docker-load.1.md b/man/src/image/load.md similarity index 54% rename from man/docker-load.1.md rename to man/src/image/load.md index b165173047..81f126fdfc 100644 --- a/man/docker-load.1.md +++ b/man/src/image/load.md @@ -1,31 +1,7 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-load - Load an image from a tar archive or STDIN - -# SYNOPSIS -**docker load** -[**--help**] -[**-i**|**--input**[=*INPUT*]] -[**-q**|**--quiet**] - -# DESCRIPTION - Loads a tarred repository from a file or the standard input stream. Restores both images and tags. Write image names or IDs imported it standard output stream. -# OPTIONS -**--help** - Print usage statement - -**-i**, **--input**="" - Read from a tar archive file, instead of STDIN. The tarball may be compressed with gzip, bzip, or xz. - -**-q**, **--quiet** - Suppress the load progress bar but still outputs the imported images. - # EXAMPLES $ docker images @@ -46,11 +22,4 @@ standard output stream. fedora latest 58394af37342 7 weeks ago 385.5 MB # See also -**docker-save(1)** to save one or more images to a tar archive (streamed to STDOUT by default). - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -July 2015 update by Mary Anthony -June 2016 update by Vincent Demeester +**docker-image-save(1)** to save one or more images to a tar archive (streamed to STDOUT by default). diff --git a/man/docker-images.1.md b/man/src/image/ls.md similarity index 73% rename from man/docker-images.1.md rename to man/src/image/ls.md index d7958d0dc4..9943457bee 100644 --- a/man/docker-images.1.md +++ b/man/src/image/ls.md @@ -1,21 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-images - List images - -# SYNOPSIS -**docker images** -[**--help**] -[**-a**|**--all**] -[**--digests**] -[**-f**|**--filter**[=*[]*]] -[**--format**=*"TEMPLATE"*] -[**--no-trunc**] -[**-q**|**--quiet**] -[REPOSITORY[:TAG]] - -# DESCRIPTION This command lists the images stored in the local Docker repository. By default, intermediate images, used during builds, are not listed. Some of the @@ -31,21 +13,17 @@ repository for all tagged images of the same name. For example consider an image called fedora. It may be tagged with 18, 19, or 20, etc. to manage different versions. -# OPTIONS -**-a**, **--all**=*true*|*false* - Show all images (by default filter out the intermediate image layers). The default is *false*. +## Filters -**--digests**=*true*|*false* - Show image digests. The default is *false*. +Filters the output based on these conditions: -**-f**, **--filter**=[] - Filters the output based on these conditions: - dangling=(true|false) - find unused images - label= or label== - before=([:tag]||) - since=([:tag]||) -**--format**="*TEMPLATE*" +## Format + Pretty-print images using a Go template. Valid placeholders: .ID - Image ID @@ -56,49 +34,40 @@ versions. .CreatedAt - Time when the image was created .Size - Image disk size -**--help** - Print usage statement - -**--no-trunc**=*true*|*false* - Don't truncate output. The default is *false*. - -**-q**, **--quiet**=*true*|*false* - Only show numeric IDs. The default is *false*. - # EXAMPLES ## Listing the images To list the images in a local repository (not the registry) run: - docker images + docker image ls The list will contain the image repository name, a tag for the image, and an image ID, when it was created and its virtual size. Columns: REPOSITORY, TAG, IMAGE ID, CREATED, and SIZE. -The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument +The `docker image ls` command takes an optional `[REPOSITORY[:TAG]]` argument that restricts the list to images that match the argument. If you specify -`REPOSITORY`but no `TAG`, the `docker images` command lists all images in the +`REPOSITORY`but no `TAG`, the `docker image ls` command lists all images in the given repository. - docker images java + docker image ls java The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example, -`docker images jav` does not match the image `java`. +`docker image ls jav` does not match the image `java`. If both `REPOSITORY` and `TAG` are provided, only images matching that repository and tag are listed. To find all local images in the "java" repository with tag "8" you can use: - docker images java:8 + docker image ls java:8 To get a verbose list of images which contains all the intermediate images used in builds use **-a**: - docker images -a + docker image ls -a -Previously, the docker images command supported the --tree and --dot arguments, +Previously, the docker image ls command supported the --tree and --dot arguments, which displayed different visualizations of the image data. Docker core removed this functionality in the 1.7 version. If you liked this functionality, you can still find it in the third-party dockviz tool: https://github.com/justone/dockviz. @@ -145,9 +114,4 @@ Valid template placeholders are listed above. Listing just the shortened image IDs. This can be useful for some automated tools. - docker images -q - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit + docker image ls -q diff --git a/man/docker-pull.1.md b/man/src/image/pull.md similarity index 81% rename from man/docker-pull.1.md rename to man/src/image/pull.md index c61d005308..0286ef1502 100644 --- a/man/docker-pull.1.md +++ b/man/src/image/pull.md @@ -1,17 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-pull - Pull an image or a repository from a registry - -# SYNOPSIS -**docker pull** -[**-a**|**--all-tags**] -[**--help**] -NAME[:TAG] | [REGISTRY_HOST[:REGISTRY_PORT]/]NAME[:TAG] - -# DESCRIPTION - This command pulls down an image or a repository from a registry. If there is more than one image for a repository (e.g., fedora) then all images for that repository name can be pulled down including any tags @@ -20,22 +6,15 @@ images for that repository name can be pulled down including any tags If you do not specify a `REGISTRY_HOST`, the command uses Docker's public registry located at `registry-1.docker.io` by default. -# OPTIONS -**-a**, **--all-tags**=*true*|*false* - Download all tagged images in the repository. The default is *false*. - -**--help** - Print usage statement - # EXAMPLES ### Pull an image from Docker Hub To download a particular image, or set of images (i.e., a repository), use -`docker pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a +`docker image pull`. If no tag is provided, Docker Engine uses the `:latest` tag as a default. This command pulls the `debian:latest` image: - $ docker pull debian + $ docker image pull debian Using default tag: latest latest: Pulling from library/debian @@ -52,7 +31,7 @@ both layers with `debian:latest`. Pulling the `debian:jessie` image therefore only pulls its metadata, but not its layers, because all layers are already present locally: - $ docker pull debian:jessie + $ docker image pull debian:jessie jessie: Pulling from library/debian fdd5d7827f33: Already exists @@ -84,9 +63,9 @@ in the online documentation. ## Pull an image by digest (immutable identifier) So far, you've pulled images by their name (and "tag"). Using names and tags is -a convenient way to work with images. When using tags, you can `docker pull` an +a convenient way to work with images. When using tags, you can `docker image pull` an image again to make sure you have the most up-to-date version of that image. -For example, `docker pull ubuntu:14.04` pulls the latest version of the Ubuntu +For example, `docker image pull ubuntu:14.04` pulls the latest version of the Ubuntu 14.04 image. In some cases you don't want images to be updated to newer versions, but prefer @@ -98,7 +77,7 @@ and guarantee that the image you're using is always the same. To know the digest of an image, pull the image first. Let's pull the latest `ubuntu:14.04` image from Docker Hub: - $ docker pull ubuntu:14.04 + $ docker image pull ubuntu:14.04 14.04: Pulling from library/ubuntu 5a132a7e7af1: Pull complete @@ -119,7 +98,7 @@ may be useful if you want to pin to a version of the image you just pushed. A digest takes the place of the tag when pulling an image, for example, to pull the above image by digest, run the following command: - $ docker pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 + $ docker image pull ubuntu@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2 sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2: Pulling from library/ubuntu 5a132a7e7af1: Already exists @@ -141,7 +120,7 @@ Digest can also be used in the `FROM` of a Dockerfile, for example: ## Pulling from a different registry -By default, `docker pull` pulls images from Docker Hub. It is also possible to +By default, `docker image pull` pulls images from Docker Hub. It is also possible to manually specify the path of a registry to pull from. For example, if you have set up a local registry, you can specify its path to pull from it. A registry path is similar to a URL, but does not contain a protocol specifier (`https://`). @@ -149,7 +128,7 @@ path is similar to a URL, but does not contain a protocol specifier (`https://`) The following command pulls the `testing/test-image` image from a local registry listening on port 5000 (`myregistry.local:5000`): - $ docker pull myregistry.local:5000/testing/test-image + $ docker image pull myregistry.local:5000/testing/test-image Registry credentials are managed by **docker-login(1)**. @@ -161,13 +140,13 @@ section in the online documentation for more information. ## Pull a repository with multiple images -By default, `docker pull` pulls a *single* image from the registry. A repository +By default, `docker image pull` pulls a *single* image from the registry. A repository can contain multiple images. To pull all images from a repository, provide the -`-a` (or `--all-tags`) option when using `docker pull`. +`-a` (or `--all-tags`) option when using `docker image pull`. This command pulls all images from the `fedora` repository: - $ docker pull --all-tags fedora + $ docker image pull --all-tags fedora Pulling repository fedora ad57ef8d78d7: Download complete @@ -193,10 +172,10 @@ that are present locally: ## Canceling a pull -Killing the `docker pull` process, for example by pressing `CTRL-c` while it is +Killing the `docker image pull` process, for example by pressing `CTRL-c` while it is running in a terminal, will terminate the pull operation. - $ docker pull fedora + $ docker image pull fedora Using default tag: latest latest: Pulling from library/fedora @@ -208,13 +187,3 @@ running in a terminal, will terminate the pull operation. > connection between the Docker Engine daemon and the Docker Engine client > initiating the pull is lost. If the connection with the Engine daemon is > lost for other reasons than a manual interaction, the pull is also aborted. - - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -August 2014, updated by Sven Dowideit -April 2015, updated by John Willis -April 2015, updated by Mary Anthony for v2 -September 2015, updated by Sally O'Malley diff --git a/man/src/image/push.md b/man/src/image/push.md new file mode 100644 index 0000000000..8b4334d273 --- /dev/null +++ b/man/src/image/push.md @@ -0,0 +1,34 @@ +Use `docker image push` to share your images to the [Docker Hub](https://hub.docker.com) +registry or to a self-hosted one. + +Refer to **docker-image-tag(1)** for more information about valid image and tag names. + +Killing the **docker image push** process, for example by pressing **CTRL-c** while it +is running in a terminal, terminates the push operation. + +Registry credentials are managed by **docker-login(1)**. + +# EXAMPLES + +## Pushing a new image to a registry + +First save the new image by finding the container ID (using **docker container ls**) +and then committing it to a new image name. Note that only a-z0-9-_. are +allowed when naming images: + + # docker container commit c16378f943fe rhel-httpd + +Now, push the image to the registry using the image ID. In this example the +registry is on host named `registry-host` and listening on port `5000`. To do +this, tag the image with the host name or IP address, and the port of the +registry: + + # docker image tag rhel-httpd registry-host:5000/myadmin/rhel-httpd + # docker image push registry-host:5000/myadmin/rhel-httpd + +Check that this worked by running: + + # docker image ls + +You should see both `rhel-httpd` and `registry-host:5000/myadmin/rhel-httpd` +listed. diff --git a/man/src/image/rm.md b/man/src/image/rm.md new file mode 100644 index 0000000000..348d45402e --- /dev/null +++ b/man/src/image/rm.md @@ -0,0 +1,11 @@ +Removes one or more images from the host node. This does not remove images from +a registry. You cannot remove an image of a running container unless you use the +**-f** option. To see all images on a host use the **docker image ls** command. + +# EXAMPLES + +## Removing an image + +Here is an example of removing an image: + + docker image rm fedora/httpd diff --git a/man/src/image/save.md b/man/src/image/save.md new file mode 100644 index 0000000000..19d885ec61 --- /dev/null +++ b/man/src/image/save.md @@ -0,0 +1,19 @@ +Produces a tarred repository to the standard output stream. Contains all +parent layers, and all tags + versions, or specified repo:tag. + +Stream to a file instead of STDOUT by using **-o**. + +# EXAMPLES + +Save all fedora repository images to a fedora-all.tar and save the latest +fedora image to a fedora-latest.tar: + + $ docker image save fedora > fedora-all.tar + $ docker image save --output=fedora-latest.tar fedora:latest + $ ls -sh fedora-all.tar + 721M fedora-all.tar + $ ls -sh fedora-latest.tar + 367M fedora-latest.tar + +# See also +**docker-image-load(1)** to load an image from a tar archive on STDIN. diff --git a/man/docker-tag.1.md b/man/src/image/tag.md similarity index 67% rename from man/docker-tag.1.md rename to man/src/image/tag.md index 7f27e1b0e1..25c1f785d4 100644 --- a/man/docker-tag.1.md +++ b/man/src/image/tag.md @@ -1,22 +1,7 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-tag - Create a tag `TARGET_IMAGE` that refers to `SOURCE_IMAGE` - -# SYNOPSIS -**docker tag** -[**--help**] -SOURCE_NAME[:TAG] TARGET_NAME[:TAG] - -# DESCRIPTION Assigns a new alias to an image in a registry. An alias refers to the entire image name including the optional `TAG` after the ':'. -# "OPTIONS" -**--help** - Print usage statement. - +# OPTIONS **NAME** The image name which is made up of slash-separated name components, optionally prefixed by a registry hostname. The hostname must comply with @@ -41,14 +26,14 @@ entire image name including the optional `TAG` after the ':'. To tag a local image with ID "0e5574283393" into the "fedora" repository with "version1.0": - docker tag 0e5574283393 fedora/httpd:version1.0 + docker image tag 0e5574283393 fedora/httpd:version1.0 ## Tagging an image referenced by Name To tag a local image with name "httpd" into the "fedora" repository with "version1.0": - docker tag httpd fedora/httpd:version1.0 + docker image tag httpd fedora/httpd:version1.0 Note that since the tag name is not specified, the alias is created for an existing local version `httpd:latest`. @@ -58,19 +43,11 @@ existing local version `httpd:latest`. To tag a local image with name "httpd" and tag "test" into the "fedora" repository with "version1.0.test": - docker tag httpd:test fedora/httpd:version1.0.test + docker image tag httpd:test fedora/httpd:version1.0.test ## Tagging an image for a private repository To push an image to a private registry and not the central Docker registry you must tag it with the registry hostname and port (if needed). - docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -July 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 -June 2015, updated by Sally O'Malley + docker image tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 diff --git a/man/src/images.md b/man/src/images.md new file mode 100644 index 0000000000..ae6a3875ee --- /dev/null +++ b/man/src/images.md @@ -0,0 +1 @@ +Alias for `docker image ls`. diff --git a/man/src/import.md b/man/src/import.md new file mode 100644 index 0000000000..826c71b1b3 --- /dev/null +++ b/man/src/import.md @@ -0,0 +1 @@ +Alias for `docker image import`. diff --git a/man/src/info.md b/man/src/info.md new file mode 100644 index 0000000000..35e62f86e9 --- /dev/null +++ b/man/src/info.md @@ -0,0 +1 @@ +Alias for `docker system info`. diff --git a/man/docker-inspect.1.md b/man/src/inspect.md similarity index 89% rename from man/docker-inspect.1.md rename to man/src/inspect.md index 21d7ba678a..d0a2a68378 100644 --- a/man/docker-inspect.1.md +++ b/man/src/inspect.md @@ -1,39 +1,9 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-inspect - Return low-level information on docker objects - -# SYNOPSIS -**docker inspect** -[**--help**] -[**-f**|**--format**[=*FORMAT*]] -[**-s**|**--size**] -[**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume*] -NAME|ID [NAME|ID...] - -# DESCRIPTION - This displays the low-level information on Docker object(s) (e.g. container, image, volume,network, node, service, or task) identified by name or ID. By default, this will render all results in a JSON array. If the container and image have the same name, this will return container JSON for unspecified type. If a format is specified, the given template will be executed for each result. -# OPTIONS -**--help** - Print usage statement - -**-f**, **--format**="" - Format the output using the given Go template - -**-s**, **--size** - Display total file sizes if the type is container - -**--type**=*container*|*image*|*network*|*node*|*service*|*task*|*volume* - Return JSON for specified type, permissible values are "image", "container", - "network", "node", "service", "task", and "volume" - # EXAMPLES Get information about an image when image name conflicts with the container name, @@ -314,10 +284,3 @@ about the image: } } ] - -# HISTORY -April 2014, originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Qiang Huang -October 2015, updated by Sally O'Malley diff --git a/man/src/kill.md b/man/src/kill.md new file mode 100644 index 0000000000..50efbcf030 --- /dev/null +++ b/man/src/kill.md @@ -0,0 +1 @@ +Alias for `docker container kill`. diff --git a/man/src/load.md b/man/src/load.md new file mode 100644 index 0000000000..60e77d7a0e --- /dev/null +++ b/man/src/load.md @@ -0,0 +1 @@ +Alias for `docker image load`. diff --git a/man/docker-login.1.md b/man/src/login.md similarity index 62% rename from man/docker-login.1.md rename to man/src/login.md index c0d4f795db..2f83276e45 100644 --- a/man/docker-login.1.md +++ b/man/src/login.md @@ -1,17 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-login - Log in to a Docker registry. - -# SYNOPSIS -**docker login** -[**--help**] -[**-p**|**--password**[=*PASSWORD*]] -[**-u**|**--username**[=*USERNAME*]] -[SERVER] - -# DESCRIPTION Log in to a Docker Registry located on the specified `SERVER`. You can specify a URL or a `hostname` for the `SERVER` value. If you do not specify a `SERVER`, the command uses Docker's public registry located at @@ -26,16 +12,6 @@ You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. -# OPTIONS -**--help** - Print usage statement - -**-p**, **--password**="" - Password - -**-u**, **--username**="" - Username - # EXAMPLES ## Login to a registry on your localhost @@ -44,10 +20,3 @@ credentials. When you log in, the command stores encoded credentials in # See also **docker-logout(1)** to log out from a Docker registry. - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 -November 2015, updated by Sally O'Malley diff --git a/man/docker-logout.1.md b/man/src/logout.md similarity index 50% rename from man/docker-logout.1.md rename to man/src/logout.md index a8a4b7c3c0..8262018038 100644 --- a/man/docker-logout.1.md +++ b/man/src/logout.md @@ -1,22 +1,8 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-logout - Log out from a Docker registry. - -# SYNOPSIS -**docker logout** -[SERVER] - -# DESCRIPTION Log out of a Docker Registry located on the specified `SERVER`. You can specify a URL or a `hostname` for the `SERVER` value. If you do not specify a `SERVER`, the command attempts to log you out of Docker's public registry located at `https://registry-1.docker.io/` by default. -# OPTIONS -There are no available options. - # EXAMPLES ## Log out from a registry on your localhost @@ -25,8 +11,3 @@ There are no available options. # See also **docker-login(1)** to log in to a Docker registry server. - -# HISTORY -June 2014, Originally compiled by Daniel, Dao Quang Minh (daniel at nitrous dot io) -July 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 diff --git a/man/src/logs.md b/man/src/logs.md new file mode 100644 index 0000000000..e528150e29 --- /dev/null +++ b/man/src/logs.md @@ -0,0 +1 @@ +Alias for `docker container logs`. diff --git a/man/docker-network-connect.1.md b/man/src/network/connect.md similarity index 82% rename from man/docker-network-connect.1.md rename to man/src/network/connect.md index 096ec77a4d..59bcc0302b 100644 --- a/man/docker-network-connect.1.md +++ b/man/src/network/connect.md @@ -1,16 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-connect - connect a container to a network - -# SYNOPSIS -**docker network connect** -[**--help**] -NETWORK CONTAINER - -# DESCRIPTION - Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in the same network. @@ -50,17 +37,3 @@ support multi-host connectivity, containers connected to the same multi-host network but launched from different Engines can also communicate in this way. You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks. - - -# OPTIONS -**NETWORK** - Specify network name - -**CONTAINER** - Specify container name - -**--help** - Print usage statement - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/man/docker-network-create.1.md b/man/src/network/create.md similarity index 78% rename from man/docker-network-create.1.md rename to man/src/network/create.md index 44ce8e15c2..115a41846f 100644 --- a/man/docker-network-create.1.md +++ b/man/src/network/create.md @@ -1,28 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-create - create a new network - -# SYNOPSIS -**docker network create** -[**--attachable**] -[**--aux-address**=*map[]*] -[**-d**|**--driver**=*DRIVER*] -[**--gateway**=*[]*] -[**--help**] -[**--internal**] -[**--ip-range**=*[]*] -[**--ipam-driver**=*default*] -[**--ipam-opt**=*map[]*] -[**--ipv6**] -[**--label**[=*[]*]] -[**-o**|**--opt**=*map[]*] -[**--subnet**=*[]*] -NETWORK-NAME - -# DESCRIPTION - Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the built-in network drivers. If you have installed a third party or your own custom network driver you can specify that `DRIVER` here also. If you don't specify the @@ -142,46 +117,3 @@ By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. - -# OPTIONS -**--attachable** - Enable manual container attachment - -**--aux-address**=map[] - Auxiliary IPv4 or IPv6 addresses used by network driver - -**-d**, **--driver**=*DRIVER* - Driver to manage the Network bridge or overlay. The default is bridge. - -**--gateway**=[] - IPv4 or IPv6 Gateway for the master subnet - -**--help** - Print usage - -**--internal** - Restrict external access to the network - -**--ip-range**=[] - Allocate container ip from a sub-range - -**--ipam-driver**=*default* - IP Address Management Driver - -**--ipam-opt**=map[] - Set custom IPAM driver options - -**--ipv6** - Enable IPv6 networking - -**--label**=*label* - Set metadata for a network - -**-o**, **--opt**=map[] - Set custom driver options - -**--subnet**=[] - Subnet in CIDR format that represents a network segment - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/man/src/network/disconnect.md b/man/src/network/disconnect.md new file mode 100644 index 0000000000..13943f3f8f --- /dev/null +++ b/man/src/network/disconnect.md @@ -0,0 +1,5 @@ +Disconnects a container from a network. + +```bash +$ docker network disconnect multi-host-network container1 +``` diff --git a/man/docker-network-inspect.1.md b/man/src/network/inspect.md similarity index 87% rename from man/docker-network-inspect.1.md rename to man/src/network/inspect.md index f27c98cb34..89fd0e167a 100644 --- a/man/docker-network-inspect.1.md +++ b/man/src/network/inspect.md @@ -1,17 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-inspect - inspect a network - -# SYNOPSIS -**docker network inspect** -[**-f**|**--format**[=*FORMAT*]] -[**--help**] -NETWORK [NETWORK...] - -# DESCRIPTION - Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network: ```bash @@ -100,13 +86,3 @@ $ docker network inspect simple-network } ] ``` - -# OPTIONS -**-f**, **--format**="" - Format the output using the given Go template. - -**--help** - Print usage statement - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/man/docker-network-ls.1.md b/man/src/network/ls.md similarity index 81% rename from man/docker-network-ls.1.md rename to man/src/network/ls.md index f319e66035..c5182e87e1 100644 --- a/man/docker-network-ls.1.md +++ b/man/src/network/ls.md @@ -1,19 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-ls - list networks - -# SYNOPSIS -**docker network ls** -[**-f**|**--filter**[=*[]*]] -[**--format**=*"TEMPLATE"*] -[**--no-trunc**[=*true*|*false*]] -[**-q**|**--quiet**[=*true*|*false*]] -[**--help**] - -# DESCRIPTION - Lists all the networks the Engine `daemon` knows about. This includes the networks that span across multiple hosts in a cluster, for example: @@ -158,31 +142,16 @@ $ docker network rm `docker network ls --filter type=custom -q` A warning will be issued when trying to remove a network that has containers attached. -# OPTIONS +## Format -**-f**, **--filter**=*[]* - filter output based on conditions provided. +Format uses a Go template to print the output. The following variables are +supported: -**--format**="*TEMPLATE*" - Pretty-print networks using a Go template. - Valid placeholders: - .ID - Network ID - .Name - Network name - .Driver - Network driver - .Scope - Network scope (local, global) - .IPv6 - Whether IPv6 is enabled on the network or not - .Internal - Whether the network is internal or not - .Labels - All labels assigned to the network - .Label - Value of a specific label for this network. For example `{{.Label "project.version"}}` - -**--no-trunc**=*true*|*false* - Do not truncate the output - -**-q**, **--quiet**=*true*|*false* - Only display network IDs - -**--help** - Print usage statement - -# HISTORY -OCT 2015, created by Mary Anthony +* .ID - Network ID +* .Name - Network name +* .Driver - Network driver +* .Scope - Network scope (local, global) +* .IPv6 - Whether IPv6 is enabled on the network or not +* .Internal - Whether the network is internal or not +* .Labels - All labels assigned to the network +* .Label - Value of a specific label for this network. For example `{{.Label "project.version"}}` diff --git a/man/docker-network-rm.1.md b/man/src/network/rm.md similarity index 67% rename from man/docker-network-rm.1.md rename to man/src/network/rm.md index c094a15286..815b6a487b 100644 --- a/man/docker-network-rm.1.md +++ b/man/src/network/rm.md @@ -1,16 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% OCT 2015 -# NAME -docker-network-rm - remove one or more networks - -# SYNOPSIS -**docker network rm** -[**--help**] -NETWORK [NETWORK...] - -# DESCRIPTION - Removes one or more networks by name or identifier. To remove a network, you must first disconnect any containers connected to it. To remove the network named 'my-network': @@ -31,13 +18,3 @@ When you specify multiple networks, the command attempts to delete each in turn. If the deletion of one network fails, the command continues to the next on the list and tries to delete that. The command reports success or failure for each deletion. - -# OPTIONS -**NETWORK** - Specify network name or id - -**--help** - Print usage statement - -# HISTORY -OCT 2015, created by Mary Anthony diff --git a/man/src/pause.md b/man/src/pause.md new file mode 100644 index 0000000000..8779d0601b --- /dev/null +++ b/man/src/pause.md @@ -0,0 +1 @@ +Alias for `docker container pause`. diff --git a/man/src/port.md b/man/src/port.md new file mode 100644 index 0000000000..b540ce1776 --- /dev/null +++ b/man/src/port.md @@ -0,0 +1 @@ +Alias for `docker container port`. diff --git a/man/src/ps.md b/man/src/ps.md new file mode 100644 index 0000000000..83f289e888 --- /dev/null +++ b/man/src/ps.md @@ -0,0 +1 @@ +Alias for `docker container ls`. diff --git a/man/src/pull.md b/man/src/pull.md new file mode 100644 index 0000000000..78b0ab87c8 --- /dev/null +++ b/man/src/pull.md @@ -0,0 +1 @@ +Alias for `docker image pull`. diff --git a/man/src/push.md b/man/src/push.md new file mode 100644 index 0000000000..84f721e0b5 --- /dev/null +++ b/man/src/push.md @@ -0,0 +1 @@ +Alias for `docker image push`. diff --git a/man/src/rename.md b/man/src/rename.md new file mode 100644 index 0000000000..7a237f42ff --- /dev/null +++ b/man/src/rename.md @@ -0,0 +1 @@ +Alias for `docker container rename`. diff --git a/man/src/restart.md b/man/src/restart.md new file mode 100644 index 0000000000..eddad06b69 --- /dev/null +++ b/man/src/restart.md @@ -0,0 +1 @@ +Alias for `docker container restart`. diff --git a/man/src/rm.md b/man/src/rm.md new file mode 100644 index 0000000000..8b0cbd658e --- /dev/null +++ b/man/src/rm.md @@ -0,0 +1 @@ +Alias for `docker container rm`. diff --git a/man/src/rmi.md b/man/src/rmi.md new file mode 100644 index 0000000000..b77750493d --- /dev/null +++ b/man/src/rmi.md @@ -0,0 +1 @@ +Alias for `docker image rm`. diff --git a/man/src/save.md b/man/src/save.md new file mode 100644 index 0000000000..95127f5a45 --- /dev/null +++ b/man/src/save.md @@ -0,0 +1 @@ +Alias for `docker image save`. diff --git a/man/docker-search.1.md b/man/src/search.md similarity index 65% rename from man/docker-search.1.md rename to man/src/search.md index ad8bbc78b2..cf2ac4f1a9 100644 --- a/man/docker-search.1.md +++ b/man/src/search.md @@ -1,42 +1,16 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-search - Search the Docker Hub for images - -# SYNOPSIS -**docker search** -[**-f**|**--filter**[=*[]*]] -[**--help**] -[**--limit**[=*LIMIT*]] -[**--no-trunc**] -TERM - -# DESCRIPTION - Search Docker Hub for images that match the specified `TERM`. The table of images returned displays the name, description (truncated by default), number of stars awarded, whether the image is official, and whether it is automated. *Note* - Search queries will only return up to 25 results -# OPTIONS +## Filter -**-f**, **--filter**=[] Filter output based on these conditions: - stars= - is-automated=(true|false) - is-official=(true|false) -**--help** - Print usage statement - -**--limit**=*LIMIT* - Maximum returned search results. The default is 25. - -**--no-trunc**=*true*|*false* - Don't truncate output. The default is *false*. - # EXAMPLES ## Search Docker Hub for ranked images @@ -60,11 +34,3 @@ ranked 1 or higher: NAME DESCRIPTION STARS OFFICIAL AUTOMATED goldmann/wildfly A WildFly application server running on a ... 3 [OK] tutum/fedora-20 Fedora 20 image with SSH access. For the r... 1 [OK] - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -April 2015, updated by Mary Anthony for v2 -April 2016, updated by Vincent Demeester - diff --git a/man/src/start.md b/man/src/start.md new file mode 100644 index 0000000000..9bab867704 --- /dev/null +++ b/man/src/start.md @@ -0,0 +1 @@ +Alias for `docker container start`. diff --git a/man/src/stats.md b/man/src/stats.md new file mode 100644 index 0000000000..f709ce4f18 --- /dev/null +++ b/man/src/stats.md @@ -0,0 +1 @@ +Alias for `docker container stats`. diff --git a/man/src/stop.md b/man/src/stop.md new file mode 100644 index 0000000000..35fd07b62e --- /dev/null +++ b/man/src/stop.md @@ -0,0 +1 @@ +Alias for `docker container stop`. diff --git a/man/docker-events.1.md b/man/src/system/events.md similarity index 86% rename from man/docker-events.1.md rename to man/src/system/events.md index c0909c6817..e9370e331e 100644 --- a/man/docker-events.1.md +++ b/man/src/system/events.md @@ -1,19 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-events - Get real time events from the server - -# SYNOPSIS -**docker events** -[**--help**] -[**-f**|**--filter**[=*[]*]] -[**--since**[=*SINCE*]] -[**--until**[=*UNTIL*]] -[**--format**[=*FORMAT*]] - - -# DESCRIPTION Get event information from the Docker daemon. Information can include historical information and real-time information. @@ -34,29 +18,6 @@ Docker networks report the following events: create, connect, disconnect, destroy # OPTIONS -**--help** - Print usage statement - -**-f**, **--filter**=[] - Filter output based on these conditions - - container (`container=`) - - event (`event=`) - - image (`image=`) - - plugin (experimental) (`plugin=`) - - label (`label=` or `label==`) - - type (`type=`) - - volume (`volume=`) - - network (`network=`) - - daemon (`daemon=`) - -**--since**="" - Show all events created since timestamp - -**--until**="" - Stream events until this timestamp - -**--format**="" - Format the output using the given Go template The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed @@ -171,10 +132,3 @@ Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit -June 2015, updated by Brian Goff -October 2015, updated by Mike Brown diff --git a/man/docker-info.1.md b/man/src/system/info.md similarity index 91% rename from man/docker-info.1.md rename to man/src/system/info.md index bb7a8fb4c2..9a87e985ed 100644 --- a/man/docker-info.1.md +++ b/man/src/system/info.md @@ -1,15 +1,3 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2014 -# NAME -docker-info - Display system-wide information - -# SYNOPSIS -**docker info** -[**--help**] -[**-f**|**--format**[=*FORMAT*]] - -# DESCRIPTION This command displays system wide information regarding the Docker installation. Information displayed includes the kernel version, number of containers and images. The number of images shown is the number of unique images. The same image tagged @@ -28,13 +16,6 @@ meta data regarding those images are stored. When run for the first time Docker allocates a certain amount of data space and meta data space from the space available on the volume where `/var/lib/docker` is mounted. -# OPTIONS -**--help** - Print usage statement - -**-f**, **--format**="" - Format the output using the given Go template - # EXAMPLES ## Display Docker system information @@ -180,8 +161,3 @@ You can also specify the output format: $ docker info --format '{{json .}}' {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} - -# HISTORY -April 2014, Originally compiled by William Henry (whenry at redhat dot com) -based on docker.com source material and internal work. -June 2014, updated by Sven Dowideit diff --git a/man/src/tag.md b/man/src/tag.md new file mode 100644 index 0000000000..55c4ef1a79 --- /dev/null +++ b/man/src/tag.md @@ -0,0 +1 @@ +Alias for `docker image tag`. diff --git a/man/src/top.md b/man/src/top.md new file mode 100644 index 0000000000..ac0f0845f4 --- /dev/null +++ b/man/src/top.md @@ -0,0 +1 @@ +Alias for `docker container top`. diff --git a/man/src/unpause.md b/man/src/unpause.md new file mode 100644 index 0000000000..8779d0601b --- /dev/null +++ b/man/src/unpause.md @@ -0,0 +1 @@ +Alias for `docker container pause`. diff --git a/man/src/update.md b/man/src/update.md new file mode 100644 index 0000000000..162022ab29 --- /dev/null +++ b/man/src/update.md @@ -0,0 +1 @@ +Alias for `docker container update`. diff --git a/man/docker-version.1.md b/man/src/version.md similarity index 67% rename from man/docker-version.1.md rename to man/src/version.md index 1838f82052..5dea4a297c 100644 --- a/man/docker-version.1.md +++ b/man/src/version.md @@ -1,25 +1,6 @@ -% DOCKER(1) Docker User Manuals -% Docker Community -% JUNE 2015 -# NAME -docker-version - Show the Docker version information. - -# SYNOPSIS -**docker version** -[**--help**] -[**-f**|**--format**[=*FORMAT*]] - -# DESCRIPTION This command displays version information for both the Docker client and daemon. -# OPTIONS -**--help** - Print usage statement - -**-f**, **--format**="" - Format the output using the given Go template. - # EXAMPLES ## Display Docker version information @@ -54,9 +35,3 @@ To view all available fields, you can use the format `{{json .}}`. $ docker version --format '{{json .}}' {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} - - -# HISTORY -June 2014, updated by Sven Dowideit -June 2015, updated by John Howard -June 2015, updated by Patrick Hemmer diff --git a/man/src/volume.md b/man/src/volume.md new file mode 100644 index 0000000000..0a09a41da3 --- /dev/null +++ b/man/src/volume.md @@ -0,0 +1,14 @@ +The `docker volume` command has subcommands for managing data volumes. A data +volume is a specially-designated directory that by-passes storage driver +management. + +Data volumes persist data independent of a container's life cycle. When you +delete a container, the Docker daemon does not delete any data volumes. You can +share volumes across multiple containers. Moreover, you can share data volumes +with other computing resources in your system. + +To see help for a subcommand, use: + + docker volume COMMAND --help + +For full details on using docker volume visit Docker's online documentation. diff --git a/man/src/volume/create.md b/man/src/volume/create.md new file mode 100644 index 0000000000..408079d62d --- /dev/null +++ b/man/src/volume/create.md @@ -0,0 +1,35 @@ +Creates a new volume that containers can consume and store data in. If a name +is not specified, Docker generates a random name. You create a volume and then +configure the container to use it, for example: + + $ docker volume create hello + hello + $ docker run -d -v hello:/world busybox ls /world + +The mount is created inside the container's `/src` directory. Docker doesn't +not support relative paths for mount points inside the container. + +Multiple containers can use the same volume in the same time period. This is +useful if two containers need access to shared data. For example, if one +container writes and the other reads the data. + +## Driver specific options + +Some volume drivers may take options to customize the volume creation. Use the +`-o` or `--opt` flags to pass driver options: + + $ docker volume create --driver fake --opt tardis=blue --opt timey=wimey + +These options are passed directly to the volume driver. Options for different +volume drivers may do different things (or nothing at all). + +The built-in `local` driver on Windows does not support any options. + +The built-in `local` driver on Linux accepts options similar to the linux +`mount` command: + + $ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 + +Another example: + + $ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 diff --git a/man/src/volume/inspect.md b/man/src/volume/inspect.md new file mode 100644 index 0000000000..0885caab63 --- /dev/null +++ b/man/src/volume/inspect.md @@ -0,0 +1,4 @@ +Returns information about one or more volumes. By default, this command renders +all results in a JSON array. You can specify an alternate format to execute a +given template is executed for each result. Go's https://golang.org/pkg/text/template/ +package describes all the details of the format. diff --git a/man/src/volume/ls.md b/man/src/volume/ls.md new file mode 100644 index 0000000000..597884278f --- /dev/null +++ b/man/src/volume/ls.md @@ -0,0 +1,11 @@ +Lists all the volumes Docker manages. You can filter using the `-f` or +`--filter` flag. The filtering format is a `key=value` pair. To specify +more than one filter, pass multiple flags (for example, +`--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* `dangling` (boolean - `true` or `false`, `1` or `0`) +* `driver` (a volume driver's name) +* `label` (`label=` or `label==`) +* `name` (a volume's name) diff --git a/man/src/wait.md b/man/src/wait.md new file mode 100644 index 0000000000..8700848ec7 --- /dev/null +++ b/man/src/wait.md @@ -0,0 +1 @@ +Alias for `docker container wait`. From 63aa05d3f746368d796447a97d26bdd670495eb5 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Wed, 14 Dec 2016 00:35:34 -0800 Subject: [PATCH 2217/2538] replace no-remove by sample-volume-plugin in docs Signed-off-by: Victor Vieux --- docs/extend/config.md | 85 ++++++++++---------- docs/reference/commandline/events.md | 4 +- docs/reference/commandline/plugin_disable.md | 14 ++-- docs/reference/commandline/plugin_enable.md | 14 ++-- docs/reference/commandline/plugin_inspect.md | 8 +- docs/reference/commandline/plugin_install.md | 14 ++-- docs/reference/commandline/plugin_ls.md | 4 +- docs/reference/commandline/plugin_rm.md | 10 +-- docs/reference/commandline/plugin_set.md | 8 +- man/src/system/events.md | 4 +- 10 files changed, 81 insertions(+), 84 deletions(-) diff --git a/docs/extend/config.md b/docs/extend/config.md index eca33803c2..538dc6ac47 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -171,52 +171,49 @@ Config provides the base accessible fields for working with V0 plugin format ## Example Config -*Example showing the 'tiborvass/no-remove' plugin config.* +*Example showing the 'tiborvass/sample-volume-plugin' plugin config.* ```json { - "description": "A test plugin for Docker", - "documentation": "https://docs.docker.com/engine/extend/plugins/", - "entrypoint": ["plugin-no-remove", "/data"], - "interface": { - "types": ["docker.volumedriver/1.0"], - "socket": "plugins.sock" - }, - "network": { - "type": "host" - }, - "mounts": [ - { - "source": "/data", - "destination": "/data", - "type": "bind", - "options": ["shared", "rbind"] - }, - { - "destination": "/foobar", - "type": "tmpfs" - } - ], - "args": { - "name": "args", - "description": "command line arguments", - "value": [] - }, - "env": [ - { - "name": "DEBUG", - "description": "If set, prints debug messages", - "value": "1" - } - ], - "linux": { - "devices": [ - { - "name": "device", - "description": "a host device to mount", - "path": "/dev/cpu_dma_latency" - } - ] - } + "Args": { + "Description": "", + "Name": "", + "Settable": null, + "Value": null + }, + "Description": "A sample volume plugin for Docker", + "Documentation": "https://docs.docker.com/engine/extend/plugins/", + "Entrypoint": [ + "/usr/bin/sample-volume-plugin", + "/data" + ], + "Env": [ + { + "Description": "", + "Name": "DEBUG", + "Settable": [ + "value" + ], + "Value": "0" + } + ], + "Interface": { + "Socket": "plugin.sock", + "Types": [ + "docker.volumedriver/1.0" + ] + }, + "Linux": { + "Capabilities": null, + "DeviceCreation": false, + "Devices": null + }, + "Mounts": null, + "Network": { + "Type": "" + }, + "PropagatedMount": "/data", + "User": {}, + "Workdir": "" } ``` diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index 82cac92aac..baa966d620 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -194,8 +194,8 @@ relative to the current time on the client machine: 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) $ docker events --filter 'type=plugin' (experimental) - 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) - 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) + 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) + 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) **Format:** diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index 66b0ca9466..f054fd066a 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -30,27 +30,27 @@ see [`docker plugin install`](plugin_install.md). Without the `-f` option, a plugin that has references (eg, volumes, networks) cannot be disabled. -The following example shows that the `no-remove` plugin is installed +The following example shows that the `sample-volume-plugin` plugin is installed and enabled: ```bash $ docker plugin ls -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/no-remove latest A test plugin for Docker true +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true ``` To disable the plugin, use the following command: ```bash -$ docker plugin disable tiborvass/no-remove +$ docker plugin disable tiborvass/sample-volume-plugin -tiborvass/no-remove +tiborvass/sample-volume-plugin $ docker plugin ls -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/no-remove latest A test plugin for Docker false +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker false ``` ## Related information diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index 36fb7640ac..060592ef07 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -29,27 +29,27 @@ Enables a plugin. The plugin must be installed before it can be enabled, see [`docker plugin install`](plugin_install.md). -The following example shows that the `no-remove` plugin is installed, +The following example shows that the `sample-volume-plugin` plugin is installed, but disabled: ```bash $ docker plugin ls -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/no-remove latest A test plugin for Docker false +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker false ``` To enable the plugin, use the following command: ```bash -$ docker plugin enable tiborvass/no-remove +$ docker plugin enable tiborvass/sample-volume-plugin -tiborvass/no-remove +tiborvass/sample-volume-plugin $ docker plugin ls -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/no-remove latest A test plugin for Docker true +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true ``` ## Related information diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 01e231bf06..d40cd40e75 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -31,12 +31,12 @@ in a JSON array. Example output: ```bash -$ docker plugin inspect tiborvass/no-remove:latest +$ docker plugin inspect tiborvass/sample-volume-plugin:latest ``` ```JSON { "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21", - "Name": "tiborvass/no-remove:latest", + "Name": "tiborvass/sample-volume-plugin:latest", "Enabled": true, "Config": { "Mounts": [ @@ -79,7 +79,7 @@ $ docker plugin inspect tiborvass/no-remove:latest "Socket": "plugins.sock" }, "Entrypoint": [ - "plugin-no-remove", + "plugin-sample-volume-plugin", "/data" ], "Workdir": "", @@ -143,7 +143,7 @@ $ docker plugin inspect tiborvass/no-remove:latest ```bash -$ docker plugin inspect -f '{{.Id}}' tiborvass/no-remove:latest +$ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest ``` ``` 8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21 diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 502eb441bf..78dd23825f 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -33,20 +33,20 @@ the registry. Note that the minimum required registry version to distribute plugins is 2.3.0 -The following example installs `no-remove` plugin and [set](plugin_set.md) it's env variable +The following example installs `vieus/sshfs` plugin and [set](plugin_set.md) it's env variable `DEBUG` to 1. Install consists of pulling the plugin from Docker Hub, prompting the user to accept the list of privileges that the plugin needs, settings parameters and enabling the plugin. ```bash -$ docker plugin install tiborvass/no-remove DEBUG=1 +$ docker plugin install vieux/sshfs DEBUG=1 -Plugin "tiborvass/no-remove" is requesting the following privileges: +Plugin "vieux/sshfs" is requesting the following privileges: - network: [host] - - mount: [/data] - - device: [/dev/cpu_dma_latency] + - device: [/dev/fuse] + - capabilities: [CAP_SYS_ADMIN] Do you grant the above permissions? [y/N] y -tiborvass/no-remove +vieux/sshfs ``` After the plugin is installed, it appears in the list of plugins: @@ -55,7 +55,7 @@ After the plugin is installed, it appears in the list of plugins: $ docker plugin ls ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/no-remove latest A test plugin for Docker true +69553ca1d123 vieux/sshfs latest sshFS plugin for Docker true ``` ## Related information diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index b727b53341..e436213ecc 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -36,8 +36,8 @@ Example output: ```bash $ docker plugin ls -ID NAME TAG DESCRIPTION ENABLED -69553ca1d123 tiborvass/no-remove latest A test plugin for Docker true +ID NAME TAG DESCRIPTION ENABLED +69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true ``` ## Related information diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 5a01dcaa1e..31029324b6 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -33,14 +33,14 @@ a plugin using the [`docker plugin disable`](plugin_disable.md) before removing it (or use --force, use of force is not recommended, since it can affect functioning of running containers using the plugin). -The following example disables and removes the `no-remove:latest` plugin; +The following example disables and removes the `sample-volume-plugin:latest` plugin; ```bash -$ docker plugin disable tiborvass/no-remove -tiborvass/no-remove +$ docker plugin disable tiborvass/sample-volume-plugin +tiborvass/sample-volume-plugin -$ docker plugin rm tiborvass/no-remove:latest -tiborvass/no-remove +$ docker plugin rm tiborvass/sample-volume-plugin:latest +tiborvass/sample-volume-plugin ``` ## Related information diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md index 9ea93aecf9..c206a8a760 100644 --- a/docs/reference/commandline/plugin_set.md +++ b/docs/reference/commandline/plugin_set.md @@ -33,15 +33,15 @@ The settings currently supported are: * args The following example change the env variable `DEBUG` on the -`no-remove` plugin. +`sample-volume-plugin` plugin. ```bash -$ docker plugin inspect -f {{.Settings.Env}} tiborvass/no-remove +$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin [DEBUG=0] -$ docker plugin set tiborvass/no-remove DEBUG=1 +$ docker plugin set tiborvass/sample-volume-plugin DEBUG=1 -$ docker plugin inspect -f {{.Settings.Env}} tiborvass/no-remove +$ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin [DEBUG=1] ``` diff --git a/man/src/system/events.md b/man/src/system/events.md index e9370e331e..44adc6c397 100644 --- a/man/src/system/events.md +++ b/man/src/system/events.md @@ -129,6 +129,6 @@ Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) $ docker events --filter 'type=plugin' (experimental) - 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) - 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/no-remove:latest) + 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) + 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) From 6dcebccc46b1d9499e675bc87312d73ce0750191 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Mon, 26 Dec 2016 22:27:56 +0800 Subject: [PATCH 2218/2538] Update docker daemon to dockerd Signed-off-by: yuexiao-wang --- docs/reference/commandline/dockerd.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 8d4423e3a4..cac84708cc 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -715,7 +715,7 @@ with the `--exec-opt` flag. All the flag's options have the `native` prefix. A single `native.cgroupdriver` option is available. The `native.cgroupdriver` option specifies the management of the container's -cgroups. You can specify only specify `cgroupfs` or `systemd`. If you specify +cgroups. You can only specify `cgroupfs` or `systemd`. If you specify `systemd` and it is not available, the system errors out. If you omit the `native.cgroupdriver` option,` cgroupfs` is used. @@ -730,8 +730,8 @@ Setting this option applies to all containers the daemon launches. Also Windows Container makes use of `--exec-opt` for special purpose. Docker user can specify default container isolation technology with this, for example: -```bash -$ sudo dockerd --exec-opt isolation=hyperv +```console +> dockerd --exec-opt isolation=hyperv ``` Will make `hyperv` the default isolation technology on Windows. If no isolation @@ -746,14 +746,12 @@ To set the DNS server for all Docker containers, use: $ sudo dockerd --dns 8.8.8.8 ``` - To set the DNS search domain for all Docker containers, use: ```bash $ sudo dockerd --dns-search example.com ``` - ## Insecure registries Docker considers a private registry either secure or insecure. In the rest of From 6c3e0ba5601572e4423d239a4387b7d97e40104f Mon Sep 17 00:00:00 2001 From: allencloud Date: Wed, 21 Dec 2016 18:31:05 +0800 Subject: [PATCH 2219/2538] support registry mirror config reload Signed-off-by: allencloud --- docs/reference/commandline/dockerd.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index cac84708cc..80d776f91c 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1287,6 +1287,7 @@ The list of currently supported options that can be reconfigured is this: be used to run containers - `authorization-plugin`: specifies the authorization plugins to use. - `insecure-registries`: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon's configuration are not in newly reloaded insecure resgitries, these existing ones will be removed from daemon's config. +- `registry-mirrors`: it replaces the daemon registry mirrors with a new set of registry mirrors. If some existing registry mirrors in daemon's configuration are not in newly reloaded registry mirrors, these existing ones will be removed from daemon's config. Updating and reloading the cluster configurations such as `--cluster-store`, `--cluster-advertise` and `--cluster-store-opts` will take effect only if From 36274c35d58fc0ca49d5b86f9478b298132a0215 Mon Sep 17 00:00:00 2001 From: John Howard Date: Tue, 3 Jan 2017 16:17:55 -0800 Subject: [PATCH 2220/2538] Tidy --isolation wording Signed-off-by: John Howard --- docs/reference/commandline/run.md | 47 ++++++++++++++++++------------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 6195647012..d92533c86a 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -668,38 +668,45 @@ signal that will be sent to the container to exit. After timeout elapses the con ### Specify isolation technology for container (--isolation) This option is useful in situations where you are running Docker containers on -Microsoft Windows. The `--isolation ` option sets a container's isolation -technology. On Linux, the only supported is the `default` option which uses +Windows. The `--isolation ` option sets a container's isolation technology. +On Linux, the only supported is the `default` option which uses Linux namespaces. These two commands are equivalent on Linux: -``` +```bash $ docker run -d busybox top $ docker run -d --isolation default busybox top ``` -On Microsoft Windows, can take any of these values: +On Windows, `--isolation` can take one of these values: -| Value | Description | -|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `default` | Use the value specified by the Docker daemon's `--exec-opt` . If the `daemon` does not specify an isolation technology, Microsoft Windows uses `process` as its default value. | -| `process` | Namespace isolation only. | -| `hyperv` | Hyper-V hypervisor partition-based isolation. | +| Value | Description | +|-----------|--------------------------------------------------------------------------------------------| +| `default` | Use the value specified by the Docker daemon's `--exec-opt` or system default (see below). | +| `process` | Shared-kernel namespace isolation (not supported on Windows client operating systems). | +| `hyperv` | Hyper-V hypervisor partition-based isolation. | -On Windows, the default isolation for client is `hyperv`, and for server is -`process`. Therefore when running on Windows server without a `daemon` option -set, these two commands are equivalent: -``` -$ docker run -d --isolation default busybox top -$ docker run -d --isolation process busybox top +The default isolation on Windows server operating systems is `process`. The default (and only supported) +isolation on Windows client operating systems is `hyperv`. An attempt to start a container on a client +operating system with `--isolation process` will fail. + +On Windows server, assuming the default configuration, these commands are equivalent +and result in `process` isolation: + +```PowerShell +PS C:\> docker run -d microsoft/nanoserver powershell echo process +PS C:\> docker run -d --isolation default microsoft/nanoserver powershell echo process +PS C:\> docker run -d --isolation process microsoft/nanoserver powershell echo process ``` -If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, -if running on Windows server, any of these commands also result in `hyperv` isolation: +If you have set the `--exec-opt isolation=hyperv` option on the Docker `daemon`, or +are running against a Windows client-based daemon, these commands are equivalent and +result in `hyperv` isolation: -``` -$ docker run -d --isolation default busybox top -$ docker run -d --isolation hyperv busybox top +```PowerShell +PS C:\> docker run -d microsoft/nanoserver powershell echo hyperv +PS C:\> docker run -d --isolation default microsoft/nanoserver powershell echo hyperv +PS C:\> docker run -d --isolation hyperv microsoft/nanoserver powershell echo hyperv ``` ### Configure namespaced kernel parameters (sysctls) at runtime From 67da1ed340093cdc7a3feb3e4b27721d3a4e7db3 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 3 Jan 2017 23:13:31 -0800 Subject: [PATCH 2221/2538] small secret doc update Signed-off-by: Victor Vieux --- docs/reference/commandline/secret_create.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md index ef2641a91c..d63083b3e6 100644 --- a/docs/reference/commandline/secret_create.md +++ b/docs/reference/commandline/secret_create.md @@ -34,32 +34,32 @@ command on a manager node. ### Create a secret ```bash -$ cat secret.json | docker secret create -f - secret.json +$ echo | docker secret create -f - my_secret mhv17xfe3gh6xc4rij5orpfds $ docker secret ls ID NAME CREATED UPDATED SIZE -mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 ``` ### Create a secret with a file ```bash -$ docker secret create --file secret.in secret.json +$ docker secret create -f secret.json my_secret mhv17xfe3gh6xc4rij5orpfds $ docker secret ls ID NAME CREATED UPDATED SIZE -mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 ``` ### Create a secret with labels ```bash -$ cat secret.json | docker secret create secret.json -f - --label env=dev --label rev=20161102 +$ docker secret create -f secret.json --label env=dev --label rev=20161102 my_secret jtn7g6aukl5ky7nr9gvwafoxh -$ docker secret inspect secret.json +$ docker secret inspect my_secret [ { "ID": "jtn7g6aukl5ky7nr9gvwafoxh", @@ -69,7 +69,7 @@ $ docker secret inspect secret.json "CreatedAt": "2016-11-03T20:54:12.924766548Z", "UpdatedAt": "2016-11-03T20:54:12.924766548Z", "Spec": { - "Name": "secret.json", + "Name": "my_secret", "Labels": { "env": "dev", "rev": "20161102" From bd5bced8d19ed5679cce2d617890517231be8439 Mon Sep 17 00:00:00 2001 From: Yunxiang Huang Date: Thu, 5 Jan 2017 11:13:17 +0800 Subject: [PATCH 2222/2538] Fix "zsh/_docker" Signed-off-by: Yunxiang Huang --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 8d00b13e6d..1aec353c57 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -917,7 +917,7 @@ __docker_image_subcommand() { "($help)*--label=[Set metadata for an image]:label=value: " \ "($help -m --memory)"{-m=,--memory=}"[Memory limit]:Memory limit: " \ "($help)--memory-swap=[Total memory limit with swap]:Memory limit: " \ - "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" + "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" \ "($help)--no-cache[Do not use cache when building the image]" \ "($help)--pull[Attempt to pull a newer version of the image]" \ "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ From fbfe077b1eca2d52fa69b80bad681a6f5e4ee1c0 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 4 Jan 2017 09:53:14 -0800 Subject: [PATCH 2223/2538] Add bash completion for plugin names Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ab662c382a..f34e2dfb2a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -23,6 +23,7 @@ # DOCKER_COMPLETION_SHOW_CONTAINER_IDS # DOCKER_COMPLETION_SHOW_NETWORK_IDS # DOCKER_COMPLETION_SHOW_NODE_IDS +# DOCKER_COMPLETION_SHOW_PLUGIN_IDS # DOCKER_COMPLETION_SHOW_SECRET_IDS # DOCKER_COMPLETION_SHOW_SERVICE_IDS # "no" - Show names only (default) @@ -286,9 +287,17 @@ __docker_complete_plugins_bundled() { # __docker_plugins_installed returns a list of all plugins that were installed with # the Docker plugin API. +# By default, only names are returned. +# Set DOCKER_COMPLETION_SHOW_PLUGIN_IDS=yes to also complete IDs. # For built-in pugins, see `__docker_plugins_bundled`. __docker_plugins_installed() { - __docker_q plugin ls | awk 'NR>1 {print $1}' + local fields + if [ "$DOCKER_COMPLETION_SHOW_PLUGIN_IDS" = yes ] ; then + fields='$1,$2' + else + fields='$2' + fi + __docker_q plugin ls | awk "NR>1 {print $fields}" } # __docker_complete_plugins_installed applies completion of plugins that were installed From 30f009076e250829aa2491b57d7452c8929357b6 Mon Sep 17 00:00:00 2001 From: lixiaobing10051267 Date: Fri, 6 Jan 2017 11:02:02 +0800 Subject: [PATCH 2224/2538] Provide correct command imformation and URL Signed-off-by: lixiaobing10051267 --- man/src/container/top.md | 2 +- man/src/container/unpause.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/src/container/top.md b/man/src/container/top.md index 5524494194..5e243569ac 100644 --- a/man/src/container/top.md +++ b/man/src/container/top.md @@ -6,6 +6,6 @@ All displayed information is from host's point of view. Run **docker container top** with the ps option of -x: - $ docker top 8601afda2b -x + $ docker container top 8601afda2b -x PID TTY STAT TIME COMMAND 16623 ? Ss 0:00 sleep 99999 diff --git a/man/src/container/unpause.md b/man/src/container/unpause.md index d318bb2b6a..0e77ceed6b 100644 --- a/man/src/container/unpause.md +++ b/man/src/container/unpause.md @@ -2,5 +2,5 @@ The `docker container unpause` command un-suspends all processes in a container. On Linux, it does this using the cgroups freezer. See the [cgroups freezer documentation] -(https://www.kernel.org/doc/Documentation/cgroups/freezer-subsystem.txt) for +(https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. From 6337d3724e11f8e398361f1236007658230d18f2 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Wed, 28 Dec 2016 19:34:32 +0800 Subject: [PATCH 2225/2538] keep network option consistent between network connect and run Signed-off-by: yuexiao-wang --- contrib/completion/fish/docker.fish | 4 ++-- contrib/completion/zsh/_docker | 10 +++++----- docs/reference/commandline/create.md | 6 +++--- docs/reference/commandline/network_connect.md | 4 ++-- docs/reference/commandline/run.md | 6 +++--- man/docker-run.1.md | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index 2715cb1aa6..8833e8caa8 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -135,7 +135,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s i -l interac complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add link to another container in the form of :alias' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' -complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g., 92:d0:c6:0a:29:33)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container' @@ -326,7 +326,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s i -l interactiv complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l ipc -d 'Default is to create a private IPC namespace (POSIX SysV IPC) for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add link to another container in the form of :alias' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' -complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g. 92:d0:c6:0a:29:33)' +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g., 92:d0:c6:0a:29:33)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 1aec353c57..2b7e822e36 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -541,12 +541,12 @@ __docker_container_subcommand() { "($help)*--group=[Set one or more supplementary user groups for the container]:group:_groups" "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" - "($help)--ip=[Container IPv4 address]:IPv4: " - "($help)--ip6=[Container IPv6 address]:IPv6: " + "($help)--ip=[IPv4 address]:IPv4: " + "($help)--ip6=[IPv6 address]:IPv6: " "($help)--ipc=[IPC namespace to use]:IPC namespace: " "($help)--isolation=[Container isolation technology]:isolation:(default hyperv process)" "($help)*--link=[Add link to another container]:link:->link" - "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " + "($help)*--link-local-ip=[Container IPv4/IPv6 link-local addresses]:IPv4/IPv6: " "($help)*"{-l=,--label=}"[Container metadata]:label: " "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers" "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_complete_log_options" @@ -1142,8 +1142,8 @@ __docker_network_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*--alias=[Add network-scoped alias for the container]:alias: " \ - "($help)--ip=[Container IPv4 address]:IPv4: " \ - "($help)--ip6=[Container IPv6 address]:IPv6: " \ + "($help)--ip=[IPv4 address]:IPv4: " \ + "($help)--ip6=[IPv6 address]:IPv6: " \ "($help)*--link=[Add a link to another container]:link:->link" \ "($help)*--link-local-ip=[Add a link-local address for the container]:IPv4/IPv6: " \ "($help -)1:network:__docker_complete_networks" \ diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 0218af3a76..439e75fac9 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -66,8 +66,8 @@ Options: -i, --interactive Keep STDIN open even if not attached --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) --io-maxiops uint Maximum IOps limit for the system drive (Windows only) - --ip string Container IPv4 address (e.g. 172.30.100.104) - --ip6 string Container IPv6 address (e.g. 2001:db8::33) + --ip string IPv4 address (e.g., 172.30.100.104) + --ip6 string IPv6 address (e.g., 2001:db8::33) --ipc string IPC namespace to use --isolation string Container isolation technology --kernel-memory string Kernel memory limit @@ -77,7 +77,7 @@ Options: --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) --log-driver string Logging driver for the container --log-opt value Log driver options (default []) - --mac-address string Container MAC address (e.g. 92:d0:c6:0a:29:33) + --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) -m, --memory string Memory limit --memory-reservation string Memory soft limit --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index 52459a5d5f..1c8548a4f9 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -23,8 +23,8 @@ Connect a container to a network Options: --alias value Add network-scoped alias for the container (default []) --help Print usage - --ip string IP Address - --ip6 string IPv6 Address + --ip string IPv4 address (e.g., 172.30.100.104) + --ip6 string IPv6 address (e.g., 2001:db8::33) --link value Add link to another container (default []) --link-local-ip value Add a link-local address for the container (default []) ``` diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index d92533c86a..d1f12a90ee 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -76,8 +76,8 @@ Options: the system uses bytes per second. --io-maxbandwidth and --io-maxiops are mutually exclusive options. --io-maxiops uint Maximum IOps limit for the system drive (Windows only) - --ip string Container IPv4 address (e.g. 172.30.100.104) - --ip6 string Container IPv6 address (e.g. 2001:db8::33) + --ip string IPv4 address (e.g., 172.30.100.104) + --ip6 string IPv6 address (e.g., 2001:db8::33) --ipc string IPC namespace to use --isolation string Container isolation technology --kernel-memory string Kernel memory limit @@ -87,7 +87,7 @@ Options: --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) --log-driver string Logging driver for the container --log-opt value Log driver options (default []) - --mac-address string Container MAC address (e.g. 92:d0:c6:0a:29:33) + --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) -m, --memory string Memory limit --memory-reservation string Memory soft limit --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap diff --git a/man/docker-run.1.md b/man/docker-run.1.md index be3df0be35..fe671e54aa 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -317,12 +317,12 @@ redirection on the host system. When set to true, keep stdin open even if not attached. The default is false. **--ip**="" - Sets the container's interface IPv4 address (e.g. 172.23.0.9) + Sets the container's interface IPv4 address (e.g., 172.23.0.9) It can only be used in conjunction with **--network** for user-defined networks **--ip6**="" - Sets the container's interface IPv6 address (e.g. 2001:db8::1b99) + Sets the container's interface IPv6 address (e.g., 2001:db8::1b99) It can only be used in conjunction with **--network** for user-defined networks @@ -401,7 +401,7 @@ the value of --memory. unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. **--mac-address**="" - Container MAC address (e.g. 92:d0:c6:0a:29:33) + Container MAC address (e.g., 92:d0:c6:0a:29:33) Remember that the MAC address in an Ethernet network must be unique. The IPv6 link-local address will be based on the device's MAC address From 70d63dce63aa681fb3e377e36f35844a6b3f26ae Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Mon, 9 Jan 2017 20:14:48 +0800 Subject: [PATCH 2226/2538] Fix incorrect alias and URL Signed-off-by: yuexiao-wang --- man/src/login.md | 2 +- man/src/unpause.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/src/login.md b/man/src/login.md index 2f83276e45..4d60882f5f 100644 --- a/man/src/login.md +++ b/man/src/login.md @@ -6,7 +6,7 @@ do not specify a `SERVER`, the command uses Docker's public registry located at `docker login` requires user to use `sudo` or be `root`, except when: 1. connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`. -2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/engine/articles/security/#docker-daemon-attack-surface) for details. +2. user is added to the `docker` group. This will impact the security of your system; the `docker` group is `root` equivalent. See [Docker Daemon Attack Surface](https://docs.docker.com/engine/security/security/#/docker-daemon-attack-surface) for details. You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in diff --git a/man/src/unpause.md b/man/src/unpause.md index 8779d0601b..df538e135b 100644 --- a/man/src/unpause.md +++ b/man/src/unpause.md @@ -1 +1 @@ -Alias for `docker container pause`. +Alias for `docker container unpause`. From 1f494501f2a259831f5adb03fbc459d750e006aa Mon Sep 17 00:00:00 2001 From: allencloud Date: Wed, 4 Jan 2017 14:43:29 +0800 Subject: [PATCH 2227/2538] fix volume ls filter driver Signed-off-by: allencloud --- docs/reference/commandline/volume_ls.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 90ecef2abe..8d012f1379 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -76,9 +76,9 @@ local rosemary ### driver -The `driver` filter matches on all or part of a volume's driver name. +The `driver` filter matches volumes based on their driver. -The following filter matches all volumes with a driver name containing the `local` string. +The following example matches volumes that are created with the `local` driver: ```bash $ docker volume ls -f driver=local From 915a5a3c5703025cf9f4c6e1659457203d1c2e87 Mon Sep 17 00:00:00 2001 From: ttronicum Date: Sun, 25 Dec 2016 05:13:53 +0100 Subject: [PATCH 2228/2538] explain since format and give examples Signed-off-by: tronicum --- docs/reference/commandline/logs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index 891e10b55c..6d42929fbb 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -24,8 +24,8 @@ Options: --details Show extra details provided to logs -f, --follow Follow log output --help Print usage - --since string Show logs since timestamp - --tail string Number of lines to show from the end of the logs (default "all") + --since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) + --tail string Number of lines to show from the end of the logs (default "all") -t, --timestamps Show timestamps ``` From fdd6879b68d2587d1c88282a9b5e2da6566af25d Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 7 Dec 2016 14:02:13 -0800 Subject: [PATCH 2229/2538] Add `--filter until=` for `docker container/image prune` This fix is a follow up for comment https://github.com/docker/docker/pull/28535#issuecomment-263215225 This fix provides `--filter until=` for `docker container/image prune`. This fix adds `--filter until=` to `docker container/image prune` so that it is possible to specify a timestamp and prune those containers/images that are earlier than the timestamp. Related docs has been updated Several integration tests have been added to cover changes. This fix fixes #28497. This fix is related to #28535. Signed-off-by: Yong Tang --- docs/reference/commandline/container_prune.md | 63 ++++++++++++- docs/reference/commandline/image_prune.md | 88 ++++++++++++++++++- docs/reference/commandline/network_prune.md | 50 ++++++++++- docs/reference/commandline/system_prune.md | 28 +++++- 4 files changed, 219 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/container_prune.md b/docs/reference/commandline/container_prune.md index 43156406ec..f50e75f7a3 100644 --- a/docs/reference/commandline/container_prune.md +++ b/docs/reference/commandline/container_prune.md @@ -21,8 +21,10 @@ Usage: docker container prune [OPTIONS] Remove all stopped containers Options: - -f, --force Do not prompt for confirmation - --help Print usage +Options: + --filter filter Provide filter values (e.g. 'until=') + -f, --force Do not prompt for confirmation + --help Print usage ``` ## Examples @@ -38,6 +40,63 @@ f98f9c2aa1eaf727e4ec9c0283bc7d4aa4762fbdba7f26191f26c97f64090360 Total reclaimed space: 212 B ``` +## Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* until (``) - only remove containers created before given timestamp + +The `until` filter can be Unix timestamps, date formatted +timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed +relative to the daemon machine’s time. Supported formats for date +formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, +`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local +timezone on the daemon will be used if you do not provide either a `Z` or a +`+-00:00` timezone offset at the end of the timestamp. When providing Unix +timestamps enter seconds[.nanoseconds], where seconds is the number of seconds +that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap +seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a +fraction of a second no more than nine digits long. + +The following removes containers created more than 5 minutes ago: +```bash +$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' +CONTAINER ID IMAGE COMMAND CREATED AT STATUS +61b9efa71024 busybox "sh" 2017-01-04 13:23:33 -0800 PST Exited (0) 41 seconds ago +53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 12 minutes ago + +$ docker container prune --force --filter "until=5m" +Deleted Containers: +53a9bc23a5168b6caa2bfbefddf1b30f93c7ad57f3dec271fd32707497cb9369 + +Total reclaimed space: 25 B + +$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' +CONTAINER ID IMAGE COMMAND CREATED AT STATUS +61b9efa71024 busybox "sh" 2017-01-04 13:23:33 -0800 PST Exited (0) 44 seconds ago +``` + +The following removes containers created before `2017-01-04T13:10:00`: +```bash +$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' +CONTAINER ID IMAGE COMMAND CREATED AT STATUS +53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 7 minutes ago +4a75091a6d61 busybox "sh" 2017-01-04 13:09:53 -0800 PST Exited (0) 9 minutes ago + +$ docker container prune --force --filter "until=2017-01-04T13:10:00" +Deleted Containers: +4a75091a6d618526fcd8b33ccd6e5928ca2a64415466f768a6180004b0c72c6c + +Total reclaimed space: 27 B + +$ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' +CONTAINER ID IMAGE COMMAND CREATED AT STATUS +53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 9 minutes ago +``` + ## Related information * [system df](system_df.md) diff --git a/docs/reference/commandline/image_prune.md b/docs/reference/commandline/image_prune.md index a80b8d38c8..e6450d3c5c 100644 --- a/docs/reference/commandline/image_prune.md +++ b/docs/reference/commandline/image_prune.md @@ -21,9 +21,10 @@ Usage: docker image prune [OPTIONS] Remove unused images Options: - -a, --all Remove all unused images, not just dangling ones - -f, --force Do not prompt for confirmation - --help Print usage + -a, --all Remove all unused images, not just dangling ones + --filter filter Provide filter values (e.g. 'until=') + -f, --force Do not prompt for confirmation + --help Print usage ``` Remove all dangling images. If `-a` is specified, will also remove all images not referenced by any container. @@ -62,6 +63,87 @@ deleted: sha256:2c675ee9ed53425e31a13e3390bf3f539bf8637000e4bcfbb85ee03ef4d910a1 Total reclaimed space: 16.43 MB ``` +## Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* until (``) - only remove images created before given timestamp + +The `until` filter can be Unix timestamps, date formatted +timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed +relative to the daemon machine’s time. Supported formats for date +formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, +`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local +timezone on the daemon will be used if you do not provide either a `Z` or a +`+-00:00` timezone offset at the end of the timestamp. When providing Unix +timestamps enter seconds[.nanoseconds], where seconds is the number of seconds +that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap +seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a +fraction of a second no more than nine digits long. + +The following removes images created before `2017-01-04T00:00:00`: +```bash +$ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}' +REPOSITORY TAG IMAGE ID CREATED AT SIZE +foo latest 2f287ac753da 2017-01-04 13:42:23 -0800 PST 3.98 MB +alpine latest 88e169ea8f46 2016-12-27 10:17:25 -0800 PST 3.98 MB +busybox latest e02e811dd08f 2016-10-07 14:03:58 -0700 PDT 1.09 MB + +$ docker image prune -a --force --filter "until=2017-01-04T00:00:00" +Deleted Images: +untagged: alpine:latest +untagged: alpine@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 +untagged: busybox:latest +untagged: busybox@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 +deleted: sha256:e02e811dd08fd49e7f6032625495118e63f597eb150403d02e3238af1df240ba +deleted: sha256:e88b3f82283bc59d5e0df427c824e9f95557e661fcb0ea15fb0fb6f97760f9d9 + +Total reclaimed space: 1.093 MB + +$ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}' +REPOSITORY TAG IMAGE ID CREATED AT SIZE +foo latest 2f287ac753da 2017-01-04 13:42:23 -0800 PST 3.98 MB +``` + +The following removes images created more than 10 days (`240h`) ago: +```bash +$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +foo latest 2f287ac753da 14 seconds ago 3.98 MB +alpine latest 88e169ea8f46 8 days ago 3.98 MB +debian jessie 7b0a06c805e8 2 months ago 123 MB +busybox latest e02e811dd08f 2 months ago 1.09 MB +golang 1.7.0 138c2e655421 4 months ago 670 MB + +$ docker image prune -a --force --filter "until=240h" +Deleted Images: +untagged: golang:1.7.0 +untagged: golang@sha256:6765038c2b8f407fd6e3ecea043b44580c229ccfa2a13f6d85866cf2b4a9628e +deleted: sha256:138c2e6554219de65614d88c15521bfb2da674cbb0bf840de161f89ff4264b96 +deleted: sha256:ec353c2e1a673f456c4b78906d0d77f9d9456cfb5229b78c6a960bfb7496b76a +deleted: sha256:fe22765feaf3907526b4921c73ea6643ff9e334497c9b7e177972cf22f68ee93 +deleted: sha256:ff845959c80148421a5c3ae11cc0e6c115f950c89bc949646be55ed18d6a2912 +deleted: sha256:a4320831346648c03db64149eafc83092e2b34ab50ca6e8c13112388f25899a7 +deleted: sha256:4c76020202ee1d9709e703b7c6de367b325139e74eebd6b55b30a63c196abaf3 +deleted: sha256:d7afd92fb07236c8a2045715a86b7d5f0066cef025018cd3ca9a45498c51d1d6 +deleted: sha256:9e63c5bce4585dd7038d830a1f1f4e44cb1a1515b00e620ac718e934b484c938 +untagged: debian:jessie +untagged: debian@sha256:c1af755d300d0c65bb1194d24bce561d70c98a54fb5ce5b1693beb4f7988272f +deleted: sha256:7b0a06c805e8f23807fb8856621c60851727e85c7bcb751012c813f122734c8d +deleted: sha256:f96222d75c5563900bc4dd852179b720a0885de8f7a0619ba0ac76e92542bbc8 + +Total reclaimed space: 792.6 MB + +$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +foo latest 2f287ac753da About a minute ago 3.98 MB +alpine latest 88e169ea8f46 8 days ago 3.98 MB +busybox latest e02e811dd08f 2 months ago 1.09 MB +``` + ## Related information * [system df](system_df.md) diff --git a/docs/reference/commandline/network_prune.md b/docs/reference/commandline/network_prune.md index 5b65465600..a3878c2977 100644 --- a/docs/reference/commandline/network_prune.md +++ b/docs/reference/commandline/network_prune.md @@ -12,8 +12,9 @@ Usage: docker network prune [OPTIONS] Remove all unused networks Options: - -f, --force Do not prompt for confirmation - --help Print usage + --filter filter Provide filter values (e.g. 'until=') + -f, --force Do not prompt for confirmation + --help Print usage ``` Remove all unused networks. Unused networks are those which are not referenced by any containers. @@ -29,6 +30,51 @@ n1 n2 ``` +## Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* until (``) - only remove networks created before given timestamp + +The `until` filter can be Unix timestamps, date formatted +timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed +relative to the daemon machine’s time. Supported formats for date +formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, +`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local +timezone on the daemon will be used if you do not provide either a `Z` or a +`+-00:00` timezone offset at the end of the timestamp. When providing Unix +timestamps enter seconds[.nanoseconds], where seconds is the number of seconds +that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap +seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a +fraction of a second no more than nine digits long. + +The following removes networks created more than 5 minutes ago. Note that +system networks such as `bridge`, `host`, and `none` will never be pruned: + +```bash +$ docker network ls +NETWORK ID NAME DRIVER SCOPE +7430df902d7a bridge bridge local +ea92373fd499 foo-1-day-ago bridge local +ab53663ed3c7 foo-1-min-ago bridge local +97b91972bc3b host host local +f949d337b1f5 none null local + +$ docker network prune --force --filter until=5m +Deleted Networks: +foo-1-day-ago + +$ docker network ls +NETWORK ID NAME DRIVER SCOPE +7430df902d7a bridge bridge local +ab53663ed3c7 foo-1-min-ago bridge local +97b91972bc3b host host local +f949d337b1f5 none null local +``` + ## Related information * [network disconnect ](network_disconnect.md) diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index 46f8c4364a..b6764a779f 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -21,9 +21,10 @@ Usage: docker system prune [OPTIONS] Delete unused data Options: - -a, --all Remove all unused data not just dangling ones - -f, --force Do not prompt for confirmation - --help Print usage + -a, --all Remove all unused images not just dangling ones + --filter filter Provide filter values (e.g. 'until=') + -f, --force Do not prompt for confirmation + --help Print usage ``` Remove all unused containers, volumes, networks and images (both dangling and unreferenced). @@ -64,6 +65,27 @@ deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548 Total reclaimed space: 13.5 MB ``` +## Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* until (``) - only remove containers, images, and networks created before given timestamp + +The `until` filter can be Unix timestamps, date formatted +timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed +relative to the daemon machine’s time. Supported formats for date +formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, +`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local +timezone on the daemon will be used if you do not provide either a `Z` or a +`+-00:00` timezone offset at the end of the timestamp. When providing Unix +timestamps enter seconds[.nanoseconds], where seconds is the number of seconds +that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap +seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a +fraction of a second no more than nine digits long. + ## Related information * [volume create](volume_create.md) From 20954b356b0baff782aea16b031dad4a0a3658b9 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 6 Jan 2017 12:06:02 -0800 Subject: [PATCH 2230/2538] remove -f on secret create and unify usage with other commands Signed-off-by: Victor Vieux --- docs/reference/commandline/secret_create.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md index d63083b3e6..aebcebbcdd 100644 --- a/docs/reference/commandline/secret_create.md +++ b/docs/reference/commandline/secret_create.md @@ -16,12 +16,11 @@ keywords: ["secret, create"] # secret create ```Markdown -Usage: docker secret create [OPTIONS] SECRET +Usage: docker secret create [OPTIONS] SECRET file|- Create a secret from a file or STDIN as content Options: - -f, --file string Read from a file or STDIN ('-') --help Print usage -l, --label list Secret labels (default []) ``` @@ -34,7 +33,7 @@ command on a manager node. ### Create a secret ```bash -$ echo | docker secret create -f - my_secret +$ echo | docker secret create my_secret - mhv17xfe3gh6xc4rij5orpfds $ docker secret ls @@ -45,7 +44,7 @@ mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.90918108 ### Create a secret with a file ```bash -$ docker secret create -f secret.json my_secret +$ docker secret create my_secret ./secret.json mhv17xfe3gh6xc4rij5orpfds $ docker secret ls @@ -56,7 +55,7 @@ mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.90918108 ### Create a secret with labels ```bash -$ docker secret create -f secret.json --label env=dev --label rev=20161102 my_secret +$ docker secret create --label env=dev --label rev=20161102 my_secret ./secret.json jtn7g6aukl5ky7nr9gvwafoxh $ docker secret inspect my_secret From 3988259bcb4adcf119714514b913d42475d358f3 Mon Sep 17 00:00:00 2001 From: Dong Chen Date: Thu, 5 Jan 2017 11:21:22 -0800 Subject: [PATCH 2231/2538] add port PublishMode to service inspect --pretty output Signed-off-by: Dong Chen --- docs/reference/commandline/service_inspect.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 8b4ab62d89..413ae99c29 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -125,15 +125,18 @@ Service Mode: REPLICATED Placement: UpdateConfig: Parallelism: 0 + On failure: pause + Max failure ratio: 0 ContainerSpec: Image: nginx:alpine Resources: +Networks: net1 Endpoint Mode: vip Ports: - Name = - Protocol = tcp - TargetPort = 443 PublishedPort = 4443 + Protocol = tcp + TargetPort = 443 + PublishMode = ingress ``` You can also use `--format pretty` for the same effect. From 8c3f18ca6d501116f3d7fa9d33d4a007f2ad2e49 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Tue, 10 Jan 2017 11:00:57 -0800 Subject: [PATCH 2232/2538] plugins: rename DeviceCreation to AllowAllDevices Signed-off-by: Tibor Vass --- docs/extend/config.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/extend/config.md b/docs/extend/config.md index 538dc6ac47..b98be592a0 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -153,6 +153,10 @@ Config provides the base accessible fields for working with V0 plugin format capabilities of the plugin (*Linux only*), see list [`here`](https://github.com/opencontainers/runc/blob/master/libcontainer/SPEC.md#security) + - **`allowAllDevices`** *boolean* + + If `/dev` is bind mounted from the host, and allowAllDevices is set to true, the plugin will have `rwm` access to all devices on the host. + - **`devices`** *PluginDevice array* device of the plugin, (*Linux only*), struct consisting of the following fields, see [`DEVICES`](https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#devices) @@ -205,7 +209,7 @@ Config provides the base accessible fields for working with V0 plugin format }, "Linux": { "Capabilities": null, - "DeviceCreation": false, + "AllowAllDevices": false, "Devices": null }, "Mounts": null, From f4d26add250988f2489d66b2feb3e41a98571ff9 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 21 Dec 2016 18:06:16 -0800 Subject: [PATCH 2233/2538] Allow swarm join with `--availability=drain` This fix tries to address the issue raised in 24596 where it was not possible to join as manager only (`--availability=drain`). This fix adds a new flag `--availability` to `swarm join`. Related documentation has been updated. An integration test has been added. NOTE: Additional pull request for swarmkit and engine-api will be created separately. This fix fixes 24596. Signed-off-by: Yong Tang --- docs/reference/commandline/swarm_join.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 0e6dadb6cb..06bba1f41d 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -22,6 +22,7 @@ Join a swarm as a node and/or manager Options: --advertise-addr string Advertised address (format: [:port]) + --availability string Availability of the node (active/pause/drain) (default "active") --help Print usage --listen-addr node-addr Listen address (format: [:port]) (default 0.0.0.0:2377) --token string Token for entry into the swarm @@ -94,6 +95,15 @@ This flag is generally not necessary when joining an existing swarm. Secret value required for nodes to join the swarm +### `--availability` + +This flag specifies the availability of the node at the time the node joins a master. +Possible availability values are `active`, `pause`, or `drain`. + +This flag is useful in certain situations. For example, a cluster may want to have +dedicated manager nodes that are not served as worker nodes. This could be achieved +by passing `--availability=drain` to `docker swarm join`. + ## Related information From 4a16aa2ece8b89f89882396e8dfdf19224658efd Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 21 Dec 2016 18:13:31 -0800 Subject: [PATCH 2234/2538] Allow swarm init with `--availability=drain` This fix adds a new flag `--availability` to `swarm join`. Related documentation has been updated. An integration test has been added. Signed-off-by: Yong Tang --- docs/reference/commandline/swarm_init.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 748454c638..2f39316181 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -23,6 +23,7 @@ Initialize a swarm Options: --advertise-addr string Advertised address (format: [:port]) --autolock Enable manager autolocking (requiring an unlock key to start a stopped manager) + --availability string Availability of the node (active/pause/drain) (default "active") --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) --external-ca external-ca Specifications of one or more certificate signing endpoints @@ -133,6 +134,16 @@ Snapshots compact the Raft log and allow for more efficient transfer of the state to new managers. However, there is a performance cost to taking snapshots frequently. +### `--availability` + +This flag specifies the availability of the node at the time the node joins a master. +Possible availability values are `active`, `pause`, or `drain`. + +This flag is useful in certain situations. For example, a cluster may want to have +dedicated manager nodes that are not served as worker nodes. This could be achieved +by passing `--availability=drain` to `docker swarm init`. + + ## Related information * [swarm join](swarm_join.md) From 3b59097abd10a81e3567aa785771f66f8a1ddef0 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 11 Jan 2017 10:30:56 -0800 Subject: [PATCH 2235/2538] Add bash completion for `swarm join --availability` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f34e2dfb2a..776a05d408 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2963,6 +2963,10 @@ _docker_swarm_join() { fi return ;; + --availability) + COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) ) + return + ;; --token) return ;; @@ -2970,7 +2974,7 @@ _docker_swarm_join() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--advertise-addr --help --listen-addr --token" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--advertise-addr --availability --help --listen-addr --token" -- "$cur" ) ) ;; *:) COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) From 4db608f18693e5580f191aeb7e669cdb532540ea Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Fri, 13 Jan 2017 13:54:44 +0000 Subject: [PATCH 2236/2538] Clarify `cp` documentation behaviour with trailing "/." Issue #30082 demonstrated that their is possible confusion with the "/." where the tailing "." can appear to be merely punctuation within the document rather than a highly pertinent part of `SRC_PATH`. Signed-off-by: Ian Campbell --- docs/reference/commandline/cp.md | 4 ++-- man/src/container/cp.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index fcfd35fce1..e990af6163 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -75,9 +75,9 @@ argument of `DEST_PATH`, the behavior is as follows: - `DEST_PATH` exists and is a file - Error condition: cannot copy a directory to a file - `DEST_PATH` exists and is a directory - - `SRC_PATH` does not end with `/.` + - `SRC_PATH` does not end with `/.` (that is: _slash_ followed by _dot_) - the source directory is copied into this directory - - `SRC_PATH` does end with `/.` + - `SRC_PATH` does end with `/.` (that is: _slash_ followed by _dot_) - the *content* of the source directory is copied into this directory diff --git a/man/src/container/cp.md b/man/src/container/cp.md index 29b3c0ef2e..557e76de95 100644 --- a/man/src/container/cp.md +++ b/man/src/container/cp.md @@ -42,9 +42,9 @@ argument of `DEST_PATH`, the behavior is as follows: - `DEST_PATH` exists and is a file - Error condition: cannot copy a directory to a file - `DEST_PATH` exists and is a directory - - `SRC_PATH` does not end with `/.` + - `SRC_PATH` does not end with `/.` (that is: _slash_ followed by _dot_) - the source directory is copied into this directory - - `SRC_PATH` does end with `/.` + - `SRC_PATH` does end with `/.` (that is: _slash_ followed by _dot_) - the *content* of the source directory is copied into this directory From aa4b0f065b7a0d014d8a27fa24b2abd11fa6b3c5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 13 Jan 2017 15:43:52 +0100 Subject: [PATCH 2237/2538] Honour $DOCKER_HIDE_LEGACY_COMMANDS in bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 43 ++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 776a05d408..b1f3d53a18 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3966,11 +3966,30 @@ _docker() { local previous_extglob_setting=$(shopt -p extglob) shopt -s extglob - local commands=( - attach - build - commit + local management_commands=( container + image + network + node + plugin + secret + service + stack + system + volume + ) + + local top_level_commands=( + build + login + logout + run + search + version + ) + + local legacy_commands=( + commit cp create diff @@ -3978,20 +3997,14 @@ _docker() { exec export history - image images import info inspect kill load - login - logout logs - network - node pause - plugin port ps pull @@ -4000,23 +4013,15 @@ _docker() { restart rm rmi - run save - search - secret - service - stack start stats stop swarm - system tag top unpause update - version - volume wait ) @@ -4024,6 +4029,8 @@ _docker() { deploy ) + local commands=(${management_commands[*]} ${top_level_commands[*]} ${DOCKER_HIDE_LEGACY_COMMANDS:+${legacy_commands[*]}}) + # These options are valid as global options for all client commands # and valid as command options for `docker daemon` local global_boolean_options=" From ad4e1a9c61a48780ed5645c3deb9466cea983b0e Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 13 Jan 2017 11:56:50 +0100 Subject: [PATCH 2238/2538] Add bash completion for `plugin install --disable-content-trust` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b1f3d53a18..3d1beeed23 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3286,7 +3286,7 @@ _docker_plugin_install() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--alias --disable --grant-all-permissions --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--alias --disable --disable-content-trust=false --grant-all-permissions --help" -- "$cur" ) ) ;; esac } From cce9425a7411d8a65ffc8b4af1b5d2eae6156ebd Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sat, 14 Jan 2017 04:48:41 -0800 Subject: [PATCH 2239/2538] Fix treatment of DOCKER_HIDE_LEGACY_COMMANDS in bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 3d1beeed23..4dc4e53206 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -4029,7 +4029,8 @@ _docker() { deploy ) - local commands=(${management_commands[*]} ${top_level_commands[*]} ${DOCKER_HIDE_LEGACY_COMMANDS:+${legacy_commands[*]}}) + local commands=(${management_commands[*]} ${top_level_commands[*]}) + [ -z "$DOCKER_HIDE_LEGACY_COMMANDS" ] && commands+=(${legacy_commands[*]}) # These options are valid as global options for all client commands # and valid as command options for `docker daemon` From 347c066e0dff687c9c1c6cd509e495f0ec34c015 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 16 Jan 2017 10:47:52 +0100 Subject: [PATCH 2240/2538] Add bash completion for `container|image|network prune --filter until` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 40 ++++++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 4dc4e53206..3b210d8aa9 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1234,9 +1234,17 @@ _docker_container_port() { } _docker_container_prune() { + case "$prev" in + --filter) + COMPREPLY=( $( compgen -W "until" -S = -- "$cur" ) ) + __docker_nospace + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force -f --filter --help" -- "$cur" ) ) ;; esac } @@ -2170,9 +2178,17 @@ _docker_image_ls() { } _docker_image_prune() { + case "$prev" in + --filter) + COMPREPLY=( $( compgen -W "until" -S = -- "$cur" ) ) + __docker_nospace + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --force -f --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --force -f --filter --help" -- "$cur" ) ) ;; esac } @@ -2532,9 +2548,17 @@ _docker_network_ls() { } _docker_network_prune() { + case "$prev" in + --filter) + COMPREPLY=( $( compgen -W "until" -S = -- "$cur" ) ) + __docker_nospace + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--force -f --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--force -f --filter --help" -- "$cur" ) ) ;; esac } @@ -3811,9 +3835,17 @@ _docker_system_info() { } _docker_system_prune() { + case "$prev" in + --filter) + COMPREPLY=( $( compgen -W "until" -S = -- "$cur" ) ) + __docker_nospace + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --force -f --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --force -f --filter --help" -- "$cur" ) ) ;; esac } From f58ef83a2c7a3cbd77f56ed6a45c53be3f891b97 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 17 Jan 2017 08:52:18 +0100 Subject: [PATCH 2241/2538] Add bash completion for `build --squash` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 3b210d8aa9..7cecfc1a38 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2012,6 +2012,7 @@ _docker_image_build() { --quiet -q --rm " + __docker_is_experimental && boolean_options+="--squash" local all_options="$options_with_args $boolean_options" From b6aba941443585b83ede6f6ef515bc8923c3c5fc Mon Sep 17 00:00:00 2001 From: Yanqiang Miao Date: Thu, 12 Jan 2017 20:10:23 +0800 Subject: [PATCH 2242/2538] Complete the options for 'docker plugin install' Signed-off-by: Yanqiang Miao --- docs/reference/commandline/plugin_install.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 78dd23825f..b94f78a912 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -23,6 +23,7 @@ Install a plugin Options: --alias string Local name for plugin --disable Do not enable the plugin on install + --disable-content-trust Skip image verification (default true) --grant-all-permissions Grant all permissions necessary to run the plugin --help Print usage ``` From 8c24f5d5e7a2f9f1312647b535c43d22c58be209 Mon Sep 17 00:00:00 2001 From: John Howard Date: Thu, 5 Jan 2017 15:35:24 -0800 Subject: [PATCH 2243/2538] Update run.md ENV docs Signed-off-by: John Howard --- docs/reference/run.md | 62 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 50 insertions(+), 12 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index e0b233752f..8e7153a5f1 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1385,30 +1385,68 @@ it will provide a named alias for the container being linked to. ### ENV (environment variables) -When a new container is created, Docker will set the following environment -variables automatically: +Docker automatically sets some environment variables when creating a Linux +container. Docker does not set any environment variables when creating a Windows +container. + +The following environment variables are set for Linux containers: | Variable | Value | | -------- | ----- | | `HOME` | Set based on the value of `USER` | | `HOSTNAME` | The hostname associated with the container | -| `PATH` | Includes popular directories, such as `:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin` | +| `PATH` | Includes popular directories, such as `/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin` | | `TERM` | `xterm` if the container is allocated a pseudo-TTY | + Additionally, the operator can **set any environment variable** in the container by using one or more `-e` flags, even overriding those mentioned above, or already defined by the developer with a Dockerfile `ENV`: - $ docker run -e "deep=purple" --rm ubuntu /bin/bash -c export - declare -x HOME="/" - declare -x HOSTNAME="85bc26a0e200" - declare -x OLDPWD - declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - declare -x PWD="/" - declare -x SHLVL="1" - declare -x deep="purple" +```bash +$ docker run -e "deep=purple" --rm alpine env +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +HOSTNAME=d2219b854598 +deep=purple +HOME=/root +``` -Similarly the operator can set the **hostname** with `-h`. +```PowerShell +PS C:\> docker run --rm -e "foo=bar" microsoft/nanoserver cmd /s /c set +ALLUSERSPROFILE=C:\ProgramData +APPDATA=C:\Users\ContainerAdministrator\AppData\Roaming +CommonProgramFiles=C:\Program Files\Common Files +CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files +CommonProgramW6432=C:\Program Files\Common Files +COMPUTERNAME=C2FAEFCC8253 +ComSpec=C:\Windows\system32\cmd.exe +foo=bar +LOCALAPPDATA=C:\Users\ContainerAdministrator\AppData\Local +NUMBER_OF_PROCESSORS=8 +OS=Windows_NT +Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\ContainerAdministrator\AppData\Local\Microsoft\WindowsApps +PATHEXT=.COM;.EXE;.BAT;.CMD +PROCESSOR_ARCHITECTURE=AMD64 +PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 62 Stepping 4, GenuineIntel +PROCESSOR_LEVEL=6 +PROCESSOR_REVISION=3e04 +ProgramData=C:\ProgramData +ProgramFiles=C:\Program Files +ProgramFiles(x86)=C:\Program Files (x86) +ProgramW6432=C:\Program Files +PROMPT=$P$G +PUBLIC=C:\Users\Public +SystemDrive=C: +SystemRoot=C:\Windows +TEMP=C:\Users\ContainerAdministrator\AppData\Local\Temp +TMP=C:\Users\ContainerAdministrator\AppData\Local\Temp +USERDOMAIN=User Manager +USERNAME=ContainerAdministrator +USERPROFILE=C:\Users\ContainerAdministrator +windir=C:\Windows +``` + +Similarly the operator can set the **HOSTNAME** (Linux) or **COMPUTERNAME** (Windows) with `-h`. ### HEALTHCHECK From 0e8ea8a2b65c4bf43ffd5bc10d568ca0838a28a3 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 19 Jan 2017 08:22:06 +0100 Subject: [PATCH 2244/2538] Add bash completion for `dockerd --init` and `docker run|create --init` Fixes #30263 Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7cecfc1a38..d72f4e00d4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1380,6 +1380,7 @@ _docker_container_run() { local boolean_options=" --disable-content-trust=false --help + --init --interactive -i --oom-kill-disable --privileged @@ -1736,6 +1737,7 @@ _docker_daemon() { --experimental --help --icc=false + --init --ip-forward=false --ip-masq=false --iptables=false From b5758e62deecdbf52cad4b22d8c7e3917603cf0f Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Thu, 19 Jan 2017 15:29:28 +0800 Subject: [PATCH 2245/2538] Fix some typos Signed-off-by: Zhang Wei --- docs/extend/plugins_graphdriver.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugins_graphdriver.md b/docs/extend/plugins_graphdriver.md index fdcb34d7b6..e30632692f 100644 --- a/docs/extend/plugins_graphdriver.md +++ b/docs/extend/plugins_graphdriver.md @@ -33,7 +33,7 @@ of steps. ``` $ docker plugin install cpuguy83/docker-overlay2-graphdriver-plugin # this command also enables the driver - + $ pkill dockerd $ dockerd --experimental -s cpuguy83/docker-overlay2-graphdriver-plugin ``` From 8cd8ceedf61b340c56dcf4eca9263ead778f1425 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 20 Jan 2017 15:46:50 +0100 Subject: [PATCH 2246/2538] Add zsh completion for 'docker {container,image,network,system} prune --filter' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2b7e822e36..a170ad1d52 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -474,6 +474,26 @@ __docker_complete_events_filter() { return ret } +__docker_complete_prune_filters() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + declare -a opts + + opts=('until') + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + *) + _message 'value' && ret=0 + ;; + esac + else + _describe -t filter-opts "filter options" opts -qS "=" && ret=0 + fi + + return ret +} + # BO container __docker_container_commands() { @@ -731,6 +751,7 @@ __docker_container_subcommand() { (prune) _arguments $(__docker_arguments) \ $opts_help \ + "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \ "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 ;; (rename) @@ -977,6 +998,7 @@ __docker_image_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Remove all unused images, not just dangling ones]" \ + "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \ "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 ;; (pull) @@ -1204,6 +1226,7 @@ __docker_network_subcommand() { (prune) _arguments $(__docker_arguments) \ $opts_help \ + "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \ "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 ;; (rm) @@ -2142,6 +2165,7 @@ __docker_system_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Remove all unused data, not just dangling ones]" \ + "($help)*--filter=[Filter values]:filter:__docker_complete_prune_filters" \ "($help -f --force)"{-f,--force}"[Do not prompt for confirmation]" && ret=0 ;; (help) From ad214d7a79189e92c373ad77be75966d209f62ba Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 19 Jan 2017 16:54:36 +0100 Subject: [PATCH 2247/2538] Add zsh completion for 'docker swarm --availability' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a170ad1d52..f3fd6ea878 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1611,7 +1611,7 @@ __docker_secret_subcommand() { case "$words[1]" in (create) - _arguments $(__docker_arguments) \ + _arguments $(__docker_arguments) -A '-*' \ $opts_help \ "($help)*"{-l=,--label=}"[Secret labels]:label: " \ "($help -):secret: " && ret=0 @@ -2083,9 +2083,10 @@ __docker_swarm_subcommand() { "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0 ;; (join) - _arguments $(__docker_arguments) \ + _arguments $(__docker_arguments) -A '-*' \ $opts_help \ - "($help)--advertise-addr[Advertised address]:ip\:port: " \ + "($help)--advertise-addr=[Advertised address]:ip\:port: " \ + "($help)--availability=[Availability of the node]:availability:(active drain pause)" \ "($help)--listen-addr=[Listen address]:ip\:port: " \ "($help)--token=[Token for entry into the swarm]:secret: " \ "($help -):host\:port: " && ret=0 @@ -2516,14 +2517,14 @@ __docker_subcommand() { esac ;; (login) - _arguments $(__docker_arguments) \ + _arguments $(__docker_arguments) -A '-*' \ $opts_help \ "($help -p --password)"{-p=,--password=}"[Password]:password: " \ "($help -u --user)"{-u=,--user=}"[Username]:username: " \ "($help -)1:server: " && ret=0 ;; (logout) - _arguments $(__docker_arguments) \ + _arguments $(__docker_arguments) -A '-*' \ $opts_help \ "($help -)1:server: " && ret=0 ;; @@ -2587,7 +2588,7 @@ __docker_subcommand() { __docker_image_subcommand && ret=0 ;; (search) - _arguments $(__docker_arguments) \ + _arguments $(__docker_arguments) -A '-*' \ $opts_help \ "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ "($help)--limit=[Maximum returned search results]:limit:(1 5 10 25 50)" \ From dd05de1e6a7290a728489451df0c9158eaa2e8fe Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 20 Jan 2017 14:14:15 -0800 Subject: [PATCH 2248/2538] Merge pull request #30329 from johndmulhausen/patch-2 Fixing formatting errors in Run refdoc Signed-off-by: Misty Stanley-Jones --- docs/reference/builder.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index a95385f90f..988211932b 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1286,8 +1286,8 @@ to create the directory in the Dockerfile. For example: ARG [=] The `ARG` instruction defines a variable that users can pass at build-time to -the builder with the `docker build` command using the `--build-arg -=` flag. If a user specifies a build argument that was not +the builder with the `docker build` command using the `--build-arg =` +flag. If a user specifies a build argument that was not defined in the Dockerfile, the build outputs a warning. ``` @@ -1375,7 +1375,7 @@ useful interactions between `ARG` and `ENV` instructions: ``` Unlike an `ARG` instruction, `ENV` values are always persisted in the built -image. Consider a docker build without the --build-arg flag: +image. Consider a docker build without the `--build-arg` flag: ``` $ docker build Dockerfile @@ -1638,9 +1638,9 @@ The command invoked by docker will be: cmd /S /C powershell -command Execute-MyCmdlet -param1 "c:\foo.txt" - This is inefficient for two reasons. First, there is an un-necessary cmd.exe command - processor (aka shell) being invoked. Second, each `RUN` instruction in the *shell* - form requires an extra `powershell -command` prefixing the command. +This is inefficient for two reasons. First, there is an un-necessary cmd.exe command +processor (aka shell) being invoked. Second, each `RUN` instruction in the *shell* +form requires an extra `powershell -command` prefixing the command. To make this more efficient, one of two mechanisms can be employed. One is to use the JSON form of the RUN command such as: From e65d4d2907c669e522465616265cafecf40ab9a0 Mon Sep 17 00:00:00 2001 From: Michael Friis Date: Sun, 22 Jan 2017 10:46:04 -0800 Subject: [PATCH 2249/2538] remove indent from .dockerignore example Signed-off-by: Michael Friis --- docs/reference/builder.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 988211932b..4c9ae7fbaf 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -403,9 +403,9 @@ Here is an example `.dockerignore` file: ``` # comment - */temp* - */*/temp* - temp? +*/temp* +*/*/temp* +temp? ``` This file causes the following build behavior: From d36dd6541a0bd245e8984df0b6d72a016c160550 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 22 Nov 2016 16:23:21 -0800 Subject: [PATCH 2250/2538] Add `--format` flag for `docker plugin ls` This fix tries to address the enhancement discussed in 28735 to add `--format` for the output of `docker plugin ls`. This fix 1. Add `--format` and `--quiet` flags to `docker plugin ls` 2. Convert the current implementation to use `formatter`, consistent with other docker list commands. 3. Add `pluginsFormat` for config.json. Related docs has been updated. Several unit tests have been added to cover the changes. This fix is related to 28708 and 28735. Signed-off-by: Yong Tang --- docs/reference/commandline/cli.md | 7 ++++++ docs/reference/commandline/plugin_ls.md | 32 +++++++++++++++++++++++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 798fa5858d..30ae431bab 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -131,6 +131,12 @@ Docker's client uses this property. If this property is not set, the client falls back to the default table format. For a list of supported formatting directives, see the [**Formatting** section in the `docker images` documentation](images.md) +The property `pluginsFormat` specifies the default format for `docker plugin ls` output. +When the `--format` flag is not provided with the `docker plugin ls` command, +Docker's client uses this property. If this property is not set, the client +falls back to the default table format. For a list of supported formatting +directives, see the [**Formatting** section in the `docker plugin ls` documentation](plugin_ls.md) + The property `serviceInspectFormat` specifies the default format for `docker service inspect` output. When the `--format` flag is not provided with the `docker service inspect` command, Docker's client uses this property. If this @@ -186,6 +192,7 @@ Following is a sample `config.json` file: }, "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}", "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", + "pluginsFormat": "table {{.ID}}\t{{.Name}}\t{{.Enabled}}", "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}", "serviceInspectFormat": "pretty", "detachKeys": "ctrl-e,e", diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index e436213ecc..898b650d86 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -24,8 +24,10 @@ Aliases: ls, list Options: - --help Print usage - --no-trunc Don't truncate output + --format string Pretty-print plugins using a Go template + --help Print usage + --no-trunc Don't truncate output + -q, --quiet Only display plugin IDs ``` Lists all the plugins that are currently installed. You can install plugins @@ -40,6 +42,32 @@ ID NAME TAG DESCRIP 69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true ``` +## Formatting + +The formatting options (`--format`) pretty-prints plugins output +using a Go template. + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +---------------|------------------------------------------------------------------------------------------ +`.ID` | Plugin ID +`.Name` | Plugin name +`.Description` | Plugin description +`.Enabled` | Whether plugin is enabled or not + +When using the `--format` option, the `plugin ls` command will either +output the data exactly as the template declares or, when using the +`table` directive, includes column headers as well. + +The following example uses a template without headers and outputs the +`ID` and `Name` entries separated by a colon for all plugins: + +```bash +$ docker plugin ls --format "{{.ID}}: {{.Name}}" +4be01827a72e: tiborvass/no-remove +``` + ## Related information * [plugin create](plugin_create.md) From e41d3a22ce03afd55b54b8d5a44684661cdd4338 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Fri, 20 Jan 2017 11:55:16 -0800 Subject: [PATCH 2251/2538] Add bash completion for newly added options to "docker plugin ls" Signed-off-by: Anusha Ragunathan --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d72f4e00d4..a4085844a2 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3325,7 +3325,7 @@ _docker_plugin_list() { _docker_plugin_ls() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --no-trunc" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--help --no-trunc --format --quiet" -- "$cur" ) ) ;; esac } From f7efcbbaa13fdd0a3c2231e19d53440fa206f925 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Fri, 20 Jan 2017 16:06:22 +0100 Subject: [PATCH 2252/2538] Add zsh completion for 'dockerd --init' and 'docker {create,run} --init' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index f3fd6ea878..7abcd8f3ac 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -561,6 +561,7 @@ __docker_container_subcommand() { "($help)*--group=[Set one or more supplementary user groups for the container]:group:_groups" "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" + "($help)--init[Run an init inside the container that forwards signals and reaps processes]" \ "($help)--ip=[IPv4 address]:IPv4: " "($help)--ip6=[IPv6 address]:IPv6: " "($help)--ipc=[IPC namespace to use]:IPC namespace: " @@ -2395,6 +2396,7 @@ __docker_subcommand() { "($help -g --graph)"{-g=,--graph=}"[Root of the Docker runtime]:path:_directories" \ "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \ "($help)--icc[Enable inter-container communication]" \ + "($help)--init[Run an init inside containers to forward signals and reap processes]" \ "($help)--init-path=[Path to the docker-init binary]:docker-init binary:_files" \ "($help)*--insecure-registry=[Enable insecure registry communication]:registry: " \ "($help)--ip=[Default IP when binding container ports]" \ From 8d43f5593a113b87e3f9d15b2eedf2b073812378 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 17 Jan 2017 15:46:07 +0100 Subject: [PATCH 2253/2538] fix flag descriptions for content-trust Commit ed13c3abfb242905ec012e8255dc6f26dcf122f6 added flags for Docker Content Trust. Depending on the `verify` boolean, the message is "Skip image verification", or "Skip image signing". "Signing" is intended for `docker push` / `docker plugin push`. During the migration to Cobra, this boolean got flipped for `docker push` (9640e3a4514f96a890310757a09fd77a3c70e931), causing `docker push` to show the incorrect flag description. This patch changes the flags to use the correct description for `docker push`, and `docker plugin push`. To prevent this confusion in future, the boolean argument is removed, and a `AddTrustSigningFlags()` function is added. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/plugin_push.md | 5 +++-- docs/reference/commandline/push.md | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/plugin_push.md b/docs/reference/commandline/plugin_push.md index 2747f4c4a9..693dc3a130 100644 --- a/docs/reference/commandline/plugin_push.md +++ b/docs/reference/commandline/plugin_push.md @@ -14,12 +14,13 @@ keywords: "plugin, push" --> ```markdown -Usage: docker plugin push PLUGIN[:TAG] +Usage: docker plugin push PLUGIN[:TAG] Push a plugin to a registry Options: - --help Print usage + --disable-content-trust Skip image signing (default true) + --help Print usage ``` Use `docker plugin create` to create the plugin. Once the plugin is ready for distribution, diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index e36fd026d1..33cc399767 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -21,7 +21,7 @@ Usage: docker push [OPTIONS] NAME[:TAG] Push an image or a repository to a registry Options: - --disable-content-trust Skip image verification (default true) + --disable-content-trust Skip image signing (default true) --help Print usage ``` From f75cb34afaa3fdc46295191578515127255bb4f8 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Thu, 19 Jan 2017 12:25:16 -0800 Subject: [PATCH 2254/2538] plugins: add example docs for a rexray plugin Signed-off-by: Tibor Vass --- docs/extend/EBS_volume.md | 164 ++++++++++++++++++++++++++++++++++++++ docs/extend/index.md | 4 +- 2 files changed, 166 insertions(+), 2 deletions(-) create mode 100644 docs/extend/EBS_volume.md diff --git a/docs/extend/EBS_volume.md b/docs/extend/EBS_volume.md new file mode 100644 index 0000000000..8c64efa164 --- /dev/null +++ b/docs/extend/EBS_volume.md @@ -0,0 +1,164 @@ +--- +description: Volume plugin for Amazon EBS +keywords: "API, Usage, plugins, documentation, developer, amazon, ebs, rexray, volume" +title: Volume plugin for Amazon EBS +--- + + + +# A proof-of-concept Rexray plugin + +In this example, a simple Rexray plugin will be created for the purposes of using +it on an Amazon EC2 instance with EBS. It is not meant to be a complete Rexray plugin. + +The example source is available at [https://github.com/tiborvass/rexray-plugin](https://github.com/tiborvass/rexray-plugin). + +To learn more about Rexray: [https://github.com/codedellemc/rexray](https://github.com/codedellemc/rexray) + +## 1. Make a Docker image + +The following is the Dockerfile used to containerize rexray. + +```Dockerfile +FROM debian:jessie +RUN apt-get update && apt-get install -y --no-install-recommends wget ca-certificates +RUN wget https://dl.bintray.com/emccode/rexray/stable/0.6.4/rexray-Linux-x86_64-0.6.4.tar.gz -O rexray.tar.gz && tar -xvzf rexray.tar.gz -C /usr/bin && rm rexray.tar.gz +RUN mkdir -p /run/docker/plugins /var/lib/libstorage/volumes +ENTRYPOINT ["rexray"] +CMD ["--help"] +``` + +To build it you can run `image=$(cat Dockerfile | docker build -q -)` and `$image` +will reference the containerized rexray image. + +## 2. Extract rootfs + +```sh +$ TMPDIR=/tmp/rexray # for the purpose of this example +$ # create container without running it, to extract the rootfs from image +$ docker create --name rexray "$image" +$ # save the rootfs to a tar archive +$ docker export -o $TMPDIR/rexray.tar rexray +$ # extract rootfs from tar archive to a rootfs folder +$ ( mkdir -p $TMPDIR/rootfs; cd $TMPDIR/rootfs; tar xf ../rexray.tar ) +``` + +## 3. Add plugin configuration + +We have to put the following JSON to `$TMPDIR/config.json`: + +```json +{ + "Args": { + "Description": "", + "Name": "", + "Settable": null, + "Value": null + }, + "Description": "A proof-of-concept EBS plugin (using rexray) for Docker", + "Documentation": "https://github.com/tiborvass/rexray-plugin", + "Entrypoint": [ + "/usr/bin/rexray", "service", "start", "-f" + ], + "Env": [ + { + "Description": "", + "Name": "REXRAY_SERVICE", + "Settable": [ + "value" + ], + "Value": "ebs" + }, + { + "Description": "", + "Name": "EBS_ACCESSKEY", + "Settable": [ + "value" + ], + "Value": "" + }, + { + "Description": "", + "Name": "EBS_SECRETKEY", + "Settable": [ + "value" + ], + "Value": "" + } + ], + "Interface": { + "Socket": "rexray.sock", + "Types": [ + "docker.volumedriver/1.0" + ] + }, + "Linux": { + "AllowAllDevices": true, + "Capabilities": ["CAP_SYS_ADMIN"], + "Devices": null + }, + "Mounts": [ + { + "Source": "/dev", + "Destination": "/dev", + "Type": "bind", + "Options": ["rbind"] + } + ], + "Network": { + "Type": "host" + }, + "PropagatedMount": "/var/lib/libstorage/volumes", + "User": {}, + "WorkDir": "" +} +``` + +Please note a couple of points: +- `PropagatedMount` is needed so that the docker daemon can see mounts done by the +rexray plugin from within the container, otherwise the docker daemon is not able +to mount a docker volume. +- The rexray plugin needs dynamic access to host devices. For that reason, we +have to give it access to all devices under `/dev` and set `AllowAllDevices` to +true for proper access. +- The user of this simple plugin can change only 3 settings: `REXRAY_SERVICE`, +`EBS_ACCESSKEY` and `EBS_SECRETKEY`. This is because of the reduced scope of this +plugin. Ideally other rexray parameters could also be set. + +## 4. Create plugin + +`docker plugin create tiborvass/rexray-plugin "$TMPDIR"` will create the plugin. + +```sh +$ docker plugin ls +ID NAME DESCRIPTION ENABLED +2475a4bd0ca5 tiborvass/rexray-plugin:latest A rexray volume plugin for Docker false +``` + +## 5. Test plugin + +```sh +$ docker plugin set tiborvass/rexray-plugin EBS_ACCESSKEY=$AWS_ACCESSKEY EBS_SECRETKEY=$AWS_SECRETKEY` +$ docker plugin enable tiborvass/rexray-plugin +$ docker volume create -d tiborvass/rexray-plugin my-ebs-volume +$ docker volume ls +DRIVER VOLUME NAME +tiborvass/rexray-plugin:latest my-ebs-volume +$ docker run --rm -v my-ebs-volume:/volume busybox sh -c 'echo bye > /volume/hi' +$ docker run --rm -v my-ebs-volume:/volume busybox cat /volume/hi +bye +``` + +## 6. Push plugin + +First, ensure you are logged in with `docker login`. Then you can run: +`docker plugin push tiborvass/rexray-plugin` to push it like a regular docker +image to a registry, to make it available for others to install via +`docker plugin install tiborvass/rexray-plugin EBS_ACCESSKEY=$AWS_ACCESSKEY EBS_SECRETKEY=$AWS_SECRETKEY`. diff --git a/docs/extend/index.md b/docs/extend/index.md index e7a62ba758..2687fd4311 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -154,7 +154,7 @@ This plugin is a volume driver. It requires a `host` network and the entrypoint and uses the `/run/docker/plugins/sshfs.sock` socket to communicate with Docker Engine. This plugin has no runtime parameters. -### Creating the plugin +#### Creating the plugin A new plugin can be created by running `docker plugin create ./path/to/plugin/data` where the plugin @@ -163,4 +163,4 @@ in subdirectory `rootfs`. After that the plugin `` will show up in `docker plugin ls`. Plugins can be pushed to remote registries with -`docker plugin push `. \ No newline at end of file +`docker plugin push `. From 046aa9aa23145dd3e4139c51281eb028be150006 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 23 Jan 2017 19:05:00 +0100 Subject: [PATCH 2255/2538] Add bash completion for `docker service ps --filter node` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a4085844a2..9b00929341 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2710,11 +2710,15 @@ _docker_service_ps() { __docker_complete_services --cur "${cur##*=}" --name return ;; + node) + __docker_complete_nodes_plus_self --cur "${cur##*=}" + return + ;; esac case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -W "desired-state id name" -S = -- "$cur" ) ) + COMPREPLY=( $( compgen -W "desired-state id name node" -S = -- "$cur" ) ) __docker_nospace return ;; From e541799eedb5f729752665a152313501686ae078 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 4 Jan 2017 15:17:54 -0800 Subject: [PATCH 2256/2538] Add `.CreatedAt` placeholder for `docker network ls --format` This fix tries to add a placeholder `.CreatedAt` for Go format template in `docker network ls --format`. While working on 29226, I noticed that it is not possible to display network's creation time in `docker network ls`, with or without `--format`. We are able to find the timestamp through `docker network inspect` though. However, as we allows networks to be pruned based on the timestamp (see 29226), showing the timestamp in `docker network ls --format` would be much useful now. This fix adds the `.CreatedAt` placeholder for `docker network ls --format`. The default output was not changed for `docker network ls --format`. A test case for unit tests has been added. Signed-off-by: Yong Tang --- docs/reference/commandline/network_ls.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index a4f671d569..f0542d1e26 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -182,16 +182,17 @@ using a Go template. Valid placeholders for the Go template are listed below: -Placeholder | Description -------------|------------------------------------------------------------------------------------------ -`.ID` | Network ID -`.Name` | Network name -`.Driver` | Network driver -`.Scope` | Network scope (local, global) -`.IPv6` | Whether IPv6 is enabled on the network or not. -`.Internal` | Whether the network is internal or not. -`.Labels` | All labels assigned to the network. -`.Label` | Value of a specific label for this network. For example `{{.Label "project.version"}}` +Placeholder | Description +-------------|------------------------------------------------------------------------------------------ +`.ID` | Network ID +`.Name` | Network name +`.Driver` | Network driver +`.Scope` | Network scope (local, global) +`.IPv6` | Whether IPv6 is enabled on the network or not. +`.Internal` | Whether the network is internal or not. +`.Labels` | All labels assigned to the network. +`.Label` | Value of a specific label for this network. For example `{{.Label "project.version"}}` +`.CreatedAt` | Time when the network was created When using the `--format` option, the `network ls` command will either output the data exactly as the template declares or, when using the From 4489f4ab10ae8d737cc715f601745533f4592877 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 23 Jan 2017 18:24:51 +0100 Subject: [PATCH 2257/2538] Fix bash completion for `docker plugin ls` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9b00929341..84855dd345 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3327,9 +3327,15 @@ _docker_plugin_list() { } _docker_plugin_ls() { + case "$prev" in + --format) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --no-trunc --format --quiet" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format --help --no-trunc --quiet -q" -- "$cur" ) ) ;; esac } From 6e6d6edd08f4ea3110b02c2f9a672936c702b0ee Mon Sep 17 00:00:00 2001 From: Michael Irwin Date: Mon, 23 Jan 2017 12:06:53 -0500 Subject: [PATCH 2258/2538] Fixed secret creation usage during service create in docs Using source, the following error is made: invalid field in secret request: src Signed-off-by: Michael Irwin --- docs/reference/commandline/service_create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index c1f827984b..c9e298096b 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -137,7 +137,7 @@ Create a service specifying the secret, target, user/group ID and mode: ```bash $ docker service create --name redis \ --secret source=ssh-key,target=ssh \ - --secret src=app-key,target=app,uid=1000,gid=1001,mode=0400 \ + --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 \ redis:3.0.6 4cdgfyky7ozwh3htjfw0d12qv ``` From 75d90a8a182831fe9d6e16472220110806236188 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 18 Jan 2017 16:01:36 +0100 Subject: [PATCH 2259/2538] Improve bash completion for `docker run --cap-{add,drop}` Docker has several capabilities enabled by default and some not. It seems natural to follow this distinction in --cap-add and --cap-drop. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 52 +++++++++++++++++++++------------- 1 file changed, 33 insertions(+), 19 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 84855dd345..40112d90b4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -591,38 +591,25 @@ __docker_complete_local_interfaces() { COMPREPLY=( $( compgen -W "$(__docker_local_interfaces) $additional_interface" -- "$cur" ) ) } -__docker_complete_capabilities() { - # The list of capabilities is defined in types.go, ALL was added manually. +# __docker_complete_capabilities_addable completes Linux capabilities which are +# not granted by default and may be added. +# see https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities +__docker_complete_capabilities_addable() { COMPREPLY=( $( compgen -W " ALL AUDIT_CONTROL - AUDIT_WRITE - AUDIT_READ BLOCK_SUSPEND - CHOWN - DAC_OVERRIDE DAC_READ_SEARCH - FOWNER - FSETID IPC_LOCK IPC_OWNER - KILL LEASE LINUX_IMMUTABLE MAC_ADMIN MAC_OVERRIDE - MKNOD NET_ADMIN - NET_BIND_SERVICE NET_BROADCAST - NET_RAW - SETFCAP - SETGID - SETPCAP - SETUID SYS_ADMIN SYS_BOOT - SYS_CHROOT SYSLOG SYS_MODULE SYS_NICE @@ -636,6 +623,29 @@ __docker_complete_capabilities() { " -- "$cur" ) ) } +# __docker_complete_capabilities_droppable completes Linux capability options which are +# allowed by default and can be dropped. +# see https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities +__docker_complete_capabilities_droppable() { + COMPREPLY=( $( compgen -W " + ALL + AUDIT_WRITE + CHOWN + DAC_OVERRIDE + FOWNER + FSETID + KILL + MKNOD + NET_BIND_SERVICE + NET_RAW + SETFCAP + SETGID + SETPCAP + SETUID + SYS_CHROOT + " -- "$cur" ) ) +} + __docker_complete_detach-keys() { case "$prev" in --detach-keys) @@ -1443,8 +1453,12 @@ _docker_container_run() { COMPREPLY=( $( compgen -W 'stdin stdout stderr' -- "$cur" ) ) return ;; - --cap-add|--cap-drop) - __docker_complete_capabilities + --cap-add) + __docker_complete_capabilities_addable + return + ;; + --cap-drop) + __docker_complete_capabilities_droppable return ;; --cidfile|--env-file|--label-file) From 1a5f49057c58c4ee55d5ce2cf6d33eef91a7d724 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 23 Jan 2017 18:48:21 +0100 Subject: [PATCH 2260/2538] Fix bash completion for `docker service update` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 40112d90b4..1d55bb068d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2769,7 +2769,6 @@ _docker_service_update() { --mount --network --no-healthcheck - --publish -p --replicas --reserve-cpu --reserve-memory @@ -2807,7 +2806,7 @@ _docker_service_update() { --host --mode --name - --publish + --publish -p --secret " From a91e0c5b33cc166b69f4d3ff49cf08f4bc9a9fc5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 24 Jan 2017 10:00:18 +0100 Subject: [PATCH 2261/2538] Add missing options to bash completion for `docker swarm init|update` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1d55bb068d..06df9674a4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2969,6 +2969,13 @@ _docker_swarm_init() { fi return ;; + --availability) + COMPREPLY=( $( compgen -W "active drain pause" -- "$cur" ) ) + return + ;; + --cert-expiry|--dispatcher-heartbeat|--external-ca|--max-snapshots|--snapshot-interval|--task-history-limit) + return + ;; --listen-addr) if [[ $cur == *: ]] ; then COMPREPLY=( $( compgen -W "2377" -- "${cur##*:}" ) ) @@ -2982,7 +2989,7 @@ _docker_swarm_init() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--advertise-addr --force-new-cluster --help --listen-addr" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--advertise-addr --autolock --availability --cert-expiry --dispatcher-heartbeat --external-ca --force-new-cluster --help --listen-addr --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) ) ;; esac } @@ -3050,14 +3057,14 @@ _docker_swarm_leave() { _docker_swarm_update() { case "$prev" in - --cert-expiry|--dispatcher-heartbeat|--max-snapshots|--snapshot-interval|--task-history-limit) + --cert-expiry|--dispatcher-heartbeat|--external-ca|--max-snapshots|--snapshot-interval|--task-history-limit) return ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--cert-expiry --dispatcher-heartbeat --help --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--autolock --cert-expiry --dispatcher-heartbeat --external-ca --help --max-snapshots --snapshot-interval --task-history-limit" -- "$cur" ) ) ;; esac } From 24bf7b830a7fcd8f8cf6df817695e970f4e72b2b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 24 Jan 2017 10:11:38 +0100 Subject: [PATCH 2262/2538] Add bash completion for `docker swarm unlock|unlock-key` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 06df9674a4..31c2642d17 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2944,6 +2944,8 @@ _docker_swarm() { join join-token leave + unlock + unlock-key update " __docker_subcommands "$subcommands" && return @@ -3055,6 +3057,22 @@ _docker_swarm_leave() { esac } +_docker_swarm_unlock() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + esac +} + +_docker_swarm_unlock-key() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) ) + ;; + esac +} + _docker_swarm_update() { case "$prev" in --cert-expiry|--dispatcher-heartbeat|--external-ca|--max-snapshots|--snapshot-interval|--task-history-limit) From 3cb11c99b3a83f9afdbd24211a12146c5d4924f0 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 3 Jan 2017 14:46:37 +0100 Subject: [PATCH 2263/2538] Add zsh completion for 'docker plugin install --alias' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 7abcd8f3ac..a822605d1a 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1521,11 +1521,17 @@ __docker_plugin_subcommand() { opts_help=("(: -)--help[Print usage]") case "$words[1]" in - (disable|enable|inspect|install|ls|push|rm) + (disable|enable|inspect|ls|push|rm) _arguments $(__docker_arguments) \ $opts_help \ "($help -)1:plugin:__docker_complete_plugins" && ret=0 ;; + (install) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--alias=[Local name for plugin]:alias: " \ + "($help -)1:plugin:__docker_complete_plugins" && ret=0 + ;; (set) _arguments $(__docker_arguments) \ $opts_help \ From 128549e3545713bd4f6546421dd9f22b40ef7c04 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 19 Jan 2017 08:33:05 -0800 Subject: [PATCH 2264/2538] Add bash completion for `run|create --init-path` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 31c2642d17..8100e00845 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1345,6 +1345,7 @@ _docker_container_run() { --expose --group-add --hostname -h + --init-path --ip --ip6 --ipc @@ -1461,7 +1462,7 @@ _docker_container_run() { __docker_complete_capabilities_droppable return ;; - --cidfile|--env-file|--label-file) + --cidfile|--env-file|--init-path|--label-file) _filedir return ;; From da15de5f1b5deb36f9629fb4a530a67fcf1e3cb7 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 19 Jan 2017 08:47:01 -0800 Subject: [PATCH 2265/2538] Add docs for `run|create --init|--init-path` Signed-off-by: Harald Albers --- docs/reference/commandline/create.md | 2 ++ docs/reference/commandline/run.md | 2 ++ man/docker-run.1.md | 10 +++++++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 439e75fac9..253c72da70 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -63,6 +63,8 @@ Options: --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) --help Print usage -h, --hostname string Container host name + --init Run an init inside the container that forwards signals and reaps processes + --init-path string Path to the docker-init binary -i, --interactive Keep STDIN open even if not attached --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) --io-maxiops uint Maximum IOps limit for the system drive (Windows only) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index d1f12a90ee..9bacea4b1f 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -67,6 +67,8 @@ Options: --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) --help Print usage -h, --hostname string Container host name + --init Run an init inside the container that forwards signals and reaps processes + --init-path string Path to the docker-init binary -i, --interactive Keep STDIN open even if not attached --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) (Windows only). The format is ``. diff --git a/man/docker-run.1.md b/man/docker-run.1.md index fe671e54aa..4e03331521 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -41,6 +41,8 @@ docker-run - Run a command in a new container [**--group-add**[=*[]*]] [**-h**|**--hostname**[=*HOSTNAME*]] [**--help**] +[**--init**] +[**--init-path**[=*[]*]] [**-i**|**--interactive**] [**--ip**[=*IPv4-ADDRESS*]] [**--ip6**[=*IPv6-ADDRESS*]] @@ -309,7 +311,13 @@ redirection on the host system. Sets the container host name that is available inside the container. **--help** - Print usage statement + Print usage statement + +**--init** + Run an init inside the container that forwards signals and reaps processes + +**--init-path**="" + Path to the docker-init binary **-i**, **--interactive**=*true*|*false* Keep STDIN open even if not attached. The default is *false*. From 4577834e8c7e057c24487076ccded7e98f9e7777 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Thu, 19 Jan 2017 09:04:51 +0100 Subject: [PATCH 2266/2538] Add zsh completion for multiple service for 'docker service ps' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a822605d1a..813f7a7181 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1876,7 +1876,7 @@ __docker_service_subcommand() { "($help)--no-resolve[Do not map IDs to Names]" \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only display task IDs]" \ - "($help -)1:service:__docker_complete_services" && ret=0 + "($help -)*:service:__docker_complete_services" && ret=0 case $state in (filter-options) __docker_service_complete_ps_filters && ret=0 From 5f791f6b6a12cee8a77c7a377c4b8822a92bd979 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 23 Jan 2017 19:35:55 +0100 Subject: [PATCH 2267/2538] Fix bash completion for completing nodes Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8100e00845..79a82d8b3f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -361,18 +361,33 @@ __docker_complete_stacks() { # An optional first option `--id|--name` may be used to limit the # output to the IDs or names of matching items. This setting takes # precedence over the environment setting. +# Completions may be added with `--add`, e.g. `--add self`. __docker_nodes() { + local add=() local fields='$2' # default: node name only [ "${DOCKER_COMPLETION_SHOW_NODE_IDS}" = yes ] && fields='$1,$2' # ID and name - if [ "$1" = "--id" ] ; then - fields='$1' # IDs only - shift - elif [ "$1" = "--name" ] ; then - fields='$2' # names only - shift - fi - __docker_q node ls "$@" | tr -d '*' | awk "NR>1 {print $fields}" + while true ; do + case "$1" in + --id) + fields='$1' # IDs only + shift + ;; + --name) + fields='$2' # names only + shift + ;; + --add) + add+=("$2") + shift 2 + ;; + *) + break + ;; + esac + done + + echo $(__docker_q node ls "$@" | tr -d '*' | awk "NR>1 {print $fields}") "${add[@]}" } # __docker_complete_nodes applies completion of nodes based on the current @@ -388,8 +403,7 @@ __docker_complete_nodes() { } __docker_complete_nodes_plus_self() { - __docker_complete_nodes "$@" - COMPREPLY+=( self ) + __docker_complete_nodes --add self "$@" } # __docker_services returns a list of all services. Additional options to From 070542558462fa77f521abf736ad39586403686b Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 29 Nov 2016 15:08:28 +0800 Subject: [PATCH 2268/2538] update incorrect url in docs Signed-off-by: allencloud --- docs/reference/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/index.md b/docs/reference/index.md index 01ac341617..f24c342dfc 100644 --- a/docs/reference/index.md +++ b/docs/reference/index.md @@ -18,4 +18,4 @@ keywords: "Engine" * [Dockerfile reference](builder.md) * [Docker run reference](run.md) * [Command line reference](commandline/index.md) -* [API Reference](api/index.md) +* [API Reference](https://docs.docker.com/engine/api/) From 46c619655f98ea5096e7ea311779fa32a3ce9dd2 Mon Sep 17 00:00:00 2001 From: Timothy Hobbs Date: Mon, 2 Jan 2017 22:06:46 +0100 Subject: [PATCH 2269/2538] Docs: Be more clear when specifying valid formats for strings - Use the word letter rather than character to refer to letters ;) when trying to specify that only letters and numbers can be used, and not ANY character... - Small corrections Fixes #29821 Signed-off-by: Timothy Hobbs --- docs/reference/commandline/tag.md | 8 ++++---- man/src/image/tag.md | 9 +++++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index 983bfe27b2..ebb4c23c10 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -29,13 +29,13 @@ by a registry hostname. The hostname must comply with standard DNS rules, but may not contain underscores. If a hostname is present, it may optionally be followed by a port number in the format `:8080`. If not present, the command uses Docker's public registry located at `registry-1.docker.io` by default. Name -components may contain lowercase characters, digits and separators. A separator +components may contain lowercase letters, digits and separators. A separator is defined as a period, one or two underscores, or one or more dashes. A name component may not start or end with a separator. -A tag name may contain lowercase and uppercase characters, digits, underscores, -periods and dashes. A tag name may not start with a period or a dash and may -contain a maximum of 128 characters. +A tag name must be valid ASCII and may contain lowercase and uppercase letters, +digits, underscores, periods and dashes. A tag name may not start with a +period or a dash and may contain a maximum of 128 characters. You can group your images together using names and tags, and then upload them to [*Share Images via Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub). diff --git a/man/src/image/tag.md b/man/src/image/tag.md index 25c1f785d4..16abd75290 100644 --- a/man/src/image/tag.md +++ b/man/src/image/tag.md @@ -9,15 +9,16 @@ entire image name including the optional `TAG` after the ':'. present, it may optionally be followed by a port number in the format `:8080`. If not present, the command uses Docker's public registry located at `registry-1.docker.io` by default. Name components may contain lowercase - characters, digits and separators. A separator is defined as a period, one or + letters, digits and separators. A separator is defined as a period, one or two underscores, or one or more dashes. A name component may not start or end with a separator. **TAG** The tag assigned to the image to version and distinguish images with the same - name. The tag name may contain lowercase and uppercase characters, digits, - underscores, periods and dashes. A tag name may not start with a period or a - dash and may contain a maximum of 128 characters. + name. The tag name must be valid ASCII and may contain lowercase and + uppercase letters, digits, underscores, periods and hyphens. A tag name + may not start with a period or a hyphen and may contain a maximum of 128 + characters. # EXAMPLES From d9dbe8b6f6829c419d20d689b6c9581972b4c6ad Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 25 Jan 2017 10:24:27 +0100 Subject: [PATCH 2270/2538] Add windows specific bash completion for `docker run|create` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 79a82d8b3f..3125470e46 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -456,6 +456,18 @@ __docker_is_experimental() { [ "$(__docker_q version -f '{{.Server.Experimental}}')" = "true" ] } +# __docker_daemon_os_is tests whether the currently configured Docker daemon runs +# on the operating system passed in as the first argument. +# It does so by querying the daemon for its OS. The result is cached for the duration +# of one invocation of bash completion so that this function can be used to test for +# several different operating systems without additional costs. +# Known operating systems: linux, windows. +__docker_daemon_os_is() { + local expected_os="$1" + local actual_os=${daemon_os=$(__docker_q version -f '{{.Server.Os}}')} + [ "$actual_os" = "$expected_os" ] +} + # __docker_pos_first_nonflag finds the position of the first word that is neither # option nor an option's argument. If there are options that require arguments, # you should pass a glob describing those options, e.g. "--option1|-o|--option2" @@ -1401,6 +1413,13 @@ _docker_container_run() { --volume -v --workdir -w " + __docker_daemon_os_is windows && options_with_args+=" + --cpu-count + --cpu-percent + --credentialspec + --io-maxbandwidth + --io-maxiops + " local boolean_options=" --disable-content-trust=false @@ -4146,7 +4165,7 @@ _docker() { --tlskey " - local host config + local host config daemon_os COMPREPLY=() local cur prev words cword From 3494343b71f01a4b237574a82c2293f8dc8f66cf Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 25 Jan 2017 10:29:50 +0100 Subject: [PATCH 2271/2538] Hide bash completion for `docker run|create|build --isolation` on non-windows Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 3125470e46..7c3ea4926f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1375,7 +1375,6 @@ _docker_container_run() { --ip --ip6 --ipc - --isolation --kernel-memory --label-file --label -l @@ -1419,6 +1418,7 @@ _docker_container_run() { --credentialspec --io-maxbandwidth --io-maxiops + --isolation " local boolean_options=" @@ -1537,8 +1537,10 @@ _docker_container_run() { return ;; --isolation) - __docker_complete_isolation - return + if __docker_daemon_os_is windows ; then + __docker_complete_isolation + return + fi ;; --link) case "$cur" in @@ -2042,7 +2044,6 @@ _docker_image_build() { --cpu-period --cpu-quota --file -f - --isolation --label --memory -m --memory-swap @@ -2051,6 +2052,9 @@ _docker_image_build() { --tag -t --ulimit " + __docker_daemon_os_is windows && options_with_args+=" + --isolation + " local boolean_options=" --compress @@ -2081,8 +2085,10 @@ _docker_image_build() { return ;; --isolation) - __docker_complete_isolation - return + if __docker_daemon_os_is windows ; then + __docker_complete_isolation + return + fi ;; --network) case "$cur" in From a88fb3678d3f2c848db48bcc086b8c6cbd65e152 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 25 Jan 2017 10:33:09 +0100 Subject: [PATCH 2272/2538] Rename helper function in bash completion for consistency Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7c3ea4926f..639702a5e2 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -449,10 +449,10 @@ __docker_append_to_completions() { COMPREPLY=( ${COMPREPLY[@]/%/"$1"} ) } -# __docker_is_experimental tests whether the currently configured Docker daemon -# runs in experimental mode. If so, the function exits with 0 (true). +# __docker_daemon_is_experimental tests whether the currently configured Docker +# daemon runs in experimental mode. If so, the function exits with 0 (true). # Otherwise, or if the result cannot be determined, the exit value is 1 (false). -__docker_is_experimental() { +__docker_daemon_is_experimental() { [ "$(__docker_q version -f '{{.Server.Experimental}}')" = "true" ] } @@ -920,7 +920,7 @@ _docker_docker() { *) local counter=$( __docker_pos_first_nonflag "$(__docker_to_extglob "$global_options_with_args")" ) if [ $cword -eq $counter ]; then - __docker_is_experimental && commands+=(${experimental_commands[*]}) + __docker_daemon_is_experimental && commands+=(${experimental_commands[*]}) COMPREPLY=( $( compgen -W "${commands[*]} help" -- "$cur" ) ) fi ;; @@ -1969,7 +1969,7 @@ _docker_daemon() { } _docker_deploy() { - __docker_is_experimental && _docker_stack_deploy + __docker_daemon_is_experimental && _docker_stack_deploy } _docker_diff() { @@ -2066,7 +2066,7 @@ _docker_image_build() { --quiet -q --rm " - __docker_is_experimental && boolean_options+="--squash" + __docker_daemon_is_experimental && boolean_options+="--squash" local all_options="$options_with_args $boolean_options" @@ -3647,7 +3647,7 @@ _docker_stack() { _docker_stack_deploy() { case "$prev" in --bundle-file) - if __docker_is_experimental ; then + if __docker_daemon_is_experimental ; then _filedir dab return fi @@ -3661,7 +3661,7 @@ _docker_stack_deploy() { case "$cur" in -*) local options="--compose-file -c --help --with-registry-auth" - __docker_is_experimental && options+=" --bundle-file" + __docker_daemon_is_experimental && options+=" --bundle-file" COMPREPLY=( $( compgen -W "$options" -- "$cur" ) ) ;; esac From 7953201f9d1e82c29cfbbcd51a028a52586c247b Mon Sep 17 00:00:00 2001 From: Janonymous Date: Fri, 27 Jan 2017 09:32:19 +0300 Subject: [PATCH 2273/2538] Fix json format of plugin Signed-off-by: Janonymous --- docs/extend/plugin_api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugin_api.md b/docs/extend/plugin_api.md index e299a0991e..693b77a2f3 100644 --- a/docs/extend/plugin_api.md +++ b/docs/extend/plugin_api.md @@ -79,7 +79,7 @@ This is the JSON format for a plugin: "InsecureSkipVerify": false, "CAFile": "/usr/shared/docker/certs/example-ca.pem", "CertFile": "/usr/shared/docker/certs/example-cert.pem", - "KeyFile": "/usr/shared/docker/certs/example-key.pem", + "KeyFile": "/usr/shared/docker/certs/example-key.pem" } } ``` From f38bb9561937e2282dbe3c99acd917a27ae837a2 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 26 Jan 2017 17:33:35 +0100 Subject: [PATCH 2274/2538] Use native call for listing plugins in bash completion `docker plugin ls` now has `--format`, so there is no more need for postprocessing raw `docker plugin ls` output with `awk` any more. This will make generation of plugin lists robust against changes in `docker plugin ls` output. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 639702a5e2..f386791df7 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -291,13 +291,13 @@ __docker_complete_plugins_bundled() { # Set DOCKER_COMPLETION_SHOW_PLUGIN_IDS=yes to also complete IDs. # For built-in pugins, see `__docker_plugins_bundled`. __docker_plugins_installed() { - local fields + local format if [ "$DOCKER_COMPLETION_SHOW_PLUGIN_IDS" = yes ] ; then - fields='$1,$2' + format='{{.ID}} {{.Name}}' else - fields='$2' + format='{{.Name}}' fi - __docker_q plugin ls | awk "NR>1 {print $fields}" + __docker_q plugin ls --format "$format" } # __docker_complete_plugins_installed applies completion of plugins that were installed From 5027bc659680cc8814fe888e9533e917a637c4d9 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 27 Jan 2017 16:17:02 +0100 Subject: [PATCH 2275/2538] Add [OPTIONS] to usage of `plugin disable|push` Signed-off-by: Harald Albers --- docs/reference/commandline/plugin_disable.md | 2 +- docs/reference/commandline/plugin_push.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index f054fd066a..e8d16c4253 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -16,7 +16,7 @@ keywords: "plugin, disable" # plugin disable ```markdown -Usage: docker plugin disable PLUGIN +Usage: docker plugin disable [OPTIONS] PLUGIN Disable a plugin diff --git a/docs/reference/commandline/plugin_push.md b/docs/reference/commandline/plugin_push.md index 693dc3a130..d6f326d6de 100644 --- a/docs/reference/commandline/plugin_push.md +++ b/docs/reference/commandline/plugin_push.md @@ -14,7 +14,7 @@ keywords: "plugin, push" --> ```markdown -Usage: docker plugin push PLUGIN[:TAG] +Usage: docker plugin push [OPTIONS] PLUGIN[:TAG] Push a plugin to a registry From a4acd7887f72f6da4a9ccacd82fd5e2aaf8f88f8 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 27 Jan 2017 13:39:26 -0800 Subject: [PATCH 2276/2538] Update bash and zsh completion for aws-create-group This commit updates bash and zsh completion for aws-create-group. Signed-off-by: Yong Tang --- contrib/completion/bash/docker | 2 +- contrib/completion/zsh/_docker | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f386791df7..e6fca33862 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -713,7 +713,7 @@ __docker_complete_log_drivers() { __docker_complete_log_options() { # see docs/reference/logging/index.md - local awslogs_options="awslogs-region awslogs-group awslogs-stream" + local awslogs_options="awslogs-region awslogs-group awslogs-stream awslogs-create-group" local fluentd_options="env fluentd-address fluentd-async-connect fluentd-buffer-limit fluentd-retry-wait fluentd-max-retries labels tag" local gcplogs_options="env gcp-log-cmd gcp-project labels" local gelf_options="env gelf-address gelf-compression-level gelf-compression-type labels tag" diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 813f7a7181..a76414c921 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -223,7 +223,7 @@ __docker_get_log_options() { local log_driver=${opt_args[--log-driver]:-"all"} local -a awslogs_options fluentd_options gelf_options journald_options json_file_options logentries_options syslog_options splunk_options - awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream") + awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream" "awslogs-create-group") fluentd_options=("env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag") gcplogs_options=("env" "gcp-log-cmd" "gcp-project" "labels") gelf_options=("env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag") From bdf88a6e676e719a3de2e0bf32739cee752d319c Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 27 Jan 2017 18:20:01 +0100 Subject: [PATCH 2277/2538] Add bash completion for `docker service logs` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index e6fca33862..08eb8c6cb3 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2662,6 +2662,8 @@ _docker_service() { ps update " + __docker_daemon_is_experimental && subcommands+="logs" + __docker_subcommands "$subcommands" && return case "$cur" in @@ -2694,6 +2696,26 @@ _docker_service_inspect() { esac } +_docker_service_logs() { + case "$prev" in + --since|--tail) + return + ;; + esac + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--details --follow -f --help --no-resolve --since --tail --timestamps -t" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag '--since|--tail') + if [ $cword -eq $counter ]; then + __docker_complete_services + fi + ;; + esac +} + _docker_service_list() { _docker_service_ls } From 79479e040fee76e5c109193b57fb8860085aee9a Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Fri, 27 Jan 2017 14:45:06 -0800 Subject: [PATCH 2278/2538] Add docs for service create based on plugins. Signed-off-by: Anusha Ragunathan --- docs/extend/index.md | 56 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/docs/extend/index.md b/docs/extend/index.md index 2687fd4311..1410b205e5 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -107,6 +107,62 @@ remove it, use the `docker plugin remove` command. For other available commands and options, see the [command line reference](../reference/commandline/index.md). +## Service creation using plugins + +In swarm mode, it is possible to create a service that allows for attaching +to networks or mounting volumes. Swarm schedules services based on plugin availability +on a node. In this example, a volume plugin is installed on a swarm worker and a volume +is created using the plugin. In the manager, a service is created with the relevant +mount options. It can be observed that the service is scheduled to run on the worker +node with the said volume plugin and volume. + +In the following example, node1 is the manager and node2 is the worker. + +1. Prepare manager. In node 1: + + ```bash + $ docker swarm init + Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager. + ``` + +2. Join swarm, install plugin and create volume on worker. In node 2: + + ```bash + $ docker swarm join \ + --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \ + 192.168.99.100:2377 + ``` + + ```bash + $ docker plugin install tiborvass/sample-volume-plugin + latest: Pulling from tiborvass/sample-volume-plugin + eb9c16fbdc53: Download complete + Digest: sha256:00b42de88f3a3e0342e7b35fa62394b0a9ceb54d37f4c50be5d3167899994639 + Status: Downloaded newer image for tiborvass/sample-volume-plugin:latest + Installed plugin tiborvass/sample-volume-plugin + ``` + + ```bash + $ docker volume create -d tiborvass/sample-volume-plugin --name pluginVol + ``` + +3. Create a service using the plugin and volume. In node1: + + ```bash + $ docker service create --name my-service --mount type=volume,volume-driver=tiborvass/sample-volume-plugin,source=pluginVol,destination=/tmp busybox top + + $ docker service ls + z1sj8bb8jnfn my-service replicated 1/1 busybox:latest + ``` + docker service ls shows service 1 instance of service running. + +4. Observe the task getting scheduled in node 2: + + ```bash + $ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}' + 83fc1e842599 Up 2 days my-service.1.9jn59qzn7nbc3m0zt1hij12xs "top" + ``` + ## Developing a plugin #### The rootfs directory From 8235af9772106b0c58c28ffe3d19712dda518493 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sat, 14 Jan 2017 00:12:19 -0800 Subject: [PATCH 2279/2538] Add `--read-only` for `service create` and `service update` This fix tries to address the issue raised in 29972 where it was not possible to specify `--read-only` for `docker service create` and `docker service update`, in order to have the container's root file system to be read only. This fix adds `--read-only` and update the `ReadonlyRootfs` in `HostConfig` through `service create` and `service update`. Related docs has been updated. Integration test has been added. This fix fixes 29972. Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 1 + docs/reference/commandline/service_update.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index c9e298096b..08771272a7 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -48,6 +48,7 @@ Options: --network list Network attachments (default []) --no-healthcheck Disable any container-specified HEALTHCHECK -p, --publish port Publish a port as a node port + --read-only Mount the container's root filesystem as read only --replicas uint Number of tasks --reserve-cpu decimal Reserve CPUs (default 0.000) --reserve-memory bytes Reserve Memory (default 0 B) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 301a0eabe8..654c59b875 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -58,6 +58,7 @@ Options: --no-healthcheck Disable any container-specified HEALTHCHECK --publish-add port Add or update a published port --publish-rm port Remove a published port by its target port + --read-only Mount the container's root filesystem as read only --replicas uint Number of tasks --reserve-cpu decimal Reserve CPUs (default 0.000) --reserve-memory bytes Reserve Memory (default 0 B) From 2fade897b98f58a56b9be90408cf9050be097194 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 30 Jan 2017 13:21:25 -0800 Subject: [PATCH 2280/2538] Update bash and zsh completion for `service create/update --read-only` This commit updates bash and zsh completion for flag `--read-only` in `service create/update`. Signed-off-by: Yong Tang --- contrib/completion/bash/docker | 1 + contrib/completion/zsh/_docker | 1 + 2 files changed, 2 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 08eb8c6cb3..4bfeb88990 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2851,6 +2851,7 @@ _docker_service_update() { local boolean_options=" --help + --read-only --tty -t --with-registry-auth " diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a76414c921..22e3a319cf 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1795,6 +1795,7 @@ __docker_service_subcommand() { "($help)*--network=[Network attachments]:network: " "($help)--no-healthcheck[Disable any container-specified HEALTHCHECK]" "($help)*"{-p=,--publish=}"[Publish a port as a node port]:port: " + "($help)--read-only[Mount the container's root filesystem as read only]" "($help)--replicas=[Number of tasks]:replicas: " "($help)--reserve-cpu=[Reserve CPUs]:value: " "($help)--reserve-memory=[Reserve Memory]:value: " From 9fcf59f2e2614b26e4ab2adb0016a41e4a87abd3 Mon Sep 17 00:00:00 2001 From: jroenf Date: Tue, 31 Jan 2017 22:54:16 +0100 Subject: [PATCH 2281/2538] Fix syntax in example Signed-off-by: Jeroen Franse --- docs/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 4c9ae7fbaf..e22e543908 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -709,7 +709,7 @@ it instead, as it enables setting any metadata you require, and can be viewed easily, for example with `docker inspect`. To set a label corresponding to the `MAINTAINER` field you could use: - LABEL maintainer "SvenDowideit@home.org.au" + LABEL maintainer="SvenDowideit@home.org.au" This will then be visible from `docker inspect` with the other labels. From b8df00a4b414adfe285952c30a7a70844c1418b1 Mon Sep 17 00:00:00 2001 From: David Williamson Date: Mon, 9 Jan 2017 15:24:20 -0800 Subject: [PATCH 2282/2538] Provide password to volume create command * Depending on the host configuration between the docker engine and the remote host we wish to mount using sshfs, a password may be required. * Confirmed syntax for optional parameter with @vieux * Verified change works as desired with engine running on Ubuntu host and mounting a volume from a file system on a Mac. Signed-off-by: David Williamson --- docs/extend/index.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index 1410b205e5..0dd672c312 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -46,6 +46,8 @@ operation, such as creating a volume. In the following example, you install the `sshfs` plugin, verify that it is enabled, and use it to create a volume. +> **Note**: This example is intended for instructional purposes only. Once the volume is created, your SSH password to the remote host will be exposed as plaintext when inspecting the volume. You should delete the volume as soon as you are done with the example. + 1. Install the `sshfs` plugin. ```bash @@ -75,13 +77,16 @@ enabled, and use it to create a volume. 3. Create a volume using the plugin. This example mounts the `/remote` directory on host `1.2.3.4` into a - volume named `sshvolume`. This volume can now be mounted into containers. + volume named `sshvolume`. + + This volume can now be mounted into containers. ```bash $ docker volume create \ -d vieux/sshfs \ --name sshvolume \ - -o sshcmd=user@1.2.3.4:/remote + -o sshcmd=user@1.2.3.4:/remote \ + -o password=$(cat file_containing_password_for_remote_host) sshvolume ``` @@ -97,11 +102,17 @@ enabled, and use it to create a volume. 5. Start a container that uses the volume `sshvolume`. ```bash - $ docker run -v sshvolume:/data busybox ls /data + $ docker run --rm -v sshvolume:/data busybox ls /data ``` +6. Remove the volume `sshvolume` + ```bash + docker volume rm sshvolume + + sshvolume + ``` To disable a plugin, use the `docker plugin disable` command. To completely remove it, use the `docker plugin remove` command. For other available commands and options, see the From 706bbd52f0d10dbbf25b26544cc02dde5c8efa1b Mon Sep 17 00:00:00 2001 From: John Mulhausen Date: Tue, 31 Jan 2017 18:53:42 -0800 Subject: [PATCH 2283/2538] Fix for https://github.com/docker/docker.github.io/issues/1413 Signed-off-by: John Mulhausen --- docs/reference/builder.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index e22e543908..df7d63c98c 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -2,6 +2,8 @@ title: "Dockerfile reference" description: "Dockerfiles use a simple DSL which allows you to automate the steps you would normally manually take to create an image." keywords: "builder, docker, Dockerfile, automation, image creation" +redirect_from: +- /reference/builder/ --- 89b8556cb9ca Step 2/5 : WORKDIR c:\installer ---> 7e0f41d08204 Removing intermediate container 236c7802042a Step 3/5 : ENV GOROOT c:\installer ---> Running in 8ea5237183c1 ---> 394b70435261 Removing intermediate container 8ea5237183c1 Step 4/5 : ADD go.exe . ---> e47401a1745c Removing intermediate container 88dcc28e74b1 Step 5/5 : RUN go --help ---> Running in efe90e1b6b8b container efe90e1b6b8b76586abc5c1dc0e2797b75adc26517c48733d90651e767c8463b encountered an error during CreateProcess: failure in a Windows system call: The directory name is invalid. (0x10b) extra info: {"ApplicationName":"","CommandLine":"cmd /S /C go --help","User":"","WorkingDirectory":"C:\\installer","Environment":{"GOROOT":"c:\\installer"},"EmulateConsole":false,"CreateStdInPipe":true,"CreateStdOutPipe":true,"CreateStdErrPipe":true,"ConsoleSize":[0,0]} PS E:\docker\build\unifyworkdir> Then forcing process isolation: PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache . Sending build context to Docker daemon 10.1 MB Step 1/5 : FROM microsoft/nanoserver ---> 89b8556cb9ca Step 2/5 : WORKDIR c:\installer ---> 350c955980c8 Removing intermediate container 8339c1e9250c Step 3/5 : ENV GOROOT c:\installer ---> Running in bde511c5e3e0 ---> b8820063b5b6 Removing intermediate container bde511c5e3e0 Step 4/5 : ADD go.exe . ---> e4ac32f8902b Removing intermediate container d586e8492eda Step 5/5 : RUN go --help ---> Running in 9e1aa235af5f Cannot mkdir: C:\installer is not a directory PS E:\docker\build\unifyworkdir> Now compare the same results after this PR. Again, first with no explicit isolation (defaulting to Hyper-V containers as that's what the daemon it set to) - note it now succeeds 😄 PS E:\docker\build\unifyworkdir> docker build --no-cache . Sending build context to Docker daemon 10.1 MB Step 1/5 : FROM microsoft/nanoserver ---> 89b8556cb9ca Step 2/5 : WORKDIR c:\installer ---> 4f319f301c69 Removing intermediate container 61b9c0b1ff6f Step 3/5 : ENV GOROOT c:\installer ---> Running in c464a1d612d8 ---> 96a26ab9a7b5 Removing intermediate container c464a1d612d8 Step 4/5 : ADD go.exe . ---> 0290d61faf57 Removing intermediate container dc5a085fffe3 Step 5/5 : RUN go --help ---> Running in 60bd56042ff8 Go is a tool for managing Go source code. Usage: go command [arguments] The commands are: build compile packages and dependencies clean remove object files doc show documentation for package or symbol env print Go environment information fix run go tool fix on packages fmt run gofmt on package sources generate generate Go files by processing source get download and install packages and dependencies install compile and install packages and dependencies list list packages run compile and run Go program test test packages tool run specified go tool version print Go version vet run go tool vet on packages Use "go help [command]" for more information about a command. Additional help topics: c calling between Go and C buildmode description of build modes filetype file types gopath GOPATH environment variable environment environment variables importpath import path syntax packages description of package lists testflag description of testing flags testfunc description of testing functions Use "go help [topic]" for more information about that topic. The command 'cmd /S /C go --help' returned a non-zero code: 2 And the same with forcing process isolation. Also works 😄 PS E:\docker\build\unifyworkdir> docker build --isolation=process --no-cache . Sending build context to Docker daemon 10.1 MB Step 1/5 : FROM microsoft/nanoserver ---> 89b8556cb9ca Step 2/5 : WORKDIR c:\installer ---> f423b9cc3e78 Removing intermediate container 41330c88893d Step 3/5 : ENV GOROOT c:\installer ---> Running in 0b99a2d7bf19 ---> e051144bf8ec Removing intermediate container 0b99a2d7bf19 Step 4/5 : ADD go.exe . ---> 7072e32b7c37 Removing intermediate container a7a97aa37fd1 Step 5/5 : RUN go --help ---> Running in 7097438a54e5 Go is a tool for managing Go source code. Usage: go command [arguments] The commands are: build compile packages and dependencies clean remove object files doc show documentation for package or symbol env print Go environment information fix run go tool fix on packages fmt run gofmt on package sources generate generate Go files by processing source get download and install packages and dependencies install compile and install packages and dependencies list list packages run compile and run Go program test test packages tool run specified go tool version print Go version vet run go tool vet on packages Use "go help [command]" for more information about a command. Additional help topics: c calling between Go and C buildmode description of build modes filetype file types gopath GOPATH environment variable environment environment variables importpath import path syntax packages description of package lists testflag description of testing flags testfunc description of testing functions Use "go help [topic]" for more information about that topic. The command 'cmd /S /C go --help' returned a non-zero code: 2 PS E:\docker\build\unifyworkdir> --- docs/reference/builder.md | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index df7d63c98c..8dfc4d1fb9 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1270,19 +1270,6 @@ For example: The output of the final `pwd` command in this `Dockerfile` would be `/path/$DIRNAME` -On Windows, `WORKDIR` behaves differently depending on whether using Windows -Server containers or Hyper-V containers. For Hyper-V containers, the engine -is, for architectural reasons, unable to create the directory if it does not -previously exist. For Windows Server containers, the directory is created -if it does not exist. Hence, for consistency between Windows Server and -Hyper-V containers, it is strongly recommended to include an explicit instruction -to create the directory in the Dockerfile. For example: - - # escape=` - FROM microsoft/nanoserver - RUN mkdir c:\myapp - WORKDIR c:\myapp - ## ARG ARG [=] From 5288b7e7fd9d818b1b2cd68199a190834bf014bb Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 3 Feb 2017 17:53:02 +0100 Subject: [PATCH 2299/2538] Refactor use of shared completion functions Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 5c9cc6c937..0fd35e51bc 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1164,7 +1164,7 @@ _docker_container_cp() { } _docker_container_create() { - _docker_container_run + _docker_container_run_and_create } _docker_container_diff() { @@ -1434,6 +1434,12 @@ _docker_container_rm() { } _docker_container_run() { + _docker_container_run_and_create +} + +# _docker_container_run_and_create is the combined completion for `_docker_container_run` +# and `_docker_container_create` +_docker_container_run_and_create() { local options_with_args=" --add-host --attach -a @@ -1888,7 +1894,7 @@ _docker_cp() { } _docker_create() { - _docker_container_run + _docker_container_create } _docker_daemon() { @@ -2788,7 +2794,7 @@ _docker_service() { } _docker_service_create() { - _docker_service_update + _docker_service_update_and_create } _docker_service_inspect() { @@ -2922,6 +2928,12 @@ _docker_service_ps() { } _docker_service_update() { + _docker_service_update_and_create +} + +# _docker_service_update_and_create is the combined completion for `docker service create` +# and `docker service update` +_docker_service_update_and_create() { local $subcommand="${words[$subcommand_pos]}" local options_with_args=" From 1d032d8b1e48ec6057b6503ee389c565ae72394f Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 3 Feb 2017 17:39:32 +0100 Subject: [PATCH 2300/2538] Add bash completion for `dockerd --default-shm-size` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 0fd35e51bc..d1984a5552 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1929,6 +1929,7 @@ _docker_daemon() { --containerd --default-gateway --default-gateway-v6 + --default-shm-size --default-ulimit --dns --dns-search From 02677bc06e34d475fa8966f851fee291f639c96c Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Sat, 28 Jan 2017 16:54:32 -0800 Subject: [PATCH 2301/2538] Add docker plugin upgrade This allows a plugin to be upgraded without requiring to uninstall/reinstall a plugin. Since plugin resources (e.g. volumes) are tied to a plugin ID, this is important to ensure resources aren't lost. The plugin must be disabled while upgrading (errors out if enabled). This does not add any convenience flags for automatically disabling/re-enabling the plugin during before/after upgrade. Since an upgrade may change requested permissions, the user is required to accept permissions just like `docker plugin install`. Signed-off-by: Brian Goff --- docs/reference/commandline/plugin_create.md | 1 + docs/reference/commandline/plugin_disable.md | 1 + docs/reference/commandline/plugin_enable.md | 1 + docs/reference/commandline/plugin_inspect.md | 2 + docs/reference/commandline/plugin_install.md | 1 + docs/reference/commandline/plugin_ls.md | 10 ++- docs/reference/commandline/plugin_push.md | 1 + docs/reference/commandline/plugin_rm.md | 1 + docs/reference/commandline/plugin_upgrade.md | 84 ++++++++++++++++++++ 9 files changed, 98 insertions(+), 4 deletions(-) create mode 100644 docs/reference/commandline/plugin_upgrade.md diff --git a/docs/reference/commandline/plugin_create.md b/docs/reference/commandline/plugin_create.md index df3b2cccc8..fa74d31c39 100644 --- a/docs/reference/commandline/plugin_create.md +++ b/docs/reference/commandline/plugin_create.md @@ -58,3 +58,4 @@ The plugin can subsequently be enabled for local use or pushed to the public reg * [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) +* [plugin upgrade](plugin_upgrade.md) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index e8d16c4253..451f1ace9c 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -63,3 +63,4 @@ ID NAME TAG DESCRIP * [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) +* [plugin upgrade](plugin_upgrade.md) diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index 060592ef07..df8bee3af5 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -62,3 +62,4 @@ ID NAME TAG DESCRIP * [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) +* [plugin upgrade](plugin_upgrade.md) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index d40cd40e75..fdcc030c43 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -37,6 +37,7 @@ $ docker plugin inspect tiborvass/sample-volume-plugin:latest { "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21", "Name": "tiborvass/sample-volume-plugin:latest", + "PluginReference": "tiborvas/sample-volume-plugin:latest", "Enabled": true, "Config": { "Mounts": [ @@ -160,3 +161,4 @@ $ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest * [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) +* [plugin upgrade](plugin_upgrade.md) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index b94f78a912..4cba32cf8b 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -69,3 +69,4 @@ ID NAME TAG DESCRIPTION * [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) +* [plugin upgrade](plugin_upgrade.md) diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index c018dec813..b0224a00f8 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -83,10 +83,11 @@ Valid placeholders for the Go template are listed below: Placeholder | Description ---------------|------------------------------------------------------------------------------------------ -`.ID` | Plugin ID -`.Name` | Plugin name -`.Description` | Plugin description -`.Enabled` | Whether plugin is enabled or not +`.ID` | Plugin ID +`.Name` | Plugin name +`.Description` | Plugin description +`.Enabled` | Whether plugin is enabled or not +`.PluginReference` | The reference used to push/pull from a registry When using the `--format` option, the `plugin ls` command will either output the data exactly as the template declares or, when using the @@ -111,3 +112,4 @@ $ docker plugin ls --format "{{.ID}}: {{.Name}}" * [plugin push](plugin_push.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) +* [plugin upgrade](plugin_upgrade.md) diff --git a/docs/reference/commandline/plugin_push.md b/docs/reference/commandline/plugin_push.md index d6f326d6de..89a0a0bb0e 100644 --- a/docs/reference/commandline/plugin_push.md +++ b/docs/reference/commandline/plugin_push.md @@ -48,3 +48,4 @@ $ docker plugin push user/plugin * [plugin ls](plugin_ls.md) * [plugin rm](plugin_rm.md) * [plugin set](plugin_set.md) +* [plugin upgrade](plugin_upgrade.md) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 31029324b6..323ce83f3c 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -53,3 +53,4 @@ tiborvass/sample-volume-plugin * [plugin ls](plugin_ls.md) * [plugin push](plugin_push.md) * [plugin set](plugin_set.md) +* [plugin upgrade](plugin_upgrade.md) diff --git a/docs/reference/commandline/plugin_upgrade.md b/docs/reference/commandline/plugin_upgrade.md new file mode 100644 index 0000000000..20efc577aa --- /dev/null +++ b/docs/reference/commandline/plugin_upgrade.md @@ -0,0 +1,84 @@ +--- +title: "plugin upgrade" +description: "the plugin upgrade command description and usage" +keywords: "plugin, upgrade" +--- + + + +# plugin upgrade + +```markdown +Usage: docker plugin upgrade [OPTIONS] PLUGIN [REMOTE] + +Upgrade a plugin + +Options: + --disable-content-trust Skip image verification (default true) + --grant-all-permissions Grant all permissions necessary to run the plugin + --help Print usage + --skip-remote-check Do not check if specified remote plugin matches existing plugin image +``` + +Upgrades an existing plugin to the specified remote plugin image. If no remote +is specified, Docker will re-pull the current image and use the updated version. +All existing references to the plugin will continue to work. +The plugin must be disabled before running the upgrade. + +The following example installs `vieus/sshfs` plugin, uses it to create and use +a volume, then upgrades the plugin. + +```bash +$ docker plugin install vieux/sshfs DEBUG=1 + +Plugin "vieux/sshfs:next" is requesting the following privileges: + - network: [host] + - device: [/dev/fuse] + - capabilities: [CAP_SYS_ADMIN] +Do you grant the above permissions? [y/N] y +vieux/sshfs:next + +$ docker volume create -d vieux/sshfs:next -o sshcmd=root@1.2.3.4:/tmp/shared -o password=XXX sshvolume +sshvolume +$ docker run -it -v sshvolume:/data alpine sh -c "touch /data/hello" +$ docker plugin disable -f vieux/sshfs:next +viex/sshfs:next + +# Here docker volume ls doesn't show 'sshfsvolume', since the plugin is disabled +$ docker volume ls +DRIVER VOLUME NAME + +$ docker plugin upgrade vieux/sshfs:next vieux/sshfs:next +Plugin "vieux/sshfs:next" is requesting the following privileges: + - network: [host] + - device: [/dev/fuse] + - capabilities: [CAP_SYS_ADMIN] +Do you grant the above permissions? [y/N] y +Upgrade plugin vieux/sshfs:next to vieux/sshfs:next +$ docker plugin enable vieux/sshfs:next +viex/sshfs:next +$ docker volume ls +DRIVER VOLUME NAME +viuex/sshfs:next sshvolume +$ docker run -it -v sshvolume:/data alpine sh -c "ls /data" +hello +``` + +## Related information + +* [plugin create](plugin_create.md) +* [plugin disable](plugin_disable.md) +* [plugin enable](plugin_enable.md) +* [plugin inspect](plugin_inspect.md) +* [plugin install](plugin_install.md) +* [plugin ls](plugin_ls.md) +* [plugin push](plugin_push.md) +* [plugin rm](plugin_rm.md) +* [plugin set](plugin_set.md) From df4e570ff4af9fb69fce7512b0f0acac8bf6db70 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 2 Feb 2017 23:08:35 -0500 Subject: [PATCH 2302/2538] Make propagated mount persist outside rootfs This persists the "propagated mount" for plugins outside the main rootfs. This enables `docker plugin upgrade` to not remove potentially important data during upgrade rather than forcing plugin authors to hard code a host path to persist data to. Also migrates old plugins that have a propagated mount which is in the rootfs on daemon startup. Signed-off-by: Brian Goff --- docs/extend/config.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/extend/config.md b/docs/extend/config.md index eaa52fd9bc..dab755d97b 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -118,6 +118,8 @@ Config provides the base accessible fields for working with V0 plugin format - **`propagatedMount`** *string* path to be mounted as rshared, so that mounts under that path are visible to docker. This is useful for volume plugins. + This path will be bind-mounted outisde of the plugin rootfs so it's contents + are preserved on upgrade. - **`env`** *PluginEnv array* From 50d1d4ecba154fc4866668bfd46cf11fdc35bfe8 Mon Sep 17 00:00:00 2001 From: Lewis Daly Date: Mon, 30 Jan 2017 20:59:13 +1030 Subject: [PATCH 2303/2538] Updated dockerd docs with note about user namespaces Signed-off-by: Lewis Daly Updated uid/gid reference to be more canonical - and signed commit Signed-off-by: Lewis Daly Editorial suggestion I tried my hand at rewriting this a bit for readability. Can you please verify that the facts are correct, especially about the permission changes? You can feel free to squash my commit with yours so that it's signed. You'll need to pull the change from your fork to work on it locally. Editorial suggestion I tried my hand at rewriting this a bit for readability. Can you please verify that the facts are correct, especially about the permission changes? You can feel free to squash my commit with yours so that it's signed. You'll need to pull the change from your fork to work on it locally. --- docs/reference/commandline/dockerd.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index e4b5a33a87..e61b5ae53b 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -993,6 +993,19 @@ with user namespaces enabled or not. If the daemon is configured with user namespaces, the Security Options entry in the response will list "userns" as one of the enabled security features. +#### Behavior differences when user namespaces are enabled + +When you start the Docker daemon with `--userns-remap`, Docker segregates the graph directory +where the images are stored by adding an extra directory with a name corresponding to the +remapped UID and GID. For example, if the remapped UID and GID begin with `165536`, all +images and containers running with that remap setting are located in `/var/lib/docker/165536.165536` +instead of `/var/lib/docker/`. + +In addition, the files and directories within the new directory, which correspond to +images and container layers, are also owned by the new UID and GID. To set the ownership +correctly, you need to re-pull the images and restart the containers after starting the +daemon with `--userns-remap`. + ### Detailed information on `subuid`/`subgid` ranges Given potential advanced use of the subordinate ID ranges by power users, the From f7e0aa39fab691ce9fda0fdd59dd44839298304b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 3 Feb 2017 13:09:46 +0100 Subject: [PATCH 2304/2538] Add bash completion for `{stack services,service ls} --format` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d1984a5552..c82e3cf0b2 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2857,11 +2857,14 @@ _docker_service_ls() { __docker_nospace return ;; + --format) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) ) ;; esac } @@ -3908,14 +3911,17 @@ _docker_stack_services() { __docker_nospace return ;; + --format) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) ) ;; *) - local counter=$(__docker_pos_first_nonflag '--filter|-f') + local counter=$(__docker_pos_first_nonflag '--filter|-f|--format') if [ $cword -eq $counter ]; then __docker_complete_stacks fi From 6d4b51d1a944edbb9fe3e592ecabd65d87a30362 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Sun, 5 Feb 2017 22:40:57 -0800 Subject: [PATCH 2305/2538] from golang:1.7.5-alpine for docker-manpage-dev Signed-off-by: Andrew Hsu --- man/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/man/Dockerfile b/man/Dockerfile index 3ed219304c..80e97ff01e 100644 --- a/man/Dockerfile +++ b/man/Dockerfile @@ -1,9 +1,8 @@ -FROM alpine:3.4 +FROM golang:1.7.5-alpine -RUN apk add -U git go bash curl gcc musl-dev make +RUN apk add -U git bash curl gcc musl-dev make RUN mkdir -p /go/src /go/bin /go/pkg -ENV GOPATH=/go RUN export GLIDE=v0.11.1; \ export TARGET=/go/src/github.com/Masterminds; \ mkdir -p ${TARGET} && \ From a39f753e5635d6dd1ac27cb415f66cf794bc615d Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 6 Feb 2017 11:29:25 -0800 Subject: [PATCH 2306/2538] use precompiled go from google, needs debian to work Signed-off-by: Andrew Hsu --- man/Dockerfile.armhf | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/man/Dockerfile.armhf b/man/Dockerfile.armhf index 6fbd178c51..85ea591fe0 100644 --- a/man/Dockerfile.armhf +++ b/man/Dockerfile.armhf @@ -1,9 +1,28 @@ -FROM armhf/alpine:3.4 +FROM armhf/debian:jessie -RUN apk add -U git go bash curl gcc musl-dev make +# allow replacing httpredir or deb mirror +ARG APT_MIRROR=deb.debian.org +RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list + +RUN apt-get update && apt-get install -y \ + git \ + bash \ + curl \ + gcc \ + musl-dev \ + make + +ENV GO_VERSION 1.7.5 +RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \ + | tar -xzC /usr/local +ENV PATH /go/bin:/usr/local/go/bin:$PATH +ENV GOPATH /go + +# We're building for armhf, which is ARMv7, so let's be explicit about that +ENV GOARCH arm +ENV GOARM 7 RUN mkdir -p /go/src /go/bin /go/pkg -ENV GOPATH=/go RUN export GLIDE=v0.11.1; \ export TARGET=/go/src/github.com/Masterminds; \ mkdir -p ${TARGET} && \ From ff9b736d5288e50c2dad5cf19ea516f28ad86a6e Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Mon, 6 Feb 2017 13:32:21 -0800 Subject: [PATCH 2307/2538] remove musl-dev in man/Dockerfile.armhf Signed-off-by: Andrew Hsu --- man/Dockerfile.armhf | 1 - 1 file changed, 1 deletion(-) diff --git a/man/Dockerfile.armhf b/man/Dockerfile.armhf index 85ea591fe0..e7ea495646 100644 --- a/man/Dockerfile.armhf +++ b/man/Dockerfile.armhf @@ -9,7 +9,6 @@ RUN apt-get update && apt-get install -y \ bash \ curl \ gcc \ - musl-dev \ make ENV GO_VERSION 1.7.5 From e6889bf41b23ebf442bf43d9317cbde69cc797e4 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Mon, 6 Feb 2017 17:31:55 -0800 Subject: [PATCH 2308/2538] Fix grammatical error in swarm_leave.md Correct this sentence so it reads correctly. "to on a manager" should be "on a manager". Signed-off-by: Aaron Lehmann --- docs/reference/commandline/swarm_leave.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index b2211c1682..7a6050f201 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -27,7 +27,7 @@ Options: When you run this command on a worker, that worker leaves the swarm. -You can use the `--force` option to on a manager to remove it from the swarm. +You can use the `--force` option on a manager to remove it from the swarm. However, this does not reconfigure the swarm to ensure that there are enough managers to maintain a quorum in the swarm. The safe way to remove a manager from a swarm is to demote it to a worker and then direct it to leave the quorum From d39215cbaa54290537d9a2bdcfa48cb479c53b30 Mon Sep 17 00:00:00 2001 From: Christopher Jones Date: Mon, 6 Feb 2017 14:43:13 -0500 Subject: [PATCH 2309/2538] added ppc64le and s390x fixes for manpages Fixes manpages for p and z by downloading a specific version of go instead of relying on the distro version. Signed-off-by: Christopher Jones --- man/Dockerfile.ppc64le | 14 ++++++++++++-- man/Dockerfile.s390x | 14 ++++++++++++-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/man/Dockerfile.ppc64le b/man/Dockerfile.ppc64le index f554650274..fc96ca7691 100644 --- a/man/Dockerfile.ppc64le +++ b/man/Dockerfile.ppc64le @@ -1,9 +1,19 @@ FROM ppc64le/ubuntu:xenial -RUN apt-get update && apt-get install -y git golang-go +RUN apt-get update && apt-get install -y \ + curl \ + gcc \ + git \ + make \ + tar + +ENV GO_VERSION 1.7.5 +RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \ + | tar -xzC /usr/local +ENV PATH /usr/local/go/bin:$PATH +ENV GOPATH=/go RUN mkdir -p /go/src /go/bin /go/pkg -ENV GOPATH=/go:/usr/lib/go-1.6 RUN export GLIDE=v0.11.1; \ export TARGET=/go/src/github.com/Masterminds; \ mkdir -p ${TARGET} && \ diff --git a/man/Dockerfile.s390x b/man/Dockerfile.s390x index 6292e00cb7..d4bcf1da11 100644 --- a/man/Dockerfile.s390x +++ b/man/Dockerfile.s390x @@ -1,9 +1,19 @@ FROM s390x/ubuntu:xenial -RUN apt-get update && apt-get install -y git golang-go +RUN apt-get update && apt-get install -y \ + curl \ + gcc \ + git \ + make \ + tar + +ENV GO_VERSION 1.7.5 +RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \ + | tar -xzC /usr/local +ENV PATH /usr/local/go/bin:$PATH +ENV GOPATH=/go RUN mkdir -p /go/src /go/bin /go/pkg -ENV GOPATH=/go:/usr/lib/go-1.6 RUN export GLIDE=v0.11.1; \ export TARGET=/go/src/github.com/Masterminds; \ mkdir -p ${TARGET} && \ From 705f7ad7d2b77b1f3051d44d38b8041cb360cbc5 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Tue, 7 Feb 2017 15:14:38 +0100 Subject: [PATCH 2310/2538] Update docker stack experimental notes Update command usage and help. Signed-off-by: Vincent Demeester --- experimental/docker-stacks-and-bundles.md | 25 +++++++++++++---------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/experimental/docker-stacks-and-bundles.md b/experimental/docker-stacks-and-bundles.md index 573c1bc5ae..8abfd76359 100644 --- a/experimental/docker-stacks-and-bundles.md +++ b/experimental/docker-stacks-and-bundles.md @@ -37,22 +37,26 @@ Wrote bundle to vossibility-stack.dab A stack is created using the `docker deploy` command: ```bash -# docker deploy --help - +$ docker deploy --help Usage: docker deploy [OPTIONS] STACK -Create and update a stack from a Distributed Application Bundle (DAB) +Deploy a new stack or update an existing stack + +Aliases: + deploy, up Options: - --file string Path to a Distributed Application Bundle file (Default: STACK.dab) - --help Print usage - --with-registry-auth Send registry authentication details to Swarm agents + --bundle-file string Path to a Distributed Application Bundle file + -c, --compose-file string Path to a Compose file + --help Print usage + --with-registry-auth Send registry authentication details to Swarm agents + ``` Let's deploy the stack created before: ```bash -# docker deploy vossibility-stack +$ docker deploy --bundle-file vossibility-stack.dab vossibility-stack Loading bundle from vossibility-stack.dab Creating service vossibility-stack_elasticsearch Creating service vossibility-stack_kibana @@ -90,12 +94,11 @@ Options: --help Print usage Commands: - config Print the stack configuration - deploy Create and update a stack + deploy Deploy a new stack or update an existing stack ls List stacks + ps List the tasks in the stack rm Remove the stack services List the services in the stack - tasks List the tasks in the stack Run 'docker stack COMMAND --help' for more information on a command. ``` @@ -107,7 +110,7 @@ are persisted as files, the file extension is `.dab` (Docker 1.12RC2 tools use `.dsb` for the file extension—this will be updated in the next release client). A bundle has two top-level fields: `version` and `services`. The version used -by Docker 1.12 tools is `0.1`. +by Docker 1.12 and later tools is `0.1`. `services` in the bundle are the services that comprise the app. They correspond to the new `Service` object introduced in the 1.12 Docker Engine API. From f571b363e6ea9cbc159514ba2314dfca8e73484b Mon Sep 17 00:00:00 2001 From: Nathan LeClaire Date: Fri, 27 Jan 2017 15:27:33 -0800 Subject: [PATCH 2311/2538] Document --init flag for docker run Signed-off-by: Nathan LeClaire --- docs/reference/run.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/reference/run.md b/docs/reference/run.md index 8e7153a5f1..3ad5463a7b 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -667,6 +667,17 @@ It also causes any seccomp filters to be applied later, after privileges have be which may mean you can have a more restrictive set of filters. For more details, see the [kernel documentation](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt). +## Specifying an init process + +You can use the `--init` or `--init-path` flags to specify a process which +should be used as the PID 1 in the container, and which binary to use for this +init process, respectively. Specifying an init process ensures the usual +responsibilties of an init system, such as reaping zombie processes, are +performed inside the created container. + +The default init process used when specifying `--init` without `--init-path` is +[tini](https://github.com/krallin/tini). + ## Specifying custom cgroups Using the `--cgroup-parent` flag, you can pass a specific cgroup to run a From b380c2eb63ea7d5b3eebeaee13399ba5c7be3d37 Mon Sep 17 00:00:00 2001 From: Nathan LeClaire Date: Tue, 31 Jan 2017 09:50:55 -0800 Subject: [PATCH 2312/2538] Remove --init-path mention Signed-off-by: Nathan LeClaire --- docs/reference/run.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 3ad5463a7b..d26c625004 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -667,18 +667,18 @@ It also causes any seccomp filters to be applied later, after privileges have be which may mean you can have a more restrictive set of filters. For more details, see the [kernel documentation](https://www.kernel.org/doc/Documentation/prctl/no_new_privs.txt). -## Specifying an init process +## Specify an init process -You can use the `--init` or `--init-path` flags to specify a process which -should be used as the PID 1 in the container, and which binary to use for this -init process, respectively. Specifying an init process ensures the usual -responsibilties of an init system, such as reaping zombie processes, are +You can use the `--init` flag to indicate that an init process should be used as +the PID 1 in the container. Specifying an init process ensures the usual +responsibilities of an init system, such as reaping zombie processes, are performed inside the created container. -The default init process used when specifying `--init` without `--init-path` is -[tini](https://github.com/krallin/tini). +The default init process used is the first `docker-init` executable found in the +system path of the Docker daemon process. This `docker-init` binary, included in +the default installation, is backed by [tini](https://github.com/krallin/tini). -## Specifying custom cgroups +## Specify custom cgroups Using the `--cgroup-parent` flag, you can pass a specific cgroup to run a container in. This allows you to create and manage cgroups on their own. You can From f26c735282ed2adae2e1b9d440d6c06e25bd28b2 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 1 Feb 2017 19:01:59 +0100 Subject: [PATCH 2313/2538] Add bash completion for `docker plugin ls --filter` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c82e3cf0b2..a649b88147 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3555,7 +3555,24 @@ _docker_plugin_list() { } _docker_plugin_ls() { + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + capability) + COMPREPLY=( $( compgen -W "authz ipamdriver networkdriver volumedriver" -- "${cur##*=}" ) ) + return + ;; + enabled) + COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) + return + ;; + esac + case "$prev" in + --filter|-f) + COMPREPLY=( $( compgen -S = -W "capability enabled" -- "$cur" ) ) + __docker_nospace + return + ;; --format) return ;; @@ -3563,7 +3580,7 @@ _docker_plugin_ls() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--format --help --no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --format --help --no-trunc --quiet -q" -- "$cur" ) ) ;; esac } From f1cef9c7ab4847bd46da6a65694537c4ff9e7000 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 1 Feb 2017 18:44:12 +0100 Subject: [PATCH 2314/2538] Add bash completion for `docker ps --filter expose|publish` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a649b88147..9054a7c9d9 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1286,6 +1286,9 @@ _docker_container_ls() { __docker_complete_containers_all --cur "${cur##*=}" return ;; + expose|publish) + return + ;; id) __docker_complete_containers_all --cur "${cur##*=}" --id return @@ -1322,7 +1325,7 @@ _docker_container_ls() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "ancestor before exited health id is-task label name network since status volume" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "ancestor before exited expose health id is-task label name network publish since status volume" -- "$cur" ) ) __docker_nospace return ;; From d77db0bd9ac80a3a2e7ad4d90b6aa33fe4fc0462 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 1 Feb 2017 19:05:54 -0800 Subject: [PATCH 2315/2538] Update API history and man page for `--filter expose/publish` This fix updates API history and man page for `docker ps --filter expose/publish`, from the feedback: https://github.com/docker/docker/pull/27557#issuecomment-276832876 Signed-off-by: Yong Tang --- man/src/container/ls.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/man/src/container/ls.md b/man/src/container/ls.md index f233cecd63..5cb63079ec 100644 --- a/man/src/container/ls.md +++ b/man/src/container/ls.md @@ -16,6 +16,8 @@ Filter output based on these conditions: - volume=(|) - network=(|) - containers connected to the provided network - health=(starting|healthy|unhealthy|none) - filters containers based on healthcheck status + - publish=([/]|/[]) - filters containers based on published ports + - expose=([/]|/[]) - filters containers based on exposed ports ## Format @@ -94,3 +96,15 @@ Filter output based on these conditions: $ docker container ls --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume + +## Display containers that have published port of 80: + + $ docker ps --filter publish=80 + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + fc7e477723b7 busybox "top" About a minute ago Up About a minute 0.0.0.0:32768->80/tcp admiring_roentgen + +## Display containers that have exposed TCP port in the range of `8000-8080`: + + $ docker ps --filter expose=8000-8080/tcp + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 9833437217a5 busybox "top" 21 seconds ago Up 19 seconds 8080/tcp dreamy_mccarthy From 221d15877dd068360e34dc92c9609f9cd65a7943 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 1 Feb 2017 19:18:32 +0100 Subject: [PATCH 2316/2538] Improve bash completion for `docker plugin enable|disable` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9054a7c9d9..d572f99801 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -289,6 +289,8 @@ __docker_complete_plugins_bundled() { # the Docker plugin API. # By default, only names are returned. # Set DOCKER_COMPLETION_SHOW_PLUGIN_IDS=yes to also complete IDs. +# Additional options to `docker plugin ls` may be specified in order to filter the list, +# e.g. `__docker_plugins_installed --filter enabled=true` # For built-in pugins, see `__docker_plugins_bundled`. __docker_plugins_installed() { local format @@ -297,12 +299,13 @@ __docker_plugins_installed() { else format='{{.Name}}' fi - __docker_q plugin ls --format "$format" + __docker_q plugin ls --format "$format" "$@" } # __docker_complete_plugins_installed applies completion of plugins that were installed # with the Docker plugin API, based on the current value of `$cur` or the value of # the optional first option `--cur`, if given. +# Additional filters may be appended, see `__docker_plugins_installed`. # For completion of built-in pugins, see `__docker_complete_plugins_bundled`. __docker_complete_plugins_installed() { local current="$cur" @@ -3496,7 +3499,7 @@ _docker_plugin_disable() { *) local counter=$(__docker_pos_first_nonflag) if [ $cword -eq $counter ]; then - __docker_complete_plugins_installed + __docker_complete_plugins_installed --filter enabled=true fi ;; esac @@ -3516,7 +3519,7 @@ _docker_plugin_enable() { *) local counter=$(__docker_pos_first_nonflag '--timeout') if [ $cword -eq $counter ]; then - __docker_complete_plugins_installed + __docker_complete_plugins_installed --filter enabled=false fi ;; esac From c76dcd33f772866d7b4cb5bad21b3b1505cf7b03 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Mon, 6 Feb 2017 14:44:56 -0800 Subject: [PATCH 2317/2538] Add plugin debug docs. Doc fix for #30761 Signed-off-by: Anusha Ragunathan --- docs/extend/index.md | 64 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 61 insertions(+), 3 deletions(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index 0dd672c312..a2aa208d6b 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -17,10 +17,10 @@ title: Managed plugin system * [Installing and using a plugin](index.md#installing-and-using-a-plugin) * [Developing a plugin](index.md#developing-a-plugin) +* [Debugging plugins](index.md#debugging-plugins) Docker Engine's plugins system allows you to install, start, stop, and remove -plugins using Docker Engine. This mechanism is currently only available for -volume drivers, but more plugin driver types will be available in future releases. +plugins using Docker Engine. For information about the legacy plugin system available in Docker Engine 1.12 and earlier, see [Understand legacy Docker Engine plugins](legacy_plugins.md). @@ -212,7 +212,9 @@ Consider the following `config.json` file. "types": ["docker.volumedriver/1.0"], "socket": "sshfs.sock" }, - "capabilities": ["CAP_SYS_ADMIN"] + "linux": { + "capabilities": ["CAP_SYS_ADMIN"] + } } ``` @@ -231,3 +233,59 @@ in subdirectory `rootfs`. After that the plugin `` will show up in `docker plugin ls`. Plugins can be pushed to remote registries with `docker plugin push `. + + +## Debugging plugins + +Stdout of a plugin is redirected to dockerd logs. Such entries have a +`plugin=` suffix. Here are a few examples of commands for pluginID +`f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62` and their +corresponding log entries in the docker daemon logs. + +```bash +$ docker plugin install tiborvass/sample-volume-plugins + +INFO[0036] Starting... Found 0 volumes on startup plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 +``` + +```bash +$ docker volume create -d tiborvass/sample-volume-plugins samplevol + +INFO[0193] Create Called... Ensuring directory /data/samplevol exists on host... plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 +INFO[0193] open /var/lib/docker/plugin-data/local-persist.json: no such file or directory plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 +INFO[0193] Created volume samplevol with mountpoint /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 +INFO[0193] Path Called... Returned path /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 +``` + +```bash +$ docker run -v samplevol:/tmp busybox sh + +INFO[0421] Get Called... Found samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 +INFO[0421] Mount Called... Mounted samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 +INFO[0421] Path Called... Returned path /data/samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 +INFO[0421] Unmount Called... Unmounted samplevol plugin=f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 +``` + +#### Using docker-runc to obtain logfiles and shell into the plugin. + +`docker-runc`, the default docker container runtime can be used for debugging +plugins. This is specifically useful to collect plugin logs if they are +redirected to a file. + +```bash +$ docker-runc list +ID PID STATUS BUNDLE CREATED +f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 2679 running /run/docker/libcontainerd/f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 2017-02-06T21:53:03.031537592Z +r +``` + +```bash +$ docker-runc exec f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 cat /var/log/plugin.log +``` + +If the plugin has a built-in shell, then exec into the plugin can be done as +follows: +```bash +$ docker-runc exec -t f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 sh +``` + From d84da237bf889a8c4fdce2b7ca5f4c5351d9a221 Mon Sep 17 00:00:00 2001 From: allencloud Date: Thu, 5 Jan 2017 11:13:05 +0800 Subject: [PATCH 2318/2538] update events related doc and swagger.yml Signed-off-by: allencloud --- docs/reference/commandline/events.md | 131 +++++++++++++++------------ 1 file changed, 74 insertions(+), 57 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index baa966d620..b670d81fe2 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -48,7 +48,7 @@ Docker networks report the following events: create, connect, disconnect, destroy -Docker daemon report the following events: +Docker daemon reports the following events: reload @@ -111,91 +111,108 @@ You'll need two shells for this example. **Shell 2: Start and Stop containers:** - $ docker start 4386fb97867d - $ docker stop 4386fb97867d - $ docker stop 7805c1d35632 + $ docker create --name test alpine:latest top + $ docker start test + $ docker stop test **Shell 1: (Again .. now showing events):** - 2015-05-12T11:51:30.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) - 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + 2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test) + 2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) + 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) + 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) + 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) **Show events in the past from a specified time:** - $ docker events --since 1378216169 - 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) - 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + $ docker events --since 1483283804 + 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) + 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) + 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) + 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) + 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) + 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - $ docker events --since '2013-09-03' - 2015-05-12T11:51:30.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) - 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + $ docker events --since '2017-01-05' + 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) + 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) + 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) + 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) + 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) + 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) $ docker events --since '2013-09-03T15:49:29' - 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) - 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) + 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) + 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) + 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) + 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) + 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) This example outputs all events that were generated in the last 3 minutes, relative to the current time on the client machine: - $ docker events --since '3m' - 2015-05-12T11:51:30.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:52:12.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2015-05-12T15:53:45.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) - 2015-05-12T15:54:03.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + $ docker events --since '10m' + 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) + 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) + 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) + 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) + 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) + 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) + 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) **Filter events:** $ docker events --filter 'event=stop' - 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2014-09-03T17:42:14.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + 2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) + 2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain) - $ docker events --filter 'image=ubuntu-1:14.04' - 2014-05-10T17:42:14.999999999Z07:00 container start 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) + $ docker events --filter 'image=alpine' + 2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner) + 2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) + 2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15) + 2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9) + 2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner) + 2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner) - $ docker events --filter 'container=7805c1d35632' - 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) - 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image= redis:2.8) + $ docker events --filter 'container=test' + 2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) + 2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) + 2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) + 2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - $ docker events --filter 'container=7805c1d35632' --filter 'container=4386fb97867d' - 2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (image=redis:2.8) - 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + $ docker events --filter 'container=test' --filter 'container=d9cdb1525ea8' + 2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) + 2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) + 2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9) + 2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test) + 2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test) - $ docker events --filter 'container=7805c1d35632' --filter 'event=stop' - 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) - - $ docker events --filter 'container=container_1' --filter 'container=container_2' - 2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) - 2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8) - 2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + $ docker events --filter 'container=test' --filter 'event=stop' + 2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test) $ docker events --filter 'type=volume' 2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) - 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) - 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) + 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate) + 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local) 2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) $ docker events --filter 'type=network' - 2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) - 2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) + 2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge) + 2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge) $ docker events --filter 'type=plugin' (experimental) - 2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) - 2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) + 2016-07-25T17:30:14.825557616Z plugin pull ec7b...993f (name=tiborvass/sample-volume-plugin:latest) + 2016-07-25T17:30:14.888127370Z plugin enable ec7b...993f (name=tiborvass/sample-volume-plugin:latest) **Format:** From c2893a6e1cf27b4353166562d2fc1c1f46eae5a9 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Tue, 7 Feb 2017 10:09:32 -0800 Subject: [PATCH 2319/2538] Add info about the relationship between swarm leave and node rm Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/swarm_leave.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index 7a6050f201..a08f7f80ea 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -44,11 +44,16 @@ dvfxp4zseq4s0rih1selh0d20 * manager1 Ready Active Leader ``` To remove `worker2`, issue the following command from `worker2` itself: + ```bash $ docker swarm leave Node left the default swarm. ``` -To remove an inactive node, use the [`node rm`](node_rm.md) command instead. + +The node will still appear in the node list, and marked as `down`. It no longer +affects swarm operation, but a long list of `down` nodes can clutter the node +list. To remove an inactive node from the list, use the [`node rm`](node_rm.md) +command. ## Related information From cf4b3715ed383ef5ca566861576cc7b6b086679e Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Tue, 7 Feb 2017 15:39:50 -0800 Subject: [PATCH 2320/2538] Removed unused image Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/docker_images.gif | Bin 35785 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 docs/reference/commandline/docker_images.gif diff --git a/docs/reference/commandline/docker_images.gif b/docs/reference/commandline/docker_images.gif deleted file mode 100644 index 5894ca270e002758b8f332141e00356e42868880..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 35785 zcmd3tS6CBW*sj+UAPFD|HS{DP9Sl`K#LzngL_|~wh=>J0Kv6{0(5o7H5isItu^ai_j`|%i=(+kus7_0yaNA47>mV; zii%50N=ZvgDgGCEGFeScO+{N+4I~zJ0sDe?UNh-Oink491>4dt5?8J@)TEc<>-SB4TS))R7}c z0#5#yKqfOd`M>PV%*@Kl3O{@HU~X<+Ufw^&#nBi3%dyJJnwpvuwY8_3nwp!NnU^mo zUHLC*U0uDsy_wgqpX=`*930FU9?l;hpO}~^zIX4!ga2}IX6DJ0Csj|M*3QpAfByX4 zyLXpAd{|yy{`>du|2*{nFBkF;6bpbi(EIO({u>h@vdW|Ct&fR;w$@>qcrXN0&a7xY`c7GB^N@v$7r*be2ujX3j+*UQ5MKnGzH`-P`a-L+DspQgL zGnS{dwQ1K_d+kIKblEGe4Lvr5kv=tL^y+OUu+{sPO3R{P3jf$h&{<^j`b)jGH8?>Uq8E^YhU>-JrYIyO&?{s@*Pn_VvWv z_lWH>Csg%*|HL26QuVrV{m1f~v5S%Y)nhTK7CHdXxe$t5S$_BI-p!k_Hdo!P=s$)1P1V~&Y2{vtmfPxsbkVUvk#Wq3)V zblS@z#%UJ_atYsYPfC=^u`fQ`zwwmz6AA*M20sQ|*mJPFTPjiA=v9PmEZ&PE&>0@3;FcQ8sU0l3ENxQ{Cq1 zaEfgMXRxW=ufe|AwB>E3q;9&P>GJiT0rTrL*vz-B!w1XF7kw0(XM$6gn=kP)Y5&OIDE7?Z1{U%Lq8-P{eJ$w=le*56bfS^m>{D7G4J^t zpKF~q-0t7;hmi^bB z(Fds=Qkkvv%5_?0W%J_abw0*CPgTTnId)vCt+;eRAo-Q!Z&5YKkh}TZoH8W}05v+W zOtGW#lB6~O?oqyi9?b^8dOLr8=r%47pYa~_oEI?$IsL$Tr}-cxP&w1GBzJ?vY}MU$ z$R5%+58k|*;xp1>j>^k164M%*4c5I=9zVDtUoGpsJ=A-|HH!b;h_U6bCvO(kNk%~O zKSJ+BNkAp#ngj|!|5iTG_T>t8W8ibuJjk9_DH`j-L`~RI)&Qhf^rJIR=)dMf)~&d_ zL)7&^MU9yrH%cc!4Pi=#`;)ni0H|{NaYT0euiZ4%*@|{w=PG>C`%RjSQV2o+C?f7Z zijk5WfRBkdkR?C+iKhFf1U{;iY3C^#OyR{e8q7DC<^-9cU|l&C24Mc|=DFQd?hN>K zgcmmY3tf1qYs5N?aZ*-cK!}=*5Po}{A2m{^kf}g4hZ?6~^jy9>=a!faX*D5eD~#)t z9kDQr!dBl_OU(peM4!x1iL+V1VQ5^;#~G_Yl}&MvG}HulZ98i47{G1qky&R~I#*+6 znL&mkS&6325U6-N@mna@R=TU$r18f@;d-{M5RaG=8hQKlhkLeSD|PF=Ww~TdZp8Eu z-BNcdY4}vO-I%Y2S@DTViQ5rHi&jiQc{>n*Tm$rg(I~7HD^OVEh>e+ z%|dv0hK;nn7Z%TZDXDe9Ta(VL)(?kp1{x?xJ}QC|xsvgw_cH@>6NE@RQtsoJ65R`1D9r z!z9=<>Q{YQGS_qWC6^*;o!9ysc2+9RxZ4#^O~0`IMY&yf_Nu(?CERkUq6R)e#4H^W zb>>52_5czlfq>%^PyYQ`cnu~2SQ?)op3Fz}*f#6pBhl|GzU|eShl^vIN;Q=dL`G_%I0; zp3#SOXz(|a7NYoRPWE2u;JZrw!rEMJ(yKj8TryY4f|Ph9t3R2(heLdQR6XD0x2@XjFqUQ1P$@RZSmoeiMSdfK)E#B?4YQY+mAaXq55GJcvRMx zHX%-e#M8m62$Qu@6L8NF_z6Ui{bqtO+i9^rRZWnkn>dXepsBe8{+k7Q(nhbltK3q)wW^O=PidsGa<}juJEZ>PLjLukVzih0RC&hw<~g0FI1&Z)|Rb-^Mc{+%fX)QLmJsaQ>(zHl`DBa_-MGWpV zz)>qybLqyz!x(p#EdYDF?Wu`5NewSfkQ3u|BC9g2`h|q?Tx`g{kpV~E2UrX6}j6qE<=?HzvptZQjSK{nGcQe<;f`OP1QGgx5a`HeWu4b*OLa zL4k|82leWhV&+Rjx?tSLK!=A6Fzp#rzO0fknCsYQwa+0unRsPA9 zD93a(*@^F$xKbt=*QXPjxKqg5(YZBC6y-4;qU;Z21gEBh^Pwme{m5U>r}{F3DxX)= zMMxJ&cvpY&tEBgV{|>Y~-MoL|?m)XO`y#$w>*&cdqN&&&D%TxL`4A`r(uBE$3BZw9na5X5Zh0Q>~Yw;d}>D8(3J&k+H-Vk-RYAA6vacHvXWLbAVZ5O z#-F*h@x&v0r(;)-DLRvXZnXXFbV_>Zj1q+@Q{_A>dGyT}4^<{?N==d`0aNxr@1L(S zPxK=&Lq|Oa#jyb~9IG%BuN3YII2u~TMuH`1{hKr7F0xLzdG}Q^L}Mz1I!NO^=j|Cn zT$(tBXitjKnncBUKui<6SO@)aJfmFf@oQf)#o2vgIeGI`Du^X-U4h<*q7CcexG%1I z9mwmsOp6sc59WbN0UFvFnIu5X@EN%?M>FaBRJaIBD+I4hZ)q7{3_2F9>fQwvzAFg4sW4CzaOvS{f0 zQ5evWcUl-tKI9&WDsrGS4m4$pvEl*1Ot1%_rDIR;w*3Zl$OVt$Nb%};_+c%uEXJ;F zdbbL(i^7^cTM>C0q%q{{DYQ+dDo2EyqtcCFmLNwef)>)g!ceSju0|vEe$6pw4s0?A zwMP5(?%hIh(#6wZT`FAq^=#M1oTHN{U?7!D$n`!-2B5ATvIaW{-26-?ROKJL%>uI> zD}=laeH5LONJB8Z^NGB`4^A;&yoeJo5p_X`H4`Lq5kTK>LIa}0hIjWC4SdHE=}<>_ z%*}RkX@Lbb+P%Ou*RFjPE$AqA$UPZhV^Yb?OyZ(|4HB8Lt`^Bj3{ZtBWD{9*V0bIF zBp)N>LW7}w7;Rc<3Jp%o-F^lu)S`_c@W6Qt$leYe)yBAvovY*)l~Rv%zGCE#$@OgG#87~u85m)Xmh0Oj zIzE{mc`iA!uzg0G=u$j_JuucS`y>X(K7o-Dm?cJ{o>-x}LezzxL+1LYQrSs-czrIc z!im=AXuWX3ymG;~^C3FBVo?qi=9B;yoJ>-s3rMW>sxSPpi{0e~jIv)AI)55v2f|iy z6kJ%j1qSC-rCC)`X;G@HS^3!+6XSS3+ybL$iIMqP`EEZ(od(B@T}b9dc+l2nN5<3j zxJQYx_6-+}ar;b5Wsg}TRN zeBI(caLX^pCbPy_&WFCOyMYtByY@I1n#Dg(6B%GmAtvWm1D&&4W6irXml>Amiji=^ z!2HT2Civ-(Av1u!E4FO5F37c|Gpr@Na!dU(u!mn3Fmf{{yX_O%XP{#v&JBV~2dQ#MqFUD)~t0 zDAp*G+(tQ?7J}+WdX8q~A4_O=8Nlwr?6RxNzc`9s?_}6;D8k@y61y{nkKhD*O5-pm zXHf(8P8Iwmmz|ie;TR`8^ezgPnu+$nt>TutuAC20SABgvbwPjLWRFIcYy|ddJ!5w| zEhwAYoyOf>%|h*nN1X8JvL*KY_nLB62hkSF)m1<6ogzo_R5a?PCiXgMcE*w`WmqkW zImm1O3+H#La}?KWX{#;OlgD(`?wrg|i9(lbU|msy4gIhttLK1u3vr=Cmusrafd$dm zM~yZ`UW?i7MB{Blv>3*l)~X-@yfN}d^mn7cE7!}HEnXlumoDs}GGX3!va{f(F`x2D z@#Y=b)YKdVN$rv&pihsnjYj&2xmp^&8(Z5`Rz6#zv2hoiQuL}I3KgJKGK~)qws*0} ziAE=KkN>HKsm%~-?HRc`pq)+MB!Fn#+hLu%T#D+ zQ#|#)k4BA|{4QhVs}>}!G}m2A?`aymjsN=t4g4Wf}S5ch9$0ceAg=rAk>J5P=k=?%}NDy;#U+ zoDGo=|0rAcI0^>)N3?k(P1GYoAnz50I@0Tgc4ZIDWVa4M9thB(nVK4-RdU&bTJHX_ z*}3n1+`v|&4s@F_YR5(~Rj@4;k>_Zv7wG6yZ9K%M*t_IgM$h9zyV^_F+0zg*^-zfm zYys}nQIAl;O$BDI+S)YvwzjHVjUMN8`J1AVh$D?6%GCBz1M_*0R9wjQ*H&SPP?+BC z7xB_(6KXTBhPEOA%cE;V0(~k%;n9;KY{ur~T^J9;BN8+j2={_`i0l<@eULg4)HUqgCas0)Kx}yavlp;lEOaHMVs>~pF*S@|4x6wUW7KC~K4^S9B~Nh-(MS#Xeb!Hy z)h@$?ZVi{d+#7hQt0kux$#F(>{&Q<=h4N$lhOp`@bg~cVU=MVYJ zS4N$;VeU3ifmHybJ7Z_J0}$?*$4l=*xt9i~fvU>FXiT6L4Xx=F-~9181AfsNb!nOR zGSG89BTx}$|w5O)yi`R4nI9~L-Vk;V!p+zXzSM}d|tN`5Vg$L#_b(PtWllE zug2q*^aK}{7-cz|UT5SUw;g!hmIHV9yg9M%bep1jPqTKnhg$ABMNLxuXHvDXhx)yV zR~P>(kilgEe$ST+H#CM#US8O-OXSAFg&q5fj{VBw{(JD9zy}F@-fN$B)F}kOavDN^qfb5pHr+nR5y&aStYL1A5oBa>q&K&rF>jZb9PJ~ zb2T}`=uK=+8@S^Kobv5Ygh$BkP$uxZ1nhiIue-~~HwbOc#YcbP{MJ!>ldSUWi#+_5 z?`yQRRae=cEL`l|EV4GuAv)}gy}e2n8hSW92?{JFa5N9Ra!N!H`CqZ`PprOQ8Tz8p zbw@7oJ528!SHS?xE^R{keex7g#IfBAb_4@Zcivpx5ZcI>0;r(|N=9 zqt1yc_kKm4`JSw9I@$i6AKLpOANW~)ym}>0!TtS;!?LMopT>p{X)nE|WQ^P=)z-eIrtg!z?{#_4t9b|k#2jE$jXXVV zfmX6uvL~|9Qy++JqG{-76(v)FJN^H~Y+F#njx}amO%^IHauWk0rt;EMPxDn#yaq|5 zhzi3Bn}pQt9s*TIV;Jx@0l3if{?x-6PwdTP5}>SCkal||1QfPpX@Ebxl4t03(w8-m zgPND&c~raMEtT_zpluAq&*{9R zB>^+z%iZLPg@NU}MIm8(W}2r*VwduN%r?gZteC&=8~~?Is_iK^1Qol+iqD8O@W+IJ zq!;l&X8T1;1E3c)e$^y06^i$G?OLs>>3lzGiuz(cj0r<%*7h}MyX$}?aLROA-=_cR z!)soz!4JU>={)g^Cv>0P?K^2e0lBf;OOv=jTDQ76=%Noc6GEf&mm)|jE5BBj({SxB zTgEiBF?gErhTjbP2#iJpKT*u=4L=F*s5PJD_*-Br3}INdQuQVYyD_srG#AnbegKfB z9`^+mC&oXx_rK8AX6x&R z-HQ_Z8($XgvX)PdZ8e#PfC{_eMM=2MUc21=nO*(D!=D*UR>Z^o^^PW($bF~((b3c> z3Hzx1hTSqm1FMz)e(f$V`%GSZQ(e`?1U2K@Jx`^`fMdhXKNhzShl{l=tDXD701!Q+ z=|HKb38!g)P4sv42$A@8@se6DSN?L<@NBsRhCTj{vy#Gu+R}c^K5YS0neVR*Yl~jm zasQYc3X?sW_4gBhcSHnC8=QoJ%*@XZ-TSxE;GTUc?{?#H7^Z0Nm)vPC_G|9TkFnY; z(XbmpwU&m1HgyMD?tuImlh3E@O-M{pZ+dlf89O4pWfAqA| z+G%ce$YUhC^uV^)OIJ@DV0eJAqbOc!Ciqc%$7vU5kI2UaRf5Wst7RX8#9%F&*&JBj zXYlXk(GNkAGJs?D>`UpW_I&e-KIQ2#wQ~l!TP!Ow7br%A6>N^1^`Ui#4pf+zRlLdo z4=W@t?0b8$c^nmfTzR*-^0L>uo~9d++^=Q>V&pIFe7WwpcfH5QZ5#UY?)T<=dA!}K z>XN~h@z0KN7?6Hf%GDN~PJ{b$ZPu0iDe+)M+TslC*-UY(7240GC%QlOl|0kM2A=)* z%9c&-(f8%gGF60XB;E!82R zz0X%EM8ZD_-=7pVCU@BUW@tL@fyjNu9SMB}bc=(T1aN#`|0XCadBdD%2qQFSWm@2Q zJKAqufm(;$rPf4p&7%&w+0cA!ooe3fGYO%u$x#K(83PucTg>YQQv0(q{ME(bpOyU! z9y#=FU$zss^{>Ih`LmJP)k?3OM=WQ(&+QrDDt{jxv6h_27}!6OClpXmT*{I5NVmy4 zIyCBNxs=1oCY%qU-`XdB-&>}4hFn5R+#kvo+Jv_yIJ%7clrH5rxYz1p-T58G+}63Dug>hG+{%1+5KW~w>eiR=N=XcPdG9&c>A?prH~Ny#g&z<)oQD< zEqi4}pG*0FXNAS(mHg&%sSeXO<&~R4EfjZ1m9Uxcd;SH%p*mA(mfJQ%%>+YZh5Mu# z6jkDCeimzp%Z>!7Z~NA%{2Wum!Yhp_1OC$|nGn$7Wm=D5gkwRw7)kBv*Or4$%gJb? z>~$#&10(C9eKeH>;>DYT3>9|WxvycaWmQ?`{zUmqZsq-oaYrf9ulY|xuHLIKJQuTp zLffqT2;f$}G`3YTn^R41$vL#`ccC-0IdYrScMCT$E{WnF8nqPmrPsKegq`-PZ@m`` z;NY_dcatLZ0{6G6magr6`+T>I=|>0~?idj7=}uR@&F7@+4^Vod{E6lvs|0ge|0csW zL^_<`CS{`+V%Urli`l}Kj}x$TAkVnX5Gwns7rvE(%J`?OHv-(X&B_?KckI__^7eL3 ztNBuc3M1xR`*o!1`~SXl(29X2aR6DL&uvVJ(ZK=1PI((S43;N?lLT}EhOd&w9TJ!1 zZnb4>@0}C6g|`RHrOvdL)+ZqkSpn5gT+ay&{J{z>oy01o1Gag%lbaDE8CDA>;JdgK z96iy24hXaoXW?TsDU9GKB<`7vV!V-ja~qKYm&;O)cu=Va4`wmAsR_ZD?{zOg_^Ii2 z5(nBfUNF&Z!}YIh!S+8(#|fLc$r!8mD4}ZxyRgb_!NMR9rWLQR-DUv%DC@YAiG4pw z(K!&~r6OREiW-(EoR&a?AR&0O)mFtME}}R@64E5C5o~4x&V&YGilrb7_3XNHdlXJq zNWs!PCXT^CRPaH#5ataMXlIz+YRgtx$E2bj?BISCkV z38#5}S=q%;47|@2HskcK-bDU>3hZGDMHU*Dt3~cByWtFk!-23Z=Z(^o!ftnt4d$U` zhxE{e=Mo#4u>aXN+v}M^e_p-hMzE5U@MXfnPF?k{cR|Z{daEVtW5r@4KU=>1sUxig zguZ1-F#Puroc$AoKN3JQo!OIx7r|wd*5QAXx>buIyb%>hsS$6FXtbMObx)VWuvJQ# z-20+}^BgB-pkmf9Qpi9t#XmIPz4Bxn`VZ2RMgZrykX0lsH#$4nX`NYn9*=tT@==ur zCaiRhiHT(jt-<}Xgs&*&1yhLJ0Qf>oX20BxNtc=52Bq8@vn|$3Gl|}B?YMB(vz|>` z9&G@*t0xnhFgsAGc@fC39W+RxDxUtfvDmi6GeijR94x`QImxwtc{|V=Sx=%JUKHf3 zYMuD|6-$tHOBT|YzqP5?Ee}=svOCo868K6^f)tK+HeOKU^&6Ziv-AgZM>HskR!ob zu^=-NyMebSnGHW-BDz#DC1=b=Hl!IA?@8OWftX~B0iRGv_YGjjxfx z8Ngtw;}L7XoXbJ2sZ5C(i9jh>vVr-uAGKh?M2;Vfhsb=`italXwTfEtVKN>v2mwSE zY{Btu_D;}?N-(WF6l@0c643b=xj#Z{)j(o08wJcAQvIj$_re;Sn0?2wcI<=606N`; znIcP9eNFH5m4F3M7CrfGp`^1p(S?S1G^7w{un8Uwe535@j68Zy5y!(Ow3LSnup-9~ z!};%!cWmbH$7|5Gy+Dx<+c+r17E7*iT+Jvf1!U??Vmzt4DaQ_J?M)xM7B7{ME**n) zU`7OvsR(I!HjZ zL0Uo@q{l~EwJ2VEM2`vm*_x`&%1&)t&6b+X_9P`*(g>}4k0Kn&d)oumsHbP&ph6^u zCkX*xVLObN7z-2&pc{KpJ09ZLb<_Zxm&^hWoG?|fGPPPV@~@#k%jZW&b#3@CUOrZZ zf%LzTb!R(2V*r)Ntmf!U6|Q&Qm;CVH94;s57c(8N=3c! zq_v8CvmG*%3%@QQ?EYEnpitM#awL$djHFPXBn#yn2Yr)!A$wF@%%I)V+zopRbpj zzam9Wv~`nn<>l<~W*nd2sqBa$6_#;ny$)HcjQmkXAfcm?ZuhUwxOZdpViyroc~Xjd-Yd=P z?K44y=AU3cy~Dm0#c9;0Vjg3g^TIxD>Z8;9bcA~;o9HB z<@XdrP|RbQ-~62cw*p(;Fp9sAx!wxhO}^d$HYxO5^d~4B`h4lOVWWzmuOd>3K0iRS zTYD)wbgq(*>tHz(QvHGz=We6(lFPY~>hI{rde)0sgli;Gi7O38WnIgghAJ3CZe^Et zWp!18nhM5nIdj;|eZM+abvbvnwE|D7B*#^-h}9MmMlw zYwwZcbMOgwj3X<;mI=Syi&qf9j$m|5bJXvZ3W6i_HAf_A^%mg=w)-8*iaezHySx|Z zD1Jr*2g&;t6%q#8B5rdm@HfkO?ZR%xjb&Tc3L8zliEriL!FDR=5ap?&4*G+pkH~Bk zlF2ZtzgX%?9^d2dXFCl(;D zODk4uz^>=4BDx8@)$56+to~9lv9N3I`R{jn$%W0O%V@;ox(5jr2|yccspNNF&q2jW zMBk`wD*N{PR1dDWf$RMx9oe9Zqj7Is)xh+DJN?0yY(NAsU<+N$}1O?>_xTGS27ZY61(M~jc zQci#JLU(7^=9@8_9q;VE>uWb%VkG-#!N)Dh@Af5|>k&7V1|F5OjV}U~cLPfQJ^**h zL~}Owrz=b4cwn+m#TT23=|=Gj`x4(eV-zAYO8PMCD)`mA$BH78w&YBb{Qb$|`2?M{ zmb%|{mRb7GIm+!#V5*%fVN> zC;oBoQ|FCucVKBpqRsLOmpq4`p4{n%Xqr&B`9|rDkhi|tI%L3$w%}2&6cSw6p6zTu z+>ofc;2NE^xS;6J8#uA7_`aO_e)RJD+c$_Z{H~H*r9*!|4E(Fdj$AZWg2r!Xkm+fA zmarO->*)0{ea*o26gzc*O%Nq_>r7DhmuHst!TqI0c&ac}dD0YB0JATKko6r9E z=9SP}$1$FU0y=eos@Q10%u6Q7xPiSI7Gvpg_aqA(0GOo zNTGOdX(O|LxI`-LNx1Xlk4>f5@|O6W{5B#={h&cnF)tj-{JHv~hvV^2pePjmw3Rav zp@fuw`oca#xhx@ciSRKfj56o9qcRlguM{7-|)PG<(w6pYvHm%wD-Wm zt^;qSDzQ`!N~Hr;3xQQFibTr4Y5n{DrexY>e@_||+8A+8Uv60fLlr_?J-3K$^32R6 z0mm#)X$}2+EqvB`Ro2<_S!&oUku9v6+DthW`u~cyEiS?Y4^HQ`W*6A7$qTkB%(VU>mx-FziG(1By+0K)qvN$nX~33CMWa2%}zJeJY9_P4}nh4`=8^Otbb!vT(B= zuE`zc(!;wB#w3EvNu8zkR2Eukw@v-@=J?fcz|2y!Ff04NUTkxUm+F>8;q525oN=c3 zwr9>QIy*kpTn`>T*A@pei<+b~FOo?2buchfO8FI@WZd{5NyVVJbTJgWrV}3sWdpm( zG(^ok9JG(>_+8p{Tp9@aN5vrEu9XPDfZCNE*N$C+*v%AmU17jy+T{p?bg3eYDgPgS ze~O`Zc<{i6ZCe{EEJN>enG$!d#cN^as}j8=GNdlj3u+*M>Z%QyzqVyEg$*#QwX)rm zIZd~{UYCRH%F{5RkalnTb?oC)db~*kmtvo}&C6CRodDa}6%#zW%==$#v*A^Wn`oU^ zDKzDO*r9C0^oLfxwJrsXREXDF9DZuQ_uB5`&)T9Z5)_9xka!cirqLRdtC5cX+jxKH z0m0Y%c?rZJ)__|xo{%W=Zs_$m7H}9L@!q@5wvo5S_~5b)Y$??g6WezCvjzq^&-XeD z(s$_S-dI|bu9N8@IquTwbScT6feO3VS96o{dE-x)Su-MqL=Ehhy*sd?A=G@YG*J5iMaNw}8;L+mc>w!P* z#a?vrbXFzC%J5;WqZ;q%Qkobxs2uN!*19z1ckn}1XW^_p4#urG&17mGGiG~{~ zbVXqId5e#|y&41pEH-d(zWLFs=1({3@fnL!2EJFJtKVd^btEJd_yZTO&$5B}guLG8 z5({6zgh>ik`Ztx1iyiE|MyL8Co6O4Ij|m6@vxLZR~T)~dHe1utjv7j<-Se7-hX}cC-bB|PC}H! ze&8o}JDC<~%7RUd&;Ox9Dl?pz*#)!UB$17}f@9OWlk~erXu1>jVnl8V4P(YWdwjLk zeFhJof{(sg8FI-_^+z-XT*33}*8PLn%L&gDdyPc?eJ&m?{_!Wp@hW?)`tR&JI~;)& z#uYYL!T!9w(8aNF0QRiJ$(ti%2v#D;Vq`4U=;s&tW1ac0)(xJO$)%CPu@CF5zxNz^b4Cjg>HwFXzxlZ4gNX}`)+5~PNhB2J+Cc10wrGQ?lA zP8UWgv_z>z@3<$u{kWd?WZ4#maHjLZI(ItaFmzbRHgaH{A1Be17%b$8hjG8#ktf&r z!bP`VXl!asSD>})8B=XE$&JoythXSO3*qRbYOmDj{7kJ{;MtAYy%bHLn*@Ex9YIxp z8?tPbb|6$dEX!kx*sM@~=HgKm9@~-_PWyGZfoXY*D^hfD&&kD+0db5^>6DVNL^{jU z*DwKd+TG^(PziBg1UFgBw_abP7)Th{0I~E?NQ=H|1Hx$p<2P9pI$#dW(WtsBKxl2U zYJz?UnSpjt7UeP>!|+)|m{KMvyk%a=&NL6VZT4Z>v$;ufLNv#Xvys8l?_r z-qwnaEHOF+6QZdq686m9H{SZ9R6ZnG!xb_lt&@nSC9A1ddW;yRl?}y}nXRA4*b5+u zXj&4nizK9;E?yh222gu0vM>e_C|Y#7en+EB>}zpxHWPD*glaNu{31Bhq*$32y3vT| zZSRK~UtKPlh3krX;uFQ~Y0zEgvsZMO+vVOAw4U1LfYFL93DpUKjGw;2dwNgOU8k@c z8!kz?1E75U7*wBLg+F}Z$>{2D5+Rep4WYdCd1MK7;)Q4|CSZEM@4R+X{3C^8`E*fd zpnGd24dZiA)bQ8?VUVQaT@;XhyX3C?~J$I@mR{bGpOcV3alHW@6pf4!tWLlaV9 zGI`_QxgxSm2v02+_n#ITn%r>4<_OI98SdttO-?CiA|RdHd0P9Uy>c+I=vX9SP`vFh zd2)W#+y=RGHYC-qFWd(aimZxjDND@TEau)i{9_|$sr10BmQW%T+Td2n)JvHfa=fh z-|WyGc*K=8t8HvYzr&mrt1SMk#3J=*yk(bS|h5$1~JRk_Pw zjW;KN34NhJ-hCM*JpgL}n|IO>@+6$5uSQG^m|2kR8m)Z{ldeh48ZfWPkv?uXyRh!C z8IY!PYxg|Ll8WOLiV}k%nAtz~WT~(#d@1!s*zYpcEw^P*l7Wqm19p5erry8j%k(SD z#qH7v2wigU?anzT*^#V#=Z0f>7t<}uMCOTTR7o}WyCzn?v|B7OhZ*b~ALQ~cMP}P~ui^ww>6;t#7BOd?9+Lnq$!0A7 zMe$j$M%?@K(_StGe64fau~Hva3Ocz3Pm2peTn;^HIS#ZDHvAsI2O#^RIR zxj}F9i(HEDn&;X4K!fW1+;eseK_wO4*;X$3T9lv$?GpR_`8L=ypJTF4mXvmNt=~3K zV&h`b z#}+)54+_}9vLOXMPRr|luK4;y!JXwm#3}FN^s3jLALmU3fv(*-2KXS!nLHv0dSsJt zm7`FsRTPU2^2uNc|IC+bC!Z{-faCJ#ONgAY+?ORp5!c+WjTK&RFQiu%^>tgY8u#Cb zx(I74Wqhu%FDd_3QqmZF!G4EQ22?heL42N(cOPH9UAszcPl62>u9yZig&JGS8vB46 z$G95j(i++UMc3IH&!08)0H;li>9XIK;9pG@vdlt}eW^ z?m$nS1_@T>)1;mQ!4Ut(c%&Y@^VXU;FIN@UGBvQ%V{-r85Ml-xDpZD$ z?8WOn&A3~Pny-u>+p1^lecfZ=NgaQjpMP3`f7Y~rd*DjZ@e=6S}ABI@a_P&i%$}!!6Kj>Fof|R_3 zFH9@Hm)VA+1uW$|-5&AOu->>Znrk)z_AXQs*`>f+X(oRQwJ&z?jc|Qp{^~F8W z9wdi4Z+k8=UvwpOLMy(l!ubel2ApqX03r?c7H(%7bJo1QWfoDGRQt#!&?MB(Tzc=^ z&rO@Z*zGg1zj4G!2H^Jgc4hm(FsHpQ8Z`m-noW)toNK322!2x)|22h}-S;1$K%It$ z(q;;2qEj>p`zs|B@rT1*oGdL7e$}^JYf)4V7IZ{mBkX|_f!T`=Z8_3wb*CEKlj^!1 zuz5IZ^Ny1m7;bBuVqei@aId1l=F$pbK4eJm^K(KC`OuIQq{ph4%(IY1Kv~}AkD8V> zNko~*Rm*W7B?ryEFK#koJm|!gjT`rXY@~Zy)?$Tf6f@XUO4$fo)vj;Y7=Og@%%Coj z8}PFo(c-|NhG%q1aHp)h8rRh}1g(>G)e-c2B*O}(_{EwuaKu=VRJ?ECT=D_^ct}n8+W?CPQ*FK1tf$tatMnp1WeaWh z?iS3v@GTY%B59sf;M)`{Z5>{u;F%kQSOX8+LBIi>U2(=|T1I9^M*g@M{cVBx_JCyZ5PLADFQEd2OZa>Le2Xid(I)3|dx^@(?JsH-KQ_ajPj%dpN%M$3K#g|HnMNC z0HmtNLwDn*#13z)`;SVObC9pcp`oMU8)z=Ghj6&vch)3Fne1pIN$)CmeG(O_wMGAA zH1>`n-AT~rLzJO`G{=_Y+Y5T@M&rH}ZV&$91UZeYsPaHq8O>Qwe#$pL`HJM?{@K84CI8bBMo zp_JR1HVi`*?%m6H9hZSeX$?9LA|JGHwOz#Sj=l5|;SI~-N8AL^#rkO$8`<)KUdf%o zcuc3_&s^BNHTu|@@ea%%tH%YGqD=7)@+`V2_aXkzSfu`=3k!Og*;!TIF}k@L2Ym_? z+aJ6Mp81i8s$dXPX7q(aXbK4x<=?Y*94@>%n-e@&nLk&PM0v$!$i!-+37xvS*P0Usoh=b&#OER z1MXbx!%@QUo#}yj2T3$6Y2xAvs>l{A?bpBZwD7ghGu;~-;y=4O0I-4mypBC&ED5g2 zyxQ|OWRvH=4?Um@N-yF+kJ+CN5C7|sl7d~5X{w|NmtUV5X=eG;|Q z(xRd|{CQC#_!%J{beZhJbI_!Xz&a6btw*~n+zJ!mxU_dYp5Xf7lg`}7+djy-Qh|)s zu8Z*iW?>u|2B8Va;N|1-lef$T(BL<0rJzS~-J3UL>8mF-tVt?;N*1N(q;oyrUgo!y z+@O*dU_r0cT(BM;m^wU9-J3ts%o;rYL41eMOeOCMMrv}=q~t?l=~;f+-;68{fZXC4k!{P+EH&K!(kn6Ym$gD|r1Tg=$WG9e|Z zu@p(NZ*61jOBy0OV@;G$WH;87(vU()Ly}5GdsLqJ-S_i6*Yn)htv8-o^d-=g;;jlv`l07B=BsIRsd;~a;C7&G;Q5AFw~fVV5D-yp^}xrG?RJFA(% zz5G_vts{zWEaz^qp_={Jwj4e_l%eEhi9K8Bj3rHWNkHRWaMK@HgQUf7myt{loa1954$ z2t1?cpa8iii3Pp9NHWaN9@rUYA!T8)M6jcT6;{!i(1Q58FRbAWV<~P*(%89 zVkA)3u;GeD+czCnN6|zTs3PgAT23R|^vf9Q2xL$J_7{GMoEKmz+v>1B-!ASsM`2PU zpJoLii67c;aO?5MJD081 zXj7s8q2T0daZuYe0dI|OClut(N4SZ*3;QCIZ8Z1t+T@=BxvAhjOMI=ooeH&1A)$`@ za85@ueKrFC=}xA_kFM9$=E{ndgOK%!8c@UO^!H zA48}O8{w|__2W#CU8g}n?e`#QX#BAUStm~Ye2kYh_FS6dG3U6Jb-eg6bO#3+Wf7nM z{Bz!NCIikHXRC_4$J%_hb~w22X5%wzk`Jlp>uTApS>3}EGd?Zg?%lpjB^mdqPF;BB z>d(cs{?ZI{oUiOXvFF7hXK#>GkCD4F>Rr*|QIPU{b zSi)v4iTwfAO3pZ9M-Gm9ghf4#=VXj1Z~5hr%ya`2kds5FMILYkwUHpVOa#8~SDUyQ zOA5r@78H`jL&{-;yk^l*%r24(DsD>qN|%#d@afFl&f^-fU6;`#Y=S`oG}oLy+R9Jj zU}d0zSPL}-2}1t-6N2XS$6q+0pluLoyuNl=h7l9E?pRI;ba#5V7vMW~x*?`I@2 z4JDUuo_H$lNcJ}#LJ6Gj*tB%YdhF_TA9mGWLK+^i7GkIGt^26XE z&aCIW|D^5=N&RTah_ehbk(9fB;W!c~N;DLsB!69J0H(sw!PctzTQLaepgvE~M7PC8 zx-z6@b0hd*)|`K}lDYAk0McvUi|08fe7Lm;-ZG_Vg&Ry>OJZUm=et*g0r2FGreYP( zUczeu(nfQj&`~l?F5orK9;0T1n2k}5PecHU8$`G4UwEyW*gI{L7+p?*B^X4Wd3Gq@ zNahh?HU;_N>3B&-&r|wXpk=+=sP@+H92giXQ zKk-nt5MVl6>Ojm;!I?6D1(9EkKq?4qWIx_5LgC@8RZkQ$-U_X=drc2TmcDX2zQ>}F z1!#TC-|cf)Vv`6$4fPp@&VEWVF5phWm1|r?{{D!q8Pi9u_1X_bH_r`o9=cn?bMfev z9gQWagcHreILyi^Eei4x7m>R;F&U(YaYLQ$!nmfyQz5^l3}QGEk+YX}v#&r9GRCxk z0bA@Tt$21mhH)z#0jO;Aoc(vEGLR7hJO+S&FB_x#4u6EsNdrsV-#W{QpU<3Qq;gqp zmi@_iPaC*zi7mO=Q9_rymi(NJk#pAC8G+ny*X?@HtO{`7NCbTl&|`E*vnK15f+Dd? zzh4_jZK2YS)c~t8w5#{BE}e`tc$1jZB@9rYkX|Yvk2K*Dz#)nSsjK}l#sR<0e4;NN zK+YZ_MQs25%E+Ru*;K|KH0(j6=q(gu3K`)?*-S5eDFh7dcQ{pwSdw7xz}2Qb3)0wR zVg7W3^f!kDdlPAwj=e_6#?kp!jPp zuRCe3JL1$Yu}6Cgso{Z#I4oPvrlSElX8P_)X9|LX03@__?8;)`$)ApT^z(A|ehv)l z`0(@B+Yc+UPA&Y5O)La9lrGE?BW?vItv`*!uw2B+@p~oWyi$DLdt7{!0$E{vU)?>Q zAa>Xhuyr`(S~wf}j@!rQUW(T!7_dzJlj`c8jy|v!*Y4>m+KE=8o3@Wi<}4|w5yR9E z`B^g|eoLAjJF#OF)+WneTn6_XN_%LBfGlyhM}kwLmHi6P9M;4p3_TZv{%jCptPHuY zCTZbpRc1rhMS%@2uk2MArXSFVjWW9(VHI|Yiv?NWU~D}MXl1$pk(_vkE*-oZlli(1 z;!cGfH_{J2MQF#M57wU<`Q;6B14ayZEqMo8;0BUsk9VYJb+5s_zY?a$&%7i8uUdV_ z?^&j=K~eVU%(oCV2*4B1$&Kq{H&i6TL`DO1yf$HTCM3byubu~q2YE}dBR07rO+Q1u*wFI(n6>*;^@l2!BPKyMLNzULaDO0`pPxdc@)jcEg&* zfcEcPd*Bl*0oRPu(=C(327!|woyR2 z?;G9@*^l$|VY|+BW+aXE|i>SOs z3kIndiqVqy(52UXo>Sn0E;O|(4x&hL#lop7$}nJMOuri0C19No{Z^5nt(Dy3#rS7{ z2umCm18Fc39r2}h3{Ct-PJ%CRgHR~-jF)^+Oay>3=Hrg%g6i>T>lj(@g5u2;pdlc} znT-e`C<6>YmI)ct@pm&k?hit;6qV3-kU6#B?mX<&D&O;4SrkV$z`zb#mv{ewIX(&l zx~gbcB{v!5@ZTg{rIHxPLyxEIhmKqY#IK|22cWh60A>U6($h!uu-N#4^388MAZLIS z_!H)w?QMz`FiVXOm2SMknRN~Ht=t5(3(KtA2cfQk5X zpAj+zgQ|89M9@WI`;qj@)ps?Nle_q|PQE4j%V17dUgxY(qkQqO91zL10X{k@Ys&QJ zZ#la8EnSf3ssktOi-APxe##jDwgt3rtaThcd`5q_0mDfe112Mc%8_PS8B6O`Edg6Gt(Iq% zY>BQ|CT%aDf@$d;rwOrrFYb`6;GtIFz5X4~Q?efqB)h}yY2WYoY_~sVw^L3j3>MbF zVL(u6M{rL^$cv89?T#?%yAh^$qrC6NltvXA*Lru;aNYG2cN$8& zZ@lPk-0o^Fz1<|;bH}@fV%*cQUD8?F)BBHd`uy|2Cdo1**IdiwjD`q#Y= zecJB-@}YavbilxE;792IBWqyGRO-)*0pL&jjxOaZe(^dDv( zW>CmyaGI}Q?A(Av*`SPCkMzRezwMntoY_$Ko*_jarqa0~)jx?MW<%<|Lt1711exK< zjUl~r!(9HuGB<{e7KSgH4x9HP&16QbvxjU#M(oN)$_z$CAC5Tw8Sz4lIIfS7eMZxW zqXOBZp8TVSvzbSFM;-o*!fIm_r;z}DW}wg5-mtINbT=)9FKZ9e(8qzWv5{yo%?4H_e*+_ zg$v`w{G-m=_mOw**Onox7RGBrM)BJBzZ`zhXm&$>cODwv(C=3q9p@jLydln7AD&?EJ1_l+e(q61?jz6M zW@7E5X8y?%ncaqplj9+i55A5S1At7{WXZzhXPFUK7R+(vSQ9zH6WE-MFk>PfXglmI zJl-yQZ14hp$p2W-=kd=QkGB^d@5r!>wOHmYk4Z$Br=0cD`<5})z9pdnMdke0Oeh|i zR(1e1dcexVb^;SksPX~8u|b1=YkNyuxu;pF{7FZ!{8K4#UiG%agG#B>-Fm?_-L-)6 z`+X|sjiqt77fq%_&%=?UurrmFHKmcY|LN%h`1tF`KQlXjcY~n{(;bcgiruU!Rb%yc zI%NWe-b0FE4H@tE?ftv+gn+TX_5dNc=jrJKPqV5VyiPx!OL~0tG=ky`>HqaGeRR$F zBed;xpORILFj4*4)$oW`tN-GGDOX#{bEovoC;A5}45)P><=qYp%{`X2rO#*7fLn$W zCkGHW)iAR~j&;bbQu`NotSN}LsLBKHOW$6fS9%8D55E@gIBRP1ylz)#>&ZgLkJSTt zFCvw98HCk1>@^~=O1gL9J{ecM`Q1SFzP3L9(n1)K*}L$~9`2d}K4bz~de4XcCXO6= z*;n1bS)Z(yS8((cpQ{=~k0X>!I_#J)juQyVEs|@_m$&c>6@&H^_NSYkF$O(?!iJ2!^$EcozOSdYzZ`RjV}aYL<0|)qt%GPsGrQ&ZY9N`LJkalQQ|wK4Cj>z zp3d3fl`nrF&R5 zwK!N7mZgMswILMKt=WNSG1yC{d;JOy2-lxMZI#bQRPR}J?#<>2d zqyIW)Wt4hZxv-LdaDAUkl z1)%837I|ZZmB5Pw9&CcpC_x? zh|}MnliAzM&(bf>U?$JVyi)k*7SV0a#$v;MgbbSHQPsI_zp&P>NDAATua?}z@ZAwa z0>s0H8m^MnwIU5ikD8wO?Cq8l8piLLclDWW3)}R1FY*fpzY58Rod1{OLR1$ zu_<^onUtldTv}dPWo?jBgd&?WQV39HSp~VMY7Xs0e^@*=J3lx)O1?VBCSOl+2AsPa zCGu8u&S4GhGLTYh7Ja_40w-F6JYs555P;tA8d5u66;zJP;O4Wz zJo_w{uM9~sBdZt+=KCRy{{OACm6Qz26-My^6BU?4^;Z-f3&@95rw^vf@d7Wi(I(w( zyQ@SvhzZ@R4fC|tGb=_^w8rvrEw|&S{n-vWD3%qWlKy_m3c(K{TfSmx_5z?{EpH?e zOFhz?z$*z5t7%l^dJcuPl1NmvOWXO{*0VC`v(T056Xd*tpp;J=}QAxzz)fqm~!=LY)ToA4PsQ(vpQMDGCUa?H|{)owzu2} zm62K->z|z5so>{KFtU1Jbeg1;8N`gMMT@Y|0YHW#g-S&`vk)m4Tr$522y!3EYUW_#9_btO9Az%ajVzg?o-q&7Usjx1Tu@cRibjrqB5%$^VNkS zd?FlhQmgW=5|rAE3$`Y2YX>E_l+IJw6X%elRkVi z?hTvwMzTlLNci>hZ6M!It)UNB--|>zre${?MnXw?;4Zq}0m^j6+=(W2LQb5cFxq(< zV73pY{|veFM58SjFRQneox-xjtE*Pi$stXb#!NNoq@ou$dXhabAucR(Pr8EjlC{-P zb@I=}E7kf@XYdjdlvXMrL3!4S^%tVyf#i)VcV!Ud3O|JO@R_$=?+#uhwDq zM4B0o*yiCaES$nM{RI}RA9$CXRpYMl3_B?#7Cv;0p47Xy5$}w|Os5m?(W6UZXRVWg z=w~;6EsGoY0$sY;4S79oNp?Lu%7z>_H|CqS!Rzd&;kNYhqf-n!$;!b*(co{`-NON@vYphk<{DQbk^A8rHTPNkJrLvRw zb|f@4zmPX5R(5JIU+>0rOnx%3%14!Uw#KxWy#6*@`2-7x?R7`?v~EOUgiU$2k%>YJ zD?2%{efu8qW-H3Y+_-f<$sXdBe^UFED_@n5m^$FtFkz0m5x_}>le6}bk%Q>SPAka+I4(6N(W8i*xW=+cH=4oY z*YQB^CH2&eD&P2X4C-Othe`$*=AU)DF`Z?^MXb>kjp-WdqAwGtTqGynC!r?RfdMqv zMLAUX$_42q0uN`^Z*ismXA;{d}GRnmyHwySgbHUeq}9U%!{OY4{qqz4^b4k{)Z)nBo( zBF;RD=+>2B8Ix3AIXw0f0!WepL|WtQQR)<09SAOW3MenhMQW0<*8x>4A>U& zwO7Ji7|mbUYs9bFYY!`c=J1y;HMqKBbkH4;mU`!ec~}ADVSh!T!7f5>FCjIZ2tgj3 z#X65pKKfH7Dn|6UCgBM21to!=@jBdUU(haz-6aaORDp1<4f?IvCEYZS5p`maj_cS$SC$F9+RS}pX2iJ(S`AbAN<`|hhCT* zv~t}TJd@}d5!Unm;u4waz)OO&GSH#>uMMZZqx*lKpT#?R( z1hvwEkbyi2VkjwB?6=cA&lNXsSbtc;ioD_NCi#^yc(R@s} z<1L6f#f4C2kT5qU9^+VS*wbx;dVYf)vGsF=Fqx^hV;Dx0*kBZ%2pPi0VUmPHfI@X^ zApK;^D}L#&t9Gn$ZjlyQGgSbg7?y~(b=s!{4{~cX2wk}?Pv!cF?bCS~&VOfN<%R@X z1J9^xPN&2Fp0Dsa;Anyo%zGFL16+CY<%$EvUrX-y&FhlDTeHWwe+9|{`WUi}Y)PLFHumC@s~Z%ITNeaq3Y1vFQe5;1H#mj-(mTI@uU z_dJvP_G&rbAv#T%V^ZK;S><&;TEd)9Y()y`+GX|$qUnor2c)Hd+Q&o`Tk`1%Pa@(* zJ1B@z;L=Es=0D+l%KNp+tTrePYhEI-v6kRWkG|_YhtT{rD4es=i(xE1 z&jFeSK0;D@TT_oFOroQW3k(>q!JzHMrqe|_Nc*0TxP_l&f@4}p(S^Wuv??mX^O z3EPQX{P6E5dE@V5ir~5D!aJYtX(Sa3{rUe@d63lKP07C-R(6k?7H)v!c_M+CNjS z9ZdBKPh}N~{z*%%daDX-q*m}KO#x{$foZm)33*pxyZ`6fdvVD;#V9?|9=4;y^whLV zvuPJ4(vuFQrxhVG)(}~9>6hnXI5Vt22Enpnfv{bOWL)O8xQND7aM2)KG%$(&E3i@` zbKN$Ro08d3loeZ>89SA!O$@gNvK|+})h7aHJF>>cGL?Z-d^LMW%o9!&$A)k48`7nQ z8F)$}kXD4~>^Kz;8zL#0fvKSUlataCS;02hNZ;&DTj2hj+6$C*{7!j7(qa zbmb|g^Tpetz3c_&Pn^}s6@3Sa6V8Y-a%CJ`=MEh69+NE@hTN61=lzZwFd{OhXn3?ONV{;+K-;FwU-x5X`g|WPDrmGKPqmJzoJ(l z>Rx~sgAWl3ye0GA98e1Mvf#)Zx(l?2hx|O+eUY|D+m0hNd9O-+xf(uyly~at=YYc3 zqTYB$;rt97=5Q3-qDtd+yZ2q@L`>1;`-P2FMSre{Uiw{dS+v+F2*`J^wPQj?4Z0go z5BDD^8T8*Np3^C*yYFLrwWOr0ME|u%s3;_p7|!uF7GL+ck%8|h*6x(dEo?9CD~2#} z#cHjGuDuIMAIpn~6}w^;B*hNs2PvMJ;8O$^)&xjWmr$Fzfw9Ln#o%h$C@OJ44g zhbjzm5o!_A-h~L~8DKV`q8+FNaFvJbDmTI_jeHSzu+V+pD2+N%|Mbe6I0oLGVG+wX z=qIa|=UVYg1kJ8M1)K1+c z!@A$bc)GF%5L{74O}=oi?skj$yKh30;irNgs7fwDp>2C5GUc>etX!!+wQO%r2g^K9O$Yrpy9Z`Yc~%5O0m+QI_C%+s^-;;q`!37LLP8@jzSw(cuArt-i_3XLjq z8l`2x8Qq%EvD_@@m3KyctKb#SC~G>OMQd$cn7F-(Oly*Gj+R!3i2~sXtPDtGF@=gx zddvr-Vy#W?I|6#kDYy5ZX1F0=WH#~nUiBT7nnCe#szIXP9+BTPhBkJbRNsne4kODL zf)q<3PkEFvMZlbLFc(l-$H?v{<*c_E=3o@>VMU{AFhkM2h9FuXGxfJ4egvz=wGYX| zhrLEob)ZVC+2?u6X+Px4{1k^y? zc9L5=Zn!OvVR4!dKt%2fR_yo;GS;ZPLkjI4+k)rL;!m2!MH%rO59d|Bhjb;0mu;Av zlg+oNHK~{!&ky|l-_7emB{eafR4r=qhA>H6M45yb(cU@Lm@jmo3Q58lNwXsq^E;hY z&P93R2mQJpN9bphPzt`tyIFUqG2T9d`>%U@VM&;R6~R#OZZalk>=d@ZhA5R=dYg|= zy-R9Q+h*JN=ywyDPhV8N`656r^E*pI&b3HSjxyl|E(;_3&qnFxl)Rju^k*xWb6ndz zlOD(=u~_2xZ4|1wYQ9w1i7D5)-D@eV#pi_Vn?UmX(cw8KG_(&nnV58)Hqg*=tSDT( zM0?lcX{NJ??{DvbJd)(qTw%l?R83s*K56U2nWCdi`AZyOA5*P}BIdfO*cs3+wKi<~ z-G-89G*TrfCnTRr#x6A~9FeZmAIy||K4d(&Bg6YpH?~v0_mryGLtKj0sAvdE&rR8} zR}N)K6r7edT@YE;9!sO(4u%Mm|Dd#q=+k&r=OqojFEGnjM*oYEM|JQQ%P`KI|A+jp z8^MEuK1j1LLl)i0*#k+HSBV-NOKT%UyWw4W_i5)=MXKFwWY)tTgSUNwB%kpt`gj(T zbEZ5HajH}HCA7LpxK=9_2`SQ?#v$CUkaNnX6NMTd;}sO^8oc}!}|JHVW%*? z6uMr~4b-0}*eCp45L?oj4ZgwK7VZ-?LEO@OIOcXmV3j;&Gzi1w`k7)D-(Hkqg7%dI zDp_Gu*KUkvQKfXxYp?r0$-*EChsJh4ao7|2gqwv8G1ECcIIYo#a%BJ(hlF30$%{c; zvUITuE3C6+n1(N62HPd_TKT2lm=o4Xk=-jwlg<;?yUHA^wlbMHJQnjr;7B81jCzd&5s+Ztufthp;YM#* ziSStyi6}0bFlgR#kRZGRiym*EEVUA`vg#RzP7F?W<{s*2Srjg-ZZSy8gCrej?$-wV zqP@ZT(0rkKZt^bv>(1>5gw0>;c6%Hi6|yG1|2eey1m;*|-?=y3zw{#Z#@>amCkBu3 z*-?O#0mAtsNOLhnYw5_@8M{=fs8_45^~Nb?uBj-XV){g*;e>!4tLUn&c*u%v?#8v4 zryXJs?GuwLxLFIj;SQXRgI1%(H|K@V?R_=ti!|FPf5OM*5nv;+e^AZZzAQmVo6J@O zZLF<{xwZBH=~a2~av{rlTk;7eBnT6VybI6tczEB^Q|w(48pzw9$IW+Vc%OKo)9LV< zCmuJm=&!dDY)QnOvcPxg&8&=%ECY&v> zzG*9BL3AiMwAh)wMgZQ~jlmq$wP^~rGfhi3iIS|)RwKWg;eDUg3f2fj)%_D|_=NiR z+tUOUbi7^S&&jn8tq;oN4;N!TY)j7HzeA%l)h2v7^T`KF|3b*Rnl&8T@8g;mmXY3Yryg#Ma+nl@cK0YqsjITP!52 zP1$o?PnhpE3zp8odo48C?^yXM#y zHf?LUW2=4a(%TNxTa{4jWz{=!TX!#qxUC|3&P3%uM(lcfifOQ&j*HkGxXl+EVf27c zly$n9J5)pbcdzEL`GLO!9pIvC*j=NDB z>iQ!4KQ&~@%WvNozWczbA!B~r{8pF$eTUOS*8FvQ^Y1?hB@=X+LZosFtNw{Su7j3R4(nTairqR=l3arvA1e_FCYp(^c1$RhuisI9mww7+%p!5=OC|+5#AH| zx(B&#{Kl?MGPKVdn3~)<`MAtgS@mYOzWlRezCE6Q71KV-VC5GkHv>A_X8M!TzJLr) z4ViiJp1hmAx2do1ap@gHpX>g<56_Sm+zH=>!a{705(ZNNM;;=>n_CYH%DZ>wgl&p9iqEXi}r1QO4S1|1wsmXXgJ z3Mb42CdC*;1WMZw)y9Uj^$k0+Hmq9zH!+fH(V%}PYYy2r34mVywDx3oz{(Kb) z*eeGdcAg7^xY5@CrL;Zyrr?mH@zJY3G4GD&OO#Qpk`Er|0b=)MiY8y;RNxFEl|~3} z%c7p0d|MtjMxY_%f4qBJsg%tG5u>Lu@PQ9qg-V_d93~CcRa+XV&G!ucj~$`$U42>1 zd&0GS4*?L6Q1pEw?5q_I?_f!H-X{r~ZP16~j7PSDn@E^&SlGF@v%y6V*}@d46g#!v zIUF7A%!HJEjogP&Y|J@)prxk@5MV-fY=BG{7!$7BcH3T5=%|%~2nyv6u*~ z6SH(e*aR$rCf5oj4IhyKv2k=7+B~R_ zgN@J8X*)dFg@ZDXbS-^2)4S9P0qCTi{dL^Jp7pVn`hJoJW z;JOh;+eX)7Onwc9FsZ)*>s^SbRg_#Z!xFi%_~(S1v=ICVz>`IGqNd~};vOK6_RI){ zl4*{TzTCKE(vng;$7)JRE`+L3fz%-fUJ}>J?HO)U`|Co@0P^P+i1MT)@3;&C0AH;Q z#*)L$bg~nijcI&8tf-iVGqmhxyzqYp_B96Unf)tW%-V9KK`RCFc@rmADcOJspvuBQr|M2M~bM6z|#u zrS$?pbr%DH?vWXYJ0MFTnQEp?toF(YgEo_i#ko#g+CPj&Kb0iAMotlFHA2wHtH%G6FAvm=Yp#oJrik0S)t}|2hUX5s4P6oi_ za4r=lzE1DK)BzKYV4+AJMZZVDT2sUvTK02QNEG1$f)F|#s-)_K(-YF5YX2Gv<{;nO-4Sic?+zN-B@dt{@$a>jMG( z?~=J{pYryGEE(BkO!Tm<+?iBpEbG=T)*MI){=+H6} zg`-;N`y(I~prqjC$nm`eWaVu2)WnbLwW^1c95Q~C8kruiKMH`3B<9^1vun{GjjyMf zfV@07fIpZu_Cytd#aA>UkwF%!rzajCbqnhd23zKxBoB&m z9c~G>jl%6ZMY~tpxD%=_XtG2Xz}>NF-kn~+I^x&|^tsq`c-~VkQO%MM3LB3*d=K$d z{v`=SehRf2odANTjYOCCd{rsoIQx#=m^QPw7Lf9=5K|oD(ZIbI4k5mG3p|X;@A!r< zVV|_rs+tkd9l`n$5ejuBhADB;*Let;5b4>&Tw-MX7_XnQ3=tU7p~ZzY(9AmSPP$Ov zki-E1vqs?(Z^?)4PXz(M^tgP{a_g18b-FAt-mV7lhi!n8PMOc2js2*7_-=hS5_o=8 zKuh&k3`$-Fhja}~gtGHtc>FOp_pk4?2Tq*0IOQplK@zUeOUIIwEB|qKGKC50=#?~# zEE$X6DZxPeoocT^IiqnKm&`k$wD3^Bh(NCqAW=4rOjf0Gs{n~+(>}05k#?{q`H+PD z1Ei3O06g-+1rSMaQ$-R>J+%NV8}l~hW&C61?@5BVXKq?WFHf2lf3wRF=i&XuM0HGF z*R1rjmf=Z((s@(3Ly#y5qOiz@XS%YH<8-NMau>HR;1|l|>CdEEyfsJmh;zv5U!Az3 zmc)!rj=cd#6cnwb^M&$4w_OflDY-nY$I93tD^hPgZ0H|5_0G z{hz&8i39S*qgx=7TKJO-yr5F_N>l>Jo^Y3AZasPUu~v(D$xgfTO`ar54FGn3fgji) zjWGyyC{Az4JV{SeXC(R(~Vhs_%tDqDtW0!St&KNyqGKd|AOADz}%Er??K3UYs3idT{1GdmRe9!(vY6cTrF%NB(q zdes1OfAO6Acw&Q?9+qe(i@{r}AaknqbA}MxBqZOmrUK6n5MY^>6qd##1mE;bN#4M7 zWAITDc+S@Yq^14&NqU@720+eephHitr8c~!oi55u_?BA3se`gdnJ$BSZ_B+OhVb-V z+!RHPu;7d7vA67H`VoKw64$f5;;S5C_Z^oHPf6Ug_EYA=jbq_jf^I*z}>#m3PO;vmK<3JsonZ{%tI_Tr}R$ow`!LSYc7VyHl~7NpV0)I1&}aZ0w% z5c%_K+^ry_Z#?obG6g0oiIOu_ypp01W~N}^Xa|&~al!%K!h^*Hsm26v0?LjEe0hs> zWrNZbV;()E8nciVc2!V0!vXKD5a)gue0`wPp#Q7=>8hA&z9p%b%m{4e4Q@C7H z3DqjRV_e_BKP#5J1OW@bt1~e*Wz&HrZ9wl`g8MVV=^u{#2?W!Yn##7iQJdQ9L>SA` z)NmAc($d6IDxDILxD12|B}io>O5Vn8fF~f_hF}jMRJ0H$3a*_E_B_yNMO<}J*7wy1 zb^>%A3043?fgEV6B`aY=Frn0Byt#HR_z3;ErIjO}F-1#}Tor}CpzL13*&zsG$}n$i zq!^&Q7QkrN40+@EUjG2da#3YKn06qq8eFS|yQL28{tm)KJL{j$;kyrbJayrsduv#8 za>Nc?bUPxahpGjk^PM9?fhDzoTW_0sGF_e=zNu4irh|geiHJ*BLKsv7^#>a>$>3-z z;j#|FNI`e)wqwijqaR0r6Hg)dFub;M>k8CzO$07-b`OPUQ)@vc!5_bRVQV`Iapr?> zJANH-jlUBRwT}=p;rQBwU_?1s`@P$SyEEUi$JMj5_)Citk@1PET|AZ0w(WeS=h!iMD$Mby%7)2t6CnZK?p)5H8&5dXb3DFwC-7YA?WQJp&l^V!(`I>(-5u{c z7gKwR@)`!B4);ws@H!H7DDaz!&ePrmC0zVHhPC9h{nMIC>D;||h5>_@IkU}a1O!Ut z56dv40cw*j`?N%=!`(aG*@p?cF;?nC2g%+ekRy0vq!VuzTJ90*0zf&d9FiZ{#l4Rc zr8XsU9tU_I%hpN@R(huNEEtNP8FXnGY>ytkd5{3N)Q)e!=5%Pl3b-*KxpvLj6^E%;xUG=2X)_@@ew!RB2iA1{}jMi!I7Qr0|PO;OaM7ykxg_$7`0HAvo8DLn4aqQ1?__Hx zylC6PsT*_h4`N3^_hH!;zu3(*4P}N#y~8OzBBIvzvH|Of9tMH;S68O0OH)CeBRbE0 zftY(N)H@BlI={j+lYmY-I@63A)U(r4*Q3nX-&FU_05o}JUx#Zs=*Y4+^NLcv)^Na64ihOvvsJXPbQO>u#>($)eSKpjp{y6`t zr~K8H`uv}luVVhb0%WHlbM`YIHh0A+hoGJ5Ve>b42>fGzl3Eh#uNOJGq?xcJQBf+@ zzjR=JN%qqvoa}P2(X!%&1f>hh%&W_)&HieO%TwQ%wVFM2%wJD=yf)As1fPF0YW6v=01Z%R#$F%HI4emuKNw zNBbAY&G!0FvQ7PDs^V9-oE1mG>5vPH{?F&aE7)9LGNJ|8g4OBqvJRZ|QQX(vH1nOc z9T*-_=)I7mb~Qw>!cD(VPkvgL!~uThAEmVm=Ffec6aba(f7Ic`*10}S=D^O@pS1Dj z|FS=I9^Gd%`AHTFz7pV=Dzd+62=P^){WbaC|H<0+CyXMcbDV}yVShgN6w+j#)x||M zH(4%tS}I#xDln~ju35@^5RkXdnj~))=^*w{Esb!Ssgb}-qYddqV77Ee&7Kj;v8Zgq z`{jtB`-6Rk!7gLDLw*4P0r@dMtICcB$ec%g)j3As4Dc`JALAv~m>iQK{LxpU7pvaF z3RagrfI#gDx6(@#nMLN6~XAFw?bM2Eg)LI>B#CvQ5F@c zXXP~!1@+>^`jq1OlY&z^#Z$uEwzlu1liC8lr!1ny(xO@w7wKl?)vut|m${^PH7WS_0u z3J5|@gM@{KhlKz

hX^kC2g)la!T~mzbHFo1C4VpP-?lqok##r91$LtE>yEgg*cx zMgR*+PD2C&MuQqiPD=nShd>7aD1*Vsg*wIn8iytT1h=k*u_A;k001zAAKin}BZkGt zgDWP3v=prFhl;22^Yr!h_xSnx`~01$?*N@Zcr_>%iW>mb4VsbA$%-4vgsm!&AmTDZ zMqJ@I)B->afdrix95jT%3jz(DSR-T%5ye3TE{K?UfI&cj@%ri9|H-qb&!0epq6&HQ zkcN;rJnoRV4nT&IHKNJ@@Sz4TLm~oLTqPuBAtdLH7E1cjNr8_@7y$Soa6ln&g0N~; z0svysn>mH*-OIPH-@kwx{kw|@1%M%h7!INJA<>5&1tLcVAfUiTLoF6;ojB~!0EmVW zFFfpI>5`@;oPYpu)rsNOgfas=M;Pa#z_@ek-p#xBqrtTc(egHEgk~oc4iFj=&Jfc> z5ELp~r6hppLOTZB8cxXgppLB>K;Qxb8S*FJZTaP>V#bSO{&-ylr=AOHXm zlyK1x7XVNI45z&yfB+w$P+%_r3?RY?0TL4AkVWEXx6hEPhglJThMEbX zo0e+osi?*`pQx<1>MEe5rYh^Kw4S=^tGMQ>>u#~u>g%t-x^wHU#1?C8PrU}K?6S2E zd+f8&Mr%s4%vNhHpUz6F?Y7)jLhZHSh8s|}-Ii;v|F++XtM0mlkbCaC@amc_yYzzV zZoK&B`{}&y2%*Ad4%OHputTWuB`ZtZkeYx71Ej+U09$*nz7$uiBfqOG*qlnoIS9e8 zMu@QSDlm@bbcJ*wZq^2wZB3VLc3{-vpo0@Lpg`#kD4>v( z)J8~M(lslfz+ypp1AM~@-Yn6=3S9q?H;cn50fXCxDDi>`HDvws434YNS`AWry&Mc9 zaG1d}FI=Sq&WSpK#Nsm`w!@Y$*tN>bXU8u4|2@4bag+uch%f*(;(V}#5d)?CLI4Ol zp@Is8n4pf(g30t8rq zTM-i1rV~aKFw7D#08qjXw|p=I5E&SNAe69x(`djvKybhSWF#!5&F+B^yoV0}P&!0F zX%Gm3NK#JYg#1Yj0>xv1Xll?NCuG1TFc1I-nF9?ImT&g9Xz9gQ+!8Pj-bU#S~3(sV}%WCI1DZ=CzD4+(2&}NCnh~{5FA*G3kl&y z`INGTd4#1ySaTlqxo!ji*juJHh652q4w2!Yi|Y!3O950UlI~#0C6~#}OhkZ<7W5%4 zh5>*Nm2nVf90UaR2E;??q7b23AOg({s6Zj%0{Fd7ni5F>01S1_P&z>g#dCr}uVbDnmFWWT(||!+Inl(( zQkFH4P%msr2nw81p5Z700O+J4|6mfwWbQFSg&@$Ley(BwE*Pjz1=@s_t|Ay5_!;sT zl7T@OMg)n2{Kp^_*qCv4B zjuHmIA`rCD3FOIRS0J#29e{5MOQ1_*fB+*I(Z~rUxQuL^AhID0A)bXWUlVr9SZ0!d ziiB8#$Ov!)BUEVtY*9e~fVcuNu_&7qAYUO;NEw!vrT`?jS!d`LYW%JimFlPG>BaXVe$)KLwM12 z`NiuhN+19xnD@Y0qyYd9#wQAZpk5Fr%u;B8;0i}@0|T%WVM@@T1aK(AAZEo72CxAO zn|O9lXg~opTomSV;FTecF-Z#0fG3>z#%F6n0|>xi8T*(|c5T37aZKc`LU9N zV;BtBxX4gunhON*+9g{#AT=OsPNU4_r6pkl=QDw5uS{mRn!o@6*gz7x%;u#X;RI-& zh5-&h=Q`W@&UntVp7+e>KKuF4fDW{s4S*5=7~lkyY_p=hoP!v+fCZ3_w4^6Z=}KGr z(wNS)rZ>&$PD|PaCNaptnioy#Qk(kJs7|%2SIz2HyZY6zj Date: Tue, 7 Feb 2017 15:42:48 -0800 Subject: [PATCH 2321/2538] Standardized formatting of CLI reference commands Command name should be a H1 Only Description, Examples, and Related Commands should be H2 Changed 'Related information' heading to 'Related commands' since 99% it is only linking commands Added some examples where relevant Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/attach.md | 83 ++- docs/reference/commandline/build.md | 10 +- docs/reference/commandline/cli.md | 80 ++- docs/reference/commandline/commit.md | 100 ++- docs/reference/commandline/container_prune.md | 22 +- docs/reference/commandline/cp.md | 17 +- docs/reference/commandline/create.md | 71 +- docs/reference/commandline/deploy.md | 20 +- docs/reference/commandline/diff.md | 4 +- docs/reference/commandline/dockerd.md | 647 +++++++++--------- docs/reference/commandline/events.md | 325 ++++++--- docs/reference/commandline/exec.md | 56 +- docs/reference/commandline/export.md | 17 +- docs/reference/commandline/history.md | 36 +- docs/reference/commandline/image_prune.md | 18 +- docs/reference/commandline/images.md | 299 ++++---- docs/reference/commandline/import.md | 38 +- docs/reference/commandline/index.md | 4 +- docs/reference/commandline/info.md | 351 +++++----- docs/reference/commandline/inspect.md | 79 ++- docs/reference/commandline/kill.md | 9 +- docs/reference/commandline/load.md | 55 +- docs/reference/commandline/login.md | 22 +- docs/reference/commandline/logout.md | 6 +- docs/reference/commandline/logs.md | 4 +- docs/reference/commandline/menu.md | 28 - docs/reference/commandline/network_connect.md | 19 +- docs/reference/commandline/network_create.md | 12 +- .../commandline/network_disconnect.md | 9 +- docs/reference/commandline/network_inspect.md | 34 +- docs/reference/commandline/network_ls.md | 14 +- docs/reference/commandline/network_prune.md | 17 +- docs/reference/commandline/network_rm.md | 11 +- docs/reference/commandline/node_demote.md | 9 +- docs/reference/commandline/node_inspect.md | 188 ++--- docs/reference/commandline/node_ls.md | 22 +- docs/reference/commandline/node_promote.md | 8 +- docs/reference/commandline/node_ps.md | 50 +- docs/reference/commandline/node_rm.md | 17 +- docs/reference/commandline/node_update.md | 12 +- docs/reference/commandline/pause.md | 10 +- docs/reference/commandline/plugin_create.md | 10 +- docs/reference/commandline/plugin_disable.md | 5 +- docs/reference/commandline/plugin_enable.md | 5 +- docs/reference/commandline/plugin_inspect.md | 19 +- docs/reference/commandline/plugin_install.md | 13 +- docs/reference/commandline/plugin_ls.md | 19 +- docs/reference/commandline/plugin_push.md | 13 +- docs/reference/commandline/plugin_rm.md | 9 +- docs/reference/commandline/plugin_set.md | 29 +- docs/reference/commandline/plugin_upgrade.md | 6 +- docs/reference/commandline/port.md | 30 +- docs/reference/commandline/ps.md | 43 +- docs/reference/commandline/pull.md | 14 +- docs/reference/commandline/push.md | 7 +- docs/reference/commandline/rename.md | 10 +- docs/reference/commandline/restart.md | 6 + docs/reference/commandline/rm.md | 59 +- docs/reference/commandline/rmi.md | 94 ++- docs/reference/commandline/run.md | 404 ++++++----- docs/reference/commandline/save.md | 39 +- docs/reference/commandline/search.md | 119 ++-- docs/reference/commandline/secret_create.md | 17 +- docs/reference/commandline/secret_inspect.md | 17 +- docs/reference/commandline/secret_ls.md | 6 +- docs/reference/commandline/secret_rm.md | 6 +- docs/reference/commandline/service_create.md | 47 +- docs/reference/commandline/service_inspect.md | 21 +- docs/reference/commandline/service_logs.md | 6 +- docs/reference/commandline/service_ls.md | 21 +- docs/reference/commandline/service_ps.md | 14 +- docs/reference/commandline/service_rm.md | 13 +- docs/reference/commandline/service_scale.md | 20 +- docs/reference/commandline/service_update.md | 8 +- docs/reference/commandline/stack_deploy.md | 16 +- docs/reference/commandline/stack_ls.md | 8 +- docs/reference/commandline/stack_ps.md | 12 +- docs/reference/commandline/stack_rm.md | 4 +- docs/reference/commandline/stack_services.md | 15 +- docs/reference/commandline/start.md | 6 + docs/reference/commandline/stats.md | 62 +- docs/reference/commandline/stop.md | 8 + docs/reference/commandline/swarm_init.md | 5 +- docs/reference/commandline/swarm_join.md | 6 +- .../reference/commandline/swarm_join_token.md | 6 +- docs/reference/commandline/swarm_leave.md | 7 +- docs/reference/commandline/swarm_unlock.md | 5 +- .../reference/commandline/swarm_unlock_key.md | 6 +- docs/reference/commandline/swarm_update.md | 5 +- docs/reference/commandline/system_df.md | 13 +- docs/reference/commandline/system_prune.md | 9 +- docs/reference/commandline/tag.md | 28 +- docs/reference/commandline/unpause.md | 10 +- docs/reference/commandline/update.md | 2 + docs/reference/commandline/version.md | 63 +- docs/reference/commandline/volume_create.md | 68 +- docs/reference/commandline/volume_inspect.md | 38 +- docs/reference/commandline/volume_ls.md | 46 +- docs/reference/commandline/volume_prune.md | 7 +- docs/reference/commandline/volume_rm.md | 12 +- docs/reference/commandline/wait.md | 33 + 101 files changed, 2740 insertions(+), 1742 deletions(-) delete mode 100644 docs/reference/commandline/menu.md diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 307068a339..9f76a546af 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -27,6 +27,8 @@ Options: --sig-proxy Proxy all received signals to the process (default true) ``` +## Description + Use `docker attach` to attach to a running container using the container's ID or name, either to view its ongoing output or to control it interactively. You can attach to the same contained process multiple times simultaneously, @@ -55,8 +57,7 @@ performance critical applications that generate a lot of output in the foreground over a slow client connection. Instead, users should use the `docker logs` command to get access to the logs. - -## Override the detach sequence +### Override the detach sequence If you want, you can configure an override the Docker key sequence for detach. This is useful if the Docker default sequence conflicts with key sequence you @@ -80,52 +81,72 @@ These `a`, `ctrl-a`, `X`, or `ctrl-\\` values are all examples of valid key sequences. To configure a different configuration default key sequence for all containers, see [**Configuration file** section](cli.md#configuration-files). -#### Examples +## Examples - $ docker run -d --name topdemo ubuntu /usr/bin/top -b - $ docker attach topdemo - top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355560k used, 18012k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221740k cached +### Attach to and detach from a running container - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top +```bash +$ docker run -d --name topdemo ubuntu /usr/bin/top -b - top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355244k used, 18328k free, 27872k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached +$ docker attach topdemo - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top +top - 02:05:52 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 +Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie +Cpu(s): 0.1%us, 0.2%sy, 0.0%ni, 99.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st +Mem: 373572k total, 355560k used, 18012k free, 27872k buffers +Swap: 786428k total, 0k used, 786428k free, 221740k cached + +PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17200 1116 912 R 0 0.3 0:00.03 top + + top - 02:05:55 up 3:05, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355244k used, 18328k free, 27872k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 - Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie - Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st - Mem: 373572k total, 355780k used, 17792k free, 27880k buffers - Swap: 786428k total, 0k used, 786428k free, 221776k cached + top - 02:05:58 up 3:06, 0 users, load average: 0.01, 0.02, 0.05 + Tasks: 1 total, 1 running, 0 sleeping, 0 stopped, 0 zombie + Cpu(s): 0.2%us, 0.3%sy, 0.0%ni, 99.5%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st + Mem: 373572k total, 355780k used, 17792k free, 27880k buffers + Swap: 786428k total, 0k used, 786428k free, 221776k cached - PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND - 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top - ^C$ - $ echo $? - 0 - $ docker ps -a | grep topdemo - 7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 1 root 20 0 17208 1144 932 R 0 0.3 0:00.03 top +^C$ + +$ echo $? +0 +$ docker ps -a | grep topdemo + +7998ac8581f9 ubuntu:14.04 "/usr/bin/top -b" 38 seconds ago Exited (0) 21 seconds ago topdemo +``` + +### Get the exit code of the container's command And in this second example, you can see the exit code returned by the `bash` process is returned by the `docker attach` command to its caller too: +```bash $ docker run --name test -d -it debian + 275c44472aebd77c926d4527885bb09f2f6db21d878c75f0a1c212c03d3bcfab + $ docker attach test + root@f38c87f2a42d:/# exit 13 + exit + $ echo $? + 13 + $ docker ps -a | grep test + 275c44472aeb debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test +``` diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 5b6f1fec61..fc8183f1fa 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -58,6 +58,8 @@ Options: --ulimit value Ulimit options (default []) ``` +## Description + Builds Docker images from a Dockerfile and a "context". A build's context is the files located in the specified `PATH` or `URL`. The build process can refer to any of the files in the context. For example, your build can use an @@ -285,7 +287,7 @@ $ docker build - < context.tar.gz This will build an image for a compressed context read from `STDIN`. Supported formats are: bzip2, gzip and xz. -### Usage of .dockerignore +### Use a .dockerignore file ```bash $ docker build . @@ -315,7 +317,7 @@ directory from the context. Its effect can be seen in the changed size of the uploaded context. The builder reference contains detailed information on [creating a .dockerignore file](../builder.md#dockerignore-file) -### Tag image (-t) +### Tag an image (-t) ```bash $ docker build -t vieux/apache:2.0 . @@ -334,7 +336,7 @@ For example, to tag an image both as `whenry/fedora-jboss:latest` and ```bash $ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 . ``` -### Specify Dockerfile (-f) +### Specify a Dockerfile (-f) ```bash $ docker build -f Dockerfile.debug . @@ -373,7 +375,7 @@ the command line. > repeatable builds on remote Docker hosts. This is also the reason why > `ADD ../file` will not work. -### Optional parent cgroup (--cgroup-parent) +### Use a custom parent cgroup (--cgroup-parent) When `docker build` is run with the `--cgroup-parent` option the containers used in the build will be run with the [corresponding `docker run` diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 369f90030a..c00186d675 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -13,7 +13,7 @@ keywords: "Docker, Docker documentation, CLI, command line" will be rejected. --> -# Use the Docker command line +# docker To list available commands, either run `docker` with no parameters or execute `docker help`: @@ -43,6 +43,8 @@ Commands: # […] ``` +## Description + Depending on your Docker system configuration, you may be required to preface each `docker` command with `sudo`. To avoid having to use `sudo` with the `docker` command, your system administrator can create a Unix group called @@ -51,7 +53,7 @@ each `docker` command with `sudo`. To avoid having to use `sudo` with the For more information about installing Docker or `sudo` configuration, refer to the [installation](https://docs.docker.com/engine/installation/) instructions for your operating system. -## Environment variables +### Environment variables For easy reference, the following list of environment variables are supported by the `docker` command line: @@ -69,7 +71,7 @@ by the `docker` command line: Equates to `--disable-content-trust=false` for build, create, pull, push, run. * `DOCKER_CONTENT_TRUST_SERVER` The URL of the Notary server to use. This defaults to the same URL as the registry. -* `DOCKER_HIDE_LEGACY_COMMANDS` When set, Docker hides "legacy" top-level commands (such as `docker rm`, and +* `DOCKER_HIDE_LEGACY_COMMANDS` When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release, at which point this environment-variable is removed. * `DOCKER_TMPDIR` Location for temporary Docker files. @@ -85,7 +87,7 @@ These Go environment variables are case-insensitive. See the [Go specification](http://golang.org/pkg/net/http/) for details on these variables. -## Configuration files +### Configuration files By default, the Docker command line stores its configuration files in a directory called `.docker` within your `$HOME` directory. However, you can @@ -192,25 +194,27 @@ attach`, `docker exec`, `docker run` or `docker start` command. Following is a sample `config.json` file: - {% raw %} - { - "HttpHeaders": { - "MyHeader": "MyValue" - }, - "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}", - "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", - "pluginsFormat": "table {{.ID}}\t{{.Name}}\t{{.Enabled}}", - "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}", - "servicesFormat": "table {{.ID}}\t{{.Name}}\t{{.Mode}}", - "serviceInspectFormat": "pretty", - "detachKeys": "ctrl-e,e", - "credsStore": "secretservice", - "credHelpers": { - "awesomereg.example.org": "hip-star", - "unicorn.example.com": "vcbait" - } - } - {% endraw %} +```json +{% raw %} +{ + "HttpHeaders": { + "MyHeader": "MyValue" + }, + "psFormat": "table {{.ID}}\\t{{.Image}}\\t{{.Command}}\\t{{.Labels}}", + "imagesFormat": "table {{.ID}}\\t{{.Repository}}\\t{{.Tag}}\\t{{.CreatedAt}}", + "pluginsFormat": "table {{.ID}}\t{{.Name}}\t{{.Enabled}}", + "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}", + "servicesFormat": "table {{.ID}}\t{{.Name}}\t{{.Mode}}", + "serviceInspectFormat": "pretty", + "detachKeys": "ctrl-e,e", + "credsStore": "secretservice", + "credHelpers": { + "awesomereg.example.org": "hip-star", + "unicorn.example.com": "vcbait" + } +} +{% endraw %} +``` ### Notary @@ -221,7 +225,9 @@ Certificate Authority, you need to place the certificate at Alternatively you can trust the certificate globally by adding it to your system's list of root Certificate Authorities. -## Help +## Examples + +### Display help text To list the help on any command just execute the command, followed by the `--help` option. @@ -237,13 +243,13 @@ To list the help on any command just execute the command, followed by the -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) ... -## Option types +### Option types Single character command line options can be combined, so rather than typing `docker run -i -t --name test busybox sh`, you can write `docker run -it --name test busybox sh`. -### Boolean +#### Boolean Boolean options take the form `-d=false`. The value you see in the help text is the default value which is set if you do **not** specify that flag. If you @@ -256,27 +262,33 @@ container **will** run in "detached" mode, in the background. Options which default to `true` (e.g., `docker build --rm=true`) can only be set to the non-default value by explicitly setting them to `false`: - $ docker build --rm=false . +```bash +$ docker build --rm=false . +``` -### Multi +#### Multi You can specify options like `-a=[]` multiple times in a single command line, for example in these commands: - $ docker run -a stdin -a stdout -i -t ubuntu /bin/bash - $ docker run -a stdin -a stdout -a stderr ubuntu /bin/ls +```bash +$ docker run -a stdin -a stdout -i -t ubuntu /bin/bash + +$ docker run -a stdin -a stdout -a stderr ubuntu /bin/ls +``` Sometimes, multiple options can call for a more complex value string as for `-v`: - $ docker run -v /host:/container example/mysql +```bash +$ docker run -v /host:/container example/mysql +``` -> **Note:** -> Do not use the `-t` and `-a stderr` options together due to +> **Note**: Do not use the `-t` and `-a stderr` options together due to > limitations in the `pty` implementation. All `stderr` in `pty` mode > simply goes to `stdout`. -### Strings and Integers +#### Strings and Integers Options like `--name=""` expect a string, and they can only be specified once. Options like `-c=0` diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index 9ca3ec5a90..fcf7559199 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -28,6 +28,8 @@ Options: -p, --pause Pause container during commit (default true) ``` +## Description + It can be useful to commit a container's file changes or settings into a new image. This allows you debug a container by running an interactive shell, or to export a working dataset to another server. Generally, it is better to use @@ -46,48 +48,72 @@ The `--change` option will apply `Dockerfile` instructions to the image that is created. Supported `Dockerfile` instructions: `CMD`|`ENTRYPOINT`|`ENV`|`EXPOSE`|`LABEL`|`ONBUILD`|`USER`|`VOLUME`|`WORKDIR` -## Commit a container +## Examples - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton - $ docker commit c3f279d17e0a svendowideit/testimage:version3 - f5283438590d - $ docker images - REPOSITORY TAG ID CREATED SIZE - svendowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB +### Commit a container -## Commit a container with new configurations +```bash +$ docker ps - {% raw %} - $ docker ps - ICONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton - $ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a - [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] - $ docker commit --change "ENV DEBUG true" c3f279d17e0a svendowideit/testimage:version3 - f5283438590d - $ docker inspect -f "{{ .Config.Env }}" f5283438590d - [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] - {% endraw %} +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky +197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton -## Commit a container with new `CMD` and `EXPOSE` instructions +$ docker commit c3f279d17e0a svendowideit/testimage:version3 - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton +f5283438590d - $ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a svendowideit/testimage:version4 - f5283438590d +$ docker images - $ docker run -d svendowideit/testimage:version4 - 89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0 +REPOSITORY TAG ID CREATED SIZE +svendowideit/testimage version3 f5283438590d 16 seconds ago 335.7 MB +``` - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 89373736e2e7 testimage:version4 "apachectl -DFOREGROU" 3 seconds ago Up 2 seconds 80/tcp distracted_fermat - c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky - 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton +### Commit a container with new configurations + +```bash +{% raw %} +$ docker ps + +ICONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky +197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton + +$ docker inspect -f "{{ .Config.Env }}" c3f279d17e0a + +[HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] + +$ docker commit --change "ENV DEBUG true" c3f279d17e0a svendowideit/testimage:version3 + +f5283438590d + +$ docker inspect -f "{{ .Config.Env }}" f5283438590d + +[HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] +{% endraw %} +``` + +### Commit a container with new `CMD` and `EXPOSE` instructions + +```bash +$ docker ps + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky +197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton + +$ docker commit --change='CMD ["apachectl", "-DFOREGROUND"]' -c "EXPOSE 80" c3f279d17e0a svendowideit/testimage:version4 + +f5283438590d + +$ docker run -d svendowideit/testimage:version4 + +89373736e2e7f00bc149bd783073ac43d0507da250e999f3f1036e0db60817c0 + +$ docker ps + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +89373736e2e7 testimage:version4 "apachectl -DFOREGROU" 3 seconds ago Up 2 seconds 80/tcp distracted_fermat +c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky +197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton +``` diff --git a/docs/reference/commandline/container_prune.md b/docs/reference/commandline/container_prune.md index f50e75f7a3..f6990e72d5 100644 --- a/docs/reference/commandline/container_prune.md +++ b/docs/reference/commandline/container_prune.md @@ -27,8 +27,14 @@ Options: --help Print usage ``` +## Description + +Removes all stopped containers. + ## Examples +### Prune containers + ```bash $ docker container prune WARNING! This will remove all stopped containers. @@ -40,7 +46,7 @@ f98f9c2aa1eaf727e4ec9c0283bc7d4aa4762fbdba7f26191f26c97f64090360 Total reclaimed space: 212 B ``` -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -62,42 +68,54 @@ seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. The following removes containers created more than 5 minutes ago: + ```bash +{% raw %} $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' + CONTAINER ID IMAGE COMMAND CREATED AT STATUS 61b9efa71024 busybox "sh" 2017-01-04 13:23:33 -0800 PST Exited (0) 41 seconds ago 53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 12 minutes ago $ docker container prune --force --filter "until=5m" + Deleted Containers: 53a9bc23a5168b6caa2bfbefddf1b30f93c7ad57f3dec271fd32707497cb9369 Total reclaimed space: 25 B $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' + CONTAINER ID IMAGE COMMAND CREATED AT STATUS 61b9efa71024 busybox "sh" 2017-01-04 13:23:33 -0800 PST Exited (0) 44 seconds ago +{% endraw %} ``` The following removes containers created before `2017-01-04T13:10:00`: + ```bash +{% raw %} $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' + CONTAINER ID IMAGE COMMAND CREATED AT STATUS 53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 7 minutes ago 4a75091a6d61 busybox "sh" 2017-01-04 13:09:53 -0800 PST Exited (0) 9 minutes ago $ docker container prune --force --filter "until=2017-01-04T13:10:00" + Deleted Containers: 4a75091a6d618526fcd8b33ccd6e5928ca2a64415466f768a6180004b0c72c6c Total reclaimed space: 27 B $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' + CONTAINER ID IMAGE COMMAND CREATED AT STATUS 53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 9 minutes ago +{% endraw %} ``` -## Related information +## Related commands * [system df](system_df.md) * [volume prune](volume_prune.md) diff --git a/docs/reference/commandline/cp.md b/docs/reference/commandline/cp.md index e990af6163..5cbbee25ae 100644 --- a/docs/reference/commandline/cp.md +++ b/docs/reference/commandline/cp.md @@ -31,6 +31,8 @@ Options: --help Print usage ``` +## Description + The `docker cp` utility copies the contents of `SRC_PATH` to the `DEST_PATH`. You can copy from the container's file system to the local machine or the reverse, from the local filesystem to the container. If `-` is specified for @@ -96,15 +98,16 @@ you must be explicit with a relative or absolute path, for example: It is not possible to copy certain system files such as resources under `/proc`, `/sys`, `/dev`, [tmpfs](run.md#mount-tmpfs-tmpfs), and mounts created by the user in the container. However, you can still copy such files by manually -running `tar` in `docker exec`. For example (consider `SRC_PATH` and `DEST_PATH` -are directories): +running `tar` in `docker exec`. Both of the following examples do the same thing +in different ways (consider `SRC_PATH` and `DEST_PATH` are directories): - $ docker exec foo tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH - - -or - - $ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i foo tar Cxf DEST_PATH - +```bash +$ docker exec foo tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | tar Cxf DEST_PATH - +``` +```bash +$ tar Ccf $(dirname SRC_PATH) - $(basename SRC_PATH) | docker exec -i foo tar Cxf DEST_PATH - +``` Using `-` as the `SRC_PATH` streams the contents of `STDIN` as a tar archive. The command extracts the content of the tar to the `DEST_PATH` in container's diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index cbb9598a78..844b7228a8 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -133,6 +133,7 @@ Options: --volumes-from value Mount volumes from the specified container(s) (default []) -w, --workdir string Working directory inside the container ``` +## Description The `docker create` command creates a writeable container layer over the specified image and prepares it for running the specified command. The @@ -148,42 +149,64 @@ Please see the [run command](run.md) section and the [Docker run reference](../r ## Examples - $ docker create -t -i fedora bash - 6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752 - $ docker start -a -i 6d8af538ec5 - bash-4.2# +### Create and start a container + +```bash +$ docker create -t -i fedora bash + +6d8af538ec541dd581ebc2a24153a28329acb5268abe5ef868c1f1a261221752 + +$ docker start -a -i 6d8af538ec5 + +bash-4.2# +``` + +### Initialize volumes As of v1.4.0 container volumes are initialized during the `docker create` phase (i.e., `docker run` too). For example, this allows you to `create` the `data` volume container, and then use it from another container: - $ docker create -v /data --name data ubuntu - 240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57 - $ docker run --rm --volumes-from data ubuntu ls -la /data - total 8 - drwxr-xr-x 2 root root 4096 Dec 5 04:10 . - drwxr-xr-x 48 root root 4096 Dec 5 04:11 .. +```bash +$ docker create -v /data --name data ubuntu + +240633dfbb98128fa77473d3d9018f6123b99c454b3251427ae190a7d951ad57 + +$ docker run --rm --volumes-from data ubuntu ls -la /data + +total 8 +drwxr-xr-x 2 root root 4096 Dec 5 04:10 . +drwxr-xr-x 48 root root 4096 Dec 5 04:11 .. +``` Similarly, `create` a host directory bind mounted volume container, which can then be used from the subsequent container: - $ docker create -v /home/docker:/docker --name docker ubuntu - 9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03 - $ docker run --rm --volumes-from docker ubuntu ls -la /docker - total 20 - drwxr-sr-x 5 1000 staff 180 Dec 5 04:00 . - drwxr-xr-x 48 root root 4096 Dec 5 04:13 .. - -rw-rw-r-- 1 1000 staff 3833 Dec 5 04:01 .ash_history - -rw-r--r-- 1 1000 staff 446 Nov 28 11:51 .ashrc - -rw-r--r-- 1 1000 staff 25 Dec 5 04:00 .gitconfig - drwxr-sr-x 3 1000 staff 60 Dec 1 03:28 .local - -rw-r--r-- 1 1000 staff 920 Nov 28 11:51 .profile - drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh - drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker +```bash +$ docker create -v /home/docker:/docker --name docker ubuntu + +9aa88c08f319cd1e4515c3c46b0de7cc9aa75e878357b1e96f91e2c773029f03 + +$ docker run --rm --volumes-from docker ubuntu ls -la /docker + +total 20 +drwxr-sr-x 5 1000 staff 180 Dec 5 04:00 . +drwxr-xr-x 48 root root 4096 Dec 5 04:13 .. +-rw-rw-r-- 1 1000 staff 3833 Dec 5 04:01 .ash_history +-rw-r--r-- 1 1000 staff 446 Nov 28 11:51 .ashrc +-rw-r--r-- 1 1000 staff 25 Dec 5 04:00 .gitconfig +drwxr-sr-x 3 1000 staff 60 Dec 1 03:28 .local +-rw-r--r-- 1 1000 staff 920 Nov 28 11:51 .profile +drwx--S--- 2 1000 staff 460 Dec 5 00:51 .ssh +drwxr-xr-x 32 1000 staff 1140 Dec 5 04:01 docker +``` + Set storage driver options per container. - $ docker create -it --storage-opt size=120G fedora /bin/bash +```bash +$ docker create -it --storage-opt size=120G fedora /bin/bash +``` This (size) will allow to set the container rootfs size to 120G at creation time. This option is only available for the `devicemapper`, `btrfs`, `overlay2`, diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index 53074b2fd4..a430a90105 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -14,7 +14,9 @@ advisory: "experimental" will be rejected. --> -# deploy (alias for stack deploy) (experimental) +# deploy (experimental) + +An alias for `stack deploy`. ```markdown Usage: docker deploy [OPTIONS] STACK @@ -31,15 +33,20 @@ Options: --with-registry-auth Send registry authentication details to Swarm agents ``` +## Description + Create and update a stack from a `compose` or a `dab` file on the swarm. This command has to be run targeting a manager node. -## Compose file +## Examples + +### Compose file The `deploy` command supports compose file version `3.0` and above. ```bash $ docker stack deploy --compose-file docker-compose.yml vossibility + Ignoring unsupported options: links Creating network vossibility_vossibility @@ -54,8 +61,9 @@ Creating service vossibility_lookupd You can verify that the services were correctly created -``` +```bash $ docker service ls + ID NAME MODE REPLICAS IMAGE 29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 @@ -65,10 +73,11 @@ ID NAME MODE REPLICAS IMAGE axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba ``` -## DAB file +### DAB file ```bash $ docker stack deploy --bundle-file vossibility-stack.dab vossibility + Loading bundle from vossibility-stack.dab Creating service vossibility_elasticsearch Creating service vossibility_kibana @@ -82,6 +91,7 @@ You can verify that the services were correctly created: ```bash $ docker service ls + ID NAME MODE REPLICAS IMAGE 29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 @@ -91,7 +101,7 @@ ID NAME MODE REPLICAS IMAGE axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba ``` -## Related information +## Related commands * [stack config](stack_config.md) * [stack deploy](stack_deploy.md) diff --git a/docs/reference/commandline/diff.md b/docs/reference/commandline/diff.md index 085c35d48f..e6e12cef80 100644 --- a/docs/reference/commandline/diff.md +++ b/docs/reference/commandline/diff.md @@ -13,7 +13,7 @@ keywords: "list, changed, files, container" will be rejected. --> -## diff +# diff ```markdown Usage: docker diff CONTAINER @@ -24,6 +24,8 @@ Options: --help Print usage ``` +## Description + List the changed files and directories in a container᾿s filesystem since the container was created. Three different types of change are tracked: diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index e61b5ae53b..1ebdc3b666 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -93,13 +93,17 @@ Options: Options with [] may be specified multiple times. -dockerd is the persistent process that manages containers. Docker +## Description + +`dockerd` is the persistent process that manages containers. Docker uses different binaries for the daemon and client. To run the daemon you type `dockerd`. To run the daemon with debug output, use `dockerd -D`. -## Daemon socket option +## Examples + +### Daemon socket option The Docker daemon can listen for [Docker Engine API](../api/) requests via three different types of Socket: `unix`, `tcp`, and `fd`. @@ -118,8 +122,7 @@ interface using its IP address: `-H tcp://192.168.59.103:2375`. It is conventional to use port `2375` for un-encrypted, and port `2376` for encrypted communication with the daemon. -> **Note:** -> If you're using an HTTPS encrypted socket, keep in mind that only +> **Note**: If you're using an HTTPS encrypted socket, keep in mind that only > TLS1.0 and greater are supported. Protocols SSLv3 and under are not > supported anymore for security reasons. @@ -136,18 +139,21 @@ time using multiple `-H` options: ```bash # listen using the default unix socket, and on 2 specific IP addresses on this host. + $ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2 ``` The Docker client will honor the `DOCKER_HOST` environment variable to set the -`-H` flag for the client. +`-H` flag for the client. Use **one** of the following commands: ```bash $ docker -H tcp://0.0.0.0:2375 ps -# or +``` + +```bash $ export DOCKER_HOST="tcp://0.0.0.0:2375" + $ docker ps -# both are equal ``` Setting the `DOCKER_TLS_VERIFY` environment variable to any value other than @@ -165,7 +171,7 @@ The Docker client will honor the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables (or the lowercase versions thereof). `HTTPS_PROXY` takes precedence over `HTTP_PROXY`. -### Bind Docker to another host/port or a Unix socket +#### Bind Docker to another host/port or a Unix socket > **Warning**: > Changing the default `docker` daemon binding to a @@ -231,7 +237,7 @@ $ docker pull ubuntu $ docker -H tcp://127.0.0.1:2375 pull ubuntu ``` -### Daemon storage-driver option +### Daemon storage-driver The Docker daemon has support for several different image layer storage drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay` and `overlay2`. @@ -268,22 +274,20 @@ the same file can share a single page cache entry (or entries), it makes `overlay` as efficient with memory as `aufs` driver. Call `dockerd -s overlay` to use it. -> **Note:** -> As promising as `overlay` is, the feature is still quite young and should not -> be used in production. Most notably, using `overlay` can cause excessive -> inode consumption (especially as the number of images grows), as well as -> being incompatible with the use of RPMs. +> **Note**: As promising as `overlay` is, the feature is still quite young and +> should not be used in production. Most notably, using `overlay` can cause +> excessive inode consumption (especially as the number of images grows), as +> well as > being incompatible with the use of RPMs. The `overlay2` uses the same fast union filesystem but takes advantage of [additional features](https://lkml.org/lkml/2015/2/11/106) added in Linux kernel 4.0 to avoid excessive inode consumption. Call `dockerd -s overlay2` to use it. -> **Note:** -> Both `overlay` and `overlay2` are currently unsupported on `btrfs` or any -> Copy on Write filesystem and should only be used over `ext4` partitions. +> **Note**: Both `overlay` and `overlay2` are currently unsupported on `btrfs` +> or any Copy on Write filesystem and should only be used over `ext4` partitions. -### Storage driver options +### Options per storage driver Particular storage-driver can be configured with options specified with `--storage-opt` flags. Options for `devicemapper` are prefixed with `dm`, @@ -291,380 +295,376 @@ options for `zfs` start with `zfs` and options for `btrfs` start with `btrfs`. #### Devicemapper options -* `dm.thinpooldev` +##### `dm.thinpooldev` - Specifies a custom block storage device to use for the thin pool. +Specifies a custom block storage device to use for the thin pool. - If using a block device for device mapper storage, it is best to use `lvm` - to create and manage the thin-pool volume. This volume is then handed to Docker - to exclusively create snapshot volumes needed for images and containers. +If using a block device for device mapper storage, it is best to use `lvm` +to create and manage the thin-pool volume. This volume is then handed to Docker +to exclusively create snapshot volumes needed for images and containers. - Managing the thin-pool outside of Engine makes for the most feature-rich - method of having Docker utilize device mapper thin provisioning as the - backing storage for Docker containers. The highlights of the lvm-based - thin-pool management feature include: automatic or interactive thin-pool - resize support, dynamically changing thin-pool features, automatic thinp - metadata checking when lvm activates the thin-pool, etc. +Managing the thin-pool outside of Engine makes for the most feature-rich +method of having Docker utilize device mapper thin provisioning as the +backing storage for Docker containers. The highlights of the lvm-based +thin-pool management feature include: automatic or interactive thin-pool +resize support, dynamically changing thin-pool features, automatic thinp +metadata checking when lvm activates the thin-pool, etc. - As a fallback if no thin pool is provided, loopback files are - created. Loopback is very slow, but can be used without any - pre-configuration of storage. It is strongly recommended that you do - not use loopback in production. Ensure your Engine daemon has a - `--storage-opt dm.thinpooldev` argument provided. +As a fallback if no thin pool is provided, loopback files are +created. Loopback is very slow, but can be used without any +pre-configuration of storage. It is strongly recommended that you do +not use loopback in production. Ensure your Engine daemon has a +`--storage-opt dm.thinpooldev` argument provided. - Example use: +###### Example: - ```bash - $ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool - ``` +```bash +$ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool +``` -* `dm.basesize` +##### `dm.basesize` - Specifies the size to use when creating the base device, which limits the - size of images and containers. The default value is 10G. Note, thin devices - are inherently "sparse", so a 10G device which is mostly empty doesn't use - 10 GB of space on the pool. However, the filesystem will use more space for - the empty case the larger the device is. +Specifies the size to use when creating the base device, which limits the +size of images and containers. The default value is 10G. Note, thin devices +are inherently "sparse", so a 10G device which is mostly empty doesn't use +10 GB of space on the pool. However, the filesystem will use more space for +the empty case the larger the device is. - The base device size can be increased at daemon restart which will allow - all future images and containers (based on those new images) to be of the - new base device size. +The base device size can be increased at daemon restart which will allow +all future images and containers (based on those new images) to be of the +new base device size. - Example use: +###### Examples - ```bash - $ sudo dockerd --storage-opt dm.basesize=50G - ``` +```bash +$ sudo dockerd --storage-opt dm.basesize=50G +``` - This will increase the base device size to 50G. The Docker daemon will throw an - error if existing base device size is larger than 50G. A user can use - this option to expand the base device size however shrinking is not permitted. +This will increase the base device size to 50G. The Docker daemon will throw an +error if existing base device size is larger than 50G. A user can use +this option to expand the base device size however shrinking is not permitted. - This value affects the system-wide "base" empty filesystem - that may already be initialized and inherited by pulled images. Typically, - a change to this value requires additional steps to take effect: +This value affects the system-wide "base" empty filesystem +that may already be initialized and inherited by pulled images. Typically, +a change to this value requires additional steps to take effect: - ```bash - $ sudo service docker stop - $ sudo rm -rf /var/lib/docker - $ sudo service docker start - ``` + ```bash +$ sudo service docker stop - Example use: +$ sudo rm -rf /var/lib/docker - ```bash - $ sudo dockerd --storage-opt dm.basesize=20G - ``` +$ sudo service docker start +``` -* `dm.loopdatasize` - > **Note**: - > This option configures devicemapper loopback, which should not - > be used in production. +##### `dm.loopdatasize` - Specifies the size to use when creating the loopback file for the - "data" device which is used for the thin pool. The default size is - 100G. The file is sparse, so it will not initially take up this - much space. +> **Note**: This option configures devicemapper loopback, which should not +> be used in production. - Example use: +Specifies the size to use when creating the loopback file for the +"data" device which is used for the thin pool. The default size is +100G. The file is sparse, so it will not initially take up this +much space. - ```bash - $ sudo dockerd --storage-opt dm.loopdatasize=200G - ``` +###### Example -* `dm.loopmetadatasize` +```bash +$ sudo dockerd --storage-opt dm.loopdatasize=200G +``` - > **Note**: - > This option configures devicemapper loopback, which should not - > be used in production. +##### `dm.loopmetadatasize` - Specifies the size to use when creating the loopback file for the - "metadata" device which is used for the thin pool. The default size - is 2G. The file is sparse, so it will not initially take up - this much space. +> **Note**: This option configures devicemapper loopback, which should not +> be used in production. - Example use: +Specifies the size to use when creating the loopback file for the +"metadata" device which is used for the thin pool. The default size +is 2G. The file is sparse, so it will not initially take up +this much space. - ```bash - $ sudo dockerd --storage-opt dm.loopmetadatasize=4G - ``` +###### Example -* `dm.fs` +```bash +$ sudo dockerd --storage-opt dm.loopmetadatasize=4G +``` - Specifies the filesystem type to use for the base device. The supported - options are "ext4" and "xfs". The default is "xfs" +##### `dm.fs` - Example use: +Specifies the filesystem type to use for the base device. The supported +options are "ext4" and "xfs". The default is "xfs" - ```bash - $ sudo dockerd --storage-opt dm.fs=ext4 - ``` +###### Example -* `dm.mkfsarg` +```bash +$ sudo dockerd --storage-opt dm.fs=ext4 +``` - Specifies extra mkfs arguments to be used when creating the base device. +##### `dm.mkfsarg` - Example use: +Specifies extra mkfs arguments to be used when creating the base device. - ```bash - $ sudo dockerd --storage-opt "dm.mkfsarg=-O ^has_journal" - ``` +###### Example -* `dm.mountopt` +```bash +$ sudo dockerd --storage-opt "dm.mkfsarg=-O ^has_journal" +``` - Specifies extra mount options used when mounting the thin devices. +##### `dm.mountopt` - Example use: +Specifies extra mount options used when mounting the thin devices. - ```bash - $ sudo dockerd --storage-opt dm.mountopt=nodiscard - ``` +###### Example -* `dm.datadev` +```bash +$ sudo dockerd --storage-opt dm.mountopt=nodiscard +``` - (Deprecated, use `dm.thinpooldev`) +##### `dm.datadev` - Specifies a custom blockdevice to use for data for the thin pool. +(Deprecated, use `dm.thinpooldev`) - If using a block device for device mapper storage, ideally both datadev and - metadatadev should be specified to completely avoid using the loopback - device. +Specifies a custom blockdevice to use for data for the thin pool. - Example use: +If using a block device for device mapper storage, ideally both `datadev` and +`metadatadev` should be specified to completely avoid using the loopback +device. - ```bash - $ sudo dockerd \ - --storage-opt dm.datadev=/dev/sdb1 \ - --storage-opt dm.metadatadev=/dev/sdc1 - ``` +###### Example -* `dm.metadatadev` +```bash +$ sudo dockerd \ + --storage-opt dm.datadev=/dev/sdb1 \ + --storage-opt dm.metadatadev=/dev/sdc1 +``` - (Deprecated, use `dm.thinpooldev`) +##### `dm.metadatadev` - Specifies a custom blockdevice to use for metadata for the thin pool. +(Deprecated, use `dm.thinpooldev`) - For best performance the metadata should be on a different spindle than the - data, or even better on an SSD. +Specifies a custom blockdevice to use for metadata for the thin pool. - If setting up a new metadata pool it is required to be valid. This can be - achieved by zeroing the first 4k to indicate empty metadata, like this: +For best performance the metadata should be on a different spindle than the +data, or even better on an SSD. - ```bash - $ dd if=/dev/zero of=$metadata_dev bs=4096 count=1 - ``` +If setting up a new metadata pool it is required to be valid. This can be +achieved by zeroing the first 4k to indicate empty metadata, like this: - Example use: +```bash +$ dd if=/dev/zero of=$metadata_dev bs=4096 count=1 +``` - ```bash - $ sudo dockerd \ - --storage-opt dm.datadev=/dev/sdb1 \ - --storage-opt dm.metadatadev=/dev/sdc1 - ``` +###### Example -* `dm.blocksize` +```bash +$ sudo dockerd \ + --storage-opt dm.datadev=/dev/sdb1 \ + --storage-opt dm.metadatadev=/dev/sdc1 +``` - Specifies a custom blocksize to use for the thin pool. The default - blocksize is 64K. +##### `dm.blocksize` - Example use: +Specifies a custom blocksize to use for the thin pool. The default +blocksize is 64K. - ```bash - $ sudo dockerd --storage-opt dm.blocksize=512K - ``` +###### Example -* `dm.blkdiscard` +```bash +$ sudo dockerd --storage-opt dm.blocksize=512K +``` - Enables or disables the use of blkdiscard when removing devicemapper - devices. This is enabled by default (only) if using loopback devices and is - required to resparsify the loopback file on image/container removal. +##### `dm.blkdiscard` - Disabling this on loopback can lead to *much* faster container removal - times, but will make the space used in `/var/lib/docker` directory not be - returned to the system for other use when containers are removed. +Enables or disables the use of `blkdiscard` when removing devicemapper +devices. This is enabled by default (only) if using loopback devices and is +required to resparsify the loopback file on image/container removal. - Example use: +Disabling this on loopback can lead to *much* faster container removal +times, but will make the space used in `/var/lib/docker` directory not be +returned to the system for other use when containers are removed. - ```bash - $ sudo dockerd --storage-opt dm.blkdiscard=false - ``` +###### Examples -* `dm.override_udev_sync_check` +```bash +$ sudo dockerd --storage-opt dm.blkdiscard=false +``` - Overrides the `udev` synchronization checks between `devicemapper` and `udev`. - `udev` is the device manager for the Linux kernel. +##### `dm.override_udev_sync_check` - To view the `udev` sync support of a Docker daemon that is using the - `devicemapper` driver, run: +Overrides the `udev` synchronization checks between `devicemapper` and `udev`. +`udev` is the device manager for the Linux kernel. - ```bash - $ docker info - [...] - Udev Sync Supported: true - [...] - ``` +To view the `udev` sync support of a Docker daemon that is using the +`devicemapper` driver, run: - When `udev` sync support is `true`, then `devicemapper` and udev can - coordinate the activation and deactivation of devices for containers. +```bash +$ docker info +[...] +Udev Sync Supported: true +[...] +``` - When `udev` sync support is `false`, a race condition occurs between - the`devicemapper` and `udev` during create and cleanup. The race condition - results in errors and failures. (For information on these failures, see - [docker#4036](https://github.com/docker/docker/issues/4036)) +When `udev` sync support is `true`, then `devicemapper` and udev can +coordinate the activation and deactivation of devices for containers. - To allow the `docker` daemon to start, regardless of `udev` sync not being - supported, set `dm.override_udev_sync_check` to true: +When `udev` sync support is `false`, a race condition occurs between +the`devicemapper` and `udev` during create and cleanup. The race condition +results in errors and failures. (For information on these failures, see +[docker#4036](https://github.com/docker/docker/issues/4036)) - ```bash - $ sudo dockerd --storage-opt dm.override_udev_sync_check=true - ``` +To allow the `docker` daemon to start, regardless of `udev` sync not being +supported, set `dm.override_udev_sync_check` to true: - When this value is `true`, the `devicemapper` continues and simply warns - you the errors are happening. +```bash +$ sudo dockerd --storage-opt dm.override_udev_sync_check=true +``` - > **Note:** - > The ideal is to pursue a `docker` daemon and environment that does - > support synchronizing with `udev`. For further discussion on this - > topic, see [docker#4036](https://github.com/docker/docker/issues/4036). - > Otherwise, set this flag for migrating existing Docker daemons to - > a daemon with a supported environment. +When this value is `true`, the `devicemapper` continues and simply warns +you the errors are happening. -* `dm.use_deferred_removal` +> **Note**: The ideal is to pursue a `docker` daemon and environment that does +> support synchronizing with `udev`. For further discussion on this +> topic, see [docker#4036](https://github.com/docker/docker/issues/4036). +> Otherwise, set this flag for migrating existing Docker daemons to +> a daemon with a supported environment. - Enables use of deferred device removal if `libdm` and the kernel driver - support the mechanism. +##### `dm.use_deferred_removal` - Deferred device removal means that if device is busy when devices are - being removed/deactivated, then a deferred removal is scheduled on - device. And devices automatically go away when last user of the device - exits. +Enables use of deferred device removal if `libdm` and the kernel driver +support the mechanism. - For example, when a container exits, its associated thin device is removed. - If that device has leaked into some other mount namespace and can't be - removed, the container exit still succeeds and this option causes the - system to schedule the device for deferred removal. It does not wait in a - loop trying to remove a busy device. +Deferred device removal means that if device is busy when devices are +being removed/deactivated, then a deferred removal is scheduled on +device. And devices automatically go away when last user of the device +exits. - Example use: +For example, when a container exits, its associated thin device is removed. +If that device has leaked into some other mount namespace and can't be +removed, the container exit still succeeds and this option causes the +system to schedule the device for deferred removal. It does not wait in a +loop trying to remove a busy device. - ```bash - $ sudo dockerd --storage-opt dm.use_deferred_removal=true - ``` +###### Example -* `dm.use_deferred_deletion` +```bash +$ sudo dockerd --storage-opt dm.use_deferred_removal=true +``` - Enables use of deferred device deletion for thin pool devices. By default, - thin pool device deletion is synchronous. Before a container is deleted, - the Docker daemon removes any associated devices. If the storage driver - can not remove a device, the container deletion fails and daemon returns. +##### `dm.use_deferred_deletion` - Error deleting container: Error response from daemon: Cannot destroy container +Enables use of deferred device deletion for thin pool devices. By default, +thin pool device deletion is synchronous. Before a container is deleted, +the Docker daemon removes any associated devices. If the storage driver +can not remove a device, the container deletion fails and daemon returns. - To avoid this failure, enable both deferred device deletion and deferred - device removal on the daemon. +```none +Error deleting container: Error response from daemon: Cannot destroy container +``` - ```bash - $ sudo dockerd \ - --storage-opt dm.use_deferred_deletion=true \ - --storage-opt dm.use_deferred_removal=true - ``` +To avoid this failure, enable both deferred device deletion and deferred +device removal on the daemon. - With these two options enabled, if a device is busy when the driver is - deleting a container, the driver marks the device as deleted. Later, when - the device isn't in use, the driver deletes it. +```bash +$ sudo dockerd \ + --storage-opt dm.use_deferred_deletion=true \ + --storage-opt dm.use_deferred_removal=true +``` - In general it should be safe to enable this option by default. It will help - when unintentional leaking of mount point happens across multiple mount - namespaces. +With these two options enabled, if a device is busy when the driver is +deleting a container, the driver marks the device as deleted. Later, when +the device isn't in use, the driver deletes it. -* `dm.min_free_space` +In general it should be safe to enable this option by default. It will help +when unintentional leaking of mount point happens across multiple mount +namespaces. - Specifies the min free space percent in a thin pool require for new device - creation to succeed. This check applies to both free data space as well - as free metadata space. Valid values are from 0% - 99%. Value 0% disables - free space checking logic. If user does not specify a value for this option, - the Engine uses a default value of 10%. +##### `dm.min_free_space` - Whenever a new a thin pool device is created (during `docker pull` or during - container creation), the Engine checks if the minimum free space is - available. If sufficient space is unavailable, then device creation fails - and any relevant `docker` operation fails. +Specifies the min free space percent in a thin pool require for new device +creation to succeed. This check applies to both free data space as well +as free metadata space. Valid values are from 0% - 99%. Value 0% disables +free space checking logic. If user does not specify a value for this option, +the Engine uses a default value of 10%. - To recover from this error, you must create more free space in the thin pool - to recover from the error. You can create free space by deleting some images - and containers from the thin pool. You can also add more storage to the thin - pool. +Whenever a new a thin pool device is created (during `docker pull` or during +container creation), the Engine checks if the minimum free space is +available. If sufficient space is unavailable, then device creation fails +and any relevant `docker` operation fails. - To add more space to a LVM (logical volume management) thin pool, just add - more storage to the volume group container thin pool; this should automatically - resolve any errors. If your configuration uses loop devices, then stop the - Engine daemon, grow the size of loop files and restart the daemon to resolve - the issue. +To recover from this error, you must create more free space in the thin pool +to recover from the error. You can create free space by deleting some images +and containers from the thin pool. You can also add more storage to the thin +pool. - Example use: +To add more space to a LVM (logical volume management) thin pool, just add +more storage to the volume group container thin pool; this should automatically +resolve any errors. If your configuration uses loop devices, then stop the +Engine daemon, grow the size of loop files and restart the daemon to resolve +the issue. - ```bash - $ sudo dockerd --storage-opt dm.min_free_space=10% - ``` +###### Example -* `dm.xfs_nospace_max_retries` +```bash +$ sudo dockerd --storage-opt dm.min_free_space=10% +``` - Specifies the maximum number of retries XFS should attempt to complete - IO when ENOSPC (no space) error is returned by underlying storage device. +##### `dm.xfs_nospace_max_retries` - By default XFS retries infinitely for IO to finish and this can result - in unkillable process. To change this behavior one can set - xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting - ENOSPC and will shutdown filesystem. +Specifies the maximum number of retries XFS should attempt to complete +IO when ENOSPC (no space) error is returned by underlying storage device. - Example use: +By default XFS retries infinitely for IO to finish and this can result +in unkillable process. To change this behavior one can set +xfs_nospace_max_retries to say 0 and XFS will not retry IO after getting +ENOSPC and will shutdown filesystem. - ```bash - $ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0 - ``` +###### Example + +```bash +$ sudo dockerd --storage-opt dm.xfs_nospace_max_retries=0 +``` #### ZFS options -* `zfs.fsname` +##### `zfs.fsname` - Set zfs filesystem under which docker will create its own datasets. - By default docker will pick up the zfs filesystem where docker graph - (`/var/lib/docker`) is located. +Set zfs filesystem under which docker will create its own datasets. +By default docker will pick up the zfs filesystem where docker graph +(`/var/lib/docker`) is located. - Example use: +###### Example - ```bash - $ sudo dockerd -s zfs --storage-opt zfs.fsname=zroot/docker - ``` +```bash +$ sudo dockerd -s zfs --storage-opt zfs.fsname=zroot/docker +``` #### Btrfs options -* `btrfs.min_space` +##### `btrfs.min_space` - Specifies the minimum size to use when creating the subvolume which is used - for containers. If user uses disk quota for btrfs when creating or running - a container with **--storage-opt size** option, docker should ensure the - **size** cannot be smaller than **btrfs.min_space**. +Specifies the minimum size to use when creating the subvolume which is used +for containers. If user uses disk quota for btrfs when creating or running +a container with **--storage-opt size** option, docker should ensure the +**size** cannot be smaller than **btrfs.min_space**. - Example use: +###### Example - ```bash - $ sudo dockerd -s btrfs --storage-opt btrfs.min_space=10G - ``` +```bash +$ sudo dockerd -s btrfs --storage-opt btrfs.min_space=10G +``` #### Overlay2 options -* `overlay2.override_kernel_check` +##### `overlay2.override_kernel_check` - Overrides the Linux kernel version check allowing overlay2. Support for - specifying multiple lower directories needed by overlay2 was added to the - Linux kernel in 4.0.0. However, some older kernel versions may be patched - to add multiple lower directory support for OverlayFS. This option should - only be used after verifying this support exists in the kernel. Applying - this option on a kernel without this support will cause failures on mount. +Overrides the Linux kernel version check allowing overlay2. Support for +specifying multiple lower directories needed by overlay2 was added to the +Linux kernel in 4.0.0. However, some older kernel versions may be patched +to add multiple lower directory support for OverlayFS. This option should +only be used after verifying this support exists in the kernel. Applying +this option on a kernel without this support will cause failures on mount. -## Docker runtime execution options +### Docker runtime execution options The Docker daemon relies on a [OCI](https://github.com/opencontainers/runtime-spec) compliant runtime @@ -707,9 +707,9 @@ This is the same example via the command line: $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-runc-replacement ``` -> **Note**: defining runtime arguments via the command line is not supported. +> **Note**: Defining runtime arguments via the command line is not supported. -## Options for the runtime +#### Options for the runtime You can configure the runtime using options specified with the `--exec-opt` flag. All the flag's options have the `native` prefix. A @@ -739,7 +739,7 @@ Will make `hyperv` the default isolation technology on Windows. If no isolation value is specified on daemon start, on Windows client, the default is `hyperv`, and on Windows server, the default is `process`. -## Daemon DNS options +#### Daemon DNS options To set the DNS server for all Docker containers, use: @@ -753,7 +753,7 @@ To set the DNS search domain for all Docker containers, use: $ sudo dockerd --dns-search example.com ``` -## Insecure registries +#### Insecure registries Docker considers a private registry either secure or insecure. In the rest of this section, *registry* is used for *private registry*, and `myregistry:5000` @@ -797,11 +797,11 @@ because its use creates security vulnerabilities it should ONLY be enabled for testing purposes. For increased security, users should add their CA to their system's list of trusted CAs instead of enabling `--insecure-registry`. -## Legacy Registries +##### Legacy Registries Enabling `--disable-legacy-registry` forces a docker daemon to only interact with registries which support the V2 protocol. Specifically, the daemon will not attempt `push`, `pull` and `login` to v1 registries. The exception to this is `search` which can still be performed on v1 registries. -## Running a Docker daemon behind an HTTPS_PROXY +#### Running a Docker daemon behind an HTTPS_PROXY When running inside a LAN that uses an `HTTPS` proxy, the Docker Hub certificates will be replaced by the proxy's certificates. These certificates @@ -818,7 +818,7 @@ This will only add the proxy and authentication to the Docker daemon's requests your `docker build`s and running containers will need extra configuration to use the proxy -## Default Ulimits +#### Default `ulimit` settings `--default-ulimit` allows you to set the default `ulimit` options to use for all containers. It takes the same options as `--ulimit` for `docker run`. If @@ -830,7 +830,7 @@ Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linu set the maximum number of processes available to a user, not to a container. For details please check the [run](run.md) reference. -## Nodes discovery +#### Node discovery The `--cluster-advertise` option specifies the `host:port` or `interface:port` combination that this particular daemon instance should use when advertising @@ -856,39 +856,16 @@ $ sudo dockerd \ The currently supported cluster store options are: -* `discovery.heartbeat` +| Option | Description | +|-----------------------|-------------| +| `discovery.heartbeat` | Specifies the heartbeat timer in seconds which is used by the daemon as a `keepalive` mechanism to make sure discovery module treats the node as alive in the cluster. If not configured, the default value is 20 seconds. | +| `discovery.ttl` | Specifies the TTL (time-to-live) in seconds which is used by the discovery module to timeout a node if a valid heartbeat is not received within the configured ttl value. If not configured, the default value is 60 seconds. | +| `kv.cacertfile` | Specifies the path to a local file with PEM encoded CA certificates to trust. | +| `kv.certfile` | Specifies the path to a local file with a PEM encoded certificate. This certificate is used as the client cert for communication with the Key/Value store. | +| `kv.keyfile` | Specifies the path to a local file with a PEM encoded private key. This private key is used as the client key for communication with the Key/Value store. | +| `kv.path` | Specifies the path in the Key/Value store. If not configured, the default value is 'docker/nodes'. | - Specifies the heartbeat timer in seconds which is used by the daemon as a - keepalive mechanism to make sure discovery module treats the node as alive - in the cluster. If not configured, the default value is 20 seconds. - -* `discovery.ttl` - - Specifies the ttl (time-to-live) in seconds which is used by the discovery - module to timeout a node if a valid heartbeat is not received within the - configured ttl value. If not configured, the default value is 60 seconds. - -* `kv.cacertfile` - - Specifies the path to a local file with PEM encoded CA certificates to trust - -* `kv.certfile` - - Specifies the path to a local file with a PEM encoded certificate. This - certificate is used as the client cert for communication with the - Key/Value store. - -* `kv.keyfile` - - Specifies the path to a local file with a PEM encoded private key. This - private key is used as the client key for communication with the - Key/Value store. - -* `kv.path` - - Specifies the path in the Key/Value store. If not configured, the default value is 'docker/nodes'. - -## Access authorization +#### Access authorization Docker's access authorization can be extended by authorization plugins that your organization can purchase or build themselves. You can install one or more @@ -913,7 +890,7 @@ For information about how to create an authorization plugin, see [authorization plugin](../../extend/plugins_authorization.md) section in the Docker extend section of this documentation. -## Daemon user namespace options +#### Daemon user namespace options The Linux kernel [user namespace support](http://man7.org/linux/man-pages/man7/user_namespaces.7.html) provides additional security by enabling a process, and therefore a container, to have a unique range of user and @@ -946,7 +923,7 @@ and provided subordinate uid and gid ranges. This default user will be named > pull`, `docker push`, and container startup as users expect with > user namespaces disabled. -### Starting the daemon with user namespaces enabled +##### Start the daemon with user namespaces enabled To enable user namespace support, start the daemon with the `--userns-remap` flag, which accepts values in the following formats: @@ -993,7 +970,7 @@ with user namespaces enabled or not. If the daemon is configured with user namespaces, the Security Options entry in the response will list "userns" as one of the enabled security features. -#### Behavior differences when user namespaces are enabled +##### Behavior differences when user namespaces are enabled When you start the Docker daemon with `--userns-remap`, Docker segregates the graph directory where the images are stored by adding an extra directory with a name corresponding to the @@ -1006,7 +983,7 @@ images and container layers, are also owned by the new UID and GID. To set the o correctly, you need to re-pull the images and restart the containers after starting the daemon with `--userns-remap`. -### Detailed information on `subuid`/`subgid` ranges +##### Detailed information on `subuid`/`subgid` ranges Given potential advanced use of the subordinate ID ranges by power users, the following paragraphs define how the Docker daemon currently uses the range entries @@ -1029,7 +1006,7 @@ following algorithm to create the mapping ranges: 2. Map segments will be created from each range in increasing value with a length matching the length of each segment. Therefore the range segment with the lowest numeric starting value will be equal to the remapped root, and continue up through host uid/gid equal to the range segment length. As an example, if the lowest segment starts at ID 1000 and has a length of 100, then a map of 1000 -> 0 (the remapped root) up through 1100 -> 100 will be created from this segment. If the next segment starts at ID 10000, then the next map will start with mapping 10000 -> 101 up to the length of this second segment. This will continue until no more segments are found in the subordinate files for this user. 3. If more than five range segments exist for a single user, only the first five will be utilized, matching the kernel's limitation of only five entries in `/proc/self/uid_map` and `proc/self/gid_map`. -### Disable user namespace for a container +##### Disable user namespace for a container If you enable user namespaces on the daemon, all containers are started with user namespaces enabled. In some situations you might want to disable @@ -1039,7 +1016,7 @@ To enable those advanced features for a specific container use `--userns=host` in the `run/exec/create` command. This option will completely disable user namespace mapping for the container's user. -### User namespace known restrictions +##### User namespace known restrictions The following standard Docker features are currently incompatible when running a Docker daemon with user namespaces enabled: @@ -1062,7 +1039,7 @@ process. The most notable restriction that we are aware of at this time is the inability to use `mknod`. Permission will be denied for device creation even as container `root` inside a user namespace. -## Miscellaneous options +### Miscellaneous options IP masquerading uses address translation to allow containers without a public IP to talk to other machines on the Internet. This may interfere with some @@ -1077,7 +1054,7 @@ set like this: export DOCKER_TMPDIR=/mnt/disk2/tmp /usr/local/bin/dockerd -D -g /var/lib/docker -H unix:// > /var/lib/docker-machine/docker.log 2>&1 -## Default cgroup parent +#### Default cgroup parent The `--cgroup-parent` option allows you to set the default cgroup parent to use for containers. If this option is not set, it defaults to `/docker` for @@ -1104,7 +1081,7 @@ This setting can also be set per container, using the `--cgroup-parent` option on `docker create` and `docker run`, and takes precedence over the `--cgroup-parent` option on the daemon. -## Daemon Metrics +#### Daemon metrics The `--metrics-addr` option takes a tcp address to serve the metrics API. This feature is still experimental, therefore, the daemon must be running in experimental @@ -1118,7 +1095,7 @@ If you are running a prometheus server you can add this address to your scrape c to have prometheus collect metrics on Docker. For more information on prometheus you can view the website [here](https://prometheus.io/). -```yml +```none scrape_configs: - job_name: 'docker' static_configs: @@ -1129,7 +1106,7 @@ Please note that this feature is still marked as experimental as metrics and met names could change while this feature is still in experimental. Please provide feedback on what you would like to see collected in the API. -## Daemon configuration file +#### Daemon configuration file The `--config-file` option allows you to set any configuration option for the daemon in a JSON format. This file uses the same flag names as keys, @@ -1144,7 +1121,7 @@ For example, the daemon fails to start if you set daemon labels in the configuration file and also set daemon labels via the `--label` flag. Options that are not present in the file are ignored when the daemon starts. -### Linux configuration file +##### On Linux The default location of the configuration file on Linux is `/etc/docker/daemon.json`. The `--config-file` flag can be used to specify a @@ -1229,7 +1206,7 @@ This is a full example of the allowed configuration options on Linux: } ``` -### Windows configuration file +##### On Windows The default location of the configuration file on Windows is `%programdata%\docker\config\daemon.json`. The `--config-file` flag can be @@ -1276,7 +1253,7 @@ This is a full example of the allowed configuration options on Windows: } ``` -### Configuration reloading +#### Configuration reload behavior Some options can be reconfigured when the daemon is running without requiring to restart the process. We use the `SIGHUP` signal in Linux to reload, and a global event @@ -1313,7 +1290,7 @@ Configuration reload will log a warning message if it detects a change in previously configured cluster configurations. -## Running multiple daemons +### Run multiple daemons > **Note:** Running multiple daemons on a single host is considered as "experimental". The user should be aware of > unsolved problems. This solution may not work properly in some cases. Solutions are currently under development @@ -1326,7 +1303,7 @@ by providing them as flags, or by using a [daemon configuration file](#daemon-co The following daemon options must be configured for each daemon: -```bash +```none -b, --bridge= Attach containers to a network bridge --exec-root=/var/run/docker Root of the Docker execdriver -g, --graph=/var/lib/docker Root of the Docker runtime diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index b670d81fe2..bc24dab233 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -28,29 +28,90 @@ Options: --until string Stream events until this timestamp ``` +## Description + +Use `docker events` to get real-time events from the server. These events differ +per Docker object type. + +### Object types + +#### Containers + Docker containers report the following events: - attach, commit, copy, create, destroy, detach, die, exec_create, exec_detach, exec_start, export, health_status, kill, oom, pause, rename, resize, restart, start, stop, top, unpause, update +- `attach` +- `commit` +- `copy` +- `create` +- `destroy` +- `detach` +- `die` +- `exec_create` +- `exec_detach` +- `exec_start` +- `export` +- `health_status` +- `kill` +- `oom` +- `pause` +- `rename` +- `resize` +- `restart` +- `start` +- `stop` +- `top` +- `unpause` +- `update` + +#### Images Docker images report the following events: - delete, import, load, pull, push, save, tag, untag +- `delete` +- `import` +- `load` +- `pull` +- `push` +- `save` +- `tag` +- `untag` + +#### Plugins Docker plugins report the following events: - install, enable, disable, remove +- `install` +- `enable` +- `disable` +- `remove` + +#### Volumes Docker volumes report the following events: - create, mount, unmount, destroy +- `create` +- `mount` +- `unmount` +- `destroy` + +#### Networks Docker networks report the following events: - create, connect, disconnect, destroy +- `create` +- `connect` +- `disconnect` +- `destroy` -Docker daemon reports the following events: +#### Daemons - reload +Docker daemons report the following events: + +- `reload` + +### Limiting, filtering, and formatting the output + +#### Limit events by time The `--since` and `--until` parameters can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed @@ -65,7 +126,7 @@ that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. -## Filtering +#### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If you would like to use multiple filters, pass multiple flags (e.g., @@ -91,7 +152,7 @@ The currently supported filters are: * network (`network=`) * daemon (`daemon=`) -## Format +#### Format If a format (`--format`) is specified, the given template will be executed instead of the default @@ -103,132 +164,190 @@ Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . ## Examples +### Basic example + You'll need two shells for this example. **Shell 1: Listening for events:** - $ docker events +```bash +$ docker events +``` **Shell 2: Start and Stop containers:** - $ docker create --name test alpine:latest top - $ docker start test - $ docker stop test +```bash +$ docker create --name test alpine:latest top +$ docker start test +$ docker stop test +``` **Shell 1: (Again .. now showing events):** - 2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +```none +2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +``` -**Show events in the past from a specified time:** +To exit the `docker events` command, use `CTRL+C`. - $ docker events --since 1483283804 - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +### Filter events by time - $ docker events --since '2017-01-05' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +You can filter the output by an absolute timestamp or relative time on the host +machine, using the following different time syntaxes: - $ docker events --since '2013-09-03T15:49:29' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +```bash +$ docker events --since 1483283804 +2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) +2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) -This example outputs all events that were generated in the last 3 minutes, -relative to the current time on the client machine: +$ docker events --since '2017-01-05' +2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) +2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - $ docker events --since '10m' - 2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) - 2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) - 2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) - 2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +$ docker events --since '2013-09-03T15:49:29' +2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) +2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) -**Filter events:** +$ docker events --since '10m' +2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) +2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +``` - $ docker events --filter 'event=stop' - 2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain) +### Filter events by criteria - $ docker events --filter 'image=alpine' - 2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner) - 2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) - 2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15) - 2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9) - 2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner) - 2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner) +The following commands show several different ways to filter the `docker event` +output. - $ docker events --filter 'container=test' - 2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) - 2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) - 2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +```bash +$ docker events --filter 'event=stop' - $ docker events --filter 'container=test' --filter 'container=d9cdb1525ea8' - 2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) - 2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) - 2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9) - 2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test) - 2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain) - $ docker events --filter 'container=test' --filter 'event=stop' - 2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test) +$ docker events --filter 'image=alpine' - $ docker events --filter 'type=volume' - 2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) - 2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate) - 2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local) - 2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) +2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner) +2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) +2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15) +2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9) +2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner) +2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner) - $ docker events --filter 'type=network' - 2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge) - 2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge) +$ docker events --filter 'container=test' - $ docker events --filter 'type=plugin' (experimental) - 2016-07-25T17:30:14.825557616Z plugin pull ec7b...993f (name=tiborvass/sample-volume-plugin:latest) - 2016-07-25T17:30:14.888127370Z plugin enable ec7b...993f (name=tiborvass/sample-volume-plugin:latest) +2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) -**Format:** +$ docker events --filter 'container=test' --filter 'container=d9cdb1525ea8' - $ docker events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' - Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 - Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) +2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9) +2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test) +2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test) -**Format (as JSON Lines):** +$ docker events --filter 'container=test' --filter 'event=stop' +2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test) + +$ docker events --filter 'type=volume' + +2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) +2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate) +2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local) +2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) + +$ docker events --filter 'type=network' + +2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge) +2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge) + +$ docker events --filter 'container=container_1' --filter 'container=container_2' + +2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) +2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) +2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8) +2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + +$ docker events --filter 'type=volume' + +2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) +2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) +2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) +2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) + +$ docker events --filter 'type=network' + +2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) +2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) +``` + +The `type=plugin` filter is experimental. + +```bash +$ docker events --filter 'type=plugin' + +2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) +2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) +``` + +### Format the output + +```bash +{% raw %} +$ docker events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' + +Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +{% endraw %} +``` + +#### Format as JSON + +```none +{% raw %} $ docker events --format '{{json .}}' + {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. +{% endraw %} +``` diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index 38891c9ea0..df2ad6eae8 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -31,35 +31,61 @@ Options: -u, --user Username or UID (format: [:]) ``` +## Descriptino + The `docker exec` command runs a new command in a running container. The command started using `docker exec` only runs while the container's primary process (`PID 1`) is running, and it is not restarted if the container is restarted. -If the container is paused, then the `docker exec` command will fail with an error: - - $ docker pause test - test - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 1ae3b36715d2 ubuntu:latest "bash" 17 seconds ago Up 16 seconds (Paused) test - $ docker exec test ls - FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec - $ echo $? - 1 - ## Examples - $ docker run --name ubuntu_bash --rm -i -t ubuntu bash +### Run `docker exec` on a running container + +First, start a container. + +```bash +$ docker run --name ubuntu_bash --rm -i -t ubuntu bash +``` This will create a container named `ubuntu_bash` and start a Bash session. - $ docker exec -d ubuntu_bash touch /tmp/execWorks +Next, execute a command on the container. + +```bash +$ docker exec -d ubuntu_bash touch /tmp/execWorks +``` This will create a new file `/tmp/execWorks` inside the running container `ubuntu_bash`, in the background. - $ docker exec -it ubuntu_bash bash +Next, execute an interactive `bash` shell on the container. + +```bash +$ docker exec -it ubuntu_bash bash +``` This will create a new Bash session in the container `ubuntu_bash`. + +### Try to run `docker exec` on a paused container + +If the container is paused, then the `docker exec` command will fail with an error: + +```bash +$ docker pause test + +test + +$ docker ps + +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +1ae3b36715d2 ubuntu:latest "bash" 17 seconds ago Up 16 seconds (Paused) test + +$ docker exec test ls + +FATA[0000] Error response from daemon: Container test is paused, unpause the container before exec + +$ echo $? +1 +``` diff --git a/docs/reference/commandline/export.md b/docs/reference/commandline/export.md index 1004fc30c0..9de509714a 100644 --- a/docs/reference/commandline/export.md +++ b/docs/reference/commandline/export.md @@ -25,19 +25,24 @@ Options: -o, --output string Write to a file, instead of STDOUT ``` +## Description + The `docker export` command does not export the contents of volumes associated with the container. If a volume is mounted on top of an existing directory in the container, `docker export` will export the contents of the *underlying* directory, not the contents of the volume. -Refer to [Backup, restore, or migrate data -volumes](https://docs.docker.com/engine/tutorials/dockervolumes/#backup-restore-or-migrate-data-volumes) in -the user guide for examples on exporting data in a volume. +Refer to [Backup, restore, or migrate data volumes](https://docs.docker.com/engine/tutorials/dockervolumes/#backup-restore-or-migrate-data-volumes) +in the user guide for examples on exporting data in a volume. ## Examples - $ docker export red_panda > latest.tar +Each of these commands has the same result. -Or +```bash +$ docker export red_panda > latest.tar +``` - $ docker export --output="latest.tar" red_panda +```bash +$ docker export --output="latest.tar" red_panda +``` diff --git a/docs/reference/commandline/history.md b/docs/reference/commandline/history.md index 00f88db35b..b68cc8695d 100644 --- a/docs/reference/commandline/history.md +++ b/docs/reference/commandline/history.md @@ -27,22 +27,30 @@ Options: -q, --quiet Only show numeric IDs ``` + +## Examples + To see how the `docker:latest` image was built: - $ docker history docker - IMAGE CREATED CREATED BY SIZE COMMENT - 3e23a5875458 8 days ago /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8 0 B - 8578938dd170 8 days ago /bin/sh -c dpkg-reconfigure locales && loc 1.245 MB - be51b77efb42 8 days ago /bin/sh -c apt-get update && apt-get install 338.3 MB - 4b137612be55 6 weeks ago /bin/sh -c #(nop) ADD jessie.tar.xz in / 121 MB - 750d58736b4b 6 weeks ago /bin/sh -c #(nop) MAINTAINER Tianon Gravi 77af4d6b9913 19 hours ago 1.089 GB - committ latest b6fa739cedf5 19 hours ago 1.089 GB - 78a85c484f71 19 hours ago 1.089 GB - docker latest 30557a29d5ab 20 hours ago 1.089 GB - 5ed6274db6ce 24 hours ago 1.089 GB - postgres 9 746b819f315e 4 days ago 213.4 MB - postgres 9.3 746b819f315e 4 days ago 213.4 MB - postgres 9.3.5 746b819f315e 4 days ago 213.4 MB - postgres latest 746b819f315e 4 days ago 213.4 MB +### List the most recently created images -### Listing images by name and tag +```bash +$ docker images + +REPOSITORY TAG IMAGE ID CREATED SIZE + 77af4d6b9913 19 hours ago 1.089 GB +committ latest b6fa739cedf5 19 hours ago 1.089 GB + 78a85c484f71 19 hours ago 1.089 GB +docker latest 30557a29d5ab 20 hours ago 1.089 GB + 5ed6274db6ce 24 hours ago 1.089 GB +postgres 9 746b819f315e 4 days ago 213.4 MB +postgres 9.3 746b819f315e 4 days ago 213.4 MB +postgres 9.3.5 746b819f315e 4 days ago 213.4 MB +postgres latest 746b819f315e 4 days ago 213.4 MB +``` + +### List images by name and tag The `docker images` command takes an optional `[REPOSITORY[:TAG]]` argument that restricts the list to images that match the argument. If you specify @@ -74,11 +81,14 @@ given repository. For example, to list all images in the "java" repository, run this command : - $ docker images java - REPOSITORY TAG IMAGE ID CREATED SIZE - java 8 308e519aac60 6 days ago 824.5 MB - java 7 493d82594c15 3 months ago 656.3 MB - java latest 2711b1d6f3aa 5 months ago 603.9 MB +```bash +$ docker images java + +REPOSITORY TAG IMAGE ID CREATED SIZE +java 8 308e519aac60 6 days ago 824.5 MB +java 7 493d82594c15 3 months ago 656.3 MB +java latest 2711b1d6f3aa 5 months ago 603.9 MB +``` The `[REPOSITORY[:TAG]]` value must be an "exact match". This means that, for example, `docker images jav` does not match the image `java`. @@ -87,46 +97,57 @@ If both `REPOSITORY` and `TAG` are provided, only images matching that repository and tag are listed. To find all local images in the "java" repository with tag "8" you can use: - $ docker images java:8 - REPOSITORY TAG IMAGE ID CREATED SIZE - java 8 308e519aac60 6 days ago 824.5 MB +```bash +$ docker images java:8 + +REPOSITORY TAG IMAGE ID CREATED SIZE +java 8 308e519aac60 6 days ago 824.5 MB +``` If nothing matches `REPOSITORY[:TAG]`, the list is empty. - $ docker images java:0 - REPOSITORY TAG IMAGE ID CREATED SIZE +```bash +$ docker images java:0 -## Listing the full length image IDs +REPOSITORY TAG IMAGE ID CREATED SIZE +``` - $ docker images --no-trunc - REPOSITORY TAG IMAGE ID CREATED SIZE - sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB - committest latest sha256:b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB - sha256:78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB - docker latest sha256:30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB - sha256:0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB - sha256:18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB - sha256:f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB - tryout latest sha256:2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB - sha256:5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB +### List the full length image IDs -## Listing image digests +```bash +$ docker images --no-trunc + +REPOSITORY TAG IMAGE ID CREATED SIZE + sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182 19 hours ago 1.089 GB +committest latest sha256:b6fa739cedf5ea12a620a439402b6004d057da800f91c7524b5086a5e4749c9f 19 hours ago 1.089 GB + sha256:78a85c484f71509adeaace20e72e941f6bdd2b25b4c75da8693efd9f61a37921 19 hours ago 1.089 GB +docker latest sha256:30557a29d5abc51e5f1d5b472e79b7e296f595abcf19fe6b9199dbbc809c6ff4 20 hours ago 1.089 GB + sha256:0124422dd9f9cf7ef15c0617cda3931ee68346455441d66ab8bdc5b05e9fdce5 20 hours ago 1.089 GB + sha256:18ad6fad340262ac2a636efd98a6d1f0ea775ae3d45240d3418466495a19a81b 22 hours ago 1.082 GB + sha256:f9f1e26352f0a3ba6a0ff68167559f64f3e21ff7ada60366e2d44a04befd1d3a 23 hours ago 1.089 GB +tryout latest sha256:2629d1fa0b81b222fca63371ca16cbf6a0772d07759ff80e8d1369b926940074 23 hours ago 131.5 MB + sha256:5ed6274db6ceb2397844896966ea239290555e74ef307030ebb01ff91b1914df 24 hours ago 1.089 GB +``` + +### List image digests Images that use the v2 or later format have a content-addressable identifier called a `digest`. As long as the input used to generate the image is unchanged, the digest value is predictable. To list image digest values, use the `--digests` flag: - $ docker images --digests - REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE - localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB +```bash +$ docker images --digests +REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE +localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB +``` When pushing or pulling to a 2.0 registry, the `push` or `pull` command output includes the image digest. You can `pull` using a digest value. You can also reference by digest in `create`, `run`, and `rmi` commands, as well as the `FROM` image reference in a Dockerfile. -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -138,133 +159,147 @@ The currently supported filters are: * before (`[:]`, `` or ``) - filter images created before given id or references * since (`[:]`, `` or ``) - filter images created since given id or references -##### Untagged images (dangling) +#### Show untagged images (dangling) - $ docker images --filter "dangling=true" +```bash +$ docker images --filter "dangling=true" - REPOSITORY TAG IMAGE ID CREATED SIZE - 8abc22fbb042 4 weeks ago 0 B - 48e5f45168b9 4 weeks ago 2.489 MB - bf747efa0e2f 4 weeks ago 0 B - 980fe10e5736 12 weeks ago 101.4 MB - dea752e4e117 12 weeks ago 101.4 MB - 511136ea3c5a 8 months ago 0 B +REPOSITORY TAG IMAGE ID CREATED SIZE + 8abc22fbb042 4 weeks ago 0 B + 48e5f45168b9 4 weeks ago 2.489 MB + bf747efa0e2f 4 weeks ago 0 B + 980fe10e5736 12 weeks ago 101.4 MB + dea752e4e117 12 weeks ago 101.4 MB + 511136ea3c5a 8 months ago 0 B +``` -This will display untagged images, that are the leaves of the images tree (not +This will display untagged images that are the leaves of the images tree (not intermediary layers). These images occur when a new build of an image takes the `repo:tag` away from the image ID, leaving it as `:` or untagged. A warning will be issued if trying to remove an image when a container is presently using it. By having this flag it allows for batch cleanup. -Ready for use by `docker rmi ...`, like: +You can use this in conjunction with `docker rmi ...`: - $ docker rmi $(docker images -f "dangling=true" -q) +```bash +$ docker rmi $(docker images -f "dangling=true" -q) - 8abc22fbb042 - 48e5f45168b9 - bf747efa0e2f - 980fe10e5736 - dea752e4e117 - 511136ea3c5a +8abc22fbb042 +48e5f45168b9 +bf747efa0e2f +980fe10e5736 +dea752e4e117 +511136ea3c5a +``` -NOTE: Docker will warn you if any containers exist that are using these untagged images. +> **Note**: Docker warns you if any containers exist that are using these +> untagged images. -##### Labeled images +#### Show images with a given label The `label` filter matches images based on the presence of a `label` alone or a `label` and a value. The following filter matches images with the `com.example.version` label regardless of its value. - $ docker images --filter "label=com.example.version" +```bash +$ docker images --filter "label=com.example.version" - REPOSITORY TAG IMAGE ID CREATED SIZE - match-me-1 latest eeae25ada2aa About a minute ago 188.3 MB - match-me-2 latest dea752e4e117 About a minute ago 188.3 MB +REPOSITORY TAG IMAGE ID CREATED SIZE +match-me-1 latest eeae25ada2aa About a minute ago 188.3 MB +match-me-2 latest dea752e4e117 About a minute ago 188.3 MB +``` The following filter matches images with the `com.example.version` label with the `1.0` value. - $ docker images --filter "label=com.example.version=1.0" - REPOSITORY TAG IMAGE ID CREATED SIZE - match-me latest 511136ea3c5a About a minute ago 188.3 MB +```bash +$ docker images --filter "label=com.example.version=1.0" + +REPOSITORY TAG IMAGE ID CREATED SIZE +match-me latest 511136ea3c5a About a minute ago 188.3 MB +``` In this example, with the `0.1` value, it returns an empty set because no matches were found. - $ docker images --filter "label=com.example.version=0.1" - REPOSITORY TAG IMAGE ID CREATED SIZE +```bash +$ docker images --filter "label=com.example.version=0.1" +REPOSITORY TAG IMAGE ID CREATED SIZE +``` -#### Before +#### Filter images by time The `before` filter shows only images created before the image with given id or reference. For example, having these images: - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - image1 latest eeae25ada2aa 4 minutes ago 188.3 MB - image2 latest dea752e4e117 9 minutes ago 188.3 MB - image3 latest 511136ea3c5a 25 minutes ago 188.3 MB +```bash +$ docker images + +REPOSITORY TAG IMAGE ID CREATED SIZE +image1 latest eeae25ada2aa 4 minutes ago 188.3 MB +image2 latest dea752e4e117 9 minutes ago 188.3 MB +image3 latest 511136ea3c5a 25 minutes ago 188.3 MB +``` Filtering with `before` would give: - $ docker images --filter "before=image1" - REPOSITORY TAG IMAGE ID CREATED SIZE - image2 latest dea752e4e117 9 minutes ago 188.3 MB - image3 latest 511136ea3c5a 25 minutes ago 188.3 MB +```bash +$ docker images --filter "before=image1" -#### Since - -The `since` filter shows only images created after the image with -given id or reference. For example, having these images: - - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - image1 latest eeae25ada2aa 4 minutes ago 188.3 MB - image2 latest dea752e4e117 9 minutes ago 188.3 MB - image3 latest 511136ea3c5a 25 minutes ago 188.3 MB +REPOSITORY TAG IMAGE ID CREATED SIZE +image2 latest dea752e4e117 9 minutes ago 188.3 MB +image3 latest 511136ea3c5a 25 minutes ago 188.3 MB +``` Filtering with `since` would give: - $ docker images --filter "since=image3" - REPOSITORY TAG IMAGE ID CREATED SIZE - image1 latest eeae25ada2aa 4 minutes ago 188.3 MB - image2 latest dea752e4e117 9 minutes ago 188.3 MB +```bash +$ docker images --filter "since=image3" +REPOSITORY TAG IMAGE ID CREATED SIZE +image1 latest eeae25ada2aa 4 minutes ago 188.3 MB +image2 latest dea752e4e117 9 minutes ago 188.3 MB +``` -#### Reference +#### Filter images by reference The `reference` filter shows only images whose reference matches the specified pattern. +```bash $ docker images + REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest e02e811dd08f 5 weeks ago 1.09 MB busybox uclibc e02e811dd08f 5 weeks ago 1.09 MB busybox musl 733eb3059dce 5 weeks ago 1.21 MB busybox glibc 21c16b6787c6 5 weeks ago 4.19 MB +``` Filtering with `reference` would give: +```bash $ docker images --filter=reference='busy*:*libc' REPOSITORY TAG IMAGE ID CREATED SIZE busybox uclibc e02e811dd08f 5 weeks ago 1.09 MB busybox glibc 21c16b6787c6 5 weeks ago 4.19 MB +``` -## Formatting +### Format the output The formatting option (`--format`) will pretty print container output using a Go template. Valid placeholders for the Go template are listed below: -Placeholder | Description ----- | ---- -`.ID` | Image ID -`.Repository` | Image repository -`.Tag` | Image tag -`.Digest` | Image digest -`.CreatedSince` | Elapsed time since the image was created -`.CreatedAt` | Time when the image was created -`.Size` | Image disk size +| Placeholder | Description| +| ---- | ---- | +| `.ID` | Image ID | +| `.Repository` | Image repository | +| `.Tag` | Image tag | +| `.Digest` | Image digest | +| `.CreatedSince` | Elapsed time since the image was created | +| `.CreatedAt` | Time when the image was created | +| `.Size` | Image disk size | When using the `--format` option, the `image` command will either output the data exactly as the template declares or, when using the @@ -273,32 +308,38 @@ output the data exactly as the template declares or, when using the The following example uses a template without headers and outputs the `ID` and `Repository` entries separated by a colon for all images: - {% raw %} - $ docker images --format "{{.ID}}: {{.Repository}}" - 77af4d6b9913: - b6fa739cedf5: committ - 78a85c484f71: - 30557a29d5ab: docker - 5ed6274db6ce: - 746b819f315e: postgres - 746b819f315e: postgres - 746b819f315e: postgres - 746b819f315e: postgres - {% endraw %} +```bash +{% raw %} +$ docker images --format "{{.ID}}: {{.Repository}}" + +77af4d6b9913: +b6fa739cedf5: committ +78a85c484f71: +30557a29d5ab: docker +5ed6274db6ce: +746b819f315e: postgres +746b819f315e: postgres +746b819f315e: postgres +746b819f315e: postgres +{% endraw %} +``` To list all images with their repository and tag in a table format you can use: - {% raw %} - $ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}" - IMAGE ID REPOSITORY TAG - 77af4d6b9913 - b6fa739cedf5 committ latest - 78a85c484f71 - 30557a29d5ab docker latest - 5ed6274db6ce - 746b819f315e postgres 9 - 746b819f315e postgres 9.3 - 746b819f315e postgres 9.3.5 - 746b819f315e postgres latest - {% endraw %} +```bash +{% raw %} +$ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}" + +IMAGE ID REPOSITORY TAG +77af4d6b9913 +b6fa739cedf5 committ latest +78a85c484f71 +30557a29d5ab docker latest +5ed6274db6ce +746b819f315e postgres 9 +746b819f315e postgres 9.3 +746b819f315e postgres 9.3.5 +746b819f315e postgres latest +{% endraw %} +``` diff --git a/docs/reference/commandline/import.md b/docs/reference/commandline/import.md index 20e90a61fd..57edf650c9 100644 --- a/docs/reference/commandline/import.md +++ b/docs/reference/commandline/import.md @@ -26,6 +26,8 @@ Options: -m, --message string Set commit message for imported image ``` +## Description + You can specify a `URL` or `-` (dash) to take data directly from `STDIN`. The `URL` can point to an archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, or .txz) containing a filesystem or to an individual file on the Docker host. If you @@ -41,33 +43,45 @@ Supported `Dockerfile` instructions: ## Examples -**Import from a remote location:** +### Import from a remote location This will create a new untagged image. - $ docker import http://example.com/exampleimage.tgz +```bash +$ docker import http://example.com/exampleimage.tgz +``` -**Import from a local file:** +### Import from a local file -Import to docker via pipe and `STDIN`. +- Import to docker via pipe and `STDIN`. - $ cat exampleimage.tgz | docker import - exampleimagelocal:new + ```bash + $ cat exampleimage.tgz | docker import - exampleimagelocal:new + ``` -Import with a commit message. +- Import with a commit message. - $ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new + ```bash + $ cat exampleimage.tgz | docker import --message "New image imported from tarball" - exampleimagelocal:new + ``` -Import to docker from a local archive. +- Import to docker from a local archive. + ```bash $ docker import /path/to/exampleimage.tgz + ``` -**Import from a local directory:** +### Import from a local directory - $ sudo tar -c . | docker import - exampleimagedir +```bash +$ sudo tar -c . | docker import - exampleimagedir +``` -**Import from a local directory with new configurations:** +### Import from a local directory with new configurations - $ sudo tar -c . | docker import --change "ENV DEBUG true" - exampleimagedir +```bash +$ sudo tar -c . | docker import --change "ENV DEBUG true" - exampleimagedir +``` Note the `sudo` in this example – you must preserve the ownership of the files (especially root ownership) during the diff --git a/docs/reference/commandline/index.md b/docs/reference/commandline/index.md index 87c7b4775f..f38fc52a8c 100644 --- a/docs/reference/commandline/index.md +++ b/docs/reference/commandline/index.md @@ -25,6 +25,8 @@ You start the Docker daemon with the command line. How you start the daemon affects your Docker containers. For that reason you should also make sure to read the [`dockerd`](dockerd.md) reference page. +## Commands by object + ### Docker management commands | Command | Description | @@ -123,7 +125,7 @@ read the [`dockerd`](dockerd.md) reference page. | [node rm](node_rm.md) | Remove one or more nodes from the swarm | | [node update](node_update.md) | Update attributes for a node | -### Swarm swarm commands +### Swarm management commands | Command | Description | |:--------|:-------------------------------------------------------------------| diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 50a084fcb2..aba4d190dd 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -25,6 +25,8 @@ Options: --help Print usage ``` +## Description + This command displays system wide information regarding the Docker installation. Information displayed includes the kernel version, number of containers and images. The number of images shown is the number of unique images. The same image tagged @@ -43,182 +45,201 @@ meta data regarding those images are stored. When run for the first time Docker allocates a certain amount of data space and meta data space from the space available on the volume where `/var/lib/docker` is mounted. -# Examples +## Examples -## Display Docker system information +### Show output + +The example below shows the output for a daemon running on Red Hat Enterprise Linux, +using the `devicemapper` storage driver. As can be seen in the output, additional +information about the `devicemapper` storage driver is shown: + +```bash +$ docker info + +Containers: 14 + Running: 3 + Paused: 1 + Stopped: 10 +Images: 52 +Server Version: 1.10.3 +Storage Driver: devicemapper + Pool Name: docker-202:2-25583803-pool + Pool Blocksize: 65.54 kB + Base Device Size: 10.74 GB + Backing Filesystem: xfs + Data file: /dev/loop0 + Metadata file: /dev/loop1 + Data Space Used: 1.68 GB + Data Space Total: 107.4 GB + Data Space Available: 7.548 GB + Metadata Space Used: 2.322 MB + Metadata Space Total: 2.147 GB + Metadata Space Available: 2.145 GB + Udev Sync Supported: true + Deferred Removal Enabled: false + Deferred Deletion Enabled: false + Deferred Deleted Device Count: 0 + Data loop file: /var/lib/docker/devicemapper/devicemapper/data + Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata + Library Version: 1.02.107-RHEL7 (2015-12-01) +Execution Driver: native-0.2 +Logging Driver: json-file +Plugins: + Volume: local + Network: null host bridge +Kernel Version: 3.10.0-327.el7.x86_64 +Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo) +OSType: linux +Architecture: x86_64 +CPUs: 1 +Total Memory: 991.7 MiB +Name: ip-172-30-0-91.ec2.internal +ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S +Docker Root Dir: /var/lib/docker +Debug mode (client): false +Debug mode (server): false +Username: gordontheturtle +Registry: https://index.docker.io/v1/ +Insecure registries: + myinsecurehost:5000 + 127.0.0.0/8 +``` + +### Show debugging output Here is a sample output for a daemon running on Ubuntu, using the overlay2 storage driver and a node that is part of a 2-node swarm: - $ docker -D info - Containers: 14 - Running: 3 - Paused: 1 - Stopped: 10 - Images: 52 - Server Version: 1.13.0 - Storage Driver: overlay2 - Backing Filesystem: extfs - Supports d_type: true - Native Overlay Diff: false - Logging Driver: json-file - Cgroup Driver: cgroupfs - Plugins: - Volume: local - Network: bridge host macvlan null overlay - Swarm: active - NodeID: rdjq45w1op418waxlairloqbm - Is Manager: true - ClusterID: te8kdyw33n36fqiz74bfjeixd - Managers: 1 - Nodes: 2 - Orchestration: - Task History Retention Limit: 5 - Raft: - Snapshot Interval: 10000 - Number of Old Snapshots to Retain: 0 - Heartbeat Tick: 1 - Election Tick: 3 - Dispatcher: - Heartbeat Period: 5 seconds - CA Configuration: - Expiry Duration: 3 months - Node Address: 172.16.66.128 172.16.66.129 - Manager Addresses: - 172.16.66.128:2477 - Runtimes: runc - Default Runtime: runc - Init Binary: docker-init - containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531 - runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2 - init version: N/A (expected: v0.13.0) - Security Options: - apparmor - seccomp - Profile: default - Kernel Version: 4.4.0-31-generic - Operating System: Ubuntu 16.04.1 LTS - OSType: linux - Architecture: x86_64 - CPUs: 2 - Total Memory: 1.937 GiB - Name: ubuntu - ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326 - Docker Root Dir: /var/lib/docker - Debug Mode (client): true - Debug Mode (server): true - File Descriptors: 30 - Goroutines: 123 - System Time: 2016-11-12T17:24:37.955404361-08:00 - EventsListeners: 0 - Http Proxy: http://test:test@proxy.example.com:8080 - Https Proxy: https://test:test@proxy.example.com:8080 - No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com - Registry: https://index.docker.io/v1/ - WARNING: No swap limit support - Labels: - storage=ssd - staging=true - Experimental: false - Insecure Registries: - 127.0.0.0/8 - Registry Mirrors: - http://192.168.1.2/ - http://registry-mirror.example.com:5000/ - Live Restore Enabled: false +```bash +$ docker -D info -The global `-D` option tells all `docker` commands to output debug information. +Containers: 14 + Running: 3 + Paused: 1 + Stopped: 10 +Images: 52 +Server Version: 1.13.0 +Storage Driver: overlay2 + Backing Filesystem: extfs + Supports d_type: true + Native Overlay Diff: false +Logging Driver: json-file +Cgroup Driver: cgroupfs +Plugins: + Volume: local + Network: bridge host macvlan null overlay +Swarm: active + NodeID: rdjq45w1op418waxlairloqbm + Is Manager: true + ClusterID: te8kdyw33n36fqiz74bfjeixd + Managers: 1 + Nodes: 2 + Orchestration: + Task History Retention Limit: 5 + Raft: + Snapshot Interval: 10000 + Number of Old Snapshots to Retain: 0 + Heartbeat Tick: 1 + Election Tick: 3 + Dispatcher: + Heartbeat Period: 5 seconds + CA Configuration: + Expiry Duration: 3 months + Node Address: 172.16.66.128 172.16.66.129 + Manager Addresses: + 172.16.66.128:2477 +Runtimes: runc +Default Runtime: runc +Init Binary: docker-init +containerd version: 8517738ba4b82aff5662c97ca4627e7e4d03b531 +runc version: ac031b5bf1cc92239461125f4c1ffb760522bbf2 +init version: N/A (expected: v0.13.0) +Security Options: + apparmor + seccomp + Profile: default +Kernel Version: 4.4.0-31-generic +Operating System: Ubuntu 16.04.1 LTS +OSType: linux +Architecture: x86_64 +CPUs: 2 +Total Memory: 1.937 GiB +Name: ubuntu +ID: H52R:7ZR6:EIIA:76JG:ORIY:BVKF:GSFU:HNPG:B5MK:APSC:SZ3Q:N326 +Docker Root Dir: /var/lib/docker +Debug Mode (client): true +Debug Mode (server): true + File Descriptors: 30 + Goroutines: 123 + System Time: 2016-11-12T17:24:37.955404361-08:00 + EventsListeners: 0 +Http Proxy: http://test:test@proxy.example.com:8080 +Https Proxy: https://test:test@proxy.example.com:8080 +No Proxy: localhost,127.0.0.1,docker-registry.somecorporation.com +Registry: https://index.docker.io/v1/ +WARNING: No swap limit support +Labels: + storage=ssd + staging=true +Experimental: false +Insecure Registries: + 127.0.0.0/8 +Registry Mirrors: + http://192.168.1.2/ + http://registry-mirror.example.com:5000/ +Live Restore Enabled: false +``` -The example below shows the output for a daemon running on Red Hat Enterprise Linux, -using the devicemapper storage driver. As can be seen in the output, additional -information about the devicemapper storage driver is shown: +The global `-D` option causes all `docker` commands to output debug information. - $ docker info - Containers: 14 - Running: 3 - Paused: 1 - Stopped: 10 - Images: 52 - Server Version: 1.10.3 - Storage Driver: devicemapper - Pool Name: docker-202:2-25583803-pool - Pool Blocksize: 65.54 kB - Base Device Size: 10.74 GB - Backing Filesystem: xfs - Data file: /dev/loop0 - Metadata file: /dev/loop1 - Data Space Used: 1.68 GB - Data Space Total: 107.4 GB - Data Space Available: 7.548 GB - Metadata Space Used: 2.322 MB - Metadata Space Total: 2.147 GB - Metadata Space Available: 2.145 GB - Udev Sync Supported: true - Deferred Removal Enabled: false - Deferred Deletion Enabled: false - Deferred Deleted Device Count: 0 - Data loop file: /var/lib/docker/devicemapper/devicemapper/data - Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata - Library Version: 1.02.107-RHEL7 (2015-12-01) - Execution Driver: native-0.2 - Logging Driver: json-file - Plugins: - Volume: local - Network: null host bridge - Kernel Version: 3.10.0-327.el7.x86_64 - Operating System: Red Hat Enterprise Linux Server 7.2 (Maipo) - OSType: linux - Architecture: x86_64 - CPUs: 1 - Total Memory: 991.7 MiB - Name: ip-172-30-0-91.ec2.internal - ID: I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S - Docker Root Dir: /var/lib/docker - Debug mode (client): false - Debug mode (server): false - Username: gordontheturtle - Registry: https://index.docker.io/v1/ - Insecure registries: - myinsecurehost:5000 - 127.0.0.0/8 +### Format the output You can also specify the output format: - $ docker info --format '{{json .}}' - {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} +```bash +{% raw %} +$ docker info --format '{{json .}}' + +{"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} +``` + +### Run `docker info` on Windows Here is a sample output for a daemon running on Windows Server 2016: - E:\docker>docker info - Containers: 1 - Running: 0 - Paused: 0 - Stopped: 1 - Images: 17 - Server Version: 1.13.0 - Storage Driver: windowsfilter - Windows: - Logging Driver: json-file - Plugins: - Volume: local - Network: nat null overlay - Swarm: inactive - Default Isolation: process - Kernel Version: 10.0 14393 (14393.206.amd64fre.rs1_release.160912-1937) - Operating System: Windows Server 2016 Datacenter - OSType: windows - Architecture: x86_64 - CPUs: 8 - Total Memory: 3.999 GiB - Name: WIN-V0V70C0LU5P - ID: NYMS:B5VK:UMSL:FVDZ:EWB5:FKVK:LPFL:FJMQ:H6FT:BZJ6:L2TD:XH62 - Docker Root Dir: C:\control - Debug Mode (client): false - Debug Mode (server): false - Registry: https://index.docker.io/v1/ - Insecure Registries: - 127.0.0.0/8 - Registry Mirrors: - http://192.168.1.2/ - http://registry-mirror.example.com:5000/ - Live Restore Enabled: false +```none +E:\docker>docker info + +Containers: 1 + Running: 0 + Paused: 0 + Stopped: 1 +Images: 17 +Server Version: 1.13.0 +Storage Driver: windowsfilter + Windows: +Logging Driver: json-file +Plugins: + Volume: local + Network: nat null overlay +Swarm: inactive +Default Isolation: process +Kernel Version: 10.0 14393 (14393.206.amd64fre.rs1_release.160912-1937) +Operating System: Windows Server 2016 Datacenter +OSType: windows +Architecture: x86_64 +CPUs: 8 +Total Memory: 3.999 GiB +Name: WIN-V0V70C0LU5P +ID: NYMS:B5VK:UMSL:FVDZ:EWB5:FKVK:LPFL:FJMQ:H6FT:BZJ6:L2TD:XH62 +Docker Root Dir: C:\control +Debug Mode (client): false +Debug Mode (server): false +Registry: https://index.docker.io/v1/ +Insecure Registries: + 127.0.0.0/8 +Registry Mirrors: + http://192.168.1.2/ + http://registry-mirror.example.com:5000/ +Live Restore Enabled: false +``` diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 7a0c3a0871..dfea20a57a 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -28,7 +28,9 @@ Options: --type Return JSON for specified type ``` -By default, this will render all results in a JSON array. If the container and +## Description + +By default, `docker inspect` will render all results in a JSON array. If the container and image have the same name, this will return container JSON for unspecified type. If a format is specified, the given template will be executed for each result. @@ -37,46 +39,53 @@ describes all the details of the format. ## Examples -**Get an instance's IP address:** +### Get an instance's IP address For the most part, you can pick out any field from the JSON in a fairly straightforward manner. - {% raw %} - $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID - {% endraw %} +```bash +{% raw %} +$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID +{% endraw %} +``` -**Get an instance's MAC address:** +### Get an instance's MAC address -For the most part, you can pick out any field from the JSON in a fairly -straightforward manner. +```bash +{% raw %} +$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID +{% endraw %} +``` - {% raw %} - $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID - {% endraw %} +### Get an instance's log path -**Get an instance's log path:** +```bash +{% raw %} +$ docker inspect --format='{{.LogPath}}' $INSTANCE_ID +{% endraw %} +``` - {% raw %} - $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID - {% endraw %} +### Get an instance's image name -**Get a Task's image name:** +```bash +{% raw %} +$ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID +{% endraw %} +``` - {% raw %} - $ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID - {% endraw %} +### List all port bindings -**List all port bindings:** - -One can loop over arrays and maps in the results to produce simple text +You can loop over arrays and maps in the results to produce simple text output: - {% raw %} - $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID - {% endraw %} +```bash +{% raw %} +$ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID +{% endraw %} +``` -**Find a specific port mapping:** +### Find a specific port mapping The `.Field` syntax doesn't work when the field name begins with a number, but the template language's `index` function does. The @@ -86,17 +95,21 @@ numeric public port, you use `index` to find the specific port map, and then `index` 0 contains the first object inside of that. Then we ask for the `HostPort` field to get the public address. - {% raw %} - $ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID - {% endraw %} +```bash +{% raw %} +$ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID +{% endraw %} +``` -**Get a subsection in JSON format:** +### Get a subsection in JSON format If you request a field which is itself a structure containing other fields, by default you get a Go-style dump of the inner values. Docker adds a template function, `json`, which can be applied to get results in JSON format. - {% raw %} - $ docker inspect --format='{{json .Config}}' $INSTANCE_ID - {% endraw %} +```bash +{% raw %} +$ docker inspect --format='{{json .Config}}' $INSTANCE_ID +{% endraw %} +``` diff --git a/docs/reference/commandline/kill.md b/docs/reference/commandline/kill.md index 32fde3d8b5..97b15add9b 100644 --- a/docs/reference/commandline/kill.md +++ b/docs/reference/commandline/kill.md @@ -25,10 +25,11 @@ Options: -s, --signal string Signal to send to the container (default "KILL") ``` +## Description + The main process inside the container will be sent `SIGKILL`, or any signal specified with option `--signal`. -> **Note:** -> `ENTRYPOINT` and `CMD` in the *shell* form run as a subcommand of `/bin/sh -c`, -> which does not pass signals. This means that the executable is not the container’s PID 1 -> and does not receive Unix signals. +> **Note**: `ENTRYPOINT` and `CMD` in the *shell* form run as a subcommand of +> `/bin/sh -c`, which does not pass signals. This means that the executable is +> not the container’s PID 1 and does not receive Unix signals. diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index 04a5bc7e56..f19362b433 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -26,28 +26,37 @@ Options: The tarball may be compressed with gzip, bzip, or xz -q, --quiet Suppress the load output but still outputs the imported images ``` +## Descriptino -Loads a tarred repository from a file or the standard input stream. -Restores both images and tags. +`docker load` loads a tarred repository from a file or the standard input stream. +It restores both images and tags. - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - $ docker load < busybox.tar.gz - # […] - Loaded image: busybox:latest - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - $ docker load --input fedora.tar - # […] - Loaded image: fedora:rawhide - # […] - Loaded image: fedora:20 - # […] - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - busybox latest 769b9341d937 7 weeks ago 2.489 MB - fedora rawhide 0d20aec6529d 7 weeks ago 387 MB - fedora 20 58394af37342 7 weeks ago 385.5 MB - fedora heisenbug 58394af37342 7 weeks ago 385.5 MB - fedora latest 58394af37342 7 weeks ago 385.5 MB +## Examples + +```bash +$ docker images + +REPOSITORY TAG IMAGE ID CREATED SIZE + +$ docker load < busybox.tar.gz + +Loaded image: busybox:latest +$ docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +busybox latest 769b9341d937 7 weeks ago 2.489 MB + +$ docker load --input fedora.tar + +Loaded image: fedora:rawhide + +Loaded image: fedora:20 + +$ docker images + +REPOSITORY TAG IMAGE ID CREATED SIZE +busybox latest 769b9341d937 7 weeks ago 2.489 MB +fedora rawhide 0d20aec6529d 7 weeks ago 387 MB +fedora 20 58394af37342 7 weeks ago 385.5 MB +fedora heisenbug 58394af37342 7 weeks ago 385.5 MB +fedora latest 58394af37342 7 weeks ago 385.5 MB +``` diff --git a/docs/reference/commandline/login.md b/docs/reference/commandline/login.md index 17bb76083b..0b8e697281 100644 --- a/docs/reference/commandline/login.md +++ b/docs/reference/commandline/login.md @@ -27,12 +27,20 @@ Options: -u, --username string Username ``` +## Description + +Login to a registry. + +### Login to a self-hosted registry + If you want to login to a self-hosted registry you can specify this by adding the server name. - example: - $ docker login localhost:8080 +```bash +$ docker login localhost:8080 +``` +### Privileged user requirement `docker login` requires user to use `sudo` or be `root`, except when: @@ -43,7 +51,7 @@ You can log into any public or private repository for which you have credentials. When you log in, the command stores encoded credentials in `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows. -## Credentials store +### Credentials store The Docker Engine can keep user credentials in an external credentials store, such as the native keychain of the operating system. Using an external store @@ -60,8 +68,6 @@ you can download them from: - Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases - Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases -### Usage - You need to specify the credentials store in `$HOME/.docker/config.json` to tell the docker engine to use it. The value of the config property should be the suffix of the program to use (i.e. everything after `docker-credential-`). @@ -76,7 +82,7 @@ For example, to use `docker-credential-osxkeychain`: If you are currently logged in, run `docker logout` to remove the credentials from the file and run `docker login` again. -### Protocol +### Credential helper protocol Credential helpers can be any program or script that follows a very simple protocol. This protocol is heavily inspired by Git, but it differs in the information shared. @@ -123,14 +129,14 @@ an example of that payload: `https://index.docker.io/v1`. The `erase` command can write error messages to `STDOUT` that the docker engine will show if there was an issue. -## Credential helpers +### Credential helpers Credential helpers are similar to the credential store above, but act as the designated programs to handle credentials for *specific registries*. The default credential store (`credsStore` or the config file itself) will not be used for operations concerning credentials of the specified registries. -### Usage +### Logging out If you are currently logged in, run `docker logout` to remove the credentials from the default store. diff --git a/docs/reference/commandline/logout.md b/docs/reference/commandline/logout.md index 1635e2244b..1e150eb848 100644 --- a/docs/reference/commandline/logout.md +++ b/docs/reference/commandline/logout.md @@ -25,6 +25,8 @@ Options: --help Print usage ``` -For example: +## Examples - $ docker logout localhost:8080 +```bash +$ docker logout localhost:8080 +``` diff --git a/docs/reference/commandline/logs.md b/docs/reference/commandline/logs.md index 6d42929fbb..75f25f7657 100644 --- a/docs/reference/commandline/logs.md +++ b/docs/reference/commandline/logs.md @@ -25,10 +25,12 @@ Options: -f, --follow Follow log output --help Print usage --since string Show logs since timestamp (e.g. 2013-01-02T13:23:37) or relative (e.g. 42m for 42 minutes) - --tail string Number of lines to show from the end of the logs (default "all") + --tail string Number of lines to show from the end of the logs (default "all") -t, --timestamps Show timestamps ``` +## Description + The `docker logs` command batch-retrieves logs present at the time of execution. > **Note**: this command is only functional for containers that are started with diff --git a/docs/reference/commandline/menu.md b/docs/reference/commandline/menu.md deleted file mode 100644 index d58afacd76..0000000000 --- a/docs/reference/commandline/menu.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: "Command line reference" -description: "Docker's CLI command description and usage" -keywords: "Docker, Docker documentation, CLI, command line" -identifier: "smn_cli" ---- - - - -# The Docker commands - -This section contains reference information on using Docker's command line -client. Each command has a reference page along with samples. If you are -unfamiliar with the command line, you should start by reading about how to -[Use the Docker command line](cli.md). - -You start the Docker daemon with the command line. How you start the daemon -affects your Docker containers. For that reason you should also make sure to -read the [`dockerd`](dockerd.md) reference page. - -For a list of Docker commands see [Command line reference guide](index.md). diff --git a/docs/reference/commandline/network_connect.md b/docs/reference/commandline/network_connect.md index 1c8548a4f9..ba01fc6add 100644 --- a/docs/reference/commandline/network_connect.md +++ b/docs/reference/commandline/network_connect.md @@ -29,38 +29,55 @@ Options: --link-local-ip value Add a link-local address for the container (default []) ``` +## Description + Connects a container to a network. You can connect a container by name or by ID. Once connected, the container can communicate with other containers in the same network. +## Examples + +### Connect a running container to a network + ```bash $ docker network connect multi-host-network container1 ``` +### Connect a container to a network when it starts + You can also use the `docker run --network=` option to start a container and immediately connect it to a network. ```bash $ docker run -itd --network=multi-host-network busybox ``` +### Specify the IP address a container will use on a given network + You can specify the IP address you want to be assigned to the container's interface. ```bash $ docker network connect --ip 10.10.36.122 multi-host-network container2 ``` +### Use the legacy `--link` option + You can use `--link` option to link another container with a preferred alias ```bash $ docker network connect --link container1:c1 multi-host-network container2 ``` +### Create a network alias for a container + `--alias` option can be used to resolve the container by another name in the network being connected to. ```bash $ docker network connect --alias db --alias mysql multi-host-network container2 ``` + +### Network implications of stopping, pausing, or restarting containers + You can pause, restart, and stop containers that are connected to a network. A container connects to its configured networks when it runs. @@ -88,7 +105,7 @@ network but launched from different Engines can also communicate in this way. You can connect a container to one or more networks. The networks need not be the same type. For example, you can connect a single container bridge and overlay networks. -## Related information +## Related commands * [network inspect](network_inspect.md) * [network create](network_create.md) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index e238217d41..4540d530c6 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -38,6 +38,8 @@ Options: network segment (default []) ``` +## Description + Creates a new network. The `DRIVER` accepts `bridge` or `overlay` which are the built-in network drivers. If you have installed a third party or your own custom network driver you can specify that `DRIVER` here also. If you don't specify the @@ -86,7 +88,9 @@ Network names must be unique. The Docker daemon attempts to identify naming conflicts but this is not guaranteed. It is the user's responsibility to avoid name conflicts. -## Connect containers +## Examples + +### Connect containers When you start a container, use the `--network` flag to connect it to a network. This example adds the `busybox` container to the `mynet` network: @@ -107,7 +111,7 @@ Engines can also communicate in this way. You can disconnect a container from a network using the `docker network disconnect` command. -## Specifying advanced options +### Specify advanced options When you create a network, Engine creates a non-overlapping subnetwork for the network by default. This subnetwork is not a subdivision of an existing @@ -150,7 +154,7 @@ $ docker network create -d overlay \ Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error. -# Bridge driver options +### Bridge driver options When creating a custom network, the default network driver (i.e. `bridge`) has additional options that can be passed. The following are those options and the @@ -191,7 +195,7 @@ connects a bridge network to it to provide external connectivity. If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. -## Related information +## Related commands * [network inspect](network_inspect.md) * [network connect](network_connect.md) diff --git a/docs/reference/commandline/network_disconnect.md b/docs/reference/commandline/network_disconnect.md index 42e976a500..e855894d27 100644 --- a/docs/reference/commandline/network_disconnect.md +++ b/docs/reference/commandline/network_disconnect.md @@ -25,14 +25,19 @@ Options: --help Print usage ``` -Disconnects a container from a network. The container must be running to disconnect it from the network. +## Description + +Disconnects a container from a network. The container must be running to +disconnect it from the network. + +## Examples ```bash $ docker network disconnect multi-host-network container1 ``` -## Related information +## Related commands * [network inspect](network_inspect.md) * [network connect](network_connect.md) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index bc0005e38e..2b4c423bbb 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -25,7 +25,16 @@ Options: --help Print usage ``` -Returns information about one or more networks. By default, this command renders all results in a JSON object. For example, if you connect two containers to the default `bridge` network: +## Description + +Returns information about one or more networks. By default, this command renders +all results in a JSON object. + +## Examples + +## Inspect the `bridge` network + +Connect two containers to the default `bridge` network: ```bash $ sudo docker run -itd --name=container1 busybox @@ -47,8 +56,9 @@ template for each result. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. -```bash +```none $ sudo docker network inspect bridge + [ { "Name": "bridge", @@ -95,12 +105,19 @@ $ sudo docker network inspect bridge ] ``` -Returns the information about the user-defined network: +### Inspect a user-defined network + +Create and inspect a user-defined network: ```bash $ docker network create simple-network + 69568e6336d8c96bbf57869030919f7c69524f71183b44d80948bd3927c87f6a +``` + +```none $ docker network inspect simple-network + [ { "Name": "simple-network", @@ -124,12 +141,15 @@ $ docker network inspect simple-network ] ``` -For swarm mode overlay networks `network inspect` also shows the IP address and node name -of the peers. Peers are the nodes in the swarm cluster which have at least one task attached +### Inspect the `ingress` network + +For swarm mode overlay networks `network inspect` also shows the IP address and node name +of the peers. Peers are the nodes in the swarm cluster which have at least one task attached to the network. Node name is of the format `-`. -```bash +```none $ docker network inspect ingress + [ { "Name": "ingress", @@ -181,7 +201,7 @@ $ docker network inspect ingress ] ``` -## Related information +## Related commands * [network disconnect ](network_disconnect.md) * [network connect](network_connect.md) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index f0542d1e26..7bd401ec3b 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -31,8 +31,14 @@ Options: -q, --quiet Only display network IDs ``` +## Description + Lists all the networks the Engine `daemon` knows about. This includes the -networks that span across multiple hosts in a cluster, for example: +networks that span across multiple hosts in a cluster. + +## Examples + +### List all networks ```bash $ sudo docker network ls @@ -55,7 +61,7 @@ c288470c46f6c8949c5f7e5099b5b7947b07eabe8d9a27d79a9cbf111adcbf47 host 63d1ff1f77b07ca51070a8c227e962238358bd310bde1529cf62e6c307ade161 dev bridge local ``` -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). @@ -175,7 +181,7 @@ $ docker network rm `docker network ls --filter type=custom -q` A warning will be issued when trying to remove a network that has containers attached. -## Formatting +### Formatting The formatting options (`--format`) pretty-prints networks output using a Go template. @@ -208,7 +214,7 @@ d1584f8dc718: host 391df270dc66: null ``` -## Related information +## Related commands * [network disconnect ](network_disconnect.md) * [network connect](network_connect.md) diff --git a/docs/reference/commandline/network_prune.md b/docs/reference/commandline/network_prune.md index a3878c2977..12d1caac08 100644 --- a/docs/reference/commandline/network_prune.md +++ b/docs/reference/commandline/network_prune.md @@ -17,12 +17,16 @@ Options: --help Print usage ``` -Remove all unused networks. Unused networks are those which are not referenced by any containers. +## Description -Example output: +Remove all unused networks. Unused networks are those which are not referenced +by any containers. + +## Examples ```bash $ docker network prune + WARNING! This will remove all networks not used by at least one container. Are you sure you want to continue? [y/N] y Deleted Networks: @@ -30,7 +34,7 @@ n1 n2 ``` -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -54,8 +58,9 @@ fraction of a second no more than nine digits long. The following removes networks created more than 5 minutes ago. Note that system networks such as `bridge`, `host`, and `none` will never be pruned: -```bash +```none $ docker network ls + NETWORK ID NAME DRIVER SCOPE 7430df902d7a bridge bridge local ea92373fd499 foo-1-day-ago bridge local @@ -64,10 +69,12 @@ ab53663ed3c7 foo-1-min-ago bridge local f949d337b1f5 none null local $ docker network prune --force --filter until=5m + Deleted Networks: foo-1-day-ago $ docker network ls + NETWORK ID NAME DRIVER SCOPE 7430df902d7a bridge bridge local ab53663ed3c7 foo-1-min-ago bridge local @@ -75,7 +82,7 @@ ab53663ed3c7 foo-1-min-ago bridge local f949d337b1f5 none null local ``` -## Related information +## Related commands * [network disconnect ](network_disconnect.md) * [network connect](network_connect.md) diff --git a/docs/reference/commandline/network_rm.md b/docs/reference/commandline/network_rm.md index f06b4c002d..aab487a044 100644 --- a/docs/reference/commandline/network_rm.md +++ b/docs/reference/commandline/network_rm.md @@ -27,14 +27,23 @@ Options: --help Print usage ``` +## Description + Removes one or more networks by name or identifier. To remove a network, you must first disconnect any containers connected to it. + +## Examples + +### Remove a network + To remove the network named 'my-network': ```bash $ docker network rm my-network ``` +### Remove multiple networks + To delete multiple networks in a single `docker network rm` command, provide multiple network names or ids. The following example deletes a network with id `3695c422697f` and a network named `my-network`: @@ -48,7 +57,7 @@ If the deletion of one network fails, the command continues to the next on the list and tries to delete that. The command reports success or failure for each deletion. -## Related information +## Related commands * [network disconnect ](network_disconnect.md) * [network connect](network_connect.md) diff --git a/docs/reference/commandline/node_demote.md b/docs/reference/commandline/node_demote.md index 9a81bb9c04..e6e59d8945 100644 --- a/docs/reference/commandline/node_demote.md +++ b/docs/reference/commandline/node_demote.md @@ -25,14 +25,19 @@ Options: ``` -Demotes an existing manager so that it is no longer a manager. This command targets a docker engine that is a manager in the swarm. +## Description +Demotes an existing manager so that it is no longer a manager. This command +targets a docker engine that is a manager in the swarm. + + +## Examples ```bash $ docker node demote ``` -## Related information +## Related commands * [node inspect](node_inspect.md) * [node ls](node_ls.md) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index fac688fe40..2ff6971742 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -26,108 +26,120 @@ Options: --pretty Print the information in a human friendly format. ``` +## Description + Returns information about a node. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a given template for each result. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. -Example output: +## Examples - $ docker node inspect swarm-manager - [ - { - "ID": "e216jshn25ckzbvmwlnh5jr3g", - "Version": { - "Index": 10 +### Inspect a node + +```none +$ docker node inspect swarm-manager + +[ +{ + "ID": "e216jshn25ckzbvmwlnh5jr3g", + "Version": { + "Index": 10 + }, + "CreatedAt": "2016-06-16T22:52:44.9910662Z", + "UpdatedAt": "2016-06-16T22:52:45.230878043Z", + "Spec": { + "Role": "manager", + "Availability": "active" + }, + "Description": { + "Hostname": "swarm-manager", + "Platform": { + "Architecture": "x86_64", + "OS": "linux" }, - "CreatedAt": "2016-06-16T22:52:44.9910662Z", - "UpdatedAt": "2016-06-16T22:52:45.230878043Z", - "Spec": { - "Role": "manager", - "Availability": "active" + "Resources": { + "NanoCPUs": 1000000000, + "MemoryBytes": 1039843328 }, - "Description": { - "Hostname": "swarm-manager", - "Platform": { - "Architecture": "x86_64", - "OS": "linux" - }, - "Resources": { - "NanoCPUs": 1000000000, - "MemoryBytes": 1039843328 - }, - "Engine": { - "EngineVersion": "1.12.0", - "Plugins": [ - { - "Type": "Volume", - "Name": "local" - }, - { - "Type": "Network", - "Name": "overlay" - }, - { - "Type": "Network", - "Name": "null" - }, - { - "Type": "Network", - "Name": "host" - }, - { - "Type": "Network", - "Name": "bridge" - }, - { - "Type": "Network", - "Name": "overlay" - } - ] - } - }, - "Status": { - "State": "ready", - "Addr": "168.0.32.137" - }, - "ManagerStatus": { - "Leader": true, - "Reachability": "reachable", - "Addr": "168.0.32.137:2377" + "Engine": { + "EngineVersion": "1.12.0", + "Plugins": [ + { + "Type": "Volume", + "Name": "local" + }, + { + "Type": "Network", + "Name": "overlay" + }, + { + "Type": "Network", + "Name": "null" + }, + { + "Type": "Network", + "Name": "host" + }, + { + "Type": "Network", + "Name": "bridge" + }, + { + "Type": "Network", + "Name": "overlay" + } + ] } + }, + "Status": { + "State": "ready", + "Addr": "168.0.32.137" + }, + "ManagerStatus": { + "Leader": true, + "Reachability": "reachable", + "Addr": "168.0.32.137:2377" } - ] +} +] +``` - {% raw %} - $ docker node inspect --format '{{ .ManagerStatus.Leader }}' self - false - {% endraw %} +### Specify an output format - $ docker node inspect --pretty self - ID: e216jshn25ckzbvmwlnh5jr3g - Hostname: swarm-manager - Joined at: 2016-06-16 22:52:44.9910662 +0000 utc - Status: - State: Ready - Availability: Active - Address: 172.17.0.2 - Manager Status: - Address: 172.17.0.2:2377 - Raft Status: Reachable - Leader: Yes - Platform: - Operating System: linux - Architecture: x86_64 - Resources: - CPUs: 4 - Memory: 7.704 GiB - Plugins: - Network: overlay, bridge, null, host, overlay - Volume: local - Engine Version: 1.12.0 +```none +{% raw %} +$ docker node inspect --format '{{ .ManagerStatus.Leader }}' self -## Related information +false + +$ docker node inspect --pretty self +ID: e216jshn25ckzbvmwlnh5jr3g +Hostname: swarm-manager +Joined at: 2016-06-16 22:52:44.9910662 +0000 utc +Status: + State: Ready + Availability: Active + Address: 172.17.0.2 +Manager Status: + Address: 172.17.0.2:2377 + Raft Status: Reachable + Leader: Yes +Platform: + Operating System: linux + Architecture: x86_64 +Resources: + CPUs: 4 + Memory: 7.704 GiB +Plugins: + Network: overlay, bridge, null, host, overlay + Volume: local +Engine Version: 1.12.0 +{% endraw %} +``` + +## Related commands * [node demote](node_demote.md) * [node ls](node_ls.md) diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 5f61713c2e..836fceaea2 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -29,9 +29,13 @@ Options: -q, --quiet Only display IDs ``` -Lists all the nodes that the Docker Swarm manager knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. +## Description -Example output: +Lists all the nodes that the Docker Swarm manager knows about. You can filter +using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section +for more information about available filter options. + +## Examples ```bash $ docker node ls @@ -42,7 +46,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATU e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader ``` -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -55,7 +59,7 @@ The currently supported filters are: * [name](node_ls.md#name) * [role](node_ls.md#role) -#### ID +#### id The `id` filter matches all or part of a node's id. @@ -66,7 +70,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active ``` -#### Label +#### label The `label` filter matches nodes based on engine labels and on the presence of a `label` alone or a `label` and a value. Node labels are currently not used for filtering. @@ -79,7 +83,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1bcef6utixb0l0ca7gxuivsj0 swarm-worker2 Ready Active ``` -#### Membership +#### membersip The `membership` filter matches nodes based on the presence of a `membership` and a value `accepted` or `pending`. @@ -94,7 +98,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATU 38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active ``` -#### Name +#### name The `name` filter matches on all or part of a node hostname. @@ -107,7 +111,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATU e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader ``` -#### Role +#### role The `role` filter matches nodes based on the presence of a `role` and a value `worker` or `manager`. @@ -120,7 +124,7 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATU e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader ``` -## Related information +## Related commands * [node demote](node_demote.md) * [node inspect](node_inspect.md) diff --git a/docs/reference/commandline/node_promote.md b/docs/reference/commandline/node_promote.md index 92092a8935..1ebbe9550c 100644 --- a/docs/reference/commandline/node_promote.md +++ b/docs/reference/commandline/node_promote.md @@ -24,14 +24,18 @@ Options: --help Print usage ``` -Promotes a node to manager. This command targets a docker engine that is a manager in the swarm. +## Description +Promotes a node to manager. This command targets a docker engine that is a +manager in the swarm. + +## Examples ```bash $ docker node promote ``` -## Related information +## Related commands * [node demote](node_demote.md) * [node inspect](node_inspect.md) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 7f07c5ea64..e2e1418287 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -28,20 +28,23 @@ Options: --no-trunc Do not truncate output ``` +## Description + Lists all the tasks on a Node that Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. -Example output: +## Examples - $ docker node ps swarm-manager1 - NAME IMAGE NODE DESIRED STATE CURRENT STATE - redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours - redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds - redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds - redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds - redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds +```bash +$ docker node ps swarm-manager1 +NAME IMAGE NODE DESIRED STATE CURRENT STATE +redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours +redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds +redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds +redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds +redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds +``` - -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -59,23 +62,27 @@ The `name` filter matches on all or part of a task's name. The following filter matches all tasks with a name containing the `redis` string. - $ docker node ps -f name=redis swarm-manager1 - NAME IMAGE NODE DESIRED STATE CURRENT STATE - redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours - redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds - redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds - redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds - redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds +```bash +$ docker node ps -f name=redis swarm-manager1 +NAME IMAGE NODE DESIRED STATE CURRENT STATE +redis.1.7q92v0nr1hcgts2amcjyqg3pq redis:3.0.6 swarm-manager1 Running Running 5 hours +redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 29 seconds +redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds +redis.9.dkkual96p4bb3s6b10r7coxxt redis:3.0.6 swarm-manager1 Running Running 5 seconds +redis.10.0tgctg8h8cech4w0k0gwrmr23 redis:3.0.6 swarm-manager1 Running Running 5 seconds +``` #### id The `id` filter matches a task's id. - $ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1 - NAME IMAGE NODE DESIRED STATE CURRENT STATE - redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds +```bash +$ docker node ps -f id=bg8c07zzg87di2mufeq51a2qp swarm-manager1 +NAME IMAGE NODE DESIRED STATE CURRENT STATE +redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 5 seconds +``` #### label @@ -86,6 +93,7 @@ The following filter matches tasks with the `usage` label regardless of its valu ```bash $ docker node ps -f "label=usage" + NAME IMAGE NODE DESIRED STATE CURRENT STATE redis.6.b465edgho06e318egmgjbqo4o redis:3.0.6 swarm-manager1 Running Running 10 minutes redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running Running 9 minutes @@ -97,7 +105,7 @@ redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running R The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. -## Related information +## Related commands * [node demote](node_demote.md) * [node inspect](node_inspect.md) diff --git a/docs/reference/commandline/node_rm.md b/docs/reference/commandline/node_rm.md index b245d636cc..c2fdd4d156 100644 --- a/docs/reference/commandline/node_rm.md +++ b/docs/reference/commandline/node_rm.md @@ -28,33 +28,40 @@ Options: --help Print usage ``` +## Description + When run from a manager node, removes the specified nodes from a swarm. -Example output: +## Examples -```nohighlight +### Remove a stopped node from the swarm + +```bash $ docker node rm swarm-node-02 Node swarm-node-02 removed from swarm ``` +### Attempt to remove a running node from a swarm Removes the specified nodes from the swarm, but only if the nodes are in the down state. If you attempt to remove an active node you will receive an error: -```nohighlight +```non $ docker node rm swarm-node-03 Error response from daemon: rpc error: code = 9 desc = node swarm-node-03 is not down and can't be removed ``` +### Forcibly remove an inaccessible node from a swarm + If you lose access to a worker node or need to shut it down because it has been compromised or is not behaving as expected, you can use the `--force` option. This may cause transient errors or interruptions, depending on the type of task being run on the node. -```nohighlight +```bash $ docker node rm --force swarm-node-03 Node swarm-node-03 removed from swarm @@ -63,7 +70,7 @@ Node swarm-node-03 removed from swarm A manager node must be demoted to a worker node (using `docker node demote`) before you can remove it from the swarm. -## Related information +## Related commands * [node demote](node_demote.md) * [node inspect](node_inspect.md) diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index aa65d0309e..ba824c9494 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -13,7 +13,7 @@ keywords: "resources, update, dynamically" will be rejected. --> -## update +# update ```markdown Usage: docker node update [OPTIONS] NODE @@ -28,6 +28,12 @@ Options: --role string Role of the node (worker/manager) ``` +## Description + +Update metadata about a node, such as its availability, labels, or roles. + +## Examples + ### Add label metadata to a node Add metadata to a swarm node using node labels. You can specify a node label as @@ -39,7 +45,7 @@ $ docker node update --label-add foo worker1 To add multiple labels to a node, pass the `--label-add` flag for each label: -``` bash +```bash $ docker node update --label-add foo --label-add bar worker1 ``` @@ -61,7 +67,7 @@ entity within the swarm. Do not confuse them with the docker daemon labels for For more information about labels, refer to [apply custom metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/). -## Related information +## Related commands * [node demote](node_demote.md) * [node inspect](node_inspect.md) diff --git a/docs/reference/commandline/pause.md b/docs/reference/commandline/pause.md index e2dd800d5f..5bb652b923 100644 --- a/docs/reference/commandline/pause.md +++ b/docs/reference/commandline/pause.md @@ -24,6 +24,8 @@ Options: --help Print usage ``` +## Description + The `docker pause` command suspends all processes in the specified containers. On Linux, this uses the cgroups freezer. Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. @@ -35,6 +37,12 @@ See the [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. -## Related information +## Examples + +```bash +$ docker pause my_container +``` + +## Related commands * [unpause](unpause.md) diff --git a/docs/reference/commandline/plugin_create.md b/docs/reference/commandline/plugin_create.md index fa74d31c39..6f1754326b 100644 --- a/docs/reference/commandline/plugin_create.md +++ b/docs/reference/commandline/plugin_create.md @@ -21,34 +21,38 @@ Usage: docker plugin create [OPTIONS] PLUGIN PLUGIN-DATA-DIR Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory. Options: - --compress Compress the context using gzip + --compress Compress the context using gzip --help Print usage ``` +## Description + Creates a plugin. Before creating the plugin, prepare the plugin's root filesystem as well as [the config.json](../../extend/config.md) +## Examples The following example shows how to create a sample `plugin`. ```bash - $ ls -ls /home/pluginDir 4 -rw-r--r-- 1 root root 431 Nov 7 01:40 config.json 0 drwxr-xr-x 19 root root 420 Nov 7 01:40 rootfs $ docker plugin create plugin /home/pluginDir + plugin $ docker plugin ls + ID NAME TAG DESCRIPTION ENABLED 672d8144ec02 plugin latest A sample plugin for Docker false ``` The plugin can subsequently be enabled for local use or pushed to the public registry. -## Related information +## Related commands * [plugin disable](plugin_disable.md) * [plugin enable](plugin_enable.md) diff --git a/docs/reference/commandline/plugin_disable.md b/docs/reference/commandline/plugin_disable.md index 451f1ace9c..2ff81887f7 100644 --- a/docs/reference/commandline/plugin_disable.md +++ b/docs/reference/commandline/plugin_disable.md @@ -25,10 +25,13 @@ Options: --help Print usage ``` +## Description + Disables a plugin. The plugin must be installed before it can be disabled, see [`docker plugin install`](plugin_install.md). Without the `-f` option, a plugin that has references (eg, volumes, networks) cannot be disabled. +## Examples The following example shows that the `sample-volume-plugin` plugin is installed and enabled: @@ -53,7 +56,7 @@ ID NAME TAG DESCRIP 69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker false ``` -## Related information +## Related commands * [plugin create](plugin_create.md) * [plugin enable](plugin_enable.md) diff --git a/docs/reference/commandline/plugin_enable.md b/docs/reference/commandline/plugin_enable.md index df8bee3af5..2098a115ad 100644 --- a/docs/reference/commandline/plugin_enable.md +++ b/docs/reference/commandline/plugin_enable.md @@ -25,9 +25,12 @@ Options: --timeout int HTTP client timeout (in seconds) ``` +## Description + Enables a plugin. The plugin must be installed before it can be enabled, see [`docker plugin install`](plugin_install.md). +## Examples The following example shows that the `sample-volume-plugin` plugin is installed, but disabled: @@ -52,7 +55,7 @@ ID NAME TAG DESCRIP 69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true ``` -## Related information +## Related commands * [plugin create](plugin_create.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index fdcc030c43..3a54b9f99b 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -25,15 +25,17 @@ Options: --help Print usage ``` +## Description + Returns information about a plugin. By default, this command renders all results in a JSON array. -Example output: +## Examples -```bash + +```none $ docker plugin inspect tiborvass/sample-volume-plugin:latest -``` -```JSON + { "Id": "8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21", "Name": "tiborvass/sample-volume-plugin:latest", @@ -140,18 +142,21 @@ $ docker plugin inspect tiborvass/sample-volume-plugin:latest } } ``` + (output formatted for readability) +### Formatting the output ```bash +{% raw %} $ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest -``` -``` + 8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21 +{% endraw %} ``` -## Related information +## Related commands * [plugin create](plugin_create.md) * [plugin enable](plugin_enable.md) diff --git a/docs/reference/commandline/plugin_install.md b/docs/reference/commandline/plugin_install.md index 4cba32cf8b..78d9a61b75 100644 --- a/docs/reference/commandline/plugin_install.md +++ b/docs/reference/commandline/plugin_install.md @@ -28,16 +28,19 @@ Options: --help Print usage ``` +## Description + Installs and enables a plugin. Docker looks first for the plugin on your Docker host. If the plugin does not exist locally, then the plugin is pulled from the registry. Note that the minimum required registry version to distribute plugins is 2.3.0 +## Examples -The following example installs `vieus/sshfs` plugin and [set](plugin_set.md) it's env variable -`DEBUG` to 1. Install consists of pulling the plugin from Docker Hub, prompting -the user to accept the list of privileges that the plugin needs, settings parameters - and enabling the plugin. +The following example installs `vieus/sshfs` plugin and [sets](plugin_set.md) its +`DEBUG` environment variable to `1`. To install, `pull` the plugin from Docker +Hub and prompt the user to accept the list of privileges that the plugin needs, +set the plugin's parameters and enable the plugin. ```bash $ docker plugin install vieux/sshfs DEBUG=1 @@ -59,7 +62,7 @@ ID NAME TAG DESCRIPTION 69553ca1d123 vieux/sshfs latest sshFS plugin for Docker true ``` -## Related information +## Related commands * [plugin create](plugin_create.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index b0224a00f8..4872184753 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -31,12 +31,14 @@ Options: -q, --quiet Only display plugin IDs ``` +## Description + Lists all the plugins that are currently installed. You can install plugins using the [`docker plugin install`](plugin_install.md) command. You can also filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. -Example output: +## Examples ```bash $ docker plugin ls @@ -45,7 +47,7 @@ ID NAME TAG DESCRIP 69553ca1d123 tiborvass/sample-volume-plugin latest A test plugin for Docker true ``` -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -55,11 +57,11 @@ The currently supported filters are: * enabled (boolean - true or false, 0 or 1) * capability (string - currently `volumedriver`, `networkdriver`, `ipamdriver`, or `authz`) -### enabled +#### enabled The `enabled` filter matches on plugins enabled or disabled. -### capability +#### capability The `capability` filter matches on plugin capabilities. One plugin might have multiple capabilities. Currently `volumedriver`, `networkdriver`, @@ -67,14 +69,16 @@ might have multiple capabilities. Currently `volumedriver`, `networkdriver`, ```bash $ docker plugin install --disable tiborvass/no-remove + tiborvass/no-remove $ docker plugin ls --filter enabled=true + NAME TAG DESCRIPTION ENABLED ``` -## Formatting +### Formatting The formatting options (`--format`) pretty-prints plugins output using a Go template. @@ -97,12 +101,15 @@ The following example uses a template without headers and outputs the `ID` and `Name` entries separated by a colon for all plugins: ```bash +{% raw %} $ docker plugin ls --format "{{.ID}}: {{.Name}}" + 4be01827a72e: tiborvass/no-remove +{% endraw %} ``` -## Related information +## Related commands * [plugin create](plugin_create.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/plugin_push.md b/docs/reference/commandline/plugin_push.md index 89a0a0bb0e..f27a49894b 100644 --- a/docs/reference/commandline/plugin_push.md +++ b/docs/reference/commandline/plugin_push.md @@ -23,22 +23,27 @@ Options: --help Print usage ``` -Use `docker plugin create` to create the plugin. Once the plugin is ready for distribution, -use `docker plugin push` to share your images to the Docker Hub registry or to a self-hosted one. +## Description + +After you have created a plugin using `docker plugin create` and the plugin is +ready for distribution, use `docker plugin push` to share your images to Docker +Hub or a self-hosted registry. Registry credentials are managed by [docker login](login.md). +## Examples + The following example shows how to push a sample `user/plugin`. ```bash - $ docker plugin ls + ID NAME TAG DESCRIPTION ENABLED 69553ca1d456 user/plugin latest A sample plugin for Docker false $ docker plugin push user/plugin ``` -## Related information +## Related commands * [plugin create](plugin_create.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/plugin_rm.md b/docs/reference/commandline/plugin_rm.md index 323ce83f3c..c820c869fd 100644 --- a/docs/reference/commandline/plugin_rm.md +++ b/docs/reference/commandline/plugin_rm.md @@ -28,12 +28,17 @@ Options: --help Print usage ``` +## Description + Removes a plugin. You cannot remove a plugin if it is enabled, you must disable a plugin using the [`docker plugin disable`](plugin_disable.md) before removing it (or use --force, use of force is not recommended, since it can affect functioning of running containers using the plugin). -The following example disables and removes the `sample-volume-plugin:latest` plugin; +## Examples + +The following example disables and removes the `sample-volume-plugin:latest` +plugin: ```bash $ docker plugin disable tiborvass/sample-volume-plugin @@ -43,7 +48,7 @@ $ docker plugin rm tiborvass/sample-volume-plugin:latest tiborvass/sample-volume-plugin ``` -## Related information +## Related commands * [plugin create](plugin_create.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md index c206a8a760..e63215a7ed 100644 --- a/docs/reference/commandline/plugin_set.md +++ b/docs/reference/commandline/plugin_set.md @@ -24,6 +24,8 @@ Options: --help Print usage ``` +## Description + Change settings for a plugin. The plugin must be disabled. The settings currently supported are: @@ -32,23 +34,33 @@ The settings currently supported are: * path of devices * args +## Examples + +### Change an environment variable + The following example change the env variable `DEBUG` on the `sample-volume-plugin` plugin. ```bash +{% raw %} $ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin + [DEBUG=0] $ docker plugin set tiborvass/sample-volume-plugin DEBUG=1 $ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin [DEBUG=1] +{% endraw %} ``` +### Change the source of a mount + The following example change the source of the `mymount` mount on the `myplugin` plugin. ```bash +{% raw %} $ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin /foo @@ -56,14 +68,19 @@ $ docker plugins set myplugin mymount.source=/bar $ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin /bar +{% endraw %} ``` -Note: since only `source` is settable in `mymount`, `docker plugins set mymount=/bar myplugin` would work too. +> **Note**: Since only `source` is settable in `mymount`, +> `docker plugins set mymount=/bar myplugin` would work too. + +### Change a device path The following example change the path of the `mydevice` device on the `myplugin` plugin. ```bash +{% raw %} $ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin /dev/foo @@ -71,13 +88,18 @@ $ docker plugins set myplugin mydevice.path=/dev/bar $ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin /dev/bar +{% endraw %} ``` -Note: since only `path` is settable in `mydevice`, `docker plugins set mydevice=/dev/bar myplugin` would work too. +> **Note**: Since only `path` is settable in `mydevice`, +> `docker plugins set mydevice=/dev/bar myplugin` would work too. + +### Change the source of the arguments The following example change the source of the args on the `myplugin` plugin. ```bash +{% raw %} $ docker plugin inspect -f '{{.Settings.Args}}' myplugin ["foo", "bar"] @@ -85,9 +107,10 @@ $ docker plugins set myplugin args="foo bar baz" $ docker plugin inspect -f '{{.Settings.Args}}' myplugin ["foo", "bar", "baz"] +{% endraw %} ``` -## Related information +## Related commands * [plugin create](plugin_create.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/plugin_upgrade.md b/docs/reference/commandline/plugin_upgrade.md index 20efc577aa..38191fff73 100644 --- a/docs/reference/commandline/plugin_upgrade.md +++ b/docs/reference/commandline/plugin_upgrade.md @@ -27,11 +27,15 @@ Options: --skip-remote-check Do not check if specified remote plugin matches existing plugin image ``` +## Description + Upgrades an existing plugin to the specified remote plugin image. If no remote is specified, Docker will re-pull the current image and use the updated version. All existing references to the plugin will continue to work. The plugin must be disabled before running the upgrade. +## Examples + The following example installs `vieus/sshfs` plugin, uses it to create and use a volume, then upgrades the plugin. @@ -71,7 +75,7 @@ $ docker run -it -v sshvolume:/data alpine sh -c "ls /data" hello ``` -## Related information +## Related commands * [plugin create](plugin_create.md) * [plugin disable](plugin_disable.md) diff --git a/docs/reference/commandline/port.md b/docs/reference/commandline/port.md index bc90b6e786..c38763ea34 100644 --- a/docs/reference/commandline/port.md +++ b/docs/reference/commandline/port.md @@ -24,18 +24,24 @@ Options: --help Print usage ``` +## Examples + +### Show all mapped ports + You can find out all the ports mapped by not specifying a `PRIVATE_PORT`, or just a specific mapping: - $ docker ps - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test - $ docker port test - 7890/tcp -> 0.0.0.0:4321 - 9876/tcp -> 0.0.0.0:1234 - $ docker port test 7890/tcp - 0.0.0.0:4321 - $ docker port test 7890/udp - 2014/06/24 11:53:36 Error: No public port '7890/udp' published for test - $ docker port test 7890 - 0.0.0.0:4321 +```bash +$ docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +b650456536c7 busybox:latest top 54 minutes ago Up 54 minutes 0.0.0.0:1234->9876/tcp, 0.0.0.0:4321->7890/tcp test +$ docker port test +7890/tcp -> 0.0.0.0:4321 +9876/tcp -> 0.0.0.0:1234 +$ docker port test 7890/tcp +0.0.0.0:4321 +$ docker port test 7890/udp +2014/06/24 11:53:36 Error: No public port '7890/udp' published for test +$ docker port test 7890 +0.0.0.0:4321 +``` diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index d162532d31..7c06fbdafa 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -45,6 +45,10 @@ Options: -s, --size Display total file sizes ``` +## Examples + +### Prevent truncating output + Running `docker ps --no-trunc` showing 2 linked containers. ```bash @@ -55,6 +59,8 @@ CONTAINER ID IMAGE COMMAND CREATED d7886598dbe2 crosbymichael/redis:latest /redis-server --dir 33 minutes ago Up 33 minutes 6379/tcp redis,webapp/db ``` +### Show both running and stopped containers + The `docker ps` command only shows running containers by default. To see all containers, use the `-a` (or `--all`) flag: @@ -66,7 +72,7 @@ $ docker ps -a container that exposes TCP ports `100, 101, 102` displays `100-102/tcp` in the `PORTS` column. -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) @@ -88,7 +94,7 @@ The currently supported filters are: * publish=(container's published port) - filters published ports by containers * expose=(container's exposed port) - filters exposed ports by containers -#### Label +#### label The `label` filter matches containers based on the presence of a `label` alone or a `label` and a value. @@ -112,7 +118,7 @@ CONTAINER ID IMAGE COMMAND CREATED d85756f57265 busybox "top" About a minute ago Up About a minute high_albattani ``` -#### Name +#### name The `name` filter matches on all or part of a container's name. @@ -136,7 +142,7 @@ CONTAINER ID IMAGE COMMAND CREATED 673394ef1d4c busybox "top" 38 minutes ago Up 38 minutes nostalgic_shockley ``` -#### Exited +#### exited The `exited` filter matches containers by exist status code. For example, to filter for containers that have exited successfully: @@ -150,13 +156,14 @@ ea09c3c82f6e registry:latest /srv/run.sh 2 weeks ago 48ee228c9464 fedora:20 bash 2 weeks ago Exited (0) 2 weeks ago tender_torvalds ``` -#### Killed containers +#### Filter by exit signal You can use a filter to locate containers that exited with status of `137` meaning a `SIGKILL(9)` killed them. -```bash +```none $ docker ps -a --filter 'exited=137' + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b3e1c0ed5bfe ubuntu:latest "sleep 1000" 12 seconds ago Exited (137) 5 seconds ago grave_kowalevski a2eb5558d669 redis:latest "/entrypoint.sh redi 2 hours ago Exited (137) 2 hours ago sharp_lalande @@ -168,7 +175,7 @@ Any of these events result in a `137` status: * `docker kill` kills the container * Docker daemon restarts which kills all running containers -#### Status +#### status The `status` filter matches containers by status. You can filter using `created`, `restarting`, `running`, `removing`, `paused`, `exited` and `dead`. For example, @@ -192,7 +199,7 @@ CONTAINER ID IMAGE COMMAND CREATED 673394ef1d4c busybox "top" About an hour ago Up About an hour (Paused) nostalgic_shockley ``` -#### Ancestor +#### ancestor The `ancestor` filter matches containers based on its image or a descendant of it. The filter supports the following image representation: @@ -245,7 +252,9 @@ CONTAINER ID IMAGE COMMAND CREATED 82a598284012 ubuntu:12.04.5 "top" 3 minutes ago Up 3 minutes sleepy_bose ``` -#### Before +#### Create time + +##### before The `before` filter shows only containers created before the container with given id or name. For example, having these containers created: @@ -269,7 +278,7 @@ CONTAINER ID IMAGE COMMAND CREATED STATUS 6e63f6ff38b0 busybox "top" About a minute ago Up About a minute distracted_fermat ``` -#### Since +##### since The `since` filter shows only containers created since the container with given id or name. For example, with the same containers as in `before` filter: @@ -282,12 +291,13 @@ CONTAINER ID IMAGE COMMAND CREATED STATUS 4aace5031105 busybox "top" 10 minutes ago Up 10 minutes focused_hamilton ``` -#### Volume +#### volume The `volume` filter shows only containers that mount a specific volume or have a volume mounted in a specific path: -```bash{% raw %} +```bash +{% raw %} $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume @@ -295,9 +305,10 @@ CONTAINER ID MOUNTS $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume -{% endraw %}``` +{% endraw %} +``` -#### Network +#### network The `network` filter shows only containers that are connected to a network with a given name or id. @@ -332,7 +343,7 @@ CONTAINER ID IMAGE COMMAND CREATED STATUS 9d4893ed80fe ubuntu "top" 10 minutes ago Up 10 minutes test1 ``` -#### Publish and Expose +#### publish and expose The `publish` and `expose` filters show only containers that have published or exposed port with a given port number, port range, and/or protocol. The default protocol is `tcp` when not specified. @@ -370,7 +381,7 @@ $ docker ps --filter publish=80/udp CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ``` -## Formatting +### Formatting The formatting option (`--format`) pretty-prints container output using a Go template. diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 0c960b404a..7bf3df8363 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -26,6 +26,8 @@ Options: --help Print usage ``` +## Description + Most of your images will be created on top of a base image from the [Docker Hub](https://hub.docker.com) registry. @@ -35,7 +37,7 @@ can `pull` and try without needing to define and configure your own. To download a particular image, or set of images (i.e., a repository), use `docker pull`. -## Proxy configuration +### Proxy configuration If you are behind an HTTP proxy server, for example in corporate settings, before open a connect to registry, you may need to configure the Docker @@ -44,7 +46,7 @@ environment variables. To set these environment variables on a host using `systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/engine/admin/systemd/#http-proxy) for variables configuration. -## Concurrent downloads +### Concurrent downloads By default the Docker daemon will pull three layers of an image at a time. If you are on a low bandwidth connection this may cause timeout issues and you may want to lower @@ -110,7 +112,7 @@ For more information about images, layers, and the content-addressable store, refer to [understand images, containers, and storage drivers](https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/). -## Pull an image by digest (immutable identifier) +### Pull an image by digest (immutable identifier) So far, you've pulled images by their name (and "tag"). Using names and tags is a convenient way to work with images. When using tags, you can `docker pull` an @@ -175,7 +177,7 @@ MAINTAINER some maintainer > digest accordingly. -## Pulling from a different registry +### Pull from a different registry By default, `docker pull` pulls images from [Docker Hub](https://hub.docker.com). It is also possible to manually specify the path of a registry to pull from. For example, if you have @@ -196,7 +198,7 @@ registry is allowed to be accessed over an insecure connection. Refer to the [insecure registries](dockerd.md#insecure-registries) section for more information. -## Pull a repository with multiple images +### Pull a repository with multiple images By default, `docker pull` pulls a *single* image from the registry. A repository can contain multiple images. To pull all images from a repository, provide the @@ -231,7 +233,7 @@ fedora heisenbug 105182bb5e8b 5 days ago 372.7 MB fedora latest 105182bb5e8b 5 days ago 372.7 MB ``` -## Canceling a pull +### Cancel a pull Killing the `docker pull` process, for example by pressing `CTRL-c` while it is running in a terminal, will terminate the pull operation. diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 33cc399767..27e988e079 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -25,6 +25,8 @@ Options: --help Print usage ``` +## Description + Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com) registry or to a self-hosted one. @@ -36,7 +38,7 @@ running in a terminal, terminates the push operation. Registry credentials are managed by [docker login](login.md). -## Concurrent uploads +### Concurrent uploads By default the Docker daemon will push five layers of an image at a time. If you are on a low bandwidth connection this may cause timeout issues and you may want to lower @@ -45,7 +47,7 @@ this via the `--max-concurrent-uploads` daemon option. See the ## Examples -### Pushing a new image to a registry +### Push a new image to a registry First save the new image by finding the container ID (using [`docker ps`](ps.md)) and then committing it to a new image name. Note that only `a-z0-9-_.` are @@ -62,6 +64,7 @@ registry: ```bash $ docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd + $ docker push registry-host:5000/myadmin/rhel-httpd ``` diff --git a/docs/reference/commandline/rename.md b/docs/reference/commandline/rename.md index be035f1ce4..90268a2a2c 100644 --- a/docs/reference/commandline/rename.md +++ b/docs/reference/commandline/rename.md @@ -24,4 +24,12 @@ Options: --help Print usage ``` -The `docker rename` command allows the container to be renamed to a different name. +## Description + +The `docker rename` command renames a container. + +## Examples + +```bash +$ docker rename my_container my_new_container +``` diff --git a/docs/reference/commandline/restart.md b/docs/reference/commandline/restart.md index 9f7ed00553..a2796afe33 100644 --- a/docs/reference/commandline/restart.md +++ b/docs/reference/commandline/restart.md @@ -24,3 +24,9 @@ Options: --help Print usage -t, --time int Seconds to wait for stop before killing the container (default 10) ``` + +## Examples + +```bash +$ docker restart my_container +``` diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index 1c3e795933..8ee5b2874d 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -29,40 +29,71 @@ Options: ## Examples - $ docker rm /redis - /redis +### Remove a container This will remove the container referenced under the link `/redis`. - $ docker rm --link /webapp/redis - /webapp/redis +```bash +$ docker rm /redis + +/redis +``` + +### Remove a link specified with `--link` on the default bridge network This will remove the underlying link between `/webapp` and the `/redis` -containers removing all network communication. +containers on the default bridge network, removing all network communication +between the two containers. This does not apply when `--link` is used with +user-specified networks. - $ docker rm --force redis - redis +```bash +$ docker rm --link /webapp/redis -The main process inside the container referenced under the link `/redis` will receive +/webapp/redis +``` + +### Force-remove a running container + +This command will force-remove a running container. + +```bash +$ docker rm --force redis + +redis +``` + +The main process inside the container referenced under the link `redis` will receive `SIGKILL`, then the container will be removed. - $ docker rm $(docker ps -a -q) +### Remove all stopped containers + +```bash +$ docker rm $(docker ps -a -q) +``` This command will delete all stopped containers. The command `docker ps -a -q` will return all existing container IDs and pass them to the `rm` command which will delete them. Any running containers will not be deleted. - $ docker rm -v redis - redis +### Remove a container and its volumes + +```bash +$ docker rm -v redis +redis +``` This command will remove the container and any volumes associated with it. Note that if a volume was specified with a name, it will not be removed. - $ docker create -v awesome:/foo -v /bar --name hello redis - hello - $ docker rm -v hello +### Remove a container and selectively remove volumes + +```bash +$ docker create -v awesome:/foo -v /bar --name hello redis +hello +$ docker rm -v hello +``` In this example, the volume for `/foo` will remain intact, but the volume for `/bar` will be removed. The same behavior holds for volumes inherited with diff --git a/docs/reference/commandline/rmi.md b/docs/reference/commandline/rmi.md index 149b7635b6..28e21d4398 100644 --- a/docs/reference/commandline/rmi.md +++ b/docs/reference/commandline/rmi.md @@ -26,58 +26,80 @@ Options: --no-prune Do not delete untagged parents ``` +## Examples + You can remove an image using its short or long ID, its tag, or its digest. If an image has one or more tag referencing it, you must remove all of them before the image is removed. Digest references are removed automatically when an image is removed by tag. - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) +```bash +$ docker images - $ docker rmi fd484f19954f - Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories, use -f to force - 2013/12/11 05:47:16 Error: failed to remove one or more images +REPOSITORY TAG IMAGE ID CREATED SIZE +test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) +test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) +test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - $ docker rmi test1 - Untagged: test1:latest - $ docker rmi test2 - Untagged: test2:latest +$ docker rmi fd484f19954f - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - $ docker rmi test - Untagged: test:latest - Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 +Error: Conflict, cannot delete image fd484f19954f because it is tagged in multiple repositories, use -f to force +2013/12/11 05:47:16 Error: failed to remove one or more images + +$ docker rmi test1 + +Untagged: test1:latest + +$ docker rmi test2 + +Untagged: test2:latest + + +$ docker images + +REPOSITORY TAG IMAGE ID CREATED SIZE +test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + +$ docker rmi test + +Untagged: test:latest +Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 +``` If you use the `-f` flag and specify the image's short or long ID, then this command untags and removes all images that match the specified ID. - $ docker images - REPOSITORY TAG IMAGE ID CREATED SIZE - test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) - test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) +```bash +$ docker images - $ docker rmi -f fd484f19954f - Untagged: test1:latest - Untagged: test:latest - Untagged: test2:latest - Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 +REPOSITORY TAG IMAGE ID CREATED SIZE +test1 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) +test latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) +test2 latest fd484f19954f 23 seconds ago 7 B (virtual 4.964 MB) + +$ docker rmi -f fd484f19954f + +Untagged: test1:latest +Untagged: test:latest +Untagged: test2:latest +Deleted: fd484f19954f4920da7ff372b5067f5b7ddb2fd3830cecd17b96ea9e286ba5b8 +``` An image pulled by digest has no tag associated with it: - $ docker images --digests - REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE - localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB +```bash +$ docker images --digests + +REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE +localhost:5000/test/busybox sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf 4986bf8c1536 9 weeks ago 2.43 MB +``` To remove an image using its digest: - $ docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf - Untagged: localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf - Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 - Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2 - Deleted: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b +```bash +$ docker rmi localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf +Untagged: localhost:5000/test/busybox@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf +Deleted: 4986bf8c15363d1c5d15512d5266f8777bfba4974ac56e3270e7760f6f0a8125 +Deleted: ea13149945cb6b1e746bf28032f02e9b5a793523481a0a18645fc77ad53c4ea2 +Deleted: df7546f9f060a2268024c8a230d8639878585defcc1bc6f79d2728a13957871b +``` diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 837ba79b9e..8f6f9e0283 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -145,6 +145,8 @@ Options: -w, --workdir string Working directory inside the container ``` +## Descriptino + The `docker run` command first `creates` a writeable container layer over the specified image, and then `starts` it using the specified command. That is, `docker run` is equivalent to the API `/containers/create` then @@ -161,12 +163,15 @@ For information on connecting a container to a network, see the ["*Docker networ ### Assign name and allocate pseudo-TTY (--name, -it) - $ docker run --name test -it debian - root@d6c0fe130dba:/# exit 13 - $ echo $? - 13 - $ docker ps -a | grep test - d6c0fe130dba debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test +```bash +$ docker run --name test -it debian + +root@d6c0fe130dba:/# exit 13 +$ echo $? +13 +$ docker ps -a | grep test +d6c0fe130dba debian:7 "/bin/bash" 26 seconds ago Exited (13) 17 seconds ago test +``` This example runs a container named `test` using the `debian:latest` image. The `-it` instructs Docker to allocate a pseudo-TTY connected to @@ -177,7 +182,9 @@ In the example, the `bash` shell is quit by entering ### Capture container ID (--cidfile) - $ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" +```bash +$ docker run --cidfile /tmp/docker_test.cid ubuntu echo "test" +``` This will create a container and print `test` to the console. The `cidfile` flag makes Docker attempt to create a new file and write the container ID to it. @@ -186,19 +193,23 @@ file when `docker run` exits. ### Full container capabilities (--privileged) - $ docker run -t -i --rm ubuntu bash - root@bc338942ef20:/# mount -t tmpfs none /mnt - mount: permission denied +```bash +$ docker run -t -i --rm ubuntu bash +root@bc338942ef20:/# mount -t tmpfs none /mnt +mount: permission denied +``` This will *not* work, because by default, most potentially dangerous kernel capabilities are dropped; including `cap_sys_admin` (which is required to mount filesystems). However, the `--privileged` flag will allow it to run: - $ docker run -t -i --privileged ubuntu bash - root@50e3f57e16e6:/# mount -t tmpfs none /mnt - root@50e3f57e16e6:/# df -h - Filesystem Size Used Avail Use% Mounted on - none 1.9G 0 1.9G 0% /mnt +```bash +$ docker run -t -i --privileged ubuntu bash +root@50e3f57e16e6:/# mount -t tmpfs none /mnt +root@50e3f57e16e6:/# df -h +Filesystem Size Used Avail Use% Mounted on +none 1.9G 0 1.9G 0% /mnt +``` The `--privileged` flag gives *all* capabilities to the container, and it also lifts all the limitations enforced by the `device` cgroup controller. In other @@ -207,14 +218,18 @@ flag exists to allow special use-cases, like running Docker within Docker. ### Set working directory (-w) - $ docker run -w /path/to/dir/ -i -t ubuntu pwd +```bash +$ docker run -w /path/to/dir/ -i -t ubuntu pwd +``` The `-w` lets the command being executed inside directory given, here `/path/to/dir/`. If the path does not exist it is created inside the container. ### Set storage driver options per container - $ docker run -it --storage-opt size=120G fedora /bin/bash +```bash +$ docker run -it --storage-opt size=120G fedora /bin/bash +``` This (size) will allow to set the container rootfs size to 120G at creation time. This option is only available for the `devicemapper`, `btrfs`, `overlay2`, @@ -227,14 +242,18 @@ Under these conditions, user can pass any size less then the backing fs size. ### Mount tmpfs (--tmpfs) - $ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image +```bash +$ docker run -d --tmpfs /run:rw,noexec,nosuid,size=65536k my_image +``` The `--tmpfs` flag mounts an empty tmpfs into the container with the `rw`, `noexec`, `nosuid`, `size=65536k` options. ### Mount volume (-v, --read-only) - $ docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd +```bash +$ docker run -v `pwd`:`pwd` -w `pwd` -i -t ubuntu pwd +``` The `-v` flag mounts the current working directory into the container. The `-w` lets the command being executed inside the current working directory, by @@ -242,21 +261,27 @@ changing into the directory to the value returned by `pwd`. So this combination executes the command using the container, but inside the current working directory. - $ docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash +```bash +$ docker run -v /doesnt/exist:/foo -w /foo -i -t ubuntu bash +``` When the host directory of a bind-mounted volume doesn't exist, Docker will automatically create this directory on the host for you. In the example above, Docker will create the `/doesnt/exist` folder before starting your container. - $ docker run --read-only -v /icanwrite busybox touch /icanwrite/here +```bash +$ docker run --read-only -v /icanwrite busybox touch /icanwrite/here +``` Volumes can be used in combination with `--read-only` to control where a container writes files. The `--read-only` flag mounts the container's root filesystem as read only prohibiting writes to locations other than the specified volumes for the container. - $ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/static-docker-binary:/usr/bin/docker busybox sh +```bash +$ docker run -t -i -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/static-docker-binary:/usr/bin/docker busybox sh +``` By bind-mounting the docker unix socket and statically linked docker binary (refer to [get the linux binary]( @@ -264,45 +289,55 @@ https://docs.docker.com/engine/installation/binaries/#/get-the-linux-binary)), you give the container the full access to create and manipulate the host's Docker daemon. -On Windows, the paths must be specified using Windows-style semantics. +On Windows, the paths must be specified using Windows-style semantics. - PS C:\> docker run -v c:\foo:c:\dest microsoft/nanoserver cmd /s /c type c:\dest\somefile.txt - Contents of file - - PS C:\> docker run -v c:\foo:d: microsoft/nanoserver cmd /s /c type d:\somefile.txt - Contents of file +```powershell +PS C:\> docker run -v c:\foo:c:\dest microsoft/nanoserver cmd /s /c type c:\dest\somefile.txt +Contents of file -The following examples will fail when using Windows-based containers, as the -destination of a volume or bind-mount inside the container must be one of: +PS C:\> docker run -v c:\foo:d: microsoft/nanoserver cmd /s /c type d:\somefile.txt +Contents of file +``` + +The following examples will fail when using Windows-based containers, as the +destination of a volume or bind-mount inside the container must be one of: a non-existing or empty directory; or a drive other than C:. Further, the source of a bind mount must be a local directory, not a file. - net use z: \\remotemachine\share - docker run -v z:\foo:c:\dest ... - docker run -v \\uncpath\to\directory:c:\dest ... - docker run -v c:\foo\somefile.txt:c:\dest ... - docker run -v c:\foo:c: ... - docker run -v c:\foo:c:\existing-directory-with-contents ... +```powershell +net use z: \\remotemachine\share +docker run -v z:\foo:c:\dest ... +docker run -v \\uncpath\to\directory:c:\dest ... +docker run -v c:\foo\somefile.txt:c:\dest ... +docker run -v c:\foo:c: ... +docker run -v c:\foo:c:\existing-directory-with-contents ... +``` For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/) ### Publish or expose port (-p, --expose) - $ docker run -p 127.0.0.1:80:8080 ubuntu bash +```bash +$ docker run -p 127.0.0.1:80:8080 ubuntu bash +``` This binds port `8080` of the container to port `80` on `127.0.0.1` of the host machine. The [Docker User Guide](https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/) explains in detail how to manipulate ports in Docker. - $ docker run --expose 80 ubuntu bash +```bash +$ docker run --expose 80 ubuntu bash +``` This exposes port `80` of the container without publishing the port to the host system's interfaces. ### Set environment variables (-e, --env, --env-file) - $ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash +```bash +$ docker run -e MYVAR1 --env MYVAR2=foo --env-file ./env.list ubuntu bash +``` This sets simple (non-array) environmental variables in the container. For illustration all three @@ -318,10 +353,12 @@ Regardless of the order of these three flags, the `--env-file` are processed first, and then `-e`, `--env` flags. This way, the `-e` or `--env` will override variables as needed. - $ cat ./env.list - TEST_FOO=BAR - $ docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO - TEST_FOO=This is a test +```bash +$ cat ./env.list +TEST_FOO=BAR +$ docker run --env TEST_FOO="This is a test" --env-file ./env.list busybox env | grep TEST_FOO +TEST_FOO=This is a test +``` The `--env-file` flag takes a filename as an argument and expects each line to be in the `VAR=VAL` format, mimicking the argument passed to `--env`. Comment @@ -329,53 +366,57 @@ lines need only be prefixed with `#` An example of a file passed with `--env-file` - $ cat ./env.list - TEST_FOO=BAR +```bash +$ cat ./env.list +TEST_FOO=BAR - # this is a comment - TEST_APP_DEST_HOST=10.10.0.127 - TEST_APP_DEST_PORT=8888 - _TEST_BAR=FOO - TEST_APP_42=magic - helloWorld=true - 123qwe=bar - org.spring.config=something +# this is a comment +TEST_APP_DEST_HOST=10.10.0.127 +TEST_APP_DEST_PORT=8888 +_TEST_BAR=FOO +TEST_APP_42=magic +helloWorld=true +123qwe=bar +org.spring.config=something - # pass through this variable from the caller - TEST_PASSTHROUGH - $ TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - HOSTNAME=5198e0745561 - TEST_FOO=BAR - TEST_APP_DEST_HOST=10.10.0.127 - TEST_APP_DEST_PORT=8888 - _TEST_BAR=FOO - TEST_APP_42=magic - helloWorld=true - TEST_PASSTHROUGH=howdy - HOME=/root - 123qwe=bar - org.spring.config=something +# pass through this variable from the caller +TEST_PASSTHROUGH +$ TEST_PASSTHROUGH=howdy docker run --env-file ./env.list busybox env +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +HOSTNAME=5198e0745561 +TEST_FOO=BAR +TEST_APP_DEST_HOST=10.10.0.127 +TEST_APP_DEST_PORT=8888 +_TEST_BAR=FOO +TEST_APP_42=magic +helloWorld=true +TEST_PASSTHROUGH=howdy +HOME=/root +123qwe=bar +org.spring.config=something - $ docker run --env-file ./env.list busybox env - PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - HOSTNAME=5198e0745561 - TEST_FOO=BAR - TEST_APP_DEST_HOST=10.10.0.127 - TEST_APP_DEST_PORT=8888 - _TEST_BAR=FOO - TEST_APP_42=magic - helloWorld=true - TEST_PASSTHROUGH= - HOME=/root - 123qwe=bar - org.spring.config=something +$ docker run --env-file ./env.list busybox env +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +HOSTNAME=5198e0745561 +TEST_FOO=BAR +TEST_APP_DEST_HOST=10.10.0.127 +TEST_APP_DEST_PORT=8888 +_TEST_BAR=FOO +TEST_APP_42=magic +helloWorld=true +TEST_PASSTHROUGH= +HOME=/root +123qwe=bar +org.spring.config=something +``` ### Set metadata on container (-l, --label, --label-file) A label is a `key=value` pair that applies metadata to a container. To label a container with two labels: - $ docker run -l my-label --label com.example.foo=bar ubuntu bash +```bash +$ docker run -l my-label --label com.example.foo=bar ubuntu bash +``` The `my-label` key doesn't specify a value so the label defaults to an empty string(`""`). To add multiple labels, repeat the label flag (`-l` or `--label`). @@ -388,18 +429,22 @@ Use the `--label-file` flag to load multiple labels from a file. Delimit each label in the file with an EOL mark. The example below loads labels from a labels file in the current directory: - $ docker run --label-file ./labels ubuntu bash +```bash +$ docker run --label-file ./labels ubuntu bash +``` The label-file format is similar to the format for loading environment variables. (Unlike environment variables, labels are not visible to processes running inside a container.) The following example illustrates a label-file format: - com.example.label1="a label" +```none +com.example.label1="a label" - # this is a comment - com.example.label2=another\ label - com.example.label3 +# this is a comment +com.example.label2=another\ label +com.example.label3 +``` You can load multiple label-files by supplying multiple `--label-file` flags. @@ -431,16 +476,18 @@ or name. For `overlay` networks or custom plugins that support multi-host connectivity, containers connected to the same multi-host network but launched from different Engines can also communicate in this way. -**Note**: Service discovery is unavailable on the default bridge network. -Containers can communicate via their IP addresses by default. To communicate -by name, they must be linked. +> **Note**: Service discovery is unavailable on the default bridge network. +> Containers can communicate via their IP addresses by default. To communicate +> by name, they must be linked. You can disconnect a container from a network using the `docker network disconnect` command. ### Mount volumes from container (--volumes-from) - $ docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd +```bash +$ docker run --volumes-from 777f7dc92da7 --volumes-from ba8c0c54f0f2:ro -i -t ubuntu pwd +``` The `--volumes-from` flag mounts all the defined volumes from the referenced containers. Containers can be specified by repetitions of the `--volumes-from` @@ -468,18 +515,24 @@ The `-a` flag tells `docker run` to bind to the container's `STDIN`, `STDOUT` or `STDERR`. This makes it possible to manipulate the output and input as needed. - $ echo "test" | docker run -i -a stdin ubuntu cat - +```bash +$ echo "test" | docker run -i -a stdin ubuntu cat - +``` This pipes data into a container and prints the container's ID by attaching only to the container's `STDIN`. - $ docker run -a stderr ubuntu echo test +```bash +$ docker run -a stderr ubuntu echo test +``` This isn't going to print anything unless there's an error because we've only attached to the `STDERR` of the container. The container's logs still store what's been written to `STDERR` and `STDOUT`. - $ cat somefile | docker run -i -a stdin mybuilder dobuild +```bash +$ cat somefile | docker run -i -a stdin mybuilder dobuild +``` This is how piping a file into a container could be done for a build. The container's ID will be printed after the build is done and the build @@ -489,10 +542,18 @@ retrieve the container's ID once the container has finished running. ### Add host device to container (--device) - $ docker run --device=/dev/sdc:/dev/xvdc --device=/dev/sdd --device=/dev/zero:/dev/nulo -i -t ubuntu ls -l /dev/{xvdc,sdd,nulo} - brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc - brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd - crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo +```bash +{% raw %} +$ docker run --device=/dev/sdc:/dev/xvdc \ + --device=/dev/sdd --device=/dev/zero:/dev/nulo \ + -i -t \ + ubuntu ls -l /dev/{xvdc,sdd,nulo} + +brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc +brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd +crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo +{% endraw %} +``` It is often necessary to directly expose devices to a container. The `--device` option enables that. For example, a specific block storage device or loop @@ -503,24 +564,24 @@ By default, the container will be able to `read`, `write` and `mknod` these devi This can be overridden using a third `:rwm` set of options to each `--device` flag: +```bash +$ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc - $ docker run --device=/dev/sda:/dev/xvdc --rm -it ubuntu fdisk /dev/xvdc +Command (m for help): q +$ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc +You will not be able to write the partition table. - Command (m for help): q - $ docker run --device=/dev/sda:/dev/xvdc:r --rm -it ubuntu fdisk /dev/xvdc - You will not be able to write the partition table. +Command (m for help): q - Command (m for help): q +$ docker run --device=/dev/sda:/dev/xvdc:rw --rm -it ubuntu fdisk /dev/xvdc - $ docker run --device=/dev/sda:/dev/xvdc:rw --rm -it ubuntu fdisk /dev/xvdc +Command (m for help): q - Command (m for help): q +$ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc +fdisk: unable to open /dev/xvdc: Operation not permitted +``` - $ docker run --device=/dev/sda:/dev/xvdc:m --rm -it ubuntu fdisk /dev/xvdc - fdisk: unable to open /dev/xvdc: Operation not permitted - -> **Note:** -> `--device` cannot be safely used with ephemeral devices. Block devices +> **Note**: `--device` cannot be safely used with ephemeral devices. Block devices > that may be removed should not be added to untrusted containers with > `--device`. @@ -530,54 +591,15 @@ Use Docker's `--restart` to specify a container's *restart policy*. A restart policy controls whether the Docker daemon restarts a container after exit. Docker supports the following restart policies: - - - - - - - - - - - - - - - - - - - - - - - - - -
PolicyResult
no - Do not automatically restart the container when it exits. This is the - default. -
- - on-failure[:max-retries] - - - Restart only if the container exits with a non-zero exit status. - Optionally, limit the number of restart retries the Docker - daemon attempts. -
always - Always restart the container regardless of the exit status. - When you specify always, the Docker daemon will try to restart - the container indefinitely. The container will also always start - on daemon startup, regardless of the current state of the container. -
unless-stopped - Always restart the container regardless of the exit status, but - do not start it on daemon startup if the container has been put - to a stopped state before. -
+| Policy | Result | +|-------------------|-----------------------------------------| +| `no` | Do not automatically restart the container when it exits. This is the default. | +| `failure` | Restart only if the container exits with a non-zero exit status. Optionally, limit the number of restart retries the Docker daemon attempts. | +| `always` | Always restart the container regardless of the exit status. When you specify always, the Docker daemon will try to restart the container indefinitely. The container will also always start on daemon startup, regardless of the current state of the container. | - $ docker run --restart=always redis +```bash +$ docker run --restart=always redis +``` This will run the `redis` container with a restart policy of **always** so that if the container exits, Docker will restart it. @@ -592,14 +614,17 @@ You can add other hosts into a container's `/etc/hosts` file by using one or more `--add-host` flags. This example adds a static address for a host named `docker`: - $ docker run --add-host=docker:10.180.0.1 --rm -it debian - root@f38c87f2a42d:/# ping docker - PING docker (10.180.0.1): 48 data bytes - 56 bytes from 10.180.0.1: icmp_seq=0 ttl=254 time=7.600 ms - 56 bytes from 10.180.0.1: icmp_seq=1 ttl=254 time=30.705 ms - ^C--- docker ping statistics --- - 2 packets transmitted, 2 packets received, 0% packet loss - round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms +```bash +$ docker run --add-host=docker:10.180.0.1 --rm -it debian + +root@f38c87f2a42d:/# ping docker +PING docker (10.180.0.1): 48 data bytes +56 bytes from 10.180.0.1: icmp_seq=0 ttl=254 time=7.600 ms +56 bytes from 10.180.0.1: icmp_seq=1 ttl=254 time=30.705 ms +^C--- docker ping statistics --- +2 packets transmitted, 2 packets received, 0% packet loss +round-trip min/avg/max/stddev = 7.600/19.152/30.705/11.553 ms +``` Sometimes you need to connect to the Docker host from within your container. To enable this, pass the Docker host's IP address to @@ -610,8 +635,12 @@ The flags you pass to `ip addr show` depend on whether you are using IPv4 or IPv6 networking in your containers. Use the following flags for IPv4 address retrieval for a network device named `eth0`: - $ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print \$2}' | cut -d / -f 1` - $ docker run --add-host=docker:${HOSTIP} --rm -it debian +```bash +{% raw %} +$ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print \$2}' | cut -d / -f 1` +$ docker run --add-host=docker:${HOSTIP} --rm -it debian +{% endraw %} +``` For IPv6 use the `-6` flag instead of the `-4` flag. For other network devices, replace `eth0` with the correct device name (for example `docker0` @@ -624,15 +653,19 @@ available in the default container, you can set these using the `--ulimit` flag. `--ulimit` is specified with a soft and hard limit as such: `=[:]`, for example: - $ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n" - 1024 +```bash +$ docker run --ulimit nofile=1024:1024 --rm debian sh -c "ulimit -n" +1024 +``` -> **Note:** -> If you do not provide a `hard limit`, the `soft limit` will be used +> **Note**: If you do not provide a `hard limit`, the `soft limit` will be used > for both values. If no `ulimits` are set, they will be inherited from > the default `ulimits` set on the daemon. `as` option is disabled now. > In other words, the following script is not supported: -> `$ docker run -it --ulimit as=1024 fedora /bin/bash` +> +> ```bash +> $ docker run -it --ulimit as=1024 fedora /bin/bash` +> ``` The values are sent to the appropriate `syscall` as they are set. Docker doesn't perform any byte conversion. Take this into account when setting the values. @@ -643,10 +676,15 @@ Be careful setting `nproc` with the `ulimit` flag as `nproc` is designed by Linu maximum number of processes available to a user, not to a container. For example, start four containers with `daemon` user: - docker run -d -u daemon --ulimit nproc=3 busybox top - docker run -d -u daemon --ulimit nproc=3 busybox top - docker run -d -u daemon --ulimit nproc=3 busybox top - docker run -d -u daemon --ulimit nproc=3 busybox top +```bash +$ docker run -d -u daemon --ulimit nproc=3 busybox top + +$ docker run -d -u daemon --ulimit nproc=3 busybox top + +$ docker run -d -u daemon --ulimit nproc=3 busybox top + +$ docker run -d -u daemon --ulimit nproc=3 busybox top +``` The 4th container fails and reports "[8] System error: resource temporarily unavailable" error. This fails because the caller set `nproc=3` resulting in the first three containers using up @@ -718,8 +756,9 @@ The `--sysctl` sets namespaced kernel parameters (sysctls) in the container. For example, to turn on IP forwarding in the containers network namespace, run this command: - $ docker run --sysctl net.ipv4.ip_forward=1 someimage - +```bash +$ docker run --sysctl net.ipv4.ip_forward=1 someimage +``` > **Note**: Not all sysctls are namespaced. Docker does not support changing sysctls > inside of a container that also modify the host system. As the kernel @@ -727,14 +766,17 @@ network namespace, run this command: #### Currently supported sysctls - `IPC Namespace`: +- `IPC Namespace`: + ```none kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced Sysctls beginning with fs.mqueue.* + ``` If you use the `--ipc=host` option these sysctls will not be allowed. - `Network Namespace`: - Sysctls beginning with net.* +- `Network Namespace`: + + Sysctls beginning with net.* If you use the `--network=host` option using these sysctls will not be allowed. diff --git a/docs/reference/commandline/save.md b/docs/reference/commandline/save.md index 88a5fed103..cba7385e11 100644 --- a/docs/reference/commandline/save.md +++ b/docs/reference/commandline/save.md @@ -25,21 +25,38 @@ Options: -o, --output string Write to a file, instead of STDOUT ``` +## Description + Produces a tarred repository to the standard output stream. Contains all parent layers, and all tags + versions, or specified `repo:tag`, for each argument provided. -It is used to create a backup that can then be used with `docker load` +## Examples - $ docker save busybox > busybox.tar - $ ls -sh busybox.tar - 2.7M busybox.tar - $ docker save --output busybox.tar busybox - $ ls -sh busybox.tar - 2.7M busybox.tar - $ docker save -o fedora-all.tar fedora - $ docker save -o fedora-latest.tar fedora:latest +### Create a backup that can then be used with `docker load`. -It is even useful to cherry-pick particular tags of an image repository +```bash +$ docker save busybox > busybox.tar - $ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy +$ ls -sh busybox.tar + +2.7M busybox.tar + +$ docker save --output busybox.tar busybox + +$ ls -sh busybox.tar + +2.7M busybox.tar + +$ docker save -o fedora-all.tar fedora + +$ docker save -o fedora-latest.tar fedora:latest +``` + +### Cherry-pick particular tags + +You can even cherry-pick particular tags of an image repository. + +```bash +$ docker save -o ubuntu.tar ubuntu:lucid ubuntu:saucy +``` diff --git a/docs/reference/commandline/search.md b/docs/reference/commandline/search.md index 31faf37375..f645c78603 100644 --- a/docs/reference/commandline/search.md +++ b/docs/reference/commandline/search.md @@ -30,13 +30,14 @@ Options: --no-trunc Don't truncate output ``` +## Description + Search [Docker Hub](https://hub.docker.com) for images See [*Find Public Images on Docker Hub*](https://docs.docker.com/engine/tutorials/dockerrepos/#searching-for-images) for more details on finding shared images from the command line. -> **Note:** -> Search queries will only return up to 25 results +> **Note**: Search queries return a maximum of 25 results. ## Examples @@ -44,52 +45,57 @@ more details on finding shared images from the command line. This example displays images with a name containing 'busybox': - $ docker search busybox - NAME DESCRIPTION STARS OFFICIAL AUTOMATED - busybox Busybox base image. 316 [OK] - progrium/busybox 50 [OK] - radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] - odise/busybox-python 2 [OK] - azukiapp/busybox This image is meant to be used as the base... 2 [OK] - ofayau/busybox-jvm Prepare busybox to install a 32 bits JVM. 1 [OK] - shingonoide/archlinux-busybox Arch Linux, a lightweight and flexible Lin... 1 [OK] - odise/busybox-curl 1 [OK] - ofayau/busybox-libc32 Busybox with 32 bits (and 64 bits) libs 1 [OK] - peelsky/zulu-openjdk-busybox 1 [OK] - skomma/busybox-data Docker image suitable for data volume cont... 1 [OK] - elektritter/busybox-teamspeak Lightweight teamspeak3 container based on... 1 [OK] - socketplane/busybox 1 [OK] - oveits/docker-nginx-busybox This is a tiny NginX docker image based on... 0 [OK] - ggtools/busybox-ubuntu Busybox ubuntu version with extra goodies 0 [OK] - nikfoundas/busybox-confd Minimal busybox based distribution of confd 0 [OK] - openshift/busybox-http-app 0 [OK] - jllopis/busybox 0 [OK] - swyckoff/busybox 0 [OK] - powellquiring/busybox 0 [OK] - williamyeh/busybox-sh Docker image for BusyBox's sh 0 [OK] - simplexsys/busybox-cli-powered Docker busybox images, with a few often us... 0 [OK] - fhisamoto/busybox-java Busybox java 0 [OK] - scottabernethy/busybox 0 [OK] - marclop/busybox-solr +```none +$ docker search busybox + +NAME DESCRIPTION STARS OFFICIAL AUTOMATED +busybox Busybox base image. 316 [OK] +progrium/busybox 50 [OK] +radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] +odise/busybox-python 2 [OK] +azukiapp/busybox This image is meant to be used as the base... 2 [OK] +ofayau/busybox-jvm Prepare busybox to install a 32 bits JVM. 1 [OK] +shingonoide/archlinux-busybox Arch Linux, a lightweight and flexible Lin... 1 [OK] +odise/busybox-curl 1 [OK] +ofayau/busybox-libc32 Busybox with 32 bits (and 64 bits) libs 1 [OK] +peelsky/zulu-openjdk-busybox 1 [OK] +skomma/busybox-data Docker image suitable for data volume cont... 1 [OK] +elektritter/busybox-teamspeak Lightweight teamspeak3 container based on... 1 [OK] +socketplane/busybox 1 [OK] +oveits/docker-nginx-busybox This is a tiny NginX docker image based on... 0 [OK] +ggtools/busybox-ubuntu Busybox ubuntu version with extra goodies 0 [OK] +nikfoundas/busybox-confd Minimal busybox based distribution of confd 0 [OK] +openshift/busybox-http-app 0 [OK] +jllopis/busybox 0 [OK] +swyckoff/busybox 0 [OK] +powellquiring/busybox 0 [OK] +williamyeh/busybox-sh Docker image for BusyBox's sh 0 [OK] +simplexsys/busybox-cli-powered Docker busybox images, with a few often us... 0 [OK] +fhisamoto/busybox-java Busybox java 0 [OK] +scottabernethy/busybox 0 [OK] +marclop/busybox-solr +``` ### Display non-truncated description (--no-trunc) This example displays images with a name containing 'busybox', at least 3 stars and the description isn't truncated in the output: - $ docker search --stars=3 --no-trunc busybox - NAME DESCRIPTION STARS OFFICIAL AUTOMATED - busybox Busybox base image. 325 [OK] - progrium/busybox 50 [OK] - radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK] +```bash +$ docker search --stars=3 --no-trunc busybox +NAME DESCRIPTION STARS OFFICIAL AUTOMATED +busybox Busybox base image. 325 [OK] +progrium/busybox 50 [OK] +radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK] +``` -## Limit search results (--limit) +### Limit search results (--limit) The flag `--limit` is the maximum number of results returned by a search. This value could be in the range between 1 and 100. The default value of `--limit` is 25. -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`) @@ -101,34 +107,43 @@ The currently supported filters are: * is-official (true|false) - is the image official or not -### stars +#### stars This example displays images with a name containing 'busybox' and at least 3 stars: - $ docker search --filter stars=3 busybox - NAME DESCRIPTION STARS OFFICIAL AUTOMATED - busybox Busybox base image. 325 [OK] - progrium/busybox 50 [OK] - radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] +```bash +$ docker search --filter stars=3 busybox + +NAME DESCRIPTION STARS OFFICIAL AUTOMATED +busybox Busybox base image. 325 [OK] +progrium/busybox 50 [OK] +radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] +``` -### is-automated +#### is-automated This example displays images with a name containing 'busybox' and are automated builds: - $ docker search --filter is-automated busybox - NAME DESCRIPTION STARS OFFICIAL AUTOMATED - progrium/busybox 50 [OK] - radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] +```bash +$ docker search --filter is-automated busybox -### is-official +NAME DESCRIPTION STARS OFFICIAL AUTOMATED +progrium/busybox 50 [OK] +radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] +``` + +#### is-official This example displays images with a name containing 'busybox', at least 3 stars and are official builds: - $ docker search --filter "is-official=true" --filter "stars=3" busybox - NAME DESCRIPTION STARS OFFICIAL AUTOMATED - progrium/busybox 50 [OK] - radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] +```bash +$ docker search --filter "is-official=true" --filter "stars=3" busybox + +NAME DESCRIPTION STARS OFFICIAL AUTOMATED +progrium/busybox 50 [OK] +radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] +``` diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md index aebcebbcdd..74839f7a9e 100644 --- a/docs/reference/commandline/secret_create.md +++ b/docs/reference/commandline/secret_create.md @@ -25,6 +25,8 @@ Options: -l, --label list Secret labels (default []) ``` +## Description + Creates a secret using standard input or from a file for the secret content. You must run this command on a manager node. @@ -45,9 +47,11 @@ mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.90918108 ```bash $ docker secret create my_secret ./secret.json + mhv17xfe3gh6xc4rij5orpfds $ docker secret ls + ID NAME CREATED UPDATED SIZE mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 ``` @@ -55,10 +59,16 @@ mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.90918108 ### Create a secret with labels ```bash -$ docker secret create --label env=dev --label rev=20161102 my_secret ./secret.json -jtn7g6aukl5ky7nr9gvwafoxh +$ docker secret create --label env=dev \ + --label rev=20161102 \ + my_secret ./secret.json +jtn7g6aukl5ky7nr9gvwafoxh +``` + +```none $ docker secret inspect my_secret + [ { "ID": "jtn7g6aukl5ky7nr9gvwafoxh", @@ -79,11 +89,10 @@ $ docker secret inspect my_secret "SecretSize": 1679 } ] - ``` -## Related information +## Related commands * [secret inspect](secret_inspect.md) * [secret ls](secret_ls.md) diff --git a/docs/reference/commandline/secret_inspect.md b/docs/reference/commandline/secret_inspect.md index de878f74e4..8ced58d783 100644 --- a/docs/reference/commandline/secret_inspect.md +++ b/docs/reference/commandline/secret_inspect.md @@ -25,6 +25,7 @@ Options: --help Print usage ``` +## Description Inspects the specified secret. This command has to be run targeting a manager node. @@ -37,7 +38,7 @@ describes all the details of the format. ## Examples -### Inspecting a secret by name or ID +### Inspect a secret by name or ID You can inspect a secret, either by its *name*, or *ID* @@ -49,8 +50,9 @@ ID NAME CREATED mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC ``` -```bash +```none $ docker secret inspect secret.json + [ { "ID": "mhv17xfe3gh6xc4rij5orpfds", @@ -66,19 +68,22 @@ $ docker secret inspect secret.json ] ``` -### Formatting secret output +### Formatting You can use the --format option to obtain specific information about a secret. The following example command outputs the creation time of the secret. -```bash{% raw %} +```bash +{% raw %} $ docker secret inspect --format='{{.CreatedAt}}' mhv17xfe3gh6xc4rij5orpfds + 2016-10-27 23:25:43.909181089 +0000 UTC -{% endraw %}``` +{% endraw %} +``` -## Related information +## Related commands * [secret create](secret_create.md) * [secret ls](secret_ls.md) diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md index c7b7f2a352..72b9e4696d 100644 --- a/docs/reference/commandline/secret_ls.md +++ b/docs/reference/commandline/secret_ls.md @@ -27,16 +27,20 @@ Options: -q, --quiet Only display IDs ``` +## Description + Run this command on a manager node to list the secrets in the swarm. ## Examples ```bash $ docker secret ls + ID NAME CREATED UPDATED mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC ``` -## Related information + +## Related commands * [secret create](secret_create.md) * [secret inspect](secret_inspect.md) diff --git a/docs/reference/commandline/secret_rm.md b/docs/reference/commandline/secret_rm.md index f504b1ba4f..9887d3331a 100644 --- a/docs/reference/commandline/secret_rm.md +++ b/docs/reference/commandline/secret_rm.md @@ -27,9 +27,13 @@ Options: --help Print usage ``` +## Description + Removes the specified secrets from the swarm. This command has to be run targeting a manager node. +## Examples + This example removes a secret: ```bash @@ -41,7 +45,7 @@ sapth4csdo5b6wz2p5uimh5xg > before removing a secret. -## Related information +## Related commands * [secret create](secret_create.md) * [secret inspect](secret_inspect.md) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 7eefec669e..bb99bf4b9a 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -69,6 +69,8 @@ Options: -w, --workdir string Working directory inside the container ``` +## Description + Creates a service as described by the specified parameters. You must run this command on a manager node. @@ -78,12 +80,15 @@ command on a manager node. ```bash $ docker service create --name redis redis:3.0.6 + dmu1ept4cxcfe8k8lhtux3ro3 $ docker service create --mode global --name redis2 redis:3.0.6 + a8q9dasaafudfs8q8w32udass $ docker service ls + ID NAME MODE REPLICAS IMAGE dmu1ept4cxcf redis replicated 1/1 redis:3.0.6 a8q9dasaafud redis2 global 1/1 redis:3.0.6 @@ -96,6 +101,7 @@ service. The following command creates a `redis` service with `5` replica tasks: ```bash $ docker service create --name redis --replicas=5 redis:3.0.6 + 4cdgfyky7ozwh3htjfw0d12qv ``` @@ -109,6 +115,7 @@ number of `RUNNING` tasks is `3`: ```bash $ docker service ls + ID NAME MODE REPLICAS IMAGE 4cdgfyky7ozw redis replicated 3/5 redis:3.0.7 ``` @@ -118,11 +125,13 @@ equal to the desired number: ```bash $ docker service ls + ID NAME MODE REPLICAS IMAGE 4cdgfyky7ozw redis replicated 5/5 redis:3.0.7 ``` ### Create a service with secrets + Use the `--secret` flag to give a container access to a [secret](secret_create.md). @@ -130,6 +139,7 @@ Create a service specifying a secret: ```bash $ docker service create --name redis --secret secret.json redis:3.0.6 + 4cdgfyky7ozwh3htjfw0d12qv ``` @@ -140,6 +150,7 @@ $ docker service create --name redis \ --secret source=ssh-key,target=ssh \ --secret source=app-key,target=app,uid=1000,gid=1001,mode=0400 \ redis:3.0.6 + 4cdgfyky7ozwh3htjfw0d12qv ``` @@ -173,12 +184,15 @@ This sets environmental variables for all tasks in a service. For example: $ docker service create --name redis_2 --replicas 5 --env MYVAR=foo redis:3.0.6 ``` -### Create a docker service with specific hostname (--hostname) +### Create a service with specific hostname (--hostname) + +This option sets the docker service containers hostname to a specific string. +For example: -This option sets the docker service containers hostname to a specific string. For example: ```bash $ docker service create --name redis --hostname myredis redis:3.0.6 ``` + ### Set metadata on a service (-l, --label) A label is a `key=value` pair that applies metadata to a service. To label a @@ -202,7 +216,7 @@ or write from files or directories on other containers or the host operating system. These types are _data volumes_ (often referred to simply as volumes) and _bind-mounts_. -Additionally, Docker also supports tmpfs mounts. +Additionally, Docker supports `tmpfs` mounts. A **bind-mount** makes a file or directory on the host available to the container it is mounted within. A bind-mount may be either read-only or @@ -304,19 +318,19 @@ The `--mount` flag supports most options that are supported by the `-v` or `--volume` flag for `docker run`, with some important exceptions: - The `--mount` flag allows you to specify a volume driver and volume driver - options *per volume*, without creating the volumes in advance. In contrast, - `docker run` allows you to specify a single volume driver which is shared - by all volumes, using the `--volume-driver` flag. + options *per volume*, without creating the volumes in advance. In contrast, + `docker run` allows you to specify a single volume driver which is shared + by all volumes, using the `--volume-driver` flag. - The `--mount` flag allows you to specify custom metadata ("labels") for a volume, - before the volume is created. + before the volume is created. - When you use `--mount` with `type=bind`, the host-path must refer to an *existing* - path on the host. The path will not be created for you and the service will fail - with an error if the path does not exist. + path on the host. The path will not be created for you and the service will fail + with an error if the path does not exist. - The `--mount` flag does not allow you to relabel a volume with `Z` or `z` flags, - which are used for `selinux` labeling. + which are used for `selinux` labeling. #### Create a service using a named volume @@ -533,18 +547,25 @@ In this example, we are going to set the template of the created containers base service's name and the node's ID where it sits. ```bash -$ docker service create --name hosttempl --hostname={% raw %}"{{.Node.ID}}-{{.Service.Name}}"{% endraw %} busybox top +{% raw %} +$ docker service create --name hosttempl \ + --hostname={% raw %}"{{.Node.ID}}-{{.Service.Name}}"\ + busybox top + va8ew30grofhjoychbr6iot8c $ docker service ps va8ew30grofhjoychbr6iot8c + ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS wo41w8hg8qan hosttempl.1 busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912 2e7a8a9c4da2 Running Running about a minute ago -$ docker inspect --format={% raw %}"{{.Config.Hostname}}"{% endraw %} hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj +$ docker inspect --format="{{.Config.Hostname}}" hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj + x3ti0erg11rjpg64m75kej2mz-hosttempl +{% endraw %} ``` -## Related information +## Related commands * [service inspect](service_inspect.md) * [service logs](service_logs.md) diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 413ae99c29..3e7b1f838b 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -26,6 +26,7 @@ Options: --pretty Print the information in a human friendly format. ``` +## Description Inspects the specified service. This command has to be run targeting a manager node. @@ -38,7 +39,7 @@ describes all the details of the format. ## Examples -### Inspecting a service by name or ID +### Inspect a service by name or ID You can inspect a service, either by its *name*, or *ID* @@ -53,8 +54,9 @@ dmu1ept4cxcf redis replicated 3/3 redis:3.0.6 Both `docker service inspect redis`, and `docker service inspect dmu1ept4cxcf` produce the same result: -```bash +```none $ docker service inspect redis + [ { "ID": "dmu1ept4cxcfe8k8lhtux3ro3", @@ -98,6 +100,7 @@ $ docker service inspect redis ```bash $ docker service inspect dmu1ept4cxcf + [ { "ID": "dmu1ept4cxcfe8k8lhtux3ro3", @@ -109,13 +112,14 @@ $ docker service inspect dmu1ept4cxcf ] ``` -### Inspect a service using pretty-print +### Formatting You can print the inspect output in a human-readable format instead of the default JSON output, by using the `--pretty` option: ```bash $ docker service inspect --pretty frontend + ID: c8wgl7q4ndfd52ni6qftkvnnp Name: frontend Labels: @@ -142,19 +146,22 @@ Ports: You can also use `--format pretty` for the same effect. -### Finding the number of tasks running as part of a service +#### Find the number of tasks running as part of a service The `--format` option can be used to obtain specific information about a service. For example, the following command outputs the number of replicas of the "redis" service. -```bash{% raw %} +```bash +{% raw %} $ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis + 10 -{% endraw %}``` +{% endraw %} +``` -## Related information +## Related commands * [service create](service_create.md) * [service logs](service_logs.md) diff --git a/docs/reference/commandline/service_logs.md b/docs/reference/commandline/service_logs.md index fdf6a3a245..844a58e0cf 100644 --- a/docs/reference/commandline/service_logs.md +++ b/docs/reference/commandline/service_logs.md @@ -30,9 +30,11 @@ Options: -t, --timestamps Show timestamps ``` +## Description + The `docker service logs` command batch-retrieves logs present at the time of execution. -> **Note**: this command is only functional for services that are started with +> **Note**: This command is only functional for services that are started with > the `json-file` or `journald` logging driver. For more information about selecting and configuring logging drivers, refer to @@ -66,7 +68,7 @@ seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. You can combine the `--since` option with either or both of the `--follow` or `--tail` options. -## Related information +## Related commands * [service create](service_create.md) * [service inspect](service_inspect.md) diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index b4e87ab89c..c21bc3f656 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -30,12 +30,18 @@ Options: -q, --quiet Only display IDs ``` +## Description + This command when run targeting a manager, lists services are running in the swarm. +## Examples + On a manager node: + ```bash $ docker service ls + ID NAME MODE REPLICAS IMAGE c8wgl7q4ndfd frontend replicated 5/5 nginx:alpine dmu1ept4cxcf redis replicated 3/3 redis:3.0.6 @@ -45,7 +51,7 @@ iwe3278osahj mongo global 7/7 mongo:3.3 The `REPLICAS` column shows both the *actual* and *desired* number of tasks for the service. -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -56,7 +62,7 @@ The currently supported filters are: * [label](service_ls.md#label) * [name](service_ls.md#name) -#### ID +#### id The `id` filter matches all or part of a service's id. @@ -66,7 +72,7 @@ ID NAME MODE REPLICAS IMAGE 0bcjwfh8ychr redis replicated 1/1 redis:3.0.6 ``` -#### Label +#### label The `label` filter matches services based on the presence of a `label` alone or a `label` and a value. @@ -92,7 +98,7 @@ ID NAME MODE REPLICAS IMAGE 74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 ``` -#### Name +#### name The `name` filter matches on all or part of a service's name. @@ -104,7 +110,7 @@ ID NAME MODE REPLICAS IMAGE 0bcjwfh8ychr redis replicated 1/1 redis:3.0.6 ``` -## Formatting +### Formatting The formatting options (`--format`) pretty-prints services output using a Go template. @@ -127,12 +133,15 @@ The following example uses a template without headers and outputs the `ID`, `Mode`, and `Replicas` entries separated by a colon for all services: ```bash +{% raw %} $ docker service ls --format "{{.ID}}: {{.Mode}} {{.Replicas}}" + 0zmvwuiu3vue: replicated 10/10 fm6uf97exkul: global 5/5 +{% endraw %} ``` -## Related information +## Related commands * [service create](service_create.md) * [service inspect](service_inspect.md) diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 15ac59acaa..e7d95a928d 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -29,12 +29,14 @@ Options: -q, --quiet Only display task IDs ``` +## Description + Lists the tasks that are running as part of the specified services. This command has to be run targeting a manager node. ## Examples -### Listing the tasks that are part of a service +### List the tasks that are part of a service The following command shows all the tasks that are part of the `redis` service: @@ -93,7 +95,7 @@ bk658fpbex0d57cqcwoe3jthu redis.2 redis:3.0.6@sha256:6a692a76c2081888b589 nvjljf7rmor4htv7l8rwcx7i7 \_ redis.2 redis:3.0.6@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842 worker2 Shutdown Rejected 5 minutes ago "No such image: redis@sha256:6a692a76c2081888b589e26e6ec835743119fe453d67ecf03df7de5b73d69842" ``` -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). @@ -108,7 +110,7 @@ The currently supported filters are: * [desired-state](#desired-state) -#### ID +#### id The `id` filter matches on all or a prefix of a task's ID. @@ -120,7 +122,7 @@ ID NAME IMAGE NODE DESIRED STATE CURRENT STATE 8eaxrb2fqpbn redis.10 redis:3.0.6 manager1 Running Running 8 seconds ``` -#### Name +#### name The `name` filter matches on task names. @@ -131,7 +133,7 @@ qihejybwf1x5 redis.1 redis:3.0.6 manager1 Running Running 8 seconds ``` -#### Node +#### node The `node` filter matches on a node name or a node ID. @@ -150,7 +152,7 @@ ID NAME IMAGE NODE DESIRED STATE CURRENT STATE The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. -## Related information +## Related commands * [service create](service_create.md) * [service inspect](service_inspect.md) diff --git a/docs/reference/commandline/service_rm.md b/docs/reference/commandline/service_rm.md index d0ba90b26d..448f2c3b24 100644 --- a/docs/reference/commandline/service_rm.md +++ b/docs/reference/commandline/service_rm.md @@ -27,24 +27,29 @@ Options: --help Print usage ``` +## Description + Removes the specified services from the swarm. This command has to be run targeting a manager node. -For example, to remove the redis service: +## Examples + +Remove the `redis` service: ```bash $ docker service rm redis + redis + $ docker service ls + ID NAME MODE REPLICAS IMAGE ``` > **Warning**: Unlike `docker rm`, this command does not ask for confirmation > before removing a running service. - - -## Related information +## Related commands * [service create](service_create.md) * [service inspect](service_inspect.md) diff --git a/docs/reference/commandline/service_scale.md b/docs/reference/commandline/service_scale.md index 64075ed092..a3aef5fd34 100644 --- a/docs/reference/commandline/service_scale.md +++ b/docs/reference/commandline/service_scale.md @@ -24,9 +24,7 @@ Options: --help Print usage ``` -## Examples - -### Scale a service +## Description The scale command enables you to scale one or more replicated services either up or down to the desired number of replicas. This command cannot be applied on @@ -34,19 +32,27 @@ services which are global mode. The command will return immediately, but the actual scaling of the service may take some time. To stop all replicas of a service while keeping the service active in the swarm you can set the scale to 0. -For example, the following command scales the "frontend" service to 50 tasks. +## Examples + +### Scale a single service + +The following command scales the "frontend" service to 50 tasks. ```bash $ docker service scale frontend=50 + frontend scaled to 50 ``` The following command tries to scale a global service to 10 tasks and returns an error. -``` +```bash $ docker service create --mode global --name backend backend:latest + b4g08uwuairexjub6ome6usqh + $ docker service scale backend=10 + backend: scale can only be used with replicated mode ``` @@ -76,16 +82,18 @@ backend and frontend services: ```bash $ docker service scale backend=3 frontend=5 + backend scaled to 3 frontend scaled to 5 $ docker service ls + ID NAME MODE REPLICAS IMAGE 3pr5mlvu3fh9 frontend replicated 5/5 nginx:alpine 74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 ``` -## Related information +## Related commands * [service create](service_create.md) * [service inspect](service_inspect.md) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 1aab060926..cd51e771d7 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -81,6 +81,8 @@ Options: -w, --workdir string Working directory inside the container ``` +## Description + Updates a service as described by the specified parameters. This command has to be run targeting a manager node. The parameters are the same as [`docker service create`](service_create.md). Please look at the description there for further information. @@ -112,7 +114,7 @@ that only one task is replaced at a time (this is the default behavior). The `--update-delay 30s` setting introduces a 30 second delay between tasks, so that the rolling restart happens gradually. -### Adding and removing mounts +### Add or remove mounts Use the `--mount-add` or `--mount-rm` options add or remove a service's bind-mounts or volumes. @@ -152,7 +154,7 @@ $ docker service update --mount-rm /somewhere myservice myservice ``` -### Adding and removing secrets +### Add or remove secrets Use the `--secret-add` or `--secret-rm` options add or remove a service's secrets. @@ -171,7 +173,7 @@ $ docker service update \ Some flags of `service update` support the use of templating. See [`service create`](./service_create.md#templating) for the reference. -## Related information +## Related commands * [service create](service_create.md) * [service inspect](service_inspect.md) diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 037feaebd7..39456b7ffa 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -30,15 +30,20 @@ Options: --with-registry-auth Send registry authentication details to Swarm agents ``` +## Description + Create and update a stack from a `compose` or a `dab` file on the swarm. This command has to be run targeting a manager node. -## Compose file +## Examples + +### Compose file The `deploy` command supports compose file version `3.0` and above." ```bash $ docker stack deploy --compose-file docker-compose.yml vossibility + Ignoring unsupported options: links Creating network vossibility_vossibility @@ -53,8 +58,9 @@ Creating service vossibility_lookupd You can verify that the services were correctly created -``` +```bash $ docker service ls + ID NAME MODE REPLICAS IMAGE 29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 @@ -64,10 +70,11 @@ ID NAME MODE REPLICAS IMAGE axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba ``` -## DAB file +### DAB file ```bash $ docker stack deploy --bundle-file vossibility-stack.dab vossibility + Loading bundle from vossibility-stack.dab Creating service vossibility_elasticsearch Creating service vossibility_kibana @@ -81,6 +88,7 @@ You can verify that the services were correctly created: ```bash $ docker service ls + ID NAME MODE REPLICAS IMAGE 29bv0vnlm903 vossibility_lookupd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 4awt47624qwh vossibility_nsqd replicated 1/1 nsqio/nsq@sha256:eeba05599f31eba418e96e71e0984c3dc96963ceb66924dd37a47bf7ce18a662 @@ -90,7 +98,7 @@ ID NAME MODE REPLICAS IMAGE axqh55ipl40h vossibility_vossibility-collector replicated 1/1 icecrime/vossibility-collector@sha256:f03f2977203ba6253988c18d04061c5ec7aab46bca9dfd89a9a1fa4500989fba ``` -## Related information +## Related commands * [stack ls](stack_ls.md) * [stack ps](stack_ps.md) diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md index 05c7215492..58cbde004f 100644 --- a/docs/reference/commandline/stack_ls.md +++ b/docs/reference/commandline/stack_ls.md @@ -27,9 +27,13 @@ Options: --help Print usage ``` +## Descriptino + Lists the stacks. -For example, the following command shows all stacks and some additional information: +## Examples + +The following command shows all stacks and some additional information: ```bash $ docker stack ls @@ -39,7 +43,7 @@ vossibility-stack 6 myapp 2 ``` -## Related information +## Related commands * [stack deploy](stack_deploy.md) * [stack ps](stack_ps.md) diff --git a/docs/reference/commandline/stack_ps.md b/docs/reference/commandline/stack_ps.md index 101e9feb11..9f221d8da6 100644 --- a/docs/reference/commandline/stack_ps.md +++ b/docs/reference/commandline/stack_ps.md @@ -27,10 +27,18 @@ Options: --no-trunc Do not truncate output ``` +## Description + Lists the tasks that are running as part of the specified stack. This command has to be run targeting a manager node. -## Filtering +## Examples + +```bash +$ docker stack ps +``` + +### Filtering The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). @@ -43,7 +51,7 @@ The currently supported filters are: * name * desired-state -## Related information +## Related commands * [stack deploy](stack_deploy.md) * [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md index fd639978ec..d9d50433a7 100644 --- a/docs/reference/commandline/stack_rm.md +++ b/docs/reference/commandline/stack_rm.md @@ -27,10 +27,12 @@ Options: --help Print usage ``` +## Description + Remove the stack from the swarm. This command has to be run targeting a manager node. -## Related information +## Related commands * [stack deploy](stack_deploy.md) * [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/stack_services.md b/docs/reference/commandline/stack_services.md index 1814d65356..9fa758d2bb 100644 --- a/docs/reference/commandline/stack_services.md +++ b/docs/reference/commandline/stack_services.md @@ -28,10 +28,14 @@ Options: -q, --quiet Only display IDs ``` +### Description + Lists the services that are running as part of the specified stack. This command has to be run targeting a manager node. -For example, the following command shows all services in the `myapp` stack: +### Examples + +The following command shows all services in the `myapp` stack: ```bash $ docker stack services myapp @@ -41,7 +45,7 @@ ID NAME REPLICAS IMAGE dn7m7nhhfb9y myapp_db 1/1 mysql@sha256:a9a5b559f8821fe73d58c3606c812d1c044868d42c63817fa5125fd9d8b7b539 ``` -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more than one filter, then pass multiple flags (e.g. `--filter "foo=bar" --filter "bif=baz"`). @@ -63,7 +67,7 @@ The currently supported filters are: * name (`--filter name=myapp_web`) * label (`--filter label=key=value`) -## Formatting +### Formatting The formatting options (`--format`) pretty-prints services output using a Go template. @@ -86,13 +90,16 @@ The following example uses a template without headers and outputs the `ID`, `Mode`, and `Replicas` entries separated by a colon for all services: ```bash +{% raw %} $ docker stack services --format "{{.ID}}: {{.Mode}} {{.Replicas}}" + 0zmvwuiu3vue: replicated 10/10 fm6uf97exkul: global 5/5 +{% endraw %} ``` -## Related information +## Related commands * [stack deploy](stack_deploy.md) * [stack ls](stack_ls.md) diff --git a/docs/reference/commandline/start.md b/docs/reference/commandline/start.md index 980bce9585..aa672289ec 100644 --- a/docs/reference/commandline/start.md +++ b/docs/reference/commandline/start.md @@ -26,3 +26,9 @@ Options: --help Print usage -i, --interactive Attach container's STDIN ``` + +## Examples + +```bash +$ docker start my_container +``` diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index f5d0d54f35..0a2428983d 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -27,6 +27,8 @@ Options: --no-stream Disable streaming stats and only pull the first result ``` +## Description + The `docker stats` command returns a live data stream for running containers. To limit data to one or more specific containers, specify a list of container names or ids separated by a space. You can specify a stopped container but stopped containers do not return any data. If you want more detailed information about a container's resource usage, use the `/containers/(id)/stats` API endpoint. @@ -35,41 +37,49 @@ If you want more detailed information about a container's resource usage, use th Running `docker stats` on all running containers against a Linux daemon. - $ docker stats - CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O - 1285939c1fd3 0.07% 796 KiB / 64 MiB 1.21% 788 B / 648 B 3.568 MB / 512 KB - 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B - d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B +```bash +$ docker stats +CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O +1285939c1fd3 0.07% 796 KiB / 64 MiB 1.21% 788 B / 648 B 3.568 MB / 512 KB +9c76f7834ae2 0.07% 2.746 MiB / 64 MiB 4.29% 1.266 KB / 648 B 12.4 MB / 0 B +d1ea048f04e4 0.03% 4.583 MiB / 64 MiB 6.30% 2.854 KB / 648 B 27.7 MB / 0 B +``` Running `docker stats` on multiple containers by name and id against a Linux daemon. - $ docker stats fervent_panini 5acfcb1b4fd1 - CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O - 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B - fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B +```bash +$ docker stats fervent_panini 5acfcb1b4fd1 +CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O +5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B +fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B +``` Running `docker stats` on all running containers against a Windows daemon. - PS E:\> docker stats - CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O - 09d3bb5b1604 6.61% 38.21 MiB 17.1 kB / 7.73 kB 10.7 MB / 3.57 MB - 9db7aa4d986d 9.19% 38.26 MiB 15.2 kB / 7.65 kB 10.6 MB / 3.3 MB - 3f214c61ad1d 0.00% 28.64 MiB 64 kB / 6.84 kB 4.42 MB / 6.93 MB +```powershell +PS E:\> docker stats +CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O +09d3bb5b1604 6.61% 38.21 MiB 17.1 kB / 7.73 kB 10.7 MB / 3.57 MB +9db7aa4d986d 9.19% 38.26 MiB 15.2 kB / 7.65 kB 10.6 MB / 3.3 MB +3f214c61ad1d 0.00% 28.64 MiB 64 kB / 6.84 kB 4.42 MB / 6.93 MB +``` Running `docker stats` on multiple containers by name and id against a Windows daemon. - PS E:\> docker ps -a - CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES - 3f214c61ad1d nanoserver "cmd" 2 minutes ago Up 2 minutes big_minsky - 9db7aa4d986d windowsservercore "cmd" 2 minutes ago Up 2 minutes mad_wilson - 09d3bb5b1604 windowsservercore "cmd" 2 minutes ago Up 2 minutes affectionate_easley +```powershell +PS E:\> docker ps -a +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +3f214c61ad1d nanoserver "cmd" 2 minutes ago Up 2 minutes big_minsky +9db7aa4d986d windowsservercore "cmd" 2 minutes ago Up 2 minutes mad_wilson +09d3bb5b1604 windowsservercore "cmd" 2 minutes ago Up 2 minutes affectionate_easley - PS E:\> docker stats 3f214c61ad1d mad_wilson - CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O - 3f214c61ad1d 0.00% 46.25 MiB 76.3 kB / 7.92 kB 10.3 MB / 14.7 MB - mad_wilson 9.59% 40.09 MiB 27.6 kB / 8.81 kB 17 MB / 20.1 MB +PS E:\> docker stats 3f214c61ad1d mad_wilson +CONTAINER CPU % PRIV WORKING SET NET I/O BLOCK I/O +3f214c61ad1d 0.00% 46.25 MiB 76.3 kB / 7.92 kB 10.3 MB / 14.7 MB +mad_wilson 9.59% 40.09 MiB 27.6 kB / 8.81 kB 17 MB / 20.1 MB +``` -## Formatting +### Formatting The formatting option (`--format`) pretty prints container output using a Go template. @@ -97,21 +107,25 @@ The following example uses a template without headers and outputs the `Container` and `CPUPerc` entries separated by a colon for all images: ```bash +{% raw %} $ docker stats --format "{{.Container}}: {{.CPUPerc}}" 09d3bb5b1604: 6.61% 9db7aa4d986d: 9.19% 3f214c61ad1d: 0.00% +{% endraw %} ``` To list all containers statistics with their name, CPU percentage and memory usage in a table format you can use: ```bash +{% raw %} $ docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" CONTAINER CPU % PRIV WORKING SET 1285939c1fd3 0.07% 796 KiB / 64 MiB 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB d1ea048f04e4 0.03% 4.583 MiB / 64 MiB +{% endraw %} ``` diff --git a/docs/reference/commandline/stop.md b/docs/reference/commandline/stop.md index 3090db98ae..dc00b38af5 100644 --- a/docs/reference/commandline/stop.md +++ b/docs/reference/commandline/stop.md @@ -25,5 +25,13 @@ Options: -t, --time int Seconds to wait for stop before killing it (default 10) ``` +## Description + The main process inside the container will receive `SIGTERM`, and after a grace period, `SIGKILL`. + +## Examples + +```bash +$ docker stop my_container +``` diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 2f39316181..8bf0de884e 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -35,9 +35,12 @@ Options: --task-history-limit int Task history retention limit (default 5) ``` +## Description + Initialize a swarm. The docker engine targeted by this command becomes a manager in the newly created single-node swarm. +## Examples ```bash $ docker swarm init --advertise-addr 192.168.99.121 @@ -144,7 +147,7 @@ dedicated manager nodes that are not served as worker nodes. This could be achie by passing `--availability=drain` to `docker swarm init`. -## Related information +## Related commands * [swarm join](swarm_join.md) * [swarm join-token](swarm_join_token.md) diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 06bba1f41d..c7649506ff 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -28,10 +28,14 @@ Options: --token string Token for entry into the swarm ``` +## Description + Join a node to a swarm. The node joins as a manager node or worker node based upon the token you pass with the `--token` flag. If you pass a manager token, the node joins as a manager. If you pass a worker token, the node joins as a worker. +## Examples + ### Join a node to swarm as a manager The example below demonstrates joining a manager node using a manager token. @@ -105,7 +109,7 @@ dedicated manager nodes that are not served as worker nodes. This could be achie by passing `--availability=drain` to `docker swarm join`. -## Related information +## Related commands * [swarm init](swarm_init.md) * [swarm join-token](swarm_join_token.md) diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index 3603640d13..4638a92fd4 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -26,12 +26,16 @@ Options: --rotate Rotate join token ``` +## Description + Join tokens are secrets that allow a node to join the swarm. There are two different join tokens available, one for the worker role and one for the manager role. You pass the token using the `--token` flag when you run [swarm join](swarm_join.md). Nodes use the join token only when they join the swarm. +## Examples + You can view or rotate the join tokens using `swarm join-token`. As a convenience, you can pass `worker` or `manager` as an argument to @@ -100,7 +104,7 @@ because the join token is only used for authorizing new nodes joining the swarm. Only print the token. Do not print a complete command for joining. -## Related information +## Related commands * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index a08f7f80ea..c5da595d95 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -25,6 +25,8 @@ Options: --help Print usage ``` +## Description + When you run this command on a worker, that worker leaves the swarm. You can use the `--force` option on a manager to remove it from the swarm. @@ -34,7 +36,10 @@ from a swarm is to demote it to a worker and then direct it to leave the quorum without using `--force`. Only use `--force` in situations where the swarm will no longer be used after the manager leaves, such as in a single-node swarm. +## Examples + Consider the following swarm, as seen from the manager: + ```bash $ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS @@ -55,7 +60,7 @@ affects swarm operation, but a long list of `down` nodes can clutter the node list. To remove an inactive node from the list, use the [`node rm`](node_rm.md) command. -## Related information +## Related commands * [node rm](node_rm.md) * [swarm init](swarm_init.md) diff --git a/docs/reference/commandline/swarm_unlock.md b/docs/reference/commandline/swarm_unlock.md index fa6cfdf29e..b507008c1a 100644 --- a/docs/reference/commandline/swarm_unlock.md +++ b/docs/reference/commandline/swarm_unlock.md @@ -24,18 +24,21 @@ Options: --help Print usage ``` +## Description + Unlocks a locked manager using a user-supplied unlock key. This command must be used to reactivate a manager after its Docker daemon restarts if the autolock setting is turned on. The unlock key is printed at the time when autolock is enabled, and is also available from the `docker swarm unlock-key` command. +## Examples ```bash $ docker swarm unlock Please enter unlock key: ``` -## Related information +## Related commands * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) diff --git a/docs/reference/commandline/swarm_unlock_key.md b/docs/reference/commandline/swarm_unlock_key.md index d3dae27adb..42faae83aa 100644 --- a/docs/reference/commandline/swarm_unlock_key.md +++ b/docs/reference/commandline/swarm_unlock_key.md @@ -26,6 +26,8 @@ Options: --rotate Rotate unlock key ``` +## Description + An unlock key is a secret key needed to unlock a manager after its Docker daemon restarts. These keys are only used when the autolock feature is enabled for the swarm. @@ -33,9 +35,11 @@ swarm. You can view or rotate the unlock key using `swarm unlock-key`. To view the key, run the `docker swarm unlock-key` command without any arguments: +## Examples ```bash $ docker swarm unlock-key + To unlock a swarm manager after it restarts, run the `docker swarm unlock` command and provide the following key: @@ -77,7 +81,7 @@ key. The old unlock key will no longer be accepted. Only print the unlock key, without instructions. -## Related information +## Related commands * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 04982574de..981eeba194 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -31,14 +31,17 @@ Options: --task-history-limit int Task history retention limit (default 5) ``` +## Description + Updates a swarm with new parameter values. This command must target a manager node. +## Examples ```bash $ docker swarm update --cert-expiry 720h ``` -## Related information +## Related commands * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) diff --git a/docs/reference/commandline/system_df.md b/docs/reference/commandline/system_df.md index c6e8bbdc68..6758bdeb72 100644 --- a/docs/reference/commandline/system_df.md +++ b/docs/reference/commandline/system_df.md @@ -25,12 +25,18 @@ Options: -v, --verbose Show detailed information on space usage ``` +## Description + The `docker system df` command displays information regarding the amount of disk space used by the docker daemon. +## Examples + By default the command will just show a summary of the data used: + ```bash $ docker system df + TYPE TOTAL ACTIVE SIZE RECLAIMABLE Images 5 2 16.43 MB 11.63 MB (70%) Containers 2 0 212 B 212 B (100%) @@ -38,8 +44,10 @@ Local Volumes 2 1 36 B ``` A more detailed view can be requested using the `-v, --verbose` flag: + ```bash $ docker system df -v + Images space usage: REPOSITORY TAG IMAGE ID CREATED SIZE SHARED SIZE UNIQUE SIZE CONTAINERS @@ -66,9 +74,10 @@ my-named-vol 0 * `UNIQUE SIZE` is the amount of space that is only used by a given image * `SIZE` is the virtual size of the image, it is the sum of `SHARED SIZE` and `UNIQUE SIZE` -Note that network information is not shown because it doesn't consume the disk space. +> **Note**: Network information is not shown because it doesn't consume the disk +> space. -## Related Information +## Related commands * [system prune](system_prune.md) * [container prune](container_prune.md) * [volume prune](volume_prune.md) diff --git a/docs/reference/commandline/system_prune.md b/docs/reference/commandline/system_prune.md index b6764a779f..3e5ff413bc 100644 --- a/docs/reference/commandline/system_prune.md +++ b/docs/reference/commandline/system_prune.md @@ -27,12 +27,15 @@ Options: --help Print usage ``` +## Description + Remove all unused containers, volumes, networks and images (both dangling and unreferenced). -Example output: +## Examples ```bash $ docker system prune -a + WARNING! This will remove: - all stopped containers - all volumes not used by at least one container @@ -65,7 +68,7 @@ deleted: sha256:3a88a5c81eb5c283e72db2dbc6d65cbfd8e80b6c89bb6e714cfaaa0eed99c548 Total reclaimed space: 13.5 MB ``` -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -86,7 +89,7 @@ that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a fraction of a second no more than nine digits long. -## Related information +## Related commands * [volume create](volume_create.md) * [volume ls](volume_ls.md) diff --git a/docs/reference/commandline/tag.md b/docs/reference/commandline/tag.md index ebb4c23c10..5f9defd8a9 100644 --- a/docs/reference/commandline/tag.md +++ b/docs/reference/commandline/tag.md @@ -24,6 +24,8 @@ Options: --help Print usage ``` +## Description + An image name is made up of slash-separated name components, optionally prefixed by a registry hostname. The hostname must comply with standard DNS rules, but may not contain underscores. If a hostname is present, it may optionally be @@ -40,35 +42,43 @@ period or a dash and may contain a maximum of 128 characters. You can group your images together using names and tags, and then upload them to [*Share Images via Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/#/contributing-to-docker-hub). -# Examples +## Examples -## Tagging an image referenced by ID +### Tag an image referenced by ID To tag a local image with ID "0e5574283393" into the "fedora" repository with "version1.0": - docker tag 0e5574283393 fedora/httpd:version1.0 +```bash +$ docker tag 0e5574283393 fedora/httpd:version1.0 +``` -## Tagging an image referenced by Name +### Tag an image referenced by Name To tag a local image with name "httpd" into the "fedora" repository with "version1.0": - docker tag httpd fedora/httpd:version1.0 +```bash +$ docker tag httpd fedora/httpd:version1.0 +``` Note that since the tag name is not specified, the alias is created for an existing local version `httpd:latest`. -## Tagging an image referenced by Name and Tag +### Tag an image referenced by Name and Tag To tag a local image with name "httpd" and tag "test" into the "fedora" repository with "version1.0.test": - docker tag httpd:test fedora/httpd:version1.0.test +```bash +$ docker tag httpd:test fedora/httpd:version1.0.test +``` -## Tagging an image for a private repository +### Tag an image for a private repository To push an image to a private registry and not the central Docker registry you must tag it with the registry hostname and port (if needed). - docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 +```bash +$ docker tag 0e5574283393 myregistryhost:5000/fedora/httpd:version1.0 +``` diff --git a/docs/reference/commandline/unpause.md b/docs/reference/commandline/unpause.md index aa2326fefc..8915a43b40 100644 --- a/docs/reference/commandline/unpause.md +++ b/docs/reference/commandline/unpause.md @@ -24,6 +24,8 @@ Options: --help Print usage ``` +## Description + The `docker unpause` command un-suspends all processes in the specified containers. On Linux, it does this using the cgroups freezer. @@ -31,6 +33,12 @@ See the [cgroups freezer documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt) for further details. -## Related information +## Examples + +```bash +$ docker unpause my_container +``` + +## Related commands * [pause](pause.md) diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index a13900440f..f41cf39db8 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -37,6 +37,8 @@ Options: --restart string Restart policy to apply when a container exits ``` +## Description + The `docker update` command dynamically updates container configuration. You can use this command to prevent containers from consuming too many resources from their Docker host. With a single command, you can place diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index cb1bcee5b3..c2693886b9 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -25,6 +25,8 @@ Options: --help Print usage ``` +## Description + By default, this will render all version information in an easy to read layout. If a format is specified, the given template will be executed instead. @@ -33,35 +35,44 @@ describes all the details of the format. ## Examples -**Default output:** +### Default output - $ docker version - Client: - Version: 1.8.0 - API version: 1.20 - Go version: go1.4.2 - Git commit: f5bae0a - Built: Tue Jun 23 17:56:00 UTC 2015 - OS/Arch: linux/amd64 +```bash +$ docker version - Server: - Version: 1.8.0 - API version: 1.20 - Go version: go1.4.2 - Git commit: f5bae0a - Built: Tue Jun 23 17:56:00 UTC 2015 - OS/Arch: linux/amd64 +Client: +Version: 1.8.0 +API version: 1.20 +Go version: go1.4.2 +Git commit: f5bae0a +Built: Tue Jun 23 17:56:00 UTC 2015 +OS/Arch: linux/amd64 -**Get server version:** +Server: +Version: 1.8.0 +API version: 1.20 +Go version: go1.4.2 +Git commit: f5bae0a +Built: Tue Jun 23 17:56:00 UTC 2015 +OS/Arch: linux/amd64 +``` - {% raw %} - $ docker version --format '{{.Server.Version}}' - 1.8.0 - {% endraw %} +### Get the server version -**Dump raw data:** +```bash +{% raw %} +$ docker version --format '{{.Server.Version}}' - {% raw %} - $ docker version --format '{{json .}}' - {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} - {% endraw %} +1.8.0 +{% endraw %} +``` + +### Dump raw JSON data + +```bash +{% raw %} +$ docker version --format '{{json .}}' + +{"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} +{% endraw %} +``` diff --git a/docs/reference/commandline/volume_create.md b/docs/reference/commandline/volume_create.md index 9b188a9500..b1eed37b5c 100644 --- a/docs/reference/commandline/volume_create.md +++ b/docs/reference/commandline/volume_create.md @@ -27,33 +27,51 @@ Options: -o, --opt value Set driver specific options (default map[]) ``` -Creates a new volume that containers can consume and store data in. If a name is not specified, Docker generates a random name. You create a volume and then configure the container to use it, for example: +## Description + +Creates a new volume that containers can consume and store data in. If a name is +not specified, Docker generates a random name. + +## Examples + +Create a volume and then configure the container to use it: ```bash $ docker volume create hello + hello $ docker run -d -v hello:/world busybox ls /world ``` -The mount is created inside the container's `/world` directory. Docker does not support relative paths for mount points inside the container. +The mount is created inside the container's `/world` directory. Docker does not +support relative paths for mount points inside the container. -Multiple containers can use the same volume in the same time period. This is useful if two containers need access to shared data. For example, if one container writes and the other reads the data. +Multiple containers can use the same volume in the same time period. This is +useful if two containers need access to shared data. For example, if one +container writes and the other reads the data. -Volume names must be unique among drivers. This means you cannot use the same volume name with two different drivers. If you attempt this `docker` returns an error: +Volume names must be unique among drivers. This means you cannot use the same +volume name with two different drivers. If you attempt this `docker` returns an +error: -``` +```none A volume named "hello" already exists with the "some-other" driver. Choose a different volume name. ``` -If you specify a volume name already in use on the current driver, Docker assumes you want to re-use the existing volume and does not return an error. +If you specify a volume name already in use on the current driver, Docker +assumes you want to re-use the existing volume and does not return an error. -## Driver specific options +### Driver-specific options -Some volume drivers may take options to customize the volume creation. Use the `-o` or `--opt` flags to pass driver options: +Some volume drivers may take options to customize the volume creation. Use the +`-o` or `--opt` flags to pass driver options: ```bash -$ docker volume create --driver fake --opt tardis=blue --opt timey=wimey +$ docker volume create --driver fake \ + --opt tardis=blue \ + --opt timey=wimey \ + foo ``` These options are passed directly to the volume driver. Options for @@ -61,28 +79,44 @@ different volume drivers may do different things (or nothing at all). The built-in `local` driver on Windows does not support any options. -The built-in `local` driver on Linux accepts options similar to the linux `mount` command. You can provide multiple options by passing the `--opt` flag multiple times. Some `mount` options (such as the `o` option) can take a comma-separated list of options. Complete list of available mount options can be found [here](http://man7.org/linux/man-pages/man8/mount.8.html). +The built-in `local` driver on Linux accepts options similar to the linux +`mount` command. You can provide multiple options by passing the `--opt` flag +multiple times. Some `mount` options (such as the `o` option) can take a +comma-separated list of options. Complete list of available mount options can be +found [here](http://man7.org/linux/man-pages/man8/mount.8.html). -For example, the following creates a `tmpfs` volume called `foo` with a size of 100 megabyte and `uid` of 1000. +For example, the following creates a `tmpfs` volume called `foo` with a size of +100 megabyte and `uid` of 1000. ```bash -$ docker volume create --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=100m,uid=1000 foo +$ docker volume create --driver local \ + --opt type=tmpfs \ + --opt device=tmpfs \ + --opt o=size=100m,uid=1000 \ + foo ``` Another example that uses `btrfs`: ```bash -$ docker volume create --driver local --opt type=btrfs --opt device=/dev/sda2 foo +$ docker volume create --driver local \ + --opt type=btrfs \ + --opt device=/dev/sda2 \ + foo ``` -Another example that uses `nfs` to mount the `/path/to/dir` in `rw` mode from `192.168.1.1`: +Another example that uses `nfs` to mount the `/path/to/dir` in `rw` mode from +`192.168.1.1`: ```bash -$ docker volume create --driver local --opt type=nfs --opt o=addr=192.168.1.1,rw --opt device=:/path/to/dir foo +$ docker volume create --driver local \ + --opt type=nfs \ + --opt o=addr=192.168.1.1,rw \ + --opt device=:/path/to/dir \ + foo ``` - -## Related information +## Related commands * [volume inspect](volume_inspect.md) * [volume ls](volume_ls.md) diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 98e0ee5abf..530c2b1feb 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -25,32 +25,36 @@ Options: --help Print usage ``` +## Description + Returns information about a volume. By default, this command renders all results in a JSON array. You can specify an alternate format to execute a given template for each result. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. -Example output: +## Examples - $ docker volume create - 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d - $ docker volume inspect 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d - [ - { - "Name": "85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d", - "Driver": "local", - "Mountpoint": "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data", - "Status": null - } - ] +```bash +$ docker volume create +85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d +$ docker volume inspect 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d +[ + { + "Name": "85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d", + "Driver": "local", + "Mountpoint": "/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data", + "Status": null + } +] - {% raw %} - $ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d - /var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data - {% endraw %} +{% raw %} +$ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d +/var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data +{% endraw %} +``` -## Related information +## Related commands * [volume create](volume_create.md) * [volume ls](volume_ls.md) diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 8d012f1379..06aaa2b964 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -34,22 +34,32 @@ Options: -q, --quiet Only display volume names ``` -List all the volumes Docker knows about. You can filter using the `-f` or `--filter` flag. Refer to the [filtering](#filtering) section for more information about available filter options. +## Description -Example output: +List all the volumes known to Docker. You can filter using the `-f` or +`--filter` flag. Refer to the [filtering](#filtering) section for more +information about available filter options. +## Examples + +### Create a volume ```bash $ docker volume create rosemary + rosemary -$docker volume create tyler + +$ docker volume create tyler + tyler + $ docker volume ls + DRIVER VOLUME NAME local rosemary local tyler ``` -## Filtering +### Filtering The filtering flag (`-f` or `--filter`) format is of "key=value". If there is more than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) @@ -61,7 +71,7 @@ The currently supported filters are: * label (`label=` or `label==`) * name (a volume's name) -### dangling +#### dangling The `dangling` filter matches on all volumes not referenced by any containers @@ -74,7 +84,7 @@ DRIVER VOLUME NAME local rosemary ``` -### driver +#### driver The `driver` filter matches volumes based on their driver. @@ -88,7 +98,7 @@ local rosemary local tyler ``` -#### Label +#### label The `label` filter matches volumes based on the presence of a `label` alone or a `label` and a value. @@ -97,8 +107,10 @@ First, let's create some volumes to illustrate this; ```bash $ docker volume create the-doctor --label is-timelord=yes + the-doctor $ docker volume create daleks --label is-timelord=no + daleks ``` @@ -113,7 +125,7 @@ local daleks local the-doctor ``` -As can be seen in the above example, both volumes with `is-timelord=yes`, and +As the above example demonstrates, both volumes with `is-timelord=yes`, and `is-timelord=no` are returned. Filtering on both `key` *and* `value` of the label, produces the expected result: @@ -134,17 +146,20 @@ $ docker volume ls --filter label=is-timelord=yes --filter label=is-timelord=no DRIVER VOLUME NAME ``` -### name +#### name The `name` filter matches on all or part of a volume's name. The following filter matches all volumes with a name containing the `rose` string. - $ docker volume ls -f name=rose - DRIVER VOLUME NAME - local rosemary +```bash +$ docker volume ls -f name=rose -## Formatting +DRIVER VOLUME NAME +local rosemary +``` + +### Formatting The formatting options (`--format`) pretty-prints volumes output using a Go template. @@ -168,13 +183,16 @@ The following example uses a template without headers and outputs the `Name` and `Driver` entries separated by a colon for all volumes: ```bash +{% raw %} $ docker volume ls --format "{{.Name}}: {{.Driver}}" + vol1: local vol2: local vol3: local +{% endraw %} ``` -## Related information +## Related commands * [volume create](volume_create.md) * [volume inspect](volume_inspect.md) diff --git a/docs/reference/commandline/volume_prune.md b/docs/reference/commandline/volume_prune.md index d910a49cdc..a9c4b70fc4 100644 --- a/docs/reference/commandline/volume_prune.md +++ b/docs/reference/commandline/volume_prune.md @@ -25,12 +25,15 @@ Options: --help Print usage ``` +## Description + Remove all unused volumes. Unused volumes are those which are not referenced by any containers -Example output: +## Examples ```bash $ docker volume prune + WARNING! This will remove all volumes not used by at least one container. Are you sure you want to continue? [y/N] y Deleted Volumes: @@ -40,7 +43,7 @@ my-named-vol Total reclaimed space: 36 B ``` -## Related information +## Related commands * [volume create](volume_create.md) * [volume ls](volume_ls.md) diff --git a/docs/reference/commandline/volume_rm.md b/docs/reference/commandline/volume_rm.md index 1bf9dba220..a1f2d3b9ff 100644 --- a/docs/reference/commandline/volume_rm.md +++ b/docs/reference/commandline/volume_rm.md @@ -28,12 +28,18 @@ Options: --help Print usage ``` +## Description + Remove one or more volumes. You cannot remove a volume that is in use by a container. - $ docker volume rm hello - hello +## Examples -## Related information +```bash + $ docker volume rm hello + hello +``` + +## Related commands * [volume create](volume_create.md) * [volume inspect](volume_inspect.md) diff --git a/docs/reference/commandline/wait.md b/docs/reference/commandline/wait.md index a07b82b071..ee8f9ab243 100644 --- a/docs/reference/commandline/wait.md +++ b/docs/reference/commandline/wait.md @@ -23,3 +23,36 @@ Block until one or more containers stop, then print their exit codes Options: --help Print usage ``` + +> **Note**: `docker wait` returns `0` when run against a container which had +> already exited before the `docker wait` command was run. + +## Examples + +Start a container in the background. + +```bash +$ docker run -dit --name=my_container ubuntu bash +``` + +Run `docker wait`, which should block until the container exits. + +```bash +$ docker wait my_container +``` + +In another terminal, stop the first container. The `docker wait` command above +returns the exit code. + +```bash +$ docker stop my_container +``` + +This is the same `docker wait` command from above, but it now exits, returning +`0`. + +```bash +$ docker wait my_container + +0 +``` From 4113925b2552cf22f66c5e0ff4db8b19c6c366fb Mon Sep 17 00:00:00 2001 From: allencloud Date: Fri, 3 Feb 2017 16:34:45 +0800 Subject: [PATCH 2322/2538] add missing filter type and sort filter type in alphabets Signed-off-by: allencloud --- docs/reference/commandline/events.md | 6 +++--- docs/reference/commandline/ps.md | 21 +++++++++++---------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index bc24dab233..d4599adcc5 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -143,14 +143,14 @@ container container 588a23dac085 *AND* the event type is *start* The currently supported filters are: * container (`container=`) +* daemon (`daemon=`) * event (`event=`) * image (`image=`) -* plugin (experimental) (`plugin=`) * label (`label=` or `label==`) +* network (`network=`) +* plugin (`plugin=`) * type (`type=`) * volume (`volume=`) -* network (`network=`) -* daemon (`daemon=`) #### Format diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 7c06fbdafa..d47418befb 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -23,19 +23,20 @@ List containers Options: -a, --all Show all containers (default shows just running) -f, --filter value Filter output based on conditions provided (default []) - - exited= an exit code of - - label= or label== - - status=(created|restarting|removing|running|paused|exited) - - name= a container's name - - id= a container's ID - - before=(|) - - since=(|) - ancestor=([:tag]||) containers created from an image or a descendant. - - publish=([/]|/[]) - - expose=([/]|/[]) - - is-task=(true|false) + - before=(|) + - exited= an exit code of - health=(starting|healthy|unhealthy|none) + - id= a container's ID + - isolation=(`default`|`process`|`hyperv`) (Windows daemon only) + - is-task=(true|false) + - label= or label== + - name= a container's name + - network=(|) + - since=(|) + - status=(created|restarting|removing|running|paused|exited) + - volume=(|) --format string Pretty-print containers using a Go template --help Print usage -n, --last int Show n last created containers (includes all states) (default -1) From 1507e86ada726ebe605070794444739451272426 Mon Sep 17 00:00:00 2001 From: allencloud Date: Sat, 4 Feb 2017 14:28:14 +0800 Subject: [PATCH 2323/2538] add expose and publish filter in swagger.yml and CLI docs for docker/master Signed-off-by: allencloud --- docs/reference/commandline/ps.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index d47418befb..96f193658c 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -26,6 +26,7 @@ Options: - ancestor=([:tag]||) containers created from an image or a descendant. - before=(|) + - expose=([/]|/[]) - exited= an exit code of - health=(starting|healthy|unhealthy|none) - id= a container's ID @@ -34,6 +35,7 @@ Options: - label= or label== - name= a container's name - network=(|) + - publish=([/]|/[]) - since=(|) - status=(created|restarting|removing|running|paused|exited) - volume=(|) From 022d972c38a346b6b086ff4d27b4fbf4cafae746 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Mon, 19 Dec 2016 16:53:32 -0800 Subject: [PATCH 2324/2538] Define bridge networks Signed-off-by: Misty Stanley-Jones --- docs/reference/glossary.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index faaa0ea070..f829ad54c0 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -32,6 +32,28 @@ An image that has no parent is a **base image**. [boot2docker](http://boot2docker.io/) is a lightweight Linux distribution made specifically to run Docker containers. The boot2docker management tool for Mac and Windows was deprecated and replaced by [`docker-machine`](#machine) which you can install with the Docker Toolbox. +## bridge + +In terms of generic networking, a bridge is a Link Layer device which forwards +traffic between network segments. A bridge can be a hardware device or a +software device running within a host machine's kernel. + +In terms of Docker, a bridge network uses a software bridge which allows +containers connected to the same bridge network to communicate, while providing +isolation from containers which are not connected to that bridge network. +The Docker bridge driver automatically installs rules in the host machine so +that containers on different bridge networks cannot communicate directly with +each other. + +The default bridge network, which is also named `bridge`, behaves differently +from user-defined bridge networks. Containers connected to the default `bridge` +network can communicate with each other across the bridge by IP address but +cannot resolve each other's container name to an IP address unless they are +explicitly linked using the `--link` flag to `docker run`. + +For more information about Docker networking, see +[Understand container communication](https://docs.docker.com/engine/userguide/networking/default_network/container-communication/). + ## btrfs btrfs (B-tree file system) is a Linux [filesystem](#filesystem) that Docker From 620247aab4ed7019a0987d0eba0147c15d614f77 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 17:31:32 +0100 Subject: [PATCH 2325/2538] Add zsh completion for missing 'docker swarm init|update' options Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3eb8f94478..201b4ec96b 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2083,7 +2083,11 @@ __docker_swarm_subcommand() { (init) _arguments $(__docker_arguments) \ $opts_help \ - "($help)--advertise-addr[Advertised address]:ip\:port: " \ + "($help)--advertise-addr=[Advertised address]:ip\:port: " \ + "($help)--autolock[Enable manager autolocking]" \ + "($help)--availability=[Availability of the node]:availability:(active drain pause)" \ + "($help)--cert-expiry=[Validity period for node certificates]:duration: " \ + "($help)--dispatcher-heartbeat=[Dispatcher heartbeat period]:duration: " \ "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ "($help)--force-new-cluster[Force create a new cluster from current state]" \ "($help)--listen-addr=[Listen address]:ip\:port: " \ @@ -2115,9 +2119,10 @@ __docker_swarm_subcommand() { (update) _arguments $(__docker_arguments) \ $opts_help \ + "($help)--autolock[Enable manager autolocking]" \ "($help)--cert-expiry=[Validity period for node certificates]:duration: " \ - "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ "($help)--dispatcher-heartbeat=[Dispatcher heartbeat period]:duration: " \ + "($help)*--external-ca=[Specifications of one or more certificate signing endpoints]:endpoint: " \ "($help)--max-snapshots[Number of additional Raft snapshots to retain]" \ "($help)--snapshot-interval[Number of log entries between Raft snapshots]" \ "($help)--task-history-limit=[Task history retention limit]:limit: " && ret=0 From acff7d285d8c45e1df6be60c5233412c3940bf11 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 17:44:17 +0100 Subject: [PATCH 2326/2538] Add zsh completion for 'docker swarm unlock|unlock-key' commands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 201b4ec96b..013a29bd93 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2067,6 +2067,8 @@ __docker_swarm_commands() { "join:Join a swarm as a node and/or manager" "join-token:Manage join tokens" "leave:Leave a swarm" + "unlock:Unlock swarm" + "unlock-key:Manage the unlock key" "update:Update the swarm" ) _describe -t docker-swarm-commands "docker swarm command" _docker_swarm_subcommands @@ -2116,6 +2118,16 @@ __docker_swarm_subcommand() { $opts_help \ "($help -f --force)"{-f,--force}"[Force this node to leave the swarm, ignoring warnings]" && ret=0 ;; + (unlock) + _arguments $(__docker_arguments) \ + $opts_help && ret=0 + ;; + (unlock-key) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -q --quiet)"{-q,--quiet}"[Only display token]" \ + "($help)--rotate[Rotate unlock token]" && ret=0 + ;; (update) _arguments $(__docker_arguments) \ $opts_help \ From ecc4938091e6dc7c412847d6528a599a26c2363a Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 12 Feb 2017 15:15:15 -0800 Subject: [PATCH 2327/2538] Add missing link in deprecated.md This fix adds a missing link in deprecated.md ``` Deprecated In Release: [v1.13.0]... ``` Signed-off-by: Yong Tang --- docs/deprecated.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 1298370ba9..a88e398079 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -23,7 +23,7 @@ see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-depreca ### Top-level network properties in NetworkSettings -**Deprecated In Release: v1.13.0** +**Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** **Target For Removal In Release: v1.16** From 225c67f074ea9619671b617b3a01b4d38be6137c Mon Sep 17 00:00:00 2001 From: yupengzte Date: Mon, 13 Feb 2017 15:47:38 +0800 Subject: [PATCH 2328/2538] fix typo Signed-off-by: yupengzte --- docs/reference/commandline/exec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/exec.md b/docs/reference/commandline/exec.md index df2ad6eae8..1ae46cf194 100644 --- a/docs/reference/commandline/exec.md +++ b/docs/reference/commandline/exec.md @@ -31,7 +31,7 @@ Options: -u, --user Username or UID (format: [:]) ``` -## Descriptino +## Description The `docker exec` command runs a new command in a running container. From 58ef5d4760d8ce0da19995ca234ccd04cc085e92 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 20:11:13 +0100 Subject: [PATCH 2329/2538] Add zsh completion for 'docker build --squash' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 013a29bd93..0f3ed20921 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -946,6 +946,7 @@ __docker_image_subcommand() { "($help -q --quiet)"{-q,--quiet}"[Suppress verbose build output]" \ "($help)--rm[Remove intermediate containers after a successful build]" \ "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " \ + "($help)--squash[Squash newly built layers into a single new layer]" \ "($help -t --tag)*"{-t=,--tag=}"[Repository, name and tag for the image]: :__docker_complete_repositories_with_tags" \ "($help)*--ulimit=[ulimit options]:ulimit: " \ "($help)--userns=[Container user namespace]:user namespace:(host)" \ From e4c858dba4f1a11ddc25e14b0124c64bc1bb16a9 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 21:10:37 +0100 Subject: [PATCH 2330/2538] Add zsh completion for 'dockerd --default-shm-size' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 0f3ed20921..620e2cc3b5 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2408,6 +2408,7 @@ __docker_subcommand() { "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ + "($help)--default-shm-size=[Default shm size for containers]:size:" \ "($help)*--default-ulimit=[Default ulimits for containers]:ulimit: " \ "($help)--disable-legacy-registry[Disable contacting legacy registries]" \ "($help)*--dns=[DNS server to use]:DNS: " \ From d36a82bcaf46f59be3425ebb7e1d5538c4f72718 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 21:24:13 +0100 Subject: [PATCH 2331/2538] Add zsh completion for 'docker {ps,service ls} --filter expose|publish' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 620e2cc3b5..4236317519 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -362,7 +362,7 @@ __docker_complete_ps_filters() { ;; esac else - opts=('ancestor' 'before' 'exited' 'health' 'id' 'label' 'name' 'network' 'since' 'status' 'volume') + opts=('ancestor' 'before' 'exited' 'expose' 'health' 'id' 'label' 'name' 'network' 'publish' 'since' 'status' 'volume') _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 fi From f8462e533e7a79bd8004291725ae56c94e62f753 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 21:17:00 +0100 Subject: [PATCH 2332/2538] Add zsh completion for 'docker {service ls,stack services} --format' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 4236317519..d1d0c16046 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1846,6 +1846,7 @@ __docker_service_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:->filter-options" \ + "($help)--format=[Pretty-print services using a Go template]:template: " \ "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 case $state in (filter-options) @@ -2046,6 +2047,7 @@ __docker_stack_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_stack_complete_services_filters" \ + "($help)--format=[Pretty-print services using a Go template]:template: " \ "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" \ "($help -):stack:__docker_complete_stacks" && ret=0 ;; From af095f572e6cc1c5269e0047b44823d71aae1baf Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 13 Feb 2017 18:49:37 +0100 Subject: [PATCH 2333/2538] Fix bash completion for `--log-opt mode` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d572f99801..8d306437ca 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -790,7 +790,7 @@ __docker_complete_log_driver_options() { return ;; mode) - COMPREPLY=( $( compgen -W "blocking nonblocking" -- "${cur##*=}" ) ) + COMPREPLY=( $( compgen -W "blocking non-blocking" -- "${cur##*=}" ) ) return ;; syslog-address) From f2aab003216837a57220098b7f401fdf148b5282 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 8 Feb 2017 13:40:13 +0100 Subject: [PATCH 2334/2538] Add bash completion for `docker plugin upgrade` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8d306437ca..b60a4c9fa5 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3457,6 +3457,7 @@ _docker_plugin() { push rm set + upgrade " local aliases=" list @@ -3634,6 +3635,25 @@ _docker_plugin_set() { esac } +_docker_plugin_upgrade() { + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--disable-content-trust --grant-all-permissions --help --skip-remote-check" -- "$cur" ) ) + ;; + *) + local counter=$(__docker_pos_first_nonflag) + if [ $cword -eq $counter ]; then + __docker_complete_plugins_installed + __ltrim_colon_completions "$cur" + elif [ $cword -eq $((counter + 1)) ]; then + local plugin_images="$(__docker_plugins_installed)" + COMPREPLY=( $(compgen -S : -W "${plugin_images%:*}" -- "$cur") ) + __docker_nospace + fi + ;; + esac +} + _docker_port() { _docker_container_port From e6a4e7507ccf758ecde6f461cf3e546c15f20a2a Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 13 Feb 2017 11:01:54 -0800 Subject: [PATCH 2335/2538] Convert script shebangs from "#!/bin/bash" to "#!/usr/bin/env bash" This is especially important for distributions like NixOS where `/bin/bash` doesn't exist, or for MacOS users who've installed a newer version of Bash than the one that comes with their OS. Signed-off-by: Andrew "Tianon" Page --- contrib/completion/bash/docker | 2 +- docs/reference/builder.md | 2 +- man/generate.sh | 2 +- man/md2man-all.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b60a4c9fa5..644f811ec4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # bash completion file for core docker commands # diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 8dfc4d1fb9..8c39b512c8 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1029,7 +1029,7 @@ the final executable receives the Unix signals by using `exec` and `gosu` commands: ```bash -#!/bin/bash +#!/usr/bin/env bash set -e if [ "$1" = 'postgres' ]; then diff --git a/man/generate.sh b/man/generate.sh index c97edb440d..905b2d7baf 100755 --- a/man/generate.sh +++ b/man/generate.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # # Generate man pages for docker/docker # diff --git a/man/md2man-all.sh b/man/md2man-all.sh index 97c65c93bc..46c7b8f08e 100755 --- a/man/md2man-all.sh +++ b/man/md2man-all.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e # get into this script's directory From 8691d0dd686e0dc622dc906149d1e5dbc0e99d4c Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Tue, 24 Jan 2017 09:00:31 +0100 Subject: [PATCH 2336/2538] Add cache invalidation in zsh completion when the DOCKER_HIDE_LEGACY_COMMANDS envvar changes Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index d1d0c16046..7e059ae3f8 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2344,14 +2344,28 @@ __docker_caching_policy() { __docker_commands() { local cache_policy + integer force_invalidation=0 zstyle -s ":completion:${curcontext}:" cache-policy cache_policy if [[ -z "$cache_policy" ]]; then zstyle ":completion:${curcontext}:" cache-policy __docker_caching_policy fi - if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands) \ - && ! _retrieve_cache docker_subcommands; + if ( (( ! ${+_docker_hide_legacy_commands} )) || _cache_invalid docker_hide_legacy_commands ) \ + && ! _retrieve_cache docker_hide_legacy_commands; + then + _docker_hide_legacy_commands="${DOCKER_HIDE_LEGACY_COMMANDS}" + _store_cache docker_hide_legacy_commands _docker_hide_legacy_commands + fi + + if [[ "${_docker_hide_legacy_commands}" != "${DOCKER_HIDE_LEGACY_COMMANDS}" ]]; then + force_invalidation=1 + _docker_hide_legacy_commands="${DOCKER_HIDE_LEGACY_COMMANDS}" + _store_cache docker_hide_legacy_commands _docker_hide_legacy_commands + fi + + if ( [[ ${+_docker_subcommands} -eq 0 ]] || _cache_invalid docker_subcommands ) \ + && ! _retrieve_cache docker_subcommands || [[ ${force_invalidation} -eq 1 ]]; then local -a lines lines=(${(f)"$(_call_program commands docker 2>&1)"}) From a93d410af76ef3401b43d4f41edc43d9c3ecf97b Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 8 Feb 2017 08:08:43 +0100 Subject: [PATCH 2337/2538] Fix useless trailing backslash in zsh completion Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 7e059ae3f8..03a6b1c188 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -562,7 +562,7 @@ __docker_container_subcommand() { "($help)*--group=[Set one or more supplementary user groups for the container]:group:_groups" "($help -h --hostname)"{-h=,--hostname=}"[Container host name]:hostname:_hosts" "($help -i --interactive)"{-i,--interactive}"[Keep stdin open even if not attached]" - "($help)--init[Run an init inside the container that forwards signals and reaps processes]" \ + "($help)--init[Run an init inside the container that forwards signals and reaps processes]" "($help)--ip=[IPv4 address]:IPv4: " "($help)--ip6=[IPv6 address]:IPv6: " "($help)--ipc=[IPC namespace to use]:IPC namespace: " From d5c236ca2079bc7cc6a02d02eec52232d3ca04fa Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 20:52:15 +0100 Subject: [PATCH 2338/2538] Add zsh completion for missing 'docker plugin' commands and options Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 48 ++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 03a6b1c188..2c760d21d8 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1511,6 +1511,7 @@ __docker_plugin_commands() { "push:Push a plugin" "rm:Remove a plugin" "set:Change settings for a plugin" + "upgrade:Upgrade an existing plugin" ) _describe -t docker-plugin-commands "docker plugin command" _docker_plugin_subcommands } @@ -1523,22 +1524,65 @@ __docker_plugin_subcommand() { opts_help=("(: -)--help[Print usage]") case "$words[1]" in - (disable|enable|inspect|ls|push|rm) + (disable) _arguments $(__docker_arguments) \ $opts_help \ + "($help -f --force)"{-f,--force}"[Force the disable of an active plugin]" \ "($help -)1:plugin:__docker_complete_plugins" && ret=0 ;; + (enable) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--timeout=[HTTP client timeout (in seconds)]:timeout: " \ + "($help -)1:plugin:__docker_complete_plugins" && ret=0 + ;; + (inspect) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --format)"{-f=,--format=}"[Format the output using the given Go template]:template: " \ + "($help -)*:plugin:__docker_complete_plugins" && ret=0 + ;; (install) _arguments $(__docker_arguments) \ $opts_help \ "($help)--alias=[Local name for plugin]:alias: " \ + "($help)--disable[Do not enable the plugin on install]" \ + "($help)--disable-content-trust[Skip image verification (default true)]" \ + "($help)--grant-all-permissions[Grant all permissions necessary to run the plugin]" \ + "($help -)1:plugin:__docker_complete_plugins" \ + "($help -)*:key=value: " && ret=0 + ;; + (ls|list) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--no-trunc[Don't truncate output]" && ret=0 + ;; + (push) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--disable-content-trust[Skip image verification (default true)]" \ "($help -)1:plugin:__docker_complete_plugins" && ret=0 ;; + (rm|remove) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -f --force)"{-f,--force}"[Force the removal of an active plugin]" \ + "($help -)*:plugin:__docker_complete_plugins" && ret=0 + ;; (set) _arguments $(__docker_arguments) \ $opts_help \ "($help -)1:plugin:__docker_complete_plugins" \ - "($help-)*:key=value: " && ret=0 + "($help -)*:key=value: " && ret=0 + ;; + (upgrade) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--disable-content-trust[Skip image verification (default true)]" \ + "($help)--grant-all-permissions[Grant all permissions necessary to run the plugin]" \ + "($help)--skip-remote-check[Do not check if specified remote plugin matches existing plugin image]" \ + "($help -)1:plugin:__docker_complete_plugins" \ + "($help -):remote: " && ret=0 ;; (help) _arguments $(__docker_arguments) ":subcommand:__docker_plugin_commands" && ret=0 From 6108385baad0c02aa978314f943a322c9fc78ce9 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 20:03:39 +0100 Subject: [PATCH 2339/2538] Add zsh completion for 'docker checkpoint' commands Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 68 ++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 2c760d21d8..3f6a049049 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -494,6 +494,57 @@ __docker_complete_prune_filters() { return ret } +# BO checkpoint + +__docker_checkpoint_commands() { + local -a _docker_checkpoint_subcommands + _docker_checkpoint_subcommands=( + "create:Create a checkpoint from a running container" + "ls:List checkpoints for a container" + "rm:Remove a checkpoint" + ) + _describe -t docker-checkpoint-commands "docker checkpoint command" _docker_checkpoint_subcommands +} + +__docker_checkpoint_subcommand() { + local -a _command_args opts_help + local expl help="--help" + integer ret=1 + + opts_help=("(: -)--help[Print usage]") + + case "$words[1]" in + (create) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--checkpoint-dir=[Use a custom checkpoint storage directory]:dir:_directories" \ + "($help)--leave-running[Leave the container running after checkpoint]" \ + "($help -)1:container:__docker_complete_running_containers" \ + "($help -)2:checkpoint: " && ret=0 + ;; + (ls|list) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--checkpoint-dir=[Use a custom checkpoint storage directory]:dir:_directories" \ + "($help -)1:container:__docker_complete_containers" && ret=0 + ;; + (rm|remove) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--checkpoint-dir=[Use a custom checkpoint storage directory]:dir:_directories" \ + "($help -)1:container:__docker_complete_containers" \ + "($help -)2:checkpoint: " && ret=0 + ;; + (help) + _arguments $(__docker_arguments) ":subcommand:__docker_checkpoint_commands" && ret=0 + ;; + esac + + return ret +} + +# EO checkpoint + # BO container __docker_container_commands() { @@ -2434,6 +2485,23 @@ __docker_subcommand() { (build|history|import|load|pull|push|save|tag) __docker_image_subcommand && ret=0 ;; + (checkpoint) + local curcontext="$curcontext" state + _arguments $(__docker_arguments) \ + $opts_help \ + "($help -): :->command" \ + "($help -)*:: :->option-or-argument" && ret=0 + + case $state in + (command) + __docker_checkpoint_commands && ret=0 + ;; + (option-or-argument) + curcontext=${curcontext%:*:*}:docker-${words[-1]}: + __docker_checkpoint_subcommand && ret=0 + ;; + esac + ;; (container) local curcontext="$curcontext" state _arguments $(__docker_arguments) \ From 924aff0cd4040a4c75d59db0c23b08361102779a Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 17:54:34 +0100 Subject: [PATCH 2340/2538] Add zsh completion for 'docker service logs' command Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3f6a049049..fba8cfcf98 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1859,6 +1859,7 @@ __docker_service_commands() { _docker_service_subcommands=( "create:Create a new service" "inspect:Display detailed information on one or more services" + "logs:Fetch the logs of a service" "ls:List services" "rm:Remove one or more services" "scale:Scale one or multiple replicated services" @@ -1937,6 +1938,17 @@ __docker_service_subcommand() { "($help)--pretty[Print the information in a human friendly format]" \ "($help -)*:service:__docker_complete_services" && ret=0 ;; + (logs) + _arguments $(__docker_arguments) \ + $opts_help \ + "($help)--details[Show extra details provided to logs]" \ + "($help -f --follow)"{-f,--follow}"[Follow log output]" \ + "($help)--no-resolve[Do not map IDs to Names]" \ + "($help)--since=[Show logs since timestamp]:timestamp: " \ + "($help)--tail=[Number of lines to show from the end of the logs]:lines:(1 10 20 50 all)" \ + "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \ + "($help -)1:service:__docker_complete_services" && ret=0 + ;; (ls|list) _arguments $(__docker_arguments) \ $opts_help \ From f004bb9cf91daa0488d4f20a76771411a515b753 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 9 Feb 2017 14:41:50 +0100 Subject: [PATCH 2341/2538] Fix bash completion for `start --checkpoint` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 644f811ec4..9ccb2c0f0e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1752,12 +1752,12 @@ _docker_container_start() { case "$prev" in --checkpoint) - if [ __docker_is_experimental ] ; then + if [ __docker_daemon_is_experimental ] ; then return fi ;; --checkpoint-dir) - if [ __docker_is_experimental ] ; then + if [ __docker_daemon_is_experimental ] ; then _filedir -d return fi @@ -1767,7 +1767,7 @@ _docker_container_start() { case "$cur" in -*) local options="--attach -a --detach-keys --help --interactive -i" - __docker_is_experimental && options+=" --checkpoint --checkpoint-dir" + __docker_daemon_is_experimental && options+=" --checkpoint --checkpoint-dir" COMPREPLY=( $( compgen -W "$options" -- "$cur" ) ) ;; *) From ab7522c939d6684691f1d09898c7adda7244decb Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Fri, 10 Feb 2017 14:08:36 -0800 Subject: [PATCH 2342/2538] Add plugin socket related debug docs. Signed-off-by: Anusha Ragunathan --- docs/extend/index.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/extend/index.md b/docs/extend/index.md index a2aa208d6b..2b0cbeec2e 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -289,3 +289,28 @@ follows: $ docker-runc exec -t f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b860ff62 sh ``` +#### Using curl to debug plugin socket issues. + +To verify if the plugin API socket that the docker daemon communicates with +is responsive, use curl. In this example, we will make API calls from the +docker host to volume and network plugins using curl 7.47.0 to ensure that +the plugin is listening on the said socket. For a well functioning plugin, +these basic requests should work. Note that plugin sockets are available on the host under `/var/run/docker/plugins/` + + +```bash +curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/e8a37ba56fc879c991f7d7921901723c64df6b42b87e6a0b055771ecf8477a6d/plugin.sock http:/VolumeDriver.List + +{"Mountpoint":"","Err":"","Volumes":[{"Name":"myvol1","Mountpoint":"/data/myvol1"},{"Name":"myvol2","Mountpoint":"/data/myvol2"}],"Volume":null} +``` + +```bash +curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/docker/plugins/45e00a7ce6185d6e365904c8bcf62eb724b1fe307e0d4e7ecc9f6c1eb7bcdb70/plugin.sock http:/NetworkDriver.GetCapabilities + +{"Scope":"local"} +``` +When using curl 7.5 and above, the URL should be of the form +`http://hostname/APICall`, where `hostname` is the valid hostname where the +plugin is installed and `APICall` is the call to the plugin API. + +For example, `http://localhost/VolumeDriver.List` From 38ac6860eb59b2e2d044a51c149a4ea5bae3d96b Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Fri, 27 Jan 2017 16:51:44 -0800 Subject: [PATCH 2343/2538] Update plugin_volume apidocs for v2 Signed-off-by: Misty Stanley-Jones --- docs/extend/plugins_volume.md | 252 ++++++++++++++++++++++------------ 1 file changed, 168 insertions(+), 84 deletions(-) diff --git a/docs/extend/plugins_volume.md b/docs/extend/plugins_volume.md index 0a79efa022..807ab5a486 100644 --- a/docs/extend/plugins_volume.md +++ b/docs/extend/plugins_volume.md @@ -16,67 +16,86 @@ keywords: "Examples, Usage, volume, docker, data, volumes, plugin, api" # Write a volume plugin Docker Engine volume plugins enable Engine deployments to be integrated with -external storage systems, such as Amazon EBS, and enable data volumes to persist -beyond the lifetime of a single Engine host. See the +external storage systems such as Amazon EBS, and enable data volumes to persist +beyond the lifetime of a single Docker host. See the [plugin documentation](legacy_plugins.md) for more information. ## Changelog ### 1.13.0 -- If used as part of the v2 plugin architecture, mountpoints that are part of paths returned by plugin have to be mounted under the directory specified by PropagatedMount in the plugin configuration [#26398](https://github.com/docker/docker/pull/26398) +- If used as part of the v2 plugin architecture, mountpoints that are part of + paths returned by the plugin must be mounted under the directory specified by + `PropagatedMount` in the plugin configuration + ([#26398](https://github.com/docker/docker/pull/26398)) ### 1.12.0 -- Add `Status` field to `VolumeDriver.Get` response ([#21006](https://github.com/docker/docker/pull/21006#)) -- Add `VolumeDriver.Capabilities` to get capabilities of the volume driver([#22077](https://github.com/docker/docker/pull/22077)) +- Add `Status` field to `VolumeDriver.Get` response + ([#21006](https://github.com/docker/docker/pull/21006#)) +- Add `VolumeDriver.Capabilities` to get capabilities of the volume driver + ([#22077](https://github.com/docker/docker/pull/22077)) ### 1.10.0 -- Add `VolumeDriver.Get` which gets the details about the volume ([#16534](https://github.com/docker/docker/pull/16534)) -- Add `VolumeDriver.List` which lists all volumes owned by the driver ([#16534](https://github.com/docker/docker/pull/16534)) +- Add `VolumeDriver.Get` which gets the details about the volume + ([#16534](https://github.com/docker/docker/pull/16534)) +- Add `VolumeDriver.List` which lists all volumes owned by the driver + ([#16534](https://github.com/docker/docker/pull/16534)) ### 1.8.0 -- Initial support for volume driver plugins ([#14659](https://github.com/docker/docker/pull/14659)) +- Initial support for volume driver plugins + ([#14659](https://github.com/docker/docker/pull/14659)) ## Command-line changes -A volume plugin makes use of the `-v`and `--volume-driver` flag on the `docker run` command. The `-v` flag accepts a volume name and the `--volume-driver` flag a driver type, for example: +To give a container access to a volume, use the `--volume` and `--volume-driver` +flags on the `docker container run` command. The `--volume` (or `-v`) flag +accepts a volume name and path on the host, and the `--volume-driver` flag +accepts a driver type. - $ docker run -ti -v volumename:/data --volume-driver=flocker busybox sh +```bash +$ docker volume create --driver=flocker volumename -This command passes the `volumename` through to the volume plugin as a -user-given name for the volume. The `volumename` must not begin with a `/`. +$ docker container run -it --volume volumename:/data busybox sh +``` -By having the user specify a `volumename`, a plugin can associate the volume -with an external volume beyond the lifetime of a single container or container -host. This can be used, for example, to move a stateful container from one -server to another. +### `--volume` -By specifying a `volumedriver` in conjunction with a `volumename`, users can use plugins such as [Flocker](https://clusterhq.com/docker-plugin/) to manage volumes external to a single host, such as those on EBS. +The `--volume` (or `-v`) flag takes a value that is in the format +`:`. The two parts of the value are +separated by a colon (`:`) character. +- The volume name is a human-readable name for the volume, and cannot begin with + a `/` character. It is referred to as `volume_name` in the rest of this topic. +- The `Mountpoint` is the path on the host (v1) or in the plugin (v2) where the + volume has been made available. + +### `volumedriver` + +Specifying a `volumedriver` in conjunction with a `volumename` allows you to +use plugins such as [Flocker](https://github.com/ScatterHQ/flocker) to manage +volumes external to a single host, such as those on EBS. ## Create a VolumeDriver The container creation endpoint (`/containers/create`) accepts a `VolumeDriver` -field of type `string` allowing to specify the name of the driver. It's default -value of `"local"` (the default driver for local volumes). +field of type `string` allowing to specify the name of the driver. If not +specified, it defaults to `"local"` (the default driver for local volumes). ## Volume plugin protocol -If a plugin registers itself as a `VolumeDriver` when activated, then it is -expected to provide writeable paths on the host filesystem for the Docker -daemon to provide to containers to consume. - -The Docker daemon handles bind-mounting the provided paths into user -containers. +If a plugin registers itself as a `VolumeDriver` when activated, it must +provide the Docker Daemon with writeable paths on the host filesystem. The Docker +daemon provides these paths to containers to consume. The Docker daemon makes +the volumes available by bind-mounting the provided paths into the containers. > **Note**: Volume plugins should *not* write data to the `/var/lib/docker/` > directory, including `/var/lib/docker/volumes`. The `/var/lib/docker/` > directory is reserved for Docker. -### /VolumeDriver.Create +### `/VolumeDriver.Create` **Request**: ```json @@ -87,9 +106,9 @@ containers. ``` Instruct the plugin that the user wants to create a volume, given a user -specified volume name. The plugin does not need to actually manifest the -volume on the filesystem yet (until Mount is called). -Opts is a map of driver specific options passed through from the user request. +specified volume name. The plugin does not need to actually manifest the +volume on the filesystem yet (until `Mount` is called). +`Opts` is a map of driver specific options passed through from the user request. **Response**: ```json @@ -100,7 +119,7 @@ Opts is a map of driver specific options passed through from the user request. Respond with a string error if an error occurred. -### /VolumeDriver.Remove +### `/VolumeDriver.Remove` **Request**: ```json @@ -109,7 +128,8 @@ Respond with a string error if an error occurred. } ``` -Delete the specified volume from disk. This request is issued when a user invokes `docker rm -v` to remove volumes associated with a container. +Delete the specified volume from disk. This request is issued when a user +invokes `docker rm -v` to remove volumes associated with a container. **Response**: ```json @@ -120,7 +140,7 @@ Delete the specified volume from disk. This request is issued when a user invoke Respond with a string error if an error occurred. -### /VolumeDriver.Mount +### `/VolumeDriver.Mount` **Request**: ```json @@ -131,47 +151,76 @@ Respond with a string error if an error occurred. ``` Docker requires the plugin to provide a volume, given a user specified volume -name. This is called once per container start. If the same volume_name is requested +name. `Mount` is called once per container start. If the same `volume_name` is requested more than once, the plugin may need to keep track of each new mount request and provision at the first mount request and deprovision at the last corresponding unmount request. `ID` is a unique ID for the caller that is requesting the mount. **Response**: -```json -{ - "Mountpoint": "/path/to/directory/on/host", - "Err": "" -} -``` -Respond with the path on the host filesystem where the volume has been made -available, and/or a string error if an error occurred. +- **v1**: -### /VolumeDriver.Path + ```json + { + "Mountpoint": "/path/to/directory/on/host", + "Err": "" + } + ``` + +- **v2**: + + ```json + { + "Mountpoint": "/path/under/PropagatedMount", + "Err": "" + } + ``` + +`Mountpoint` is the path on the host (v1) or in the plugin (v2) where the volume +has been made available. + +`Err` is either empty or contains an error string. + +### `/VolumeDriver.Path` **Request**: + ```json { "Name": "volume_name" } ``` -Docker needs reminding of the path to the volume on the host. +Request the path to the volume with the given `volume_name`. **Response**: -```json -{ - "Mountpoint": "/path/to/directory/on/host", - "Err": "" -} -``` -Respond with the path on the host filesystem where the volume has been made -available, and/or a string error if an error occurred. `Mountpoint` is optional, -however, the plugin may be queried again later if one is not provided. +- **v1**: -### /VolumeDriver.Unmount + ```json + { + "Mountpoin": "/path/to/directory/on/host", + "Err": "" + } + ``` + +- **v2**: + + ```json + { + "Mountpoint": "/path/under/PropagatedMount", + "Err": "" + } + ``` + +Respond with the path on the host (v1) or inside the plugin (v2) where the +volume has been made available, and/or a string error if an error occurred. + +`Mountpoint` is optional. However, the plugin may be queried again later if one +is not provided. + +### `/VolumeDriver.Unmount` **Request**: ```json @@ -181,8 +230,8 @@ however, the plugin may be queried again later if one is not provided. } ``` -Indication that Docker no longer is using the named volume. This is called once -per container stop. Plugin may deduce that it is safe to deprovision it at +Docker is no longer using the named volume. `Unmount` is called once per +container stop. Plugin may deduce that it is safe to deprovision the volume at this point. `ID` is a unique ID for the caller that is requesting the mount. @@ -197,7 +246,7 @@ this point. Respond with a string error if an error occurred. -### /VolumeDriver.Get +### `/VolumeDriver.Get` **Request**: ```json @@ -206,20 +255,36 @@ Respond with a string error if an error occurred. } ``` -Get the volume info. +Get info about `volume_name`. **Response**: -```json -{ - "Volume": { - "Name": "volume_name", - "Mountpoint": "/path/to/directory/on/host", - "Status": {} - }, - "Err": "" -} -``` + +- **v1**: + + ```json + { + "Volume": { + "Name": "volume_name", + "Mountpoint": "/path/to/directory/on/host", + "Status": {} + }, + "Err": "" + } + ``` + +- **v2**: + + ```json + { + "Volume": { + "Name": "volume_name", + "Mountpoint": "/path/under/PropagatedMount", + "Status": {} + }, + "Err": "" + } + ``` Respond with a string error if an error occurred. `Mountpoint` and `Status` are optional. @@ -235,17 +300,35 @@ optional. Get the list of volumes registered with the plugin. **Response**: -```json -{ - "Volumes": [ - { - "Name": "volume_name", - "Mountpoint": "/path/to/directory/on/host" - } - ], - "Err": "" -} -``` + +- **v1**: + + ```json + { + "Volumes": [ + { + "Name": "volume_name", + "Mountpoint": "/path/to/directory/on/host" + } + ], + "Err": "" + } + ``` + +- **v2**: + + ```json + { + "Volumes": [ + { + "Name": "volume_name", + "Mountpoint": "/path/under/PropagatedMount" + } + ], + "Err": "" + } + ``` + Respond with a string error if an error occurred. `Mountpoint` is optional. @@ -257,8 +340,9 @@ Respond with a string error if an error occurred. `Mountpoint` is optional. ``` Get the list of capabilities the driver supports. -The driver is not required to implement this endpoint, however, in such cases -the default values will be taken. + +The driver is not required to implement `Capabilities`. If it is not +implemented, the default values are used. **Response**: ```json @@ -270,7 +354,7 @@ the default values will be taken. ``` Supported scopes are `global` and `local`. Any other value in `Scope` will be -ignored and assumed to be `local`. Scope allows cluster managers to handle the -volume differently, for instance with a scope of `global`, the cluster manager -knows it only needs to create the volume once instead of on every engine. More -capabilities may be added in the future. +ignored, and `local` is used. `Scope` allows cluster managers to handle the +volume in different ways. For instance, a scope of `global`, signals to the +cluster manager that it only needs to create the volume once instead of on each +Docker host. More capabilities may be added in the future. From 8c14c4f001c7ad80d55ae50501530001a729a999 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 12 Feb 2017 21:05:22 +0100 Subject: [PATCH 2344/2538] Add zsh completion for docker log options 'max-buffer-size|mode' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index fba8cfcf98..20af1d0095 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -221,17 +221,18 @@ __docker_get_log_options() { integer ret=1 local log_driver=${opt_args[--log-driver]:-"all"} - local -a awslogs_options fluentd_options gelf_options journald_options json_file_options logentries_options syslog_options splunk_options + local -a common_options awslogs_options fluentd_options gelf_options journald_options json_file_options logentries_options syslog_options splunk_options - awslogs_options=("awslogs-region" "awslogs-group" "awslogs-stream" "awslogs-create-group") - fluentd_options=("env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag") - gcplogs_options=("env" "gcp-log-cmd" "gcp-project" "labels") - gelf_options=("env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag") - journald_options=("env" "labels" "tag") - json_file_options=("env" "labels" "max-file" "max-size") - logentries_options=("logentries-token") - syslog_options=("env" "labels" "syslog-address" "syslog-facility" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "tag") - splunk_options=("env" "labels" "splunk-caname" "splunk-capath" "splunk-format" "splunk-gzip" "splunk-gzip-level" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "splunk-verify-connection" "tag") + common_options=("max-buffer-size" "mode") + awslogs_options=($common_options "awslogs-region" "awslogs-group" "awslogs-stream" "awslogs-create-group") + fluentd_options=($common_options "env" "fluentd-address" "fluentd-async-connect" "fluentd-buffer-limit" "fluentd-retry-wait" "fluentd-max-retries" "labels" "tag") + gcplogs_options=($common_options "env" "gcp-log-cmd" "gcp-project" "labels") + gelf_options=($common_options "env" "gelf-address" "gelf-compression-level" "gelf-compression-type" "labels" "tag") + journald_options=($common_options "env" "labels" "tag") + json_file_options=($common_options "env" "labels" "max-file" "max-size") + logentries_options=($common_options "logentries-token") + syslog_options=($common_options "env" "labels" "syslog-address" "syslog-facility" "syslog-format" "syslog-tls-ca-cert" "syslog-tls-cert" "syslog-tls-key" "syslog-tls-skip-verify" "tag") + splunk_options=($common_options "env" "labels" "splunk-caname" "splunk-capath" "splunk-format" "splunk-gzip" "splunk-gzip-level" "splunk-index" "splunk-insecureskipverify" "splunk-source" "splunk-sourcetype" "splunk-token" "splunk-url" "splunk-verify-connection" "tag") [[ $log_driver = (awslogs|all) ]] && _describe -t awslogs-options "awslogs options" awslogs_options "$@" && ret=0 [[ $log_driver = (fluentd|all) ]] && _describe -t fluentd-options "fluentd options" fluentd_options "$@" && ret=0 @@ -261,8 +262,12 @@ __docker_complete_log_options() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in (syslog-format) - syslog_format_opts=('rfc3164' 'rfc5424' 'rfc5424micro') - _describe -t syslog-format-opts "Syslog format Options" syslog_format_opts && ret=0 + local opts=('rfc3164' 'rfc5424' 'rfc5424micro') + _describe -t syslog-format-opts "syslog format options" opts && ret=0 + ;; + (mode) + local opts=('blocking' 'non-blocking') + _describe -t mode-opts "mode options" opts && ret=0 ;; *) _message 'value' && ret=0 From f36bcf1acd86913cf6e0b64b0b5be659bae54096 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Tue, 14 Feb 2017 16:40:15 -0800 Subject: [PATCH 2345/2538] Fix some Liquid errors Signed-off-by: Misty Stanley-Jones --- docs/deprecated.md | 6 +++++- docs/extend/index.md | 26 ++++++++++++++------------ docs/extend/plugins_graphdriver.md | 4 ++++ 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index a88e398079..9d3da96322 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -183,7 +183,11 @@ Log tags are now generated in a standard way across different logging drivers. Because of which, the driver specific log tag options `syslog-tag`, `gelf-tag` and `fluentd-tag` have been deprecated in favor of the generic `tag` option. - docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" +```bash +{% raw %} +docker --log-driver=syslog --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" +{% endraw %} +``` ### LXC built-in exec driver **Deprecated In Release: [v1.8.0](https://github.com/docker/docker/releases/tag/v1.8.0)** diff --git a/docs/extend/index.md b/docs/extend/index.md index 2b0cbeec2e..99e02a8bab 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -20,7 +20,7 @@ title: Managed plugin system * [Debugging plugins](index.md#debugging-plugins) Docker Engine's plugins system allows you to install, start, stop, and remove -plugins using Docker Engine. +plugins using Docker Engine. For information about the legacy plugin system available in Docker Engine 1.12 and earlier, see [Understand legacy Docker Engine plugins](legacy_plugins.md). @@ -78,7 +78,7 @@ enabled, and use it to create a volume. 3. Create a volume using the plugin. This example mounts the `/remote` directory on host `1.2.3.4` into a volume named `sshvolume`. - + This volume can now be mounted into containers. ```bash @@ -110,7 +110,7 @@ enabled, and use it to create a volume. 6. Remove the volume `sshvolume` ```bash docker volume rm sshvolume - + sshvolume ``` To disable a plugin, use the `docker plugin disable` command. To completely @@ -122,10 +122,10 @@ commands and options, see the In swarm mode, it is possible to create a service that allows for attaching to networks or mounting volumes. Swarm schedules services based on plugin availability -on a node. In this example, a volume plugin is installed on a swarm worker and a volume +on a node. In this example, a volume plugin is installed on a swarm worker and a volume is created using the plugin. In the manager, a service is created with the relevant mount options. It can be observed that the service is scheduled to run on the worker -node with the said volume plugin and volume. +node with the said volume plugin and volume. In the following example, node1 is the manager and node2 is the worker. @@ -152,7 +152,7 @@ In the following example, node1 is the manager and node2 is the worker. Status: Downloaded newer image for tiborvass/sample-volume-plugin:latest Installed plugin tiborvass/sample-volume-plugin ``` - + ```bash $ docker volume create -d tiborvass/sample-volume-plugin --name pluginVol ``` @@ -163,15 +163,17 @@ In the following example, node1 is the manager and node2 is the worker. $ docker service create --name my-service --mount type=volume,volume-driver=tiborvass/sample-volume-plugin,source=pluginVol,destination=/tmp busybox top $ docker service ls - z1sj8bb8jnfn my-service replicated 1/1 busybox:latest + z1sj8bb8jnfn my-service replicated 1/1 busybox:latest ``` docker service ls shows service 1 instance of service running. 4. Observe the task getting scheduled in node 2: ```bash - $ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}' + {% raw %} + $ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}' 83fc1e842599 Up 2 days my-service.1.9jn59qzn7nbc3m0zt1hij12xs "top" + {% endraw %} ``` ## Developing a plugin @@ -228,7 +230,7 @@ with Docker Engine. This plugin has no runtime parameters. A new plugin can be created by running `docker plugin create ./path/to/plugin/data` where the plugin data contains a plugin configuration file `config.json` and a root filesystem -in subdirectory `rootfs`. +in subdirectory `rootfs`. After that the plugin `` will show up in `docker plugin ls`. Plugins can be pushed to remote registries with @@ -292,7 +294,7 @@ $ docker-runc exec -t f52a3df433b9aceee436eaada0752f5797aab1de47e5485f1690a073b8 #### Using curl to debug plugin socket issues. To verify if the plugin API socket that the docker daemon communicates with -is responsive, use curl. In this example, we will make API calls from the +is responsive, use curl. In this example, we will make API calls from the docker host to volume and network plugins using curl 7.47.0 to ensure that the plugin is listening on the said socket. For a well functioning plugin, these basic requests should work. Note that plugin sockets are available on the host under `/var/run/docker/plugins/` @@ -309,8 +311,8 @@ curl -H "Content-Type: application/json" -XPOST -d '{}' --unix-socket /var/run/d {"Scope":"local"} ``` -When using curl 7.5 and above, the URL should be of the form -`http://hostname/APICall`, where `hostname` is the valid hostname where the +When using curl 7.5 and above, the URL should be of the form +`http://hostname/APICall`, where `hostname` is the valid hostname where the plugin is installed and `APICall` is the call to the plugin API. For example, `http://localhost/VolumeDriver.List` diff --git a/docs/extend/plugins_graphdriver.md b/docs/extend/plugins_graphdriver.md index e30632692f..74caa938f8 100644 --- a/docs/extend/plugins_graphdriver.md +++ b/docs/extend/plugins_graphdriver.md @@ -287,7 +287,9 @@ and `Parent`. `Parent` may be an empty string, in which case there is no parent. **Response**: ``` +{% raw %} {{ TAR STREAM }} +{% endraw %} ``` ### /GraphDriver.Changes @@ -330,7 +332,9 @@ Respond with a non-empty string error if an error occurred. **Request**: ``` +{% raw %} {{ TAR STREAM }} +{% endraw %} ``` Extract the changeset from the given diff into the layer with the specified `ID` From dd6886657dc1eabe1065a8b8084c78dc97e50e42 Mon Sep 17 00:00:00 2001 From: Kenfe-Mickael Laventure Date: Thu, 2 Feb 2017 07:31:17 -0800 Subject: [PATCH 2346/2538] Add example for --device-cgroup-rule to create reference Signed-off-by: Kenfe-Mickael Laventure --- docs/reference/commandline/create.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 844b7228a8..3540f6789c 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -233,3 +233,26 @@ daemon is running on Windows server, or `hyperv` if running on Windows client. | `hyperv` | Hyper-V hypervisor partition-based isolation. | Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. + +### Dealing with dynamically created devices (--device-cgroup-rule) + +Devices available to a container are assigned at creation time. The +assigned devices will both be added to the cgroup.allow file and +created into the container once it is run. This poses a problem when +a new device needs to be added to running container. + +One of the solution is to add a more permissive rule to a container +allowing it access to a wider range of devices. For example, supposing +our container needs access to a character device with major `42` and +any number of minor number (added as new devices appear), the +following rule would be added: + +``` +docker create --device-cgroup-rule='c 42:* rmw' -name my-container my-image +``` + +Then, a user could ask `udev` to execute a script that would `docker exec my-container mknod newDevX c 42 ` +the required device when it is added. + +NOTE: initially present devices still need to be explicitely added to +the create/run command From 8279870a1f807579e051069b7472307a2cfd005d Mon Sep 17 00:00:00 2001 From: "Aaron.L.Xu" Date: Thu, 16 Feb 2017 23:56:53 +0800 Subject: [PATCH 2347/2538] why there are so many mistakes in our repo (up to /cmd) Signed-off-by: Aaron.L.Xu --- man/docker-run.1.md | 2 +- man/dockerd.8.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 804aa1309f..4d35b1ec40 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -679,7 +679,7 @@ Use `df ` to figure out the source mount and then use `findmnt -o TARGET,PROPAGATION ` to figure out propagation properties of source mount. If `findmnt` utility is not available, then one can look at mount entry for source mount point in `/proc/self/mountinfo`. Look -at `optional fields` and see if any propagaion properties are specified. +at `optional fields` and see if any propagation properties are specified. `shared:X` means mount is `shared`, `master:X` means mount is `slave` and if nothing is there that means mount is `private`. diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 24cec7fa98..56408089d4 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -653,7 +653,7 @@ Example use: `dockerd -s zfs --storage-opt zfs.fsname=zroot/docker` #### btrfs.min_space -Specifies the mininum size to use when creating the subvolume which is used for +Specifies the minimum size to use when creating the subvolume which is used for containers. If user uses disk quota for btrfs when creating or running a container with **--storage-opt size** option, docker should ensure the **size** cannot be smaller than **btrfs.min_space**. From 1328bb444012b6ae2333e33075a19ab3a98bbaf6 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 6 Nov 2016 21:54:40 -0800 Subject: [PATCH 2348/2538] Add `--format` to `docker service ps` This fix tries to address the issue raised in 27189 where it is not possible to support configured formatting stored in config.json. Since `--format` was not supported in `docker service ps`, the flag `--format` has also been added in this fix. This fix 1. Add `--format` to `docker service ps` 2. Add `tasksFormat` to config.json 3. Add `--format` to `docker stack ps` 4. Add `--format` to `docker node ps` The related docs has been updated. An integration test has been added. This fix fixes 27189. Signed-off-by: Yong Tang --- docs/reference/commandline/node_ps.md | 41 +++++++++++++++++++++--- docs/reference/commandline/service_ps.md | 33 +++++++++++++++++++ docs/reference/commandline/stack_ps.md | 2 ++ 3 files changed, 72 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index e2e1418287..76bf381e3d 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -22,10 +22,12 @@ Usage: docker node ps [OPTIONS] [NODE...] List tasks running on one or more nodes, defaults to current node. Options: - -f, --filter value Filter output based on conditions provided - --help Print usage - --no-resolve Do not map IDs to Names - --no-trunc Do not truncate output + -f, --filter filter Filter output based on conditions provided + --format string Pretty-print tasks using a Go template + --help Print usage + --no-resolve Do not map IDs to Names + --no-trunc Do not truncate output + -q, --quiet Only display task IDs ``` ## Description @@ -105,6 +107,37 @@ redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running R The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. +### Formatting + +The formatting options (`--format`) pretty-prints tasks output +using a Go template. + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +----------------|------------------------------------------------------------------------------------------ +`.Name` | Task name +`.Image` | Task image +`.Node` | Node ID +`.DesiredState` | Desired state of the task (`running`, `shutdown`, and `accepted`) +`.CurrentState` | Current state of the task +`.Error` | Error +`.Ports` | Task published ports + +When using the `--format` option, the `node ps` command will either +output the data exactly as the template declares or, when using the +`table` directive, includes column headers as well. + +The following example uses a template without headers and outputs the +`ID` and `Driver` entries separated by a colon for all tasks: + +```bash +$ docker node ps --format "{{.Name}}: {{.Image}}" +top.1: busybox +top.2: busybox +top.3: busybox +``` + ## Related commands * [node demote](node_demote.md) diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index e7d95a928d..43c7681314 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -23,6 +23,7 @@ List the tasks of one or more services Options: -f, --filter filter Filter output based on conditions provided + --format string Pretty-print tasks using a Go template --help Print usage --no-resolve Do not map IDs to Names --no-trunc Do not truncate output @@ -152,6 +153,38 @@ ID NAME IMAGE NODE DESIRED STATE CURRENT STATE The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. +### Formatting + +The formatting options (`--format`) pretty-prints tasks output +using a Go template. + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +----------------|------------------------------------------------------------------------------------------ +`.ID` | Task ID +`.Name` | Task name +`.Image` | Task image +`.Node` | Node ID +`.DesiredState` | Desired state of the task (`running`, `shutdown`, and `accepted`) +`.CurrentState` | Current state of the task +`.Error` | Error +`.Ports` | Task published ports + +When using the `--format` option, the `service ps` command will either +output the data exactly as the template declares or, when using the +`table` directive, includes column headers as well. + +The following example uses a template without headers and outputs the +`ID` and `Driver` entries separated by a colon for all tasks: + +```bash +$ docker service ps --format "{{.Name}}: {{.Image}}" top +top.1: busybox +top.2: busybox +top.3: busybox +``` + ## Related commands * [service create](service_create.md) diff --git a/docs/reference/commandline/stack_ps.md b/docs/reference/commandline/stack_ps.md index 9f221d8da6..eafa47c24a 100644 --- a/docs/reference/commandline/stack_ps.md +++ b/docs/reference/commandline/stack_ps.md @@ -22,9 +22,11 @@ List the tasks in the stack Options: -f, --filter filter Filter output based on conditions provided + --format string Pretty-print tasks using a Go template --help Print usage --no-resolve Do not map IDs to Names --no-trunc Do not truncate output + -q, --quiet Only display task IDs ``` ## Description From 218740abc725e7f95d4a141a20c6a0f4fff21cd9 Mon Sep 17 00:00:00 2001 From: Daniel Zhang Date: Mon, 9 Jan 2017 09:22:05 +0800 Subject: [PATCH 2349/2538] Add daemon flag to set no_new_priv as default for unprivileged containers. Signed-off-by: Daniel Zhang --- docs/reference/commandline/dockerd.md | 2 ++ docs/reference/run.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 1ebdc3b666..84f4d998ed 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -70,6 +70,7 @@ Options: --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) --metrics-addr string Set address and port to serve the metrics api (default "") --mtu int Set the containers network MTU + --no-new-privileges Disable container processes from gaining new privileges --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") --raw-logs Full timestamps without ANSI coloring @@ -1190,6 +1191,7 @@ This is a full example of the allowed configuration options on Linux: "seccomp-profile": "", "insecure-registries": [], "disable-legacy-registry": false, + "no-new-privileges": false, "default-runtime": "runc", "oom-score-adjust": -500, "runtimes": { diff --git a/docs/reference/run.md b/docs/reference/run.md index d26c625004..62275e02ac 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -630,7 +630,7 @@ with the same logic -- if the original volume was specified with a name it will --security-opt="label=level:LEVEL" : Set the label level for the container --security-opt="label=disable" : Turn off label confinement for the container --security-opt="apparmor=PROFILE" : Set the apparmor profile to be applied to the container - --security-opt="no-new-privileges" : Disable container processes from gaining new privileges + --security-opt="no-new-privileges:true|false" : Disable/enable container processes from gaining new privileges --security-opt="seccomp=unconfined" : Turn off seccomp confinement for the container --security-opt="seccomp=profile.json": White listed syscalls seccomp Json file to be used as a seccomp filter From 5140cef92af441fb4ec94452a6ce25b23bf9058d Mon Sep 17 00:00:00 2001 From: Andrew McDonnell Date: Sun, 19 Feb 2017 13:26:29 +1030 Subject: [PATCH 2350/2538] Fix whitespace error. Signed-off-by: Andrew McDonnell --- man/src/image/ls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/src/image/ls.md b/man/src/image/ls.md index 9943457bee..bb673b008c 100644 --- a/man/src/image/ls.md +++ b/man/src/image/ls.md @@ -48,7 +48,7 @@ IMAGE ID, CREATED, and SIZE. The `docker image ls` command takes an optional `[REPOSITORY[:TAG]]` argument that restricts the list to images that match the argument. If you specify -`REPOSITORY`but no `TAG`, the `docker image ls` command lists all images in the +`REPOSITORY` but no `TAG`, the `docker image ls` command lists all images in the given repository. docker image ls java From 1869390de8ce10a89907d3a57faf75b42abc501b Mon Sep 17 00:00:00 2001 From: erxian Date: Wed, 15 Feb 2017 16:04:44 +0800 Subject: [PATCH 2351/2538] add rollback explanation to docker service update command document Signed-off-by: erxian --- docs/reference/commandline/service_update.md | 45 ++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index cd51e771d7..0a3bdd2c8a 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -154,6 +154,51 @@ $ docker service update --mount-rm /somewhere myservice myservice ``` +### Rolling back to the previous version of a service + +Use the `--rollback` option to roll back to the previous version of the service. + +This will revert the service to the configuration that was in place before the most recent `docker service update` command. + +The following example updates the number of replicas for the service from 4 to 5, and then rolls back to the previous configuration. + +```bash +$ docker service update --replicas=5 web + +web + +$ docker service ls + +ID NAME MODE REPLICAS IMAGE +80bvrzp6vxf3 web replicated 0/5 nginx:alpine + +``` +Roll back the `web` service... + +```bash +$ docker service update --rollback web + +web + +$ docker service ls + +ID NAME MODE REPLICAS IMAGE +80bvrzp6vxf3 web replicated 0/4 nginx:alpine + +``` + +Other options can be combined with `--rollback` as well, for example, `--update-delay 0s` to execute the rollback without a delay between tasks: + +```bash +$ docker service update \ + --rollback \ + --update-delay 0s + web + +web + +``` + ### Add or remove secrets Use the `--secret-add` or `--secret-rm` options add or remove a service's From 6f3f9e384cb1c81802d0e8063b85d0e25bfe7629 Mon Sep 17 00:00:00 2001 From: yupengzte Date: Wed, 8 Feb 2017 16:31:16 +0800 Subject: [PATCH 2352/2538] fix the type Signed-off-by: yupengzte --- docs/reference/commandline/cli.md | 2 +- docs/reference/commandline/dockerd.md | 2 +- docs/reference/commandline/node_update.md | 4 ++-- docs/reference/commandline/service_create.md | 6 +++--- docs/reference/commandline/service_update.md | 6 +++--- docs/reference/commandline/swarm_init.md | 2 +- docs/reference/commandline/swarm_join.md | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index c00186d675..78327715ae 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -30,7 +30,7 @@ Options: -D, --debug Enable debug mode --help Print usage -H, --host value Daemon socket(s) to connect to (default []) - -l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info") + -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 84f4d998ed..e42b7340f7 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -64,7 +64,7 @@ Options: --label value Set key=value labels to the daemon (default []) --live-restore Enable live restore of docker when containers are still running (Linux only) --log-driver string Default driver for container logs (default "json-file") - -l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info") + -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --log-opt value Default log driver options for containers (default map[]) --max-concurrent-downloads int Set the max concurrent downloads for each pull (default 3) --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) diff --git a/docs/reference/commandline/node_update.md b/docs/reference/commandline/node_update.md index ba824c9494..11117c7a9b 100644 --- a/docs/reference/commandline/node_update.md +++ b/docs/reference/commandline/node_update.md @@ -21,11 +21,11 @@ Usage: docker node update [OPTIONS] NODE Update a node Options: - --availability string Availability of the node (active/pause/drain) + --availability string Availability of the node ("active"|"pause"|"drain") --help Print usage --label-add value Add or update a node label (key=value) (default []) --label-rm value Remove a node label if exists (default []) - --role string Role of the node (worker/manager) + --role string Role of the node ("worker"|"manager") ``` ## Description diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index bb99bf4b9a..6ee3bb535a 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -26,7 +26,7 @@ Options: --dns list Set custom DNS servers (default []) --dns-option list Set DNS options (default []) --dns-search list Set custom DNS search domains (default []) - --endpoint-mode string Endpoint mode (vip or dnsrr) (default "vip") + --endpoint-mode string Endpoint mode ("vip"|"dnsrr") (default "vip") -e, --env list Set environment variables (default []) --env-file list Read in a file of environment variables (default []) --group list Set one or more supplementary user groups for the container (default []) @@ -52,7 +52,7 @@ Options: --replicas uint Number of tasks --reserve-cpu decimal Reserve CPUs (default 0.000) --reserve-memory bytes Reserve Memory - --restart-condition string Restart when condition is met (none, on-failure, or any) + --restart-condition string Restart when condition is met ("none"|"on-failure"|"any") --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) --restart-max-attempts uint Maximum number of restarts before giving up --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) @@ -60,7 +60,7 @@ Options: --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) - --update-failure-action string Action on update failure (pause|continue) (default "pause") + --update-failure-action string Action on update failure ("pause"|"continue") (default "pause") --update-max-failure-ratio float Failure rate to tolerate during an update --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 0a3bdd2c8a..223ba2a51f 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -32,7 +32,7 @@ Options: --dns-rm list Remove a custom DNS server (default []) --dns-search-add list Add or update a custom DNS search domain (default []) --dns-search-rm list Remove a DNS search domain (default []) - --endpoint-mode string Endpoint mode (vip or dnsrr) (default "vip") + --endpoint-mode string Endpoint mode ("vip"|"dnsrr") (default "vip") --env-add list Add or update an environment variable (default []) --env-rm list Remove an environment variable (default []) --force Force update even if no changes require it @@ -62,7 +62,7 @@ Options: --replicas uint Number of tasks --reserve-cpu decimal Reserve CPUs (default 0.000) --reserve-memory bytes Reserve Memory - --restart-condition string Restart when condition is met (none, on-failure, or any) + --restart-condition string Restart when condition is met ("none"|"on-failure"|"any") --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) --restart-max-attempts uint Maximum number of restarts before giving up --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) @@ -72,7 +72,7 @@ Options: --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) - --update-failure-action string Action on update failure (pause|continue) (default "pause") + --update-failure-action string Action on update failure ("pause"|"continue") (default "pause") --update-max-failure-ratio float Failure rate to tolerate during an update --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 8bf0de884e..f4c6348e86 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -23,7 +23,7 @@ Initialize a swarm Options: --advertise-addr string Advertised address (format: [:port]) --autolock Enable manager autolocking (requiring an unlock key to start a stopped manager) - --availability string Availability of the node (active/pause/drain) (default "active") + --availability string Availability of the node ("active"|"pause"|"drain") (default "active") --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) --dispatcher-heartbeat duration Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s) --external-ca external-ca Specifications of one or more certificate signing endpoints diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index c7649506ff..4ee11c188b 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -22,7 +22,7 @@ Join a swarm as a node and/or manager Options: --advertise-addr string Advertised address (format: [:port]) - --availability string Availability of the node (active/pause/drain) (default "active") + --availability string Availability of the node ("active"|"pause"|"drain") (default "active") --help Print usage --listen-addr node-addr Listen address (format: [:port]) (default 0.0.0.0:2377) --token string Token for entry into the swarm From 12053f480b08544cacbeb31f73c372953130a4bb Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Wed, 15 Feb 2017 14:20:30 +0800 Subject: [PATCH 2353/2538] [Docs] Add docs for stating stopped containers This commit adds docs with example showing `docker stats` stopped containers. Signed-off-by: Zhang Wei --- docs/reference/commandline/stats.md | 13 +++++++++++++ man/src/container/stats.md | 13 ++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index 0a2428983d..88d15efe27 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -54,6 +54,19 @@ CONTAINER CPU % MEM USAGE/LIMIT MEM % fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B ``` +Running `docker stats` with customized format on all (Running and Stopped) containers. + +```bash +$ docker stats --all --format "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}" +CONTAINER ID NAME CPU % MEM USAGE / LIMIT +c9dfa83f0317f87637d5b7e67aa4223337d947215c5a9947e697e4f7d3e0f834 ecstatic_noether 0.00% 56KiB / 15.57GiB +8f92d01cf3b29b4f5fca4cd33d907e05def7af5a3684711b20a2369d211ec67f stoic_goodall 0.07% 32.86MiB / 15.57GiB +38dd23dba00f307d53d040c1d18a91361bbdcccbf592315927d56cf13d8b7343 drunk_visvesvaraya 0.00% 0B / 0B +5a8b07ec4cc52823f3cbfdb964018623c1ba307bce2c057ccdbde5f4f6990833 big_heisenberg 0.00% 0B / 0B +``` + +`drunk_visvesvaraya` and `big_heisenberg` are stopped containers in the above example. + Running `docker stats` on all running containers against a Windows daemon. ```powershell diff --git a/man/src/container/stats.md b/man/src/container/stats.md index 2904482e86..2de672ee2e 100644 --- a/man/src/container/stats.md +++ b/man/src/container/stats.md @@ -16,7 +16,7 @@ Display a live stream of one or more containers' resource usage statistics # EXAMPLES -Running `docker container stats` on all running containers +Running `docker container stats` on all running containers. $ docker container stats CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O @@ -30,3 +30,14 @@ Running `docker container stats` on multiple containers by name and id. CONTAINER CPU % MEM USAGE/LIMIT MEM % NET I/O 5acfcb1b4fd1 0.00% 115.2 MiB/1.045 GiB 11.03% 1.422 kB/648 B fervent_panini 0.02% 11.08 MiB/1.045 GiB 1.06% 648 B/648 B + +Running `docker container stats` with customized format on all (Running and Stopped) containers. + + $ docker container stats --all --format "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}" + CONTAINER ID NAME CPU % MEM USAGE / LIMIT + c9dfa83f0317f87637d5b7e67aa4223337d947215c5a9947e697e4f7d3e0f834 ecstatic_noether 0.00% 56KiB / 15.57GiB + 8f92d01cf3b29b4f5fca4cd33d907e05def7af5a3684711b20a2369d211ec67f stoic_goodall 0.07% 32.86MiB / 15.57GiB + 38dd23dba00f307d53d040c1d18a91361bbdcccbf592315927d56cf13d8b7343 drunk_visvesvaraya 0.00% 0B / 0B + 5a8b07ec4cc52823f3cbfdb964018623c1ba307bce2c057ccdbde5f4f6990833 big_heisenberg 0.00% 0B / 0B + +`drunk_visvesvaraya` and `big_heisenberg` are stopped containers in the above example. From 21f6dce0a00e72844f30237769924a7653a099c2 Mon Sep 17 00:00:00 2001 From: yupengzte Date: Thu, 23 Feb 2017 16:46:08 +0800 Subject: [PATCH 2354/2538] Delete dots to align with other commands description Signed-off-by: yupengzte --- docs/reference/commandline/node_inspect.md | 2 +- docs/reference/commandline/service_inspect.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 2ff6971742..19deec7672 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -23,7 +23,7 @@ Display detailed information on one or more nodes Options: -f, --format string Format the output using the given Go template --help Print usage - --pretty Print the information in a human friendly format. + --pretty Print the information in a human friendly format ``` ## Description diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 3e7b1f838b..370e21882d 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -23,7 +23,7 @@ Display detailed information on one or more services Options: -f, --format string Format the output using the given Go template --help Print usage - --pretty Print the information in a human friendly format. + --pretty Print the information in a human friendly format ``` ## Description From e66bc570391fc43c75af8947c240b32483732779 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 23 Feb 2017 13:49:00 +0100 Subject: [PATCH 2355/2538] Clarify why `hosts` in `daemon.json` does not work Signed-off-by: Harald Albers --- docs/reference/commandline/dockerd.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index e42b7340f7..92b9349a41 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1208,6 +1208,13 @@ This is a full example of the allowed configuration options on Linux: } ``` +> **Note:** You cannot set options in `daemon.json` that have already been set on +> daemon startup as a flag. +> On systems that use `systemd` to start the Docker daemon, `-H` is already set, so +> you cannot use the `hosts` key in `daemon.json` to add listening addresses. +> See https://docs.docker.com/engine/admin/systemd/#custom-docker-daemon-options for how +> to accomplish this task with a systemd drop-in file. + ##### On Windows The default location of the configuration file on Windows is From bf0f1591756134cfb20ad90856824a80e42bc5eb Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 23 Feb 2017 14:45:18 +0100 Subject: [PATCH 2356/2538] Activate bash completion for Windows executable Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9ccb2c0f0e..7a1b12cd24 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -4423,4 +4423,4 @@ _docker() { eval "$__docker_previous_extglob_setting" unset __docker_previous_extglob_setting -complete -F _docker docker dockerd +complete -F _docker docker docker.exe dockerd dockerd.exe From 170fa8ca4c56582826dd91a4b876e728a3d845f7 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 24 Feb 2017 14:29:23 +0100 Subject: [PATCH 2357/2538] Add bash completion for missing filters of `docker node ls` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7a1b12cd24..8bca0f3d2e 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3342,15 +3342,23 @@ _docker_node_ls() { __docker_complete_nodes --cur "${cur##*=}" --id return ;; + membership) + COMPREPLY=( $( compgen -W "accepted pending" -- "${cur##*=}" ) ) + return + ;; name) __docker_complete_nodes --cur "${cur##*=}" --name return ;; + role) + COMPREPLY=( $( compgen -W "manager worker" -- "${cur##*=}" ) ) + return + ;; esac case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -W "id label name" -S = -- "$cur" ) ) + COMPREPLY=( $( compgen -W "id label membership name role" -S = -- "$cur" ) ) __docker_nospace return ;; From 0ec2d368a85766bb5be91c4b2c9c5604b0e34e5b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 24 Feb 2017 13:27:32 +0100 Subject: [PATCH 2358/2538] Add completion for `--filter desired-state=shutdown` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++--- contrib/completion/zsh/_docker | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 8bca0f3d2e..9028146efd 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2906,7 +2906,7 @@ _docker_service_ps() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in desired-state) - COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) ) + COMPREPLY=( $( compgen -W "accepted running shutdown" -- "${cur##*=}" ) ) return ;; name) @@ -3399,7 +3399,7 @@ _docker_node_ps() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in desired-state) - COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) ) + COMPREPLY=( $( compgen -W "accepted running shutdown" -- "${cur##*=}" ) ) return ;; name) @@ -3888,7 +3888,7 @@ _docker_stack_ps() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in desired-state) - COMPREPLY=( $( compgen -W "accepted running" -- "${cur##*=}" ) ) + COMPREPLY=( $( compgen -W "accepted running shutdown" -- "${cur##*=}" ) ) return ;; id) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 20af1d0095..be33b6c961 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1344,7 +1344,7 @@ __docker_node_complete_ps_filters() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in (desired-state) - state_opts=('accepted' 'running') + state_opts=('accepted' 'running' 'shutdown') _describe -t state-opts "desired state options" state_opts && ret=0 ;; *) @@ -1784,7 +1784,7 @@ __docker_service_complete_ps_filters() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in (desired-state) - state_opts=('accepted' 'running') + state_opts=('accepted' 'running' 'shutdown') _describe -t state-opts "desired state options" state_opts && ret=0 ;; *) @@ -2040,7 +2040,7 @@ __docker_stack_complete_ps_filters() { if compset -P '*='; then case "${${words[-1]%=*}#*=}" in (desired-state) - state_opts=('accepted' 'running') + state_opts=('accepted' 'running' 'shutdown') _describe -t state-opts "desired state options" state_opts && ret=0 ;; *) From 09b2383b91a97b0fe8d950f927ffb82637a00633 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 24 Feb 2017 14:09:26 +0100 Subject: [PATCH 2359/2538] Fix bash completion for `docker service ps --filter node` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9028146efd..a41adcf56b 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -405,10 +405,6 @@ __docker_complete_nodes() { COMPREPLY=( $(compgen -W "$(__docker_nodes "$@")" -- "$current") ) } -__docker_complete_nodes_plus_self() { - __docker_complete_nodes --add self "$@" -} - # __docker_services returns a list of all services. Additional options to # `docker service ls` may be specified in order to filter the list, e.g. # `__docker_services --filter name=xxx` @@ -2914,7 +2910,7 @@ _docker_service_ps() { return ;; node) - __docker_complete_nodes_plus_self --cur "${cur##*=}" + __docker_complete_nodes --cur "${cur##*=}" --add self return ;; esac @@ -3327,7 +3323,7 @@ _docker_node_inspect() { COMPREPLY=( $( compgen -W "--format -f --help --pretty" -- "$cur" ) ) ;; *) - __docker_complete_nodes_plus_self + __docker_complete_nodes --add self esac } @@ -3421,7 +3417,7 @@ _docker_node_ps() { COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc" -- "$cur" ) ) ;; *) - __docker_complete_nodes_plus_self + __docker_complete_nodes --add self ;; esac } From 174d9f0097026339c6dc7f661567e373f251e412 Mon Sep 17 00:00:00 2001 From: Tony Abboud Date: Fri, 13 Jan 2017 10:01:58 -0500 Subject: [PATCH 2360/2538] Add --add-host for docker build Signed-off-by: Tony Abboud --- docs/reference/commandline/build.md | 9 +++++++++ man/docker-build.1.md | 7 +++++++ 2 files changed, 16 insertions(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index fc8183f1fa..962393dd5a 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -21,6 +21,7 @@ Usage: docker build [OPTIONS] PATH | URL | - Build an image from a Dockerfile Options: + --add-host value Add a custom host-to-IP mapping (host:ip) (default []) --build-arg value Set build-time variables (default []) --cache-from value Images to consider as cache sources (default []) --cgroup-parent string Optional parent cgroup for the container @@ -435,6 +436,13 @@ Linux namespaces. On Microsoft Windows, you can specify these values: Specifying the `--isolation` flag without a value is the same as setting `--isolation="default"`. +### Add entries to container hosts file (--add-host) + +You can add other hosts into a container's `/etc/hosts` file by using one or +more `--add-host` flags. This example adds a static address for a host named +`docker`: + + $ docker build --add-host=docker:10.180.0.1 . ### Squash an image's layers (--squash) **Experimental Only** @@ -451,3 +459,4 @@ space. **Note**: using this option you may see significantly more space used due to storing two copies of the image, one for the build cache with all the cache layers in tact, and one for the squashed version. + diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 5676cb80bd..b650fc3aa2 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -6,6 +6,7 @@ docker-build - Build an image from a Dockerfile # SYNOPSIS **docker build** +[**--add-host**[=*[]*]] [**--build-arg**[=*[]*]] [**--cpu-shares**[=*0*]] [**--cgroup-parent**[=*CGROUP-PARENT*]] @@ -74,6 +75,12 @@ set as the **URL**, the repository is cloned locally and then sent as the contex storing two copies of the image, one for the build cache with all the cache layers in tact, and one for the squashed version. +**--add-host**=[] + Add a custom host-to-IP mapping (host:ip) + + Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** +option can be set multiple times. + **--build-arg**=*variable* name and value of a **buildarg**. From a584bd3b1ae2ab2a61b7359137f540fbb70e57ff Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 27 Feb 2017 12:56:57 +0100 Subject: [PATCH 2361/2538] Add bash completion for `docker build --add-host` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index a41adcf56b..7d262ebb8c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2155,6 +2155,7 @@ _docker_image() { _docker_image_build() { local options_with_args=" + --add-host --build-arg --cache-from --cgroup-parent @@ -2191,6 +2192,14 @@ _docker_image_build() { local all_options="$options_with_args $boolean_options" case "$prev" in + --add-host) + case "$cur" in + *:) + __docker_complete_resolved_hostname + return + ;; + esac + ;; --build-arg) COMPREPLY=( $( compgen -e -- "$cur" ) ) __docker_nospace From 93344b57f3c876a08b0f518b9fe2e41bf211c6d1 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Wed, 15 Feb 2017 10:33:28 -0800 Subject: [PATCH 2362/2538] Service creation using network plugin filters. Signed-off-by: Anusha Ragunathan --- docs/extend/index.md | 57 ---------- docs/extend/plugins_services.md | 184 ++++++++++++++++++++++++++++++++ 2 files changed, 184 insertions(+), 57 deletions(-) create mode 100644 docs/extend/plugins_services.md diff --git a/docs/extend/index.md b/docs/extend/index.md index 99e02a8bab..5ff8728507 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -118,63 +118,6 @@ remove it, use the `docker plugin remove` command. For other available commands and options, see the [command line reference](../reference/commandline/index.md). -## Service creation using plugins - -In swarm mode, it is possible to create a service that allows for attaching -to networks or mounting volumes. Swarm schedules services based on plugin availability -on a node. In this example, a volume plugin is installed on a swarm worker and a volume -is created using the plugin. In the manager, a service is created with the relevant -mount options. It can be observed that the service is scheduled to run on the worker -node with the said volume plugin and volume. - -In the following example, node1 is the manager and node2 is the worker. - -1. Prepare manager. In node 1: - - ```bash - $ docker swarm init - Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager. - ``` - -2. Join swarm, install plugin and create volume on worker. In node 2: - - ```bash - $ docker swarm join \ - --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \ - 192.168.99.100:2377 - ``` - - ```bash - $ docker plugin install tiborvass/sample-volume-plugin - latest: Pulling from tiborvass/sample-volume-plugin - eb9c16fbdc53: Download complete - Digest: sha256:00b42de88f3a3e0342e7b35fa62394b0a9ceb54d37f4c50be5d3167899994639 - Status: Downloaded newer image for tiborvass/sample-volume-plugin:latest - Installed plugin tiborvass/sample-volume-plugin - ``` - - ```bash - $ docker volume create -d tiborvass/sample-volume-plugin --name pluginVol - ``` - -3. Create a service using the plugin and volume. In node1: - - ```bash - $ docker service create --name my-service --mount type=volume,volume-driver=tiborvass/sample-volume-plugin,source=pluginVol,destination=/tmp busybox top - - $ docker service ls - z1sj8bb8jnfn my-service replicated 1/1 busybox:latest - ``` - docker service ls shows service 1 instance of service running. - -4. Observe the task getting scheduled in node 2: - - ```bash - {% raw %} - $ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}' - 83fc1e842599 Up 2 days my-service.1.9jn59qzn7nbc3m0zt1hij12xs "top" - {% endraw %} - ``` ## Developing a plugin diff --git a/docs/extend/plugins_services.md b/docs/extend/plugins_services.md new file mode 100644 index 0000000000..d68218f8f8 --- /dev/null +++ b/docs/extend/plugins_services.md @@ -0,0 +1,184 @@ +--- +description: Using services with plugins +keywords: "API, Usage, plugins, documentation, developer" +title: Plugins and Services +--- + + + +# Using Volume and Network plugins in Docker services + +In swarm mode, it is possible to create a service that allows for attaching +to networks or mounting volumes that are backed by plugins. Swarm schedules +services based on plugin availability on a node. + + +### Volume plugins + +In this example, a volume plugin is installed on a swarm worker and a volume +is created using the plugin. In the manager, a service is created with the +relevant mount options. It can be observed that the service is scheduled to +run on the worker node with the said volume plugin and volume. Note that, +node1 is the manager and node2 is the worker. + +1. Prepare manager. In node 1: + + ```bash + $ docker swarm init + Swarm initialized: current node (dxn1zf6l61qsb1josjja83ngz) is now a manager. + ``` + +2. Join swarm, install plugin and create volume on worker. In node 2: + + ```bash + $ docker swarm join \ + --token SWMTKN-1-49nj1cmql0jkz5s954yi3oex3nedyz0fb0xx14ie39trti4wxv-8vxv8rssmk743ojnwacrr2e7c \ + 192.168.99.100:2377 + ``` + + ```bash + $ docker plugin install tiborvass/sample-volume-plugin + latest: Pulling from tiborvass/sample-volume-plugin + eb9c16fbdc53: Download complete + Digest: sha256:00b42de88f3a3e0342e7b35fa62394b0a9ceb54d37f4c50be5d3167899994639 + Status: Downloaded newer image for tiborvass/sample-volume-plugin:latest + Installed plugin tiborvass/sample-volume-plugin + ``` + + ```bash + $ docker volume create -d tiborvass/sample-volume-plugin --name pluginVol + ``` + +3. Create a service using the plugin and volume. In node1: + + ```bash + $ docker service create --name my-service --mount type=volume,volume-driver=tiborvass/sample-volume-plugin,source=pluginVol,destination=/tmp busybox top + + $ docker service ls + z1sj8bb8jnfn my-service replicated 1/1 busybox:latest + ``` + docker service ls shows service 1 instance of service running. + +4. Observe the task getting scheduled in node 2: + + ```bash + $ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}' + 83fc1e842599 Up 2 days my-service.1.9jn59qzn7nbc3m0zt1hij12xs "top" + ``` + +### Network plugins + +In this example, a global scope network plugin is installed on both the +swarm manager and worker. A service is created with replicated instances +using the installed plugin. We will observe how the availability of the +plugin determines network creation and container scheduling. + +Note that node1 is the manager and node2 is the worker. + + +1. Install a global scoped network plugin on both manager and worker. On node1 + and node2: + + ```bash + $ docker plugin install bboreham/weave2 + Plugin "bboreham/weave2" is requesting the following privileges: + - network: [host] + - capabilities: [CAP_SYS_ADMIN CAP_NET_ADMIN] + Do you grant the above permissions? [y/N] y + latest: Pulling from bboreham/weave2 + 7718f575adf7: Download complete + Digest: sha256:2780330cc15644b60809637ee8bd68b4c85c893d973cb17f2981aabfadfb6d72 + Status: Downloaded newer image for bboreham/weave2:latest + Installed plugin bboreham/weave2 + ``` + +2. Create a network using plugin on manager. On node1: + + ```bash + $ docker network create --driver=bboreham/weave2:latest globalnet + + $ docker network ls + NETWORK ID NAME DRIVER SCOPE + qlj7ueteg6ly globalnet bboreham/weave2:latest swarm + ``` + +3. Create a service on the manager and have replicas set to 8. Observe that +containers get scheduled on both manager and worker. + + On node 1: + + ```bash + $ docker service create --network globalnet --name myservice --replicas=8 mrjana/simpleweb simpleweb +w90drnfzw85nygbie9kb89vpa + ``` + + ```bash + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 87520965206a mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 5 seconds ago Up 4 seconds myservice.4.ytdzpktmwor82zjxkh118uf1v + 15e24de0f7aa mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 5 seconds ago Up 4 seconds myservice.2.kh7a9n3iauq759q9mtxyfs9hp + c8c8f0144cdc mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 5 seconds ago Up 4 seconds myservice.6.sjhpj5gr3xt33e3u2jycoj195 + 2e8e4b2c5c08 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 5 seconds ago Up 4 seconds myservice.8.2z29zowsghx66u2velublwmrh + ``` + + On node 2: + + ```bash + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + 53c0ae7c1dae mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 2 seconds ago Up Less than a second myservice.7.x44tvvdm3iwkt9kif35f7ykz1 + 9b56c627fee0 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 2 seconds ago Up Less than a second myservice.1.x7n1rm6lltw5gja3ueikze57q + d4f5927ba52c mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 2 seconds ago Up 1 second myservice.5.i97bfo9uc6oe42lymafs9rz6k + 478c0d395bd7 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 2 seconds ago Up Less than a second myservice.3.yr7nkffa48lff1vrl2r1m1ucs + ``` + +4. Scale down the number of instances. On node1: + + ```bash + $ docker service scale myservice=0 + myservice scaled to 0 + ``` + +5. Disable and uninstall the plugin on the worker. On node2: + + ```bash + $ docker plugin rm -f bboreham/weave2 + bboreham/weave2 + ``` + +6. Scale up the number of instances again. Observe that all containers are +scheduled on the master and not on the worker, because the plugin is not available on the worker anymore. + + On node 1: + + ```bash + $ docker service scale myservice=8 + myservice scaled to 8 + ``` + + ```bash + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + cf4b0ec2415e mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.3.r7p5o208jmlzpcbm2ytl3q6n1 + 57c64a6a2b88 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.4.dwoezsbb02ccstkhlqjy2xe7h + 3ac68cc4e7b8 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 35 seconds myservice.5.zx4ezdrm2nwxzkrwnxthv0284 + 006c3cb318fc mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.8.q0e3umt19y3h3gzo1ty336k5r + dd2ffebde435 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.7.a77y3u22prjipnrjg7vzpv3ba + a86c74d8b84b mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 36 seconds myservice.6.z9nbn14bagitwol1biveeygl7 + 2846a7850ba0 mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 37 seconds myservice.2.ypufz2eh9fyhppgb89g8wtj76 + e2ec01efcd8a mrjana/simpleweb@sha256:317d7f221d68c86d503119b0ea12c29de42af0a22ca087d522646ad1069a47a4 "simpleweb" 39 seconds ago Up 38 seconds myservice.1.8w7c4ttzr6zcb9sjsqyhwp3yl + ``` + + On node 2: + + ```bash + $ docker ps + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + ``` From 3a9b35dfa4dc58668789fe494599f05307d01f15 Mon Sep 17 00:00:00 2001 From: pjaffe Date: Mon, 27 Feb 2017 17:05:24 -0500 Subject: [PATCH 2363/2538] Remove incorrect duplicate phrase from build.md A phrase from the "Text files" section in build.md was incorrectly duplicated under the "Tarball contexts" section. Signed-off-by: Peter Jaffe --- docs/reference/commandline/build.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 962393dd5a..77096acd3c 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -112,9 +112,6 @@ Build Syntax Suffix | Commit Used | Build Context Used If you pass an URL to a remote tarball, the URL itself is sent to the daemon: -Instead of specifying a context, you can pass a single Dockerfile in the `URL` -or pipe the file in via `STDIN`. To pipe a Dockerfile from `STDIN`: - ```bash $ docker build http://server/context.tar.gz ``` From 9f2d9da2719adbb1ed53e796658e1858dbeb4acc Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 20 Feb 2017 16:35:51 +0100 Subject: [PATCH 2364/2538] Hide aliases in bash completion of `docker node|service` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7d262ebb8c..40b6cc354c 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2769,7 +2769,11 @@ _docker_network() { prune rm " - __docker_subcommands "$subcommands" && return + local aliases=" + list + remove + " + __docker_subcommands "$subcommands $aliases" && return case "$cur" in -*) @@ -2785,15 +2789,19 @@ _docker_service() { local subcommands=" create inspect - ls list - rm remove + ls + rm scale ps update " __docker_daemon_is_experimental && subcommands+="logs" - __docker_subcommands "$subcommands" && return + local aliases=" + list + remove + " + __docker_subcommands "$subcommands $aliases" && return case "$cur" in -*) @@ -3292,13 +3300,17 @@ _docker_node() { local subcommands=" demote inspect - ls list + ls promote - rm remove + rm ps update " - __docker_subcommands "$subcommands" && return + local aliases=" + list + remove + " + __docker_subcommands "$subcommands $aliases" && return case "$cur" in -*) From e9457714cffcd22543f6421426c51b55b6bf3079 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Sun, 5 Feb 2017 21:22:57 -0800 Subject: [PATCH 2365/2538] Add `--stop-signal` for `service create` and `service update` This fix tries to address the issue raised in 25696 where it was not possible to specify `--stop-signal` for `docker service create` and `docker service update`, in order to use special signal to stop the container. This fix adds `--stop-signal` and update the `StopSignal` in `Config` through `service create` and `service update`. Related docs has been updated. Integration test has been added. This fix fixes 25696. Signed-off-by: Yong Tang --- docs/reference/commandline/service_create.md | 1 + docs/reference/commandline/service_update.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 6ee3bb535a..ae621577d1 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -58,6 +58,7 @@ Options: --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) --secret secret Specify secrets to expose to the service --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) + --stop-signal string Signal to stop the container -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure ("pause"|"continue") (default "pause") diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 223ba2a51f..80fd5b3c82 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -70,6 +70,7 @@ Options: --secret-add secret Add or update a secret on a service --secret-rm list Remove a secret (default []) --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) + --stop-signal string Signal to stop the container -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure ("pause"|"continue") (default "pause") From 8e7dd976f87e30e7286ff6e60e0928a0757627d1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 2 Mar 2017 02:14:15 +0100 Subject: [PATCH 2366/2538] remove Jekyll tags from CLI reference These Markdown files are now embedded in a YAML file for templating in the documentation, and these special markers are no longer needed. Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/cli.md | 2 -- docs/reference/commandline/commit.md | 2 -- docs/reference/commandline/container_prune.md | 4 ---- docs/reference/commandline/events.md | 4 ---- docs/reference/commandline/image_prune.md | 2 -- docs/reference/commandline/images.md | 4 ---- docs/reference/commandline/info.md | 1 - docs/reference/commandline/inspect.md | 14 -------------- docs/reference/commandline/node_inspect.md | 2 -- docs/reference/commandline/plugin_inspect.md | 2 -- docs/reference/commandline/plugin_ls.md | 2 -- docs/reference/commandline/plugin_set.md | 8 -------- docs/reference/commandline/ps.md | 10 +--------- docs/reference/commandline/run.md | 4 ---- docs/reference/commandline/secret_inspect.md | 2 -- docs/reference/commandline/service_create.md | 4 +--- docs/reference/commandline/service_inspect.md | 2 -- docs/reference/commandline/service_ls.md | 2 -- docs/reference/commandline/stack_services.md | 2 -- docs/reference/commandline/stats.md | 4 ---- docs/reference/commandline/version.md | 4 ---- docs/reference/commandline/volume_inspect.md | 2 -- docs/reference/commandline/volume_ls.md | 2 -- 23 files changed, 2 insertions(+), 83 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 78327715ae..666a353718 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -195,7 +195,6 @@ attach`, `docker exec`, `docker run` or `docker start` command. Following is a sample `config.json` file: ```json -{% raw %} { "HttpHeaders": { "MyHeader": "MyValue" @@ -213,7 +212,6 @@ Following is a sample `config.json` file: "unicorn.example.com": "vcbait" } } -{% endraw %} ``` ### Notary diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index fcf7559199..22c98e310e 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -72,7 +72,6 @@ svendowideit/testimage version3 f5283438590d 16 sec ### Commit a container with new configurations ```bash -{% raw %} $ docker ps ICONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES @@ -90,7 +89,6 @@ f5283438590d $ docker inspect -f "{{ .Config.Env }}" f5283438590d [HOME=/ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DEBUG=true] -{% endraw %} ``` ### Commit a container with new `CMD` and `EXPOSE` instructions diff --git a/docs/reference/commandline/container_prune.md b/docs/reference/commandline/container_prune.md index f6990e72d5..724057cf2c 100644 --- a/docs/reference/commandline/container_prune.md +++ b/docs/reference/commandline/container_prune.md @@ -70,7 +70,6 @@ fraction of a second no more than nine digits long. The following removes containers created more than 5 minutes ago: ```bash -{% raw %} $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' CONTAINER ID IMAGE COMMAND CREATED AT STATUS @@ -88,13 +87,11 @@ $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}} CONTAINER ID IMAGE COMMAND CREATED AT STATUS 61b9efa71024 busybox "sh" 2017-01-04 13:23:33 -0800 PST Exited (0) 44 seconds ago -{% endraw %} ``` The following removes containers created before `2017-01-04T13:10:00`: ```bash -{% raw %} $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}}\t{{.Status}}' CONTAINER ID IMAGE COMMAND CREATED AT STATUS @@ -112,7 +109,6 @@ $ docker ps -a --format 'table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.CreatedAt}} CONTAINER ID IMAGE COMMAND CREATED AT STATUS 53a9bc23a516 busybox "sh" 2017-01-04 13:11:59 -0800 PST Exited (0) 9 minutes ago -{% endraw %} ``` ## Related commands diff --git a/docs/reference/commandline/events.md b/docs/reference/commandline/events.md index d4599adcc5..9bf051363a 100644 --- a/docs/reference/commandline/events.md +++ b/docs/reference/commandline/events.md @@ -326,7 +326,6 @@ $ docker events --filter 'type=plugin' ### Format the output ```bash -{% raw %} $ docker events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 @@ -335,13 +334,11 @@ Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c1 Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 -{% endraw %} ``` #### Format as JSON ```none -{% raw %} $ docker events --format '{{json .}}' {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. @@ -349,5 +346,4 @@ Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299 {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. -{% endraw %} ``` diff --git a/docs/reference/commandline/image_prune.md b/docs/reference/commandline/image_prune.md index ab3c232901..e9cae8c6a9 100644 --- a/docs/reference/commandline/image_prune.md +++ b/docs/reference/commandline/image_prune.md @@ -92,7 +92,6 @@ fraction of a second no more than nine digits long. The following removes images created before `2017-01-04T00:00:00`: ```bash -{% raw %} $ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt}}\t{{.Size}}' REPOSITORY TAG IMAGE ID CREATED AT SIZE foo latest 2f287ac753da 2017-01-04 13:42:23 -0800 PST 3.98 MB @@ -115,7 +114,6 @@ $ docker images --format 'table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedAt REPOSITORY TAG IMAGE ID CREATED AT SIZE foo latest 2f287ac753da 2017-01-04 13:42:23 -0800 PST 3.98 MB -{% endraw %} ``` The following removes images created more than 10 days (`240h`) ago: diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index e0e55524c0..82c572e3ba 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -309,7 +309,6 @@ The following example uses a template without headers and outputs the `ID` and `Repository` entries separated by a colon for all images: ```bash -{% raw %} $ docker images --format "{{.ID}}: {{.Repository}}" 77af4d6b9913: @@ -321,14 +320,12 @@ b6fa739cedf5: committ 746b819f315e: postgres 746b819f315e: postgres 746b819f315e: postgres -{% endraw %} ``` To list all images with their repository and tag in a table format you can use: ```bash -{% raw %} $ docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}" IMAGE ID REPOSITORY TAG @@ -341,5 +338,4 @@ b6fa739cedf5 committ latest 746b819f315e postgres 9.3 746b819f315e postgres 9.3.5 746b819f315e postgres latest -{% endraw %} ``` diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index aba4d190dd..798c3f04da 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -197,7 +197,6 @@ The global `-D` option causes all `docker` commands to output debug information. You can also specify the output format: ```bash -{% raw %} $ docker info --format '{{json .}}' {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index dfea20a57a..842faf9b49 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -45,33 +45,25 @@ For the most part, you can pick out any field from the JSON in a fairly straightforward manner. ```bash -{% raw %} $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $INSTANCE_ID -{% endraw %} ``` ### Get an instance's MAC address ```bash -{% raw %} $ docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $INSTANCE_ID -{% endraw %} ``` ### Get an instance's log path ```bash -{% raw %} $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID -{% endraw %} ``` ### Get an instance's image name ```bash -{% raw %} $ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID -{% endraw %} ``` ### List all port bindings @@ -80,9 +72,7 @@ You can loop over arrays and maps in the results to produce simple text output: ```bash -{% raw %} $ docker inspect --format='{{range $p, $conf := .NetworkSettings.Ports}} {{$p}} -> {{(index $conf 0).HostPort}} {{end}}' $INSTANCE_ID -{% endraw %} ``` ### Find a specific port mapping @@ -96,9 +86,7 @@ then `index` 0 contains the first object inside of that. Then we ask for the `HostPort` field to get the public address. ```bash -{% raw %} $ docker inspect --format='{{(index (index .NetworkSettings.Ports "8787/tcp") 0).HostPort}}' $INSTANCE_ID -{% endraw %} ``` ### Get a subsection in JSON format @@ -109,7 +97,5 @@ Docker adds a template function, `json`, which can be applied to get results in JSON format. ```bash -{% raw %} $ docker inspect --format='{{json .Config}}' $INSTANCE_ID -{% endraw %} ``` diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 19deec7672..6d7dc739e8 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -109,7 +109,6 @@ $ docker node inspect swarm-manager ### Specify an output format ```none -{% raw %} $ docker node inspect --format '{{ .ManagerStatus.Leader }}' self false @@ -136,7 +135,6 @@ Plugins: Network: overlay, bridge, null, host, overlay Volume: local Engine Version: 1.12.0 -{% endraw %} ``` ## Related commands diff --git a/docs/reference/commandline/plugin_inspect.md b/docs/reference/commandline/plugin_inspect.md index 3a54b9f99b..c0e6573cb8 100644 --- a/docs/reference/commandline/plugin_inspect.md +++ b/docs/reference/commandline/plugin_inspect.md @@ -148,11 +148,9 @@ $ docker plugin inspect tiborvass/sample-volume-plugin:latest ### Formatting the output ```bash -{% raw %} $ docker plugin inspect -f '{{.Id}}' tiborvass/sample-volume-plugin:latest 8c74c978c434745c3ade82f1bc0acf38d04990eaf494fa507c16d9f1daa99c21 -{% endraw %} ``` diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index 4872184753..e5793dc21d 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -101,11 +101,9 @@ The following example uses a template without headers and outputs the `ID` and `Name` entries separated by a colon for all plugins: ```bash -{% raw %} $ docker plugin ls --format "{{.ID}}: {{.Name}}" 4be01827a72e: tiborvass/no-remove -{% endraw %} ``` diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md index e63215a7ed..4b7ce612ad 100644 --- a/docs/reference/commandline/plugin_set.md +++ b/docs/reference/commandline/plugin_set.md @@ -42,7 +42,6 @@ The following example change the env variable `DEBUG` on the `sample-volume-plugin` plugin. ```bash -{% raw %} $ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin [DEBUG=0] @@ -51,7 +50,6 @@ $ docker plugin set tiborvass/sample-volume-plugin DEBUG=1 $ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin [DEBUG=1] -{% endraw %} ``` ### Change the source of a mount @@ -60,7 +58,6 @@ The following example change the source of the `mymount` mount on the `myplugin` plugin. ```bash -{% raw %} $ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin /foo @@ -68,7 +65,6 @@ $ docker plugins set myplugin mymount.source=/bar $ docker plugin inspect -f '{{with $mount := index .Settings.Mounts 0}}{{$mount.Source}}{{end}}' myplugin /bar -{% endraw %} ``` > **Note**: Since only `source` is settable in `mymount`, @@ -80,7 +76,6 @@ The following example change the path of the `mydevice` device on the `myplugin` plugin. ```bash -{% raw %} $ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin /dev/foo @@ -88,7 +83,6 @@ $ docker plugins set myplugin mydevice.path=/dev/bar $ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$device.Path}}{{end}}' myplugin /dev/bar -{% endraw %} ``` > **Note**: Since only `path` is settable in `mydevice`, @@ -99,7 +93,6 @@ $ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$devi The following example change the source of the args on the `myplugin` plugin. ```bash -{% raw %} $ docker plugin inspect -f '{{.Settings.Args}}' myplugin ["foo", "bar"] @@ -107,7 +100,6 @@ $ docker plugins set myplugin args="foo bar baz" $ docker plugin inspect -f '{{.Settings.Args}}' myplugin ["foo", "bar", "baz"] -{% endraw %} ``` ## Related commands diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index 96f193658c..cf5798c7d6 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -300,7 +300,6 @@ The `volume` filter shows only containers that mount a specific volume or have a volume mounted in a specific path: ```bash -{% raw %} $ docker ps --filter volume=remote-volume --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume @@ -308,7 +307,6 @@ CONTAINER ID MOUNTS $ docker ps --filter volume=/data --format "table {{.ID}}\t{{.Mounts}}" CONTAINER ID MOUNTS 9c3527ed70ce remote-volume -{% endraw %} ``` #### network @@ -334,9 +332,7 @@ example shows all containers that are attached to the `net1` network, using the network id as a filter; ```bash -{% raw %} $ docker network inspect --format "{{.ID}}" net1 -{% endraw %} 8c0b4110ae930dbe26b258de9bc34a03f98056ed6f27f991d32919bfe401d7c5 @@ -403,7 +399,7 @@ Placeholder | Description `.Size` | Container disk size. `.Names` | Container names. `.Labels` | All labels assigned to the container. -`.Label` | Value of a specific label for this container. For example `'{% raw %}{{.Label "com.docker.swarm.cpu"}}{% endraw %}'` +`.Label` | Value of a specific label for this container. For example `'{{.Label "com.docker.swarm.cpu"}}'` `.Mounts` | Names of the volumes mounted in this container. `.Networks` | Names of the networks attached to this container. @@ -415,9 +411,7 @@ The following example uses a template without headers and outputs the `ID` and `Command` entries separated by a colon for all running containers: ```bash -{% raw %} $ docker ps --format "{{.ID}}: {{.Command}}" -{% endraw %} a87ecb4f327c: /bin/sh -c #(nop) MA 01946d9d34d8: /bin/sh -c #(nop) MA @@ -428,9 +422,7 @@ c1d3b0166030: /bin/sh -c yum -y up To list all running containers with their labels in a table format you can use: ```bash -{% raw %} $ docker ps --format "table {{.ID}}\t{{.Labels}}" -{% endraw %} CONTAINER ID LABELS a87ecb4f327c com.docker.swarm.node=ubuntu,com.docker.swarm.storage=ssd diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 8f6f9e0283..66a16f3986 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -543,7 +543,6 @@ retrieve the container's ID once the container has finished running. ### Add host device to container (--device) ```bash -{% raw %} $ docker run --device=/dev/sdc:/dev/xvdc \ --device=/dev/sdd --device=/dev/zero:/dev/nulo \ -i -t \ @@ -552,7 +551,6 @@ $ docker run --device=/dev/sdc:/dev/xvdc \ brw-rw---- 1 root disk 8, 2 Feb 9 16:05 /dev/xvdc brw-rw---- 1 root disk 8, 3 Feb 9 16:05 /dev/sdd crw-rw-rw- 1 root root 1, 5 Feb 9 16:05 /dev/nulo -{% endraw %} ``` It is often necessary to directly expose devices to a container. The `--device` @@ -636,10 +634,8 @@ using IPv4 or IPv6 networking in your containers. Use the following flags for IPv4 address retrieval for a network device named `eth0`: ```bash -{% raw %} $ HOSTIP=`ip -4 addr show scope global dev eth0 | grep inet | awk '{print \$2}' | cut -d / -f 1` $ docker run --add-host=docker:${HOSTIP} --rm -it debian -{% endraw %} ``` For IPv6 use the `-6` flag instead of the `-4` flag. For other network diff --git a/docs/reference/commandline/secret_inspect.md b/docs/reference/commandline/secret_inspect.md index 8ced58d783..098274e17b 100644 --- a/docs/reference/commandline/secret_inspect.md +++ b/docs/reference/commandline/secret_inspect.md @@ -75,11 +75,9 @@ secret. The following example command outputs the creation time of the secret. ```bash -{% raw %} $ docker secret inspect --format='{{.CreatedAt}}' mhv17xfe3gh6xc4rij5orpfds 2016-10-27 23:25:43.909181089 +0000 UTC -{% endraw %} ``` diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index ae621577d1..876775b70e 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -548,9 +548,8 @@ In this example, we are going to set the template of the created containers base service's name and the node's ID where it sits. ```bash -{% raw %} $ docker service create --name hosttempl \ - --hostname={% raw %}"{{.Node.ID}}-{{.Service.Name}}"\ + --hostname="{{.Node.ID}}-{{.Service.Name}}"\ busybox top va8ew30grofhjoychbr6iot8c @@ -563,7 +562,6 @@ wo41w8hg8qan hosttempl.1 busybox:latest@sha256:29f5d56d12684887bdfa50dcd29fc31 $ docker inspect --format="{{.Config.Hostname}}" hosttempl.1.wo41w8hg8qanxwjwsg4kxpprj x3ti0erg11rjpg64m75kej2mz-hosttempl -{% endraw %} ``` ## Related commands diff --git a/docs/reference/commandline/service_inspect.md b/docs/reference/commandline/service_inspect.md index 370e21882d..24c593cec9 100644 --- a/docs/reference/commandline/service_inspect.md +++ b/docs/reference/commandline/service_inspect.md @@ -153,11 +153,9 @@ service. For example, the following command outputs the number of replicas of the "redis" service. ```bash -{% raw %} $ docker service inspect --format='{{.Spec.Mode.Replicated.Replicas}}' redis 10 -{% endraw %} ``` diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index c21bc3f656..86273ff1ff 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -133,12 +133,10 @@ The following example uses a template without headers and outputs the `ID`, `Mode`, and `Replicas` entries separated by a colon for all services: ```bash -{% raw %} $ docker service ls --format "{{.ID}}: {{.Mode}} {{.Replicas}}" 0zmvwuiu3vue: replicated 10/10 fm6uf97exkul: global 5/5 -{% endraw %} ``` ## Related commands diff --git a/docs/reference/commandline/stack_services.md b/docs/reference/commandline/stack_services.md index 9fa758d2bb..1b727799f6 100644 --- a/docs/reference/commandline/stack_services.md +++ b/docs/reference/commandline/stack_services.md @@ -90,12 +90,10 @@ The following example uses a template without headers and outputs the `ID`, `Mode`, and `Replicas` entries separated by a colon for all services: ```bash -{% raw %} $ docker stack services --format "{{.ID}}: {{.Mode}} {{.Replicas}}" 0zmvwuiu3vue: replicated 10/10 fm6uf97exkul: global 5/5 -{% endraw %} ``` diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index 88d15efe27..f5c058524d 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -120,25 +120,21 @@ The following example uses a template without headers and outputs the `Container` and `CPUPerc` entries separated by a colon for all images: ```bash -{% raw %} $ docker stats --format "{{.Container}}: {{.CPUPerc}}" 09d3bb5b1604: 6.61% 9db7aa4d986d: 9.19% 3f214c61ad1d: 0.00% -{% endraw %} ``` To list all containers statistics with their name, CPU percentage and memory usage in a table format you can use: ```bash -{% raw %} $ docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" CONTAINER CPU % PRIV WORKING SET 1285939c1fd3 0.07% 796 KiB / 64 MiB 9c76f7834ae2 0.07% 2.746 MiB / 64 MiB d1ea048f04e4 0.03% 4.583 MiB / 64 MiB -{% endraw %} ``` diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index c2693886b9..b15d13b97f 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -60,19 +60,15 @@ OS/Arch: linux/amd64 ### Get the server version ```bash -{% raw %} $ docker version --format '{{.Server.Version}}' 1.8.0 -{% endraw %} ``` ### Dump raw JSON data ```bash -{% raw %} $ docker version --format '{{json .}}' {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} -{% endraw %} ``` diff --git a/docs/reference/commandline/volume_inspect.md b/docs/reference/commandline/volume_inspect.md index 530c2b1feb..bbdc6bd3ee 100644 --- a/docs/reference/commandline/volume_inspect.md +++ b/docs/reference/commandline/volume_inspect.md @@ -48,10 +48,8 @@ $ docker volume inspect 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443 } ] -{% raw %} $ docker volume inspect --format '{{ .Mountpoint }}' 85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d /var/lib/docker/volumes/85bffb0677236974f93955d8ecc4df55ef5070117b0e53333cc1b443777be24d/_data -{% endraw %} ``` ## Related commands diff --git a/docs/reference/commandline/volume_ls.md b/docs/reference/commandline/volume_ls.md index 06aaa2b964..713922d60f 100644 --- a/docs/reference/commandline/volume_ls.md +++ b/docs/reference/commandline/volume_ls.md @@ -183,13 +183,11 @@ The following example uses a template without headers and outputs the `Name` and `Driver` entries separated by a colon for all volumes: ```bash -{% raw %} $ docker volume ls --format "{{.Name}}: {{.Driver}}" vol1: local vol2: local vol3: local -{% endraw %} ``` ## Related commands From 85db6243171e9c3e99539b96f2bf4e5a0d12c896 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 24 Feb 2017 16:50:00 +0100 Subject: [PATCH 2367/2538] Bash completion for `docker service ps` completes only one service Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 40b6cc354c..1ce09f1fc2 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2945,7 +2945,10 @@ _docker_service_ps() { COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) ;; *) - __docker_complete_services + local counter=$(__docker_pos_first_nonflag '--filter|-f') + if [ $cword -eq $counter ]; then + __docker_complete_services + fi ;; esac } From 2c9f862eafb1002fa12edaa84c2350c6be1b0c17 Mon Sep 17 00:00:00 2001 From: scjane Date: Tue, 21 Feb 2017 18:38:07 +0800 Subject: [PATCH 2368/2538] Update index.md Signed-off-by: Wang Jie Signed-off-by: Sebastiaan van Stijn --- docs/extend/index.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index 5ff8728507..b0d3404bbe 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -19,7 +19,7 @@ title: Managed plugin system * [Developing a plugin](index.md#developing-a-plugin) * [Debugging plugins](index.md#debugging-plugins) -Docker Engine's plugins system allows you to install, start, stop, and remove +Docker Engine's plugin system allows you to install, start, stop, and remove plugins using Docker Engine. For information about the legacy plugin system available in Docker Engine 1.12 @@ -34,7 +34,7 @@ Plugins are distributed as Docker images and can be hosted on Docker Hub or on a private registry. To install a plugin, use the `docker plugin install` command, which pulls the -plugin from Docker hub or your private registry, prompts you to grant +plugin from Docker Hub or your private registry, prompts you to grant permissions or capabilities if necessary, and enables the plugin. To check the status of installed plugins, use the `docker plugin ls` command. @@ -62,6 +62,7 @@ enabled, and use it to create a volume. ``` The plugin requests 2 privileges: + - It needs access to the `host` network. - It needs the `CAP_SYS_ADMIN` capability, which allows the plugin to run the `mount` command. From 04731761bc1231c3c50bdf12f13eecdee3fa057d Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Mon, 27 Feb 2017 17:16:47 -0800 Subject: [PATCH 2369/2538] update deprecation dates Signed-off-by: Victor Vieux --- docs/deprecated.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 9d3da96322..109c3030b4 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -25,7 +25,7 @@ see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-depreca **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** -**Target For Removal In Release: v1.16** +**Target For Removal In Release: v17.12** When inspecting a container, `NetworkSettings` contains top-level information about the default ("bridge") network; @@ -43,28 +43,28 @@ information. ## `filter` param for `/images/json` endpoint **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** -**Target For Removal In Release: v1.16** +**Target For Removal In Release: v17.12** The `filter` param to filter the list of image by reference (name or name:tag) is now implemented as a regular filter, named `reference`. ### `repository:shortid` image references **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** -**Target For Removal In Release: v1.16** +**Target For Removal In Release: v17.12** `repository:shortid` syntax for referencing images is very little used, collides with tag references can be confused with digest references. ### `docker daemon` subcommand **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** -**Target For Removal In Release: v1.16** +**Target For Removal In Release: v17.12** The daemon is moved to a separate binary (`dockerd`), and should be used instead. ### Duplicate keys with conflicting values in engine labels **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** -**Target For Removal In Release: v1.16** +**Target For Removal In Release: v17.12** Duplicate keys with conflicting values have been deprecated. A warning is displayed in the output, and an error will be returned in the future. @@ -77,7 +77,7 @@ in the output, and an error will be returned in the future. ### API calls without a version **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** -**Target For Removal In Release: v1.16** +**Target For Removal In Release: v17.12** API versions should be supplied to all API calls to ensure compatibility with future Engine versions. Instead of just requesting, for example, the URL @@ -86,7 +86,7 @@ future Engine versions. Instead of just requesting, for example, the URL ### Backing filesystem without `d_type` support for overlay/overlay2 **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** -**Target For Removal In Release: v1.16** +**Target For Removal In Release: v17.12** The overlay and overlay2 storage driver does not work as expected if the backing filesystem does not support `d_type`. For example, XFS does not support `d_type` @@ -106,7 +106,7 @@ The `docker import` command format `file|URL|- [REPOSITORY [TAG]]` is deprecated **Deprecated In Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** -**Target For Removal In Release: v1.15** +**Target For Removal In Release: v17.09** The shorthand (`-h`) is less common than `--help` on Linux and cannot be used on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on @@ -116,14 +116,14 @@ on all subcommands (due to it conflicting with, e.g. `-h` / `--hostname` on ### `-e` and `--email` flags on `docker login` **Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** -**Target For Removal In Release: v1.14** +**Target For Removal In Release: v17.06** The docker login command is removing the ability to automatically register for an account with the target registry if the given username doesn't exist. Due to this change, the email flag is no longer required, and will be deprecated. ### Separator (`:`) of `--security-opt` flag on `docker run` **Deprecated In Release: [v1.11.0](https://github.com/docker/docker/releases/tag/v1.11.0)** -**Target For Removal In Release: v1.14** +**Target For Removal In Release: v17.06** The flag `--security-opt` doesn't use the colon separator(`:`) anymore to divide keys and values, it uses the equal symbol(`=`) for consistency with other similar flags, like `--storage-opt`. @@ -169,7 +169,7 @@ Use `docker ps --filter=before=...` and `docker ps --filter=since=...` instead. **Deprecated in Release: [v1.12.0](https://github.com/docker/docker/releases/tag/v1.12.0)** -**Target For Removal In Release: v1.15** +**Target For Removal In Release: v17.09** The `docker search --automated` and `docker search --stars` options are deprecated. Use `docker search --filter=is-automated=...` and `docker search --filter=stars=...` instead. @@ -266,9 +266,9 @@ of the `--changes` flag that allows to pass `Dockerfile` commands. ### Interacting with V1 registries -**Disabled By Default In Release: v1.14** +**Disabled By Default In Release: v17.04** -**Target For Removal In Release: v1.17** +**Target For Removal In Release: v17.10** Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 From 9f967c7050573fc0ab63d35ac37d8389df6c371e Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 3 Mar 2017 10:26:33 +0100 Subject: [PATCH 2370/2538] Improve POSIX compatibility of bash completion Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1ce09f1fc2..80a0800b60 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -581,7 +581,7 @@ __docker_subcommands() { $(__docker_to_extglob "$subcommands") ) subcommand_pos=$counter local subcommand=${words[$counter]} - local completions_func=_docker_${command}_${subcommand} + local completions_func=_docker_${command}_${subcommand//-/_} declare -F $completions_func >/dev/null && $completions_func return 0 ;; @@ -671,7 +671,7 @@ __docker_complete_capabilities_droppable() { " -- "$cur" ) ) } -__docker_complete_detach-keys() { +__docker_complete_detach_keys() { case "$prev" in --detach-keys) case "$cur" in @@ -1074,7 +1074,7 @@ _docker_container() { } _docker_container_attach() { - __docker_complete_detach-keys && return + __docker_complete_detach_keys && return case "$cur" in -*) @@ -1181,7 +1181,7 @@ _docker_container_diff() { } _docker_container_exec() { - __docker_complete_detach-keys && return + __docker_complete_detach_keys && return case "$prev" in --env|-e) @@ -1550,7 +1550,7 @@ _docker_container_run_and_create() { --rm --sig-proxy=false " - __docker_complete_detach-keys && return + __docker_complete_detach_keys && return fi local all_options="$options_with_args $boolean_options" @@ -1744,7 +1744,7 @@ _docker_container_run_and_create() { } _docker_container_start() { - __docker_complete_detach-keys && return + __docker_complete_detach_keys && return case "$prev" in --checkpoint) @@ -3247,7 +3247,7 @@ _docker_swarm_join() { esac } -_docker_swarm_join-token() { +_docker_swarm_join_token() { case "$cur" in -*) COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) ) @@ -3277,7 +3277,7 @@ _docker_swarm_unlock() { esac } -_docker_swarm_unlock-key() { +_docker_swarm_unlock_key() { case "$cur" in -*) COMPREPLY=( $( compgen -W "--help --quiet -q --rotate" -- "$cur" ) ) @@ -4441,7 +4441,7 @@ _docker() { command_pos=0 fi - local completions_func=_docker_${command} + local completions_func=_docker_${command//-/_} declare -F $completions_func >/dev/null && $completions_func eval "$previous_extglob_setting" From 0248b4df543f84087eb612f7663ec8631205cef1 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 19 Jan 2017 15:27:37 -0800 Subject: [PATCH 2371/2538] Topology-aware scheduling This adds support for placement preferences in Swarm services. - Convert PlacementPreferences between GRPC API and HTTP API - Add --placement-pref, --placement-pref-add and --placement-pref-rm to CLI - Add support for placement preferences in service inspect --pretty - Add integration test Signed-off-by: Aaron Lehmann --- docs/reference/commandline/service_create.md | 72 ++++++++++++++++++++ docs/reference/commandline/service_update.md | 2 + 2 files changed, 74 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 876775b70e..a27199215c 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -47,6 +47,7 @@ Options: --name string Service name --network list Network attachments (default []) --no-healthcheck Disable any container-specified HEALTHCHECK + --placement-pref pref Add a placement preference -p, --publish port Publish a port as a node port --read-only Mount the container's root filesystem as read only --replicas uint Number of tasks @@ -436,6 +437,77 @@ $ docker service create \ redis:3.0.6 ``` +### Specify service placement preferences (--placement-pref) + +You can set up the service to divide tasks evenly over different categories of +nodes. One example of where this can be useful is to balance tasks over a set +of datacenters or availability zones. The example below illustrates this: + +```bash +$ docker service create \ + --replicas 9 \ + --name redis_2 \ + --placement-pref 'spread=node.labels.datacenter' \ + redis:3.0.6 +``` + +This uses `--placement-pref` with a `spread` strategy (currently the only +supported strategy) to spread tasks evenly over the values of the `datacenter` +node label. In this example, we assume that every node has a `datacenter` node +label attached to it. If there are three different values of this label among +nodes in the swarm, one third of the tasks will be placed on the nodes +associated with each value. This is true even if there are more nodes with one +value than another. For example, consider the following set of nodes: + +- Three nodes with `node.labels.datacenter=east` +- Two nodes with `node.labels.datacenter=south` +- One node with `node.labels.datacenter=west` + +Since we are spreading over the values of the `datacenter` label and the +service has 9 replicas, 3 replicas will end up in each datacenter. There are +three nodes associated with the value `east`, so each one will get one of the +three replicas reserved for this value. There are two nodes with the value +`south`, and the three replicas for this value will be divided between them, +with one receiving two replicas and another receiving just one. Finally, `west` +has a single node that will get all three replicas reserved for `west`. + +If the nodes in one category (for example, those with +`node.labels.datacenter=south`) can't handle their fair share of tasks due to +constraints or resource limitations, the extra tasks will be assigned to other +nodes instead, if possible. + +Both engine labels and node labels are supported by placement preferences. The +example above uses a node label, because the label is referenced with +`node.labels.datacenter`. To spread over the values of an engine label, use +`--placement-pref spread=engine.labels.`. + +It is possible to add multiple placement preferences to a service. This +establishes a hierarchy of preferences, so that tasks are first divided over +one category, and then further divided over additional categories. One example +of where this may be useful is dividing tasks fairly between datacenters, and +then splitting the tasks within each datacenter over a choice of racks. To add +multiple placement preferences, specify the `--placement-pref` flag multiple +times. The order is significant, and the placement preferences will be applied +in the order given when making scheduling decisions. + +The following example sets up a service with multiple placement preferences. +Tasks are spread first over the various datacenters, and then over racks +(as indicated by the respective labels): + +```bash +$ docker service create \ + --replicas 9 \ + --name redis_2 \ + --placement-pref 'spread=node.labels.datacenter' \ + --placement-pref 'spread=node.labels.rack' \ + redis:3.0.6 +``` + +When updating a service with `docker service update`, `--placement-pref-add` +appends a new placement preference after all existing placement preferences. +`--placement-pref-rm` removes an existing placement preference that matches the +argument. + ### Attach a service to an existing network (--network) You can use overlay networks to connect one or more services within the swarm. diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 80fd5b3c82..160ed53120 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -56,6 +56,8 @@ Options: --mount-add mount Add or update a mount on a service --mount-rm list Remove a mount by its target path (default []) --no-healthcheck Disable any container-specified HEALTHCHECK + --placement-pref-add pref Add a placement preference + --placement-pref-rm pref Remove a placement preference --publish-add port Add or update a published port --publish-rm port Remove a published port by its target port --read-only Mount the container's root filesystem as read only From f5fc4c26f34bd27bd8f3378caefdb633cf76dd67 Mon Sep 17 00:00:00 2001 From: "Aaron.L.Xu" Date: Thu, 16 Feb 2017 20:08:57 +0800 Subject: [PATCH 2372/2538] fix some typos from module contrib to man Signed-off-by: Aaron.L.Xu --- man/src/container/create-example.md | 2 +- man/src/container/create.md | 2 +- man/src/plugin/ls.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/man/src/container/create-example.md b/man/src/container/create-example.md index 0084eeea2c..bd83293667 100644 --- a/man/src/container/create-example.md +++ b/man/src/container/create-example.md @@ -31,5 +31,5 @@ docker create --device-cgroup-rule='c 42:* rmw' -name my-container my-image Then, a user could ask `udev` to execute a script that would `docker exec my-container mknod newDevX c 42 ` the required device when it is added. -NOTE: initially present devices still need to be explicitely added to +NOTE: initially present devices still need to be explicitly added to the create/run command diff --git a/man/src/container/create.md b/man/src/container/create.md index 3da3502aa1..66068ff644 100644 --- a/man/src/container/create.md +++ b/man/src/container/create.md @@ -60,7 +60,7 @@ Use `df ` to figure out the source mount and then use `findmnt -o TARGET,PROPAGATION ` to figure out propagation properties of source mount. If `findmnt` utility is not available, then one can look at mount entry for source mount point in `/proc/self/mountinfo`. Look -at `optional fields` and see if any propagaion properties are specified. +at `optional fields` and see if any propagation properties are specified. `shared:X` means mount is `shared`, `master:X` means mount is `slave` and if nothing is there that means mount is `private`. diff --git a/man/src/plugin/ls.md b/man/src/plugin/ls.md index df96a52487..f9f3945244 100644 --- a/man/src/plugin/ls.md +++ b/man/src/plugin/ls.md @@ -36,7 +36,7 @@ Filter output based on these conditions: ID NAME DESCRIPTION ENABLED 869080b57404 tiborvass/sample-volume-plugin:latest A sample volume plugin for Docker true -## Display plguins with `volumedriver` capability +## Display plugins with `volumedriver` capability $ docker plugin ls --filter capability=volumedriver --format "table {{.ID}}\t{{.Name}}" ID Name From 8271c2a624ced6f8ff1599bb0c5ec8d7fd281330 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 15 Feb 2017 14:53:58 -0800 Subject: [PATCH 2373/2538] Add support for the "rollback" failure action Signed-off-by: Aaron Lehmann --- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index a27199215c..ba06b3f33e 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -62,7 +62,7 @@ Options: --stop-signal string Signal to stop the container -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) - --update-failure-action string Action on update failure ("pause"|"continue") (default "pause") + --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") --update-max-failure-ratio float Failure rate to tolerate during an update --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 160ed53120..6a6a589a5d 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -75,7 +75,7 @@ Options: --stop-signal string Signal to stop the container -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) - --update-failure-action string Action on update failure ("pause"|"continue") (default "pause") + --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") --update-max-failure-ratio float Failure rate to tolerate during an update --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) From 33ae7294566b44901ebeac6b13438942f445c7df Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 15 Feb 2017 16:04:30 -0800 Subject: [PATCH 2374/2538] Add support for rollback flags Signed-off-by: Aaron Lehmann --- docs/reference/commandline/service_create.md | 103 +++++++------ docs/reference/commandline/service_update.md | 149 +++++++++++-------- 2 files changed, 143 insertions(+), 109 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index ba06b3f33e..6f8fcb134a 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -21,54 +21,61 @@ Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] Create a new service Options: - --constraint list Placement constraints (default []) - --container-label list Container labels (default []) - --dns list Set custom DNS servers (default []) - --dns-option list Set DNS options (default []) - --dns-search list Set custom DNS search domains (default []) - --endpoint-mode string Endpoint mode ("vip"|"dnsrr") (default "vip") - -e, --env list Set environment variables (default []) - --env-file list Read in a file of environment variables (default []) - --group list Set one or more supplementary user groups for the container (default []) - --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) - --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) - --help Print usage - --host list Set one or more custom host-to-IP mappings (host:ip) (default []) - --hostname string Container hostname - -l, --label list Service labels (default []) - --limit-cpu decimal Limit CPUs (default 0.000) - --limit-memory bytes Limit Memory - --log-driver string Logging driver for service - --log-opt list Logging driver options (default []) - --mode string Service mode (replicated or global) (default "replicated") - --mount mount Attach a filesystem mount to the service - --name string Service name - --network list Network attachments (default []) - --no-healthcheck Disable any container-specified HEALTHCHECK - --placement-pref pref Add a placement preference - -p, --publish port Publish a port as a node port - --read-only Mount the container's root filesystem as read only - --replicas uint Number of tasks - --reserve-cpu decimal Reserve CPUs (default 0.000) - --reserve-memory bytes Reserve Memory - --restart-condition string Restart when condition is met ("none"|"on-failure"|"any") - --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) - --restart-max-attempts uint Maximum number of restarts before giving up - --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) - --secret secret Specify secrets to expose to the service - --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) - --stop-signal string Signal to stop the container - -t, --tty Allocate a pseudo-TTY - --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) - --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") - --update-max-failure-ratio float Failure rate to tolerate during an update - --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID (format: [:]) - --with-registry-auth Send registry authentication details to swarm agents - -w, --workdir string Working directory inside the container + --constraint list Placement constraints (default []) + --container-label list Container labels (default []) + --dns list Set custom DNS servers (default []) + --dns-option list Set DNS options (default []) + --dns-search list Set custom DNS search domains (default []) + --endpoint-mode string Endpoint mode ("vip"|"dnsrr") (default "vip") + -e, --env list Set environment variables (default []) + --env-file list Read in a file of environment variables (default []) + --group list Set one or more supplementary user groups for the container (default []) + --health-cmd string Command to run to check health + --health-interval duration Time between running the check (ns|us|ms|s|m|h) + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) + --help Print usage + --host list Set one or more custom host-to-IP mappings (host:ip) (default []) + --hostname string Container hostname + -l, --label list Service labels (default []) + --limit-cpu decimal Limit CPUs (default 0.000) + --limit-memory bytes Limit Memory + --log-driver string Logging driver for service + --log-opt list Logging driver options (default []) + --mode string Service mode (replicated or global) (default "replicated") + --mount mount Attach a filesystem mount to the service + --name string Service name + --network list Network attachments (default []) + --no-healthcheck Disable any container-specified HEALTHCHECK + --placement-pref pref Add a placement preference + -p, --publish port Publish a port as a node port + --read-only Mount the container's root filesystem as read only + --replicas uint Number of tasks + --reserve-cpu decimal Reserve CPUs (default 0.000) + --reserve-memory bytes Reserve Memory + --restart-condition string Restart when condition is met ("none"|"on-failure"|"any") + --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) + --restart-max-attempts uint Maximum number of restarts before giving up + --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) + --rollback-delay duration Delay between task rollbacks (ns|us|ms|s|m|h) (default 0s) + --rollback-failure-action string Action on rollback failure ("pause"|"continue") (default "pause") + --rollback-max-failure-ratio float Failure rate to tolerate during a rollback + --rollback-monitor duration Duration after each task rollback to monitor for failure + (ns|us|ms|s|m|h) (default 0s) + --rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll + back all at once) (default 1) + --secret secret Specify secrets to expose to the service + --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) + --stop-signal string Signal to stop the container + -t, --tty Allocate a pseudo-TTY + --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) + --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") + --update-max-failure-ratio float Failure rate to tolerate during an update + --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) + -u, --user string Username or UID (format: [:]) + --with-registry-auth Send registry authentication details to swarm agents + -w, --workdir string Working directory inside the container ``` ## Description diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 6a6a589a5d..1f418a250a 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -21,67 +21,74 @@ Usage: docker service update [OPTIONS] SERVICE Update a service Options: - --args string Service command args - --constraint-add list Add or update a placement constraint (default []) - --constraint-rm list Remove a constraint (default []) - --container-label-add list Add or update a container label (default []) - --container-label-rm list Remove a container label by its key (default []) - --dns-add list Add or update a custom DNS server (default []) - --dns-option-add list Add or update a DNS option (default []) - --dns-option-rm list Remove a DNS option (default []) - --dns-rm list Remove a custom DNS server (default []) - --dns-search-add list Add or update a custom DNS search domain (default []) - --dns-search-rm list Remove a DNS search domain (default []) - --endpoint-mode string Endpoint mode ("vip"|"dnsrr") (default "vip") - --env-add list Add or update an environment variable (default []) - --env-rm list Remove an environment variable (default []) - --force Force update even if no changes require it - --group-add list Add an additional supplementary user group to the container (default []) - --group-rm list Remove a previously added supplementary user group from the container (default []) - --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) - --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) - --help Print usage - --host-add list Add or update a custom host-to-IP mapping (host:ip) (default []) - --host-rm list Remove a custom host-to-IP mapping (host:ip) (default []) - --hostname string Container hostname - --image string Service image tag - --label-add list Add or update a service label (default []) - --label-rm list Remove a label by its key (default []) - --limit-cpu decimal Limit CPUs (default 0.000) - --limit-memory bytes Limit Memory - --log-driver string Logging driver for service - --log-opt list Logging driver options (default []) - --mount-add mount Add or update a mount on a service - --mount-rm list Remove a mount by its target path (default []) - --no-healthcheck Disable any container-specified HEALTHCHECK - --placement-pref-add pref Add a placement preference - --placement-pref-rm pref Remove a placement preference - --publish-add port Add or update a published port - --publish-rm port Remove a published port by its target port - --read-only Mount the container's root filesystem as read only - --replicas uint Number of tasks - --reserve-cpu decimal Reserve CPUs (default 0.000) - --reserve-memory bytes Reserve Memory - --restart-condition string Restart when condition is met ("none"|"on-failure"|"any") - --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) - --restart-max-attempts uint Maximum number of restarts before giving up - --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) - --rollback Rollback to previous specification - --secret-add secret Add or update a secret on a service - --secret-rm list Remove a secret (default []) - --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) - --stop-signal string Signal to stop the container - -t, --tty Allocate a pseudo-TTY - --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) - --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") - --update-max-failure-ratio float Failure rate to tolerate during an update - --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) - --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) - -u, --user string Username or UID (format: [:]) - --with-registry-auth Send registry authentication details to swarm agents - -w, --workdir string Working directory inside the container + --args string Service command args + --constraint-add list Add or update a placement constraint (default []) + --constraint-rm list Remove a constraint (default []) + --container-label-add list Add or update a container label (default []) + --container-label-rm list Remove a container label by its key (default []) + --dns-add list Add or update a custom DNS server (default []) + --dns-option-add list Add or update a DNS option (default []) + --dns-option-rm list Remove a DNS option (default []) + --dns-rm list Remove a custom DNS server (default []) + --dns-search-add list Add or update a custom DNS search domain (default []) + --dns-search-rm list Remove a DNS search domain (default []) + --endpoint-mode string Endpoint mode ("vip"|"dnsrr") (default "vip") + --env-add list Add or update an environment variable (default []) + --env-rm list Remove an environment variable (default []) + --force Force update even if no changes require it + --group-add list Add an additional supplementary user group to the container (default []) + --group-rm list Remove a previously added supplementary user group from the container (default []) + --health-cmd string Command to run to check health + --health-interval duration Time between running the check (ns|us|ms|s|m|h) + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) + --help Print usage + --host-add list Add or update a custom host-to-IP mapping (host:ip) (default []) + --host-rm list Remove a custom host-to-IP mapping (host:ip) (default []) + --hostname string Container hostname + --image string Service image tag + --label-add list Add or update a service label (default []) + --label-rm list Remove a label by its key (default []) + --limit-cpu decimal Limit CPUs (default 0.000) + --limit-memory bytes Limit Memory + --log-driver string Logging driver for service + --log-opt list Logging driver options (default []) + --mount-add mount Add or update a mount on a service + --mount-rm list Remove a mount by its target path (default []) + --no-healthcheck Disable any container-specified HEALTHCHECK + --placement-pref-add pref Add a placement preference + --placement-pref-rm pref Remove a placement preference + --publish-add port Add or update a published port + --publish-rm port Remove a published port by its target port + --read-only Mount the container's root filesystem as read only + --replicas uint Number of tasks + --reserve-cpu decimal Reserve CPUs (default 0.000) + --reserve-memory bytes Reserve Memory + --restart-condition string Restart when condition is met ("none"|"on-failure"|"any") + --restart-delay duration Delay between restart attempts (ns|us|ms|s|m|h) + --restart-max-attempts uint Maximum number of restarts before giving up + --restart-window duration Window used to evaluate the restart policy (ns|us|ms|s|m|h) + --rollback Rollback to previous specification + --rollback-delay duration Delay between task rollbacks (ns|us|ms|s|m|h) (default 0s) + --rollback-failure-action string Action on rollback failure ("pause"|"continue") (default "pause") + --rollback-max-failure-ratio float Failure rate to tolerate during a rollback + --rollback-monitor duration Duration after each task rollback to monitor for failure + (ns|us|ms|s|m|h) (default 0s) + --rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll + back all at once) (default 1) + --secret-add secret Add or update a secret on a service + --secret-rm list Remove a secret (default []) + --stop-grace-period duration Time to wait before force killing a container (ns|us|ms|s|m|h) + --stop-signal string Signal to stop the container + -t, --tty Allocate a pseudo-TTY + --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) + --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") + --update-max-failure-ratio float Failure rate to tolerate during an update + --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) + --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) + -u, --user string Username or UID (format: [:]) + --with-registry-auth Send registry authentication details to swarm agents + -w, --workdir string Working directory inside the container ``` ## Description @@ -202,6 +209,26 @@ web ``` +Services can also be set up to roll back to the previous version automatically +when an update fails. To set up a service for automatic rollback, use +`--update-failure-action=rollback`. A rollback will be triggered if the fraction +of the tasks which failed to update successfully exceeds the value given with +`--update-max-failure-ratio`. + +The rate, parallelism, and other parameters of a rollback operation are +determined by the values passed with the following flags: + +- `--rollback-delay` +- `--rollback-failure-action` +- `--rollback-max-failure-ratio` +- `--rollback-monitor` +- `--rollback-parallelism` + +For example, a service set up with `--update-parallelism 1 --rollback-parallelism 3` +will update one task at a time during a normal update, but during a rollback, 3 +tasks at a time will get rolled back. These rollback parameters are respected both +during automatic rollbacks and for rollbacks initiated manually using `--rollback`. + ### Add or remove secrets Use the `--secret-add` or `--secret-rm` options add or remove a service's From 0ada299b10c4f9e829d6a64a600faa0b3f6c9f68 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 5 Mar 2017 10:36:10 -0800 Subject: [PATCH 2375/2538] Add bash completion for `service create|update --rollback-*` Also remove wrong completion for `docker service create --rollback` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 80a0800b60..ac6019dc52 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2987,7 +2987,11 @@ _docker_service_update_and_create() { --restart-delay --restart-max-attempts --restart-window - --rollback + --rollback-delay + --rollback-failure-action + --rollback-max-failure-ratio + --rollback-monitor + --rollback-parallelism --stop-grace-period --update-delay --update-failure-action @@ -3067,6 +3071,7 @@ _docker_service_update_and_create() { --image --publish-add --publish-rm + --rollback --secret-add --secret-rm " @@ -3122,6 +3127,10 @@ _docker_service_update_and_create() { COMPREPLY=( $( compgen -W "any none on-failure" -- "$cur" ) ) return ;; + --rollback-failure-action) + COMPREPLY=( $( compgen -W "continue pause" -- "$cur" ) ) + return + ;; --user|-u) __docker_complete_user_group return From 0f47a7b1effd34f8a5017e1f8635a14babbfb66d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 5 Mar 2017 10:42:44 -0800 Subject: [PATCH 2376/2538] Improve bash completion for `service create|update --update-failure-action` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index ac6019dc52..c165c6c7ec 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3131,6 +3131,10 @@ _docker_service_update_and_create() { COMPREPLY=( $( compgen -W "continue pause" -- "$cur" ) ) return ;; + --update-failure-action) + COMPREPLY=( $( compgen -W "continue pause rollback" -- "$cur" ) ) + return + ;; --user|-u) __docker_complete_user_group return From 77cdc06233cf56d1e4589ffa8ae7d1f101d0b698 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 20 Feb 2017 18:19:57 +0100 Subject: [PATCH 2377/2538] Add support for command aliases to bash completion of `docker volume` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c165c6c7ec..f871dbb3b8 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -4244,6 +4244,10 @@ _docker_volume_inspect() { esac } +_docker_volume_list() { + _docker_volume_ls +} + _docker_volume_ls() { local key=$(__docker_map_key_of_current_option '--filter|-f') case "$key" in @@ -4287,6 +4291,10 @@ _docker_volume_prune() { esac } +_docker_volume_remove() { + _docker_volume_rm +} + _docker_volume_rm() { case "$cur" in -*) @@ -4306,7 +4314,11 @@ _docker_volume() { prune rm " - __docker_subcommands "$subcommands" && return + local aliases=" + list + remove + " + __docker_subcommands "$subcommands $aliases" && return case "$cur" in -*) From 39b2f9dd8f7d1d07937e7df59bba40c7113effdc Mon Sep 17 00:00:00 2001 From: Boris Pruessmann Date: Mon, 20 Feb 2017 19:24:24 +0100 Subject: [PATCH 2378/2538] Improved aarch64 build - Added 'golint', 'yamllint', and 'swagger' - Fixed man/Dockerfile.aarch64 by bootstrapping Go 1.7.5 Signed-off-by: Boris Pruessmann --- man/Dockerfile.aarch64 | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/man/Dockerfile.aarch64 b/man/Dockerfile.aarch64 index e788eb1c1d..3edcb56725 100644 --- a/man/Dockerfile.aarch64 +++ b/man/Dockerfile.aarch64 @@ -1,6 +1,25 @@ FROM aarch64/ubuntu:xenial -RUN apt-get update && apt-get install -y git golang-go +# allow replacing httpredir or deb mirror +ARG APT_MIRROR=deb.debian.org +RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list + +RUN apt-get update && apt-get install -y \ + git \ + bash \ + curl \ + gcc \ + gccgo \ + make + +ENV GO_VERSION 1.7.5 +ENV GOARCH arm64 +ENV PATH /go/bin:/usr/src/go/bin:$PATH + +RUN mkdir /usr/src/go && \ + curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 && \ + cd /usr/src/go/src && \ + GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash RUN mkdir -p /go/src /go/bin /go/pkg ENV GOPATH=/go From 6f4f45a134f3f9192bc7f2f86f9c88bcc703cb63 Mon Sep 17 00:00:00 2001 From: Boris Pruessmann Date: Wed, 1 Mar 2017 20:27:53 +0100 Subject: [PATCH 2379/2538] Incorporated feedback from review Signed-off-by: Boris Pruessmann --- man/Dockerfile.aarch64 | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/man/Dockerfile.aarch64 b/man/Dockerfile.aarch64 index 3edcb56725..8553d1f763 100644 --- a/man/Dockerfile.aarch64 +++ b/man/Dockerfile.aarch64 @@ -1,16 +1,6 @@ FROM aarch64/ubuntu:xenial -# allow replacing httpredir or deb mirror -ARG APT_MIRROR=deb.debian.org -RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list - -RUN apt-get update && apt-get install -y \ - git \ - bash \ - curl \ - gcc \ - gccgo \ - make +RUN apt-get update && apt-get install -y git golang-go curl ENV GO_VERSION 1.7.5 ENV GOARCH arm64 From 01468292d64e09da706d91d65ee66529627544a4 Mon Sep 17 00:00:00 2001 From: Keith Hudgins Date: Mon, 30 Jan 2017 11:13:51 -0800 Subject: [PATCH 2380/2538] added listing for Nimble Storage's volume plugin Signed-off-by: Keith Hudgins updated nimble plugin url --- docs/extend/legacy_plugins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index 0de2ad0633..b7c9709790 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -76,6 +76,7 @@ Plugin [Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. [NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future. [Netshare plugin](https://github.com/ContainX/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. +[Nimble Storage Volume Plugin](https://connect.nimblestorage.com/community/app-integration/docker)| A volume plug-in that integrates with Nimble Storage Unified Flash Fabric arrays. The plug-in abstracts array volume capabilities to the Docker administrator to allow self-provisioning of secure multi-tenant volumes and clones. [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. [Portworx Volume Plugin](https://github.com/portworx/px-dev) | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler. [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. From 2fcb361c55352ca0203d28394d64135fcdaa2ddc Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 9 Mar 2017 09:28:19 +0100 Subject: [PATCH 2381/2538] Fix description of `docker run|create --stop-signal` in help message Signed-off-by: Harald Albers --- docs/reference/commandline/create.md | 2 +- docs/reference/commandline/run.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 3540f6789c..756b2b4099 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -111,7 +111,7 @@ Options: The format is ``. `number` must be greater than `0`. Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. - --stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM") + --stop-signal string Signal to stop a container (default "SIGTERM") --stop-timeout=10 Timeout (in seconds) to stop a container --storage-opt value Storage driver options for the container (default []) --sysctl value Sysctl options (default map[]) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 66a16f3986..a74dc77999 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -122,7 +122,7 @@ Options: Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you omit the unit, the system uses bytes. --sig-proxy Proxy received signals to the process (default true) - --stop-signal string Signal to stop a container, SIGTERM by default (default "SIGTERM") + --stop-signal string Signal to stop a container (default "SIGTERM") --stop-timeout=10 Timeout (in seconds) to stop a container --storage-opt value Storage driver options for the container (default []) --sysctl value Sysctl options (default map[]) From dd34522fa85a2d18cad6b04561014bc09ea4d326 Mon Sep 17 00:00:00 2001 From: kevinfeyrer Date: Sun, 26 Feb 2017 23:37:59 +0000 Subject: [PATCH 2382/2538] Update vlan-networks.md Some small changes to get the examples so that they run without error for me. Improve consistency of presentation of the examples. Fix some typos Signed-off-by: kevinfeyrer Update vlan-networks.md Restore "ip" accidentally removed Signed-off-by: kevinfeyrer Update vlan-networks.md Change prompt from container "$$" to host "$" Signed-off-by: kevinfeyrer Update vlan-networks.md Some changes suggested by cpuguy83 and thaJeztah Signed-off-by: kevinfeyrer --- experimental/vlan-networks.md | 148 +++++++++++++++++----------------- 1 file changed, 76 insertions(+), 72 deletions(-) diff --git a/experimental/vlan-networks.md b/experimental/vlan-networks.md index babb2ca6da..13eb5981d1 100644 --- a/experimental/vlan-networks.md +++ b/experimental/vlan-networks.md @@ -6,7 +6,7 @@ The Ipvlan driver is currently in experimental mode in order to incubate Docker Ipvlan is a new twist on the tried and true network virtualization technique. The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network. -Ipvlan offers a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having less moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a very simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no port mappings in these scenarios. +Ipvlan offers a number of unique features and plenty of room for further innovations with the various modes. Two high level advantages of these approaches are, the positive performance implications of bypassing the Linux bridge and the simplicity of having fewer moving parts. Removing the bridge that traditionally resides in between the Docker host NIC and container interface leaves a simple setup consisting of container interfaces, attached directly to the Docker host interface. This result is easy access for external facing services as there is no need for port mappings in these scenarios. ### Pre-Requisites @@ -21,14 +21,14 @@ Ipvlan offers a number of unique features and plenty of room for further innovat ### Ipvlan L2 Mode Example Usage -The ipvlan `L2` mode example is like the following image. The driver is specified with `-d driver_name` option. In this case `-d ipvlan`. +An example of the ipvlan `L2` mode topology is shown in the following image. The driver is specified with `-d driver_name` option. In this case `-d ipvlan`. ![Simple Ipvlan L2 Mode Example](images/ipvlan_l2_simple.png) The parent interface in the next example `-o parent=eth0` is configured as followed: ``` -ip addr show eth0 +$ ip addr show eth0 3: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0 ``` @@ -39,14 +39,14 @@ Create the ipvlan network and run a container attaching to it: ``` # Ipvlan (-o ipvlan_mode= Defaults to L2 mode if not specified) -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.1.0/24 \ --gateway=192.168.1.1 \ -o ipvlan_mode=l2 \ -o parent=eth0 db_net # Start a container on the db_net network -docker run --net=db_net -it --rm alpine /bin/sh +$ docker run --net=db_net -it --rm alpine /bin/sh # NOTE: the containers can NOT ping the underlying host interfaces as # they are intentionally filtered by Linux for additional isolation. @@ -62,47 +62,47 @@ The following will create the exact same network as the network `db_net` created ``` # Ipvlan (-o ipvlan_mode= Defaults to L2 mode if not specified) -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.1.0/24 \ -o parent=eth0 db_net_ipv # Start a container with an explicit name in daemon mode -docker run --net=db_net_ipv --name=ipv1 -itd alpine /bin/sh +$ docker run --net=db_net_ipv --name=ipv1 -itd alpine /bin/sh # Start a second container and ping using the container name # to see the docker included name resolution functionality -docker run --net=db_net_ipv --name=ipv2 -it --rm alpine /bin/sh -ping -c 4 ipv1 +$ docker run --net=db_net_ipv --name=ipv2 -it --rm alpine /bin/sh +$ ping -c 4 ipv1 # NOTE: the containers can NOT ping the underlying host interfaces as # they are intentionally filtered by Linux for additional isolation. ``` -The drivers also support the `--internal` flag that will completely isolate containers on a network from any communications external to that network. Since network isolation is tightly coupled to the network's parent interface the result of leaving the `-o parent=` option off of a network create is the exact same as the `--internal` option. If the parent interface is not specified or the `--internal` flag is used, a netlink type `dummy` parent interface is created for the user and used as the parent interface effectively isolating the network completely. +The drivers also support the `--internal` flag that will completely isolate containers on a network from any communications external to that network. Since network isolation is tightly coupled to the network's parent interface the result of leaving the `-o parent=` option off of a `docker network create` is the exact same as the `--internal` option. If the parent interface is not specified or the `--internal` flag is used, a netlink type `dummy` parent interface is created for the user and used as the parent interface effectively isolating the network completely. The following two `docker network create` examples result in identical networks that you can attach container to: ``` # Empty '-o parent=' creates an isolated network -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.10.0/24 isolated1 # Explicit '--internal' flag is the same: -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.11.0/24 --internal isolated2 # Even the '--subnet=' can be left empty and the default # IPAM subnet of 172.18.0.0/16 will be assigned -docker network create -d ipvlan isolated3 +$ docker network create -d ipvlan isolated3 -docker run --net=isolated1 --name=cid1 -it --rm alpine /bin/sh -docker run --net=isolated2 --name=cid2 -it --rm alpine /bin/sh -docker run --net=isolated3 --name=cid3 -it --rm alpine /bin/sh +$ docker run --net=isolated1 --name=cid1 -it --rm alpine /bin/sh +$ docker run --net=isolated2 --name=cid2 -it --rm alpine /bin/sh +$ docker run --net=isolated3 --name=cid3 -it --rm alpine /bin/sh # To attach to any use `docker exec` and start a shell -docker exec -it cid1 /bin/sh -docker exec -it cid2 /bin/sh -docker exec -it cid3 /bin/sh +$ docker exec -it cid1 /bin/sh +$ docker exec -it cid2 /bin/sh +$ docker exec -it cid3 /bin/sh ``` ### Ipvlan 802.1q Trunk L2 Mode Example Usage @@ -119,7 +119,7 @@ For the driver to add/delete the vlan sub-interfaces the format needs to be `int The option to use either existing parent vlan sub-interfaces or let Docker manage them enables the user to either completely manage the Linux interfaces and networking or let Docker create and delete the Vlan parent sub-interfaces (netlink `ip link`) with no effort from the user. -For example: `eth0.10` to denote a sub-interface of `eth0` tagged with vlan id `10`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.10 type vlan id 10`. +For example: use `eth0.10` to denote a sub-interface of `eth0` tagged with the vlan id of `10`. The equivalent `ip link` command would be `ip link add link eth0 name eth0.10 type vlan id 10`. The example creates the vlan tagged networks and then start two containers to test connectivity between containers. Different Vlans cannot ping one another without a router routing between the two networks. The default namespace is not reachable per ipvlan design in order to isolate container namespaces from the underlying host. @@ -129,14 +129,14 @@ In the first network tagged and isolated by the Docker host, `eth0.20` is the pa ``` # now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.20.0/24 \ --gateway=192.168.20.1 \ -o parent=eth0.20 ipvlan20 # in two separate terminals, start a Docker container and the containers can now ping one another. -docker run --net=ipvlan20 -it --name ivlan_test1 --rm alpine /bin/sh -docker run --net=ipvlan20 -it --name ivlan_test2 --rm alpine /bin/sh +$ docker run --net=ipvlan20 -it --name ivlan_test1 --rm alpine /bin/sh +$ docker run --net=ipvlan20 -it --name ivlan_test2 --rm alpine /bin/sh ``` **Vlan ID 30** @@ -145,21 +145,21 @@ In the second network, tagged and isolated by the Docker host, `eth0.30` is the ``` # now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged. -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.30.0/24 \ --gateway=192.168.30.1 \ -o parent=eth0.30 \ -o ipvlan_mode=l2 ipvlan30 # in two separate terminals, start a Docker container and the containers can now ping one another. -docker run --net=ipvlan30 -it --name ivlan_test3 --rm alpine /bin/sh -docker run --net=ipvlan30 -it --name ivlan_test4 --rm alpine /bin/sh +$ docker run --net=ipvlan30 -it --name ivlan_test3 --rm alpine /bin/sh +$ docker run --net=ipvlan30 -it --name ivlan_test4 --rm alpine /bin/sh ``` The gateway is set inside of the container as the default gateway. That gateway would typically be an external router on the network. ``` -$ ip route +$$ ip route default via 192.168.30.1 dev eth0 192.168.30.0/24 dev eth0 src 192.168.30.2 ``` @@ -169,14 +169,14 @@ Example: Multi-Subnet Ipvlan L2 Mode starting two containers on the same subnet Secondary addresses on network routers are common as an address space becomes exhausted to add another secondary to an L3 vlan interface or commonly referred to as a "switched virtual interface" (SVI). ``` -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.114.0/24 --subnet=192.168.116.0/24 \ --gateway=192.168.114.254 --gateway=192.168.116.254 \ -o parent=eth0.114 \ -o ipvlan_mode=l2 ipvlan114 -docker run --net=ipvlan114 --ip=192.168.114.10 -it --rm alpine /bin/sh -docker run --net=ipvlan114 --ip=192.168.114.11 -it --rm alpine /bin/sh +$ docker run --net=ipvlan114 --ip=192.168.114.10 -it --rm alpine /bin/sh +$ docker run --net=ipvlan114 --ip=192.168.114.11 -it --rm alpine /bin/sh ``` A key takeaway is, operators have the ability to map their physical network into their virtual network for integrating containers into their environment with no operational overhauls required. NetOps simply drops an 802.1q trunk into the Docker host. That virtual link would be the `-o parent=` passed in the network creation. For untagged (non-VLAN) links, it is as simple as `-o parent=eth0` or for 802.1q trunks with VLAN IDs each network gets mapped to the corresponding VLAN/Subnet from the network. @@ -210,13 +210,13 @@ Ipvlan L3 mode drops all broadcast and multicast traffic. This reason alone make - Unlike ipvlan l2 modes, different subnets/networks can ping one another as long as they share the same parent interface `-o parent=`. ``` -ip a show eth0 +$$ ip a show eth0 3: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:39:45:2e brd ff:ff:ff:ff:ff:ff inet 192.168.1.250/24 brd 192.168.1.255 scope global eth0 ``` --A traditional gateway doesn't mean much to an L3 mode Ipvlan interface since there is no broadcast traffic allowed. Because of that, the container default gateway simply points to the containers `eth0` device. See below for CLI output of `ip route` or `ip -6 route` from inside an L3 container for details. +- A traditional gateway doesn't mean much to an L3 mode Ipvlan interface since there is no broadcast traffic allowed. Because of that, the container default gateway simply points to the containers `eth0` device. See below for CLI output of `ip route` or `ip -6 route` from inside an L3 container for details. The mode ` -o ipvlan_mode=l3` must be explicitly specified since the default ipvlan mode is `l2`. @@ -224,20 +224,20 @@ The following example does not specify a parent interface. The network drivers w ``` # Create the Ipvlan L3 network -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.214.0/24 \ --subnet=10.1.214.0/24 \ -o ipvlan_mode=l3 ipnet210 # Test 192.168.214.0/24 connectivity -docker run --net=ipnet210 --ip=192.168.214.10 -itd alpine /bin/sh -docker run --net=ipnet210 --ip=10.1.214.10 -itd alpine /bin/sh +$ docker run --net=ipnet210 --ip=192.168.214.10 -itd alpine /bin/sh +$ docker run --net=ipnet210 --ip=10.1.214.10 -itd alpine /bin/sh # Test L3 connectivity from 10.1.214.0/24 to 192.168.212.0/24 -docker run --net=ipnet210 --ip=192.168.214.9 -it --rm alpine ping -c 2 10.1.214.10 +$ docker run --net=ipnet210 --ip=192.168.214.9 -it --rm alpine ping -c 2 10.1.214.10 # Test L3 connectivity from 192.168.212.0/24 to 10.1.214.0/24 -docker run --net=ipnet210 --ip=10.1.214.9 -it --rm alpine ping -c 2 192.168.214.10 +$ docker run --net=ipnet210 --ip=10.1.214.9 -it --rm alpine ping -c 2 192.168.214.10 ``` @@ -245,9 +245,9 @@ Notice there is no `--gateway=` option in the network create. The field is ignor ``` # Inside an L3 mode container -$ ip route +$$ ip route default dev eth0 - 192.168.120.0/24 dev eth0 src 192.168.120.2 + 192.168.214.0/24 dev eth0 src 192.168.214.10 ``` In order to ping the containers from a remote Docker host or the container be able to ping a remote host, the remote host or the physical network in between need to have a route pointing to the host IP address of the container's Docker host eth interface. More on this as we evolve the Ipvlan `L3` story. @@ -260,19 +260,21 @@ In order to ping the containers from a remote Docker host or the container be ab ``` # Create a v6 network -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=2001:db8:abc2::/64 --gateway=2001:db8:abc2::22 \ -o parent=eth0.139 v6ipvlan139 # Start a container on the network -docker run --net=v6ipvlan139 -it --rm alpine /bin/sh +$ docker run --net=v6ipvlan139 -it --rm alpine /bin/sh ``` View the container eth0 interface and v6 routing table: ``` - eth0@if55: mtu 1500 qdisc noqueue state UNKNOWN group default +# Inside the IPv6 container +$$ ip a show eth0 +75: eth0@if55: mtu 1500 qdisc noqueue state UNKNOWN group default link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff inet 172.18.0.2/16 scope global eth0 valid_lft forever preferred_lft forever @@ -281,7 +283,7 @@ View the container eth0 interface and v6 routing table: inet6 2001:db8:abc2::1/64 scope link nodad valid_lft forever preferred_lft forever -root@5c1dc74b1daa:/# ip -6 route +$$ ip -6 route 2001:db8:abc4::/64 dev eth0 proto kernel metric 256 2001:db8:abc2::/64 dev eth0 proto kernel metric 256 default via 2001:db8:abc2::22 dev eth0 metric 1024 @@ -290,9 +292,11 @@ default via 2001:db8:abc2::22 dev eth0 metric 1024 Start a second container and ping the first container's v6 address. ``` +# Test L2 connectivity over IPv6 $ docker run --net=v6ipvlan139 -it --rm alpine /bin/sh -root@b817e42fcc54:/# ip a show eth0 +# Inside the second IPv6 container +$$ ip a show eth0 75: eth0@if55: mtu 1500 qdisc noqueue state UNKNOWN group default link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff inet 172.18.0.3/16 scope global eth0 @@ -302,7 +306,7 @@ root@b817e42fcc54:/# ip a show eth0 inet6 2001:db8:abc2::2/64 scope link nodad valid_lft forever preferred_lft forever -root@b817e42fcc54:/# ping6 2001:db8:abc2::1 +$$ ping6 2001:db8:abc2::1 PING 2001:db8:abc2::1 (2001:db8:abc2::1): 56 data bytes 64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=0 ttl=64 time=0.044 ms 64 bytes from 2001:db8:abc2::1%eth0: icmp_seq=1 ttl=64 time=0.058 ms @@ -316,7 +320,7 @@ The next example with setup a dual stack IPv4/IPv6 network with an example VLAN Next create a network with two IPv4 subnets and one IPv6 subnets, all of which have explicit gateways: ``` -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.140.0/24 --subnet=192.168.142.0/24 \ --gateway=192.168.140.1 --gateway=192.168.142.1 \ --subnet=2001:db8:abc9::/64 --gateway=2001:db8:abc9::22 \ @@ -327,9 +331,9 @@ docker network create -d ipvlan \ Start a container and view eth0 and both v4 & v6 routing tables: ``` -docker run --net=v6ipvlan139 --ip6=2001:db8:abc2::51 -it --rm alpine /bin/sh +$ docker run --net=ipvlan140 --ip6=2001:db8:abc2::51 -it --rm alpine /bin/sh -root@3cce0d3575f3:/# ip a show eth0 +$ ip a show eth0 78: eth0@if77: mtu 1500 qdisc noqueue state UNKNOWN group default link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff inet 192.168.140.2/24 scope global eth0 @@ -339,11 +343,11 @@ root@3cce0d3575f3:/# ip a show eth0 inet6 2001:db8:abc9::1/64 scope link nodad valid_lft forever preferred_lft forever -root@3cce0d3575f3:/# ip route +$$ ip route default via 192.168.140.1 dev eth0 192.168.140.0/24 dev eth0 proto kernel scope link src 192.168.140.2 -root@3cce0d3575f3:/# ip -6 route +$$ ip -6 route 2001:db8:abc4::/64 dev eth0 proto kernel metric 256 2001:db8:abc9::/64 dev eth0 proto kernel metric 256 default via 2001:db8:abc9::22 dev eth0 metric 1024 @@ -352,7 +356,7 @@ default via 2001:db8:abc9::22 dev eth0 metric 1024 Start a second container with a specific `--ip4` address and ping the first host using IPv4 packets: ``` -docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh +$ docker run --net=ipvlan140 --ip=192.168.140.10 -it --rm alpine /bin/sh ``` **Note**: Different subnets on the same parent interface in Ipvlan `L2` mode cannot ping one another. That requires a router to proxy-arp the requests with a secondary subnet. However, Ipvlan `L3` will route the unicast traffic between disparate subnets as long as they share the same `-o parent` parent link. @@ -368,7 +372,7 @@ The primary difference you will see is that L3 mode does not create a default ro ``` # Create an IPv6+IPv4 Dual Stack Ipvlan L3 network # Gateways for both v4 and v6 are set to a dev e.g. 'default dev eth0' -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.110.0/24 \ --subnet=192.168.112.0/24 \ --subnet=2001:db8:abc6::/64 \ @@ -378,19 +382,19 @@ docker network create -d ipvlan \ # Start a few of containers on the network (ipnet110) # in separate terminals and check connectivity -docker run --net=ipnet110 -it --rm alpine /bin/sh +$ docker run --net=ipnet110 -it --rm alpine /bin/sh # Start a second container specifying the v6 address -docker run --net=ipnet110 --ip6=2001:db8:abc6::10 -it --rm alpine /bin/sh +$ docker run --net=ipnet110 --ip6=2001:db8:abc6::10 -it --rm alpine /bin/sh # Start a third specifying the IPv4 address -docker run --net=ipnet110 --ip=192.168.112.50 -it --rm alpine /bin/sh +$ docker run --net=ipnet110 --ip=192.168.112.30 -it --rm alpine /bin/sh # Start a 4th specifying both the IPv4 and IPv6 addresses -docker run --net=ipnet110 --ip6=2001:db8:abc6::50 --ip=192.168.112.50 -it --rm alpine /bin/sh +$ docker run --net=ipnet110 --ip6=2001:db8:abc6::50 --ip=192.168.112.50 -it --rm alpine /bin/sh ``` Interface and routing table outputs are as follows: ``` -root@3a368b2a982e:/# ip a show eth0 +$$ ip a show eth0 63: eth0@if59: mtu 1500 qdisc noqueue state UNKNOWN group default link/ether 00:50:56:2b:29:40 brd ff:ff:ff:ff:ff:ff inet 192.168.112.2/24 scope global eth0 @@ -401,11 +405,11 @@ root@3a368b2a982e:/# ip a show eth0 valid_lft forever preferred_lft forever # Note the default route is simply the eth device because ARPs are filtered. -root@3a368b2a982e:/# ip route +$$ ip route default dev eth0 scope link 192.168.112.0/24 dev eth0 proto kernel scope link src 192.168.112.2 -root@3a368b2a982e:/# ip -6 route +$$ ip -6 route 2001:db8:abc4::/64 dev eth0 proto kernel metric 256 2001:db8:abc6::/64 dev eth0 proto kernel metric 256 default dev eth0 metric 1024 @@ -421,51 +425,51 @@ docker: Error response from daemon: Address already in use. **Vlan ID 40** -If a user does not want the driver to create the vlan sub-interface it simply needs to exist prior to the `docker network create`. If you have sub-interface naming that is not `interface.vlan_id` it is honored in the `-o parent=` option again as long as the interface exists and us up. +If a user does not want the driver to create the vlan sub-interface it simply needs to exist prior to the `docker network create`. If you have sub-interface naming that is not `interface.vlan_id` it is honored in the `-o parent=` option again as long as the interface exists and is up. -Links if manually created can be named anything you want. As long as the exist when the network is created that is all that matters. Manually created links do not get deleted regardless of the name when the network is deleted with `docker network rm`. +Links, when manually created, can be named anything as long as they exist when the network is created. Manually created links do not get deleted regardless of the name when the network is deleted with `docker network rm`. ``` # create a new sub-interface tied to dot1q vlan 40 -ip link add link eth0 name eth0.40 type vlan id 40 +$ ip link add link eth0 name eth0.40 type vlan id 40 # enable the new sub-interface -ip link set eth0.40 up +$ ip link set eth0.40 up # now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.40.0/24 \ --gateway=192.168.40.1 \ -o parent=eth0.40 ipvlan40 # in two separate terminals, start a Docker container and the containers can now ping one another. -docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh -docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh +$ docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh +$ docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh ``` **Example:** Vlan sub-interface manually created with any name: ``` # create a new sub interface tied to dot1q vlan 40 -ip link add link eth0 name foo type vlan id 40 +$ ip link add link eth0 name foo type vlan id 40 # enable the new sub-interface -ip link set foo up +$ ip link set foo up # now add networks and hosts as you would normally by attaching to the master (sub)interface that is tagged -docker network create -d ipvlan \ +$ docker network create -d ipvlan \ --subnet=192.168.40.0/24 --gateway=192.168.40.1 \ -o parent=foo ipvlan40 # in two separate terminals, start a Docker container and the containers can now ping one another. -docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh -docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh +$ docker run --net=ipvlan40 -it --name ivlan_test5 --rm alpine /bin/sh +$ docker run --net=ipvlan40 -it --name ivlan_test6 --rm alpine /bin/sh ``` Manually created links can be cleaned up with: ``` -ip link del foo +$ ip link del foo ``` As with all of the Libnetwork drivers, they can be mixed and matched, even as far as running 3rd party ecosystem drivers in parallel for maximum flexibility to the Docker user. From beacad8f6c57299589c12a89ff2d26887a48fa15 Mon Sep 17 00:00:00 2001 From: John Laswell Date: Thu, 9 Mar 2017 13:04:51 -0500 Subject: [PATCH 2383/2538] Fix typo in run.md documentation Signed-off-by: John Laswell --- docs/reference/commandline/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index a74dc77999..09d7d21c49 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -145,7 +145,7 @@ Options: -w, --workdir string Working directory inside the container ``` -## Descriptino +## Description The `docker run` command first `creates` a writeable container layer over the specified image, and then `starts` it using the specified command. That is, From f6f45c14ec5f15010edff9c31519eb95c08447d6 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 9 Mar 2017 09:01:02 +0100 Subject: [PATCH 2384/2538] Add bash completion for `service create|update --stop-signal` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index f871dbb3b8..fc22fa31cf 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2993,6 +2993,7 @@ _docker_service_update_and_create() { --rollback-monitor --rollback-parallelism --stop-grace-period + --stop-signal --update-delay --update-failure-action --update-max-failure-ratio @@ -3131,6 +3132,10 @@ _docker_service_update_and_create() { COMPREPLY=( $( compgen -W "continue pause" -- "$cur" ) ) return ;; + --stop-signal) + __docker_complete_signals + return + ;; --update-failure-action) COMPREPLY=( $( compgen -W "continue pause rollback" -- "$cur" ) ) return From fa5297b85347ec9f08d2adbe5c8e41d913d99eca Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 9 Mar 2017 09:06:35 +0100 Subject: [PATCH 2385/2538] Improve bash completion for `create|run --stop-signal` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index fc22fa31cf..c2befb9128 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1704,6 +1704,10 @@ _docker_container_run_and_create() { fi return ;; + --stop-signal) + __docker_complete_signals + return + ;; --storage-opt) COMPREPLY=( $( compgen -W "size" -S = -- "$cur") ) __docker_nospace From 558b8923ab0a63e6ed0a9489ab375d53ac7b182d Mon Sep 17 00:00:00 2001 From: Remy Suen Date: Fri, 10 Mar 2017 07:11:30 +0900 Subject: [PATCH 2386/2538] Fix directive example to match description The description claims the directive is appearing after a comment but the sample Dockerfile has the directive appear after an instruction. Changed the ordering of the lines to match the example's description. Signed-off-by: Remy Suen --- docs/reference/builder.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 8c39b512c8..75c7e0c0c1 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -199,8 +199,8 @@ directive: ```Dockerfile # About my dockerfile -FROM ImageName # directive=value +FROM ImageName ``` The unknown directive is treated as a comment due to not being recognized. In From 380be7f725cade4a108c360566f6a4cb289fdfd2 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 13 Mar 2017 16:50:08 +0100 Subject: [PATCH 2387/2538] Fix bash completion for service constraints - Remove bash completion for `service update --constraint` - Add bash completion for `service update --constraint-{add,rm}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c2befb9128..642426ccfb 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2967,7 +2967,6 @@ _docker_service_update_and_create() { local $subcommand="${words[$subcommand_pos]}" local options_with_args=" - --constraint --endpoint-mode --env -e --force @@ -3018,6 +3017,7 @@ _docker_service_update_and_create() { if [ "$subcommand" = "create" ] ; then options_with_args="$options_with_args + --constraint --container-label --dns --dns-option @@ -3061,6 +3061,8 @@ _docker_service_update_and_create() { if [ "$subcommand" = "update" ] ; then options_with_args="$options_with_args --arg + --constraint-add + --constraint-rm --container-label-add --container-label-rm --dns-add From 1f531be8ab5c417816285500d12fd7e42aeca6b1 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Sun, 12 Mar 2017 12:01:06 -0700 Subject: [PATCH 2388/2538] Fix markdown in references for Kramdown Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/network_ls.md | 2 +- docs/reference/commandline/ps.md | 6 +- docs/reference/commandline/service_create.md | 237 ++++++++++++++++--- docs/reference/commandline/stack_services.md | 4 +- 4 files changed, 211 insertions(+), 38 deletions(-) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 7bd401ec3b..39dcd051d9 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -74,7 +74,7 @@ The currently supported filters are: * id (network's id) * label (`label=` or `label==`) * name (network's name) -* type (custom|builtin) +* type (`custom|builtin`) #### Driver diff --git a/docs/reference/commandline/ps.md b/docs/reference/commandline/ps.md index cf5798c7d6..51bab4834d 100644 --- a/docs/reference/commandline/ps.md +++ b/docs/reference/commandline/ps.md @@ -37,7 +37,7 @@ Options: - network=(|) - publish=([/]|/[]) - since=(|) - - status=(created|restarting|removing|running|paused|exited) + - status=(created|restarting|removing|running|paused|exited) - volume=(|) --format string Pretty-print containers using a Go template --help Print usage @@ -86,11 +86,11 @@ The currently supported filters are: * label (`label=` or `label==`) * name (container's name) * exited (int - the code of exited containers. Only useful with `--all`) -* status (created|restarting|running|removing|paused|exited|dead) +* status (`created|restarting|running|removing|paused|exited|dead`) * ancestor (`[:]`, `` or ``) - filters containers that were created from the given image or a descendant. * before (container's id or name) - filters containers created before given id or name * since (container's id or name) - filters containers created since given id or name -* isolation (default|process|hyperv) (Windows daemon only) +* isolation (`default|process|hyperv`) (Windows daemon only) * volume (volume name or mount point) - filters containers that mount volumes. * network (network id or name) - filters containers connected to the provided network * health (starting|healthy|unhealthy|none) - filters containers based on healthcheck status diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 6f8fcb134a..1b9921c1bf 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -259,12 +259,69 @@ For more information about named volumes, see The following table describes options which apply to both bind-mounts and named volumes in a service: -| Option | Required | Description -|:-----------------------------------------|:--------------------------|:----------------------------------------------------------------------------------------- -| **type** | | The type of mount, can be either `volume`, `bind`, or `tmpfs`. Defaults to `volume` if no type is specified.

  • `volume`: mounts a [managed volume](volume_create.md) into the container.
  • `bind`: bind-mounts a directory or file from the host into the container.
  • `tmpfs`: mount a tmpfs in the container
-| **src** or **source** | for `type=bind` only |
  • `type=volume`: `src` is an optional way to specify the name of the volume (for example, `src=my-volume`). If the named volume does not exist, it is automatically created. If no `src` is specified, the volume is assigned a random name which is guaranteed to be unique on the host, but may not be unique cluster-wide. A randomly-named volume has the same lifecycle as its container and is destroyed when the *container* is destroyed (which is upon `service update`, or when scaling or re-balancing the service).
  • `type=bind`: `src` is required, and specifies an absolute path to the file or directory to bind-mount (for example, `src=/path/on/host/`). An error is produced if the file or directory does not exist.
  • `type=tmpfs`: `src` is not supported.
-| **dst** or **destination** or **target** | yes | Mount path inside the container, for example `/some/path/in/container/`. If the path does not exist in the container's filesystem, the Engine creates a directory at the specified location before mounting the volume or bind-mount. -| **readonly** or **ro** | | The Engine mounts binds and volumes `read-write` unless `readonly` option is given when mounting the bind or volume.

  • `true` or `1` or no value: Mounts the bind or volume read-only.
  • `false` or `0`: Mounts the bind or volume read-write.
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
OptionRequiredDescription
types +

The type of mount, can be either volume, bind, or tmpfs. Defaults to volume if no type is specified. +

    +
  • volume: mounts a [managed volume](volume_create.md) into the container.
  • +
  • bind: bind-mounts a directory or file from the host into the container.
  • +
  • tmpfs: mount a tmpfs in the container
  • +

+
src or sourcefor type=bind only> +
    +
  • + type=volume: src is an optional way to specify the name of the volume (for example, src=my-volume). + If the named volume does not exist, it is automatically created. If no src is specified, the volume is + assigned a random name which is guaranteed to be unique on the host, but may not be unique cluster-wide. + A randomly-named volume has the same lifecycle as its container and is destroyed when the container + is destroyed (which is upon service update, or when scaling or re-balancing the service) +
  • +
  • + type=bind: src is required, and specifies an absolute path to the file or directory to bind-mount + (for example, src=/path/on/host/). An error is produced if the file or directory does not exist. +
  • +
  • + type=tmpfs: src is not supported. +
  • +
+

dst or destination or target

yes +

Mount path inside the container, for example /some/path/in/container/. + If the path does not exist in the container's filesystem, the Engine creates + a directory at the specified location before mounting the volume or bind-mount.

+

readonly or ro

+

The Engine mounts binds and volumes read-write unless readonly option + is given when mounting the bind or volume. +

    +
  • true or 1 or no value: Mounts the bind or volume read-only.
  • +
  • false or 0: Mounts the bind or volume read-write.
  • +

+
+ #### Bind Propagation @@ -304,22 +361,84 @@ For more information about bind propagation, see the [Linux kernel documentation for shared subtree](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt). #### Options for Named Volumes + The following options can only be used for named volumes (`type=volume`); -| Option | Description -|:----------------------|:-------------------------------------------------------------------------------------------------------------------- -| **volume-driver** | Name of the volume-driver plugin to use for the volume. Defaults to ``"local"``, to use the local volume driver to create the volume if the volume does not exist. -| **volume-label** | One or more custom metadata ("labels") to apply to the volume upon creation. For example, `volume-label=mylabel=hello-world,my-other-label=hello-mars`. For more information about labels, refer to [apply custom metadata](https://docs.docker.com/engine/userguide/labels-custom-metadata/). -| **volume-nocopy** | By default, if you attach an empty volume to a container, and files or directories already existed at the mount-path in the container (`dst`), the Engine copies those files and directories into the volume, allowing the host to access them. Set `volume-nocopy` to disables copying files from the container's filesystem to the volume and mount the empty volume.

A value is optional:
  • `true` or `1`: Default if you do not provide a value. Disables copying.
  • `false` or `0`: Enables copying.
-| **volume-opt** | Options specific to a given volume driver, which will be passed to the driver when creating the volume. Options are provided as a comma-separated list of key/value pairs, for example, `volume-opt=some-option=some-value,some-other-option=some-other-value`. For available options for a given driver, refer to that driver's documentation. + + + + + + + + + + + + + + + + + + + + + + +
OptionDescription
volume-driver +

Name of the volume-driver plugin to use for the volume. Defaults to + "local", to use the local volume driver to create the volume if the + volume does not exist.

+
volume-label + One or more custom metadata ("labels") to apply to the volume upon + creation. For example, + `volume-label=mylabel=hello-world,my-other-label=hello-mars`. For more + information about labels, refer to + apply custom metadata. +
volume-nocopy + By default, if you attach an empty volume to a container, and files or + directories already existed at the mount-path in the container (dst), + the Engine copies those files and directories into the volume, allowing + the host to access them. Set `volume-nocopy` to disables copying files + from the container's filesystem to the volume and mount the empty volume. + + A value is optional: + +
    +
  • true or 1: Default if you do not provide a value. Disables copying.
  • +
  • false or 0: Enables copying.
  • +
+
volume-opt + Options specific to a given volume driver, which will be passed to the + driver when creating the volume. Options are provided as a comma-separated + list of key/value pairs, for example, + volume-opt=some-option=some-value,some-other-option=some-other-value. + For available options for a given driver, refer to that driver's + documentation. +
+ #### Options for tmpfs + The following options can only be used for tmpfs mounts (`type=tmpfs`); -| Option | Description -|:----------------------|:-------------------------------------------------------------------------------------------------------------------- -| **tmpfs-size** | Size of the tmpfs mount in bytes. Unlimited by default in Linux. -| **tmpfs-mode** | File mode of the tmpfs in octal. (e.g. `"700"` or `"0700"`.) Defaults to ``"1777"`` in Linux. + + + + + + + + + + + + + + +
OptionDescription
tmpfs-sizeSize of the tmpfs mount in bytes. Unlimited by default in Linux.
tmpfs-modeFile mode of the tmpfs in octal. (e.g. "700" or "0700".) Defaults to "1777" in Linux.
+ #### Differences between "--mount" and "--volume" @@ -422,13 +541,40 @@ constraint expressions. Multiple constraints find nodes that satisfy every expression (AND match). Constraints can match node or Docker Engine labels as follows: -| node attribute | matches | example | -|:----------------|:--------------------------|:------------------------------------------------| -| node.id | node ID | `node.id == 2ivku8v2gvtg4` | -| node.hostname | node hostname | `node.hostname != node-2` | -| node.role | node role: manager | `node.role == manager` | -| node.labels | user defined node labels | `node.labels.security == high` | -| engine.labels | Docker Engine's labels | `engine.labels.operatingsystem == ubuntu 14.04` | + + + + + + + + + + + + + + + + + + + node.role + + + + + + + + + + + + + +
node attributematchesexample
node.idNode IDnode.id == 2ivku8v2gvtg4
node.hostnameNode hostnamenode.hostname != node-2
node role: managernode.role == manager
node.labelsuser defined node labelsnode.labels.security == high
engine.labelsDocker Engine's labelsengine.labels.operatingsystem == ubuntu 14.04
+ `engine.labels` apply to Docker Engine labels like operating system, drivers, etc. Swarm administrators add `node.labels` for operational purposes by @@ -611,15 +757,42 @@ The supported flags are the following : Valid placeholders for the Go template are listed below: -Placeholder | Description ------------------ | -------------------------------------------- -`.Service.ID` | Service ID -`.Service.Name` | Service name -`.Service.Labels` | Service labels -`.Node.ID` | Node ID -`.Task.ID` | Task ID -`.Task.Name` | Task name -`.Task.Slot` | Task slot + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
PlaceholderDescription
.Service.IDService ID
.Service.NameService name
.Service.LabelsService labels
.Node.IDNode ID
.Task.IDTask ID
.Task.NameTask name
.Task.SlotTask slot
+ #### Template example diff --git a/docs/reference/commandline/stack_services.md b/docs/reference/commandline/stack_services.md index 1b727799f6..b45047d409 100644 --- a/docs/reference/commandline/stack_services.md +++ b/docs/reference/commandline/stack_services.md @@ -28,12 +28,12 @@ Options: -q, --quiet Only display IDs ``` -### Description +## Description Lists the services that are running as part of the specified stack. This command has to be run targeting a manager node. -### Examples +## Examples The following command shows all services in the `myapp` stack: From 84ccb004865a66b432cc07ad4a13ab9c194898cd Mon Sep 17 00:00:00 2001 From: Santhosh Manohar Date: Thu, 9 Mar 2017 11:42:10 -0800 Subject: [PATCH 2389/2538] Enhance network inspect to show all tasks, local & non-local, in swarm mode Signed-off-by: Santhosh Manohar --- docs/reference/commandline/network_inspect.md | 97 ++++++++++++++++++- man/src/network/inspect.md | 93 ++++++++++++++++++ 2 files changed, 189 insertions(+), 1 deletion(-) diff --git a/docs/reference/commandline/network_inspect.md b/docs/reference/commandline/network_inspect.md index 2b4c423bbb..1a856ddcb1 100644 --- a/docs/reference/commandline/network_inspect.md +++ b/docs/reference/commandline/network_inspect.md @@ -48,7 +48,7 @@ The `network inspect` command shows the containers, by id, in its results. For networks backed by multi-host network driver, such as Overlay, this command also shows the container endpoints in other hosts in the cluster. These endpoints are represented as "ep-{endpoint-id}" in the output. -However, for swarm-scoped networks, only the endpoints that are local to the +However, for swarm mode networks, only the endpoints that are local to the node are shown. You can specify an alternate format to execute a given @@ -201,6 +201,101 @@ $ docker network inspect ingress ] ``` +### Using `verbose` option for `network inspect` + +`docker network inspect --verbose` for swarm mode overlay networks shows service-specific +details such as the service's VIP and port mappings. It also shows IPs of service tasks, +and the IPs of the nodes where the tasks are running. + +Following is an example output for a overlay network `ov1` that has one service `s1` +attached to. service `s1` in this case has three replicas. + +```bash +$ docker network inspect --verbose ov1 +[ + { + "Name": "ov1", + "Id": "ybmyjvao9vtzy3oorxbssj13b", + "Created": "2017-03-13T17:04:39.776106792Z", + "Scope": "swarm", + "Driver": "overlay", + "EnableIPv6": false, + "IPAM": { + "Driver": "default", + "Options": null, + "Config": [ + { + "Subnet": "10.0.0.0/24", + "Gateway": "10.0.0.1" + } + ] + }, + "Internal": false, + "Attachable": false, + "Containers": { + "020403bd88a15f60747fd25d1ad5fa1272eb740e8a97fc547d8ad07b2f721c5e": { + "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", + "EndpointID": "ad16946f416562d658f3bb30b9830d73ad91ccf6feae44411269cd0ff674714e", + "MacAddress": "02:42:0a:00:00:04", + "IPv4Address": "10.0.0.4/24", + "IPv6Address": "" + } + }, + "Options": { + "com.docker.network.driver.overlay.vxlanid_list": "4097" + }, + "Labels": {}, + "Peers": [ + { + "Name": "net-3-5d3cfd30a58c", + "IP": "192.168.33.13" + }, + { + "Name": "net-1-6ecbc0040a73", + "IP": "192.168.33.11" + }, + { + "Name": "net-2-fb80208efd75", + "IP": "192.168.33.12" + } + ], + "Services": { + "s1": { + "VIP": "10.0.0.2", + "Ports": [], + "LocalLBIndex": 257, + "Tasks": [ + { + "Name": "s1.2.q4hcq2aiiml25ubtrtg4q1txt", + "EndpointID": "040879b027e55fb658e8b60ae3b87c6cdac7d291e86a190a3b5ac6567b26511a", + "EndpointIP": "10.0.0.5", + "Info": { + "Host IP": "192.168.33.11" + } + }, + { + "Name": "s1.3.yawl4cgkp7imkfx469kn9j6lm", + "EndpointID": "106edff9f120efe44068b834e1cddb5b39dd4a3af70211378b2f7a9e562bbad8", + "EndpointIP": "10.0.0.3", + "Info": { + "Host IP": "192.168.33.12" + } + }, + { + "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", + "EndpointID": "ad16946f416562d658f3bb30b9830d73ad91ccf6feae44411269cd0ff674714e", + "EndpointIP": "10.0.0.4", + "Info": { + "Host IP": "192.168.33.13" + } + } + ] + } + } + } +] +``` + ## Related commands * [network disconnect ](network_disconnect.md) diff --git a/man/src/network/inspect.md b/man/src/network/inspect.md index 89fd0e167a..a61dfd8c10 100644 --- a/man/src/network/inspect.md +++ b/man/src/network/inspect.md @@ -86,3 +86,96 @@ $ docker network inspect simple-network } ] ``` + +`docker network inspect --verbose` for swarm mode overlay networks shows service-specific +details such as the service's VIP and port mappings. It also shows IPs of service tasks, +and the IPs of the nodes where the tasks are running. + +Following is an example output for a overlay network `ov1` that has one service `s1` +attached to. service `s1` in this case has three replicas. + +```bash +$ docker network inspect --verbose ov1 +[ + { + "Name": "ov1", + "Id": "ybmyjvao9vtzy3oorxbssj13b", + "Created": "2017-03-13T17:04:39.776106792Z", + "Scope": "swarm", + "Driver": "overlay", + "EnableIPv6": false, + "IPAM": { + "Driver": "default", + "Options": null, + "Config": [ + { + "Subnet": "10.0.0.0/24", + "Gateway": "10.0.0.1" + } + ] + }, + "Internal": false, + "Attachable": false, + "Containers": { + "020403bd88a15f60747fd25d1ad5fa1272eb740e8a97fc547d8ad07b2f721c5e": { + "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", + "EndpointID": "ad16946f416562d658f3bb30b9830d73ad91ccf6feae44411269cd0ff674714e", + "MacAddress": "02:42:0a:00:00:04", + "IPv4Address": "10.0.0.4/24", + "IPv6Address": "" + } + }, + "Options": { + "com.docker.network.driver.overlay.vxlanid_list": "4097" + }, + "Labels": {}, + "Peers": [ + { + "Name": "net-3-5d3cfd30a58c", + "IP": "192.168.33.13" + }, + { + "Name": "net-1-6ecbc0040a73", + "IP": "192.168.33.11" + }, + { + "Name": "net-2-fb80208efd75", + "IP": "192.168.33.12" + } + ], + "Services": { + "s1": { + "VIP": "10.0.0.2", + "Ports": [], + "LocalLBIndex": 257, + "Tasks": [ + { + "Name": "s1.2.q4hcq2aiiml25ubtrtg4q1txt", + "EndpointID": "040879b027e55fb658e8b60ae3b87c6cdac7d291e86a190a3b5ac6567b26511a", + "EndpointIP": "10.0.0.5", + "Info": { + "Host IP": "192.168.33.11" + } + }, + { + "Name": "s1.3.yawl4cgkp7imkfx469kn9j6lm", + "EndpointID": "106edff9f120efe44068b834e1cddb5b39dd4a3af70211378b2f7a9e562bbad8", + "EndpointIP": "10.0.0.3", + "Info": { + "Host IP": "192.168.33.12" + } + }, + { + "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", + "EndpointID": "ad16946f416562d658f3bb30b9830d73ad91ccf6feae44411269cd0ff674714e", + "EndpointIP": "10.0.0.4", + "Info": { + "Host IP": "192.168.33.13" + } + } + ] + } + } + } +] +``` From f50f5f89443530e2dc95cc145dc2b360e76c5e3d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 13 Mar 2017 17:35:57 +0100 Subject: [PATCH 2390/2538] Add bash completion for topology-aware scheduling - bash completion for `docker service create --placement-pref` - bash completion for `docker service update --placement-pref-{add,rm}` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 642426ccfb..c0ef8b5808 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3027,6 +3027,7 @@ _docker_service_update_and_create() { --host --mode --name + --placement-pref --publish -p --secret " @@ -3052,6 +3053,11 @@ _docker_service_update_and_create() { COMPREPLY=( $( compgen -W "global replicated" -- "$cur" ) ) return ;; + --placement-pref) + COMPREPLY=( $( compgen -W "spread" -S = -- "$cur" ) ) + __docker_nospace + return + ;; --secret) __docker_complete_secrets return @@ -3076,6 +3082,8 @@ _docker_service_update_and_create() { --host-add --host-rm --image + --placement-pref-add + --placement-pref-rm --publish-add --publish-rm --rollback @@ -3100,6 +3108,11 @@ _docker_service_update_and_create() { __docker_complete_image_repos_and_tags return ;; + --placement-pref-add|--placement-pref-rm) + COMPREPLY=( $( compgen -W "spread" -S = -- "$cur" ) ) + __docker_nospace + return + ;; --secret-add|--secret-rm) __docker_complete_secrets return @@ -3107,6 +3120,15 @@ _docker_service_update_and_create() { esac fi + local strategy=$(__docker_map_key_of_current_option '--placement-pref|--placement-pref-add|--placement-pref-rm') + case "$strategy" in + spread) + COMPREPLY=( $( compgen -W "engine.labels node.labels" -S . -- "${cur##*=}" ) ) + __docker_nospace + return + ;; + esac + case "$prev" in --endpoint-mode) COMPREPLY=( $( compgen -W "dnsrr vip" -- "$cur" ) ) From 48332a6aebb59fb3ea15dffb6bb3f2a4ba133550 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 14 Mar 2017 09:54:29 +0100 Subject: [PATCH 2391/2538] Remove docs for `dockerd --no-new-privileges` Signed-off-by: Harald Albers --- docs/reference/commandline/dockerd.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 92b9349a41..3b40540a33 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -70,7 +70,6 @@ Options: --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) --metrics-addr string Set address and port to serve the metrics api (default "") --mtu int Set the containers network MTU - --no-new-privileges Disable container processes from gaining new privileges --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") --raw-logs Full timestamps without ANSI coloring From 25654c4e13180c73cc3b7cee5420e11c0fb54f9e Mon Sep 17 00:00:00 2001 From: Chris Gibson Date: Wed, 8 Mar 2017 14:19:45 +0800 Subject: [PATCH 2392/2538] Fix fish autocompletion with custom ps output In the docker config.json, if `psFormat` or `imagesFormat` is set to a non-standard format, it breaks autocompletion. This fixes the issue by using a custom format. Signed-off-by: Chris Gibson --- contrib/completion/fish/docker.fish | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index d3ebcf1837..f3dddd9277 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -26,20 +26,20 @@ end function __fish_print_docker_containers --description 'Print a list of docker containers' -a select switch $select case running - docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS=" +"}; $5 ~ "^Up" {print $1 "\n" $(NF)}' | tr ',' '\n' + docker ps -a --no-trunc --filter status=running --format "{{.ID}}\n{{.Names}}" | tr ',' '\n' case stopped - docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS=" +"}; $5 ~ "^Exit" {print $1 "\n" $(NF)}' | tr ',' '\n' + docker ps -a --no-trunc --filter status=exited --format "{{.ID}}\n{{.Names}}" | tr ',' '\n' case all - docker ps -a --no-trunc | command awk 'NR>1' | command awk 'BEGIN {FS=" +"}; {print $1 "\n" $(NF)}' | tr ',' '\n' + docker ps -a --no-trunc --format "{{.ID}}\n{{.Names}}" | tr ',' '\n' end end function __fish_print_docker_images --description 'Print a list of docker images' - docker images | command awk 'NR>1' | command grep -v '' | command awk '{print $1":"$2}' + docker images --format "{{.Repository}}:{{.Tag}}" | command grep -v '' end function __fish_print_docker_repositories --description 'Print a list of docker repositories' - docker images | command awk 'NR>1' | command grep -v '' | command awk '{print $1}' | command sort | command uniq + docker images --format "{{.Repository}}" | command grep -v '' | command sort | command uniq end # common options From 145bb0218da4f6a05b224847f718d9943032500b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 14 Mar 2017 17:28:58 +0100 Subject: [PATCH 2393/2538] Update bash completion for `docker service logs` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c0ef8b5808..78715d1627 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2846,7 +2846,7 @@ _docker_service_logs() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--details --follow -f --help --no-resolve --since --tail --timestamps -t" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--follow -f --help --no-resolve --no-task-ids --no-trunc --since --tail --timestamps -t" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--since|--tail') From 9888942fbcca54271de23a2e181fd59e61004c70 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 22 Feb 2017 15:43:13 -0500 Subject: [PATCH 2394/2538] Add --prune to stack deploy. Add to command line reference. Signed-off-by: Daniel Nephin --- docs/reference/commandline/deploy.md | 1 + docs/reference/commandline/stack_deploy.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference/commandline/deploy.md b/docs/reference/commandline/deploy.md index a430a90105..a86b2b4b45 100644 --- a/docs/reference/commandline/deploy.md +++ b/docs/reference/commandline/deploy.md @@ -30,6 +30,7 @@ Options: --bundle-file string Path to a Distributed Application Bundle file --compose-file string Path to a Compose file --help Print usage + --prune Prune services that are no longer referenced --with-registry-auth Send registry authentication details to Swarm agents ``` diff --git a/docs/reference/commandline/stack_deploy.md b/docs/reference/commandline/stack_deploy.md index 39456b7ffa..d57ef0f76c 100644 --- a/docs/reference/commandline/stack_deploy.md +++ b/docs/reference/commandline/stack_deploy.md @@ -27,6 +27,7 @@ Options: --bundle-file string Path to a Distributed Application Bundle file -c, --compose-file string Path to a Compose file --help Print usage + --prune Prune services that are no longer referenced --with-registry-auth Send registry authentication details to Swarm agents ``` From afe91a51209b4f9f690549551e8c1ad87e747268 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Mar 2017 12:27:23 +0100 Subject: [PATCH 2395/2538] docs: remove outdated reference to updating /etc/hosts Starting with docker 1.10, docker no longer uses /etc/hosts for service discovery, but uses an embedded DNS server. This patch removes a reference to the old (pre 1.10) behavior. Signed-off-by: Sebastiaan van Stijn --- docs/reference/run.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 62275e02ac..00928e6dbd 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -458,10 +458,6 @@ If a container is connected to the default bridge network and `linked` with other containers, then the container's `/etc/hosts` file is updated with the linked container's name. -If the container is connected to user-defined network, the container's -`/etc/hosts` file is updated with names of all other containers in that -user-defined network. - > **Note** Since Docker may live update the container’s `/etc/hosts` file, there may be situations when processes inside the container can end up reading an empty or incomplete `/etc/hosts` file. In most cases, retrying the read again From 6fe11272d3c6aec2439289675d642eba3f647438 Mon Sep 17 00:00:00 2001 From: French Ben Date: Fri, 27 Jan 2017 16:47:41 -0800 Subject: [PATCH 2396/2538] docs: added support for CLI yaml file generation Signed-off-by: French Ben Signed-off-by: Tibor Vass --- docs/reference/commandline/load.md | 2 +- docs/reference/commandline/stack_ls.md | 2 +- docs/yaml/Dockerfile | 4 + docs/yaml/generate.go | 86 ++++++++++ docs/yaml/yaml.go | 212 +++++++++++++++++++++++++ 5 files changed, 304 insertions(+), 2 deletions(-) create mode 100644 docs/yaml/Dockerfile create mode 100644 docs/yaml/generate.go create mode 100644 docs/yaml/yaml.go diff --git a/docs/reference/commandline/load.md b/docs/reference/commandline/load.md index f19362b433..3ce6c19e24 100644 --- a/docs/reference/commandline/load.md +++ b/docs/reference/commandline/load.md @@ -26,7 +26,7 @@ Options: The tarball may be compressed with gzip, bzip, or xz -q, --quiet Suppress the load output but still outputs the imported images ``` -## Descriptino +## Description `docker load` loads a tarred repository from a file or the standard input stream. It restores both images and tags. diff --git a/docs/reference/commandline/stack_ls.md b/docs/reference/commandline/stack_ls.md index 58cbde004f..567d947bab 100644 --- a/docs/reference/commandline/stack_ls.md +++ b/docs/reference/commandline/stack_ls.md @@ -27,7 +27,7 @@ Options: --help Print usage ``` -## Descriptino +## Description Lists the stacks. diff --git a/docs/yaml/Dockerfile b/docs/yaml/Dockerfile new file mode 100644 index 0000000000..059b97a917 --- /dev/null +++ b/docs/yaml/Dockerfile @@ -0,0 +1,4 @@ +FROM scratch +COPY docs /docs +# CMD cannot be nil so we set it to empty string +CMD [""] diff --git a/docs/yaml/generate.go b/docs/yaml/generate.go new file mode 100644 index 0000000000..ea5c00ea11 --- /dev/null +++ b/docs/yaml/generate.go @@ -0,0 +1,86 @@ +package main + +import ( + "fmt" + "io/ioutil" + "log" + "os" + "path/filepath" + "strings" + + "github.com/docker/docker/cli/command" + "github.com/docker/docker/cli/command/commands" + "github.com/docker/docker/pkg/term" + "github.com/spf13/cobra" + "github.com/spf13/pflag" +) + +const descriptionSourcePath = "docs/reference/commandline/" + +func generateCliYaml(opts *options) error { + stdin, stdout, stderr := term.StdStreams() + dockerCli := command.NewDockerCli(stdin, stdout, stderr) + cmd := &cobra.Command{Use: "docker"} + commands.AddCommands(cmd, dockerCli) + source := filepath.Join(opts.source, descriptionSourcePath) + if err := loadLongDescription(cmd, source); err != nil { + return err + } + + cmd.DisableAutoGenTag = true + return GenYamlTree(cmd, opts.target) +} + +func loadLongDescription(cmd *cobra.Command, path ...string) error { + for _, cmd := range cmd.Commands() { + if cmd.Name() == "" { + continue + } + fullpath := filepath.Join(path[0], strings.Join(append(path[1:], cmd.Name()), "_")+".md") + + if cmd.HasSubCommands() { + loadLongDescription(cmd, path[0], cmd.Name()) + } + + if _, err := os.Stat(fullpath); err != nil { + log.Printf("WARN: %s does not exist, skipping\n", fullpath) + continue + } + + content, err := ioutil.ReadFile(fullpath) + if err != nil { + return err + } + description, examples := parseMDContent(string(content)) + cmd.Long = description + cmd.Example = examples + } + return nil +} + +type options struct { + source string + target string +} + +func parseArgs() (*options, error) { + opts := &options{} + cwd, _ := os.Getwd() + flags := pflag.NewFlagSet(os.Args[0], pflag.ContinueOnError) + flags.StringVar(&opts.source, "root", cwd, "Path to project root") + flags.StringVar(&opts.target, "target", "/tmp", "Target path for generated yaml files") + err := flags.Parse(os.Args[1:]) + return opts, err +} + +func main() { + opts, err := parseArgs() + if err != nil { + fmt.Fprintln(os.Stderr, err.Error()) + } + fmt.Printf("Project root: %s\n", opts.source) + fmt.Printf("Generating yaml files into %s\n", opts.target) + if err := generateCliYaml(opts); err != nil { + fmt.Fprintf(os.Stderr, "Failed to generate yaml files: %s\n", err.Error()) + } +} diff --git a/docs/yaml/yaml.go b/docs/yaml/yaml.go new file mode 100644 index 0000000000..575f9bec5c --- /dev/null +++ b/docs/yaml/yaml.go @@ -0,0 +1,212 @@ +package main + +import ( + "fmt" + "io" + "os" + "path/filepath" + "sort" + "strings" + + "github.com/spf13/cobra" + "github.com/spf13/pflag" + "gopkg.in/yaml.v2" +) + +type cmdOption struct { + Option string + Shorthand string `yaml:",omitempty"` + DefaultValue string `yaml:"default_value,omitempty"` + Description string `yaml:",omitempty"` +} + +type cmdDoc struct { + Name string `yaml:"command"` + SeeAlso []string `yaml:"parent,omitempty"` + Version string `yaml:"engine_version,omitempty"` + Aliases string `yaml:",omitempty"` + Short string `yaml:",omitempty"` + Long string `yaml:",omitempty"` + Usage string `yaml:",omitempty"` + Pname string `yaml:",omitempty"` + Plink string `yaml:",omitempty"` + Cname []string `yaml:",omitempty"` + Clink []string `yaml:",omitempty"` + Options []cmdOption `yaml:",omitempty"` + InheritedOptions []cmdOption `yaml:"inherited_options,omitempty"` + Example string `yaml:"examples,omitempty"` +} + +// GenYamlTree creates yaml structured ref files +func GenYamlTree(cmd *cobra.Command, dir string) error { + identity := func(s string) string { return s } + emptyStr := func(s string) string { return "" } + return GenYamlTreeCustom(cmd, dir, emptyStr, identity) +} + +// GenYamlTreeCustom creates yaml structured ref files +func GenYamlTreeCustom(cmd *cobra.Command, dir string, filePrepender, linkHandler func(string) string) error { + for _, c := range cmd.Commands() { + if !c.IsAvailableCommand() || c.IsHelpCommand() { + continue + } + if err := GenYamlTreeCustom(c, dir, filePrepender, linkHandler); err != nil { + return err + } + } + + basename := strings.Replace(cmd.CommandPath(), " ", "_", -1) + ".yaml" + filename := filepath.Join(dir, basename) + f, err := os.Create(filename) + if err != nil { + return err + } + defer f.Close() + + if _, err := io.WriteString(f, filePrepender(filename)); err != nil { + return err + } + if err := GenYamlCustom(cmd, f, linkHandler); err != nil { + return err + } + return nil +} + +// GenYamlCustom creates custom yaml output +func GenYamlCustom(cmd *cobra.Command, w io.Writer, linkHandler func(string) string) error { + cliDoc := cmdDoc{} + cliDoc.Name = cmd.CommandPath() + + // Check experimental: ok := cmd.Tags["experimental"] + + cliDoc.Aliases = strings.Join(cmd.Aliases, ", ") + cliDoc.Short = cmd.Short + cliDoc.Long = cmd.Long + if len(cliDoc.Long) == 0 { + cliDoc.Long = cliDoc.Short + } + + if cmd.Runnable() { + cliDoc.Usage = cmd.UseLine() + } + + if len(cmd.Example) > 0 { + cliDoc.Example = cmd.Example + } + + flags := cmd.NonInheritedFlags() + if flags.HasFlags() { + cliDoc.Options = genFlagResult(flags) + } + flags = cmd.InheritedFlags() + if flags.HasFlags() { + cliDoc.InheritedOptions = genFlagResult(flags) + } + + if hasSeeAlso(cmd) { + if cmd.HasParent() { + parent := cmd.Parent() + cliDoc.Pname = parent.CommandPath() + link := cliDoc.Pname + ".yaml" + cliDoc.Plink = strings.Replace(link, " ", "_", -1) + cmd.VisitParents(func(c *cobra.Command) { + if c.DisableAutoGenTag { + cmd.DisableAutoGenTag = c.DisableAutoGenTag + } + }) + } + + children := cmd.Commands() + sort.Sort(byName(children)) + + for _, child := range children { + if !child.IsAvailableCommand() || child.IsHelpCommand() { + continue + } + currentChild := cliDoc.Name + " " + child.Name() + cliDoc.Cname = append(cliDoc.Cname, cliDoc.Name+" "+child.Name()) + link := currentChild + ".yaml" + cliDoc.Clink = append(cliDoc.Clink, strings.Replace(link, " ", "_", -1)) + } + } + + final, err := yaml.Marshal(&cliDoc) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + if _, err := fmt.Fprintln(w, string(final)); err != nil { + return err + } + return nil +} + +func genFlagResult(flags *pflag.FlagSet) []cmdOption { + var result []cmdOption + + flags.VisitAll(func(flag *pflag.Flag) { + // Todo, when we mark a shorthand is deprecated, but specify an empty message. + // The flag.ShorthandDeprecated is empty as the shorthand is deprecated. + // Using len(flag.ShorthandDeprecated) > 0 can't handle this, others are ok. + if !(len(flag.ShorthandDeprecated) > 0) && len(flag.Shorthand) > 0 { + opt := cmdOption{ + Option: flag.Name, + Shorthand: flag.Shorthand, + DefaultValue: flag.DefValue, + Description: forceMultiLine(flag.Usage), + } + result = append(result, opt) + } else { + opt := cmdOption{ + Option: flag.Name, + DefaultValue: forceMultiLine(flag.DefValue), + Description: forceMultiLine(flag.Usage), + } + result = append(result, opt) + } + }) + + return result +} + +// Temporary workaround for yaml lib generating incorrect yaml with long strings +// that do not contain \n. +func forceMultiLine(s string) string { + if len(s) > 60 && !strings.Contains(s, "\n") { + s = s + "\n" + } + return s +} + +// Small duplication for cobra utils +func hasSeeAlso(cmd *cobra.Command) bool { + if cmd.HasParent() { + return true + } + for _, c := range cmd.Commands() { + if !c.IsAvailableCommand() || c.IsHelpCommand() { + continue + } + return true + } + return false +} + +func parseMDContent(mdString string) (description string, examples string) { + parsedContent := strings.Split(mdString, "\n## ") + for _, s := range parsedContent { + if strings.Index(s, "Description") == 0 { + description = strings.Trim(s, "Description\n") + } + if strings.Index(s, "Examples") == 0 { + examples = strings.Trim(s, "Examples\n") + } + } + return +} + +type byName []*cobra.Command + +func (s byName) Len() int { return len(s) } +func (s byName) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s byName) Less(i, j int) bool { return s[i].Name() < s[j].Name() } From d43b0f126935e2282684deba0aa727a78fd33957 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 3 Mar 2017 14:08:49 -0800 Subject: [PATCH 2397/2538] Support `--filter mode=global|replicated` for `docker service ls` This fix tries to address the request in 31325 by adding `--filter mode=global|replicated` to `docker service ls`. As `docker service ls` has a `MODE` column by default, it is natural to support `--filter mode=global|replicated` for `docker service ls`. There are multiple ways to address the issue. One way is to pass the filter of mode to SwarmKit, another way is to process the filter of mode in the daemon. This fix process the filter in the daemon. Related docs has been updated. An integration test has been added. This fix fixes 31325. Signed-off-by: Yong Tang --- docs/reference/commandline/service_ls.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 86273ff1ff..6b07b84053 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -60,6 +60,7 @@ The currently supported filters are: * [id](service_ls.md#id) * [label](service_ls.md#label) +* [mode](service_ls.md#mode) * [name](service_ls.md#name) #### id @@ -98,6 +99,18 @@ ID NAME MODE REPLICAS IMAGE 74nzcxxjv6fq backend replicated 3/3 redis:3.0.6 ``` +#### mode + +The `mode` filter matches on the mode (either `replicated` or `global`) of a service. + +The following filter matches only `global` services. + +```bash +$ docker service ls --filter mode=global +ID NAME MODE REPLICAS IMAGE +w7y0v2yrn620 top global 1/1 busybox +``` + #### name The `name` filter matches on all or part of a service's name. From ffd24bd8e854f0cdb4f112af1a05fb1abba558ae Mon Sep 17 00:00:00 2001 From: erxian Date: Mon, 13 Mar 2017 15:28:23 +0800 Subject: [PATCH 2398/2538] misleading default for --update-monitor duration Signed-off-by: erxian --- docs/reference/commandline/service_create.md | 2 +- docs/reference/commandline/service_update.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 1b9921c1bf..6ea3d14929 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -71,7 +71,7 @@ Options: --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") --update-max-failure-ratio float Failure rate to tolerate during an update - --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) + --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) -u, --user string Username or UID (format: [:]) --with-registry-auth Send registry authentication details to swarm agents diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 1f418a250a..3c416d2e7a 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -84,7 +84,7 @@ Options: --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") --update-max-failure-ratio float Failure rate to tolerate during an update - --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) (default 0s) + --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) -u, --user string Username or UID (format: [:]) --with-registry-auth Send registry authentication details to swarm agents From ea6ba6963984230660065031ef9681e2b005dbe8 Mon Sep 17 00:00:00 2001 From: Remy Suen Date: Wed, 8 Mar 2017 06:33:30 +0900 Subject: [PATCH 2399/2538] Fix typo in sample output Changed `ICONTAINER ID` to `CONTAINER ID`. Signed-off-by: Remy Suen --- docs/reference/commandline/commit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index 22c98e310e..438eaf49dc 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -74,7 +74,7 @@ svendowideit/testimage version3 f5283438590d 16 sec ```bash $ docker ps -ICONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c3f279d17e0a ubuntu:12.04 /bin/bash 7 days ago Up 25 hours desperate_dubinsky 197387f1b436 ubuntu:12.04 /bin/bash 7 days ago Up 25 hours focused_hamilton From 977e1238ec320c1b148fce8a4542cc917894ed9f Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Tue, 14 Mar 2017 15:37:59 -0700 Subject: [PATCH 2400/2538] Add bash completion for `network inspect --verbose` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 78715d1627..11ff8a107d 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2691,7 +2691,7 @@ _docker_network_inspect() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--format -f --help" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format -f --help --verbose" -- "$cur" ) ) ;; *) __docker_complete_networks From 36f5fc7909aa5a3dddfaf1e3f5fc463e981b9963 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 16 Mar 2017 12:59:28 +0100 Subject: [PATCH 2401/2538] Add bash completion for `node|service|stack ps --format` Also add `--quiet|-q` where it was missing. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 11ff8a107d..272ff02492 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2942,11 +2942,14 @@ _docker_service_ps() { __docker_nospace return ;; + --format) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --format --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--filter|-f') @@ -3480,11 +3483,14 @@ _docker_node_ps() { __docker_nospace return ;; + --format) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --help --no-resolve --no-trunc" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --format --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) ;; *) __docker_complete_nodes --add self @@ -3973,11 +3979,14 @@ _docker_stack_ps() { __docker_nospace return ;; + --format) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--all -a --filter -f --help --no-resolve --no-trunc" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--all -a --filter -f --format --help --no-resolve --no-trunc --quiet -q" -- "$cur" ) ) ;; *) local counter=$(__docker_pos_first_nonflag '--filter|-f') From d9192b85d542a00ebdf4ed7902879ed31db900e4 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 16 Mar 2017 16:31:57 +0100 Subject: [PATCH 2402/2538] Add bash completion for `service ls --filter mode` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 272ff02492..9c43498bc0 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2868,6 +2868,10 @@ _docker_service_ls() { __docker_complete_services --cur "${cur##*=}" --id return ;; + mode) + COMPREPLY=( $( compgen -W "global replicated" -- "${cur##*=}" ) ) + return + ;; name) __docker_complete_services --cur "${cur##*=}" --name return @@ -2876,7 +2880,7 @@ _docker_service_ls() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -W "id label name" -S = -- "$cur" ) ) + COMPREPLY=( $( compgen -W "id label mode name" -S = -- "$cur" ) ) __docker_nospace return ;; From 8dd6f6d34253e3c572f3ae0f09da6467f6024be6 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Thu, 16 Mar 2017 14:17:38 -0700 Subject: [PATCH 2403/2538] Merge pull request #31875 from toolchainX/patch-2 update service-create.md (cherry picked from commit 0f1ee840143b230259544dbfc03205dafcd285ad) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/service_create.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 6ea3d14929..c2af3f8725 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -559,8 +559,8 @@ follows: node.hostname != node-2 - node.role - node role: manager + node.role + Node role node.role == manager From 1c56dfab6f0ccba67e0564f4ec8d1f9905d7a8cd Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 17 Mar 2017 09:21:21 +0100 Subject: [PATCH 2404/2538] Improve bash completion for `docker rm` `docker rm` can delete containers in state=created, too. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9c43498bc0..d4f3a2083f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -101,6 +101,10 @@ __docker_complete_containers_all() { __docker_complete_containers "$@" --all } +__docker_complete_containers_removable() { + __docker_complete_containers "$@" --filter status=created --filter status=exited +} + __docker_complete_containers_running() { __docker_complete_containers "$@" --filter status=running } @@ -1430,7 +1434,7 @@ _docker_container_rm() { ;; esac done - __docker_complete_containers_stopped + __docker_complete_containers_removable ;; esac } From 7150d7328cc57891e4febc0b14a65953399669a9 Mon Sep 17 00:00:00 2001 From: Nikolas Garofil Date: Thu, 16 Mar 2017 17:32:30 +0100 Subject: [PATCH 2405/2538] Fix zsh-completion for containers in status 'created' This patch makes sure that containers in the created-stated are counted as stopped containers. Otherwise if you create a container, don't run it and type: "docker rm ", followed by pressing tab in zsh, it won't show up. Signed-off-by: Nikolas Garofil Signed-off-by: Nikolas Garofil --- contrib/completion/zsh/_docker | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index be33b6c961..9f19d0fb3a 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -78,7 +78,7 @@ __docker_get_containers() { s="${${line[${begin[CONTAINER ID]},${end[CONTAINER ID]}]%% ##}[0,12]}" s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" - if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then + if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = (Exit*|Created*) ]]; then stopped=($stopped $s) else running=($running $s) @@ -100,7 +100,7 @@ __docker_get_containers() { (( $#s != 0 )) || continue s="$s:${(l:15:: :::)${${line[${begin[CREATED]},${end[CREATED]}]/ ago/}%% ##}}" s="$s, ${${${line[${begin[IMAGE]},${end[IMAGE]}]}/:/\\:}%% ##}" - if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = Exit* ]]; then + if [[ ${line[${begin[STATUS]},${end[STATUS]}]} = (Exit*|Created*) ]]; then stopped=($stopped $s) else running=($running $s) From 30b0334917e8e1778906e6033cf628ecfe1fae20 Mon Sep 17 00:00:00 2001 From: Ricardo N Feliciano Date: Sun, 19 Mar 2017 17:53:10 -0400 Subject: [PATCH 2406/2538] Fix 'Specify a Dockerfile (-f)' heading in Engine CLI Docs. Signed-off-by: Ricardo N Feliciano --- docs/reference/commandline/build.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 77096acd3c..20fd58236b 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -334,6 +334,7 @@ For example, to tag an image both as `whenry/fedora-jboss:latest` and ```bash $ docker build -t whenry/fedora-jboss:latest -t whenry/fedora-jboss:v2.1 . ``` + ### Specify a Dockerfile (-f) ```bash From bd1c58ccaf0d5514ada266aadc3778919d9d2e67 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 17 Mar 2017 09:33:55 +0100 Subject: [PATCH 2407/2538] Bash completion for `docker node update` completes only one node `docker node update` accepts only one node. Before this change, bash completion would complete additional nodes. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index d4f3a2083f..9cf46ae7d4 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3526,7 +3526,11 @@ _docker_node_update() { COMPREPLY=( $( compgen -W "--availability --help --label-add --label-rm --role" -- "$cur" ) ) ;; *) - __docker_complete_nodes + local counter=$(__docker_pos_first_nonflag '--availability|--label-add|--label-rm|--role') + if [ $cword -eq $counter ]; then + __docker_complete_nodes + fi + ;; esac } From 33166e33648b0341b3821b2fcff97198a943c425 Mon Sep 17 00:00:00 2001 From: Boaz Shuster Date: Sun, 5 Mar 2017 13:11:04 +0200 Subject: [PATCH 2408/2538] Add format to secret ls Signed-off-by: Boaz Shuster --- docs/reference/commandline/cli.md | 9 +++++ docs/reference/commandline/secret_ls.md | 44 +++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 666a353718..c290e61d5c 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -160,6 +160,14 @@ property is not set, the client falls back to the default table format. For a list of supported formatting directives, see [**Formatting** section in the `docker stats` documentation](stats.md) +The property `secretFormat` specifies the default format for `docker +secret ls` output. When the `--format` flag is not provided with the +`docker secret ls` command, Docker's client uses this property. If this +property is not set, the client falls back to the default table +format. For a list of supported formatting directives, see +[**Formatting** section in the `docker secret ls` documentation](secret_ls.md) + + The property `credsStore` specifies an external binary to serve as the default credential store. When this property is set, `docker login` will attempt to store credentials in the binary specified by `docker-credential-` which @@ -204,6 +212,7 @@ Following is a sample `config.json` file: "pluginsFormat": "table {{.ID}}\t{{.Name}}\t{{.Enabled}}", "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}", "servicesFormat": "table {{.ID}}\t{{.Name}}\t{{.Mode}}", + "secretFormat": "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}\t{{.UpdatedAt}}", "serviceInspectFormat": "pretty", "detachKeys": "ctrl-e,e", "credsStore": "secretservice", diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md index 72b9e4696d..271075449d 100644 --- a/docs/reference/commandline/secret_ls.md +++ b/docs/reference/commandline/secret_ls.md @@ -25,6 +25,7 @@ Aliases: Options: -q, --quiet Only display IDs + -format string Pretty-print secrets using a Go template ``` ## Description @@ -40,6 +41,49 @@ ID NAME CREATED mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC ``` +### Format the output + +The formatting option (`--format`) pretty prints secrets output +using a Go template. + +Valid placeholders for the Go template are listed below: + +| Placeholder | Description | +| ------------ | ------------------------------------------------------------------------------------ | +| `.ID` | Secret ID | +| `.Name` | Secret name | +| `.CreatedAt` | Time when the secret was created | +| `.UpdatedAt` | Time when the secret was updated | +| `.Labels` | All labels assigned to the secret | +| `.Label` | Value of a specific label for this secret. For example `{{.Label "secret.ssh.key"}}` | + +When using the `--format` option, the `secret ls` command will either +output the data exactly as the template declares or, when using the +`table` directive, will include column headers as well. + +The following example uses a template without headers and outputs the +`ID` and `Name` entries separated by a colon for all images: + +```bash +$ docker secret ls --format "{{.ID}}: {{.Name}}" + +77af4d6b9913: secret-1 +b6fa739cedf5: secret-2 +78a85c484f71: secret-3 +``` + +To list all secrets with their name and created date in a table format you +can use: + +```bash +$ docker secret ls --format "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}" + +ID NAME CREATED +77af4d6b9913 secret-1 5 minutes ago +b6fa739cedf5 secret-2 3 hours ago +78a85c484f71 secret-3 10 days ago +``` + ## Related commands * [secret create](secret_create.md) From 3e4d1cacf49e855f68eeb452b2b0c71bdc2165c0 Mon Sep 17 00:00:00 2001 From: Jimmy Song Date: Tue, 7 Mar 2017 17:06:27 +0800 Subject: [PATCH 2409/2538] modify docker plugin sshfs entrypoint Signed-off-by: Jimmy Song --- docs/extend/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/extend/index.md b/docs/extend/index.md index b0d3404bbe..2fe2d83687 100644 --- a/docs/extend/index.md +++ b/docs/extend/index.md @@ -150,7 +150,7 @@ Consider the following `config.json` file. { "description": "sshFS plugin for Docker", "documentation": "https://docs.docker.com/engine/extend/plugins/", - "entrypoint": ["/go/bin/docker-volume-sshfs"], + "entrypoint": ["/docker-volume-sshfs"], "network": { "type": "host" }, @@ -165,7 +165,7 @@ Consider the following `config.json` file. ``` This plugin is a volume driver. It requires a `host` network and the -`CAP_SYS_ADMIN` capability. It depends upon the `/go/bin/docker-volume-sshfs` +`CAP_SYS_ADMIN` capability. It depends upon the `/docker-volume-sshfs` entrypoint and uses the `/run/docker/plugins/sshfs.sock` socket to communicate with Docker Engine. This plugin has no runtime parameters. From d42d6b79391fa7586c5372c096cf9f43e224e0d6 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Tue, 21 Mar 2017 15:58:12 +0100 Subject: [PATCH 2410/2538] Add `reference` filter to the list of available filters The `reference` filter is documented in the file, but is not present in the list of available filters. Signed-off-by: Vincent Demeester --- docs/reference/commandline/images.md | 1 + man/src/image/ls.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/reference/commandline/images.md b/docs/reference/commandline/images.md index 82c572e3ba..9f7f555ed6 100644 --- a/docs/reference/commandline/images.md +++ b/docs/reference/commandline/images.md @@ -158,6 +158,7 @@ The currently supported filters are: * label (`label=` or `label==`) * before (`[:]`, `` or ``) - filter images created before given id or references * since (`[:]`, `` or ``) - filter images created since given id or references +* reference (pattern of an image reference) - filter images whose reference matches the specified pattern #### Show untagged images (dangling) diff --git a/man/src/image/ls.md b/man/src/image/ls.md index bb673b008c..7e32749911 100644 --- a/man/src/image/ls.md +++ b/man/src/image/ls.md @@ -21,6 +21,7 @@ Filters the output based on these conditions: - label= or label== - before=([:tag]||) - since=([:tag]||) + - reference=(pattern of an image reference) ## Format From a7c4324c4703dcb4e21023720a98e0f39d31accf Mon Sep 17 00:00:00 2001 From: Jeremy Yallop Date: Fri, 10 Mar 2017 15:02:32 +0000 Subject: [PATCH 2411/2538] Documentation for bind mount consistency flags. Signed-off-by: Jeremy Yallop --- docs/reference/commandline/create.md | 3 ++- docs/reference/commandline/run.md | 3 ++- docs/reference/commandline/service_create.md | 15 ++++++++++++++- man/docker-run.1.md | 10 +++++++--- man/src/container/create.md | 9 ++++++--- 5 files changed, 31 insertions(+), 9 deletions(-) diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 756b2b4099..0fbe07fbe2 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -126,7 +126,8 @@ Options: -v, --volume value Bind mount a volume (default []). The format is `[host-src:]container-dest[:]`. The comma-delimited `options` are [rw|ro], - [z|Z], [[r]shared|[r]slave|[r]private], and + [z|Z], [[r]shared|[r]slave|[r]private], + [delegated|cached|consistent], and [nocopy]. The 'host-src' is an absolute path or a name value. --volume-driver string Optional volume driver for the container diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 09d7d21c49..6a9bbd5459 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -137,7 +137,8 @@ Options: -v, --volume value Bind mount a volume (default []). The format is `[host-src:]container-dest[:]`. The comma-delimited `options` are [rw|ro], - [z|Z], [[r]shared|[r]slave|[r]private], and + [z|Z], [[r]shared|[r]slave|[r]private], + [delegated|cached|consistent], and [nocopy]. The 'host-src' is an absolute path or a name value. --volume-driver string Optional volume driver for the container diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index c2af3f8725..4c72b3ac6d 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -320,9 +320,22 @@ volumes in a service:

+ + consistency + + +

The consistency requirements for the mount; one of +

    +
  • default: Equivalent to consistent.
  • +
  • consistent: Full consistency. The container runtime and the host maintain an identical view of the mount at all times.
  • +
  • cached: The host's view of the mount is authoritative. There may be delays before updates made on the host are visible within a container.
  • +
  • delegated: The container runtime's view of the mount is authoritative. There may be delays before updates made in a container are are visible on the host.
  • +
+

+ + - #### Bind Propagation Bind propagation refers to whether or not mounts created within a given diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 4d35b1ec40..66c6b6704b 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -625,6 +625,7 @@ any options, the systems uses the following options: * [rw|ro] * [z|Z] * [`[r]shared`|`[r]slave`|`[r]private`] + * [`delegated`|`cached`|`consistent`] * [nocopy] The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The `HOST-DIR` @@ -642,9 +643,12 @@ You can specify multiple **-v** options to mount one or more mounts to a container. To use these same mounts in other containers, specify the **--volumes-from** option also. -You can add `:ro` or `:rw` suffix to a volume to mount it read-only or -read-write mode, respectively. By default, the volumes are mounted read-write. -See examples. +You can supply additional options for each bind-mount following an additional +colon. A `:ro` or `:rw` suffix mounts a volume in read-only or read-write +mode, respectively. By default, volumes are mounted in read-write mode. +You can also specify the consistency requirement for the mount, either +`:consistent` (the default), `:cached`, or `:delegated`. Multiple options are +separated by commas, e.g. `:ro,cached`. Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might diff --git a/man/src/container/create.md b/man/src/container/create.md index 66068ff644..e47bb38db1 100644 --- a/man/src/container/create.md +++ b/man/src/container/create.md @@ -23,9 +23,12 @@ You can specify multiple **-v** options to mount one or more mounts to a container. To use these same mounts in other containers, specify the **--volumes-from** option also. -You can add `:ro` or `:rw` suffix to a volume to mount it read-only or -read-write mode, respectively. By default, the volumes are mounted read-write. -See examples. +You can supply additional options for each bind-mount following an additional +colon. A `:ro` or `:rw` suffix mounts a volume in read-only or read-write +mode, respectively. By default, volumes are mounted in read-write mode. +You can also specify the consistency requirement for the mount, either +`:consistent` (the default), `:cached`, or `:delegated`. Multiple options are +separated by commas, e.g. `:ro,cached`. Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might From 84e63b3abbf8dc4fba3bbe005888e28831b98b7c Mon Sep 17 00:00:00 2001 From: Dave Tucker Date: Mon, 6 Mar 2017 14:46:15 +0000 Subject: [PATCH 2412/2538] Ignore built-in allowed build-args in image history Removes the build-args from the image history if they are in the BuiltinAllowedBuildArgs map unless they are explicitly defined in an ARG instruction. Signed-off-by: Dave Tucker --- docs/reference/builder.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 75c7e0c0c1..fa8b3e138f 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1396,6 +1396,35 @@ To use these, simply pass them on the command line using the flag: --build-arg = ``` +By default, these pre-defined variables are excluded from the output of +`docker history`. Excluding them reduces the risk of accidentally leaking +sensitive authentication information in an `HTTP_PROXY` variable. + +For example, consider building the following Dockerfile using +`--build-arg HTTP_PROXY=http://user:pass@proxy.lon.example.com` + +``` Dockerfile +FROM ubuntu +RUN echo "Hello World" +``` + +In this case, the value of the `HTTP_PROXY` variable is not available in the +`docker history` and is not cached. If you were to change location, and your +proxy server changed to `http://user:pass@proxy.sfo.example.com`, a subsequent +build does not result in a cache miss. + +If you need to override this behaviour then you may do so by adding an `ARG` +statement in the Dockerfile as follows: + +``` Dockerfile +FROM ubuntu +ARG HTTP_PROXY +RUN echo "Hello World" +``` + +When building this Dockerfile, the `HTTP_PROXY` is preserved in the +`docker history`, and changing its value invalidates the build cache. + ### Impact on build caching `ARG` variables are not persisted into the built image as `ENV` variables are. @@ -1404,6 +1433,8 @@ Dockerfile defines an `ARG` variable whose value is different from a previous build, then a "cache miss" occurs upon its first usage, not its definition. In particular, all `RUN` instructions following an `ARG` instruction use the `ARG` variable implicitly (as an environment variable), thus can cause a cache miss. +All predefined `ARG` variables are exempt from caching unless there is a +matching `ARG` statement in the `Dockerfile`. For example, consider these two Dockerfile: From 865b35703b65c9b5d23411785874fdcf3fdc77d8 Mon Sep 17 00:00:00 2001 From: Wayne Song Date: Tue, 21 Mar 2017 17:10:31 +0100 Subject: [PATCH 2413/2538] Update system df docs to call out performance implications Signed-off-by: Wayne Song --- docs/reference/commandline/system_df.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/reference/commandline/system_df.md b/docs/reference/commandline/system_df.md index 6758bdeb72..86cc9896c0 100644 --- a/docs/reference/commandline/system_df.md +++ b/docs/reference/commandline/system_df.md @@ -77,6 +77,15 @@ my-named-vol 0 > **Note**: Network information is not shown because it doesn't consume the disk > space. +## Performance + +The `system df` command can be very resource-intensive. It traverses the +filesystem of every image, container, and volume in the system. You should be +careful running this command in systems with lots of images, containers, or +volumes or in systems where some images, containers, or volumes have very large +filesystems with many files. You should also be careful not to run this command +in systems where performance is critical. + ## Related commands * [system prune](system_prune.md) * [container prune](container_prune.md) From b3da7041543ddff8c5ac5ca5b2281db31d1170c7 Mon Sep 17 00:00:00 2001 From: John Maguire Date: Tue, 21 Mar 2017 15:30:04 -0400 Subject: [PATCH 2414/2538] Add note regarding Windows VOLUME limitations Signed-off-by: John Maguire --- docs/reference/builder.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index fa8b3e138f..72ad7670f6 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1222,6 +1222,11 @@ This Dockerfile results in an image that causes `docker run`, to create a new mount point at `/myvol` and copy the `greeting` file into the newly created volume. +> **Note**: +> When using Windows-based containers, the destination of a volume inside the +> container must be one of: a non-existing or empty directory; or a drive other +> than C:. + > **Note**: > If any build steps change the data within the volume after it has been > declared, those changes will be discarded. From 35cc51b4f6b3ea48af312991d6821925f7564efd Mon Sep 17 00:00:00 2001 From: Foysal Iqbal Date: Tue, 21 Mar 2017 15:22:29 -0400 Subject: [PATCH 2415/2538] remove the duplicate line from doc and rebase with master for 'example of ADD and COPY with special characters file name' Signed-off-by: Foysal Iqbal --- docs/reference/builder.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 72ad7670f6..8550b0a4f5 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -803,6 +803,14 @@ the source will be copied inside the destination container. ADD test relativeDir/ # adds "test" to `WORKDIR`/relativeDir/ ADD test /absoluteDir/ # adds "test" to /absoluteDir/ +When adding files or directories that contain special characters (such as `[` +and `]`), you need to escape those paths following the Golang rules to prevent +them from being treated as a matching pattern. For example, to add a file +named `arr[0].txt`, use the following; + + ADD arr[[]0].txt /mydir/ # copy a file named "arr[0].txt" to /mydir/ + + All new files and directories are created with a UID and GID of 0. In the case where `` is a remote file URL, the destination will @@ -915,6 +923,14 @@ the source will be copied inside the destination container. COPY test relativeDir/ # adds "test" to `WORKDIR`/relativeDir/ COPY test /absoluteDir/ # adds "test" to /absoluteDir/ + +When copying files or directories that contain special characters (such as `[` +and `]`), you need to escape those paths following the Golang rules to prevent +them from being treated as a matching pattern. For example, to copy a file +named `arr[0].txt`, use the following; + + COPY arr[[]0].txt /mydir/ # copy a file named "arr[0].txt" to /mydir/ + All new files and directories are created with a UID and GID of 0. > **Note**: From 9111051d9805eeb259f5ac7c815b3695f028d180 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Tue, 7 Mar 2017 18:26:09 -0800 Subject: [PATCH 2416/2538] Add support in plugin config for accessing host ipc namespace. Plugins might need access to host ipc namespace. A good usecase is a volume plugin running iscsi multipath commands that need access to host kernel locks. Tested with a custom plugin (aragunathan/global-net-plugin-full) that's built with `"ipchost" : true` in config.json. Observed using `readlink /proc/self/ns/ipc` that plugin and host have the same ns. Signed-off-by: Anusha Ragunathan --- docs/extend/config.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/extend/config.md b/docs/extend/config.md index dab755d97b..3fc377f76c 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -115,6 +115,9 @@ Config provides the base accessible fields for working with V0 plugin format options of the mount. +- **`ipchost`** *boolean* + Access to host ipc namespace. + - **`propagatedMount`** *string* path to be mounted as rshared, so that mounts under that path are visible to docker. This is useful for volume plugins. From c9f1050226cee4f79dc20b0124f273969414bd66 Mon Sep 17 00:00:00 2001 From: Anusha Ragunathan Date: Fri, 10 Mar 2017 14:17:24 -0800 Subject: [PATCH 2417/2538] Add pid host support Tested using global-net-plugin-ipc which sets PidHost in config.json. Plugins might need access to host pid namespace. Add support for that. Tested using aragunathan/global-net-plugin-ipc which sets "pidhost" in config.json. Observed using `readlink /proc/self/ns/pid` that plugin and host have the same ns. Signed-off-by: Anusha Ragunathan --- docs/extend/config.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/extend/config.md b/docs/extend/config.md index 3fc377f76c..ad43e898c7 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -117,6 +117,8 @@ Config provides the base accessible fields for working with V0 plugin format - **`ipchost`** *boolean* Access to host ipc namespace. +- **`pidhost`** *boolean* + Access to host pid namespace. - **`propagatedMount`** *string* From 0e6eb9976beab68f91166094aa8d4b5e800fa0f2 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 22 Mar 2017 23:17:42 +0100 Subject: [PATCH 2418/2538] Add zsh completion for 'docker service {create,update} --placement-pref' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 9f19d0fb3a..27bf93eb5d 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1799,6 +1799,28 @@ __docker_service_complete_ps_filters() { return ret } +__docker_service_complete_placement_pref() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (spread) + opts=('engine.labels' 'node.labels') + _describe -t spread-opts "spread options" opts -qS "." && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + opts=('spread') + _describe -t pref-opts "placement pref options" opts -qS "=" && ret=0 + fi + + return ret +} + __docker_services() { [[ $PREFIX = -* ]] && return 1 integer ret=1 @@ -1931,6 +1953,7 @@ __docker_service_subcommand() { "($help)*--env-file=[Read environment variables from a file]:environment file:_files" \ "($help)--mode=[Service Mode]:mode:(global replicated)" \ "($help)--name=[Service name]:name: " \ + "($help)*--placement-pref=[Add a placement preference]:pref:__docker_service_complete_placement_pref" \ "($help)*--publish=[Publish a port]:port: " \ "($help -): :__docker_complete_images" \ "($help -):command: _command_names -e" \ @@ -2016,6 +2039,8 @@ __docker_service_subcommand() { "($help)*--group-add=[Add additional supplementary user groups to the container]:group:_groups" \ "($help)*--group-rm=[Remove previously added supplementary user groups from the container]:group:_groups" \ "($help)--image=[Service image tag]:image:__docker_complete_repositories" \ + "($help)*--placement-pref-add=[Add a placement preference]:pref:__docker_service_complete_placement_pref" \ + "($help)*--placement-pref-rm=[Remove a placement preference]:pref:__docker_service_complete_placement_pref" \ "($help)*--publish-add=[Add or update a port]:port: " \ "($help)*--publish-rm=[Remove a port(target-port mandatory)]:port: " \ "($help)--rollback[Rollback to previous specification]" \ From 9a46875a9534be29b65fb70277e3d122dcc1aacc Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 22 Mar 2017 22:28:09 +0100 Subject: [PATCH 2419/2538] Add zsh completion for 'docker build --add-host' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 27bf93eb5d..9611f84fb4 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -978,6 +978,7 @@ __docker_image_subcommand() { (build) _arguments $(__docker_arguments) \ $opts_help \ + "($help)*--add-host=[Add a custom host-to-IP mapping]:host\:ip mapping: " \ "($help)*--build-arg=[Build-time variables]:=: " \ "($help)*--cache-from=[Images to consider as cache sources]: :__docker_complete_repositories_with_tags" \ "($help -c --cpu-shares)"{-c=,--cpu-shares=}"[CPU shares (relative weight)]:CPU shares:(0 10 100 200 500 800 1000)" \ From 80482d7f967987452ccaee92161277061925f385 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 22 Mar 2017 23:35:07 +0100 Subject: [PATCH 2420/2538] Add zsh completion for 'docker network inspect --verbose' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 9611f84fb4..ecaea54fba 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1268,6 +1268,7 @@ __docker_network_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -f --format)"{-f=,--format=}"[Format the output using the given go template]:template: " \ + "($help)--verbose[Show detailed information]" \ "($help -)*:network:__docker_complete_networks" && ret=0 ;; (ls) From 7931960ded531678880f16170a00db67252c4963 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 22 Mar 2017 22:49:57 +0100 Subject: [PATCH 2421/2538] Add zsh completion for 'docker service {create,update} --stop-signal' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index ecaea54fba..f5f7f0c976 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -642,6 +642,7 @@ __docker_container_subcommand() { "($help)--read-only[Mount the container's root filesystem as read only]" "($help)*--security-opt=[Security options]:security option: " "($help)*--shm-size=[Size of '/dev/shm' (format is '')]:shm size: " + "($help)--stop-signal=[Signal to kill a container]:signal:_signals" "($help)--stop-timeout=[Timeout (in seconds) to stop a container]:time: " "($help)*--sysctl=-[sysctl options]:sysctl: " "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-tty]" @@ -858,7 +859,6 @@ __docker_container_subcommand() { "($help)--rm[Remove intermediate containers when it exits]" \ "($help)--runtime=[Name of the runtime to be used for that container]:runtime:__docker_complete_runtimes" \ "($help)--sig-proxy[Proxy all received signals to the process (non-TTY mode only)]" \ - "($help)--stop-signal=[Signal to kill a container]:signal:_signals" \ "($help)--storage-opt=[Storage driver options for the container]:storage options:->storage-opt" \ "($help -): :__docker_complete_images" \ "($help -):command: _command_names -e" \ @@ -1932,6 +1932,7 @@ __docker_service_subcommand() { "($help)--restart-window=[Window used to evaluate the restart policy]:window: " "($help)*--secret=[Specify secrets to expose to the service]:secret:__docker_complete_secrets" "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: " + "($help)--stop-signal=[Signal to stop the container]:signal:_signals" "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-TTY]" "($help)--update-delay=[Delay between updates]:delay: " "($help)--update-failure-action=[Action on update failure]:mode:(pause continue)" From a7af767c0d13e981fe7aba9a47fed6076a998f33 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 22 Mar 2017 23:26:33 +0100 Subject: [PATCH 2422/2538] Add zsh completion for 'docker logs --no-task-ids --no-trunc' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index f5f7f0c976..a9b7ce425a 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1972,9 +1972,10 @@ __docker_service_subcommand() { (logs) _arguments $(__docker_arguments) \ $opts_help \ - "($help)--details[Show extra details provided to logs]" \ "($help -f --follow)"{-f,--follow}"[Follow log output]" \ "($help)--no-resolve[Do not map IDs to Names]" \ + "($help)--no-task-ids[Do not include task IDs]" \ + "($help)--no-trunc[Do not truncate output]" \ "($help)--since=[Show logs since timestamp]:timestamp: " \ "($help)--tail=[Number of lines to show from the end of the logs]:lines:(1 10 20 50 all)" \ "($help -t --timestamps)"{-t,--timestamps}"[Show timestamps]" \ From 4cb6ab4eb551e1e54aca3d40c0a3f9e29a945505 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 22 Mar 2017 22:40:46 +0100 Subject: [PATCH 2423/2538] Add zsh completion for 'docker service {create,update} --rollback-*' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index a9b7ce425a..256f10dfd8 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1929,13 +1929,18 @@ __docker_service_subcommand() { "($help)--restart-condition=[Restart when condition is met]:mode:(any none on-failure)" "($help)--restart-delay=[Delay between restart attempts]:delay: " "($help)--restart-max-attempts=[Maximum number of restarts before giving up]:max-attempts: " - "($help)--restart-window=[Window used to evaluate the restart policy]:window: " + "($help)--restart-window=[Window used to evaluate the restart policy]:duration: " + "($help)--rollback-delay=[Delay between task rollbacks]:duration: " + "($help)--rollback-failure-action=[Action on rollback failure]:action:(continue pause)" + "($help)--rollback-max-failure-ratio=[Failure rate to tolerate during a rollback]:failure rate: " + "($help)--rollback-monitor=[Duration after each task rollback to monitor for failure]:duration: " + "($help)--rollback-parallelism=[Maximum number of tasks rolled back simultaneously]:number: " "($help)*--secret=[Specify secrets to expose to the service]:secret:__docker_complete_secrets" "($help)--stop-grace-period=[Time to wait before force killing a container]:grace period: " "($help)--stop-signal=[Signal to stop the container]:signal:_signals" "($help -t --tty)"{-t,--tty}"[Allocate a pseudo-TTY]" "($help)--update-delay=[Delay between updates]:delay: " - "($help)--update-failure-action=[Action on update failure]:mode:(pause continue)" + "($help)--update-failure-action=[Action on update failure]:mode:(continue pause rollback)" "($help)--update-max-failure-ratio=[Failure rate to tolerate during an update]:fraction: " "($help)--update-monitor=[Duration after each task update to monitor for failure]:window: " "($help)--update-parallelism=[Maximum number of tasks updated simultaneously]:number: " From 396925bab0bf5132739e74b8f00bb010fcf534db Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 22 Mar 2017 23:56:29 +0100 Subject: [PATCH 2424/2538] Add zsh completion for 'docker secret ls --format' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 256f10dfd8..e4f05276f7 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1736,6 +1736,7 @@ __docker_secret_subcommand() { (ls|list) _arguments $(__docker_arguments) \ $opts_help \ + "($help)--format=[Format the output using the given go template]:template: " \ "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 ;; (rm|remove) From 9be3a2cec8cea6c20783ecc50ded343bb9ea863e Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 22 Mar 2017 23:52:36 +0100 Subject: [PATCH 2425/2538] Add zsh completion for 'docker service ls --filter mode' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index e4f05276f7..0d345fc342 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1765,6 +1765,10 @@ __docker_service_complete_ls_filters() { (id) __docker_complete_services_ids && ret=0 ;; + (mode) + opts=('global' 'replicated') + _describe -t mode-opts "mode options" opts && ret=0 + ;; (name) __docker_complete_services_names && ret=0 ;; @@ -1773,7 +1777,7 @@ __docker_service_complete_ls_filters() { ;; esac else - opts=('id' 'label' 'name') + opts=('id' 'label' 'mode' 'name') _describe -t filter-opts "filter options" opts -qS "=" && ret=0 fi From 6f22676f0bce0bba1c88d39d89188dbcd71b4156 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 3 Mar 2017 10:45:48 -0800 Subject: [PATCH 2426/2538] Add `--filter scope=swarm|local` for `docker network ls` This fix tries to address the request in 31324 by adding `--filter scope=swarm|local` for `docker network ls`. As `docker network ls` has a `SCOPE` column by default, it is natural to add the support of `--filter scope=swarm|local`. This fix adds the `scope=swarm|local` support for `docker network ls --filter`. Related docs has been updated. Additional unit test cases have been added. This fix fixes 31324. Signed-off-by: Yong Tang --- docs/reference/commandline/network_ls.md | 25 ++++++++++++++++++++++++ man/src/network/ls.md | 25 ++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/docs/reference/commandline/network_ls.md b/docs/reference/commandline/network_ls.md index 39dcd051d9..8bb8a2c48a 100644 --- a/docs/reference/commandline/network_ls.md +++ b/docs/reference/commandline/network_ls.md @@ -74,6 +74,7 @@ The currently supported filters are: * id (network's id) * label (`label=` or `label==`) * name (network's name) +* scope (`swarm|global|local`) * type (`custom|builtin`) #### Driver @@ -157,6 +158,30 @@ NETWORK ID NAME DRIVER SCOPE 06e7eef0a170 foobar bridge local ``` +#### Scope + +The `scope` filter matches networks based on their scope. + +The following example matches networks with the `swarm` scope: + +```bash +$ docker network ls --filter scope=swarm +NETWORK ID NAME DRIVER SCOPE +xbtm0v4f1lfh ingress overlay swarm +ic6r88twuu92 swarmnet overlay swarm +``` + +The following example matches networks with the `local` scope: + +```bash +$ docker network ls --filter scope=local +NETWORK ID NAME DRIVER SCOPE +e85227439ac7 bridge bridge local +0ca0e19443ed host host local +ca13cc149a36 localnet bridge local +f9e115d2de35 none null local +``` + #### Type The `type` filter supports two values; `builtin` displays predefined networks diff --git a/man/src/network/ls.md b/man/src/network/ls.md index c5182e87e1..417344951a 100644 --- a/man/src/network/ls.md +++ b/man/src/network/ls.md @@ -35,6 +35,7 @@ The currently supported filters are: * id (network's id) * label (`label=` or `label==`) * name (network's name) +* scope (`swarm|global|local`) * type (custom|builtin) #### Driver @@ -118,6 +119,30 @@ NETWORK ID NAME DRIVER 06e7eef0a170 foobar bridge ``` +#### Scope + +The `scope` filter matches networks based on their scope. + +The following example matches networks with the `swarm` scope: + +```bash +$ docker network ls --filter scope=swarm +NETWORK ID NAME DRIVER SCOPE +xbtm0v4f1lfh ingress overlay swarm +ic6r88twuu92 swarmnet overlay swarm +``` + +The following example matches networks with the `local` scope: + +```bash +$ docker network ls --filter scope=local +NETWORK ID NAME DRIVER SCOPE +e85227439ac7 bridge bridge local +0ca0e19443ed host host local +ca13cc149a36 localnet bridge local +f9e115d2de35 none null local +``` + #### Type The `type` filter supports two values; `builtin` displays predefined networks From d9a648caed0470b5a791f0e3271fa9cdcf20068d Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 24 Mar 2017 13:06:26 +0100 Subject: [PATCH 2427/2538] Add bash completion for `network ls --filter scope` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 9cf46ae7d4..34b213b353 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2717,6 +2717,10 @@ _docker_network_ls() { __docker_complete_networks --cur "${cur##*=}" --name return ;; + scope) + COMPREPLY=( $( compgen -W "global local swarm" -- "${cur##*=}" ) ) + return + ;; type) COMPREPLY=( $( compgen -W "builtin custom" -- "${cur##*=}" ) ) return @@ -2725,7 +2729,7 @@ _docker_network_ls() { case "$prev" in --filter|-f) - COMPREPLY=( $( compgen -S = -W "driver id label name type" -- "$cur" ) ) + COMPREPLY=( $( compgen -S = -W "driver id label name scope type" -- "$cur" ) ) __docker_nospace return ;; From da2f4802b625be2908977342282acb40cb981008 Mon Sep 17 00:00:00 2001 From: uhayate Date: Fri, 24 Mar 2017 16:34:03 +0800 Subject: [PATCH 2428/2538] update 3 old docs about secret in docs/reference/commandline/ Signed-off-by: uhayate --- docs/reference/commandline/secret_create.md | 35 ++++++++++---------- docs/reference/commandline/secret_inspect.md | 25 ++++++++------ docs/reference/commandline/secret_ls.md | 4 +-- 3 files changed, 34 insertions(+), 30 deletions(-) diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md index 74839f7a9e..ae5942dc47 100644 --- a/docs/reference/commandline/secret_create.md +++ b/docs/reference/commandline/secret_create.md @@ -36,11 +36,13 @@ command on a manager node. ```bash $ echo | docker secret create my_secret - -mhv17xfe3gh6xc4rij5orpfds + +onakdyv307se2tl7nl20anokv $ docker secret ls -ID NAME CREATED UPDATED SIZE -mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 + +ID NAME CREATED UPDATED +onakdyv307se2tl7nl20anokv my_secret 6 seconds ago 6 seconds ago ``` ### Create a secret with a file @@ -48,22 +50,22 @@ mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.90918108 ```bash $ docker secret create my_secret ./secret.json -mhv17xfe3gh6xc4rij5orpfds +dg426haahpi5ezmkkj5kyl3sn $ docker secret ls -ID NAME CREATED UPDATED SIZE -mhv17xfe3gh6xc4rij5orpfds my_secret 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +ID NAME CREATED UPDATED +dg426haahpi5ezmkkj5kyl3sn my_secret 7 seconds ago 7 seconds ago ``` ### Create a secret with labels ```bash $ docker secret create --label env=dev \ - --label rev=20161102 \ + --label rev=20170324 \ my_secret ./secret.json -jtn7g6aukl5ky7nr9gvwafoxh +eo7jnzguqgtpdah3cm5srfb97 ``` ```none @@ -71,22 +73,19 @@ $ docker secret inspect my_secret [ { - "ID": "jtn7g6aukl5ky7nr9gvwafoxh", + "ID": "eo7jnzguqgtpdah3cm5srfb97", "Version": { - "Index": 541 + "Index": 17 }, - "CreatedAt": "2016-11-03T20:54:12.924766548Z", - "UpdatedAt": "2016-11-03T20:54:12.924766548Z", + "CreatedAt": "2017-03-24T08:15:09.735271783Z", + "UpdatedAt": "2017-03-24T08:15:09.735271783Z", "Spec": { "Name": "my_secret", "Labels": { "env": "dev", - "rev": "20161102" - }, - "Data": null - }, - "Digest": "sha256:4212a44b14e94154359569333d3fc6a80f6b9959dfdaff26412f4b2796b1f387", - "SecretSize": 1679 + "rev": "20170324" + } + } } ] ``` diff --git a/docs/reference/commandline/secret_inspect.md b/docs/reference/commandline/secret_inspect.md index 098274e17b..46d17203d0 100644 --- a/docs/reference/commandline/secret_inspect.md +++ b/docs/reference/commandline/secret_inspect.md @@ -46,8 +46,9 @@ For example, given the following secret: ```bash $ docker secret ls -ID NAME CREATED UPDATED -mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC + +ID NAME CREATED UPDATED +eo7jnzguqgtpdah3cm5srfb97 my_secret 3 minutes ago 3 minutes ago ``` ```none @@ -55,14 +56,18 @@ $ docker secret inspect secret.json [ { - "ID": "mhv17xfe3gh6xc4rij5orpfds", - "Version": { - "Index": 1198 + "ID": "eo7jnzguqgtpdah3cm5srfb97", + "Version": { + "Index": 17 }, - "CreatedAt": "2016-10-27T23:25:43.909181089Z", - "UpdatedAt": "2016-10-27T23:25:43.909181089Z", + "CreatedAt": "2017-03-24T08:15:09.735271783Z", + "UpdatedAt": "2017-03-24T08:15:09.735271783Z", "Spec": { - "Name": "secret.json" + "Name": "my_secret", + "Labels": { + "env": "dev", + "rev": "20170324" + } } } ] @@ -75,9 +80,9 @@ secret. The following example command outputs the creation time of the secret. ```bash -$ docker secret inspect --format='{{.CreatedAt}}' mhv17xfe3gh6xc4rij5orpfds +$ docker secret inspect --format='{{.CreatedAt}}' eo7jnzguqgtpdah3cm5srfb97 -2016-10-27 23:25:43.909181089 +0000 UTC +2017-03-24 08:15:09.735271783 +0000 UTC ``` diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md index 271075449d..b25a2f9eed 100644 --- a/docs/reference/commandline/secret_ls.md +++ b/docs/reference/commandline/secret_ls.md @@ -37,8 +37,8 @@ Run this command on a manager node to list the secrets in the swarm. ```bash $ docker secret ls -ID NAME CREATED UPDATED -mhv17xfe3gh6xc4rij5orpfds secret.json 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC +ID NAME CREATED UPDATED +eo7jnzguqgtpdah3cm5srfb97 my_secret 11 minutes ago 11 minutes ago ``` ### Format the output From a10f63f0ce762a971329bed0e3c29b30a20acc51 Mon Sep 17 00:00:00 2001 From: "John Howard (VM)" Date: Tue, 21 Mar 2017 10:02:16 -0700 Subject: [PATCH 2429/2538] Windows: Remove --credentialspec flag Signed-off-by: John Howard (VM) --- contrib/completion/bash/docker | 1 - 1 file changed, 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 34b213b353..b2ea815e55 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1522,7 +1522,6 @@ _docker_container_run_and_create() { __docker_daemon_os_is windows && options_with_args+=" --cpu-count --cpu-percent - --credentialspec --io-maxbandwidth --io-maxiops --isolation From bf7ba6964b335d3966b2345578c40daad67c68cd Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Thu, 9 Mar 2017 11:52:25 -0800 Subject: [PATCH 2430/2538] Allow user to modify ingress network Signed-off-by: Alessandro Boch --- docs/reference/commandline/network_create.md | 18 ++++++++++++++++++ man/src/network/create.md | 17 +++++++++++++++++ man/src/network/inspect.md | 2 ++ 3 files changed, 37 insertions(+) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 4540d530c6..4b95c5e50b 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -22,6 +22,7 @@ Create a network Options: --attachable Enable manual container attachment + --ingress Specify the network provides the routing-mesh --aux-address value Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[]) -d, --driver string Driver to manage the Network (default "bridge") @@ -195,6 +196,23 @@ connects a bridge network to it to provide external connectivity. If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. +### Network ingress mode + +You can create the network which will be used to provide the routing-mesh in the +swarm cluster. You do so by specifying `--ingress` when creating the network. Only +one ingress network can be created at the time. The network can be removed only +if no services depend on it. Any option available when creating a overlay network +is also available when creating the ingress network, besides the `--attachable` option. + +```bash +$ docker network create -d overlay \ + --subnet=10.11.0.0/16 \ + --ingress \ + --opt com.docker.network.mtu=9216 \ + --opt encrypted=true \ + my-ingress-network +``` + ## Related commands * [network inspect](network_inspect.md) diff --git a/man/src/network/create.md b/man/src/network/create.md index 115a41846f..efbf0d5d46 100644 --- a/man/src/network/create.md +++ b/man/src/network/create.md @@ -117,3 +117,20 @@ By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity. If you want to create an externally isolated `overlay` network, you can specify the `--internal` option. + +### Network ingress mode + +You can create the network which will be used to provide the routing-mesh in the +swarm cluster. You do so by specifying `--ingress` when creating the network. Only +one ingress network can be created at the time. The network can be removed only +if no services depend on it. Any option available when creating a overlay network +is also available when creating the ingress network, besides the `--attachable` option. + +```bash +$ docker network create -d overlay \ + --subnet=10.11.0.0/16 \ + --ingress \ + --opt com.docker.network.mtu=9216 \ + --opt encrypted=true \ + my-ingress-network +``` diff --git a/man/src/network/inspect.md b/man/src/network/inspect.md index a61dfd8c10..91cb2dae32 100644 --- a/man/src/network/inspect.md +++ b/man/src/network/inspect.md @@ -32,6 +32,7 @@ $ sudo docker network inspect bridge ] }, "Internal": false, + "Ingress": false, "Containers": { "bda12f8922785d1f160be70736f26c1e331ab8aaf8ed8d56728508f2e2fd4727": { "Name": "container2", @@ -116,6 +117,7 @@ $ docker network inspect --verbose ov1 }, "Internal": false, "Attachable": false, + "Ingress": false, "Containers": { "020403bd88a15f60747fd25d1ad5fa1272eb740e8a97fc547d8ad07b2f721c5e": { "Name": "s1.1.pjn2ik0sfgkfzed3h0s00gs9o", From ab4ce19224b1639278f330056bd48657fe99465f Mon Sep 17 00:00:00 2001 From: erxian Date: Mon, 13 Feb 2017 22:01:03 +0800 Subject: [PATCH 2431/2538] refine docs to describe experimental feature docker build --squash Signed-off-by: erxian --- docs/reference/commandline/build.md | 90 +++++++++++++++++++++++++++++ experimental/README.md | 1 + 2 files changed, 91 insertions(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 20fd58236b..4f5d3c1a37 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -444,6 +444,8 @@ more `--add-host` flags. This example adds a static address for a host named ### Squash an image's layers (--squash) **Experimental Only** +#### Overview + Once the image is built, squash the new layers into a new image with a single new layer. Squashing does not destroy any existing image, rather it creates a new image with the content of the squashed layers. This effectively makes it look @@ -458,3 +460,91 @@ space. storing two copies of the image, one for the build cache with all the cache layers in tact, and one for the squashed version. +#### Prerequisites + +The example on this page is using experimental mode in Docker 1.13. + +Experimental mode can be enabled by using the `--experimental` flag when starting the Docker daemon or setting `experimental: true` in the `daemon.json` configuration file. + +By default, experimental mode is disabled. To see the current configuration, use the `docker version` command. + +```none + +Server: + Version: 1.13.1 + API version: 1.26 (minimum version 1.12) + Go version: go1.7.5 + Git commit: 092cba3 + Built: Wed Feb 8 06:35:24 2017 + OS/Arch: linux/amd64 + Experimental: false + + [...] + +``` + +To enable experimental mode, users need to restart the docker daemon with the experimental flag enabled. + +#### Enable Docker experimental + +Experimental features are now included in the standard Docker binaries as of version 1.13.0. For enabling experimental features, you need to start the Docker daemon with `--experimental` flag. You can also enable the daemon flag via /etc/docker/daemon.json. e.g. + +``` + +{ + "experimental": true +} + +``` +Then make sure the experimental flag is enabled: + +```bash + +$ docker version -f '{{.Server.Experimental}}' +true + +``` + +#### Build an image with `--squash` argument + +The following is an example of docker build with `--squash` argument + +```Dockerfile + +FROM busybox +RUN echo hello > /hello +RUN echo world >> /hello +RUN touch remove_me /remove_me +ENV HELLO world +RUN rm /remove_me + +``` +An image named `test` is built with `--squash` argument. + +```bash + +$ docker build --squash -t test . + +[...] + +``` + +If everything is right, the history will look like this: + +```bash +$ docker history test + +IMAGE CREATED CREATED BY SIZE COMMENT +4e10cb5b4cac 3 seconds ago 12 B merge sha256:88a7b0112a41826885df0e7072698006ee8f621c6ab99fca7fe9151d7b599702 to sha256:47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb + 5 minutes ago /bin/sh -c rm /remove_me 0 B + 5 minutes ago /bin/sh -c #(nop) ENV HELLO=world 0 B + 5 minutes ago /bin/sh -c touch remove_me /remove_me 0 B + 5 minutes ago /bin/sh -c echo world >> /hello 0 B + 6 minutes ago /bin/sh -c echo hello > /hello 0 B + 7 weeks ago /bin/sh -c #(nop) CMD ["sh"] 0 B + 7 weeks ago /bin/sh -c #(nop) ADD file:47ca6e777c36a4cfff 1.113 MB + +``` +We could find that all layer's name is ``, and there is a new layer with COMMENT `merge`. + +Test the image, check for `/remove_me` being gone, make sure `hello\nworld` is in `/hello`, make sure the `HELLO` envvar's value is `world`. diff --git a/experimental/README.md b/experimental/README.md index b57a5d1294..2db68a5eb3 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -36,6 +36,7 @@ true * [Ipvlan Network Drivers](vlan-networks.md) * [Docker Stacks and Distributed Application Bundles](docker-stacks-and-bundles.md) * [Checkpoint & Restore](checkpoint-restore.md) + * [Docker build with --squash argument](docker-build-with-squash.md) ## How to comment on an experimental feature From 51a4fbbf1f8728c5be4c68b9cdc6c21250101706 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 26 Mar 2017 17:33:05 +0200 Subject: [PATCH 2432/2538] Add missing zsh completion for 'docker plugin ls' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 116 +++++++++++++++++---------------- 1 file changed, 61 insertions(+), 55 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 0d345fc342..b3d0856983 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1043,16 +1043,11 @@ __docker_image_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Show all images]" \ "($help)--digests[Show digests]" \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ + "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_images_filters" \ "($help)--format=[Pretty-print images using a Go template]:template: " \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only show numeric IDs]" \ "($help -): :__docker_complete_repositories" && ret=0 - case $state in - (filter-options) - __docker_complete_images_filters && ret=0 - ;; - esac ;; (prune) _arguments $(__docker_arguments) \ @@ -1275,14 +1270,9 @@ __docker_network_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)--no-trunc[Do not truncate the output]" \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_network_complete_ls_filters" \ "($help)--format=[Pretty-print networks using a Go template]:template: " \ "($help -q --quiet)"{-q,--quiet}"[Only display numeric IDs]" && ret=0 - case $state in - (filter-options) - __docker_network_complete_ls_filters && ret=0 - ;; - esac ;; (prune) _arguments $(__docker_arguments) \ @@ -1478,13 +1468,8 @@ __docker_node_subcommand() { (ls|list) _arguments $(__docker_arguments) \ $opts_help \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_node_complete_ls_filters" \ "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 - case $state in - (filter-options) - __docker_node_complete_ls_filters && ret=0 - ;; - esac ;; (promote) _arguments $(__docker_arguments) \ @@ -1495,15 +1480,10 @@ __docker_node_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -a --all)"{-a,--all}"[Display all instances]" \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_node_complete_ps_filters" \ "($help)--no-resolve[Do not map IDs to Names]" \ "($help)--no-trunc[Do not truncate output]" \ "($help -)*:node:__docker_complete_nodes" && ret=0 - case $state in - (filter-options) - __docker_node_complete_ps_filters && ret=0 - ;; - esac ;; (update) _arguments $(__docker_arguments) \ @@ -1526,13 +1506,42 @@ __docker_node_subcommand() { # BO plugin -__docker_complete_plugins() { +__docker_plugin_complete_ls_filters() { + [[ $PREFIX = -* ]] && return 1 + integer ret=1 + + if compset -P '*='; then + case "${${words[-1]%=*}#*=}" in + (capability) + opts=('authz' 'ipamdriver' 'networkdriver' 'volumedriver') + _describe -t capability-opts "capability options" opts && ret=0 + ;; + (enabled) + opts=('false' 'true') + _describe -t enabled-opts "enabled options" opts && ret=0 + ;; + *) + _message 'value' && ret=0 + ;; + esac + else + opts=('capability' 'enabled') + _describe -t filter-opts "filter options" opts -qS "=" && ret=0 + fi + + return ret +} + +__docker_plugins() { [[ $PREFIX = -* ]] && return 1 integer ret=1 local line s - declare -a lines plugins + declare -a lines plugins args - lines=(${(f)${:-"$(_call_program commands docker $docker_options plugin ls)"$'\n'}}) + filter=$1; shift + [[ $filter != "none" ]] && args=("-f $filter") + + lines=(${(f)${:-"$(_call_program commands docker $docker_options plugin ls $args)"$'\n'}}) # Parse header line to find columns local i=1 j=1 k header=${lines[1]} @@ -1558,6 +1567,21 @@ __docker_complete_plugins() { return ret } +__docker_complete_plugins() { + [[ $PREFIX = -* ]] && return 1 + __docker_plugins none "$@" +} + +__docker_complete_enabled_plugins() { + [[ $PREFIX = -* ]] && return 1 + __docker_plugins enabled=true "$@" +} + +__docker_complete_disabled_plugins() { + [[ $PREFIX = -* ]] && return 1 + __docker_plugins enabled=false "$@" +} + __docker_plugin_commands() { local -a _docker_plugin_subcommands _docker_plugin_subcommands=( @@ -1586,13 +1610,13 @@ __docker_plugin_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help -f --force)"{-f,--force}"[Force the disable of an active plugin]" \ - "($help -)1:plugin:__docker_complete_plugins" && ret=0 + "($help -)1:plugin:__docker_complete_enabled_plugins" && ret=0 ;; (enable) _arguments $(__docker_arguments) \ $opts_help \ "($help)--timeout=[HTTP client timeout (in seconds)]:timeout: " \ - "($help -)1:plugin:__docker_complete_plugins" && ret=0 + "($help -)1:plugin:__docker_complete_disabled_plugins" && ret=0 ;; (inspect) _arguments $(__docker_arguments) \ @@ -1613,7 +1637,10 @@ __docker_plugin_subcommand() { (ls|list) _arguments $(__docker_arguments) \ $opts_help \ - "($help)--no-trunc[Don't truncate output]" && ret=0 + "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_plugin_complete_ls_filters" \ + "($help --format)--format=[Format the output using the given Go template]:template: " \ + "($help)--no-trunc[Don't truncate output]" \ + "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 ;; (push) _arguments $(__docker_arguments) \ @@ -1994,14 +2021,9 @@ __docker_service_subcommand() { (ls|list) _arguments $(__docker_arguments) \ $opts_help \ - "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:->filter-options" \ + "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_service_complete_ls_filters" \ "($help)--format=[Pretty-print services using a Go template]:template: " \ "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" && ret=0 - case $state in - (filter-options) - __docker_service_complete_ls_filters && ret=0 - ;; - esac ;; (rm|remove) _arguments $(__docker_arguments) \ @@ -2025,16 +2047,11 @@ __docker_service_subcommand() { (ps) _arguments $(__docker_arguments) \ $opts_help \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_service_complete_ps_filters" \ "($help)--no-resolve[Do not map IDs to Names]" \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only display task IDs]" \ "($help -)*:service:__docker_complete_services" && ret=0 - case $state in - (filter-options) - __docker_service_complete_ps_filters && ret=0 - ;; - esac ;; (update) _arguments $(__docker_arguments) \ @@ -2458,14 +2475,9 @@ __docker_volume_subcommand() { (ls) _arguments $(__docker_arguments) \ $opts_help \ - "($help)*"{-f=,--filter=}"[Provide filter values]:filter:->filter-options" \ + "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_volume_complete_ls_filters" \ "($help)--format=[Pretty-print volumes using a Go template]:template: " \ "($help -q --quiet)"{-q,--quiet}"[Only display volume names]" && ret=0 - case $state in - (filter-options) - __docker_volume_complete_ls_filters && ret=0 - ;; - esac ;; (prune) _arguments $(__docker_arguments) \ @@ -2803,16 +2815,10 @@ __docker_subcommand() { (search) _arguments $(__docker_arguments) -A '-*' \ $opts_help \ - "($help)*"{-f=,--filter=}"[Filter values]:filter:->filter-options" \ + "($help)*"{-f=,--filter=}"[Filter values]:filter:__docker_complete_search_filters" \ "($help)--limit=[Maximum returned search results]:limit:(1 5 10 25 50)" \ "($help)--no-trunc[Do not truncate output]" \ "($help -):term: " && ret=0 - - case $state in - (filter-options) - __docker_complete_search_filters && ret=0 - ;; - esac ;; (secret) local curcontext="$curcontext" state From 91d886adc45034331c6d2ba655f6d2ee6ac32f27 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Sun, 26 Mar 2017 17:04:59 +0200 Subject: [PATCH 2433/2538] Add zsh completion for 'docker network ls --filter scope' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index b3d0856983..3c91fce887 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1115,16 +1115,20 @@ __docker_network_complete_ls_filters() { (name) __docker_complete_networks_names && ret=0 ;; + (scope) + opts=('global' 'local' 'swarm') + _describe -t scope-filter-opts "Scope filter options" opts && ret=0 + ;; (type) - type_opts=('builtin' 'custom') - _describe -t type-filter-opts "Type Filter Options" type_opts && ret=0 + opts=('builtin' 'custom') + _describe -t type-filter-opts "Type filter options" opts && ret=0 ;; *) _message 'value' && ret=0 ;; esac else - opts=('driver' 'id' 'label' 'name' 'type') + opts=('driver' 'id' 'label' 'name' 'scope' 'type') _describe -t filter-opts "Filter Options" opts -qS "=" && ret=0 fi From 06428a4955a7d38cae048123871d401ba0078918 Mon Sep 17 00:00:00 2001 From: mapk0y Date: Tue, 28 Mar 2017 02:50:57 +0900 Subject: [PATCH 2434/2538] Update "man" of docker-run Signed-off-by: mapk0y --- man/docker-run.1.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 66c6b6704b..0ee0a13ee8 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -233,8 +233,7 @@ to the quota you specify. At any time you can run **docker ps** in the other shell to view a list of the running containers. You can reattach to a -detached container with **docker attach**. If you choose to run a container in -the detached mode, then you cannot use the **-rm** option. +detached container with **docker attach**. When attached in the tty mode, you can detach from the container (and leave it running) using a configurable key sequence. The default sequence is `CTRL-p CTRL-q`. From b8d3480fc03db42275bbd7023d9e88c6895edd21 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Mon, 27 Mar 2017 11:10:58 +0200 Subject: [PATCH 2435/2538] Add cli reference docs for root-level commands Signed-off-by: Vincent Demeester --- docs/reference/commandline/container.md | 61 +++++++++++++++++++++++++ docs/reference/commandline/image.md | 47 +++++++++++++++++++ docs/reference/commandline/network.md | 49 ++++++++++++++++++++ docs/reference/commandline/node.md | 42 +++++++++++++++++ docs/reference/commandline/plugin.md | 44 ++++++++++++++++++ docs/reference/commandline/secret.md | 45 ++++++++++++++++++ docs/reference/commandline/service.md | 42 +++++++++++++++++ docs/reference/commandline/stack.md | 39 ++++++++++++++++ docs/reference/commandline/swarm.md | 40 ++++++++++++++++ docs/reference/commandline/system.md | 37 +++++++++++++++ docs/reference/commandline/volume.md | 48 +++++++++++++++++++ 11 files changed, 494 insertions(+) create mode 100644 docs/reference/commandline/container.md create mode 100644 docs/reference/commandline/image.md create mode 100644 docs/reference/commandline/network.md create mode 100644 docs/reference/commandline/node.md create mode 100644 docs/reference/commandline/plugin.md create mode 100644 docs/reference/commandline/secret.md create mode 100644 docs/reference/commandline/service.md create mode 100644 docs/reference/commandline/stack.md create mode 100644 docs/reference/commandline/swarm.md create mode 100644 docs/reference/commandline/system.md create mode 100644 docs/reference/commandline/volume.md diff --git a/docs/reference/commandline/container.md b/docs/reference/commandline/container.md new file mode 100644 index 0000000000..5eefbf2c3e --- /dev/null +++ b/docs/reference/commandline/container.md @@ -0,0 +1,61 @@ + +--- +title: "container" +description: "The container command description and usage" +keywords: "container" +--- + + + +# container + +```markdown +Usage: docker container COMMAND + +Manage containers + +Options: + --help Print usage + +Commands: + attach Attach to a running container + commit Create a new image from a container's changes + cp Copy files/folders between a container and the local filesystem + create Create a new container + diff Inspect changes to files or directories on a container's filesystem + exec Run a command in a running container + export Export a container's filesystem as a tar archive + inspect Display detailed information on one or more containers + kill Kill one or more running containers + logs Fetch the logs of a container + ls List containers + pause Pause all processes within one or more containers + port List port mappings or a specific mapping for the container + prune Remove all stopped containers + rename Rename a container + restart Restart one or more containers + rm Remove one or more containers + run Run a command in a new container + start Start one or more stopped containers + stats Display a live stream of container(s) resource usage statistics + stop Stop one or more running containers + top Display the running processes of a container + unpause Unpause all processes within one or more containers + update Update configuration of one or more containers + wait Block until one or more containers stop, then print their exit codes + +Run 'docker container COMMAND --help' for more information on a command. + +``` + +## Description + +Manage containers. + diff --git a/docs/reference/commandline/image.md b/docs/reference/commandline/image.md new file mode 100644 index 0000000000..fef161aa99 --- /dev/null +++ b/docs/reference/commandline/image.md @@ -0,0 +1,47 @@ + +--- +title: "image" +description: "The image command description and usage" +keywords: "image" +--- + + + +# image + +```markdown +Usage: docker image COMMAND + +Manage images + +Options: + --help Print usage + +Commands: + build Build an image from a Dockerfile + history Show the history of an image + import Import the contents from a tarball to create a filesystem image + inspect Display detailed information on one or more images + load Load an image from a tar archive or STDIN + ls List images + prune Remove unused images + pull Pull an image or a repository from a registry + push Push an image or a repository to a registry + rm Remove one or more images + save Save one or more images to a tar archive (streamed to STDOUT by default) + tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE + +Run 'docker image COMMAND --help' for more information on a command. + +``` + +## Description + +Manage images. diff --git a/docs/reference/commandline/network.md b/docs/reference/commandline/network.md new file mode 100644 index 0000000000..b4ef36b308 --- /dev/null +++ b/docs/reference/commandline/network.md @@ -0,0 +1,49 @@ +--- +title: "network" +description: "The network command description and usage" +keywords: "network" +--- + + + +# network + +```markdown +Usage: docker network COMMAND + +Manage networks + +Options: + --help Print usage + +Commands: + connect Connect a container to a network + create Create a network + disconnect Disconnect a container from a network + inspect Display detailed information on one or more networks + ls List networks + prune Remove all unused networks + rm Remove one or more networks + +Run 'docker network COMMAND --help' for more information on a command. +``` + +## Description + +Manage networks. You can use subcommand to create, list, inspect, remove, +connect and disconnect networks. + +## Related commands + +* [network create](network_create.md) +* [network inspect](network_inspect.md) +* [network list](network_list.md) +* [network rm](network_rm.md) +* [network prune](network_prune.md) diff --git a/docs/reference/commandline/node.md b/docs/reference/commandline/node.md new file mode 100644 index 0000000000..3a7d4b3a76 --- /dev/null +++ b/docs/reference/commandline/node.md @@ -0,0 +1,42 @@ + +--- +title: "node" +description: "The node command description and usage" +keywords: "node" +--- + + + +# node + +```markdown +Usage: docker node COMMAND + +Manage Swarm nodes + +Options: + --help Print usage + +Commands: + demote Demote one or more nodes from manager in the swarm + inspect Display detailed information on one or more nodes + ls List nodes in the swarm + promote Promote one or more nodes to manager in the swarm + ps List tasks running on one or more nodes, defaults to current node + rm Remove one or more nodes from the swarm + update Update a node + +Run 'docker node COMMAND --help' for more information on a command. +``` + +## Description + +Manage nodes. + diff --git a/docs/reference/commandline/plugin.md b/docs/reference/commandline/plugin.md new file mode 100644 index 0000000000..75082477d1 --- /dev/null +++ b/docs/reference/commandline/plugin.md @@ -0,0 +1,44 @@ +--- +title: "plugin" +description: "The plugin command description and usage" +keywords: "plugin" +--- + + + +# plugin + +```markdown +Usage: docker plugin COMMAND + +Manage plugins + +Options: + --help Print usage + +Commands: + create Create a plugin from a rootfs and configuration. Plugin data directory must contain config.json and rootfs directory. + disable Disable a plugin + enable Enable a plugin + inspect Display detailed information on one or more plugins + install Install a plugin + ls List plugins + push Push a plugin to a registry + rm Remove one or more plugins + set Change settings for a plugin + upgrade Upgrade an existing plugin + +Run 'docker plugin COMMAND --help' for more information on a command. + +``` + +## Description + +Manage plugins. diff --git a/docs/reference/commandline/secret.md b/docs/reference/commandline/secret.md new file mode 100644 index 0000000000..50734407ab --- /dev/null +++ b/docs/reference/commandline/secret.md @@ -0,0 +1,45 @@ +--- +title: "secret" +description: "The secret command description and usage" +keywords: "secret" +--- + + + +# secret + +```markdown +Usage: docker secret COMMAND + +Manage Docker secrets + +Options: + --help Print usage + +Commands: + create Create a secret from a file or STDIN as content + inspect Display detailed information on one or more secrets + ls List secrets + rm Remove one or more secrets + +Run 'docker secret COMMAND --help' for more information on a command. + +``` + +## Description + +Manage secrets. + +## Related commands + +* [secret create](secret_create.md) +* [secret inspect](secret_inspect.md) +* [secret list](secret_list.md) +* [secret rm](secret_rm.md) diff --git a/docs/reference/commandline/service.md b/docs/reference/commandline/service.md new file mode 100644 index 0000000000..6256c9f0fb --- /dev/null +++ b/docs/reference/commandline/service.md @@ -0,0 +1,42 @@ +--- +title: "service" +description: "The service command description and usage" +keywords: "service" +--- + + + +# service + +```markdown +Usage: docker service COMMAND + +Manage services + +Options: + --help Print usage + +Commands: + create Create a new service + inspect Display detailed information on one or more services + logs Fetch the logs of a service + ls List services + ps List the tasks of a service + rm Remove one or more services + scale Scale one or multiple replicated services + update Update a service + +Run 'docker service COMMAND --help' for more information on a command. +``` + +## Description + +Manage services. + diff --git a/docs/reference/commandline/stack.md b/docs/reference/commandline/stack.md new file mode 100644 index 0000000000..94e3e252f9 --- /dev/null +++ b/docs/reference/commandline/stack.md @@ -0,0 +1,39 @@ +--- +title: "stack" +description: "The stack command description and usage" +keywords: "stack" +--- + + + +# stack + +```markdown +Usage: docker stack COMMAND + +Manage Docker stacks + +Options: + --help Print usage + +Commands: + deploy Deploy a new stack or update an existing stack + ls List stacks + ps List the tasks in the stack + rm Remove the stack + services List the services in the stack + +Run 'docker stack COMMAND --help' for more information on a command. +``` + +## Description + +Manage stacks. + diff --git a/docs/reference/commandline/swarm.md b/docs/reference/commandline/swarm.md new file mode 100644 index 0000000000..395db69056 --- /dev/null +++ b/docs/reference/commandline/swarm.md @@ -0,0 +1,40 @@ +--- +title: "swarm" +description: "The swarm command description and usage" +keywords: "swarm" +--- + + + +# swarm + +```markdown +Usage: docker swarm COMMAND + +Manage Swarm + +Options: + --help Print usage + +Commands: + init Initialize a swarm + join Join a swarm as a node and/or manager + join-token Manage join tokens + leave Leave the swarm + unlock Unlock swarm + unlock-key Manage the unlock key + update Update the swarm + +Run 'docker swarm COMMAND --help' for more information on a command. +``` + +## Description + +Manage the swarm. diff --git a/docs/reference/commandline/system.md b/docs/reference/commandline/system.md new file mode 100644 index 0000000000..831575db0b --- /dev/null +++ b/docs/reference/commandline/system.md @@ -0,0 +1,37 @@ +--- +title: "system" +description: "The system command description and usage" +keywords: "system" +--- + + + +# system + +```markdown +Usage: docker system COMMAND + +Manage Docker + +Options: + --help Print usage + +Commands: + df Show docker disk usage + events Get real time events from the server + info Display system-wide information + prune Remove unused data + +Run 'docker system COMMAND --help' for more information on a command. +``` + +## Description + +Manage docker. diff --git a/docs/reference/commandline/volume.md b/docs/reference/commandline/volume.md new file mode 100644 index 0000000000..d12d33d99f --- /dev/null +++ b/docs/reference/commandline/volume.md @@ -0,0 +1,48 @@ +--- +title: "volume" +description: "The volume command description and usage" +keywords: "volume" +--- + + + +# volume + +```markdown +Usage: docker volume COMMAND + +Manage volumes + +Options: + --help Print usage + +Commands: + create Create a volume + inspect Display detailed information on one or more volumes + ls List volumes + prune Remove all unused volumes + rm Remove one or more volumes + +Run 'docker volume COMMAND --help' for more information on a command. +``` + +## Description + +Manage volumes. You can use subcommand to create, list, inspect, remove +volumes. + +## Related commands + +* [volume create](volume_create.md) +* [volume inspect](volume_inspect.md) +* [volume list](volume_list.md) +* [volume rm](volume_rm.md) +* [volume prune](volume_prune.md) +* [Understand Data Volumes](https://docs.docker.com/engine/tutorials/dockervolumes/) From 3c6718905cf5b58d7b6daa5ce49704ba9c866834 Mon Sep 17 00:00:00 2001 From: EG Noriega Date: Fri, 10 Mar 2017 12:08:41 -0500 Subject: [PATCH 2436/2538] Add details for inspect command usage Signed-off-by: Eric G. Noriega Signed-off-by: Vincent Demeester --- docs/reference/commandline/inspect.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 842faf9b49..5b33b0ba19 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -30,13 +30,34 @@ Options: ## Description -By default, `docker inspect` will render all results in a JSON array. If the container and -image have the same name, this will return container JSON for unspecified type. +Docker inspect provides detailed information on constructs controlled by Docker. + +By default, `docker inspect` will render results in a JSON array. + +## Request a custom response format (--format) + If a format is specified, the given template will be executed for each result. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. +## Specify target type (--type) + +`--type container|image|node|network|secret|service|volume|task|plugin` + +The `docker inspect` command matches any type of object by either ID or name. +In some cases multiple type of objects (for example, a container and a volume) +exist with the same name, making the result ambigious. + +To restrict `docker inspect` to a specific type of object, use the `--type` +option. + +The following example inspects a _volume_ named "myvolume" + +```bash +$ docker inspect --type=volume myvolume +``` + ## Examples ### Get an instance's IP address From 87f6e631ea89a410b806f5fa90763bfdcf10a3d1 Mon Sep 17 00:00:00 2001 From: allencloud Date: Fri, 17 Mar 2017 14:51:48 +0800 Subject: [PATCH 2437/2538] specify max size for secret in doc Signed-off-by: allencloud --- docs/reference/commandline/secret_create.md | 5 +++-- docs/reference/commandline/secret_inspect.md | 2 ++ docs/reference/commandline/secret_ls.md | 2 ++ docs/reference/commandline/secret_rm.md | 2 ++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md index ae5942dc47..e534dde553 100644 --- a/docs/reference/commandline/secret_create.md +++ b/docs/reference/commandline/secret_create.md @@ -27,8 +27,9 @@ Options: ## Description -Creates a secret using standard input or from a file for the secret content. You must run this -command on a manager node. +Creates a secret using standard input or from a file for the secret content. You must run this command on a manager node. + +For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). ## Examples diff --git a/docs/reference/commandline/secret_inspect.md b/docs/reference/commandline/secret_inspect.md index 46d17203d0..cecf3c1ddc 100644 --- a/docs/reference/commandline/secret_inspect.md +++ b/docs/reference/commandline/secret_inspect.md @@ -36,6 +36,8 @@ the given template will be executed for each result. Go's [text/template](http://golang.org/pkg/text/template/) package describes all the details of the format. +For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). + ## Examples ### Inspect a secret by name or ID diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md index b25a2f9eed..743aecffb7 100644 --- a/docs/reference/commandline/secret_ls.md +++ b/docs/reference/commandline/secret_ls.md @@ -32,6 +32,8 @@ Options: Run this command on a manager node to list the secrets in the swarm. +For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). + ## Examples ```bash diff --git a/docs/reference/commandline/secret_rm.md b/docs/reference/commandline/secret_rm.md index 9887d3331a..1e10350f96 100644 --- a/docs/reference/commandline/secret_rm.md +++ b/docs/reference/commandline/secret_rm.md @@ -32,6 +32,8 @@ Options: Removes the specified secrets from the swarm. This command has to be run targeting a manager node. +For detailed information about using secrets, refer to [manage sensitive data with Docker secrets](https://docs.docker.com/engine/swarm/secrets/). + ## Examples This example removes a secret: From a616b0c305c71eae30808f0751c60979faf3735e Mon Sep 17 00:00:00 2001 From: Greg Pflaum Date: Wed, 22 Mar 2017 22:48:34 -0400 Subject: [PATCH 2438/2538] Fix indenting in table of contents Fixes #30841. The "filter" section had the wrong header size, which caused sections following it to have the wrong indentation in the right-side table of contents. Signed-off-by: Greg Pflaum --- docs/deprecated.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 109c3030b4..3ac563b36b 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -40,7 +40,7 @@ docker 1.9, but kept around for backward compatibility. Refer to [#17538](https://github.com/docker/docker/pull/17538) for further information. -## `filter` param for `/images/json` endpoint +### `filter` param for `/images/json` endpoint **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** **Target For Removal In Release: v17.12** From 4903dd2ca2d276e9737775236fd7301641551abd Mon Sep 17 00:00:00 2001 From: allencloud Date: Tue, 6 Dec 2016 00:08:43 +0800 Subject: [PATCH 2439/2538] make secret ls support filters in CLI Signed-off-by: allencloud --- docs/reference/commandline/secret_ls.md | 72 +++++++++++++++++++++++-- 1 file changed, 68 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md index 743aecffb7..9b60227b8e 100644 --- a/docs/reference/commandline/secret_ls.md +++ b/docs/reference/commandline/secret_ls.md @@ -24,8 +24,10 @@ Aliases: ls, list Options: - -q, --quiet Only display IDs - -format string Pretty-print secrets using a Go template + -f, --filter filter Filter output based on conditions provided + --format string Pretty-print secrets using a Go template + --help Print usage + -q, --quiet Only display IDs ``` ## Description @@ -39,8 +41,70 @@ For detailed information about using secrets, refer to [manage sensitive data wi ```bash $ docker secret ls -ID NAME CREATED UPDATED -eo7jnzguqgtpdah3cm5srfb97 my_secret 11 minutes ago 11 minutes ago +ID NAME CREATED UPDATED +6697bflskwj1998km1gnnjr38 q5s5570vtvnimefos1fyeo2u2 6 weeks ago 6 weeks ago +9u9hk4br2ej0wgngkga6rp4hq my_secret 5 weeks ago 5 weeks ago +mem02h8n73mybpgqjf0kfi1n0 test_secret 3 seconds ago 3 seconds ago +``` + +### Filtering + +The filtering flag (`-f` or `--filter`) format is a `key=value` pair. If there is more +than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "bif=baz"`) + +The currently supported filters are: + +* [id](secret_ls.md#id) (secret's ID) +* [label](secret_ls.md#label) (`label=` or `label==`) +* [name](secret_ls.md#name) (secret's name) + +#### id + +The `id` filter matches all or prefix of a secret's id. + +```bash +$ docker secret ls -f "id=6697bflskwj1998km1gnnjr38" + +ID NAME CREATED UPDATED +6697bflskwj1998km1gnnjr38 q5s5570vtvnimefos1fyeo2u2 6 weeks ago 6 weeks ago +``` + +#### label + +The `label` filter matches secrets based on the presence of a `label` alone or +a `label` and a value. + +The following filter matches all secrets with a `project` label regardless of +its value: + +```bash +$ docker secret ls --filter label=project + +ID NAME CREATED UPDATED +mem02h8n73mybpgqjf0kfi1n0 test_secret About an hour ago About an hour ago +``` + +The following filter matches only services with the `project` label with the +`project-a` value. + +```bash +$ docker service ls --filter label=project=test + +ID NAME CREATED UPDATED +mem02h8n73mybpgqjf0kfi1n0 test_secret About an hour ago About an hour ago +``` + +#### name + +The `name` filter matches on all or prefix of a secret's name. + +The following filter matches secret with a name containing a prefix of `test`. + +```bash +$ docker secret ls --filter name=test_secret + +ID NAME CREATED UPDATED +mem02h8n73mybpgqjf0kfi1n0 test_secret About an hour ago About an hour ago ``` ### Format the output From 5840993e1c9fd6395dcb81668f08c64b99542a28 Mon Sep 17 00:00:00 2001 From: David Xia Date: Thu, 16 Mar 2017 16:48:04 -0400 Subject: [PATCH 2440/2538] [docs] Fix incorrect `docker inspect` example Fixed incorrect `docker inspect` example in docs. Verify by running the old and new commands. fixes #31900 Signed-off-by: David Xia --- docs/reference/commandline/inspect.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/inspect.md b/docs/reference/commandline/inspect.md index 5b33b0ba19..9ce4f5f517 100644 --- a/docs/reference/commandline/inspect.md +++ b/docs/reference/commandline/inspect.md @@ -84,7 +84,7 @@ $ docker inspect --format='{{.LogPath}}' $INSTANCE_ID ### Get an instance's image name ```bash -$ docker inspect --format='{{.Container.Spec.Image}}' $INSTANCE_ID +$ docker inspect --format='{{.Config.Image}}' $INSTANCE_ID ``` ### List all port bindings From 2e9e71f59a3f764e96fa2c6de9d649b72ea85eee Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Tue, 14 Feb 2017 16:07:50 -0800 Subject: [PATCH 2441/2538] Update docs for experimental features Signed-off-by: Misty Stanley-Jones Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 63 +++++++++++++++------------ experimental/README.md | 20 ++++++--- 2 files changed, 50 insertions(+), 33 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 3b40540a33..e9c64bd12e 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -17,33 +17,34 @@ keywords: "container, daemon, runtime" # daemon ```markdown -Usage: dockerd [OPTIONS] +Usage: dockerd COMMAND A self-sufficient runtime for containers. Options: - --add-runtime value Register an additional OCI compatible runtime (default []) + --add-runtime runtime Register an additional OCI compatible runtime (default []) --api-cors-header string Set CORS headers in the Engine API - --authorization-plugin value Authorization plugins to load (default []) + --authorization-plugin list Authorization plugins to load (default []) --bip string Specify network bridge IP -b, --bridge string Attach containers to a network bridge --cgroup-parent string Set parent cgroup for all containers --cluster-advertise string Address or interface name to advertise --cluster-store string URL of the distributed storage backend - --cluster-store-opt value Set cluster store options (default map[]) + --cluster-store-opt map Set cluster store options (default map[]) --config-file string Daemon configuration file (default "/etc/docker/daemon.json") --containerd string Path to containerd socket + --cpu-rt-period int Limit the CPU real-time period in microseconds + --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds -D, --debug Enable debug mode - --default-gateway value Container default gateway IPv4 address - --default-gateway-v6 value Container default gateway IPv6 address + --default-gateway ip Container default gateway IPv4 address + --default-gateway-v6 ip Container default gateway IPv6 address --default-runtime string Default OCI runtime for containers (default "runc") - --default-shm-size bytes Set the default shm size for containers (default 64 MiB) - --default-ulimit value Default ulimits for containers (default []) + --default-ulimit ulimit Default ulimits for containers (default []) --disable-legacy-registry Disable contacting legacy registries - --dns value DNS server to use (default []) - --dns-opt value DNS options to use (default []) - --dns-search value DNS search domains to use (default []) - --exec-opt value Runtime execution options (default []) + --dns list DNS server to use (default []) + --dns-opt list DNS options to use (default []) + --dns-search list DNS search domains to use (default []) + --exec-opt list Runtime execution options (default []) --exec-root string Root directory for execution state files (default "/var/run/docker") --experimental Enable experimental features --fixed-cidr string IPv4 subnet for fixed IPs @@ -51,39 +52,39 @@ Options: -g, --graph string Root of the Docker runtime (default "/var/lib/docker") -G, --group string Group for the unix socket (default "docker") --help Print usage - -H, --host value Daemon socket(s) to connect to (default []) + -H, --host list Daemon socket(s) to connect to (default []) --icc Enable inter-container communication (default true) --init Run an init in the container to forward signals and reap processes --init-path string Path to the docker-init binary - --insecure-registry value Enable insecure registry communication (default []) - --ip value Default IP when binding container ports (default 0.0.0.0) + --insecure-registry list Enable insecure registry communication (default []) + --ip ip Default IP when binding container ports (default 0.0.0.0) --ip-forward Enable net.ipv4.ip_forward (default true) --ip-masq Enable IP masquerading (default true) --iptables Enable addition of iptables rules (default true) --ipv6 Enable IPv6 networking - --label value Set key=value labels to the daemon (default []) - --live-restore Enable live restore of docker when containers are still running (Linux only) + --label list Set key=value labels to the daemon (default []) + --live-restore Enable live restore of docker when containers are still running --log-driver string Default driver for container logs (default "json-file") - -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") - --log-opt value Default log driver options for containers (default map[]) + -l, --log-level string Set the logging level ("debug", "info", "warn", "error", "fatal") (default "info") + --log-opt map Default log driver options for containers (default map[]) --max-concurrent-downloads int Set the max concurrent downloads for each pull (default 3) --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) - --metrics-addr string Set address and port to serve the metrics api (default "") + --metrics-addr string Set default address and port to serve the metrics api on --mtu int Set the containers network MTU --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") --raw-logs Full timestamps without ANSI coloring - --registry-mirror value Preferred Docker registry mirror (default []) - --seccomp-profile value Path to seccomp profile + --registry-mirror list Preferred Docker registry mirror (default []) + --seccomp-profile string Path to seccomp profile --selinux-enabled Enable selinux support - --shutdown-timeout=15 Set the shutdown timeout value in seconds + --shutdown-timeout int Set the default shutdown timeout (default 15) -s, --storage-driver string Storage driver to use - --storage-opt value Storage driver options (default []) + --storage-opt list Storage driver options (default []) --swarm-default-advertise-addr string Set default address or interface for swarm advertised address --tls Use TLS; implied by --tlsverify - --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") - --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") - --tlskey string Path to TLS key file (default "/root/.docker/key.pem") + --tlscacert string Trust certs signed only by this CA (default "~/.docker/ca.pem") + --tlscert string Path to TLS certificate file (default "~/.docker/cert.pem") + --tlskey string Path to TLS key file (default ~/.docker/key.pem") --tlsverify Use TLS and verify the remote --userland-proxy Use userland proxy for loopback traffic (default true) --userland-proxy-path string Path to the userland proxy binary @@ -99,7 +100,13 @@ Options with [] may be specified multiple times. uses different binaries for the daemon and client. To run the daemon you type `dockerd`. -To run the daemon with debug output, use `dockerd -D`. +To run the daemon with debug output, use `dockerd -D` or add `debug: true` to +the `daemon.json` file. + +> **Note**: In Docker 1.13 and higher, enable experimental features by starting +> `dockerd` with the `--experimental` flag or adding `experimental: true` to the +> `daemon.json` file. In earlier Docker versions, a different build was required +> to enable experimental features. ## Examples diff --git a/experimental/README.md b/experimental/README.md index 2db68a5eb3..bd475c6aff 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -13,9 +13,9 @@ please feel free to provide any feedback on these features you wish. Experimental features are now included in the standard Docker binaries as of version 1.13.0. -For enabling experimental features, you need to start the Docker daemon with -`--experimental` flag. -You can also enable the daemon flag via `/etc/docker/daemon.json`. e.g. +To enable experimental features, start the Docker daemon with the +`--experimental` flag or enable the daemon flag in the +`/etc/docker/daemon.json` configuration file: ```json { @@ -23,7 +23,8 @@ You can also enable the daemon flag via `/etc/docker/daemon.json`. e.g. } ``` -Then make sure the experimental flag is enabled: +You can check to see if experimental features are enabled on a running daemon +using the following command: ```bash $ docker version -f '{{.Server.Experimental}}' @@ -32,9 +33,18 @@ true ## Current experimental features +Docker service logs command to view logs for a Docker service. This is needed in Swarm mode. +Option to squash image layers to the base image after successful builds. +Checkpoint and restore support for Containers. +Metrics (Prometheus) output for basic container, image, and daemon operations. + + * The top-level [docker deploy](../../docs/reference/deploy.md) command. The + `docker stack deploy` command is **not** experimental. + * [`docker service logs` command](../docs/reference/commandline/service_logs.md) + * [`--squash` option to `docker build` command](../docs/reference/commandline/build.md##squash-an-images-layers---squash-experimental-only) * [External graphdriver plugins](../docs/extend/plugins_graphdriver.md) * [Ipvlan Network Drivers](vlan-networks.md) - * [Docker Stacks and Distributed Application Bundles](docker-stacks-and-bundles.md) + * [Distributed Application Bundles](docker-stacks-and-bundles.md) * [Checkpoint & Restore](checkpoint-restore.md) * [Docker build with --squash argument](docker-build-with-squash.md) From d5e7e1c70cf52037f1e5dd7bae6c96edea680109 Mon Sep 17 00:00:00 2001 From: Ian Philpot Date: Fri, 24 Mar 2017 10:25:52 -0400 Subject: [PATCH 2442/2538] Updated push.md with progress bar info Signed-off-by: Ian Philpot --- docs/reference/commandline/push.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index 27e988e079..61c37139fd 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -36,6 +36,10 @@ image and tag names. Killing the `docker push` process, for example by pressing `CTRL-c` while it is running in a terminal, terminates the push operation. +Progress bars are shown during docker push, which show the uncompressed size. The +actual amount of data that's pushed will be compressed before sending, so the uploaded + size will not be reflected by the progress bar. + Registry credentials are managed by [docker login](login.md). ### Concurrent uploads From 64704a2a80ea56196ef7b654ae2298e6e55e0ba0 Mon Sep 17 00:00:00 2001 From: JimGalasyn Date: Tue, 28 Mar 2017 09:59:25 -0700 Subject: [PATCH 2443/2538] Delete extraneous H1 title Signed-off-by: JimGalasyn --- docs/extend/legacy_plugins.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index b7c9709790..3f0ea0a90b 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -15,8 +15,6 @@ keywords: "Examples, Usage, plugins, docker, documentation, user guide" will be rejected. --> -# Use Docker Engine plugins - This document describes the Docker Engine plugins generally available in Docker Engine. To view information on plugins managed by Docker, refer to [Docker Engine plugin system](index.md). @@ -76,7 +74,7 @@ Plugin [Local Persist Plugin](https://github.com/CWSpear/local-persist) | A volume plugin that extends the default `local` driver's functionality by allowing you specify a mountpoint anywhere on the host, which enables the files to *always persist*, even if the volume is removed via `docker volume rm`. [NetApp Plugin](https://github.com/NetApp/netappdvp) (nDVP) | A volume plugin that provides direct integration with the Docker ecosystem for the NetApp storage portfolio. The nDVP package supports the provisioning and management of storage resources from the storage platform to Docker hosts, with a robust framework for adding additional platforms in the future. [Netshare plugin](https://github.com/ContainX/docker-volume-netshare) | A volume plugin that provides volume management for NFS 3/4, AWS EFS and CIFS file systems. -[Nimble Storage Volume Plugin](https://connect.nimblestorage.com/community/app-integration/docker)| A volume plug-in that integrates with Nimble Storage Unified Flash Fabric arrays. The plug-in abstracts array volume capabilities to the Docker administrator to allow self-provisioning of secure multi-tenant volumes and clones. +[Nimble Storage Volume Plugin](https://connect.nimblestorage.com/community/app-integration/docker)| A volume plug-in that integrates with Nimble Storage Unified Flash Fabric arrays. The plug-in abstracts array volume capabilities to the Docker administrator to allow self-provisioning of secure multi-tenant volumes and clones. [OpenStorage Plugin](https://github.com/libopenstorage/openstorage) | A cluster-aware volume plugin that provides volume management for file and block storage solutions. It implements a vendor neutral specification for implementing extensions such as CoS, encryption, and snapshots. It has example drivers based on FUSE, NFS, NBD and EBS to name a few. [Portworx Volume Plugin](https://github.com/portworx/px-dev) | A volume plugin that turns any server into a scale-out converged compute/storage node, providing container granular storage and highly available volumes across any node, using a shared-nothing storage backend that works with any docker scheduler. [Quobyte Volume Plugin](https://github.com/quobyte/docker-volume) | A volume plugin that connects Docker to [Quobyte](http://www.quobyte.com/containers)'s data center file system, a general-purpose scalable and fault-tolerant storage platform. From 9bd9b918be36a1bbab9c0feef517cf1e08b4dcc7 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 30 Mar 2017 05:06:58 +0800 Subject: [PATCH 2444/2538] fix inconsistency for Signed-off-by: yuexiao-wang --- docs/reference/commandline/service.md | 2 +- docs/reference/commandline/service_ps.md | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/service.md b/docs/reference/commandline/service.md index 6256c9f0fb..7ae0224ac0 100644 --- a/docs/reference/commandline/service.md +++ b/docs/reference/commandline/service.md @@ -28,7 +28,7 @@ Commands: inspect Display detailed information on one or more services logs Fetch the logs of a service ls List services - ps List the tasks of a service + ps List the tasks of one or more services rm Remove one or more services scale Scale one or multiple replicated services update Update a service diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index 43c7681314..ce31b8d190 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -17,7 +17,7 @@ aliases: ["/engine/reference/commandline/service_tasks/"] # service ps ```Markdown -Usage: docker service ps [OPTIONS] SERVICE +Usage: docker service ps [OPTIONS] SERVICE [SERVICE...] List the tasks of one or more services @@ -147,12 +147,10 @@ ID NAME IMAGE NODE DESIRED STATE CURRENT STATE 8eaxrb2fqpbn redis.10 redis:3.0.6 manager1 Running Running 8 seconds ``` - #### desired-state The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. - ### Formatting The formatting options (`--format`) pretty-prints tasks output @@ -176,7 +174,7 @@ output the data exactly as the template declares or, when using the `table` directive, includes column headers as well. The following example uses a template without headers and outputs the -`ID` and `Driver` entries separated by a colon for all tasks: +`Name` and `Image` entries separated by a colon for all tasks: ```bash $ docker service ps --format "{{.Name}}: {{.Image}}" top From c6875037bbfe1c45dd728a479e6dc243f59c63d5 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Wed, 22 Mar 2017 12:48:03 -0700 Subject: [PATCH 2445/2538] Add bash completion for `secret ls --format` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b2ea815e55..b120063d84 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3850,9 +3850,15 @@ _docker_secret_list() { } _docker_secret_ls() { + case "$prev" in + --format) + return + ;; + esac + case "$cur" in -*) - COMPREPLY=( $( compgen -W "--help --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format --help --quiet -q" -- "$cur" ) ) ;; esac } From 2bc240c0f239e89205bc5c1c22df976cef417284 Mon Sep 17 00:00:00 2001 From: yuexiao-wang Date: Thu, 30 Mar 2017 04:13:28 +0800 Subject: [PATCH 2446/2538] provide examples Signed-off-by: yuexiao-wang --- docs/reference/commandline/node_ps.md | 6 +- docs/reference/commandline/service_ps.md | 4 +- docs/reference/commandline/stack_ps.md | 177 ++++++++++++++++++++++- 3 files changed, 178 insertions(+), 9 deletions(-) diff --git a/docs/reference/commandline/node_ps.md b/docs/reference/commandline/node_ps.md index 76bf381e3d..0bf76e0d8e 100644 --- a/docs/reference/commandline/node_ps.md +++ b/docs/reference/commandline/node_ps.md @@ -104,7 +104,7 @@ redis.7.bg8c07zzg87di2mufeq51a2qp redis:3.0.6 swarm-manager1 Running R #### desired-state -The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. +The `desired-state` filter can take the values `running`, `shutdown`, or `accepted`. ### Formatting @@ -119,7 +119,7 @@ Placeholder | Description `.Name` | Task name `.Image` | Task image `.Node` | Node ID -`.DesiredState` | Desired state of the task (`running`, `shutdown`, and `accepted`) +`.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) `.CurrentState` | Current state of the task `.Error` | Error `.Ports` | Task published ports @@ -129,7 +129,7 @@ output the data exactly as the template declares or, when using the `table` directive, includes column headers as well. The following example uses a template without headers and outputs the -`ID` and `Driver` entries separated by a colon for all tasks: +`Name` and `Image` entries separated by a colon for all tasks: ```bash $ docker node ps --format "{{.Name}}: {{.Image}}" diff --git a/docs/reference/commandline/service_ps.md b/docs/reference/commandline/service_ps.md index ce31b8d190..51e8604c7e 100644 --- a/docs/reference/commandline/service_ps.md +++ b/docs/reference/commandline/service_ps.md @@ -149,7 +149,7 @@ ID NAME IMAGE NODE DESIRED STATE CURRENT STATE #### desired-state -The `desired-state` filter can take the values `running`, `shutdown`, and `accepted`. +The `desired-state` filter can take the values `running`, `shutdown`, or `accepted`. ### Formatting @@ -164,7 +164,7 @@ Placeholder | Description `.Name` | Task name `.Image` | Task image `.Node` | Node ID -`.DesiredState` | Desired state of the task (`running`, `shutdown`, and `accepted`) +`.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) `.CurrentState` | Current state of the task `.Error` | Error `.Ports` | Task published ports diff --git a/docs/reference/commandline/stack_ps.md b/docs/reference/commandline/stack_ps.md index eafa47c24a..901b46b22d 100644 --- a/docs/reference/commandline/stack_ps.md +++ b/docs/reference/commandline/stack_ps.md @@ -36,8 +36,21 @@ command has to be run targeting a manager node. ## Examples +### List the tasks that are part of a stack + +The following command shows all the tasks that are part of the `voting` stack: + ```bash -$ docker stack ps +$ docker stack ps voting +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +xim5bcqtgk1b voting_worker.1 dockersamples/examplevotingapp_worker:latest node2 Running Running 2 minutes ago +q7yik0ks1in6 voting_result.1 dockersamples/examplevotingapp_result:before node1 Running Running 2 minutes ago +rx5yo0866nfx voting_vote.1 dockersamples/examplevotingapp_vote:before node3 Running Running 2 minutes ago +tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 2 minutes ago +w48spazhbmxc voting_redis.1 redis:alpine node2 Running Running 3 minutes ago +6jj1m02freg1 voting_visualizer.1 dockersamples/visualizer:stable node1 Running Running 2 minutes ago +kqgdmededccb voting_vote.2 dockersamples/examplevotingapp_vote:before node2 Running Running 2 minutes ago +t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 3 minutes ago ``` ### Filtering @@ -49,9 +62,165 @@ Multiple filter flags are combined as an `OR` filter. For example, The currently supported filters are: -* id -* name -* desired-state +* [id](#id) +* [name](#name) +* [node](#node) +* [desired-state](#desired-state) + +#### id + +The `id` filter matches on all or a prefix of a task's ID. + +```bash +$ docker stack ps -f "id=t" voting +ID NAME IMAGE NODE DESIRED STATE CURRENTSTATE ERROR PORTS +tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 14 minutes ago +t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 14 minutes ago +``` + +#### name + +The `name` filter matches on task names. + +```bash +$ docker stack ps -f "name=voting_redis" voting +ID NAME IMAGE NODE DESIRED STATE CURRENTSTATE ERROR PORTS +w48spazhbmxc voting_redis.1 redis:alpine node2 Running Running 17 minutes ago +t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 17 minutes ago +``` + +#### node + +The `node` filter matches on a node name or a node ID. + +```bash +$ docker stack ps -f "node=node1" voting +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +q7yik0ks1in6 voting_result.1 dockersamples/examplevotingapp_result:before node1 Running Running 18 minutes ago +tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 18 minutes ago +6jj1m02freg1 voting_visualizer.1 dockersamples/visualizer:stable node1 Running Running 18 minutes ago +``` + +#### desired-state + +The `desired-state` filter can take the values `running`, `shutdown`, or `accepted`. + +```bash +$ docker stack ps -f "desired-state=running" voting +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +xim5bcqtgk1b voting_worker.1 dockersamples/examplevotingapp_worker:latest node2 Running Running 21 minutes ago +q7yik0ks1in6 voting_result.1 dockersamples/examplevotingapp_result:before node1 Running Running 21 minutes ago +rx5yo0866nfx voting_vote.1 dockersamples/examplevotingapp_vote:before node3 Running Running 21 minutes ago +tz6j82jnwrx7 voting_db.1 postgres:9.4 node1 Running Running 21 minutes ago +w48spazhbmxc voting_redis.1 redis:alpine node2 Running Running 21 minutes ago +6jj1m02freg1 voting_visualizer.1 dockersamples/visualizer:stable node1 Running Running 21 minutes ago +kqgdmededccb voting_vote.2 dockersamples/examplevotingapp_vote:before node2 Running Running 21 minutes ago +t72q3z038jeh voting_redis.2 redis:alpine node3 Running Running 21 minutes ago +``` + +### Formatting + +The formatting options (`--format`) pretty-prints tasks output using a Go template. + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +----------------|------------------------------------------------------------------------------------------ +`.ID` | Task ID +`.Name` | Task name +`.Image` | Task image +`.Node` | Node ID +`.DesiredState` | Desired state of the task (`running`, `shutdown`, or `accepted`) +`.CurrentState` | Current state of the task +`.Error` | Error +`.Ports` | Task published ports + +When using the `--format` option, the `stack ps` command will either +output the data exactly as the template declares or, when using the +`table` directive, includes column headers as well. + +The following example uses a template without headers and outputs the +`Name` and `Image` entries separated by a colon for all tasks: + +```bash +$ docker stack ps --format "{{.Name}}: {{.Image}}" voting +voting_worker.1: dockersamples/examplevotingapp_worker:latest +voting_result.1: dockersamples/examplevotingapp_result:before +voting_vote.1: dockersamples/examplevotingapp_vote:before +voting_db.1: postgres:9.4 +voting_redis.1: redis:alpine +voting_visualizer.1: dockersamples/visualizer:stable +voting_vote.2: dockersamples/examplevotingapp_vote:before +voting_redis.2: redis:alpine +``` + +### Do not map IDs to Names + +The `--no-resolve` option shows IDs for task name, without mapping IDs to Names. + +```bash +$ docker stack ps --no-resolve voting +ID NAME IMAGE NODE DESIRED STATE CURRENT STATE ERROR PORTS +xim5bcqtgk1b 10z9fjfqzsxnezo4hb81p8mqg.1 dockersamples/examplevotingapp_worker:latest qaqt4nrzo775jrx6detglho01 Running Running 30 minutes ago +q7yik0ks1in6 hbxltua1na7mgqjnidldv5m65.1 dockersamples/examplevotingapp_result:before mxpaef1tlh23s052erw88a4w5 Running Running 30 minutes ago +rx5yo0866nfx qyprtqw1g5nrki557i974ou1d.1 dockersamples/examplevotingapp_vote:before kanqcxfajd1r16wlnqcblobmm Running Running 31 minutes ago +tz6j82jnwrx7 122f0xxngg17z52be7xspa72x.1 postgres:9.4 mxpaef1tlh23s052erw88a4w5 Running Running 31 minutes ago +w48spazhbmxc tg61x8myx563ueo3urmn1ic6m.1 redis:alpine qaqt4nrzo775jrx6detglho01 Running Running 31 minutes ago +6jj1m02freg1 8cqlyi444kzd3panjb7edh26v.1 dockersamples/visualizer:stable mxpaef1tlh23s052erw88a4w5 Running Running 31 minutes ago +kqgdmededccb qyprtqw1g5nrki557i974ou1d.2 dockersamples/examplevotingapp_vote:before qaqt4nrzo775jrx6detglho01 Running Running 31 minutes ago +t72q3z038jeh tg61x8myx563ueo3urmn1ic6m.2 redis:alpine kanqcxfajd1r16wlnqcblobmm Running Running 31 minutes ago +``` + +### Do not truncate output + +When deploying a service, docker resolves the digest for the service's +image, and pins the service to that digest. The digest is not shown by +default, but is printed if `--no-trunc` is used. The `--no-trunc` option +also shows the non-truncated task IDs, and error-messages, as can be seen below: + +```bash +$ docker stack ps --no-trunc voting +ID NAME IMAGE NODE DESIRED STATE CURREN STATE ERROR PORTS +xim5bcqtgk1bxqz91jzo4a1s5 voting_worker.1 dockersamples/examplevotingapp_worker:latest@sha256:3e4ddf59c15f432280a2c0679c4fc5a2ee5a797023c8ef0d3baf7b1385e9fed node2 Running Runnin 32 minutes ago +q7yik0ks1in6kv32gg6y6yjf7 voting_result.1 dockersamples/examplevotingapp_result:before@sha256:83b56996e930c292a6ae5187fda84dd6568a19d97cdb933720be15c757b7463 node1 Running Runnin 32 minutes ago +rx5yo0866nfxc58zf4irsss6n voting_vote.1 dockersamples/examplevotingapp_vote:before@sha256:8e64b182c87de902f2b72321c89b4af4e2b942d76d0b772532ff27ec4c6ebf6 node3 Running Runnin 32 minutes ago +tz6j82jnwrx7n2offljp3mn03 voting_db.1 postgres:9.4@sha256:6046af499eae34d2074c0b53f9a8b404716d415e4a03e68bc1d2f8064f2b027 node1 Running Runnin 32 minutes ago +w48spazhbmxcmbjfi54gs7x90 voting_redis.1 redis:alpine@sha256:9cd405cd1ec1410eaab064a1383d0d8854d1ef74a54e1e4a92fb4ec7bdc3ee7 node2 Running Runnin 32 minutes ago +6jj1m02freg1n3z9n1evrzsbl voting_visualizer.1 dockersamples/visualizer:stable@sha256:f924ad66c8e94b10baaf7bdb9cd491ef4e982a1d048a56a17e02bf5945401e5 node1 Running Runnin 32 minutes ago +kqgdmededccbhz2wuc0e9hx7g voting_vote.2 dockersamples/examplevotingapp_vote:before@sha256:8e64b182c87de902f2b72321c89b4af4e2b942d76d0b772532ff27ec4c6ebf6 node2 Running Runnin 32 minutes ago +t72q3z038jehe1wbh9gdum076 voting_redis.2 redis:alpine@sha256:9cd405cd1ec1410eaab064a1383d0d8854d1ef74a54e1e4a92fb4ec7bdc3ee7 node3 Running Runnin 32 minutes ago +``` + +### Only display task IDs + +The `-q ` or `--quiet` option only shows IDs of the tasks in the stack. +This example outputs all task IDs of the "voting" stack; + +```bash +$ docker stack ps -q voting +xim5bcqtgk1b +q7yik0ks1in6 +rx5yo0866nfx +tz6j82jnwrx7 +w48spazhbmxc +6jj1m02freg1 +kqgdmededccb +t72q3z038jeh +``` + +This option can be used to perform batch operations. For example, you can use +the task IDs as input for other commands, such as `docker inspect`. The +following example inspects all tasks of the "voting" stack; + +```bash +$ docker inspect $(docker stack ps -q voting) + +[ + { + "ID": "xim5bcqtgk1b1gk0krq1", + "Version": { +(...) +``` ## Related commands From 578a431fb3e6ac18e80018a5fb0e6e5896a1e716 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Mon, 27 Mar 2017 09:58:09 +0200 Subject: [PATCH 2447/2538] Add support for `--type=secret` in `docker inspect` Signed-off-by: Vincent Demeester --- contrib/completion/bash/docker | 6 +++++- contrib/completion/zsh/_docker | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b120063d84..1ef23d809a 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2511,7 +2511,7 @@ _docker_inspect() { ;; --type) if [ -z "$preselected_type" ] ; then - COMPREPLY=( $( compgen -W "container image network node plugin service volume" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "container image network node plugin secret service volume" -- "$cur" ) ) return fi ;; @@ -2534,6 +2534,7 @@ _docker_inspect() { $(__docker_networks) $(__docker_nodes) $(__docker_plugins_installed) + $(__docker_secrets) $(__docker_services) $(__docker_volumes) " -- "$cur" ) ) @@ -2553,6 +2554,9 @@ _docker_inspect() { plugin) __docker_complete_plugins_installed ;; + secret) + __docker_complete_secrets + ;; service) __docker_complete_services ;; diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 3c91fce887..86fc6081b8 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2729,6 +2729,8 @@ __docker_subcommand() { __docker_complete_nodes && ret=0 elif [[ ${words[(r)--type=plugin]} == --type=plugin ]]; then __docker_complete_plugins && ret=0 + elif [[ ${words[(r)--type=service]} == --type=secrets ]]; then + __docker_complete_secrets && ret=0 elif [[ ${words[(r)--type=service]} == --type=service ]]; then __docker_complete_services && ret=0 elif [[ ${words[(r)--type=volume]} == --type=volume ]]; then @@ -2739,6 +2741,7 @@ __docker_subcommand() { __docker_complete_networks __docker_complete_nodes __docker_complete_plugins + __docker_complete_secrets __docker_complete_services __docker_complete_volumes && ret=0 fi From 804858fc6f33f71fb7c33842203efcd199e783ff Mon Sep 17 00:00:00 2001 From: Josh Hawn Date: Mon, 21 Nov 2016 22:17:24 -0800 Subject: [PATCH 2448/2538] Deprecate --graph flag; Replace with --data-root Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) --- contrib/completion/bash/docker | 4 ++-- contrib/completion/zsh/_docker | 2 +- docs/deprecated.md | 10 ++++++++++ docs/reference/commandline/dockerd.md | 15 ++++++++------- man/dockerd.8.md | 10 ++++++---- 5 files changed, 27 insertions(+), 14 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1ef23d809a..27c1d0cc7f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1936,6 +1936,7 @@ _docker_daemon() { --cluster-store-opt --config-file --containerd + --data-root --default-gateway --default-gateway-v6 --default-shm-size @@ -1947,7 +1948,6 @@ _docker_daemon() { --exec-root --fixed-cidr --fixed-cidr-v6 - --graph -g --group -G --init-path --insecure-registry @@ -2016,7 +2016,7 @@ _docker_daemon() { _filedir return ;; - --exec-root|--graph|-g) + --exec-root|--data-root) _filedir -d return ;; diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 86fc6081b8..44dce217cc 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2605,6 +2605,7 @@ __docker_subcommand() { "($help)*--cluster-store-opt=[Cluster store options]:Cluster options:->cluster-store-options" \ "($help)--config-file=[Path to daemon configuration file]:Config File:_files" \ "($help)--containerd=[Path to containerd socket]:socket:_files -g \"*.sock\"" \ + "($help)--data-root=[Root directory of persisted Docker data]:path:_directories" \ "($help -D --debug)"{-D,--debug}"[Enable debug mode]" \ "($help)--default-gateway[Container default gateway IPv4 address]:IPv4 address: " \ "($help)--default-gateway-v6[Container default gateway IPv6 address]:IPv6 address: " \ @@ -2620,7 +2621,6 @@ __docker_subcommand() { "($help)--fixed-cidr=[IPv4 subnet for fixed IPs]:IPv4 subnet: " \ "($help)--fixed-cidr-v6=[IPv6 subnet for fixed IPs]:IPv6 subnet: " \ "($help -G --group)"{-G=,--group=}"[Group for the unix socket]:group:_groups" \ - "($help -g --graph)"{-g=,--graph=}"[Root of the Docker runtime]:path:_directories" \ "($help -H --host)"{-H=,--host=}"[tcp://host:port to bind/connect to]:host: " \ "($help)--icc[Enable inter-container communication]" \ "($help)--init[Run an init inside containers to forward signals and reap processes]" \ diff --git a/docs/deprecated.md b/docs/deprecated.md index 3ac563b36b..509f1607f8 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -20,6 +20,16 @@ The following list of features are deprecated in Engine. To learn more about Docker Engine's deprecation policy, see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-deprecation-policy). +### `-g` and `--graph` flags on `dockerd` + +**Deprecated In Release: v1.14.0** + +**Target For Removal In Release: v1.17** + +The `-g` or `--graph` flag for the `dockerd` or `docker daemon` command was +used to indicate the directory in which to store persistent data and resource +configuration and has been replaced with the more descriptive `--data-root` +flag. ### Top-level network properties in NetworkSettings diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index e9c64bd12e..c9fceba7b3 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -35,6 +35,7 @@ Options: --containerd string Path to containerd socket --cpu-rt-period int Limit the CPU real-time period in microseconds --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds + --data-root string Root directory of persistent Docker state (default "/var/lib/docker") -D, --debug Enable debug mode --default-gateway ip Container default gateway IPv4 address --default-gateway-v6 ip Container default gateway IPv6 address @@ -49,7 +50,6 @@ Options: --experimental Enable experimental features --fixed-cidr string IPv4 subnet for fixed IPs --fixed-cidr-v6 string IPv6 subnet for fixed IPs - -g, --graph string Root of the Docker runtime (default "/var/lib/docker") -G, --group string Group for the unix socket (default "docker") --help Print usage -H, --host list Daemon socket(s) to connect to (default []) @@ -1139,6 +1139,7 @@ This is a full example of the allowed configuration options on Linux: ```json { "authorization-plugins": [], + "data-root": "", "dns": [], "dns-opts": [], "dns-search": [], @@ -1153,7 +1154,6 @@ This is a full example of the allowed configuration options on Linux: "log-opts": {}, "mtu": 0, "pidfile": "", - "graph": "", "cluster-store": "", "cluster-store-opts": {}, "cluster-advertise": "", @@ -1232,6 +1232,7 @@ This is a full example of the allowed configuration options on Windows: ```json { "authorization-plugins": [], + "data-root": "", "dns": [], "dns-opts": [], "dns-search": [], @@ -1243,7 +1244,6 @@ This is a full example of the allowed configuration options on Windows: "log-driver": "", "mtu": 0, "pidfile": "", - "graph": "", "cluster-store": "", "cluster-advertise": "", "max-concurrent-downloads": 3, @@ -1321,7 +1321,7 @@ The following daemon options must be configured for each daemon: ```none -b, --bridge= Attach containers to a network bridge --exec-root=/var/run/docker Root of the Docker execdriver --g, --graph=/var/lib/docker Root of the Docker runtime +--data-root=/var/lib/docker Root of persisted Docker data -p, --pidfile=/var/run/docker.pid Path to use for daemon PID file -H, --host=[] Daemon socket(s) to connect to --iptables=true Enable addition of iptables rules @@ -1338,8 +1338,9 @@ It is very important to properly understand the meaning of those options and to If you are not using the default, you must create and configure the bridge manually or just set it to 'none': `--bridge=none` - `--exec-root` is the path where the container state is stored. The default value is `/var/run/docker`. Specify the path for your running daemon here. -- `--graph` is the path where images are stored. The default value is `/var/lib/docker`. To avoid any conflict with other daemons -set this parameter separately for each daemon. +- `--data-root` is the path where persisted data such as images, volumes, and +cluster state are stored. The default value is `/var/lib/docker`. To avoid any +conflict with other daemons, set this parameter separately for each daemon. - `-p, --pidfile=/var/run/docker.pid` is the path where the process ID of the daemon is stored. Specify the path for your pid file here. - `--host=[]` specifies where the Docker daemon will listen for client connections. If unspecified, it defaults to `/var/run/docker.sock`. @@ -1365,6 +1366,6 @@ $ sudo dockerd \ --iptables=false \ --ip-masq=false \ --bridge=none \ - --graph=/var/lib/docker-bootstrap \ + --data-root=/var/lib/docker-bootstrap \ --exec-root=/var/run/docker-bootstrap ``` diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 56408089d4..8304a45dd8 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -17,6 +17,7 @@ dockerd - Enable daemon mode [**--cluster-store-opt**[=*map[]*]] [**--config-file**[=*/etc/docker/daemon.json*]] [**--containerd**[=*SOCKET-PATH*]] +[**--data-root**[=*/var/lib/docker*]] [**-D**|**--debug**] [**--default-gateway**[=*DEFAULT-GATEWAY*]] [**--default-gateway-v6**[=*DEFAULT-GATEWAY-V6*]] @@ -33,7 +34,6 @@ dockerd - Enable daemon mode [**--fixed-cidr**[=*FIXED-CIDR*]] [**--fixed-cidr-v6**[=*FIXED-CIDR-V6*]] [**-G**|**--group**[=*docker*]] -[**-g**|**--graph**[=*/var/lib/docker*]] [**-H**|**--host**[=*[]*]] [**--help**] [**--icc**[=*true*]] @@ -152,6 +152,11 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru **--containerd**="" Path to containerd socket. +**--data-root**="" + Path to the directory used to store persisted Docker data such as + configuration for resources, swarm cluster state, and filesystem data for + images, containers, and local volumes. Default is `/var/lib/docker`. + **-D**, **--debug**=*true*|*false* Enable debug mode. Default is false. @@ -204,9 +209,6 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru Group to assign the unix socket specified by -H when running in daemon mode. use '' (the empty string) to disable setting of a group. Default is `docker`. -**-g**, **--graph**="" - Path to use as the root of the Docker runtime. Default is `/var/lib/docker`. - **-H**, **--host**=[*unix:///var/run/docker.sock*]: tcp://[host:port] to bind or unix://[/path/to/socket] to use. The socket(s) to bind to in daemon mode specified using one or more From 356d08b14c23ed613aab5334bcb340a16b04628a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 28 Mar 2017 16:19:35 +0200 Subject: [PATCH 2449/2538] Add conflict check for flags, and update deprecation versions Signed-off-by: Sebastiaan van Stijn --- docs/deprecated.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index 509f1607f8..b57bbbecfe 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -22,15 +22,16 @@ see [Feature Deprecation Policy](https://docs.docker.com/engine/#feature-depreca ### `-g` and `--graph` flags on `dockerd` -**Deprecated In Release: v1.14.0** - -**Target For Removal In Release: v1.17** +**Deprecated In Release: v17.05.0** The `-g` or `--graph` flag for the `dockerd` or `docker daemon` command was used to indicate the directory in which to store persistent data and resource configuration and has been replaced with the more descriptive `--data-root` flag. +These flags were added before Docker 1.0, so will not be _removed_, only +_hidden_, to discourage their use. + ### Top-level network properties in NetworkSettings **Deprecated In Release: [v1.13.0](https://github.com/docker/docker/releases/tag/v1.13.0)** From 05bc162dc46c9484a6706a6dbc81d75103aacff8 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Fri, 31 Mar 2017 13:22:21 -0700 Subject: [PATCH 2450/2538] Clarify meaning of docker attach Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/attach.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 9f76a546af..34ae390544 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -18,7 +18,7 @@ keywords: "attach, running, container" ```markdown Usage: docker attach [OPTIONS] CONTAINER -Attach to a running container +Attach local standard input, output, and error streams to a running container Options: --detach-keys string Override the key sequence for detaching a container @@ -29,10 +29,13 @@ Options: ## Description -Use `docker attach` to attach to a running container using the container's ID -or name, either to view its ongoing output or to control it interactively. +Use `docker attach` to attach your terminal's standard input, output, and error +(or any combination of the three) to a running container using the container's +ID or name. This allows you to view its ongoing output or to control it +interactively, as though the commands were running directly in your terminal. + You can attach to the same contained process multiple times simultaneously, -screen sharing style, or quickly view the progress of your detached process. +even as a different user with the appropriate permissions. To stop a container, use `CTRL-c`. This key sequence sends `SIGKILL` to the container. If `--sig-proxy` is true (the default),`CTRL-c` sends a `SIGINT` to From 82f097e8d580cfbe757bf9148b3f29fba3e3b664 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 31 Mar 2017 17:59:33 +0200 Subject: [PATCH 2451/2538] Merge pull request #32265 from breuner/patch-1 Updated legacy_plugins.md to include BeeGFS plugin (cherry picked from commit d0057bd12dae5276b83e931e9e9ea185c58486a2) Signed-off-by: Sebastiaan van Stijn --- docs/extend/legacy_plugins.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/extend/legacy_plugins.md b/docs/extend/legacy_plugins.md index 3f0ea0a90b..901a40ad5d 100644 --- a/docs/extend/legacy_plugins.md +++ b/docs/extend/legacy_plugins.md @@ -58,6 +58,7 @@ Plugin Plugin | Description ----------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [Azure File Storage plugin](https://github.com/Azure/azurefile-dockervolumedriver) | Lets you mount Microsoft [Azure File Storage](https://azure.microsoft.com/blog/azure-file-storage-now-generally-available/) shares to Docker containers as volumes using the SMB 3.0 protocol. [Learn more](https://azure.microsoft.com/blog/persistent-docker-volumes-with-azure-file-storage/). +[BeeGFS Volume Plugin](https://github.com/RedCoolBeans/docker-volume-beegfs) | An open source volume plugin to create persistent volumes in a BeeGFS parallel file system. [Blockbridge plugin](https://github.com/blockbridge/blockbridge-docker-volume) | A volume plugin that provides access to an extensible set of container-based persistent storage options. It supports single and multi-host Docker environments with features that include tenant isolation, automated provisioning, encryption, secure deletion, snapshots and QoS. [Contiv Volume Plugin](https://github.com/contiv/volplugin) | An open source volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption. It has support for Ceph and NFS. [Convoy plugin](https://github.com/rancher/convoy) | A volume plugin for a variety of storage back-ends including device mapper and NFS. It's a simple standalone executable written in Go and provides the framework to support vendor-specific extensions such as snapshots, backups and restore. From 5ef17bfc6886d18c97cf0f993ac00495f7e4c3c3 Mon Sep 17 00:00:00 2001 From: Steve Durrheimer Date: Wed, 22 Mar 2017 23:48:02 +0100 Subject: [PATCH 2452/2538] Add zsh completion for 'docker {node,service,stack} ps --format' Signed-off-by: Steve Durrheimer --- contrib/completion/zsh/_docker | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 44dce217cc..938a1f5af0 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -1485,8 +1485,10 @@ __docker_node_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Display all instances]" \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_node_complete_ps_filters" \ + "($help)--format=[Format the output using the given go template]:template: " \ "($help)--no-resolve[Do not map IDs to Names]" \ "($help)--no-trunc[Do not truncate output]" \ + "($help -q --quiet)"{-q,--quiet}"[Only display IDs]" \ "($help -)*:node:__docker_complete_nodes" && ret=0 ;; (update) @@ -2052,6 +2054,7 @@ __docker_service_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*"{-f=,--filter=}"[Provide filter values]:filter:__docker_service_complete_ps_filters" \ + "($help)--format=[Format the output using the given go template]:template: " \ "($help)--no-resolve[Do not map IDs to Names]" \ "($help)--no-trunc[Do not truncate output]" \ "($help -q --quiet)"{-q,--quiet}"[Only display task IDs]" \ @@ -2206,8 +2209,10 @@ __docker_stack_subcommand() { $opts_help \ "($help -a --all)"{-a,--all}"[Display all tasks]" \ "($help)*"{-f=,--filter=}"[Filter output based on conditions provided]:filter:__docker_stack_complete_ps_filters" \ + "($help)--format=[Format the output using the given go template]:template: " \ "($help)--no-resolve[Do not map IDs to Names]" \ "($help)--no-trunc[Do not truncate output]" \ + "($help -q --quiet)"{-q,--quiet}"[Only display task IDs]" \ "($help -):stack:__docker_complete_stacks" && ret=0 ;; (rm|remove|down) From 10638a7a3e5849bcc6d1ac92805f9fe2203e255b Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Sun, 2 Apr 2017 15:32:33 -0700 Subject: [PATCH 2453/2538] Add bash completion for `secret ls --format` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 55 ++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 9 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 27c1d0cc7f..1df86ba616 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -328,20 +328,40 @@ __docker_complete_runtimes() { COMPREPLY=( $(compgen -W "$(__docker_runtimes)" -- "$cur") ) } -# __docker_secrets returns a list of all secrets. -# By default, only names of secrets are returned. -# Set DOCKER_COMPLETION_SHOW_SECRET_IDS=yes to also complete IDs of secrets. +# __docker_secrets returns a list of secrets. Additional options to +# `docker secret ls` may be specified in order to filter the list, e.g. +# `__docker_secrets --filter label=stage=production` +# By default, only names are returned. +# Set DOCKER_COMPLETION_SHOW_SECRET_IDS=yes to also complete IDs. +# An optional first option `--id|--name` may be used to limit the +# output to the IDs or names of matching items. This setting takes +# precedence over the environment setting. __docker_secrets() { - local fields='$2' # default: name only - [ "${DOCKER_COMPLETION_SHOW_SECRET_IDS}" = yes ] && fields='$1,$2' # ID and name + local format + if [ "$1" = "--id" ] ; then + format='{{.ID}}' + shift + elif [ "$1" = "--name" ] ; then + format='{{.Name}}' + shift + elif [ "$DOCKER_COMPLETION_SHOW_SECRET_IDS" = yes ] ; then + format='{{.ID}} {{.Name}}' + else + format='{{.Name}}' + fi - __docker_q secret ls | awk "NR>1 {print $fields}" + __docker_q secret ls --format "$format" "$@" } # __docker_complete_secrets applies completion of secrets based on the current value -# of `$cur`. +# of `$cur` or the value of the optional first option `--cur`, if given. __docker_complete_secrets() { - COMPREPLY=( $(compgen -W "$(__docker_secrets)" -- "$cur") ) + local current="$cur" + if [ "$1" = "--cur" ] ; then + current="$2" + shift 2 + fi + COMPREPLY=( $(compgen -W "$(__docker_secrets "$@")" -- "$current") ) } # __docker_stacks returns a list of all stacks. @@ -3854,7 +3874,24 @@ _docker_secret_list() { } _docker_secret_ls() { + local key=$(__docker_map_key_of_current_option '--filter|-f') + case "$key" in + id) + __docker_complete_secrets --cur "${cur##*=}" --id + return + ;; + name) + __docker_complete_secrets --cur "${cur##*=}" --name + return + ;; + esac + case "$prev" in + --filter|-f) + COMPREPLY=( $( compgen -S = -W "id label name" -- "$cur" ) ) + __docker_nospace + return + ;; --format) return ;; @@ -3862,7 +3899,7 @@ _docker_secret_ls() { case "$cur" in -*) - COMPREPLY=( $( compgen -W "--format --help --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--format --filter -f --help --quiet -q" -- "$cur" ) ) ;; esac } From 1a9663696ded83dd99b628ca29c18850b808ce54 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 3 Apr 2017 11:29:25 -0700 Subject: [PATCH 2454/2538] Improve bash completion for `--log-opt awslogs-create-group` Add completion for the possible values `true`|`false`, correct sort order. Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 1df86ba616..51572eb92f 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -738,7 +738,7 @@ __docker_complete_log_options() { # see repository docker/docker.github.io/engine/admin/logging/ local common_options="max-buffer-size mode" - local awslogs_options="$common_options awslogs-region awslogs-group awslogs-stream awslogs-create-group" + local awslogs_options="$common_options awslogs-create-group awslogs-group awslogs-region awslogs-stream" local fluentd_options="$common_options env fluentd-address fluentd-async-connect fluentd-buffer-limit fluentd-retry-wait fluentd-max-retries labels tag" local gcplogs_options="$common_options env gcp-log-cmd gcp-project labels" local gelf_options="$common_options env gelf-address gelf-compression-level gelf-compression-type labels tag" @@ -792,6 +792,10 @@ __docker_complete_log_options() { __docker_complete_log_driver_options() { local key=$(__docker_map_key_of_current_option '--log-opt') case "$key" in + awslogs-create-group) + COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) + return + ;; fluentd-async-connect) COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) return From c8e607205f9b893f053c9a0b0de6b675bd12772f Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 16 Feb 2017 17:05:36 -0800 Subject: [PATCH 2455/2538] Synchronous service create and service update Change "service create" and "service update" to wait until the creation or update finishes, when --detach=false is specified. Show progress bars for the overall operation and for each individual task (when there are a small enough number of tasks), unless "-q" / "--quiet" is specified. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/service_create.md | 2 ++ docs/reference/commandline/service_update.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 4c72b3ac6d..1875f0aca7 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -23,6 +23,8 @@ Create a new service Options: --constraint list Placement constraints (default []) --container-label list Container labels (default []) + -d, --detach Exit immediately instead of waiting for the service to converge + (default true) --dns list Set custom DNS servers (default []) --dns-option list Set DNS options (default []) --dns-search list Set custom DNS search domains (default []) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 3c416d2e7a..040d5d95a1 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -26,6 +26,8 @@ Options: --constraint-rm list Remove a constraint (default []) --container-label-add list Add or update a container label (default []) --container-label-rm list Remove a container label by its key (default []) + -d, --detach Exit immediately instead of waiting for the service to converge + (default true) --dns-add list Add or update a custom DNS server (default []) --dns-option-add list Add or update a DNS option (default []) --dns-option-rm list Remove a DNS option (default []) From 764c84342dba83ccb706d4f12370fa5e61161a69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BE=90=E4=BF=8A=E6=9D=B0?= Date: Sat, 1 Apr 2017 11:45:22 +0800 Subject: [PATCH 2456/2538] fix documentation error: volume-opt in service create Signed-off-by: pacoxu Signed-off-by: pacoxu --- docs/reference/commandline/service_create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index 1875f0aca7..fbbe5a4724 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -426,7 +426,7 @@ The following options can only be used for named volumes (`type=volume`); Options specific to a given volume driver, which will be passed to the driver when creating the volume. Options are provided as a comma-separated list of key/value pairs, for example, - volume-opt=some-option=some-value,some-other-option=some-other-value. + volume-opt=some-option=some-value,volume-opt=some-other-option=some-other-value. For available options for a given driver, refer to that driver's documentation. From 04afeb636e2fa0e76c25a3aeef4bc6bf48889e8e Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 7 Feb 2017 22:51:33 -0800 Subject: [PATCH 2457/2538] Add `PORTS` field for `docker service ls` (`ingress`) This fix is related to 30232 wherw `docker service ls` does not show `PORTS` information like `docker service ps`. This fix adds `PORTS` fields for services that publish ports in ingress mode. Additional unit tests cases have been updated. This fix is related to 30232. Signed-off-by: Yong Tang --- docs/reference/commandline/service_ls.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/service_ls.md b/docs/reference/commandline/service_ls.md index 6b07b84053..c222c04857 100644 --- a/docs/reference/commandline/service_ls.md +++ b/docs/reference/commandline/service_ls.md @@ -137,6 +137,7 @@ Placeholder | Description `.Mode` | Service mode (replicated, global) `.Replicas` | Service replicas `.Image` | Service image +`.Ports` | Service ports published in ingress mode When using the `--format` option, the `service ls` command will either output the data exactly as the template declares or, when using the From ff44ffc576599124c9e2ac1292a16d7132dc8a55 Mon Sep 17 00:00:00 2001 From: Karthik Nayak Date: Tue, 4 Apr 2017 20:02:47 +0530 Subject: [PATCH 2458/2538] Docs: Add the flag `--api-enable-cors` to deprecated.md Signed-off-by: Karthik Nayak --- docs/deprecated.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index b57bbbecfe..bcdfd4de1f 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -299,3 +299,12 @@ Since 1.9, Docker Content Trust Offline key has been renamed to Root key and the - DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE is now named DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE - DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE is now named DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE + +### `--api-enable-cors` flag on dockerd + +**Deprecated In Release: [v1.6.0](https://github.com/docker/docker/releases/tag/v1.6.0)** + +**Target For Removal In Release: v17.09** + +The flag `--api-enable-cors` is deprecated since v1.6.0. Use the flag +`--api-cors-header` instead. From 0e86bfb1e0a5165f96714d7a204be5fd33d65caf Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Tue, 4 Apr 2017 10:06:32 -0700 Subject: [PATCH 2459/2538] Escape some double brackets Signed-off-by: Misty Stanley-Jones --- docs/extend/plugins_services.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/docs/extend/plugins_services.md b/docs/extend/plugins_services.md index d68218f8f8..79e344f9ce 100644 --- a/docs/extend/plugins_services.md +++ b/docs/extend/plugins_services.md @@ -17,15 +17,15 @@ title: Plugins and Services In swarm mode, it is possible to create a service that allows for attaching to networks or mounting volumes that are backed by plugins. Swarm schedules -services based on plugin availability on a node. +services based on plugin availability on a node. ### Volume plugins In this example, a volume plugin is installed on a swarm worker and a volume -is created using the plugin. In the manager, a service is created with the -relevant mount options. It can be observed that the service is scheduled to -run on the worker node with the said volume plugin and volume. Note that, +is created using the plugin. In the manager, a service is created with the +relevant mount options. It can be observed that the service is scheduled to +run on the worker node with the said volume plugin and volume. Note that, node1 is the manager and node2 is the worker. 1. Prepare manager. In node 1: @@ -51,7 +51,7 @@ node1 is the manager and node2 is the worker. Status: Downloaded newer image for tiborvass/sample-volume-plugin:latest Installed plugin tiborvass/sample-volume-plugin ``` - + ```bash $ docker volume create -d tiborvass/sample-volume-plugin --name pluginVol ``` @@ -62,28 +62,30 @@ node1 is the manager and node2 is the worker. $ docker service create --name my-service --mount type=volume,volume-driver=tiborvass/sample-volume-plugin,source=pluginVol,destination=/tmp busybox top $ docker service ls - z1sj8bb8jnfn my-service replicated 1/1 busybox:latest + z1sj8bb8jnfn my-service replicated 1/1 busybox:latest ``` docker service ls shows service 1 instance of service running. 4. Observe the task getting scheduled in node 2: ```bash + {% raw %} $ docker ps --format '{{.ID}}\t {{.Status}} {{.Names}} {{.Command}}' 83fc1e842599 Up 2 days my-service.1.9jn59qzn7nbc3m0zt1hij12xs "top" + {% endraw %} ``` ### Network plugins -In this example, a global scope network plugin is installed on both the +In this example, a global scope network plugin is installed on both the swarm manager and worker. A service is created with replicated instances -using the installed plugin. We will observe how the availability of the +using the installed plugin. We will observe how the availability of the plugin determines network creation and container scheduling. Note that node1 is the manager and node2 is the worker. -1. Install a global scoped network plugin on both manager and worker. On node1 +1. Install a global scoped network plugin on both manager and worker. On node1 and node2: ```bash From 477ec9bfdd85561c51a580d192d9f791b418323a Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 24 Jan 2017 13:17:40 -0800 Subject: [PATCH 2460/2538] Add `--format` for `docker node ls` This fix tries to address the comment https://github.com/docker/docker/pull/30376#discussion_r97465334 where it was not possible to specify `--format` for `docker node ls`. The `--format` flag is a quite useful flag that could be used in many places such as completion. This fix implements `--format` for `docker node ls` and add `nodesFormat` in config.json so that it is possible to specify the output when `docker node ls` is invoked. Related documentations have been updated. A set of unit tests have been added. This fix is related to #30376. Signed-off-by: Yong Tang --- docs/reference/commandline/cli.md | 6 +++++ docs/reference/commandline/node_ls.md | 39 ++++++++++++++++++++++++--- 2 files changed, 42 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index c290e61d5c..0d48d19725 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -167,6 +167,11 @@ property is not set, the client falls back to the default table format. For a list of supported formatting directives, see [**Formatting** section in the `docker secret ls` documentation](secret_ls.md) +The property `nodesFormat` specifies the default format for `docker node ls` output. +When the `--format` flag is not provided with the `docker node ls` command, +Docker's client uses this property. If this property is not set, the client +falls back to the default table format. For a list of supported formatting +directives, see the [**Formatting** section in the `docker node ls` documentation](node_ls.md) The property `credsStore` specifies an external binary to serve as the default credential store. When this property is set, `docker login` will attempt to @@ -214,6 +219,7 @@ Following is a sample `config.json` file: "servicesFormat": "table {{.ID}}\t{{.Name}}\t{{.Mode}}", "secretFormat": "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}\t{{.UpdatedAt}}", "serviceInspectFormat": "pretty", + "nodesFormat": "table {{.ID}}\t{{.Hostname}}\t{{.Availability}}", "detachKeys": "ctrl-e,e", "credsStore": "secretservice", "credHelpers": { diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 836fceaea2..ad2ffcd050 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -24,9 +24,10 @@ Aliases: ls, list Options: - -f, --filter value Filter output based on conditions provided - --help Print usage - -q, --quiet Only display IDs + -f, --filter filter Filter output based on conditions provided + --format string Pretty-print nodes using a Go template + --help Print usage + -q, --quiet Only display IDs ``` ## Description @@ -45,6 +46,10 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATU 38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader ``` +> **Note:** +> If the `ID` field of the node is followed by a `*` (e.g., `e216jshn25ckzbvmwlnh5jr3g *`) +> in the above example output, then this node is also the node of the current docker daemon. + ### Filtering @@ -124,6 +129,34 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATU e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader ``` +### Formatting + +The formatting options (`--format`) pretty-prints nodes output +using a Go template. + +Valid placeholders for the Go template are listed below: + +Placeholder | Description +-----------------|------------------------------------------------------------------------------------------ +`.ID` | Node ID +`.Hostname` | Node hostname +`.Status` | Node status +`.Availability` | Node availability ("active", "pause", or "drain") +`.ManagerStatus` | Manager status of the node + +When using the `--format` option, the `node ls` command will either +output the data exactly as the template declares or, when using the +`table` directive, includes column headers as well. + +The following example uses a template without headers and outputs the +`ID` and `Hostname` entries separated by a colon for all nodes: + +```bash +$ docker node ls --format "{{.ID}}: {{.Hostname}}" +e216jshn25ckzbvmwlnh5jr3g *: swarm-manager1 +`` + + ## Related commands * [node demote](node_demote.md) From 45f80dccb0ff248cad30141ce8107dcc18cdf6ed Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Wed, 8 Mar 2017 10:29:15 -0800 Subject: [PATCH 2461/2538] Add hidden placeholder of `.Self` for `docker node ls --format` This commit adds a hidden placeholder of `.Self` for `docker node ls --format` so that if the node is the same as the current docker daemon, then a `*` is outputed. Signed-off-by: Yong Tang --- docs/reference/commandline/cli.md | 4 ++-- docs/reference/commandline/node_ls.md | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 0d48d19725..a8529e728f 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -169,8 +169,8 @@ format. For a list of supported formatting directives, see The property `nodesFormat` specifies the default format for `docker node ls` output. When the `--format` flag is not provided with the `docker node ls` command, -Docker's client uses this property. If this property is not set, the client -falls back to the default table format. For a list of supported formatting +Docker's client uses the value of `nodesFormat`. If the value of `nodesFormat` is not set, +the client uses the default table format. For a list of supported formatting directives, see the [**Formatting** section in the `docker node ls` documentation](node_ls.md) The property `credsStore` specifies an external binary to serve as the default diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index ad2ffcd050..8162e11b58 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -46,9 +46,10 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATU 38ciaotwjuritcdtn9npbnkuz swarm-worker1 Ready Active e216jshn25ckzbvmwlnh5jr3g * swarm-manager1 Ready Active Leader ``` -> **Note:** -> If the `ID` field of the node is followed by a `*` (e.g., `e216jshn25ckzbvmwlnh5jr3g *`) -> in the above example output, then this node is also the node of the current docker daemon. +> **Note**: +> In the above example output, there is a hidden column of `.Self` that indicates if the +> node is the same node as the current docker daemon. A `*` (e.g., `e216jshn25ckzbvmwlnh5jr3g *`) +> means this node is the current docker daemon. ### Filtering @@ -139,6 +140,7 @@ Valid placeholders for the Go template are listed below: Placeholder | Description -----------------|------------------------------------------------------------------------------------------ `.ID` | Node ID +`.Self` | Node of the daemon (`true/false`, `true`indicates that the node is the same as current docker daemon) `.Hostname` | Node hostname `.Status` | Node status `.Availability` | Node availability ("active", "pause", or "drain") @@ -153,7 +155,7 @@ The following example uses a template without headers and outputs the ```bash $ docker node ls --format "{{.ID}}: {{.Hostname}}" -e216jshn25ckzbvmwlnh5jr3g *: swarm-manager1 +e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 `` From 95c05a53c6db30a23764c638ec1fbb8492fafb20 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Wed, 5 Apr 2017 09:24:53 -0700 Subject: [PATCH 2462/2538] Edits to CLI reference Signed-off-by: Misty Stanley-Jones --- docs/reference/commandline/network.md | 6 ++++-- docs/reference/commandline/system.md | 2 +- docs/reference/commandline/volume.md | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/network.md b/docs/reference/commandline/network.md index b4ef36b308..4555740dad 100644 --- a/docs/reference/commandline/network.md +++ b/docs/reference/commandline/network.md @@ -37,8 +37,8 @@ Run 'docker network COMMAND --help' for more information on a command. ## Description -Manage networks. You can use subcommand to create, list, inspect, remove, -connect and disconnect networks. +Manage networks. You can use subcommands to create, inspect, list, remove, +prune, connect, and disconnect networks. ## Related commands @@ -47,3 +47,5 @@ connect and disconnect networks. * [network list](network_list.md) * [network rm](network_rm.md) * [network prune](network_prune.md) +* [network connect](network_connect.md) +* [network disconnect](network_disconnect.md) diff --git a/docs/reference/commandline/system.md b/docs/reference/commandline/system.md index 831575db0b..2484a4a987 100644 --- a/docs/reference/commandline/system.md +++ b/docs/reference/commandline/system.md @@ -34,4 +34,4 @@ Run 'docker system COMMAND --help' for more information on a command. ## Description -Manage docker. +Manage Docker. diff --git a/docs/reference/commandline/volume.md b/docs/reference/commandline/volume.md index d12d33d99f..d5dd9c592f 100644 --- a/docs/reference/commandline/volume.md +++ b/docs/reference/commandline/volume.md @@ -35,8 +35,8 @@ Run 'docker volume COMMAND --help' for more information on a command. ## Description -Manage volumes. You can use subcommand to create, list, inspect, remove -volumes. +Manage volumes. You can use subcommands to create, inspect, list, remove, or +prune volumes. ## Related commands From 61038068026499817ca62afee6cf1a68f5de1d5a Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 31 Mar 2017 06:41:45 +0000 Subject: [PATCH 2463/2538] cli: add `--mount` to `docker run` Signed-off-by: Akihiro Suda --- contrib/completion/bash/docker | 1 + contrib/completion/fish/docker.fish | 2 ++ contrib/completion/zsh/_docker | 1 + docs/reference/commandline/create.md | 1 + docs/reference/commandline/run.md | 24 ++++++++++++++++ man/docker-run.1.md | 43 ++++++++++++++++++++++++++++ 6 files changed, 72 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 51572eb92f..878670f939 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1518,6 +1518,7 @@ _docker_container_run_and_create() { --memory-swap --memory-swappiness --memory-reservation + --mount --name --network --network-alias diff --git a/contrib/completion/fish/docker.fish b/contrib/completion/fish/docker.fish index f3dddd9277..38957b8b77 100644 --- a/contrib/completion/fish/docker.fish +++ b/contrib/completion/fish/docker.fish @@ -138,6 +138,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l link -d 'Add complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mac-address -d 'Container MAC address (e.g., 92:d0:c6:0a:29:33)' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" +complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l mount -d 'Attach a filesystem mount to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -l net -d 'Set the Network mode for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from create' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' @@ -330,6 +331,7 @@ complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l link -d 'Add li complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s m -l memory -d 'Memory limit (format: [], where unit = b, k, m or g)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mac-address -d 'Container MAC address (e.g., 92:d0:c6:0a:29:33)' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l memory-swap -d "Total memory usage (memory + swap), set '-1' to disable swap (format: [], where unit = b, k, m or g)" +complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l mount -d 'Attach a filesystem mount to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l name -d 'Assign a name to the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -l net -d 'Set the Network mode for the container' complete -c docker -A -f -n '__fish_seen_subcommand_from run' -s P -l publish-all -d 'Publish all exposed ports to random ports on the host interfaces' diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 938a1f5af0..a791353a88 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -629,6 +629,7 @@ __docker_container_subcommand() { "($help)--log-driver=[Default driver for container logs]:logging driver:__docker_complete_log_drivers" "($help)*--log-opt=[Log driver specific options]:log driver options:__docker_complete_log_options" "($help)--mac-address=[Container MAC address]:MAC address: " + "($help)*--mount=[Attach a filesystem mount to the container]:mount: " "($help)--name=[Container name]:name: " "($help)--network=[Connect a container to a network]:network mode:(bridge none container host)" "($help)*--network-alias=[Add network-scoped alias for the container]:alias: " diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index 0fbe07fbe2..c2189b5ea8 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -85,6 +85,7 @@ Options: --memory-reservation string Memory soft limit --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) + --mount value Attach a filesytem mount to the container (default []) --name string Assign a name to the container --network-alias value Add network-scoped alias for the container (default []) --network string Connect a container to a network (default "default") diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index 6a9bbd5459..e2e5d0a48c 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -95,6 +95,7 @@ Options: --memory-reservation string Memory soft limit --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) + --mount value Attach a filesystem mount to the container (default []) --name string Assign a name to the container --network-alias value Add network-scoped alias for the container (default []) --network string Connect a container to a network @@ -316,6 +317,29 @@ docker run -v c:\foo:c:\existing-directory-with-contents ... For in-depth information about volumes, refer to [manage data in containers](https://docs.docker.com/engine/tutorials/dockervolumes/) + +### Add bind-mounts or volumes using the --mount flag + +The `--mount` flag allows you to mount volumes, host-directories and `tmpfs` +mounts in a container. + +The `--mount` flag supports most options that are supported by the `-v` or the +`--volume` flag, but uses a different syntax. For in-depth information on the +`--mount` flag, and a comparison between `--volume` and `--mount`, refer to +the [service create command reference](service_create.md#add-bind-mounts-or-volumes). + +Even though there is no plan to deprecate `--volume`, usage of `--mount` is recommended. + +Examples: + +```bash +$ docker run --read-only --mount type=volume,target=/icanwrite busybox touch /icanwrite/here +``` + +```bash +$ docker run -t -i --mount type=bind,src=/data,dst=/data busybox sh +``` + ### Publish or expose port (-p, --expose) ```bash diff --git a/man/docker-run.1.md b/man/docker-run.1.md index 0ee0a13ee8..257711d196 100644 --- a/man/docker-run.1.md +++ b/man/docker-run.1.md @@ -61,6 +61,7 @@ docker-run - Run a command in a new container [**--memory-reservation**[=*MEMORY-RESERVATION*]] [**--memory-swap**[=*LIMIT*]] [**--memory-swappiness**[=*MEMORY-SWAPPINESS*]] +[**--mount**[=*[MOUNT]*]] [**--name**[=*NAME*]] [**--network-alias**[=*[]*]] [**--network**[=*"bridge"*]] @@ -425,6 +426,42 @@ unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap. The IPv6 link-local address will be based on the device's MAC address according to RFC4862. +**--mount**=[*[type=TYPE[,TYPE-SPECIFIC-OPTIONS]]*] + Attach a filesystem mount to the container + + Current supported mount `TYPES` are `bind`, `volume`, and `tmpfs`. + + e.g. + + `type=bind,source=/path/on/host,destination=/path/in/container` + + `type=volume,source=my-volume,destination=/path/in/container,volume-label="color=red",volume-label="shape=round"` + + `type=tmpfs,tmpfs-size=512M,destination=/path/in/container` + + Common Options: + + * `src`, `source`: mount source spec for `bind` and `volume`. Mandatory for `bind`. + * `dst`, `destination`, `target`: mount destination spec. + * `ro`, `read-only`: `true` or `false` (default). + + Options specific to `bind`: + + * `bind-propagation`: `shared`, `slave`, `private`, `rshared`, `rslave`, or `rprivate`(default). See also `mount(2)`. + * `consistency`: `consistent`(default), `cached`, or `delegated`. Currently, only effective for Docker for Mac. + + Options specific to `volume`: + + * `volume-driver`: Name of the volume-driver plugin. + * `volume-label`: Custom metadata. + * `volume-nocopy`: `true`(default) or `false`. If set to `false`, the Engine copies existing files and directories under the mount-path into the volume, allowing the host to access them. + * `volume-opt`: specific to a given volume driver. + + Options specific to `tmpfs`: + + * `tmpfs-size`: Size of the tmpfs mount in bytes. Unlimited by default in Linux. + * `tmpfs-mode`: File mode of the tmpfs in octal. (e.g. `700` or `0700`.) Defaults to `1777` in Linux. + **--name**="" Assign a name to the container @@ -604,6 +641,9 @@ options are the same as the Linux default `mount` flags. If you do not specify any options, the systems uses the following options: `rw,noexec,nosuid,nodev,size=65536k`. + See also `--mount`, which is the successor of `--tmpfs` and `--volume`. + Even though there is no plan to deprecate `--tmpfs`, usage of `--mount` is recommended. + **-u**, **--user**="" Sets the username or UID used and optionally the groupname or GID for the specified command. @@ -704,6 +744,9 @@ change propagation properties of source mount. Say `/` is source mount for To disable automatic copying of data from the container path to the volume, use the `nocopy` flag. The `nocopy` flag can be set on bind mounts and named volumes. +See also `--mount`, which is the successor of `--tmpfs` and `--volume`. +Even though there is no plan to deprecate `--volume`, usage of `--mount` is recommended. + **--volume-driver**="" Container's volume driver. This driver creates volumes specified either from a Dockerfile's `VOLUME` instruction or from the `docker run -v` flag. From 4273ca36789c8b987a27cf1d982f1c2c1f93a7c4 Mon Sep 17 00:00:00 2001 From: Pratik Karki Date: Thu, 6 Apr 2017 09:41:42 +0545 Subject: [PATCH 2464/2538] updated Readme.md with fixed deadlinks Signed-off-by: prertik --- experimental/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/experimental/README.md b/experimental/README.md index bd475c6aff..53e42c17f8 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -38,7 +38,7 @@ Option to squash image layers to the base image after successful builds. Checkpoint and restore support for Containers. Metrics (Prometheus) output for basic container, image, and daemon operations. - * The top-level [docker deploy](../../docs/reference/deploy.md) command. The + * The top-level [docker deploy](../docs/reference/commandline/deploy.md) command. The `docker stack deploy` command is **not** experimental. * [`docker service logs` command](../docs/reference/commandline/service_logs.md) * [`--squash` option to `docker build` command](../docs/reference/commandline/build.md##squash-an-images-layers---squash-experimental-only) @@ -46,7 +46,7 @@ Metrics (Prometheus) output for basic container, image, and daemon operations. * [Ipvlan Network Drivers](vlan-networks.md) * [Distributed Application Bundles](docker-stacks-and-bundles.md) * [Checkpoint & Restore](checkpoint-restore.md) - * [Docker build with --squash argument](docker-build-with-squash.md) + * [Docker build with --squash argument](../docs/reference/commandline/build.md##squash-an-images-layers---squash-experimental-only) ## How to comment on an experimental feature From c5071b94dabf58443d7b0e21c05cf6bb9b41ab00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elias=20Fax=C3=B6?= Date: Tue, 29 Nov 2016 10:58:47 +0100 Subject: [PATCH 2465/2538] Added start period option to health check. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Elias Faxö --- docs/reference/builder.md | 6 + docs/reference/commandline/create.md | 223 ++++++++--------- docs/reference/commandline/run.md | 249 ++++++++++--------- docs/reference/commandline/service_create.md | 1 + docs/reference/commandline/service_update.md | 1 + docs/reference/run.md | 1 + 6 files changed, 246 insertions(+), 235 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 8550b0a4f5..4261904503 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -1591,6 +1591,7 @@ The options that can appear before `CMD` are: * `--interval=DURATION` (default: `30s`) * `--timeout=DURATION` (default: `30s`) +* `--start-period=DURATION` (default: `0s`) * `--retries=N` (default: `3`) The health check will first run **interval** seconds after the container is @@ -1602,6 +1603,11 @@ is considered to have failed. It takes **retries** consecutive failures of the health check for the container to be considered `unhealthy`. +**start period** provides initialization time for containers that need time to bootstrap. +Probe failure during that period will not be counted towards the maximum number of retries. +However, if a health check succeeds during the start period, the container is considered +started and all consecutive failures will be counted towards the maximum number of retries. + There can only be one `HEALTHCHECK` instruction in a Dockerfile. If you list more than one then only the last `HEALTHCHECK` will take effect. diff --git a/docs/reference/commandline/create.md b/docs/reference/commandline/create.md index c2189b5ea8..02aa22963c 100644 --- a/docs/reference/commandline/create.md +++ b/docs/reference/commandline/create.md @@ -23,117 +23,118 @@ Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...] Create a new container Options: - --add-host value Add a custom host-to-IP mapping (host:ip) (default []) - -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) - --blkio-weight value Block IO (relative weight), between 10 and 1000 - --blkio-weight-device value Block IO weight (relative device weight) (default []) - --cap-add value Add Linux capabilities (default []) - --cap-drop value Drop Linux capabilities (default []) - --cgroup-parent string Optional parent cgroup for the container - --cidfile string Write the container ID to the file - --cpu-count int The number of CPUs available for execution by the container. - Windows daemon only. On Windows Server containers, this is - approximated as a percentage of total CPU usage. - --cpu-percent int CPU percent (Windows only) - --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period - --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota - -c, --cpu-shares int CPU shares (relative weight) - --cpus NanoCPUs Number of CPUs (default 0.000) - --cpu-rt-period int Limit the CPU real-time period in microseconds - --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds - --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) - --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) - --device value Add a host device to the container (default []) - --device-cgroup-rule value Add a rule to the cgroup allowed devices list - --device-read-bps value Limit read rate (bytes per second) from a device (default []) - --device-read-iops value Limit read rate (IO per second) from a device (default []) - --device-write-bps value Limit write rate (bytes per second) to a device (default []) - --device-write-iops value Limit write rate (IO per second) to a device (default []) - --disable-content-trust Skip image verification (default true) - --dns value Set custom DNS servers (default []) - --dns-option value Set DNS options (default []) - --dns-search value Set custom DNS search domains (default []) - --entrypoint string Overwrite the default ENTRYPOINT of the image - -e, --env value Set environment variables (default []) - --env-file value Read in a file of environment variables (default []) - --expose value Expose a port or a range of ports (default []) - --group-add value Add additional groups to join (default []) - --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) - --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) - --help Print usage - -h, --hostname string Container host name - --init Run an init inside the container that forwards signals and reaps processes - --init-path string Path to the docker-init binary - -i, --interactive Keep STDIN open even if not attached - --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) - --io-maxiops uint Maximum IOps limit for the system drive (Windows only) - --ip string IPv4 address (e.g., 172.30.100.104) - --ip6 string IPv6 address (e.g., 2001:db8::33) - --ipc string IPC namespace to use - --isolation string Container isolation technology - --kernel-memory string Kernel memory limit - -l, --label value Set meta data on a container (default []) - --label-file value Read in a line delimited file of labels (default []) - --link value Add link to another container (default []) - --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) - --log-driver string Logging driver for the container - --log-opt value Log driver options (default []) - --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) - -m, --memory string Memory limit - --memory-reservation string Memory soft limit - --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap - --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) - --mount value Attach a filesytem mount to the container (default []) - --name string Assign a name to the container - --network-alias value Add network-scoped alias for the container (default []) - --network string Connect a container to a network (default "default") - 'bridge': create a network stack on the default Docker bridge - 'none': no networking - 'container:': reuse another container's network stack - 'host': use the Docker host network stack - '|': connect to a user-defined network - --no-healthcheck Disable any container-specified HEALTHCHECK - --oom-kill-disable Disable OOM Killer - --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) - --pid string PID namespace to use - --pids-limit int Tune container pids limit (set -1 for unlimited), kernel >= 4.3 - --privileged Give extended privileges to this container - -p, --publish value Publish a container's port(s) to the host (default []) - -P, --publish-all Publish all exposed ports to random ports - --read-only Mount the container's root filesystem as read only - --restart string Restart policy to apply when a container exits (default "no") - Possible values are: no, on-failure[:max-retry], always, unless-stopped - --rm Automatically remove the container when it exits - --runtime string Runtime to use for this container - --security-opt value Security Options (default []) - --shm-size bytes Size of /dev/shm - The format is ``. `number` must be greater than `0`. - Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), - or `g` (gigabytes). If you omit the unit, the system uses bytes. - --stop-signal string Signal to stop a container (default "SIGTERM") - --stop-timeout=10 Timeout (in seconds) to stop a container - --storage-opt value Storage driver options for the container (default []) - --sysctl value Sysctl options (default map[]) - --tmpfs value Mount a tmpfs directory (default []) - -t, --tty Allocate a pseudo-TTY - --ulimit value Ulimit options (default []) - -u, --user string Username or UID (format: [:]) - --userns string User namespace to use - 'host': Use the Docker host user namespace - '': Use the Docker daemon user namespace specified by `--userns-remap` option. - --uts string UTS namespace to use - -v, --volume value Bind mount a volume (default []). The format - is `[host-src:]container-dest[:]`. - The comma-delimited `options` are [rw|ro], - [z|Z], [[r]shared|[r]slave|[r]private], - [delegated|cached|consistent], and - [nocopy]. The 'host-src' is an absolute path - or a name value. - --volume-driver string Optional volume driver for the container - --volumes-from value Mount volumes from the specified container(s) (default []) - -w, --workdir string Working directory inside the container + --add-host value Add a custom host-to-IP mapping (host:ip) (default []) + -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) + --blkio-weight value Block IO (relative weight), between 10 and 1000 + --blkio-weight-device value Block IO weight (relative device weight) (default []) + --cap-add value Add Linux capabilities (default []) + --cap-drop value Drop Linux capabilities (default []) + --cgroup-parent string Optional parent cgroup for the container + --cidfile string Write the container ID to the file + --cpu-count int The number of CPUs available for execution by the container. + Windows daemon only. On Windows Server containers, this is + approximated as a percentage of total CPU usage. + --cpu-percent int CPU percent (Windows only) + --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period + --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota + -c, --cpu-shares int CPU shares (relative weight) + --cpus NanoCPUs Number of CPUs (default 0.000) + --cpu-rt-period int Limit the CPU real-time period in microseconds + --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds + --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) + --device value Add a host device to the container (default []) + --device-cgroup-rule value Add a rule to the cgroup allowed devices list + --device-read-bps value Limit read rate (bytes per second) from a device (default []) + --device-read-iops value Limit read rate (IO per second) from a device (default []) + --device-write-bps value Limit write rate (bytes per second) to a device (default []) + --device-write-iops value Limit write rate (IO per second) to a device (default []) + --disable-content-trust Skip image verification (default true) + --dns value Set custom DNS servers (default []) + --dns-option value Set DNS options (default []) + --dns-search value Set custom DNS search domains (default []) + --entrypoint string Overwrite the default ENTRYPOINT of the image + -e, --env value Set environment variables (default []) + --env-file value Read in a file of environment variables (default []) + --expose value Expose a port or a range of ports (default []) + --group-add value Add additional groups to join (default []) + --health-cmd string Command to run to check health + --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) + --health-start-period duration Start period for the container to initialize before counting retries towards unstable (ns|us|ms|s|m|h) (default 0s) + --help Print usage + -h, --hostname string Container host name + --init Run an init inside the container that forwards signals and reaps processes + --init-path string Path to the docker-init binary + -i, --interactive Keep STDIN open even if not attached + --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) + --io-maxiops uint Maximum IOps limit for the system drive (Windows only) + --ip string IPv4 address (e.g., 172.30.100.104) + --ip6 string IPv6 address (e.g., 2001:db8::33) + --ipc string IPC namespace to use + --isolation string Container isolation technology + --kernel-memory string Kernel memory limit + -l, --label value Set meta data on a container (default []) + --label-file value Read in a line delimited file of labels (default []) + --link value Add link to another container (default []) + --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) + --log-driver string Logging driver for the container + --log-opt value Log driver options (default []) + --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) + -m, --memory string Memory limit + --memory-reservation string Memory soft limit + --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap + --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) + --mount value Attach a filesytem mount to the container (default []) + --name string Assign a name to the container + --network-alias value Add network-scoped alias for the container (default []) + --network string Connect a container to a network (default "default") + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack + '|': connect to a user-defined network + --no-healthcheck Disable any container-specified HEALTHCHECK + --oom-kill-disable Disable OOM Killer + --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) + --pid string PID namespace to use + --pids-limit int Tune container pids limit (set -1 for unlimited), kernel >= 4.3 + --privileged Give extended privileges to this container + -p, --publish value Publish a container's port(s) to the host (default []) + -P, --publish-all Publish all exposed ports to random ports + --read-only Mount the container's root filesystem as read only + --restart string Restart policy to apply when a container exits (default "no") + Possible values are: no, on-failure[:max-retry], always, unless-stopped + --rm Automatically remove the container when it exits + --runtime string Runtime to use for this container + --security-opt value Security Options (default []) + --shm-size bytes Size of /dev/shm + The format is ``. `number` must be greater than `0`. + Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), + or `g` (gigabytes). If you omit the unit, the system uses bytes. + --stop-signal string Signal to stop a container (default "SIGTERM") + --stop-timeout=10 Timeout (in seconds) to stop a container + --storage-opt value Storage driver options for the container (default []) + --sysctl value Sysctl options (default map[]) + --tmpfs value Mount a tmpfs directory (default []) + -t, --tty Allocate a pseudo-TTY + --ulimit value Ulimit options (default []) + -u, --user string Username or UID (format: [:]) + --userns string User namespace to use + 'host': Use the Docker host user namespace + '': Use the Docker daemon user namespace specified by `--userns-remap` option. + --uts string UTS namespace to use + -v, --volume value Bind mount a volume (default []). The format + is `[host-src:]container-dest[:]`. + The comma-delimited `options` are [rw|ro], + [z|Z], [[r]shared|[r]slave|[r]private], + [delegated|cached|consistent], and + [nocopy]. The 'host-src' is an absolute path + or a name value. + --volume-driver string Optional volume driver for the container + --volumes-from value Mount volumes from the specified container(s) (default []) + -w, --workdir string Working directory inside the container ``` ## Description diff --git a/docs/reference/commandline/run.md b/docs/reference/commandline/run.md index e2e5d0a48c..dea7cec763 100644 --- a/docs/reference/commandline/run.md +++ b/docs/reference/commandline/run.md @@ -21,130 +21,131 @@ Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...] Run a command in a new container Options: - --add-host value Add a custom host-to-IP mapping (host:ip) (default []) - -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) - --blkio-weight value Block IO (relative weight), between 10 and 1000 - --blkio-weight-device value Block IO weight (relative device weight) (default []) - --cap-add value Add Linux capabilities (default []) - --cap-drop value Drop Linux capabilities (default []) - --cgroup-parent string Optional parent cgroup for the container - --cidfile string Write the container ID to the file - --cpu-count int The number of CPUs available for execution by the container. - Windows daemon only. On Windows Server containers, this is - approximated as a percentage of total CPU usage. - --cpu-percent int Limit percentage of CPU available for execution - by the container. Windows daemon only. - The processor resource controls are mutually - exclusive, the order of precedence is CPUCount - first, then CPUShares, and CPUPercent last. - --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period - --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota - -c, --cpu-shares int CPU shares (relative weight) - --cpus NanoCPUs Number of CPUs (default 0.000) - --cpu-rt-period int Limit the CPU real-time period in microseconds - --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds - --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) - --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) - -d, --detach Run container in background and print container ID - --detach-keys string Override the key sequence for detaching a container - --device value Add a host device to the container (default []) - --device-cgroup-rule value Add a rule to the cgroup allowed devices list - --device-read-bps value Limit read rate (bytes per second) from a device (default []) - --device-read-iops value Limit read rate (IO per second) from a device (default []) - --device-write-bps value Limit write rate (bytes per second) to a device (default []) - --device-write-iops value Limit write rate (IO per second) to a device (default []) - --disable-content-trust Skip image verification (default true) - --dns value Set custom DNS servers (default []) - --dns-option value Set DNS options (default []) - --dns-search value Set custom DNS search domains (default []) - --entrypoint string Overwrite the default ENTRYPOINT of the image - -e, --env value Set environment variables (default []) - --env-file value Read in a file of environment variables (default []) - --expose value Expose a port or a range of ports (default []) - --group-add value Add additional groups to join (default []) - --health-cmd string Command to run to check health - --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) - --health-retries int Consecutive failures needed to report unhealthy - --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) - --help Print usage - -h, --hostname string Container host name - --init Run an init inside the container that forwards signals and reaps processes - --init-path string Path to the docker-init binary - -i, --interactive Keep STDIN open even if not attached - --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) - (Windows only). The format is ``. - Unit is optional and can be `b` (bytes per second), - `k` (kilobytes per second), `m` (megabytes per second), - or `g` (gigabytes per second). If you omit the unit, - the system uses bytes per second. - --io-maxbandwidth and --io-maxiops are mutually exclusive options. - --io-maxiops uint Maximum IOps limit for the system drive (Windows only) - --ip string IPv4 address (e.g., 172.30.100.104) - --ip6 string IPv6 address (e.g., 2001:db8::33) - --ipc string IPC namespace to use - --isolation string Container isolation technology - --kernel-memory string Kernel memory limit - -l, --label value Set meta data on a container (default []) - --label-file value Read in a line delimited file of labels (default []) - --link value Add link to another container (default []) - --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) - --log-driver string Logging driver for the container - --log-opt value Log driver options (default []) - --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) - -m, --memory string Memory limit - --memory-reservation string Memory soft limit - --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap - --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) - --mount value Attach a filesystem mount to the container (default []) - --name string Assign a name to the container - --network-alias value Add network-scoped alias for the container (default []) - --network string Connect a container to a network - 'bridge': create a network stack on the default Docker bridge - 'none': no networking - 'container:': reuse another container's network stack - 'host': use the Docker host network stack - '|': connect to a user-defined network - --no-healthcheck Disable any container-specified HEALTHCHECK - --oom-kill-disable Disable OOM Killer - --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) - --pid string PID namespace to use - --pids-limit int Tune container pids limit (set -1 for unlimited) - --privileged Give extended privileges to this container - -p, --publish value Publish a container's port(s) to the host (default []) - -P, --publish-all Publish all exposed ports to random ports - --read-only Mount the container's root filesystem as read only - --restart string Restart policy to apply when a container exits (default "no") - Possible values are : no, on-failure[:max-retry], always, unless-stopped - --rm Automatically remove the container when it exits - --runtime string Runtime to use for this container - --security-opt value Security Options (default []) - --shm-size bytes Size of /dev/shm - The format is ``. `number` must be greater than `0`. - Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), - or `g` (gigabytes). If you omit the unit, the system uses bytes. - --sig-proxy Proxy received signals to the process (default true) - --stop-signal string Signal to stop a container (default "SIGTERM") - --stop-timeout=10 Timeout (in seconds) to stop a container - --storage-opt value Storage driver options for the container (default []) - --sysctl value Sysctl options (default map[]) - --tmpfs value Mount a tmpfs directory (default []) - -t, --tty Allocate a pseudo-TTY - --ulimit value Ulimit options (default []) - -u, --user string Username or UID (format: [:]) - --userns string User namespace to use - 'host': Use the Docker host user namespace - '': Use the Docker daemon user namespace specified by `--userns-remap` option. - --uts string UTS namespace to use - -v, --volume value Bind mount a volume (default []). The format - is `[host-src:]container-dest[:]`. - The comma-delimited `options` are [rw|ro], - [z|Z], [[r]shared|[r]slave|[r]private], - [delegated|cached|consistent], and - [nocopy]. The 'host-src' is an absolute path - or a name value. - --volume-driver string Optional volume driver for the container - --volumes-from value Mount volumes from the specified container(s) (default []) - -w, --workdir string Working directory inside the container + --add-host value Add a custom host-to-IP mapping (host:ip) (default []) + -a, --attach value Attach to STDIN, STDOUT or STDERR (default []) + --blkio-weight value Block IO (relative weight), between 10 and 1000 + --blkio-weight-device value Block IO weight (relative device weight) (default []) + --cap-add value Add Linux capabilities (default []) + --cap-drop value Drop Linux capabilities (default []) + --cgroup-parent string Optional parent cgroup for the container + --cidfile string Write the container ID to the file + --cpu-count int The number of CPUs available for execution by the container. + Windows daemon only. On Windows Server containers, this is + approximated as a percentage of total CPU usage. + --cpu-percent int Limit percentage of CPU available for execution + by the container. Windows daemon only. + The processor resource controls are mutually + exclusive, the order of precedence is CPUCount + first, then CPUShares, and CPUPercent last. + --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period + --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota + -c, --cpu-shares int CPU shares (relative weight) + --cpus NanoCPUs Number of CPUs (default 0.000) + --cpu-rt-period int Limit the CPU real-time period in microseconds + --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds + --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) + --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) + -d, --detach Run container in background and print container ID + --detach-keys string Override the key sequence for detaching a container + --device value Add a host device to the container (default []) + --device-cgroup-rule value Add a rule to the cgroup allowed devices list + --device-read-bps value Limit read rate (bytes per second) from a device (default []) + --device-read-iops value Limit read rate (IO per second) from a device (default []) + --device-write-bps value Limit write rate (bytes per second) to a device (default []) + --device-write-iops value Limit write rate (IO per second) to a device (default []) + --disable-content-trust Skip image verification (default true) + --dns value Set custom DNS servers (default []) + --dns-option value Set DNS options (default []) + --dns-search value Set custom DNS search domains (default []) + --entrypoint string Overwrite the default ENTRYPOINT of the image + -e, --env value Set environment variables (default []) + --env-file value Read in a file of environment variables (default []) + --expose value Expose a port or a range of ports (default []) + --group-add value Add additional groups to join (default []) + --health-cmd string Command to run to check health + --health-interval duration Time between running the check (ns|us|ms|s|m|h) (default 0s) + --health-retries int Consecutive failures needed to report unhealthy + --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) (default 0s) + --health-start-period duration Start period for the container to initialize before counting retries towards unstable (ns|us|ms|s|m|h) (default 0s) + --help Print usage + -h, --hostname string Container host name + --init Run an init inside the container that forwards signals and reaps processes + --init-path string Path to the docker-init binary + -i, --interactive Keep STDIN open even if not attached + --io-maxbandwidth string Maximum IO bandwidth limit for the system drive (Windows only) + (Windows only). The format is ``. + Unit is optional and can be `b` (bytes per second), + `k` (kilobytes per second), `m` (megabytes per second), + or `g` (gigabytes per second). If you omit the unit, + the system uses bytes per second. + --io-maxbandwidth and --io-maxiops are mutually exclusive options. + --io-maxiops uint Maximum IOps limit for the system drive (Windows only) + --ip string IPv4 address (e.g., 172.30.100.104) + --ip6 string IPv6 address (e.g., 2001:db8::33) + --ipc string IPC namespace to use + --isolation string Container isolation technology + --kernel-memory string Kernel memory limit + -l, --label value Set meta data on a container (default []) + --label-file value Read in a line delimited file of labels (default []) + --link value Add link to another container (default []) + --link-local-ip value Container IPv4/IPv6 link-local addresses (default []) + --log-driver string Logging driver for the container + --log-opt value Log driver options (default []) + --mac-address string Container MAC address (e.g., 92:d0:c6:0a:29:33) + -m, --memory string Memory limit + --memory-reservation string Memory soft limit + --memory-swap string Swap limit equal to memory plus swap: '-1' to enable unlimited swap + --memory-swappiness int Tune container memory swappiness (0 to 100) (default -1) + --mount value Attach a filesystem mount to the container (default []) + --name string Assign a name to the container + --network-alias value Add network-scoped alias for the container (default []) + --network string Connect a container to a network + 'bridge': create a network stack on the default Docker bridge + 'none': no networking + 'container:': reuse another container's network stack + 'host': use the Docker host network stack + '|': connect to a user-defined network + --no-healthcheck Disable any container-specified HEALTHCHECK + --oom-kill-disable Disable OOM Killer + --oom-score-adj int Tune host's OOM preferences (-1000 to 1000) + --pid string PID namespace to use + --pids-limit int Tune container pids limit (set -1 for unlimited) + --privileged Give extended privileges to this container + -p, --publish value Publish a container's port(s) to the host (default []) + -P, --publish-all Publish all exposed ports to random ports + --read-only Mount the container's root filesystem as read only + --restart string Restart policy to apply when a container exits (default "no") + Possible values are : no, on-failure[:max-retry], always, unless-stopped + --rm Automatically remove the container when it exits + --runtime string Runtime to use for this container + --security-opt value Security Options (default []) + --shm-size bytes Size of /dev/shm + The format is ``. `number` must be greater than `0`. + Unit is optional and can be `b` (bytes), `k` (kilobytes), `m` (megabytes), + or `g` (gigabytes). If you omit the unit, the system uses bytes. + --sig-proxy Proxy received signals to the process (default true) + --stop-signal string Signal to stop a container (default "SIGTERM") + --stop-timeout=10 Timeout (in seconds) to stop a container + --storage-opt value Storage driver options for the container (default []) + --sysctl value Sysctl options (default map[]) + --tmpfs value Mount a tmpfs directory (default []) + -t, --tty Allocate a pseudo-TTY + --ulimit value Ulimit options (default []) + -u, --user string Username or UID (format: [:]) + --userns string User namespace to use + 'host': Use the Docker host user namespace + '': Use the Docker daemon user namespace specified by `--userns-remap` option. + --uts string UTS namespace to use + -v, --volume value Bind mount a volume (default []). The format + is `[host-src:]container-dest[:]`. + The comma-delimited `options` are [rw|ro], + [z|Z], [[r]shared|[r]slave|[r]private], + [delegated|cached|consistent], and + [nocopy]. The 'host-src' is an absolute path + or a name value. + --volume-driver string Optional volume driver for the container + --volumes-from value Mount volumes from the specified container(s) (default []) + -w, --workdir string Working directory inside the container ``` ## Description diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index fbbe5a4724..c03d85fb8e 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -36,6 +36,7 @@ Options: --health-interval duration Time between running the check (ns|us|ms|s|m|h) --health-retries int Consecutive failures needed to report unhealthy --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) + --health-start-period duration Start period for the container to initialize before counting retries towards unstable (ns|us|ms|s|m|h) (default 0s) --help Print usage --host list Set one or more custom host-to-IP mappings (host:ip) (default []) --hostname string Container hostname diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 040d5d95a1..983d53434e 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -44,6 +44,7 @@ Options: --health-interval duration Time between running the check (ns|us|ms|s|m|h) --health-retries int Consecutive failures needed to report unhealthy --health-timeout duration Maximum time to allow one check to run (ns|us|ms|s|m|h) + --health-start-period duration Start period for the container to initialize before counting retries towards unstable (ns|us|ms|s|m|h) (default 0s) --help Print usage --host-add list Add or update a custom host-to-IP mapping (host:ip) (default []) --host-rm list Remove a custom host-to-IP mapping (host:ip) (default []) diff --git a/docs/reference/run.md b/docs/reference/run.md index 00928e6dbd..f5deddfec6 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1462,6 +1462,7 @@ Similarly the operator can set the **HOSTNAME** (Linux) or **COMPUTERNAME** (Win --health-interval Time between running the check --health-retries Consecutive failures needed to report unhealthy --health-timeout Maximum time to allow one check to run + --health-start-period Start period for the container to initialize before starting health-retries countdown --no-healthcheck Disable any container-specified HEALTHCHECK ``` From e434a91221267d20a05c2e5d1779ba7e10e06c33 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 18 Jan 2017 11:38:19 -0800 Subject: [PATCH 2466/2538] Add support for update order This parameter controls the order of operations when rolling out an update task. Either the old task is stopped before starting the new one, or the new task is started first, and the running tasks will briefly overlap. This commit adds Rollout to the API, and --update-order / --rollback-order flags to the CLI. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/service_create.md | 2 ++ docs/reference/commandline/service_update.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index c03d85fb8e..9490f1bb9f 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -65,6 +65,7 @@ Options: --rollback-max-failure-ratio float Failure rate to tolerate during a rollback --rollback-monitor duration Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h) (default 0s) + --rollback-order string Rollback order ("start-first"|"stop-first") (default "stop-first") --rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll back all at once) (default 1) --secret secret Specify secrets to expose to the service @@ -75,6 +76,7 @@ Options: --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") --update-max-failure-ratio float Failure rate to tolerate during an update --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) + --update-order string Update order ("start-first"|"stop-first") (default "stop-first") --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) -u, --user string Username or UID (format: [:]) --with-registry-auth Send registry authentication details to swarm agents diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 983d53434e..559217b504 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -77,6 +77,7 @@ Options: --rollback-max-failure-ratio float Failure rate to tolerate during a rollback --rollback-monitor duration Duration after each task rollback to monitor for failure (ns|us|ms|s|m|h) (default 0s) + --rollback-order string Rollback order ("start-first"|"stop-first") (default "stop-first") --rollback-parallelism uint Maximum number of tasks rolled back simultaneously (0 to roll back all at once) (default 1) --secret-add secret Add or update a secret on a service @@ -88,6 +89,7 @@ Options: --update-failure-action string Action on update failure ("pause"|"continue"|"rollback") (default "pause") --update-max-failure-ratio float Failure rate to tolerate during an update --update-monitor duration Duration after each task update to monitor for failure (ns|us|ms|s|m|h) + --update-order string Update order ("start-first"|"stop-first") (default "stop-first") --update-parallelism uint Maximum number of tasks updated simultaneously (0 to update all at once) (default 1) -u, --user string Username or UID (format: [:]) --with-registry-auth Send registry authentication details to swarm agents From 051ff3b3034c8fb297a1d9a826c49c16f813cc98 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Fri, 24 Mar 2017 16:44:37 -0700 Subject: [PATCH 2467/2538] clarify docker plugin set docs Signed-off-by: Victor Vieux --- docs/reference/commandline/plugin_set.md | 59 ++++++++++++++++++++++-- 1 file changed, 56 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/plugin_set.md b/docs/reference/commandline/plugin_set.md index 4b7ce612ad..5092b0b0cd 100644 --- a/docs/reference/commandline/plugin_set.md +++ b/docs/reference/commandline/plugin_set.md @@ -34,6 +34,60 @@ The settings currently supported are: * path of devices * args +## What is settable ? + +Look at the plugin manifest, it's easy to see what fields are settable, +by looking at the `Settable` field. + +Here is an extract of a plugin manifest: + +``` +{ + "config": { + ... + "args": { + "name": "myargs", + "settable": ["value"], + "value": ["foo", "bar"] + }, + "env": [ + { + "name": "DEBUG", + "settable": ["value"], + "value": "0" + }, + { + "name": "LOGGING", + "value": "1" + } + ], + "devices": [ + { + "name": "mydevice", + "path": "/dev/foo", + "settable": ["path"] + } + ], + "mounts": [ + { + "destination": "/baz", + "name": "mymount", + "options": ["rbind"], + "settable": ["source"], + "source": "/foo", + "type": "bind" + } + ], + ... + } +} +``` + +In this example, we can see that the `value` of the `DEBUG` environment variable is settable, +the `source` of the `mymount` mount is also settable. Same for the `path` of `mydevice` and `value` of `myargs`. + +On the contrary, the `LOGGING` environment variable doesn't have any settable field, which implies that user cannot tweak it. + ## Examples ### Change an environment variable @@ -43,7 +97,6 @@ The following example change the env variable `DEBUG` on the ```bash $ docker plugin inspect -f {{.Settings.Env}} tiborvass/sample-volume-plugin - [DEBUG=0] $ docker plugin set tiborvass/sample-volume-plugin DEBUG=1 @@ -90,13 +143,13 @@ $ docker plugin inspect -f '{{with $device := index .Settings.Devices 0}}{{$devi ### Change the source of the arguments -The following example change the source of the args on the `myplugin` plugin. +The following example change the value of the args on the `myplugin` plugin. ```bash $ docker plugin inspect -f '{{.Settings.Args}}' myplugin ["foo", "bar"] -$ docker plugins set myplugin args="foo bar baz" +$ docker plugins set myplugin myargs="foo bar baz" $ docker plugin inspect -f '{{.Settings.Args}}' myplugin ["foo", "bar", "baz"] From fc6428390a71e8c850f095393b686892ff98272d Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 23 Mar 2017 17:51:57 -0700 Subject: [PATCH 2468/2538] cli: Allow service's networks to be updated Resolve networks IDs on the client side. Avoid filling in deprecated Spec.Networks field. Sort networks in the TaskSpec for update stability. Add an integration test for changing service networks. Signed-off-by: Aaron Lehmann --- docs/reference/commandline/service_update.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index 559217b504..f79caeb41c 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -58,6 +58,8 @@ Options: --log-opt list Logging driver options (default []) --mount-add mount Add or update a mount on a service --mount-rm list Remove a mount by its target path (default []) + --network-add list Add a network + --network-rm list Remove a network --no-healthcheck Disable any container-specified HEALTHCHECK --placement-pref-add pref Add a placement preference --placement-pref-rm pref Remove a placement preference From 29dd51d2a8c3afeebc3cb8424ce5da1388dec411 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Tue, 4 Apr 2017 12:31:00 -0700 Subject: [PATCH 2469/2538] Add docs for named build stages Signed-off-by: Tonis Tiigi --- docs/reference/builder.md | 39 ++++++++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 4261904503..523fd2f807 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -480,30 +480,36 @@ the first pattern, followed by one or more `!` exception patterns. ## FROM - FROM + FROM [AS ] Or - FROM : + FROM [:] [AS ] Or - FROM @ + FROM [@] [AS ] -The `FROM` instruction sets the [*Base Image*](glossary.md#base-image) -for subsequent instructions. As such, a valid `Dockerfile` must have `FROM` as -its first instruction. The image can be any valid image – it is especially easy -to start by **pulling an image** from the [*Public Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/). +The `FROM` instruction initializes a new build stage and sets the +[*Base Image*](glossary.md#base-image) for subsequent instructions. As such, a +valid `Dockerfile` must have `FROM` as its first instruction. The image can be +any valid image – it is especially easy to start by **pulling an image** from +the [*Public Repositories*](https://docs.docker.com/engine/tutorials/dockerrepos/). - `FROM` must be the first non-comment instruction in the `Dockerfile`. -- `FROM` can appear multiple times within a single `Dockerfile` in order to create -multiple images. Simply make a note of the last image ID output by the commit -before each new `FROM` command. +- `FROM` can appear multiple times within a single `Dockerfile` in order to +create multiple images or use one build stage as a dependency for another. +Simply make a note of the last image ID output by the commit before each new +`FROM` command. Each `FROM` command resets all the previous commands. -- The `tag` or `digest` values are optional. If you omit either of them, the builder -assumes a `latest` by default. The builder returns an error if it cannot match -the `tag` value. +- Optionally a name can be given to a new build stage. That name can be then +used in subsequent `FROM` and `COPY --from=` commands to refer back +to the image built in this stage. + +- The `tag` or `digest` values are optional. If you omit either of them, the +builder assumes a `latest` tag by default. The builder returns an error if it +cannot match the `tag` value. ## RUN @@ -937,6 +943,13 @@ All new files and directories are created with a UID and GID of 0. > If you build using STDIN (`docker build - < somefile`), there is no > build context, so `COPY` can't be used. +Optionally `COPY` accepts a flag `--from=` that can be used to set +the source location to a previous build stage (created with `FROM .. AS `) +that will be used instead of a build context sent by the user. The flag also +accepts a numeric index assigned for all previous build stages started with +`FROM` command. In case a build stage with a specified name can't be found an +image with the same name is attempted to be used instead. + `COPY` obeys the following rules: - The `` path must be inside the *context* of the build; From 8abc802de96f6beaf242f68b9aefcab1166907f9 Mon Sep 17 00:00:00 2001 From: Mike Casas Date: Mon, 10 Apr 2017 09:12:19 -0400 Subject: [PATCH 2470/2538] Added word to documentation Improved documentation by adding word for better sentence structure. Signed-off-by: Mike Casas --- docs/reference/commandline/commit.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/commit.md b/docs/reference/commandline/commit.md index 438eaf49dc..f713eeab97 100644 --- a/docs/reference/commandline/commit.md +++ b/docs/reference/commandline/commit.md @@ -31,7 +31,7 @@ Options: ## Description It can be useful to commit a container's file changes or settings into a new -image. This allows you debug a container by running an interactive shell, or to +image. This allows you to debug a container by running an interactive shell, or to export a working dataset to another server. Generally, it is better to use Dockerfiles to manage your images in a documented and maintainable way. [Read more about valid image names and tags](tag.md). From f2933f6ea6df3d2cb7d3709eb195075a9e058ee3 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Fri, 17 Feb 2017 22:04:37 -0800 Subject: [PATCH 2471/2538] Add `--cpus` support for `docker update` This fix tries to address the issue raised in 31032 where it was not possible to specify `--cpus` for `docker update`. This fix adds `--cpus` support for `docker update`. In case both `--cpus` and `--cpu-period/--cpu-quota` have been specified, an error will be returned. Related docs has been updated. Integration tests have been added. This fix fixes 31032. This fix is related to 27921, 27958. Signed-off-by: Yong Tang --- docs/reference/commandline/update.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/update.md b/docs/reference/commandline/update.md index f41cf39db8..935dc9bf36 100644 --- a/docs/reference/commandline/update.md +++ b/docs/reference/commandline/update.md @@ -21,12 +21,13 @@ Usage: docker update [OPTIONS] CONTAINER [CONTAINER...] Update configuration of one or more containers Options: - --blkio-weight value Block IO (relative weight), between 10 and 1000 + --blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0) --cpu-period int Limit CPU CFS (Completely Fair Scheduler) period --cpu-quota int Limit CPU CFS (Completely Fair Scheduler) quota - -c, --cpu-shares int CPU shares (relative weight) --cpu-rt-period int Limit the CPU real-time period in microseconds --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds + -c, --cpu-shares int CPU shares (relative weight) + --cpus decimal Number of CPUs (default 0.000) --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1) --cpuset-mems string MEMs in which to allow execution (0-3, 0,1) --help Print usage From 0d4b2350fbdd939136cbed3abda56716dae0b0f7 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Thu, 16 Mar 2017 11:53:44 +0100 Subject: [PATCH 2472/2538] Add bash completion for `update --cpus` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 878670f939..fe1dd709c2 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1873,6 +1873,7 @@ _docker_container_update() { --cpu-quota --cpu-rt-period --cpu-rt-runtime + --cpus --cpuset-cpus --cpuset-mems --cpu-shares -c From 114cc6ca3a6298505cae5b5cb034a27eccd06e5e Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 14 Nov 2016 13:53:53 -0500 Subject: [PATCH 2473/2538] Implement plugins for logging drivers Logging plugins use the same HTTP interface as other plugins for basic command operations meanwhile actual logging operations are handled (on Unix) via a fifo. The plugin interface looks like so: ```go type loggingPlugin interface { StartLogging(fifoPath string, loggingContext Context) error StopLogging(fifoPath) ``` This means a plugin must implement `LoggingDriver.StartLogging` and `LoggingDriver.StopLogging` endpoints and be able to consume the passed in fifo. Logs are sent via stream encoder to the fifo encoded with protobuf. Signed-off-by: Brian Goff --- docs/extend/config.md | 2 + docs/extend/plugins_logging.md | 220 +++++++++++++++++++++++++++++++++ 2 files changed, 222 insertions(+) create mode 100644 docs/extend/plugins_logging.md diff --git a/docs/extend/config.md b/docs/extend/config.md index ad43e898c7..4feb6bf315 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -59,6 +59,8 @@ Config provides the base accessible fields for working with V0 plugin format - **docker.authz/1.0** + - **docker.logdriver/1.0** + - **`socket`** *string* socket is the name of the socket the engine should use to communicate with the plugins. diff --git a/docs/extend/plugins_logging.md b/docs/extend/plugins_logging.md new file mode 100644 index 0000000000..fd02a6a6f7 --- /dev/null +++ b/docs/extend/plugins_logging.md @@ -0,0 +1,220 @@ +--- +title: "Docker log driver plugins" +description: "Log driver plugins." +keywords: "Examples, Usage, plugins, docker, documentation, user guide, logging" +--- + + + +# Logging driver plugins + +This document describes logging driver plugins for Docker. + +Logging drivers enables users to forward container logs to another service for +processing. Docker includes several logging drivers as built-ins, however can +never hope to support all use-cases with built-in drivers. Plugins allow Docker +to support a wide range of logging services without requiring to embed client +libraries for these services in the main Docker codebase. See the +[plugin documentation](legacy_plugins.md) for more information. + +## Create a logging plugin + +The main interface for logging plugins uses the same JSON+HTTP RPC protocol used +by other plugin types. See the +[example](https://github.com/cpuguy83/docker-log-driver-test) plugin for a +reference implementation of a logging plugin. The example wraps the built-in +`jsonfilelog` log driver. + +## LogDriver protocol + +Logging plugins must register as a `LogDriver` during plugin activation. Once +activated users can specify the plugin as a log driver. + +There are two HTTP endpoints that logging plugins must implement: + +### `/LogDriver.StartLogging` + +Signals to the plugin that a container is starting that the plugin should start +receiving logs for. + +Logs will be streamed over the defined file in the request. On Linux this file +is a FIFO. Logging plugins are not currently supported on Windows. + +**Request**: +```json +{ + "File": "/path/to/file/stream", + "Info": { + "ContainerID": "123456" + } +} +``` + +`File` is the path to the log stream that needs to be consumed. Each call to +`StartLogging` should provide a different file path, even if it's a container +that the plugin has already received logs for prior. The file is created by +docker with a randomly generated name. + +`Info` is details about the container that's being logged. This is fairly +free-form, but is defined by the following struct definition: + +```go +type Info struct { + Config map[string]string + ContainerID string + ContainerName string + ContainerEntrypoint string + ContainerArgs []string + ContainerImageID string + ContainerImageName string + ContainerCreated time.Time + ContainerEnv []string + ContainerLabels map[string]string + LogPath string + DaemonName string +} +``` + + +`ContainerID` will always be supplied with this struct, but other fields may be +empty or missing. + +**Response** +```json +{ + "Err": "" +} +``` + +If an error occurred during this request, add an error message to the `Err` field +in the response. If no error then you can either send an empty response (`{}`) +or an empty value for the `Err` field. + +The driver should at this point be consuming log messages from the passed in file. +If messages are unconsumed, it may cause the contaier to block while trying to +write to its stdio streams. + +Log stream messages are encoded as protocol buffers. The protobuf definitions are +in the +[docker repository](https://github.com/docker/docker/blob/master/api/types/plugins/logdriver/entry.proto). + +Since protocol buffers are not self-delimited you must decode them from the stream +using the following stream format: + +``` +[size][message] +``` + +Where `size` is a 4-byte big endian binary encoded uint32. `size` in this case +defines the size of the next message. `message` is the actual log entry. + +A reference golang implementation of a stream encoder/decoder can be found +[here](https://github.com/docker/docker/blob/master/api/types/plugins/logdriver/io.go) + +### `/LogDriver.StopLogging` + +Signals to the plugin to stop collecting logs from the defined file. +Once a response is received, the file will be removed by Docker. You must make +sure to collect all logs on the stream before responding to this request or risk +losing log data. + +Requests on this endpoint does not mean that the container has been removed +only that it has stopped. + +**Request**: +```json +{ + "File": "/path/to/file/stream" +} +``` + +**Response**: +```json +{ + "Err": "" +} +``` + +If an error occurred during this request, add an error message to the `Err` field +in the response. If no error then you can either send an empty response (`{}`) +or an empty value for the `Err` field. + +## Optional endpoints + +Logging plugins can implement two extra logging endpoints: + +### `/LogDriver.Capabilities` + +Defines the capabilities of the log driver. You must implement this endpoint for +Docker to be able to take advantage of any of the defined capabilities. + +**Request**: +```json +{} +``` + +**Response**: +```json +{ + "ReadLogs": true +} +``` + +Supported capabilities: + +- `ReadLogs` - this tells Docker that the plugin is capable of reading back logs +to clients. Plugins that report that they support `ReadLogs` must implement the +`/LogDriver.ReadLogs` endpoint + +### `/LogDriver.ReadLogs` + +Reads back logs to the client. This is used when `docker logs ` is +called. + +In order for Docker to use this endpoint, the plugin must specify as much when +`/LogDriver.Capabilities` is called. + + +**Request**: +```json +{ + "ReadConfig": {}, + "Info": { + "ContainerID": "123456" + } +} +``` + +`ReadConfig` is the list of options for reading, it is defined with the following +golang struct: + +```go +type ReadConfig struct { + Since time.Time + Tail int + Follow bool +} +``` + +- `Since` defines the oldest log that should be sent. +- `Tail` defines the number of lines to read (e.g. like the command `tail -n 10`) +- `Follow` signals that the client wants to stay attached to receive new log messages +as they come in once the existing logs have been read. + +`Info` is the same type defined in `/LogDriver.StartLogging`. It should be used +to determine what set of logs to read. + +**Response**: +``` +{{ log stream }} +``` + +The response should be the encoded log message using the same format as the +messages that the plugin consumed from Docker. From e3cab9a751dde5bea597f08c6eb6fd0dd25d8ddf Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 10 Apr 2017 12:57:32 -0700 Subject: [PATCH 2474/2538] Add bash completion for `node ls --format` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index fe1dd709c2..d6bec28727 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -3472,11 +3472,14 @@ _docker_node_ls() { __docker_nospace return ;; + --format) + return + ;; esac case "$cur" in -*) - COMPREPLY=( $( compgen -W "--filter -f --help --quiet -q" -- "$cur" ) ) + COMPREPLY=( $( compgen -W "--filter -f --format --help --quiet -q" -- "$cur" ) ) ;; esac } From 0dc44cd964e2a70651b833031152eff293fa0878 Mon Sep 17 00:00:00 2001 From: Vincent Demeester Date: Thu, 16 Mar 2017 10:08:27 +0100 Subject: [PATCH 2475/2538] Merge pull request #31848 from thaJeztah/17.04.0-changelog-updates [17.04.x] deprecation and changelog updates (cherry picked from commit f15f5937514c386ace40a43441dddc28337ca12d) Signed-off-by: Sebastiaan van Stijn --- docs/deprecated.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index bcdfd4de1f..8f6070a810 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -277,9 +277,9 @@ of the `--changes` flag that allows to pass `Dockerfile` commands. ### Interacting with V1 registries -**Disabled By Default In Release: v17.04** +**Disabled By Default In Release: v17.06** -**Target For Removal In Release: v17.10** +**Target For Removal In Release: v17.12** Version 1.9 adds a flag (`--disable-legacy-registry=false`) which prevents the docker daemon from `pull`, `push`, and `login` operations against v1 From 98bcbcf77438cc1463f754f21f798083962bba14 Mon Sep 17 00:00:00 2001 From: Arash Deshmeh Date: Sun, 26 Mar 2017 02:23:24 -0400 Subject: [PATCH 2476/2538] stack rm should accept multiple arguments Signed-off-by: Arash Deshmeh --- docs/reference/commandline/stack_rm.md | 42 ++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/stack_rm.md b/docs/reference/commandline/stack_rm.md index d9d50433a7..a1854ae6f0 100644 --- a/docs/reference/commandline/stack_rm.md +++ b/docs/reference/commandline/stack_rm.md @@ -16,9 +16,9 @@ keywords: "stack, rm, remove, down" # stack rm ```markdown -Usage: docker stack rm STACK +Usage: docker stack rm STACK [STACK...] -Remove the stack +Remove one or more stacks Aliases: rm, remove, down @@ -32,6 +32,44 @@ Options: Remove the stack from the swarm. This command has to be run targeting a manager node. +## Examples + +### Remove a stack + +This will remove the stack with the name `myapp`. Services, networks, and secrets associated with the stack will be removed. + +```bash +$ docker stack rm myapp + +Removing service myapp_redis +Removing service myapp_web +Removing service myapp_lb +Removing network myapp_default +Removing network myapp_frontend +``` + +### Remove multiple stacks + +This will remove all the specified stacks, `myapp` and `vossibility`. Services, networks, and secrets associated with all the specified stacks will be removed. + +```bash +$ docker stack rm myapp vossibility + +Removing service myapp_redis +Removing service myapp_web +Removing service myapp_lb +Removing network myapp_default +Removing network myapp_frontend +Removing service vossibility_nsqd +Removing service vossibility_logstash +Removing service vossibility_elasticsearch +Removing service vossibility_kibana +Removing service vossibility_ghollector +Removing service vossibility_lookupd +Removing network vossibility_default +Removing network vossibility_vossibility +``` + ## Related commands * [stack deploy](stack_deploy.md) From 4b8712eacbc47ac048d63ab7d5619b02b563f2e7 Mon Sep 17 00:00:00 2001 From: Alfred Landrum Date: Mon, 20 Mar 2017 11:38:17 -0700 Subject: [PATCH 2477/2538] Let graphdrivers declare diff stream fidelity This allows graphdrivers to declare that they can reproduce the original diff stream for a layer. If they do so, the layer store will not use tar-split processing, but will still verify the digest on layer export. This makes it easier to experiment with non-default diff formats. Signed-off-by: Alfred Landrum --- docs/extend/plugins_graphdriver.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/docs/extend/plugins_graphdriver.md b/docs/extend/plugins_graphdriver.md index 74caa938f8..c134b1ebc4 100644 --- a/docs/extend/plugins_graphdriver.md +++ b/docs/extend/plugins_graphdriver.md @@ -84,6 +84,29 @@ The request also includes a list of UID and GID mappings, structed as follows: Respond with a non-empty string error if an error occurred. +### /GraphDriver.Capabilities + +**Request**: +```json +{} +``` + +Get behavioral characteristics of the graph driver. If a plugin does not handle +this request, the engine will use default values for all capabilities. + +**Response**: +```json +{ + "ReproducesExactDiffs": false, +} +``` + +Respond with values of capabilities: + +* **ReproducesExactDiffs** Defaults to false. Flags that this driver is capable +of reproducing exactly equivalent diffs for read-only filesystem layers. + + ### /GraphDriver.Create **Request**: From 279bbbab27e473ee4ab7c96b92141345df43e157 Mon Sep 17 00:00:00 2001 From: Drew Erny Date: Thu, 6 Apr 2017 11:55:54 -0700 Subject: [PATCH 2478/2538] Remove experimental from service logs Service logs API is now stable. Service logs now support all features, except retrieving details provided to the log driver. Signed-off-by: Drew Erny --- docs/reference/commandline/service_logs.md | 18 ++++++++++++------ experimental/README.md | 1 - 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/service_logs.md b/docs/reference/commandline/service_logs.md index 844a58e0cf..fd328d0f6d 100644 --- a/docs/reference/commandline/service_logs.md +++ b/docs/reference/commandline/service_logs.md @@ -1,8 +1,7 @@ --- -title: "service logs (experimental)" +title: "service logs" description: "The service logs command description and usage" -keywords: "service, logs" -advisory: "experimental" +keywords: "service, task, logs" --- + +# system events + +```markdown +Usage: docker system events [OPTIONS] + +Get real time events from the server + +Options: + -f, --filter value Filter output based on conditions provided (default []) + --format string Format the output using the given Go template + --help Print usage + --since string Show all events created since timestamp + --until string Stream events until this timestamp +``` + +## Description + +Use `docker system events` to get real-time events from the server. These +events differ per Docker object type. + +### Object types + +#### Containers + +Docker containers report the following events: + +- `attach` +- `commit` +- `copy` +- `create` +- `destroy` +- `detach` +- `die` +- `exec_create` +- `exec_detach` +- `exec_start` +- `export` +- `health_status` +- `kill` +- `oom` +- `pause` +- `rename` +- `resize` +- `restart` +- `start` +- `stop` +- `top` +- `unpause` +- `update` + +#### Images + +Docker images report the following events: + +- `delete` +- `import` +- `load` +- `pull` +- `push` +- `save` +- `tag` +- `untag` + +#### Plugins + +Docker plugins report the following events: + +- `install` +- `enable` +- `disable` +- `remove` + +#### Volumes + +Docker volumes report the following events: + +- `create` +- `mount` +- `unmount` +- `destroy` + +#### Networks + +Docker networks report the following events: + +- `create` +- `connect` +- `disconnect` +- `destroy` + +#### Daemons + +Docker daemons report the following events: + +- `reload` + +### Limiting, filtering, and formatting the output + +#### Limit events by time + +The `--since` and `--until` parameters can be Unix timestamps, date formatted +timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed +relative to the client machine’s time. If you do not provide the `--since` option, +the command returns only new and/or live events. Supported formats for date +formatted time stamps include RFC3339Nano, RFC3339, `2006-01-02T15:04:05`, +`2006-01-02T15:04:05.999999999`, `2006-01-02Z07:00`, and `2006-01-02`. The local +timezone on the client will be used if you do not provide either a `Z` or a +`+-00:00` timezone offset at the end of the timestamp. When providing Unix +timestamps enter seconds[.nanoseconds], where seconds is the number of seconds +that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap +seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a +fraction of a second no more than nine digits long. + +#### Filtering + +The filtering flag (`-f` or `--filter`) format is of "key=value". If you would +like to use multiple filters, pass multiple flags (e.g., +`--filter "foo=bar" --filter "bif=baz"`) + +Using the same filter multiple times will be handled as a *OR*; for example +`--filter container=588a23dac085 --filter container=a8f7720b8c22` will display +events for container 588a23dac085 *OR* container a8f7720b8c22 + +Using multiple filters will be handled as a *AND*; for example +`--filter container=588a23dac085 --filter event=start` will display events for +container container 588a23dac085 *AND* the event type is *start* + +The currently supported filters are: + +* container (`container=`) +* daemon (`daemon=`) +* event (`event=`) +* image (`image=`) +* label (`label=` or `label==`) +* network (`network=`) +* plugin (`plugin=`) +* type (`type=`) +* volume (`volume=`) + +#### Format + +If a format (`--format`) is specified, the given template will be executed +instead of the default +format. Go's [text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. + +If a format is set to `{{json .}}`, the events are streamed as valid JSON +Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . + +## Examples + +### Basic example + +You'll need two shells for this example. + +**Shell 1: Listening for events:** + +```bash +$ docker system events +``` + +**Shell 2: Start and Stop containers:** + +```bash +$ docker create --name test alpine:latest top +$ docker start test +$ docker stop test +``` + +**Shell 1: (Again .. now showing events):** + +```none +2017-01-05T00:35:58.859401177+08:00 container create 0fdb48addc82871eb34eb23a847cfd033dedd1a0a37bef2e6d9eb3870fc7ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1f5ceda09d4300f3a846f0acfaa9a8bb0d89e775eb744c5acecd60e0529e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +``` + +To exit the `docker system events` command, use `CTRL+C`. + +### Filter events by time + +You can filter the output by an absolute timestamp or relative time on the host +machine, using the following different time syntaxes: + +```bash +$ docker system events --since 1483283804 +2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) +2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) + +$ docker system events --since '2017-01-05' +2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) +2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) + +$ docker system events --since '2013-09-03T15:49:29' +2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) +2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) + +$ docker system events --since '10m' +2017-01-05T00:35:41.241772953+08:00 volume create testVol (driver=local) +2017-01-05T00:35:58.859401177+08:00 container create d9cd...4d70 (image=alpine:latest, name=test) +2017-01-05T00:36:04.703631903+08:00 network connect e2e1...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:04.795031609+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:36:09.830268747+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:36:09.840186338+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:36:09.880113663+08:00 network disconnect e2e...29e2 (container=0fdb...ff37, name=bridge, type=bridge) +2017-01-05T00:36:09.890214053+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +``` + +### Filter events by criteria + +The following commands show several different ways to filter the `docker event` +output. + +```bash +$ docker system events --filter 'event=stop' + +2017-01-05T00:40:22.880175420+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:41:17.888104182+08:00 container stop 2a8f...4e78 (image=alpine, name=kickass_brattain) + +$ docker system events --filter 'image=alpine' + +2017-01-05T00:41:55.784240236+08:00 container create d9cd...4d70 (image=alpine, name=happy_meitner) +2017-01-05T00:41:55.913156783+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) +2017-01-05T00:42:01.106875249+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=15) +2017-01-05T00:42:11.111934041+08:00 container kill d9cd...4d70 (image=alpine, name=happy_meitner, signal=9) +2017-01-05T00:42:11.119578204+08:00 container die d9cd...4d70 (exitCode=137, image=alpine, name=happy_meitner) +2017-01-05T00:42:11.173276611+08:00 container stop d9cd...4d70 (image=alpine, name=happy_meitner) + +$ docker system events --filter 'container=test' + +2017-01-05T00:43:00.139719934+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:43:09.259951086+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=15) +2017-01-05T00:43:09.270102715+08:00 container die 0fdb...ff37 (exitCode=143, image=alpine:latest, name=test) +2017-01-05T00:43:09.312556440+08:00 container stop 0fdb...ff37 (image=alpine:latest, name=test) + +$ docker system events --filter 'container=test' --filter 'container=d9cdb1525ea8' + +2017-01-05T00:44:11.517071981+08:00 container start 0fdb...ff37 (image=alpine:latest, name=test) +2017-01-05T00:44:17.685870901+08:00 container start d9cd...4d70 (image=alpine, name=happy_meitner) +2017-01-05T00:44:29.757658470+08:00 container kill 0fdb...ff37 (image=alpine:latest, name=test, signal=9) +2017-01-05T00:44:29.767718510+08:00 container die 0fdb...ff37 (exitCode=137, image=alpine:latest, name=test) +2017-01-05T00:44:29.815798344+08:00 container destroy 0fdb...ff37 (image=alpine:latest, name=test) + +$ docker system events --filter 'container=test' --filter 'event=stop' + +2017-01-05T00:46:13.664099505+08:00 container stop a9d1...e130 (image=alpine, name=test) + +$ docker system events --filter 'type=volume' + +2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) +2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562f...5025, destination=/foo, driver=local, propagation=rprivate) +2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562f...5025, driver=local) +2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) + +$ docker system events --filter 'type=network' + +2015-12-23T21:38:24.705709133Z network create 8b11...2c5b (name=test-event-network-local, type=bridge) +2015-12-23T21:38:25.119625123Z network connect 8b11...2c5b (name=test-event-network-local, container=b4be...c54e, type=bridge) + +$ docker system events --filter 'container=container_1' --filter 'container=container_2' + +2014-09-03T15:49:29.999999999Z07:00 container die 4386fb97867d (image=ubuntu-1:14.04) +2014-05-10T17:42:14.999999999Z07:00 container stop 4386fb97867d (image=ubuntu-1:14.04) +2014-05-10T17:42:14.999999999Z07:00 container die 7805c1d35632 (imager=redis:2.8) +2014-09-03T15:49:29.999999999Z07:00 container stop 7805c1d35632 (image=redis:2.8) + +$ docker system events --filter 'type=volume' + +2015-12-23T21:05:28.136212689Z volume create test-event-volume-local (driver=local) +2015-12-23T21:05:28.383462717Z volume mount test-event-volume-local (read/write=true, container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, destination=/foo, driver=local, propagation=rprivate) +2015-12-23T21:05:28.650314265Z volume unmount test-event-volume-local (container=562fe10671e9273da25eed36cdce26159085ac7ee6707105fd534866340a5025, driver=local) +2015-12-23T21:05:28.716218405Z volume destroy test-event-volume-local (driver=local) + +$ docker system events --filter 'type=network' + +2015-12-23T21:38:24.705709133Z network create 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, type=bridge) +2015-12-23T21:38:25.119625123Z network connect 8b111217944ba0ba844a65b13efcd57dc494932ee2527577758f939315ba2c5b (name=test-event-network-local, container=b4be644031a3d90b400f88ab3d4bdf4dc23adb250e696b6328b85441abe2c54e, type=bridge) + +$ docker system events --filter 'type=plugin' + +2016-07-25T17:30:14.825557616Z plugin pull ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) +2016-07-25T17:30:14.888127370Z plugin enable ec7b87f2ce84330fe076e666f17dfc049d2d7ae0b8190763de94e1f2d105993f (name=tiborvass/sample-volume-plugin:latest) +``` + +### Format the output + +```bash +$ docker system events --filter 'type=container' --format 'Type={{.Type}} Status={{.Status}} ID={{.ID}}' + +Type=container Status=create ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=attach ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=start ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=resize ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=die ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299c126a87812311951e26 +``` + +#### Format as JSON + +```none + $ docker system events --format '{{json .}}' + + {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. + {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. + {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. + {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. +``` From 80a7f5dec763dcdc99d0e1ce49ddeb7b8fc81b03 Mon Sep 17 00:00:00 2001 From: Gary Schaetz Date: Tue, 18 Apr 2017 17:58:53 -0500 Subject: [PATCH 2513/2538] Update attach.md added some clarification around why attach can appear hung to some. issue #1456 on docs Signed-off-by: gary schaetz Updated the documentation to reflect what happens when you use a fragment in the docker build url parameter. Signed-off-by: Gary Schaetz added markup for commands Signed-off-by: Gary Schaetz --- docs/reference/commandline/attach.md | 5 +++++ docs/reference/commandline/build.md | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/docs/reference/commandline/attach.md b/docs/reference/commandline/attach.md index 34ae390544..4153331bad 100644 --- a/docs/reference/commandline/attach.md +++ b/docs/reference/commandline/attach.md @@ -34,6 +34,11 @@ Use `docker attach` to attach your terminal's standard input, output, and error ID or name. This allows you to view its ongoing output or to control it interactively, as though the commands were running directly in your terminal. +> **Note:** +> The `attach` command will display the output of the `ENTRYPOINT/CMD` process. This +> can appear as if the attach command is hung when in fact the process may simply +> not be interacting with the terminal at that time. + You can attach to the same contained process multiple times simultaneously, even as a different user with the appropriate permissions. diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 5d34beca76..697c63647d 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -80,6 +80,10 @@ the command succeeds, the directory is sent to the Docker daemon as the context. Local clones give you the ability to access private repositories using local user credentials, VPN's, and so forth. +> **Note:** +> If the `URL` parameter contains a fragment the system will recursively clone +> the repository and its submodules using a `git clone --recursive` command. + Git URLs accept context configuration in their fragment section, separated by a colon `:`. The first part represents the reference that Git will check out, this can be either a branch, a tag, or a commit SHA. The second part represents From 4dcac12be058a4933a934bfc5e965eb93a2f0e4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philipp=20Gill=C3=A9?= Date: Wed, 3 May 2017 23:29:11 +0200 Subject: [PATCH 2514/2538] Fix list of experimental features - Remove duplicate entry - Fix anchor in link Signed-off-by: Philipp Gille --- experimental/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/experimental/README.md b/experimental/README.md index 196e67aa7d..63e676e3f7 100644 --- a/experimental/README.md +++ b/experimental/README.md @@ -40,12 +40,11 @@ Metrics (Prometheus) output for basic container, image, and daemon operations. * The top-level [docker deploy](../docs/reference/commandline/deploy.md) command. The `docker stack deploy` command is **not** experimental. - * [`--squash` option to `docker build` command](../docs/reference/commandline/build.md##squash-an-images-layers---squash-experimental-only) * [External graphdriver plugins](../docs/extend/plugins_graphdriver.md) * [Ipvlan Network Drivers](vlan-networks.md) * [Distributed Application Bundles](docker-stacks-and-bundles.md) * [Checkpoint & Restore](checkpoint-restore.md) - * [Docker build with --squash argument](../docs/reference/commandline/build.md##squash-an-images-layers---squash-experimental-only) + * [Docker build with --squash argument](../docs/reference/commandline/build.md#squash-an-images-layers---squash-experimental-only) ## How to comment on an experimental feature From 297dc42dff71b20cdbf6c1d4a3cb6ac6417d6660 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 1 May 2017 10:15:03 -0400 Subject: [PATCH 2515/2538] Add no-new-privileg flag The daemon config for defaulting to no-new-privileges for containers was added in d7fda019bb7e24f42f8ae1ddecb3fd52df3c48bf, but somehow we managed to omit the flag itself, but also documented the flag. This just adds the actual flag. Signed-off-by: Brian Goff --- docs/reference/commandline/dockerd.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index b7381079b0..22cda151f3 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -71,6 +71,7 @@ Options: --max-concurrent-uploads int Set the max concurrent uploads for each push (default 5) --metrics-addr string Set default address and port to serve the metrics api on --mtu int Set the containers network MTU + --no-new-privileges Set no-new-privileges by default for new containers --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") --raw-logs Full timestamps without ANSI coloring From 20bcf49fb63858c3a532c22dc667b5c1f2015cc8 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 16 Feb 2017 15:33:03 -0500 Subject: [PATCH 2516/2538] Add option to auto-configure blkdev for devmapper Instead of forcing users to manually configure a block device to use with devmapper, this gives the user the option to let the devmapper driver configure a device for them. Adds several new options to the devmapper storage-opts: - dm.directlvm_device="" - path to the block device to configure for direct-lvm - dm.thinp_percent=95 - sets the percentage of space to use for storage from the passed in block device - dm.thinp_metapercent=1 - sets the percentage of space to for metadata storage from the passed in block device - dm.thinp_autoextend_threshold=80 - sets the threshold for when `lvm` should automatically extend the thin pool as a percentage of the total storage space - dm.thinp_autoextend_percent=20 - sets the percentage to increase the thin pool by when an autoextend is triggered. Defaults are taken from [here](https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/#/configure-direct-lvm-mode-for-production) The only option that is required is `dm.directlvm_device` for docker to set everything up. Changes to these settings are not currently supported and will error out. Future work could support allowing changes to these values. Signed-off-by: Brian Goff --- docs/reference/commandline/dockerd.md | 54 +++++++++++++++++++++++++++ man/dockerd.8.md | 48 ++++++++++++++++++++++++ 2 files changed, 102 insertions(+) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 22cda151f3..5f28f6f21c 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -343,6 +343,60 @@ not use loopback in production. Ensure your Engine daemon has a $ sudo dockerd --storage-opt dm.thinpooldev=/dev/mapper/thin-pool ``` +##### `dm.directlvm_device` + +As an alternative to providing a thin pool as above, Docker can setup a block +device for you. + +###### Example: + +```bash +$ sudo dockerd --storage-opt dm.directlvm_device=/dev/xvdf +``` + +##### `dm.thinp_percent` + +Sets the percentage of passed in block device to use for storage. + +###### Example: + +```bash +$ sudo dockerd --storage-opt dm.thinp_percent=95 +``` + +##### `dm.thinp_metapercent` + +Sets the percentage of the passed in block device to use for metadata storage. + +###### Example: + +```bash +$ sudo dockerd --storage-opt dm.thinp_metapercent=1 +``` + +##### `dm.thinp_autoextend_threshold` + +Sets the value of the percentage of space used before `lvm` attempts to +autoextend the available space [100 = disabled] + +###### Example: + +```bash +$ sudo dockerd --storage-opt dm.thinp_autoextend_threshold=80 +``` + +##### `dm.thinp_autoextend_percent` + +Sets the value percentage value to increase the thin pool by when when `lvm` +attempts to autoextend the available space [100 = disabled] + +###### Example: + +```bash +$ sudo dockerd --storage-opt dm.thinp_autoextend_percent=20 +``` + + ##### `dm.basesize` Specifies the size to use when creating the base device, which limits the diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 228a887e15..6a12d3f165 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -420,6 +420,54 @@ Example use: $ dockerd \ --storage-opt dm.thinpooldev=/dev/mapper/thin-pool +#### dm.directlvm_device + +As an alternative to manually creating a thin pool as above, Docker can +automatically configure a block device for you. + +Example use: + + $ dockerd \ + --storage-opt dm.directlvm_device=/dev/xvdf + +##### dm.thinp_percent + +Sets the percentage of passed in block device to use for storage. + +###### Example: + + $ sudo dockerd \ + --storage-opt dm.thinp_percent=95 + +##### `dm.thinp_metapercent` + +Sets the percentage of the passed in block device to use for metadata storage. + +###### Example: + + $ sudo dockerd \ + --storage-opt dm.thinp_metapercent=1 + +##### dm.thinp_autoextend_threshold + +Sets the value of the percentage of space used before `lvm` attempts to +autoextend the available space [100 = disabled] + +###### Example: + + $ sudo dockerd \ + --storage-opt dm.thinp_autoextend_threshold=80 + +##### dm.thinp_autoextend_percent + +Sets the value percentage value to increase the thin pool by when when `lvm` +attempts to autoextend the available space [100 = disabled] + +###### Example: + + $ sudo dockerd \ + --storage-opt dm.thinp_autoextend_percent=20 + #### dm.basesize Specifies the size to use when creating the base device, which limits From 0808cf04cbd9939cd3770187ce270d4742893b04 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Thu, 6 Apr 2017 13:33:56 +0100 Subject: [PATCH 2517/2538] Add `docker build --iidfile=FILE` This is synonymous with `docker run --cidfile=FILE` and writes the digest of the newly built image to the named file. This is intended to be used by build systems which want to avoid tagging (perhaps because they are in CI or otherwise want to avoid fixed names which can clash) by enabling e.g. Makefile constructs like: image.id: Dockerfile docker build --iidfile=image.id . do-some-more-stuff: image.id do-stuff-with = v1.29 the caller will now see a `JSONMessage` with the `Aux` field containing a `types.BuildResult` in the output stream for each image/layer produced during the build, with the final one being the end product. Having all of the intermediate images might be interesting in some cases. In silent mode (with `-q`) there is no change, on success the only output will be the resulting image digest as it was previosuly. There was no wrapper to just output an Aux section without enclosing it in a Progress, so add one here. Added some tests to integration cli tests. Signed-off-by: Ian Campbell --- docs/reference/commandline/build.md | 1 + man/docker-build.1.md | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 697c63647d..d228853472 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -35,6 +35,7 @@ Options: -f, --file string Name of the Dockerfile (Default is 'PATH/Dockerfile') --force-rm Always remove intermediate containers --help Print usage + --iidfile string Write the image ID to the file --isolation string Container isolation technology --label value Set metadata for an image (default []) -m, --memory string Memory limit diff --git a/man/docker-build.1.md b/man/docker-build.1.md index b650fc3aa2..59eba003a0 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -11,6 +11,7 @@ docker-build - Build an image from a Dockerfile [**--cpu-shares**[=*0*]] [**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] +[**--iidfile**[=*CIDFILE*]] [**-f**|**--file**[=*PATH/Dockerfile*]] [**-squash**] *Experimental* [**--force-rm**] @@ -104,6 +105,9 @@ option can be set multiple times. **--no-cache**=*true*|*false* Do not use cache when building the image. The default is *false*. +**--iidfile**="" + Write the image ID to the file + **--help** Print usage statement From 3e911ff82583e49c22def56488ddcf448adb183b Mon Sep 17 00:00:00 2001 From: "Arnaud Porterie (icecrime)" Date: Mon, 17 Apr 2017 18:18:46 -0500 Subject: [PATCH 2518/2538] Remove cmd/docker and other directories in cli/ in accordance with the new Moby project scope Starting with this commit, integration tests should no longer rely on the docker cli, they should be API tests instead. For the existing tests the scripts will use a frozen version of the docker cli with a DOCKER_API_VERSION frozen to 1.30, which should ensure that the CI remains green at all times. To help contributors develop and test manually with a modified docker cli, this commit also adds a DOCKER_CLI_PATH environment variable to the Makefile. This allows to set the path of a custom cli that will be available inside the development container and used to run the integration tests. Signed-off-by: Arnaud Porterie (icecrime) Signed-off-by: Tibor Vass --- docs/yaml/Dockerfile | 4 - docs/yaml/generate.go | 86 ----------------- docs/yaml/yaml.go | 212 ------------------------------------------ 3 files changed, 302 deletions(-) delete mode 100644 docs/yaml/Dockerfile delete mode 100644 docs/yaml/generate.go delete mode 100644 docs/yaml/yaml.go diff --git a/docs/yaml/Dockerfile b/docs/yaml/Dockerfile deleted file mode 100644 index 059b97a917..0000000000 --- a/docs/yaml/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM scratch -COPY docs /docs -# CMD cannot be nil so we set it to empty string -CMD [""] diff --git a/docs/yaml/generate.go b/docs/yaml/generate.go deleted file mode 100644 index ea5c00ea11..0000000000 --- a/docs/yaml/generate.go +++ /dev/null @@ -1,86 +0,0 @@ -package main - -import ( - "fmt" - "io/ioutil" - "log" - "os" - "path/filepath" - "strings" - - "github.com/docker/docker/cli/command" - "github.com/docker/docker/cli/command/commands" - "github.com/docker/docker/pkg/term" - "github.com/spf13/cobra" - "github.com/spf13/pflag" -) - -const descriptionSourcePath = "docs/reference/commandline/" - -func generateCliYaml(opts *options) error { - stdin, stdout, stderr := term.StdStreams() - dockerCli := command.NewDockerCli(stdin, stdout, stderr) - cmd := &cobra.Command{Use: "docker"} - commands.AddCommands(cmd, dockerCli) - source := filepath.Join(opts.source, descriptionSourcePath) - if err := loadLongDescription(cmd, source); err != nil { - return err - } - - cmd.DisableAutoGenTag = true - return GenYamlTree(cmd, opts.target) -} - -func loadLongDescription(cmd *cobra.Command, path ...string) error { - for _, cmd := range cmd.Commands() { - if cmd.Name() == "" { - continue - } - fullpath := filepath.Join(path[0], strings.Join(append(path[1:], cmd.Name()), "_")+".md") - - if cmd.HasSubCommands() { - loadLongDescription(cmd, path[0], cmd.Name()) - } - - if _, err := os.Stat(fullpath); err != nil { - log.Printf("WARN: %s does not exist, skipping\n", fullpath) - continue - } - - content, err := ioutil.ReadFile(fullpath) - if err != nil { - return err - } - description, examples := parseMDContent(string(content)) - cmd.Long = description - cmd.Example = examples - } - return nil -} - -type options struct { - source string - target string -} - -func parseArgs() (*options, error) { - opts := &options{} - cwd, _ := os.Getwd() - flags := pflag.NewFlagSet(os.Args[0], pflag.ContinueOnError) - flags.StringVar(&opts.source, "root", cwd, "Path to project root") - flags.StringVar(&opts.target, "target", "/tmp", "Target path for generated yaml files") - err := flags.Parse(os.Args[1:]) - return opts, err -} - -func main() { - opts, err := parseArgs() - if err != nil { - fmt.Fprintln(os.Stderr, err.Error()) - } - fmt.Printf("Project root: %s\n", opts.source) - fmt.Printf("Generating yaml files into %s\n", opts.target) - if err := generateCliYaml(opts); err != nil { - fmt.Fprintf(os.Stderr, "Failed to generate yaml files: %s\n", err.Error()) - } -} diff --git a/docs/yaml/yaml.go b/docs/yaml/yaml.go deleted file mode 100644 index 575f9bec5c..0000000000 --- a/docs/yaml/yaml.go +++ /dev/null @@ -1,212 +0,0 @@ -package main - -import ( - "fmt" - "io" - "os" - "path/filepath" - "sort" - "strings" - - "github.com/spf13/cobra" - "github.com/spf13/pflag" - "gopkg.in/yaml.v2" -) - -type cmdOption struct { - Option string - Shorthand string `yaml:",omitempty"` - DefaultValue string `yaml:"default_value,omitempty"` - Description string `yaml:",omitempty"` -} - -type cmdDoc struct { - Name string `yaml:"command"` - SeeAlso []string `yaml:"parent,omitempty"` - Version string `yaml:"engine_version,omitempty"` - Aliases string `yaml:",omitempty"` - Short string `yaml:",omitempty"` - Long string `yaml:",omitempty"` - Usage string `yaml:",omitempty"` - Pname string `yaml:",omitempty"` - Plink string `yaml:",omitempty"` - Cname []string `yaml:",omitempty"` - Clink []string `yaml:",omitempty"` - Options []cmdOption `yaml:",omitempty"` - InheritedOptions []cmdOption `yaml:"inherited_options,omitempty"` - Example string `yaml:"examples,omitempty"` -} - -// GenYamlTree creates yaml structured ref files -func GenYamlTree(cmd *cobra.Command, dir string) error { - identity := func(s string) string { return s } - emptyStr := func(s string) string { return "" } - return GenYamlTreeCustom(cmd, dir, emptyStr, identity) -} - -// GenYamlTreeCustom creates yaml structured ref files -func GenYamlTreeCustom(cmd *cobra.Command, dir string, filePrepender, linkHandler func(string) string) error { - for _, c := range cmd.Commands() { - if !c.IsAvailableCommand() || c.IsHelpCommand() { - continue - } - if err := GenYamlTreeCustom(c, dir, filePrepender, linkHandler); err != nil { - return err - } - } - - basename := strings.Replace(cmd.CommandPath(), " ", "_", -1) + ".yaml" - filename := filepath.Join(dir, basename) - f, err := os.Create(filename) - if err != nil { - return err - } - defer f.Close() - - if _, err := io.WriteString(f, filePrepender(filename)); err != nil { - return err - } - if err := GenYamlCustom(cmd, f, linkHandler); err != nil { - return err - } - return nil -} - -// GenYamlCustom creates custom yaml output -func GenYamlCustom(cmd *cobra.Command, w io.Writer, linkHandler func(string) string) error { - cliDoc := cmdDoc{} - cliDoc.Name = cmd.CommandPath() - - // Check experimental: ok := cmd.Tags["experimental"] - - cliDoc.Aliases = strings.Join(cmd.Aliases, ", ") - cliDoc.Short = cmd.Short - cliDoc.Long = cmd.Long - if len(cliDoc.Long) == 0 { - cliDoc.Long = cliDoc.Short - } - - if cmd.Runnable() { - cliDoc.Usage = cmd.UseLine() - } - - if len(cmd.Example) > 0 { - cliDoc.Example = cmd.Example - } - - flags := cmd.NonInheritedFlags() - if flags.HasFlags() { - cliDoc.Options = genFlagResult(flags) - } - flags = cmd.InheritedFlags() - if flags.HasFlags() { - cliDoc.InheritedOptions = genFlagResult(flags) - } - - if hasSeeAlso(cmd) { - if cmd.HasParent() { - parent := cmd.Parent() - cliDoc.Pname = parent.CommandPath() - link := cliDoc.Pname + ".yaml" - cliDoc.Plink = strings.Replace(link, " ", "_", -1) - cmd.VisitParents(func(c *cobra.Command) { - if c.DisableAutoGenTag { - cmd.DisableAutoGenTag = c.DisableAutoGenTag - } - }) - } - - children := cmd.Commands() - sort.Sort(byName(children)) - - for _, child := range children { - if !child.IsAvailableCommand() || child.IsHelpCommand() { - continue - } - currentChild := cliDoc.Name + " " + child.Name() - cliDoc.Cname = append(cliDoc.Cname, cliDoc.Name+" "+child.Name()) - link := currentChild + ".yaml" - cliDoc.Clink = append(cliDoc.Clink, strings.Replace(link, " ", "_", -1)) - } - } - - final, err := yaml.Marshal(&cliDoc) - if err != nil { - fmt.Println(err) - os.Exit(1) - } - if _, err := fmt.Fprintln(w, string(final)); err != nil { - return err - } - return nil -} - -func genFlagResult(flags *pflag.FlagSet) []cmdOption { - var result []cmdOption - - flags.VisitAll(func(flag *pflag.Flag) { - // Todo, when we mark a shorthand is deprecated, but specify an empty message. - // The flag.ShorthandDeprecated is empty as the shorthand is deprecated. - // Using len(flag.ShorthandDeprecated) > 0 can't handle this, others are ok. - if !(len(flag.ShorthandDeprecated) > 0) && len(flag.Shorthand) > 0 { - opt := cmdOption{ - Option: flag.Name, - Shorthand: flag.Shorthand, - DefaultValue: flag.DefValue, - Description: forceMultiLine(flag.Usage), - } - result = append(result, opt) - } else { - opt := cmdOption{ - Option: flag.Name, - DefaultValue: forceMultiLine(flag.DefValue), - Description: forceMultiLine(flag.Usage), - } - result = append(result, opt) - } - }) - - return result -} - -// Temporary workaround for yaml lib generating incorrect yaml with long strings -// that do not contain \n. -func forceMultiLine(s string) string { - if len(s) > 60 && !strings.Contains(s, "\n") { - s = s + "\n" - } - return s -} - -// Small duplication for cobra utils -func hasSeeAlso(cmd *cobra.Command) bool { - if cmd.HasParent() { - return true - } - for _, c := range cmd.Commands() { - if !c.IsAvailableCommand() || c.IsHelpCommand() { - continue - } - return true - } - return false -} - -func parseMDContent(mdString string) (description string, examples string) { - parsedContent := strings.Split(mdString, "\n## ") - for _, s := range parsedContent { - if strings.Index(s, "Description") == 0 { - description = strings.Trim(s, "Description\n") - } - if strings.Index(s, "Examples") == 0 { - examples = strings.Trim(s, "Examples\n") - } - } - return -} - -type byName []*cobra.Command - -func (s byName) Len() int { return len(s) } -func (s byName) Swap(i, j int) { s[i], s[j] = s[j], s[i] } -func (s byName) Less(i, j int) bool { return s[i].Name() < s[j].Name() } From 6a767c171122df673f19817f0fe904cc9eb0131d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 8 May 2017 15:33:14 +0200 Subject: [PATCH 2519/2538] fix confusing description of stdout/stdin pipe Signed-off-by: Sebastiaan van Stijn --- docs/reference/run.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index f5deddfec6..532acebad5 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -133,7 +133,7 @@ You can specify to which of the three standard streams (`STDIN`, `STDOUT`, For interactive processes (like a shell), you must use `-i -t` together in order to allocate a tty for the container process. `-i -t` is often written `-it` as you'll see in later examples. Specifying `-t` is forbidden when the client -standard output is redirected or piped, such as in: +is receiving its standard input from a pipe, as in: $ echo test | docker run -i busybox cat From 62d0309d24f82360e31dd33b8a967aff53ad6b94 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Mon, 8 May 2017 10:14:15 +0200 Subject: [PATCH 2520/2538] bash completion for `stack deploy --prune` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 7f5cc2e991..e75d372324 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -4017,7 +4017,7 @@ _docker_stack_deploy() { case "$cur" in -*) - local options="--compose-file -c --help --with-registry-auth" + local options="--compose-file -c --help --prune --with-registry-auth" __docker_daemon_is_experimental && options+=" --bundle-file" COMPREPLY=( $( compgen -W "$options" -- "$cur" ) ) ;; From a316bc3895b65a70fcca4a6c3c1ea9c152d5dbcb Mon Sep 17 00:00:00 2001 From: "John V. Martinez" Date: Mon, 1 May 2017 02:08:03 -0400 Subject: [PATCH 2521/2538] Improve documentation on the -e flag to the 'run' cli command. The ability to import the current vale of an environment variable by simply naming the variable didn't seem to be documented anywhere. (see opts/env.go) Signed-off-by: John V. Martinez --- docs/reference/run.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/reference/run.md b/docs/reference/run.md index 532acebad5..b209343b58 100644 --- a/docs/reference/run.md +++ b/docs/reference/run.md @@ -1408,13 +1408,17 @@ The following environment variables are set for Linux containers: Additionally, the operator can **set any environment variable** in the container by using one or more `-e` flags, even overriding those mentioned -above, or already defined by the developer with a Dockerfile `ENV`: +above, or already defined by the developer with a Dockerfile `ENV`. If the +operator names an environment variable without specifying a value, then the +current value of the named variable is propagated into the container's environment: ```bash -$ docker run -e "deep=purple" --rm alpine env +$ export today=Wednesday +$ docker run -e "deep=purple" -e today --rm alpine env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=d2219b854598 deep=purple +today=Wednesday HOME=/root ``` From 95fcee5fc6665569570d9072bde6946d3508c282 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 5 May 2017 14:54:49 +0200 Subject: [PATCH 2522/2538] Add bash completion for `--health-start-period` Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index e75d372324..b925edf055 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1511,6 +1511,11 @@ _docker_container_run_and_create() { --env-file --expose --group-add + --health-cmd + --health-interval + --health-retries + --health-start-period + --health-timeout --hostname -h --ip --ip6 @@ -1566,6 +1571,7 @@ _docker_container_run_and_create() { --help --init --interactive -i + --no-healthcheck --oom-kill-disable --privileged --publish-all -P @@ -1576,14 +1582,9 @@ _docker_container_run_and_create() { if [ "$command" = "run" -o "$subcommand" = "run" ] ; then options_with_args="$options_with_args --detach-keys - --health-cmd - --health-interval - --health-retries - --health-timeout " boolean_options="$boolean_options --detach -d - --no-healthcheck --rm --sig-proxy=false " @@ -3030,6 +3031,7 @@ _docker_service_update_and_create() { --health-cmd --health-interval --health-retries + --health-start-period --health-timeout --hostname --label -l @@ -3039,7 +3041,6 @@ _docker_service_update_and_create() { --log-opt --mount --network - --no-healthcheck --replicas --reserve-cpu --reserve-memory @@ -3065,6 +3066,7 @@ _docker_service_update_and_create() { local boolean_options=" --help + --no-healthcheck --read-only --tty -t --with-registry-auth From d8dfa04caeeb78f2233142e162241eeece930159 Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 5 May 2017 14:31:22 +0200 Subject: [PATCH 2523/2538] Add bash completion for new devicemapper storage options Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index b925edf055..c729377c77 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -2022,15 +2022,15 @@ _docker_daemon() { COMPREPLY=( $( compgen -W "false true" -- "${cur##*=}" ) ) return ;; - dm.fs) - COMPREPLY=( $( compgen -W "ext4 xfs" -- "${cur##*=}" ) ) - return - ;; - dm.thinpooldev) + dm.directlvm_device|dm.thinpooldev) cur=${cur##*=} - _filedir - return - ;; + _filedir + return + ;; + dm.fs) + COMPREPLY=( $( compgen -W "ext4 xfs" -- "${cur##*=}" ) ) + return + ;; esac case "$prev" in @@ -2070,6 +2070,7 @@ _docker_daemon() { dm.basesize dm.blkdiscard dm.blocksize + dm.directlvm_device dm.fs dm.loopdatasize dm.loopmetadatasize @@ -2078,6 +2079,10 @@ _docker_daemon() { dm.mountopt dm.override_udev_sync_check dm.thinpooldev + dm.thinp_autoextend_percent + dm.thinp_autoextend_threshold + dm.thinp_metapercent + dm.thinp_percent dm.use_deferred_deletion dm.use_deferred_removal " From cf95e198c5c856673428fccad9426cfaac3b2a72 Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Thu, 16 Mar 2017 10:39:18 -0700 Subject: [PATCH 2524/2538] Update CLI docs and add opts/config.go Signed-off-by: Aaron Lehmann --- docs/reference/commandline/cli.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index a8529e728f..4d1cd2a638 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -167,12 +167,20 @@ property is not set, the client falls back to the default table format. For a list of supported formatting directives, see [**Formatting** section in the `docker secret ls` documentation](secret_ls.md) + The property `nodesFormat` specifies the default format for `docker node ls` output. When the `--format` flag is not provided with the `docker node ls` command, Docker's client uses the value of `nodesFormat`. If the value of `nodesFormat` is not set, the client uses the default table format. For a list of supported formatting directives, see the [**Formatting** section in the `docker node ls` documentation](node_ls.md) +The property `configFormat` specifies the default format for `docker +config ls` output. When the `--format` flag is not provided with the +`docker config ls` command, Docker's client uses this property. If this +property is not set, the client falls back to the default table +format. For a list of supported formatting directives, see +[**Formatting** section in the `docker config ls` documentation](config_ls.md) + The property `credsStore` specifies an external binary to serve as the default credential store. When this property is set, `docker login` will attempt to store credentials in the binary specified by `docker-credential-` which @@ -218,6 +226,7 @@ Following is a sample `config.json` file: "statsFormat": "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}", "servicesFormat": "table {{.ID}}\t{{.Name}}\t{{.Mode}}", "secretFormat": "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}\t{{.UpdatedAt}}", + "configFormat": "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}\t{{.UpdatedAt}}", "serviceInspectFormat": "pretty", "nodesFormat": "table {{.ID}}\t{{.Hostname}}\t{{.Availability}}", "detachKeys": "ctrl-e,e", From 4c0d6698d11adf28beff7bcc5fbbec123f4aa6bc Mon Sep 17 00:00:00 2001 From: Harald Albers Date: Fri, 5 May 2017 16:52:33 +0200 Subject: [PATCH 2525/2538] Update bash completion for log driver options Signed-off-by: Harald Albers --- contrib/completion/bash/docker | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c729377c77..781bf8f647 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -746,17 +746,24 @@ __docker_complete_log_drivers() { __docker_complete_log_options() { # see repository docker/docker.github.io/engine/admin/logging/ - local common_options="max-buffer-size mode" - local awslogs_options="$common_options awslogs-create-group awslogs-group awslogs-region awslogs-stream" - local fluentd_options="$common_options env fluentd-address fluentd-async-connect fluentd-buffer-limit fluentd-retry-wait fluentd-max-retries labels tag" - local gcplogs_options="$common_options env gcp-log-cmd gcp-project labels" - local gelf_options="$common_options env gelf-address gelf-compression-level gelf-compression-type labels tag" - local journald_options="$common_options env labels tag" - local json_file_options="$common_options env labels max-file max-size" - local logentries_options="$common_options logentries-token" - local syslog_options="$common_options env labels syslog-address syslog-facility syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify tag" - local splunk_options="$common_options env labels splunk-caname splunk-capath splunk-format splunk-gzip splunk-gzip-level splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url splunk-verify-connection tag" + # really global options, defined in https://github.com/moby/moby/blob/master/daemon/logger/factory.go + local common_options1="max-buffer-size mode" + # common options defined in https://github.com/moby/moby/blob/master/daemon/logger/loginfo.go + # but not implemented in all log drivers + local common_options2="env env-regex labels" + + # awslogs does not implement the $common_options2. + local awslogs_options="$common_options1 awslogs-create-group awslogs-group awslogs-region awslogs-stream tag" + + local fluentd_options="$common_options1 $common_options2 fluentd-address fluentd-async-connect fluentd-buffer-limit fluentd-retry-wait fluentd-max-retries tag" + local gcplogs_options="$common_options1 $common_options2 gcp-log-cmd gcp-meta-id gcp-meta-name gcp-meta-zone gcp-project" + local gelf_options="$common_options1 $common_options2 gelf-address gelf-compression-level gelf-compression-type tag" + local journald_options="$common_options1 $common_options2 tag" + local json_file_options="$common_options1 $common_options2 max-file max-size" + local logentries_options="$common_options1 $common_options2 logentries-token tag" + local splunk_options="$common_options1 $common_options2 splunk-caname splunk-capath splunk-format splunk-gzip splunk-gzip-level splunk-index splunk-insecureskipverify splunk-source splunk-sourcetype splunk-token splunk-url splunk-verify-connection tag" + local syslog_options="$common_options1 $common_options2 syslog-address syslog-facility syslog-format syslog-tls-ca-cert syslog-tls-cert syslog-tls-key syslog-tls-skip-verify tag" local all_options="$fluentd_options $gcplogs_options $gelf_options $journald_options $logentries_options $json_file_options $syslog_options $splunk_options" From d8e04f68d3cba0a65f6b624db0dff40db9f6ca15 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 13 Apr 2017 21:56:50 -0400 Subject: [PATCH 2526/2538] Add support for metrics plugins Allows for a plugin type that can be used to scrape metrics. This is useful because metrics are not neccessarily at a standard location... `--metrics-addr` must be set, and must currently be a TCP socket. Even if metrics are done via a unix socket, there's no guarentee where the socket may be located on the system, making bind-mounting such a socket into a container difficult (and racey, failure-prone on daemon restart). Metrics plugins side-step this issue by always listening on a unix socket and then bind-mounting that into a known path in the plugin container. Note there has been similar work in the past (and ultimately punted at the time) for consistent access to the Docker API from within a container. Why not add metrics to the Docker API and just provide a plugin with access to the Docker API? Certainly this can be useful, but gives a lot of control/access to a plugin that may only need the metrics. We can look at supporting API plugins separately for this reason. Signed-off-by: Brian Goff --- docs/extend/config.md | 2 + docs/extend/plugins_metrics.md | 85 +++++++++++++++++++++++++ docs/reference/commandline/plugin_ls.md | 4 +- 3 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 docs/extend/plugins_metrics.md diff --git a/docs/extend/config.md b/docs/extend/config.md index c7444525fc..bb6c7f2ceb 100644 --- a/docs/extend/config.md +++ b/docs/extend/config.md @@ -61,6 +61,8 @@ Config provides the base accessible fields for working with V0 plugin format - **docker.logdriver/1.0** + - **docker.metricscollector/1.0** + - **`socket`** *string* socket is the name of the socket the engine should use to communicate with the plugins. diff --git a/docs/extend/plugins_metrics.md b/docs/extend/plugins_metrics.md new file mode 100644 index 0000000000..a86c7f22d2 --- /dev/null +++ b/docs/extend/plugins_metrics.md @@ -0,0 +1,85 @@ +--- +title: "Docker metrics collector plugins" +description: "Metrics plugins." +keywords: "Examples, Usage, plugins, docker, documentation, user guide, metrics" +--- + + + +# Metrics Collector Plugins + +Docker exposes internal metrics based on the prometheus format. Metrics plugins +enable accessing these metrics in a consistent way by providing a Unix +socket at a predefined path where the plugin can scrape the metrics. + +> **Note**: that while the plugin interface for metrics is non-experimental, the naming +of the metrics and metric labels is still considered experimental and may change +in a future version. + +## Creating a metrics plugin + +You must currently set `PropagatedMount` in the plugin `config.json` to +`/run/docker`. This allows the plugin to receive updated mounts +(the bind-mounted socket) from Docker after the plugin is already configured. + +## MetricsCollector protocol + +Metrics plugins must register as implementing the`MetricsCollector` interface +in `config.json`. + +On Unix platforms, the socket is located at `/run/docker/metrics.sock` in the +plugin's rootfs. + +`MetricsCollector` must implement two endpoints: + +### `MetricsCollector.StartMetrics` + +Signals to the plugin that the metrics socket is now available for scraping + +**Request** +```json +{} +``` + +The request has no playload. + +**Response** +```json +{ + "Err": "" +} +``` + +If an error occurred during this request, add an error message to the `Err` field +in the response. If no error then you can either send an empty response (`{}`) +or an empty value for the `Err` field. Errors will only be logged. + +### `MetricsCollector.StopMetrics` + +Signals to the plugin that the metrics socket is no longer available. +This may happen when the daemon is shutting down. + +**Request** +```json +{} +``` + +The request has no playload. + +**Response** +```json +{ + "Err": "" +} +``` + +If an error occurred during this request, add an error message to the `Err` field +in the response. If no error then you can either send an empty response (`{}`) +or an empty value for the `Err` field. Errors will only be logged. diff --git a/docs/reference/commandline/plugin_ls.md b/docs/reference/commandline/plugin_ls.md index 7808c79f6d..3ba29fee03 100644 --- a/docs/reference/commandline/plugin_ls.md +++ b/docs/reference/commandline/plugin_ls.md @@ -55,7 +55,7 @@ than one filter, then pass multiple flags (e.g., `--filter "foo=bar" --filter "b The currently supported filters are: * enabled (boolean - true or false, 0 or 1) -* capability (string - currently `volumedriver`, `networkdriver`, `ipamdriver`, or `authz`) +* capability (string - currently `volumedriver`, `networkdriver`, `ipamdriver`, `logdriver`, `metricscollector`, or `authz`) #### enabled @@ -65,7 +65,7 @@ The `enabled` filter matches on plugins enabled or disabled. The `capability` filter matches on plugin capabilities. One plugin might have multiple capabilities. Currently `volumedriver`, `networkdriver`, -`ipamdriver`, and `authz` are supported capabilities. +`ipamdriver`, `logdriver`, `metricscollector`, and `authz` are supported capabilities. ```bash $ docker plugin install --disable tiborvass/no-remove From c6e78b9c5f915bc0d717cc4949e32fcfbbe85f55 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Fri, 12 May 2017 18:45:08 -0400 Subject: [PATCH 2527/2538] Document arg before from Signed-off-by: Daniel Nephin --- docs/reference/builder.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/reference/builder.md b/docs/reference/builder.md index 9c28e8b47f..2571511b64 100644 --- a/docs/reference/builder.md +++ b/docs/reference/builder.md @@ -530,6 +530,17 @@ FROM extras:${CODE_VERSION} CMD /code/run-extras ``` +To use the default value of an `ARG` declared before the first `FROM` use an +`ARG` instruction without a value: + +```Dockerfile +ARG SETTINGS=default + +FROM busybox +ARG SETTINGS + +``` + ## RUN RUN has 2 forms: From 48ba755c3bd7fd99d060f793d8ec7a811a0a38c5 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 10 Apr 2017 17:11:28 -0700 Subject: [PATCH 2528/2538] Allow checking out any ref in gitutils Also changes so that shallow fetch is performed even when a specific ref is specified. Signed-off-by: Tonis Tiigi --- docs/reference/commandline/build.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index d228853472..57480dcd0f 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -74,12 +74,12 @@ pre-packaged tarball contexts and plain text files. ### Git repositories When the `URL` parameter points to the location of a Git repository, the -repository acts as the build context. The system recursively clones the -repository and its submodules using a `git clone --depth 1 --recursive` -command. This command runs in a temporary directory on your local host. After -the command succeeds, the directory is sent to the Docker daemon as the -context. Local clones give you the ability to access private repositories using -local user credentials, VPN's, and so forth. +repository acts as the build context. The system recursively fetches the +repository and its submodules. The commit history is not preserved. A +repository is first pulled into a temporary directory on your local host. After +the that succeeds, the directory is sent to the Docker daemon as the context. +Local copy gives you the ability to access private repositories using local +user credentials, VPN's, and so forth. > **Note:** > If the `URL` parameter contains a fragment the system will recursively clone @@ -87,8 +87,9 @@ local user credentials, VPN's, and so forth. Git URLs accept context configuration in their fragment section, separated by a colon `:`. The first part represents the reference that Git will check out, -this can be either a branch, a tag, or a commit SHA. The second part represents -a subdirectory inside the repository that will be used as a build context. +this can be either a branch, a tag, or a remote reference. The second part +represents a subdirectory inside the repository that will be used as a build +context. For example, run this command to use a directory called `docker` in the branch `container`: @@ -105,12 +106,11 @@ Build Syntax Suffix | Commit Used | Build Context Used `myrepo.git` | `refs/heads/master` | `/` `myrepo.git#mytag` | `refs/tags/mytag` | `/` `myrepo.git#mybranch` | `refs/heads/mybranch` | `/` -`myrepo.git#abcdef` | `sha1 = abcdef` | `/` +`myrepo.git#pull/42/head` | `refs/pull/42/head` | `/` `myrepo.git#:myfolder` | `refs/heads/master` | `/myfolder` `myrepo.git#master:myfolder` | `refs/heads/master` | `/myfolder` `myrepo.git#mytag:myfolder` | `refs/tags/mytag` | `/myfolder` `myrepo.git#mybranch:myfolder` | `refs/heads/mybranch` | `/myfolder` -`myrepo.git#abcdef:myfolder` | `sha1 = abcdef` | `/myfolder` ### Tarball contexts From d50472f52bb5b8d3e0a63f236b6714c26e7a1edf Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Fri, 12 May 2017 17:12:10 -0700 Subject: [PATCH 2529/2538] =?UTF-8?q?docs:=20add=20docs=20for=20build=20?= =?UTF-8?q?=E2=80=94target?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tonis Tiigi --- docs/reference/commandline/build.md | 19 +++++++++++++++++++ man/docker-build.1.md | 4 ++++ 2 files changed, 23 insertions(+) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index 57480dcd0f..9f587372c6 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -57,6 +57,7 @@ Options: or `g` (gigabytes). If you omit the unit, the system uses bytes. --squash Squash newly built layers into a single new layer (**Experimental Only**) -t, --tag value Name and optionally a tag in the 'name:tag' format (default []) + --target string Set the target build stage to build. --ulimit value Ulimit options (default []) ``` @@ -454,6 +455,24 @@ more `--add-host` flags. This example adds a static address for a host named $ docker build --add-host=docker:10.180.0.1 . +### Specifying target build stage (--target) + +When building a Dockerfile with multiple build stages, `--target` can be used to +specify an intermediate build stage by name as a final stage for the resulting +image. Commands after the target stage will be skipped. + +```Dockerfile +FROM debian AS build-env +... + +FROM alpine AS production-env +... +``` + +```bash +$ docker build -t mybuildimage --target build-env . +``` + ### Squash an image's layers (--squash) **Experimental Only** #### Overview diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 59eba003a0..1fe51811a3 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -31,6 +31,7 @@ docker-build - Build an image from a Dockerfile [**--cpu-quota**[=*0*]] [**--cpuset-cpus**[=*CPUSET-CPUS*]] [**--cpuset-mems**[=*CPUSET-MEMS*]] +[**--target**[=*[]*]] [**--ulimit**[=*[]*]] PATH | URL | - @@ -233,6 +234,9 @@ two memory nodes. If the path is not absolute, the path is considered relative to the `cgroups` path of the init process. Cgroups are created if they do not already exist. +**--target**="" + Set the target build stage name. + **--ulimit**=[] Ulimit options From bc5fca913b673d2caf04316806e000da9493a761 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 15 May 2017 09:58:49 -0700 Subject: [PATCH 2530/2538] docs: add missing cache-from man docs Signed-off-by: Tonis Tiigi --- man/docker-build.1.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/man/docker-build.1.md b/man/docker-build.1.md index 1fe51811a3..3ac9f81f0f 100644 --- a/man/docker-build.1.md +++ b/man/docker-build.1.md @@ -8,6 +8,7 @@ docker-build - Build an image from a Dockerfile **docker build** [**--add-host**[=*[]*]] [**--build-arg**[=*[]*]] +[**--cache-from**[=*[]*]] [**--cpu-shares**[=*0*]] [**--cgroup-parent**[=*CGROUP-PARENT*]] [**--help**] @@ -94,6 +95,9 @@ option can be set multiple times. or for variable expansion in other Dockerfile instructions. This is not meant for passing secret values. [Read more about the buildargs instruction](https://docs.docker.com/engine/reference/builder/#arg) +**--cache-from**="" + Set image that will be used as a build cache source. + **--force-rm**=*true*|*false* Always remove intermediate containers, even after unsuccessful builds. The default is *false*. From 42ec86ae9b070b0dacadee63c7bbfcf8cae3eea3 Mon Sep 17 00:00:00 2001 From: Ying Li Date: Wed, 10 May 2017 13:32:47 -0700 Subject: [PATCH 2531/2538] Update the CLI docs to display whether a root rotation is in progress when viewing system info, and TLS info when displaying node info. Signed-off-by: Ying Li --- docs/reference/commandline/info.md | 1 + docs/reference/commandline/node_inspect.md | 30 ++++++++++++++++++---- docs/reference/commandline/node_ls.md | 8 +++--- 3 files changed, 31 insertions(+), 8 deletions(-) diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 798c3f04da..9929c04af3 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -145,6 +145,7 @@ Swarm: active Heartbeat Period: 5 seconds CA Configuration: Expiry Duration: 3 months + Root Rotation In Progress: false Node Address: 172.16.66.128 172.16.66.129 Manager Addresses: 172.16.66.128:2477 diff --git a/docs/reference/commandline/node_inspect.md b/docs/reference/commandline/node_inspect.md index 6d7dc739e8..6ee9e17e6f 100644 --- a/docs/reference/commandline/node_inspect.md +++ b/docs/reference/commandline/node_inspect.md @@ -47,8 +47,8 @@ $ docker node inspect swarm-manager "Version": { "Index": 10 }, - "CreatedAt": "2016-06-16T22:52:44.9910662Z", - "UpdatedAt": "2016-06-16T22:52:45.230878043Z", + "CreatedAt": "2017-05-16T22:52:44.9910662Z", + "UpdatedAt": "2017-05-16T22:52:45.230878043Z", "Spec": { "Role": "manager", "Availability": "active" @@ -64,7 +64,7 @@ $ docker node inspect swarm-manager "MemoryBytes": 1039843328 }, "Engine": { - "EngineVersion": "1.12.0", + "EngineVersion": "17.06.0-ce", "Plugins": [ { "Type": "Volume", @@ -91,6 +91,11 @@ $ docker node inspect swarm-manager "Name": "overlay" } ] + }, + "TLSInfo": { + "TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n", + "CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh", + "CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==" } }, "Status": { @@ -116,7 +121,7 @@ false $ docker node inspect --pretty self ID: e216jshn25ckzbvmwlnh5jr3g Hostname: swarm-manager -Joined at: 2016-06-16 22:52:44.9910662 +0000 utc +Joined at: 2017-05-16 22:52:44.9910662 +0000 utc Status: State: Ready Availability: Active @@ -134,7 +139,22 @@ Resources: Plugins: Network: overlay, bridge, null, host, overlay Volume: local -Engine Version: 1.12.0 +Engine Version: 17.06.0-ce +TLS Info: + TrustRoot: +-----BEGIN CERTIFICATE----- +MIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw +EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy +NDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g +Ah8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO +PQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3 +zONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ== +-----END CERTIFICATE----- + + Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ== + Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh ``` ## Related commands diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 8162e11b58..224642c2e5 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -145,17 +145,19 @@ Placeholder | Description `.Status` | Node status `.Availability` | Node availability ("active", "pause", or "drain") `.ManagerStatus` | Manager status of the node +`.TLSStatus` | TLS status of the node ("Ready", or "Needs Rotation" has TLS certificate signed by an old CA) When using the `--format` option, the `node ls` command will either output the data exactly as the template declares or, when using the `table` directive, includes column headers as well. The following example uses a template without headers and outputs the -`ID` and `Hostname` entries separated by a colon for all nodes: +`ID`, `Hostname`, and `TLS Status` entries separated by a colon for all nodes: ```bash -$ docker node ls --format "{{.ID}}: {{.Hostname}}" -e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 +$ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}" +e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready +35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation `` From 981055449460b36ba5606fd93be0e1e181b1caec Mon Sep 17 00:00:00 2001 From: Noah Treuhaft Date: Tue, 9 May 2017 14:00:31 -0700 Subject: [PATCH 2532/2538] Add daemon option to push foreign layers The --allow-nondistributable-artifacts daemon option specifies registries to which foreign layers should be pushed. (By default, foreign layers are not pushed to registries.) Additionally, to make this option effective, foreign layers are now pulled from the registry if possible, falling back to the URLs in the image manifest otherwise. This option is useful when pushing images containing foreign layers to a registry on an air-gapped network so hosts on that network can pull the images without connecting to another server. Signed-off-by: Noah Treuhaft --- contrib/completion/bash/docker | 1 + contrib/completion/zsh/_docker | 1 + docs/reference/commandline/dockerd.md | 30 +++++++++++++++++++++++++++ man/dockerd.8.md | 15 ++++++++++++++ 4 files changed, 47 insertions(+) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 781bf8f647..79209c2941 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1969,6 +1969,7 @@ _docker_daemon() { local options_with_args=" $global_options_with_args --add-runtime + --allow-nondistributable-artifacts --api-cors-header --authorization-plugin --bip diff --git a/contrib/completion/zsh/_docker b/contrib/completion/zsh/_docker index 316caf5d43..0860907839 100644 --- a/contrib/completion/zsh/_docker +++ b/contrib/completion/zsh/_docker @@ -2603,6 +2603,7 @@ __docker_subcommand() { _arguments $(__docker_arguments) \ $opts_help \ "($help)*--add-runtime=[Register an additional OCI compatible runtime]:runtime:__docker_complete_runtimes" \ + "($help)*--allow-nondistributable-artifacts=[Push nondistributable artifacts to specified registries]:registry: " \ "($help)--api-cors-header=[CORS headers in the Engine API]:CORS headers: " \ "($help)*--authorization-plugin=[Authorization plugins to load]" \ "($help -b --bridge)"{-b=,--bridge=}"[Attach containers to a network bridge]:bridge:_net_interfaces" \ diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 5f28f6f21c..93774c841b 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -23,6 +23,7 @@ A self-sufficient runtime for containers. Options: --add-runtime runtime Register an additional OCI compatible runtime (default []) + --allow-nondistributable-artifacts list Push nondistributable artifacts to specified registries (default []) --api-cors-header string Set CORS headers in the Engine API --authorization-plugin list Authorization plugins to load (default []) --bip string Specify network bridge IP @@ -828,6 +829,32 @@ To set the DNS search domain for all Docker containers, use: $ sudo dockerd --dns-search example.com ``` +#### Allow push of nondistributable artifacts + +Some images (e.g., Windows base images) contain artifacts whose distribution is +restricted by license. When these images are pushed to a registry, restricted +artifacts are not included. + +To override this behavior for specific registries, use the +`--allow-nondistributable-artifacts` option in one of the following forms: + +* `--allow-nondistributable-artifacts myregistry:5000` tells the Docker daemon + to push nondistributable artifacts to myregistry:5000. +* `--allow-nondistributable-artifacts 10.1.0.0/16` tells the Docker daemon to + push nondistributable artifacts to all registries whose resolved IP address + is within the subnet described by the CIDR syntax. + +This option can be used multiple times. + +This option is useful when pushing images containing nondistributable artifacts +to a registry on an air-gapped network so hosts on that network can pull the +images without connecting to another server. + +> **Warning**: Nondistributable artifacts typically have restrictions on how +> and where they can be distributed and shared. Only use this feature to push +> artifacts to private registries and ensure that you are in compliance with +> any terms that cover redistributing nondistributable artifacts. + #### Insecure registries Docker considers a private registry either secure or insecure. In the rest of @@ -1261,6 +1288,7 @@ This is a full example of the allowed configuration options on Linux: "default-gateway-v6": "", "icc": false, "raw-logs": false, + "allow-nondistributable-artifacts": [], "registry-mirrors": [], "seccomp-profile": "", "insecure-registries": [], @@ -1330,6 +1358,7 @@ This is a full example of the allowed configuration options on Windows: "bridge": "", "fixed-cidr": "", "raw-logs": false, + "allow-nondistributable-artifacts": [], "registry-mirrors": [], "insecure-registries": [], "disable-legacy-registry": false @@ -1361,6 +1390,7 @@ The list of currently supported options that can be reconfigured is this: - `runtimes`: it updates the list of available OCI runtimes that can be used to run containers - `authorization-plugin`: specifies the authorization plugins to use. +- `allow-nondistributable-artifacts`: Replaces the set of registries to which the daemon will push nondistributable artifacts with a new set of registries. - `insecure-registries`: it replaces the daemon insecure registries with a new set of insecure registries. If some existing insecure registries in daemon's configuration are not in newly reloaded insecure resgitries, these existing ones will be removed from daemon's config. - `registry-mirrors`: it replaces the daemon registry mirrors with a new set of registry mirrors. If some existing registry mirrors in daemon's configuration are not in newly reloaded registry mirrors, these existing ones will be removed from daemon's config. diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 6a12d3f165..a4e079074f 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -7,6 +7,7 @@ dockerd - Enable daemon mode # SYNOPSIS **dockerd** [**--add-runtime**[=*[]*]] +[**--allow-nondistributable-artifacts**[=*[]*]] [**--api-cors-header**=[=*API-CORS-HEADER*]] [**--authorization-plugin**[=*[]*]] [**-b**|**--bridge**[=*BRIDGE*]] @@ -116,6 +117,20 @@ $ sudo dockerd --add-runtime runc=runc --add-runtime custom=/usr/local/bin/my-ru **Note**: defining runtime arguments via the command line is not supported. +**--allow-nondistributable-artifacts**=[] + Push nondistributable artifacts to the specified registries. + + List can contain elements with CIDR notation to specify a whole subnet. + + This option is useful when pushing images containing nondistributable + artifacts to a registry on an air-gapped network so hosts on that network can + pull the images without connecting to another server. + + **Warning**: Nondistributable artifacts typically have restrictions on how + and where they can be distributed and shared. Only use this feature to push + artifacts to private registries and ensure that you are in compliance with + any terms that cover redistributing nondistributable artifacts. + **--api-cors-header**="" Set CORS headers in the Engine API. Default is cors disabled. Give urls like "http://foo, http://bar, ...". Give "*" to allow all. From e1cd83f28a3bc3080ba834553aee50d03a3bb49d Mon Sep 17 00:00:00 2001 From: Ying Li Date: Wed, 10 May 2017 15:34:56 -0700 Subject: [PATCH 2533/2538] Document the swarm root CA rotation CLI command. Signed-off-by: Ying Li --- docs/reference/commandline/swarm.md | 1 + docs/reference/commandline/swarm_ca.md | 122 ++++++++++++++++++ docs/reference/commandline/swarm_init.md | 1 + docs/reference/commandline/swarm_join.md | 1 + .../reference/commandline/swarm_join_token.md | 1 + docs/reference/commandline/swarm_leave.md | 1 + docs/reference/commandline/swarm_unlock.md | 1 + .../reference/commandline/swarm_unlock_key.md | 1 + docs/reference/commandline/swarm_update.md | 1 + 9 files changed, 130 insertions(+) create mode 100644 docs/reference/commandline/swarm_ca.md diff --git a/docs/reference/commandline/swarm.md b/docs/reference/commandline/swarm.md index 395db69056..e8a8224f84 100644 --- a/docs/reference/commandline/swarm.md +++ b/docs/reference/commandline/swarm.md @@ -24,6 +24,7 @@ Options: --help Print usage Commands: + ca Manage root CA init Initialize a swarm join Join a swarm as a node and/or manager join-token Manage join tokens diff --git a/docs/reference/commandline/swarm_ca.md b/docs/reference/commandline/swarm_ca.md new file mode 100644 index 0000000000..4a9010c896 --- /dev/null +++ b/docs/reference/commandline/swarm_ca.md @@ -0,0 +1,122 @@ +--- +title: "swarm ca" +description: "The swarm ca command description and usage" +keywords: "swarm, ca" +--- + + + +# swarm ca + +```markdown +Usage: docker swarm ca [OPTIONS] + +Manage root CA + +Options: + --ca-cert pem-file Path to the PEM-formatted root CA certificate to use for the new cluster + --ca-key pem-file Path to the PEM-formatted root CA key to use for the new cluster + --cert-expiry duration Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s) + -d, --detach Exit immediately instead of waiting for the root rotation to converge + --external-ca external-ca Specifications of one or more certificate signing endpoints + --help Print usage + -q, --quiet Suppress progress output + --rotate Rotate the swarm CA - if no certificate or key are provided, new ones will be generated +``` + +## Description + +View or rotate the current swarm CA certificate. This command must target a manager node. + +## Examples + +Run the `docker swarm ca` command without any options to view the current root CA certificate +in PEM format. + +```bash +$ docker swarm ca +-----BEGIN CERTIFICATE----- +MIIBazCCARCgAwIBAgIUJPzo67QC7g8Ebg2ansjkZ8CbmaswCgYIKoZIzj0EAwIw +EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAzMTcxMDAwWhcNMzcwNDI4MTcx +MDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABKL6/C0sihYEb935wVPRA8MqzPLn3jzou0OJRXHsCLcVExigrMdgmLCC+Va4 ++sJ+SLVO1eQbvLHH8uuDdF/QOU6jQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBSfUy5bjUnBAx/B0GkOBKp91XvxzjAKBggqhkjO +PQQDAgNJADBGAiEAnbvh0puOS5R/qvy1PMHY1iksYKh2acsGLtL/jAIvO4ACIQCi +lIwQqLkJ48SQqCjG1DBTSBsHmMSRT+6mE2My+Z3GKA== +-----END CERTIFICATE----- +``` + +Pass the `--rotate` flag (and optionally a `--ca-cert`, along with a `--ca-key` or +`--external-ca` parameter flag), in order to rotate the current swarm root CA. + +``` +$ docker swarm ca --rotate +desired root digest: sha256:05da740cf2577a25224c53019e2cce99bcc5ba09664ad6bb2a9425d9ebd1b53e + rotated TLS certificates: [=========================> ] 1/2 nodes + rotated CA certificates: [> ] 0/2 nodes +``` + +Once the rotation os finished (all the progress bars have completed) the now-current +CA certificate will be printed: + +``` +$ docker swarm ca --rotate +desired root digest: sha256:05da740cf2577a25224c53019e2cce99bcc5ba09664ad6bb2a9425d9ebd1b53e + rotated TLS certificates: [==================================================>] 2/2 nodes + rotated CA certificates: [==================================================>] 2/2 nodes +-----BEGIN CERTIFICATE----- +MIIBazCCARCgAwIBAgIUFynG04h5Rrl4lKyA4/E65tYKg8IwCgYIKoZIzj0EAwIw +EzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTE2MDAxMDAwWhcNMzcwNTExMDAx +MDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABC2DuNrIETP7C7lfiEPk39tWaaU0I2RumUP4fX4+3m+87j0DU0CsemUaaOG6 ++PxHhGu2VXQ4c9pctPHgf7vWeVajQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBSEL02z6mCI3SmMDmITMr12qCRY2jAKBggqhkjO +PQQDAgNJADBGAiEA263Eb52+825EeNQZM0AME+aoH1319Zp9/J5ijILW+6ACIQCg +gyg5u9Iliel99l7SuMhNeLkrU7fXs+Of1nTyyM73ig== +-----END CERTIFICATE----- +``` + +### `--rotate` + +Root CA Rotation is recommended if one or more of the swarm managers have been +compromised, so that those managers can no longer connect to or be trusted by +any other node in the cluster. + +Alternately, root CA rotation can be used to give control of the swarm CA +to an external CA, or to take control back from an external CA. + +The `--rotate` flag does not require any parameters to do a rotation, but you can +optionally specify a certificate and key, or a certificate and external CA URL, +and those will be used instead of an automatically-generated certificate/key pair. + +Because the root CA key should be kept secret, if provided it will not be visible +when viewing swarm any information via the CLI or API. + +The root CA rotation will not be completed until all registered nodes have +rotated their TLS certificates. If the rotation is not completing within a +reasonable amount of time, try running +`docker node ls --format {{.ID}} {{.Hostname}} {{.Status}} {{.TLSStatus}}` to +see if any nodes are down or otherwise unable to rotate TLS certificates. + + +### `--detach` + +Initiate the root CA rotation, but do not wait for the completion of or display the +progress of the rotation. + +## Related commands + +* [swarm init](swarm_init.md) +* [swarm join](swarm_join.md) +* [swarm join-token](swarm_join_token.md) +* [swarm leave](swarm_leave.md) +* [swarm unlock](swarm_unlock.md) +* [swarm unlock-key](swarm_unlock_key.md) diff --git a/docs/reference/commandline/swarm_init.md b/docs/reference/commandline/swarm_init.md index 0daace038f..f011758a3a 100644 --- a/docs/reference/commandline/swarm_init.md +++ b/docs/reference/commandline/swarm_init.md @@ -159,6 +159,7 @@ by passing `--availability=drain` to `docker swarm init`. ## Related commands +* [swarm ca](swarm_ca.md) * [swarm join](swarm_join.md) * [swarm join-token](swarm_join_token.md) * [swarm leave](swarm_leave.md) diff --git a/docs/reference/commandline/swarm_join.md b/docs/reference/commandline/swarm_join.md index 346fb3532e..8d2dfe6d00 100644 --- a/docs/reference/commandline/swarm_join.md +++ b/docs/reference/commandline/swarm_join.md @@ -121,6 +121,7 @@ by passing `--availability=drain` to `docker swarm join`. ## Related commands +* [swarm ca](swarm_ca.md) * [swarm init](swarm_init.md) * [swarm join-token](swarm_join_token.md) * [swarm leave](swarm_leave.md) diff --git a/docs/reference/commandline/swarm_join_token.md b/docs/reference/commandline/swarm_join_token.md index 4638a92fd4..44d9cf3ec7 100644 --- a/docs/reference/commandline/swarm_join_token.md +++ b/docs/reference/commandline/swarm_join_token.md @@ -106,6 +106,7 @@ Only print the token. Do not print a complete command for joining. ## Related commands +* [swarm ca](swarm_ca.md) * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) * [swarm leave](swarm_leave.md) diff --git a/docs/reference/commandline/swarm_leave.md b/docs/reference/commandline/swarm_leave.md index c5da595d95..1c898ea9a5 100644 --- a/docs/reference/commandline/swarm_leave.md +++ b/docs/reference/commandline/swarm_leave.md @@ -62,6 +62,7 @@ command. ## Related commands +* [swarm ca](swarm_ca.md) * [node rm](node_rm.md) * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) diff --git a/docs/reference/commandline/swarm_unlock.md b/docs/reference/commandline/swarm_unlock.md index b507008c1a..d2f5fc4954 100644 --- a/docs/reference/commandline/swarm_unlock.md +++ b/docs/reference/commandline/swarm_unlock.md @@ -40,6 +40,7 @@ Please enter unlock key: ## Related commands +* [swarm ca](swarm_ca.md) * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) * [swarm join-token](swarm_join_token.md) diff --git a/docs/reference/commandline/swarm_unlock_key.md b/docs/reference/commandline/swarm_unlock_key.md index 42faae83aa..c0efd04922 100644 --- a/docs/reference/commandline/swarm_unlock_key.md +++ b/docs/reference/commandline/swarm_unlock_key.md @@ -83,6 +83,7 @@ Only print the unlock key, without instructions. ## Related commands +* [swarm ca](swarm_ca.md) * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) * [swarm join-token](swarm_join_token.md) diff --git a/docs/reference/commandline/swarm_update.md b/docs/reference/commandline/swarm_update.md index 981eeba194..544ef381c0 100644 --- a/docs/reference/commandline/swarm_update.md +++ b/docs/reference/commandline/swarm_update.md @@ -43,6 +43,7 @@ $ docker swarm update --cert-expiry 720h ## Related commands +* [swarm ca](swarm_ca.md) * [swarm init](swarm_init.md) * [swarm join](swarm_join.md) * [swarm join-token](swarm_join_token.md) From a49573e5fb7936975e4f4e6f074ab9495ac6dd33 Mon Sep 17 00:00:00 2001 From: Josh Hawn Date: Thu, 30 Mar 2017 20:01:41 -0700 Subject: [PATCH 2534/2538] Update ContainerWait API This patch adds the untilRemoved option to the ContainerWait API which allows the client to wait until the container is not only exited but also removed. This patch also adds some more CLI integration tests for waiting for a created container and waiting with the new --until-removed flag. Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Handle detach sequence in CLI Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Update Container Wait Conditions Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Apply container wait changes to API 1.30 The set of changes to the containerWait API missed the cut for the Docker 17.05 release (API version 1.29). This patch bumps the version checks to use 1.30 instead. This patch also makes a minor update to a testfile which was added to the builder/dockerfile package. Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Remove wait changes from CLI Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Address minor nits on wait changes - Changed the name of the tty Proxy wrapper to `escapeProxy` - Removed the unnecessary Error() method on container.State - Fixes a typo in comment (repeated word) Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Use router.WithCancel in the containerWait handler This handler previously added this functionality manually but now uses the existing wrapper which does it for us. Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Add WaitCondition constants to api/types/container Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Address more ContainerWait review comments - Update ContainerWait backend interface to not return pointer values for container.StateStatus type. - Updated container state's Wait() method comments to clarify that a context MUST be used for cancelling the request, setting timeouts, and to avoid goroutine leaks. - Removed unnecessary buffering when making channels in the client's ContainerWait methods. - Renamed result and error channels in client's ContainerWait methods to clarify that only a single result or error value would be sent on the channel. Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Move container.WaitCondition type to separate file ... to avoid conflict with swagger-generated code for API response Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) Address more ContainerWait review comments Docker-DCO-1.1-Signed-off-by: Josh Hawn (github: jlhawn) --- docs/reference/commandline/wait.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/wait.md b/docs/reference/commandline/wait.md index ee8f9ab243..a4a65415de 100644 --- a/docs/reference/commandline/wait.md +++ b/docs/reference/commandline/wait.md @@ -21,7 +21,7 @@ Usage: docker wait CONTAINER [CONTAINER...] Block until one or more containers stop, then print their exit codes Options: - --help Print usage + --help Print usage ``` > **Note**: `docker wait` returns `0` when run against a container which had From cccd6379b7f97feb09e84aa77b2c1c30d023e277 Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Wed, 17 May 2017 12:19:12 -0700 Subject: [PATCH 2535/2538] Docs and manual changes - for service create on node-local networks Signed-off-by: Alessandro Boch --- docs/reference/commandline/network_create.md | 3 ++ man/src/network/create.md | 41 ++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/docs/reference/commandline/network_create.md b/docs/reference/commandline/network_create.md index 4b95c5e50b..099cc1439a 100644 --- a/docs/reference/commandline/network_create.md +++ b/docs/reference/commandline/network_create.md @@ -37,6 +37,9 @@ Options: -o, --opt value Set driver specific options (default map[]) --subnet value Subnet in CIDR format that represents a network segment (default []) + --scope value Promote a network to swarm scope (value = [ local | swarm ]) + --config-only Creates a configuration only network + --config-from The name of the network from which copying the configuration ``` ## Description diff --git a/man/src/network/create.md b/man/src/network/create.md index efbf0d5d46..6915cdd354 100644 --- a/man/src/network/create.md +++ b/man/src/network/create.md @@ -134,3 +134,44 @@ $ docker network create -d overlay \ --opt encrypted=true \ my-ingress-network ``` + +### Run services on predefined networks + +You can create services on the predefined docker networks `bridge` and `host`. + +```bash +$ docker service create --name my-service \ + --network host \ + --replicas 2 \ + busybox top +``` + +### Swarm networks with local scope drivers + +You can create a swarm network with local scope network drivers. You do so +by promoting the network scope to `swarm` during the creation of the network. +You will then be able to use this network when creating services. + +```bash +$ docker network create -d bridge \ + --scope swarm \ + --attachable \ + swarm-network +``` + +For network drivers which provide connectivity across hosts (ex. macvlan), if +node specific configurations are needed in order to plumb the network on each +host, you will supply that configuration via a configuration only network. +When you create the swarm scoped network, you will then specify the name of the +network which contains the configuration. + + +```bash +node1$ docker network create --config-only --subnet 192.168.100.0/24 --gateway 192.168.100.115 mv-config +node2$ docker network create --config-only --subnet 192.168.200.0/24 --gateway 192.168.200.202 mv-config +node1$ docker network create -d macvlan --scope swarm --config-from mv-config --attachable swarm-network +``` + + + + From d2cb97e76d581f4a9c2fa9df9649a7d59d9474e3 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Fri, 2 Jun 2017 00:25:19 +0000 Subject: [PATCH 2536/2538] Revert docs/yaml removal This reverts commit 3e911ff82583e49c22def56488ddcf448adb183b. --- docs/yaml/Dockerfile | 4 + docs/yaml/generate.go | 86 +++++++++++++++++ docs/yaml/yaml.go | 212 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 302 insertions(+) create mode 100644 docs/yaml/Dockerfile create mode 100644 docs/yaml/generate.go create mode 100644 docs/yaml/yaml.go diff --git a/docs/yaml/Dockerfile b/docs/yaml/Dockerfile new file mode 100644 index 0000000000..059b97a917 --- /dev/null +++ b/docs/yaml/Dockerfile @@ -0,0 +1,4 @@ +FROM scratch +COPY docs /docs +# CMD cannot be nil so we set it to empty string +CMD [""] diff --git a/docs/yaml/generate.go b/docs/yaml/generate.go new file mode 100644 index 0000000000..ea5c00ea11 --- /dev/null +++ b/docs/yaml/generate.go @@ -0,0 +1,86 @@ +package main + +import ( + "fmt" + "io/ioutil" + "log" + "os" + "path/filepath" + "strings" + + "github.com/docker/docker/cli/command" + "github.com/docker/docker/cli/command/commands" + "github.com/docker/docker/pkg/term" + "github.com/spf13/cobra" + "github.com/spf13/pflag" +) + +const descriptionSourcePath = "docs/reference/commandline/" + +func generateCliYaml(opts *options) error { + stdin, stdout, stderr := term.StdStreams() + dockerCli := command.NewDockerCli(stdin, stdout, stderr) + cmd := &cobra.Command{Use: "docker"} + commands.AddCommands(cmd, dockerCli) + source := filepath.Join(opts.source, descriptionSourcePath) + if err := loadLongDescription(cmd, source); err != nil { + return err + } + + cmd.DisableAutoGenTag = true + return GenYamlTree(cmd, opts.target) +} + +func loadLongDescription(cmd *cobra.Command, path ...string) error { + for _, cmd := range cmd.Commands() { + if cmd.Name() == "" { + continue + } + fullpath := filepath.Join(path[0], strings.Join(append(path[1:], cmd.Name()), "_")+".md") + + if cmd.HasSubCommands() { + loadLongDescription(cmd, path[0], cmd.Name()) + } + + if _, err := os.Stat(fullpath); err != nil { + log.Printf("WARN: %s does not exist, skipping\n", fullpath) + continue + } + + content, err := ioutil.ReadFile(fullpath) + if err != nil { + return err + } + description, examples := parseMDContent(string(content)) + cmd.Long = description + cmd.Example = examples + } + return nil +} + +type options struct { + source string + target string +} + +func parseArgs() (*options, error) { + opts := &options{} + cwd, _ := os.Getwd() + flags := pflag.NewFlagSet(os.Args[0], pflag.ContinueOnError) + flags.StringVar(&opts.source, "root", cwd, "Path to project root") + flags.StringVar(&opts.target, "target", "/tmp", "Target path for generated yaml files") + err := flags.Parse(os.Args[1:]) + return opts, err +} + +func main() { + opts, err := parseArgs() + if err != nil { + fmt.Fprintln(os.Stderr, err.Error()) + } + fmt.Printf("Project root: %s\n", opts.source) + fmt.Printf("Generating yaml files into %s\n", opts.target) + if err := generateCliYaml(opts); err != nil { + fmt.Fprintf(os.Stderr, "Failed to generate yaml files: %s\n", err.Error()) + } +} diff --git a/docs/yaml/yaml.go b/docs/yaml/yaml.go new file mode 100644 index 0000000000..575f9bec5c --- /dev/null +++ b/docs/yaml/yaml.go @@ -0,0 +1,212 @@ +package main + +import ( + "fmt" + "io" + "os" + "path/filepath" + "sort" + "strings" + + "github.com/spf13/cobra" + "github.com/spf13/pflag" + "gopkg.in/yaml.v2" +) + +type cmdOption struct { + Option string + Shorthand string `yaml:",omitempty"` + DefaultValue string `yaml:"default_value,omitempty"` + Description string `yaml:",omitempty"` +} + +type cmdDoc struct { + Name string `yaml:"command"` + SeeAlso []string `yaml:"parent,omitempty"` + Version string `yaml:"engine_version,omitempty"` + Aliases string `yaml:",omitempty"` + Short string `yaml:",omitempty"` + Long string `yaml:",omitempty"` + Usage string `yaml:",omitempty"` + Pname string `yaml:",omitempty"` + Plink string `yaml:",omitempty"` + Cname []string `yaml:",omitempty"` + Clink []string `yaml:",omitempty"` + Options []cmdOption `yaml:",omitempty"` + InheritedOptions []cmdOption `yaml:"inherited_options,omitempty"` + Example string `yaml:"examples,omitempty"` +} + +// GenYamlTree creates yaml structured ref files +func GenYamlTree(cmd *cobra.Command, dir string) error { + identity := func(s string) string { return s } + emptyStr := func(s string) string { return "" } + return GenYamlTreeCustom(cmd, dir, emptyStr, identity) +} + +// GenYamlTreeCustom creates yaml structured ref files +func GenYamlTreeCustom(cmd *cobra.Command, dir string, filePrepender, linkHandler func(string) string) error { + for _, c := range cmd.Commands() { + if !c.IsAvailableCommand() || c.IsHelpCommand() { + continue + } + if err := GenYamlTreeCustom(c, dir, filePrepender, linkHandler); err != nil { + return err + } + } + + basename := strings.Replace(cmd.CommandPath(), " ", "_", -1) + ".yaml" + filename := filepath.Join(dir, basename) + f, err := os.Create(filename) + if err != nil { + return err + } + defer f.Close() + + if _, err := io.WriteString(f, filePrepender(filename)); err != nil { + return err + } + if err := GenYamlCustom(cmd, f, linkHandler); err != nil { + return err + } + return nil +} + +// GenYamlCustom creates custom yaml output +func GenYamlCustom(cmd *cobra.Command, w io.Writer, linkHandler func(string) string) error { + cliDoc := cmdDoc{} + cliDoc.Name = cmd.CommandPath() + + // Check experimental: ok := cmd.Tags["experimental"] + + cliDoc.Aliases = strings.Join(cmd.Aliases, ", ") + cliDoc.Short = cmd.Short + cliDoc.Long = cmd.Long + if len(cliDoc.Long) == 0 { + cliDoc.Long = cliDoc.Short + } + + if cmd.Runnable() { + cliDoc.Usage = cmd.UseLine() + } + + if len(cmd.Example) > 0 { + cliDoc.Example = cmd.Example + } + + flags := cmd.NonInheritedFlags() + if flags.HasFlags() { + cliDoc.Options = genFlagResult(flags) + } + flags = cmd.InheritedFlags() + if flags.HasFlags() { + cliDoc.InheritedOptions = genFlagResult(flags) + } + + if hasSeeAlso(cmd) { + if cmd.HasParent() { + parent := cmd.Parent() + cliDoc.Pname = parent.CommandPath() + link := cliDoc.Pname + ".yaml" + cliDoc.Plink = strings.Replace(link, " ", "_", -1) + cmd.VisitParents(func(c *cobra.Command) { + if c.DisableAutoGenTag { + cmd.DisableAutoGenTag = c.DisableAutoGenTag + } + }) + } + + children := cmd.Commands() + sort.Sort(byName(children)) + + for _, child := range children { + if !child.IsAvailableCommand() || child.IsHelpCommand() { + continue + } + currentChild := cliDoc.Name + " " + child.Name() + cliDoc.Cname = append(cliDoc.Cname, cliDoc.Name+" "+child.Name()) + link := currentChild + ".yaml" + cliDoc.Clink = append(cliDoc.Clink, strings.Replace(link, " ", "_", -1)) + } + } + + final, err := yaml.Marshal(&cliDoc) + if err != nil { + fmt.Println(err) + os.Exit(1) + } + if _, err := fmt.Fprintln(w, string(final)); err != nil { + return err + } + return nil +} + +func genFlagResult(flags *pflag.FlagSet) []cmdOption { + var result []cmdOption + + flags.VisitAll(func(flag *pflag.Flag) { + // Todo, when we mark a shorthand is deprecated, but specify an empty message. + // The flag.ShorthandDeprecated is empty as the shorthand is deprecated. + // Using len(flag.ShorthandDeprecated) > 0 can't handle this, others are ok. + if !(len(flag.ShorthandDeprecated) > 0) && len(flag.Shorthand) > 0 { + opt := cmdOption{ + Option: flag.Name, + Shorthand: flag.Shorthand, + DefaultValue: flag.DefValue, + Description: forceMultiLine(flag.Usage), + } + result = append(result, opt) + } else { + opt := cmdOption{ + Option: flag.Name, + DefaultValue: forceMultiLine(flag.DefValue), + Description: forceMultiLine(flag.Usage), + } + result = append(result, opt) + } + }) + + return result +} + +// Temporary workaround for yaml lib generating incorrect yaml with long strings +// that do not contain \n. +func forceMultiLine(s string) string { + if len(s) > 60 && !strings.Contains(s, "\n") { + s = s + "\n" + } + return s +} + +// Small duplication for cobra utils +func hasSeeAlso(cmd *cobra.Command) bool { + if cmd.HasParent() { + return true + } + for _, c := range cmd.Commands() { + if !c.IsAvailableCommand() || c.IsHelpCommand() { + continue + } + return true + } + return false +} + +func parseMDContent(mdString string) (description string, examples string) { + parsedContent := strings.Split(mdString, "\n## ") + for _, s := range parsedContent { + if strings.Index(s, "Description") == 0 { + description = strings.Trim(s, "Description\n") + } + if strings.Index(s, "Examples") == 0 { + examples = strings.Trim(s, "Examples\n") + } + } + return +} + +type byName []*cobra.Command + +func (s byName) Len() int { return len(s) } +func (s byName) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s byName) Less(i, j int) bool { return s[i].Name() < s[j].Name() } From 875daf0130e01528f5e681b5f68dcfe8bb7e2681 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Fri, 2 Jun 2017 10:54:54 -0400 Subject: [PATCH 2537/2538] Add missing dependencies to vendor, and fix generation imports Signed-off-by: Daniel Nephin --- docs/yaml/generate.go | 4 +- man/generate.go | 4 +- vendor.conf | 3 + .../github.com/cpuguy83/go-md2man/LICENSE.md | 21 + .../github.com/cpuguy83/go-md2man/README.md | 18 + .../cpuguy83/go-md2man/md2man/md2man.go | 19 + .../cpuguy83/go-md2man/md2man/roff.go | 282 ++++ .../russross/blackfriday/LICENSE.txt | 29 + .../github.com/russross/blackfriday/README.md | 267 ++++ .../github.com/russross/blackfriday/block.go | 1420 +++++++++++++++++ .../github.com/russross/blackfriday/html.go | 949 +++++++++++ .../github.com/russross/blackfriday/inline.go | 1148 +++++++++++++ .../github.com/russross/blackfriday/latex.go | 332 ++++ .../russross/blackfriday/markdown.go | 926 +++++++++++ .../russross/blackfriday/smartypants.go | 400 +++++ .../shurcooL/sanitized_anchor_name/LICENSE | 19 + .../shurcooL/sanitized_anchor_name/README.md | 31 + .../shurcooL/sanitized_anchor_name/main.go | 29 + vendor/github.com/spf13/cobra/doc/man_docs.go | 231 +++ vendor/github.com/spf13/cobra/doc/md_docs.go | 175 ++ vendor/github.com/spf13/cobra/doc/util.go | 38 + 21 files changed, 6341 insertions(+), 4 deletions(-) create mode 100644 vendor/github.com/cpuguy83/go-md2man/LICENSE.md create mode 100644 vendor/github.com/cpuguy83/go-md2man/README.md create mode 100644 vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go create mode 100644 vendor/github.com/cpuguy83/go-md2man/md2man/roff.go create mode 100644 vendor/github.com/russross/blackfriday/LICENSE.txt create mode 100644 vendor/github.com/russross/blackfriday/README.md create mode 100644 vendor/github.com/russross/blackfriday/block.go create mode 100644 vendor/github.com/russross/blackfriday/html.go create mode 100644 vendor/github.com/russross/blackfriday/inline.go create mode 100644 vendor/github.com/russross/blackfriday/latex.go create mode 100644 vendor/github.com/russross/blackfriday/markdown.go create mode 100644 vendor/github.com/russross/blackfriday/smartypants.go create mode 100644 vendor/github.com/shurcooL/sanitized_anchor_name/LICENSE create mode 100644 vendor/github.com/shurcooL/sanitized_anchor_name/README.md create mode 100644 vendor/github.com/shurcooL/sanitized_anchor_name/main.go create mode 100644 vendor/github.com/spf13/cobra/doc/man_docs.go create mode 100644 vendor/github.com/spf13/cobra/doc/md_docs.go create mode 100644 vendor/github.com/spf13/cobra/doc/util.go diff --git a/docs/yaml/generate.go b/docs/yaml/generate.go index ea5c00ea11..fd227eb6e9 100644 --- a/docs/yaml/generate.go +++ b/docs/yaml/generate.go @@ -8,8 +8,8 @@ import ( "path/filepath" "strings" - "github.com/docker/docker/cli/command" - "github.com/docker/docker/cli/command/commands" + "github.com/docker/cli/cli/command" + "github.com/docker/cli/cli/command/commands" "github.com/docker/docker/pkg/term" "github.com/spf13/cobra" "github.com/spf13/pflag" diff --git a/man/generate.go b/man/generate.go index 964d692775..f6e28f861d 100644 --- a/man/generate.go +++ b/man/generate.go @@ -7,8 +7,8 @@ import ( "os" "path/filepath" - "github.com/docker/docker/cli/command" - "github.com/docker/docker/cli/command/commands" + "github.com/docker/cli/cli/command" + "github.com/docker/cli/cli/command/commands" "github.com/docker/docker/pkg/term" "github.com/spf13/cobra" "github.com/spf13/cobra/doc" diff --git a/vendor.conf b/vendor.conf index 0ca92b3228..83249b101e 100644 --- a/vendor.conf +++ b/vendor.conf @@ -4,6 +4,7 @@ github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github. github.com/Sirupsen/logrus v0.11.0 github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c github.com/coreos/etcd 824277cb3a577a0e8c829ca9ec557b973fe06d20 +github.com/cpuguy83/go-md2man a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76 github.com/docker/distribution b38e5838b7b2f2ad48e06ec4b500011976080621 github.com/docker/docker 45c6f4262a865a03adaac291a9ce33c0f2190d77 @@ -31,6 +32,8 @@ github.com/opencontainers/runc 9c2d8d184e5da67c95d601382adf14862e4f2228 https:// github.com/opencontainers/selinux ba1aefe8057f1d0cfb8e88d0ec1dc85925ef987d github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9 github.com/pmezard/go-difflib 792786c7400a136282c1664665ae0a8db921c6c2 +github.com/russross/blackfriday 1d6b8e9301e720b08a8938b8c25c018285885438 +github.com/shurcooL/sanitized_anchor_name 10ef21a441db47d8b13ebcc5fd2310f636973c77 github.com/spf13/cobra v1.5.1 https://github.com/dnephin/cobra.git github.com/spf13/pflag 9ff6c6923cfffbcd502984b8e0c80539a94968b7 github.com/stretchr/testify 4d4bfba8f1d1027c4fdbe371823030df51419987 diff --git a/vendor/github.com/cpuguy83/go-md2man/LICENSE.md b/vendor/github.com/cpuguy83/go-md2man/LICENSE.md new file mode 100644 index 0000000000..1cade6cef6 --- /dev/null +++ b/vendor/github.com/cpuguy83/go-md2man/LICENSE.md @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2014 Brian Goff + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/cpuguy83/go-md2man/README.md b/vendor/github.com/cpuguy83/go-md2man/README.md new file mode 100644 index 0000000000..b7aae65d25 --- /dev/null +++ b/vendor/github.com/cpuguy83/go-md2man/README.md @@ -0,0 +1,18 @@ +go-md2man +========= + +** Work in Progress ** +This still needs a lot of help to be complete, or even usable! + +Uses blackfriday to process markdown into man pages. + +### Usage + +./md2man -in /path/to/markdownfile.md -out /manfile/output/path + +### How to contribute + +We use [govend](https://github.com/govend/govend) for vendoring Go packages. + +How to update dependencies: `govend -v -u --prune` + diff --git a/vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go b/vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go new file mode 100644 index 0000000000..8f44fa1550 --- /dev/null +++ b/vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go @@ -0,0 +1,19 @@ +package md2man + +import ( + "github.com/russross/blackfriday" +) + +func Render(doc []byte) []byte { + renderer := RoffRenderer(0) + extensions := 0 + extensions |= blackfriday.EXTENSION_NO_INTRA_EMPHASIS + extensions |= blackfriday.EXTENSION_TABLES + extensions |= blackfriday.EXTENSION_FENCED_CODE + extensions |= blackfriday.EXTENSION_AUTOLINK + extensions |= blackfriday.EXTENSION_SPACE_HEADERS + extensions |= blackfriday.EXTENSION_FOOTNOTES + extensions |= blackfriday.EXTENSION_TITLEBLOCK + + return blackfriday.Markdown(doc, renderer, extensions) +} diff --git a/vendor/github.com/cpuguy83/go-md2man/md2man/roff.go b/vendor/github.com/cpuguy83/go-md2man/md2man/roff.go new file mode 100644 index 0000000000..b8cea1c73e --- /dev/null +++ b/vendor/github.com/cpuguy83/go-md2man/md2man/roff.go @@ -0,0 +1,282 @@ +package md2man + +import ( + "bytes" + "fmt" + "html" + "strings" + + "github.com/russross/blackfriday" +) + +type roffRenderer struct{} + +var listCounter int + +func RoffRenderer(flags int) blackfriday.Renderer { + return &roffRenderer{} +} + +func (r *roffRenderer) GetFlags() int { + return 0 +} + +func (r *roffRenderer) TitleBlock(out *bytes.Buffer, text []byte) { + out.WriteString(".TH ") + + splitText := bytes.Split(text, []byte("\n")) + for i, line := range splitText { + line = bytes.TrimPrefix(line, []byte("% ")) + if i == 0 { + line = bytes.Replace(line, []byte("("), []byte("\" \""), 1) + line = bytes.Replace(line, []byte(")"), []byte("\" \""), 1) + } + line = append([]byte("\""), line...) + line = append(line, []byte("\" ")...) + out.Write(line) + } + out.WriteString("\n") + + // disable hyphenation + out.WriteString(".nh\n") + // disable justification (adjust text to left margin only) + out.WriteString(".ad l\n") +} + +func (r *roffRenderer) BlockCode(out *bytes.Buffer, text []byte, lang string) { + out.WriteString("\n.PP\n.RS\n\n.nf\n") + escapeSpecialChars(out, text) + out.WriteString("\n.fi\n.RE\n") +} + +func (r *roffRenderer) BlockQuote(out *bytes.Buffer, text []byte) { + out.WriteString("\n.PP\n.RS\n") + out.Write(text) + out.WriteString("\n.RE\n") +} + +func (r *roffRenderer) BlockHtml(out *bytes.Buffer, text []byte) { + out.Write(text) +} + +func (r *roffRenderer) Header(out *bytes.Buffer, text func() bool, level int, id string) { + marker := out.Len() + + switch { + case marker == 0: + // This is the doc header + out.WriteString(".TH ") + case level == 1: + out.WriteString("\n\n.SH ") + case level == 2: + out.WriteString("\n.SH ") + default: + out.WriteString("\n.SS ") + } + + if !text() { + out.Truncate(marker) + return + } +} + +func (r *roffRenderer) HRule(out *bytes.Buffer) { + out.WriteString("\n.ti 0\n\\l'\\n(.lu'\n") +} + +func (r *roffRenderer) List(out *bytes.Buffer, text func() bool, flags int) { + marker := out.Len() + if flags&blackfriday.LIST_TYPE_ORDERED != 0 { + listCounter = 1 + } + if !text() { + out.Truncate(marker) + return + } +} + +func (r *roffRenderer) ListItem(out *bytes.Buffer, text []byte, flags int) { + if flags&blackfriday.LIST_TYPE_ORDERED != 0 { + out.WriteString(fmt.Sprintf(".IP \"%3d.\" 5\n", listCounter)) + listCounter += 1 + } else { + out.WriteString(".IP \\(bu 2\n") + } + out.Write(text) + out.WriteString("\n") +} + +func (r *roffRenderer) Paragraph(out *bytes.Buffer, text func() bool) { + marker := out.Len() + out.WriteString("\n.PP\n") + if !text() { + out.Truncate(marker) + return + } + if marker != 0 { + out.WriteString("\n") + } +} + +// TODO: This might now work +func (r *roffRenderer) Table(out *bytes.Buffer, header []byte, body []byte, columnData []int) { + out.WriteString(".TS\nallbox;\n") + + out.Write(header) + out.Write(body) + out.WriteString("\n.TE\n") +} + +func (r *roffRenderer) TableRow(out *bytes.Buffer, text []byte) { + if out.Len() > 0 { + out.WriteString("\n") + } + out.Write(text) + out.WriteString("\n") +} + +func (r *roffRenderer) TableHeaderCell(out *bytes.Buffer, text []byte, align int) { + if out.Len() > 0 { + out.WriteString(" ") + } + out.Write(text) + out.WriteString(" ") +} + +// TODO: This is probably broken +func (r *roffRenderer) TableCell(out *bytes.Buffer, text []byte, align int) { + if out.Len() > 0 { + out.WriteString("\t") + } + out.Write(text) + out.WriteString("\t") +} + +func (r *roffRenderer) Footnotes(out *bytes.Buffer, text func() bool) { + +} + +func (r *roffRenderer) FootnoteItem(out *bytes.Buffer, name, text []byte, flags int) { + +} + +func (r *roffRenderer) AutoLink(out *bytes.Buffer, link []byte, kind int) { + out.WriteString("\n\\[la]") + out.Write(link) + out.WriteString("\\[ra]") +} + +func (r *roffRenderer) CodeSpan(out *bytes.Buffer, text []byte) { + out.WriteString("\\fB\\fC") + escapeSpecialChars(out, text) + out.WriteString("\\fR") +} + +func (r *roffRenderer) DoubleEmphasis(out *bytes.Buffer, text []byte) { + out.WriteString("\\fB") + out.Write(text) + out.WriteString("\\fP") +} + +func (r *roffRenderer) Emphasis(out *bytes.Buffer, text []byte) { + out.WriteString("\\fI") + out.Write(text) + out.WriteString("\\fP") +} + +func (r *roffRenderer) Image(out *bytes.Buffer, link []byte, title []byte, alt []byte) { +} + +func (r *roffRenderer) LineBreak(out *bytes.Buffer) { + out.WriteString("\n.br\n") +} + +func (r *roffRenderer) Link(out *bytes.Buffer, link []byte, title []byte, content []byte) { + out.Write(content) + r.AutoLink(out, link, 0) +} + +func (r *roffRenderer) RawHtmlTag(out *bytes.Buffer, tag []byte) { + out.Write(tag) +} + +func (r *roffRenderer) TripleEmphasis(out *bytes.Buffer, text []byte) { + out.WriteString("\\s+2") + out.Write(text) + out.WriteString("\\s-2") +} + +func (r *roffRenderer) StrikeThrough(out *bytes.Buffer, text []byte) { +} + +func (r *roffRenderer) FootnoteRef(out *bytes.Buffer, ref []byte, id int) { + +} + +func (r *roffRenderer) Entity(out *bytes.Buffer, entity []byte) { + out.WriteString(html.UnescapeString(string(entity))) +} + +func processFooterText(text []byte) []byte { + text = bytes.TrimPrefix(text, []byte("% ")) + newText := []byte{} + textArr := strings.Split(string(text), ") ") + + for i, w := range textArr { + if i == 0 { + w = strings.Replace(w, "(", "\" \"", 1) + w = fmt.Sprintf("\"%s\"", w) + } else { + w = fmt.Sprintf(" \"%s\"", w) + } + newText = append(newText, []byte(w)...) + } + newText = append(newText, []byte(" \"\"")...) + + return newText +} + +func (r *roffRenderer) NormalText(out *bytes.Buffer, text []byte) { + escapeSpecialChars(out, text) +} + +func (r *roffRenderer) DocumentHeader(out *bytes.Buffer) { +} + +func (r *roffRenderer) DocumentFooter(out *bytes.Buffer) { +} + +func needsBackslash(c byte) bool { + for _, r := range []byte("-_&\\~") { + if c == r { + return true + } + } + return false +} + +func escapeSpecialChars(out *bytes.Buffer, text []byte) { + for i := 0; i < len(text); i++ { + // escape initial apostrophe or period + if len(text) >= 1 && (text[0] == '\'' || text[0] == '.') { + out.WriteString("\\&") + } + + // directly copy normal characters + org := i + + for i < len(text) && !needsBackslash(text[i]) { + i++ + } + if i > org { + out.Write(text[org:i]) + } + + // escape a character + if i >= len(text) { + break + } + out.WriteByte('\\') + out.WriteByte(text[i]) + } +} diff --git a/vendor/github.com/russross/blackfriday/LICENSE.txt b/vendor/github.com/russross/blackfriday/LICENSE.txt new file mode 100644 index 0000000000..2885af3602 --- /dev/null +++ b/vendor/github.com/russross/blackfriday/LICENSE.txt @@ -0,0 +1,29 @@ +Blackfriday is distributed under the Simplified BSD License: + +> Copyright © 2011 Russ Ross +> All rights reserved. +> +> Redistribution and use in source and binary forms, with or without +> modification, are permitted provided that the following conditions +> are met: +> +> 1. Redistributions of source code must retain the above copyright +> notice, this list of conditions and the following disclaimer. +> +> 2. Redistributions in binary form must reproduce the above +> copyright notice, this list of conditions and the following +> disclaimer in the documentation and/or other materials provided with +> the distribution. +> +> THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +> "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +> LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +> FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +> COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +> INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +> BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +> LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +> CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +> LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +> ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +> POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/russross/blackfriday/README.md b/vendor/github.com/russross/blackfriday/README.md new file mode 100644 index 0000000000..1879ce71b0 --- /dev/null +++ b/vendor/github.com/russross/blackfriday/README.md @@ -0,0 +1,267 @@ +Blackfriday [![Build Status](https://travis-ci.org/russross/blackfriday.svg?branch=master)](https://travis-ci.org/russross/blackfriday) [![GoDoc](https://godoc.org/github.com/russross/blackfriday?status.svg)](https://godoc.org/github.com/russross/blackfriday) +=========== + +Blackfriday is a [Markdown][1] processor implemented in [Go][2]. It +is paranoid about its input (so you can safely feed it user-supplied +data), it is fast, it supports common extensions (tables, smart +punctuation substitutions, etc.), and it is safe for all utf-8 +(unicode) input. + +HTML output is currently supported, along with Smartypants +extensions. An experimental LaTeX output engine is also included. + +It started as a translation from C of [Sundown][3]. + + +Installation +------------ + +Blackfriday is compatible with Go 1. If you are using an older +release of Go, consider using v1.1 of blackfriday, which was based +on the last stable release of Go prior to Go 1. You can find it as a +tagged commit on github. + +With Go 1 and git installed: + + go get github.com/russross/blackfriday + +will download, compile, and install the package into your `$GOPATH` +directory hierarchy. Alternatively, you can achieve the same if you +import it into a project: + + import "github.com/russross/blackfriday" + +and `go get` without parameters. + +Usage +----- + +For basic usage, it is as simple as getting your input into a byte +slice and calling: + + output := blackfriday.MarkdownBasic(input) + +This renders it with no extensions enabled. To get a more useful +feature set, use this instead: + + output := blackfriday.MarkdownCommon(input) + +### Sanitize untrusted content + +Blackfriday itself does nothing to protect against malicious content. If you are +dealing with user-supplied markdown, we recommend running blackfriday's output +through HTML sanitizer such as +[Bluemonday](https://github.com/microcosm-cc/bluemonday). + +Here's an example of simple usage of blackfriday together with bluemonday: + +``` go +import ( + "github.com/microcosm-cc/bluemonday" + "github.com/russross/blackfriday" +) + +// ... +unsafe := blackfriday.MarkdownCommon(input) +html := bluemonday.UGCPolicy().SanitizeBytes(unsafe) +``` + +### Custom options + +If you want to customize the set of options, first get a renderer +(currently either the HTML or LaTeX output engines), then use it to +call the more general `Markdown` function. For examples, see the +implementations of `MarkdownBasic` and `MarkdownCommon` in +`markdown.go`. + +You can also check out `blackfriday-tool` for a more complete example +of how to use it. Download and install it using: + + go get github.com/russross/blackfriday-tool + +This is a simple command-line tool that allows you to process a +markdown file using a standalone program. You can also browse the +source directly on github if you are just looking for some example +code: + +* + +Note that if you have not already done so, installing +`blackfriday-tool` will be sufficient to download and install +blackfriday in addition to the tool itself. The tool binary will be +installed in `$GOPATH/bin`. This is a statically-linked binary that +can be copied to wherever you need it without worrying about +dependencies and library versions. + + +Features +-------- + +All features of Sundown are supported, including: + +* **Compatibility**. The Markdown v1.0.3 test suite passes with + the `--tidy` option. Without `--tidy`, the differences are + mostly in whitespace and entity escaping, where blackfriday is + more consistent and cleaner. + +* **Common extensions**, including table support, fenced code + blocks, autolinks, strikethroughs, non-strict emphasis, etc. + +* **Safety**. Blackfriday is paranoid when parsing, making it safe + to feed untrusted user input without fear of bad things + happening. The test suite stress tests this and there are no + known inputs that make it crash. If you find one, please let me + know and send me the input that does it. + + NOTE: "safety" in this context means *runtime safety only*. In order to + protect yourself against JavaScript injection in untrusted content, see + [this example](https://github.com/russross/blackfriday#sanitize-untrusted-content). + +* **Fast processing**. It is fast enough to render on-demand in + most web applications without having to cache the output. + +* **Thread safety**. You can run multiple parsers in different + goroutines without ill effect. There is no dependence on global + shared state. + +* **Minimal dependencies**. Blackfriday only depends on standard + library packages in Go. The source code is pretty + self-contained, so it is easy to add to any project, including + Google App Engine projects. + +* **Standards compliant**. Output successfully validates using the + W3C validation tool for HTML 4.01 and XHTML 1.0 Transitional. + + +Extensions +---------- + +In addition to the standard markdown syntax, this package +implements the following extensions: + +* **Intra-word emphasis supression**. The `_` character is + commonly used inside words when discussing code, so having + markdown interpret it as an emphasis command is usually the + wrong thing. Blackfriday lets you treat all emphasis markers as + normal characters when they occur inside a word. + +* **Tables**. Tables can be created by drawing them in the input + using a simple syntax: + + ``` + Name | Age + --------|------ + Bob | 27 + Alice | 23 + ``` + +* **Fenced code blocks**. In addition to the normal 4-space + indentation to mark code blocks, you can explicitly mark them + and supply a language (to make syntax highlighting simple). Just + mark it like this: + + ``` go + func getTrue() bool { + return true + } + ``` + + You can use 3 or more backticks to mark the beginning of the + block, and the same number to mark the end of the block. + +* **Definition lists**. A simple definition list is made of a single-line + term followed by a colon and the definition for that term. + + Cat + : Fluffy animal everyone likes + + Internet + : Vector of transmission for pictures of cats + + Terms must be separated from the previous definition by a blank line. + +* **Footnotes**. A marker in the text that will become a superscript number; + a footnote definition that will be placed in a list of footnotes at the + end of the document. A footnote looks like this: + + This is a footnote.[^1] + + [^1]: the footnote text. + +* **Autolinking**. Blackfriday can find URLs that have not been + explicitly marked as links and turn them into links. + +* **Strikethrough**. Use two tildes (`~~`) to mark text that + should be crossed out. + +* **Hard line breaks**. With this extension enabled (it is off by + default in the `MarkdownBasic` and `MarkdownCommon` convenience + functions), newlines in the input translate into line breaks in + the output. + +* **Smart quotes**. Smartypants-style punctuation substitution is + supported, turning normal double- and single-quote marks into + curly quotes, etc. + +* **LaTeX-style dash parsing** is an additional option, where `--` + is translated into `–`, and `---` is translated into + `—`. This differs from most smartypants processors, which + turn a single hyphen into an ndash and a double hyphen into an + mdash. + +* **Smart fractions**, where anything that looks like a fraction + is translated into suitable HTML (instead of just a few special + cases like most smartypant processors). For example, `4/5` + becomes `45`, which renders as + 45. + + +Other renderers +--------------- + +Blackfriday is structured to allow alternative rendering engines. Here +are a few of note: + +* [github_flavored_markdown](https://godoc.org/github.com/shurcooL/github_flavored_markdown): + provides a GitHub Flavored Markdown renderer with fenced code block + highlighting, clickable header anchor links. + + It's not customizable, and its goal is to produce HTML output + equivalent to the [GitHub Markdown API endpoint](https://developer.github.com/v3/markdown/#render-a-markdown-document-in-raw-mode), + except the rendering is performed locally. + +* [markdownfmt](https://github.com/shurcooL/markdownfmt): like gofmt, + but for markdown. + +* LaTeX output: renders output as LaTeX. This is currently part of the + main Blackfriday repository, but may be split into its own project + in the future. If you are interested in owning and maintaining the + LaTeX output component, please be in touch. + + It renders some basic documents, but is only experimental at this + point. In particular, it does not do any inline escaping, so input + that happens to look like LaTeX code will be passed through without + modification. + +* [Md2Vim](https://github.com/FooSoft/md2vim): transforms markdown files into vimdoc format. + + +Todo +---- + +* More unit testing +* Improve unicode support. It does not understand all unicode + rules (about what constitutes a letter, a punctuation symbol, + etc.), so it may fail to detect word boundaries correctly in + some instances. It is safe on all utf-8 input. + + +License +------- + +[Blackfriday is distributed under the Simplified BSD License](LICENSE.txt) + + + [1]: http://daringfireball.net/projects/markdown/ "Markdown" + [2]: http://golang.org/ "Go Language" + [3]: https://github.com/vmg/sundown "Sundown" diff --git a/vendor/github.com/russross/blackfriday/block.go b/vendor/github.com/russross/blackfriday/block.go new file mode 100644 index 0000000000..3f4af787e3 --- /dev/null +++ b/vendor/github.com/russross/blackfriday/block.go @@ -0,0 +1,1420 @@ +// +// Blackfriday Markdown Processor +// Available at http://github.com/russross/blackfriday +// +// Copyright © 2011 Russ Ross . +// Distributed under the Simplified BSD License. +// See README.md for details. +// + +// +// Functions to parse block-level elements. +// + +package blackfriday + +import ( + "bytes" + + "github.com/shurcooL/sanitized_anchor_name" +) + +// Parse block-level data. +// Note: this function and many that it calls assume that +// the input buffer ends with a newline. +func (p *parser) block(out *bytes.Buffer, data []byte) { + if len(data) == 0 || data[len(data)-1] != '\n' { + panic("block input is missing terminating newline") + } + + // this is called recursively: enforce a maximum depth + if p.nesting >= p.maxNesting { + return + } + p.nesting++ + + // parse out one block-level construct at a time + for len(data) > 0 { + // prefixed header: + // + // # Header 1 + // ## Header 2 + // ... + // ###### Header 6 + if p.isPrefixHeader(data) { + data = data[p.prefixHeader(out, data):] + continue + } + + // block of preformatted HTML: + // + //
+ // ... + //
+ if data[0] == '<' { + if i := p.html(out, data, true); i > 0 { + data = data[i:] + continue + } + } + + // title block + // + // % stuff + // % more stuff + // % even more stuff + if p.flags&EXTENSION_TITLEBLOCK != 0 { + if data[0] == '%' { + if i := p.titleBlock(out, data, true); i > 0 { + data = data[i:] + continue + } + } + } + + // blank lines. note: returns the # of bytes to skip + if i := p.isEmpty(data); i > 0 { + data = data[i:] + continue + } + + // indented code block: + // + // func max(a, b int) int { + // if a > b { + // return a + // } + // return b + // } + if p.codePrefix(data) > 0 { + data = data[p.code(out, data):] + continue + } + + // fenced code block: + // + // ``` go + // func fact(n int) int { + // if n <= 1 { + // return n + // } + // return n * fact(n-1) + // } + // ``` + if p.flags&EXTENSION_FENCED_CODE != 0 { + if i := p.fencedCode(out, data, true); i > 0 { + data = data[i:] + continue + } + } + + // horizontal rule: + // + // ------ + // or + // ****** + // or + // ______ + if p.isHRule(data) { + p.r.HRule(out) + var i int + for i = 0; data[i] != '\n'; i++ { + } + data = data[i:] + continue + } + + // block quote: + // + // > A big quote I found somewhere + // > on the web + if p.quotePrefix(data) > 0 { + data = data[p.quote(out, data):] + continue + } + + // table: + // + // Name | Age | Phone + // ------|-----|--------- + // Bob | 31 | 555-1234 + // Alice | 27 | 555-4321 + if p.flags&EXTENSION_TABLES != 0 { + if i := p.table(out, data); i > 0 { + data = data[i:] + continue + } + } + + // an itemized/unordered list: + // + // * Item 1 + // * Item 2 + // + // also works with + or - + if p.uliPrefix(data) > 0 { + data = data[p.list(out, data, 0):] + continue + } + + // a numbered/ordered list: + // + // 1. Item 1 + // 2. Item 2 + if p.oliPrefix(data) > 0 { + data = data[p.list(out, data, LIST_TYPE_ORDERED):] + continue + } + + // definition lists: + // + // Term 1 + // : Definition a + // : Definition b + // + // Term 2 + // : Definition c + if p.flags&EXTENSION_DEFINITION_LISTS != 0 { + if p.dliPrefix(data) > 0 { + data = data[p.list(out, data, LIST_TYPE_DEFINITION):] + continue + } + } + + // anything else must look like a normal paragraph + // note: this finds underlined headers, too + data = data[p.paragraph(out, data):] + } + + p.nesting-- +} + +func (p *parser) isPrefixHeader(data []byte) bool { + if data[0] != '#' { + return false + } + + if p.flags&EXTENSION_SPACE_HEADERS != 0 { + level := 0 + for level < 6 && data[level] == '#' { + level++ + } + if data[level] != ' ' { + return false + } + } + return true +} + +func (p *parser) prefixHeader(out *bytes.Buffer, data []byte) int { + level := 0 + for level < 6 && data[level] == '#' { + level++ + } + i := skipChar(data, level, ' ') + end := skipUntilChar(data, i, '\n') + skip := end + id := "" + if p.flags&EXTENSION_HEADER_IDS != 0 { + j, k := 0, 0 + // find start/end of header id + for j = i; j < end-1 && (data[j] != '{' || data[j+1] != '#'); j++ { + } + for k = j + 1; k < end && data[k] != '}'; k++ { + } + // extract header id iff found + if j < end && k < end { + id = string(data[j+2 : k]) + end = j + skip = k + 1 + for end > 0 && data[end-1] == ' ' { + end-- + } + } + } + for end > 0 && data[end-1] == '#' { + if isBackslashEscaped(data, end-1) { + break + } + end-- + } + for end > 0 && data[end-1] == ' ' { + end-- + } + if end > i { + if id == "" && p.flags&EXTENSION_AUTO_HEADER_IDS != 0 { + id = sanitized_anchor_name.Create(string(data[i:end])) + } + work := func() bool { + p.inline(out, data[i:end]) + return true + } + p.r.Header(out, work, level, id) + } + return skip +} + +func (p *parser) isUnderlinedHeader(data []byte) int { + // test of level 1 header + if data[0] == '=' { + i := skipChar(data, 1, '=') + i = skipChar(data, i, ' ') + if data[i] == '\n' { + return 1 + } else { + return 0 + } + } + + // test of level 2 header + if data[0] == '-' { + i := skipChar(data, 1, '-') + i = skipChar(data, i, ' ') + if data[i] == '\n' { + return 2 + } else { + return 0 + } + } + + return 0 +} + +func (p *parser) titleBlock(out *bytes.Buffer, data []byte, doRender bool) int { + if data[0] != '%' { + return 0 + } + splitData := bytes.Split(data, []byte("\n")) + var i int + for idx, b := range splitData { + if !bytes.HasPrefix(b, []byte("%")) { + i = idx // - 1 + break + } + } + + data = bytes.Join(splitData[0:i], []byte("\n")) + p.r.TitleBlock(out, data) + + return len(data) +} + +func (p *parser) html(out *bytes.Buffer, data []byte, doRender bool) int { + var i, j int + + // identify the opening tag + if data[0] != '<' { + return 0 + } + curtag, tagfound := p.htmlFindTag(data[1:]) + + // handle special cases + if !tagfound { + // check for an HTML comment + if size := p.htmlComment(out, data, doRender); size > 0 { + return size + } + + // check for an
tag + if size := p.htmlHr(out, data, doRender); size > 0 { + return size + } + + // check for HTML CDATA + if size := p.htmlCDATA(out, data, doRender); size > 0 { + return size + } + + // no special case recognized + return 0 + } + + // look for an unindented matching closing tag + // followed by a blank line + found := false + /* + closetag := []byte("\n") + j = len(curtag) + 1 + for !found { + // scan for a closing tag at the beginning of a line + if skip := bytes.Index(data[j:], closetag); skip >= 0 { + j += skip + len(closetag) + } else { + break + } + + // see if it is the only thing on the line + if skip := p.isEmpty(data[j:]); skip > 0 { + // see if it is followed by a blank line/eof + j += skip + if j >= len(data) { + found = true + i = j + } else { + if skip := p.isEmpty(data[j:]); skip > 0 { + j += skip + found = true + i = j + } + } + } + } + */ + + // if not found, try a second pass looking for indented match + // but not if tag is "ins" or "del" (following original Markdown.pl) + if !found && curtag != "ins" && curtag != "del" { + i = 1 + for i < len(data) { + i++ + for i < len(data) && !(data[i-1] == '<' && data[i] == '/') { + i++ + } + + if i+2+len(curtag) >= len(data) { + break + } + + j = p.htmlFindEnd(curtag, data[i-1:]) + + if j > 0 { + i += j - 1 + found = true + break + } + } + } + + if !found { + return 0 + } + + // the end of the block has been found + if doRender { + // trim newlines + end := i + for end > 0 && data[end-1] == '\n' { + end-- + } + p.r.BlockHtml(out, data[:end]) + } + + return i +} + +func (p *parser) renderHTMLBlock(out *bytes.Buffer, data []byte, start int, doRender bool) int { + // html block needs to end with a blank line + if i := p.isEmpty(data[start:]); i > 0 { + size := start + i + if doRender { + // trim trailing newlines + end := size + for end > 0 && data[end-1] == '\n' { + end-- + } + p.r.BlockHtml(out, data[:end]) + } + return size + } + return 0 +} + +// HTML comment, lax form +func (p *parser) htmlComment(out *bytes.Buffer, data []byte, doRender bool) int { + i := p.inlineHTMLComment(out, data) + return p.renderHTMLBlock(out, data, i, doRender) +} + +// HTML CDATA section +func (p *parser) htmlCDATA(out *bytes.Buffer, data []byte, doRender bool) int { + const cdataTag = "') { + i++ + } + i++ + // no end-of-comment marker + if i >= len(data) { + return 0 + } + return p.renderHTMLBlock(out, data, i, doRender) +} + +// HR, which is the only self-closing block tag considered +func (p *parser) htmlHr(out *bytes.Buffer, data []byte, doRender bool) int { + if data[0] != '<' || (data[1] != 'h' && data[1] != 'H') || (data[2] != 'r' && data[2] != 'R') { + return 0 + } + if data[3] != ' ' && data[3] != '/' && data[3] != '>' { + // not an
tag after all; at least not a valid one + return 0 + } + + i := 3 + for data[i] != '>' && data[i] != '\n' { + i++ + } + + if data[i] == '>' { + return p.renderHTMLBlock(out, data, i+1, doRender) + } + + return 0 +} + +func (p *parser) htmlFindTag(data []byte) (string, bool) { + i := 0 + for isalnum(data[i]) { + i++ + } + key := string(data[:i]) + if _, ok := blockTags[key]; ok { + return key, true + } + return "", false +} + +func (p *parser) htmlFindEnd(tag string, data []byte) int { + // assume data[0] == '<' && data[1] == '/' already tested + + // check if tag is a match + closetag := []byte("") + if !bytes.HasPrefix(data, closetag) { + return 0 + } + i := len(closetag) + + // check that the rest of the line is blank + skip := 0 + if skip = p.isEmpty(data[i:]); skip == 0 { + return 0 + } + i += skip + skip = 0 + + if i >= len(data) { + return i + } + + if p.flags&EXTENSION_LAX_HTML_BLOCKS != 0 { + return i + } + if skip = p.isEmpty(data[i:]); skip == 0 { + // following line must be blank + return 0 + } + + return i + skip +} + +func (p *parser) isEmpty(data []byte) int { + // it is okay to call isEmpty on an empty buffer + if len(data) == 0 { + return 0 + } + + var i int + for i = 0; i < len(data) && data[i] != '\n'; i++ { + if data[i] != ' ' && data[i] != '\t' { + return 0 + } + } + return i + 1 +} + +func (p *parser) isHRule(data []byte) bool { + i := 0 + + // skip up to three spaces + for i < 3 && data[i] == ' ' { + i++ + } + + // look at the hrule char + if data[i] != '*' && data[i] != '-' && data[i] != '_' { + return false + } + c := data[i] + + // the whole line must be the char or whitespace + n := 0 + for data[i] != '\n' { + switch { + case data[i] == c: + n++ + case data[i] != ' ': + return false + } + i++ + } + + return n >= 3 +} + +func (p *parser) isFencedCode(data []byte, syntax **string, oldmarker string) (skip int, marker string) { + i, size := 0, 0 + skip = 0 + + // skip up to three spaces + for i < len(data) && i < 3 && data[i] == ' ' { + i++ + } + if i >= len(data) { + return + } + + // check for the marker characters: ~ or ` + if data[i] != '~' && data[i] != '`' { + return + } + + c := data[i] + + // the whole line must be the same char or whitespace + for i < len(data) && data[i] == c { + size++ + i++ + } + + if i >= len(data) { + return + } + + // the marker char must occur at least 3 times + if size < 3 { + return + } + marker = string(data[i-size : i]) + + // if this is the end marker, it must match the beginning marker + if oldmarker != "" && marker != oldmarker { + return + } + + if syntax != nil { + syn := 0 + i = skipChar(data, i, ' ') + + if i >= len(data) { + return + } + + syntaxStart := i + + if data[i] == '{' { + i++ + syntaxStart++ + + for i < len(data) && data[i] != '}' && data[i] != '\n' { + syn++ + i++ + } + + if i >= len(data) || data[i] != '}' { + return + } + + // strip all whitespace at the beginning and the end + // of the {} block + for syn > 0 && isspace(data[syntaxStart]) { + syntaxStart++ + syn-- + } + + for syn > 0 && isspace(data[syntaxStart+syn-1]) { + syn-- + } + + i++ + } else { + for i < len(data) && !isspace(data[i]) { + syn++ + i++ + } + } + + language := string(data[syntaxStart : syntaxStart+syn]) + *syntax = &language + } + + i = skipChar(data, i, ' ') + if i >= len(data) || data[i] != '\n' { + return + } + + skip = i + 1 + return +} + +func (p *parser) fencedCode(out *bytes.Buffer, data []byte, doRender bool) int { + var lang *string + beg, marker := p.isFencedCode(data, &lang, "") + if beg == 0 || beg >= len(data) { + return 0 + } + + var work bytes.Buffer + + for { + // safe to assume beg < len(data) + + // check for the end of the code block + fenceEnd, _ := p.isFencedCode(data[beg:], nil, marker) + if fenceEnd != 0 { + beg += fenceEnd + break + } + + // copy the current line + end := skipUntilChar(data, beg, '\n') + 1 + + // did we reach the end of the buffer without a closing marker? + if end >= len(data) { + return 0 + } + + // verbatim copy to the working buffer + if doRender { + work.Write(data[beg:end]) + } + beg = end + } + + syntax := "" + if lang != nil { + syntax = *lang + } + + if doRender { + p.r.BlockCode(out, work.Bytes(), syntax) + } + + return beg +} + +func (p *parser) table(out *bytes.Buffer, data []byte) int { + var header bytes.Buffer + i, columns := p.tableHeader(&header, data) + if i == 0 { + return 0 + } + + var body bytes.Buffer + + for i < len(data) { + pipes, rowStart := 0, i + for ; data[i] != '\n'; i++ { + if data[i] == '|' { + pipes++ + } + } + + if pipes == 0 { + i = rowStart + break + } + + // include the newline in data sent to tableRow + i++ + p.tableRow(&body, data[rowStart:i], columns, false) + } + + p.r.Table(out, header.Bytes(), body.Bytes(), columns) + + return i +} + +// check if the specified position is preceded by an odd number of backslashes +func isBackslashEscaped(data []byte, i int) bool { + backslashes := 0 + for i-backslashes-1 >= 0 && data[i-backslashes-1] == '\\' { + backslashes++ + } + return backslashes&1 == 1 +} + +func (p *parser) tableHeader(out *bytes.Buffer, data []byte) (size int, columns []int) { + i := 0 + colCount := 1 + for i = 0; data[i] != '\n'; i++ { + if data[i] == '|' && !isBackslashEscaped(data, i) { + colCount++ + } + } + + // doesn't look like a table header + if colCount == 1 { + return + } + + // include the newline in the data sent to tableRow + header := data[:i+1] + + // column count ignores pipes at beginning or end of line + if data[0] == '|' { + colCount-- + } + if i > 2 && data[i-1] == '|' && !isBackslashEscaped(data, i-1) { + colCount-- + } + + columns = make([]int, colCount) + + // move on to the header underline + i++ + if i >= len(data) { + return + } + + if data[i] == '|' && !isBackslashEscaped(data, i) { + i++ + } + i = skipChar(data, i, ' ') + + // each column header is of form: / *:?-+:? *|/ with # dashes + # colons >= 3 + // and trailing | optional on last column + col := 0 + for data[i] != '\n' { + dashes := 0 + + if data[i] == ':' { + i++ + columns[col] |= TABLE_ALIGNMENT_LEFT + dashes++ + } + for data[i] == '-' { + i++ + dashes++ + } + if data[i] == ':' { + i++ + columns[col] |= TABLE_ALIGNMENT_RIGHT + dashes++ + } + for data[i] == ' ' { + i++ + } + + // end of column test is messy + switch { + case dashes < 3: + // not a valid column + return + + case data[i] == '|' && !isBackslashEscaped(data, i): + // marker found, now skip past trailing whitespace + col++ + i++ + for data[i] == ' ' { + i++ + } + + // trailing junk found after last column + if col >= colCount && data[i] != '\n' { + return + } + + case (data[i] != '|' || isBackslashEscaped(data, i)) && col+1 < colCount: + // something else found where marker was required + return + + case data[i] == '\n': + // marker is optional for the last column + col++ + + default: + // trailing junk found after last column + return + } + } + if col != colCount { + return + } + + p.tableRow(out, header, columns, true) + size = i + 1 + return +} + +func (p *parser) tableRow(out *bytes.Buffer, data []byte, columns []int, header bool) { + i, col := 0, 0 + var rowWork bytes.Buffer + + if data[i] == '|' && !isBackslashEscaped(data, i) { + i++ + } + + for col = 0; col < len(columns) && i < len(data); col++ { + for data[i] == ' ' { + i++ + } + + cellStart := i + + for (data[i] != '|' || isBackslashEscaped(data, i)) && data[i] != '\n' { + i++ + } + + cellEnd := i + + // skip the end-of-cell marker, possibly taking us past end of buffer + i++ + + for cellEnd > cellStart && data[cellEnd-1] == ' ' { + cellEnd-- + } + + var cellWork bytes.Buffer + p.inline(&cellWork, data[cellStart:cellEnd]) + + if header { + p.r.TableHeaderCell(&rowWork, cellWork.Bytes(), columns[col]) + } else { + p.r.TableCell(&rowWork, cellWork.Bytes(), columns[col]) + } + } + + // pad it out with empty columns to get the right number + for ; col < len(columns); col++ { + if header { + p.r.TableHeaderCell(&rowWork, nil, columns[col]) + } else { + p.r.TableCell(&rowWork, nil, columns[col]) + } + } + + // silently ignore rows with too many cells + + p.r.TableRow(out, rowWork.Bytes()) +} + +// returns blockquote prefix length +func (p *parser) quotePrefix(data []byte) int { + i := 0 + for i < 3 && data[i] == ' ' { + i++ + } + if data[i] == '>' { + if data[i+1] == ' ' { + return i + 2 + } + return i + 1 + } + return 0 +} + +// blockquote ends with at least one blank line +// followed by something without a blockquote prefix +func (p *parser) terminateBlockquote(data []byte, beg, end int) bool { + if p.isEmpty(data[beg:]) <= 0 { + return false + } + if end >= len(data) { + return true + } + return p.quotePrefix(data[end:]) == 0 && p.isEmpty(data[end:]) == 0 +} + +// parse a blockquote fragment +func (p *parser) quote(out *bytes.Buffer, data []byte) int { + var raw bytes.Buffer + beg, end := 0, 0 + for beg < len(data) { + end = beg + // Step over whole lines, collecting them. While doing that, check for + // fenced code and if one's found, incorporate it altogether, + // irregardless of any contents inside it + for data[end] != '\n' { + if p.flags&EXTENSION_FENCED_CODE != 0 { + if i := p.fencedCode(out, data[end:], false); i > 0 { + // -1 to compensate for the extra end++ after the loop: + end += i - 1 + break + } + } + end++ + } + end++ + + if pre := p.quotePrefix(data[beg:]); pre > 0 { + // skip the prefix + beg += pre + } else if p.terminateBlockquote(data, beg, end) { + break + } + + // this line is part of the blockquote + raw.Write(data[beg:end]) + beg = end + } + + var cooked bytes.Buffer + p.block(&cooked, raw.Bytes()) + p.r.BlockQuote(out, cooked.Bytes()) + return end +} + +// returns prefix length for block code +func (p *parser) codePrefix(data []byte) int { + if data[0] == ' ' && data[1] == ' ' && data[2] == ' ' && data[3] == ' ' { + return 4 + } + return 0 +} + +func (p *parser) code(out *bytes.Buffer, data []byte) int { + var work bytes.Buffer + + i := 0 + for i < len(data) { + beg := i + for data[i] != '\n' { + i++ + } + i++ + + blankline := p.isEmpty(data[beg:i]) > 0 + if pre := p.codePrefix(data[beg:i]); pre > 0 { + beg += pre + } else if !blankline { + // non-empty, non-prefixed line breaks the pre + i = beg + break + } + + // verbatim copy to the working buffeu + if blankline { + work.WriteByte('\n') + } else { + work.Write(data[beg:i]) + } + } + + // trim all the \n off the end of work + workbytes := work.Bytes() + eol := len(workbytes) + for eol > 0 && workbytes[eol-1] == '\n' { + eol-- + } + if eol != len(workbytes) { + work.Truncate(eol) + } + + work.WriteByte('\n') + + p.r.BlockCode(out, work.Bytes(), "") + + return i +} + +// returns unordered list item prefix +func (p *parser) uliPrefix(data []byte) int { + i := 0 + + // start with up to 3 spaces + for i < 3 && data[i] == ' ' { + i++ + } + + // need a *, +, or - followed by a space + if (data[i] != '*' && data[i] != '+' && data[i] != '-') || + data[i+1] != ' ' { + return 0 + } + return i + 2 +} + +// returns ordered list item prefix +func (p *parser) oliPrefix(data []byte) int { + i := 0 + + // start with up to 3 spaces + for i < 3 && data[i] == ' ' { + i++ + } + + // count the digits + start := i + for data[i] >= '0' && data[i] <= '9' { + i++ + } + + // we need >= 1 digits followed by a dot and a space + if start == i || data[i] != '.' || data[i+1] != ' ' { + return 0 + } + return i + 2 +} + +// returns definition list item prefix +func (p *parser) dliPrefix(data []byte) int { + i := 0 + + // need a : followed by a spaces + if data[i] != ':' || data[i+1] != ' ' { + return 0 + } + for data[i] == ' ' { + i++ + } + return i + 2 +} + +// parse ordered or unordered list block +func (p *parser) list(out *bytes.Buffer, data []byte, flags int) int { + i := 0 + flags |= LIST_ITEM_BEGINNING_OF_LIST + work := func() bool { + for i < len(data) { + skip := p.listItem(out, data[i:], &flags) + i += skip + + if skip == 0 || flags&LIST_ITEM_END_OF_LIST != 0 { + break + } + flags &= ^LIST_ITEM_BEGINNING_OF_LIST + } + return true + } + + p.r.List(out, work, flags) + return i +} + +// Parse a single list item. +// Assumes initial prefix is already removed if this is a sublist. +func (p *parser) listItem(out *bytes.Buffer, data []byte, flags *int) int { + // keep track of the indentation of the first line + itemIndent := 0 + for itemIndent < 3 && data[itemIndent] == ' ' { + itemIndent++ + } + + i := p.uliPrefix(data) + if i == 0 { + i = p.oliPrefix(data) + } + if i == 0 { + i = p.dliPrefix(data) + // reset definition term flag + if i > 0 { + *flags &= ^LIST_TYPE_TERM + } + } + if i == 0 { + // if in defnition list, set term flag and continue + if *flags&LIST_TYPE_DEFINITION != 0 { + *flags |= LIST_TYPE_TERM + } else { + return 0 + } + } + + // skip leading whitespace on first line + for data[i] == ' ' { + i++ + } + + // find the end of the line + line := i + for i > 0 && data[i-1] != '\n' { + i++ + } + + // get working buffer + var raw bytes.Buffer + + // put the first line into the working buffer + raw.Write(data[line:i]) + line = i + + // process the following lines + containsBlankLine := false + sublist := 0 + +gatherlines: + for line < len(data) { + i++ + + // find the end of this line + for data[i-1] != '\n' { + i++ + } + + // if it is an empty line, guess that it is part of this item + // and move on to the next line + if p.isEmpty(data[line:i]) > 0 { + containsBlankLine = true + raw.Write(data[line:i]) + line = i + continue + } + + // calculate the indentation + indent := 0 + for indent < 4 && line+indent < i && data[line+indent] == ' ' { + indent++ + } + + chunk := data[line+indent : i] + + // evaluate how this line fits in + switch { + // is this a nested list item? + case (p.uliPrefix(chunk) > 0 && !p.isHRule(chunk)) || + p.oliPrefix(chunk) > 0 || + p.dliPrefix(chunk) > 0: + + if containsBlankLine { + // end the list if the type changed after a blank line + if indent <= itemIndent && + ((*flags&LIST_TYPE_ORDERED != 0 && p.uliPrefix(chunk) > 0) || + (*flags&LIST_TYPE_ORDERED == 0 && p.oliPrefix(chunk) > 0)) { + + *flags |= LIST_ITEM_END_OF_LIST + break gatherlines + } + *flags |= LIST_ITEM_CONTAINS_BLOCK + } + + // to be a nested list, it must be indented more + // if not, it is the next item in the same list + if indent <= itemIndent { + break gatherlines + } + + // is this the first item in the nested list? + if sublist == 0 { + sublist = raw.Len() + } + + // is this a nested prefix header? + case p.isPrefixHeader(chunk): + // if the header is not indented, it is not nested in the list + // and thus ends the list + if containsBlankLine && indent < 4 { + *flags |= LIST_ITEM_END_OF_LIST + break gatherlines + } + *flags |= LIST_ITEM_CONTAINS_BLOCK + + // anything following an empty line is only part + // of this item if it is indented 4 spaces + // (regardless of the indentation of the beginning of the item) + case containsBlankLine && indent < 4: + if *flags&LIST_TYPE_DEFINITION != 0 && i < len(data)-1 { + // is the next item still a part of this list? + next := i + for data[next] != '\n' { + next++ + } + for next < len(data)-1 && data[next] == '\n' { + next++ + } + if i < len(data)-1 && data[i] != ':' && data[next] != ':' { + *flags |= LIST_ITEM_END_OF_LIST + } + } else { + *flags |= LIST_ITEM_END_OF_LIST + } + break gatherlines + + // a blank line means this should be parsed as a block + case containsBlankLine: + *flags |= LIST_ITEM_CONTAINS_BLOCK + } + + containsBlankLine = false + + // add the line into the working buffer without prefix + raw.Write(data[line+indent : i]) + + line = i + } + + rawBytes := raw.Bytes() + + // render the contents of the list item + var cooked bytes.Buffer + if *flags&LIST_ITEM_CONTAINS_BLOCK != 0 && *flags&LIST_TYPE_TERM == 0 { + // intermediate render of block item, except for definition term + if sublist > 0 { + p.block(&cooked, rawBytes[:sublist]) + p.block(&cooked, rawBytes[sublist:]) + } else { + p.block(&cooked, rawBytes) + } + } else { + // intermediate render of inline item + if sublist > 0 { + p.inline(&cooked, rawBytes[:sublist]) + p.block(&cooked, rawBytes[sublist:]) + } else { + p.inline(&cooked, rawBytes) + } + } + + // render the actual list item + cookedBytes := cooked.Bytes() + parsedEnd := len(cookedBytes) + + // strip trailing newlines + for parsedEnd > 0 && cookedBytes[parsedEnd-1] == '\n' { + parsedEnd-- + } + p.r.ListItem(out, cookedBytes[:parsedEnd], *flags) + + return line +} + +// render a single paragraph that has already been parsed out +func (p *parser) renderParagraph(out *bytes.Buffer, data []byte) { + if len(data) == 0 { + return + } + + // trim leading spaces + beg := 0 + for data[beg] == ' ' { + beg++ + } + + // trim trailing newline + end := len(data) - 1 + + // trim trailing spaces + for end > beg && data[end-1] == ' ' { + end-- + } + + work := func() bool { + p.inline(out, data[beg:end]) + return true + } + p.r.Paragraph(out, work) +} + +func (p *parser) paragraph(out *bytes.Buffer, data []byte) int { + // prev: index of 1st char of previous line + // line: index of 1st char of current line + // i: index of cursor/end of current line + var prev, line, i int + + // keep going until we find something to mark the end of the paragraph + for i < len(data) { + // mark the beginning of the current line + prev = line + current := data[i:] + line = i + + // did we find a blank line marking the end of the paragraph? + if n := p.isEmpty(current); n > 0 { + // did this blank line followed by a definition list item? + if p.flags&EXTENSION_DEFINITION_LISTS != 0 { + if i < len(data)-1 && data[i+1] == ':' { + return p.list(out, data[prev:], LIST_TYPE_DEFINITION) + } + } + + p.renderParagraph(out, data[:i]) + return i + n + } + + // an underline under some text marks a header, so our paragraph ended on prev line + if i > 0 { + if level := p.isUnderlinedHeader(current); level > 0 { + // render the paragraph + p.renderParagraph(out, data[:prev]) + + // ignore leading and trailing whitespace + eol := i - 1 + for prev < eol && data[prev] == ' ' { + prev++ + } + for eol > prev && data[eol-1] == ' ' { + eol-- + } + + // render the header + // this ugly double closure avoids forcing variables onto the heap + work := func(o *bytes.Buffer, pp *parser, d []byte) func() bool { + return func() bool { + pp.inline(o, d) + return true + } + }(out, p, data[prev:eol]) + + id := "" + if p.flags&EXTENSION_AUTO_HEADER_IDS != 0 { + id = sanitized_anchor_name.Create(string(data[prev:eol])) + } + + p.r.Header(out, work, level, id) + + // find the end of the underline + for data[i] != '\n' { + i++ + } + return i + } + } + + // if the next line starts a block of HTML, then the paragraph ends here + if p.flags&EXTENSION_LAX_HTML_BLOCKS != 0 { + if data[i] == '<' && p.html(out, current, false) > 0 { + // rewind to before the HTML block + p.renderParagraph(out, data[:i]) + return i + } + } + + // if there's a prefixed header or a horizontal rule after this, paragraph is over + if p.isPrefixHeader(current) || p.isHRule(current) { + p.renderParagraph(out, data[:i]) + return i + } + + // if there's a fenced code block, paragraph is over + if p.flags&EXTENSION_FENCED_CODE != 0 { + if p.fencedCode(out, current, false) > 0 { + p.renderParagraph(out, data[:i]) + return i + } + } + + // if there's a definition list item, prev line is a definition term + if p.flags&EXTENSION_DEFINITION_LISTS != 0 { + if p.dliPrefix(current) != 0 { + return p.list(out, data[prev:], LIST_TYPE_DEFINITION) + } + } + + // if there's a list after this, paragraph is over + if p.flags&EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK != 0 { + if p.uliPrefix(current) != 0 || + p.oliPrefix(current) != 0 || + p.quotePrefix(current) != 0 || + p.codePrefix(current) != 0 { + p.renderParagraph(out, data[:i]) + return i + } + } + + // otherwise, scan to the beginning of the next line + for data[i] != '\n' { + i++ + } + i++ + } + + p.renderParagraph(out, data[:i]) + return i +} diff --git a/vendor/github.com/russross/blackfriday/html.go b/vendor/github.com/russross/blackfriday/html.go new file mode 100644 index 0000000000..74e67ee82b --- /dev/null +++ b/vendor/github.com/russross/blackfriday/html.go @@ -0,0 +1,949 @@ +// +// Blackfriday Markdown Processor +// Available at http://github.com/russross/blackfriday +// +// Copyright © 2011 Russ Ross . +// Distributed under the Simplified BSD License. +// See README.md for details. +// + +// +// +// HTML rendering backend +// +// + +package blackfriday + +import ( + "bytes" + "fmt" + "regexp" + "strconv" + "strings" +) + +// Html renderer configuration options. +const ( + HTML_SKIP_HTML = 1 << iota // skip preformatted HTML blocks + HTML_SKIP_STYLE // skip embedded